bb5caa43a2
boring-sys: Add support for Linux ARM(v7)
...
Signed-off-by: morph027 <stefan.heitmueller@gmx.com>
2023-07-27 13:15:53 -07:00
3478bc2668
Merge pull request #83 from signalapp/private_key_to_der_pkcs8
...
boring: Expose PKey::private_key_to_der_pkcs8(_passphrase)
2023-07-27 10:11:02 +01:00
f9e1d2e51c
Merge pull request #130 from inikulin/frankenfips
...
Add fips-link-precompiled feature
2023-07-27 10:05:08 +01:00
d4ddd16ee2
Add fips-link-precompiled feature
2023-07-26 14:35:40 +01:00
09d92e54fc
Merge pull request #128 from ghedo/bssl_source_path
...
Allow specifying a custom BoringSSL source directory
2023-07-14 15:14:42 +01:00
f772338238
Allow specifying a custom BoringSSL source directory
2023-07-14 10:47:37 +01:00
63e178d880
Merge pull request #126 from inikulin/rpk-pqc
...
Add RPK and PQ crypto features
2023-07-10 23:08:33 +01:00
0b542999d4
Address review comments
2023-07-10 14:00:52 +01:00
d59d170c4d
Update docs
2023-07-10 12:29:30 +01:00
d1ee9bfd86
Use workspace metadata for crates
2023-07-10 11:38:18 +01:00
c4e8a94a69
Add RPK and PQ crypto features
2023-07-07 13:50:36 +01:00
8f488550eb
Merge pull request #120 from nox/revert
...
Revert "Merge pull request #108 from nox/store-clone"
2023-07-03 11:09:41 +01:00
6e751e85cb
Revert "Merge pull request #108 from nox/store-clone"
...
This reverts commit 1c1af4b38bda32be1fa9
2023-05-15 15:36:17 +02:00
ad2517f797
Fix build
2023-05-15 15:36:17 +02:00
1c1af4b38b
Merge pull request #108 from nox/store-clone
...
Implement ToOwned for X509StoreRef and Clone for X509Store
2023-05-11 16:25:11 +01:00
da32be1fa9
Merge pull request #114 from nox/nox/openssl-fixes
...
Port security fixes from the openssl crate (fixes #111 )
2023-05-11 16:24:29 +01:00
ec52371e6b
Merge pull request #79 from signalapp/deriver-leak
...
boring: Fix memory leak in `Deriver`
2023-05-11 16:23:56 +01:00
0dd85d187b
Merge pull request #117 from nox/bump-boringssl
...
Update boringssl to latest upstream commit (fixes #100 )
2023-05-11 16:23:28 +01:00
561d786c10
Merge pull request #97 from PiotrSikora/boringcrypto_4407
...
Update BoringCrypto to FIPS 140-2 certificate 4407.
2023-05-11 16:22:25 +01:00
e1dc466cd1
Merge pull request #104 from tbu-/pr_doc_typo
...
psuedo → pseudo
2023-05-11 16:20:47 +01:00
7cfe2065a3
Merge pull request #115 from nox/bindgen
...
Bump bindgen to 0.65.1
2023-05-09 23:04:37 +01:00
902e7d0c92
Update BoringCrypto to FIPS 140-2 certificate 4407.
...
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
2023-05-09 10:37:32 +02:00
6274f70726
Update boringssl to latest upstream commit
...
Notable commits that cause code changes here:
X509 fields notBefore and notAfter need to be specified
https://boringssl-review.googlesource.com/c/boringssl/+/49349
X509ReqBuilder only accepts X509v1 now
https://boringssl-review.googlesource.com/c/boringssl/+/52605
Some functions switched from int to size_t
https://boringssl-review.googlesource.com/c/boringssl/+/54985
CECPQ2 support was dropped
https://boringssl-review.googlesource.com/c/boringssl/+/58645
This is a breaking change.
2023-05-09 10:28:10 +02:00
530db8841b
Bump bindgen to 0.65.1
2023-05-05 11:58:47 +02:00
2ceb99216f
Implement ToOwned for X509StoreRef and Clone for X509Store
2023-05-05 11:10:42 +02:00
b36b1705b3
Fix race condition with X509Name creation
2023-05-05 11:10:11 +02:00
90dfe2f912
Document the horror show
2023-05-05 11:10:11 +02:00
c80e3a3ec5
Always provide an X509V3Context in X509Extension::new because OpenSSL requires it for some extensions (and segfaults without)
2023-05-05 11:10:11 +02:00
0f28001027
Resolve an injection vulnerability in EKU creation
2023-05-05 11:10:10 +02:00
1eea7c5271
Resolve an injection vulnerability in SAN creation
2023-05-05 11:10:10 +02:00
ae0cd6b98e
Add X509Name to/from DER methods
...
