Merge branch 'main' into s390x

PiotrSikora · Mar 1, 2024 · ace1932 · ace1932
2 parents 853b015 + 6bc2e52
commit ace1932
Show file tree

Hide file tree

Showing 14 changed files with 292 additions and 39 deletions.
diff --git a/.github/workflows/aws-lc-rs.yml b/.github/workflows/aws-lc-rs.yml
@@ -1,4 +1,4 @@
-name: aws-lc-rs sanity tests
+name: aws-lc-rs tests
 on:
   push:
     branches: [ '*' ]
@@ -13,7 +13,6 @@ jobs:
   standard:
     runs-on: ubuntu-latest
     steps:
-
       - uses: actions/checkout@v3
         with:
           repository: awslabs/aws-lc-rs
@@ -67,3 +66,8 @@ jobs:
         working-directory: ./aws-lc-rs/aws-lc-rs
         run: |
           cargo test
+      - name: Install cross
+        run: cargo install cross --git https://github.com/cross-rs/cross
+      - name: Cross-compile arm-linux-androideabi
+        working-directory: ./aws-lc-rs/aws-lc-rs
+        run: cross test --release --features bindgen,unstable --target arm-linux-androideabi
diff --git a/.github/workflows/integrations.yml b/.github/workflows/integrations.yml
@@ -91,7 +91,7 @@ jobs:
       - name: Run integration build
         run: |
           ./tests/ci/integration/run_socat_integration.sh
-  python:
+  python-main:
     runs-on: ubuntu-latest
     steps:
       - name: Install OS Dependencies
@@ -101,7 +101,18 @@ jobs:
       - uses: actions/checkout@v3
       - name: Build AWS-LC, build python, run tests
         run: |
-          ./tests/ci/integration/run_python_integration.sh
+          ./tests/ci/integration/run_python_integration.sh main
+  python-releases:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make
+      - uses: actions/checkout@v3
+      - name: Build AWS-LC, build python, run tests
+        run: |
+          ./tests/ci/integration/run_python_integration.sh 3.10 3.11 3.12
   bind9:
     runs-on: ubuntu-latest
     steps:

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -19,7 +19,7 @@
 #include <openssl/crypto.h>
 
 #include <stdlib.h>
-#if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
+#if defined(BORINGSSL_FIPS) && !defined(OPENSSL_WINDOWS)
 #include <sys/mman.h>
 #include <unistd.h>
 #endif
@@ -28,6 +28,7 @@
 // to control the order. $b section will place bcm in between the start/end markers
 // which are in $a and $z.
 #if defined(BORINGSSL_FIPS) && defined(OPENSSL_WINDOWS)
+
 #pragma code_seg(".fipstx$b")
 #pragma data_seg(".fipsda$b")
 #pragma const_seg(".fipsco$b")
@@ -207,7 +208,9 @@ static void assert_not_within(const void *start, const void *symbol,
   BORINGSSL_FIPS_abort();
 }
 
-#if defined(OPENSSL_ANDROID) && defined(OPENSSL_AARCH64)
+// TODO: Re-enable once all data has been moved out of .text segments CryptoAlg-2360
+#if 0
+//#if defined(OPENSSL_ANDROID) && defined(OPENSSL_AARCH64)
 static void BORINGSSL_maybe_set_module_text_permissions(int permission) {
   // Android may be compiled in execute-only-memory mode, in which case the
   // .text segment cannot be read. That conflicts with the need for a FIPS
@@ -224,6 +227,8 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {
     perror("BoringSSL: mprotect");
   }
 }
+#else
+static void BORINGSSL_maybe_set_module_text_permissions(int _permission) {}
 #endif  // !ANDROID
 
 #endif  // !ASAN
@@ -329,8 +334,7 @@ int BORINGSSL_integrity_test(void) {
     fprintf(stderr, "HMAC_Init_ex failed.\n");
     return 0;
   }
-
-#if defined(OPENSSL_ANDROID) && defined(OPENSSL_AARCH64)
+#if !defined(OPENSSL_WINDOWS)
   BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
 #endif
 #if defined(BORINGSSL_SHARED_LIBRARY)
@@ -347,9 +351,10 @@ int BORINGSSL_integrity_test(void) {
 #else
   HMAC_Update(&hmac_ctx, start, end - start);
 #endif
-#if defined(OPENSSL_ANDROID) && defined(OPENSSL_AARCH64)
+#if !defined(OPENSSL_WINDOWS)
   BORINGSSL_maybe_set_module_text_permissions(PROT_EXEC);
 #endif
+
   if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
       result_len != sizeof(result)) {
     fprintf(stderr, "HMAC failed.\n");

diff --git a/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/crypto/fipsmodule/sha/asm/sha256-armv4.pl
@@ -482,6 +482,14 @@ ()
 .arch	armv7-a
 .fpu	neon
 
