Add testing - WIP

CMakeLists.txt

@@ -91,6 +91,11 @@ install(DIRECTORY include/openssl
         PATTERN boringssl_prefix_symbols_nasm.inc EXCLUDE
 )
 
+if (SYSGENID_PATH)
+  message(STATUS "Setting AWSLC_SYSGENID_PATH=${SYSGENID_PATH}")
+  add_compile_definitions(AWSLC_SYSGENID_PATH=\"${SYSGENID_PATH}\")
+endif()
+
 if(ANDROID)
   # Android-NDK CMake files reconfigure the path and so Perl won't be found.
   # However, ninja will still find them in $PATH if we just name them.

crypto/CMakeLists.txt

@@ -740,6 +740,7 @@ if(BUILD_TESTING)
     fipsmodule/rand/ctrdrbg_test.cc
     fipsmodule/rand/cpu_jitter_test.cc
     fipsmodule/rand/fork_detect_test.cc
+    fipsmodule/rand/snapsafe_detect_test.cc
     fipsmodule/service_indicator/service_indicator_test.cc
     fipsmodule/sha/sha_test.cc
     fipsmodule/sha/sha3_test.cc

crypto/fipsmodule/rand/rand.c

@@ -521,13 +521,6 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
     state->snapsafe_generation_id = snapsafe_generation_id;
     OPENSSL_cleanse(seed, CTR_DRBG_ENTROPY_LEN);
     OPENSSL_cleanse(add_data_for_reseed, CTR_DRBG_ENTROPY_LEN);
-
-    CRYPTO_get_snapsafe_generation(&snapsafe_generation_id);
-    if (snapsafe_generation_id != state->snapsafe_generation_id) {
-      // Unexpected change to snapsafe generation id.
-      // Snapshot/clone was crated while this operation was active.
-      abort();
-    }
   } else {
 #if defined(BORINGSSL_FIPS)
     CRYPTO_STATIC_MUTEX_lock_read(state_clear_all_lock_bss_get());
@@ -560,6 +553,12 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
 
   OPENSSL_cleanse(additional_data, 32);
 
+  CRYPTO_get_snapsafe_generation(&snapsafe_generation_id);
+  if (snapsafe_generation_id != state->snapsafe_generation_id) {
+    // Unexpected change to snapsafe generation id.
+    // Snapshot/clone was created from an invalid state.
+    abort();
+  }
 #if defined(BORINGSSL_FIPS)
   CRYPTO_STATIC_MUTEX_unlock_read(state_clear_all_lock_bss_get());
 #endif

crypto/fipsmodule/rand/snapsafe_detect.c

@@ -54,7 +54,11 @@ static int aws_snapsafe_check_kernel_support(void) {
 static void do_aws_snapsafe_init(void) {
   aws_snapsafe_test_init();
 
+#if defined(AWSLC_SYSGENID_PATH)
+  *sgc_file_path_bss_get() = AWSLC_SYSGENID_PATH;
+#else
   *sgc_file_path_bss_get() = "/dev/sysgenid";
+#endif
   *sgc_addr_bss_get() = NULL;
 
   if (aws_snapsafe_check_kernel_support() != 1) {

crypto/fipsmodule/rand/snapsafe_detect_test.cc

@@ -0,0 +1,57 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+#include <openssl/base.h>
+#include <cstdint>
+
+#if defined(OPENSSL_LINUX)
+
+#include "snapsafe_detect.h"
+#include <fcntl.h>
+#include <string.h>
+#include <sys/mman.h>
+
+#include <gtest/gtest.h>
+
+#define NUMBER_OF_TEST_VALUES 5
+
+TEST(SnapsafeGenerationTest, SysGenIDretrieval) {
+#if defined(AWSLC_SYSGENID_PATH)
+  const char* sgc_file_path = AWSLC_SYSGENID_PATH;
+  int fd_sgc = open(sgc_file_path, O_CREAT | O_RDWR | O_APPEND);
+  if (fd_sgc == -1) {
+    FAIL();
+    return;
+  }
+  long page_size = sysconf(_SC_PAGESIZE);
+  if (page_size <= 0) {
+    FAIL();
+    return;
+  }
+  size_t pgsize = (size_t)page_size;
+  void *addr =
+      mmap(NULL, pgsize, PROT_WRITE, MAP_SHARED, fd_sgc, 0);
+
+  close(fd_sgc);
+
+  if (addr == MAP_FAILED) {
+    FAIL();
+    return;
+  }
+
+// TODO: Testing
+  unsigned int set_sgn = 0;
+  memcpy(addr, &set_sgn, sizeof(unsigned int));
+  msync(addr, pgsize, MS_SYNC);
+
+  unsigned int reported_sgn;
+  ASSERT_EQ(1, CRYPTO_get_snapsafe_generation(&reported_sgn));
+  ASSERT_EQ((unsigned int)0, reported_sgn);
+
+#else
+  PASS();
+#endif // defined(AWSLC_SYSGENID_PATH)
+}
+
+#endif // defined(OPENSSL_LINUX)
+

util/build_compilation_database.sh

@@ -12,7 +12,7 @@ MY_CMAKE_FLAGS=("-GNinja" "-DCMAKE_BUILD_TYPE=Debug" "-DCMAKE_EXPORT_COMPILE_COM
 
 mkdir -p "${AWS_LC_BUILD}"
 
-cmake "${BASE_DIR}" -B "${AWS_LC_BUILD}" ${MY_CMAKE_FLAGS[@]}
+cmake "${BASE_DIR}" -B "${AWS_LC_BUILD}" ${MY_CMAKE_FLAGS[@]} ${@}
 
 cmake --build "${AWS_LC_BUILD}" --target all