Since X509Name is more complex than a single value (it's a a sequence
of entries) it's useful to be able to serialise/deserialise to/from
flat data, and DER is a natural form for this.
So add a {i2d,d2i}_X509_NAME -sys functions, and to_der/from_der
wrappers in X509NameRef and X509Name respectively.
Originally added in https://github.com/sfackler/rust-openssl/pull/1534
2023-05-05 11:10:10 +02:00
f8e225e6a4
Add additional function so that x509 name with specific type can be added
...
Originally added in https://github.com/sfackler/rust-openssl/pull/1371
2023-05-05 11:10:10 +02:00
4ce9c50b63
Merge pull request #116 from nox/clippy
...
Fix all clippy lints
2023-05-05 09:44:30 +01:00
74b0cc0da7
Fix lints
2023-03-27 13:15:12 +02:00
6d61bf2adb
Fix google test
...
Sometimes google replies with 302 to redirect to another Google website
with a country-specific TLD. We don't actually care which status code
is returned, just that we successfully connect to google.com with
the HTTPS connector.
2023-03-27 13:14:40 +02:00
7215070e22
Use ubuntu-20.04 image for FIPS build
...
Later ubuntu images don't provide clang-7 anymore.
2023-03-27 12:59:13 +02:00
8c2c2bd2b6
Add link in docs
2023-02-28 14:33:07 +01:00
f102b3792b
psuedo → pseudo
2023-02-28 13:27:35 +01:00
3059ba6e10
Merge pull request #78 from signalapp/aarch64-cross-compilation
...
Add minimal cross-compilation support for Windows and AArch64 Linux
2022-09-27 16:14:52 +01:00
34929928c4
bump version number for tokio-boring
...
this is necessary so we can publish a version with the `fips` feature,
even though in practice the crate is exactly the same.
2022-09-16 13:13:08 -05:00
da2c13e761
Update changelogs and bump version numbers
2022-09-16 13:03:26 -05:00
bd4f8d58ef
Fix clippy warnings
2022-09-16 12:13:55 -05:00
774e721ad9
Remove uses of `mem::uninitialized`
...
According to [the docs](https://doc.rust-lang.org/stable/std/mem/fn.uninitialized.html ),
> Calling this when the content is not yet fully initialized causes immediate undefined behavior.
> it [is] undefined behavior to have uninitialized data in a variable even if that variable has an integer type.
Using MaybeUninit instead, as recommended by the official documentation, avoids undefined behavior by not creating a `&mut` reference to uninitialized data.
2022-09-16 12:13:55 -05:00
3841e626ae
Remove T: Debug bound
2022-08-09 10:04:22 -05:00
3417b41b5b
hyper-boring: Impl debug for MaybeHttpsStream
2022-08-09 10:04:22 -05:00
172b623bcc
boring: Expose PKey::private_key_to_der_pkcs8(_passphrase)
2022-07-28 16:30:41 -07:00
a117901fe0
boring-sys: Use the Android NDK sysroot when running bindgen
2022-07-25 19:31:59 -04:00
db03da82fd
boring: Fix memory leak in `Deriver`
2022-07-01 12:44:04 -05:00
3bbb1b94b6
Add minimal cross-compilation support for Windows and AArch64 Linux
...
Cross-compiling to AArch64 Linux can be done with a CMake toolchain
file, along with setting the correct compiler and include paths in the
environment.
Cross-compiling from X64 Windows to ARM64 Windows doesn't look at the
toolchain at all, because CMake + Visual Studio can already
cross-compile. Unfortunately, the Visual Studio CMake generator
doesn't set CMAKE_SYSTEM_PROCESSOR, which is what the BoringSSL
CMakeLists.txt is looking at to choose the architecture. For now,
disable the use of assembly when cross-compiling on Windows (assuming
that the Visual Studio generator will be used there).
2022-06-27 18:01:55 -07:00
74a453d8b0
MSVC generator hack should be only applied to MSVC
2022-06-17 15:13:36 -05:00
morph027