awslabs · DmitriyMusatkin · Jun 14, 2024 · May 22, 2024 · May 22, 2024 · May 22, 2024
diff --git a/source/unix/openssl_platform_init.c b/source/unix/openssl_platform_init.c
@@ -22,6 +22,10 @@
 #define OPENSSL_SUPPRESS_DEPRECATED
 #include <openssl/crypto.h>
 
+#if defined(OPENSSL_IS_AWSLC)
+#include <openssl/service_indicator.h>
+#endif
+
 static struct openssl_hmac_ctx_table hmac_ctx_table;
 static struct openssl_evp_md_ctx_table evp_md_ctx_table;
 
@@ -555,6 +559,32 @@ static enum aws_libcrypto_version s_resolve_libcrypto_lib(void) {
     return AWS_LIBCRYPTO_NONE;
 }
 
+static void s_validate_libcrypto_linkage(void) {
+    /* NOTE: the choice of stack buffer size is somewhat arbitrary. it's
+     * possible, but unlikely, that libcrypto version strings may exceed this in
+     * the future. we guard against buffer overflow by limiting write size in
+     * snprintf with the size of the buffer itself. if libcrypto version strings
+     * do eventually exceed the chosen size, this runtime check will fail and
+     * will need to be addressed by increasing buffer size.*/
+    char expected_version[32] = { 0 };
+#if defined(OPENSSL_IS_AWSLC)
+    /* get FIPS mode at runtime becuase headers don't give any indication of
+     * AWS-LC's FIPSness at aws-c-cal compile time. version number can still be
+     * captured at preprocess/compile time from AWSLC_VERSION_NUMBER_STRING.*/
+    const char *mode = FIPS_mode() ? "AWS-LC FIPS" : "AWS-LC";
+    snprintf(expected_version, sizeof(expected_version), "%s %s", mode, AWSLC_VERSION_NUMBER_STRING);
+#elif defined(OPENSSL_IS_BORINGSSL)
+    snprintf(expected_version, sizeof(expected_version), "BoringSSL");
+#elif defined(OPENSSL_IS_OPENSSL)
+    snprintf(expected_version, sizeof(expected_version), OPENSSL_VERSION_TEXT);
+#else
+#error Unsupported libcrypto!
+#endif
+    const char *runtime_version = SSLeay_version(SSLEAY_VERSION);
+    AWS_FATAL_ASSERT(strlen(expected_version) == strlen(runtime_version) && "libcrypto mislink");
+    AWS_FATAL_ASSERT(strstr(expected_version, runtime_version) && "libcrypto mislink");
+}
+
 static enum aws_libcrypto_version s_resolve_libcrypto(void) {
     /* Try to auto-resolve against what's linked in/process space */
     AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "searching process and loaded modules");
@@ -583,6 +613,8 @@ static enum aws_libcrypto_version s_resolve_libcrypto(void) {
         result = s_resolve_libcrypto_lib();
     }
 
+    s_validate_libcrypto_linkage();
+
     return result;
 }