Add support for BoringSSL CHIPCryptoPAL backend #20824

cletnick · 2022-07-15T19:56:49Z

Problem

BoringSSL is more actively maintained than OpenSSL and is the backend for Android and Chrome
Google uses BoringSSL for all our targets
BoringSSL is API-compatible (95+%) with OpenSSL
Matter does not have BoringSSL CHIPCryptoPAL backend
OpenSSL is not built from source, and uses local package, whose version is always arbitrary and may be old

Change overview

Update BoringSSL based on master branch of github mirror
Update OpenSSL CHIPCryptoPAL backend to support BoringSSL
Add build support (`chip_crypto = "boringssl" now usable)
Add unit tests for AES-CCM128 using Matter crypto primitive to spec, WHICH WERE NOT TESTED BEFORE!
Remove AES-CCM256 support that is unspecified in Matter and just flash cost. Also not supported in BoringSSL.
NOTE:
- The submodule is third_party/boringssl/repo/src.
- The files under third_party/boringssl/repo are auto-generated by a builder script that copies the assembly versions by platform in a way that allows platform selection by GN later down the line (see https://github.com/google/boringssl/blob/master/util/generate_build_files.py)

Testing

Integration tests still pass with all Crypto backends
Unit tests all pass with all crypto backends
Added unit tests for AES-CCM128 validation

- OpenSSL still works - Updated necessary differences - Added tests for Matter-compliant AES-CCM128 with 16 byte tag, 13 byte nonce - Added build files

CLAassistant · 2022-07-15T19:56:54Z

All committers have signed the CLA.

github-actions · 2022-07-15T21:11:16Z

PR #20824: Size comparison from 6185156 to b8971f6

Increases (2 builds for cc13x2_26x2, telink)

platform	target	config	section	`6185156`	`b8971f6`	change	% change
cc13x2_26x2	all-clusters-app	LP_CC2652R7	(read/write)	183488	183496	8	0.0
telink	lighting-app	tlsr9518adk80d	text	582580	582582	2	0.0

Decreases (1 build for cc13x2_26x2)

platform	target	config	section	`6185156`	`b8971f6`	change	% change
cc13x2_26x2	all-clusters-app	LP_CC2652R7	(read only)	667751	667743	-8	-0.0
			.text	579196	579188	-8	-0.0

Full report (23 builds for bl602, cc13x2_26x2, cyw30739, k32w, linux, mbed, p6, telink)

platform	target	config	section	`6185156`	`b8971f6`	change	% change
bl602	lighting-app	bl602	(read/write)	1398434	1398434	0	0.0
			.bss	116978	116978	0	0.0
			.data	4480	4480	0	0.0
			.text	`1059396`	`1059396`	0	0.0
		bl602+rpc	(read/write)	`1443858`	`1443858`	0	0.0
			.bss	124418	124418	0	0.0
			.data	4600	4600	0	0.0
			.text	1091080	1091080	0	0.0
cc13x2_26x2	all-clusters-app	LP_CC2652R7	(read only)	667751	667743	-8	-0.0
			(read/write)	183488	183496	8	0.0
			.bss	74132	74132	0	0.0
			.data	3356	3356	0	0.0
			.rodata	88239	88239	0	0.0
			.text	579196	579188	-8	-0.0
	all-clusters-minimal-app	LP_CC2652R7	(read only)	633535	633535	0	0.0
			(read/write)	157700	157700	0	0.0
			.bss	73428	73428	0	0.0
			.data	3356	3356	0	0.0
			.rodata	77479	77479	0	0.0
			.text	555732	555732	0	0.0
	lock-ftd	LP_CC2652R7	(read only)	671147	671147	0	0.0
			(read/write)	170268	170268	0	0.0
			.bss	71196	71196	0	0.0
			.data	3280	3280	0	0.0
			.rodata	76379	76379	0	0.0
			.text	594288	594288	0	0.0
	lock-mtd	LP_CC2652R7	(read only)	653431	653431	0	0.0
			(read/write)	183672	183672	0	0.0
			.bss	66884	66884	0	0.0
			.data	3280	3280	0	0.0
			.rodata	101111	101111	0	0.0
			.text	551840	551840	0	0.0
	pump-app	LP_CC2652R7	(read only)	680179	680179	0	0.0
			(read/write)	162084	162084	0	0.0
			.bss	71276	71276	0	0.0
			.data	3280	3280	0	0.0
			.rodata	88731	88731	0	0.0
			.text	590964	590964	0	0.0
	pump-controller-app	LP_CC2652R7	(read only)	665987	665987	0	0.0
			(read/write)	176396	176396	0	0.0
			.bss	71396	71396	0	0.0
			.data	3276	3276	0	0.0
			.rodata	84595	84595	0	0.0
			.text	580912	580912	0	0.0
	shell	LP_CC2652R7	(read only)	660226	660226	0	0.0
			(read/write)	186516	186516	0	0.0
			.bss	76436	76436	0	0.0
			.data	3360	3360	0	0.0
			.rodata	85018	85018	0	0.0
			.text	574892	574892	0	0.0
cyw30739	light	cyw930739m2evb_01	(read/write)	581502	581502	0	0.0
			.app_xip_area	460208	460208	0	0.0
			.bss	64232	64232	0	0.0
			.data	716	716	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	lock	cyw930739m2evb_01	(read/write)	587506	587506	0	0.0
			.app_xip_area	461484	461484	0	0.0
			.bss	68960	68960	0	0.0
			.data	720	720	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	ota-requestor-no-progress-logging	cyw930739m2evb_01	(read/write)	584850	584850	0	0.0
			.app_xip_area	464404	464404	0	0.0
			.bss	63440	63440	0	0.0
			.data	660	660	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
k32w	light	k32w061+release	(read/write)	660236	660236	0	0.0
			.bss	69540	69540	0	0.0
			.data	1992	1992	0	0.0
			.text	582904	582904	0	0.0
	lock	k32w061+release	(read/write)	687228	687228	0	0.0
			.bss	70004	70004	0	0.0
			.data	2004	2004	0	0.0
			.text	609420	609420	0	0.0
linux	chip-tool-ipv6only	arm64	(read only)	9988700	9988700	0	0.0
			(read/write)	694577	694577	0	0.0
			.bss	42961	42961	0	0.0
			.data	3304	3304	0	0.0
			.data.rel.ro	630768	630768	0	0.0
			.dynamic	528	528	0	0.0
			.got	13624	13624	0	0.0
			.init	24	24	0	0.0
			.init_array	192	192	0	0.0
			.rodata	476460	476460	0	0.0
			.text	7932276	7932276	0	0.0
	thermostat-no-ble	arm64	(read only)	2597300	2597300	0	0.0
			(read/write)	158257	158257	0	0.0
			.bss	65249	65249	0	0.0
			.data	1704	1704	0	0.0
			.data.rel.ro	83216	83216	0	0.0
			.dynamic	528	528	0	0.0
			.got	5072	5072	0	0.0
			.init	24	24	0	0.0
			.init_array	400	400	0	0.0
			.rodata	165668	165668	0	0.0
			.text	2191888	2191888	0	0.0
mbed	lock-app	CY8CPROTO_062_4343W+release	(read only)	6224	6224	0	0.0
			(read/write)	`2448728`	`2448728`	0	0.0
			.bss	213940	213940	0	0.0
			.data	5872	5872	0	0.0
			.text	1411372	1411372	0	0.0
p6	all-clusters-app	default	(read/write)	`2567408`	`2567408`	0	0.0
			.bss	149120	149120	0	0.0
			.data	2776	2776	0	0.0
			.text	1525672	1525672	0	0.0
	all-clusters-minimal-app	default	(read/write)	2512656	2512656	0	0.0
			.bss	148400	148400	0	0.0
			.data	2776	2776	0	0.0
			.text	`1470920`	`1470920`	0	0.0
	light-app	default	(read/write)	2442528	2442528	0	0.0
			.bss	140456	140456	0	0.0
			.data	2592	2592	0	0.0
			.text	1400792	1400792	0	0.0
	lock-app	default	(read/write)	2469792	2469792	0	0.0
			.bss	140304	140304	0	0.0
			.data	2600	2600	0	0.0
			.text	1428056	1428056	0	0.0
telink	light-switch-app	tlsr9518adk80d	(read/write)	798068	798068	0	0.0
			bss	70576	70576	0	0.0
			noinit	40416	40416	0	0.0
			text	566258	566258	0	0.0
	lighting-app	tlsr9518adk80d	(read/write)	817892	817892	0	0.0
			bss	71420	71420	0	0.0
			noinit	40416	40416	0	0.0
			text	582580	582582	2	0.0

