This commit modifies the Cargo `include` field for `boring-sys` to
include all the files necessary to actually build the FIPS-certified
revision of BoringSSL. Currently, some of these files are missing (see
#157 for details on this).
This branch improves on my previous approach in PR #158, which switched
from using a Cargo `include` to a Cargo `exclude`. Using `exclude`
rather than `include` resulted in a much larger crates.io package, but
at the time, I thought this was less likely to result in breakage in the
future, because I was concerned about the inability to verify that the
set of excludes/includes can build a new pinned `boringssl` git revision
without having to actually publish a crates.io release.
However, as @nox pointed out in [this comment][1], `cargo package` can
be used to verify a build with the `exclude`s/`include`s applied. This
branch therefore adds `cargo package` steps to CI that check that the
package can actually be built. This way, we are able to make a much
smaller change to the included files, resulting in a smaller package
published to crates.io.
On this branch, the package is 6.7MiB compressed, which is not much
larger than it was previously:
```
Finished dev [unoptimized + debuginfo] target(s) in 55.65s
Packaged 1851 files, 33.7MiB (6.7MiB compressed)
```
Fixes#157Closes#158
[1]: https://github.com/cloudflare/boring/pull/158#issuecomment-1693067112,
This was originally going to be fixed by #101, however that PR was closed and superseded by #117, which was missing this fix.
The original problem was caused by #97, which updated boringssl to a version that included [a change that removed hmac.h from ssl.h](05b360d797).
This PR adds an include for hmac.h, so it is again available through boring-sys.
Previously we were building from the deps directory with submodules. For publishing we were copying files in sumbodules into the package. With this we were making the package directory dirty with build artifacts and applied patches.
This commit change the build script's behaviour: sources are now copied to the output directory and then boringssl is built from there.
In addition, this commit adds files that were missing from the package for building with patches.
This longer path (inside the prebuilt toolchain included in the NDK)
has been the preferred sysroot since NDK r19. Newer NDKs no longer
have a top-level "sysroot" directory at all.
Cross-compiling to AArch64 Linux can be done with a CMake toolchain
file, along with setting the correct compiler and include paths in the
environment.
Cross-compiling from X64 Windows to ARM64 Windows doesn't look at the
toolchain at all, because CMake + Visual Studio can already
cross-compile. Unfortunately, the Visual Studio CMake generator
doesn't set CMAKE_SYSTEM_PROCESSOR, which is what the BoringSSL
CMakeLists.txt is looking at to choose the architecture. For now,
disable the use of assembly when cross-compiling on Windows (assuming
that the Visual Studio generator will be used there).
As pointed out in the comment, bindgen generates tests that cause
compiler warnings about misaligned references. bindgen people are
aware of the issue, but we have to deal with our warnings that are
treated as errors. For the time being, suppress alignment tests
on platforms that are known to be triggering UB.
I suspect that other non-x86 platforms are affected as well, but I can't
get the tests to compile for those tests at the moment, so I'm not sure.
Dealing with the issues one platform at a time.
cfg!() is evaluated for the host OS executing build.rs script.
What we need here is to look whether we are building *for* macOS.
Otherwise, for example, builds for iOS on macOS will try to add this
flag, causing warnings since rustc does not build cdylibs on iOS.
When bindgen generates bindings for iOS, it must be told to use iOS
sysroot with all the standard C headers. Otherwise it tries using
the host macOS headers and fails miserably.
The architecture alone is not enough. aarch64-apple-ios and
aarch-apple-ios-sim are both building for aarch64, but they need
slightly different CMake flags.
* Add rerun-if-env-changed instructions for BORING_* variables
* Use X509_get0_notBefore() and X509_get0_notAfter() instead of X509_getm_notBefore() and X509_getm_notAfter().
According to
https://www.openssl.org/docs/man1.1.0/man3/X509_getm_notBefore.html,
"X509_getm_notBefore() and X509_getm_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they return
non-constant mutable references to the associated date field of the
certificate".
* Only update boringssl submodule if BORING_BSSL_PATH not provided
* Allow BORING_BSSL_LIB_PATH to control link search
* Add fips feature
* Use X509_set_notAfter unconditionally for FIPS compatibility
This is equivalent according to
https://boringssl.googlesource.com/boringssl/+/c947efabcbc38dcf93e8ad0e6a76206cf0ec8072
The version of boringssl that's FIPS-certified doesn't have `X509_set1_notAfter`.
The only difference between that and `X509_set_notAfter` is whether they're const-correct,
which doesn't seem worth having two different code-paths.
* Check out fips commit automatically
* Verify the version of the compiler used for building boringssl
NIST specifies that it needs to be 7.0.1; I originally tried building with clang 10 and it failed.
