Merge branch 'main' into winfail

.github/docker_images/alpine-linux/Dockerfile

@@ -0,0 +1,25 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+FROM alpine:latest
+
+ARG CC=gcc
+ARG CXX=g++
+
+VOLUME ["awslc"]
+
+RUN apk --no-cache add bash  \
+                       clang \
+                       build-base \
+                       cmake \
+                       ninja \
+                       go \
+                       perl \
+                       linux-headers
+
+WORKDIR /awslc
+
+ENV CC=${CC}
+ENV CXX=${CXX}
+
+ENTRYPOINT ["/bin/bash", "-c"]

.github/workflows/actions-ci.yml

@@ -9,8 +9,8 @@ concurrency:
   cancel-in-progress: true
 env:
   GOPROXY: https://proxy.golang.org,direct
-  SDE_MIRROR_URL: "https://downloadmirror.intel.com/813591/sde-external-9.33.0-2024-01-07-win.tar.xz"
-  SDE_VERSION_TAG: sde-external-9.33.0-2024-01-07-win
+  SDE_MIRROR_URL: "https://downloadmirror.intel.com/831748/sde-external-9.44.0-2024-08-22-win.tar.xz"
+  SDE_VERSION_TAG: sde-external-9.44.0-2024-08-22-win
   PACKAGE_NAME: aws-lc
   # Used to enable ASAN test dimension.
   AWSLC_NO_ASM_FIPS: 1
@@ -462,6 +462,33 @@ jobs:
         run: |
           docker run -v "${{ github.workspace }}:/awslc" "gcc-4.8"
 
+  alpine-linux-x86:
+    needs: [sanity-test-run]
+    strategy:
+      fail-fast: false
+      matrix:
+        tests: [
+          /awslc/tests/ci/run_fips_tests.sh,
+          /awslc/tests/ci/run_posix_tests.sh
+        ]
+        compiler: [
+          --build-arg CC=clang --build-arg CXX=clang++,
+          --build-arg CC=gcc --build-arg CXX=g++
+        ]
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker Image
+        working-directory: .github/docker_images/alpine-linux
+        run: |
+          docker build -t alpine_linux ${{ matrix.compiler }} .
+      - name: Run tests
+        run: |
+          docker run -v "${{ github.workspace }}:/awslc" \
+          alpine_linux ${{ matrix.tests }}
+
     # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413)
 #  MSVC-SDE-32-bit:
 #    needs: [sanity-test-run]

.github/workflows/misc-tests.yaml

@@ -1,4 +1,4 @@
-name: Misc tests
+name: Miscellaneous test jobs
 on:
   push:
     branches: [ '*' ]
@@ -26,3 +26,54 @@ jobs:
       - name: Test sandbox configuration
         run: |
           ./tests/ci/run_presandbox_tests.sh
+
+  assert-license-statement-in-pr-description:
+    if: github.repository_owner == 'aws'
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Install jq
+      run: |
+        sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
+        sudo apt-get install -y jq
+
+    - name: Check PR description
+      run: |
+        # License statement we want present.
+        LICENSE_STATEMENT="By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license."
+
+        # Fetches the PR description.
+        PR_DESCRIPTION=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} | jq -r .body)
+
+        printf "PR description:\n%s" "${PR_DESCRIPTION}"
+        echo ""
+        echo ""
+        printf "Must contain:\n%s" "${LICENSE_STATEMENT}"
+        echo ""
+        echo ""
+
+        # Normalize line endings (convert CRLF to LF)
+        PR_DESCRIPTION=$(echo "${PR_DESCRIPTION}" | tr -d '\r')
+
+        # Escape quotes in PR description
+        PR_DESCRIPTION=$(echo "${PR_DESCRIPTION}" | sed 's/"/\\"/g; s/'"'"'/\\'"'"'/g')
+
+        # Remove all spaces and tabs
+        PR_DESCRIPTION=$(echo "${PR_DESCRIPTION}" | tr -d ' \t')
+        LICENSE_STATEMENT=$(echo "${LICENSE_STATEMENT}" | tr -d ' \t')
+
+        printf "PR description trimmed:\n%s" "${PR_DESCRIPTION}"
+        echo ""
+        echo ""
+        printf "Must contain trimmed:\n%s" "${LICENSE_STATEMENT}"
+        echo ""
+        echo ""
+
+        # Assert PR description contains license statement.
+        if printf "%s\n" "${PR_DESCRIPTION}" | grep -ixq "${LICENSE_STATEMENT}"; then
+          echo "Success: PR description contains license statement."
+        else
+          echo "Error: PR description does not contain the required license statement."
+          exit 1
+        fi

