OpenBSD 7.4 and 7.5 Support (aws#1437)

This pull request adds support for OpenBSD
[7.4](https://www.openbsd.org/plus74.html) and
[7.5](https://www.openbsd.org/plus75.html) releases.

OpenBSD has a release cadence similar to Go:
> When a critical bug is found, the fix will be committed to the
-current tree (and made available in [snapshot
builds](https://www.openbsd.org/faq/faq5.html#Flavors)) as soon as
possible. It will then be backported to the two most recent OpenBSD
releases in the form of [errata](https://www.openbsd.org/errata.html)
and details will be sent to the
[announce](https://lists.openbsd.org/cgi-bin/mj_wwwusr?func=lists-long-full&extra=announce)
mailing list.

See https://www.openbsd.org/faq/faq10.html#Patches

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

.github/workflows/actions-ci.yml

@@ -262,6 +262,62 @@ jobs:
       - name: Run tests
         run: cmake --build ./build --target run_tests
 
+  OpenBSD-x86-64:
+    needs: [sanity-test-run]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        args: ["", "-f"]
+        version: ["7.4", "7.5"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: OpenBSD
+        uses: cross-platform-actions/[email protected]
+        env:
+          AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5
+          AWS_LC_GO_TEST_TIMEOUT: 120m
+        with:
+          environment_variables: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT
+          operating_system: openbsd
+          cpu_count: 4
+          memory: 16G
+          architecture: x86-64
+          version: '7.4'
+          shell: bash
+          run: |
+            set -x
+            sudo pkg_add cmake ninja go gmake
+            sudo pfctl -d
+            mkdir "${HOME}/bin"
+            ln -s /usr/local/bin/gmake "${HOME}/bin/make"
+            cat << EOF | sudo tee /etc/login.conf.d/unlimited
+            unlimited:\
+                :datasize-cur=infinity:\
+                :datasize-max=infinity:\
+                :stacksize-cur=infinity:\
+                :stacksize-max=infinity:\
+                :memoryuse-cur=infinity:\
+                :memoryuse-max=infinity:\
+                :maxproc-cur=infinity:\
+                :maxproc-max=infinity:\
+                :openfiles-cur=infinity:\
+                :openfiles-max=infinity:\
+                :cpuuse-cur=infinity:\
+                :cpuuse-max=infinity:\
+                :priority=0:\
+                :ignoretime:
+            EOF
+            sudo usermod -L unlimited runner
+            sudo su -c unlimited -s /usr/local/bin/bash -l runner <<EOF
+            set -x
+            export AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS=${AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS}
+            export AWS_LC_GO_TEST_TIMEOUT=${AWS_LC_GO_TEST_TIMEOUT}
+            cd $(pwd)
+            export PATH="${HOME}/bin:${PATH}"
+            env
+            tests/ci/run_openbsd_tests.sh ${{ matrix.args }}
+            EOF
+
     # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413)
 #  MSVC-SDE-32-bit:
 #    needs: [sanity-test-run]

CMakeLists.txt

@@ -41,6 +41,17 @@ if(FIPS)
   endif()
 endif()
 
+if(${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
+  # OpenBSD by defaults links with --execute-only this is problematic for two reasons:
+  # 1. The FIPS shared and static builds need to compute the module signature hash by reading the .text section
+  # 2. s2n-bignum x86 assembly sources still have references to static data in the .text section
+  if(NOT BUILD_SHARED_LIBS)
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-execute-only")
+  else()
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--no-execute-only")
+  endif()
+endif()
+
 # Tests and libssl both require the CXX language to be enabled. If a consumer
 # chooses to disable building the tests and libssl, do not enable CXX
 if(BUILD_TESTING OR BUILD_LIBSSL)
@@ -428,7 +439,7 @@ if(GCC OR CLANG)
 
   check_compiler("stdalign_check.c" AWS_LC_STDALIGN_AVAILABLE)
   check_compiler("builtin_swap_check.c" AWS_LC_BUILTIN_SWAP_SUPPORTED)
-  if(FIPS AND NOT APPLE)
+  if(FIPS AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
     check_compiler("linux_u32.c" AWS_LC_URANDOM_U32)
   endif()
 

crypto/CMakeLists.txt

@@ -797,13 +797,18 @@ if(BUILD_TESTING)
   add_dependencies(${DYNAMIC_LOADING_TEST_EXEC} boringssl_prefix_symbols)
   target_include_directories(${DYNAMIC_LOADING_TEST_EXEC} BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include)
 
