Add MacOS specific compilation options

[hongkongkiwi]

• Adds additional compilation options for MacOS
• Add dylib building for MacOS

Here's how I got it compiling for MacOS:

Install depeencies

brew install json-c p11-kit openssl@3 libp11 zlib

Install AWS SDK

git clone --recurse-submodules "https://github.com/aws/aws-sdk-cpp" "aws-sdk-cpp"
cd "aws-sdk-cpp"
./prefetch_crt_dependency.sh
mkdir -p ./build
cd ./build
cmake \
  -DCMAKE_PREFIX_PATH="/opt/homebrew/opt/curl/" \
  -DBUILD_ONLY="kms;acm-pca" \
  -DCMAKE_BUILD_TYPE=Release  \
  -DENABLE_TESTING=OFF \
  -DAUTORUN_UNIT_TESTS=OFF \
  -DBUILD_SHARED_LIBS=OFF \
  -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp"
  ..
cmake --build build -j $(nproc)
make install

We need to fix up the SDK so it builds s2n which is doesn't seem to do by default in latest versoins.

cd ../crt/aws-crt-cpp/crt/s2n
mkdir -p build
cd build
cmake .. -Bbuild \
    -DCMAKE_BUILD_TYPE=Release \
    -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp"
cmake --build build -j $(nproc)
cmake --install build

Compile AWS PKCS11

AWS_SDK_PATH="$HOME/aws-sdk-cpp" make

Using on MacOS

mkdir -p ~/.config/aws-kms-pkcs11
touch ~/.config/aws-kms-pkcs11/config

Setup OpenSSL Config

cat >openssl_config.conf <<EOF
openssl_conf = openssl_init

[openssl_init]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/homebrew/opt/libp11/lib/engines-3/libpkcs11.dylib
MODULE_PATH = /Users/andy/.config/aws-kms-pkcs11/aws_kms_pkcs11.dylib
init = 0

[req]
distinguished_name=dn
[ dn ]
EOF

OPENSSL_CONF=openssl_config.conf openssl req -config <(echo "$CONFIG") -x509 -key pkcs11:token=my-signing-key -keyform engine -engine pkcs11 -out mycert.pem -subj '/CN=mycert' -days 366 -addext basicConstraints=critical,CA:FALSE