We need to add `/build/crypto` and `/build/ssl` to the library search
path to handle the case where we pass `BORING_BSSL_SOURCE_PATH` when
building without enabling any fips features. Otherwise, non bazel
commits will not work because `/build/` itself will not contain any
crypto libraries to link with
These variables let us configure CMAKE_SYSROOT and
CMAKE_{C,CXX,ASM}_EXTERNAL_TOOLCHAIN from env variables
without needing an error-prone custom toolchain file.
Most users won't need BORING_BSSL_EXTERNAL_TOOLCHAIN, but some
packages (such as Homebrew package
messense/macos-cross-toolchains/x86_64-unknown-linux-gnu) don't
install the sysroot at the root of the GCC installation, so clang-12
cannot find crt1.o and crti.o.
Finally, we also set up CMAKE_CROSSCOMPILING and
CMAKE_{C,CXX,ASM}_COMPILER_TARGET to make cross compilation work
with compilers that have cross-compiling drivers (i.e. clang).
We can now cross build boring-sys from macOS to Linux with
fips feature turned on:
brew tap nox/misc
brew install llvm@12.0.0
export PATH="$(brew --prefix llvm@12.0.0)/bin:$PATH"
brew tap messense/macos-cross-toolchains
brew install x86_64-unknown-linux-gnu
export BORING_BSSL_FIPS_EXTERNAL_TOOLCHAIN="$(brew --prefix x86_64-unknown-linux-gnu)/toolchain"
export BORING_BSSL_FIPS_SYSROOT="$BORING_BSSL_FIPS_EXTERNAL_TOOLCHAIN/x86_unknown-linux-gnu/sysroot"
cargo build --target x86_64-unknown-linux-gnu -p boring-sys --features fips
The logic is stolen from cmake-rs, and it is important to
follow it as we will need to look for CMAKE_TOOLCHAIN_FILE
the same way cmake-rs does.
When checking for env variable BORING_BSSL_PATH during a
cross build for target x86_64-unknown-linux-gnu, boring-sys
build script will attempt to read:
BORING_BSSL_PATH_x86_64-unknown-linux-gnu
BORING_BSSL_PATH_x86_64_unknown_linux_gnu
TARGET_BORING_BSSL_PATH
BORING_BSSL_PATH
A basic LLVM 12 build provides clang-12 but not clang++-12, but
it does provide both clang and clang++, so we shouldn't hard fail
when first checking for clang-12 and clang++-12.
Feature no-patches is ever only useful when setting other env variables
BORING_BSSL{,_FIPS}{,_SOURCE}_PATH, and it has no impact on the APIs
provided by any of the boring crates, so we may as well make it an env
variable itself so downstream users have less features to propagate
across their own crate graph.
Builds using feature fips or fips-link-precompiled now
read variables prefixed by BORING_BSSL_FIPS_ instead of
BORING_BSSL_. This helps complex builds where build dependencies
also use boring, where we may not want to use fips there.
Without those separate variables, the boring build for the
build dependencies end up relying on e.g. BORING_BSSL_PATH,
causing errors if this path is a boring checkout intended for
fips builds, while the fips feature isn't enabled for
the build dependency.
This means BORING_SSL_PRECOMPILED_BCM_O is now
BORING_BSSL_PRECOMPILED_BCM_O.
Prefix BORING_BSSL_ has been chosen because that's the
one that is used the most among all the variables
the build script uses.
Using a struct improves navigation of the build script,
as we can rely on rust-analyzer to help us check how
a feature flag or an environment variable is used,
as opposed to grepping for multiple env::var calls
or #[cfg] attributes.
This commit also removes some obsolete blocks of code
related to the now defunct ndk-old-gcc and fuzzing features.
Overwrite boringSSL's default key exchange preferences with safe
defaults using feature flags:
* "kx-pq-supported" enables support for PQ key exchange algorithms.
Classical key exchange is still preferred, but will be upgraded to PQ
if requested.
* "kx-pq-preferred" enables preference for PQ key exchange,
with fallback to classical key exchange if requested.
* "kx-nist-required" disables non-NIST key exchange.
Each feature implies "kx-safe-default". When this feature is enabled,
don't compile bindings for `SSL_CTX_set1_curves()` and `SslCurve`. This
is to prevent the feature flags from silently overriding curve
preferences chosen by the user.
Ideally we'd allow both: that is, use "kx-*" to set defaults, but still
allow the user to manually override them. However, this doesn't work
because by the time the `SSL_CTX` is constructed, we don't yet know
whether we're the client or server. (The "kx-*" features set different
preferences for each.) If "kx-sfe-default" is set, then the curve
preferences are set just before initiating a TLS handshake
(`SslStreamBuilder::connect()`) or waiting for a TLS handshake
(`SslStreamBuilder::accept()`).
