Skip to content

Commit

Permalink
remove crypto dependency from sdk
Browse files Browse the repository at this point in the history
---------

Co-authored-by: Jonathan M. Henson <[email protected]>
  • Loading branch information
sbiscigl and JonathanHenson committed May 28, 2024
1 parent 75ea490 commit b652aae
Show file tree
Hide file tree
Showing 33 changed files with 680 additions and 5,306 deletions.
40 changes: 16 additions & 24 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ if (LEGACY_BUILD)
option(ENABLE_TESTING "Flag to enable/disable building unit and integration tests" ON)
option(AUTORUN_UNIT_TESTS "Flag to enable/disable automatically run unit tests after building" ON)
option(ANDROID_BUILD_CURL "When building for Android, should curl be built as well" ON)
option(ANDROID_BUILD_OPENSSL "When building for Android, should Openssl be built as well" ON)

This comment has been minimized.

Copy link
@AMZN-Gene

AMZN-Gene Jun 21, 2024

Does ANDROID_BUILD_OPENSSL need to be removed from the CMAKE parameters readme options?
https://github.com/aws/aws-sdk-cpp/blob/main/docs/CMake_Parameters.md

option(ANDROID_BUILD_ZLIB "When building for Android, should Zlib be built as well" ON)
option(FORCE_CURL "Forces usage of the Curl client rather than the default OS-specific api" OFF)
option(ENABLE_ADDRESS_SANITIZER "Flags to enable/disable Address Sanitizer for gcc or clang" OFF)
Expand All @@ -66,7 +65,6 @@ if (LEGACY_BUILD)
option(BUILD_OPTEL_OTLP_BENCHMARKS "Enables building the benchmark tests with open telemetry OTLP clients" OFF)
option(USE_TLS_V1_2 "Set http client to enforce TLS 1.2" ON)
option(USE_TLS_V1_3 "Set http client to enforce TLS 1.3" OFF)
option(AWS_USE_CRYPTO_SHARED_LIBS "Forces FindCrypto to use a shared crypto library if found. regardless of the value of BUILD_SHARED_LIBS" OFF)

set(AWS_USER_AGENT_CUSTOMIZATION "" CACHE STRING "User agent extension")
set(AWS_TEST_REGION "US_EAST_1" CACHE STRING "Region to target integration tests against")
Expand Down Expand Up @@ -109,10 +107,6 @@ if (LEGACY_BUILD)
set(BoldWhite "${Esc}[1;37m")
endif ()

if (NOT USE_OPENSSL)
message(WARNING "Turning off USE_OPENSSL will install AWS-LC as replacement of OpenSSL in the system default directory. This is an experimental feature. Do not use if you have an OpenSSL installation in your system already.")
endif ()

# backwards compatibility with old command line params
if ("${STATIC_LINKING}" STREQUAL "1")
set(BUILD_SHARED_LIBS OFF)
Expand Down Expand Up @@ -230,22 +224,28 @@ if (LEGACY_BUILD)
set(BUILD_TESTING_PREV ${BUILD_TESTING})
set(BUILD_TESTING OFF CACHE BOOL "Disable all tests in dependencies.")
# TODO: Use same BUILD_SHARED_LIBS for Aws Common Runtime dependencies.
# libcurl and aws-sdk-cpp-core may link to different libcrypto, which leads to some issues for shared build.
if (ENABLE_OPENSSL_ENCRYPTION)
set(BUILD_SHARED_LIBS_PREV ${BUILD_SHARED_LIBS})
set(BUILD_SHARED_LIBS OFF)
endif ()
set(CRT_BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS})
add_subdirectory(crt/aws-crt-cpp)
set(BUILD_TESTING ${BUILD_TESTING_PREV})
if (ENABLE_OPENSSL_ENCRYPTION)
set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_PREV})
endif ()
else ()
include(AwsFindPackage)
# This is required in order to append /lib/cmake to each element in CMAKE_PREFIX_PATH
set(AWS_MODULE_DIR "/${CMAKE_INSTALL_LIBDIR}/cmake")
string(REPLACE ";" "${AWS_MODULE_DIR};" AWS_MODULE_PATH "${CMAKE_PREFIX_PATH}${AWS_MODULE_DIR}")
# Append that generated list to the module search path
list(APPEND CMAKE_MODULE_PATH ${AWS_MODULE_PATH})
set(IN_SOURCE_BUILD OFF)
endif ()
set(AWS_COMMON_RUNTIME_LIBS "aws-crt-cpp;aws-c-auth;aws-c-cal;aws-c-common;aws-c-compression;aws-c-event-stream;aws-c-http;aws-c-io;aws-c-mqtt;aws-c-s3;aws-checksums;aws-c-sdkutils")
aws_use_package(aws-crt-cpp)
aws_use_package(aws-c-http)
aws_use_package(aws-c-mqtt)
aws_use_package(aws-c-cal)
aws_use_package(aws-c-auth)
aws_use_package(aws-c-common)
aws_use_package(aws-c-io)
aws_use_package(aws-checksums)
aws_use_package(aws-c-event-stream)
aws_use_package(aws-c-s3)
set(AWS_COMMON_RUNTIME_LIBS ${DEP_AWS_LIBS})

