Merge branch 'main' into secmem

Author: smittals2

CMakeLists.txt

@@ -894,6 +894,7 @@ if(BUILD_TESTING)
     set(MEM_SET_TEST_EXEC mem_set_test.so)
     set(INTEGRATION_TEST_EXEC integration_test.so)
     set(DYNAMIC_LOADING_TEST_EXEC dynamic_loading_test.so)
+    set(RWLOCK_STATIC_INIT_TEST_EXEC rwlock_static_init.so)
   else()
     set(CRYPTO_TEST_EXEC crypto_test)
     set(RANDOM_TEST_EXEC urandom_test)
@@ -902,6 +903,7 @@ if(BUILD_TESTING)
     set(MEM_SET_TEST_EXEC mem_set_test)
     set(INTEGRATION_TEST_EXEC integration_test)
     set(DYNAMIC_LOADING_TEST_EXEC dynamic_loading_test)
+    set(RWLOCK_STATIC_INIT_TEST_EXEC rwlock_static_init)
   endif()
 
   add_subdirectory(util/fipstools/acvp/modulewrapper)

crypto/CMakeLists.txt

@@ -806,6 +806,20 @@ if(BUILD_TESTING)
   endif()
 
   add_dependencies(all_tests ${DYNAMIC_LOADING_TEST_EXEC})
+
+  message(STATUS "Generating test executable ${RWLOCK_STATIC_INIT_TEST_EXEC}.")
+  add_executable(${RWLOCK_STATIC_INIT_TEST_EXEC} rwlock_static_init.cc)
+  add_dependencies(${RWLOCK_STATIC_INIT_TEST_EXEC} crypto)
+
+  target_link_libraries(${RWLOCK_STATIC_INIT_TEST_EXEC} crypto)
+  target_include_directories(${RWLOCK_STATIC_INIT_TEST_EXEC} BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include)
+  if(MSVC)
+    target_link_libraries(${RWLOCK_STATIC_INIT_TEST_EXEC} ws2_32)
+  else()
+    target_compile_options(${RWLOCK_STATIC_INIT_TEST_EXEC} PUBLIC -Wno-deprecated-declarations)
+  endif()
+  add_dependencies(all_tests ${RWLOCK_STATIC_INIT_TEST_EXEC})
+
 endif()
 
 install(TARGETS crypto

crypto/endian_test.cc

@@ -4,6 +4,20 @@
 #include "openssl/bn.h"
 #include "test/test_util.h"
 
+TEST(EndianTest, u16Operations) {
+  uint8_t buffer[2];
+  uint16_t val = 0x1234;
+  uint8_t expected_be[2] = {0x12, 0x34};
+  uint8_t expected_le[2] = {0x34, 0x12};
+
+  CRYPTO_store_u16_le(buffer, val);
+  EXPECT_EQ(Bytes(expected_le), Bytes(buffer));
+  EXPECT_EQ(val, CRYPTO_load_u16_le(buffer));
+
+  CRYPTO_store_u16_be(buffer, val);
+  EXPECT_EQ(Bytes(expected_be), Bytes(buffer));
+  EXPECT_EQ(val, CRYPTO_load_u16_be(buffer));
+}
 
 TEST(EndianTest, u32Operations) {
   uint8_t buffer[4];

crypto/fipsmodule/service_indicator/service_indicator_test.cc

@@ -4280,7 +4280,7 @@ TEST(ServiceIndicatorTest, DRBG) {
 // Since this is running in FIPS mode it should end in FIPS
 // Update this when the AWS-LC version number is modified
 TEST(ServiceIndicatorTest, AWSLCVersionString) {
-  ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 1.24.0");
+  ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 1.24.1");
 }
 
 #else
@@ -4323,6 +4323,6 @@ TEST(ServiceIndicatorTest, BasicTest) {
 // Since this is not running in FIPS mode it shouldn't end in FIPS
 // Update this when the AWS-LC version number is modified
 TEST(ServiceIndicatorTest, AWSLCVersionString) {
-  ASSERT_STREQ(awslc_version_string(), "AWS-LC 1.24.0");
+  ASSERT_STREQ(awslc_version_string(), "AWS-LC 1.24.1");
 }
 #endif // AWSLC_FIPS

crypto/internal.h

@@ -894,6 +894,40 @@ static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
 // endianness. They use |memcpy|, and so avoid alignment or strict aliasing
 // requirements on the input and output pointers.
 
