From 8aac2e585af392a3abf30f1aed0bf8d5c6a715d0 Mon Sep 17 00:00:00 2001
From: BiagioFesta <15035284+BiagioFesta@users.noreply.github.com>
Date: Fri, 1 Mar 2024 09:57:36 +0100
Subject: [PATCH 1/2] cargo: add fips feature based on aws_lc_rs

---
 Cargo.lock       | 15 +++++++++++++++
 rcgen/Cargo.toml |  1 +
 2 files changed, 16 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index e2c19fb2..e0ff710f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -83,12 +83,27 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 
+[[package]]
+name = "aws-lc-fips-sys"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e33c1a4881f0f751f1fc32d101755393b50e2dcb9857857974d880e2fa5d4749"
+dependencies = [
+ "bindgen",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "libc",
+ "paste",
+]
+
 [[package]]
 name = "aws-lc-rs"
 version = "1.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "df33e4a55b03f8780ba55041bc7be91a2a8ec8c03517b0379d2d6c96d2c30d95"
 dependencies = [
+ "aws-lc-fips-sys",
  "aws-lc-sys",
  "mirai-annotations",
  "paste",
diff --git a/rcgen/Cargo.toml b/rcgen/Cargo.toml
index 79c9463b..79ff4d9f 100644
--- a/rcgen/Cargo.toml
+++ b/rcgen/Cargo.toml
@@ -39,6 +39,7 @@ default = ["crypto", "pem", "ring"]
 crypto = []
 aws_lc_rs = ["crypto", "dep:aws-lc-rs"]
 ring = ["crypto", "dep:ring"]
+fips = ["aws_lc_rs", "aws-lc-rs?/fips"]
 
 
 [package.metadata.docs.rs]

From b61ec57c88950e8928593025a774c57177376255 Mon Sep 17 00:00:00 2001
From: BiagioFesta <15035284+BiagioFesta@users.noreply.github.com>
Date: Tue, 5 Mar 2024 18:44:45 +0100
Subject: [PATCH 2/2] ci: run test with FIPS aws_lc_rs module

---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d5960c02..f0d17248 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -138,6 +138,8 @@ jobs:
       run: cargo test --verbose --features x509-parser --all-targets
     - name: Run the tests with aws_lc_rs backend enabled
       run: cargo test --verbose --no-default-features --features aws_lc_rs,pem --all-targets
+    - name: Run the tests with FIPS aws_lc_rs module
+      run: cargo test --verbose --no-default-features --features fips,pem --all-targets
     - name: Run the tests with no features enabled
       run: cargo test --verbose --no-default-features --all-targets
 
@@ -179,6 +181,8 @@ jobs:
       run: cargo test --verbose --features x509-parser --all-targets
     - name: Run the tests with aws_lc_rs backend enabled
       run: cargo test --verbose --no-default-features --features aws_lc_rs,pem --all-targets
+    - name: Run the tests with FIPS aws_lc_rs module
+      run: cargo test --verbose --no-default-features --features fips,pem --all-targets
 
   # Build rustls-cert-gen as a standalone package, see this PR for why it's needed:
   # https://github.com/rustls/rcgen/pull/206#pullrequestreview-1816197358