include(compiler_settings)
# Instead of calling functions/macros inside included cmake scripts, we should call them in our main CMakeList.txt
Expand All @@ -256,14 +256,6 @@ if (LEGACY_BUILD)

include(utilities)

if (ENABLE_BCRYPT_ENCRYPTION)
set(CRYPTO_LIBS Bcrypt)
set(CRYPTO_LIBS_ABSTRACT_NAME Bcrypt)
elseif (ENABLE_OPENSSL_ENCRYPTION)
set(CRYPTO_LIBS ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARIES})
set(CRYPTO_LIBS_ABSTRACT_NAME crypto ssl z)
endif ()

if (ENABLE_CURL_CLIENT)
set(CLIENT_LIBS ${CURL_LIBRARIES})
set(CLIENT_LIBS_ABSTRACT_NAME curl)
Expand Down
113 changes: 0 additions & 113 deletions cmake/Findcrypto.cmake

This file was deleted.

39 changes: 3 additions & 36 deletions cmake/external_dependencies.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -19,43 +19,10 @@ endif()


# Encryption control
if(NOT NO_ENCRYPTION)
if(PLATFORM_WINDOWS)
set(ENABLE_BCRYPT_ENCRYPTION ON)
elseif(PLATFORM_LINUX OR PLATFORM_ANDROID)
set(ENABLE_OPENSSL_ENCRYPTION ON)
elseif(PLATFORM_APPLE)
set(ENABLE_COMMONCRYPTO_ENCRYPTION ON)
endif()
else()
# TODO: BYO Crypto is not implemented for CRT/Was not working in the latest version of the SDK.
if(NO_ENCRYPTION)
message(FATAL_ERROR "BYO_CRYPTO is not currently implemented and has been broken since version 1.9")
set(ENABLE_INJECTED_ENCRYPTION ON)
endif()

if(ENABLE_BCRYPT_ENCRYPTION)
add_definitions(-DENABLE_BCRYPT_ENCRYPTION)
set(CRYPTO_LIBS Bcrypt)
set(CRYPTO_LIBS_ABSTRACT_NAME Bcrypt)
message(STATUS "Encryption: Bcrypt")
elseif(ENABLE_OPENSSL_ENCRYPTION)
add_definitions(-DENABLE_OPENSSL_ENCRYPTION)
message(STATUS "Encryption: LibCrypto")

set(CRYPTO_TARGET_NAME "AWS::crypto")
if(PLATFORM_ANDROID AND ANDROID_BUILD_OPENSSL)
set(BUILD_OPENSSL 1)
set(CRYPTO_TARGET_NAME "crypto")
set(USE_OPENSSL ON)
message(STATUS " Building Openssl as part of AWS SDK")
else()
find_package(crypto REQUIRED)
endif()
set(CRYPTO_LIBS ${CRYPTO_TARGET_NAME} ${ZLIB_LIBRARIES})
# ssl depends on libcrypto
set(CRYPTO_LIBS_ABSTRACT_NAME ${CRYPTO_TARGET_NAME} ssl z)
elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
add_definitions(-DENABLE_COMMONCRYPTO_ENCRYPTION)
message(STATUS "Encryption: CommonCrypto")
elseif(ENABLE_INJECTED_ENCRYPTION)
message(STATUS "Encryption: None")
message(STATUS "You will need to inject an encryption implementation before making any http requests!")
endif()
Expand Down
2 changes: 0 additions & 2 deletions src/aws-cpp-sdk-core/.gitignore
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# exceptions due to naming conflicts between our external projects (curl/openssl) and implementations that use those libraries
!source/utils/crypto/openssl
!source/http/curl
!source/external
!include/aws/core/external
!include/aws/core/http/curl
!include/aws/core/utils/crypto/openssl
57 changes: 13 additions & 44 deletions src/aws-cpp-sdk-core/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -247,16 +247,10 @@ else()
file(GLOB NET_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/net/*.cpp")
endif()

