Merge branch 'main' into get_ciphers

aws · Jan 22, 2025 · 7798ef6 · 7798ef6
2 parents 2c809d3 + 29be983
commit 7798ef6
Show file tree

Hide file tree

Showing 163 changed files with 38,504 additions and 15,472 deletions.
diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
@@ -591,3 +591,21 @@ jobs:
           run: |
             sudo pkg install -y git gmake cmake go ninja
             tests/ci/run_bsd_tests.sh
+  # Temporary to test the x509-limbo patch and building of the reporting tool.
+  # This will move into a separate project in the next PR. But doing this for now to
+  # cutdown the review size.
+  x509-limbo-tooling:
+    if: github.repository_owner == 'aws'
+    needs: [sanity-test-run]
+    name: x509-limbo tooling
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13' 
+      - name: Verify x509-limbo patch and reporting tool
+        run: |
+          ./tests/ci/run_x509_limbo.sh
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -118,7 +118,7 @@ elseif(CMAKE_C_COMPILER_ID MATCHES "GNU")
   set(GCC 1)
 endif()
 
-if (UNIX AND NOT APPLE)
+if (NOT WIN32 AND NOT APPLE)
   include(GNUInstallDirs)
 elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
   set(CMAKE_INSTALL_LIBDIR "lib")
@@ -145,7 +145,7 @@ if(NOT DISABLE_PERL)
   find_package(Perl REQUIRED)
 endif()
 
-if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING)
+if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
   find_package(PkgConfig QUIET)
   if (PkgConfig_FOUND)
     pkg_check_modules(LIBUNWIND libunwind-generic)
@@ -737,7 +737,7 @@ if(FIPS)
     message(FATAL_ERROR "Building AWS-LC for FIPS requires Go and Perl")
   endif()
 
-  if(NOT BUILD_SHARED_LIBS AND NOT (UNIX AND NOT APPLE))
+  if(NOT BUILD_SHARED_LIBS AND NOT (NOT WIN32 AND NOT APPLE))
     message(FATAL_ERROR "Static FIPS build of AWS-LC is suported only on Linux")
   endif()
 
@@ -773,8 +773,6 @@ endif()
 
 if(CONSTANT_TIME_VALIDATION)
   add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION)
-  # Asserts will often test secret data.
-  add_definitions(-DNDEBUG)
 endif()
 
 # CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an
@@ -984,7 +982,11 @@ if(BUILD_TESTING)
         DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
   else()
-    file(COPY ${GENERATE_CODE_ROOT}/crypto_test_data.cc DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
+    add_custom_command(
+        OUTPUT crypto_test_data.cc
+        COMMAND ${CMAKE_COMMAND} -E tar "jxvf" ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        DEPENDS  ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}")
   endif()
   add_library(crypto_test_data OBJECT crypto_test_data.cc)
 

diff --git a/PrivacyInfo.xcprivacy b/PrivacyInfo.xcprivacy
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+
+<!--
+This file is for using BoringSSL in Apple ecosystems. You may have to point
+Xcode at it yourself. See
+https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
+-->
+
+<dict>
+	<key>NSPrivacyTracking</key>
+	<false/>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array/>
+</dict>
+</plist>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
@@ -44,7 +44,7 @@ function(msbuild_aarch64_asm)
 endfunction()
 
 if(NOT OPENSSL_NO_ASM)
-  if(UNIX)
+  if(NOT WIN32)
     if(ARCH STREQUAL "aarch64")
       # The "armx" Perl scripts look for "64" in the style argument
       # in order to decide whether to generate 32- or 64-bit asm.
@@ -186,7 +186,7 @@ else()
     set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/ios-arm/crypto/)
   elseif(APPLE)
     set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/mac-${ARCH}/crypto/)
-  elseif(UNIX)
+  elseif(NOT WIN32)
     if(${ARCH} STREQUAL "generic")
       message(STATUS "Detected generic linux platform. No assembly files will be included.")
     else()
@@ -324,16 +324,6 @@ else()
   file(COPY ${GENERATE_CODE_ROOT}/err_data.c DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
 endif()
 
