merge with aws-lc main and sha3/shake_only_Init PR changes

.github/workflows/actions-ci.yml

@@ -591,3 +591,21 @@ jobs:
           run: |
             sudo pkg install -y git gmake cmake go ninja
             tests/ci/run_bsd_tests.sh
+  # Temporary to test the x509-limbo patch and building of the reporting tool.
+  # This will move into a separate project in the next PR. But doing this for now to
+  # cutdown the review size.
+  x509-limbo-tooling:
+    if: github.repository_owner == 'aws'
+    needs: [sanity-test-run]
+    name: x509-limbo tooling
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13' 
+      - name: Verify x509-limbo patch and reporting tool
+        run: |
+          ./tests/ci/run_x509_limbo.sh

crypto/CMakeLists.txt

@@ -324,15 +324,6 @@ else()
   file(COPY ${GENERATE_CODE_ROOT}/err_data.c DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
 endif()
 
-set(DILITHIUM_SOURCES)
-if(ENABLE_DILITHIUM)
-  set(
-    DILITHIUM_SOURCES
-
-    evp_extra/p_pqdsa_asn1.c
-  )
-endif()
-
 set(CRYPTO_ARCH_OBJECTS "")
 if (ARCH STREQUAL "aarch64" AND CMAKE_GENERATOR MATCHES "Visual Studio")
   msbuild_aarch64_asm(TARGET crypto_objects ASM_FILES ${CRYPTO_ARCH_SOURCES} OUTPUT_OBJECTS CRYPTO_ARCH_OBJECTS)
@@ -410,7 +401,6 @@ add_library(
   dh_extra/params.c
   dh_extra/dh_asn1.c
   digest_extra/digest_extra.c
-  ${DILITHIUM_SOURCES}
   dsa/dsa.c
   dsa/dsa_asn1.c
   ecdh_extra/ecdh_extra.c
@@ -430,6 +420,8 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
+  evp_extra/p_pqdsa.c
+  evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
   evp_extra/p_x25519_asn1.c
@@ -447,6 +439,7 @@ add_library(
   kyber/kem_kyber.c
   lhash/lhash.c
   mem.c
+  ml_dsa/ml_dsa.c
   obj/obj.c
   obj/obj_xref.c
   ocsp/ocsp_asn.c
@@ -477,6 +470,7 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
+  pqdsa/pqdsa.c
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c

crypto/evp_extra/evp_asn1.c

@@ -68,7 +68,7 @@
 #include "../bytestring/internal.h"
 #include "../internal.h"
 #include "internal.h"
-#include "../fipsmodule/pqdsa/internal.h"
+#include "../pqdsa/internal.h"
 
 // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
 // The OID is then searched against ASN.1 methods for a method with that OID.
@@ -99,7 +99,7 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
   if (OBJ_cbs2nid(&oid) == NID_rsa) {
     return &rsa_asn1_meth;
   }
-#ifdef ENABLE_DILITHIUM
+
   // The pkey_id for the pqdsa_asn1_meth is EVP_PKEY_PQDSA, as this holds all
   // asn1 functions for pqdsa types. However, the incoming CBS has the OID for
   // the specific algorithm. So we must search explicitly for the algorithm.
@@ -113,7 +113,7 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
       return ret;
     }
   }
-#endif
+
   return NULL;
 }
 

crypto/evp_extra/evp_extra_test.cc

@@ -697,8 +697,6 @@ static const uint8_t kInvalidPrivateKey[] = {
     0x48, 0x30, 0x01, 0xaa, 0x02, 0x86, 0xc0, 0x30, 0xdf, 0xe9, 0x80,
 };
 
-#ifdef ENABLE_DILITHIUM
-
 // kExampleMLDSA65KeyDER is a ML-DSA private key in ASN.1, DER format.
 // Of course, you should never use this key anywhere but in an example.
 static const uint8_t kExampleMLDSA65KeyDER[] = {
@@ -1015,8 +1013,6 @@ static const uint8_t kExampleMLDSA65KeyDER[] = {
 0xE3, 0x1D, 0xF6, 0xF7, 0xEE, 0x9F, 0xA, 0xC5, 0x91, 0x14, 0x33, 0x4B, 0xDB,
 0xC4, 0xEE, 0xC, 0xFB, 0xE4, 0xD1, 0x43, 0xC2, 0x1B, 0xC3, 0x2, 0x9B, 0x6B };
 
