* Add fips-precompiled feature to support newer versions of FIPS (#338)
Newer versions of FIPS don't need any special casing in our bindings,
unlike the submoduled boringssl-fips. In addition, many users currently
use FIPS by precompiling BoringSSL with the proper build tools and
passing that in to the bindings.
Until we adopt the Update Stream pattern for FIPS, there are two main
use cases:
1. Passing an unmodified, precompiled FIPS validated version of
boringssl (fips-precompiled)
2. Passing a custom source directory of boringssl meant to be linked
with a FIPS validated bcm.o. This is mainly useful if you carry
custom patches but still want to use a FIPS validated BoringCrypto.
(fips-link-precompiled)
This commit introduces the `fips-precompiled` feature and removes the
`fips-no-compat` feature.
* Release 4.16.0 (#341)
* feat(x509): Implement `Clone` for `X509Store` (#339)
* boring(x509): impl Clone of X509Store
* expose SSL_set_compliance_policy
* fix clippy error
* Use ubuntu-latest for all ci jobs
ubuntu 20.04 is now deprecated:
https://github.com/actions/runner-images/issues/11101
* add SslCurve::X25519_MLKEM768 constant
* Clippy
* Fix linking SystemFunction036 from advapi32 in Rust 1.87
* rustfmt ;(
* build: Fix the build for 32-bit Linux platform
* Update Cargo.toml
* boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm`
* Add `X509_STORE_CTX_get0_cert` interface
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
* Update bindgen from 0.70.1 -> 0.71.1.
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353)
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"
This reverts commit 49a8d0906a.
See <https://github.com/cloudflare/boring/pull/120>.
* Ensure Clone is not added to X509Store
* Add comment about why X509Store must not implement Clone
---------
Co-authored-by: Kornel <kornel@cloudflare.com>
* Release 4.17.0 (#354)
* Add set_verify_param
* clippy fix
---------
Co-authored-by: Rushil Mehra <84047965+rushilmehra@users.noreply.github.com>
Co-authored-by: Shih-Chiang Chien <shih-chiang@cloudflare.com>
Co-authored-by: Rushil Mehra <rmehra@cloudflare.com>
Co-authored-by: Eric Rosenberg <eric_rosenberg@apple.com>
Co-authored-by: Kornel <kornel@cloudflare.com>
Co-authored-by: James Larisch <jlarisch@cloudflare.com>
Co-authored-by: Yury Yarashevich <yura.yaroshevich@gmail.com>
Co-authored-by: Anthony Ramine <123095+nox@users.noreply.github.com>
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"
This reverts commit 49a8d0906a.
See <https://github.com/cloudflare/boring/pull/120>.
* Ensure Clone is not added to X509Store
* Add comment about why X509Store must not implement Clone
---------
Co-authored-by: Kornel <kornel@cloudflare.com>
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
Newer versions of FIPS don't need any special casing in our bindings,
unlike the submoduled boringssl-fips. In addition, many users currently
use FIPS by precompiling BoringSSL with the proper build tools and
passing that in to the bindings.
Until we adopt the Update Stream pattern for FIPS, there are two main
use cases:
1. Passing an unmodified, precompiled FIPS validated version of
boringssl (fips-precompiled)
2. Passing a custom source directory of boringssl meant to be linked
with a FIPS validated bcm.o. This is mainly useful if you carry
custom patches but still want to use a FIPS validated BoringCrypto.
(fips-link-precompiled)
This commit introduces the `fips-precompiled` feature and removes the
`fips-no-compat` feature.
The "fips" feature implies use of a prebuilt boringSSL. The boringSSL
API consumed by `SslCurve` in incompatible with older versions of
boringSSL.
In the `ffi` bindings, the following symbols don't exist in older
builds:
* NID_X25519MLKEM768
* SSL_CURVE_X25519_MLKEM768
* NID_X25519Kyber768Draft00Old
The following symbols have been renamed:
* SSL_CURVE_P256KYBER768DRAFT00 => SSL_CURVE_P256_KYBER768_DRAFT00
* SSL_CURVE_X25519KYBER512DRAFT00 => SSL_CURVE_X25519_KYBER512_DRAFT00
* SSL_CURVE_X25519KYBER768DRAFT00OLD => SSL_CURVE_X25519_KYBER768_DRAFT00_OLD
* SSL_CURVE_P256KYBER768DRAFT00 => SSL_CURVE_P256_KYBER768_DRAFT00
Meanwhile, the `ssl_set_curves_list()` API is stable across these
versions of boringSSL.
These codepoints are added to the `SslCurve` API whenever
"pq-experimental" is enabled. Since this feature is no longer mutually
exclusive with prebuilt boringSSL (`boring-sys` just ignores patches),
we also need to disable this API whenever "fips" is enabled.
Internal users often have two builds for `boring`, one using a
precompiled build of boringSSL and another built from source with
patches applied. However the features that enable these builds are
mutually exclusive. For example, the `"pq-experimental"` feature is
required to build the source with all of the necessary codepoints for PQ
key exchange, but if this feature is enabled and a precompiled boringSSL
is provided, then the build will fail. This means users will have to
also control their builds with mutually exclusive features.
An alternative is to *ignore* features that enable patches whenever a
precompiled boringSSL is provided. This is a little different from the
"assume patched" environment variable, which applies whenever we're
building from source.
James Larisch