Merge remote-tracking branch 'upstream/main'

Author: alexw91

.github/workflows/actions-ci.yml

@@ -103,67 +103,6 @@ jobs:
         run: |
           ./tests/ci/run_fips_tests.sh
 
-
-  MSVC-2019:
-    if: github.repository_owner == 'aws'
-    needs: [sanity-test-run]
-    runs-on: aws-lc_windows-2019_8-core
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v3
-      - name: Build Windows Dependencies
-        run: |
-          choco install ninja  -y &&
-          choco install nasm -y
-      - name: Run Windows Tests on MSVC-2019
-        run: |
-          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64
-
-  MSVC-2022:
-    if: github.repository_owner == 'aws'
-    needs: [sanity-test-run]
-    runs-on: aws-lc_windows-latest_8-core
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v3
-      - name: Build Windows Dependencies
-        run: |
-          choco install ninja -y &&
-          choco install nasm -y
-      - name: Run Windows Tests on MSVC-2022
-        run: |
-          .\tests\ci\run_windows_tests.bat "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" x64
-
-  MSVC-SDE-64-bit:
-    if: github.repository_owner == 'aws'
-    needs: [sanity-test-run]
-    # TODO: Update this to run on windows-2022. windows-2022 (Windows 11) has phased out support for older processors.
-    # https://learn.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors
-    runs-on: aws-lc_windows-2019_64-core
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v3
-
-      - name: Build Windows Dependencies
-        run: |
-          choco install ninja -y &&
-          choco install nasm -y
-
-      - name: Install SDE simulator
-        run: |
-          curl -SL --output temp.tar.xz ${{ env.SDE_MIRROR_URL }}
-          7z x temp.tar.xz
-          7z x temp.tar
-          ren ${{ env.SDE_VERSION_TAG }} windows-sde
-          del temp.tar.xz
-          del temp.tar
-
-      - name: Run Windows SDE Tests for 64 bit
-        run: |
-          $env:SDEROOT = "${PWD}\windows-sde"
-          echo ${env:SDEROOT}
-          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64 true
-
   clang-ubuntu-2004-sanity:
     if: github.repository_owner == 'aws'
     needs: [sanity-test-run]

CMakeLists.txt

@@ -5,7 +5,7 @@ cmake_policy(SET CMP0091 NEW)
 endif()
 
 set(SOFTWARE_NAME "awslc")
-set(SOFTWARE_VERSION "1.57.1")
+set(SOFTWARE_VERSION "1.58.1")
 set(ABI_VERSION 0)
 set(CRYPTO_LIB_NAME "crypto")
 set(SSL_LIB_NAME "ssl")
@@ -1342,4 +1342,6 @@ endforeach()
 
 configure_file(include/openssl/base.h.in ${AWSLC_SOURCE_DIR}/include/openssl/base.h @ONLY)
 configure_file(include/openssl/opensslv.h.in ${AWSLC_SOURCE_DIR}/include/openssl/opensslv.h @ONLY)
-configure_file(tests/ci/check-linkage.sh.in check-linkage.sh @ONLY)
+if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/util/check-linkage.sh.in")
+  configure_file(util/check-linkage.sh.in check-linkage.sh @ONLY)
+endif()

crypto/chacha/asm/chacha-x86_64.pl

@@ -2718,33 +2718,38 @@ sub AVX512_lane_ROUND {
 ___
 $code.=<<___;
 .section	.xdata
-.align	8
+.align	4
 .LSEH_info_ChaCha20_ctr32_nohw:
 	.byte	9,0,0,0
 	.rva	se_handler
 
+.align	4
 .LSEH_info_ChaCha20_ctr32_ssse3:
 	.byte	9,0,0,0
 	.rva	ssse3_handler
 	.rva	.Lssse3_body,.Lssse3_epilogue
 
