#aws-security #boring-ssl #aws-lc #low-level #openssl #customer

sys aws-lc-sys

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.

36 releases (22 breaking)

0.23.1 Nov 22, 2024
0.22.0 Oct 3, 2024
0.20.1 Jul 30, 2024
0.13.3 Mar 5, 2024
0.2.0 Nov 16, 2022

#475 in Cryptography

Download history 135070/week @ 2024-08-21 142472/week @ 2024-08-28 169000/week @ 2024-09-04 155865/week @ 2024-09-11 151051/week @ 2024-09-18 161341/week @ 2024-09-25 171016/week @ 2024-10-02 175734/week @ 2024-10-09 194436/week @ 2024-10-16 198071/week @ 2024-10-23 179248/week @ 2024-10-30 185574/week @ 2024-11-06 196347/week @ 2024-11-13 205628/week @ 2024-11-20 174277/week @ 2024-11-27 162993/week @ 2024-12-04

776,833 downloads per month
Used in 117 crates (5 directly)

ISC AND (Apache-2.0 OR ISC) AND OpenSSL

47MB
1.5M SLoC

GNU Style Assembly 712K SLoC // 0.0% comments Rust 313K SLoC // 0.0% comments C++ 100K SLoC // 0.1% comments C 96K SLoC // 0.2% comments Perl 84K SLoC // 0.1% comments Assembly 79K SLoC // 0.0% comments Bitbake 8K SLoC Batch 20 SLoC // 0.1% comments

aws-lc-sys

crates.io GitHub

Autogenerated Low-level bindings to the AWS-LC library for the Rust programming language. The versioning for this crate will be unstable. New releases of AWS-LC will correspond to a new 0.x.0 version of this crate. Features and/or fixes from AWS-LC will not be backported to older versions of this crate. We do not recommend taking a direct dependency on this crate.

See our User Guide for guidance on installing build requirements.

Documentation.

Build Support

This crate pulls in the source code of AWS-LC to build with it. Bindings for popular platforms are pre-generated. To generate bindings for platforms where pre-generated bindings aren't available, you can either specify our bindgen feature or install the bindgen-cli.

Pregenerated Bindings Availability

Targets

aarch64_apple_darwin aarch64_pc_windows_msvc aarch64_unknown_linux_gnu aarch64_unknown_linux_musl i686_pc_windows_msvc i686_unknown_linux_gnu x86_64_apple_darwin x86_64_pc_windows_gnu x86_64_pc_windows_msvc x86_64_unknown_linux_gnu x86_64_unknown_linux_musl

Use of prebuilt NASM objects

For Windows x86 and x86-64, NASM is required for assembly code compilation. On these platforms, we recommend that you install the NASM assembler. If NASM is detected in the build environment it is used to compile the assembly files. However, if a NASM assembler is not available, and the "fips" feature is not enabled, then the build fails unless one of the following conditions are true:

  • You are building for x86-64 and either:
    • The AWS_LC_SYS_PREBUILT_NASM environment variable is found and has a value of "1"; OR
    • AWS_LC_SYS_PREBUILT_NASM is not found in the environment AND the "prebuilt-nasm" feature has been enabled.

If the above cases apply, then the crate provided prebuilt NASM objects will be used for the build. To prevent usage of prebuilt NASM objects, install NASM in the build environment and/or set the variable AWS_LC_SYS_PREBUILT_NASM to 0 in the build environment to prevent their use.

About prebuilt NASM objects

Prebuilt NASM objects are generated using automation similar to the crate provided pregenerated bindings. See the repositories GitHub workflow configuration for more information. The prebuilt NASM objects are checked into the repository and are available for inspection. For each PR submitted, CI verifies that the NASM objects newly built from source match the NASM objects currently in the repository.

Build Prerequisites

Since this crate builds AWS-LC as a native library, most build tools needed to build AWS-LC are applicable to aws-lc-sys as well. Go and Perl aren't absolutely necessary for aws-lc-sys, as AWS-LC provides generated build files.

Building AWS-LC

AWS-LC is tested on a variety of C/C++ compiler, OS, and CPU combinations. For a complete list of tested combinations see tests/ci/Readme.md. If you use a different build combination and would like us to support it, please open an issue to us at AWS-LC.

Building with a FIPS-validated module

This crate does not offer the AWS-LC FIPS build. To use AWS-LC FIPS, please use the FIPS version of this crate, available at aws-lc-fips-sys.

Post-Quantum Cryptography

Details on the post-quantum algorithms supported by aws-lc-sys can be found at PQREADME.

Security Notification Process

If you discover a potential security issue in AWS-LC or aws-lc-sys, we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.

If you package or distribute aws-lc-sys, or use aws-lc-sys as part of a large multi-user service, you may be eligible for pre-notification of future aws-lc-sys releases. Please contact aws-lc-pre-notifications@amazon.com.

Contribution

See contributing file at AWS-LC

Licensing

See license at AWS-LC

Dependencies