min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,434 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
0x676e67 80f9221bbb Merge remote-tracking branch 'upstream/master' 2025-06-07 23:08:32 +08:00
Kornel 5fa9c81c88
Sprinkle #[must_use] (#368) 2025-06-05 20:40:35 +01:00
Kornel 4d178a7f9f Clippy 2025-06-05 10:16:08 +01:00
0x676e67 360c3949c8 build: fix doc test 2025-03-21 17:56:57 +08:00
0x676e67 0d30ebfd58
Use corresponds macro (#50) 
* RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client

X25519MLKEM768 is the standardised successor of the preliminary
X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768.
Cloudflare supports both on the edge.

We've had support for X25519MLKEM768 in this crate for a while, but
didn't enable by default. We're now enabling serverside support by
default. We also let clients advertise support when set
to kx-client-pq-supported.

We don't enable support by default yet for clients set to
kx-client-pq-preferred, as that would cause an extra round-trip due to
HelloRetryRequest if the server doesn't support X25519MLKEM768 yet.

BoringSSL against which we build must support X25519MLKEM768, otherwise
this will fail.

* replace once_cell with LazyLock

We can drop the once_cell dependency since the same functionality is
implemented in std now.

Requires bumping MSRV to 1.80.

* fix manual_c_str_literals clippy warning

* chore: Fix docs on SslRef::replace_ex_data

* Detailed error codes

* Clean up boring_sys::init()

We don't need the workaround that was initially introduced for a bug in
openssl, and OPENSSL_init_ssl always calls into CRYPTO_library_init on
boringssl, so just call it explicitly.

* Expose EVP_HPKE_KEY

* Expose client/server-side ECH

Resolves https://github.com/cloudflare/boring/issues/282

* Clean up ECH tests

* Expose SSL_set_enable_ech_grease

* update

* Use corresponds macro

---------

Co-authored-by: Bas Westerbaan <bas@cloudflare.com>
Co-authored-by: Alessandro Ghedini <alessandro@cloudflare.com>
Co-authored-by: Evan Rittenhouse <erittenhouse@cloudflare.com>
Co-authored-by: Kornel <kornel@cloudflare.com>
Co-authored-by: Rushil Mehra <rmehra@cloudflare.com>
 2025-02-14 02:07:41 +08:00
Kornel bf0e21cec8 Use corresponds macro 2025-02-13 09:34:13 -08:00
Ivan Nikulin d8e821bae9 Expose hmac_sha1 function 2024-06-28 10:51:46 +01:00
Ivan Nikulin 738d80a653 Expose hmac_sha256/512 functions 2024-05-31 09:38:29 +01:00
sabjank ea5b399487 Add SHA224, SHA512, SHA512-256 tests 2023-10-11 09:53:30 +02:00
sabjank 2f73d3148a Expose SHA512-256 2023-10-11 09:53:30 +02:00
Anthony Ramine 74b0cc0da7 Fix lints 2023-03-27 13:15:12 +02:00
Joshua Nelson 46787b7b69 Run `cargo fix --edition 2021-08-13 15:22:56 -05:00
Frank Denis 05c6a41270 Use bindgen to automatically generate boring-sys 
This ensures that all the Rust functions, types and constants
always match the actual BoringSSL definitions.

It also removes quite a lot of manually maintained code, as well
as the need for systest.

The value for `SslOptions::ALL`, for example, was wrong. On current
BoringSSL versions, this is a no-op, and is set to `0`.

Clearing it does nothing. So, the `clear_ctx_options` test, that
passed by accident, was adjusted to use a different option.

The `libc` crate is not required, as we only use it for types that
are already defined in the standard library. It was removed from
`boring-sys`. The same can be done to other crates later.
 2021-02-12 15:03:45 +01:00
Ivan Nikulin fc07d7dfbb Fix doc comments 2020-11-11 18:08:14 +00:00
Ivan Nikulin 5cb8947d7e Rename stuff 2020-11-11 17:47:30 +00:00