+.align	4
 .LSEH_info_ChaCha20_ctr32_ssse3_4x:
 	.byte	9,0,0,0
 	.rva	full_handler
 	.rva	.L4x_body,.L4x_epilogue
 ___
 $code.=<<___ if ($avx>1);
+.align	4
 .LSEH_info_ChaCha20_ctr32_avx2:
 	.byte	9,0,0,0
 	.rva	full_handler
 	.rva	.L8x_body,.L8x_epilogue			# HandlerData[]
 ___
 $code.=<<___ if ($avx>2);
+.align	4
 .LSEH_info_ChaCha20_avx512:
 	.byte	9,0,0,0
 	.rva	ssse3_handler
 	.rva	.Lavx512_body,.Lavx512_epilogue		# HandlerData[]
 
+.align	4
 .LSEH_info_ChaCha20_16x:
 	.byte	9,0,0,0
 	.rva	full_handler

crypto/cipher_extra/asm/aesni-sha1-x86_64.pl

@@ -1530,19 +1530,21 @@ ()
 ___
 $code.=<<___;
 .section	.xdata
-.align	8
+.align	4
 .LSEH_info_aesni_cbc_sha1_enc_ssse3:
 	.byte	9,0,0,0
 	.rva	ssse3_handler
 	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
 ___
 $code.=<<___ if ($avx);
+.align	4
 .LSEH_info_aesni_cbc_sha1_enc_avx:
 	.byte	9,0,0,0
 	.rva	ssse3_handler
 	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
 ___
 $code.=<<___ if ($shaext);
+.align	4
 .LSEH_info_aesni_cbc_sha1_enc_shaext:
 	.byte	9,0,0,0
 	.rva	ssse3_handler

crypto/cipher_extra/asm/aesni-sha256-x86_64.pl

@@ -1707,6 +1707,7 @@ ()
 .size	se_handler,.-se_handler
 
 .section	.pdata
+.align	4
 	.rva	.LSEH_begin_${func}_xop
 	.rva	.LSEH_end_${func}_xop
 	.rva	.LSEH_info_${func}_xop
@@ -1727,24 +1728,27 @@ ()
 ___
 $code.=<<___;
 .section	.xdata
-.align	8
+.align	4
 .LSEH_info_${func}_xop:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lprologue_xop,.Lepilogue_xop		# HandlerData[]
 
+.align	4
 .LSEH_info_${func}_avx:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
 ___
 $code.=<<___ if ($avx>1);
+.align	4
 .LSEH_info_${func}_avx2:
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
 ___
 $code.=<<___ if ($shaext);
+.align	4
 .LSEH_info_${func}_shaext:
 	.byte	9,0,0,0
 	.rva	se_handler

crypto/ecdh_extra/ecdh_test.cc

@@ -104,6 +104,16 @@ TEST(ECDHTest, TestVectors) {
     ASSERT_TRUE(EC_KEY_set_public_key(key.get(), pub_key.get()));
     ASSERT_TRUE(EC_KEY_check_key(key.get()));
 
+    // Check EVP_PKEY_check and EVP_PKEY_public_check
+    bssl::UniquePtr<EVP_PKEY> ec_pkey(EVP_PKEY_new());
+    ASSERT_TRUE(ec_pkey);
+    ASSERT_TRUE(EVP_PKEY_set1_EC_KEY(ec_pkey.get(), key.get()));
+    bssl::UniquePtr<EVP_PKEY_CTX> ec_key_ctx(
+            EVP_PKEY_CTX_new(ec_pkey.get(), NULL));
+    ASSERT_TRUE(ec_key_ctx);
+    ASSERT_TRUE(EVP_PKEY_check(ec_key_ctx.get()));
+    ASSERT_TRUE(EVP_PKEY_public_check((ec_key_ctx.get())));
+
     std::vector<uint8_t> actual_z;
     // Make |actual_z| larger than expected to ensure |ECDH_compute_key| returns
     // the right amount of data.

