min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,457 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

71 Commits

Author SHA1 Message Date
0x676e67 197b9fcb5c Merge remote-tracking branch 'upstream/master' 2025-09-04 16:20:35 +08:00
Kornel c5045fb6b4 Fix patched docs.rs builds 2025-09-03 17:24:22 +01:00
Kornel 8966ca27b7 Test docs.rs docs 2025-09-03 17:24:22 +01:00
0x676e67 d9a1d9442e
feat(boring): adapt boring2 for quinn (#87) 2025-07-25 07:28:03 +08:00
0x676e67 109c35839c chore: fix ci and docs 2025-07-07 21:32:45 +08:00
0x676e67 83e049d8d9
feat(boring): adapt `boring2` for compio async runtime (#85) 
close: https://github.com/0x676e67/boring2/issues/78
 2025-07-07 21:10:50 +08:00
0x676e67 9fb6143b11
chore(boring): deprecate legacy `CertCompressionAlgorithm` API (#69) 
* chore(boring): deprecate legacy `CertCompressionAlgorithm` API

* ci: fix windows build
 2025-05-18 18:55:08 +08:00
0x676e67 ee6d225ea3
ci: use ubuntu-latest (#66) 2025-04-23 12:54:54 +08:00
Rushil Mehra 9c4ea22f72 Use ubuntu-latest for all ci jobs 
ubuntu 20.04 is now deprecated:
https://github.com/actions/runner-images/issues/11101
 2025-04-17 01:18:30 -07:00
0x676e67 ba1ee0dd48 v4.15.11 2025-03-21 20:38:44 +08:00
0x676e67 f55f9e1dd2
build: update workflows action (#61) 2025-03-21 19:36:03 +08:00
0x676e67 20f203cb57
Update ci.yml 2025-03-21 18:19:39 +08:00
Rushil Mehra 11630058f0
Revert "Remove "fips-no-compat", decouple "fips-compat" from "fips"" (#334) 2025-03-17 21:37:14 -05:00
Christopher Patton 57307d739e Remove "fips-no-compat", decouple "fips-compat" from "fips" 
Modify the "fips" feature so that it no longer implies "fips-compat".
The latter is no longer needed for recent builds of boringSSL; users who
need older builds will need to enable "fips-compat" explicitly.

Also, remove the "fipps-no-compat" feature, as it's now equivalent to
"fips".
 2025-03-16 08:43:52 +00:00
andrew-signal 221efdfea9
Update to actions/cache@v4 (#328) 2025-03-10 10:03:32 -07:00
Rushil Mehra 7b4bfcbbee Revert "Refactor!: Introduce a Cargo feature for optional Hyper 0 support" 
This reverts commit 49d5a61163.
 2025-02-21 10:41:18 +00:00
Paul Mabileau 49d5a61163 Refactor!: Introduce a Cargo feature for optional Hyper 0 support 
Closes #294. Requires breaking changes. The default v0 is changed in
favor of v1, but v0 is still kept available, just in a forced module
path. It enables dependency de-duplication when consuming it.

Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
 2024-12-07 21:07:31 +00:00
Kornel 1946603e15 Work around Rust settings inconsistent iOS SDK version 2024-11-28 11:21:39 -08:00
Rushil Mehra 7bb3647406 (ci): brew link x86 toolchain for macos13 runner 
It seems we need to manually symlink the x86_64-unknown-linux-gnu
toolchain for the macos13 runner. Also, we don't need to overwrite the
python version anymore

