sync upstream (#54)

* RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client X25519MLKEM768 is the standardised successor of the preliminary X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768. Cloudflare supports both on the edge. We've had support for X25519MLKEM768 in this crate for a while, but didn't enable by default. We're now enabling serverside support by default. We also let clients advertise support when set to kx-client-pq-supported. We don't enable support by default yet for clients set to kx-client-pq-preferred, as that would cause an extra round-trip due to HelloRetryRequest if the server doesn't support X25519MLKEM768 yet. BoringSSL against which we build must support X25519MLKEM768, otherwise this will fail. * replace once_cell with LazyLock We can drop the once_cell dependency since the same functionality is implemented in std now. Requires bumping MSRV to 1.80. * fix manual_c_str_literals clippy warning * chore: Fix docs on SslRef::replace_ex_data * Detailed error codes * Clean up boring_sys::init() We don't need the workaround that was initially introduced for a bug in openssl, and OPENSSL_init_ssl always calls into CRYPTO_library_init on boringssl, so just call it explicitly. * Expose EVP_HPKE_KEY * Expose client/server-side ECH Resolves https://github.com/cloudflare/boring/issues/282 * Clean up ECH tests * Expose SSL_set_enable_ech_grease * Use corresponds macro * build: Fix the build for 32-bit Linux platform (#312) build: Fix the build for 32-bit Linux platform * Set CMAKE_BUILD_PARALLEL_LEVEL to available_parallelism cmake-rs' jobserver doesn't work reliably, if at all. One workaround is to set CMAKE_BUILD_PARALLEL_LEVEL to available_parallelism(). On my machine it shaves ~35 seconds off of boring-sys builds. * Expose SSL_CTX_set1_ech_keys from SslContextRef We currently expose this method on `SslContextBuilder`, which is fine for bootstrapping an `SSL_CTX`, but subsequent attempts to set ECH keys (like during key rotation) can only happen via `SslContextRef`. Also update the method on the builder to take an immutable reference to self because the API is thread safe. * Bump cmake-rs to improve Mac OS build parallelism There's a bug on OSX that prevents the CMake jobserver from working properly, and so CMake defaults to a single-threaded build. It's not clear when this is actually going to get fixed, so recent versions of cmake-rs just disable the jobserver and have CMake fall back to the number of available cores: https://github.com/rust-lang/cmake-rs/pull/229 This means we don't need e6833b0074 * Release 4.14.0 (#317) * Actually expose SslEchKeys * Address clippy lints * Revert "Refactor!: Introduce a Cargo feature for optional Hyper 0 support" This reverts commit 49d5a61163. * Revert "Refactor!: Remove strict `TokioIo` response requirement from `hyper_boring::v1::HttpsConnector`" This reverts commit e518c2444a. * Introduce a builder pattern for SslEchKeys + make set_ech_keys take a reference (#320) Previously, set_ech_keys would consume the SslEchKeys struct to enforce the requirement that the struct is immutable after initializing it on a SSL_CTX. The problem with this is that it requires applications to needlessly reallocate the SslEchKeys struct if they want to initialize keys on multiple SSL_CTXs, which is a pretty common pattern. To work around this, we introduce a builder (SslEchKeysBuilder) that requires mutable access to add keys to the underlying struct. set_ech_keys takes in a reference to SslEchKeys, which can only be made via consuming the builder. * Revert cmake bump (for now) as it is overly restrictive (#321) Some users of boring have issues with newer versions of cmake. Because we have an alternative solution, we can hold off on the bump for now. --------- Co-authored-by: Bas Westerbaan <bas@cloudflare.com> Co-authored-by: Alessandro Ghedini <alessandro@cloudflare.com> Co-authored-by: Evan Rittenhouse <erittenhouse@cloudflare.com> Co-authored-by: Kornel <kornel@cloudflare.com> Co-authored-by: Rushil Mehra <rmehra@cloudflare.com> Co-authored-by: Rushil Mehra <84047965+rushilmehra@users.noreply.github.com>
2025-02-23 19:42:23 +08:00 · 2025-02-23 19:42:23 +08:00 · 7ee98f663e
parent 372501ffc2
commit 7ee98f663e
8 changed files with 96 additions and 36 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -366,7 +366,5 @@ jobs:
      name: Run `rpk,underscore-wildcards` tests
    - run: cargo test --features pq-experimental,rpk,underscore-wildcards
      name: Run `pq-experimental,rpk,underscore-wildcards` tests
-    - run: cargo test -p hyper-boring --features hyper1-runtime
+    - run: cargo test -p hyper-boring --features hyper1
      name: Run hyper 1.0 tests for hyper-boring
-    - run: cargo test -p hyper-boring --features hyper0-runtime
-      name: Run hyper 0. tests for hyper-boring
--- a/27
+++ b/27
@ -1,3 +1,25 @@
+
+4.14.0
+- 2024-01-27 Set CMAKE_BUILD_PARALLEL_LEVEL to available_parallelism
+- 2025-02-14 build: Fix the build for 32-bit Linux platform (#312)
+- 2024-11-30 Use corresponds macro
+- 2025-02-12 Expose SSL_set_enable_ech_grease
+- 2025-02-12 Clean up ECH tests
+- 2025-02-10 Expose client/server-side ECH
+- 2025-02-10 Expose EVP_HPKE_KEY
+- 2025-02-10 Clean up boring_sys::init()
+- 2024-11-27 Detailed error codes
+- 2025-02-04 chore: Fix docs on SslRef::replace_ex_data
+- 2025-01-22 fix manual_c_str_literals clippy warning
+- 2025-01-22 replace once_cell with LazyLock
+- 2025-01-13 RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client
+- 2024-07-31 Allow dead_code instead of disabling clippy entirely for bindgen
+- 2024-11-12 Remove INVALID_CALL from mid-handshake error message
+- 2024-08-16 Fix bug with accessing memzero'd X509StoreContext in tests
+- 2024-08-16 Support linking with a runtime cpp library
+- 2024-12-06 Refactor!: Introduce a Cargo feature for optional Hyper 0 support
+- 2024-12-06 Refactor!: Remove strict `TokioIo` response requirement from `hyper_boring::v1::HttpsConnector`
+
 4.13.0
 - 2024-11-26 Sync X509StoreBuilder with openssl
 - 2024-11-26 Sync X509VerifyFlags with openssl
@ -6,7 +28,7 @@
 - 2024-11-28 Clippy
 - 2024-03-11 Fix Windows build