Theoretically this should check the versions of Go and Ninja too, but they haven't given me trouble in practice.
Example error:
```
Compiling boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)
error: failed to run custom build command for `boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)`
Caused by:
process didn't exit successfully: `/home/jnelson/work/boring/target/debug/build/boring-sys-31b8ce53031cfd83/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=BORING_BSSL_PATH
--- stderr
warning: missing clang-7, trying other compilers: Permission denied (os error 13)
warning: FIPS requires clang version 7.0.1, skipping incompatible version "clang version 10.0.0-4ubuntu1 "
thread 'main' panicked at 'unsupported clang version "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0": FIPS requires clang 7.0.1', boring-sys/build.rs:216:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
* Add Github actions workflow testing FIPS
Co-authored-by: Joshua Nelson <jnelson@cloudflare.com>
- Major version for boring-sys: `PasswordCallback` was removed
- Major version for boring: the public `*Ref` types were removed and `foreign-types` appears in our public api and had a major version bump
- Patch version for tokio-boring: the only API change was removing the `S: Debug` bound
- Patch version for hyper-boring: no API changes, only removed dependencies
`bindgen`'s default features include dependencies like `clap` and
`env_logger` which are unnecessary when building `boring-sys`. When
using tools like `cargo-deny` to audit dependencies with mismatched
versions, these dependencies can easily conflict with application
dependencies.
This change disables `bindgen`'s default features to avoid unnecessary
dependencies.
This ensures that all the Rust functions, types and constants
always match the actual BoringSSL definitions.
It also removes quite a lot of manually maintained code, as well
as the need for systest.
The value for `SslOptions::ALL`, for example, was wrong. On current
BoringSSL versions, this is a no-op, and is set to `0`.
Clearing it does nothing. So, the `clear_ctx_options` test, that
passed by accident, was adjusted to use a different option.
The `libc` crate is not required, as we only use it for types that
are already defined in the standard library. It was removed from
`boring-sys`. The same can be done to other crates later.
* 2020-11-09 Document X509V3_add1_i2d and friends.
* 2020-11-09 Re-reformat x509.h.
* 2020-11-11 aarch64: Fix name of gnu property note section
* 2020-11-10 Reformat and convert comments in asn1.h.
* 2020-11-10 Unwind M_ASN1_* macros for primitive types.
* 2020-11-10 Switch M_ASN1_TIME macros within the library.
* 2020-11-11 Remove the legacy MSTRING M_ASN1 macros.
* 2020-11-10 Rearrange ASN1_STRING_copy slightly.
* 2020-11-09 Document some defaults for the EVP RSA interface.
* 2020-11-10 Document the basic ASN1_STRING functions.
* 2020-11-10 Remove some unnecessary pointer casts.
* 2020-09-04 Add APIs for checking ASN.1 INTEGERs.
* 2020-11-11 Const-correct and document more X509 functions.
* 2020-11-13 Fix NETSCAPE_SPKI_get_pubkey documentation.
* 2020-11-18 Always check the TLS 1.3 downgrade signal.
* 2020-11-19 Rename the master_key field in SSL_SESSION to secret.
* 2020-11-19 Add FIPS self test for the TLS KDF.
* 2020-11-19 acvp: add SHA-512/256 support.
* 2020-11-19 Document ASN1_STRING.
* 2020-11-30 Add digest.h to self_check.c
* 2020-11-30 util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal
* 2020-11-30 Poly1305: Use |size_t|; assert |poly1305_state| is large enough.
* 2020-11-25 Improve sk_dup.
* 2020-12-01 aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
* 2020-12-01 Only accept little-endian ARM and MIPS variants in base.h.
* 2020-12-02 Update FIPS.md to include latest FIPS certificate.
* 2020-12-02 draft-ietf-tls-certificate-compression is now RFC 8879.
* 2020-12-02 Get closer to Ed25519 boundary conditions.
* 2020-12-01 PWCT failures should clear the generated key.
* 2020-10-29 Fix EDIPartyName parsing and GENERAL_NAME_cmp.
* 2020-12-08 Const-correct GENERAL_NAME_cmp.
* 2020-12-07 acvp: fix subprocess_test.go
* 2020-12-07 acvp: tweak config
* 2020-12-07 acvp: add TLS KDF support
* 2020-03-11 Implement GREASE for ECH (draft-ietf-tls-esni-08).
* 2020-12-08 Reject bad ASN.1 templates with implicitly-tagged CHOICEs.
* 2020-12-08 Align armv8.pl references to OPENSSL_armcap_P.
* 2020-12-08 acvp: add support for KAS
* 2020-12-10 Add TLS_KDF to documented break tests.
* 2020-12-09 Skip ASN.1 template tests in Windows shared library builds.
