Can't use a validated FIPS library (aws-lc-rs) version #1116
Description
From the aws-lc-rs crate, only version 1.11.1 has been FIPS validated while the latest version are on still on module review process under AWS-LC 3.0 Cryptographic Module
So the following Cargo.toml work but uses a non validated FIPS library
[package]
name = "rust-fips-140"
version = "0.1.0"
edition = "2024"
# Works because ureq requires rustls ^0.23.22 and
# aws-lc-rs > 0.11.1 is NOT yet fips validated
[dependencies]
aws-lc-rs = { version = "=1.12.1", features = ["fips"] }
rustls = { version = "=0.23.22", features = ["fips"] }
ureq = "3.1.2"While the following doesn't with the following error:
[package]
name = "rust-fips-140"
version = "0.1.0"
edition = "2024"
# aws-lc-rs 1.11.1 is the only FIPS validated version and rustls
# just to ^0.12 after version 0.23.19
[dependencies]
aws-lc-rs = { version = "=1.11.1", features = ["fips"] }
rustls = { version = "=0.23.19", features = ["fips"] }
ureq = "3.1.2" Updating crates.io index
error: failed to select a version for `rustls`.
... required by package `ureq v3.1.2`
... which satisfies dependency `ureq = "^3.1.2"` of package `rust-fips-140 v0.1.0 (/home/user/dev/experiments/rust-fips-140)`
versions that meet the requirements `^0.23.22` are: 0.23.22, 0.23.31, 0.23.29, 0.23.28, 0.23.27, 0.23.26, 0.23.25, 0.23.24, 0.23.23
all possible versions conflict with previously selected packages.
previously selected package `rustls v0.23.19`
... which satisfies dependency `rustls = "=0.23.19"` of package `rust-fips-140 v0.1.0 (/home/user/dev/experiments/rust-fips-140)`
failed to select a version for `rustls` which could resolve this conflictIs there anything on the rustls crate that warrants the bump to > 0.23.19 or could we make rustls = { version = "0.23.19" .. }
Thanks !