Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default to require_ems in FIPS mode #1772

Merged
merged 1 commit into from
Feb 5, 2024
Merged

Default to require_ems in FIPS mode #1772

merged 1 commit into from
Feb 5, 2024

Conversation

ctz
Copy link
Member

@ctz ctz commented Feb 5, 2024

Change default for require_ems based on fips crate feature, generalising the existing tests for require_ems to verify this too.

Include require_ems in fips() determination.

@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Feb 5, 2024
edited

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 4605184 4581995 -23189 (-0.50%) 3.00%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 4075984 4088484 12500 (0.31%) 3.59%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 32789890 32889397 99507 (0.30%) 0.79%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 12733751 12697267 -36484 (-0.29%) 0.74%
handshake_tickets_ring_1.2_rsa_aes_server 4833943 4844743 10800 (0.22%) 0.64%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 4239849 4230496 -9353 (-0.22%) 1.04%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 57082449 57196390 113941 (0.20%) 0.37%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 32606909 32668733 61824 (0.19%) 0.47%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 12311446 12288204 -23242 (-0.19%) 0.73%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 12674050 12696211 22161 (0.17%) 0.63%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4558610 4566376 7766 (0.17%) 1.03%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 32570936 32625892 54956 (0.17%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 32580841 32634361 53520 (0.16%) 0.30%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 32817920 32870999 53079 (0.16%) 0.22%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 32786446 32836653 50207 (0.15%) 0.43%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 30464297 30510862 46565 (0.15%) 0.46%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 32570975 32618421 47446 (0.15%) 0.43%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 30463954 30507280 43326 (0.14%) 0.45%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3338597 3343301 4704 (0.14%) 0.28%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 30282993 30322377 39384 (0.13%) 0.47%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 32823984 32865447 41463 (0.13%) 0.23%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 30471769 30510221 38452 (0.13%) 0.31%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 30273685 30311484 37799 (0.12%) 0.29%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 30305540 30342105 36565 (0.12%) 0.45%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 30464967 30501189 36222 (0.12%) 0.45%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 30679139 30712573 33434 (0.11%) 0.41%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 30243847 30276703 32856 (0.11%) 0.49%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 30475860 30506778 30918 (0.10%) 0.42%
handshake_session_id_ring_1.2_rsa_aes_server 4377960 4373665 -4295 (-0.10%) 0.60%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 43838126 43879769 41643 (0.09%) 0.30%
handshake_session_id_ring_1.2_rsa_aes_client 4454440 4458370 3930 (0.09%) 0.47%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 32604870 32631471 26601 (0.08%) 0.44%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 30661537 30685750 24213 (0.08%) 0.34%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 32796724 32819645 22921 (0.07%) 0.29%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 1884665 1885894 1229 (0.07%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 42399999 42375510 -24489 (-0.06%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 42133499 42157376 23877 (0.06%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 91380491 91330613 -49878 (-0.05%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8675654 8671135 -4519 (-0.05%) 0.78%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3899063 3897081 -1982 (-0.05%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8682380 8686755 4375 (0.05%) 1.57%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 32598964 32614061 15097 (0.05%) 0.24%
handshake_session_id_ring_1.3_ecdsap384_aes_server 43665609 43646439 -19170 (-0.04%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 91254444 91294098 39654 (0.04%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 43898750 43917818 19068 (0.04%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 43598073 43580016 -18057 (-0.04%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 57168671 57190577 21906 (0.04%) 0.41%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 43885665 43869058 -16607 (-0.04%) 0.25%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 1881506 1882211 705 (0.04%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 57157862 57137518 -20344 (-0.04%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 4259793 4261293 1500 (0.04%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 57158191 57178190 19999 (0.03%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 2130749 2131415 666 (0.03%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 43884070 43897769 13699 (0.03%) 0.22%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 4264296 4265496 1200 (0.03%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 3355502 3356440 938 (0.03%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3341420 3342326 906 (0.03%) 0.23%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 3366682 3367589 907 (0.03%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 91327570 91348511 20941 (0.02%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 91347503 91328082 -19421 (-0.02%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 42183836 42192521 8685 (0.02%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 42190589 42198932 8343 (0.02%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 57961015 57972300 11285 (0.02%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 91272255 91255919 -16336 (-0.02%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 43940267 43946524 6257 (0.01%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 57092136 57084076 -8060 (-0.01%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 42353009 42347232 -5777 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 41965828 41971299 5471 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 32859188 32855132 -4056 (-0.01%) 0.43%
handshake_tickets_ring_1.3_ecdsap256_aes_client 42178370 42183305 4935 (0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 2128539 2128293 -246 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 42009787 42014580 4793 (0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 43589963 43585184 -4779 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 43642209 43637515 -4694 (-0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 43657241 43652635 -4606 (-0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 30470782 30473627 2845 (0.01%) 0.72%
handshake_tickets_ring_1.2_rsa_aes_client 4736856 4737273 417 (0.01%) 0.73%
