Skip to content

Commit

Permalink
Merge upstream release 3.1.0 into libsignal branch
Browse files Browse the repository at this point in the history
  • Loading branch information
jrose-signal committed Oct 12, 2023
2 parents 3c50b28 + 4749c52 commit 02e4a3f
Show file tree
Hide file tree
Showing 42 changed files with 10,556 additions and 710 deletions.
53 changes: 51 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,18 @@ jobs:
# but for now, make sure that BoringSSL only builds.
run: cargo check --target ${{ matrix.target }} --all-targets
name: Check tests (iOS)
- name: Test boring-sys cargo publish
# Running `cargo publish --dry-run` tests two things:
#
# 1. That `boring-sys` can build BoringSSL with just the files included
# in the crates.io package (as determined by the `include` field in
# the `Cargo.toml`).
# 2. That the final `boring-sys` package size, including the BoringSSL
# submodules, is not too large to be published to `crates.io`.
#
# Both of these may no longer be the case after updating the BoringSSL
# submodules to a new revision, so it's important to test this on CI.
run: cargo publish --dry-run -p boring-sys

test-fips:
name: Test FIPS integration
Expand All @@ -189,7 +201,44 @@ jobs:
- name: Install Rust (rustup)
run: rustup update stable --no-self-update && rustup default stable
shell: bash
- name: Install Clang-7
run: sudo apt-get install -y clang-7
- name: Install Clang-12
uses: KyleMayes/install-llvm-action@v1
with:
version: "12.0.0"
directory: ${{ runner.temp }}/llvm
- name: Add clang++-12 link
working-directory: ${{ runner.temp }}/llvm/bin
run: ln -s clang clang++-12
- run: cargo test --features fips
name: Run tests
- name: Test boring-sys cargo publish (FIPS)
# Running `cargo publish --dry-run` tests two things:
#
# 1. That `boring-sys` can build BoringSSL with just the files included
# in the crates.io package (as determined by the `include` field in
# the `Cargo.toml`).
# 2. That the final `boring-sys` package size, including the BoringSSL
# submodules, is not too large to be published to `crates.io`.
#
# Both of these may no longer be the case after updating the BoringSSL
# submodules to a new revision, so it's important to test this on CI.
run: cargo publish --dry-run -p boring-sys --features fips

test-features:
name: Test features
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
submodules: 'recursive'
- name: Install Rust (rustup)
run: rustup update stable --no-self-update && rustup default stable
shell: bash
- run: cargo test --features rpk
name: Run `rpk` tests
- run: cargo test --features pq-experimental
name: Run `pq-experimental` tests
- run: cargo test --features pq-experimental,rpk
name: Run `pq-experimental,rpk` tests
- run: cargo test --features kx-safe-default,pq-experimental
name: Run `kx-safe-default` tests
23 changes: 0 additions & 23 deletions CHANGELOG.md

This file was deleted.

30 changes: 30 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,33 @@ members = [
"tokio-boring",
"hyper-boring"
]
resolver = "2"

[workspace.package]
version = "3.1.0"
repository = "https://github.com/cloudflare/boring"
edition = "2021"

[workspace.dependencies]
boring-sys = { version = "3", path = "./boring-sys", default-features = false }
boring = { version = "3", path = "./boring" }
tokio-boring = { version = "3", path = "./tokio-boring" }

bindgen = { version = "0.66.1", default-features = false, features = ["runtime"] }
cmake = "0.1.18"
fs_extra = "1.3.0"
fslock = "0.2"
bitflags = "2.4"
foreign-types = "0.5"
libc = "0.2"
hex = "0.4"
rusty-hook = "^0.11"
futures = "0.3"
tokio = { version = "1", features = ["full"] }
anyhow = "1"
antidote = "1.0.0"
http = "0.2"
hyper = { version = "0.14", default-features = false, features = ["full"] }
linked_hash_set = "0.1"
once_cell = "1.0"
tower-layer = "0.3"
33 changes: 5 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,34 +5,11 @@
BoringSSL bindings for the Rust programming language and TLS adapters for [tokio](https://github.com/tokio-rs/tokio)
and [hyper](https://github.com/hyperium/hyper) built on top of it.

[Documentation](https://docs.rs/boring).

## Release Support

By default, the crate statically links with the latest BoringSSL master branch.

## Support for pre-built binaries

While this crate can build BoringSSL on its own, you may want to provide pre-built binaries instead.
To do so, specify the environment variable `BORING_BSSL_PATH` with the path to the binaries.

You can also provide specific headers by setting `BORING_BSSL_INCLUDE_PATH`.

_Notes_: The crate will look for headers in the `$BORING_BSSL_INCLUDE_PATH/openssl/` folder, make sure to place your headers there.

_Warning_: When providing a different version of BoringSSL make sure to use a compatible one, the crate relies on the presence of certain functions.

## Building with a FIPS-validated module

Only BoringCrypto module version ae223d6138807a13006342edfeef32e813246b39, as
certified with [certificate
3678](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3678)
is supported by this crate. Support is enabled by this crate's `fips` feature.

`boring-sys` comes with a test that FIPS is enabled/disabled depending on the feature flag. You can run it as follows:
```bash
$ cargo test --features fips fips::is_enabled
```
## Documentation
- Boring API: <https://docs.rs/boring>
- tokio TLS adapters: <https://docs.rs/tokio-boring>
- hyper HTTPS connector: <https://docs.rs/hyper-boring>
- FFI bindings: <https://docs.rs/boring-sys>

## Contribution

Expand Down
Loading

0 comments on commit 02e4a3f

Please sign in to comment.