Explicit smart pointer conversion (#954)

* Explicit conversion of smart pointers

* Test w/ Valgrind

* More suppression

Author: justsmth

.github/workflows/analysis.yml

@@ -360,6 +360,32 @@ jobs:
             exit 0
           fi
 
+  valgrind:
+    if: github.repository_owner == 'aws'
+    name: Valgrind Memory Check
+    runs-on: ubuntu-latest
+    env:
+      AWS_LC_RS_DISABLE_SLOW_TESTS: 1
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install Valgrind
+        run: sudo apt-get update && sudo apt-get install -y valgrind
+      - name: Run debug tests under Valgrind
+        run: |
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="valgrind --error-exitcode=1 --leak-check=full --show-leak-kinds=all --suppressions=$(pwd)/.valgrind/rust-test.supp" \
+            cargo test -p aws-lc-rs --features unstable --all-targets -- --test-threads=1
+      - name: Run release tests under Valgrind
+        run: |
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="valgrind --error-exitcode=1 --leak-check=full --show-leak-kinds=all --suppressions=$(pwd)/.valgrind/rust-test.supp" \
+            cargo test --release -p aws-lc-rs --features unstable --all-targets -- --test-threads=1
+      - name: Run FIPS release tests under Valgrind
+        run: |
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="valgrind --error-exitcode=1 --leak-check=full --show-leak-kinds=all --suppressions=$(pwd)/.valgrind/rust-test.supp" \
+            cargo test --release -p aws-lc-rs --features fips --all-targets -- --test-threads=1
+
   gnu-stack-check:
     if: github.repository_owner == 'aws'
     name: Verify (${{ matrix.host }}) GNU-stack section

.valgrind/rust-test.supp

@@ -0,0 +1,45 @@
+# Valgrind suppression file for Rust test harness
+
+{
+   rust_test_invocations
+   Memcheck:Leak
+   match-leak-kinds: possible
+   ...
+   fun:call_once<fn() -> core::cell::Cell<core::option::Option<std::sync::mpmc::context::Context>>, ()>
+   ...
+   fun:run_tests<*>
+   ...
+}
+
+# AWS-LC ML-DSA Implementation Issues
+# TODO: Remove once fixed upstream in AWS-LC
+{
+   aws_lc_ml_dsa_verify_uninit
+   Memcheck:Cond
+   fun:*ml_dsa_verify_internal*
+}
+
+{
+   aws_lc_ml_dsa_verify_uninit_value
+   Memcheck:Value8
+   fun:*ml_dsa_verify_internal*
+}
+
+{
+   aws_lc_rs_test_possible_leak
+   Memcheck:Leak
+   match-leak-kinds: possible
+   fun:malloc
+   obj:*/*_test-*
+   ...
+   fun:__libc_start_main@@GLIBC_*
+}
+
+{
+   rust_thread_new_leak
+   Memcheck:Leak
+   match-leak-kinds: possible
+   fun:malloc
+   fun:*thread*Thread*new*
+   ...
+}

aws-lc-rs/scripts/run-valgrind.sh

@@ -0,0 +1,205 @@
+#!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+# # Helper script for running aws-lc-rs tests under Valgrind
+#
+# Usage:
+#   ./scripts/run-valgrind.sh [OPTIONS] [TEST_NAME]
+#
+# Examples:
+#   ./scripts/run-valgrind.sh                    # Run all tests
+#   ./scripts/run-valgrind.sh pqdsa_test         # Run specific test
+#   ./scripts/run-valgrind.sh --no-suppress      # Run without suppressions
+#   ./scripts/run-valgrind.sh --release          # Run release build
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Default configuration
+USE_SUPPRESSIONS=1
+BUILD_MODE="debug"
+LEAK_CHECK="full"
+SHOW_LEAK_KINDS="all"
+ERROR_EXITCODE=1
+TEST_THREADS=1
+FEATURES="unstable"
+PACKAGE="aws-lc-rs"
+VALGRIND_EXTRA_ARGS=""
+GEN_SUPPRESSIONS=0
+export AWS_LC_RS_DISABLE_SLOW_TESTS=1
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --no-suppress)
+            USE_SUPPRESSIONS=0
+            shift
+            ;;
+        --gen-suppressions)
+            GEN_SUPPRESSIONS=1
+            shift
+            ;;
+        --release)
+            BUILD_MODE="release"
+            shift
+            ;;
+        --debug)
+            BUILD_MODE="debug"
+            shift
+            ;;
+        --threads)
+            TEST_THREADS="$2"
+            shift 2
+            ;;
+        --features)
+            FEATURES="$2"
+            shift 2
+            ;;
+        --package|-p)
+            PACKAGE="$2"
+            shift 2
+            ;;
+        --help|-h)
+            echo "Usage: $0 [OPTIONS] [TEST_NAME]"
+            echo ""
+            echo "Options:"
+            echo "  --no-suppress      Disable Valgrind suppressions (show all warnings)"
+            echo "  --gen-suppressions Generate suppression rules for errors found"
+            echo "  --release          Use release build (faster but less debug info)"
+            echo "  --debug            Use debug build (default)"
+            echo "  --threads N        Number of test threads (default: 1)"
+            echo "  --features FEATS   Cargo features to enable (default: unstable)"
+            echo "  --package PKG      Package to test (default: aws-lc-rs)"
+            echo "  --help, -h         Show this help message"
+            echo ""
+            echo "Examples:"
+            echo "  $0                         # Run all tests"
+            echo "  $0 pqdsa_test              # Run specific test"
+            echo "  $0 --no-suppress           # Run without suppressions"
+            echo "  $0 --gen-suppressions      # Generate suppression rules"
+            echo "  $0 --release pqdsa_test    # Run specific test in release mode"
+            exit 0
+            ;;
+        --*)
+            echo -e "${RED}Error: Unknown option $1${NC}"
+            exit 1
+            ;;
+        *)
+            # Assume it's a test name
+            TEST_NAME="$1"
+            shift
+            ;;
+    esac
+done
+
+# Get the repository root directory
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd "$REPO_ROOT/aws-lc-rs"
+
+# Check if Valgrind is installed
+if ! command -v valgrind &> /dev/null; then
+    echo -e "${RED}Error: Valgrind is not installed${NC}"
+    echo "Install it with:"
+    echo "  Ubuntu/Debian: sudo apt-get install valgrind"
+    echo "  macOS: brew install valgrind"
+    exit 1
+fi
+
+# Build Valgrind command
+VALGRIND_CMD="valgrind --error-exitcode=${ERROR_EXITCODE} --leak-check=${LEAK_CHECK} --show-leak-kinds=${SHOW_LEAK_KINDS}"
+
+# Add gen-suppressions if enabled
+if [ $GEN_SUPPRESSIONS -eq 1 ]; then
+    VALGRIND_CMD="${VALGRIND_CMD} --gen-suppressions=all"
+    echo -e "${BLUE}Generating suppression rules for all errors${NC}"
+    # Disable error exit code when generating suppressions to see all issues
+    ERROR_EXITCODE=0
+fi
+
+# Add suppression file if enabled
+if [ $USE_SUPPRESSIONS -eq 1 ]; then
+    SUPPRESSION_FILE="${REPO_ROOT}/.valgrind/rust-test.supp"
+    if [ -f "$SUPPRESSION_FILE" ]; then
+        VALGRIND_CMD="${VALGRIND_CMD} --suppressions=${SUPPRESSION_FILE}"
+        echo -e "${BLUE}Using suppressions from: ${SUPPRESSION_FILE}${NC}"
+    else
+        echo -e "${YELLOW}Warning: Suppression file not found: ${SUPPRESSION_FILE}${NC}"
+    fi
+else
+    echo -e "${YELLOW}Running WITHOUT suppressions - expect false positives${NC}"
+fi
+
+# Add any extra Valgrind arguments
+if [ -n "$VALGRIND_EXTRA_ARGS" ]; then
+    VALGRIND_CMD="${VALGRIND_CMD} ${VALGRIND_EXTRA_ARGS}"
+fi
+
+# Build cargo command
+CARGO_CMD="cargo test -p ${PACKAGE} --features ${FEATURES}"
+
+if [ "$BUILD_MODE" = "release" ]; then
+    CARGO_CMD="${CARGO_CMD} --release"
+    echo -e "${BLUE}Using release build${NC}"
+else
+    echo -e "${BLUE}Using debug build${NC}"
+fi
+
+# Add test name if provided
+if [ -n "$TEST_NAME" ]; then
+    CARGO_CMD="${CARGO_CMD} --test ${TEST_NAME}"
+    echo -e "${BLUE}Running test: ${TEST_NAME}${NC}"
+else
+    echo -e "${BLUE}Running all tests${NC}"
+fi
+
+# Add test arguments
+CARGO_CMD="${CARGO_CMD} -- --test-threads=${TEST_THREADS}"
+
+# Print configuration
+echo -e "${GREEN}=== Valgrind Test Configuration ===${NC}"
+echo "Package: ${PACKAGE}"
+echo "Features: ${FEATURES}"
+echo "Build: ${BUILD_MODE}"
+echo "Test threads: ${TEST_THREADS}"
+echo "Suppressions: $([ $USE_SUPPRESSIONS -eq 1 ] && echo 'enabled' || echo 'disabled')"
+echo "Generate suppressions: $([ $GEN_SUPPRESSIONS -eq 1 ] && echo 'enabled' || echo 'disabled')"
+echo ""
+
+# Export environment variables
+export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="${VALGRIND_CMD}"
+export AWS_LC_RS_DISABLE_SLOW_TESTS=1
+
+echo -e "${GREEN}=== Starting Valgrind Test Run ===${NC}"
+echo "Command: ${CARGO_CMD}"
+echo ""
+
+# Run the tests
+if eval ${CARGO_CMD}; then
+    echo ""
+    echo -e "${GREEN}=== Valgrind tests PASSED ===${NC}"
+    exit 0
+else
+    EXIT_CODE=$?
+    echo ""
+    echo -e "${RED}=== Valgrind tests FAILED ===${NC}"
+    echo ""
+    echo "Possible causes:"
+    echo "  1. Memory leak detected (check output above)"
+    echo "  2. Uninitialized memory usage"
+    echo "  3. Invalid memory access"
+    echo ""
+    echo "Next steps:"
+    echo "  - Review the Valgrind output above"
+    echo "  - Check .valgrind/KNOWN_ISSUES.md for known issues"
+    echo "  - Run with --no-suppress to see all warnings"
+    echo "  - Run with --gen-suppressions to generate suppression rules"
+    echo "  - For false positives in stdlib, add to .valgrind/rust-test.supp"
+    exit $EXIT_CODE
+fi

