rustls · cpu · Dec 31, 2024 · Dec 28, 2024 · Dec 23, 2024 · Dec 24, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -111,7 +111,7 @@ jobs:
           - --features=alloc
           - --all-features
           - --no-default-features
-          - --no-default-features --features alloc,std,aws_lc_rs
+          - --no-default-features --features alloc,std,aws-lc-rs
 
         mode:
           - # debug
@@ -127,7 +127,7 @@ jobs:
           - features: --features=alloc
           - features: --no-default-features
           - features: --no-default-features --features alloc,std
-          - features: --no-default-features --features alloc,std,aws_lc_rs
+          - features: --no-default-features --features alloc,std,aws-lc-rs
           - features: --all-features
             mode: --release
           - features: --all-features
@@ -189,17 +189,17 @@ jobs:
             host_os: ubuntu-latest
 
           # check aws-lc-rs alone
-          - features: --no-default-features --features alloc,std,aws_lc_rs
+          - features: --no-default-features --features alloc,std,aws-lc-rs
             mode: # debug
             rust_channel: stable
             host_os: macos-latest
 
-          - features: --no-default-features --features alloc,std,aws_lc_rs
+          - features: --no-default-features --features alloc,std,aws-lc-rs
             mode: # debug
             rust_channel: stable
             host_os: windows-latest
 
-          - features: --no-default-features --features alloc,std,aws_lc_rs
+          - features: --no-default-features --features alloc,std,aws-lc-rs
             mode: # debug
             rust_channel: stable
             host_os: ubuntu-latest
@@ -357,4 +357,8 @@ jobs:
         uses: taiki-e/install-action@cargo-hack
 
       - name: Check feature powerset
-        run: cargo hack check --feature-powerset --no-dev-deps
+        run: >
+          cargo hack check
+          --feature-powerset
+          --no-dev-deps
+          --mutually-exclusive-features aws-lc-rs,aws-lc-rs-fips
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -21,7 +21,7 @@ license = "ISC"
 name = "rustls-webpki"
 readme = "README.md"
 repository = "https://github.com/rustls/webpki"
-version = "0.102.8"
+version = "0.103.0"
 
 include = [
     "Cargo.toml",
@@ -75,12 +75,13 @@ name = "webpki"
 [features]
 default = ["std", "ring"]
 alloc = ["ring?/alloc", "pki-types/alloc"]
-aws_lc_rs = ["dep:aws-lc-rs"]
+aws-lc-rs = ["dep:aws-lc-rs", "aws-lc-rs/aws-lc-sys", "aws-lc-rs/prebuilt-nasm"]
+aws-lc-rs-fips = ["dep:aws-lc-rs", "aws-lc-rs/fips"]
 ring = ["dep:ring"]
 std = ["alloc", "pki-types/std"]
 
 [dependencies]
-aws-lc-rs = { version = "1.9", optional = true, default-features = false, features = ["aws-lc-sys", "prebuilt-nasm"] }
+aws-lc-rs = { version = "1.9", optional = true, default-features = false }
 pki-types = { package = "rustls-pki-types", version = "1.7", default-features = false }
 ring = { version = "0.17", default-features = false, optional = true }
 untrusted = "0.9"

diff --git a/src/lib.rs b/src/lib.rs
@@ -24,7 +24,7 @@
 //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
 //! | `std` | Enable features that require libstd. Implies `alloc`. |
 //! | `ring` | Enable use of the *ring* crate for cryptography. |
-//! | `aws_lc_rs` | Enable use of the aws-lc-rs crate for cryptography. |
+//! | `aws-lc-rs` | Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named `aws_lc_rs`. |
 
 #![no_std]
 #![warn(elided_lifetimes_in_paths, unreachable_pub, clippy::use_self)]
@@ -51,7 +51,7 @@ extern crate alloc;
 #[macro_use]
 mod der;
 
-#[cfg(feature = "aws_lc_rs")]
+#[cfg(feature = "aws-lc-rs")]
 mod aws_lc_rs_algs;
 mod cert;
 mod end_entity;
@@ -107,7 +107,7 @@ pub mod ring {
     };
 }
 
