From c2787b1c31d97b0dd0a2abc6ee04800a3a3ecfd2 Mon Sep 17 00:00:00 2001
From: Justin Smith <justsmth@amazon.com>
Date: Tue, 10 Dec 2024 12:17:39 -0500
Subject: [PATCH] Update aws-lc-fips-sys to v0.13, FIPS v3.0

---
 Makefile                                   | 2 +-
 aws-lc-fips-sys/Cargo.toml                 | 4 ++--
 aws-lc-fips-sys/aws-lc                     | 2 +-
 aws-lc-rs/Cargo.toml                       | 2 +-
 scripts/build/collect_symbols.sh           | 4 ++--
 scripts/generate/_collect_symbols_build.sh | 2 +-
 scripts/tools/semver.rs                    | 2 ++
 7 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index dd91aa085b0..b19184055d9 100644
--- a/Makefile
+++ b/Makefile
@@ -17,7 +17,7 @@ update-aws-lc-fips-sys:
 	git submodule update --init --remote --checkout -- aws-lc-fips-sys/aws-lc
 	cd aws-lc-fips-sys/aws-lc && \
 		git fetch --all && \
-		git tag -l | xargs ../../scripts/tools/semver.rs fips-v2 | xargs git checkout
+		git tag -l | xargs ../../scripts/tools/semver.rs fips-v3 | xargs git checkout
 
 update-aws-lc-sys:
 	git submodule update --init --remote --checkout -- aws-lc-sys/aws-lc
diff --git a/aws-lc-fips-sys/Cargo.toml b/aws-lc-fips-sys/Cargo.toml
index 3084cf79ea1..773813dc812 100644
--- a/aws-lc-fips-sys/Cargo.toml
+++ b/aws-lc-fips-sys/Cargo.toml
@@ -1,8 +1,8 @@
 [package]
 name = "aws-lc-fips-sys"
 description = "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. This is the FIPS validated version of AWS-LC."
-version = "0.12.15"
-links = "aws_lc_fips_0_12_15"
+version = "0.13.0"
+links = "aws_lc_fips_0_13_0"
 authors = ["AWS-LC"]
 edition = "2021"
 repository = "https://github.com/aws/aws-lc-rs"
diff --git a/aws-lc-fips-sys/aws-lc b/aws-lc-fips-sys/aws-lc
index ec94d74a19b..8b7a9378b60 160000
--- a/aws-lc-fips-sys/aws-lc
+++ b/aws-lc-fips-sys/aws-lc
@@ -1 +1 @@
-Subproject commit ec94d74a19b5a0aa738b436a95bb06ff87fc7ba9
+Subproject commit 8b7a9378b60eb82642df0cc4aa1484c2ba95f3a0
diff --git a/aws-lc-rs/Cargo.toml b/aws-lc-rs/Cargo.toml
index e8cb5e9216e..c47e021ae09 100644
--- a/aws-lc-rs/Cargo.toml
+++ b/aws-lc-rs/Cargo.toml
@@ -48,7 +48,7 @@ fips = ["dep:aws-lc-fips-sys"]
 [dependencies]
 untrusted = { version = "0.7.1", optional = true }
 aws-lc-sys = { version = "0.23.0", path = "../aws-lc-sys", optional = true }
-aws-lc-fips-sys = { version = "0.12.0", path = "../aws-lc-fips-sys", optional = true }
+aws-lc-fips-sys = { version = "0.13.0", path = "../aws-lc-fips-sys", optional = true }
 zeroize = "1.7"
 paste = "1.0.11"
 
diff --git a/scripts/build/collect_symbols.sh b/scripts/build/collect_symbols.sh
index 63de9c33a03..af8dda741f5 100755
--- a/scripts/build/collect_symbols.sh
+++ b/scripts/build/collect_symbols.sh
@@ -57,7 +57,7 @@ if [[ ! -d "${AWS_LC_DIR}" ]]; then
 fi
 
 function filter_symbols() {
-  grep -E '^\w*$' | grep -v -E "^bignum_" | grep -v "curve25519_x25519" | grep -v "edwards25519_" | grep -v "p256_montjscalarmul"
+  grep -E '^\w*$' | grep -v -E "^bignum_" | grep -v "curve25519_x25519" | grep -v "edwards25519_" | grep -v "p256_montj" | grep -v "p384_montj" | grep -v "p521_montj" | grep -v "p521_jdouble"
 }
 
 function filter_nm_symbols() {
@@ -112,7 +112,7 @@ elif [[ "${LIBCRYPTO_PATH}" = *.so || "${LIBCRYPTO_PATH}" = *.lib ]]; then
   nm --extern-only --defined-only --format=just-symbols  "${LIBCRYPTO_PATH}" | sort | uniq | filter_nm_symbols | filter_symbols >"${SYMBOLS_FILE}"
 else
   pushd "${AWS_LC_DIR}"
-  go run -mod readonly "${AWS_LC_DIR}"/util/read_symbols.go "${LIBCRYPTO_PATH}" | filter_symbols >"${SYMBOLS_FILE}"
+  go run -mod readonly "${AWS_LC_DIR}"/util/read_symbols.go "${LIBCRYPTO_PATH}" | sort | uniq | filter_nm_symbols | filter_symbols >"${SYMBOLS_FILE}"
   popd
 fi
 
diff --git a/scripts/generate/_collect_symbols_build.sh b/scripts/generate/_collect_symbols_build.sh
index fc4e13fab68..1bb47b7f524 100755
--- a/scripts/generate/_collect_symbols_build.sh
+++ b/scripts/generate/_collect_symbols_build.sh
@@ -20,7 +20,7 @@ function cmake_build_options() {
 }
 
 function filter_symbols() {
-  grep -v "^_\?bignum_" | grep -v "_\?curve25519_x25519" | grep -v "_\?edwards25519_" | grep -v "_\?p256_montjscalarmul"
+  grep -v "^_\?bignum_" | grep -v "_\?curve25519_x25519" | grep -v "_\?edwards25519_" | grep -v "_\?p256_montj" | grep -v "_\?p384_montj" | grep -v "_\?p521_montj" | grep -v "_\?p521_jdouble"
 }
 
 REPO_ROOT=$(git rev-parse --show-toplevel)
diff --git a/scripts/tools/semver.rs b/scripts/tools/semver.rs
index 131af13959c..3a38dfb62bf 100755
--- a/scripts/tools/semver.rs
+++ b/scripts/tools/semver.rs
@@ -23,6 +23,7 @@ struct Args {
 enum Release {
     Main { tags: Vec<String> },
     FipsV2 { tags: Vec<String> },
+    FipsV3 { tags: Vec<String> },
 }
 
 // regex from https://semver.org/
@@ -34,6 +35,7 @@ fn main() -> Result<(), Box<dyn Error>> {
     let latest = match args.release {
         Release::Main { tags } => get_latest_main(tags)?,
         Release::FipsV2 { tags } => get_latest_fips(tags, 2)?,
+        Release::FipsV3 { tags } => get_latest_fips(tags, 3)?,
     };
 
     println!("{latest}");