Merge branch 'aws:main' into sha3_absorb_squeeze

Author: manastasova

CMakeLists.txt

@@ -118,7 +118,7 @@ elseif(CMAKE_C_COMPILER_ID MATCHES "GNU")
   set(GCC 1)
 endif()
 
-if (UNIX AND NOT APPLE)
+if (NOT WIN32 AND NOT APPLE)
   include(GNUInstallDirs)
 elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
   set(CMAKE_INSTALL_LIBDIR "lib")
@@ -145,7 +145,7 @@ if(NOT DISABLE_PERL)
   find_package(Perl REQUIRED)
 endif()
 
-if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING)
+if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND BUILD_TESTING AND NOT CMAKE_CROSSCOMPILING)
   find_package(PkgConfig QUIET)
   if (PkgConfig_FOUND)
     pkg_check_modules(LIBUNWIND libunwind-generic)
@@ -737,7 +737,7 @@ if(FIPS)
     message(FATAL_ERROR "Building AWS-LC for FIPS requires Go and Perl")
   endif()
 
-  if(NOT BUILD_SHARED_LIBS AND NOT (UNIX AND NOT APPLE))
+  if(NOT BUILD_SHARED_LIBS AND NOT (NOT WIN32 AND NOT APPLE))
     message(FATAL_ERROR "Static FIPS build of AWS-LC is suported only on Linux")
   endif()
 

crypto/CMakeLists.txt

@@ -44,7 +44,7 @@ function(msbuild_aarch64_asm)
 endfunction()
 
 if(NOT OPENSSL_NO_ASM)
-  if(UNIX)
+  if(NOT WIN32)
     if(ARCH STREQUAL "aarch64")
       # The "armx" Perl scripts look for "64" in the style argument
       # in order to decide whether to generate 32- or 64-bit asm.
@@ -186,7 +186,7 @@ else()
     set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/ios-arm/crypto/)
   elseif(APPLE)
     set(ASSEMBLY_SOURCE ${GENERATE_CODE_ROOT}/mac-${ARCH}/crypto/)
-  elseif(UNIX)
+  elseif(NOT WIN32)
     if(${ARCH} STREQUAL "generic")
       message(STATUS "Detected generic linux platform. No assembly files will be included.")
     else()

crypto/crypto_test.cc

@@ -73,6 +73,14 @@ TEST(CryptoTest, Strndup) {
   EXPECT_STREQ("", str.get());
 }
 
+TEST(CryptoTest, aws_lc_assert_entropy_cpu_jitter) {
+#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
+  ASSERT_EQ(1, FIPS_is_entropy_cpu_jitter());
+#else
+  ASSERT_EQ(0, FIPS_is_entropy_cpu_jitter());
+#endif
+}
+
 TEST(CryptoTest, OPENSSL_hexstr2buf) {
   const char *test_cases[][2] = {{"a2", "\xa2"},
                                  {"a213", "\xa2\x13"},

crypto/fipsmodule/ml_kem/README.md

@@ -12,5 +12,6 @@ that initialize a given structure with values corresponding to a parameter set.
 - `symmetric-shake.c`: unnecessary include of fips202.h is removed.
 - `api.h`: `pqcrystals` prefix substituted with `ml_kem` (to be able to build alongside `crypto/kyber`).
 - `poly.c`: the `poly_frommsg` function was modified to address the constant-time issue described [here](https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c).
+- All internal header files were updated with unique `ML_KEM_*` include guards.
 