github-actions · 2022-07-15T23:41:21Z

PR #20824: Size comparison from 6185156 to b793585

Increases (2 builds for telink)

platform	target	config	section	`6185156`	`b793585`	change	% change
telink	light-switch-app	tlsr9518adk80d	text	566258	566260	2	0.0
	lighting-app	tlsr9518adk80d	text	582580	582582	2	0.0

Decreases (12 builds for k32w, linux)

platform	target	config	section	`6185156`	`b793585`	change	% change
k32w	lock	k32w061+release	(read/write)	687228	687212	-16	-0.0
			.text	609420	609404	-16	-0.0
linux	all-clusters-app	debug	(read only)	2967593	2967065	-528	-0.0
			.got	4568	4560	-8	-0.2
			.text	2525298	2524866	-432	-0.0
	all-clusters-minimal-app	debug	(read only)	2816569	`2816041`	-528	-0.0
			.got	4488	4480	-8	-0.2
			.text	`2375970`	`2375538`	-432	-0.0
	bridge-app	debug+rpc	(read only)	2317225	2316665	-560	-0.0
			.got	4392	4384	-8	-0.2
			.rodata	198208	198176	-32	-0.0
			.text	1957282	1956850	-432	-0.0
	chip-tool	debug	(read only)	10243561	10243377	-184	-0.0
			.got	5096	5088	-8	-0.2
			.text	8283380	8283300	-80	-0.0
	lighting-app	debug+rpc	(read only)	2553481	2552953	-528	-0.0
			.got	4392	4384	-8	-0.2
			.text	2169586	2169154	-432	-0.0
	lock-app	debug	(read only)	2519433	2518905	-528	-0.0
			.got	4424	4416	-8	-0.2
			.text	2125266	2124834	-432	-0.0
	ota-provider-app	debug	(read only)	2324065	`2323505`	-560	-0.0
			.got	4488	4480	-8	-0.2
			.rodata	203704	203672	-32	-0.0
			.text	`1957586`	`1957154`	-432	-0.0
	ota-requestor-app	debug	(read only)	2441401	2440857	-544	-0.0
			(read/write)	125248	125216	-32	-0.0
			.got	4480	4472	-8	-0.2
			.text	2062770	2062322	-448	-0.0
	shell	debug	(read only)	`2554513`	2553985	-528	-0.0
			.got	4136	4128	-8	-0.2
			.text	2169394	`2168962`	-432	-0.0
	tv-app	debug	(read only)	3103985	3103801	-184	-0.0
			.got	4848	4840	-8	-0.2
			.text	`2666866`	2666786	-80	-0.0
	tv-casting-app	debug	(read only)	5328449	`5328241`	-208	-0.0
			.got	4744	4736	-8	-0.2
			.rodata	331529	331497	-32	-0.0
			.text	4731570	4731490	-80	-0.0