+static inline uint16_t CRYPTO_load_u16_le(const void *in) {
+  uint16_t v;
+  OPENSSL_memcpy(&v, in, sizeof(v));
+#if defined(OPENSSL_BIG_ENDIAN)
+  return CRYPTO_bswap2(v);
+#else
+  return v;
+#endif
+}
+
+static inline void CRYPTO_store_u16_le(void *out, uint16_t v) {
+#if defined(OPENSSL_BIG_ENDIAN)
+  v = CRYPTO_bswap2(v);
+#endif
+  OPENSSL_memcpy(out, &v, sizeof(v));
+}
+
+static inline uint16_t CRYPTO_load_u16_be(const void *in) {
+  uint16_t v;
+  OPENSSL_memcpy(&v, in, sizeof(v));
+#if defined(OPENSSL_BIG_ENDIAN)
+  return v;
+#else
+  return CRYPTO_bswap2(v);
+#endif
+}
+
+static inline void CRYPTO_store_u16_be(void *out, uint16_t v) {
+#if !defined(OPENSSL_BIG_ENDIAN)
+  v = CRYPTO_bswap2(v);
+#endif
+  OPENSSL_memcpy(out, &v, sizeof(v));
+}
+
 static inline uint32_t CRYPTO_load_u32_le(const void *in) {
   uint32_t v;
   OPENSSL_memcpy(&v, in, sizeof(v));

crypto/rand_extra/forkunsafe.c

@@ -19,13 +19,13 @@
 #include "../fipsmodule/rand/internal.h"
 
 
+#if !defined(OPENSSL_WINDOWS)
 // g_buffering_enabled is true if fork-unsafe buffering has been enabled.
 static int g_buffering_enabled = 0;
 
 // g_lock protects |g_buffering_enabled|.
 static struct CRYPTO_STATIC_MUTEX g_lock = CRYPTO_STATIC_MUTEX_INIT;
 
-#if !defined(OPENSSL_WINDOWS)
 void RAND_enable_fork_unsafe_buffering(int fd) {
   // We no longer support setting the file-descriptor with this function.
   if (fd != -1) {
@@ -36,11 +36,15 @@ void RAND_enable_fork_unsafe_buffering(int fd) {
   g_buffering_enabled = 1;
   CRYPTO_STATIC_MUTEX_unlock_write(&g_lock);
 }
-#endif
 
 int rand_fork_unsafe_buffering_enabled(void) {
   CRYPTO_STATIC_MUTEX_lock_read(&g_lock);
   const int ret = g_buffering_enabled;
   CRYPTO_STATIC_MUTEX_unlock_read(&g_lock);
   return ret;
 }
+#else
+int rand_fork_unsafe_buffering_enabled(void) {
+  return 0;
+}
+#endif

crypto/rwlock_static_init.cc

@@ -0,0 +1,43 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+// This test attempts to setup a potential race condition that can cause the
+// first use of an rwlock to fail when initialized using
+// PTHREAD_RWLOCK_INITIALIZER.
+// See: https://sourceforge.net/p/mingw-w64/bugs/883/
+
+#include <openssl/rand.h>
+
+#include <cstdint>
+#include <iostream>
+#include <thread>
+#include <cassert>
+#include <cstdlib>
+
+static void thread_task_rand(bool *myFlag) {
+  uint8_t buf[16];
+  if(1 == RAND_bytes(buf, sizeof(buf))) {
+    *myFlag = true;
+  }
+}
+
+int main(int _argc, char** _argv) {
+  constexpr size_t kNumThreads = 16;
+  bool myFlags[kNumThreads] = {};
+  std::thread myThreads[kNumThreads];
+
+  for (size_t i = 0; i < kNumThreads; i++) {
+    bool* myFlag = &myFlags[i];
+    myThreads[i] = std::thread(thread_task_rand, myFlag);
+  }
+  for (size_t i = 0; i < kNumThreads; i++) {
+    myThreads[i].join();
+    if(!myFlags[i]) {
+      std::cerr << "Thread " << i << " failed." << std::endl;
+      exit(1);
+      return 1;
+    }
+  }
+  std::cout << "PASS" << std::endl;
+  return 0;
+}

crypto/thread_pthread.c

@@ -14,6 +14,8 @@
 
 // Ensure we can't call OPENSSL_malloc circularly.
 #define _BORINGSSL_PROHIBIT_OPENSSL_MALLOC
+#include <errno.h>
+
 #include "internal.h"
 
 #if defined(OPENSSL_PTHREADS)
@@ -64,14 +66,42 @@ void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) {
   pthread_rwlock_destroy((pthread_rwlock_t *) lock);
 }
 
+// Some MinGW pthreads implementations might fail on first use of
+// locks initialized using PTHREAD_RWLOCK_INITIALIZER.
+// See: https://sourceforge.net/p/mingw-w64/bugs/883/
+typedef int (*pthread_rwlock_func_ptr)(pthread_rwlock_t *);
+static int rwlock_EINVAL_fallback_retry(const pthread_rwlock_func_ptr func_ptr, pthread_rwlock_t* lock) {
+  int result = EINVAL;
+#ifdef __MINGW32__
+  const int MAX_ATTEMPTS = 10;
+  int attempt_num = 0;
+  do {
+    sched_yield();
+    attempt_num += 1;
+    result = func_ptr(lock);
+  } while(result == EINVAL && attempt_num < MAX_ATTEMPTS);
+#endif
+  return result;
+}
+
 void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) {
-  if (pthread_rwlock_rdlock(&lock->lock) != 0) {
+  const int result = pthread_rwlock_rdlock(&lock->lock);
+  if (result != 0) {
+    if (result == EINVAL &&
+        0 == rwlock_EINVAL_fallback_retry(pthread_rwlock_rdlock, &lock->lock)) {
+      return;
+    }
     abort();
   }
 }
 
 void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) {
-  if (pthread_rwlock_wrlock(&lock->lock) != 0) {
+  const int result = pthread_rwlock_wrlock(&lock->lock);
+  if (result != 0) {
+    if (result == EINVAL &&
+        0 == rwlock_EINVAL_fallback_retry(pthread_rwlock_wrlock, &lock->lock)) {
+      return;
+    }
     abort();
   }
 }

include/openssl/base.h

@@ -122,7 +122,7 @@ extern "C" {
 // ServiceIndicatorTest.AWSLCVersionString
 // Note: there are two versions of this test. Only one test is compiled
 // depending on FIPS mode.
-#define AWSLC_VERSION_NUMBER_STRING "1.24.0"
+#define AWSLC_VERSION_NUMBER_STRING "1.24.1"
 
