Autotools
autotools
AVR
+AWS
+AWS-LC
+AWSLC
+aws-lc
+awslc
axTLS
backend
backends
--- /dev/null
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# SPDX-License-Identifier: curl
+
+name: Linux
+
+on:
+ push:
+ branches:
+ - master
+ - '*/ci'
+ paths-ignore:
+ - '**/*.md'
+ pull_request:
+ branches:
+ - master
+ paths-ignore:
+ - '**/*.md'
+
+concurrency:
+ # Hardcoded workflow filename as workflow name above is just Linux again
+ group: awslc-${{ github.event.pull_request.number || github.sha }}
+ cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+ autoconf:
+ name: awslc (autoconf)
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 30
+
+ steps:
+ - run: |
+ sudo apt-get update --yes
+ sudo apt-get install --yes libtool autoconf automake pkg-config stunnel4
+ # ensure we don't pick up openssl in this build
+ sudo apt remove --yes libssl-dev
+ sudo python3 -m pip install impacket
+ name: 'install prereqs and impacket'
+
+ - run: |
+ curl -LO https://github.com/awslabs/aws-lc/archive/refs/tags/v1.3.0.tar.gz
+ tar xzf v1.3.0.tar.gz
+ mkdir aws-lc-1.3.0-build
+ cd aws-lc-1.3.0-build
+ cmake -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-1.3.0
+ cmake --build . --parallel
+ cmake --install .
+ name: 'install awslc'
+
+ - uses: actions/checkout@v3
+
+ - run: autoreconf -fi
+ name: 'autoreconf'
+
+ - run: ./configure --enable-warnings --enable-werror --with-openssl=$HOME/awslc
+ name: 'configure'
+
+ - run: make -j 2 V=1
+ name: 'make'
+
+ - run: make -j 2 V=1 examples
+ name: 'make examples'
+
+ - run: make -j 2 V=1 -C tests
+ name: 'make tests'
+
+ - run: make V=1 test-ci
+ name: 'run tests'
+
+ cmake:
+ name: awslc (cmake)
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 15
+
+ steps:
+ - run: |
+ sudo apt-get update
+ sudo apt-get install cmake stunnel4
+ # ensure we don't pick up openssl in this build
+ sudo apt remove --yes libssl-dev
+ sudo python3 -m pip install impacket
+ name: 'install prereqs and impacket'
+
+ - run: |
+ curl -LO https://github.com/awslabs/aws-lc/archive/refs/tags/v1.3.0.tar.gz
+ tar xzf v1.3.0.tar.gz
+ mkdir aws-lc-1.3.0-build
+ cd aws-lc-1.3.0-build
+ cmake -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-1.3.0
+ cmake --build . --parallel
+ cmake --install .
+ name: 'install awslc'
+
+ - uses: actions/checkout@v3
+
+ # CMAKE_COMPILE_WARNING_AS_ERROR is available in cmake 3.24 or later
+ - run: cmake -Bbuild -DOPENSSL_ROOT_DIR=$HOME/awslc -DBUILD_SHARED_LIBS=ON -DCMAKE_COMPILE_WARNING_AS_ERROR=ON .
+ name: 'cmake generate'
+
+ - run: cmake --build build --parallel
+ name: 'cmake build'
+
+ - run: cmake --install build --prefix $HOME/curl --strip
+ name: 'cmake install'
#
# The following variables are available:
# HAVE_RAND_EGD: `RAND_egd` present in OpenSSL
+# HAVE_AWSLC: OpenSSL is AWS-LC
# HAVE_BORINGSSL: OpenSSL is BoringSSL
# HAVE_PK11_CREATEMANAGEDGENERICOBJECTL: `PK11_CreateManagedGenericObject` present in NSS
# HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL
if(NOT DEFINED HAVE_BORINGSSL)
check_symbol_exists(OPENSSL_IS_BORINGSSL "openssl/base.h" HAVE_BORINGSSL)
endif()
+ if(NOT DEFINED HAVE_AWSLC)
+ check_symbol_exists(OPENSSL_IS_AWSLC "openssl/base.h" HAVE_AWSLC)
+ endif()
endif()
if(CURL_USE_MBEDTLS)
backends.
curl can be built to use one of the following SSL alternatives: OpenSSL,
- libressl, BoringSSL, GnuTLS, wolfSSL, NSS, mbedTLS, Secure
+ libressl, BoringSSL, AWS-LC, GnuTLS, wolfSSL, NSS, mbedTLS, Secure
Transport (native iOS/OS X), Schannel (native Windows), GSKit (native IBM
i), BearSSL, or Rustls. They all have their pros and cons, and we try to
maintain a comparison of them here: https://curl.se/docs/ssl-compared.html
- GnuTLS: `--with-gnutls`.
- mbedTLS: `--with-mbedtls`
- NSS: `--with-nss`
- - OpenSSL: `--with-openssl` (also for BoringSSL, libressl and quictls)
+ - OpenSSL: `--with-openssl` (also for BoringSSL, AWS-LC, libressl, and quictls)
- rustls: `--with-rustls`
- Schannel: `--with-schannel`
- Secure Transport: `--with-secure-transport`
The engine is used by libcurl in a way that is fully thread-safe.
