From f2220203a96d097a1223929f90bc2c6c37ceb55c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= Date: Mon, 7 Oct 2024 19:59:14 +0200 Subject: [PATCH 1/2] feat(quinn, quinn-proto): add aws-lc-rs-fips feature flag Adds support for aws-lc-rs FIPS mode using a feature flag in quinn and quinn-proto. --- .github/workflows/rust.yml | 3 +++ quinn-proto/Cargo.toml | 2 ++ quinn/Cargo.toml | 2 ++ 3 files changed, 7 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8457d1ee5..47b7ed828 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -64,6 +64,9 @@ jobs: # Prevent feature unification from selecting *ring* as the crypto provider - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn-proto/Cargo.toml --no-default-features --features rustls-aws-lc-rs - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn/Cargo.toml --no-default-features --features rustls-aws-lc-rs,runtime-tokio + # FIPS + - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn-proto/Cargo.toml --no-default-features --features rustls-aws-lc-rs-fips + - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn/Cargo.toml --no-default-features --features rustls-aws-lc-rs-fips,runtime-tokio msrv: runs-on: ubuntu-latest diff --git a/quinn-proto/Cargo.toml b/quinn-proto/Cargo.toml index 9a67f02cd..a9612702b 100644 --- a/quinn-proto/Cargo.toml +++ b/quinn-proto/Cargo.toml @@ -16,10 +16,12 @@ all-features = true [features] default = ["rustls-ring", "log"] aws-lc-rs = ["dep:aws-lc-rs", "aws-lc-rs/aws-lc-sys", "aws-lc-rs/prebuilt-nasm"] +aws-lc-rs-fips = ["aws-lc-rs", "aws-lc-rs?/fips"] # For backwards compatibility, `rustls` forwards to `rustls-ring` rustls = ["rustls-ring"] # Enable rustls with the `aws-lc-rs` crypto provider rustls-aws-lc-rs = ["dep:rustls", "rustls/aws-lc-rs", "aws-lc-rs"] +rustls-aws-lc-rs-fips = ["rustls-aws-lc-rs", "aws-lc-rs-fips"] # Enable rustls with the `ring` crypto provider rustls-ring = ["dep:rustls", "rustls/ring", "ring"] ring = ["dep:ring"] diff --git a/quinn/Cargo.toml b/quinn/Cargo.toml index a54ef7b91..e375ae16d 100644 --- a/quinn/Cargo.toml +++ b/quinn/Cargo.toml @@ -18,6 +18,7 @@ all-features = true default = ["log", "platform-verifier", "runtime-tokio", "rustls-ring"] # Enables `Endpoint::client` and `Endpoint::server` conveniences aws-lc-rs = ["proto/aws-lc-rs"] +aws-lc-rs-fips = ["proto/aws-lc-rs-fips"] # Records how long locks are held, and warns if they are held >= 1ms lock_tracking = [] # Provides `ClientConfig::with_platform_verifier()` convenience method @@ -26,6 +27,7 @@ platform-verifier = ["proto/platform-verifier"] rustls = ["rustls-ring"] # Enable rustls with the `aws-lc-rs` crypto provider rustls-aws-lc-rs = ["dep:rustls", "aws-lc-rs", "proto/rustls-aws-lc-rs", "proto/aws-lc-rs"] +rustls-aws-lc-rs-fips = ["dep:rustls", "aws-lc-rs-fips", "proto/rustls-aws-lc-rs-fips", "proto/aws-lc-rs-fips"] # Enable rustls with the `ring` crypto provider rustls-ring = ["dep:rustls", "ring", "proto/rustls-ring", "proto/ring"] # Enables `Endpoint::client` and `Endpoint::server` conveniences From e33eccee206f48b385c3db2061e5edef7a288358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= Date: Tue, 8 Oct 2024 22:17:42 +0200 Subject: [PATCH 2/2] ci(workflows/features): install Go for macos-latest --- .github/workflows/rust.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 47b7ed828..45be0bbe9 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -174,6 +174,11 @@ jobs: RUSTFLAGS: -Dwarnings steps: - uses: actions/checkout@v4 + # Install Go which is needed on MacOS with the FIPS mode + - if: contains(matrix.os, 'macos') + uses: actions/setup-go@v5 + with: + go-version: '^1.20' - uses: dtolnay/rust-toolchain@stable - uses: taiki-e/install-action@cargo-hack - run: cargo hack check --feature-powerset --optional-deps --no-dev-deps --ignore-unknown-features --ignore-private --group-features runtime-async-std,async-io,async-std --group-features runtime-smol,async-io,smol