 #if defined(BORINGSSL_SHARED_LIBRARY)
 

include/openssl/ssl.h

@@ -1469,6 +1469,12 @@ DEFINE_CONST_STACK_OF(SSL_CIPHER)
 // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4.
 OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
 
+// SSL_CIPHER_find returns a SSL_CIPHER structure which has the cipher ID stored in ptr or
+// NULL if unknown. The ptr parameter is a two element array of char, which stores the
+// two-byte TLS cipher ID (as allocated by IANA) in network byte order. SSL_CIPHER_find re-casts
+// |ptr| to uint16_t and calls |SSL_get_cipher_by_value| to get the SSL_CIPHER structure.
+OPENSSL_EXPORT const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+
 // SSL_CIPHER_get_id returns |cipher|'s non-IANA id. This is not its
 // IANA-assigned number, which is called the "value" here, although it may be
 // cast to a |uint16_t| to get it.
@@ -1850,6 +1856,11 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
 // performed a new handshake.
 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
 
+// SSL_client_hello_get0_ciphers provides access to the client ciphers field from the
+// Client Hello, optionally writing the result to an out pointer. It returns the field
+// length if successful, or 0 if |ssl| is a client or the handshake hasn't occurred yet.
+OPENSSL_EXPORT size_t SSL_client_hello_get0_ciphers(SSL *ssl, const unsigned char **out);
+
 // SSL_session_reused returns one if |ssl| performed an abbreviated handshake
 // and zero otherwise.
 //

ssl/internal.h

@@ -4068,6 +4068,11 @@ struct ssl_st {
   // serialized and is only populated if used in a server context.
   bssl::UniquePtr<STACK_OF(SSL_CIPHER)> client_cipher_suites;
 
+  // client_cipher_suites_arr is initialized when |SSL_client_hello_get0_ciphers|
+  // is called with a valid |out| param. It holds the cipher suites offered by the
+  // client from |client_cipher_suites| in an array.
+  bssl::Array<uint16_t> client_cipher_suites_arr;
+
   void (*info_callback)(const SSL *ssl, int type, int value) = nullptr;
 
   bssl::UniquePtr<SSL_CTX> ctx;

ssl/ssl_cipher.cc

@@ -1470,6 +1470,15 @@ const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
       ssl_cipher_id_cmp));
 }
 
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) {
+  if (ssl != nullptr && ptr != nullptr) {
+    uint16_t cipher_id = CRYPTO_load_u16_be(ptr);
+    return SSL_get_cipher_by_value(cipher_id);
+  }
+
+  return NULL;
+}
+
 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
 
 uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher) {

ssl/ssl_lib.cc

@@ -3096,6 +3096,7 @@ int SSL_clear(SSL *ssl) {
   }
 
   ssl->client_cipher_suites.reset();
+  ssl->client_cipher_suites_arr.Reset();
 
   // In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
   // established session to be offered the next time around. wpa_supplicant
@@ -3319,3 +3320,35 @@ int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
 int SSL_set1_curves_list(SSL *ssl, const char *curves) {
   return SSL_set1_groups_list(ssl, curves);
 }
+
+size_t SSL_client_hello_get0_ciphers(SSL *ssl, const unsigned char **out) {
+  STACK_OF(SSL_CIPHER) *client_cipher_suites = SSL_get_client_ciphers(ssl);
+  if (client_cipher_suites == nullptr) {
+      return 0;
+  }
+
+  size_t num_ciphers = sk_SSL_CIPHER_num(client_cipher_suites);
+  if (out != nullptr) {
+    // Hasn't been called before
+    if(ssl->client_cipher_suites_arr.empty()) {
+      if (!ssl->client_cipher_suites_arr.Init(num_ciphers)) {
+        OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
+        return 0;
+      }
+
+      // Construct list of cipherIDs
+      for (size_t i = 0; i < num_ciphers; i++) {
+        const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(client_cipher_suites, i);
+        uint16_t iana_id = SSL_CIPHER_get_protocol_id(cipher);
+
+        CRYPTO_store_u16_be(&ssl->client_cipher_suites_arr[i], iana_id);
+      }
+    }
+
+    assert(ssl->client_cipher_suites_arr.size() == num_ciphers);
+    *out = reinterpret_cast<unsigned char*>(ssl->client_cipher_suites_arr.data());
+  }
+
+  // Return the size
+  return num_ciphers;
+}