+.LK256_shortcut_neon:
+@ PC is 8 bytes ahead in Arm mode and 4 bytes ahead in Thumb mode.
+#if defined(__thumb2__)
+.word	K256-(.LK256_add_neon+4)
+#else
+.word	K256-(.LK256_add_neon+8)
+#endif
+
 .global	sha256_block_data_order_neon
 .type	sha256_block_data_order_neon,%function
 .align	5
@@ -491,7 +499,21 @@ ()
 	stmdb	sp!,{r4-r12,lr}
 
 	sub	$H,sp,#16*4+16
-	adr	$Ktbl,K256
+
+	@ K256 is just at the boundary of being easily referenced by an ADR from
+	@ this function. In Arm mode, when building with __ARM_ARCH=6, it does
+	@ not fit. By moving code around, we could make it fit, but this is too
+	@ fragile. For simplicity, just load the offset from
+	@ .LK256_shortcut_neon.
+	@
+	@ TODO(davidben): adrl would avoid a load, but clang-assembler does not
+	@ support it. We might be able to emulate it with a macro, but Android's
+	@ did not work when I tried it.
+	@ https://android.googlesource.com/platform/ndk/+/refs/heads/master/docs/ClangMigration.md#arm
+	ldr	$Ktbl,.LK256_shortcut_neon
+.LK256_add_neon:
+	add	$Ktbl,pc,$Ktbl
+
 	bic	$H,$H,#15		@ align for 128-bit stores
 	mov	$t2,sp
 	mov	sp,$H			@ alloca
@@ -617,12 +639,26 @@ ()
 #  define INST(a,b,c,d)	.byte	a,b,c,d
 # endif
 
+.LK256_shortcut_armv8:
+@ PC is 8 bytes ahead in Arm mode and 4 bytes ahead in Thumb mode.
+#if defined(__thumb2__)
+.word	K256-(.LK256_add_armv8+4)
+#else
+.word	K256-(.LK256_add_armv8+8)
+#endif
+
 .type	sha256_block_data_order_armv8,%function
 .align	5
 sha256_block_data_order_armv8:
 .LARMv8:
+	@ K256 is too far to reference from one ADR command in Thumb mode. In
+	@ Arm mode, we could make it fit by aligning the ADR offset to a 64-byte
+	@ boundary. For simplicity, just load the offset from .LK256_shortcut_armv8.
+	ldr	$Ktbl,.LK256_shortcut_armv8
+.LK256_add_armv8:
+	add	$Ktbl,pc,$Ktbl
+
 	vld1.32	{$ABCD,$EFGH},[$ctx]
-	sub	$Ktbl,$Ktbl,#256+32
 	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
 	b	.Loop_v8
 

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
@@ -196,6 +196,22 @@ X509_STORE *X509_STORE_new(void) {
   return NULL;
 }
 
+int X509_STORE_lock(X509_STORE *v) {
+    if (v == NULL) {
+      return 0;
+    }
+    CRYPTO_MUTEX_lock_write(&v->objs_lock);
+    return 1;
+}
+
+int X509_STORE_unlock(X509_STORE *v) {
+    if (v == NULL) {
+      return 0;
+    }
+    CRYPTO_MUTEX_unlock_write(&v->objs_lock);
+    return 1;
+}
+
 int X509_STORE_up_ref(X509_STORE *store) {
   CRYPTO_refcount_inc(&store->references);
   return 1;
@@ -405,6 +421,28 @@ X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) {
   return a->data.crl;
 }
 
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) {
+    if (a == NULL || !X509_up_ref(obj)) {
+      return 0;
+    }
+
+    X509_OBJECT_free_contents(a);
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) {
+    if (a == NULL || !X509_CRL_up_ref(obj)) {
+      return 0;
+    }
+
+    X509_OBJECT_free_contents(a);
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
 static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
                                X509_NAME *name, int *pnmatch) {
   X509_OBJECT stmp;

