Project

General

Profile

« Previous | Next » 

Revision 06faf285

Added by sachiang (Samuel Chiang) 5 months ago

[ruby/openssl] Add build support for AWS-LC

CI Changes

  1. I've split the original patch up to make it easier to digest, but
    that forces my hand to turn off testing in the AWS-LC CI for the time
    being. However, do let me know if you would prefer to review the test
    adjustments in the same PR and I can remove the temporary CI workaround.
  2. AWS-LC has a few no-op functions and we use -Wdeprecated-declarations
    to alert the consuming application of these. I've leveraged the
    skip-warnings CI option so that the build doesn't fail.

Build Adjustments

  1. AWS-LC FIPS mode is decided at compile time. This is different from
    OpenSSL's togglable FIPS switch, so I've adjusted the build to account
    for this.
  2. AWS-LC does not support for the two KEY_SIG or KEY_EX flags that were
    only ever supported by old MSIE.
  3. AWS-LC has no current support for post handshake authentication in
    TLS 1.3.
  4. EC_GROUP structures for named curves in AWS-LC are constant, static,
    and immutable by default. This means that the EC_GROUP_set_* functions
    are essentially no-ops due to the immutability of the structure. We've
    introduced a new API for consumers that depend on the OpenSSL's default
    mutability of the EC_GROUP structure called
    EC_GROUP_new_by_curve_name_mutable. Since Ruby has a bit of
    functionality that's dependent on the mutability of these structures,
    I've made the corresponding adjustments to allow things to work as
    expected.

https://github.com/ruby/openssl/commit/e53ec5a101