This commit modifies the Cargo `include` field for `boring-sys` to
include all the files necessary to actually build the FIPS-certified
revision of BoringSSL. Currently, some of these files are missing (see
#157 for details on this).
This branch improves on my previous approach in PR #158, which switched
from using a Cargo `include` to a Cargo `exclude`. Using `exclude`
rather than `include` resulted in a much larger crates.io package, but
at the time, I thought this was less likely to result in breakage in the
future, because I was concerned about the inability to verify that the
set of excludes/includes can build a new pinned `boringssl` git revision
without having to actually publish a crates.io release.
However, as @nox pointed out in [this comment][1], `cargo package` can
be used to verify a build with the `exclude`s/`include`s applied. This
branch therefore adds `cargo package` steps to CI that check that the
package can actually be built. This way, we are able to make a much
smaller change to the included files, resulting in a smaller package
published to crates.io.
On this branch, the package is 6.7MiB compressed, which is not much
larger than it was previously:
```
Finished dev [unoptimized + debuginfo] target(s) in 55.65s
Packaged 1851 files, 33.7MiB (6.7MiB compressed)
```
Fixes#157Closes#158
[1]: https://github.com/cloudflare/boring/pull/158#issuecomment-1693067112,
This was originally going to be fixed by #101, however that PR was closed and superseded by #117, which was missing this fix.
The original problem was caused by #97, which updated boringssl to a version that included [a change that removed hmac.h from ssl.h](05b360d797).
This PR adds an include for hmac.h, so it is again available through boring-sys.
Previously we were building from the deps directory with submodules. For publishing we were copying files in sumbodules into the package. With this we were making the package directory dirty with build artifacts and applied patches.
This commit change the build script's behaviour: sources are now copied to the output directory and then boringssl is built from there.
In addition, this commit adds files that were missing from the package for building with patches.
This longer path (inside the prebuilt toolchain included in the NDK)
has been the preferred sysroot since NDK r19. Newer NDKs no longer
have a top-level "sysroot" directory at all.
Cross-compiling to AArch64 Linux can be done with a CMake toolchain
file, along with setting the correct compiler and include paths in the
environment.
Cross-compiling from X64 Windows to ARM64 Windows doesn't look at the
toolchain at all, because CMake + Visual Studio can already
cross-compile. Unfortunately, the Visual Studio CMake generator
doesn't set CMAKE_SYSTEM_PROCESSOR, which is what the BoringSSL
CMakeLists.txt is looking at to choose the architecture. For now,
disable the use of assembly when cross-compiling on Windows (assuming
that the Visual Studio generator will be used there).
As pointed out in the comment, bindgen generates tests that cause
compiler warnings about misaligned references. bindgen people are
aware of the issue, but we have to deal with our warnings that are
treated as errors. For the time being, suppress alignment tests
on platforms that are known to be triggering UB.
I suspect that other non-x86 platforms are affected as well, but I can't
get the tests to compile for those tests at the moment, so I'm not sure.
Dealing with the issues one platform at a time.
cfg!() is evaluated for the host OS executing build.rs script.
What we need here is to look whether we are building *for* macOS.
Otherwise, for example, builds for iOS on macOS will try to add this
flag, causing warnings since rustc does not build cdylibs on iOS.
When bindgen generates bindings for iOS, it must be told to use iOS
sysroot with all the standard C headers. Otherwise it tries using
the host macOS headers and fails miserably.
The architecture alone is not enough. aarch64-apple-ios and
aarch-apple-ios-sim are both building for aarch64, but they need
slightly different CMake flags.
* Add rerun-if-env-changed instructions for BORING_* variables
* Use X509_get0_notBefore() and X509_get0_notAfter() instead of X509_getm_notBefore() and X509_getm_notAfter().
According to
https://www.openssl.org/docs/man1.1.0/man3/X509_getm_notBefore.html,
"X509_getm_notBefore() and X509_getm_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they return
non-constant mutable references to the associated date field of the
certificate".
* Only update boringssl submodule if BORING_BSSL_PATH not provided
* Allow BORING_BSSL_LIB_PATH to control link search
* Add fips feature
* Use X509_set_notAfter unconditionally for FIPS compatibility
This is equivalent according to
https://boringssl.googlesource.com/boringssl/+/c947efabcbc38dcf93e8ad0e6a76206cf0ec8072
The version of boringssl that's FIPS-certified doesn't have `X509_set1_notAfter`.
The only difference between that and `X509_set_notAfter` is whether they're const-correct,
which doesn't seem worth having two different code-paths.
* Check out fips commit automatically
* Verify the version of the compiler used for building boringssl
NIST specifies that it needs to be 7.0.1; I originally tried building with clang 10 and it failed.
