Add support for OPENSSL_DIR

skmcgrail · skmcgrail · commit 99bf95f0c9cc · 2025-03-12T18:23:24.000Z
diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c
@@ -19,6 +19,10 @@ VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
 RUST_OPENSSL_IS_BORINGSSL
 #endif
 
+#ifdef OPENSSL_IS_AWSLC
+RUST_OPENSSL_IS_AWSLC
+#endif
+
 #ifdef OPENSSL_NO_BF
 RUST_CONF_OPENSSL_NO_BF
 #endif
diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
@@ -24,6 +24,7 @@ enum Version {
     Openssl10x,
     Libressl,
     Boringssl,
+    AwsLc,
 }
 
 fn env_inner(name: &str) -> Option<OsString> {
@@ -255,7 +256,10 @@ fn main() {
     // try to match the behavior for common platforms. For a more robust option,
     // this likely needs to be deferred to the caller with an environment
     // variable.
-    if version == Version::Boringssl && kind == "static" && env::var("CARGO_CFG_UNIX").is_ok() {
+    if (version == Version::Boringssl || version == Version::AwsLc)
+        && kind == "static"
+        && env::var("CARGO_CFG_UNIX").is_ok()
+    {
         let cpp_lib = match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() {
             "macos" => "c++",
             _ => "stdc++",
@@ -285,8 +289,8 @@ fn main() {
 fn postprocess(include_dirs: &[PathBuf]) -> Version {
     let version = validate_headers(include_dirs);
 
-    // Never run bindgen for BoringSSL, if it was needed we already ran it.
-    if version != Version::Boringssl {
+    // Never run bindgen for BoringSSL or AWS-LC, if it was needed we already ran it.
+    if !(version == Version::Boringssl || version == Version::AwsLc) {
         #[cfg(feature = "bindgen")]
         run_bindgen::run(&include_dirs);
     }
@@ -350,13 +354,15 @@ See rust-openssl documentation for more information:
     let mut openssl_version = None;
     let mut libressl_version = None;
     let mut is_boringssl = false;
+    let mut is_awslc = false;
     for line in expanded.lines() {
         let line = line.trim();
 
         let openssl_prefix = "RUST_VERSION_OPENSSL_";
         let new_openssl_prefix = "RUST_VERSION_NEW_OPENSSL_";
         let libressl_prefix = "RUST_VERSION_LIBRESSL_";
         let boringssl_prefix = "RUST_OPENSSL_IS_BORINGSSL";
+        let awslc_prefix = "RUST_OPENSSL_IS_AWSLC";
         let conf_prefix = "RUST_CONF_";
         if let Some(version) = line.strip_prefix(openssl_prefix) {
             openssl_version = Some(parse_version(version));
@@ -368,6 +374,8 @@ See rust-openssl documentation for more information:
             enabled.push(conf);
         } else if line.starts_with(boringssl_prefix) {
             is_boringssl = true;
+        } else if line.starts_with(awslc_prefix) {
+            is_awslc = true;
         }
     }
 
@@ -383,6 +391,13 @@ See rust-openssl documentation for more information:
         return Version::Boringssl;
     }
 
+    if is_awslc {
+        println!("cargo:rustc-cfg=awslc");
+        println!("cargo:awslc=true");
+        run_bindgen::run_awslc(include_dirs);
+        return Version::AwsLc;
+    }
+
     // We set this for any non-BoringSSL lib.
     println!("cargo:rustc-cfg=openssl");
 
diff --git a/openssl-sys/build/run_bindgen.rs b/openssl-sys/build/run_bindgen.rs
@@ -36,15 +36,20 @@ const INCLUDES: &str = "
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 
+#if !defined(OPENSSL_IS_AWSLC)
 // this must be included after ssl.h for libressl!
 #include <openssl/srtp.h>
+#endif
 
-#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
-#include <openssl/cms.h>
+#if !(defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))
+#include <openssl/cmsrc/ssl/mod.rss.h>
 #endif
 
-#if !defined(OPENSSL_IS_BORINGSSL)
+#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))
 #include <openssl/comp.h>
+#endif
+
+#if !defined(OPENSSL_IS_BORINGSSL)
 #include <openssl/ocsp.h>
 #endif
 
@@ -60,7 +65,7 @@ const INCLUDES: &str = "
 #include <openssl/quic.h>
 #endif
 
-#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
+#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 #include <openssl/poly1305.h>
 #endif
 
@@ -216,6 +221,96 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .compile("boring_static_wrapper");
 }
 
