Skip to content

Commit

Permalink
Merge branch 'aws:main' into sha3_absorb_squeeze
Browse files Browse the repository at this point in the history
  • Loading branch information
manastasova authored Jan 3, 2025
2 parents e61be0d + 71809b1 commit 3008821
Show file tree
Hide file tree
Showing 16 changed files with 50 additions and 23 deletions.
6 changes: 3 additions & 3 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ elseif(CMAKE_C_COMPILER_ID MATCHES "GNU")
set(GCC 1)
endif()

if (UNIX AND NOT APPLE)
if (NOT WIN32 AND NOT APPLE)
include(GNUInstallDirs)
elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
set(CMAKE_INSTALL_LIBDIR "lib")
Expand All @@ -145,7 +145,7 @@ if(NOT DISABLE_PERL)
find_package(Perl REQUIRED)
endif()

if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING)
if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
find_package(PkgConfig QUIET)
if (PkgConfig_FOUND)
pkg_check_modules(LIBUNWIND libunwind-generic)
Expand Down Expand Up @@ -737,7 +737,7 @@ if(FIPS)
message(FATAL_ERROR "Building AWS-LC for FIPS requires Go and Perl")
endif()

if(NOT BUILD_SHARED_LIBS AND NOT (UNIX AND NOT APPLE))
if(NOT BUILD_SHARED_LIBS AND NOT (NOT WIN32 AND NOT APPLE))
message(FATAL_ERROR "Static FIPS build of AWS-LC is suported only on Linux")
endif()

Expand Down
4 changes: 2 additions & 2 deletions crypto/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ function(msbuild_aarch64_asm)
endfunction()

if(NOT OPENSSL_NO_ASM)
if(UNIX)
if(NOT WIN32)
if(ARCH STREQUAL "aarch64")
# The "armx" Perl scripts look for "64" in the style argument
# in order to decide whether to generate 32- or 64-bit asm.
Expand Down Expand Up @@ -186,7 +186,7 @@ else()
set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/ios-arm/crypto/)
elseif(APPLE)
set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/mac-${ARCH}/crypto/)
elseif(UNIX)
elseif(NOT WIN32)
if(${ARCH} STREQUAL "generic")
message(STATUS "Detected generic linux platform. No assembly files will be included.")
else()
Expand Down
8 changes: 8 additions & 0 deletions crypto/crypto_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,14 @@ TEST(CryptoTest, Strndup) {
EXPECT_STREQ("", str.get());
}

TEST(CryptoTest, aws_lc_assert_entropy_cpu_jitter) {
#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
ASSERT_EQ(1, FIPS_is_entropy_cpu_jitter());
#else
ASSERT_EQ(0, FIPS_is_entropy_cpu_jitter());
#endif
}

TEST(CryptoTest, OPENSSL_hexstr2buf) {
const char *test_cases[][2] = {{"a2", "\xa2"},
{"a213", "\xa2\x13"},
Expand Down
1 change: 1 addition & 0 deletions crypto/fipsmodule/ml_kem/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@ that initialize a given structure with values corresponding to a parameter set.
- `symmetric-shake.c`: unnecessary include of fips202.h is removed.
- `api.h`: `pqcrystals` prefix substituted with `ml_kem` (to be able to build alongside `crypto/kyber`).
- `poly.c`: the `poly_frommsg` function was modified to address the constant-time issue described [here](https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c).
- All internal header files were updated with unique `ML_KEM_*` include guards.

**Testing.** The KATs were obtained from an independent implementation of ML-KEM written in SPARK Ada subset: https://github.com/awslabs/LibMLKEM.
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/cbd.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef CBD_H
#define CBD_H
#ifndef ML_KEM_CBD_H
#define ML_KEM_CBD_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/indcpa.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef INDCPA_H
#define INDCPA_H
#ifndef ML_KEM_INDCPA_H
#define ML_KEM_INDCPA_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/ntt.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef NTT_H
#define NTT_H
#ifndef ML_KEM_NTT_H
#define ML_KEM_NTT_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/params.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef PARAMS_H
#define PARAMS_H
#ifndef ML_KEM_PARAMS_H
#define ML_KEM_PARAMS_H

#include <openssl/base.h>

Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/poly.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef POLY_H
#define POLY_H
#ifndef ML_KEM_POLY_H
#define ML_KEM_POLY_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/polyvec.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef POLYVEC_H
#define POLYVEC_H
#ifndef ML_KEM_POLYVEC_H
#define ML_KEM_POLYVEC_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/reduce.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef REDUCE_H
#define REDUCE_H
#ifndef ML_KEM_REDUCE_H
#define ML_KEM_REDUCE_H

#include <stdint.h>
#include "params.h"
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef ML_KEM_SYMMETRIC_H
#define ML_KEM_SYMMETRIC_H

#include <stddef.h>
#include <stdint.h>
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_kem/ml_kem_ref/verify.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#ifndef VERIFY_H
#define VERIFY_H
#ifndef ML_KEM_VERIFY_H
#define ML_KEM_VERIFY_H

#include <stddef.h>
#include <stdint.h>
Expand Down
8 changes: 8 additions & 0 deletions crypto/fipsmodule/self_check/fips.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@ int FIPS_mode(void) {
#endif
}

int FIPS_is_entropy_cpu_jitter(void) {
#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
return 1;
#else
return 0;
#endif
}

int FIPS_mode_set(int on) { return on == FIPS_mode(); }

#if defined(BORINGSSL_FIPS_140_3)
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,10 @@ OPENSSL_EXPORT void armv8_enable_dit(void);
// which case it returns one.
OPENSSL_EXPORT int FIPS_mode(void);

// FIPS_is_entropy_cpu_jitter returns 1 if CPU jitter is used as the entropy source
// for AWS-LC. Otherwise, returns 0;
OPENSSL_EXPORT int FIPS_is_entropy_cpu_jitter(void);

// fips_counter_t denotes specific APIs/algorithms. A counter is maintained for
// each in FIPS mode so that tests can be written to assert that the expected,
// FIPS functions are being called by a certain peice of code.
Expand Down
6 changes: 6 additions & 0 deletions ssl/test/bssl_shim.cc
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
#endif

#include <assert.h>
#include <errno.h>

#ifndef __STDC_FORMAT_MACROS
#define __STDC_FORMAT_MACROS
Expand Down Expand Up @@ -986,6 +987,11 @@ static bool DoConnection(bssl::UniquePtr<SSL_SESSION> *out_session,
int ssl_err = SSL_get_error(ssl.get(), -1);
if (ssl_err != SSL_ERROR_NONE) {
fprintf(stderr, "SSL error: %s\n", SSL_error_description(ssl_err));
if (ssl_err == SSL_ERROR_SYSCALL) {
int err = errno;
fprintf(stderr, "Error occurred: errno = %d, description = %s\n", err, strerror(err));

}
}
return false;
}
Expand Down

0 comments on commit 3008821

Please sign in to comment.