Merge branch 'main' into ed25519ph-hl

crypto/fipsmodule/bcm.c

@@ -185,6 +185,12 @@ extern const uint8_t BORINGSSL_bcm_rodata_start[];
 extern const uint8_t BORINGSSL_bcm_rodata_end[];
 #endif
 
+#define STRING_POINTER_LENGTH 18
+#define MAX_FUNCTION_NAME 32
+#define ASSERT_WITHIN_MSG "FIPS module doesn't span expected symbol (%s). Expected %p <= %p < %p\n"
+#define MAX_WITHIN_MSG_LEN sizeof(ASSERT_WITHIN_MSG) + (3 * STRING_POINTER_LENGTH) + MAX_FUNCTION_NAME
+#define ASSERT_OUTSIDE_MSG "FIPS module spans unexpected symbol (%s), expected %p < %p || %p > %p\n"
+#define MAX_OUTSIDE_MSG_LEN sizeof(ASSERT_OUTSIDE_MSG) + (4 * STRING_POINTER_LENGTH) + MAX_FUNCTION_NAME
 // assert_within is used to sanity check that certain symbols are within the
 // bounds of the integrity check. It checks that start <= symbol < end and
 // aborts otherwise.
@@ -198,11 +204,10 @@ static void assert_within(const void *start, const void *symbol,
     return;
   }
 
-  fprintf(
-      stderr,
-      "FIPS module doesn't span expected symbol (%s). Expected %p <= %p < %p\n",
-      symbol_name, start, symbol, end);
-  BORINGSSL_FIPS_abort();
+  assert(sizeof(symbol_name) < MAX_FUNCTION_NAME);
+  char message[MAX_WITHIN_MSG_LEN] = {0};
+  snprintf(message, sizeof(message), ASSERT_WITHIN_MSG, symbol_name, start, symbol, end);
+  AWS_LC_FIPS_failure(message);
 }
 
 static void assert_not_within(const void *start, const void *symbol,
@@ -215,11 +220,10 @@ static void assert_not_within(const void *start, const void *symbol,
     return;
   }
 
-  fprintf(
-      stderr,
-      "FIPS module spans unexpected symbol (%s), expected %p < %p || %p > %p\n",
-      symbol_name, symbol, start, symbol, end);
-  BORINGSSL_FIPS_abort();
+  assert(sizeof(symbol_name) < MAX_FUNCTION_NAME);
+  char message[MAX_WITHIN_MSG_LEN] = {0};
+  snprintf(message, sizeof(message), ASSERT_OUTSIDE_MSG, symbol_name, symbol, start, symbol, end);
+  AWS_LC_FIPS_failure(message);
 }
 
 // TODO: Re-enable once all data has been moved out of .text segments CryptoAlg-2360
@@ -267,26 +271,21 @@ static void BORINGSSL_bcm_power_on_self_test(void) {
 #if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
   if (jent_entropy_init()) {
     fprintf(stderr, "CPU Jitter entropy RNG initialization failed.\n");
-    goto err;
+    AWS_LC_FIPS_failure("CPU Jitter failed to initilize");
   }
 #endif
 
 #if !defined(OPENSSL_ASAN)
   // Integrity tests cannot run under ASAN because it involves reading the full
   // .text section, which triggers the global-buffer overflow detection.
   if (!BORINGSSL_integrity_test()) {
-    goto err;
+    AWS_LC_FIPS_failure("Integrity test failed");
   }
 #endif  // OPENSSL_ASAN
 
   if (!boringssl_self_test_startup()) {
-    goto err;
+    AWS_LC_FIPS_failure("Power on self test failed");
   }
-
-  return;
-
-err:
-  BORINGSSL_FIPS_abort();
 }
 
 #if !defined(OPENSSL_ASAN)
@@ -334,8 +333,8 @@ int BORINGSSL_integrity_test(void) {
 
   uint8_t result[SHA256_DIGEST_LENGTH];
   const EVP_MD *const kHashFunction = EVP_sha256();
-  if (!boringssl_self_test_sha256() ||
-      !boringssl_self_test_hmac_sha256()) {
+  if (!boringssl_self_test_sha256(true) ||
+      !boringssl_self_test_hmac_sha256(true)) {
     return 0;
   }
 
@@ -378,18 +377,22 @@ int BORINGSSL_integrity_test(void) {
 
   const uint8_t *expected = BORINGSSL_bcm_text_hash;
 
-  if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
-#if !defined(BORINGSSL_FIPS_BREAK_TESTS)
-    return 0;
+#if defined(BORINGSSL_FIPS_BREAK_TESTS)
+  // Check the integrity but don't call AWS_LC_FIPS_failure or return 0
+  check_test(expected, result, sizeof(result), "FIPS integrity test", false);
+#else
+  // Check the integrity, call AWS_LC_FIPS_failure if it doesn't match which will
+  // result in an abort
+  check_test(expected, result, sizeof(result), "FIPS integrity test", true);
 #endif
-  }
 
   OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
   return 1;
 }
 #endif  // OPENSSL_ASAN
 
-void BORINGSSL_FIPS_abort(void) {
+void AWS_LC_FIPS_failure(const char* message) {
+  fprintf(stderr, "AWS-LC FIPS failure caused by:\n%s\n", message);
   for (;;) {
     abort();
     exit(1);

crypto/fipsmodule/curve25519/curve25519.c

@@ -119,7 +119,7 @@ static void ed25519_keypair_pct(uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
   uint8_t out_sig[ED25519_SIGNATURE_LEN];
   if (ED25519_sign_no_self_test(out_sig, msg, 16, private_key) != 1 ||
       ED25519_verify_no_self_test(msg, 16, out_sig, public_key) != 1) {
-    BORINGSSL_FIPS_abort();
+    AWS_LC_FIPS_failure("Ed25519 keygen PCT failed");
   }
 #endif
 }

crypto/fipsmodule/ec/ec_key.c

@@ -549,7 +549,7 @@ int EC_KEY_generate_key_fips(EC_KEY *eckey) {
   eckey->priv_key = NULL;
 
 #if defined(AWSLC_FIPS)
-  BORINGSSL_FIPS_abort();
+  AWS_LC_FIPS_failure("EC keygen checks failed");
 #else
   return 0;
 #endif

crypto/fipsmodule/ml_kem/ml_kem_ref/kem.c

@@ -57,7 +57,7 @@ int crypto_kem_keypair_derand(ml_kem_params *params,
 #if defined(AWSLC_FIPS)
   // Abort in case of PCT failure.
   if (keygen_pct(params, pk, sk)) {
-    BORINGSSL_FIPS_abort();
+    AWS_LC_FIPS_failure("ML-KEM keygen PCT failed");
   }
 #endif
   return 0;

crypto/fipsmodule/rsa/rsa_impl.c

@@ -1231,7 +1231,7 @@ static int RSA_generate_key_ex_maybe_fips(RSA *rsa, int bits,
   if(check_fips && !RSA_check_fips(tmp)) {
     RSA_free(tmp);
 #if defined(AWSLC_FIPS)
-    BORINGSSL_FIPS_abort();
+    AWS_LC_FIPS_failure("RSA keygen checks failed");
 #endif
     return ret;
   }