Merge branch 'main' into secmem

.github/workflows/aws-lc-rs.yml

@@ -69,5 +69,5 @@ jobs:
       - name: Install cross
         run: cargo install cross --git https://github.com/cross-rs/cross
       - name: Cross-compile arm-linux-androideabi
-        working-directory: ./aws-lc-rs/aws-lc-rs
-        run: cross test --release --features bindgen,unstable --target arm-linux-androideabi
+        working-directory: ./aws-lc-rs
+        run: cross test -p aws-lc-rs --release --features bindgen,unstable --target arm-linux-androideabi

.github/workflows/integrations.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: Install OS Dependencies
         run: |
-          sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev
+          sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev libglib2.0-dev pandoc
       - uses: actions/checkout@v3
       - name: Run integration build
         run: |

.github/workflows/mingw.yml

@@ -0,0 +1,42 @@
+name: MinGW
+on:
+  pull_request:
+    branches: [ '*' ]
+  push:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+jobs:
+  mingw:
+    if: github.repository == 'aws/aws-lc'
+    runs-on: windows-latest
+    steps:
+      - name: Install NASM
+        uses: ilammy/setup-nasm@v1.5.1
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup MinGW
+        uses: egor-tensin/setup-mingw@v2.2.0
+        id: setup_mingw
+        with:
+          static: 0
+      - name: Setup CMake
+        uses: threeal/cmake-action@v1.3.0
+        with:
+          generator: Ninja
+          c-compiler: ${{ steps.setup_mingw.outputs.gcc }}
+          cxx-compiler: ${{ steps.setup_mingw.outputs.gxx }}
+          options: |
+            CMAKE_SYSTEM_NAME=Windows \
+            CMAKE_SYSTEM_PROCESSOR=x86_64 \
+            CMAKE_BUILD_TOOL=C:/ProgramData/chocolatey/lib/mingw/tools/install/mingw64/bin/ninja.exe \
+            CMAKE_FIND_ROOT_PATH=C:/ProgramData/chocolatey/lib/mingw/tools/install/mingw64 \
+            CMAKE_FIND_ROOT_PATH_MODE_PROGRAM=NEVER \
+            CMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY \
+            CMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY \
+      - name: Build Project
+        run: cmake --build ./build --target all
+      - name: Run tests
+        run: cmake --build ./build --target run_tests

LICENSE

@@ -206,8 +206,8 @@ are met:
    written permission.
 
 
-The code in crypto/kyber/pqcrystals-kyber_kyber512_ref carries the
-Public Domain license:
+The code in crypto/kyber/pqcrystals-kyber_kyber512_ref and
+crypto/ml_kem/ml_kem_ipd_ref_common carries the Public Domain license:
 
 Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
 

cmake/go.cmake

@@ -15,7 +15,7 @@ if(NOT GO_EXECUTABLE AND NOT DISABLE_GO)
 endif()
 
 function(go_executable dest package)
-  set(godeps "${CMAKE_SOURCE_DIR}/util/godeps.go")
+  set(godeps "${PROJECT_SOURCE_DIR}/util/godeps.go")
   if(NOT CMAKE_GENERATOR STREQUAL "Ninja")
     # The DEPFILE parameter to add_custom_command only works with Ninja. Query
     # the sources at configure time. Additionally, everything depends on go.mod.
@@ -32,7 +32,7 @@ function(go_executable dest package)
                        COMMAND ${GO_EXECUTABLE} build
                                -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
                        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
-                       DEPENDS ${sources} ${CMAKE_SOURCE_DIR}/go.mod)
+                       DEPENDS ${sources} ${PROJECT_SOURCE_DIR}/go.mod)
   else()
     # Ninja expects the target in the depfile to match the output. This is a
     # relative path from the build directory.
@@ -52,7 +52,7 @@ function(go_executable dest package)
                          COMMAND ${GO_EXECUTABLE} build
                          -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
                          WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
-                         DEPENDS ${CMAKE_SOURCE_DIR}/go.mod)
+                         DEPENDS ${PROJECT_SOURCE_DIR}/go.mod)
     else()
       set(depfile "${CMAKE_CURRENT_BINARY_DIR}/${dest}.d")
       add_custom_command(OUTPUT ${dest}
@@ -61,7 +61,7 @@ function(go_executable dest package)
                          COMMAND ${GO_EXECUTABLE} run ${godeps} -format depfile
                          -target ${target} -pkg ${package} -out ${depfile}
                          WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
-                         DEPENDS ${godeps} ${CMAKE_SOURCE_DIR}/go.mod
+                         DEPENDS ${godeps} ${PROJECT_SOURCE_DIR}/go.mod
                          DEPFILE ${depfile})
     endif()
   endif()