+#[cfg(feature = "bindgen")]
+pub fn run_awslc(include_dirs: &[PathBuf]) {
+    let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+    fs::File::create(out_dir.join("awslc_static_wrapper.h"))
+        .expect("Failed to create awslc_static_wrapper.h")
+        .write_all(INCLUDES.as_bytes())
+        .expect("Failed to write contents to awslc_static_wrapper.h");
+
+    let mut builder = bindgen::builder()
+        .rust_target(RustTarget::Stable_1_47)
+        .ctypes_prefix("::libc")
+        .raw_line("use libc::*;")
+        .derive_default(false)
+        .enable_function_attribute_detection()
+        .default_macro_constant_type(MacroTypeVariation::Signed)
+        .rustified_enum("point_conversion_form_t")
+        .allowlist_file(r".*(/|\\)openssl((/|\\)[^/\\]+)+\.h")
+        .wrap_static_fns(true)
+        .wrap_static_fns_path(out_dir.join("awslc_static_wrapper").display().to_string())
+        .layout_tests(false)
+        .header(
+            out_dir
+                .join("awslc_static_wrapper.h")
+                .display()
+                .to_string(),
+        );
+
+    for include_dir in include_dirs {
+        builder = builder
+            .clang_arg("-I")
+            .clang_arg(include_dir.display().to_string());
+    }
+
+    builder
+        .generate()
+        .unwrap()
+        .write_to_file(out_dir.join("bindgen.rs"))
+        .unwrap();
+
+    cc::Build::new()
+        .file(out_dir.join("awslc_static_wrapper.c"))
+        .includes(include_dirs)
+        .compile("awslc_static_wrapper");
+}
+
+#[cfg(not(feature = "bindgen"))]
+pub fn run_awslc(include_dirs: &[PathBuf]) {
+    let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+    fs::File::create(out_dir.join("awslc_static_wrapper.h"))
+        .expect("Failed to create awslc_static_wrapper.h")
+        .write_all(INCLUDES.as_bytes())
+        .expect("Failed to write contents to awslc_static_wrapper.h");
+
+    let mut bindgen_cmd = process::Command::new("bindgen");
+    bindgen_cmd
+        .arg("-o")
+        .arg(out_dir.join("bindgen.rs"))
+        // Must be a valid version from
+        // https://docs.rs/bindgen/latest/bindgen/enum.RustTarget.html
+        .arg("--rust-target=1.47")
+        .arg("--ctypes-prefix=::libc")
+        .arg("--raw-line=use libc::*;")
+        .arg("--no-derive-default")
+        .arg("--enable-function-attribute-detection")
+        .arg("--default-macro-constant-type=signed")
+        .arg("--rustified-enum=point_conversion_form_t")
+        .arg(r"--allowlist-file=.*(/|\\)openssl((/|\\)[^/\\]+)+\.h")
+        .arg("--experimental")
+        .arg("--wrap-static-fns")
+        .arg("--wrap-static-fns-path")
+        .arg(out_dir.join("awslc_static_wrapper").display().to_string())
+        .arg(out_dir.join("awslc_static_wrapper.h"))
+        .arg("--")
+        .arg(format!("--target={}", env::var("TARGET").unwrap()));
+
+    for include_dir in include_dirs {
+        bindgen_cmd.arg("-I").arg(include_dir.display().to_string());
+    }
+
+    let result = bindgen_cmd.status().expect("bindgen failed to execute");
+    assert!(result.success());
+
+    cc::Build::new()
+        .file(out_dir.join("awslc_static_wrapper.c"))
+        .includes(include_dirs)
+        .compile("awslc_static_wrapper");
+}
+
 #[cfg(feature = "bindgen")]
 #[derive(Debug)]
 struct OpensslCallbacks;
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
@@ -29,20 +29,27 @@ mod boringssl {
 #[cfg(boringssl)]
 pub use boringssl::*;
 
-#[cfg(any(feature = "aws-lc", feature = "aws-lc-fips-sys"))]
+#[cfg(feature = "aws-lc-fips")]
+extern crate aws_lc_fips_sys;
+#[cfg(feature = "aws-lc")]
+extern crate aws_lc_sys;
+
+#[cfg(awslc)]
+#[path = "."]
 mod aws_lc {
-    #[cfg(feature = "aws-lc-fips")]
-    extern crate aws_lc_fips_sys as aws_lc;
     #[cfg(feature = "aws-lc")]
-    extern crate aws_lc_sys as aws_lc;
-    pub use aws_lc::*;
+    pub use aws_lc_sys::*;
 
-    // TODO: AWS-LC doesn't currently expose this in it's public headers
-    extern "C" {
-        pub fn OCSP_ONEREQ_free(r: *mut OCSP_ONEREQ);
-    }
+    #[cfg(feature = "aws-lc-fips-sys")]
+    pub use aws_lc_fips_sys::*;
+
+    #[cfg(not(any(feature = "aws-lc", feature = "aws-lc-fips-sys")))]
+    include!(concat!(env!("OUT_DIR"), "/bindgen.rs"));
+
+    // AWS-LC does not require initialization.
+    pub fn init() {}
 }
-#[cfg(any(feature = "aws-lc", feature = "aws-lc-fips-sys"))]
+#[cfg(awslc)]
 pub use aws_lc::*;
 
 #[cfg(openssl)]