crypto/evp_extra/evp_asn1.c

@@ -59,16 +59,18 @@
 #include <string.h>
 
 #include <openssl/bytestring.h>
+#include <openssl/dh.h>
 #include <openssl/dsa.h>
 #include <openssl/ec_key.h>
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
-#include "../fipsmodule/evp/internal.h"
 #include "../bytestring/internal.h"
+#include "../fipsmodule/dh/internal.h"
+#include "../fipsmodule/evp/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 #include "../internal.h"
 #include "internal.h"
-#include "../fipsmodule/pqdsa/internal.h"
 
 // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
 // The extracted OID will be set on |out_oid| so that it may be used later in
@@ -301,6 +303,82 @@ static EVP_PKEY *old_priv_decode(CBS *cbs, int type) {
   return NULL;
 }
 
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx) {
+  if (ctx == NULL) {
+    OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  EVP_PKEY *pkey = ctx->pkey;
+
+  if (pkey == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+    return 0;
+  }
+
+  switch (pkey->type) {
+    case EVP_PKEY_EC: {
+      EC_KEY *ec = pkey->pkey.ec;
+      // For EVP_PKEY_check, ensure the private key exists for EC keys
+      if (EC_KEY_get0_private_key(ec) == NULL) {
+        OPENSSL_PUT_ERROR(EVP, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+      }
+      return EC_KEY_check_key(ec);
+    }
+    case EVP_PKEY_RSA:
+      return RSA_check_key(pkey->pkey.rsa);
+    default:
+      OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) {
+  if (ctx == NULL) {
+    OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  EVP_PKEY *pkey = ctx->pkey;
+
+  if (pkey == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+    return 0;
+  }
+  switch (pkey->type) {
+    case EVP_PKEY_EC:
+      return EC_KEY_check_key(pkey->pkey.ec);
+    case EVP_PKEY_RSA:
+      return RSA_check_key(pkey->pkey.rsa);
+    default:
+      OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) {
+  if (ctx == NULL) {
+    OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  EVP_PKEY *pkey = ctx->pkey;
+  if (pkey == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
+    return 0;
+  }
+
+  int err_flags = 0;
+  switch (pkey->type) {
+    case EVP_PKEY_DH:
+      return DH_check(pkey->pkey.dh, &err_flags) && err_flags == 0;
+    default:
+      OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+}
+
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp,
                          long len) {
   if (len < 0) {

crypto/evp_extra/evp_extra_test.cc

@@ -1737,6 +1737,8 @@ TEST(EVPExtraTest, ECKeygen) {
     ASSERT_TRUE(maybe_copy(&ctx));
     EVP_PKEY *raw = nullptr;
     ASSERT_TRUE(EVP_PKEY_paramgen(ctx.get(), &raw));
+    // |EVP_PKEY_param_check| does not support EC keys yet.
+    ASSERT_FALSE(EVP_PKEY_param_check(ctx.get()));
     bssl::UniquePtr<EVP_PKEY> pkey(raw);
     raw = nullptr;
     ExpectECGroupOnly(pkey.get(), NID_X9_62_prime256v1);
@@ -1801,6 +1803,7 @@ TEST(EVPExtraTest, DHKeygen) {
     ASSERT_TRUE(ctx);
     ASSERT_TRUE(maybe_copy(&ctx));
     ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get()));
+    ASSERT_TRUE(EVP_PKEY_param_check(ctx.get()));
     ASSERT_TRUE(maybe_copy(&ctx));
     EVP_PKEY *raw = nullptr;
     ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw));
@@ -1853,6 +1856,8 @@ TEST(EVPExtraTest, DHParamgen) {
     EVP_PKEY *raw_pkey = NULL;
     // Generate the parameters
     ASSERT_TRUE(EVP_PKEY_paramgen(ctx.get(), &raw_pkey));
+    // Only parameters have been generated, but no key has actually been set.
+    EXPECT_FALSE(EVP_PKEY_param_check(ctx.get()));
     bssl::UniquePtr<EVP_PKEY> pkey(raw_pkey);
     ASSERT_TRUE(raw_pkey);
 
