aws_lc_rs_algs: Expose FIPS status

rustls · Feb 2, 2024 · 95065a6 · 95065a6
1 parent add8fd7
commit 95065a6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -80,7 +80,7 @@ std = ["alloc", "pki-types/std"]
 
 [dependencies]
 aws-lc-rs = { version = "1", optional = true, default-features = false, features = ["aws-lc-sys"] }
-pki-types = { package = "rustls-pki-types", version = "1", default-features = false }
+pki-types = { package = "rustls-pki-types", version = "1.2", default-features = false }
 ring = { version = "0.17", default-features = false, optional = true }
 untrusted = "0.9"
 

diff --git a/src/aws_lc_rs_algs.rs b/src/aws_lc_rs_algs.rs
@@ -1,4 +1,4 @@
-use aws_lc_rs::signature;
+use aws_lc_rs::{signature, try_fips_mode};
 use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 
 use crate::signed_data::alg_id;
@@ -33,6 +33,10 @@ impl SignatureVerificationAlgorithm for AwsLcRsAlgorithm {
             .verify(message, signature)
             .map_err(|_| InvalidSignature)
     }
+
+    fn fips(&self) -> bool {
+        try_fips_mode().is_ok()
+    }
 }
 
 /// ECDSA signatures using the P-256 curve and SHA-256.