crypto/CMakeLists.txt

@@ -434,6 +434,7 @@ add_library(
   refcount_win.c
   rsa_extra/rsa_asn1.c
   rsa_extra/rsassa_pss_asn1.c
+  rsa_extra/rsa_crypt.c
   rsa_extra/rsa_print.c
   stack/stack.c
   siphash/siphash.c
@@ -781,7 +782,7 @@ if(BUILD_TESTING)
   add_dependencies(${CRYPTO_TEST_EXEC} boringssl_prefix_symbols)
   target_link_libraries(${CRYPTO_TEST_EXEC} test_support_lib boringssl_gtest_main crypto)
   target_include_directories(${CRYPTO_TEST_EXEC} BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include)
-  if(WIN32)
+  if(MSVC)
     target_link_libraries(${CRYPTO_TEST_EXEC} ws2_32)
   else()
     target_compile_options(${CRYPTO_TEST_EXEC} PUBLIC -Wno-deprecated-declarations)

crypto/asn1/a_i2d_fp.c

@@ -54,13 +54,46 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.] */
 
+#include <assert.h>
+
 #include <openssl/asn1.h>
 
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
 
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *in) {
+  if (i2d == NULL || out == NULL || in == NULL) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  int size = i2d(in, NULL);
+  if (size <= 0) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
+    return 0;
+  }
+
+  unsigned char *buffer = (unsigned char *)OPENSSL_malloc(size);
+  if (buffer == NULL) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
+    return 0;
+  }
+
+  unsigned char *outp = buffer;
+  int ret = i2d(in, &outp);
+  if (ret < 0 || ret > size) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL);
+    OPENSSL_free(buffer);
+    return 0;
+  }
+
+  ret = BIO_write_all(out, buffer, size);
+  OPENSSL_free(buffer);
+  return ret;
+}
+
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) {
   BIO *b = BIO_new_fp(out, BIO_NOCLOSE);
   if (b == NULL) {

crypto/asn1/asn1_test.cc

@@ -979,7 +979,7 @@ static struct tm make_tm(int sec, int min, int hour, int mday, int mon, int year
   t.tm_wday = wday;
   t.tm_yday = yday;
   t.tm_isdst = isdst;
-#if defined(__GNUC__)
+#if defined(__GNU__)
   t.tm_gmtoff = gmtoff;
   t.tm_zone = zone;
 #endif
@@ -2471,6 +2471,34 @@ TEST(ASN1Test, Recursive) {
   ASN1_LINKED_LIST_free(list);
 }
 
+static int i2d_ASN1_LINKED_LIST_void(const void *a, unsigned char **out) {
+  return i2d_ASN1_LINKED_LIST((ASN1_LINKED_LIST *)a, out);
+}
+
+TEST(ASN1Test, BIO) {
+  bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
+  bssl::UniquePtr<uint8_t> data;
+  size_t len;
+  ASSERT_TRUE(MakeLinkedList(&data, &len, 5));
+  const uint8_t *ptr = data.get();
+  ASN1_LINKED_LIST *list = d2i_ASN1_LINKED_LIST(nullptr, &ptr, len);
+  EXPECT_TRUE(list);
+
+  // Retrieve expected bytes.
+  uint8_t *expected = nullptr;
+  int expected_len = i2d_ASN1_LINKED_LIST(list, &expected);
+  ASSERT_GT(expected_len, 0);
+
+  const uint8_t *out;
+  size_t out_len;
+  EXPECT_TRUE(ASN1_i2d_bio(i2d_ASN1_LINKED_LIST_void, bio.get(), list));
+  ASSERT_TRUE(BIO_mem_contents(bio.get(), &out, &out_len));
+
+  EXPECT_EQ(Bytes(out, out_len), Bytes(expected, expected_len));
+  OPENSSL_free(expected);
+  ASN1_LINKED_LIST_free(list);
+}
+
 struct IMPLICIT_CHOICE {
   ASN1_STRING *string;
 };

crypto/base64/base64.c

@@ -134,21 +134,21 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) {
   OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
 }
 
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
-                      const uint8_t *in, size_t in_len) {
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
+                     const uint8_t *in, size_t in_len) {
   size_t total = 0;
 
