As pointed out in the comment, bindgen generates tests that cause
compiler warnings about misaligned references. bindgen people are
aware of the issue, but we have to deal with our warnings that are
treated as errors. For the time being, suppress alignment tests
on platforms that are known to be triggering UB.
I suspect that other non-x86 platforms are affected as well, but I can't
get the tests to compile for those tests at the moment, so I'm not sure.
Dealing with the issues one platform at a time.
cfg!() is evaluated for the host OS executing build.rs script.
What we need here is to look whether we are building *for* macOS.
Otherwise, for example, builds for iOS on macOS will try to add this
flag, causing warnings since rustc does not build cdylibs on iOS.
When bindgen generates bindings for iOS, it must be told to use iOS
sysroot with all the standard C headers. Otherwise it tries using
the host macOS headers and fails miserably.
The architecture alone is not enough. aarch64-apple-ios and
aarch-apple-ios-sim are both building for aarch64, but they need
slightly different CMake flags.
* Add rerun-if-env-changed instructions for BORING_* variables
* Use X509_get0_notBefore() and X509_get0_notAfter() instead of X509_getm_notBefore() and X509_getm_notAfter().
According to
https://www.openssl.org/docs/man1.1.0/man3/X509_getm_notBefore.html,
"X509_getm_notBefore() and X509_getm_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they return
non-constant mutable references to the associated date field of the
certificate".
* Only update boringssl submodule if BORING_BSSL_PATH not provided
* Allow BORING_BSSL_LIB_PATH to control link search
* Add fips feature
* Use X509_set_notAfter unconditionally for FIPS compatibility
This is equivalent according to
https://boringssl.googlesource.com/boringssl/+/c947efabcbc38dcf93e8ad0e6a76206cf0ec8072
The version of boringssl that's FIPS-certified doesn't have `X509_set1_notAfter`.
The only difference between that and `X509_set_notAfter` is whether they're const-correct,
which doesn't seem worth having two different code-paths.
* Check out fips commit automatically
* Verify the version of the compiler used for building boringssl
NIST specifies that it needs to be 7.0.1; I originally tried building with clang 10 and it failed.
Theoretically this should check the versions of Go and Ninja too, but they haven't given me trouble in practice.
Example error:
```
Compiling boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)
error: failed to run custom build command for `boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)`
Caused by:
process didn't exit successfully: `/home/jnelson/work/boring/target/debug/build/boring-sys-31b8ce53031cfd83/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=BORING_BSSL_PATH
--- stderr
warning: missing clang-7, trying other compilers: Permission denied (os error 13)
warning: FIPS requires clang version 7.0.1, skipping incompatible version "clang version 10.0.0-4ubuntu1 "
thread 'main' panicked at 'unsupported clang version "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0": FIPS requires clang 7.0.1', boring-sys/build.rs:216:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
* Add Github actions workflow testing FIPS
Co-authored-by: Joshua Nelson <jnelson@cloudflare.com>
This ensures that all the Rust functions, types and constants
always match the actual BoringSSL definitions.
It also removes quite a lot of manually maintained code, as well
as the need for systest.
The value for `SslOptions::ALL`, for example, was wrong. On current
BoringSSL versions, this is a no-op, and is set to `0`.
Clearing it does nothing. So, the `clear_ctx_options` test, that
passed by accident, was adjusted to use a different option.
The `libc` crate is not required, as we only use it for types that
are already defined in the standard library. It was removed from
`boring-sys`. The same can be done to other crates later.
Jordan Rose