Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(bindings): use cmake when building with pq feature #3294

Merged
merged 4 commits into from
Apr 29, 2022
Merged

build(bindings): use cmake when building with pq feature #3294

merged 4 commits into from
Apr 29, 2022

Conversation

camshaft
Copy link
Contributor

Description of changes:

We currently don't have support for building the rust bindings when vendored with PQ support. The PQ crypto build logic is quite complicated so it hasn't been ported to the build.rs.

Instead of porting the logic, this PR builds s2n-tls with cmake when the PQ feature is enabled. This is a lot less work but does require that cmake is installed on the build machine.

Testing:

I've added cargo test --features pq to our generate.sh script to catch any issues.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Apr 28, 2022
@camshaft camshaft force-pushed the rust-pq branch 7 times, most recently from a03ddf8 to a2fb625 Compare April 28, 2022 20:31
@camshaft camshaft marked this pull request as ready for review April 28, 2022 22:31
@camshaft camshaft requested a review from dougch as a code owner April 28, 2022 22:31
@camshaft camshaft requested a review from lrstewart April 28, 2022 22:31
lrstewart
lrstewart approved these changes Apr 28, 2022
View reviewed changes
bindings/rust/s2n-tls-sys/Cargo.toml
Comment on lines +35 to +36
# Pin to this version until s2n-tls supports OpenSSL 3.0
# Build the vendored version to make it easy to test in dev
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to pin to a version if the actual openssl version is automatically discovered?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when you use the vendored feature flag it pulls the source and builds it locally for you. after 0.9.68 the pull openssl 3.0 instead of 1.1.1.

Copy link
Contributor Author

@camshaft camshaft Apr 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but we only do this in dev to make it so you don't have to run our codebuild install scripts

@camshaft camshaft enabled auto-merge (squash) April 28, 2022 23:22
@camshaft camshaft merged commit 909550d into aws:main Apr 29, 2022
@camshaft camshaft deleted the rust-pq branch April 29, 2022 16:29
@camshaft camshaft mentioned this pull request Apr 29, 2022
Merged
@camshaft camshaft mentioned this pull request May 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@dougch dougch dougch approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@camshaft @lrstewart @dougch