Merge branch 'main' into EVP_safety

.github/workflows/actions-ci.yml

@@ -9,8 +9,8 @@ concurrency:
 
 env:
   GOPROXY: https://proxy.golang.org,direct
-  SDE_MIRROR_URL: "https://downloadmirror.intel.com/777395/sde-external-9.21.1-2023-04-24-win.tar.xz"
-  SDE_VERSION_TAG: sde-external-9.21.1-2023-04-24-win
+  SDE_MIRROR_URL: "https://downloadmirror.intel.com/813591/sde-external-9.33.0-2024-01-07-win.tar.xz"
+  SDE_VERSION_TAG: sde-external-9.33.0-2024-01-07-win
   PACKAGE_NAME: aws-lc
   # Used to enable ASAN test dimension.
   AWSLC_NO_ASM_FIPS: 1
@@ -129,30 +129,31 @@ jobs:
           echo ${env:SDEROOT}
           .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64 true
 
-  MSVC-SDE-32-bit:
-    needs: [sanity-test-run]
-    runs-on: aws-lc_windows-2019_64-core
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v3
-
-      - name: Build Windows Dependencies
-        run: |
-          choco install ninja --version 1.9.0.20190208 -y &&
-          choco install nasm --version 2.14.02 -y
-
-      - name: Install SDE simulator
-        run: |
-          curl -SL --output temp.tar.xz ${{ env.SDE_MIRROR_URL }}
-          7z x temp.tar.xz
-          7z x temp.tar
-          ren ${{ env.SDE_VERSION_TAG }} windows-sde
-          del temp.tar.xz
-          del temp.tar
-
-      - name: Run Windows SDE Tests for 32 bit
-        run: |
-          $env:SDEROOT = "${PWD}\windows-sde"
-          echo ${env:SDEROOT}
-          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true
-
+    # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413)
+#  MSVC-SDE-32-bit:
+#    needs: [sanity-test-run]
+#    runs-on: aws-lc_windows-2019_64-core
+#    steps:
+#      - name: Git clone the repository
+#        uses: actions/checkout@v3
+#
+#      - name: Build Windows Dependencies
+#        run: |
+#          choco install ninja --version 1.9.0.20190208 -y &&
+#          choco install nasm --version 2.14.02 -y
+#
+#      - name: Install SDE simulator
+#        run: |
+#          curl -SL --output temp.tar.xz ${{ env.SDE_MIRROR_URL }}
+#          7z x temp.tar.xz
+#          7z x temp.tar
+#          ren ${{ env.SDE_VERSION_TAG }} windows-sde
+#          del temp.tar.xz
+#          del temp.tar
+#
+#      - name: Run Windows SDE Tests for 32 bit
+#        run: |
+#          $env:SDEROOT = "${PWD}\windows-sde"
+#          echo ${env:SDEROOT}
+#          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true
+#

.github/workflows/integrations.yml

@@ -21,6 +21,16 @@ jobs:
       - name: Run integration build
         run: |
           ./tests/ci/integration/run_haproxy_integration.sh
+  tpm2-tss:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev
+      - uses: actions/checkout@v3
+      - name: Run integration build
+        run: |
+          ./tests/ci/integration/run_tpm2_tss_integration.sh
   grpc:
     env:
       DEBIAN_FRONTEND: noninteractive
@@ -71,3 +81,35 @@ jobs:
       - name: Run ntp build
         run: |
           ./tests/ci/integration/run_ntp_integration.sh
+  socat:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf pkg-config openssl
+      - uses: actions/checkout@v3
+      - name: Run integration build
+        run: |
+          ./tests/ci/integration/run_socat_integration.sh
+  python:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make
+      - uses: actions/checkout@v3
+      - name: Build AWS-LC, build python, run tests
+        run: |
+          ./tests/ci/integration/run_python_integration.sh
+  bind9:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make python3 python3-pytest autoconf pkg-config libcmocka-dev liburcu-dev libuv1-dev libnghttp2-dev libcap-dev libprotobuf-c-dev protobuf-c-compiler libfstrm-dev libjemalloc-dev
+      - uses: actions/checkout@v3
+      - name: Run bind9 build
+        run: |
+          ./tests/ci/integration/run_bind9_integration.sh

.gitignore

@@ -4,6 +4,7 @@ build/
 build32/
 build64/
 build-fips/
+*_BUILD_ROOT/
 ssl/test/runner/runner
 *.pyc
 *.swp

CMakeLists.txt

@@ -47,6 +47,17 @@ if(BUILD_TESTING OR BUILD_LIBSSL)
   enable_language(CXX)
 endif()
 