+  set(DYNAMIC_LINKER_LIB "")
+  if(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR APPLE OR ANDROID)
+    set(DYNAMIC_LINKER_LIB "dl")
+  endif()
+
   if (BUILD_SHARED_LIBS AND NOT WIN32)
     target_compile_options(${DYNAMIC_LOADING_TEST_EXEC} PUBLIC "-DLIBCRYPTO_PATH=$<TARGET_FILE:crypto>")
     # Do not link to boringssl_gtest_main or any library that might be linked to libcrypto.so.
     if(ANDROID)
-      target_link_libraries(${DYNAMIC_LOADING_TEST_EXEC} PUBLIC boringssl_gtest dl)
+      target_link_libraries(${DYNAMIC_LOADING_TEST_EXEC} PUBLIC boringssl_gtest ${DYNAMIC_LINKER_LIB})
     else()
-      target_link_libraries(${DYNAMIC_LOADING_TEST_EXEC} PUBLIC boringssl_gtest pthread dl)
+      target_link_libraries(${DYNAMIC_LOADING_TEST_EXEC} PUBLIC boringssl_gtest pthread ${DYNAMIC_LINKER_LIB})
     endif()
   endif()
 

crypto/cipher_extra/asm/aesni-sha1-x86_64.pl

@@ -1210,6 +1210,7 @@ ()
 ___
 }
 $code.=<<___;
+.section .rodata
 .align	64
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
@@ -1220,6 +1221,7 @@ ()
 .byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
 
 .asciz	"AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.text
 .align	64
 ___
 						if ($shaext) {{{

crypto/cipher_extra/asm/aesni-sha256-x86_64.pl

@@ -152,6 +152,7 @@
 .cfi_endproc
 .size	$func,.-$func
 
+.section .rodata
 .align	64
 .type	$TABLE,\@object
 $TABLE:
@@ -193,6 +194,7 @@
 	.long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
 	.long	0,0,0,0,   0,0,0,0
 	.asciz	"AESNI-CBC+SHA256 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.text
 .align	64
 ___
 

crypto/cmake/crypto-config.cmake

@@ -1,4 +1,4 @@
-if(WIN32 OR UNIX OR APPLE)
+if(WIN32 OR UNIX)
     find_package(Threads REQUIRED)
 endif()
 

crypto/curve25519/internal.h

@@ -26,11 +26,11 @@ extern "C" {
 
 // If (1) x86_64 or aarch64, (2) linux or apple, and (3) OPENSSL_NO_ASM is not
 // set, s2n-bignum path is capable.
-#if ((defined(OPENSSL_X86_64) &&                                               \
-          !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)) ||                        \
-      defined(OPENSSL_AARCH64)) &&                                             \
-     (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE)) &&                     \
-     !defined(OPENSSL_NO_ASM)
+#if ((defined(OPENSSL_X86_64) && !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)) || \
+     defined(OPENSSL_AARCH64)) &&                                              \
+    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) ||                       \
+     defined(OPENSSL_OPENBSD)) &&                                              \
+    !defined(OPENSSL_NO_ASM)
 #define CURVE25519_S2N_BIGNUM_CAPABLE
 #endif
 

crypto/fipsmodule/CMakeLists.txt

@@ -1,3 +1,15 @@
+if(${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD" AND FIPS)
+  if(NOT BUILD_SHARED_LIBS)
+    # Disable the stack smash protector for FIPS static builds
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-stack-protector")
+  endif()
+  if(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+    # OpenBSD's Clang version has a return trampoline enabled by default that
+    # it may inject and cause issues with our custom linker script.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mno-retpoline")
+  endif()
+endif()
+
 if(ANDROID)
   # Since "--Wa,--noexecstack" is not used during the preprocessor step of Android (because assembler is not invoked),
   # Clang reports that argument as unused. We remove the flag only for the FIPS build of Android.
@@ -168,8 +180,7 @@ endif()
 # s2n-bignum files can be compiled on Unix platforms only (except Apple),
 # and on x86_64 and aarch64 systems only.
 if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX) OR
-      ARCH STREQUAL "aarch64") AND
-    UNIX)
+      ARCH STREQUAL "aarch64") AND UNIX)
 
   # Set the source directory for s2n-bignum assembly files
   if(ARCH STREQUAL "x86_64")

crypto/fipsmodule/bn/exponentiation.c

@@ -119,8 +119,9 @@
 #include "internal.h"
 #include "rsaz_exp.h"
 
-#if !defined(OPENSSL_NO_ASM) &&                                                \
-    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE)) &&                      \
+#if !defined(OPENSSL_NO_ASM) &&                          \
+    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) || \
+     defined(OPENSSL_OPENBSD)) &&                        \
     defined(OPENSSL_AARCH64)
 
 #include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"

crypto/fipsmodule/bn/montgomery.c

@@ -122,8 +122,9 @@
 #include "../cpucap/internal.h"
 #include "../../internal.h"
 
-#if !defined(OPENSSL_NO_ASM) &&                                                \
-    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE)) &&                      \
+#if !defined(OPENSSL_NO_ASM) &&                          \
+    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) || \
+     defined(OPENSSL_OPENBSD)) &&                        \
     defined(OPENSSL_AARCH64) && defined(OPENSSL_BN_ASM_MONT)
 