   *out_len = 0;
   if (in_len == 0) {
-    return;
+    return 0;
   }
 
   assert(ctx->data_used < sizeof(ctx->data));
 
   if (sizeof(ctx->data) - ctx->data_used > in_len) {
     OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len);
     ctx->data_used += (unsigned)in_len;
-    return;
+    return 1;
   }
 
   if (ctx->data_used != 0) {
@@ -178,7 +178,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
 
     if (total + encoded + 1 < total) {
       *out_len = 0;
-      return;
+      return 0;
     }
 
     total += encoded + 1;
@@ -193,9 +193,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
   if (total > INT_MAX) {
     // We cannot signal an error, but we can at least avoid making *out_len
     // negative.
-    total = 0;
+    *out_len = 0;
+    return 0;
   }
   *out_len = (int)total;
+
+  return 1;
 }
 
 void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) {

crypto/base64/base64_test.cc

@@ -206,9 +206,10 @@ TEST_P(Base64Test, EncodeDecode) {
     EVP_EncodeInit(&ctx);
 
     int out_len;
-    EVP_EncodeUpdate(&ctx, out, &out_len,
-                     reinterpret_cast<const uint8_t *>(t.decoded),
-                     decoded_len);
+    int ret = EVP_EncodeUpdate(&ctx, out, &out_len,
+                               reinterpret_cast<const uint8_t *>(t.decoded),
+                               decoded_len);
+    EXPECT_EQ(ret, (strlen(t.encoded) > 0 ? 1 : 0));
     size_t total = out_len;
 
     EVP_EncodeFinal(&ctx, out + total, &out_len);

crypto/bio/bio.c

@@ -239,8 +239,11 @@ int BIO_write(BIO *bio, const void *in, int inl) {
 int BIO_write_all(BIO *bio, const void *data, size_t len) {
   const uint8_t *data_u8 = data;
   while (len > 0) {
-    int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len);
+    const int write_len = ((len > INT_MAX) ? INT_MAX : (int)len);
+    int ret = BIO_write(bio, data_u8, write_len);
+    assert(ret <= write_len);
     if (ret <= 0) {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL);
       return 0;
     }
     data_u8 += ret;

crypto/bio/bio_test.cc

@@ -373,7 +373,7 @@ TEST(BIOTest, CloseFlags) {
 
   // Assert that CRLF line endings get inserted on write and translated back out
   // on read for text mode.
-  TempFILE text_bio_file(tmpfile());
+  TempFILE text_bio_file = createTempFILE();
   ASSERT_TRUE(text_bio_file);
   bssl::UniquePtr<BIO> text_bio(
       BIO_new_fp(text_bio_file.get(), BIO_NOCLOSE | BIO_FP_TEXT));
@@ -403,7 +403,7 @@ TEST(BIOTest, CloseFlags) {
 
   // Assert that CRLF line endings don't get inserted on write for
   // (default) binary mode.
-  TempFILE binary_bio_file(tmpfile());
+  TempFILE binary_bio_file = createTempFILE();
   ASSERT_TRUE(binary_bio_file);
   bssl::UniquePtr<BIO> binary_bio(
       BIO_new_fp(binary_bio_file.get(), BIO_NOCLOSE));
@@ -432,7 +432,7 @@ TEST(BIOTest, CloseFlags) {
 
   // Assert that BIO_CLOSE causes the underlying file to be closed on BIO free
   // (ftell will return < 0)
-  FILE *tmp = tmpfile();
+  FILE *tmp = createRawTempFILE();
   ASSERT_TRUE(tmp);
   BIO *bio = BIO_new_fp(tmp, BIO_CLOSE);
   EXPECT_EQ(0, BIO_tell(bio));
@@ -449,7 +449,7 @@ TEST(BIOTest, CloseFlags) {
 #endif
 
   // Assert that BIO_NOCLOSE does not close the underlying file on BIO free
-  tmp = tmpfile();
+  tmp = createRawTempFILE();
   ASSERT_TRUE(tmp);
   bio = BIO_new_fp(tmp, BIO_NOCLOSE);
   EXPECT_EQ(0, BIO_tell(bio));
@@ -737,7 +737,7 @@ TEST(BIOTest, Gets) {
       check_bio_gets(bio.get());
     }
 
-    TempFILE file(tmpfile());
+    TempFILE file = createTempFILE();
 #if defined(OPENSSL_ANDROID)
     // On Android, when running from an APK, |tmpfile| does not work. See
     // b/36991167#comment8.

