Merge branch 'main' into ocspget

aws · Jun 4, 2024 · 8390020 · 8390020
2 parents 06aaaa6 + 8258d73
commit 8390020
Show file tree

Hide file tree

Showing 17 changed files with 204 additions and 65 deletions.
diff --git a/.github/workflows/aws-lc-rs.yml b/.github/workflows/aws-lc-rs.yml
@@ -10,6 +10,7 @@ concurrency:
 env:
   GOPROXY: https://proxy.golang.org,direct
   AWS_LC_SYS_CMAKE_BUILDER: 1
+  RUST_NIGHTLY_TOOLCHAIN: nightly-2024-05-22
 jobs:
   standard:
     if: github.repository_owner == 'aws'
@@ -20,11 +21,11 @@ jobs:
           repository: awslabs/aws-lc-rs
           path: ./aws-lc-rs
           submodules: false
-      - uses: actions-rs/toolchain@v1
+      - uses: dtolnay/rust-toolchain@master
         with:
           # Our aws-lc-sys generation scripts require nightly.
-          toolchain: nightly
-          override: true
+          toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
+      - run: rustup override set $RUST_NIGHTLY_TOOLCHAIN
       - uses: actions-rs/cargo@v1
         with:
           command: install

diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
@@ -59,6 +59,26 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *input) {
+  if (i2d == NULL || d2i == NULL || input == NULL) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+  }
+
+  // Size and allocate |buf|.
+  unsigned char *buf = NULL;
+  int buf_len = i2d(input, &buf);
+  if (buf == NULL || buf_len < 0) {
+    return NULL;
+  }
+
+  // |buf| needs to be converted to |const| to be passed in.
+  const unsigned char *temp_input = buf;
+  char *ret = d2i(NULL, &temp_input, buf_len);
+  OPENSSL_free(buf);
+  return ret;
+}
+
 // ASN1_ITEM version of dup: this follows the model above except we don't
 // need to allocate the buffer. At some point this could be rewritten to
 // directly dup the underlying structure instead of doing and encode and

diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc
@@ -2412,6 +2412,70 @@ TEST(ASN1Test, LargeString) {
 #endif
 }
 
+
+// Wrapper functions are needed to get around Control Flow Integrity Sanitizers.
+static int i2d_ASN1_TYPE_void(const void *a, unsigned char **out) {
+  return i2d_ASN1_TYPE((ASN1_TYPE *)a, out);
+}
+static void *d2i_ASN1_TYPE_void(void **a, const unsigned char **in, long len) {
+  return d2i_ASN1_TYPE((ASN1_TYPE **)a, in, len);
+}
+static int i2d_ECPrivateKey_void(const void *a, unsigned char **out) {
+  return i2d_ECPrivateKey((EC_KEY *)a, out);
+}
+static void *d2i_ECPrivateKey_void(void **a, const unsigned char **in, long len) {
+  return d2i_ECPrivateKey((EC_KEY **)a, in, len);
+}
+static int i2d_X509_PUBKEY_void(const void *a, unsigned char **out) {
+  return i2d_X509_PUBKEY((X509_PUBKEY *)a, out);
+}
+static void *d2i_X509_PUBKEY_void(void **a, const unsigned char **in, long len) {
+  return d2i_X509_PUBKEY((X509_PUBKEY **)a, in, len);
+}
+
+TEST(ASN1Test, ASN1Dup) {
+  const uint8_t *tag = kTag128;
+  bssl::UniquePtr<ASN1_TYPE> asn1(
+      d2i_ASN1_TYPE(nullptr, &tag, sizeof(kTag128)));
+  ASSERT_TRUE(asn1);
+  EXPECT_EQ(128, asn1->type);
+  bssl::UniquePtr<ASN1_TYPE> asn1_copy((ASN1_TYPE *)ASN1_dup(
+      i2d_ASN1_TYPE_void, d2i_ASN1_TYPE_void, asn1.get()));
+  ASSERT_TRUE(asn1_copy);
+  EXPECT_EQ(ASN1_TYPE_cmp(asn1.get(), asn1_copy.get()), 0);
+
+  bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+  ASSERT_TRUE(key);
+  ASSERT_TRUE(EC_KEY_generate_key(key.get()));
+  bssl::UniquePtr<EC_KEY> key_copy((EC_KEY *)ASN1_dup(
+      i2d_ECPrivateKey_void, d2i_ECPrivateKey_void, key.get()));
+  ASSERT_TRUE(key_copy);
+  EXPECT_EQ(BN_cmp(EC_KEY_get0_private_key(key.get()),
+                   EC_KEY_get0_private_key(key_copy.get())),
+            0);
+  EXPECT_EQ(EC_GROUP_cmp(EC_KEY_get0_group(key.get()),
+                         EC_KEY_get0_group(key_copy.get()), nullptr),
+            0);
+  EXPECT_EQ(EC_POINT_cmp(EC_KEY_get0_group(key_copy.get()),
+                         EC_KEY_get0_public_key(key.get()),
+                         EC_KEY_get0_public_key(key_copy.get()), nullptr),
+            0);
+
+  bssl::UniquePtr<EVP_PKEY> evp_pkey(EVP_PKEY_new());
+  X509_PUBKEY *tmp_key = nullptr;
+  ASSERT_TRUE(evp_pkey);
+  ASSERT_TRUE(EVP_PKEY_set1_EC_KEY(evp_pkey.get(), key.get()));
+  ASSERT_TRUE(X509_PUBKEY_set(&tmp_key, evp_pkey.get()));
+  bssl::UniquePtr<X509_PUBKEY> x509_pubkey(tmp_key);
+  bssl::UniquePtr<X509_PUBKEY> x509_pubkey_copy((X509_PUBKEY *)ASN1_dup(
+      i2d_X509_PUBKEY_void, d2i_X509_PUBKEY_void, x509_pubkey.get()));
+  ASSERT_TRUE(x509_pubkey_copy);
+  EXPECT_EQ(
+      ASN1_STRING_cmp(X509_PUBKEY_get0_public_key(x509_pubkey.get()),
+                      X509_PUBKEY_get0_public_key(x509_pubkey_copy.get())),
+      0);
+}
+
 // The ASN.1 macros do not work on Windows shared library builds, where usage of
 // |OPENSSL_EXPORT| is a bit stricter.
 #if !defined(OPENSSL_WINDOWS) || !defined(BORINGSSL_SHARED_LIBRARY)