-4.12.0 
+4.12.0
 - 2024-11-20 Add bindings for SSL_CB_ACCEPT_EXIT and SSL_CB_CONNECT_EXIT
 - 2024-10-22 (ci): brew link x86 toolchain for macos13 runner
 - 2024-10-22 Skip bindgen 0.70's layout tests before Rust 1.77
@ -14,7 +36,7 @@

 4.11.0
 - 2024-10-17 boring-sys: include HPKE header file for bindgen
- 2024-10-17 Add "fips-compat" feature
+- 2024-10-17 Add "fips-compat" feature (#286)
 - 2024-09-25 Create semgrep.yml

 4.10.3
@ -47,6 +69,7 @@
 - 2024-08-04 Properly handle `Option<i32>` in `SslRef::set_curves`

 4.9.0
+- 2024-08-02 Actually Release 4.9.0
 - 2024-08-02 Guard against empty strings given to select_next_proto (#252)
 - 2024-08-01 Document `SslCurve::nid()`
 - 2024-08-01 Add SslCurve::to_nid() and remove SslCurveId
--- a/boring-sys/Cargo.toml
+++ b/boring-sys/Cargo.toml
@ -19,6 +19,7 @@ include = [
    "/LICENSE-MIT",
    "/cmake/*.cmake",
    # boringssl (non-FIPS)
+    "/deps/boringssl/src/util/32-bit-toolchain.cmake",
    "/deps/boringssl/**/*.[chS]",
    "/deps/boringssl/**/*.asm",
    "/deps/boringssl/sources.json",
@ -31,6 +32,7 @@ include = [
    "/deps/boringssl/**/sources.cmake",
    "/deps/boringssl/LICENSE",
    # boringssl (FIPS)
+    "/deps/boringssl-fips/src/util/32-bit-toolchain.cmake",
    "/deps/boringssl-fips/**/*.[chS]",
    "/deps/boringssl-fips/**/*.asm",
    "/deps/boringssl-fips/**/*.pl",
--- a/boring-sys/build/config.rs
+++ b/boring-sys/build/config.rs
@ -165,7 +165,7 @@ impl Env {
            opt_level: target_var("OPT_LEVEL"),
            android_ndk_home: target_var("ANDROID_NDK_HOME").map(Into::into),
            cmake_toolchain_file: target_var("CMAKE_TOOLCHAIN_FILE").map(Into::into),
-            cpp_runtime_lib: target_var("BORING_BSSL_RUST_CPPLIB").map(Into::into),
+            cpp_runtime_lib: target_var("BORING_BSSL_RUST_CPPLIB"),
        }
    }
 }
--- a/boring-sys/build/main.rs
+++ b/boring-sys/build/main.rs
@ -572,6 +572,10 @@ fn built_boring_source_path(config: &Config) -> &PathBuf {

        let mut cfg = get_boringssl_cmake_config(config);

+        if let Ok(threads) = std::thread::available_parallelism() {
+            cfg.env("CMAKE_BUILD_PARALLEL_LEVEL", threads.to_string());
+        }
+
        if config.features.fips {
            let (clang, clangxx) = verify_fips_clang_version();
            cfg.define("CMAKE_C_COMPILER", clang)
--- a/boring/src/ssl/ech.rs
+++ b/boring/src/ssl/ech.rs
@ -1,11 +1,54 @@
 use crate::ffi;
-use foreign_types::{ForeignType, ForeignTypeRef};
+use foreign_types::ForeignType;
 use libc::c_int;

 use crate::error::ErrorStack;
 use crate::hpke::HpkeKey;
 use crate::{cvt_0i, cvt_p};