-set(DILITHIUM_SOURCES)
-if(ENABLE_DILITHIUM)
-  set(
-    DILITHIUM_SOURCES
-
-    evp_extra/p_pqdsa_asn1.c
-    dilithium/ml_dsa.c
-  )
-endif()
-
 set(CRYPTO_ARCH_OBJECTS "")
 if (ARCH STREQUAL "aarch64" AND CMAKE_GENERATOR MATCHES "Visual Studio")
   msbuild_aarch64_asm(TARGET crypto_objects ASM_FILES ${CRYPTO_ARCH_SOURCES} OUTPUT_OBJECTS CRYPTO_ARCH_OBJECTS)
@@ -411,7 +401,6 @@ add_library(
   dh_extra/params.c
   dh_extra/dh_asn1.c
   digest_extra/digest_extra.c
-  ${DILITHIUM_SOURCES}
   dsa/dsa.c
   dsa/dsa_asn1.c
   ecdh_extra/ecdh_extra.c
@@ -431,6 +420,8 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
+  evp_extra/p_pqdsa.c
+  evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
   evp_extra/p_x25519_asn1.c
@@ -448,6 +439,7 @@ add_library(
   kyber/kem_kyber.c
   lhash/lhash.c
   mem.c
+  ml_dsa/ml_dsa.c
   obj/obj.c
   obj/obj_xref.c
   ocsp/ocsp_asn.c
@@ -478,6 +470,7 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
+  pqdsa/pqdsa.c
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c
@@ -778,13 +771,13 @@ if(BUILD_TESTING)
     ecdh_extra/ecdh_test.cc
     dh_extra/dh_test.cc
     digest_extra/digest_test.cc
-    dilithium/p_pqdsa_test.cc
     dsa/dsa_test.cc
     des/des_test.cc
     endian_test.cc
     err/err_test.cc
     evp_extra/evp_extra_test.cc
     evp_extra/evp_test.cc
+    evp_extra/p_pqdsa_test.cc
     evp_extra/scrypt_test.cc
     fipsmodule/aes/aes_test.cc
     fipsmodule/bn/bn_test.cc

diff --git a/crypto/bio/bio.c b/crypto/bio/bio.c
@@ -85,10 +85,15 @@ static int call_bio_callback_with_processed(BIO *bio, const int oper,
     // Pass the original BIO's return value to the callback. If the callback
     // is successful return processed from the callback, if the callback is
     // not successful return the callback's return value.
-    ret = (int)bio->callback_ex(bio, oper, buf, len, 0, 0L, ret, &processed);
-    if (ret > 0) {
-      // BIO will only read int |len| bytes so this is a safe cast
-      ret = (int)processed;
+    long callback_ret = bio->callback_ex(bio, oper, buf, len, 0, 0L, ret, &processed);
+    if (callback_ret <= INT_MAX && callback_ret >= INT_MIN) {
+      ret = (int)callback_ret;
+      if (ret > 0) {
+        // BIO will only read int |len| bytes so this is a safe cast
+        ret = (int)processed;
+      }
+    } else {
+      ret = -1;
     }
   }
   return ret;
@@ -131,9 +136,12 @@ int BIO_free(BIO *bio) {
       bio->method->destroy(bio);
     }
     if (HAS_CALLBACK(bio)) {
-      int ret = (int)bio->callback_ex(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+      long ret = bio->callback_ex(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
       if (ret <= 0) {
-        return ret;
+        if (ret >= INT_MIN) {
+          return (int)ret;
+        }
+        return INT_MIN;
       }
     }
 
@@ -167,9 +175,12 @@ int BIO_read(BIO *bio, void *buf, int len) {
   }
 
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_READ, buf, len, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_READ, buf, len, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
   if (!bio->init) {
@@ -217,18 +228,20 @@ int BIO_gets(BIO *bio, char *buf, int len) {
     return 0;
   }
 
-  int ret = 0;
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_GETS, buf, len, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_GETS, buf, len, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
   if (!bio->init) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED);
     return -2;
   }
-  ret = bio->method->bgets(bio, buf, len);
+  int ret = bio->method->bgets(bio, buf, len);
   if (ret > 0) {
     bio->num_read += ret;
   }
@@ -248,9 +261,12 @@ int BIO_write(BIO *bio, const void *in, int inl) {
   }
 
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_WRITE, in, inl, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_WRITE, in, inl, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
 
