Skip to content

Commit

Permalink
Add support for aws_lc_rs as crypto backend (#201)
Browse files Browse the repository at this point in the history
Starting from [0.22.0,
`rustls`](https://github.com/rustls/rustls/releases/tag/v%2F0.22.0),
ecosystem has started supporting
[`aws-lc-rs`](https://github.com/aws/aws-lc-rs) as crypto back-end. This
latter replaces crypto functionalities provided by `ring`.

The main reason behind this is to provide
[FIPS](https://en.wikipedia.org/wiki/FIPS_140-2) compliance in the
future via `aws-lc`:

> Optional support for cryptography from
[aws-lc-rs](https://github.com/aws/aws-lc-rs). Once the certification
process completes , we will support FIPS mode using aws-lc-rs.

---

This PR is implementing the
[same](https://github.com/rustls/rustls/blob/4d1b762b5328a1714862ba73ec72d5522fe0c049/rustls/Cargo.toml#L19)
supporting mechanism.

In short:
 * if cfg(feature = "ring") -> ring   (this will be the default)
 * if cfg(feature = "aws-lc-rc") -> aws-lc-rs
 * if both -> ~compile_error!~ EDIT: ring
 * if none -> compile_error!
  • Loading branch information
BiagioFesta authored Dec 14, 2023
1 parent 53a5232 commit acec387
Show file tree
Hide file tree
Showing 8 changed files with 493 additions and 122 deletions.
12 changes: 7 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
with:
components: clippy
- run: cargo clippy --all-features --all-targets
- run: cargo clippy --no-default-features --all-targets
- run: cargo clippy --no-default-features --features aws_lc_rs,pem --all-targets

rustdoc:
name: Documentation
Expand Down Expand Up @@ -117,6 +117,8 @@ jobs:
arch: amd64
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install NASM for aws-lc-rs on Windows
uses: ilammy/setup-nasm@v1
- run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
- run: vcpkg install openssl:x64-windows-static-md
- name: Run cargo check
Expand All @@ -125,8 +127,8 @@ jobs:
run: cargo test --all-targets
- name: Run the tests with x509-parser enabled
run: cargo test --verbose --features x509-parser --all-targets
- name: Run the tests with no default features enabled
run: cargo test --verbose --no-default-features --all-targets
- name: Run the tests with aws_lc_rs backend enabled
run: cargo test --verbose --no-default-features --features aws_lc_rs,pem --all-targets

build:
strategy:
Expand Down Expand Up @@ -164,8 +166,8 @@ jobs:
run: cargo test --all-targets
- name: Run the tests with x509-parser enabled
run: cargo test --verbose --features x509-parser --all-targets
- name: Run the tests with no default features enabled
run: cargo test --verbose --no-default-features --all-targets
- name: Run the tests with aws_lc_rs backend enabled
run: cargo test --verbose --no-default-features --features aws_lc_rs,pem --all-targets

coverage:
name: Measure coverage
Expand Down
Loading

0 comments on commit acec387

Please sign in to comment.