 **Testing.** The KATs were obtained from an independent implementation of ML-KEM written in SPARK Ada subset: https://github.com/awslabs/LibMLKEM.

crypto/fipsmodule/ml_kem/ml_kem_ref/cbd.h

@@ -1,5 +1,5 @@
-#ifndef CBD_H
-#define CBD_H
+#ifndef ML_KEM_CBD_H
+#define ML_KEM_CBD_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/indcpa.h

@@ -1,5 +1,5 @@
-#ifndef INDCPA_H
-#define INDCPA_H
+#ifndef ML_KEM_INDCPA_H
+#define ML_KEM_INDCPA_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/ntt.h

@@ -1,5 +1,5 @@
-#ifndef NTT_H
-#define NTT_H
+#ifndef ML_KEM_NTT_H
+#define ML_KEM_NTT_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/params.h

@@ -1,5 +1,5 @@
-#ifndef PARAMS_H
-#define PARAMS_H
+#ifndef ML_KEM_PARAMS_H
+#define ML_KEM_PARAMS_H
 
 #include <openssl/base.h>
 

crypto/fipsmodule/ml_kem/ml_kem_ref/poly.h

@@ -1,5 +1,5 @@
-#ifndef POLY_H
-#define POLY_H
+#ifndef ML_KEM_POLY_H
+#define ML_KEM_POLY_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/polyvec.h

@@ -1,5 +1,5 @@
-#ifndef POLYVEC_H
-#define POLYVEC_H
+#ifndef ML_KEM_POLYVEC_H
+#define ML_KEM_POLYVEC_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/reduce.h

@@ -1,5 +1,5 @@
-#ifndef REDUCE_H
-#define REDUCE_H
+#ifndef ML_KEM_REDUCE_H
+#define ML_KEM_REDUCE_H
 
 #include <stdint.h>
 #include "params.h"

crypto/fipsmodule/ml_kem/ml_kem_ref/symmetric.h

@@ -1,5 +1,5 @@
-#ifndef SYMMETRIC_H
-#define SYMMETRIC_H
+#ifndef ML_KEM_SYMMETRIC_H
+#define ML_KEM_SYMMETRIC_H
 
 #include <stddef.h>
 #include <stdint.h>

crypto/fipsmodule/ml_kem/ml_kem_ref/verify.h

@@ -1,5 +1,5 @@
-#ifndef VERIFY_H
-#define VERIFY_H
+#ifndef ML_KEM_VERIFY_H
+#define ML_KEM_VERIFY_H
 
 #include <stddef.h>
 #include <stdint.h>

crypto/fipsmodule/self_check/fips.c

@@ -28,6 +28,14 @@ int FIPS_mode(void) {
 #endif
 }
 
+int FIPS_is_entropy_cpu_jitter(void) {
+#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
+  return 1;
+#else
+  return 0;
+#endif
+}
+
 int FIPS_mode_set(int on) { return on == FIPS_mode(); }
 
 #if defined(BORINGSSL_FIPS_140_3)

include/openssl/crypto.h

@@ -117,6 +117,10 @@ OPENSSL_EXPORT void armv8_enable_dit(void);
 // which case it returns one.
 OPENSSL_EXPORT int FIPS_mode(void);
 
+// FIPS_is_entropy_cpu_jitter returns 1 if CPU jitter is used as the entropy source
+// for AWS-LC. Otherwise, returns 0;
+OPENSSL_EXPORT int FIPS_is_entropy_cpu_jitter(void);
+
 // fips_counter_t denotes specific APIs/algorithms. A counter is maintained for
 // each in FIPS mode so that tests can be written to assert that the expected,
 // FIPS functions are being called by a certain peice of code.

ssl/test/bssl_shim.cc

@@ -31,6 +31,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
 #endif
 
 #include <assert.h>
+#include <errno.h>
 
 #ifndef __STDC_FORMAT_MACROS
 #define __STDC_FORMAT_MACROS
@@ -986,6 +987,11 @@ static bool DoConnection(bssl::UniquePtr<SSL_SESSION> *out_session,
     int ssl_err = SSL_get_error(ssl.get(), -1);
     if (ssl_err != SSL_ERROR_NONE) {
       fprintf(stderr, "SSL error: %s\n", SSL_error_description(ssl_err));
+      if (ssl_err == SSL_ERROR_SYSCALL) {
+        int err = errno;
+        fprintf(stderr, "Error occurred: errno = %d, description = %s\n", err, strerror(err));
+
+      }
     }
     return false;
   }