handshake_session_id_ring_1.3_rsa_chacha_client 42151784 42155184 3400 (0.01%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 57953292 57948918 -4374 (-0.01%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92446656 92452373 5717 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 42137716 42135421 -2295 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 43580939 43583241 2302 (0.01%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92385984 92390329 4345 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92421226 92417209 -4017 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92421119 92425041 3922 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_client 4442028 4441840 -188 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3896694 3896532 -162 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 4537771 4537922 151 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server 12249684 12250044 360 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92390628 92388313 -2315 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 57948806 57947375 -1431 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 57091453 57092764 1311 (0.00%) 0.26%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 13740289 13740540 251 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92392872 92391435 -1437 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 12240110 12239927 -183 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 3153094 3153139 45 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 42016060 42016651 591 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 57086993 57087536 543 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 41972256 41972596 340 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 4547939 4547966 27 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 12045991 12045935 -56 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 57953746 57954012 266 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 57951358 57951622 264 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 43893565 43893713 148 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 68390673 68390886 213 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 57992721 57992896 175 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 13736513 13736540 27 (0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 57812328 57812216 -112 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 35451534 35451600 66 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 35454993 35454941 -52 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 91252344 91252410 66 (0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 56972114 56972120 6 (0.00%) 0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.92 ms 4.85 ms -0.07 ms (-1.39%) 5.37%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.64 ms 5.56 ms -0.08 ms (-1.34%) 4.47%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.86 ms 5.79 ms -0.07 ms (-1.23%) 4.08%
transfer_no_resume_ring_1.3_ecdsap256_aes 6.72 ms 6.65 ms -0.08 ms (-1.12%) 3.26%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.85 ms 5.79 ms -0.06 ms (-1.08%) 3.05%
transfer_no_resume_ring_1.3_rsa_aes 7.30 ms 7.23 ms -0.07 ms (-0.97%) 3.19%
transfer_no_resume_ring_1.2_rsa_aes 7.20 ms 7.14 ms -0.06 ms (-0.84%) 2.58%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 477.86 µs 474.18 µs -3.68 µs (-0.77%) 3.41%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 476.93 µs 473.32 µs -3.60 µs (-0.76%) 2.52%
handshake_no_resume_ring_1.3_ecdsap256_aes 510.15 µs 506.37 µs -3.78 µs (-0.74%) 2.09%
transfer_no_resume_ring_1.3_ecdsap384_aes 9.83 ms 9.76 ms -0.07 ms (-0.74%) 2.43%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 13.42 ms 13.34 ms -0.08 ms (-0.62%) 2.29%
handshake_no_resume_ring_1.3_ecdsap256_chacha 507.89 µs 504.79 µs -3.10 µs (-0.61%) 2.22%
handshake_tickets_ring_1.3_ecdsap256_aes 6.92 ms 6.96 ms 0.04 ms (0.59%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 14.36 ms 14.27 ms -0.08 ms (-0.58%) 1.52%
transfer_no_resume_ring_1.3_rsa_chacha 14.01 ms 13.93 ms -0.08 ms (-0.58%) 1.82%
handshake_tickets_ring_1.3_rsa_aes 7.56 ms 7.60 ms 0.04 ms (0.58%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 14.13 ms 14.05 ms -0.08 ms (-0.58%) 1.99%
transfer_no_resume_ring_1.3_ecdsap256_chacha 13.43 ms 13.35 ms -0.08 ms (-0.58%) 1.90%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.54 ms 16.45 ms -0.08 ms (-0.49%) 1.41%
handshake_session_id_ring_1.3_ecdsap256_aes 6.91 ms 6.94 ms 0.03 ms (0.40%) 1.00%
handshake_tickets_ring_1.3_rsa_chacha 7.52 ms 7.55 ms 0.03 ms (0.39%) 1.18%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.18 ms 1.18 ms -0.00 ms (-0.38%) 1.00%
handshake_session_id_ring_1.3_rsa_aes 7.55 ms 7.58 ms 0.03 ms (0.37%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_aes 10.03 ms 10.07 ms 0.03 ms (0.34%) 1.00%
handshake_tickets_ring_1.3_ecdsap256_chacha 6.89 ms 6.91 ms 0.02 ms (0.34%) 1.00%
handshake_session_id_ring_1.3_ecdsap256_chacha 6.87 ms 6.90 ms 0.02 ms (0.31%) 1.01%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.36 ms 1.36 ms -0.00 ms (-0.31%) 1.08%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 5.39 ms 5.41 ms 0.02 ms (0.29%) 2.57%
handshake_session_id_ring_1.2_rsa_aes 1.75 ms 1.75 ms -0.01 ms (-0.29%) 1.59%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 6.11 ms 6.13 ms 0.02 ms (0.29%) 1.03%
handshake_tickets_ring_1.3_ecdsap384_chacha 9.99 ms 10.02 ms 0.02 ms (0.24%) 1.00%
handshake_tickets_ring_1.2_rsa_aes 1.84 ms 1.84 ms -0.00 ms (-0.23%) 2.44%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 5.40 ms 5.41 ms 0.01 ms (0.23%) 1.17%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.41 ms 1.40 ms -0.00 ms (-0.23%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.41 ms 1.41 ms -0.00 ms (-0.22%) 1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 6.07 ms 6.08 ms 0.01 ms (0.22%) 1.65%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.62 ms 3.61 ms -0.01 ms (-0.21%) 1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 5.37 ms 5.38 ms 0.01 ms (0.21%) 1.87%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.19 ms 1.19 ms -0.00 ms (-0.21%) 1.00%
handshake_session_id_ring_1.3_rsa_chacha 7.51 ms 7.53 ms 0.02 ms (0.20%) 1.05%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 6.11 ms 6.13 ms 0.01 ms (0.20%) 1.94%
handshake_no_resume_ring_1.3_rsa_aes 1.08 ms 1.08 ms -0.00 ms (-0.19%) 1.08%
handshake_no_resume_ring_1.2_rsa_aes 1.07 ms 1.07 ms -0.00 ms (-0.18%) 1.16%
handshake_no_resume_ring_1.3_rsa_chacha 1.09 ms 1.08 ms -0.00 ms (-0.16%) 1.22%
handshake_session_id_aws_lc_rs_1.2_rsa_aes 2.17 ms 2.17 ms 0.00 ms (0.16%) 1.75%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.62 ms 3.61 ms -0.01 ms (-0.16%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_chacha 9.98 ms 9.99 ms 0.02 ms (0.15%) 1.00%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 6.40 ms 6.41 ms 0.01 ms (0.13%) 2.06%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 6.10 ms 6.10 ms 0.01 ms (0.13%) 2.27%
handshake_session_id_ring_1.3_ecdsap384_aes 10.02 ms 10.03 ms 0.01 ms (0.11%) 1.00%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 6.37 ms 6.38 ms 0.01 ms (0.11%) 1.56%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 5.38 ms 5.39 ms 0.01 ms (0.10%) 2.46%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 6.41 ms 6.41 ms 0.01 ms (0.10%) 1.42%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 6.39 ms 6.40 ms 0.00 ms (0.04%) 2.12%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 2.33 ms 2.34 ms 0.00 ms (0.01%) 1.84%

