commit 29bb1a7ebe55102c90611c021a142fdb6e97f8d5
author David Benjamin <davidben@google.com> Fri Mar 08 18:54:57 2024 -0500
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Sat Mar 09 00:33:49 2024 +0000
tree 7ff355c03a0446ddfd9e628628c386963c16af69
parent a56407d27da6ebf63ae9817dc19587a0ae98ef4a

Make crypto_test build with -Wframe-larger-than=25344

One consumer builds libcrypto with -Wframe-larger-than=25344. They
don't seem to build crypto_test, but mimicking that limit will be easier
if we can just apply it across the board.

Change-Id: I619780809f7cf8ac915fe1a103965b5f2e6dcd50
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66828
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

crypto/hrss/hrss_test.cc

diff --git a/crypto/hrss/hrss_test.cc b/crypto/hrss/hrss_test.cc
index 8c4d15f..a3814ac 100644
--- a/crypto/hrss/hrss_test.cc
+++ b/crypto/hrss/hrss_test.cc
@@ -492,8 +492,11 @@
   uint8_t kCanary[256];
   static_assert(sizeof(kCanary) % 32 == 0, "needed for alignment");
   memset(kCanary, 42, sizeof(kCanary));
-  alignas(32) uint8_t
-      scratch[sizeof(kCanary) + POLY_MUL_RQ_SCRATCH_SPACE + sizeof(kCanary)];
+
+  auto scratch_buf = std::make_unique<uint8_t[]>(
+      32 + sizeof(kCanary) + POLY_MUL_RQ_SCRATCH_SPACE + sizeof(kCanary));
+  uint8_t *scratch =
+      static_cast<uint8_t *>(align_pointer(scratch_buf.get(), 32));
   OPENSSL_memcpy(scratch, kCanary, sizeof(kCanary));
   OPENSSL_memcpy(scratch + sizeof(kCanary) + POLY_MUL_RQ_SCRATCH_SPACE, kCanary,
                  sizeof(kCanary));

crypto/kyber/kyber_test.cc

diff --git a/crypto/kyber/kyber_test.cc b/crypto/kyber/kyber_test.cc
index 9956478..9b05813 100644
--- a/crypto/kyber/kyber_test.cc
+++ b/crypto/kyber/kyber_test.cc
@@ -46,9 +46,12 @@
 }
 
 TEST(KyberTest, Basic) {
+  // This function makes several Kyber keys, which runs up against stack limits.
+  // Heap-allocate them instead.
+
   uint8_t encoded_public_key[KYBER_PUBLIC_KEY_BYTES];
-  KYBER_private_key priv;
-  KYBER_generate_key(encoded_public_key, &priv);
+  auto priv = std::make_unique<KYBER_private_key>();
+  KYBER_generate_key(encoded_public_key, priv.get());
 
   uint8_t first_two_bytes[2];
   OPENSSL_memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
@@ -56,26 +59,26 @@
   CBS encoded_public_key_cbs;
   CBS_init(&encoded_public_key_cbs, encoded_public_key,
            sizeof(encoded_public_key));
-  KYBER_public_key pub;
+  auto pub = std::make_unique<KYBER_public_key>();
   // Parsing should fail because the first coefficient is >= kPrime;
-  ASSERT_FALSE(KYBER_parse_public_key(&pub, &encoded_public_key_cbs));
+  ASSERT_FALSE(KYBER_parse_public_key(pub.get(), &encoded_public_key_cbs));
 
   OPENSSL_memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
   CBS_init(&encoded_public_key_cbs, encoded_public_key,
            sizeof(encoded_public_key));
-  ASSERT_TRUE(KYBER_parse_public_key(&pub, &encoded_public_key_cbs));
+  ASSERT_TRUE(KYBER_parse_public_key(pub.get(), &encoded_public_key_cbs));
   EXPECT_EQ(CBS_len(&encoded_public_key_cbs), 0u);
 
   EXPECT_EQ(Bytes(encoded_public_key),
-            Bytes(Marshal(KYBER_marshal_public_key, &pub)));
+            Bytes(Marshal(KYBER_marshal_public_key, pub.get())));
 
-  KYBER_public_key pub2;
-  KYBER_public_from_private(&pub2, &priv);
+  auto pub2 = std::make_unique<KYBER_public_key>();
+  KYBER_public_from_private(pub2.get(), priv.get());
   EXPECT_EQ(Bytes(encoded_public_key),
-            Bytes(Marshal(KYBER_marshal_public_key, &pub2)));
+            Bytes(Marshal(KYBER_marshal_public_key, pub2.get())));
 
   std::vector<uint8_t> encoded_private_key(
-      Marshal(KYBER_marshal_private_key, &priv));
+      Marshal(KYBER_marshal_private_key, priv.get()));
   EXPECT_EQ(encoded_private_key.size(), size_t{KYBER_PRIVATE_KEY_BYTES});
 
   OPENSSL_memcpy(first_two_bytes, encoded_private_key.data(),
@@ -83,24 +86,24 @@
   OPENSSL_memset(encoded_private_key.data(), 0xff, sizeof(first_two_bytes));
   CBS cbs;
   CBS_init(&cbs, encoded_private_key.data(), encoded_private_key.size());
-  KYBER_private_key priv2;
+  auto priv2 = std::make_unique<KYBER_private_key>();
   // Parsing should fail because the first coefficient is >= kPrime.
-  ASSERT_FALSE(KYBER_parse_private_key(&priv2, &cbs));
+  ASSERT_FALSE(KYBER_parse_private_key(priv2.get(), &cbs));
 
   OPENSSL_memcpy(encoded_private_key.data(), first_two_bytes,
                  sizeof(first_two_bytes));
   CBS_init(&cbs, encoded_private_key.data(), encoded_private_key.size());
-  ASSERT_TRUE(KYBER_parse_private_key(&priv2, &cbs));
+  ASSERT_TRUE(KYBER_parse_private_key(priv2.get(), &cbs));
   EXPECT_EQ(Bytes(encoded_private_key),
-            Bytes(Marshal(KYBER_marshal_private_key, &priv2)));
+            Bytes(Marshal(KYBER_marshal_private_key, priv2.get())));
 
   uint8_t ciphertext[KYBER_CIPHERTEXT_BYTES];
   uint8_t shared_secret1[KYBER_SHARED_SECRET_BYTES];
   uint8_t shared_secret2[KYBER_SHARED_SECRET_BYTES];
-  KYBER_encap(ciphertext, shared_secret1, &pub);
-  KYBER_decap(shared_secret2, ciphertext, &priv);
+  KYBER_encap(ciphertext, shared_secret1, pub.get());
+  KYBER_decap(shared_secret2, ciphertext, priv.get());
   EXPECT_EQ(Bytes(shared_secret1), Bytes(shared_secret2));
-  KYBER_decap(shared_secret2, ciphertext, &priv2);
+  KYBER_decap(shared_secret2, ciphertext, priv2.get());
   EXPECT_EQ(Bytes(shared_secret1), Bytes(shared_secret2));
 }