BUILDING.md

@@ -240,6 +240,8 @@ See "Snapshot Safety Prerequisites" here: https://lkml.org/lkml/2021/3/8/677
 
 # Data Independent Timing on AArch64
 
+The functions described in this section are still experimental.
+
 The Data Independent Timing (DIT) flag on Arm64 processors, when
 enabled, ensures the following as per [Arm A-profile Architecture
 Registers
@@ -254,20 +256,39 @@ It is also expected to disable the Data Memory-dependent Prefetcher
 (DMP) feature of Apple M-series CPUs starting at M3 as per [this
 article](https://appleinsider.com/articles/24/03/21/apple-silicon-vulnerability-leaks-encryption-keys-and-cant-be-patched-easily).
 
-Building with the option `-DENABLE_DATA_INDEPENDENT_TIMING_AARCH64=ON`
-will enable the macro `SET_DIT_AUTO_DISABLE`. This macro is present at
-the entry of functions that process/load/store secret data to enable
-the DIT flag and then set it to its original value on entry.  With
-this build option, there is an effect on performance that varies by
+Building with the option `-DENABLE_DATA_INDEPENDENT_TIMING=ON`
+will enable the macro `SET_DIT_AUTO_RESET`. This macro is present at
+the entry of functions that process/load/store secret data to set the
+DIT flag and then restore it to its original value on entry.  With this
+build option, there is an effect on performance that varies by
 function and by processor architecture. The effect is mostly due to
-enabling and disabling the DIT flag. If it remains enabled over many
-calls, the effect can be largely mitigated. Hence, the macro can be
-inserted in the caller's application at the beginning of the code
-scope that makes repeated calls to AWS-LC cryptographic
-functions. Alternatively, the functions `armv8_enable_dit` and
-`armv8_restore_dit` can be placed at the beginning and the end of
-the code section, respectively.
-An example of that usage is present in the benchmarking function
-`Speed()` in `tool/speed.cc` when the `-dit` option is used
-
-    ./tool/bssl speed -dit
+setting and resetting the DIT flag. If it remains set over many calls,
+the effect can be largely mitigated.
+
+The macro and the functions invoked by it are internally declared,
+being experimental. In the following, we tested the effect of
+inserting the macro in the caller's application at the beginning of
+the code scope that makes repeated calls to AWS-LC cryptographic
+functions. The functions that are invoked in the macro,
+`armv8_set_dit` and `armv8_restore_dit`, are placed at the beginning
+and the end, respectively, of the benchmarking function `Speed()` in
+`tool/speed.cc` when the `-dit` option is used.
+
+    ./tool/bssl speed -dit
+
+This resulted in benchmarks that are close to the release build
+without the `-DENABLE_DATA_INDEPENDENT_TIMING=ON` flag when tested on
+Apple M2.
+
+The DIT capability, which is checked in `OPENSSL_cpuid_setup` can be
+masked out at runtime by calling `armv8_disable_dit`. This would
+result in having the functions `armv8_set_dit` and `armv8_restore_dit`
+being of no effect. It can be made available again at runtime by calling
+`armv8_enable_dit`.
+
+**Important**: This runtime control is provided to users that would use
+the build flag `ENABLE_DATA_INDEPENDENT_TIMING`, but would
+then disable DIT capability at runtime. This is ideally done in
+an initialization routine of AWS-LC before any threads are spawn.
+Otherwise, there may be data races created because these functions write
+to the global variable `OPENSSL_armcap_P`.

