min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,252 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
0x676e67 6ef0ca379e
boring: Add SslCurve `FFDHE2048`/`FFDHE3072` NID support (#20) 2024-12-18 13:14:02 +08:00
0x676e67 30cadfb1eb
boring: Add SslCurve `FFDHE2048`/`FFDHE3072` support (#19) 2024-12-17 23:22:56 +08:00
0x676e67 0ee30f7487
boring: update old ciphers patch (#18) 2024-12-17 20:12:33 +08:00
0x676e67 b0fe60dcf6 Merge remote-tracking branch 'upstream/master' 2024-09-22 07:57:47 +08:00
Bas Westerbaan b1a7434c19 boring-pq.patch Fix by not updating crypto_test_data.cc 
crypto_test_data.cc is not included anymore since 2475ef386b
 2024-09-19 00:17:37 +02:00
Bas Westerbaan 6d3639f173 Add post-quantum key agreement X25519MLKEM768 
This is the successor of X25519Kyber768Draft00.

Spec:

https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/02/

IANA has assigned the codepoint.

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8

Upstream BoringSSL support landed in.

7fb4d3da50

The version of BoringSSL we patch does not include it, so we add it manually.

Chrome and Firefox are planning to enable in October.

This PR is based on the IPD-Wing patch reviewed here:

https://github.com/cloudflare/boring/pull/243

There are two changes. First we simplify the patch a bit as we do not
need IPD-Wing. Secondly, we perform the encapsulation key check, which
was a last minute addition of NIST. We perform this check also for Kyber.
 2024-09-18 12:00:27 +02:00
Bas Westerbaan 2c0a14253a Revert "PQ: fix timing sidechannels and add IPDWing" 
For TLS, early adopters prefer X25519MLKEM768. Remove IPDWing in
preparation for adding X25519MLKEM768.

https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/

This reverts commit 4725a930d5.
 2024-09-18 12:00:27 +02:00
0x676e67 9523ac82c9
Merge patch (#8) 2024-08-12 09:56:42 +08:00
Bas Westerbaan 4725a930d5 PQ: fix timing sidechannels and add IPDWing 
Fix three potential timing sidechannels. These don't affect ephemeral
usage of Kyber as in TLS, but it's good practice to get rid of them anyway.

Also adds IPDWing, a preliminary version of X-Wing using the initial public
draft (IPD) of ML-KEM. Don't use it.
 2024-07-08 19:47:43 +01:00
Rushil Mehra 5aed467dcb Fix building with non bazel commits of boringssl 
We need to add `/build/crypto` and `/build/ssl` to the library search
path to handle the case where we pass `BORING_BSSL_SOURCE_PATH` when
building without enabling any fips features. Otherwise, non bazel
commits will not work because `/build/` itself will not contain any
crypto libraries to link with
 2024-02-02 14:56:55 +00:00
Anthony Ramine a8dea4a22c Introduce X509CheckFlags::UNDERSCORE_WILDCARDS 2024-01-02 15:37:36 +01:00
Ivan Nikulin 2475ef386b Reduce release bundle size by excluding PQ test data 2023-08-01 17:51:44 +01:00
Ivan Nikulin 0b542999d4 Address review comments 2023-07-10 14:00:52 +01:00
Ivan Nikulin d59d170c4d Update docs 2023-07-10 12:29:30 +01:00
Ivan Nikulin d1ee9bfd86 Use workspace metadata for crates 2023-07-10 11:38:18 +01:00
Ivan Nikulin c4e8a94a69 Add RPK and PQ crypto features 2023-07-07 13:50:36 +01:00