-#endif
-
 static bssl::UniquePtr<EVP_PKEY> LoadExampleRSAKey() {
   bssl::UniquePtr<RSA> rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
                                            sizeof(kExampleRSAKeyDER)));
@@ -1494,10 +1490,8 @@ TEST(EVPExtraTest, d2i_PrivateKey) {
   EXPECT_TRUE(
       ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));
 
-#ifdef ENABLE_DILITHIUM
   EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_PQDSA, kExampleMLDSA65KeyDER,
                               sizeof(kExampleMLDSA65KeyDER)));
-#endif
 
   EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleBadECKeyDER,
                                sizeof(kExampleBadECKeyDER)));

crypto/evp_extra/internal.h

@@ -7,7 +7,7 @@
 #include <openssl/base.h>
 #include "../fipsmodule/evp/internal.h"
 
-#include "../fipsmodule/ml_dsa/ml_dsa.h"
+#include "../ml_dsa/ml_dsa.h"
 
 #define PKCS8_VERSION_ONE 0
 #define PKCS8_VERSION_TWO 1
@@ -27,9 +27,7 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
-#ifdef ENABLE_DILITHIUM
 extern const EVP_PKEY_ASN1_METHOD pqdsa_asn1_meth;
-#endif
 extern const EVP_PKEY_ASN1_METHOD kem_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
@@ -39,6 +37,7 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth;
 extern const EVP_PKEY_METHOD hmac_pkey_meth;
 extern const EVP_PKEY_METHOD dh_pkey_meth;
 extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD pqdsa_pkey_meth;
 
 // evp_pkey_set_method behaves like |EVP_PKEY_set_type|, but takes a pointer to
 // a method table. This avoids depending on every |EVP_PKEY_ASN1_METHOD|.

crypto/evp_extra/p_methods.c

@@ -10,7 +10,8 @@
 static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = {
   &x25519_pkey_meth,
   &dh_pkey_meth,
-  &dsa_pkey_meth
+  &dsa_pkey_meth,
+  &pqdsa_pkey_meth
 };
 
 const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
@@ -20,9 +21,7 @@ const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
   &dsa_asn1_meth,
   &ed25519_asn1_meth,
   &x25519_asn1_meth,
-#ifdef ENABLE_DILITHIUM
   &pqdsa_asn1_meth,
-#endif
   &kem_asn1_meth,
   &hmac_asn1_meth,
   &dh_asn1_meth

crypto/fipsmodule/evp/p_pqdsa.c → crypto/evp_extra/p_pqdsa.c

@@ -6,9 +6,8 @@
 #include <openssl/mem.h>
 
 #include "../crypto/evp_extra/internal.h"
-#include "../crypto/fipsmodule/ml_dsa/ml_dsa.h"
+#include "../crypto/ml_dsa/ml_dsa.h"
 #include "../crypto/internal.h"
-#include "../delocate.h"
 #include "../pqdsa/internal.h"
 
 // PQDSA PKEY functions
@@ -261,27 +260,30 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t
   return NULL;
 }
 
-DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_pqdsa_pkey_meth) {
-  out->pkey_id = EVP_PKEY_PQDSA;
-  out->init = pkey_pqdsa_init;
-  out->copy = NULL;
-  out->cleanup = pkey_pqdsa_cleanup;
-  out->keygen = pkey_pqdsa_keygen;
-  out->sign_init = NULL;
-  out->sign = NULL;
-  out->sign_message = pkey_pqdsa_sign_message;
-  out->verify_init = NULL;
-  out->verify = NULL;
-  out->verify_message = pkey_pqdsa_verify_signature;
-  out->verify_recover = NULL;
-  out->encrypt = NULL;
-  out->decrypt = NULL;
-  out->derive = NULL;
-  out->paramgen = NULL;
-  out->ctrl = NULL;
-  out->ctrl_str = NULL;
-  out->keygen_deterministic = NULL;
-  out->encapsulate_deterministic = NULL;
-  out->encapsulate = NULL;
-  out->decapsulate = NULL;
-}
+const EVP_PKEY_METHOD pqdsa_pkey_meth = {
+  EVP_PKEY_PQDSA,
+  pkey_pqdsa_init,
+  NULL,
+  pkey_pqdsa_cleanup,
+  pkey_pqdsa_keygen,
+  NULL,
+  NULL,
+  pkey_pqdsa_sign_message,
+  NULL,
+  NULL,
+  pkey_pqdsa_verify_signature,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+};
+
+
+