diff --git a/crypto/fipsmodule/digest/internal.h b/crypto/fipsmodule/digest/internal.h
@@ -63,7 +63,6 @@
 extern "C" {
 #endif
 
-#define EVP_MAX_MD_BLOCK_SIZE_BYTES  (EVP_MAX_MD_BLOCK_SIZE / 8)
 
 struct env_md_st {
   // type contains a NID identifing the digest function. (For example,

diff --git a/crypto/fipsmodule/hmac/hmac.c b/crypto/fipsmodule/hmac/hmac.c
@@ -289,8 +289,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
   FIPS_service_indicator_lock_state();
   int result = 0;
 
-  uint64_t pad[EVP_MAX_MD_BLOCK_SIZE_BYTES] = {0};
-  uint64_t key_block[EVP_MAX_MD_BLOCK_SIZE_BYTES] = {0};
+  uint64_t pad[EVP_MAX_MD_BLOCK_SIZE / sizeof(uint64_t)] = {0};
+  uint64_t key_block[EVP_MAX_MD_BLOCK_SIZE / sizeof(uint64_t)] = {0};
   if (block_size < key_len) {
     // Long keys are hashed.
     if (!methods->init(&ctx->md_ctx) ||
@@ -322,8 +322,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
 
   result = 1;
 end:
-  OPENSSL_cleanse(pad, EVP_MAX_MD_BLOCK_SIZE_BYTES);
-  OPENSSL_cleanse(key_block, EVP_MAX_MD_BLOCK_SIZE_BYTES);
+  OPENSSL_cleanse(pad, EVP_MAX_MD_BLOCK_SIZE);
+  OPENSSL_cleanse(key_block, EVP_MAX_MD_BLOCK_SIZE);
   FIPS_service_indicator_unlock_state();
   if (result != 1) {
     // We're in some error state, so return our context to a known and well defined zero state.

diff --git a/crypto/ocsp/internal.h b/crypto/ocsp/internal.h
@@ -258,7 +258,7 @@ DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 // Try exchanging request and response via HTTP on (non-)blocking BIO in rctx.
 OPENSSL_EXPORT int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
 
-// Tries to exchange the request and response with OCSP_REQ_CTX_nbio(), but on
+// Tries to exchange the request and response with |OCSP_REQ_CTX_nbio|, but on
 // success, it additionally parses the response, which must be a
 // DER-encoded ASN.1 structure.
 int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
@@ -67,6 +67,7 @@
 #include <openssl/stack.h>
 
 #include "../asn1/internal.h"
+#include "../ocsp/internal.h"
 #include "internal.h"
 
 
@@ -120,6 +121,11 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) {
                             x->sig_alg, x->signature, x->crl, ctx);
 }
 
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) {
+  return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl,
+                               ASN1_ITEM_rptr(X509_CRL));
+}
+
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) {
   return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
                          x->signature, x->spkac, pkey, md));

