min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fork of boring2 with prefix patch
3,353 Commits 2 Branches 0 Tags 16 MiB
Rust 99.9%
Go to file
Bas Westerbaan 410a96752b pq patch: enable PQ by default like upstream 
The big diff is misleading. Applying each patch to the base 478b28ab12f
and comparing them, we see:

git range-diff 478b28ab12f2001a03261624261fd041f5439706..adcd4022f75953605a9bf9f6a4a45c0b4fd8ed94 478b28ab12f2001a03261624261fd041f5439706..6f1b1e1f451e61cd2bda0922eecaa8387397ac5a
1:  adcd4022f ! 1:  6f1b1e1f4 Add additional post-quantum key agreements
    @@ Commit message

         This patch adds:

    -    1. Support for MLKEM768X25519 under the codepoint 0x11ec. The version
    -       of BoringSSL we patch against did not support it yet.
    +    1. Support for X25519MLKEM768 under the codepoint 0x11ec. The version
    +       of BoringSSL we patch against did not support it yet. Like recent
    +       upstream, enable by default.

         2. Supports for P256Kyber768Draft00 under 0xfe32, which we temporarily
            need for compliance reasons.  (Note that this is not the codepoint
    @@ ssl/extensions.cc: static bool tls1_check_duplicate_extensions(const CBS *cbs) {
            return true;
          default:
            return false;
    +@@ ssl/extensions.cc: bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
    + }
    +
    + static const uint16_t kDefaultGroups[] = {
    ++    SSL_GROUP_X25519_MLKEM768,
    +     SSL_GROUP_X25519,
    +     SSL_GROUP_SECP256R1,
    +     SSL_GROUP_SECP384R1,

      ## ssl/ssl_key_share.cc ##
     @@
 		2025-10-28 10:54:23 +00:00
.github/workflows Remove "pq-experimental", apply PQ patch by default 2025-10-15 10:36:27 +01:00
boring Remove "pq-experimental", apply PQ patch by default 2025-10-15 10:36:27 +01:00
boring-sys pq patch: enable PQ by default like upstream 2025-10-28 10:54:23 +00:00
hyper-boring Remove "pq-experimental", apply PQ patch by default 2025-10-15 10:36:27 +01:00
scripts Add publish script 2020-11-12 13:08:13 +00:00
tokio-boring Remove "pq-experimental", apply PQ patch by default 2025-10-15 10:36:27 +01:00
.gitignore Rename stuff 2020-11-11 17:47:30 +00:00
.gitmodules Clean-up legacy FIPS options 2025-09-26 17:12:23 +01:00
.rusty-hook.toml Add tokio-boring 2020-11-11 19:26:22 +00:00
Cargo.toml Remove support for Hyper v0 2025-09-26 13:46:44 +01:00
README.md Update docs 2023-07-10 12:29:30 +01:00
RELEASE_NOTES Release 4.19.0 (#382) 2025-09-05 12:13:20 -07:00
THIRD_PARTY Rename stuff 2020-11-11 17:47:30 +00:00
cliff.toml Tweak cliff config to exclude merge and release commits from changelog 2024-04-09 11:18:05 +02:00

README.md

boring

crates.io

BoringSSL bindings for the Rust programming language and TLS adapters for tokio and hyper built on top of it.

Documentation

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.

Accolades

The project is based on a fork of rust-openssl.