Unverified Commit 46ab8704 authored by Alex Gaynor's avatar Alex Gaynor Committed by GitHub
Browse files

Merge pull request #2424 from skmcgrail/aws-lc-fips 

Add aws-lc-fips feature to allow linking the aws-lc-fips-sys crate
parents f620b1ea a12c8fce

openssl-sys/Cargo.toml

+2 −0
Original line number Diff line number Diff line
@@ -19,11 +19,13 @@ rust-version = "1.63.0" 
vendored = ['openssl-src']

unstable_boringssl = ['bssl-sys']

aws-lc = ['dep:aws-lc-sys']

aws-lc-fips = ['dep:aws-lc-fips-sys']



[dependencies]

libc = "0.2"

bssl-sys = { version = "0.1.0", optional = true }

aws-lc-sys = { version = "0.27", features = ["ssl"], optional = true }

aws-lc-fips-sys = { version = "0.13", features = ["ssl", "bindgen"], optional = true }



[build-dependencies]

bindgen = { version = "0.69.0", optional = true, features = ["experimental"] }

openssl-sys/build/main.rs

+17 −8
Original line number Diff line number Diff line
@@ -74,11 +74,9 @@ fn check_ssl_kind() { 
    }



    let is_aws_lc = cfg!(feature = "aws-lc");

    let is_aws_lc_fips = cfg!(feature = "aws-lc-fips");



    if is_aws_lc {

        println!("cargo:rustc-cfg=awslc");

        println!("cargo:awslc=true");



    if is_aws_lc || is_aws_lc_fips {

        // The aws-lc-sys crate uses a link name that embeds

        // the version number of crate. Examples (crate-name => links name):

        //   * aws-lc-sys => aws_lc_0_26_0
@@ -87,11 +85,22 @@ fn check_ssl_kind() { 
        //

        // Due to this we need to determine what version of the AWS-LC has been selected (fips or non-fips)

        // and then need to parse out the pieces we are interested in ignoring the version componenet of the name.

        const AWS_LC_ENV_VAR_PREFIX: &str = "DEP_AWS_LC_";

        let aws_lc_env_var_prefix: &'static str = if is_aws_lc_fips {

            "DEP_AWS_LC_FIPS_"

        } else {

            "DEP_AWS_LC_"

        };



        println!("cargo:rustc-cfg=awslc");

        println!("cargo:awslc=true");

        if is_aws_lc_fips {

            println!("cargo:rustc-cfg=awslc_fips");

            println!("cargo:awslc_fips=true");

        }



        let mut version = None;

        for (name, _) in std::env::vars() {

            if let Some(name) = name.strip_prefix(AWS_LC_ENV_VAR_PREFIX) {

            if let Some(name) = name.strip_prefix(aws_lc_env_var_prefix) {

                if let Some(name) = name.strip_suffix("_INCLUDE") {

                    version = Some(name.to_owned());

                    break;
@@ -101,7 +110,7 @@ fn check_ssl_kind() { 
        let version = version.expect("aws-lc version detected");



        // Read the OpenSSL configuration statements and emit rust-cfg for each.

        if let Ok(vars) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_CONF")) {

        if let Ok(vars) = std::env::var(format!("{aws_lc_env_var_prefix}{version}_CONF")) {

            for var in vars.split(',') {

                println!("cargo:rustc-cfg=osslconf=\"{var}\"");

            }
@@ -110,7 +119,7 @@ fn check_ssl_kind() { 


        // Emit the include header directory from the aws-lc(-fips)-sys crate so that it can be used if needed

        // by crates consuming openssl-sys.

        if let Ok(val) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_INCLUDE")) {

        if let Ok(val) = std::env::var(format!("{aws_lc_env_var_prefix}{version}_INCLUDE")) {

            println!("cargo:include={val}");

        }

openssl-sys/src/lib.rs

+5 −2
Original line number Diff line number Diff line
@@ -35,10 +35,13 @@ extern crate aws_lc_sys; 
#[cfg(awslc)]

#[path = "."]

mod aws_lc {

    #[cfg(feature = "aws-lc")]

    #[cfg(all(feature = "aws-lc", not(feature = "aws-lc-fips")))]

    pub use aws_lc_sys::*;



    #[cfg(not(feature = "aws-lc"))]

    #[cfg(feature = "aws-lc-fips")]

    pub use aws_lc_fips_sys::*;



    #[cfg(not(any(feature = "aws-lc", feature = "aws-lc-fips")))]

    include!(concat!(env!("OUT_DIR"), "/bindgen.rs"));



    use libc::{c_char, c_long, c_void};

openssl/Cargo.toml

+1 −0
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ vendored = ['ffi/vendored'] 
bindgen = ['ffi/bindgen']

unstable_boringssl = ["ffi/unstable_boringssl"]

aws-lc = ["ffi/aws-lc"]

aws-lc-fips = ["ffi/aws-lc-fips"]

default = []



[dependencies]

openssl/build.rs

+6 −0
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ fn main() { 
    println!("cargo:rustc-check-cfg=cfg(libressl)");

    println!("cargo:rustc-check-cfg=cfg(boringssl)");

    println!("cargo:rustc-check-cfg=cfg(awslc)");

    println!("cargo:rustc-check-cfg=cfg(awslc_fips)");



    println!("cargo:rustc-check-cfg=cfg(libressl250)");

    println!("cargo:rustc-check-cfg=cfg(libressl251)");
@@ -59,6 +60,11 @@ fn main() { 
        println!("cargo:rustc-cfg=awslc");

    }



    if env::var("DEP_OPENSSL_AWSLC_FIPS").is_ok() {

        println!("cargo:rustc-cfg=awslc");

        println!("cargo:rustc-cfg=awslc_fips");

    }



    if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") {

        let version = u64::from_str_radix(&v, 16).unwrap();