Theoretically this should check the versions of Go and Ninja too, but they haven't given me trouble in practice.
Example error:
```
Compiling boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)
error: failed to run custom build command for `boring-sys v1.1.1 (/home/jnelson/work/boring/boring-sys)`
Caused by:
process didn't exit successfully: `/home/jnelson/work/boring/target/debug/build/boring-sys-31b8ce53031cfd83/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=BORING_BSSL_PATH
--- stderr
warning: missing clang-7, trying other compilers: Permission denied (os error 13)
warning: FIPS requires clang version 7.0.1, skipping incompatible version "clang version 10.0.0-4ubuntu1 "
thread 'main' panicked at 'unsupported clang version "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0": FIPS requires clang 7.0.1', boring-sys/build.rs:216:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```
* Add Github actions workflow testing FIPS
Co-authored-by: Joshua Nelson <jnelson@cloudflare.com>
- Major version for boring-sys: `PasswordCallback` was removed
- Major version for boring: the public `*Ref` types were removed and `foreign-types` appears in our public api and had a major version bump
- Patch version for tokio-boring: the only API change was removing the `S: Debug` bound
- Patch version for hyper-boring: no API changes, only removed dependencies
`bindgen`'s default features include dependencies like `clap` and
`env_logger` which are unnecessary when building `boring-sys`. When
using tools like `cargo-deny` to audit dependencies with mismatched
versions, these dependencies can easily conflict with application
dependencies.
This change disables `bindgen`'s default features to avoid unnecessary
dependencies.
This ensures that all the Rust functions, types and constants
always match the actual BoringSSL definitions.
It also removes quite a lot of manually maintained code, as well
as the need for systest.
The value for `SslOptions::ALL`, for example, was wrong. On current
BoringSSL versions, this is a no-op, and is set to `0`.
Clearing it does nothing. So, the `clear_ctx_options` test, that
passed by accident, was adjusted to use a different option.
The `libc` crate is not required, as we only use it for types that
are already defined in the standard library. It was removed from
`boring-sys`. The same can be done to other crates later.
* 2020-11-09 Document X509V3_add1_i2d and friends.
* 2020-11-09 Re-reformat x509.h.
* 2020-11-11 aarch64: Fix name of gnu property note section
* 2020-11-10 Reformat and convert comments in asn1.h.
* 2020-11-10 Unwind M_ASN1_* macros for primitive types.
* 2020-11-10 Switch M_ASN1_TIME macros within the library.
* 2020-11-11 Remove the legacy MSTRING M_ASN1 macros.
* 2020-11-10 Rearrange ASN1_STRING_copy slightly.
* 2020-11-09 Document some defaults for the EVP RSA interface.
* 2020-11-10 Document the basic ASN1_STRING functions.
* 2020-11-10 Remove some unnecessary pointer casts.
* 2020-09-04 Add APIs for checking ASN.1 INTEGERs.
* 2020-11-11 Const-correct and document more X509 functions.
* 2020-11-13 Fix NETSCAPE_SPKI_get_pubkey documentation.
* 2020-11-18 Always check the TLS 1.3 downgrade signal.
* 2020-11-19 Rename the master_key field in SSL_SESSION to secret.
* 2020-11-19 Add FIPS self test for the TLS KDF.
* 2020-11-19 acvp: add SHA-512/256 support.
* 2020-11-19 Document ASN1_STRING.
* 2020-11-30 Add digest.h to self_check.c
* 2020-11-30 util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal
* 2020-11-30 Poly1305: Use |size_t|; assert |poly1305_state| is large enough.
* 2020-11-25 Improve sk_dup.
* 2020-12-01 aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
* 2020-12-01 Only accept little-endian ARM and MIPS variants in base.h.
* 2020-12-02 Update FIPS.md to include latest FIPS certificate.
* 2020-12-02 draft-ietf-tls-certificate-compression is now RFC 8879.
* 2020-12-02 Get closer to Ed25519 boundary conditions.
* 2020-12-01 PWCT failures should clear the generated key.
* 2020-10-29 Fix EDIPartyName parsing and GENERAL_NAME_cmp.
* 2020-12-08 Const-correct GENERAL_NAME_cmp.
* 2020-12-07 acvp: fix subprocess_test.go
* 2020-12-07 acvp: tweak config
* 2020-12-07 acvp: add TLS KDF support
* 2020-03-11 Implement GREASE for ECH (draft-ietf-tls-esni-08).
* 2020-12-08 Reject bad ASN.1 templates with implicitly-tagged CHOICEs.
* 2020-12-08 Align armv8.pl references to OPENSSL_armcap_P.
* 2020-12-08 acvp: add support for KAS
* 2020-12-10 Add TLS_KDF to documented break tests.
* 2020-12-09 Skip ASN.1 template tests in Windows shared library builds.
