Skip to content

Latest commit

 

History

History
89 lines (62 loc) · 4.03 KB

README.md

File metadata and controls

89 lines (62 loc) · 4.03 KB

aws-lc-fips-sys

crates.io GitHub

Autogenerated low-level AWS-LC FIPS bindings for the Rust programming language. We do not recommend directly relying on these bindings.

Documentation.

FIPS

The aws-lc-fips-sys crate provides bindings to the latest version of the AWS-LC-FIPS module that has completed FIPS validation testing by an accredited lab and has been submitted to NIST for certification. This will continue to be the case as we periodically submit new versions of the AWS-LC-FIPS module to NIST for certification. Currently, aws-lc-fips-sys binds to AWS-LC-FIPS 3.0.x.

Consult with your local FIPS compliance team to determine the version of AWS-LC-FIPS module that you require. Consumers needing to remain on a previous version of the AWS-LC-FIPS module should pin to specific versions of aws-lc-rs to avoid automatically being upgraded to a newer module version. (See cargo’s documentation on how to specify dependency versions.)

AWS-LC-FIPS module aws-lc-rs
2.0.x <1.12.0
3.0.x latest

Refer to the NIST Cryptographic Module Validation Program's Modules In Progress List for the latest status of the static or dynamic AWS-LC Cryptographic Module. Please see the FIPS.md in the aws-lc repository for relevant security policies and information on supported operating environments. We will also update our release notes and documentation to reflect any changes in FIPS certification status.

Building and Bindings

This crate contains source code from a FIPS branch of AWS-LC for building and for bindings generation. A specialized FIPS build is performed. Bindings for some platforms are pre-generated.

Pregenerated Bindings Availability

Targets
aarch64_apple_darwin
aarch64_unknown_linux_gnu
aarch64_unknown_linux_musl
x86_64_apple_darwin
x86_64_unknown_linux_gnu
x86_64_unknown_linux_musl

Prebuilt NASM objects

Prebuilt NASM objects are not available for this crate.

Tested AWS-LC FIPS Build Environments

aws-lc-fips-sys currently relies on the AWS-LC FIPS static build, please see our CI documentation at AWS-LC.

Build Prerequisites

Since this crate builds AWS-LC as a native library, all build tools needed to build AWS-LC are applicable to aws-lc-fips-sys as well. This includes Go and Perl, which are hard dependencies for the AWS-LC FIPS build.

Building AWS-LC

If you use a different build combination for FIPS and would like us to support it, please open an issue to us at AWS-LC.

Security Notification Process

If you discover a potential security issue in AWS-LC or aws-lc-fips-sys, we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.

If you package or distribute aws-lc-fips-sys, or use aws-lc-fips-sys as part of a large multi-user service, you may be eligible for pre-notification of future aws-lc-fips-sys releases. Please contact aws-lc-pre-notifications@amazon.com.

Contribution

See contributing file at AWS-LC

Licensing

See license at AWS-LC