CMakeLists.txt

@@ -31,7 +31,8 @@ option(ENABLE_DILITHIUM "Enable Dilithium signatures in the EVP API" OFF)
 option(DISABLE_PERL "Disable Perl for AWS-LC" OFF)
 option(DISABLE_GO "Disable Go for AWS-LC" OFF)
 option(ENABLE_FIPS_ENTROPY_CPU_JITTER "Enable FIPS entropy source: CPU Jitter" OFF)
-option(ENABLE_DATA_INDEPENDENT_TIMING_AARCH64 "Enable Data-Independent Timing (DIT) flag on Arm64" OFF)
+option(ENABLE_DATA_INDEPENDENT_TIMING "Enable automatic setting/resetting Data-Independent Timing
+(DIT) flag in cryptographic functions. Currently only applicable to Arm64 (except on Windows)" OFF)
 include(cmake/go.cmake)
 
 enable_language(C)
@@ -61,6 +62,28 @@ if(${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
   endif()
 endif()
 
+if(CMAKE_HOST_SYSTEM_NAME STREQUAL "SunOS" AND NOT CMAKE_CROSSCOMPILING)
+  # Determine if the host is running an illumos distribution:
+  execute_process(COMMAND /usr/bin/uname -o OUTPUT_VARIABLE UNAME_O
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+  if (UNAME_O STREQUAL "illumos")
+    set(HOST_ILLUMOS 1)
+  endif()
+
+  if (HOST_ILLUMOS)
+    #
+    # illumos systems require linking libsocket and libnsl to get various
+    # networking routines sometimes found in libc on other platforms:
+    #
+    if(NOT BUILD_SHARED_LIBS)
+      set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lsocket -lnsl")
+    else()
+      set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -lsocket -lnsl")
+    endif()
+  endif()
+endif()
+
 # Tests and libssl both require the CXX language to be enabled. If a consumer
 # chooses to disable building the tests and libssl, do not enable CXX
 if(BUILD_TESTING OR BUILD_LIBSSL)
@@ -192,15 +215,6 @@ if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS AND GO_EXECUTABLE)
            symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
     COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl
     COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl -prefix ${BORINGSSL_PREFIX} ${BORINGSSL_PREFIX_SYMBOLS_PATH}
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
     COMMAND ${CMAKE_COMMAND} -E remove
           ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h.bak
           ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h.bak
@@ -781,9 +795,20 @@ if(OPENSSL_NO_SSE2_FOR_TESTING)
   add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING)
 endif()
 
-# Some consumers might use upper-case (e.g.) "X86" or "X86_64".
-# Matching below is based on lower-case.
-string(TOLOWER "${CMAKE_SYSTEM_PROCESSOR}" CMAKE_SYSTEM_PROCESSOR_LOWER)
+if(HOST_ILLUMOS)
+  #
+  # CMAKE_SYSTEM_PROCESSOR unfortunately comes from the output of "uname -p",
+  # which on illumos systems emits "i386".  Instead, use the value from
+  # "isainfo -n", which prints "the name of the native instruction set used by
+  # portable applications"; e.g., "amd64".
+  #
+  execute_process(COMMAND /usr/bin/isainfo -n OUTPUT_VARIABLE
+    CMAKE_SYSTEM_PROCESSOR_LOWER OUTPUT_STRIP_TRAILING_WHITESPACE)
+else()
+  # Some consumers might use upper-case (e.g.) "X86" or "X86_64".
+  # Matching below is based on lower-case.
+  string(TOLOWER "${CMAKE_SYSTEM_PROCESSOR}" CMAKE_SYSTEM_PROCESSOR_LOWER)
+endif()
 
 if(OPENSSL_NO_ASM)
   add_definitions(-DOPENSSL_NO_ASM)
@@ -834,8 +859,8 @@ if(ARCH STREQUAL "x86" AND NOT OPENSSL_NO_SSE2_FOR_TESTING)
   endif()
 endif()
 