* 2020-12-01 Switch to passive entropy collection for Android FIPS.
* 2020-12-11 Finish switching to NASM.
* 2020-12-11 Remove unused Netware codepaths in x86 perlasm.
* 2020-12-10 Move DH code into the FIPS module.
* 2020-12-10 acvp: add support for finite-field Diffie–Hellman.
* 2020-12-14 Include bn.h from bn/internal.h
* 2020-12-02 Fix ChaCha20-Poly1305 x86-64 asm on Windows
* 2020-12-15 Check for trailing data in X509Test.GeneralName.
* 2020-12-15 Use stdlib.h instead of cstdlib in span.h.
* 2020-12-14 Add support for the new QUIC TLS extension codepoint
* 2020-12-14 Move DH parameter generation out of the FIPS module.
* 2020-12-16 Revert "Add support for the new QUIC TLS extension codepoint"
* 2020-12-16 Use more efficient std::string::find overload.
* 2020-12-17 Export tool_sources to GN.
* 2020-12-16 Allow some non-minimal lengths in BER.
* 2020-12-17 acvp: load config later.
* 2020-12-17 acvp: fix silly errors.
* 2020-12-22 Add .text.unlikely.* pattern to fips_shared.lds.
* 2020-12-23 acvp: better document the subprocess protocol.
* 2020-12-23 Gerrit ignores <sup>; use Unicode superscript instead.
* 2020-12-21 Update ECH GREASE to draft-ietf-tls-esni-09
* 2020-12-21 Fix awkward wording in comment.
* 2021-01-05 Fix chacha20_poly1305_x86_64.pl comments.
* 2020-12-17 acvp: add tests
* 2021-01-06 Update third_party/googletest.
* 2020-12-22 delocate: support alternative comment indicators
* 2020-12-22 delocate: eliminate expression from vpaes assembly.
* 2021-01-06 Add some OpenSSL-compatibility aliases
* 2020-12-17 acvp: drop subprocess_test.go
* 2021-01-06 Update HPKE to draft-irtf-cfrg-hpke-07.
* 2021-01-07 A handful more compatibility functions.
* 2021-01-06 Optimize suffix building in FileTest::ReadNext().
* 2021-01-08 Use gai_strerrorA on Windows.
* 2020-10-19 Add ASM optimizations for Windows on Arm
* 2020-12-22 delocate: handle Aarch64 assembly in parser.
* 2020-10-29 Send ECH acceptance signal from backend server.
* 2021-01-12 Test that ALPS can be deferred to the ALPN callback.
* 2021-01-12 runner: Allow tokbind without RI/EMS in TLS 1.3.
* 2021-01-12 Fix ALPS state machine in QUIC servers.
* 2021-01-12 Make QUIC work with -async tests.
* 2021-01-12 Make QUIC tests work with early data.
* 2021-01-12 Run extension tests at all protocols.
* 2021-01-12 Replace MockQUICTransport tags with record types.
* 2020-12-22 delocate: preprocess perlasm output on Aarch64
* 2021-01-14 Add support for the new QUIC TLS extension codepoint
* 2021-01-15 doc: fix SSL_set0_rbio
* 2021-01-18 acvp: add XTS support.
* 2021-01-19 Fix client 0-RTT handling with ALPS.
* 2021-01-08 Add DH_compute_key_padded.
* 2020-12-22 delocate: support Aarch64
* 2021-01-19 Make BN_clear_free a wrapper around BN_free.
* 2021-01-20 Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.
* 2021-01-21 Fix comments that refer to old draft of HPKE.
* 2021-01-21 acvp: don't advertise SHA-1 RSA signature generation.
* 2021-01-21 acvp: drop 3DES fields from output when unused.
* 2021-01-17 Support cross-compiling AArch64 FIPS to Android.
* 2021-01-22 acvp: update test expectations in light of 8dcdcb39a7
* 2021-01-22 acvp: check that the payloadLen of cipher tests is correct.
* 2021-01-21 Add basic BLAKE2b-256 support.
* 2021-01-25 acvp: update to newer FFDH test.
* 2021-01-19 Add FFDH FIPS self-test.
* 2021-01-27 Support MOVLPS and MOVHPS in delocate.
* 2021-01-27 Benchmark BORINGSSL_self_test in FIPS mode.
* 2021-01-27 acvp: move CMAC verification into the module wrapper.
* 2021-01-28 Use ID instead of Id in Go.
* 2021-01-29 Fix TLS13SessionID-TLS13 test.
* 2021-01-29 Revert "Disable check that X.509 extensions implies v3."
* 2021-02-02 Add missing include to self_check.c.
* 2021-02-02 Add various function calls to test_fips.
* 2021-02-04 Include bn/internal.h for non-bcm.c builds.
Rushil Mehra