# encryption implementations
if(ENABLE_BCRYPT_ENCRYPTION)
file(GLOB UTILS_CRYPTO_BCRYPT_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/bcrypt/*.h")
file(GLOB UTILS_CRYPTO_BCRYPT_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/bcrypt/*.cpp")
elseif(ENABLE_OPENSSL_ENCRYPTION)
file(GLOB UTILS_CRYPTO_OPENSSL_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/openssl/*.h")
file(GLOB UTILS_CRYPTO_OPENSSL_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/openssl/*.cpp")
elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
file(GLOB UTILS_CRYPTO_COMMONCRYPTO_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/commoncrypto/*.h")
file(GLOB UTILS_CRYPTO_COMMONCRYPTO_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/commoncrypto/*.cpp")
# encryption implementation
if (NOT NO_ENCRYPTION)
file(GLOB UTILS_CRYPTO_CRT_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/crt/*.h")
file(GLOB UTILS_CRYPTO_CRT_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/crt/*.cpp")
endif()

if (BUILD_OPTEL)
Expand Down Expand Up @@ -287,8 +281,7 @@ file(GLOB AWS_NATIVE_SDK_COMMON_SRC
${UTILS_MEMORY_SOURCE}
${UTILS_COMPONENT_REGISTRY_SOURCE}
${UTILS_MEMORY_STL_SOURCE}
${UTILS_CRYPTO_OPENSSL_SOURCE}
${UTILS_CRYPTO_COMMONCRYPTO_SOURCE}
${UTILS_CRYPTO_CRT_SOURCE}
${SMITHY_SOURCE}
${SMITHY_TRACING_SOURCE}
)
Expand Down Expand Up @@ -329,9 +322,6 @@ file(GLOB AWS_NATIVE_SDK_COMMON_HEADERS
${TINYXML2_HEADERS}
${HTTP_CURL_CLIENT_HEADERS}
${HTTP_WINDOWS_CLIENT_HEADERS}
${UTILS_CRYPTO_BCRYPT_HEADERS}
${UTILS_CRYPTO_OPENSSL_HEADERS}
${UTILS_CRYPTO_COMMONCRYPTO_HEADERS}
${SMITHY_HEADERS}
${SMITHY_TRACING_HEADERS}
${OPTEL_HEADERS}
Expand Down Expand Up @@ -435,6 +425,7 @@ if(MSVC)
source_group("Header Files\\aws\\core\\utils" FILES ${UTILS_HEADERS})
source_group("Header Files\\aws\\core\\utils\\base64" FILES ${UTILS_BASE64_HEADERS})
source_group("Header Files\\aws\\core\\utils\\crypto" FILES ${UTILS_CRYPTO_HEADERS})
source_group("Header Files\\aws\\core\\utils\\crypto\\crt" FILES ${UTILS_CRYPTO_CRT_HEADERS})
source_group("Header Files\\aws\\core\\utils\\event" FILES ${UTILS_EVENT_HEADERS})
source_group("Header Files\\aws\\core\\utils\\exceptions" FILES ${UTILS_EXCEPTIONS_HEADERS})
source_group("Header Files\\aws\\core\\utils\\json" FILES ${UTILS_JSON_HEADERS})
Expand All @@ -459,16 +450,6 @@ if(MSVC)
endif()
source_group("Header Files\\aws\\core\\http\\crt" FILES ${CRT_HTTP_HEADERS})


