-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add feature based on aws-lc-rs cryptographic library instead of ring #377
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add running with this feature on to the CI?
Cargo.toml
Outdated
@@ -50,6 +51,7 @@ criterion = { version = "0.4", default-features = false } | |||
[features] | |||
default = ["use_pem"] | |||
use_pem = ["pem", "simple_asn1"] | |||
aws_lc_rs = ["aws-lc-rs"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we just call it fips
? That lib name is not obvious
87ce7c3
to
6126206
Compare
@Keats thanks for taking a look, I changed the feature name and added it to the CI, do you mind taking a look again? |
Have you seen this PR: #318 ? It's something I was considering |
Well this is also reasonable imo, for me the question is whether these libs are FIPS compliant, cause this is the biggest issue we are tackling with this PR, as AWS did get it certified. Can we do features as well - like remove ring, get a feature for FIPS using aws lib and all the rest with the lib combo? Does it sound good? I believe removing ring is OK for everyone. |
It looks like building this lib on windows is problematic? aws/aws-lc#1477 |
@Keats that is very unfortunate. I think that there is a compliant Microsoft library for the same that should be windows compilable. Let me do some research and get back. |
It looks like the symcrypt from Microsoft does not have wide support of platforms, although has the needed features, so I guess we can either merge the PR you suggest which is not guaranteed we have FIPS compliance, or we wait for the AWS folks to fix the windows build? Or maybe just use ring for windows? |
For sure, please go ahead |
#410 will make this PR obsolete |
The goal here is to enable feature based on aws-lc-rs library, so it can be used on demand instead of ring which is not FIPS certified.