Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignored NIST statistical tests with NO_NIST_STS #456

Merged
merged 1 commit into from
Apr 10, 2019
Merged

Ignored NIST statistical tests with NO_NIST_STS #456

merged 1 commit into from
Apr 10, 2019

Conversation

ilammy
Copy link
Collaborator

@ilammy ilammy commented Apr 10, 2019

Unfortunately, NIST STS requires access to genuine randomness source and tends to fail in Docker environments where /dev/random is not accessible. That's why we have an option to disable NIST STS by setting CIRICLE_TEST (sic!) preprocessor variable.

Let's improve and cleanup this mechanism a bit.

  • Use more obvious NO_NIST_STS environment variable instead of fiddling with CFLAGS directly

    Admittedly, existing flag is more general as it allows to compile out any code when building on CI. However, it has never been used for anything other than NIST STS.

  • Do not compile "assess" test runner if we're not going to use it

  • Move NIST STS configuration to soter.mk

@ilammy
Ignored NIST statistical tests with NO_NIST_STS
21ccdc2 
Unfortunately, NIST STS requires access to genuine randomness source and
tends to fail in Docker environments where /dev/random is not accessible.
That's why we have an option to disable NIST STS by setting CIRICLE_TEST
(sic!) preprocessor variable.

Let's improve and cleanup this mechanism a bit.

  - Use more obvious "NO_NIST_STS" environment variable instead of
    fiddling with CFLAGS directly.

    Admittedly, existing flag is more general as it allows to compile out
    any code when building on CI. However, it has never been used for
    anything other than NIST STS.

  - Do not compile "assess" test runner if we're not going to use it

  - Move NIST STS configuration to soter.mk
@ilammy ilammy added infrastructure Automated building and packaging tests Themis test suite labels Apr 10, 2019
@ilammy
Copy link
Collaborator Author

ilammy commented Apr 10, 2019

@shadinua I don't know for sure, but I'm pretty much convinced that our internal CI system sneakily uses CFLAGS=-DCIRICLE_TEST somewhere (though it has nothing to do with CircleCI). It should be replaced with NO_NIST_STS=1 when this gets merged.

shadinua
shadinua approved these changes Apr 10, 2019
View reviewed changes
Copy link
Contributor

@shadinua shadinua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great!

@ilammy ilammy merged commit 8d3f4d9 into master Apr 10, 2019
@ilammy ilammy deleted the ilammy/no-nist-sts branch April 12, 2019 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vixentael vixentael vixentael approved these changes

@shadinua shadinua shadinua approved these changes

@Lagovas Lagovas Awaiting requested review from Lagovas Lagovas is a code owner

Assignees
No one assigned
Labels
infrastructure Automated building and packaging tests Themis test suite
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ilammy @vixentael @shadinua