aws-lc-rs/src/aead/aead_ctx.rs

@@ -245,12 +245,12 @@ impl AeadCtx {
         let mut aead_ctx: LcPtr<EVP_AEAD_CTX> =
             LcPtr::new(unsafe { OPENSSL_malloc(size_of::<EVP_AEAD_CTX>()) }.cast())?;
 
-        unsafe { EVP_AEAD_CTX_zero(*aead_ctx.as_mut()) };
+        unsafe { EVP_AEAD_CTX_zero(aead_ctx.as_mut_ptr()) };
 
         if 1 != match direction {
             Some(direction) => unsafe {
                 EVP_AEAD_CTX_init_with_direction(
-                    *aead_ctx.as_mut(),
+                    aead_ctx.as_mut_ptr(),
                     aead,
                     key_bytes.as_ptr(),
                     key_bytes.len(),
@@ -260,7 +260,7 @@ impl AeadCtx {
             },
             None => unsafe {
                 EVP_AEAD_CTX_init(
-                    *aead_ctx.as_mut(),
+                    aead_ctx.as_mut_ptr(),
                     aead,
                     key_bytes.as_ptr(),
                     key_bytes.len(),

aws-lc-rs/src/aead/unbound_key.rs

@@ -105,7 +105,7 @@ impl UnboundKey {
             let nonce = nonce.as_ref();
 
             if 1 != EVP_AEAD_CTX_open_gather(
-                *aead_ctx.as_const(),
+                aead_ctx.as_const_ptr(),
                 out_plaintext.as_mut_ptr(),
                 nonce.as_ptr(),
                 nonce.len(),
@@ -179,7 +179,7 @@ impl UnboundKey {
 
         if 1 != unsafe {
             EVP_AEAD_CTX_seal_scatter(
-                *self.ctx.as_ref().as_const(),
+                self.ctx.as_ref().as_const_ptr(),
                 in_out.as_mut_ptr(),
                 extra_out_and_tag.as_mut_ptr(),
                 &mut out_tag_len,
@@ -231,7 +231,7 @@ impl UnboundKey {
         let mut out_len = MaybeUninit::<usize>::uninit();
         if 1 != indicator_check!(unsafe {
             EVP_AEAD_CTX_open(
-                *self.ctx.as_ref().as_const(),
+                self.ctx.as_ref().as_const_ptr(),
                 in_out.as_mut_ptr(),
                 out_len.as_mut_ptr(),
                 plaintext_len,
@@ -277,7 +277,7 @@ impl UnboundKey {
 
         if 1 != indicator_check!(unsafe {
             EVP_AEAD_CTX_open_gather(
-                *self.ctx.as_ref().as_const(),
+                self.ctx.as_ref().as_const_ptr(),
                 in_out.as_mut_ptr(),
                 null(),
                 0,
@@ -325,7 +325,7 @@ impl UnboundKey {
 
             if 1 != indicator_check!(unsafe {
                 EVP_AEAD_CTX_seal(
-                    *self.ctx.as_ref().as_const(),
+                    self.ctx.as_ref().as_const_ptr(),
                     mut_in_out.as_mut_ptr(),
                     out_len.as_mut_ptr(),
                     plaintext_len + alg_tag_len,
@@ -363,7 +363,7 @@ impl UnboundKey {
 
             if 1 != indicator_check!(unsafe {
                 EVP_AEAD_CTX_seal_scatter(
-                    *self.ctx.as_ref().as_const(),
+                    self.ctx.as_ref().as_const_ptr(),
                     in_out.as_mut_ptr(),
                     tag_buffer.as_mut_ptr(),
                     out_tag_len.as_mut_ptr(),
@@ -410,7 +410,7 @@ impl UnboundKey {
 
             if 1 != indicator_check!(unsafe {
                 EVP_AEAD_CTX_seal_scatter(
-                    *self.ctx.as_ref().as_const(),
+                    self.ctx.as_ref().as_const_ptr(),
                     in_out.as_mut_ptr(),
                     tag.as_mut_ptr(),
                     out_tag_len.as_mut_ptr(),
@@ -447,7 +447,7 @@ impl UnboundKey {
 
         if 1 != indicator_check!(unsafe {
             EVP_AEAD_CTX_seal_scatter(
-                *self.ctx.as_ref().as_const(),
+                self.ctx.as_ref().as_const_ptr(),
                 in_out.as_mut_ptr(),
                 tag_buffer.as_mut_ptr(),
                 out_tag_len.as_mut_ptr(),