-#[cfg(feature = "aws_lc_rs")]
+#[cfg(feature = "aws-lc-rs")]
 /// Signature verification algorithm implementations using the aws-lc-rs crypto library.
 pub mod aws_lc_rs {
     pub use super::aws_lc_rs_algs::{
@@ -121,7 +121,7 @@ pub mod aws_lc_rs {
 
 /// An array of all the verification algorithms exported by this crate.
 ///
-/// This will be empty if the crate is built without the `ring` and `aws_lc_rs` features.
+/// This will be empty if the crate is built without the `ring` and `aws-lc-rs` features.
 pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm] = &[
     #[cfg(feature = "ring")]
     ring::ECDSA_P256_SHA256,
@@ -147,35 +147,35 @@ pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm]
     ring::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
     #[cfg(all(feature = "ring", feature = "alloc"))]
     ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P256_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P256_SHA384,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P384_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P384_SHA384,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P521_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P521_SHA384,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P521_SHA512,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ED25519,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PKCS1_2048_8192_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PKCS1_2048_8192_SHA384,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PKCS1_2048_8192_SHA512,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PKCS1_3072_8192_SHA384,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 ];
 

diff --git a/src/verify_cert.rs b/src/verify_cert.rs
@@ -695,7 +695,7 @@ pub(crate) enum Role {
     EndEntity,
 }
 
-#[cfg(all(test, feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
+#[cfg(all(test, feature = "alloc", any(feature = "ring", feature = "aws-lc-rs")))]
 mod tests {
     use super::*;
     use crate::test_utils;

diff --git a/tests/better_tls.rs b/tests/better_tls.rs
@@ -1,4 +1,4 @@
-#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
+#![cfg(any(feature = "ring", feature = "aws-lc-rs"))]
 
 use core::time::Duration;
 use std::collections::HashMap;
@@ -16,7 +16,7 @@ use webpki::{anchor_from_trusted_cert, KeyUsage};
 static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
     #[cfg(feature = "ring")]
     webpki::ring::ECDSA_P256_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     webpki::aws_lc_rs::ECDSA_P256_SHA256,
 ];
 

diff --git a/tests/client_auth.rs b/tests/client_auth.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws-lc-rs")))]
 
 use core::time::Duration;
 use pki_types::{CertificateDer, UnixTime};

diff --git a/tests/client_auth_revocation.rs b/tests/client_auth_revocation.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
+#![cfg(any(feature = "ring", feature = "aws-lc-rs"))]
 
 use core::time::Duration;
 
@@ -25,7 +25,7 @@ use webpki::{
 static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
     #[cfg(feature = "ring")]
     webpki::ring::ECDSA_P256_SHA256,
-    #[cfg(feature = "aws_lc_rs")]
+    #[cfg(feature = "aws-lc-rs")]
     webpki::aws_lc_rs::ECDSA_P256_SHA256,
 ];
 

diff --git a/tests/custom_ekus.rs b/tests/custom_ekus.rs
@@ -1,4 +1,4 @@
-#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws_lc_rs")))]
+#![cfg(all(feature = "alloc", any(feature = "ring", feature = "aws-lc-rs")))]
 
 use core::time::Duration;
 

diff --git a/tests/generate.py b/tests/generate.py
@@ -561,9 +561,9 @@ def signatures(force: bool) -> None:
     }
 
     feature_gates = {
-        "ECDSA_P521_SHA256": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
-        "ECDSA_P521_SHA384": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
-        "ECDSA_P521_SHA512": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
+        "ECDSA_P521_SHA256": 'all(not(feature = "ring"), feature = "aws-lc-rs")',
+        "ECDSA_P521_SHA384": 'all(not(feature = "ring"), feature = "aws-lc-rs")',
+        "ECDSA_P521_SHA512": 'all(not(feature = "ring"), feature = "aws-lc-rs")',
     }
 
     rsa_types: list[str] = [

diff --git a/tests/integration.rs b/tests/integration.rs
@@ -12,7 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]
+#![cfg(any(feature = "ring", feature = "aws-lc-rs"))]
 
 use core::time::Duration;