+if(CMAKE_VERSION VERSION_GREATER "3.1.0")
+  if (NOT DEFINED CMAKE_CXX_STANDARD)
+    set(CMAKE_CXX_STANDARD 11)
+  endif()
+  set(CMAKE_CXX_STANDARD_REQUIRED ON)
+  if (NOT DEFINED CMAKE_C_STANDARD)
+    set(CMAKE_C_STANDARD 99)
+  endif ()
+  set(CMAKE_C_STANDARD_REQUIRED ON)
+endif ()
+
 if(CMAKE_C_COMPILER_ID MATCHES "Clang")
   set(CLANG 1)
 elseif(CMAKE_C_COMPILER_ID MATCHES "GNU")
@@ -315,7 +326,9 @@ endif ()
 if(GCC OR CLANG)
   # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration
   # primarily on our normal Clang one.
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
+  if (NOT CMAKE_C_STANDARD)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
+  endif ()
 
   # TODO(CryptoAlg-759): enable '-Wpedantic' if awslc has to follow c99 spec.
   if(CLANG OR (GCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.1.3"))
@@ -384,7 +397,9 @@ if(GCC OR CLANG)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations")
 
   if(NOT MSVC)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+    if (NOT CMAKE_CXX_STANDARD)
+      set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+    endif ()
     if(APPLE)
       set(CMAKE_MACOSX_RPATH 1)
     endif()

README.md

@@ -52,14 +52,6 @@ AWS-LC is compatible with the majority of OpenSSL’s APIs to make it easy to us
 existing applications. We’re open to discussing adding missing functionality and
 understanding your use case in an [issue](https://github.com/aws/aws-lc/issues/new/choose).
 
-### Compiler, OS, and CPU support
-
-AWS-LC correctness is tested on a variety of C/C++ compiler, OS, and CPU
-combinations. For a complete list of tested combinations see
-[tests/ci/Readme.md](https://github.com/aws/aws-lc/blob/main/tests/ci/README.md).
-If you use a different combination and would like to make sure we test it,
-please open an issue to discuss adding it to our CI.
-
 ### Algorithm optimization support
 
 A portable C implementation of all algorithms is included and optimized assembly
@@ -74,6 +66,54 @@ If you use another CPU and would like to make sure we test it or discuss adding
 an assembly optimized algorithm implementation, please open an issue to discuss
 adding it to our CI.
 
+## Platform Support
+
+AWS-LC correctness is tested on a variety of *platforms* (i.e., OS/CPU combinations).  
+The following is an overview of the platforms we actively support or are 
+known to be of interest to our community. 
+
+If you use a platform not listed below and would like to request it be added to our CI,
+please open an [issue](https://github.com/aws/aws-lc/issues/new/choose) for discussion.
+Regardless of our support level for a particular platform, we will gladly consider contributions that 
+improve or extend our support.
+
+### Supported Platforms
+
+The following platforms are actively tested in our CI pipeline. A few of these platforms are tested across 
+multiple compilers or compiler versions. For each pull request, the proposed change is validated to confirm that it 
+successfully builds and tests pass for these platform. 
+A more complete description of our test setup can be found in the 
+[CI README](https://github.com/aws/aws-lc/blob/main/tests/ci/README.md).
+
+| OS      | CPU     | 
+|---------|---------|
+| Linux   | x86     |
+| Linux   | x86-64  |
+| Linux   | aarch64 |
+| Windows | x86-64  |
+| macOS   | x86-64  |
+| macOS   | aarch64 |
+| Android | aarch64 |
+| Linux   | ppc     |
+| Linux   | ppc64   |
+| Linux   | ppc64le |
+
+### Other platforms
+
+The platforms listed below are of interest to us or to our community. However, problems reported 
+against them might not be prioritized for immediate action by our team. We welcome contributions 
+that improve the experience for consumers on these platforms.
+
+| OS        | CPU         |
+|-----------|-------------|
+| Android   | arm32       |
+| iOS       | aarch64     |
+| Linux     | arm32       |
+| Linux     | Loongarch64 | 
+| Windows   | aarch64     |
+| OpenBSD   | x86-64      |
+| FreeBSD   | x86-64      |
+
 ## AWS-LC safety mechanisms
 
 ### Automated testing
@@ -96,9 +136,9 @@ the checks are run in AWS-LC’s CI on every change. The algorithms that have be
 verified on certain platforms with caveats include:
 * SHA-2
 * HMAC
-* AES-GCM
 * AES-KWP
 * ECDH & ECDSA with curve P-384
+* HKDF
 
 ## Have a Question?
 

crypto/CMakeLists.txt

@@ -36,11 +36,12 @@ if(NOT OPENSSL_NO_ASM)
       set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Qunused-arguments")
     endif()
 