* 2020-12-01 Switch to passive entropy collection for Android FIPS.
* 2020-12-11 Finish switching to NASM.
* 2020-12-11 Remove unused Netware codepaths in x86 perlasm.
* 2020-12-10 Move DH code into the FIPS module.
* 2020-12-10 acvp: add support for finite-field Diffie–Hellman.
* 2020-12-14 Include bn.h from bn/internal.h
* 2020-12-02 Fix ChaCha20-Poly1305 x86-64 asm on Windows
* 2020-12-15 Check for trailing data in X509Test.GeneralName.
* 2020-12-15 Use stdlib.h instead of cstdlib in span.h.
* 2020-12-14 Add support for the new QUIC TLS extension codepoint
* 2020-12-14 Move DH parameter generation out of the FIPS module.
* 2020-12-16 Revert "Add support for the new QUIC TLS extension codepoint"
* 2020-12-16 Use more efficient std::string::find overload.
* 2020-12-17 Export tool_sources to GN.
* 2020-12-16 Allow some non-minimal lengths in BER.
* 2020-12-17 acvp: load config later.
* 2020-12-17 acvp: fix silly errors.
* 2020-12-22 Add .text.unlikely.* pattern to fips_shared.lds.
* 2020-12-23 acvp: better document the subprocess protocol.
* 2020-12-23 Gerrit ignores <sup>; use Unicode superscript instead.
* 2020-12-21 Update ECH GREASE to draft-ietf-tls-esni-09
* 2020-12-21 Fix awkward wording in comment.
* 2021-01-05 Fix chacha20_poly1305_x86_64.pl comments.
* 2020-12-17 acvp: add tests
* 2021-01-06 Update third_party/googletest.
* 2020-12-22 delocate: support alternative comment indicators
* 2020-12-22 delocate: eliminate expression from vpaes assembly.
* 2021-01-06 Add some OpenSSL-compatibility aliases
* 2020-12-17 acvp: drop subprocess_test.go
* 2021-01-06 Update HPKE to draft-irtf-cfrg-hpke-07.
* 2021-01-07 A handful more compatibility functions.
* 2021-01-06 Optimize suffix building in FileTest::ReadNext().
* 2021-01-08 Use gai_strerrorA on Windows.
* 2020-10-19 Add ASM optimizations for Windows on Arm
* 2020-12-22 delocate: handle Aarch64 assembly in parser.
* 2020-10-29 Send ECH acceptance signal from backend server.
* 2021-01-12 Test that ALPS can be deferred to the ALPN callback.
* 2021-01-12 runner: Allow tokbind without RI/EMS in TLS 1.3.
* 2021-01-12 Fix ALPS state machine in QUIC servers.
* 2021-01-12 Make QUIC work with -async tests.
* 2021-01-12 Make QUIC tests work with early data.
* 2021-01-12 Run extension tests at all protocols.
* 2021-01-12 Replace MockQUICTransport tags with record types.
* 2020-12-22 delocate: preprocess perlasm output on Aarch64
* 2021-01-14 Add support for the new QUIC TLS extension codepoint
* 2021-01-15 doc: fix SSL_set0_rbio
* 2021-01-18 acvp: add XTS support.
* 2021-01-19 Fix client 0-RTT handling with ALPS.
* 2021-01-08 Add DH_compute_key_padded.
* 2020-12-22 delocate: support Aarch64
* 2021-01-19 Make BN_clear_free a wrapper around BN_free.
* 2021-01-20 Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.
* 2021-01-21 Fix comments that refer to old draft of HPKE.
* 2021-01-21 acvp: don't advertise SHA-1 RSA signature generation.
* 2021-01-21 acvp: drop 3DES fields from output when unused.
* 2021-01-17 Support cross-compiling AArch64 FIPS to Android.
* 2021-01-22 acvp: update test expectations in light of 8dcdcb39a7
* 2021-01-22 acvp: check that the payloadLen of cipher tests is correct.
* 2021-01-21 Add basic BLAKE2b-256 support.
* 2021-01-25 acvp: update to newer FFDH test.
* 2021-01-19 Add FFDH FIPS self-test.
* 2021-01-27 Support MOVLPS and MOVHPS in delocate.
* 2021-01-27 Benchmark BORINGSSL_self_test in FIPS mode.
* 2021-01-27 acvp: move CMAC verification into the module wrapper.
* 2021-01-28 Use ID instead of Id in Go.
* 2021-01-29 Fix TLS13SessionID-TLS13 test.
* 2021-01-29 Revert "Disable check that X.509 extensions implies v3."
* 2021-02-02 Add missing include to self_check.c.
* 2021-02-02 Add various function calls to test_fips.
* 2021-02-04 Include bn/internal.h for non-bcm.c builds.
Ivan Nikulin