Merge branch 'main' into kbkdf-counter

aws · Jul 9, 2024 · 7a6d418 · 7a6d418
2 parents 20fbfaf + 622366f
commit 7a6d418
Show file tree

Hide file tree

Showing 59 changed files with 1,261 additions and 528 deletions.
diff --git a/.github/docker_images/gcc-4.8/Dockerfile b/.github/docker_images/gcc-4.8/Dockerfile
@@ -0,0 +1,20 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+FROM gcc:4.8
+
+VOLUME ["/awslc"]
+
+COPY awslc_build.sh /
+COPY entry.sh /
+
+WORKDIR /
+
+RUN curl -LOk "https://github.com/Kitware/CMake/releases/download/v3.6.3/cmake-3.6.3-Linux-x86_64.tar.gz"
+RUN sha256sum cmake-3.6.3-Linux-x86_64.tar.gz | grep -q "9d915d505c07d84b610e1be6242c7cad68b4b7a4090ce85ecf9cec5effa47c43"
+RUN tar -C /usr/local -xzf cmake-3.6.3-Linux-x86_64.tar.gz
+RUN rm cmake-3.6.3-Linux-x86_64.tar.gz
+
+ENV PATH="${PATH}:/usr/local/cmake-3.6.3-Linux-x86_64/bin"
+
+ENTRYPOINT ["/entry.sh"]
diff --git a/.github/docker_images/gcc-4.8/awslc_build.sh b/.github/docker_images/gcc-4.8/awslc_build.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+set -ex -o pipefail
+
+echo "Building with GCC Version: $(gcc --version)"
+
+BUILD_DIR=$(mktemp -d)
+SRC_DIR="${SRC_DIR:-/awslc}"
+
+pushd "${BUILD_DIR}"
+
+cmake "${SRC_DIR}" "-DDISABLE_GO=ON" "-DDISABLE_PERL=ON" "-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX=1"
+make -j 4 ssl
+
+popd # ${BUILD_DIR}
diff --git a/.github/docker_images/gcc-4.8/entry.sh b/.github/docker_images/gcc-4.8/entry.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+set -ex -o pipefail
+
+/awslc_build.sh "${argv[@]}"
diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
@@ -447,6 +447,20 @@ jobs:
             env
             tests/ci/run_openbsd_tests.sh ${{ matrix.args }}
             EOF
+  gcc-4_8:
+    needs: [sanity-test-run]
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker Image
+        working-directory: .github/docker_images/gcc-4.8
+        run: |
+          docker build -t "gcc-4.8"  .
+      - name: Build using pre-generated assembly
+        run: |
+          docker run -v "${{ github.workspace }}:/awslc" "gcc-4.8"
 
     # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413)
 #  MSVC-SDE-32-bit:

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -289,23 +289,26 @@ endmacro()
 # can be set to handle such cases.
 option(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX "Exclude AVX code from the build" OFF)
 
-# Some assemblers know about AVX but not AVX512 instructions, e.g. gcc 4.8.2.
+# Some assemblers know about AVX but not ADX, AVX2 or AVX512 instructions, e.g. gcc 4.8.2.
 # This flag can be set to handle such cases.
-# Note that the flag's name has "512AVX" instead of "AVX512" so that it doesn't
-# include the entire flag -DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX and match it
-# in the Perl files checks.
+# Note:
+# * Although this flag name implies an effect on AVX512 instructions, it's also
+#   intended to avoid generating ADX and AVX2 instructions.
+# * This flag name has "512AVX" instead of "AVX512" so that it doesn't
+#   include the entire flag -DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX and match
+#   to it in the Perl files checks.
 option(MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX "Exclude AVX512 code from the build" OFF)
 
 if(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)
   add_definitions(-DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)
   add_definitions(-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX)
   set(MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX ON)
-  message(STATUS "MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX selected, removing AVX optimisations")
+  message(STATUS "MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX selected, removing all AVX optimisations")
 endif()
 
 if(MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX)
   add_definitions(-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX)
-  message(STATUS "MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX selected, removing AVX512 optimisations")
+  message(STATUS "MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX selected, removing ADX, AVX2 and AVX512 optimisations")
 endif()
 
 if (GCC)
@@ -949,6 +952,7 @@ if(BUILD_LIBSSL)
   add_subdirectory(ssl)
   if(BUILD_TOOL)
     add_subdirectory(tool)
+    add_subdirectory(tool-openssl)
   endif()
 endif()
 add_subdirectory(util/fipstools)

diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h
@@ -26,7 +26,7 @@ extern "C" {
 
 // If (1) x86_64 or aarch64, (2) linux or apple, and (3) OPENSSL_NO_ASM is not
 // set, s2n-bignum path is capable.
-#if ((defined(OPENSSL_X86_64) && !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX)) || \
+#if ((defined(OPENSSL_X86_64) && !defined(MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX)) || \
      defined(OPENSSL_AARCH64)) &&                                              \
     (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE) ||                       \
      defined(OPENSSL_OPENBSD)) &&                                              \

diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.c
@@ -614,3 +614,53 @@ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point,
 
   return ret;
 }
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                            EC_POINT *point, BN_CTX *ctx) {
+  if (group == NULL || bn == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+  }
+
+  // Allocate buffer and length.
+  size_t buf_len = BN_num_bytes(bn);
+  if (buf_len == 0) {
+    // See https://github.com/openssl/openssl/issues/10258.
+    buf_len = 1;
+  }
+  uint8_t *buf = OPENSSL_malloc(buf_len);
+  if (buf == NULL) {
+    return NULL;
+  }
+
+  if (BN_bn2bin_padded(buf, buf_len, bn) < 0) {
+    OPENSSL_free(buf);
+    return NULL;
+  }
+
+  // Use the user-provided |point| if there is one. Otherwise, we allocate a new
+  // |EC_POINT| if |point| is NULL.
+  EC_POINT *ret;
+  if (point != NULL) {
+    ret = point;
+  } else {
+    ret = EC_POINT_new(group);
+    if (ret == NULL) {
+      OPENSSL_free(buf);
+      return NULL;
+    }
+  }
+
+  if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+    if (ret != point) {
+      // If the user did not provide a |point|, we free the |EC_POINT| we
+      // allocated.
+      EC_POINT_free(ret);
+      ret = NULL;
+    }
+  }
+
+  OPENSSL_free(buf);
+  return ret;
+}
+
diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
@@ -179,7 +179,7 @@ endif()
 
 # s2n-bignum files can be compiled on Unix platforms only (except Apple),
 # and on x86_64 and aarch64 systems only.
-if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX) OR
+if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX) OR
       ARCH STREQUAL "aarch64") AND UNIX)
 
   # Set the source directory for s2n-bignum assembly files

diff --git a/crypto/fipsmodule/aes/asm/aesni-xts-avx512.pl b/crypto/fipsmodule/aes/asm/aesni-xts-avx512.pl
@@ -1460,7 +1460,10 @@
 
   my $rndsuffix = &random_string();
 
-  $code .= ".text\n";
+  $code .= <<___;
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
+.text
+___
 
   {
   $code.=<<___;
@@ -3108,6 +3111,7 @@
     .byte  0xff, 0xff, 0xff, 0xff, 0xff
 
 .text
+#endif
 ___
 } else {
     $code .= <<___;

diff --git a/crypto/fipsmodule/bn/asm/x86_64-mont.pl b/crypto/fipsmodule/bn/asm/x86_64-mont.pl
@@ -67,7 +67,7 @@
 # versions, but BoringSSL is intended to be used with pre-generated perlasm
 # output, so this isn't useful anyway.
 $addx = 1;
-for (@ARGV) { $addx = 0 if (/-DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX/); }
+for (@ARGV) { $addx = 0 if (/-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX/); }
 
 # int bn_mul_mont(
 $rp="%rdi";	# BN_ULONG *rp,
@@ -105,8 +105,10 @@
 	jb	.Lmul_enter
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	leaq	OPENSSL_ia32cap_P(%rip),%r11
 	mov	8(%r11),%r11d
+#endif
 ___
 $code.=<<___;
 	cmp	$ap,$bp
@@ -367,9 +369,11 @@
 .Lmul4x_enter:
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	and	\$0x80100,%r11d
 	cmp	\$0x80100,%r11d
 	je	.Lmulx4x_enter
+#endif
 ___
 $code.=<<___;
 	push	%rbx
@@ -823,7 +827,9 @@
 my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
 
 $code.=<<___	if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 .extern	bn_sqrx8x_internal		# see x86_64-mont5 module
+#endif
 ___
 $code.=<<___;
 .extern	bn_sqr8x_internal		# see x86_64-mont5 module
@@ -911,6 +917,7 @@
 	movq	%r10, %xmm3		# -$num
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	leaq	OPENSSL_ia32cap_P(%rip),%rax
 	mov	8(%rax),%eax
 	and	\$0x80100,%eax
@@ -931,6 +938,7 @@
 