+pub struct SslEchKeysBuilder {
+    keys: SslEchKeys,
+}
+
+impl SslEchKeysBuilder {
+    pub fn new() -> Result<SslEchKeysBuilder, ErrorStack> {
+        unsafe {
+            ffi::init();
+            let keys = cvt_p(ffi::SSL_ECH_KEYS_new())?;
+
+            Ok(SslEchKeysBuilder::from_ptr(keys))
+        }
+    }
+
+    pub unsafe fn from_ptr(keys: *mut ffi::SSL_ECH_KEYS) -> Self {
+        Self {
+            keys: SslEchKeys::from_ptr(keys),
+        }
+    }
+
+    pub fn add_key(
+        &mut self,
+        is_retry_config: bool,
+        ech_config: &[u8],
+        key: HpkeKey,
+    ) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt_0i(ffi::SSL_ECH_KEYS_add(
+                self.keys.as_ptr(),
+                is_retry_config as c_int,
+                ech_config.as_ptr(),
+                ech_config.len(),
+                key.as_ptr(),
+            ))
+            .map(|_| ())
+        }
+    }
+
+    pub fn build(self) -> SslEchKeys {
+        self.keys
+    }
+}
+
 foreign_type_and_impl_send_sync! {
    type CType = ffi::SSL_ECH_KEYS;
    fn drop = ffi::SSL_ECH_KEYS_free;
@ -14,30 +57,7 @@ foreign_type_and_impl_send_sync! {
 }

 impl SslEchKeys {
-    pub fn new() -> Result<SslEchKeys, ErrorStack> {
-        unsafe {
-            ffi::init();
-            cvt_p(ffi::SSL_ECH_KEYS_new()).map(|p| SslEchKeys::from_ptr(p))
-        }
-    }
-}
-
-impl SslEchKeysRef {
-    pub fn add_key(
-        &mut self,
-        is_retry_config: bool,
-        ech_config: &[u8],
-        key: HpkeKey,
-    ) -> Result<(), ErrorStack> {
-        unsafe {
-            cvt_0i(ffi::SSL_ECH_KEYS_add(
-                self.as_ptr(),
-                is_retry_config as c_int,
-                ech_config.as_ptr(),
-                ech_config.len(),
-                key.as_ptr(),
-            ))
-            .map(|_| ())
-        }
+    pub fn builder() -> Result<SslEchKeysBuilder, ErrorStack> {
+        SslEchKeysBuilder::new()
    }
 }
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -108,6 +108,8 @@ pub use self::cert_compression::CertCompressionAlgorithm;
 pub use self::connector::{
    ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder,
 };
+#[cfg(not(feature = "fips"))]
+pub use self::ech::SslEchKeysRef;
 pub use self::error::{Error, ErrorCode, HandshakeError};

 mod async_callbacks;
@ -2018,7 +2020,7 @@ impl SslContextBuilder {
    /// threads.
    #[cfg(not(feature = "fips"))]
    #[corresponds(SSL_CTX_set1_ech_keys)]
-    pub fn set_ech_keys(&mut self, keys: SslEchKeys) -> Result<(), ErrorStack> {
+    pub fn set_ech_keys(&self, keys: &SslEchKeys) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::SSL_CTX_set1_ech_keys(self.as_ptr(), keys.as_ptr())).map(|_| ()) }
    }

@ -2253,6 +2255,16 @@ impl SslContextRef {
        let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) };
        SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode")
    }
+
+    /// Registers a list of ECH keys on the context. This list should contain new and old
+    /// ECHConfigs to allow stale DNS caches to update. Unlike most `SSL_CTX` APIs, this function
+    /// is safe to call even after the `SSL_CTX` has been associated with connections on various
+    /// threads.
+    #[cfg(not(feature = "fips"))]
+    #[corresponds(SSL_CTX_set1_ech_keys)]
+    pub fn set_ech_keys(&self, keys: &SslEchKeys) -> Result<(), ErrorStack> {
+        unsafe { cvt(ffi::SSL_CTX_set1_ech_keys(self.as_ptr(), keys.as_ptr())).map(|_| ()) }
+    }
 }

 /// Error returned by the callback to get a session when operation
--- a/boring/src/ssl/test/ech.rs
+++ b/boring/src/ssl/test/ech.rs
@ -18,11 +18,12 @@ static ECH_KEY_2: &[u8] = include_bytes!("../../../test/echkey-2");
 fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBuilder) {
    let server = {
        let key = HpkeKey::dhkem_p256_sha256(key).unwrap();
-        let mut ech_keys = SslEchKeys::new().unwrap();
-        ech_keys.add_key(true, config, key).unwrap();
+        let mut ech_keys_builder = SslEchKeys::builder().unwrap();
+        ech_keys_builder.add_key(true, config, key).unwrap();
+        let ech_keys = ech_keys_builder.build();

        let mut builder = Server::builder();
-        builder.ctx().set_ech_keys(ech_keys).unwrap();
+        builder.ctx().set_ech_keys(&ech_keys).unwrap();

        builder.build()
    };