crypto/cipher_extra/aead_test.cc

@@ -133,6 +133,10 @@ static const struct KnownAEAD kAEADs[] = {
      "aes_128_cbc_sha256_tls_implicit_iv_tests.txt",
      kLimitedImplementation | RequiresADLength(11)},
 
+  {"AES_256_CBC_SHA384_TLS", EVP_aead_aes_256_cbc_sha384_tls,
+     "aes_256_cbc_sha384_tls_tests.txt",
+     kLimitedImplementation | RequiresADLength(11)},
+
     {"AES_256_CBC_SHA1_TLS", EVP_aead_aes_256_cbc_sha1_tls,
      "aes_256_cbc_sha1_tls_tests.txt",
      kLimitedImplementation | RequiresADLength(11)},
@@ -1372,13 +1376,15 @@ struct EvpAeadCtxSerdeTestParams {
 class EvpAeadCtxSerdeTest
     : public testing::TestWithParam<EvpAeadCtxSerdeTestParams> {};
 
-static const uint8_t kEvpAeadCtxKey[68] = {
-    0x49, 0xd4, 0x9f, 0x84, 0x62, 0xf1, 0xda, 0x3a, 0xe1, 0x60, 0x08, 0xf3,
-    0xcf, 0xf6, 0x01, 0x2d, 0x95, 0x90, 0x08, 0xfe, 0xad, 0x89, 0x31, 0x21,
-    0x1c, 0x84, 0xf0, 0x77, 0x57, 0x18, 0x94, 0x03, 0xe3, 0x85, 0x30, 0x32,
-    0xc3, 0x0f, 0xae, 0x54, 0x54, 0x8d, 0x21, 0x55, 0x68, 0xc9, 0x6f, 0xb9,
-    0x23, 0x4e, 0xbc, 0xba, 0x1a, 0x4c, 0x9a, 0xd8, 0x35, 0x96, 0xc2, 0xb3,
-    0x6e, 0x7a, 0x47, 0xa8, 0x8e, 0xdd, 0x6e, 0x1d};
+static const uint8_t kEvpAeadCtxKey[80] = {
+    0x03, 0xeb, 0x1d, 0xb2, 0x2c, 0xa8, 0xc0, 0x3b, 0x29, 0x9c, 0x66, 0xe5,
+    0xdd, 0xb7, 0x70, 0x6c, 0x39, 0x86, 0x71, 0x94, 0x79, 0x5c, 0xf5, 0x88,
+    0xde, 0xd9, 0x05, 0x1f, 0x28, 0x96, 0x86, 0x28, 0x01, 0xb0, 0x59, 0x11,
+    0xb0, 0x3f, 0x35, 0xe6, 0xb5, 0x2f, 0x3b, 0xee, 0xbc, 0xf9, 0x11, 0xb1,
+    0x9e, 0x58, 0xf6, 0xb7, 0xf3, 0x3e, 0x5b, 0x66, 0x28, 0x85, 0x0c, 0x66,
+    0x2b, 0x75, 0xb7, 0x86, 0xfd, 0xa4, 0x2d, 0x4b, 0x8c, 0xe0, 0x9a, 0x58,
+    0xbf, 0xc6, 0x22, 0x4c, 0x39, 0x25, 0x66, 0xfd
+};
 
 static const EvpAeadCtxSerdeTestParams kEvpAeadCtxSerde[] = {
     {"EVP_aead_aes_128_gcm", EVP_aead_aes_128_gcm(), kEvpAeadCtxKey, 16, 16,
@@ -1421,6 +1427,8 @@ static const EvpAeadCtxSerdeTestParams kEvpAeadCtxSerde[] = {
      kEvpAeadCtxKey, 48, 32, 11},
     {"EVP_aead_aes_128_cbc_sha256_tls_implicit_iv",
      EVP_aead_aes_128_cbc_sha256_tls_implicit_iv(), kEvpAeadCtxKey, 64, 32, 12},
+    {"EVP_aead_aes_256_cbc_sha384_tls", EVP_aead_aes_256_cbc_sha384_tls(),
+     kEvpAeadCtxKey, 80, 48, 28},
     {"EVP_aead_des_ede3_cbc_sha1_tls", EVP_aead_des_ede3_cbc_sha1_tls(),
      kEvpAeadCtxKey, 44, 20, 13},
     {"EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv",