cloudflare / boring Goto Github PK
View Code? Open in Web Editor NEWBoringSSL bindings for the Rust programming language.
BoringSSL bindings for the Rust programming language.
The fips
module in the boring
crate has the following method:
/// Moves the library into or out of the FIPS 140-2 mode of operation.
///
/// This corresponds to `FIPS_mode_set`.
pub fn enable(enabled: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::FIPS_mode_set(enabled as _)).map(|_| ()) } op:
}
However this is not what FIPS_mode_set
promises to do. From include/openssl/crypto.h
in build-sys/deps/boringssl-fips
:
// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with
// |BORINGSSL_FIPS| and zero otherwise.
OPENSSL_EXPORT int FIPS_mode_set(int on);
Indeed, here is the implementation:
int FIPS_mode_set(int on) { return on == FIPS_mode(); }
BoringSSL added a SSL_CTX_set_compliance_policy(ssl_compliance_policy_fips_202205) option that enforces the use of FIPS-complaint algorithms/ciphers. It would be great if boring
supported this option and even enabled it by default when the fips
feature is enabled.
Currently, the README says the following:
By default, the crate statically links with the latest BoringSSL master branch.
After reviewing the code, I think this is a bit misleading. By default, the crate statically links with a pinned version of boringssl, currently set to google/boringssl@f1c7534 .
I think it'd be valuable to make this clearer in the README. After reading the current README, I initially thought it was dynamically fetching the latest version of boringssl in its build.rs. In fact, there is a call to git submodule in a build.rs, but it seems to only run when depending on boring via git!
It'd be nice to have a few lines in the README clearly spelling out that, by default, the crate pins a specific boringssl version (and thus doesn't break reproducibility).
Right now GitHub Actions do not do what they should do. Instead of testing for specified targets, they build tests for the host OS and run them there. When proper targets are used, CI fails to compile the tests for various reasons.
Hi all, this is a proposition for an enhancement.
When using this crate as part of a large project, users may have a build system already building BoringSSL and want to rely on it instead of building it multiple times. This happened to us and thought that others may have the same need.
This feature would allow users to specify a path to the pre-built binaries and one for the corresponding headers in case the version is not the same. It could be done using environment variables which would be checked during the build in boring-sys. Default behavior would stay the same.
I find that the nodejs library does support setting multiple independent certificate chains for a single SSL context.
However it seems that the methods in this library don't support it.
I believe the SSL_CTX_add1_chain_cert
must be exposed as well to enable this.
When trying to compile a project which uses
boring = { version = "2.1.0", features = ["fips"], optional = true }
I hit the following error:
The following warnings were emitted during compilation:
warning: fetching boringssl git submodule
error: failed to run custom build command for `boring-sys v2.1.0`
note: To improve backtraces for build dependencies, set the CARGO_PROFILE_TEST_BUILD_OVERRIDE_DEBUG=true environment variable to enable debug information generation.
Caused by:
process didn't exit successfully: `/Users/ibeckermayer/gravitational/teleport/target/debug/build/boring-sys-00449934e380ee8c/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=BORING_BSSL_PATH
cargo:warning=fetching boringssl git submodule
--- stderr
fatal: not a git repository (or any of the parent directories): .git
thread 'main' panicked at 'failed to fetch submodule - consider running `git submodule update --init --recursive deps/boringssl` yourself', /Users/ibeckermayer/.cargo/registry/src/index.crates.io-6f17d22bba15001f/boring-sys-2.1.0/build.rs:325:17
stack backtrace:
0: std::panicking::begin_panic
at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:610:12
1: build_script_build::main::{{closure}}
2: core::result::Result<T,E>::unwrap_or_else
3: build_script_build::main
4: core::ops::function::FnOnce::call_once
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
warning: build failed, waiting for other jobs to finish...
Right now, the EVP_AEAD
Interface is the only way to access modern primitives like AES-GCM-SIV and XChaCha20-Poly1305. Exposing it would make it easier for folks to use these primitives in their rust programs.
For use in a different project, I wrote a quick patch that exposes EVP_AEAD
in a way heavily inspired by how symm.rs
currently exposes EVP_CIPHER
.
If you are interested in this, I can clean up my patch (write more examples, come up with a better name than AeadCrypter
,...) and submit a PR.
we missing this code branch from the build script:
https://github.com/cloudflare/quiche/blob/5b3ab16751e8e0e51d364a49601a0040abbe1b4d/quiche/src/build.rs#L131-L142
Lines 169 to 177 in 1507689
let toolchain_file = if cfg!(feature = "fips") {
format!("{}/util/32-bit-toolchain.cmake", BORING_SSL_DIR)
} else {
format!("{}/src/util/32-bit-toolchain.cmake", BORING_SSL_DIR)
};
boringssl_cmake
.define("CMAKE_TOOLCHAIN_FILE", pwd.join(toolchain_file).as_os_str());
I'm getting the following error when I try to build boring
for iOS. Do you have an idea what went wrong?
...
Compiling boring-sys v1.1.0
error: failed to run custom build command for `boring-sys v1.1.0`
Caused by:
process didn't exit successfully: `/Users/runner/work/isar-core/isar-core/dart-ffi/target/release/build/boring-sys-a0cbecad694041d4/build-script-build` (exit code: 101)
--- stdout
running: "xcrun" "--show-sdk-path" "--sdk" "iphoneos"
exit code: 0
running: "xcrun" "--show-sdk-path" "--sdk" "iphoneos"
exit code: 0
running: "cmake" "/Users/runner/.cargo/git/checkouts/boring-dfc6e3788abbaf96/80c04df/boring-sys/deps/boringssl" "-DCMAKE_OSX_ARCHITECTURES=arm64" "-DCMAKE_OSX_SYSROOT=iphoneos" "-DCMAKE_ASM_FLAGS=-fembed-bitcode " "-DCMAKE_INSTALL_PREFIX=/Users/runner/work/isar-core/isar-core/dart-ffi/target/aarch64-apple-ios/release/build/boring-sys-9d553a3ff05eb868/out" "-DCMAKE_C_FLAGS= -fembed-bitcode -fPIC --target=aarch64-apple-ios -arch arm64 -miphoneos-version-min=7.0 -isysroot /Applications/Xcode_12.4.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS14.4.sdk -fembed-bitcode" "-DCMAKE_C_COMPILER=/usr/bin/clang" "-DCMAKE_CXX_FLAGS= -fPIC --target=aarch64-apple-ios -arch arm64 -miphoneos-version-min=7.0 -isysroot /Applications/Xcode_12.4.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS14.4.sdk -fembed-bitcode" "-DCMAKE_CXX_COMPILER=/usr/bin/clang++" "-DCMAKE_ASM_COMPILER=/usr/bin/clang" "-DCMAKE_BUILD_TYPE=Release"
-- The C compiler identification is AppleClang 12.0.0.12000032
-- The CXX compiler identification is AppleClang 12.0.0.12000032
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/clang - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/clang++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- The ASM compiler identification is Clang
-- Found assembler: /usr/bin/clang
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/runner/work/isar-core/isar-core/dart-ffi/target/aarch64-apple-ios/release/build/boring-sys-9d553a3ff05eb868/out/build
running: "cmake" "--build" "." "--target" "bssl" "--config" "Release" "--"
Scanning dependencies of target ssl
[ 0%] Building CXX object CMakeFiles/ssl.dir/src/ssl/bio_ssl.cc.o
Scanning dependencies of target crypto
[ 1%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/chacha/chacha-armv8.S.o
[ 1%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/aesv8-armx64.S.o
[ 1%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/armv8-mont.S.o
[ 2%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S.o
[ 2%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S.o
[ 2%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/sha1-armv8.S.o
[ 3%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/sha256-armv8.S.o
[ 3%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/sha512-armv8.S.o
[ 3%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S.o
[ 4%] Building ASM object CMakeFiles/crypto.dir/ios-aarch64/crypto/test/trampoline-armv8.S.o
[ 5%] Building CXX object CMakeFiles/ssl.dir/src/ssl/d1_both.cc.o
[ 5%] Building C object CMakeFiles/crypto.dir/err_data.c.o
[ 5%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_bitstr.c.o
[ 6%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_bool.c.o
[ 6%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_d2i_fp.c.o
[ 6%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_dup.c.o
[ 7%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_enum.c.o
[ 7%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_gentm.c.o
[ 7%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_i2d_fp.c.o
[ 8%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_int.c.o
[ 8%] Building CXX object CMakeFiles/ssl.dir/src/ssl/d1_lib.cc.o
[ 8%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_mbstr.c.o
[ 8%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_object.c.o
[ 9%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_octet.c.o
[ 9%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_print.c.o
[ 9%] Building CXX object CMakeFiles/ssl.dir/src/ssl/d1_pkt.cc.o
[ 9%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_strnid.c.o
[ 10%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_time.c.o
[ 10%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_type.c.o
[ 10%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_utctm.c.o
[ 11%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/a_utf8.c.o
[ 12%] Building CXX object CMakeFiles/ssl.dir/src/ssl/d1_srtp.cc.o
[ 12%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/asn1_lib.c.o
[ 12%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/asn1_par.c.o
[ 13%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/asn_pack.c.o
[ 13%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/f_enum.c.o
[ 13%] Building CXX object CMakeFiles/ssl.dir/src/ssl/dtls_method.cc.o
[ 13%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/f_int.c.o
[ 14%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/f_string.c.o
[ 14%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_dec.c.o
[ 14%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_enc.c.o
[ 14%] Building CXX object CMakeFiles/ssl.dir/src/ssl/dtls_record.cc.o
[ 15%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_fre.c.o
[ 15%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_new.c.o
[ 15%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_typ.c.o
[ 16%] Building CXX object CMakeFiles/ssl.dir/src/ssl/handoff.cc.o
[ 17%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/tasn_utl.c.o
[ 17%] Building C object CMakeFiles/crypto.dir/src/crypto/asn1/time_support.c.o
[ 17%] Building C object CMakeFiles/crypto.dir/src/crypto/base64/base64.c.o
[ 18%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/bio.c.o
[ 18%] Building CXX object CMakeFiles/ssl.dir/src/ssl/handshake.cc.o
[ 18%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/bio_mem.c.o
[ 18%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/connect.c.o
[ 19%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/fd.c.o
[ 19%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/file.c.o
[ 19%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/hexdump.c.o
[ 19%] Building CXX object CMakeFiles/ssl.dir/src/ssl/handshake_client.cc.o
[ 20%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/pair.c.o
[ 20%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/printf.c.o
[ 20%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/socket.c.o
[ 21%] Building C object CMakeFiles/crypto.dir/src/crypto/bio/socket_helper.c.o
[ 21%] Building C object CMakeFiles/crypto.dir/src/crypto/blake2/blake2.c.o
[ 21%] Building C object CMakeFiles/crypto.dir/src/crypto/bn_extra/bn_asn1.c.o
[ 22%] Building C object CMakeFiles/crypto.dir/src/crypto/bn_extra/convert.c.o
[ 23%] Building CXX object CMakeFiles/ssl.dir/src/ssl/handshake_server.cc.o
[ 23%] Building C object CMakeFiles/crypto.dir/src/crypto/buf/buf.c.o
[ 23%] Building C object CMakeFiles/crypto.dir/src/crypto/bytestring/asn1_compat.c.o
[ 24%] Building C object CMakeFiles/crypto.dir/src/crypto/bytestring/ber.c.o
[ 24%] Building C object CMakeFiles/crypto.dir/src/crypto/bytestring/cbb.c.o
[ 24%] Building C object CMakeFiles/crypto.dir/src/crypto/bytestring/cbs.c.o
[ 25%] Building C object CMakeFiles/crypto.dir/src/crypto/bytestring/unicode.c.o
[ 25%] Building CXX object CMakeFiles/ssl.dir/src/ssl/s3_both.cc.o
[ 25%] Building C object CMakeFiles/crypto.dir/src/crypto/chacha/chacha.c.o
[ 25%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/cipher_extra.c.o
[ 26%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/derive_key.c.o
[ 26%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_aesccm.c.o
[ 26%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_aesctrhmac.c.o
[ 27%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_aesgcmsiv.c.o
[ 27%] Building CXX object CMakeFiles/ssl.dir/src/ssl/s3_lib.cc.o
[ 27%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_chacha20poly1305.c.o
[ 27%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_null.c.o
[ 28%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_rc2.c.o
[ 29%] Building CXX object CMakeFiles/ssl.dir/src/ssl/s3_pkt.cc.o
[ 29%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_rc4.c.o
[ 29%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/e_tls.c.o
[ 30%] Building C object CMakeFiles/crypto.dir/src/crypto/cipher_extra/tls_cbc.c.o
[ 30%] Building C object CMakeFiles/crypto.dir/src/crypto/cmac/cmac.c.o
[ 30%] Building C object CMakeFiles/crypto.dir/src/crypto/conf/conf.c.o
[ 31%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-aarch64-fuchsia.c.o
[ 31%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_aead_ctx.cc.o
[ 31%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-aarch64-linux.c.o
[ 31%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-aarch64-win.c.o
[ 32%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-arm-linux.c.o
[ 32%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_asn1.cc.o
[ 32%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-arm.c.o
[ 32%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-intel.c.o
[ 33%] Building C object CMakeFiles/crypto.dir/src/crypto/cpu-ppc64le.c.o
[ 33%] Building C object CMakeFiles/crypto.dir/src/crypto/crypto.c.o
[ 34%] Building C object CMakeFiles/crypto.dir/src/crypto/curve25519/curve25519.c.o
[ 34%] Building C object CMakeFiles/crypto.dir/src/crypto/curve25519/spake25519.c.o
[ 35%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_buffer.cc.o
[ 35%] Building C object CMakeFiles/crypto.dir/src/crypto/dh_extra/dh_asn1.c.o
[ 35%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_cert.cc.o
[ 36%] Building C object CMakeFiles/crypto.dir/src/crypto/dh_extra/params.c.o
[ 36%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_cipher.cc.o
[ 36%] Building C object CMakeFiles/crypto.dir/src/crypto/digest_extra/digest_extra.c.o
[ 37%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_file.cc.o
[ 37%] Building C object CMakeFiles/crypto.dir/src/crypto/dsa/dsa.c.o
[ 37%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_key_share.cc.o
[ 38%] Building C object CMakeFiles/crypto.dir/src/crypto/dsa/dsa_asn1.c.o
[ 38%] Building C object CMakeFiles/crypto.dir/src/crypto/ec_extra/ec_asn1.c.o
[ 38%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_lib.cc.o
[ 38%] Building C object CMakeFiles/crypto.dir/src/crypto/ec_extra/ec_derive.c.o
[ 39%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_privkey.cc.o
[ 40%] Building C object CMakeFiles/crypto.dir/src/crypto/ec_extra/hash_to_curve.c.o
[ 40%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_session.cc.o
[ 40%] Building C object CMakeFiles/crypto.dir/src/crypto/ecdh_extra/ecdh_extra.c.o
[ 40%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_stat.cc.o
[ 40%] Building C object CMakeFiles/crypto.dir/src/crypto/ecdsa_extra/ecdsa_asn1.c.o
[ 41%] Building C object CMakeFiles/crypto.dir/src/crypto/engine/engine.c.o
[ 42%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_transcript.cc.o
[ 42%] Building C object CMakeFiles/crypto.dir/src/crypto/err/err.c.o
[ 42%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_versions.cc.o
[ 42%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/digestsign.c.o
[ 42%] Building CXX object CMakeFiles/ssl.dir/src/ssl/ssl_x509.cc.o
[ 43%] Building CXX object CMakeFiles/ssl.dir/src/ssl/t1_enc.cc.o
[ 44%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/evp.c.o
[ 44%] Building CXX object CMakeFiles/ssl.dir/src/ssl/t1_lib.cc.o
[ 44%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls13_both.cc.o
[ 44%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/evp_asn1.c.o
[ 44%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/evp_ctx.c.o
[ 45%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_dsa_asn1.c.o
[ 45%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_ec.c.o
[ 46%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls13_client.cc.o
[ 46%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_ec_asn1.c.o
[ 46%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls13_enc.cc.o
[ 47%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_ed25519.c.o
[ 47%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls13_server.cc.o
[ 47%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_ed25519_asn1.c.o
[ 48%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls_method.cc.o
[ 48%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_rsa.c.o
[ 48%] Building CXX object CMakeFiles/ssl.dir/src/ssl/tls_record.cc.o
[ 49%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_rsa_asn1.c.o
[ 49%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_x25519.c.o
[ 49%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/p_x25519_asn1.c.o
[ 50%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/pbkdf.c.o
[ 50%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/print.c.o
[ 50%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/scrypt.c.o
[ 51%] Building C object CMakeFiles/crypto.dir/src/crypto/evp/sign.c.o
[ 51%] Building C object CMakeFiles/crypto.dir/src/crypto/ex_data.c.o
[ 51%] Building C object CMakeFiles/crypto.dir/src/crypto/fipsmodule/bcm.c.o
[ 52%] Linking CXX static library libssl.a
[ 52%] Built target ssl
[ 53%] Building C object CMakeFiles/crypto.dir/src/crypto/fipsmodule/fips_shared_support.c.o
[ 53%] Building C object CMakeFiles/crypto.dir/src/crypto/fipsmodule/is_fips.c.o
[ 53%] Building C object CMakeFiles/crypto.dir/src/crypto/hkdf/hkdf.c.o
[ 54%] Building C object CMakeFiles/crypto.dir/src/crypto/hpke/hpke.c.o
[ 54%] Building C object CMakeFiles/crypto.dir/src/crypto/hrss/hrss.c.o
[ 54%] Building C object CMakeFiles/crypto.dir/src/crypto/lhash/lhash.c.o
[ 55%] Building C object CMakeFiles/crypto.dir/src/crypto/mem.c.o
[ 55%] Building C object CMakeFiles/crypto.dir/src/crypto/obj/obj.c.o
[ 55%] Building C object CMakeFiles/crypto.dir/src/crypto/obj/obj_xref.c.o
[ 56%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_all.c.o
[ 56%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_info.c.o
[ 56%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_lib.c.o
[ 57%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_oth.c.o
[ 57%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_pk8.c.o
[ 57%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_pkey.c.o
[ 58%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_x509.c.o
[ 58%] Building C object CMakeFiles/crypto.dir/src/crypto/pem/pem_xaux.c.o
[ 58%] Building C object CMakeFiles/crypto.dir/src/crypto/pkcs7/pkcs7.c.o
[ 59%] Building C object CMakeFiles/crypto.dir/src/crypto/pkcs7/pkcs7_x509.c.o
[ 59%] Building C object CMakeFiles/crypto.dir/src/crypto/pkcs8/p5_pbev2.c.o
[ 59%] Building C object CMakeFiles/crypto.dir/src/crypto/pkcs8/pkcs8.c.o
[ 60%] Building C object CMakeFiles/crypto.dir/src/crypto/pkcs8/pkcs8_x509.c.o
[ 60%] Building C object CMakeFiles/crypto.dir/src/crypto/poly1305/poly1305.c.o
[ 60%] Building C object CMakeFiles/crypto.dir/src/crypto/poly1305/poly1305_arm.c.o
[ 61%] Building C object CMakeFiles/crypto.dir/src/crypto/poly1305/poly1305_vec.c.o
[ 61%] Building C object CMakeFiles/crypto.dir/src/crypto/pool/pool.c.o
[ 61%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/deterministic.c.o
[ 62%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/forkunsafe.c.o
[ 62%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/fuchsia.c.o
[ 62%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/passive.c.o
[ 63%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/rand_extra.c.o
[ 63%] Building C object CMakeFiles/crypto.dir/src/crypto/rand_extra/windows.c.o
[ 63%] Building C object CMakeFiles/crypto.dir/src/crypto/rc4/rc4.c.o
[ 64%] Building C object CMakeFiles/crypto.dir/src/crypto/refcount_c11.c.o
[ 64%] Building C object CMakeFiles/crypto.dir/src/crypto/refcount_lock.c.o
[ 64%] Building C object CMakeFiles/crypto.dir/src/crypto/rsa_extra/rsa_asn1.c.o
[ 65%] Building C object CMakeFiles/crypto.dir/src/crypto/rsa_extra/rsa_print.c.o
[ 65%] Building C object CMakeFiles/crypto.dir/src/crypto/siphash/siphash.c.o
[ 65%] Building C object CMakeFiles/crypto.dir/src/crypto/stack/stack.c.o
[ 66%] Building C object CMakeFiles/crypto.dir/src/crypto/thread.c.o
[ 66%] Building C object CMakeFiles/crypto.dir/src/crypto/thread_none.c.o
[ 66%] Building C object CMakeFiles/crypto.dir/src/crypto/thread_pthread.c.o
[ 67%] Building C object CMakeFiles/crypto.dir/src/crypto/thread_win.c.o
[ 67%] Building C object CMakeFiles/crypto.dir/src/crypto/trust_token/pmbtoken.c.o
[ 67%] Building C object CMakeFiles/crypto.dir/src/crypto/trust_token/trust_token.c.o
[ 68%] Building C object CMakeFiles/crypto.dir/src/crypto/trust_token/voprf.c.o
[ 68%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/a_digest.c.o
[ 68%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/a_sign.c.o
[ 69%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/a_strex.c.o
[ 69%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/a_verify.c.o
[ 69%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/algorithm.c.o
[ 70%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/asn1_gen.c.o
[ 70%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/by_dir.c.o
[ 70%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/by_file.c.o
[ 71%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/i2d_pr.c.o
[ 71%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/rsa_pss.c.o
[ 71%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/t_crl.c.o
[ 72%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/t_req.c.o
[ 72%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/t_x509.c.o
[ 72%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/t_x509a.c.o
[ 73%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509.c.o
[ 73%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_att.c.o
[ 73%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_cmp.c.o
[ 74%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_d2.c.o
[ 74%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_def.c.o
[ 75%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_ext.c.o
[ 75%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_lu.c.o
[ 75%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_obj.c.o
[ 76%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_r2x.c.o
[ 76%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_req.c.o
[ 76%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_set.c.o
[ 77%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_trs.c.o
[ 77%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_txt.c.o
[ 77%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_v3.c.o
[ 78%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_vfy.c.o
[ 78%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509_vpm.c.o
[ 78%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509cset.c.o
[ 79%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509name.c.o
[ 79%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509rset.c.o
[ 79%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x509spki.c.o
[ 80%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_algor.c.o
[ 80%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_all.c.o
[ 80%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_attrib.c.o
[ 81%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_crl.c.o
[ 81%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_exten.c.o
[ 81%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_info.c.o
[ 82%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_name.c.o
[ 82%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_pkey.c.o
[ 82%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_pubkey.c.o
[ 83%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_req.c.o
[ 83%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_sig.c.o
[ 83%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_spki.c.o
[ 84%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_val.c.o
[ 84%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_x509.c.o
[ 84%] Building C object CMakeFiles/crypto.dir/src/crypto/x509/x_x509a.c.o
[ 85%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_cache.c.o
[ 85%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_data.c.o
[ 85%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_lib.c.o
[ 86%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_map.c.o
[ 86%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_node.c.o
[ 86%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/pcy_tree.c.o
[ 87%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_akey.c.o
[ 87%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_akeya.c.o
[ 87%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_alt.c.o
[ 88%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_bcons.c.o
[ 88%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_bitst.c.o
[ 88%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_conf.c.o
[ 89%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_cpols.c.o
[ 89%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_crld.c.o
[ 89%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_enum.c.o
[ 90%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_extku.c.o
[ 90%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_genn.c.o
[ 90%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_ia5.c.o
[ 91%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_info.c.o
[ 91%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_int.c.o
[ 91%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_lib.c.o
[ 92%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_ncons.c.o
[ 92%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_ocsp.c.o
[ 92%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_pci.c.o
[ 93%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_pcia.c.o
[ 93%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_pcons.c.o
[ 93%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_pmaps.c.o
[ 94%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_prn.c.o
[ 94%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_purp.c.o
[ 94%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_skey.c.o
[ 95%] Building C object CMakeFiles/crypto.dir/src/crypto/x509v3/v3_utl.c.o
[ 95%] Linking C static library libcrypto.a
[ 95%] Built target crypto
Scanning dependencies of target bssl
[ 95%] Building CXX object CMakeFiles/bssl.dir/src/tool/args.cc.o
[ 95%] Building CXX object CMakeFiles/bssl.dir/src/tool/ciphers.cc.o
[ 96%] Building CXX object CMakeFiles/bssl.dir/src/tool/client.cc.o
[ 96%] Building CXX object CMakeFiles/bssl.dir/src/tool/const.cc.o
[ 96%] Building CXX object CMakeFiles/bssl.dir/src/tool/digest.cc.o
[ 97%] Building CXX object CMakeFiles/bssl.dir/src/tool/fd.cc.o
[ 97%] Building CXX object CMakeFiles/bssl.dir/src/tool/file.cc.o
[ 97%] Building CXX object CMakeFiles/bssl.dir/src/tool/generate_ed25519.cc.o
[ 98%] Building CXX object CMakeFiles/bssl.dir/src/tool/genrsa.cc.o
[ 98%] Building CXX object CMakeFiles/bssl.dir/src/tool/pkcs12.cc.o
[ 98%] Building CXX object CMakeFiles/bssl.dir/src/tool/rand.cc.o
[ 99%] Building CXX object CMakeFiles/bssl.dir/src/tool/server.cc.o
[ 99%] Building CXX object CMakeFiles/bssl.dir/src/tool/sign.cc.o
[ 99%] Building CXX object CMakeFiles/bssl.dir/src/tool/speed.cc.o
[100%] Building CXX object CMakeFiles/bssl.dir/src/tool/tool.cc.o
[100%] Building CXX object CMakeFiles/bssl.dir/src/tool/transport_common.cc.o
[100%] Linking CXX executable bssl
[100%] Built target bssl
cargo:root=/Users/runner/work/isar-core/isar-core/dart-ffi/target/aarch64-apple-ios/release/build/boring-sys-9d553a3ff05eb868/out
cargo:rustc-link-search=native=/Users/runner/work/isar-core/isar-core/dart-ffi/target/aarch64-apple-ios/release/build/boring-sys-9d553a3ff05eb868/out/build/
cargo:rustc-link-lib=static=crypto
cargo:rustc-link-lib=static=ssl
cargo:rustc-cdylib-link-arg=-Wl,-undefined,dynamic_lookup
--- stderr
ios arch=aarch64 add CMAKE_OSX_ARCHITECTURES=arm64
ios arch=aarch64 add CMAKE_OSX_SYSROOT=iphoneos
ld: warning: -headerpad_max_install_names is ignored when used with -bitcode_bundle (Xcode setting ENABLE_BITCODE=YES)
ld: warning: object file (libcrypto.a(aesv8-armx64.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(armv8-mont.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(ghashv8-armx64.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(sha1-armv8.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(sha256-armv8.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(sha512-armv8.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
ld: warning: object file (libcrypto.a(chacha-armv8.S.o)) was built for newer iOS version (14.4) than being linked (7.0)
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/cdefs.h:807:2: error: Unsupported architecture
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/_types.h:34:2: error: architecture not supported
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:55:9: error: unknown type name '__int64_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:56:9: error: unknown type name '__int32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:57:9: error: unknown type name '__int32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:60:9: error: unknown type name '__uint32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:61:9: error: unknown type name '__uint32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:62:9: error: unknown type name '__uint64_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:68:9: error: unknown type name '__darwin_natural_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:70:9: error: unknown type name '__uint16_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:71:9: error: unknown type name '__int64_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:72:9: error: unknown type name '__int32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:73:9: error: unknown type name '__uint32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:74:9: error: unknown type name '__int32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:75:9: error: unknown type name '__uint32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:76:9: error: unknown type name '__uint32_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/types.h:37:2: error: architecture not supported
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types/_intptr_t.h:32:9: error: unknown type name '__darwin_intptr_t'
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/endian.h:37:2: error: architecture not supported
fatal error: too many errors emitted, stopping now [-ferror-limit=]
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/cdefs.h:807:2: error: Unsupported architecture, err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/_types.h:34:2: error: architecture not supported, err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:55:9: error: unknown type name '__int64_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:56:9: error: unknown type name '__int32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:57:9: error: unknown type name '__int32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:60:9: error: unknown type name '__uint32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:61:9: error: unknown type name '__uint32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:62:9: error: unknown type name '__uint64_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:68:9: error: unknown type name '__darwin_natural_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:70:9: error: unknown type name '__uint16_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:71:9: error: unknown type name '__int64_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:72:9: error: unknown type name '__int32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:73:9: error: unknown type name '__uint32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:74:9: error: unknown type name '__int32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:75:9: error: unknown type name '__uint32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types.h:76:9: error: unknown type name '__uint32_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/types.h:37:2: error: architecture not supported, err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/sys/_types/_intptr_t.h:32:9: error: unknown type name '__darwin_intptr_t', err: true
/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/machine/endian.h:37:2: error: architecture not supported, err: true
fatal error: too many errors emitted, stopping now [-ferror-limit=], err: true
thread 'main' panicked at 'Unable to generate bindings: ()', /Users/runner/.cargo/git/checkouts/boring-dfc6e3788abbaf96/80c04df/boring-sys/build.rs:249:39
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[ERROR cargo_lipo] Failed to build "isar-core-dart-ffi" for "aarch64-apple-ios": Executing "/Users/runner/.rustup/toolchains/nightly-x86_64-apple-darwin/bin/cargo" "--color" "auto" "build" "-p" "isar-core-dart-ffi" "--target" "aarch64-apple-ios" "--release" "--lib" finished with error status: exit code: 101
mv: rename target/universal/release/libisar_core_dart_ffi.a to libisar_ios.a: No such file or directory
The Android and Linux build work fine ๐ค
I'm using rust-ms https://community.chocolatey.org/packages/rust-ms and llvm https://community.chocolatey.org/packages/llvm and nasm https://community.chocolatey.org/packages/nasm to build the quiche
dependency on Windows.
This uses:
quiche = { version = "0.17.1", features = ["boringssl-boring-crate", "boringssl-vendored"] }
In the Cargo.toml
dependencies.
Attempting to compile results in an error:
error: failed to run custom build command for `boring-sys v2.1.0`
...LOTS OF LOGS...
Generating Code...
crypto.vcxproj -> C:\GitLab-Runner\builds\MatrixAI\open-source\js-quic\target\x86_64-pc-windows-msvc\release\build\boring-sys-0344e752b3d59666\out\build\Release\crypto.lib
cargo:root=C:\GitLab-Runner\builds\MatrixAI\open-source\js-quic\target\x86_64-pc-windows-msvc\release\build\boring-sys-0344e752b3d59666\out
cargo:rustc-link-search=native=C:\GitLab-Runner\builds\MatrixAI\open-source\js-quic\target\x86_64-pc-windows-msvc\release\build\boring-sys-0344e752b3d59666\out/build/Release
cargo:rustc-link-lib=static=crypto
cargo:rustc-link-lib=static=ssl
cargo:rerun-if-env-changed=BORING_BSSL_INCLUDE_PATH
--- stderr
CMake Warning:
Manually-specified variables were not used by the project:
CMAKE_ASM_FLAGS
CMAKE_ASM_FLAGS_RELEASE
CMAKE_BUILD_TYPE
thread 'main' panicked at '"enum_(unnamed_at_deps/boringssl/src/include\\openssl/err_h_291_1)" is not a valid Ident', C:\Users\gitlab_runner\.cargo\registry\src\github.com-1ecc6299db9ec823\proc-macro2-1.0.56\src\fallback.rs:811:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
node:internal/errors:867
const err = new Error(message);
^
In particular this message:
thread 'main' panicked at '"enum_(unnamed_at_deps/boringssl/src/include\\openssl/err_h_291_1)" is not a valid Ident'
Any ideas why this is occurring, and how I should fix the compilation? My compilation command is just cargo build --release --target x86_64-pc-windows-msvc
.
The full log is here: https://gitlab.com/MatrixAI/open-source/js-quic/-/jobs/4300087852
Hello,
I want to use a rustls certificate to build a SslContext
I found the method set_certificate
that take a X509Cert
but I don't find any way to set a rustls certificate.
I could write it as a temp file and then read it but it seems very suboptimal.
Thanks for reading my message and potentially answer it :)
the commit msg indicates it's removed in: a6f5bee
is it meaningful to bring it back?
In d1ee9bf cargo workspaces were introduced, but that led to always enabling the full
features for tokio
and hyper
. Previously the full
feature was only used for dev-dependencies.
Hi, I am trying to build an DTLS server, however boring crate panics inside acceptor.accept(client)
:
> RUST_BACKTRACE=full ./server
Hello, world!
new client 127.0.0.1:3400
thread '<unnamed>' panicked at 'source slice length (169) does not match destination slice length (16717)', /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/slice/mod.rs:3052:13
stack backtrace:
0: 0x55d2ce8caa30 - std::backtrace_rs::backtrace::libunwind::trace::h1037ca7e6eeef65c
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
1: 0x55d2ce8caa30 - std::backtrace_rs::backtrace::trace_unsynchronized::haaefac1bc3669450
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x55d2ce8caa30 - std::sys_common::backtrace::_print_fmt::h863a6f5e6d995885
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:67:5
3: 0x55d2ce8caa30 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h767e17e1aa7df6a8
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:46:22
4: 0x55d2ce8e5fcc - core::fmt::write::h7aa6cd0067dca82a
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/fmt/mod.rs:1110:17
5: 0x55d2ce8c5945 - std::io::Write::write_fmt::h4c802b6f761026c1
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/io/mod.rs:1590:15
6: 0x55d2ce8cc9bb - std::sys_common::backtrace::_print::h2769edb26a7eb606
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:49:5
7: 0x55d2ce8cc9bb - std::sys_common::backtrace::print::ha71f3549862b4cb6
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:36:9
8: 0x55d2ce8cc9bb - std::panicking::default_hook::{{closure}}::h95488a3bade217f6
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:208:50
9: 0x55d2ce8cc491 - std::panicking::default_hook::h290aa602c0fb11df
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:225:9
10: 0x55d2ce8cd061 - std::panicking::rust_panic_with_hook::hf32c4fa635e215f2
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:622:17
11: 0x55d2ce8ccb67 - std::panicking::begin_panic_handler::{{closure}}::h95197ccd88846f7a
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:519:13
12: 0x55d2ce8caf0c - std::sys_common::backtrace::__rust_end_short_backtrace::h7641df9566f7b7d0
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:141:18
13: 0x55d2ce8ccac9 - rust_begin_unwind
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:515:5
14: 0x55d2ce66a611 - core::panicking::panic_fmt::hbe99dddd3092ba3c
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/panicking.rs:92:14
15: 0x55d2ce66a8e2 - core::slice::<impl [T]>::copy_from_slice::len_mismatch_fail::h5656d919d719ae34
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/slice/mod.rs:3045:13
16: 0x55d2ce797816 - core::slice::<impl [T]>::copy_from_slice::h74e194cebb1b8af1
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/slice/mod.rs:3052:13
17: 0x55d2ce67b52e - <[T] as core::slice::CloneFromSpec<T>>::spec_clone_from::ha7a1ef94c0af3f73
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/slice/mod.rs:3511:9
18: 0x55d2ce67b4fd - core::slice::<impl [T]>::clone_from_slice::h47a286f3d99a55e9
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/slice/mod.rs:2976:9
19: 0x55d2ce67f968 - <server::Client as std::io::Read>::read::h0de8f8a9217a3f33
at /home/rainer/projects/svpn/src/bin/server.rs:33:9
20: 0x55d2ce6859aa - boring::ssl::bio::bread::{{closure}}::hfd992d9656758214
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-1.1.6/src/ssl/bio.rs:132:44
21: 0x55d2ce691e03 - core::ops::function::FnOnce::call_once::h0c06a9ec110e984c
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/ops/function.rs:227:5
22: 0x55d2ce68cf4b - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hc4091e66dd5678d8
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panic.rs:346:9
23: 0x55d2ce697817 - std::panicking::try::do_call::h57a17334329a61c2
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:401:40
24: 0x55d2ce697fad - __rust_try
25: 0x55d2ce6972cf - std::panicking::try::h64fe1f6863686bdf
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:365:19
26: 0x55d2ce68cfca - std::panic::catch_unwind::h0d7f78bdb190c068
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panic.rs:433:14
27: 0x55d2ce685734 - boring::ssl::bio::bread::h82aafe50cf15d0fd
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-1.1.6/src/ssl/bio.rs:132:11
28: 0x55d2ce7a072f - BIO_read
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/crypto/bio/bio.c:136:13
29: 0x55d2ce81adfd - dtls_read_buffer_next_packet
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/ssl_buffer.cc:136:15
30: 0x55d2ce81b046 - _ZN4bssl25ssl_read_buffer_extend_toEP6ssl_stm
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/ssl_buffer.cc:194:39
31: 0x55d2ce81b12e - _ZN4bssl22ssl_handle_open_recordEP6ssl_stPbNS_17ssl_open_record_tEmh
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/ssl_buffer.cc:222:47
32: 0x55d2ce884ffa - _ZN4bssl17ssl_run_handshakeEPNS_13SSL_HANDSHAKEEPb
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/handshake.cc:608:45
33: 0x55d2ce821bc3 - SSL_do_handshake
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/ssl_lib.cc:888:30
34: 0x55d2ce821c7e - SSL_accept
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-1.1.1/deps/boringssl/src/ssl/ssl_lib.cc:919:26
35: 0x55d2ce67e531 - boring::ssl::SslStreamBuilder<S>::accept::hd54d648559981c40
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-1.1.6/src/ssl/mod.rs:3267:28
36: 0x55d2ce67e7bf - boring::ssl::Ssl::accept::h3966736b4a85d5f9
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-1.1.6/src/ssl/mod.rs:2190:9
37: 0x55d2ce68cd5a - boring::ssl::connector::SslAcceptor::accept::h6a9e2413c5d55c76
at /home/rainer/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-1.1.6/src/ssl/connector.rs:286:9
38: 0x55d2ce6875ed - server::main::{{closure}}::{{closure}}::h2ba642e4b7547cbe
at /home/rainer/projects/svpn/src/bin/server.rs:194:30
39: 0x55d2ce67e950 - std::sys_common::backtrace::__rust_begin_short_backtrace::hca503e22ee861ef0
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys_common/backtrace.rs:125:18
40: 0x55d2ce66e8cc - std::thread::Builder::spawn_unchecked::{{closure}}::{{closure}}::h2ddb3d53624470ae
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/thread/mod.rs:481:17
41: 0x55d2ce68cee0 - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::ha3fa15a26594939c
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panic.rs:346:9
42: 0x55d2ce697a37 - std::panicking::try::do_call::he5a67af5ef45f393
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:401:40
43: 0x55d2ce697fad - __rust_try
44: 0x55d2ce697541 - std::panicking::try::h85d02fc31b27ff88
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panicking.rs:365:19
45: 0x55d2ce68d090 - std::panic::catch_unwind::h527d9841e5377c0e
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/panic.rs:433:14
46: 0x55d2ce66e6e0 - std::thread::Builder::spawn_unchecked::{{closure}}::h895b5611edd2eed1
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/thread/mod.rs:480:30
47: 0x55d2ce691d3e - core::ops::function::FnOnce::call_once{{vtable.shim}}::h1139201a4c7b5fff
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/core/src/ops/function.rs:227:5
48: 0x55d2ce8d0207 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h902e2cf6655e1b0c
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/alloc/src/boxed.rs:1575:9
49: 0x55d2ce8d0207 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h893a5452154309d1
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/alloc/src/boxed.rs:1575:9
50: 0x55d2ce8d0207 - std::sys::unix::thread::Thread::new::thread_start::hdedcb57c96ab37cd
at /rustc/f64503eb555475d65ae5503ef22439ca5dd394fd/library/std/src/sys/unix/thread.rs:71:17
51: 0x7fdad5be0259 - start_thread
52: 0x7fdad59be5e3 - __GI___clone
53: 0x0 - <unknown>
My server main code looks like this:
#[tokio::main]
async fn main() -> std::io::Result<()>{
println!("Hello, world!");
let socket = Arc::new(tokio::net::UdpSocket::bind("127.0.0.1:5000").await?);
let (sender, receiver) = tokio::sync::mpsc::channel(100);
let (mut udp_dispatcher, mut client_receiver) = UdpDispatcher::create(socket.clone(), sender);
let mut udp_transmitter = UdpTransmitter{tx_receiver: receiver, socket: socket};
tokio::spawn(async move {
// Process each socket concurrently.
udp_dispatcher.handle_rx().await
});
tokio::spawn(async move {
// Process each socket concurrently.
udp_transmitter.handle_tx().await
});
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::dtls()).unwrap();
acceptor.set_private_key_file("../../certs/server_key.pem", SslFiletype::PEM).unwrap();
acceptor.set_certificate_chain_file("../../certs/server_crt.pem").unwrap();
acceptor.check_private_key().unwrap();
let acceptor = Arc::new(acceptor.build());
loop
{
if let Some(client) = client_receiver.recv().await
{
println!("new client {}", client.addr);
let acceptor = acceptor.clone();
thread::spawn(move || {
let stream = acceptor.accept(client).unwrap();
handle_client(stream);
});
}
}
}
I think the crate should not cause a panic. this looks like a bug.
That would be useful for those of us denying duplicated dependencies in our tree
I am using (a fork of) boring in a project of mine and I'm having some trouble with making it use the correct certificates
unable to get local issuer certificate
. Reading up on a similar issue in rust-openssl
, I tried to find a way to set the env var SSL_CERT_DIR
to a path to the system's certificate store, but it seems they are stored on the registry, so I'm also trying to tackle this another way by:SslConnectorBuilder
, but I do not see a way to add them as X509
into the cert store due to the format they are stored in (rustls
has a specific method for that for example)Is there anything that may be useful in tackling these issues?
This would allow us to check which key exchange algorithm was used during the TLS handshake. In particular this would allow us to verify that a PQ algorithm was chosen (one of X25519Kyber768Draft00, ...).
Available as of https://boringssl.googlesource.com/boringssl/+/6cf98208371e5c2c8b9d34ce3b8c452ea90e2963. This will require upgrading the submodule and updating the patches.
I am tryin to change my rust client fingerprint by adding (27,17513,41) ext numbers => 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-[ 27 ext here ]-[ 17513 ext here ]-21-[ 41 ext here ],29-23-24,0
What I did:
Do I need to have an actual certificate and find someway to compress it? Did I miss something crucial? If there is a solution, does it work on rest of the ExtensionTypes? Is it not implemented for rust yet?
Tryin to mimic the chrome fingerprint for rust, I already have an app running in electron client and Go (with libraries) both have chrome fingerprint. Now doing it in rust for benchmark.
Any help or advice would be great, thanks alot.
let mut connector = HttpConnector::new();
connector.enforce_http(false);
let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
ssl.set_verify(SslVerifyMode::NONE);
ssl.enable_ocsp_stapling();
ssl.enable_signed_cert_timestamps();
ssl.set_alpn_protos(b"\x02h2\x06http/2").unwrap();
ssl.set_cipher_list("ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA").unwrap();
let ssl = HttpsConnector::with_connector(connector, ssl).unwrap();
let client = Client::builder()
.pool_max_idle_per_host(0)
.build::<_, Body>(ssl);
let req = Request::builder()
.method(Method::GET)
.uri("https://tls.peet.ws/api/clean")
.header("user-agent", "my agent")
.body(Body::from(""))
.unwrap();
let res = client.request(req).await.unwrap();
let buf = body::to_bytes(res).await.unwrap();
println!("{:#?}", buf);
originally reported for signal's fork at signalapp#18. I believe this also applies to upstream.
I believe it is an effect of this issue: rust-lang/rust-bindgen#2312
[100%] Linking C static library libcrypto.a
[100%] Built target crypto
make[1]: Leaving directory '/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/build/Release/obj.target/libsignal_client_linux_x64.node/geni/rust/x86_64-alpine-linux-musl/release/build/boring-sys-72ca916521d22009/out/build'
cargo:root=/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/build/Release/obj.target/libsignal_client_linux_x64.node/geni/rust/x86_64-alpine-linux-musl/release/build/boring-sys-72ca916521d22009/out
cargo:rustc-link-search=native=/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/build/Release/obj.target/libsignal_client_linux_x64.node/geni/rust/x86_64-alpine-linux-musl/release/build/boring-sys-72ca916521d22009/out/build/
cargo:rustc-link-lib=static=crypto
cargo:rerun-if-env-changed=BORING_BSSL_INCLUDE_PATH
--- stderr
make[1]: warning: -j8 forced in submake: resetting jobserver mode.
thread 'main' panicked at '"pthread_attr_t_union_(unnamed_at_/usr/include/bits/alltypes_h_378_18)" is not a valid Ident', /home/lauren/.cargo/registry/src/github.com-1ecc6299db9ec823/proc-macro2-1.0.29/src/fallback.rs:702:9
stack backtrace:
0: rust_begin_unwind
1: core::panicking::panic_fmt
2: proc_macro2::fallback::validate_ident
3: proc_macro2::fallback::Ident::_new
4: proc_macro2::fallback::Ident::new
5: proc_macro2::imp::Ident::new
6: proc_macro2::Ident::new
7: bindgen::ir::context::BindgenContext::rust_ident_raw
8: bindgen::ir::context::BindgenContext::rust_ident
9: <bindgen::ir::comp::CompInfo as bindgen::codegen::CodeGenerator>::codegen
10: <bindgen::ir::ty::Type as bindgen::codegen::CodeGenerator>::codegen
11: <bindgen::ir::item::Item as bindgen::codegen::CodeGenerator>::codegen
12: <bindgen::ir::comp::CompInfo as bindgen::codegen::CodeGenerator>::codegen
13: <bindgen::ir::ty::Type as bindgen::codegen::CodeGenerator>::codegen
14: <bindgen::ir::item::Item as bindgen::codegen::CodeGenerator>::codegen
15: <bindgen::ir::module::Module as bindgen::codegen::CodeGenerator>::codegen::{{closure}}
16: <bindgen::ir::module::Module as bindgen::codegen::CodeGenerator>::codegen
17: <bindgen::ir::item::Item as bindgen::codegen::CodeGenerator>::codegen
18: bindgen::codegen::codegen::{{closure}}
19: bindgen::ir::context::BindgenContext::gen
20: bindgen::codegen::codegen
21: bindgen::Bindings::generate
22: bindgen::Builder::generate
23: build_script_build::main
24: core::ops::function::FnOnce::call_once
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
ERROR: cargo failed
make: *** [libsignal_client_linux_x64.node.target.mk:17: 81151515b8c6a3dbe5e45d9ca84db703a61ee0ca.intermediate] Error 1
rm 81151515b8c6a3dbe5e45d9ca84db703a61ee0ca.intermediate
make: Leaving directory '/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/build'
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack at ChildProcess.emit (node:events:513:28)
gyp ERR! stack at ChildProcess._handle.onexit (node:internal/child_process:291:12)
gyp ERR! System Linux 6.1.21-0-lts
gyp ERR! command "/usr/bin/node" "/home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node/node_modules/.bin/node-gyp" "build" "--nodedir=/usr/include/electron/node_headers" "--build-from-source"
gyp ERR! cwd /home/lauren/aports/testing/signal-desktop/src/libsignal-0.22.0/node
gyp ERR! node -v v18.15.0
gyp ERR! node-gyp -v v8.4.1
gyp ERR! not ok
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
They haven't since 3.1.0, unfortunately.
Would it be possible to release a new version of boring-sys in the near future? I would like to be able to use the bindgen dependency update that got merged a few month ago.
Code of X509Extension::new
at line 759 is also vulnerable to the null pointer dereference and should apply the patch based on RUSTSEC-2023-0024.
pub fn new(
...
) -> Result<X509Extension, ErrorStack> {
...
unsafe {
ffi::init();
let conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
let context = context.map_or(ptr::null_mut(), X509v3Context::as_ptr); // should be patched
let name = name.as_ptr() as *mut _;
let value = value.as_ptr() as *mut _;
cvt_p(ffi::X509V3_EXT_nconf(conf, context, name, value))
.map(|p| X509Extension::from_ptr(p))
}
}
Do you think it should be reported to RUSTSEC because they are actually different crates (boring vs. openssl)?
[100%] Linking CXX static library libssl.a
[100%] Built target ssl
cargo:root=/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out
running: cd "/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out/build" && CMAKE_PREFIX_PATH="" "cmake" "/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out/boringssl" "-DCMAKE_TOOLCHAIN_FILE=/root/.cargo/git/checkouts/boring-e91d5d2310e5f29a/30da191/boring-sys/cmake/aarch64-linux.cmake" "-DCMAKE_INSTALL_PREFIX=/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC" "-DCMAKE_BUILD_TYPE=MinSizeRel"
-- Configuring done
-- Generating done
-- Build files have been written to: /home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out/build
running: cd "/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out/build" && MAKEFLAGS="-j --jobserver-fds=7,8 --jobserver-auth=7,8" "cmake" "--build" "." "--target" "crypto" "--config" "MinSizeRel"
Scanning dependencies of target crypto
Consolidate compiler generated dependencies of target crypto
[100%] Built target crypto
cargo:root=/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out
cargo:rustc-link-search=native=/home/rust/src/target/aarch64-unknown-linux-musl/release/build/boring-sys-aedc51994bc578c8/out/build/
cargo:rustc-link-lib=static=crypto
cargo:rustc-link-lib=static=ssl
--- stderr
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
thread 'main' panicked at 'assertion failed: `(left == right)`
left: `4`,
right: `8`: Target platform requires `--no-size_t-is-usize`. The size of `ssize_t` (4) does not match the target pointer size (8)', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bindgen-0.66.1/codegen/mod.rs:905:25
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
https://github.com/cloudflare/boring/blob/master/tokio-boring/README.md and https://github.com/cloudflare/boring/blob/master/tokio-boring/src/lib.rs speaks of SslConnectorExt
and SslAcceptorExt
traits but neither of these are exported nor defined.
assuming that the error is in boringssl as I've used the rsa crate in the past with "other" rsa implementations. the android debug bridge protocol uses boringssl which fails to validate rsa signatures. used boring
to try to reproduce.
#[test]
fn test_sign() {
let token = [0; 20];
let private_key = RsaPrivateKey::new(&mut rand::rngs::OsRng, 2048).unwrap();
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA1));
let signature = private_key.sign(padding, &token).unwrap();
use rsa::pkcs8::EncodePublicKey;
use rsa::pkcs1::der::Document;
let public_key = RsaPublicKey::from(&private_key);
//let public_key = public_key.to_public_key_pem(rsa::pkcs1::LineEnding::LF).unwrap();
let public_key = public_key.to_public_key_der().unwrap();
let public_key = public_key.as_der();
unsafe {
let public_key = boring_sys::RSA_public_key_from_bytes(public_key.as_ptr(), public_key.len());
if public_key.is_null() {
for err in boring::error::ErrorStack::get().errors() {
println!("{}", err);
}
panic!();
}
let res = boring_sys::RSA_verify(
boring_sys::NID_sha1,
token.as_ptr(),
token.len(),
signature.as_ptr(),
signature.len(),
public_key,
);
if res != 1 {
for err in boring::error::ErrorStack::get().errors() {
println!("{}", err);
}
panic!();
}
};
}
BAD_ENCODING
Code: 03000075
Loc: /home/dvc/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-2.0.0/deps/boringssl/src/crypto/bn_extra/bn_asn1.c:26
BAD_ENCODING
Code: 04000064
Loc: /home/dvc/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-2.0.0/deps/boringssl/src/crypto/rsa_extra/rsa_asn1.c:100
BAD_ENCODING
Code: 04000064
Loc: /home/dvc/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-2.0.0/deps/boringssl/src/crypto/rsa_extra/rsa_asn1.c:120
thread 'client::tests::test_sign' panicked at 'explicit panic', adb-rs/src/client.rs:532:1
Released boring-sys
crate (v2.1.0
) does not compile with llvm-16 (tested on centos8).
This seems due to already fixed bug in bindgen
.
Error on boring-sys
:
error: failed to run custom build command for `boring-sys v2.1.0 (/root/boring/boring-sys)`
Caused by:
process didn't exit successfully: `/root/boring/target/debug/build/boring-sys-dff89fb02913e519/build-script-build` (exit status: 101)
[...]
--- stderr
thread 'main' panicked at '"__pthread_cond_s_union_(anonymous_at_/usr/include/bits/thread-shared-types_h_173_17)" is not a valid Ident', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/proc-macro2-1.0.66/src/fallback.rs:774:9
[...]
Notes:
v2.1.0
released version. By using master
it successfully compiles.
master
uses a fixed version of bindgen
.v2.1.0
compiles).FROM quay.io/centos/centos:stream8
ENV BORING_BRANCH="v2.1.0"
ENV CLANG_VERSION="16.0.0"
RUN dnf -y update
RUN dnf -y install epel-release
RUN dnf -y update
RUN dnf -y install git gcc gcc-c++ cmake
RUN dnf -y install clang-devel-${CLANG_VERSION}
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
WORKDIR /root
RUN git clone --depth 1 --branch ${BORING_BRANCH} https://github.com/cloudflare/boring.git
Considering the current public release available on crates.io (the main artifact source for this) is still v2.1.0
for the boring
crate, I think it was still worth it to open this issue to track this.
Moreover, is there any plan for a new release to unblock this?
Thanks.
Hi, I'm attempting to build a project that depends on boring
v3.0.4 in a Docker container, and encountering a build error when the FIPS feature is enabled.
In both cases, the Dockerfile should contain the requisite build dependencies (note that some of these build deps are not directly relevant to building BoringSSL, but I figured it was helpful to include the whole thing).
RUN DEBIAN_FRONTEND=noninteractive apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y curl unzip xz-utils
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gnupg2
RUN DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y git
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
cmake \
curl \
gcc \
software-properties-common \
gnupg \
curl \
apt-transport-https \
golang-go \
ca-certificates \
clang-12 \
clang-tools-12 \
clang-format-12 \
python3-clang-12 \
libfuzzer-12-dev \
lldb-12 \
lld-12 \
libc++-12-dev \
libc++abi-12-dev \
libomp-12-dev
When the "fips" feature flag is not enabled, boring
(and the rest of the project build successfully. However, when "fips" is enabled, the build script fails with a bunch of CMake errors, complaining about missing sources. Here's the complete output, although it's rather long:
#30 19.69 error: failed to run custom build command for `boring-sys v3.0.4`
#30 19.69
#30 19.69 Caused by:
#30 19.70 process didn't exit successfully: `/target/release/build/boring-sys-ae2e1a79ca25e9cc/build-script-build` (exit status: 101)
#30 19.70 --- stdout
#30 19.70 cargo:rerun-if-env-changed=BORING_BSSL_PATH
#30 19.70 cargo:rerun-if-env-changed=BORING_BSSL_INCLUDE_PATH
#30 19.70 cargo:rerun-if-env-changed=BORING_BSSL_SOURCE_PATH
#30 19.70 cargo:rerun-if-env-changed=BORING_SSL_PRECOMPILED_BCM_O
#30 19.70 cargo:rerun-if-env-changed=BORINGSSL_BUILD_DIR
#30 19.70 Initialized empty Git repository in /target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out/boringssl-fips/.git/
#30 19.70
#30 19.70 CMAKE_TOOLCHAIN_FILE_x86_64-unknown-linux-gnu = None
#30 19.70 CMAKE_TOOLCHAIN_FILE_x86_64_unknown_linux_gnu = None
#30 19.70 HOST_CMAKE_TOOLCHAIN_FILE = None
#30 19.70 CMAKE_TOOLCHAIN_FILE = None
#30 19.70 CMAKE_GENERATOR_x86_64-unknown-linux-gnu = None
#30 19.70 CMAKE_GENERATOR_x86_64_unknown_linux_gnu = None
#30 19.70 HOST_CMAKE_GENERATOR = None
#30 19.70 CMAKE_GENERATOR = None
#30 19.70 CMAKE_PREFIX_PATH_x86_64-unknown-linux-gnu = None
#30 19.70 CMAKE_PREFIX_PATH_x86_64_unknown_linux_gnu = None
#30 19.70 HOST_CMAKE_PREFIX_PATH = None
#30 19.70 CMAKE_PREFIX_PATH = None
#30 19.70 CMAKE_x86_64-unknown-linux-gnu = None
#30 19.70 CMAKE_x86_64_unknown_linux_gnu = None
#30 19.70 HOST_CMAKE = None
#30 19.70 CMAKE = None
#30 19.70 running: cd "/target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out/build" && CMAKE_PREFIX_PATH="" "cmake" "/target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out/boringssl-fips" "-DCMAKE_C_COMPILER=clang-12" "-DCMAKE_CXX_COMPILER=clang++-12" "-DCMAKE_ASM_COMPILER=clang-12" "-DFIPS=1" "-DCMAKE_INSTALL_PREFIX=/target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_BUILD_TYPE=Release"
#30 19.70 -- The C compiler identification is Clang 12.0.0
#30 19.70 -- Check for working C compiler: /usr/bin/clang-12
#30 19.70 -- Check for working C compiler: /usr/bin/clang-12 -- works
#30 19.70 -- Detecting C compiler ABI info
#30 19.70 -- Detecting C compiler ABI info - done
#30 19.70 -- Detecting C compile features
#30 19.70 -- Detecting C compile features - done
#30 19.70 -- The CXX compiler identification is Clang 12.0.0
#30 19.70 -- Check for working CXX compiler: /usr/bin/clang++-12
#30 19.70 -- Check for working CXX compiler: /usr/bin/clang++-12 -- works
#30 19.70 -- Detecting CXX compiler ABI info
#30 19.70 -- Detecting CXX compiler ABI info - done
#30 19.70 -- Detecting CXX compile features
#30 19.70 -- Detecting CXX compile features - done
#30 19.70 -- Found Perl: /usr/bin/perl (found version "5.30.0")
#30 19.70 -- Checking for module 'libunwind-generic'
#30 19.70 -- No package 'libunwind-generic' found
#30 19.70 -- The ASM compiler identification is Clang
#30 19.70 -- Found assembler: /usr/bin/clang-12
#30 19.70 -- Configuring done
#30 19.70
#30 19.70 --- stderr
#30 19.70
#30 19.70 libunwind not found. Disabling unwind tests.
#30 19.70 stat /target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out/boringssl-fips/util/godeps.go: no such file or directory
#30 19.70 stat /target/x86_64-unknown-linux-gnu/release/build/boring-sys-36319e5c2e6aa669/out/boringssl-fips/util/godeps.go: no such file or directory
#30 19.70 CMake Error at CMakeLists.txt:565 (add_library):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 third_party/googletest/src/gtest-all.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/test/CMakeLists.txt:23 (add_library):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 gtest_main.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/CMakeLists.txt:489 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 abi_self_test.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/CMakeLists.txt:478 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 fipsmodule/rand/urandom_test.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/test/CMakeLists.txt:1 (add_library):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 abi_test.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/CMakeLists.txt:49 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 span_test.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/CMakeLists.txt:3 (add_library):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 bio_ssl.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/test/CMakeLists.txt:21 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 async_bio.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at tool/CMakeLists.txt:3 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 args.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at util/fipstools/cavp/CMakeLists.txt:4 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 cavp_main.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at util/fipstools/acvp/modulewrapper/CMakeLists.txt:4 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 main.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at decrepit/CMakeLists.txt:29 (add_executable):
#30 19.70 Cannot find source file:
#30 19.70
#30 19.70 blowfish/blowfish_test.cc
#30 19.70
#30 19.70 Tried extensions .c .C .c++ .cc .cpp .cxx .cu .m .M .mm .h .hh .h++ .hm
#30 19.70 .hpp .hxx .in .txx
#30 19.70
#30 19.70
#30 19.70 CMake Error at CMakeLists.txt:565 (add_library):
#30 19.70 No SOURCES given to target: boringssl_gtest
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/CMakeLists.txt:489 (add_executable):
#30 19.70 No SOURCES given to target: crypto_test
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/CMakeLists.txt:478 (add_executable):
#30 19.70 No SOURCES given to target: urandom_test
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/test/CMakeLists.txt:23 (add_library):
#30 19.70 No SOURCES given to target: boringssl_gtest_main
#30 19.70
#30 19.70
#30 19.70 CMake Error at crypto/test/CMakeLists.txt:1 (add_library):
#30 19.70 No SOURCES given to target: test_support_lib
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/CMakeLists.txt:49 (add_executable):
#30 19.70 No SOURCES given to target: ssl_test
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/CMakeLists.txt:3 (add_library):
#30 19.70 No SOURCES given to target: ssl
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/test/CMakeLists.txt:21 (add_executable):
#30 19.70 No SOURCES given to target: handshaker
#30 19.70
#30 19.70
#30 19.70 CMake Error at ssl/test/CMakeLists.txt:3 (add_executable):
#30 19.70 No SOURCES given to target: bssl_shim
#30 19.70
#30 19.70
#30 19.70 CMake Error at tool/CMakeLists.txt:3 (add_executable):
#30 19.70 No SOURCES given to target: bssl
#30 19.70
#30 19.70
#30 19.70 CMake Error at util/fipstools/cavp/CMakeLists.txt:4 (add_executable):
#30 19.70 No SOURCES given to target: cavp
#30 19.70
#30 19.70
#30 19.70 CMake Error at util/fipstools/acvp/modulewrapper/CMakeLists.txt:4 (add_executable):
#30 19.70 No SOURCES given to target: modulewrapper
#30 19.70
#30 19.70
#30 19.70 CMake Error at decrepit/CMakeLists.txt:29 (add_executable):
#30 19.70 No SOURCES given to target: decrepit_test
#30 19.70
#30 19.70
#30 19.70 CMake Generate step failed. Build files cannot be regenerated correctly.
#30 19.70 thread 'main' panicked at '
#30 19.70 command did not execute successfully, got: exit status: 1
#30 19.70
#30 19.70 build script failed, must exit now', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cmake-0.1.50/src/lib.rs:1098:5
#30 19.70 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
#30 19.70 warning: build failed, waiting for other jobs to finish...
I did check the contents of the google/boring
repo on the FIPS revision (google/boring@853ca1ea1168dff08011e5d42d94609cc0ca2e27), and all the files that CMake complains are missing appear to be in the right place. So, I'm not entirely sure what's gone wrong here, or whether it's an issue with the boring-sys
buildscript or a problem of my own creation. Any help would be very appreciated. Thanks in advance!
Clang 16 introduced a breaking change, and bindgen needs to be updated accordingly.
Given that version 2.1.0 requires the older bindgen version, the bindgen-sys compilation fails with clang 16.
The updated bindgen dependency is already in the latest git, so it's only a matter of releasing a new version.
I am writing a wrapper for tokio's UdpSocket
to enable use via tokio-boring
. There are two use cases for DTLS connections, one with a one-to-one connection where each partner can use connect()
, and one where a server allows multiple clients to connect and maintains a separate DTLS connection to each client via a single socket. This separation makes a straight-forward implementation of the AsyncRead
/AsyncWrite
traits for UdpSocket
impossible, thus requiring the wrapper.
Would there be interest to add this to tokio-boring? If so, I can clean it up and document it for a PR.
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3678.pdf describes what's needed to make a FIPS certified build of boringSSL. Be warned that this is some ancient version and you'll have to play games with the toolchain.
the boring-sys has the c-bindings for "SSL_CTX_set_private_key_method"
and "SSL_set_private_key_method"
but missing in the SslContextBuilder "https://github.com/cloudflare/boring/blob/master/boring/src/ssl/mod.rs"
Is this by design of just a missing implementation?
These private key method is used when we want to delegate the key operations, I'd like to help to add these if they are needed.
I have many issues with the various Error
types we define and how HttpsConnector
ultimately just uses BoxError
for its Service<Uri>
error type, I'll try to summarize them here.
First, the BoxError
, this makes it impossible to consume any more specific error type, as downcasting with the Error
trait is always by reference.
Second, I keep confusing myself with boring::Error
and boring::ssl::Error
.
Third, the boring::ssl::HandshakeError
is not fun to use for multiple reasons:
Failure
and WouldBlock
);MidHandshakeSslStream<S>
even in the Failure
variant, even though you are obviously not supposed to do anything anymore with that stream given the handshake failed;MidHandshakeSslStream<S>
struct to keep around the error that interrupted the handshake, as that was expected and you just want to resume it;SetupFailure
which feels out of place to me, shouldn't setup errors be completely contained in builders etc?Fourth, tokio_boring::HandshakeError
is as useful as BoxError
given it doesn't let us access the boring::ssl::HandshakeError
it wraps directly, so that's one more layer of hoops to go through to find, say, I/O errors.
Fifth, even if tokio_boring::HandshakeError
let us access its inner boring::ssl::HandshakeError
, that would still be a bit of a bother to use, as we know tokio_boring
would never return a WouldBlock
error but we would still need an arm for that in our code.
error: failed to run custom build command for `boring-sys v2.0.0 (https://github.com/gngpp/boring?rev=2a7463a#2a7463aa)`
Caused by:
process didn't exit successfully: `/root/vscode/opengpt/target/release/build/boring-sys-62239a19c1db6640/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=BORING_BSSL_PATH
CMAKE_TOOLCHAIN_FILE_armv7-unknown-linux-gnueabihf = None
CMAKE_TOOLCHAIN_FILE_armv7_unknown_linux_gnueabihf = Some("/root/.cache/cargo-zigbuild/0.16.7/cmake/armv7-unknown-linux-gnueabihf-toolchain.cmake")
CMAKE_GENERATOR_armv7-unknown-linux-gnueabihf = None
CMAKE_GENERATOR_armv7_unknown_linux_gnueabihf = None
TARGET_CMAKE_GENERATOR = None
CMAKE_GENERATOR = None
CMAKE_PREFIX_PATH_armv7-unknown-linux-gnueabihf = None
CMAKE_PREFIX_PATH_armv7_unknown_linux_gnueabihf = None
TARGET_CMAKE_PREFIX_PATH = None
CMAKE_PREFIX_PATH = None
CMAKE_armv7-unknown-linux-gnueabihf = None
CMAKE_armv7_unknown_linux_gnueabihf = None
TARGET_CMAKE = None
CMAKE = None
running: cd "/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build" && CMAKE_PREFIX_PATH="" "cmake" "/root/.cargo/git/checkouts/boring-e91d5d2310e5f29a/2a7463a/boring-sys/deps/boringssl" "-DCMAKE_TOOLCHAIN_FILE=/root/.cache/cargo-zigbuild/0.16.7/cmake/armv7-unknown-linux-gnueabihf-toolchain.cmake" "-DCMAKE_INSTALL_PREFIX=/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -march=armv7-a -mfpu=vfpv3-d16" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -march=armv7-a -mfpu=vfpv3-d16" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -march=armv7-a -mfpu=vfpv3-d16" "-DCMAKE_BUILD_TYPE=MinSizeRel"
-- The C compiler identification is Clang 15.0.7
-- The CXX compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /root/.cache/cargo-zigbuild/0.16.7/zigcc-armv7-unknown-linux-gnueabihf.sh - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - failed
-- Check for working CXX compiler: /root/.cache/cargo-zigbuild/0.16.7/zigcxx-armv7-unknown-linux-gnueabihf.sh
-- Check for working CXX compiler: /root/.cache/cargo-zigbuild/0.16.7/zigcxx-armv7-unknown-linux-gnueabihf.sh - broken
-- Configuring incomplete, errors occurred!
See also "/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeOutput.log".
See also "/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeError.log".
--- stderr
CMake Error at /usr/share/cmake-3.22/Modules/CMakeTestCXXCompiler.cmake:62 (message):
The C++ compiler
"/root/.cache/cargo-zigbuild/0.16.7/zigcxx-armv7-unknown-linux-gnueabihf.sh"
is not able to compile a simple test program.
It fails with the following output:
Change Dir: /root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeTmp
Run Build Command(s):/usr/bin/gmake -f Makefile cmTC_2fe18/fast && /usr/bin/gmake -f CMakeFiles/cmTC_2fe18.dir/build.make CMakeFiles/cmTC_2fe18.dir/build
gmake[1]: Entering directory '/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeTmp'
Building CXX object CMakeFiles/cmTC_2fe18.dir/testCXXCompiler.cxx.o
/root/.cache/cargo-zigbuild/0.16.7/zigcxx-armv7-unknown-linux-gnueabihf.sh -ffunction-sections -fdata-sections -fPIC -march=armv7-a -mfpu=vfpv3-d16 -o CMakeFiles/cmTC_2fe18.dir/testCXXCompiler.cxx.o -c /root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeTmp/testCXXCompiler.cxx
warning(compilation): libc++ does not work on multi-threaded ARM yet.
For more details: https://github.com/ziglang/zig/issues/6573
error: unable to create compilation: TargetRequiresSingleThreaded
gmake[1]: *** [CMakeFiles/cmTC_2fe18.dir/build.make:78: CMakeFiles/cmTC_2fe18.dir/testCXXCompiler.cxx.o] Error 1
gmake[1]: Leaving directory '/root/vscode/opengpt/target/armv7-unknown-linux-gnueabihf/release/build/boring-sys-79d072199fd65189/out/build/CMakeFiles/CMakeTmp'
gmake: *** [Makefile:127: cmTC_2fe18/fast] Error 2
CMake will not be able to correctly generate this project.
Call Stack (most recent call first):
CMakeLists.txt:9 (project)
thread 'main' panicked at '
command did not execute successfully, got: exit status: 1
build script failed, must exit now', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.50/src/lib.rs:1098:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
I tried generating certificates using step-CLI with:
step certificate create localhost localhost.crt localhost.key --profile self-signed --subtle --no-password --insecure --force --san 127.0.0.1 --san ::1 --not-after 31536000s --kty OKP
And tried plugging into the quiche library and it ended up timing out.
I tried with the other certificates like ECDSA and RSA and they both worked.
Is there something wrong with Ed25519 certificates?
Apologies if this is a known issue (I didn't immediately see a dupe). I just tried building (with a clean checkout of master) against the latest BoringSSL master. It looks like a few method signatures have changed (see below). Do we have a way of dealing with these sorts of breaking changes? Perhaps we need to release a new minor version to indicate a breaking API change?
$ cargo build
Updating crates.io index
Downloaded once_cell v1.17.0
Downloaded try-lock v0.2.4
Downloaded parking_lot_core v0.9.6
Downloaded glob v0.3.1
Downloaded tokio v1.24.2
Downloaded nom v7.1.3
Downloaded regex v1.7.1
Downloaded proc-macro2 v1.0.50
Downloaded 8 crates (1.1 MB) in 0.50s
Compiling proc-macro2 v1.0.50
Compiling libc v0.2.139
Compiling quote v1.0.23
Compiling autocfg v1.1.0
Compiling unicode-ident v1.0.6
Compiling cfg-if v1.0.0
Compiling memchr v2.5.0
Compiling syn v1.0.107
Compiling glob v0.3.1
Compiling log v0.4.17
Compiling pin-project-lite v0.2.9
Compiling parking_lot_core v0.9.6
Compiling minimal-lexical v0.2.1
Compiling lock_api v0.4.9
Compiling clang-sys v1.4.0
Compiling libloading v0.7.4
Compiling futures-core v0.3.25
Compiling regex-syntax v0.6.28
Compiling scopeguard v1.1.0
Compiling bytes v1.3.0
Compiling bindgen v0.60.1
Compiling smallvec v1.10.0
Compiling nom v7.1.3
Compiling tokio v1.24.2
Compiling shlex v1.1.0
Compiling lazycell v1.3.0
Compiling cc v1.0.78
Compiling bitflags v1.3.2
Compiling rustc-hash v1.1.0
Compiling peeking_take_while v0.1.2
Compiling lazy_static v1.4.0
Compiling regex v1.7.1
Compiling cmake v0.1.49
Compiling parking_lot v0.12.1
Compiling mio v0.8.5
Compiling socket2 v0.4.7
Compiling cexpr v0.6.0
Compiling num_cpus v1.15.0
Compiling signal-hook-registry v1.4.0
Compiling slab v0.4.7
Compiling once_cell v1.17.0
Compiling futures-task v0.3.25
Compiling futures-sink v0.3.25
Compiling futures-channel v0.3.25
Compiling tracing-core v0.1.30
Compiling indexmap v1.9.2
Compiling futures-util v0.3.25
Compiling fnv v1.0.7
Compiling itoa v1.0.5
Compiling http v0.2.8
Compiling tracing v0.1.37
Compiling httparse v1.8.0
Compiling foreign-types-shared v0.3.1
Compiling futures-io v0.3.25
Compiling pin-utils v0.1.0
Compiling hashbrown v0.12.3
Compiling try-lock v0.2.4
Compiling linked-hash-map v0.5.6
Compiling want v0.3.0
Compiling httpdate v1.0.2
Compiling tower-service v0.3.2
Compiling http-body v0.4.5
Compiling linked_hash_set v0.1.4
Compiling tower-layer v0.3.2
Compiling antidote v1.0.0
Compiling tokio-macros v1.8.2
Compiling futures-macro v0.3.25
Compiling foreign-types-macros v0.2.2
Compiling foreign-types v0.5.0
Compiling boring-sys v2.1.0 (/Users/nathanmittler/rust/boring/boring-sys)
Compiling tokio-util v0.7.4
Compiling h2 v0.3.15
Compiling hyper v0.14.23
warning: cargo:rustc-cdylib-link-arg was specified in the build script of boring-sys v2.1.0 (/Users/nathanmittler/rust/boring/boring-sys), but that package does not contain a cdylib target
Allowing this was an unintended change in the 1.50 release, and may become an error in the future. For more information, see <https://github.com/rust-lang/cargo/issues/9562>.
Compiling boring v2.1.0 (/Users/nathanmittler/rust/boring/boring)
error: could not find native static library `crypto`, perhaps an -L flag is missing?
The following warnings were emitted during compilation:
warning: cargo:rustc-cdylib-link-arg was specified in the build script of boring-sys v2.1.0 (/Users/nathanmittler/rust/boring/boring-sys), but that package does not contain a cdylib target
Allowing this was an unintended change in the 1.50 release, and may become an error in the future. For more information, see <https://github.com/rust-lang/cargo/issues/9562>.
error: could not compile `boring-sys` due to previous error
warning: build failed, waiting for other jobs to finish...
error[E0308]: mismatched types
--> boring/src/bio.rs:29:17
|
27 | cvt_p(BIO_new_mem_buf(
| --------------- arguments to this function are incorrect
28 | buf.as_ptr() as *const _,
29 | buf.len() as c_int,
| ^^^^^^^^^^^^^^^^^^ expected `isize`, found `i32`
|
note: function defined here
--> /Users/nathanmittler/rust/boring/target/debug/build/boring-sys-ee7e57c7cf81a61d/out/bindings.rs:9399:12
|
9399 | pub fn BIO_new_mem_buf(buf: *const ::std::os::raw::c_void, len: ossl_ssize_t) -> *mut BIO;
| ^^^^^^^^^^^^^^^
help: you can convert an `i32` to an `isize` and panic if the converted value doesn't fit
|
29 | (buf.len() as c_int).try_into().unwrap(),
| + +++++++++++++++++++++
error[E0308]: mismatched types
--> boring/src/ssl/mod.rs:1176:17
|
1173 | let r = ffi::SSL_CTX_set_alpn_protos(
| ---------------------------- arguments to this function are incorrect
...
1176 | protocols.len() as c_uint,
| ^^^^^^^^^^^^^^^^^^^^^^^^^ expected `usize`, found `u32`
|
note: function defined here
--> /Users/nathanmittler/rust/boring/target/debug/build/boring-sys-ee7e57c7cf81a61d/out/bindings.rs:36393:12
|
36393 | pub fn SSL_CTX_set_alpn_protos(
| ^^^^^^^^^^^^^^^^^^^^^^^
help: you can convert a `u32` to a `usize` and panic if the converted value doesn't fit
|
1176 | (protocols.len() as c_uint).try_into().unwrap(),
| + +++++++++++++++++++++
error[E0308]: mismatched types
--> boring/src/ssl/mod.rs:2277:17
|
2274 | let r = ffi::SSL_set_alpn_protos(
| ------------------------ arguments to this function are incorrect
...
2277 | protocols.len() as c_uint,
| ^^^^^^^^^^^^^^^^^^^^^^^^^ expected `usize`, found `u32`
|
note: function defined here
--> /Users/nathanmittler/rust/boring/target/debug/build/boring-sys-ee7e57c7cf81a61d/out/bindings.rs:36400:12
|
36400 | pub fn SSL_set_alpn_protos(
| ^^^^^^^^^^^^^^^^^^^
help: you can convert a `u32` to a `usize` and panic if the converted value doesn't fit
|
2277 | (protocols.len() as c_uint).try_into().unwrap(),
| + +++++++++++++++++++++
For more information about this error, try `rustc --explain E0308`.
error: could not compile `boring` due to 3 previous errors
As mentioned in #129, boring-sys
crate v2.1.0
does not compile with llvm-16. This has been fixed with v3.0.0
.
However, Quiche still uses boring 2.0.0. This prevents us to update to boring-sys >= 3.0.0
.
Could you please publish a 2.1.1
patch release? The changes should be minimal:
From ca33099471f63a51e182a822c999f4e402bf4087 Mon Sep 17 00:00:00 2001
From: Alessandro Bono <[email protected]>
Date: Thu, 10 Aug 2023 09:29:53 +0000
Subject: [PATCH] Update bindgen to 0.62
---
boring-sys/Cargo.toml | 2 +-
boring-sys/build.rs | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/boring-sys/Cargo.toml b/boring-sys/Cargo.toml
index 02a756fe..81e5252a 100644
--- a/boring-sys/Cargo.toml
+++ b/boring-sys/Cargo.toml
@@ -27,7 +27,7 @@ include = [
]
[build-dependencies]
-bindgen = { version = "0.60", default-features = false, features = ["runtime"] }
+bindgen = { version = "0.62", default-features = false, features = ["runtime"] }
cmake = "0.1"
[features]
diff --git a/boring-sys/build.rs b/boring-sys/build.rs
index 9bccf945..f6629474 100644
--- a/boring-sys/build.rs
+++ b/boring-sys/build.rs
@@ -384,7 +384,10 @@ fn main() {
.derive_debug(true)
.derive_default(true)
.derive_eq(true)
- .default_enum_style(bindgen::EnumVariation::NewType { is_bitfield: false })
+ .default_enum_style(bindgen::EnumVariation::NewType {
+ is_bitfield: false,
+ is_global: false,
+ })
.default_macro_constant_type(bindgen::MacroTypeVariation::Signed)
.generate_comments(true)
.fit_macro_constants(false)
--
2.41.0
I have something working for specifically for brotli but I am not sure this crate would want to include another dependancy even as a feature.
error: linking with `i686-unknown-linux-musl-gcc` failed: exit status: 1
|
= note: "i686-unknown-linux-musl-gcc" "-m32" "-Wl,-melf_i386" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained/crt1.o" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained/crti.o" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained/crtbegin.o" "/tmp/rustcPOs1eW/symbols.o" "/home/rust/src/target/i686-unknown-linux-musl/release/deps/opengpt-0079da8b20df6f38.opengpt.8939cec7-cgu.0.rcgu.o" "-Wl,--as-needed" "-L" "/home/rust/src/target/i686-unknown-linux-musl/release/deps" "-L" "/home/rust/src/target/release/deps" "-L" "src/backend/linux_raw/arch/outline/release" "-L" "/home/rust/src/target/i686-unknown-linux-musl/release/build/ring-a7ead9a2334b859c/out" "-L" "/home/rust/src/target/i686-unknown-linux-musl/release/build/zstd-sys-b20442a71911b221/out" "-L" "/home/rust/src/target/i686-unknown-linux-musl/release/build/boring-sys-78a816cb7218359a/out/build/" "-L" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib" "-Wl,-Bstatic" "/tmp/rustcPOs1eW/libzstd_sys-cdcf9507c1b16dfb.rlib" "/tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib" "/tmp/rustcPOs1eW/libring-7c6ace07ccb3af0c.rlib" "/tmp/rustcPOs1eW/librustix-70ab62295cdf44b3.rlib" "-lunwind" "-lc" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/libcompiler_builtins-b6cea8e7d77e2c25.rlib" "-Wl,-Bdynamic" "-Wl,--eh-frame-hdr" "-Wl,-znoexecstack" "-nostartfiles" "-L" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib" "-L" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained" "-o" "/home/rust/src/target/i686-unknown-linux-musl/release/deps/opengpt-0079da8b20df6f38" "-Wl,--gc-sections" "-static" "-no-pie" "-Wl,-zrelro,-znow" "-Wl,--strip-all" "-nodefaultlibs" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained/crtend.o" "/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/i686-unknown-linux-musl/lib/self-contained/crtn.o"
= note: /usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(bcm.c.o): in function `wait_for_entropy':
bcm.c:(.text.wait_for_entropy+0x96): undefined reference to `__fprintf_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(bcm.c.o): in function `aes_nohw_cbc_encrypt':
bcm.c:(.text.aes_nohw_cbc_encrypt+0x181): undefined reference to `__memcpy_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(mem.c.o): in function `BIO_vsnprintf':
mem.c:(.text.BIO_vsnprintf+0x23): undefined reference to `__vsnprintf_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(file.c.o): in function `file_gets':
file.c:(.text.file_gets+0x25): undefined reference to `__fgets_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(printf.c.o): in function `BIO_printf':
printf.c:(.text.BIO_printf+0x52): undefined reference to `__vsnprintf_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: printf.c:(.text.BIO_printf+0xbc): undefined reference to `__vsnprintf_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(ssl_aead_ctx.cc.o): in function `bssl::SSLAEADContext::Open(bssl::Span<unsigned char>*, unsigned char, unsigned short, unsigned char const*, bssl::Span<unsigned char const>, bssl::Span<unsigned char>)':
ssl_aead_ctx.cc:(.text._ZN4bssl14SSLAEADContext4OpenEPNS_4SpanIhEEhtPKhNS1_IS4_EES2_+0x118): undefined reference to `__memset_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(ssl_aead_ctx.cc.o): in function `bssl::SSLAEADContext::SealScatter(unsigned char*, unsigned char*, unsigned char*, unsigned char, unsigned short, unsigned char const*, bssl::Span<unsigned char const>, unsigned char const*, unsigned int, unsigned char const*, unsigned int)':
ssl_aead_ctx.cc:(.text._ZN4bssl14SSLAEADContext11SealScatterEPhS1_S1_htPKhNS_4SpanIS2_EES3_jS3_j+0x1a1): undefined reference to `__memset_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(e_tls.c.o): in function `aead_tls_seal_scatter':
e_tls.c:(.text.aead_tls_seal_scatter+0x33c): undefined reference to `__memset_chk'
/usr/local/musl/bin/../lib/gcc/i686-unknown-linux-musl/11.2.0/../../../../i686-unknown-linux-musl/bin/ld: /tmp/rustcPOs1eW/libboring_sys-09fc0bf71700da1d.rlib(tls_cbc.c.o): in function `EVP_tls_cbc_copy_mac':
tls_cbc.c:(.text.EVP_tls_cbc_copy_mac+0x6c): undefined reference to `__memset_chk'
collect2: error: ld returned 1 exit status
= help: some `extern` functions couldn't be found; some native libraries may need to be installed or have their path specified
= note: use the `-l` flag to specify native libraries to link
= note: use the `cargo:rustc-link-lib` directive to specify the native libraries to link with Cargo (see https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorustc-link-libkindname)
Right now it's feature gated:
Lines 200 to 208 in 1507689
X509_STORE_CTX_get0_chain
is X509_STORE_CTX_get1_chain
.Recently, Rustls was updated to have allow a pluggable crypto provider: https://github.com/rustls/rustls/pull/1405/files.
I believe it would now be possible to plugin boring
into this. This is appealing as we get the benefits of boringssl as well as rustls - notably, FIPS compliance.
Is there interest in providing such a provider?
In boring/src/ssl/mod.rs
we have
/// Sets the list of supported ciphers for protocols before TLSv1.3.
///
/// The `set_ciphersuites` method controls the cipher suites for TLSv1.3.
///
/// See [`ciphers`] for details on the format.
///
/// This corresponds to [`SSL_CTX_set_cipher_list`].
///
/// [`ciphers`]: https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
/// [`SSL_CTX_set_cipher_list`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html
But boring-sys/deps/boringssl/include/openssl/ssl.h
says
// SSL_CTX_set_cipher_list configures the cipher list for |ctx|, evaluating
// |str| as a cipher string. It returns one on success and zero on failure.
//
// Prefer to use |SSL_CTX_set_strict_cipher_list|. This function tolerates
// garbage inputs, unless an empty cipher list results.
OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
and in the paragraph above this declaration, it says
// TLS 1.3 ciphers do not participate in this mechanism and instead have a
// built-in preference order. Functions to set cipher lists do not affect TLS
// 1.3, and functions to query the cipher list do not include TLS 1.3 ciphers.
Moreover, set_ciphersuites
doesn't appear to exist.
Hello. Trying to build an app with boring-sys
for Windows using x86_64-pc-windows-gnu
target from Manjaro (based on Archlinux).
I have mingw packages installed (mingw-w64-gcc, mingw-w64-binutils, mingw-w64-crt, mingw-w64-headers, mingw-w64-winpthreads). Tried with rust stable (rustc 1.60.0) and nightly. Result is the same.
I don't know what I can do here from my side in order to successfully build the app. Could you please suggest my next steps?
cargo build --release --target x86_64-pc-windows-gnu
Compiling boring-sys v2.0.0
error: failed to run custom build command for `boring-sys v2.0.0`
Caused by:
process didn't exit successfully: `/mnt/Build/cargo/release/build/boring-sys-ae341c073d555390/build-script-build` (exit status: 101)
--- stdout
CMAKE_TOOLCHAIN_FILE_x86_64-pc-windows-gnu = None
CMAKE_TOOLCHAIN_FILE_x86_64_pc_windows_gnu = None
TARGET_CMAKE_TOOLCHAIN_FILE = None
CMAKE_TOOLCHAIN_FILE = None
CMAKE_GENERATOR_x86_64-pc-windows-gnu = None
CMAKE_GENERATOR_x86_64_pc_windows_gnu = None
TARGET_CMAKE_GENERATOR = None
CMAKE_GENERATOR = None
CMAKE_PREFIX_PATH_x86_64-pc-windows-gnu = None
CMAKE_PREFIX_PATH_x86_64_pc_windows_gnu = None
TARGET_CMAKE_PREFIX_PATH = None
CMAKE_PREFIX_PATH = None
CMAKE_x86_64-pc-windows-gnu = None
CMAKE_x86_64_pc_windows_gnu = None
TARGET_CMAKE = None
CMAKE = None
running: "cmake" "/home/dev/.cargo/registry/src/github.com-1ecc6299db9ec823/boring-sys-2.0.0/deps/boringssl" "-DCMAKE_SYSTEM_NAME=Windows" "-DCMAKE_RC_COMPILER=/bin/x86_64-w64-mingw32-windres" "-DCMAKE_INSTALL_PREFIX=/mnt/Build/cargo/x86_64-pc-windows-gnu/release/build/boring-sys-339cd2bb124cb955/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -m64" "-DCMAKE_C_COMPILER=/bin/x86_64-w64-mingw32-gcc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -m64" "-DCMAKE_CXX_COMPILER=/bin/x86_64-w64-mingw32-g++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -m64" "-DCMAKE_ASM_COMPILER=/bin/x86_64-w64-mingw32-gcc" "-DCMAKE_BUILD_TYPE=Release"
-- Configuring incomplete, errors occurred!
See also "/mnt/Build/cargo/x86_64-pc-windows-gnu/release/build/boring-sys-339cd2bb124cb955/out/build/CMakeFiles/CMakeOutput.log".
--- stderr
CMake Error at CMakeLists.txt:65 (elseif):
given arguments:
"STREQUAL" "x86_64"
Unknown arguments specified
thread 'main' panicked at '
command did not execute successfully, got: exit status: 1
build script failed, must exit now', /home/dev/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.48/src/lib.rs:975:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Attaching CMakeOutput.log as well:
Line 65 of CMakeList (from the error above) this one:
62: if(OPENSSL_NO_ASM)
63: add_definitions(-DOPENSSL_NO_ASM)
64: set(ARCH "generic")
65: elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
66: set(ARCH "x86_64")
67: elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
68: set(ARCH "x86_64")
69: elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
70: # cmake reports AMD64 on Windows, but we might be building for 32-bit.
71: if(CMAKE_SIZEOF_VOID_P EQUAL 8)
72: set(ARCH "x86_64")
73: else()
74: set(ARCH "x86")
75: endif()
Hi,
And thanks for these crates!
The BoringSSL revision is constantly kept up to date, which is really neat. However, declarations from boring-sys
are running behind the BoringSSL API changes.
Could it be an option to use bindgen
for boring-sys
in order to automatically keep the external declarations in sync with the BoringSSL API?
This is something I can contribute, but maybe there is a reason why bindings seem to be manually maintained rather than leveraging bindgen
.
Thanks!
Add bindings for SPAKE2_CTX_new
, SPAKE2_generate_msg
, etc to boring.
These are curve25519 related stuff in
https://github.com/google/boringssl/blob/master/include/openssl/curve25519.h
Hi,
I want to create a DTLS session via UDP. However I cannot find out how to instantiate the SSL stream.
I tried to modify the boring tcp
example:
println!("Hello, world!");
let connector = SslConnector::builder(SslMethod::dtls()).unwrap().build();
let socket = UdpSocket::bind("127.0.0.1:3400").expect("couldn't bind to address");
socket.connect("127.0.0.1:8080").expect("connect function failed");
let mut stream = connector.connect("google.com", socket).unwrap();
This fails, as UdpSocket
is not implementing Read
and Write
traits, which are required by SslConnector.connect
.
Do I have to implement those traits myself, or is there another method to instantiate the SSL stream?
Now that boring 4 is pretty old (I'm just joking), let's keep track of what we should do for boring 5:
replace_ex_data
to set_ex_data
, as keeping the leaking versions is a footgunSsl::new_from_ref
to Ssl::new
X509Builder::append_extension2
to X509Builder::append_extension
boring::ssl::SslStream::new
infallible, its current return type is Result<_, ErrorStack>
but it returns Ok(_)
always.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.