Bug 267333 - security/s2n-tls: Fails to build when some variants of CPUTYPE is defined
Summary: security/s2n-tls: Fails to build when some variants of CPUTYPE is defined
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Nuno Teixeira
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-25 11:31 UTC by Daniel Engberg
Modified: 2022-10-26 20:22 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (eduardo)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2022-10-25 11:31:52 UTC 
FAILED: CMakeFiles/s2n.dir/pq-crypto/kyber_r3/kyber512r3_cbd.c.o
/usr/bin/cc -D_FORTIFY_SOURCE=2 -D_POSIX_C_SOURCE=200809L -Ds2n_EXPORTS -I/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25 -I/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/api -O2 -pipe -march=tigerlake  -fstack-protector-strong -fno-strict-aliasing -O2 -pipe -march=tigerlake  -fstack-protector-strong -fno-strict-aliasing -fPIC -pedantic -std=gnu99 -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-align -Wwrite-strings -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security -Wno-missing-braces -Wa,--noexecstack -Werror -fvisibility=hidden -DS2N_EXPORTS -flto -DS2N_STACKTRACE -DS2N_CPUID_AVAILABLE -fPIC -DS2N_FALL_THROUGH_SUPPORTED -DS2N___RESTRICT__SUPPORTED -DS2N_MADVISE_SUPPORTED -DS2N_MINHERIT_SUPPORTED -DS2N_LIBCRYPTO_SUPPORTS_EVP_MD5_SHA1_HASH -DS2N_LIBCRYPTO_SUPPORTS_EVP_RC4 -DS2N_LIBCRYPTO_SUPPORTS_EVP_MD_CTX_SET_PKEY_CTX -MD -MT CMakeFiles/s2n.dir/pq-crypto/kyber_r3/kyber512r3_cbd.c.o -MF CMakeFiles/s2n.dir/pq-crypto/kyber_r3/kyber512r3_cbd.c.o.d -o CMakeFiles/s2n.dir/pq-crypto/kyber_r3/kyber512r3_cbd.c.o -c /usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/kyber_r3/kyber512r3_cbd.c
/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/kyber_r3/kyber512r3_cbd.c:5:1: error: expected identifier or '('
S2N_ENSURE_PORTABLE_OPTIMIZATIONS
^
/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/s2n_pq_asm.h:26:5: note: expanded from macro 'S2N_ENSURE_PORTABLE_OPTIMIZATIONS'
    #error "Compiling portable code with non-portable assembly optimizations. This can result in runtime crashes if artifacts are deployed to older CPU's without these CPU instructions"
    ^
/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/kyber_r3/kyber512r3_cbd.c:60:23: error: implicit declaration of function 'load32_littleendian' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        uint32_t t  = load32_littleendian(buf + 4 * i);
                      ^
/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/kyber_r3/kyber512r3_cbd.c:60:23: note: did you mean 'load24_littleendian'?
/usr/ports/security/s2n-tls/work/s2n-tls-1.3.25/pq-crypto/kyber_r3/kyber512r3_cbd.c:37:17: note: 'load24_littleendian' declared here
static uint32_t load24_littleendian(const uint8_t x[3]) {
                ^
2 errors generated.

Ugly hack is to define _CPUCFLAGS= in s2n's Makefile

https://github.com/aws/s2n-tls/blob/main/CMakeLists.txt#L298

Having a quick look it seems (I may be reading it wrong) that anything that defines __AVX__ || __AVX2__ || __BMI2__ will fail.

Reference:
https://cgit.freebsd.org/src/tree/share/examples/etc/make.conf?h=stable/13

Tested on FreeBSD 13.1-STABLE ( CPUTYPE?=tigerlake in /etc/make.conf)
Comment 1 Nuno Teixeira freebsd_committer freebsd_triage 2022-10-25 11:45:30 UTC 
(In reply to Daniel Engberg from comment #0)

Isn't better to open an upstream issue about this to know for sure what compile options are valid?

Don't know about seting CPUTYPE?=tigerlake is a good idea since it may broken things.

What is your opinion?

Thanks
Comment 2 Nuno Teixeira freebsd_committer freebsd_triage 2022-10-25 11:48:38 UTC 
(In reply to Nuno Teixeira from comment #1)
(...)

man make.conf:
---
CPUTYPE       (str) Controls which processor should be targeted for
                   generated code.  This controls processor-specific
                   optimizations in certain code (currently only OpenSSL) (...)
---

I remember asking about CPUTYPE on mailings and it must be used with caution.
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2022-10-25 12:01:08 UTC 
This seems to be incorrectly triggered in at least 1.3.24 and .25. Having a very quick glance I couldn't find any way to disable the check as the CMake file suggest should be doable. We should submit an issue report to upstream about it.
Comment 4 Nuno Teixeira freebsd_committer freebsd_triage 2022-10-26 17:05:42 UTC 
(In reply to Daniel Engberg from comment #3)
1.3.26 seems to fix it:

Fix check for non-portable optimizations:
https://github.com/aws/s2n-tls/pull/3573/commits/763b9e0f3b40ed8f14f22e7ba11ee2d195c63272
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-10-26 17:06:06 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8555f9dd7d0eed995d615e017cc270dff7c73f14

commit 8555f9dd7d0eed995d615e017cc270dff7c73f14
Author:     Nuno Teixeira <eduardo@FreeBSD.org>
AuthorDate: 2022-10-26 17:04:19 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-10-26 17:05:19 +0000

    security/s2n-tls: Update to 1.3.26

    ChangeLog:      https://github.com/aws/s2n-tls/releases/tag/v1.3.26
    PR:             267333

 security/s2n-tls/Makefile | 2 +-
 security/s2n-tls/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 6 Daniel Engberg freebsd_committer freebsd_triage 2022-10-26 20:22:10 UTC 
Confirmed

Thanks for the followup!