 #include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"

crypto/fipsmodule/ec/p384.c

@@ -35,7 +35,8 @@
 // If (1) x86_64 or aarch64, (2) linux or apple, and (3) OPENSSL_NO_ASM is not
 // set, s2n-bignum path is capable.
 #if !defined(OPENSSL_NO_ASM) &&                                                \
-    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE)) &&                      \
+    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) ||                       \
+     defined(OPENSSL_OPENBSD)) &&                                              \
     ((defined(OPENSSL_X86_64) && !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)) || \
      defined(OPENSSL_AARCH64))
 

crypto/fipsmodule/ec/p521.c

@@ -36,7 +36,8 @@
 // If (1) x86_64 or aarch64, (2) linux or apple, and (3) OPENSSL_NO_ASM is not
 // set, s2n-bignum path is capable.
 #if !defined(OPENSSL_NO_ASM) &&                                                \
-    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE)) &&                      \
+    (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) ||                       \
+     defined(OPENSSL_OPENBSD)) &&                                              \
     ((defined(OPENSSL_X86_64) && !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)) || \
      defined(OPENSSL_AARCH64))
 

crypto/fipsmodule/rand/urandom.c

@@ -79,6 +79,10 @@
 #endif
 #endif
 
+#if defined(OPENSSL_OPENBSD)
+#include <stdlib.h>
+#endif
+
 #include <openssl/thread.h>
 #include <openssl/mem.h>
 
@@ -253,6 +257,13 @@ static void init_once(void) {
   return;
 #endif
 
+#if defined(OPENSSL_OPENBSD)
+  // To get system randomness on OpenBSD we use |arc4random_buf| function
+  // which is recommended to use for C APIs rather then /dev/urandom.
+  // See https://man.openbsd.org/arc4random.3
+  return;
+#endif
+
 #if defined(FREEBSD_GETRANDOM)
   *urandom_fd_bss_get() = kHaveGetrandom;
   return;
@@ -339,7 +350,7 @@ static void wait_for_entropy(void) {
   }
 
 #if defined(BORINGSSL_FIPS) && !defined(URANDOM_BLOCKS_FOR_ENTROPY) && \
-    !defined(OPENSSL_APPLE) // On MacOS and iOS we don't use /dev/urandom.
+    !(defined(OPENSSL_APPLE) || defined(OPENSSL_OPENBSD)) // On MacOS, iOS, and OpenBSD we don't use /dev/urandom.
 
   // In FIPS mode on platforms where urandom doesn't block at startup, we ensure
   // that the kernel has sufficient entropy before continuing. This is
@@ -388,6 +399,12 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
   }
 #endif
 
+#if defined(OPENSSL_OPENBSD)
+  // Return value is void, no error to check
+  arc4random_buf(out, len);
+  return 1;
+#endif
+
 #if defined(USE_NR_getrandom) || defined(FREEBSD_GETRANDOM)
   int getrandom_flags = 0;
   if (!block) {

fuzz/minimise_corpora.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Copyright (c) 2016, Google Inc.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

fuzz/refresh_ssl_corpora.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Copyright (c) 2016, Google Inc.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S

@@ -2726,6 +2726,7 @@ aesni_cbc_sha1_enc_avx:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
+.section	.rodata
 .align	64
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
@@ -2736,6 +2737,7 @@ K_XX_XX:
 .byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
 
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.text	
 .align	64
 .type	aesni_cbc_sha1_enc_shaext,@function
 .align	32

generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S

@@ -42,6 +42,7 @@ aesni_cbc_sha256_enc:
 .cfi_endproc	
 .size	aesni_cbc_sha256_enc,.-aesni_cbc_sha256_enc
 
+.section	.rodata
 .align	64
 .type	K256,@object
 K256:
@@ -83,6 +84,7 @@ K256:
 .long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
 .long	0,0,0,0,   0,0,0,0
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.text	
 .align	64
 .type	aesni_cbc_sha256_enc_xop,@function
 .align	64

generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S

@@ -2713,6 +2713,7 @@ L$epilogue_avx:
 	.byte	0xf3,0xc3
 
 
+.section	__DATA,__const
 .p2align	6
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
@@ -2723,6 +2724,7 @@ K_XX_XX:
 .byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
 
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.text	
 .p2align	6
 
 .p2align	5

generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S

@@ -41,6 +41,7 @@ L$probe:
 
 
 
+.section	__DATA,__const
 .p2align	6
 
 K256:
@@ -82,6 +83,7 @@ K256:
 .long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
 .long	0,0,0,0,   0,0,0,0
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.text	
 .p2align	6
 
 .p2align	6

generated-src/win-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.asm

@@ -2787,6 +2787,7 @@ $L$epilogue_avx:
 	DB	0F3h,0C3h		;repret
 
 $L$SEH_end_aesni_cbc_sha1_enc_avx:
+section	.rdata rdata align=8
 ALIGN	64
 K_XX_XX:
 	DD	0x5a827999,0x5a827999,0x5a827999,0x5a827999
@@ -2801,6 +2802,8 @@ K_XX_XX:
 	DB	44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32
 	DB	60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111
 	DB	114,103,62,0
+section	.text
+
 ALIGN	64
 
 ALIGN	32

generated-src/win-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.asm

@@ -45,6 +45,7 @@ $L$probe:
 
 
 
+section	.rdata rdata align=8
 ALIGN	64
 
 K256:
@@ -90,6 +91,8 @@ K256:
 	DB	54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98
 	DB	121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108
 	DB	46,111,114,103,62,0
+section	.text
+
 ALIGN	64
 
 ALIGN	64