-if(ENABLE_DATA_INDEPENDENT_TIMING_AARCH64)
-  add_definitions(-DMAKE_DIT_AVAILABLE)
+if(ENABLE_DATA_INDEPENDENT_TIMING)
+  add_definitions(-DENABLE_AUTO_SET_RESET_DIT)
 endif()
 
 if(USE_CUSTOM_LIBCXX)
@@ -1233,6 +1258,11 @@ set(VERSION 1.1.1)
 # the downstream integration may build with the system's OpenSSL version instead.
 # Consider adjusting the PKG_CONFIG_PATH environment to get around this.
 file(GLOB OPENSSL_PKGCONFIGS "pkgconfig/*.pc.in")
+
+include(cmake/JoinPaths.cmake)
+join_paths(libdir_for_pc_file "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
+join_paths(includedir_for_pc_file "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
+
 foreach(in_file ${OPENSSL_PKGCONFIGS})
   file(RELATIVE_PATH in_file ${PROJECT_SOURCE_DIR} ${in_file})
   string(REPLACE ".in" "" pc_file ${in_file})

cmake/JoinPaths.cmake

@@ -0,0 +1,23 @@
+# This module provides function for joining paths
+# known from most languages
+#
+# SPDX-License-Identifier: (MIT OR CC0-1.0)
+# Copyright 2020 Jan Tojnar
+# https://github.com/jtojnar/cmake-snips
+#
+# Modelled after Python’s os.path.join
+# https://docs.python.org/3.7/library/os.path.html#os.path.join
+function(join_paths joined_path first_path_segment)
+  set(temp_path "${first_path_segment}")
+  foreach(current_segment IN LISTS ARGN)
+    if(NOT ("${current_segment}" STREQUAL ""))
+      if(IS_ABSOLUTE "${current_segment}")
+        set(temp_path "${current_segment}")
+      else()
+        set(temp_path "${temp_path}/${current_segment}")
+      endif()
+    endif()
+  endforeach()
+  file(TO_NATIVE_PATH "${temp_path}" temp_path)
+  set(${joined_path} "${temp_path}" PARENT_SCOPE)
+endfunction()

crypto/CMakeLists.txt

@@ -63,7 +63,7 @@ if(NOT OPENSSL_NO_ASM)
       set(PERLASM_STYLE linux64le)
     else()
       if(ARCH STREQUAL "x86")
-        set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2")
+        set(PERLASM_FLAGS "-fPIC")
       endif()
       if(APPLE)
         set(PERLASM_STYLE macosx)
@@ -109,7 +109,6 @@ if(NOT OPENSSL_NO_ASM)
         set(PERLASM_STYLE nasm)
       else()
         set(PERLASM_STYLE win32n)
-        set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2")
       endif()
       find_program(NASM_EXECUTABLE nasm)
       set(CMAKE_ASM_NASM_COMPILER ${NASM_EXECUTABLE})
@@ -324,7 +323,6 @@ if(ENABLE_DILITHIUM)
   set(
     DILITHIUM_SOURCES
 
-    dilithium/dilithium3r3_ref.c
     dilithium/p_dilithium3.c
     dilithium/p_dilithium3_asn1.c
     dilithium/sig_dilithium3.c
@@ -805,6 +803,7 @@ if(BUILD_TESTING)
     fipsmodule/sha/sha_test.cc
     fipsmodule/sha/sha3_test.cc
     fipsmodule/cpucap/cpu_arm_linux_test.cc
+    fipsmodule/cpucap/cpu_aarch64_dit_test.cc
     fipsmodule/hkdf/hkdf_test.cc
     fipsmodule/sshkdf/sshkdf_test.cc
     hpke/hpke_test.cc