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -1,3 +1,6 @@
+# Declare a dummy target to build all fuzz tests.
+add_custom_target(all_fuzz_tests)
+
 macro(fuzzer name)
   add_executable(${name} ${name}.cc)
   target_compile_options(${name} PRIVATE "-Wno-missing-prototypes")
@@ -9,6 +12,7 @@ macro(fuzzer name)
   else()
     set_target_properties(${name} PROPERTIES LINK_FLAGS "-fsanitize=fuzzer")
   endif()
+  add_dependencies(all_fuzz_tests ${name})
 endmacro()
 
 fuzzer(arm_cpuinfo)

diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
@@ -275,8 +275,7 @@ int i2d_SAMPLE(const SAMPLE *in, uint8_t **outp);
 
 // CHECKED_I2D_OF casts a given pointer to i2d_of_void* and statically checks
 // that it was a pointer to |type|'s |i2d| function.
-#define CHECKED_I2D_OF(type, i2d) \
-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) ((i2d_of_void *)(1 ? i2d : ((I2D_OF(type))0)))
 
 // The following typedefs are sometimes used for pointers to functions like
 // |d2i_SAMPLE| and |i2d_SAMPLE|. Note, however, that these act on |void*|.
@@ -391,6 +390,16 @@ OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **out,
 OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **outp,
                                  const ASN1_ITEM *it);
 
+// ASN1_dup returns a newly-allocated copy of |x| by re-encoding with |i2d| and
+// |d2i|. |i2d| and |d2i| must be the corresponding type functions of |x|. NULL
+// is returned on error.
+//
+// WARNING: DO NOT USE. Casting the result of this function to the wrong type,
+// or passing a pointer of the wrong type into this function, are potentially
+// exploitable memory errors. Prefer directly calling |i2d| and |d2i| or other
+// type-specific functions.
+OPENSSL_EXPORT void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
 // ASN1_item_dup returns a newly-allocated copy of |x|, or NULL on error. |x|
 // must be an object of |it|'s C type.
 //
@@ -443,7 +452,7 @@ OPENSSL_EXPORT int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *in);
 // forces the user to use undefined C behavior and will cause failures when
 // running against undefined behavior sanitizers in clang.
 #define ASN1_i2d_bio_of(type, i2d, out, in) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), out, CHECKED_PTR_OF(type, in)))
+  (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), out, CHECKED_PTR_OF(type, in)))
 
 // ASN1_item_unpack parses |oct|'s contents as |it|'s ASN.1 type. It returns a
 // newly-allocated instance of |it|'s C type on success, or NULL on error.

diff --git a/include/openssl/base.h b/include/openssl/base.h
@@ -347,6 +347,7 @@ typedef struct evp_pkey_st EVP_PKEY;
 typedef struct hmac_ctx_st HMAC_CTX;
 typedef struct md4_state_st MD4_CTX;
 typedef struct md5_state_st MD5_CTX;
+typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
 typedef struct pkcs12_st PKCS12;
 typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;

diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
@@ -50,7 +50,6 @@ extern "C" {
 typedef struct ocsp_cert_id_st OCSP_CERTID;
 typedef struct ocsp_one_request_st OCSP_ONEREQ;
 typedef struct ocsp_req_info_st OCSP_REQINFO;
-typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_signature_st OCSP_SIGNATURE;
 typedef struct ocsp_request_st OCSP_REQUEST;
 typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -966,6 +966,11 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
                                                  const uint8_t *sig,
                                                  size_t sig_len);
 
+// X509_CRL_http_nbio calls |OCSP_REQ_CTX_nbio_d2i| to exchange the request
+// via http. On success, it parses the response as a DER-encoded |X509_CRL|
+// ASN.1 structure.
+OPENSSL_EXPORT int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+
 
 // CRL entries.
 //

diff --git a/tests/ci/common_posix_setup.sh b/tests/ci/common_posix_setup.sh
@@ -29,22 +29,6 @@ if [[ "${KERNEL_NAME}" == "Darwin" || "${KERNEL_NAME}" =~ .*BSD ]]; then
 else
   # Assume KERNEL_NAME is Linux.
   NUM_CPU_THREADS=$(grep -c ^processor /proc/cpuinfo)
-  if [[ $PLATFORM == "aarch64" ]]; then
-    CPU_PART=$(grep -Po -m 1 'CPU part.*:\s\K.*' /proc/cpuinfo)
-    NUM_CPU_PART=$(grep -c $CPU_PART /proc/cpuinfo)
-    # Set capabilities via the static flags for valgrind tests.
-    # This is because valgrind reports the instruction
-    #   mrs %0, MIDR_EL1
-    # which fetches the CPU part number, as illegal.
-    # For some reason, valgrind also reports SHA512 instructions illegal,
-    # so the SHA512 capability is not included below.
-    VALGRIND_STATIC_CAP_FLAGS="-DOPENSSL_STATIC_ARMCAP -DOPENSSL_STATIC_ARMCAP_NEON"
-    VALGRIND_STATIC_CAP_FLAGS+=" -DOPENSSL_STATIC_ARMCAP_AES -DOPENSSL_STATIC_ARMCAP_PMULL "
-    VALGRIND_STATIC_CAP_FLAGS+=" -DOPENSSL_STATIC_ARMCAP_SHA1 -DOPENSSL_STATIC_ARMCAP_SHA256 "
-    if [[ $NUM_CPU_PART == $NUM_CPU_THREADS ]] && [[ ${CPU_PART} =~ 0x[dD]40 ]]; then
-      VALGRIND_STATIC_CAP_FLAGS+=" -DOPENSSL_STATIC_ARMCAP_SHA3 -DOPENSSL_STATIC_ARMCAP_NEOVERSE_V1"
-    fi
-  fi
 fi
 
