Add support for aws-lc prefixed installs using OPENSSL_DIR

Author: skmcgrail

openssl-sys/Cargo.toml

@@ -19,13 +19,11 @@ rust-version = "1.63.0"
 vendored = ['openssl-src']
 unstable_boringssl = ['bssl-sys']
 aws-lc = ['aws-lc-sys']
-aws-lc-fips = ['aws-lc-fips-sys']
 
 [dependencies]
 libc = "0.2"
 bssl-sys = { version = "0.1.0", optional = true }
 aws-lc-sys = { version = "0", features = ["ssl"], optional = true }
-aws-lc-fips-sys = { version = "0", features = ["ssl", "bindgen"], optional = true }
 
 [build-dependencies]
 bindgen = { version = "0.69.0", optional = true, features = ["experimental"] }

openssl-sys/build/expando.c

@@ -146,3 +146,9 @@ RUST_CONF_OPENSSL_NO_SEED
 #ifdef OPENSSL_NO_SCRYPT
 RUST_CONF_OPENSSL_NO_SCRYPT
 #endif
+
+#define SYMBOL_PREFIX2(X) RUST_BINDGEN_SYMBOL_PREFIX_##X##_
+#define SYMBOL_PREFIX(X) SYMBOL_PREFIX2(X)
+#if defined(OPENSSL_IS_AWSLC) && defined(BORINGSSL_PREFIX)
+SYMBOL_PREFIX(BORINGSSL_PREFIX)
+#endif

openssl-sys/build/main.rs

@@ -74,32 +74,24 @@ fn check_ssl_kind() {
     }
 
     let is_aws_lc = cfg!(feature = "aws-lc");
-    let is_aws_lc_fips = cfg!(feature = "aws-lc-fips");
 
-    if is_aws_lc || is_aws_lc_fips {
+    if is_aws_lc {
         println!("cargo:rustc-cfg=awslc");
         println!("cargo:awslc=true");
 
-        // The aws-lc-sys and aws-lc-fips-sys crate use a link name that embeds
+        // The aws-lc-sys crate uses a link name that embeds
         // the version number of crate. Examples (crate-name => links name):
         //   * aws-lc-sys => aws_lc_0_26_0
-        //   * aws-lc-fips-sys => aws_lc_fips_0_13_3
         // This is done to avoid issues if the cargo dependency graph for an application
         // were to resolve to multiple versions for the same crate.
         //
         // Due to this we need to determine what version of the AWS-LC has been selected (fips or non-fips)
         // and then need to parse out the pieces we are interested in ignoring the version componenet of the name.
-        let env_var_prefix = match (is_aws_lc, is_aws_lc_fips) {
-            (true, false) => "DEP_AWS_LC_",
-            (false, true) => "DEP_AWS_LC_FIPS_",
-            _ => {
-                panic!("aws-lc and aws-lc-fips are mutually exclusive features!");
-            }
-        };
+        const AWS_LC_ENV_VAR_PREFIX: &str = "DEP_AWS_LC_";
 
         let mut version = None;
         for (name, _) in std::env::vars() {
-            if let Some(name) = name.strip_prefix(env_var_prefix) {
+            if let Some(name) = name.strip_prefix(AWS_LC_ENV_VAR_PREFIX) {
                 if let Some(name) = name.strip_suffix("_INCLUDE") {
                     version = Some(name.to_owned());
                     break;
@@ -109,7 +101,7 @@ fn check_ssl_kind() {
         let version = version.expect("aws-lc version detected");
 
         // Read the OpenSSL configuration statements and emit rust-cfg for each.
-        if let Ok(vars) = std::env::var(format!("{env_var_prefix}{version}_CONF")) {
+        if let Ok(vars) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_CONF")) {
             for var in vars.split(',') {
                 println!("cargo:rustc-cfg=osslconf=\"{var}\"");
             }
@@ -118,7 +110,7 @@ fn check_ssl_kind() {
 
         // Emit the include header directory from the aws-lc(-fips)-sys crate so that it can be used if needed
         // by crates consuming openssl-sys.
-        if let Ok(val) = std::env::var(format!("{env_var_prefix}{version}_INCLUDE")) {
+        if let Ok(val) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_INCLUDE")) {
             println!("cargo:include={val}");
         }
 
@@ -355,6 +347,7 @@ See rust-openssl documentation for more information:
     let mut libressl_version = None;
     let mut is_boringssl = false;
     let mut is_awslc = false;
+    let mut bindgen_symbol_prefix: Option<String> = None;
     for line in expanded.lines() {
         let line = line.trim();
 
@@ -364,6 +357,7 @@ See rust-openssl documentation for more information:
         let boringssl_prefix = "RUST_OPENSSL_IS_BORINGSSL";
         let awslc_prefix = "RUST_OPENSSL_IS_AWSLC";
         let conf_prefix = "RUST_CONF_";
+        let symbol_prefix = "RUST_BINDGEN_SYMBOL_PREFIX_";
         if let Some(version) = line.strip_prefix(openssl_prefix) {
             openssl_version = Some(parse_version(version));
         } else if let Some(version) = line.strip_prefix(new_openssl_prefix) {
@@ -376,6 +370,9 @@ See rust-openssl documentation for more information:
             is_boringssl = true;
         } else if line.starts_with(awslc_prefix) {
             is_awslc = true;
+        } else if line.starts_with(symbol_prefix) {
+            let sym_prefix = String::from(line.strip_prefix(symbol_prefix).unwrap());
+            bindgen_symbol_prefix = Some(sym_prefix);
         }
     }
 