Fixes https://github.com/cloudflare/boring/issues/285
 2024-10-24 09:49:47 -07:00
Anthony Ramine 193bf3b9d7
Implement optional Hyper 1 support in hyper-boring (#246) 2024-09-18 13:24:35 +02:00
Rushil Mehra a7bfe0d92c Fix macos FIPS crossbuild 2024-08-15 15:09:02 -07:00
Rushil Mehra 8786cda639 (ci): Fix macos crossbuild action by forcing brew link w python@3.11 2024-07-24 18:19:22 +01:00
Rushil Mehra b7baacc047 Fix workflows file, pin mac os FIPS crossbuild runner to macos-13 
The macos-13 runner uses intel chips and thus x86, so clang 12.0.0 is
easily available.
 2024-06-26 16:13:58 +01:00
Ivan Nikulin d9f7e4daf6 Fix crosscompile 2024-05-31 09:38:29 +01:00
Anthony Ramine a8dea4a22c Introduce X509CheckFlags::UNDERSCORE_WILDCARDS 2024-01-02 15:37:36 +01:00
Chris Eager dd281f6ab6 Swap build and run order; always build 2023-12-14 13:25:47 +01:00
Jordan Rose 4d66ada007 Use gcc/g++ as the compilers for windows-gnu, not Clang 2023-12-14 13:25:47 +01:00
Jordan Rose 016d5cb61e Always run tests in bash 
This is only necessary for the windows-gnu target, but causes no
issues anywhere else.
 2023-12-14 13:25:47 +01:00
Jordan Rose 8b86852d8a Add arm64-macos cross-compile to CI 2023-12-14 13:25:47 +01:00
Jordan Rose f82f3fcb0f Add custom linker for Android cross-compilation 2023-12-14 13:25:47 +01:00
Jordan Rose 16327cf5c5 Add custom environment for ARM Linux cross-compilation 2023-12-14 13:25:47 +01:00
Chris Eager 2f62df492b Build tests even for cross-compiling 2023-12-14 13:25:47 +01:00
Jordan Rose 1028909b40 Remove musl test; there's no standard musl C++ setup for us to use 2023-12-14 13:25:47 +01:00
Chris Eager 08c417a97e Make arm and Android builds check-only 2023-12-14 13:25:47 +01:00
Chris Eager f5583312c5 Add matrix.apt_packages 2023-12-14 13:25:47 +01:00
Chris Eager bccb80b115 Refactor check-only and extra-test-args 2023-12-14 13:25:47 +01:00
Chris Eager bbe8cd1b9e Add relevant `--target` to `cargo test` in CI 2023-12-14 13:25:47 +01:00
Anthony Ramine 0f74eade4b Add CI for cross-building from macOS 2023-10-26 11:31:47 +01:00
Christopher Patton 2fa3d96966 Use features to set key exchange preferences 
Overwrite boringSSL's default key exchange preferences with safe
defaults using feature flags:

* "kx-pq-supported" enables support for PQ key exchange algorithms.
  Classical key exchange is still preferred, but will be upgraded to PQ
  if requested.

* "kx-pq-preferred" enables preference for PQ key exchange,
  with fallback to classical key exchange if requested.

* "kx-nist-required" disables non-NIST key exchange.

Each feature implies "kx-safe-default". When this feature is enabled,
don't compile bindings for `SSL_CTX_set1_curves()` and `SslCurve`. This
is to prevent the feature flags from silently overriding curve
preferences chosen by the user.

Ideally we'd allow both: that is, use "kx-*" to set defaults, but still
allow the user to manually override them. However, this doesn't work
because by the time the `SSL_CTX` is constructed, we don't yet know
whether we're the client or server. (The "kx-*" features set different
preferences for each.) If "kx-sfe-default" is set, then the curve
preferences are set just before initiating a TLS handshake
(`SslStreamBuilder::connect()`) or waiting for a TLS handshake
(`SslStreamBuilder::accept()`).
 2023-09-01 14:21:35 -07:00
Eliza Weisman 190fb900a0 run `publish --dry-run` instead of `pacakge` on CI 
As suggested by @inikulin in
https://github.com/cloudflare/boring/pull/159#issuecomment-1697324821
 2023-08-30 14:54:18 +01:00
Eliza Weisman e9318132d8 fix missing space in cargo package CI command 2023-08-30 14:54:18 +01:00
Eliza Weisman 3056660c86 ci: run the cargo package check for all targets 2023-08-30 14:54:18 +01:00
Eliza Weisman c8d52a7614 add CI jobs to run `cargo package` 2023-08-30 14:54:18 +01:00
Ivan Nikulin d4ddd16ee2 Add fips-link-precompiled feature 2023-07-26 14:35:40 +01:00
Ivan Nikulin 0b542999d4 Address review comments 2023-07-10 14:00:52 +01:00
Ivan Nikulin d1ee9bfd86 Use workspace metadata for crates 2023-07-10 11:38:18 +01:00
Ivan Nikulin c4e8a94a69 Add RPK and PQ crypto features 2023-07-07 13:50:36 +01:00
Piotr Sikora 902e7d0c92 Update BoringCrypto to FIPS 140-2 certificate 4407. 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
 2023-05-09 10:37:32 +02:00
Anthony Ramine 7215070e22 Use ubuntu-20.04 image for FIPS build 
Later ubuntu images don't provide clang-7 anymore.
 2023-03-27 12:59:13 +02:00
ilammy 87cdcee599 ci: Test builds for iOS targets 
While it's possible to build Rust tests into an iOS app, start up
a simulator instance, upload the tests there, and launch them --
that's a bit involved process. For now, just check that BoringSSL
compiles for the specified target. Use "--all-targets" to check
all targets, including the unit tests.
 2022-06-03 09:11:38 -05:00