feat(bindings): use aws-lc-sys instead of openssl-sys

aws · Nov 15, 2023 · 4e7c85d · 4e7c85d
1 parent b82a5d4
commit 4e7c85d
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 25 deletions.
diff --git a/bindings/rust/s2n-tls-sys/build.rs b/bindings/rust/s2n-tls-sys/build.rs
@@ -3,6 +3,9 @@
 
 use std::path::{Path, PathBuf};
 
+// This needs to be bumped when the aws-lc-sys version is bumped
+static AWS_LC_SYS_VERSION: &str = "0_12";
+
 fn main() {
     let external = External::default();
     if external.is_enabled() {
@@ -39,8 +42,8 @@ struct FeatureDetector<'a> {
 }
 
 impl<'a> FeatureDetector<'a> {
-    pub fn new(out_dir: &'a Path) -> Self {
-        let builder = builder();
+    pub fn new(out_dir: &'a Path, libcrypto: &Libcrypto) -> Self {
+        let builder = builder(libcrypto);
         Self { builder, out_dir }
     }
 
@@ -89,7 +92,9 @@ impl<'a> FeatureDetector<'a> {
 }
 
 fn build_vendored() {
-    let mut build = builder();
+    let libcrypto = Libcrypto::default();
+
+    let mut build = builder(&libcrypto);
 
     let pq = option_env("CARGO_FEATURE_PQ").is_some();
 
@@ -129,7 +134,7 @@ fn build_vendored() {
 
     let out_dir = PathBuf::from(env("OUT_DIR"));
 
-    let features = FeatureDetector::new(&out_dir);
+    let features = FeatureDetector::new(&out_dir, &libcrypto);
 
     let mut feature_names = std::fs::read_dir("lib/tests/features")
         .expect("missing features directory")
@@ -171,7 +176,7 @@ fn build_vendored() {
     build.compile("s2n-tls");
 
     // tell rust we're linking with libcrypto
-    println!("cargo:rustc-link-lib=crypto");
+    println!("cargo:rustc-link-lib={}", libcrypto.link);
 
     // let consumers know where to find our header files
     let include_dir = out_dir.join("include");
@@ -180,12 +185,11 @@ fn build_vendored() {
     println!("cargo:include={}", include_dir.display());
 }
 
-fn builder() -> cc::Build {
+fn builder(libcrypto: &Libcrypto) -> cc::Build {
     let mut build = cc::Build::new();
 
     build
-        // pull the include path from the openssl-sys dependency
-        .include(env("DEP_OPENSSL_INCLUDE"))
+        .include(&libcrypto.include)
         .include("lib")
         .include("lib/api")
         .flag("-std=c11")
@@ -205,16 +209,10 @@ fn builder() -> cc::Build {
 fn build_cmake() {
     let mut config = cmake::Config::new("lib");
 
-    // sometimes openssl-sys decides not to set this value so we may need to set it anyway
-    if option_env("DEP_OPENSSL_ROOT").is_none() {
-        let include = env("DEP_OPENSSL_INCLUDE");
-        if let Some(root) = Path::new(&include).parent() {
-            std::env::set_var("DEP_OPENSSL_ROOT", root);
-        }
-    }
+    let libcrypto = Libcrypto::default();
 
     config
-        .register_dep("openssl")
+        .register_dep(&format!("aws_lc_{}", libcrypto.version))
         .configure_arg("-DBUILD_TESTING=off");
 
     if option_env("CARGO_FEATURE_PQ").is_none() {
@@ -238,7 +236,7 @@ fn build_cmake() {
     println!("cargo:include={}", dst.join("include").display());
 
     // tell rust we're linking with libcrypto
-    println!("cargo:rustc-link-lib=crypto");
+    println!("cargo:rustc-link-lib={}", libcrypto.link);
 
     fn search(path: PathBuf) -> Option<PathBuf> {
         if path.exists() {
@@ -250,6 +248,54 @@ fn build_cmake() {
     }
 }
 
+#[derive(PartialEq, Eq, PartialOrd, Ord)]
+struct Libcrypto {
+    version: String,
+    link: String,
+    include: String,
+    root: String,
+}
+
+impl Default for Libcrypto {
+    fn default() -> Self {
+        let mut results = vec![];
+
+        for (name, value) in std::env::vars() {
+            if let Some(version) = name.strip_prefix("DEP_AWS_LC_") {
+                if let Some(version) = version.strip_suffix("_INCLUDE") {
+                    // only use paths from the dependency version we're using
+                    if !version.starts_with(AWS_LC_SYS_VERSION) {
+                        continue;
+                    }
+
+                    let version = version.to_string();
+
+                    eprintln!("cargo:rerun-if-env-changed={}", name);
+
+                    let link = format!("aws_lc_{version}_crypto");
+                    let include = value;
+                    let root = env(format!("DEP_AWS_LC_{version}_ROOT"));
+
+                    let libcrypto = Self {
+                        version,
+                        link,
+                        include,
+                        root,
+                    };
+
+                    results.push(libcrypto);
+                }
+            }
+        }
+
+        // pick the latest version
+        results.sort();
+        results
+            .pop()
+            .unwrap_or_else(|| panic!("missing DEP_AWS_LC_{AWS_LC_SYS_VERSION} paths"))
+    }
+}
+
 struct External {
     lib_dir: Option<PathBuf>,
     include_dir: Option<PathBuf>,

diff --git a/bindings/rust/s2n-tls-sys/templates/Cargo.template b/bindings/rust/s2n-tls-sys/templates/Cargo.template
@@ -33,19 +33,12 @@ stacktrace = []
 # unstable-foo = []
 
 [dependencies]
+aws-lc-sys = { version = "0.12" }
 libc = "0.2"
-# NOTE: The version of the `openssl-sys` crate is not the same as OpenSSL itself.
-#       Versions 1.0.1 - 3.0.0 are automatically discovered.
-openssl-sys = { version = "0.9" }
 
 [build-dependencies]
 cc = { version = "1.0", features = ["parallel"] }
 cmake = { version = "0.1", optional = true }
 
 [dev-dependencies]
 jobserver = "=0.1.26" # newer versions require rust 1.66, see https://github.com/aws/s2n-tls/issues/4241
-# Build the vendored version to make it easy to test in dev
-#
-# NOTE: The version of the `openssl-sys` crate is not the same as OpenSSL itself.
-#       Versions 1.0.1 - 3.0.0 are automatically discovered.
-openssl-sys = { version = "<= 0.9", features = ["vendored"] }