@@ -317,18 +333,21 @@ int BIO_puts(BIO *bio, const char *in) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD);
     return -2;
   }
-  int ret = 0;
   if(HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_PUTS, in, 0, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_PUTS, in, 0, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
 
   if (!bio->init) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED);
     return -2;
   }
+  int ret = 0;
   if (bio->method->bputs != NULL) {
     ret = bio->method->bputs(bio, in);
   } else {

diff --git a/crypto/bio/hexdump.c b/crypto/bio/hexdump.c
@@ -98,7 +98,9 @@ static int hexdump_write(struct hexdump_ctx *ctx, const uint8_t *data,
   for (size_t i = 0; i < len; i++) {
     if (ctx->used == 0) {
       // The beginning of a line.
-      BIO_indent(ctx->bio, ctx->indent, UINT_MAX);
+      if (!BIO_indent(ctx->bio, ctx->indent, UINT_MAX)) {
+        return 0;
+      }
 
       hexbyte(&buf[0], ctx->n >> 24);
       hexbyte(&buf[2], ctx->n >> 16);

diff --git a/crypto/bn_extra/convert.c b/crypto/bn_extra/convert.c
@@ -74,7 +74,7 @@ int BN_bn2cbb_padded(CBB *out, size_t len, const BIGNUM *in) {
   return CBB_add_space(out, &ptr, len) && BN_bn2bin_padded(ptr, len, in);
 }
 
-static const char hextable[] = "0123456789abcdef";
+static const char hextable[] = "0123456789ABCDEF";
 
 char *BN_bn2hex(const BIGNUM *bn) {
   int width = bn_minimal_width(bn);
@@ -448,7 +448,14 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
   }
   out->neg = ((*in) & 0x80) != 0;
   if (out->neg) {
-    BN_clear_bit(out, BN_num_bits(out) - 1);
+    unsigned num_bits = BN_num_bits(out);
+    if (num_bits >= INT_MAX) {
+      if (out_is_alloced) {
+        BN_free(out);
+      }
+      return NULL;
+    }
+    BN_clear_bit(out, (int)num_bits - 1);
   }
   return out;
 }

diff --git a/crypto/bytestring/unicode.c b/crypto/bytestring/unicode.c
@@ -18,11 +18,12 @@
 
 
 static int is_valid_code_point(uint32_t v) {
-  // References in the following are to Unicode 9.0.0.
+  // References in the following are to Unicode 15.0.0.
   if (// The Unicode space runs from zero to 0x10ffff (3.4 D9).
       v > 0x10ffff ||
       // Values 0x...fffe, 0x...ffff, and 0xfdd0-0xfdef are permanently reserved
-      // (3.4 D14)
+      // as noncharacters (3.4 D14). See also 23.7. As our APIs are intended for
+      // "open interchange", such as ASN.1, we reject them.
       (v & 0xfffe) == 0xfffe ||
       (v >= 0xfdd0 && v <= 0xfdef) ||
       // Surrogate code points are invalid (3.2 C1).

diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
@@ -831,11 +831,17 @@ TEST_P(PerAEADTest, AliasedBuffers) {
   EXPECT_EQ(Bytes(kPlaintext), Bytes(in, out_len));
 }
 
+#if defined(__BIGGEST_ALIGNMENT__)
+#define UNALIGNED_TEST_ALIGNMENT __BIGGEST_ALIGNMENT__
+#else
+#define UNALIGNED_TEST_ALIGNMENT 8
+#endif // defined(__BIGGEST_ALIGNMENT__)
+
 TEST_P(PerAEADTest, UnalignedInput) {
-  alignas(16) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
-  alignas(16) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
-  alignas(16) uint8_t plaintext[32 + 1];
-  alignas(16) uint8_t ad[32 + 1];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t plaintext[32 + 1];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t ad[32 + 1];
   OPENSSL_memset(key, 'K', sizeof(key));
   OPENSSL_memset(nonce, 'N', sizeof(nonce));
   OPENSSL_memset(plaintext, 'P', sizeof(plaintext));
@@ -854,15 +860,15 @@ TEST_P(PerAEADTest, UnalignedInput) {
   ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
       ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
       evp_aead_seal));
-  alignas(16) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
   size_t ciphertext_len;
   ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), ciphertext + 1, &ciphertext_len,
                                 sizeof(ciphertext) - 1, nonce + 1, nonce_len,
                                 plaintext + 1, sizeof(plaintext) - 1, ad + 1,
                                 ad_len));
 
   // It must successfully decrypt.
-  alignas(16) uint8_t out[sizeof(ciphertext)];
+  alignas(UNALIGNED_TEST_ALIGNMENT) uint8_t out[sizeof(ciphertext)];
   ctx.Reset();
   ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
       ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,