Add support for AWS-LC to openssl and openssl-sys crates #1805
Conversation
|
Looks like I might have misjudged one of the BoringSSL function signatures, will fix that in a subsequent commit. |
skmcgrail
force-pushed
the
aws-lc-support-final
branch
2 times, most recently
from
73e0334 to
a775d10
Compare
|
Hey @sfackler just curious if you've had a chance to consider this pull request? If there are concerns that you may have, or more detail on why we are looking to perform this level of integration please let me know and I would be more then willing to help address those. Thanks! |
|
How is AWS-LC versioned? How stable is it and how do the bindings line up? Please correct me if this instance is different but taking on a new flavour of OpenSSL makes every single PR harder to write and review because we have to consider this. BoringSSL is odd because it's entirely unstable, is that also true for AWS-LC? |
|
I had hoped that the OpenSSL-alike situation had stabilized a decade ago with the post-Heartbleed introduction of LibreSSL and BoringSSL. Unfortunately, in the last year or so it appears that both AWS and Alibaba have decided to create their own new forks (or forks of forks) in AWS-LC and BabaSSL and sought support for them in this library. Frankly, this is a disappointing trend. The open source ecosystem exists in a robust form today because corporations find it more beneficial to contribute improvements back to upstream open source projects than to maintain their own independent forks. I certainly hope that AWS-LC exists purely as a staging ground for the floating set of patches that have not yet been upstreamed! Whatever the shape of projects like AWS-LC and BabaSSL actually are, I see three general options for them with respect to rust-openssl:
|
Is this still being worked on? AWS-LC is supposed to be more stable than boringssl since it has release tags. I also find it helpful that the requirement for Go and Perl is optional in AWS-LC, as well as QUIC being supported. |
skmcgrail
force-pushed
the
aws-lc-support-final
branch
from
a775d10 to
3c18c05
Compare
|
I spoke with @skmcgrail the other day, and I think it makes sense for us to add support for aws-lc at this point. It's gained a fair bit of traction in other parts of the rust ecosystem (notably rustls), and so there's value in being able to use the same crypto library consistently. Separately, I think if we raised our minimum OpenSSL/LibreSSL version, we'd be able to drop a ton of I'm happy to review this, so let me know when its ready. |
openssl-sys/Cargo.toml
Outdated
| aws-lc-sys = { version = "0", features = ["ssl"], optional = true } | ||
| aws-lc-fips-sys = { version = "0", features = ["ssl", "bindgen"], optional = true } |
There was a problem hiding this comment.
This effectively uses any 0.x version, even if they're not semver compatible?
I guess that's considered ok here because we're just using the bindings which will be stable across them?
skmcgrail
force-pushed
the
aws-lc-support-final
branch
6 times, most recently
from
389c9e9 to
f6a8368
Compare
skmcgrail
force-pushed
the
aws-lc-support-final
branch
3 times, most recently
from
94410e5 to
00884aa
Compare
…-fips)-sys crate.
skmcgrail
force-pushed
the
aws-lc-support-final
branch
from
00884aa to
fdafb31
Compare
|
Alright looks like we just need to resolve a minor issues when building libssl for x86/i686. I have a PR in AWS-LC to address this: aws/aws-lc#2267 |
skmcgrail
force-pushed
the
aws-lc-support-final
branch
from
6e14170 to
71a9ac9
Compare
|
All the checks are passing with our latest sys crate release, should be good for eyes again. |
|
Will add to my TODO list once I'm not sick, thanks. |
| const NO_CHECKS = ffi::OCSP_NOCHECKS as c_ulong; | ||
| const TRUST_OTHER = ffi::OCSP_TRUSTOTHER as c_ulong; | ||
| const RESPID_KEY = ffi::OCSP_RESPID_KEY as c_ulong; | ||
| const NO_TIME = ffi::OCSP_NOTIME as c_ulong; |
There was a problem hiding this comment.
So the implication here is that ffi:: types don't match between aws-lc and other OpenSSL-variants?
Is that an issue for anything else? I guess not?
There was a problem hiding this comment.
These aren't types though but preprocessor define values so they are untyped. When generating the Rust bindings with bindgen we have the option to tell it what type should be assigned to these numerical macros: signed or unsigned. With unsigned appearing to be the default that bindgen selects upon reviewing the documentation. AWS-LC and BoringSSL sys crates both default to using the signed types when generating types for numerical macro constants. This is more inline with the behavior defined in the C99 standard for integer constants see 6.4.4.1 where a signed integer would be used first.