 # Pick cmake3 if possible. We don't know of any OS that installs a cmake3
@@ -160,31 +144,15 @@ function fips_build_and_test {
 }
 
 function build_and_test_valgrind {
-  if [[ $PLATFORM == "aarch64" ]]; then
-    run_build "$@" -DCMAKE_C_FLAGS="$VALGRIND_STATIC_CAP_FLAGS"
-    run_cmake_custom_target 'run_tests_valgrind'
-
-    # Disable all capabilities and run again
-    # (We don't use the env. variable OPENSSL_armcap because it is currently
-    #  restricted to the case of runtime discovery of capabilities
-    #  in cpu_aarch64_linux.c)
-    run_build "$@" -DCMAKE_C_FLAGS="-DOPENSSL_STATIC_ARMCAP"
-    run_cmake_custom_target 'run_tests_valgrind'
-  else
-    run_build "$@"
-    run_cmake_custom_target 'run_tests_valgrind'
-  fi
+  run_build "$@"
+  run_cmake_custom_target 'run_tests_valgrind'
 }
 
 function build_and_test_ssl_runner_valgrind {
   export AWS_LC_GO_TEST_TIMEOUT="60m"
 
-  if [[ $PLATFORM == "aarch64" ]]; then
-    run_build "$@" -DCMAKE_C_FLAGS="$VALGRIND_STATIC_CAP_FLAGS"
-  else
-    run_build "$@"
-  fi
-    run_cmake_custom_target 'run_ssl_runner_tests_valgrind'
+  run_build "$@"
+  run_cmake_custom_target 'run_ssl_runner_tests_valgrind'
 }
 
 function build_and_test_with_sde {

diff --git a/tests/ci/integration/mariadb_patch/ssl_crl_expect.patch b/tests/ci/integration/mariadb_patch/ssl_crl_expect.patch
@@ -1,12 +1,12 @@
 diff --git a/mysql-test/main/ssl_crl.test b/mysql-test/main/ssl_crl.test
-index 9b475857..58d23087 100644
+index a09490f2..2e71138b 100644
 --- a/mysql-test/main/ssl_crl.test
 +++ b/mysql-test/main/ssl_crl.test
 @@ -8,6 +8,6 @@
 
  --echo # try logging in with a certificate in the server's --ssl-crl : should fail
- # OpenSSL 1.1.1a correctly rejects the certificate, but the error message is different
----replace_regex /ERROR 2013 \(HY000\): Lost connection to server at '.*', system error: [0-9]+/ERROR 2026 (HY000): TLS\/SSL error: sslv3 alert certificate revoked/
-+--replace_regex /ERROR 2013 \(HY000\): Lost connection to server at '.*', system error: [0-9]+/ERROR 2026 (HY000): TLS\/SSL error: sslv3 alert certificate revoked/ /SSLV3_ALERT_CERTIFICATE_REVOKED/sslv3 alert certificate revoked/
+ # OpenSSL 1.1.1a and later releases correctly rejects the certificate, but the error message is different
+---replace_regex /(ERROR 2013 \(HY000\): Lost connection to server at '.*', system error: [0-9]+|ERROR 2026 \(HY000\): TLS\/SSL error: sslv3 alert certificate revoked)/ERROR 2026 (HY000): TLS\/SSL error: ssl\/tls alert certificate revoked/
++--replace_regex /(ERROR 2013 \(HY000\): Lost connection to server at '.*', system error: [0-9]+|ERROR 2026 \(HY000\): TLS\/SSL error: sslv3 alert certificate revoked)/ERROR 2026 (HY000): TLS\/SSL error: ssl\/tls alert certificate revoked/ /SSLV3_ALERT_CERTIFICATE_REVOKED/ssl\/tls alert certificate revoked/
  --error 1
  --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1