Additional information

Historical results

Checkout details:

djc
djc reviewed Feb 5, 2024
View reviewed changes
rustls/src/client/client_conn.rs
@@ -280,7 +281,15 @@ impl ClientConfig {
/// Return true if connections made with this `ClientConfig` will
/// operate in FIPS mode.
pub fn fips(&self) -> bool {
self.provider.fips()
#[cfg(feature = "tls12")]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're going to make the config-side fips() depend on the config, should we make the CryptoProvider::fips() pub(crate) to make it harder to accidentally rely on the CryptoProvider::fips() where that is not sufficient?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think -- I hope -- that there is not much confusion in semantics between CryptoProvider::fips() and Client/ServerConfig::fips(), even if they were functionally the same up until this commit. Will extend the docs though.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe the distinction needs to be explained in CryptoProvider::fips()? That's where it's risky, if you use that fips() but fail to check the config.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems like a good idea to me

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added some clarifying text to CryptoProvider::fips() -- please check.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ctz ctz force-pushed the jbp-link-fips-to-require-ems branch 2 times, most recently from c7800cc to d1bd423 Compare February 5, 2024 15:36
@ctz
Default to require_ems in FIPS mode
e8958e3 
Change default for `require_ems` based on `fips` crate feature,
generalising the existing tests for `require_ems` to verify this too.

Include `require_ems` in `fips()` determination.
@ctz ctz force-pushed the jbp-link-fips-to-require-ems branch from d1bd423 to e8958e3 Compare February 5, 2024 16:27
@ctz ctz enabled auto-merge February 5, 2024 16:35
@ctz ctz added this pull request to the merge queue Feb 5, 2024
Merged via the queue into main with commit 5cc7157 Feb 5, 2024
40 checks passed
@ctz ctz deleted the jbp-link-fips-to-require-ems branch February 5, 2024 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpu cpu cpu approved these changes

@djc djc djc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ctz @djc @cpu