diff --git a/CMakeLists.txt b/CMakeLists.txt index 2acb62d91c5..4b0d9e3d237 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,6 +34,10 @@ option(S2N_STACKTRACE "Enables stacktrace functionality in s2n-tls. Note that th only available on platforms that support execinfo." ON) option(S2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE "Allow s2n-tls to override the libcrypto random implementation with the custom s2n-tls implementation, when appropriate. Disabling this flag is not recommended. See docs/BUILD.md for details." ON) +option(S2N_ENFORCE_PROPER_LIBCRYPTO_FEATURE_PROBE "Assert that the feature probes are able to link to the libcrypto and +properly probe for feature support. If the feature probes are unable to properly probe for support, the build will +fail. This option ensures that s2n-tls doesn't silently build without properly probing for the support of important +features, such as TLS 1.3 support." OFF) option(COVERAGE "Enable profiling collection for code coverage calculation" OFF) option(BUILD_TESTING "Build tests for s2n-tls. By default only unit tests are built." ON) option(S2N_INTEG_TESTS "Enable the integrationv2 tests" OFF) @@ -348,6 +352,8 @@ function(feature_probe PROBE_NAME) # Set the flags that we used for the probe set(${PROBE_NAME}_FLAGS ${PROBE_FLAGS} PARENT_SCOPE) + + set(${PROBE_NAME}_OUTPUT "${TRY_COMPILE_OUTPUT}" PARENT_SCOPE) endfunction() # Iterate over all of the features and try to compile them @@ -358,6 +364,13 @@ foreach(file ${FEATURE_SRCS}) feature_probe(${feature_name}) endforeach() +# Ensure that the feature probes were able to properly link to the libcrypto. +if(S2N_ENFORCE_PROPER_LIBCRYPTO_FEATURE_PROBE AND NOT S2N_LIBCRYPTO_SANITY_PROBE) + message(FATAL_ERROR "A sanity-check libcrypto feature probe failed, which indicates that other + feature probes were likely unable to probe the libcrypto for its supported features: + ${S2N_LIBCRYPTO_SANITY_PROBE_OUTPUT}") +endif() + # FreeBSD might need to link to execinfo explicitly if(NOT S2N_EXECINFO_AVAILABLE AND CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") feature_probe(S2N_EXECINFO_AVAILABLE LINK_LIBRARIES execinfo) diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh index 507f4fa6e92..7d5d43b1506 100755 --- a/codebuild/bin/s2n_codebuild.sh +++ b/codebuild/bin/s2n_codebuild.sh @@ -89,7 +89,8 @@ run_integration_v2_tests() { run_unit_tests() { cmake . -Bbuild \ -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \ - -DBUILD_SHARED_LIBS=on + -DBUILD_SHARED_LIBS=on \ + -DS2N_ENFORCE_PROPER_LIBCRYPTO_FEATURE_PROBE=1 cmake --build ./build -- -j $(nproc) test_linked_libcrypto ./build/bin/s2nc cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)" diff --git a/nix/shell.sh b/nix/shell.sh index 938d555ea37..e47d8abd89f 100644 --- a/nix/shell.sh +++ b/nix/shell.sh @@ -52,6 +52,7 @@ function configure {(set -e -DBUILD_SHARED_LIBS=ON \ -DCMAKE_C_COMPILER="$CC" \ -DCMAKE_CXX_COMPILER="$CXX" \ + -DS2N_ENFORCE_PROPER_LIBCRYPTO_FEATURE_PROBE=ON \ "$S2N_CMAKE_OPTIONS" \ -DCMAKE_BUILD_TYPE=RelWithDebInfo )} diff --git a/tests/features/S2N_LIBCRYPTO_SANITY_PROBE.c b/tests/features/S2N_LIBCRYPTO_SANITY_PROBE.c new file mode 100644 index 00000000000..a3c0ae5ccff --- /dev/null +++ b/tests/features/S2N_LIBCRYPTO_SANITY_PROBE.c @@ -0,0 +1,26 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#include + +int main() +{ + /* A function that's known to exist in all OpenSSL versions and forks is used as a sanity check + * to make sure the libcrypto has been properly linked. + */ + unsigned long error = ERR_get_error(); + + return 0; +} diff --git a/tests/features/S2N_LIBCRYPTO_SANITY_PROBE.flags b/tests/features/S2N_LIBCRYPTO_SANITY_PROBE.flags new file mode 100644 index 00000000000..e69de29bb2d