-    # Clang's integerated assembler does not support debug symbols.
-    if (CMAKE_ASM_COMPILER_ID MATCHES "Clang" OR CMAKE_ASM_COMPILER MATCHES "clang")
-      message(STATUS "Disabling debug symbols for Clang internal assembler")
-    else()
-      set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
+    if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo" )
+      if (CMAKE_ASM_COMPILER_ID MATCHES "Clang" OR CMAKE_ASM_COMPILER MATCHES "clang")
+        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -g")
+      else()
+        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
+      endif()
     endif()
 
     # Work around https://gitlab.kitware.com/cmake/cmake/-/issues/20771 in older
@@ -313,6 +314,7 @@ add_library(
   bio/bio.c
   bio/bio_mem.c
   bio/connect.c
+  bio/errno.c
   bio/fd.c
   bio/file.c
   bio/hexdump.c
@@ -753,6 +755,7 @@ if(BUILD_TESTING)
     pkcs8/pkcs12_test.cc
     poly1305/poly1305_test.cc
     pool/pool_test.cc
+    rand_extra/getentropy_test.cc
     rand_extra/rand_test.cc
     refcount_test.cc
     rsa_extra/rsa_test.cc

crypto/asn1/a_gentm.c

@@ -59,6 +59,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -122,9 +123,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
   }
 
   char buf[16];
-  BIO_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
-               data.tm_year + 1900, data.tm_mon + 1, data.tm_mday, data.tm_hour,
-               data.tm_min, data.tm_sec);
+  int ret = snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
+                     data.tm_year + 1900, data.tm_mon + 1, data.tm_mday,
+                     data.tm_hour, data.tm_min, data.tm_sec);
+  if (ret != (int)(sizeof(buf) - 1)) {
+    abort();  // |snprintf| should neither truncate nor write fewer bytes.
+  }
 
   int free_s = 0;
   if (s == NULL) {

crypto/asn1/a_object.c

@@ -184,15 +184,10 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **out, const unsigned char **inp,
 ASN1_OBJECT *ASN1_OBJECT_new(void) {
   ASN1_OBJECT *ret;
 
-  ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+  ret = (ASN1_OBJECT *)OPENSSL_zalloc(sizeof(ASN1_OBJECT));
   if (ret == NULL) {
     return NULL;
   }
-  ret->length = 0;
-  ret->data = NULL;
-  ret->nid = 0;
-  ret->sn = NULL;
-  ret->ln = NULL;
   ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
   return ret;
 }

crypto/asn1/a_strex.c

@@ -88,18 +88,18 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
   char buf[16];  // Large enough for "\\W01234567".
   unsigned char u8 = (unsigned char)c;
   if (c > 0xffff) {
-    BIO_snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
   } else if (c > 0xff) {
-    BIO_snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
   } else if ((flags & ASN1_STRFLGS_ESC_MSB) && c > 0x7f) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if ((flags & ASN1_STRFLGS_ESC_CTRL) && is_control_character(c)) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if (flags & ASN1_STRFLGS_ESC_2253) {
     // See RFC 2253, sections 2.4 and 4.
     if (c == '\\' || c == '"') {
       // Quotes and backslashes are always escaped, quoted or not.
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else if (c == ',' || c == '+' || c == '<' || c == '>' || c == ';' ||
                (is_first && (c == ' ' || c == '#')) ||
                (is_last && (c == ' '))) {
@@ -110,13 +110,13 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
         }
         return maybe_write(out, &u8, 1) ? 1 : -1;
       }
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else {
       return maybe_write(out, &u8, 1) ? 1 : -1;
     }
   } else if ((flags & ESC_FLAGS) && c == '\\') {
     // If any escape flags are set, also escape backslashes.
-    BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+    snprintf(buf, sizeof(buf), "\\%c", (int)c);
   } else {
     return maybe_write(out, &u8, 1) ? 1 : -1;
   }

crypto/asn1/a_utctm.c

@@ -59,6 +59,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -123,9 +124,12 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, int64_t posix_time, int offset_d
   }
 
   char buf[14];
-  BIO_snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
-               data.tm_year % 100, data.tm_mon + 1, data.tm_mday, data.tm_hour,
-               data.tm_min, data.tm_sec);
+  int ret = snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
+                     data.tm_year % 100, data.tm_mon + 1, data.tm_mday,
+                     data.tm_hour, data.tm_min, data.tm_sec);
+  if (ret != (int)(sizeof(buf) - 1)) {
+    abort();  // |snprintf| should neither truncate nor write fewer bytes.
+  }
 
   int free_s = 0;
   if (s == NULL) {