Full report (43 builds for bl602, cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)

platform	target	config	section	`6185156`	`b793585`	change	% change
bl602	lighting-app	bl602	(read/write)	1398434	1398434	0	0.0
			.bss	116978	116978	0	0.0
			.data	4480	4480	0	0.0
			.text	`1059396`	`1059396`	0	0.0
		bl602+rpc	(read/write)	`1443858`	`1443858`	0	0.0
			.bss	124418	124418	0	0.0
			.data	4600	4600	0	0.0
			.text	1091080	1091080	0	0.0
cc13x2_26x2	all-clusters-app	LP_CC2652R7	(read only)	667751	667751	0	0.0
			(read/write)	183488	183488	0	0.0
			.bss	74132	74132	0	0.0
			.data	3356	3356	0	0.0
			.rodata	88239	88239	0	0.0
			.text	579196	579196	0	0.0
	all-clusters-minimal-app	LP_CC2652R7	(read only)	633535	633535	0	0.0
			(read/write)	157700	157700	0	0.0
			.bss	73428	73428	0	0.0
			.data	3356	3356	0	0.0
			.rodata	77479	77479	0	0.0
			.text	555732	555732	0	0.0
	lock-ftd	LP_CC2652R7	(read only)	671147	671147	0	0.0
			(read/write)	170268	170268	0	0.0
			.bss	71196	71196	0	0.0
			.data	3280	3280	0	0.0
			.rodata	76379	76379	0	0.0
			.text	594288	594288	0	0.0
	lock-mtd	LP_CC2652R7	(read only)	653431	653431	0	0.0
			(read/write)	183672	183672	0	0.0
			.bss	66884	66884	0	0.0
			.data	3280	3280	0	0.0
			.rodata	101111	101111	0	0.0
			.text	551840	551840	0	0.0
	pump-app	LP_CC2652R7	(read only)	680179	680179	0	0.0
			(read/write)	162084	162084	0	0.0
			.bss	71276	71276	0	0.0
			.data	3280	3280	0	0.0
			.rodata	88731	88731	0	0.0
			.text	590964	590964	0	0.0
	pump-controller-app	LP_CC2652R7	(read only)	665987	665987	0	0.0
			(read/write)	176396	176396	0	0.0
			.bss	71396	71396	0	0.0
			.data	3276	3276	0	0.0
			.rodata	84595	84595	0	0.0
			.text	580912	580912	0	0.0
	shell	LP_CC2652R7	(read only)	660226	660226	0	0.0
			(read/write)	186516	186516	0	0.0
			.bss	76436	76436	0	0.0
			.data	3360	3360	0	0.0
			.rodata	85018	85018	0	0.0
			.text	574892	574892	0	0.0
cyw30739	light	cyw930739m2evb_01	(read/write)	581502	581502	0	0.0
			.app_xip_area	460208	460208	0	0.0
			.bss	64232	64232	0	0.0
			.data	716	716	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	lock	cyw930739m2evb_01	(read/write)	587506	587506	0	0.0
			.app_xip_area	461484	461484	0	0.0
			.bss	68960	68960	0	0.0
			.data	720	720	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	ota-requestor-no-progress-logging	cyw930739m2evb_01	(read/write)	584850	584850	0	0.0
			.app_xip_area	464404	464404	0	0.0
			.bss	63440	63440	0	0.0
			.data	660	660	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
efr32	lighting-app	BRD4161A	(read/write)	1083832	1083832	0	0.0
			.bss	133044	133044	0	0.0
			.data	2048	2048	0	0.0
			.text	948720	948720	0	0.0
		BRD4161A+rpc	(read/write)	1138164	1138164	0	0.0
			.bss	149724	149724	0	0.0
			.data	2260	2260	0	0.0
			.text	986156	986156	0	0.0
		BRD4161A+rs911x	(read/write)	949208	949208	0	0.0
			.bss	140768	140768	0	0.0
			.data	2048	2048	0	0.0
			.text	806372	806372	0	0.0
	lock-app	BRD4161A+wf200	(read/write)	`1127548`	`1127548`	0	0.0
			.bss	144136	144136	0	0.0
			.data	2056	2056	0	0.0
			.text	981336	981336	0	0.0
	window-app	BRD4161A	(read/write)	`1077636`	`1077636`	0	0.0
			.bss	134516	134516	0	0.0
			.data	2076	2076	0	0.0
			.text	941024	941024	0	0.0
esp32	all-clusters-app	c3devkit	(read only)	1020710	1020710	0	0.0
			(read/write)	1485938	1485938	0	0.0
			.dram0.bss	70080	70080	0	0.0
			.dram0.data	14600	14600	0	0.0
			.flash.rodata	215824	215824	0	0.0
			.flash.text	1020710	1020710	0	0.0
			.iram0.text	62902	62902	0	0.0
		m5stack	(read only)	1074755	1074755	0	0.0
			(read/write)	487992	487992	0	0.0
			.dram0.bss	75600	75600	0	0.0
			.dram0.data	34144	34144	0	0.0
			.flash.rodata	246252	246252	0	0.0
			.flash.text	1069371	1069371	0	0.0
			.iram0.text	123267	123267	0	0.0
k32w	light	k32w061+release	(read/write)	660236	660236	0	0.0
			.bss	69540	69540	0	0.0
			.data	1992	1992	0	0.0
			.text	582904	582904	0	0.0
	lock	k32w061+release	(read/write)	687228	687212	-16	-0.0
			.bss	70004	70004	0	0.0
			.data	2004	2004	0	0.0
			.text	609420	609404	-16	-0.0
linux	all-clusters-app	debug	(read only)	2967593	2967065	-528	-0.0
			(read/write)	155016	155016	0	0.0
			.bss	61664	61664	0	0.0
			.data	2048	2048	0	0.0
			.data.rel.ro	85048	85048	0	0.0
			.dynamic	608	608	0	0.0
			.got	4568	4560	-8	-0.2
			.init	27	27	0	0.0
			.init_array	1056	1056	0	0.0
			.rodata	264605	264605	0	0.0
			.text	2525298	2524866	-432	-0.0
	all-clusters-minimal-app	debug	(read only)	2816569	`2816041`	-528	-0.0
			(read/write)	146688	146688	0	0.0
			.bss	60864	60864	0	0.0
			.data	2048	2048	0	0.0
			.data.rel.ro	77608	77608	0	0.0
			.dynamic	608	608	0	0.0
			.got	4488	4480	-8	-0.2
			.init	27	27	0	0.0
			.init_array	1048	1048	0	0.0
			.rodata	265565	265565	0	0.0
			.text	`2375970`	`2375538`	-432	-0.0
	bridge-app	debug+rpc	(read only)	2317225	2316665	-560	-0.0
			(read/write)	125504	125504	0	0.0
			.bss	48928	48928	0	0.0
			.data	3824	3824	0	0.0
			.data.rel.ro	66984	66984	0	0.0
			.dynamic	608	608	0	0.0
			.got	4392	4384	-8	-0.2
			.init	27	27	0	0.0
			.init_array	728	728	0	0.0
			.rodata	198208	198176	-32	-0.0
			.text	1957282	1956850	-432	-0.0
	chip-tool	debug	(read only)	10243561	10243377	-184	-0.0
			(read/write)	629504	629504	0	0.0
			.bss	24728	24728	0	0.0
			.data	3234	3234	0	0.0
			.data.rel.ro	595152	595152	0	0.0
			.dynamic	608	608	0	0.0
			.got	5096	5088	-8	-0.2
			.init	27	27	0	0.0
			.init_array	640	640	0	0.0
			.rodata	512053	512053	0	0.0
			.text	8283380	8283300	-80	-0.0
	chip-tool-ipv6only	arm64	(read only)	9988700	9988700	0	0.0
			(read/write)	694577	694577	0	0.0
			.bss	42961	42961	0	0.0
			.data	3304	3304	0	0.0
			.data.rel.ro	630768	630768	0	0.0
			.dynamic	528	528	0	0.0
			.got	13624	13624	0	0.0
			.init	24	24	0	0.0
			.init_array	192	192	0	0.0
			.rodata	476460	476460	0	0.0
			.text	7932276	7932276	0	0.0
	lighting-app	debug+rpc	(read only)	2553481	2552953	-528	-0.0
			(read/write)	129528	129528	0	0.0
			.bss	49440	49440	0	0.0
			.data	2096	2096	0	0.0
			.data.rel.ro	72136	72136	0	0.0
			.dynamic	608	608	0	0.0
			.got	4392	4384	-8	-0.2
			.init	27	27	0	0.0
			.init_array	816	816	0	0.0
			.rodata	213928	213928	0	0.0
			.text	2169586	2169154	-432	-0.0
	lock-app	debug	(read only)	2519433	2518905	-528	-0.0
			(read/write)	124512	124512	0	0.0
			.bss	47840	47840	0	0.0
			.data	1712	1712	0	0.0
			.data.rel.ro	69096	69096	0	0.0
			.dynamic	608	608	0	0.0
			.got	4424	4416	-8	-0.2
			.init	27	27	0	0.0
			.init_array	792	792	0	0.0
			.rodata	229000	229000	0	0.0
			.text	2125266	2124834	-432	-0.0
	ota-provider-app	debug	(read only)	2324065	`2323505`	-560	-0.0
			(read/write)	118312	118312	0	0.0
			.bss	47488	47488	0	0.0
			.data	1944	1944	0	0.0
			.data.rel.ro	63096	63096	0	0.0
			.dynamic	608	608	0	0.0
			.got	4488	4480	-8	-0.2
			.init	27	27	0	0.0
			.init_array	672	672	0	0.0
			.rodata	203704	203672	-32	-0.0
			.text	`1957586`	`1957154`	-432	-0.0
	ota-requestor-app	debug	(read only)	2441401	2440857	-544	-0.0
			(read/write)	125248	125216	-32	-0.0
			.bss	49856	49856	0	0.0
			.data	2232	2232	0	0.0
			.data.rel.ro	67304	67304	0	0.0
			.dynamic	608	608	0	0.0
			.got	4480	4472	-8	-0.2
			.init	27	27	0	0.0
			.init_array	728	728	0	0.0
			.rodata	207456	207456	0	0.0
			.text	2062770	2062322	-448	-0.0
	shell	debug	(read only)	`2554513`	2553985	-528	-0.0
			(read/write)	141104	141104	0	0.0
			.bss	57448	57448	0	0.0
			.data	1264	1264	0	0.0
			.data.rel.ro	76688	76688	0	0.0
			.dynamic	608	608	0	0.0
			.got	4136	4128	-8	-0.2
			.init	27	27	0	0.0
			.init_array	928	928	0	0.0
			.rodata	228018	228018	0	0.0
			.text	2169394	`2168962`	-432	-0.0
	thermostat-no-ble	arm64	(read only)	2597300	2597300	0	0.0
			(read/write)	158257	158257	0	0.0
			.bss	65249	65249	0	0.0
			.data	1704	1704	0	0.0
			.data.rel.ro	83216	83216	0	0.0
			.dynamic	528	528	0	0.0
			.got	5072	5072	0	0.0
			.init	24	24	0	0.0
			.init_array	400	400	0	0.0
			.rodata	165668	165668	0	0.0
			.text	2191888	2191888	0	0.0
	tv-app	debug	(read only)	3103985	3103801	-184	-0.0
			(read/write)	257704	257704	0	0.0
			.bss	167016	167016	0	0.0
			.data	4848	4848	0	0.0
			.data.rel.ro	79392	79392	0	0.0
			.dynamic	608	608	0	0.0
			.got	4848	4840	-8	-0.2
			.init	27	27	0	0.0
			.init_array	952	952	0	0.0
			.rodata	249216	249216	0	0.0
			.text	`2666866`	2666786	-80	-0.0
	tv-casting-app	debug	(read only)	5328449	`5328241`	-208	-0.0
			(read/write)	156848	156848	0	0.0
			.bss	50248	50248	0	0.0
			.data	2416	2416	0	0.0
			.data.rel.ro	97928	97928	0	0.0
			.dynamic	608	608	0	0.0
			.got	4744	4736	-8	-0.2
			.init	27	27	0	0.0
			.init_array	864	864	0	0.0
			.rodata	331529	331497	-32	-0.0
			.text	4731570	4731490	-80	-0.0
mbed	lock-app	CY8CPROTO_062_4343W+release	(read only)	6224	6224	0	0.0
			(read/write)	`2448728`	`2448728`	0	0.0
			.bss	213940	213940	0	0.0
			.data	5872	5872	0	0.0
			.text	1411372	1411372	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	(read/write)	1175991	1175991	0	0.0
			bss	142900	142900	0	0.0
			rodata	142128	142128	0	0.0
			text	812052	812052	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	(read/write)	1156183	1156183	0	0.0
			bss	142136	142136	0	0.0
			rodata	133672	133672	0	0.0
			text	801504	801504	0	0.0
p6	all-clusters-app	default	(read/write)	`2567408`	`2567408`	0	0.0
			.bss	149120	149120	0	0.0
			.data	2776	2776	0	0.0
			.text	1525672	1525672	0	0.0
	all-clusters-minimal-app	default	(read/write)	2512656	2512656	0	0.0
			.bss	148400	148400	0	0.0
			.data	2776	2776	0	0.0
			.text	`1470920`	`1470920`	0	0.0
	light-app	default	(read/write)	2442528	2442528	0	0.0
			.bss	140456	140456	0	0.0
			.data	2592	2592	0	0.0
			.text	1400792	1400792	0	0.0
	lock-app	default	(read/write)	2469792	2469792	0	0.0
			.bss	140304	140304	0	0.0
			.data	2600	2600	0	0.0
			.text	1428056	1428056	0	0.0
telink	light-switch-app	tlsr9518adk80d	(read/write)	798068	798068	0	0.0
			bss	70576	70576	0	0.0
			noinit	40416	40416	0	0.0
			text	566258	566260	2	0.0
	lighting-app	tlsr9518adk80d	(read/write)	817892	817892	0	0.0
			bss	71420	71420	0	0.0
			noinit	40416	40416	0	0.0
			text	582580	582582	2	0.0

turon · 2022-07-15T23:59:14Z

This is great!

Shouldn't everything in third_party/boringssl/repo be a submodule?
Matter-specific build integrations such as third_party/boringssl/repo/BUILD.gni would normally live in third_party/boringssl and third_party/boringssl/repo would be a submodule repo.

Also, are all the platform-specific assembly files Matter-specific or can those come in as submodule(s) too?
It would be better to refer to the maintaining project for platform/crypto.S implementations so we can take security patches more seamlessly.

tcarmelveilleux · 2022-07-16T02:20:16Z

This is great!

Shouldn't everything in third_party/boringssl/repo be a submodule? Matter-specific build integrations such as third_party/boringssl/repo/BUILD.gni would normally live in third_party/boringssl and third_party/boringssl/repo would be a submodule repo.

Also, are all the platform-specific assembly files Matter-specific or can those come in as submodule(s) too? It would be better to refer to the maintaining project for platform/crypto.S implementations so we can take security patches more seamlessly.

I followed the conventions for src folder from the boringssl source generation script. We can clean-up the build more once we start using the asm. For now, those are generated from the repos at regular interval.

github-actions · 2022-07-16T02:20:17Z

PR #20824: Size comparison from cd4ab7c to 445ac4e

Increases (4 builds for cc13x2_26x2, esp32, k32w)

platform	target	config	section	`cd4ab7c`	`445ac4e`	change
cc13x2_26x2	lock-mtd	LP_CC2652R7	(read only)	653423	653431	8
			.text	551832	551840	8
	pump-app	LP_CC2652R7	(read only)	680171	680179	8
			.text	590956	590964	8
esp32	all-clusters-app	c3devkit	(read only)	1020708	1020712	4
			.flash.text	1020708	1020712	4
k32w	lock	k32w061+release	(read/write)	687212	687228	16
			.text	609404	609420	16

Decreases (14 builds for cc13x2_26x2, linux, telink)

platform	target	config	section	`cd4ab7c`	`445ac4e`	change	% change
cc13x2_26x2	lock-mtd	LP_CC2652R7	(read/write)	183680	183672	-8	-0.0
	pump-app	LP_CC2652R7	(read/write)	162092	162084	-8	-0.0
linux	all-clusters-app	debug	(read only)	2967593	2967065	-528	-0.0
			.got	4568	4560	-8	-0.2
			.text	2525298	2524866	-432	-0.0
	all-clusters-minimal-app	debug	(read only)	2816569	`2816041`	-528	-0.0
			.got	4488	4480	-8	-0.2
			.text	`2375970`	`2375538`	-432	-0.0
	bridge-app	debug+rpc	(read only)	2317225	2316665	-560	-0.0
			.got	4392	4384	-8	-0.2
			.rodata	198208	198176	-32	-0.0
			.text	1957282	1956850	-432	-0.0
	chip-tool	debug	(read only)	10243561	10243377	-184	-0.0
			.got	5096	5088	-8	-0.2
			.text	8283380	8283300	-80	-0.0
	lighting-app	debug+rpc	(read only)	2553481	2552953	-528	-0.0
			.got	4392	4384	-8	-0.2
			.text	2169586	2169154	-432	-0.0
	lock-app	debug	(read only)	2519433	2518905	-528	-0.0
			.got	4424	4416	-8	-0.2
			.text	2125266	2124834	-432	-0.0
	ota-provider-app	debug	(read only)	2324065	`2323505`	-560	-0.0
			.got	4488	4480	-8	-0.2
			.rodata	203704	203672	-32	-0.0
			.text	`1957586`	`1957154`	-432	-0.0
	ota-requestor-app	debug	(read only)	2441401	2440857	-544	-0.0
			(read/write)	125248	125216	-32	-0.0
			.got	4480	4472	-8	-0.2
			.text	2062770	2062322	-448	-0.0
	shell	debug	(read only)	`2554513`	2553985	-528	-0.0
			.got	4136	4128	-8	-0.2
			.text	2169394	`2168962`	-432	-0.0
	tv-app	debug	(read only)	3103985	3103801	-184	-0.0
			.got	4848	4840	-8	-0.2
			.text	`2666866`	2666786	-80	-0.0
	tv-casting-app	debug	(read only)	5328449	`5328241`	-208	-0.0
			.got	4744	4736	-8	-0.2
			.rodata	331529	331497	-32	-0.0
			.text	4731570	4731490	-80	-0.0
telink	light-switch-app	tlsr9518adk80d	(read/write)	798068	798060	-8	-0.0
			text	566258	566256	-2	-0.0

Full report (43 builds for bl602, cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)

platform	target	config	section	`cd4ab7c`	`445ac4e`	change	% change
bl602	lighting-app	bl602	(read/write)	1398434	1398434	0	0.0
			.bss	116978	116978	0	0.0
			.data	4480	4480	0	0.0
			.text	`1059396`	`1059396`	0	0.0
		bl602+rpc	(read/write)	`1443858`	`1443858`	0	0.0
			.bss	124418	124418	0	0.0
			.data	4600	4600	0	0.0
			.text	1091080	1091080	0	0.0
cc13x2_26x2	all-clusters-app	LP_CC2652R7	(read only)	667751	667751	0	0.0
			(read/write)	183488	183488	0	0.0
			.bss	74132	74132	0	0.0
			.data	3356	3356	0	0.0
			.rodata	88239	88239	0	0.0
			.text	579196	579196	0	0.0
	all-clusters-minimal-app	LP_CC2652R7	(read only)	633535	633535	0	0.0
			(read/write)	157700	157700	0	0.0
			.bss	73428	73428	0	0.0
			.data	3356	3356	0	0.0
			.rodata	77479	77479	0	0.0
			.text	555732	555732	0	0.0
	lock-ftd	LP_CC2652R7	(read only)	671147	671147	0	0.0
			(read/write)	170268	170268	0	0.0
			.bss	71196	71196	0	0.0
			.data	3280	3280	0	0.0
			.rodata	76379	76379	0	0.0
			.text	594288	594288	0	0.0
	lock-mtd	LP_CC2652R7	(read only)	653423	653431	8	0.0
			(read/write)	183680	183672	-8	-0.0
			.bss	66884	66884	0	0.0
			.data	3280	3280	0	0.0
			.rodata	101111	101111	0	0.0
			.text	551832	551840	8	0.0
	pump-app	LP_CC2652R7	(read only)	680171	680179	8	0.0
			(read/write)	162092	162084	-8	-0.0
			.bss	71276	71276	0	0.0
			.data	3280	3280	0	0.0
			.rodata	88731	88731	0	0.0
			.text	590956	590964	8	0.0
	pump-controller-app	LP_CC2652R7	(read only)	665987	665987	0	0.0
			(read/write)	176396	176396	0	0.0
			.bss	71396	71396	0	0.0
			.data	3276	3276	0	0.0
			.rodata	84595	84595	0	0.0
			.text	580912	580912	0	0.0
	shell	LP_CC2652R7	(read only)	660226	660226	0	0.0
			(read/write)	186516	186516	0	0.0
			.bss	76436	76436	0	0.0
			.data	3360	3360	0	0.0
			.rodata	85018	85018	0	0.0
			.text	574892	574892	0	0.0
cyw30739	light	cyw930739m2evb_01	(read/write)	581502	581502	0	0.0
			.app_xip_area	460208	460208	0	0.0
			.bss	64232	64232	0	0.0
			.data	716	716	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	lock	cyw930739m2evb_01	(read/write)	587506	587506	0	0.0
			.app_xip_area	461484	461484	0	0.0
			.bss	68960	68960	0	0.0
			.data	720	720	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
	ota-requestor-no-progress-logging	cyw930739m2evb_01	(read/write)	584850	584850	0	0.0
			.app_xip_area	464404	464404	0	0.0
			.bss	63440	63440	0	0.0
			.data	660	660	0	0.0
			.rodata	0	0	0	0.0
			.text	112	112	0	0.0
efr32	lighting-app	BRD4161A	(read/write)	1083832	1083832	0	0.0
			.bss	133044	133044	0	0.0
			.data	2048	2048	0	0.0
			.text	948720	948720	0	0.0
		BRD4161A+rpc	(read/write)	1138164	1138164	0	0.0
			.bss	149724	149724	0	0.0
			.data	2260	2260	0	0.0
			.text	986156	986156	0	0.0
		BRD4161A+rs911x	(read/write)	949208	949208	0	0.0
			.bss	140768	140768	0	0.0
			.data	2048	2048	0	0.0
			.text	806372	806372	0	0.0
	lock-app	BRD4161A+wf200	(read/write)	`1127548`	`1127548`	0	0.0
			.bss	144136	144136	0	0.0
			.data	2056	2056	0	0.0
			.text	981336	981336	0	0.0
	window-app	BRD4161A	(read/write)	`1077636`	`1077636`	0	0.0
			.bss	134516	134516	0	0.0
			.data	2076	2076	0	0.0
			.text	941024	941024	0	0.0
esp32	all-clusters-app	c3devkit	(read only)	1020708	1020712	4	0.0
			(read/write)	1485938	1485938	0	0.0
			.dram0.bss	70080	70080	0	0.0
			.dram0.data	14600	14600	0	0.0
			.flash.rodata	215824	215824	0	0.0
			.flash.text	1020708	1020712	4	0.0
			.iram0.text	62902	62902	0	0.0
		m5stack	(read only)	1074755	1074755	0	0.0
			(read/write)	487992	487992	0	0.0
			.dram0.bss	75600	75600	0	0.0
			.dram0.data	34144	34144	0	0.0
			.flash.rodata	246252	246252	0	0.0
			.flash.text	1069371	1069371	0	0.0
			.iram0.text	123267	123267	0	0.0
k32w	light	k32w061+release	(read/write)	660236	660236	0	0.0
			.bss	69540	69540	0	0.0
			.data	1992	1992	0	0.0
			.text	582904	582904	0	0.0
	lock	k32w061+release	(read/write)	687212	687228	16	0.0
			.bss	70004	70004	0	0.0
			.data	2004	2004	0	0.0
			.text	609404	609420	16	0.0
linux	all-clusters-app	debug	(read only)	2967593	2967065	-528	-0.0
			(read/write)	155016	155016	0	0.0
			.bss	61664	61664	0	0.0
			.data	2048	2048	0	0.0
			.data.rel.ro	85048	85048	0	0.0
			.dynamic	608	608	0	0.0
			.got	4568	4560	-8	-0.2
			.init	27	27	0	0.0
			.init_array	1056	1056	0	0.0
			.rodata	264605	264605	0	0.0
			.text	2525298	2524866	-432	-0.0
	all-clusters-minimal-app	debug	(read only)	2816569	`2816041`	-528	-0.0
			(read/write)	146688	146688	0	0.0
			.bss	60864	60864	0	0.0
			.data	2048	2048	0	0.0
			.data.rel.ro	77608	77608	0	0.0
			.dynamic	608	608	0	0.0
			.got	4488	4480	-8	-0.2
			.init	27	27	0	0.0
			.init_array	1048	1048	0	0.0
			.rodata	265565	265565	0	0.0
			.text	`2375970`	`2375538`	-432	-0.0
	bridge-app	debug+rpc	(read only)	2317225	2316665	-560	-0.0
			(read/write)	125504	125504	0	0.0
			.bss	48928	48928	0	0.0
			.data	3824	3824	0	0.0
			.data.rel.ro	66984	66984	0	0.0
			.dynamic	608	608	0	0.0
			.got	4392	4384	-8	-0.2
			.init	27	27	0	0.0
			.init_array	728	728	0	0.0
			.rodata	198208	198176	-32	-0.0
			.text	1957282	1956850	-432	-0.0
	chip-tool	debug	(read only)	10243561	10243377	-184	-0.0
			(read/write)	629504	629504	0	0.0
			.bss	24728	24728	0	0.0
			.data	3234	3234	0	0.0
			.data.rel.ro	595152	595152	0	0.0
			.dynamic	608	608	0	0.0
			.got	5096	5088	-8	-0.2
			.init	27	27	0	0.0
			.init_array	640	640	0	0.0
			.rodata	512053	512053	0	0.0
			.text	8283380	8283300	-80	-0.0
	chip-tool-ipv6only	arm64	(read only)	9988700	9988700	0	0.0
			(read/write)	694577	694577	0	0.0
			.bss	42961	42961	0	0.0
			.data	3304	3304	0	0.0
			.data.rel.ro	630768	630768	0	0.0
			.dynamic	528	528	0	0.0
			.got	13624	13624	0	0.0
			.init	24	24	0	0.0
			.init_array	192	192	0	0.0
			.rodata	476460	476460	0	0.0
			.text	7932276	7932276	0	0.0
	lighting-app	debug+rpc	(read only)	2553481	2552953	-528	-0.0
			(read/write)	129528	129528	0	0.0
			.bss	49440	49440	0	0.0
			.data	2096	2096	0	0.0
			.data.rel.ro	72136	72136	0	0.0
			.dynamic	608	608	0	0.0
			.got	4392	4384	-8	-0.2
			.init	27	27	0	0.0
			.init_array	816	816	0	0.0
			.rodata	213928	213928	0	0.0
			.text	2169586	2169154	-432	-0.0
	lock-app	debug	(read only)	2519433	2518905	-528	-0.0
			(read/write)	124512	124512	0	0.0
			.bss	47840	47840	0	0.0
			.data	1712	1712	0	0.0
			.data.rel.ro	69096	69096	0	0.0
			.dynamic	608	608	0	0.0
			.got	4424	4416	-8	-0.2
			.init	27	27	0	0.0
			.init_array	792	792	0	0.0
			.rodata	229000	229000	0	0.0
			.text	2125266	2124834	-432	-0.0
	ota-provider-app	debug	(read only)	2324065	`2323505`	-560	-0.0
			(read/write)	118312	118312	0	0.0
			.bss	47488	47488	0	0.0
			.data	1944	1944	0	0.0
			.data.rel.ro	63096	63096	0	0.0
			.dynamic	608	608	0	0.0
			.got	4488	4480	-8	-0.2
			.init	27	27	0	0.0
			.init_array	672	672	0	0.0
			.rodata	203704	203672	-32	-0.0
			.text	`1957586`	`1957154`	-432	-0.0
	ota-requestor-app	debug	(read only)	2441401	2440857	-544	-0.0
			(read/write)	125248	125216	-32	-0.0
			.bss	49856	49856	0	0.0
			.data	2232	2232	0	0.0
			.data.rel.ro	67304	67304	0	0.0
			.dynamic	608	608	0	0.0
			.got	4480	4472	-8	-0.2
			.init	27	27	0	0.0
			.init_array	728	728	0	0.0
			.rodata	207456	207456	0	0.0
			.text	2062770	2062322	-448	-0.0
	shell	debug	(read only)	`2554513`	2553985	-528	-0.0
			(read/write)	141104	141104	0	0.0
			.bss	57448	57448	0	0.0
			.data	1264	1264	0	0.0
			.data.rel.ro	76688	76688	0	0.0
			.dynamic	608	608	0	0.0
			.got	4136	4128	-8	-0.2
			.init	27	27	0	0.0
			.init_array	928	928	0	0.0
			.rodata	228018	228018	0	0.0
			.text	2169394	`2168962`	-432	-0.0
	thermostat-no-ble	arm64	(read only)	2597300	2597300	0	0.0
			(read/write)	158257	158257	0	0.0
			.bss	65249	65249	0	0.0
			.data	1704	1704	0	0.0
			.data.rel.ro	83216	83216	0	0.0
			.dynamic	528	528	0	0.0
			.got	5072	5072	0	0.0
			.init	24	24	0	0.0
			.init_array	400	400	0	0.0
			.rodata	165668	165668	0	0.0
			.text	2191888	2191888	0	0.0
	tv-app	debug	(read only)	3103985	3103801	-184	-0.0
			(read/write)	257704	257704	0	0.0
			.bss	167016	167016	0	0.0
			.data	4848	4848	0	0.0
			.data.rel.ro	79392	79392	0	0.0
			.dynamic	608	608	0	0.0
			.got	4848	4840	-8	-0.2
			.init	27	27	0	0.0
			.init_array	952	952	0	0.0
			.rodata	249216	249216	0	0.0
			.text	`2666866`	2666786	-80	-0.0
	tv-casting-app	debug	(read only)	5328449	`5328241`	-208	-0.0
			(read/write)	156848	156848	0	0.0
			.bss	50248	50248	0	0.0
			.data	2416	2416	0	0.0
			.data.rel.ro	97928	97928	0	0.0
			.dynamic	608	608	0	0.0
			.got	4744	4736	-8	-0.2
			.init	27	27	0	0.0
			.init_array	864	864	0	0.0
			.rodata	331529	331497	-32	-0.0
			.text	4731570	4731490	-80	-0.0
mbed	lock-app	CY8CPROTO_062_4343W+release	(read only)	6224	6224	0	0.0
			(read/write)	`2448728`	`2448728`	0	0.0
			.bss	213940	213940	0	0.0
			.data	5872	5872	0	0.0
			.text	1411372	1411372	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	(read/write)	1175991	1175991	0	0.0
			bss	142900	142900	0	0.0
			rodata	142128	142128	0	0.0
			text	812052	812052	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	(read/write)	1156183	1156183	0	0.0
			bss	142136	142136	0	0.0
			rodata	133672	133672	0	0.0
			text	801504	801504	0	0.0
p6	all-clusters-app	default	(read/write)	`2567408`	`2567408`	0	0.0
			.bss	149120	149120	0	0.0
			.data	2776	2776	0	0.0
			.text	1525672	1525672	0	0.0
	all-clusters-minimal-app	default	(read/write)	2512656	2512656	0	0.0
			.bss	148400	148400	0	0.0
			.data	2776	2776	0	0.0
			.text	`1470920`	`1470920`	0	0.0
	light-app	default	(read/write)	2442528	2442528	0	0.0
			.bss	140456	140456	0	0.0
			.data	2592	2592	0	0.0
			.text	1400792	1400792	0	0.0
	lock-app	default	(read/write)	2469792	2469792	0	0.0
			.bss	140304	140304	0	0.0
			.data	2600	2600	0	0.0
			.text	1428056	1428056	0	0.0
telink	light-switch-app	tlsr9518adk80d	(read/write)	798068	798060	-8	-0.0
			bss	70576	70576	0	0.0
			noinit	40416	40416	0	0.0
			text	566258	566256	-2	-0.0
	lighting-app	tlsr9518adk80d	(read/write)	817892	817892	0	0.0
			bss	71420	71420	0	0.0
			noinit	40416	40416	0	0.0
			text	582582	582582	0	0.0