# encryption conditional headers
if(ENABLE_BCRYPT_ENCRYPTION)
source_group("Header Files\\aws\\core\\utils\\crypto\\bcrypt" FILES ${UTILS_CRYPTO_BCRYPT_HEADERS})
elseif(ENABLE_OPENSSL_ENCRYPTION)
source_group("Header Files\\aws\\core\\utils\\crypto\\openssl" FILES ${UTILS_CRYPTO_OPENSSL_HEADERS})
elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
source_group("Header Files\\aws\\core\\utils\\crypto\\commoncrypto" FILES ${UTILS_CRYPTO_COMMONCRYPTO_HEADERS})
endif()

if (BUILD_OPTEL)
source_group("Header Files\\smithy\\tracing\\impl\\opentelemetry" FILES ${OPTEL_HEADERS})
endif ()
Expand Down Expand Up @@ -519,19 +500,13 @@ if(MSVC)


# encryption conditional source
if(ENABLE_BCRYPT_ENCRYPTION)
source_group("Source Files\\utils\\crypto\\bcrypt" FILES ${UTILS_CRYPTO_BCRYPT_SOURCE})
elseif(ENABLE_OPENSSL_ENCRYPTION)
source_group("Source Files\\utils\\crypto\\openssl" FILES ${UTILS_CRYPTO_OPENSSL_SOURCE})
elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
source_group("Source Files\\utils\\crypto\\commoncrypto" FILES ${UTILS_CRYPTO_COMMONCRYPTO_SOURCE})
if (NOT NO_ENCRYPTION)
source_group("Source Files\\utils\\crypto\\crt" FILES ${UTILS_CRYPTO_CRT_SOURCE})
endif()

if (BUILD_OPTEL)
source_group("Source Files\\smithy\\tracing\\impl\\opentelemetry" FILES ${OPTEL_SOURCE})
endif ()


endif(MSVC)

check_cxx_source_compiles("
Expand Down Expand Up @@ -568,6 +543,10 @@ if (CURL_HAS_TLS_PROXY)
target_compile_definitions(${PROJECT_NAME} PRIVATE "CURL_HAS_TLS_PROXY")
endif()

if (NO_ENCRYPTION)
target_compile_definitions(${PROJECT_NAME} PRIVATE "NO_ENCRYPTION")
endif()

if (AWS_HAS_ALIGNED_ALLOC)
target_compile_definitions(${PROJECT_NAME} PRIVATE "AWS_HAS_ALIGNED_ALLOC")
endif()
Expand All @@ -594,10 +573,6 @@ if(BUILD_CURL)
target_include_directories(${PROJECT_NAME} PRIVATE "${CURL_INCLUDE_DIR}")
endif()

if(BUILD_OPENSSL)
target_include_directories(${PROJECT_NAME} PRIVATE "${OPENSSL_INCLUDE_DIR}")
endif()

if (BUILD_OPTEL)
target_include_directories(${PROJECT_NAME} PRIVATE ${OPENTELEMETRY_CPP_INCLUDE_DIRS})
endif ()
Expand Down Expand Up @@ -743,13 +718,7 @@ endif()


# encryption headers
if(ENABLE_BCRYPT_ENCRYPTION)
install (FILES ${UTILS_CRYPTO_BCRYPT_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/bcrypt)
elseif(ENABLE_OPENSSL_ENCRYPTION)
install (FILES ${UTILS_CRYPTO_OPENSSL_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/openssl)
elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
install (FILES ${UTILS_CRYPTO_COMMONCRYPTO_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/commoncrypto)
endif()
install (FILES ${UTILS_CRYPTO_CRT_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/crt)

do_packaging()

Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,6 @@ namespace Aws
const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
const Aws::String m_serviceName;
const Aws::String m_region;
mutable Aws::Utils::Crypto::Sha256 m_hash;
mutable Aws::Utils::Crypto::Sha256HMAC m_HMAC;
mutable Utils::Threading::ReaderWriterLock m_derivedKeyLock;
mutable Aws::Utils::ByteBuffer m_derivedKey;
mutable Aws::String m_currentDateStr;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,8 +197,6 @@ namespace Aws
std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
const Aws::String m_serviceName;
const Aws::String m_region;
Aws::UniquePtr<Aws::Utils::Crypto::Sha256> m_hash;
Aws::UniquePtr<Aws::Utils::Crypto::Sha256HMAC> m_HMAC;

Aws::Set<Aws::String> m_unsignedHeaders;

Expand Down
Loading

0 comments on commit b652aae

Please sign in to comment.