.IP BoringSSL
The engine is used by libcurl in a way that is fully thread-safe.
+.IP AWS-LC
+The engine is used by libcurl in a way that is fully thread-safe.
.SH "Other areas of caution"
.IP Signals
Signals are used for timing out name resolves (during DNS lookup) - when built
CURLSSH_AUTH_NONE 7.16.1
CURLSSH_AUTH_PASSWORD 7.16.1
CURLSSH_AUTH_PUBLICKEY 7.16.1
+CURLSSLBACKEND_AWSLC 8.1.0
CURLSSLBACKEND_AXTLS 7.38.0 7.61.0
CURLSSLBACKEND_BEARSSL 7.68.0
CURLSSLBACKEND_BORINGSSL 7.49.0
} curl_sslbackend;
/* aliases for library clones and renames */
-#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL
+#define CURLSSLBACKEND_AWSLC CURLSSLBACKEND_OPENSSL
#define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL
+#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL
/* deprecated names: */
#define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL
# define DES_ecb_encrypt des_ecb_encrypt
# define DESKEY(x) x
# define DESKEYARG(x) x
+# elif defined(OPENSSL_IS_AWSLC)
+# define DES_set_key_unchecked (void)DES_set_key
+# define DESKEYARG(x) *x
+# define DESKEY(x) &x
# else
# define DESKEYARG(x) *x
# define DESKEY(x) &x
#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL))
-#define HAVE_SSL_CTX_SET_CIPHERSUITES
-#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+ #define HAVE_SSL_CTX_SET_CIPHERSUITES
+ #if !defined(OPENSSL_IS_AWSLC)
+ #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+ #endif
#endif
/*
#define OSSL_PACKAGE "LibreSSL"
#elif defined(OPENSSL_IS_BORINGSSL)
#define OSSL_PACKAGE "BoringSSL"
+#elif defined(OPENSSL_IS_AWSLC)
+#define OSSL_PACKAGE "AWS-LC"
#else
#define OSSL_PACKAGE "OpenSSL"
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
!(defined(LIBRESSL_VERSION_NUMBER) && \
LIBRESSL_VERSION_NUMBER < 0x2070100fL) && \
- !defined(OPENSSL_IS_BORINGSSL)
+ !defined(OPENSSL_IS_BORINGSSL) && \
+ !defined(OPENSSL_IS_AWSLC)
#define HAVE_OPENSSL_VERSION
#endif
}
}
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
typedef size_t numcert_t;
#else
typedef int numcert_t;
*buf = '\0';
}
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
ERR_error_string_n((uint32_t)error, buf, size);
#else
ERR_error_string_n(error, buf, size);
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if(altnames) {
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
size_t numalts;
size_t i;
#else
long curl_ssl_version_max;
/* convert curl min SSL version option to OpenSSL constant */
-#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
+#if (defined(OPENSSL_IS_BORINGSSL) || \
+ defined(OPENSSL_IS_AWSLC) || \
+ defined(LIBRESSL_VERSION_NUMBER))
uint16_t ossl_ssl_version_min = 0;
uint16_t ossl_ssl_version_max = 0;
#else
}
#endif
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
typedef uint32_t ctx_option_t;
#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
typedef uint64_t ctx_option_t;
SSL_set_tlsext_status_type(backend->handle, TLSEXT_STATUSTYPE_ocsp);
#endif
-#if defined(OPENSSL_IS_BORINGSSL) && defined(ALLOW_RENEG)
+#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) && \
+ defined(ALLOW_RENEG)
SSL_set_renegotiate_mode(backend->handle, ssl_renegotiate_freely);
#endif
}
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
!defined(LIBRESSL_VERSION_NUMBER) && \
- !defined(OPENSSL_IS_BORINGSSL))
+ !defined(OPENSSL_IS_BORINGSSL) && \
+ !defined(OPENSSL_IS_AWSLC))
+
/* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
- OpenSSL version above v1.1.1, not LibreSSL nor BoringSSL */
+ OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
else if((lib == ERR_LIB_SSL) &&
(reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
/* If client certificate is required, communicate the
#else
return msnprintf(buffer, size, OSSL_PACKAGE);
#endif
+#elif defined(OPENSSL_IS_AWSLC)
+ return msnprintf(buffer, size, "%s/%s",
+ OSSL_PACKAGE,
+ AWSLC_VERSION_NUMBER_STRING);
#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
return msnprintf(buffer, size, "%s/%s",
OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
AC_MSG_RESULT([no])
])
+ AC_MSG_CHECKING([for AWS-LC])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+ #include <openssl/base.h>
+ ]],[[
+ #ifndef OPENSSL_IS_AWSLC
+ #error not AWS-LC
+ #endif
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_AWSLC, 1,
+ [Define to 1 if using AWS-LC.])
+ ssl_msg="AWS-LC"
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+
AC_MSG_CHECKING([for libressl])
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([[
projects / thirdparty / curl.git / commitdiff
