Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add patches for the linux kernel (mainline/6.10) #1712

Closed
theoparis opened this issue Jul 17, 2024 · 2 comments
Closed

Add patches for the linux kernel (mainline/6.10) #1712

theoparis opened this issue Jul 17, 2024 · 2 comments

Comments

@theoparis
Copy link

theoparis commented Jul 17, 2024
edited
Loading

I ran into a few errors when I tried to build the linux kernel with aws-lc installed to /usr/local globally.
image

I was wondering if aws-lc should add the following patches to the repository/CI since there are already other projects being patched such as cpython. These patches are partially taken from android-mainline. I changed OPENSSL_IS_BORINGSSL to OPENSSL_IS_AWSLC.

diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 70e9ec89d87d..2e7d11c9bf03 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -56,6 +56,7 @@ static void display_openssl_errors(int l)
 	}
 }
 
+#ifndef OPENSSL_IS_AWSLC
 static void drain_openssl_errors(void)
 {
 	const char *file;
@@ -65,6 +66,7 @@ static void drain_openssl_errors(void)
 		return;
 	while (ERR_get_error_line(&file, &line)) {}
 }
+#endif
 
 #define ERR(cond, fmt, ...)				\
 	do {						\
@@ -99,8 +101,6 @@ int main(int argc, char **argv)
 	char *cert_src;
 	char *verbose_env;
 
-	OpenSSL_add_all_algorithms();
-	ERR_load_crypto_strings();
 	ERR_clear_error();
 
 	verbose_env = getenv("KBUILD_VERBOSE");
@@ -122,6 +122,10 @@ int main(int argc, char **argv)
 		fclose(f);
 		exit(0);
 	} else if (!strncmp(cert_src, "pkcs11:", 7)) {
+#ifdef OPENSSL_IS_AWSLC
+		ERR(1, "AWS-LC does not support extracting from PKCS#11");
+		exit(1);
+#else
 		ENGINE *e;
 		struct {
 			const char *cert_id;
@@ -144,6 +148,7 @@ int main(int argc, char **argv)
 		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
 		ERR(!parms.cert, "Get X.509 from PKCS#11");
 		write_cert(parms.cert);
+	#endif
 	} else {
 		BIO *b;
 		X509 *x509;

Alternatively, either these patches could be upstreamed somehow to the Linux kernel, or the patches could live in a separate repository if that is preferred.
@samuel40791765
Copy link
Contributor

Hi @theoparis, thanks for reaching out! We appreciate you trying out AWS-LC and we're also excited to patch/integrate into more projects for AWS-LC support. Unfortunately, AWS-LC is committed to having a stable API, but is not ABI stable. Systems cannot directly swap out OpenSSL with AWS-LC without recompiling. This makes us not suitable as a system library in a traditional Linux distribution.
Long-term we do want to support packaging AWS-LC for operating systems, but there's still a substantial amount of effort to be made before we can integrate AWS-LC into any linux distributions. You can check out #1098 for more details regarding that.

@samuel40791765
Copy link
Contributor

Closing in favor of #1098 to package AWS-LC for operating systems. Feel free to reopen if there are any other questions, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theoparis @samuel40791765