PR project-chip#20824 moved some defines out of CryptoBuildConfig.h by mistake. This caused some defines to be globalized but only in GN builds. Fixes project-chip#20883 This PR brings back the defines in CryptoBuildConfig.h and fixes what's needed for that to build Testing done: - Unit tests still pass - Integration tests still pass

* Fix CryptoBuildConfig.h usage PR #20824 moved some defines out of CryptoBuildConfig.h by mistake. This caused some defines to be globalized but only in GN builds. Fixes #20883 This PR brings back the defines in CryptoBuildConfig.h and fixes what's needed for that to build Testing done: - Unit tests still pass - Integration tests still pass * Add BoringSSL coverage to rotating ID build

* Add boringssl submodule * Ran GN build generator from boringssl repos, added files * Boring SSL fully working - OpenSSL still works - Updated necessary differences - Added tests for Matter-compliant AES-CCM128 with 16 byte tag, 13 byte nonce - Added build files * Restyled * Fix CI, remove some forgotten remainders Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>

* Fix CryptoBuildConfig.h usage PR #20824 moved some defines out of CryptoBuildConfig.h by mistake. This caused some defines to be globalized but only in GN builds. Fixes #20883 This PR brings back the defines in CryptoBuildConfig.h and fixes what's needed for that to build Testing done: - Unit tests still pass - Integration tests still pass * Add BoringSSL coverage to rotating ID build Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>

tcarmelveilleux and others added 4 commits July 15, 2022 15:40

Add boringssl submodule

37af3d7

Ran GN build generator from boringssl repos, added files

5d4208a

Boring SSL fully working

9c167ef

- OpenSSL still works - Updated necessary differences - Added tests for Matter-compliant AES-CCM128 with 16 byte tag, 13 byte nonce - Added build files

Restyled

b8971f6

boring-cyborg bot added the crypto label Jul 15, 2022

pullapprove bot requested review from turon, vijs, vivien-apple, wbschiller, woody-apple, xylophone21, yufengwangca and yunhanw-google July 15, 2022 19:58

pullapprove bot added the review - pending label Jul 15, 2022

tcarmelveilleux changed the title ~~Upstream boringssl~~ Add support for BoringSSL CHIPCryptoPAL backend Jul 15, 2022

Fix CI, remove some forgotten remainders

b793585

Merge remote-tracking branch 'upstream/master' into upstream-boringssl

445ac4e

woody-apple approved these changes Jul 16, 2022

View reviewed changes

andy31415 approved these changes Jul 18, 2022

View reviewed changes

pullapprove bot added review - approved and removed review - pending labels Jul 18, 2022

andy31415 merged commit fa549eb into project-chip:master Jul 18, 2022

tcarmelveilleux mentioned this pull request Jul 18, 2022

Added GN dependency mistakenly added in #20824 #20883

Closed

tcarmelveilleux mentioned this pull request Jul 18, 2022

Fix CryptoBuildConfig.h usage #20887

Merged

woody-apple mentioned this pull request Jul 19, 2022

Fix CryptoBuildConfig.h usage #20904

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for BoringSSL CHIPCryptoPAL backend #20824

Add support for BoringSSL CHIPCryptoPAL backend #20824

cletnick commented Jul 15, 2022 •

edited by tcarmelveilleux

Loading

CLAassistant commented Jul 15, 2022 •

edited

Loading

github-actions bot commented Jul 15, 2022 •

edited

Loading

github-actions bot commented Jul 15, 2022 •

edited

Loading

turon commented Jul 15, 2022 •

edited

Loading

tcarmelveilleux commented Jul 16, 2022

github-actions bot commented Jul 16, 2022 •

edited

Loading

Add support for BoringSSL CHIPCryptoPAL backend #20824

Add support for BoringSSL CHIPCryptoPAL backend #20824

Conversation

cletnick commented Jul 15, 2022 • edited by tcarmelveilleux Loading

Problem

Change overview

Testing

CLAassistant commented Jul 15, 2022 • edited Loading

github-actions bot commented Jul 15, 2022 • edited Loading

github-actions bot commented Jul 15, 2022 • edited Loading

turon commented Jul 15, 2022 • edited Loading

tcarmelveilleux commented Jul 16, 2022

github-actions bot commented Jul 16, 2022 • edited Loading

cletnick commented Jul 15, 2022 •

edited by tcarmelveilleux

Loading

CLAassistant commented Jul 15, 2022 •

edited

Loading

github-actions bot commented Jul 15, 2022 •

edited

Loading

github-actions bot commented Jul 15, 2022 •

edited

Loading

turon commented Jul 15, 2022 •

edited

Loading

github-actions bot commented Jul 16, 2022 •

edited

Loading