As BoringSSL does not support this OCSP functionality this subtlety hadn't been seen yet to date in this project. Which is why it is popping up now. Bindgen supports changing the type for a specific set of macro constant defines, but this is only supported programmatically and not exposed via the bindgen-cli. Thus making that a no-go at the moment.
skmcgrail
force-pushed
the
aws-lc-support-final
branch
from
cb2a15c to
f40a401
Compare
|
FWIW, at this juncture I think it'd be much easier to merge this PR as-is and expand the exposed functionality in follow-up PRs. |
|
Pushed one more commit to enable a few additional capabilities that we can technically support from the AWS-LC side. Added a few tests as well on the cipher side for some of the AES modes. |
|
Looks like CI is failing. |
skmcgrail
force-pushed
the
aws-lc-support-final
branch
2 times, most recently
from
8c80c70 to
759b9f8
Compare
|
Sad, the remaining failures appear to be around the test cases for AES-128-XTS and AES-256-XTS that I added. I assume there might be some API behavioral differences in the older versions of OpenSSL and for LibreSSL that don't align with how the tests are structured. I can try to investigate why that is happening and what can be changed. I added in the tests since this was a gap in coverage at the moment. |
|
I would favor reverting the latest set of additions, landing as is, and
then you can pursue exposing the additional functionality in follow-up PRs
that can all be merged individually.
…On Tue, Mar 18, 2025 at 4:45 PM Sean McGrail ***@***.***> wrote:
Sad, the remaining failures appear to be around the test cases for
AES-128-XTS and AES-256-XTS that I added. I assume there might be some API
behavioral differences in the older versions of OpenSSL and for LibreSSL
that don't align with how the tests are structured. I can try to
investigate why that is happening and what can be changed. I added in the
tests since this was a gap in coverage at the moment.
—
Reply to this email directly, view it on GitHub
<#1805 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBBDBX3L3G2CZPC7D4D2VCAXZAVCNFSM6AAAAABYH6KFYKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMZUGY4DIMBTGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
[image: skmcgrail]*skmcgrail* left a comment (sfackler/rust-openssl#1805)
<#1805 (comment)>
Sad, the remaining failures appear to be around the test cases for
AES-128-XTS and AES-256-XTS that I added. I assume there might be some API
behavioral differences in the older versions of OpenSSL and for LibreSSL
that don't align with how the tests are structured. I can try to
investigate why that is happening and what can be changed. I added in the
tests since this was a gap in coverage at the moment.
—
Reply to this email directly, view it on GitHub
<#1805 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBBDBX3L3G2CZPC7D4D2VCAXZAVCNFSM6AAAAABYH6KFYKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMZUGY4DIMBTGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
skmcgrail
force-pushed
the
aws-lc-support-final
branch
from
759b9f8 to
71a9ac9
Compare
|
Not sure if my comment is visible anywhere, so I repeat it here. That test breakage in CCM mode on old OpenSSL and LibreSSL is an old trap: let mut buf = vec![];
ctx.cipher_update(&aad, None).unwrap();
ctx.cipher_update_vec(&ct, &mut buf).unwrap();
ctx.cipher_final_vec(&mut buf).unwrap();EVP_DecryptFinal_ex() must not be called when decrypting in CCM mode. This is pointed out in |
Thanks for tracking this down, very much appreciated. Will have a subsequent PR with that commit here shortly including this suggested fix. |
This pull request adds support for AWS Libcrypto (AWS-LC). This is AWS's BoringSSL fork that has been developed with additional performance optimizations and cryptographic algorithm support. The work to integrate AWS-LC into these crates required minimal changes from the existing BoringSSL support.
There are two feature flags that are added depending on the use-case required by the end-consumer. The first feature is
aws-lcwhich will depend on our standard AWS-LC sys crate bindings which is based off of tagged release's of AWS-LC's main branch. The other feature isaws-lc-fipswhich will utilize the FIPS version of our sys crate. This currently uses thefips-2022-11-02branch of AWS-LC which corresponds to our AWS-LC-FIPS 2.0 module with this associated certificate and security policy.