@@ -394,7 +391,7 @@ See rust-openssl documentation for more information:
     if is_awslc {
         println!("cargo:rustc-cfg=awslc");
         println!("cargo:awslc=true");
-        run_bindgen::run_awslc(include_dirs);
+        run_bindgen::run_awslc(include_dirs, bindgen_symbol_prefix);
         return Version::AwsLc;
     }
 

openssl-sys/build/run_bindgen.rs

@@ -222,7 +222,33 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
 }
 
 #[cfg(feature = "bindgen")]
-pub fn run_awslc(include_dirs: &[PathBuf]) {
+mod bindgen_options {
+    use bindgen::callbacks::{ItemInfo, ParseCallbacks};
+
+    #[derive(Debug)]
+    pub struct StripPrefixCallback {
+        remove_prefix: Option<String>,
+    }
+
+    impl StripPrefixCallback {
+        pub fn new(prefix: &str) -> StripPrefixCallback {
+            StripPrefixCallback {
+                remove_prefix: Some(prefix.to_string()),
+            }
+        }
+    }
+
+    impl ParseCallbacks for StripPrefixCallback {
+        fn generated_name_override(&self, item_info: ItemInfo<'_>) -> Option<String> {
+            self.remove_prefix
+                .as_ref()
+                .and_then(|s| item_info.name.strip_prefix(s.as_str()).map(String::from))
+        }
+    }
+}
+
+#[cfg(feature = "bindgen")]
+pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option<String>) {
     let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
 
     fs::File::create(out_dir.join("awslc_static_wrapper.h"))
@@ -242,12 +268,13 @@ pub fn run_awslc(include_dirs: &[PathBuf]) {
         .wrap_static_fns(true)
         .wrap_static_fns_path(out_dir.join("awslc_static_wrapper").display().to_string())
         .layout_tests(false)
-        .header(
-            out_dir
-                .join("awslc_static_wrapper.h")
-                .display()
-                .to_string(),
-        );
+        .header(out_dir.join("awslc_static_wrapper.h").display().to_string());
+
+    if let Some(prefix) = symbol_prefix {
+        use bindgen_options::StripPrefixCallback;
+        let callback = StripPrefixCallback::new(prefix.as_str());
+        builder = builder.parse_callbacks(Box::from(callback));
+    }
 
     for include_dir in include_dirs {
         builder = builder
@@ -268,7 +295,12 @@ pub fn run_awslc(include_dirs: &[PathBuf]) {
 }
 
 #[cfg(not(feature = "bindgen"))]
-pub fn run_awslc(include_dirs: &[PathBuf]) {
+pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option<String>) {
+    if symbol_prefix.is_some() {
+        panic!("aws-lc installation has prefixed symbols, but bindgen-cli does not support removing prefixes. \
+        Enable the bindgen crate feature to support this installation.")
+    }
+
     let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
 
     fs::File::create(out_dir.join("awslc_static_wrapper.h"))
@@ -290,7 +322,6 @@ pub fn run_awslc(include_dirs: &[PathBuf]) {
         .arg("--default-macro-constant-type=signed")
         .arg("--rustified-enum=point_conversion_form_t")
         .arg(r"--allowlist-file=.*(/|\\)openssl((/|\\)[^/\\]+)+\.h")
-        .arg("--experimental")
         .arg("--wrap-static-fns")
         .arg("--wrap-static-fns-path")
         .arg(out_dir.join("awslc_static_wrapper").display().to_string())

openssl-sys/src/lib.rs

@@ -29,8 +29,6 @@ mod boringssl {
 #[cfg(boringssl)]
 pub use boringssl::*;
 
-#[cfg(feature = "aws-lc-fips")]
-extern crate aws_lc_fips_sys;
 #[cfg(feature = "aws-lc")]
 extern crate aws_lc_sys;
 
@@ -40,10 +38,7 @@ mod aws_lc {
     #[cfg(feature = "aws-lc")]
     pub use aws_lc_sys::*;
 
-    #[cfg(feature = "aws-lc-fips-sys")]
-    pub use aws_lc_fips_sys::*;
-
-    #[cfg(not(any(feature = "aws-lc", feature = "aws-lc-fips-sys")))]
+    #[cfg(not(feature = "aws-lc"))]
     include!(concat!(env!("OUT_DIR"), "/bindgen.rs"));
 
     // AWS-LC does not require initialization.

openssl/Cargo.toml

@@ -22,7 +22,6 @@ vendored = ['ffi/vendored']
 bindgen = ['ffi/bindgen']
 unstable_boringssl = ["ffi/unstable_boringssl"]
 aws-lc = ["ffi/aws-lc"]
-aws-lc-fips = ["ffi/aws-lc-fips"]
 default = []
 
 [dependencies]