crypto/evp_extra/p_pqdsa_asn1.c

@@ -7,10 +7,10 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
-#include "../crypto/fipsmodule/pqdsa/internal.h"
+#include "../crypto/pqdsa/internal.h"
 #include "../crypto/internal.h"
 #include "../fipsmodule/evp/internal.h"
-#include "../fipsmodule/ml_dsa/ml_dsa.h"
+#include "../ml_dsa/ml_dsa.h"
 #include "internal.h"
 
 static void pqdsa_free(EVP_PKEY *pkey) {

crypto/evp_extra/p_pqdsa_test.cc

@@ -12,11 +12,8 @@
 #include <vector>
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
-#include "../fipsmodule/pqdsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
-
-#include "../fipsmodule/ml_dsa/ml_dsa.h"
+#include "../ml_dsa/ml_dsa.h"
+#include "../pqdsa/internal.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 
@@ -1046,7 +1043,7 @@ INSTANTIATE_TEST_SUITE_P(All, PQDSAParameterTest, testing::ValuesIn(parameterSet
                              -> std::string { return params.param.name; });
 
 TEST_P(PQDSAParameterTest, KAT) {
-  std::string kat_filepath = "crypto/fipsmodule/";
+  std::string kat_filepath = "crypto/";
   kat_filepath += GetParam().kat_filename;
 
   FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {
@@ -1518,13 +1515,3 @@ TEST_P(PQDSAParameterTest, ParsePublicKey) {
   bssl::UniquePtr<EVP_PKEY> pkey_from_der(EVP_parse_public_key(&cbs));
   ASSERT_TRUE(pkey_from_der);
 }
-
-#else
-
-TEST(PQDSATest, EvpDisabled) {
-  ASSERT_EQ(nullptr, EVP_PKEY_CTX_new_id(EVP_PKEY_NONE, nullptr));
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
-  ASSERT_FALSE(EVP_PKEY_set_type(pkey.get(), EVP_PKEY_NONE));
-}
-
-#endif

crypto/evp_extra/print.c

@@ -64,12 +64,8 @@
 #include "../internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
-#include "../fipsmodule/ml_dsa/ml_dsa.h"
-#include "../fipsmodule/pqdsa/internal.h"
-#endif
-
+#include "../ml_dsa/ml_dsa.h"
+#include "../pqdsa/internal.h"
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
   for (size_t i = 0; i < len; i++) {
@@ -312,8 +308,6 @@ static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
 }
 
-#ifdef ENABLE_DILITHIUM
-
 // MLDSA keys.
 
 static int do_mldsa_65_print(BIO *bp, const EVP_PKEY *pkey, int off, int ptype) {
@@ -357,8 +351,6 @@ static int mldsa_65_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_mldsa_65_print(bp, pkey, indent, 2);
 }
 
-#endif
-
 typedef struct {
   int type;
   int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
@@ -385,14 +377,12 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
         eckey_priv_print,
         eckey_param_print,
     },
-#ifdef ENABLE_DILITHIUM
     {
         EVP_PKEY_PQDSA,
         mldsa_65_pub_print,
         mldsa_65_priv_print,
         NULL /* param_print */,
     },
-#endif
 };
 
 static size_t kPrintMethodsLen = OPENSSL_ARRAY_SIZE(kPrintMethods);

crypto/fipsmodule/bcm.c

@@ -119,9 +119,6 @@
 #include "evp/p_hkdf.c"
 #include "evp/p_hmac.c"
 #include "evp/p_kem.c"
-#ifdef ENABLE_DILITHIUM
-#include "evp/p_pqdsa.c"
-#endif
 #include "evp/p_rsa.c"
 #include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
@@ -130,9 +127,6 @@
 #include "kem/kem.c"
 #include "md4/md4.c"
 #include "md5/md5.c"
-#ifdef ENABLE_DILITHIUM
-#include "ml_dsa/ml_dsa.c"
-#endif
 #include "ml_kem/ml_kem.c"
 #include "modes/cbc.c"
 #include "modes/cfb.c"
@@ -143,9 +137,6 @@
 #include "modes/xts.c"
 #include "modes/polyval.c"
 #include "pbkdf/pbkdf.c"
-#ifdef ENABLE_DILITHIUM
-#include "pqdsa/pqdsa.c"
-#endif
 #include "rand/ctrdrbg.c"
 #include "rand/fork_detect.c"
 #include "rand/rand.c"

crypto/fipsmodule/evp/evp_ctx.c

@@ -75,9 +75,6 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
   out->methods[4] = EVP_PKEY_hmac_pkey_meth();
   out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
   out->methods[6] = EVP_PKEY_kem_pkey_meth();
-#ifdef ENABLE_DILITHIUM
-  out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
-#endif
 }
 
 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {