d8975dc413
The "fips" feature implies use of a prebuilt boringSSL. The boringSSL API consumed by `SslCurve` in incompatible with older versions of boringSSL. In the `ffi` bindings, the following symbols don't exist in older builds: * NID_X25519MLKEM768 * SSL_CURVE_X25519_MLKEM768 * NID_X25519Kyber768Draft00Old The following symbols have been renamed: * SSL_CURVE_P256KYBER768DRAFT00 => SSL_CURVE_P256_KYBER768_DRAFT00 * SSL_CURVE_X25519KYBER512DRAFT00 => SSL_CURVE_X25519_KYBER512_DRAFT00 * SSL_CURVE_X25519KYBER768DRAFT00OLD => SSL_CURVE_X25519_KYBER768_DRAFT00_OLD * SSL_CURVE_P256KYBER768DRAFT00 => SSL_CURVE_P256_KYBER768_DRAFT00 Meanwhile, the `ssl_set_curves_list()` API is stable across these versions of boringSSL. These codepoints are added to the `SslCurve` API whenever "pq-experimental" is enabled. Since this feature is no longer mutually exclusive with prebuilt boringSSL (`boring-sys` just ignores patches), we also need to disable this API whenever "fips" is enabled. |
||
|---|---|---|
| .github/workflows | ||
| boring | ||
| boring-sys | ||
| hyper-boring | ||
| scripts | ||
| tokio-boring | ||
| .gitignore | ||
| .gitmodules | ||
| .rusty-hook.toml | ||
| Cargo.toml | ||
| README.md | ||
| RELEASE_NOTES | ||
| THIRD_PARTY | ||
| cliff.toml | ||
README.md
boring
BoringSSL bindings for the Rust programming language and TLS adapters for tokio and hyper built on top of it.
Documentation
- Boring API: https://docs.rs/boring
- tokio TLS adapters: https://docs.rs/tokio-boring
- hyper HTTPS connector: https://docs.rs/hyper-boring
- FFI bindings: https://docs.rs/boring-sys
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.
Accolades
The project is based on a fork of rust-openssl.