@@ -1876,6 +1881,7 @@ TEST(EVPExtraTest, DHParamgen) {
   ASSERT_NE(EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx.get(), prime_len), 1);
   // Set the generator
   ASSERT_NE(EVP_PKEY_CTX_set_dh_paramgen_generator(ctx.get(), generator), 1);
+  ASSERT_FALSE(EVP_PKEY_param_check(ctx.get()));
 }
 
 // Test that |EVP_PKEY_keygen| works for Ed25519.
@@ -2578,6 +2584,16 @@ TEST_P(PerKEMTest, RawKeyOperations) {
   ASSERT_TRUE(pkey_new);
   ASSERT_TRUE(EVP_PKEY_kem_check_key(pkey_new.get()));
 
+  // Not supported for anything but EC and RSA keys
+  bssl::UniquePtr<EVP_PKEY_CTX> kem_key_ctx(
+          EVP_PKEY_CTX_new(pkey_new.get(), NULL));
+  ASSERT_TRUE(kem_key_ctx);
+  EXPECT_FALSE(EVP_PKEY_check(kem_key_ctx.get()));
+  EXPECT_FALSE(EVP_PKEY_public_check((kem_key_ctx.get())));
+  ASSERT_EQ((uint16_t)ERR_get_error(),
+            (uint16_t)EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+  ERR_clear_error();
+
   // ---- 5. Test encaps/decaps with new keys ----
   // Create Alice's context with the new key that has both
   // the public and the secret part of the key.

crypto/fipsmodule/CMakeLists.txt

@@ -300,16 +300,30 @@ if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX) OR
     # (gcc supports it since gcc8, clang supports it since clang7)
     check_compiler("neon_sha3_check.c" MY_ASSEMBLER_SUPPORTS_NEON_SHA3_EXTENSION "-march=armv8.4-a+sha3")
 
-    # Scalar Keccak-x1 assembly from s2n-bignum/mlkem-native
     list(APPEND BCM_ASM_SOURCES
+                # Scalar Keccak-x1 assembly from s2n-bignum/mlkem-native
                 ${S2N_BIGNUM_DIR}/sha3/sha3_keccak_f1600.S
+
+                # Batched Keccak-x4 assembly from s2n-bignum
+                # Scalar version for Neoverse N1
+                ${S2N_BIGNUM_DIR}/sha3/sha3_keccak4_f1600_alt.S
     )
 
-    # SIMD Keccak-x1 assembly from s2n-bignum/mlkem-native, using SHA3 extension
     if(MY_ASSEMBLER_SUPPORTS_NEON_SHA3_EXTENSION)
-        list(APPEND BCM_ASM_SOURCES ${S2N_BIGNUM_DIR}/sha3/sha3_keccak_f1600_alt.S)
+        list(APPEND BCM_ASM_SOURCES
+           # Scalar Keccak-x1 assembly from s2n-bignum/mlkem-native, using SHA3 extension
+           ${S2N_BIGNUM_DIR}/sha3/sha3_keccak_f1600_alt.S
+
+           # SIMD versions using SHA3 extension
+           ${S2N_BIGNUM_DIR}/sha3/sha3_keccak2_f1600.S
+           ${S2N_BIGNUM_DIR}/sha3/sha3_keccak4_f1600_alt2.S)
+
         set_source_files_properties(${S2N_BIGNUM_DIR}/sha3/sha3_keccak_f1600_alt.S
                                     PROPERTIES COMPILE_FLAGS "-march=armv8.4-a+sha3")
+        set_source_files_properties(${S2N_BIGNUM_DIR}/sha3/sha3_keccak2_f1600.S
+                                    PROPERTIES COMPILE_FLAGS "-march=armv8.4-a+sha3")
+        set_source_files_properties(${S2N_BIGNUM_DIR}/sha3/sha3_keccak4_f1600_alt2.S
+                                    PROPERTIES COMPILE_FLAGS "-march=armv8.4-a+sha3")
     endif()
   endif()