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
@@ -30,6 +30,7 @@
 #include <openssl/nid.h>
 #include <openssl/pem.h>
 #include <openssl/pool.h>
+#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -1945,6 +1946,26 @@ TEST(X509Test, TestCRL) {
   ASSERT_EQ(nullptr, X509_OBJECT_get0_X509_CRL(&invalidCRL));
 }
 
+TEST(X509Test, TestX509GettersSetters) {
+  bssl::UniquePtr<X509_OBJECT> obj(X509_OBJECT_new());
+  bssl::UniquePtr<X509> x509(CertFromPEM(kCRLTestRoot));
+  bssl::UniquePtr<X509_CRL> crl(CRLFromPEM(kBasicCRL));
+
+  ASSERT_TRUE(obj);
+  ASSERT_TRUE(x509);
+  ASSERT_TRUE(crl);
+
+  EXPECT_EQ(0, X509_OBJECT_get0_X509(obj.get()));
+  EXPECT_EQ(0, X509_OBJECT_get0_X509_CRL(obj.get()));
+  EXPECT_EQ(0, X509_OBJECT_set1_X509(nullptr, x509.get()));
+  EXPECT_EQ(0, X509_OBJECT_set1_X509_CRL(nullptr, crl.get()));
+
+  EXPECT_EQ(1, X509_OBJECT_set1_X509(obj.get(), x509.get()));
+  EXPECT_EQ(x509.get(), X509_OBJECT_get0_X509(obj.get()));
+  EXPECT_EQ(1, X509_OBJECT_set1_X509_CRL(obj.get(), crl.get()));
+  EXPECT_EQ(crl.get(), X509_OBJECT_get0_X509_CRL(obj.get()));
+}
+
 TEST(X509Test, ManyNamesAndConstraints) {
   bssl::UniquePtr<X509> many_constraints(CertFromPEM(
       GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
@@ -5022,12 +5043,44 @@ TEST(X509Test, AddDuplicates) {
   ASSERT_TRUE(a);
   ASSERT_TRUE(b);
 
+  // To begin, add the certs to the store. Subsequent adds will be duplicative.
   EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
   EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
+
+  // Half the threads add duplicate certs, the other half take a lock and
+  // look them up to exercise un/locking functions.
+  const size_t kNumThreads = 10;
+  std::vector<std::thread> threads;
+  for (size_t i = 0; i < kNumThreads/2; i++) {
+    threads.emplace_back([&] {
+      // Sleep with some jitter to offset thread execution
+      uint8_t sleep_buf[1];
+      ASSERT_TRUE(RAND_bytes(sleep_buf, sizeof(sleep_buf)));
+      std::this_thread::sleep_for(std::chrono::microseconds(1 + (sleep_buf[0] % 5)));
+      EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
+      EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
+    });
+    threads.emplace_back([&] {
+      uint8_t sleep_buf[1];
+      ASSERT_TRUE(RAND_bytes(sleep_buf, sizeof(sleep_buf)));
+      ASSERT_TRUE(X509_STORE_lock(store.get()));
+      // Sleep after taking the lock to cause contention. Sleep longer than the
+      // adder half of threads to ensure we hold the lock while they contend
+      // for it. |X509_OBJECT_retrieve_by_subject| is called because it doesn't
+      // take a lock on the store, thus avoiding deadlock.
+      std::this_thread::sleep_for(std::chrono::microseconds(11 + (sleep_buf[0] % 5)));
+      EXPECT_TRUE(X509_OBJECT_retrieve_by_subject(
+        store->objs, X509_LU_X509, X509_get_subject_name(a.get())
+      ));
+      EXPECT_TRUE(X509_OBJECT_retrieve_by_subject(
+        store->objs, X509_LU_X509, X509_get_subject_name(b.get())
+      ));
+      ASSERT_TRUE(X509_STORE_unlock(store.get()));
+    });
+  }
+  for (auto &thread : threads) {
+    thread.join();
+  }
 
   EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u);
 }

diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
@@ -138,6 +138,9 @@ int X509_CRL_sort(X509_CRL *c) {
 }
 
 int X509_CRL_up_ref(X509_CRL *crl) {
+  if (crl == NULL) {
+    return 0;
+  }
   CRYPTO_refcount_inc(&crl->references);
   return 1;
 }

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
@@ -198,6 +198,9 @@ X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf) {
 }
 
 int X509_up_ref(X509 *x) {
+  if (x == NULL) {
+    return 0;
+  }
   CRYPTO_refcount_inc(&x->references);
   return 1;
 }