Support building libwebsockets with AWS-LC #3368
Comments
|
I see, it's basically a fork of boringssl, which we already support. AFAIK it shouldn't be too tricky then. Sure, push the patches somewhere and I will look at them. |
|
Thank you for the quick response, I've opened PR #3369 - looking forward to any feedback! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I’m an engineer at AWS working on AWS Libcrypto (AWS-LC), an open-source cryptographic library maintained for AWS and their customers. We are committed to backwards compatibility. For this purpose we have CI jobs here asserting every change’s compatibility with many different open-source projects. We use these tests to catch compatibility regressions before they’re merged. We have already added libwebsockets to our CI here.
AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, AWS Graviton 3, and Intel x86-64 with AVX-512 instructions. We’ve formally verified a subset of AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC has been FIPS validated by NIST and we have 140-3 certificates for both dynamic and static builds. We would like to upstream support for AWS-LC into the mainline branch of libwebsockets. We believe that this would provide the best experience for users wishing to build libwebsockets against AWS-LC.
We support all features of libwebsockets with minimal required changes. The patch primarily adds
OPENSSL_IS_AWSLCto existing preprocessor conditionals in the libwebsockets codebase to properly identify AWS-LC during compilation. I have prepared patch files both for the latest tagged release and for the mainline branch, with the latter requiring a few additional ifdefs to accommodate recent changes. While the patch may appear substantial in line count, much of this is due to some refactors I made to improve maintainability - specifically extracting repeated conditional logic into common macros.If you agree that this integration would be valuable, I'd be happy to submit a formal PR that includes:
Thank you!
The text was updated successfully, but these errors were encountered: