diff --git a/bazel/external/BUILD b/bazel/external/BUILD index b131b0de39e8..ce8cb8123ed7 100644 --- a/bazel/external/BUILD +++ b/bazel/external/BUILD @@ -1,6 +1,9 @@ licenses(["notice"]) # Apache 2 -exports_files(["boringssl_fips.genrule_cmd", "aws_lc.genrule_cmd"]) +exports_files([ + "aws_lc.genrule_cmd", + "boringssl_fips.genrule_cmd", +]) # Use a wrapper cc_library with an empty source source file to force # compilation of other cc_library targets that only list *.a sources. diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl index b54763c67b1e..d124324854d1 100644 --- a/bazel/repository_locations.bzl +++ b/bazel/repository_locations.bzl @@ -173,7 +173,7 @@ REPOSITORY_LOCATIONS_SPEC = dict( strip_prefix = "aws-lc-{version}", urls = ["https://github.com/aws/aws-lc/archive/{version}.tar.gz"], use_category = ["controlplane", "dataplane_core"], - release_date = "2025-02-05", + release_date = "2025-02-06", cpe = "cpe:2.3:a:google:boringssl:*", ), aspect_bazel_lib = dict( diff --git a/source/common/tls/BUILD b/source/common/tls/BUILD index 5ff948118554..9bb232fe6dc2 100644 --- a/source/common/tls/BUILD +++ b/source/common/tls/BUILD @@ -246,8 +246,8 @@ envoy_cc_library( name = "utility_lib", srcs = ["utility.cc"], hdrs = [ - "utility.h", "aws_lc_compat.h", + "utility.h", ], external_deps = ["ssl"], deps = [ diff --git a/source/common/tls/aws_lc_compat.h b/source/common/tls/aws_lc_compat.h index b522c61df8c0..351a85acb98c 100644 --- a/source/common/tls/aws_lc_compat.h +++ b/source/common/tls/aws_lc_compat.h @@ -1,9 +1,15 @@ +#pragma once + // Aws-lc can be utilized as an alternative to boringssl // This file provides API translation from boringssl to aws-lc when Envoy is compiled with aws-lc -// As of now, aws-lc is only compiled with Envoy for the ppc64le platform +// As of now, aws-lc is only compiled with Envoy for the ``ppc64le`` platform // More information about aws-lc can be found here: https://github.com/aws/aws-lc // This file should be included wherever the following identifiers are invoked by Envoy +namespace Envoy { + #ifdef OPENSSL_IS_AWSLC #define sk_X509_NAME_find sk_X509_NAME_find_awslc #endif + +} // namespace Envoy diff --git a/source/common/tls/cert_validator/default_validator.cc b/source/common/tls/cert_validator/default_validator.cc index 9bc493f01c9f..5da759b0bf25 100644 --- a/source/common/tls/cert_validator/default_validator.cc +++ b/source/common/tls/cert_validator/default_validator.cc @@ -27,10 +27,10 @@ #include "source/common/runtime/runtime_features.h" #include "source/common/stats/symbol_table.h" #include "source/common/stats/utility.h" +#include "source/common/tls/aws_lc_compat.h" #include "source/common/tls/cert_validator/cert_validator.h" #include "source/common/tls/cert_validator/factory.h" #include "source/common/tls/cert_validator/utility.h" -#include "source/common/tls/aws_lc_compat.h" #include "source/common/tls/stats.h" #include "source/common/tls/utility.h" diff --git a/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc b/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc index cfea27eca2e5..db057d5b279c 100644 --- a/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc +++ b/source/extensions/transport_sockets/tls/cert_validator/spiffe/spiffe_validator.cc @@ -18,9 +18,9 @@ #include "source/common/json/json_loader.h" #include "source/common/protobuf/message_validator_impl.h" #include "source/common/stats/symbol_table.h" +#include "source/common/tls/aws_lc_compat.h" #include "source/common/tls/cert_validator/factory.h" #include "source/common/tls/cert_validator/utility.h" -#include "source/common/tls/aws_lc_compat.h" #include "source/common/tls/stats.h" #include "source/common/tls/utility.h"