Skip to content

25.3.8-fips: try to build AWS-LC FIPS on aarch64 #1452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mkmkme wants to merge 2 commits into
base: releases/25.3.8-fips
Choose a base branch
from
+41 −3
Open

25.3.8-fips: try to build AWS-LC FIPS on aarch64 #1452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e43e80
try to build AWS-LC FIPS on aarch64
mkmkme Feb 26, 2026
9e84d4f
libssh: disable HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT for aarch64 as well
mkmkme Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion contrib/libssh-cmake/linux/aarch64/config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@
#define HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1

/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
#define HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
#undef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT

/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
#define HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1
Expand Down
10 changes: 8 additions & 2 deletions contrib/openssl-cmake/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,19 +80,25 @@ add_custom_target(build-awslc
DEPENDS ${AWSLC_BINARIES_DIR}/libssl.a ${AWSLC_BINARIES_DIR}/libcrypto.a
)

if(ARCH_AARCH64)
set(DOCKERFILE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile.aarch64)
else()
set(DOCKERFILE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile)
endif()

add_custom_command(
OUTPUT
"${AWSLC_BUILD_DIR}/output/libssl.a"
"${AWSLC_BUILD_DIR}/output/libcrypto.a"
COMMENT "Building AWS-LC in FIPS mode using Docker"
COMMAND bash -c "chmod +x ${AWSLC_BUILD_DIR}/build_awclc_fips.sh"
COMMAND bash -c "${AWSLC_BUILD_DIR}/build_awclc_fips.sh ${AWSLC_BINARIES_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile"
COMMAND bash -c "${AWSLC_BUILD_DIR}/build_awclc_fips.sh ${AWSLC_BINARIES_DIR} ${DOCKERFILE_PATH}"
WORKING_DIRECTORY ${AWSLC_BUILD_DIR}
USES_TERMINAL # To stream output
DEPENDS
${AWSLC_BUILD_DIR}/build_awclc_fips.sh
${AWSLC_BUILD_DIR}/check_version.c
${CMAKE_CURRENT_SOURCE_DIR}/Dockerfile
${DOCKERFILE_PATH}
)

add_library(crypto UNKNOWN IMPORTED GLOBAL)
Expand Down
32 changes: 32 additions & 0 deletions contrib/openssl-cmake/Dockerfile.aarch64
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
FROM --platform=linux/aarch64 ubuntu:22.04


RUN apt-get update && \
apt-get install -y \
build-essential \
cmake \
golang \
unzip

ADD --checksum=sha256:6241ec2f13a5f80224ee9cd8592ed66a97d426481066feaa4efc6f24e60bbc96 \
https://github.com/aws/aws-lc/archive/refs/tags/AWS-LC-FIPS-2.0.0.zip .

RUN unzip -q AWS-LC-FIPS-2.0.0.zip -d .

RUN cd /aws-lc-AWS-LC-FIPS-2.0.0 \
&& mkdir -p ./build \
&& cd ./build \
&& cmake -DFIPS=1 -DGO_EXECUTABLE=`which go` .. \
&& make

# Check that version is reported correctly
COPY check_version.c /tmp/check_version.c
RUN cd /aws-lc-AWS-LC-FIPS-2.0.0/build \
&& gcc /tmp/check_version.c -o ./check_version -L./ssl -l:libssl.a -L./crypto -l:libcrypto.a \
&& ./check_version 'AWS-LC FIPS 2.0.0'

#check is in FIPS mode
RUN test $(/aws-lc-AWS-LC-FIPS-2.0.0/build/tool/bssl isfips) = 1

# execute all test
RUN find /aws-lc-AWS-LC-FIPS-2.0.0/build -iname '*test*' -type f -executable -print -exec {} \;
Loading