Skip to content

Commit

Permalink
Update aws-lc-fips-sys to v0.13, FIPS v3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
justsmth committed Dec 11, 2024
1 parent f5b2b78 commit 224f95e
Show file tree
Hide file tree
Showing 7 changed files with 14 additions and 8 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ update-aws-lc-fips-sys:
git submodule update --init --remote --checkout -- aws-lc-fips-sys/aws-lc
cd aws-lc-fips-sys/aws-lc && \
git fetch --all && \
git tag -l | xargs ../../scripts/tools/semver.rs fips-v2 | xargs git checkout
git tag -l | xargs ../../scripts/tools/semver.rs fips-v3 | xargs git checkout

update-aws-lc-sys:
git submodule update --init --remote --checkout -- aws-lc-sys/aws-lc
Expand Down
8 changes: 6 additions & 2 deletions aws-lc-fips-sys/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
[package]
name = "aws-lc-fips-sys"
description = "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. This is the FIPS validated version of AWS-LC."
version = "0.12.15"
links = "aws_lc_fips_0_12_15"
version = "0.13.0"
links = "aws_lc_fips_0_13_0"
authors = ["AWS-LC"]
edition = "2021"
repository = "https://github.com/aws/aws-lc-rs"
Expand Down Expand Up @@ -76,5 +76,9 @@ bindgen = { version = "0.69.5" }
libc = "0.2.121"
paste = "1.0.11"

[dev-dependencies]
# Pinned dependency to preserve MSRV: 1.60.0 <= rust-version < 1.65.0
regex = "~1.9.6"

[package.metadata.aws-lc-fips-sys]
commit-hash = "ec94d74a19b5a0aa738b436a95bb06ff87fc7ba9"
2 changes: 1 addition & 1 deletion aws-lc-fips-sys/aws-lc
Submodule aws-lc updated 1864 files
2 changes: 1 addition & 1 deletion aws-lc-rs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ fips = ["dep:aws-lc-fips-sys"]
[dependencies]
untrusted = { version = "0.7.1", optional = true }
aws-lc-sys = { version = "0.23.0", path = "../aws-lc-sys", optional = true }
aws-lc-fips-sys = { version = "0.12.0", path = "../aws-lc-fips-sys", optional = true }
aws-lc-fips-sys = { version = "0.13.0", path = "../aws-lc-fips-sys", optional = true }
zeroize = "1.7"
paste = "1.0.11"

Expand Down
4 changes: 2 additions & 2 deletions scripts/build/collect_symbols.sh
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ if [[ ! -d "${AWS_LC_DIR}" ]]; then
fi

function filter_symbols() {
grep -E '^\w*$' | grep -v -E "^bignum_" | grep -v "curve25519_x25519" | grep -v "edwards25519_" | grep -v "p256_montjscalarmul"
grep -E '^\w*$' | grep -v -E "^bignum_" | grep -v "curve25519_x25519" | grep -v "edwards25519_" | grep -v "p256_montj" | grep -v "p384_montj" | grep -v "p521_montj" | grep -v "p521_jdouble"
}

function filter_nm_symbols() {
Expand Down Expand Up @@ -112,7 +112,7 @@ elif [[ "${LIBCRYPTO_PATH}" = *.so || "${LIBCRYPTO_PATH}" = *.lib ]]; then
nm --extern-only --defined-only --format=just-symbols "${LIBCRYPTO_PATH}" | sort | uniq | filter_nm_symbols | filter_symbols >"${SYMBOLS_FILE}"
else
pushd "${AWS_LC_DIR}"
go run -mod readonly "${AWS_LC_DIR}"/util/read_symbols.go "${LIBCRYPTO_PATH}" | filter_symbols >"${SYMBOLS_FILE}"
go run -mod readonly "${AWS_LC_DIR}"/util/read_symbols.go "${LIBCRYPTO_PATH}" | sort | uniq | filter_nm_symbols | filter_symbols >"${SYMBOLS_FILE}"
popd
fi

Expand Down
2 changes: 1 addition & 1 deletion scripts/generate/_collect_symbols_build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ function cmake_build_options() {
}

function filter_symbols() {
grep -v "^_\?bignum_" | grep -v "_\?curve25519_x25519" | grep -v "_\?edwards25519_" | grep -v "_\?p256_montjscalarmul"
grep -v "^_\?bignum_" | grep -v "_\?curve25519_x25519" | grep -v "_\?edwards25519_" | grep -v "_\?p256_montj" | grep -v "_\?p384_montj" | grep -v "_\?p521_montj" | grep -v "_\?p521_jdouble"
}

REPO_ROOT=$(git rev-parse --show-toplevel)
Expand Down
2 changes: 2 additions & 0 deletions scripts/tools/semver.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ struct Args {
enum Release {
Main { tags: Vec<String> },
FipsV2 { tags: Vec<String> },
FipsV3 { tags: Vec<String> },
}

// regex from https://semver.org/
Expand All @@ -34,6 +35,7 @@ fn main() -> Result<(), Box<dyn Error>> {
let latest = match args.release {
Release::Main { tags } => get_latest_main(tags)?,
Release::FipsV2 { tags } => get_latest_fips(tags, 2)?,
Release::FipsV3 { tags } => get_latest_fips(tags, 3)?,
};

println!("{latest}");
Expand Down

0 comments on commit 224f95e

Please sign in to comment.