 .align	32
 .Lsqr8x_nox:
+#endif
 ___
 $code.=<<___;
 	call	bn_sqr8x_internal	# see x86_64-mont5 module
@@ -1027,6 +1035,7 @@
 my $bp="%rdx";	# original value
 
 $code.=<<___;
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 .type	bn_mulx4x_mont,\@function,6
 .align	32
 bn_mulx4x_mont:
@@ -1388,6 +1397,7 @@
 	ret
 .cfi_endproc
 .size	bn_mulx4x_mont,.-bn_mulx4x_mont
+#endif
 ___
 }}}
 $code.=<<___;
@@ -1551,9 +1561,11 @@
 	.rva	.LSEH_info_bn_sqr8x_mont
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	.rva	.LSEH_begin_bn_mulx4x_mont
 	.rva	.LSEH_end_bn_mulx4x_mont
 	.rva	.LSEH_info_bn_mulx4x_mont
+#endif
 ___
 $code.=<<___;
 .section	.xdata
@@ -1573,11 +1585,13 @@
 .align	8
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 .LSEH_info_bn_mulx4x_mont:
 	.byte	9,0,0,0
 	.rva	sqr_handler
 	.rva	.Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue	# HandlerData[]
 .align	8
+#endif
 ___
 }
 

diff --git a/crypto/fipsmodule/bn/asm/x86_64-mont5.pl b/crypto/fipsmodule/bn/asm/x86_64-mont5.pl
@@ -52,7 +52,7 @@
 # versions, but BoringSSL is intended to be used with pre-generated perlasm
 # output, so this isn't useful anyway.
 $addx = 1;
-for (@ARGV) { $addx = 0 if (/-DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX/); }
+for (@ARGV) { $addx = 0 if (/-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX/); }
 
 # int bn_mul_mont_gather5(
 $rp="%rdi";	# BN_ULONG *rp,
@@ -90,8 +90,10 @@
 	jnz	.Lmul_enter
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	leaq	OPENSSL_ia32cap_P(%rip),%r11
 	mov	8(%r11),%r11d
+#endif
 ___
 $code.=<<___;
 	jmp	.Lmul4x_enter
@@ -473,9 +475,11 @@
 .Lmul4x_enter:
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	and	\$0x80108,%r11d
 	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
 	je	.Lmulx4x_enter
+#endif
 ___
 $code.=<<___;
 	push	%rbx
@@ -1106,11 +1110,13 @@
 .cfi_def_cfa_register	%rax
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	leaq	OPENSSL_ia32cap_P(%rip),%r11
 	mov	8(%r11),%r11d
 	and	\$0x80108,%r11d
 	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
 	je	.Lpowerx5_enter
+#endif
 ___
 $code.=<<___;
 	push	%rbx
@@ -2109,6 +2115,7 @@
 my $bp="%rdx";	# restore original value
 
 $code.=<<___;
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 .type	bn_mulx4x_mont_gather5,\@function,6
 .align	32
 bn_mulx4x_mont_gather5:
@@ -3436,6 +3443,7 @@
 	ret
 .cfi_endproc
 .size	__bn_postx4x_internal,.-__bn_postx4x_internal
+#endif
 ___
 }
 }}}
@@ -3716,13 +3724,15 @@
 	.rva	.LSEH_info_bn_power5
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 	.rva	.LSEH_begin_bn_mulx4x_mont_gather5
 	.rva	.LSEH_end_bn_mulx4x_mont_gather5
 	.rva	.LSEH_info_bn_mulx4x_mont_gather5
 
 	.rva	.LSEH_begin_bn_powerx5
 	.rva	.LSEH_end_bn_powerx5
 	.rva	.LSEH_info_bn_powerx5
+#endif
 ___
 $code.=<<___;
 	.rva	.LSEH_begin_bn_gather5
@@ -3747,6 +3757,7 @@
 	.rva	.Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue	# HandlerData[]
 ___
 $code.=<<___ if ($addx);
+#ifndef MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX
 .align	8
 .LSEH_info_bn_mulx4x_mont_gather5:
 	.byte	9,0,0,0
@@ -3757,6 +3768,7 @@
 	.byte	9,0,0,0
 	.rva	mul_handler
 	.rva	.Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue	# HandlerData[]
+#endif
 ___
 $code.=<<___;
 .align	8