Add tests for XOF-specific functions squeeze and update called on non…

… XOF digests to increase code coverage upstream merge - squash commits from upstream.
aws · Feb 14, 2025 · e5fbc6d · e5fbc6d
1 parent 41dbf6d
commit e5fbc6d
Show file tree

Hide file tree

Showing 237 changed files with 4,168 additions and 1,957 deletions.
diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
@@ -39,7 +39,6 @@ jobs:
         os:
           - "macos-14-large"
           - "macos-13-large"
-          - "macos-12-large"
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
@@ -59,7 +58,6 @@ jobs:
         os:
           - "macos-14-large"
           - "macos-13-large"
-          - "macos-12-large"
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
@@ -591,21 +589,3 @@ jobs:
           run: |
             sudo pkg install -y git gmake cmake go ninja
             tests/ci/run_bsd_tests.sh
-  # Temporary to test the x509-limbo patch and building of the reporting tool.
-  # This will move into a separate project in the next PR. But doing this for now to
-  # cutdown the review size.
-  x509-limbo-tooling:
-    if: github.repository_owner == 'aws'
-    needs: [sanity-test-run]
-    name: x509-limbo tooling
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: 'recursive'
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.13' 
-      - name: Verify x509-limbo patch and reporting tool
-        run: |
-          ./tests/ci/run_x509_limbo.sh
diff --git a/.github/workflows/integrations.yml b/.github/workflows/integrations.yml
@@ -10,17 +10,18 @@ concurrency:
 env:
   CC: gcc
 jobs:
-  tpm2-tss:
+  nmap:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
     steps:
       - name: Install OS Dependencies
         run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev uuid-dev libltdl-dev libusb-1.0-0-dev libftdi-dev libglib2.0-dev pandoc libpsl-dev
+          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make gobject-introspection
       - uses: actions/checkout@v3
-      - name: Run integration build
+      - name: Run nmap build
         run: |
-          ./tests/ci/integration/run_tpm2_tss_integration.sh
+          ./tests/ci/integration/run_nmap_integration.sh
   grpc:
     if: github.repository_owner == 'aws'
     env:
@@ -39,41 +40,6 @@ jobs:
       - name: Run integration build
         run: |
           ./tests/ci/integration/run_grpc_integration.sh
-  tcpdump:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install OS Dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make libpcap-dev binutils-dev
-      - uses: actions/checkout@v3
-      - name: Run integration build
-        run: |
-          ./tests/ci/integration/run_tcpdump_integration.sh
-  socat:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install OS Dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none && sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf pkg-config openssl
-      - uses: actions/checkout@v3
-      - name: Run integration build
-        run: |
-          ./tests/ci/integration/run_socat_integration.sh
-  nmap:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install OS Dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make gobject-introspection
-      - uses: actions/checkout@v3
-      - name: Run nmap build
-        run: |
-          ./tests/ci/integration/run_nmap_integration.sh
   python-main:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
@@ -112,32 +78,6 @@ jobs:
         env:
           FIPS: ${{ matrix.fips }}
           AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO: ${{ matrix.openssl_in_crt }}
-  openldap:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    name: OpenLDAP
-    steps:
-      - name: Install OS Dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make
-      - uses: actions/checkout@v3
-      - name: Build AWS-LC, build openldap, run tests
-        run: |
-          ./tests/ci/integration/run_openldap_integration.sh master OPENLDAP_REL_ENG_2_5
-  cyrus-sasl:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    name: Cyrus-SASL
-    steps:
-      - name: Install OS Dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make
-      - uses: actions/checkout@v3
-      - name: Build AWS-LC, build cyrus
-        run: |
-          ./tests/ci/integration/run_cyrus_sasl_integration.sh
   bind9:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
@@ -207,20 +147,21 @@ jobs:
       - name: Run libevent build
         run: |
           ./tests/ci/integration/run_libevent_integration.sh
-  amazon-corretto-crypto-provider:
+  ruby-main:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
+    name: Ruby main
     steps:
       - name: Install OS Dependencies
         run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get -y --no-install-recommends install \
-          curl gnupg build-essential lcov wget python3-pip cmake gcc ninja-build golang
-          sudo pip3 install gcovr
-      - uses: actions/checkout@v4
-      - name: Run accp build
+          sudo apt-get update
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf ruby libyaml-dev
+      - uses: actions/checkout@v3
+      - name: Build AWS-LC, build ruby, run tests
         run: |
-          ./tests/ci/integration/run_accp_integration.sh
+          ./tests/ci/integration/run_ruby_integration.sh master
+        env:
+          FIPS: 1
   ruby-releases:
     if: github.repository_owner == 'aws'
     strategy:
@@ -239,6 +180,6 @@ jobs:
       - uses: actions/checkout@v3
       - name: Build AWS-LC, build ruby, run tests
         run: |
-          ./tests/ci/integration/run_ruby_integration.sh ruby_3_2 ruby_3_1
+          ./tests/ci/integration/run_ruby_integration.sh ruby_3_3 ruby_3_2 ruby_3_1
         env:
           FIPS: ${{ matrix.fips }}
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
@@ -418,10 +418,10 @@ add_library(
   evp_extra/p_dsa.c
   evp_extra/p_dsa_asn1.c
   evp_extra/p_ec_asn1.c
+  evp_extra/p_ed25519ph.c
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
-  evp_extra/p_pqdsa.c
   evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
@@ -440,7 +440,6 @@ add_library(
   kyber/kem_kyber.c
   lhash/lhash.c
   mem.c
-  ml_dsa/ml_dsa.c
   obj/obj.c
   obj/obj_xref.c
   ocsp/ocsp_asn.c
@@ -471,7 +470,6 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
-  pqdsa/pqdsa.c
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c
@@ -658,10 +656,6 @@ if(FIPS_SHARED)
       COMMAND ${GO_EXECUTABLE} run
       ${PROJECT_SOURCE_DIR}/util/fipstools/inject_hash/inject_hash.go
       -o $<TARGET_FILE:crypto> -in-object $<TARGET_FILE:crypto> ${INJECT_HASH_APPLE_FLAG}
-      # The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus
-      # go_executable isn't used (as it doesn't get built), but we list this
-      # dependency anyway in case it starts working in some CMake version.
-      DEPENDS ../util/fipstools/inject_hash/inject_hash.go
       WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
     )
 

diff --git a/crypto/evp_extra/evp_asn1.c b/crypto/evp_extra/evp_asn1.c
@@ -68,7 +68,7 @@
 #include "../bytestring/internal.h"
 #include "../internal.h"
 #include "internal.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
 // The OID is then searched against ASN.1 methods for a method with that OID.