Include new AWS-LC header files for FIPS bindings. (#629)

* Update headers for FIPS bindings

* Symbols from macos-14-xlarge

* Symbols from ubuntu-latest

* Symbols for aarch64-unknown-linux-gnu

* Symbols from macos-13

* Symbols for x86_64-unknown-linux-musl

* Symbols for aarch64-unknown-linux-musl

* Generated headers

* Generated bindings from ubuntu-latest

* Generated bindings from macos-14-xlarge

* Generated bindings from macos-13

* Generated bindings for aarch64-unknown-linux-musl

* Generated bindings for x86_64-unknown-linux-musl

* Generated bindings for aarch64-unknown-linux-gnu

---------

Co-authored-by: aws-lc-fips-sys-bindings-generator <[email protected]>

aws-lc-fips-sys/include/rust_wrapper.h

@@ -26,6 +26,7 @@
 #include "openssl/conf.h"
 #include "openssl/cpu.h"
 #include "openssl/crypto.h"
+#include "openssl/ctrdrbg.h"
 #include "openssl/curve25519.h"
 #include "openssl/des.h"
 #include "openssl/dh.h"
@@ -45,6 +46,7 @@
 #include "openssl/hmac.h"
 #include "openssl/hpke.h"
 #include "openssl/hrss.h"
+#include "openssl/kdf.h"
 #include "openssl/lhash.h"
 #include "openssl/md4.h"
 #include "openssl/md5.h"
@@ -78,6 +80,7 @@
 #include "openssl/x509.h"
 #include "openssl/x509_vfy.h"
 #include "openssl/x509v3.h"
+#include "openssl/experimental/kem_deterministic_api.h"
 
 #if defined(AWS_LC_RUST_INCLUDE_SSL)
 #include "openssl/ssl.h"
@@ -90,14 +93,6 @@
 #define AWS_LC_FIPS_SYS_EXPORT __attribute__((visibility("default")))
 #endif
 
-// The TLS PRF API is exported in AWS-LC main branch, but in the current FIPS branch, this API is defined in a private header.
-AWS_LC_FIPS_SYS_EXPORT int CRYPTO_tls1_prf(const EVP_MD *digest,
-                           uint8_t *out, size_t out_len,
-                           const uint8_t *secret, size_t secret_len,
-                           const char *label, size_t label_len,
-                           const uint8_t *seed1, size_t seed1_len,
-                           const uint8_t *seed2, size_t seed2_len);
-
 #define AWS_LC_WRAPPER_ADD_PREFIX(a, b) AWS_LC_WRAPPER_ADD_PREFIX_INNER(a, b)
 #define AWS_LC_WRAPPER_ADD_PREFIX_INNER(a, b) a ## _ ## b
 

