Autogenerated low-level AWS-LC FIPS bindings for the Rust programming language. We do not recommend directly relying on these bindings.
The aws-lc-fips-sys crate provides bindings to the latest version of the AWS-LC-FIPS module that has completed FIPS validation testing by an accredited lab and has been submitted to NIST for certification. This will continue to be the case as we periodically submit new versions of the AWS-LC-FIPS module to NIST for certification. Currently, aws-lc-fips-sys binds to AWS-LC-FIPS 3.0.x.
Consult with your local FIPS compliance team to determine the version of AWS-LC-FIPS module that you require. Consumers needing to remain on a previous version of the AWS-LC-FIPS module should pin to specific versions of aws-lc-rs to avoid automatically being upgraded to a newer module version. (See cargo’s documentation on how to specify dependency versions.)
| AWS-LC-FIPS module | aws-lc-rs |
|---|---|
| 2.0.x | <1.12.0 |
| 3.0.x | latest |
Refer to the NIST Cryptographic Module Validation Program's Modules In Progress List for the latest status of the static or dynamic AWS-LC Cryptographic Module. Please see the FIPS.md in the aws-lc repository for relevant security policies and information on supported operating environments. We will also update our release notes and documentation to reflect any changes in FIPS certification status.
This crate contains source code from a FIPS branch of AWS-LC for building and for bindings generation. A specialized FIPS build is performed. Bindings for some platforms are pre-generated.
| Targets |
|---|
| aarch64_apple_darwin |
| aarch64_unknown_linux_gnu |
| aarch64_unknown_linux_musl |
| x86_64_apple_darwin |
| x86_64_unknown_linux_gnu |
| x86_64_unknown_linux_musl |
Prebuilt NASM objects are not available for this crate.
aws-lc-fips-sys currently relies on the AWS-LC FIPS static build, please see our CI documentation
at AWS-LC.
Since this crate builds AWS-LC as a native library, all build tools needed to build AWS-LC are applicable to
aws-lc-fips-sys as well. This includes Go and Perl, which are hard dependencies for the AWS-LC FIPS build.
If you use a different build combination for FIPS and would like us to support it, please open an issue to us at AWS-LC.
If you discover a potential security issue in AWS-LC or aws-lc-fips-sys, we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
If you package or distribute aws-lc-fips-sys, or use aws-lc-fips-sys as part of a large multi-user service, you may be eligible for pre-notification of future aws-lc-fips-sys releases. Please contact [email protected].
See contributing file at AWS-LC
See license at AWS-LC