Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

br: make br support FIPS #48421

Merged
merged 3 commits into from
Nov 20, 2023
Merged

br: make br support FIPS #48421

merged 3 commits into from
Nov 20, 2023

Conversation

Leavrth
Copy link
Contributor

@Leavrth Leavrth commented Nov 8, 2023

What problem does this PR solve?

Issue Number: close #48419

Problem Summary:

What is changed and how it works?

imitate the #47949

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
make build_br_fips
go tool nm bin/br |grep boring
 1f55d60 t local.crypto/internal/boring._Cfunc_EVP_AEAD_CTX_open_wrapper.abi0
 1f55f40 t local.crypto/internal/boring._Cfunc_EVP_AEAD_CTX_seal_wrapper.abi0
 1f56120 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_cbc_encrypt.abi0
 1f56280 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_ctr128_encrypt.abi0
 1f563e0 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_decrypt.abi0
 1f564a0 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_encrypt.abi0
 1f56560 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_set_decrypt_key.abi0
 1f56640 t local.crypto/internal/boring._Cfunc__goboringcrypto_AES_set_encrypt_key.abi0
 1f56720 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_bin2bn.abi0
 1f56800 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_bn2bin_padded.abi0
 1f568e0 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_bn2le_padded.abi0
 1f68580 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_free
 1f569c0 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_free.abi0
 1f56a40 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_le2bn.abi0
 1f56b20 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_new.abi0
 1f56b80 t local.crypto/internal/boring._Cfunc__goboringcrypto_BN_num_bytes.abi0
 1f56c00 t local.crypto/internal/boring._Cfunc__goboringcrypto_BORINGSSL_bcm_power_on_self_test.abi0
 1f56c60 t local.crypto/internal/boring._Cfunc__goboringcrypto_ECDSA_sign.abi0
 1f56dc0 t local.crypto/internal/boring._Cfunc__goboringcrypto_ECDSA_size.abi0
 1f56e40 t local.crypto/internal/boring._Cfunc__goboringcrypto_ECDSA_verify.abi0
./bin/br -V
Release Version: v7.6.0-alpha-203-gb3fbb4951d-dirty-fips
Git Commit Hash: b3fbb4951dd16b9e22987ef57845c83dc33da99a
Git Branch: br_fips
Go Version: go1.21.0 X:boringcrypto
 ...

./bin/tidb-lightning -V           
Release Version: v7.6.0-alpha-203-gb3fbb4951d-dirty-fips
Git Commit Hash: b3fbb4951dd16b9e22987ef57845c83dc33da99a
Git Branch: br_fips
Go Version: go1.21.0 X:boringcrypto
...

./bin/tidb-lightning-ctl -V 
Release Version: v7.6.0-alpha-203-gb3fbb4951d-dirty-fips
Git Commit Hash: b3fbb4951dd16b9e22987ef57845c83dc33da99a
Git Branch: br_fips
Go Version: go1.21.0 X:boringcrypto
...

./bin/tidb-server -V       
Release Version: v7.6.0-alpha-203-gb3fbb4951d-dirty-fips
Edition: Community
Git Commit Hash: b3fbb4951dd16b9e22987ef57845c83dc33da99a
Git Branch: br_fips
UTC Build Time: 2023-11-16 05:34:40
GoVersion: go1.21.0 X:boringcrypto
...
  • No need to test
    • I checked and no code files have been changed.

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

Signed-off-by: Leavrth <[email protected]>
@ti-chi-bot ti-chi-bot bot added do-not-merge/invalid-title do-not-merge/needs-tests-checked release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed do-not-merge/needs-tests-checked labels Nov 8, 2023
Copy link

tiprow bot commented Nov 8, 2023

Hi @Leavrth. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Copy link

codecov bot commented Nov 8, 2023

Codecov Report

Merging #48421 (3a12e02) into master (5960d0d) will increase coverage by 5.0924%.
Report is 27 commits behind head on master.
The diff coverage is n/a.

Additional details and impacted files
@@               Coverage Diff                @@
##             master     #48421        +/-   ##
================================================
+ Coverage   71.2502%   76.3426%   +5.0923%     
================================================
  Files          1358       1410        +52     
  Lines        403582     420397     +16815     
================================================
+ Hits         287553     320942     +33389     
+ Misses        96111      79596     -16515     
+ Partials      19918      19859        -59     
Flag Coverage Δ
integration 50.5813% <ø> (?)
unit 72.5146% <ø> (+1.2644%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 53.9874% <ø> (ø)
parser ∅ <ø> (∅)
br 67.2141% <ø> (+14.1499%) ⬆️

@overvenus
Copy link
Member

./bin/tidb-server -V
Release Version: v7.6.0-alpha-883-g40d25a807a-fips-fips
Git Commit Hash: 40d25a8
Git Branch: br_fips
Go Version: go1.21.0 X:boringcrypto
...

v7.6.0-alpha-883-g40d25a807a-fips-fips the two fips looks strange.

Makefile Outdated Show resolved Hide resolved
@ti-chi-bot ti-chi-bot bot added the needs-1-more-lgtm Indicates a PR needs 1 more LGTM. label Nov 16, 2023
@ti-chi-bot ti-chi-bot bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 16, 2023
@Leavrth
Copy link
Contributor Author

Leavrth commented Nov 16, 2023

/test pull-br-integration-test

Copy link

tiprow bot commented Nov 16, 2023

@Leavrth: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-br-integration-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Nov 16, 2023
Copy link

ti-chi-bot bot commented Nov 16, 2023

[LGTM Timeline notifier]

Timeline:

  • 2023-11-16 03:55:54.922428713 +0000 UTC m=+4307752.509538860: ☑️ agreed by overvenus.
  • 2023-11-16 11:14:36.064117539 +0000 UTC m=+4334073.651227686: ☑️ agreed by lance6716.

@lance6716
Copy link
Contributor

/retest

Copy link

tiprow bot commented Nov 17, 2023

@lance6716: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lance6716
Copy link
Contributor

br/OWNERS

You can /approve your own PR. I have tried some days ago @Leavrth

@Leavrth
Copy link
Contributor Author

Leavrth commented Nov 17, 2023

/approve

Copy link

ti-chi-bot bot commented Nov 17, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lance6716, Leavrth, overvenus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the approved label Nov 17, 2023
@Leavrth Leavrth changed the title make br support FIPS br: make br support FIPS Nov 17, 2023
@Leavrth
Copy link
Contributor Author

Leavrth commented Nov 20, 2023

/retest

Copy link

tiprow bot commented Nov 20, 2023

@Leavrth: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ti-chi-bot ti-chi-bot bot merged commit 7db44c0 into pingcap:master Nov 20, 2023
28 of 29 checks passed
@overvenus overvenus added the needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. label Nov 22, 2023
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #48786.

Leavrth added a commit to ti-chi-bot/tidb that referenced this pull request Dec 14, 2023
ti-chi-bot bot pushed a commit that referenced this pull request Dec 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved lgtm needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

make br support FIPS
4 participants