aws-lc-fips-sys/src/aarch64_apple_darwin_crypto.rs

@@ -762,6 +762,8 @@ pub const CONF_R_UNABLE_TO_CREATE_NEW_SECTION: i32 = 104;
 pub const CONF_R_VARIABLE_HAS_NO_VALUE: i32 = 105;
 pub const CONF_R_VARIABLE_EXPANSION_TOO_LONG: i32 = 106;
 pub const CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED: i32 = 107;
+pub const CTR_DRBG_ENTROPY_LEN: i32 = 48;
+pub const CTR_DRBG_MAX_GENERATE_LENGTH: i32 = 65536;
 pub const X25519_PRIVATE_KEY_LEN: i32 = 32;
 pub const X25519_PUBLIC_VALUE_LEN: i32 = 32;
 pub const X25519_SHARED_KEY_LEN: i32 = 32;
@@ -3322,6 +3324,9 @@ pub const HRSS_CIPHERTEXT_BYTES: i32 = 1138;
 pub const HRSS_KEY_BYTES: i32 = 32;
 pub const HRSS_POLY3_BYTES: i32 = 140;
 pub const HRSS_PRIVATE_KEY_BYTES: i32 = 1452;
+pub const EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: i32 = 0;
+pub const EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: i32 = 1;
+pub const EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: i32 = 2;
 pub const MD4_CBLOCK: i32 = 64;
 pub const MD4_DIGEST_LENGTH: i32 = 16;
 pub const PKCS7_DETACHED: i32 = 64;
@@ -13259,6 +13264,41 @@ extern "C" {
     #[link_name = "\u{1}_aws_lc_fips_0_13_0_OPENSSL_no_config"]
     pub fn OPENSSL_no_config();
 }
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CTR_DRBG_new"]
+    pub fn CTR_DRBG_new(
+        entropy: *const u8,
+        personalization: *const u8,
+        personalization_len: usize,
+    ) -> *mut CTR_DRBG_STATE;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CTR_DRBG_free"]
+    pub fn CTR_DRBG_free(state: *mut CTR_DRBG_STATE);
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CTR_DRBG_reseed"]
+    pub fn CTR_DRBG_reseed(
+        drbg: *mut CTR_DRBG_STATE,
+        entropy: *const u8,
+        additional_data: *const u8,
+        additional_data_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CTR_DRBG_generate"]
+    pub fn CTR_DRBG_generate(
+        drbg: *mut CTR_DRBG_STATE,
+        out: *mut u8,
+        out_len: usize,
+        additional_data: *const u8,
+        additional_data_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CTR_DRBG_clear"]
+    pub fn CTR_DRBG_clear(drbg: *mut CTR_DRBG_STATE);
+}
 extern "C" {
     #[link_name = "\u{1}_aws_lc_fips_0_13_0_X25519_keypair"]
     pub fn X25519_keypair(out_public_value: *mut u8, out_private_key: *mut u8);
@@ -17920,6 +17960,98 @@ extern "C" {
         in_: *const u8,
     ) -> ::std::os::raw::c_int;
 }
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CRYPTO_tls1_prf"]
+    pub fn CRYPTO_tls1_prf(
+        digest: *const EVP_MD,
+        out: *mut u8,
+        out_len: usize,
+        secret: *const u8,
+        secret_len: usize,
+        label: *const ::std::os::raw::c_char,
+        label_len: usize,
+        seed1: *const u8,
+        seed1_len: usize,
+        seed2: *const u8,
+        seed2_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_SSKDF_digest"]
+    pub fn SSKDF_digest(
+        out_key: *mut u8,
+        out_len: usize,
+        digest: *const EVP_MD,
+        secret: *const u8,
+        secret_len: usize,
+        info: *const u8,
+        info_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_SSKDF_hmac"]
+    pub fn SSKDF_hmac(
+        out_key: *mut u8,
+        out_len: usize,
+        digest: *const EVP_MD,
+        secret: *const u8,
+        secret_len: usize,
+        info: *const u8,
+        info_len: usize,
+        salt: *const u8,
+        salt_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_KBKDF_ctr_hmac"]
+    pub fn KBKDF_ctr_hmac(
+        out_key: *mut u8,
+        out_len: usize,
+        digest: *const EVP_MD,
+        secret: *const u8,
+        secret_len: usize,
+        info: *const u8,
+        info_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_EVP_PKEY_CTX_hkdf_mode"]
+    pub fn EVP_PKEY_CTX_hkdf_mode(
+        ctx: *mut EVP_PKEY_CTX,
+        mode: ::std::os::raw::c_int,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_EVP_PKEY_CTX_set_hkdf_md"]
+    pub fn EVP_PKEY_CTX_set_hkdf_md(
+        ctx: *mut EVP_PKEY_CTX,
+        md: *const EVP_MD,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_EVP_PKEY_CTX_set1_hkdf_key"]
+    pub fn EVP_PKEY_CTX_set1_hkdf_key(
+        ctx: *mut EVP_PKEY_CTX,
+        key: *const u8,
+        key_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_EVP_PKEY_CTX_set1_hkdf_salt"]
+    pub fn EVP_PKEY_CTX_set1_hkdf_salt(
+        ctx: *mut EVP_PKEY_CTX,
+        salt: *const u8,
+        salt_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+    #[link_name = "\u{1}_aws_lc_fips_0_13_0_EVP_PKEY_CTX_add1_hkdf_info"]
+    pub fn EVP_PKEY_CTX_add1_hkdf_info(
+        ctx: *mut EVP_PKEY_CTX,
+        info: *const u8,
+        info_len: usize,
+    ) -> ::std::os::raw::c_int;
+}
 extern "C" {
     #[link_name = "\u{1}_aws_lc_fips_0_13_0_MD4_Init"]
     pub fn MD4_Init(md4: *mut MD4_CTX) -> ::std::os::raw::c_int;
@@ -28199,22 +28331,6 @@ extern "C" {
         encrypted_bit: u8,
     ) -> ::std::os::raw::c_int;
 }
-extern "C" {
-    #[link_name = "\u{1}_aws_lc_fips_0_13_0_CRYPTO_tls1_prf"]
-    pub fn CRYPTO_tls1_prf(
-        digest: *const EVP_MD,
-        out: *mut u8,
-        out_len: usize,
-        secret: *const u8,
-        secret_len: usize,
-        label: *const ::std::os::raw::c_char,
-        label_len: usize,
-        seed1: *const u8,
-        seed1_len: usize,
-        seed2: *const u8,
-        seed2_len: usize,
-    ) -> ::std::os::raw::c_int;
-}
 extern "C" {
     #[link_name = "\u{1}_aws_lc_fips_0_13_0_ERR_GET_LIB_RUST"]
     pub fn ERR_GET_LIB_RUST(packed_error: u32) -> ::std::os::raw::c_int;