nmap
Support building Nmap with AWS-LC
Hello,
I’m an engineer at AWS working on AWS Libcrypto (AWS-LC), an open-source cryptographic library maintained for AWS and their customers. We are committed to backwards compatibility. For this purpose we have CI jobs here asserting every change’s compatibility with many different open-source projects. We use these tests to catch compatibility regressions before they’re merged. We have already added Nmap to our CI here.
AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, AWS Graviton 3, and Intel x86-64 with AVX-512 instructions. We’ve formally verified a subset of AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC has been FIPS validated by NIST and we have 140-3 certificates for both dynamic and static builds. We would like to upstream support for AWS-LC into the mainline branch of Nmap. We believe that this would provide the best experience for users wishing to build Nmap against AWS-LC.
We support all features of Nmap with one caveat provided in the patch file here. The provided patch requires only a minor modification - adding the OPENSSL_IS_AWSLC macro to an existing ifdef block.
If you agree that this integration would be useful, I’d be happy to put together a PR.
