[openssh-commits] [openssh] branch master updated: add support for AWS-LC (AWS libcrypto)
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Feb 6 09:39:13 AEDT 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 66efd0fb add support for AWS-LC (AWS libcrypto)
66efd0fb is described below
commit 66efd0fbb6b8b95f8a520f2cdf8ede14e62b30b3
Author: Damien Miller <djm at mindrot.org>
AuthorDate: Thu Feb 6 09:38:09 2025 +1100
add support for AWS-LC (AWS libcrypto)
Patch from Shubham Mittal via bz3784; ok dtucker
---
.github/configs | 3 +++
.github/setup_ci.sh | 13 +++++++++++++
.github/workflows/c-cpp.yml | 1 +
configure.ac | 6 ++++++
openbsd-compat/openssl-compat.h | 4 ++--
5 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/.github/configs b/.github/configs
index 3cdcfeac..bcb67365 100755
--- a/.github/configs
+++ b/.github/configs
@@ -161,6 +161,9 @@ case "$config" in
CONFIGFLAGS="--disable-pkcs11"
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/boringssl --with-rpath=-Wl,-rpath,"
;;
+ aws-lc)
+ LIBCRYPTOFLAGS="--with-ssl-dir=/opt/aws-lc --with-rpath=-Wl,-rpath,"
+ ;;
libressl-*)
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
;;
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 7e1becaa..89a2d287 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -142,6 +142,10 @@ for TARGET in $TARGETS; do
INSTALL_BORINGSSL=1
PACKAGES="${PACKAGES} cmake ninja-build"
;;
+ aws-lc)
+ INSTALL_AWSLC=1
+ PACKAGES="${PACKAGES} cmake ninja-build"
+ ;;
putty-*)
INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-)
PACKAGES="${PACKAGES} cmake"
@@ -240,6 +244,15 @@ if [ ! -z "${INSTALL_BORINGSSL}" ]; then
cp -r ${HOME}/boringssl/include /opt/boringssl)
fi
+if [ ! -z "${INSTALL_AWSLC}" ]; then
+ (cd ${HOME} && git clone --depth 1 --branch v1.42.0 https://github.com/aws/aws-lc.git &&
+ cd ${HOME}/aws-lc && mkdir build && cd build &&
+ cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF .. && ninja &&
+ mkdir -p /opt/aws-lc/lib &&
+ cp ${HOME}/aws-lc/build/crypto/libcrypto.a /opt/aws-lc/lib &&
+ cp -r ${HOME}/aws-lc/include /opt/aws-lc)
+fi
+
if [ ! -z "${INSTALL_ZLIB}" ]; then
(cd ${HOME} && git clone https://github.com/madler/zlib.git &&
cd ${HOME}/zlib && ./configure && make &&
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index 2d672d87..b05ff0c6 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -55,6 +55,7 @@ jobs:
- { target: ubuntu-20.04, config: tcmalloc }
- { target: ubuntu-20.04, config: musl }
- { target: ubuntu-latest, config: boringssl }
+ - { target: ubuntu-latest, config: aws-lc }
- { target: ubuntu-latest, config: libressl-master }
- { target: ubuntu-latest, config: libressl-3.2.6 }
- { target: ubuntu-latest, config: libressl-3.3.6 }
diff --git a/configure.ac b/configure.ac
index e5da9336..b802d0e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3276,6 +3276,12 @@ fi
# PKCS11/U2F depend on OpenSSL and dlopen().
enable_pkcs11=yes
enable_sk=yes
+
+AC_CHECK_DECL([OPENSSL_IS_AWSLC],
+ [enable_pkcs11="disabled; PKCS#11 not supported with AWS-LC"],
+ [],
+ [#include <openssl/base.h>]
+)
if test "x$openssl" != "xyes" ; then
enable_pkcs11="disabled; missing libcrypto"
fi
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 2b9780f5..6b8fff41 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -55,9 +55,9 @@ void ssh_libcrypto_init(void);
# endif
#endif
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
/*
- * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
+ * BoringSSL and AWS-LC (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
* the entire BN_set_flags() interface.
* https://boringssl.googlesource.com/boringssl/+/0a211dfe9
*/
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list