Prebuild aws-lc #584
Merged
Prebuild aws-lc #584
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is the same as awslabs/aws-crt-cpp#648
Issue #, if available:
At configuration time,
s2n-tlsperforms a number of feature probes against libcrypto in order to configure itself. In the current implementation of aws-crt-python build system, the correct libcrypto does not yet exist (nor are aws-lc's headers visible to the feature check, for that matter). This results in a misconfigured s2n-tls.Unfortunately, there is no easy way to change s2n-tls to be configured at build time, because CMake standard functionality for this (
try_compilefunction) can be used only at configuration time.Description of changes:
Build and install aws-lc into a build directory at configuration time, so libcrypto can be used by
s2n-tls.This PR depends on awslabs/aws-c-common#1144 and awslabs/aws-c-cal#197
I checked this PR by using the following build command:
Prior to this PR, s2n-tls feature probes looked like this
-- S2N found target: crypto
-- CMAKE_AR found: /usr/bin/ar
-- CMAKE_RANLIB found: /usr/bin/ranlib
-- CMAKE_OBJCOPY found: /usr/bin/objcopy
-- feature S2N_ATOMIC_SUPPORTED: FALSE
-- feature S2N_CLOEXEC_SUPPORTED: FALSE
-- feature S2N_CLOEXEC_XOPEN_SUPPORTED: FALSE
-- feature S2N_CLONE_SUPPORTED: FALSE
-- feature S2N_CPUID_AVAILABLE: FALSE
-- feature S2N_DIAGNOSTICS_POP_SUPPORTED: FALSE
-- feature S2N_DIAGNOSTICS_PUSH_SUPPORTED: FALSE
-- feature S2N_EXECINFO_AVAILABLE: FALSE
-- feature S2N_FALL_THROUGH_SUPPORTED: FALSE
-- feature S2N_FEATURES_AVAILABLE: FALSE
-- feature S2N_KTLS_SUPPORTED: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD5_SHA1_HASH: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD_CTX_SET_PKEY_CTX: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_RC4: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_FLAG_NO_CHECK_TIME: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_HKDF: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_KYBER: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_RSA_PSS_SIGNING: FALSE
-- feature S2N_LIBCRYPTO_SUPPORTS_X509_STORE_LIST: FALSE
-- feature S2N_LINUX_SENDFILE: FALSE
-- feature S2N_MADVISE_SUPPORTED: FALSE
-- feature S2N_MINHERIT_SUPPORTED: FALSE
-- feature S2N_STACKTRACE: FALSE
Now s2n feature probes look like this
-- FOUND AWS-LC CRYPTO cmake config - static
-- Using libcrypto from the cmake path
-- CMAKE_AR found: /usr/bin/ar
-- CMAKE_RANLIB found: /usr/bin/ranlib
-- CMAKE_OBJCOPY found: /usr/bin/objcopy
-- feature S2N_ATOMIC_SUPPORTED: TRUE
-- feature S2N_CLOEXEC_SUPPORTED: TRUE
-- feature S2N_CLOEXEC_XOPEN_SUPPORTED: TRUE
-- feature S2N_CLONE_SUPPORTED: TRUE
-- feature S2N_CPUID_AVAILABLE: TRUE
-- feature S2N_DIAGNOSTICS_POP_SUPPORTED: TRUE
-- feature S2N_DIAGNOSTICS_PUSH_SUPPORTED: TRUE
-- feature S2N_EXECINFO_AVAILABLE: TRUE
-- feature S2N_FALL_THROUGH_SUPPORTED: TRUE
-- feature S2N_FEATURES_AVAILABLE: TRUE
-- feature S2N_KTLS_SUPPORTED: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD5_SHA1_HASH: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD_CTX_SET_PKEY_CTX: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_RC4: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_FLAG_NO_CHECK_TIME: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_HKDF: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_KYBER: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_RSA_PSS_SIGNING: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_X509_STORE_LIST: TRUE
-- feature S2N_LINUX_SENDFILE: TRUE
-- feature S2N_MADVISE_SUPPORTED: TRUE
-- feature S2N_MINHERIT_SUPPORTED: FALSE
-- feature S2N_STACKTRACE: TRUE
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.