Skip to content

Commit

Permalink
Fix QUIC compilation and FIPS features
Browse files Browse the repository at this point in the history
Fix a build issue due to lack of trait constraints.

Pass FIPS feature flag through and test it
  • Loading branch information
howardjohn authored and janrueth committed Feb 21, 2024
1 parent b1188e2 commit 03b4813
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 4 deletions.
3 changes: 1 addition & 2 deletions boring-rustls-provider/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,9 @@ default = ["tls12"]
# Use a FIPS-validated version of boringssl.
fips = ["boring/fips", "boring-sys/fips"]
logging = ["log"]
fips-only = []
fips-only = ["boring/fips", "boring-sys/fips"]
tls12 = ["rustls/tls12"]


[dependencies]
aead = {version = "0.5", default_features = false, features = ["alloc"] }
boring = { workspace = true }
Expand Down
2 changes: 1 addition & 1 deletion boring-rustls-provider/src/aead.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ pub(crate) trait BoringCipher {
fn extract_keys(key: cipher::AeadKey, iv: cipher::Iv) -> ConnectionTrafficSecrets;
}

pub(crate) trait QuicCipher {
pub(crate) trait QuicCipher: Send + Sync {
/// The key size in bytes
const KEY_SIZE: usize;

Expand Down
2 changes: 1 addition & 1 deletion boring-rustls-provider/src/helper.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,6 @@ pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, ma
}

#[cfg(not(feature = "log"))]
pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, mapped: T) -> T {
pub(crate) fn log_and_map<E: core::fmt::Display, T>(_func: &'static str, _e: E, mapped: T) -> T {
mapped
}
12 changes: 12 additions & 0 deletions boring-rustls-provider/tests/e2e.rs
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,18 @@ async fn test_tls13_crypto() {
}
}

#[test]
#[cfg(any(feature = "fips", feature = "fips-only"))]
fn is_fips_enabled() {
assert!(boring::fips::enabled());
}

#[test]
#[cfg(not(any(feature = "fips", feature = "fips-only")))]
fn is_fips_disabled() {
assert!(!boring::fips::enabled());
}

#[tokio::test]
async fn test_tls12_ec_crypto() {
let pki = TestPki::new(&rcgen::PKCS_ECDSA_P256_SHA256);
Expand Down

0 comments on commit 03b4813

Please sign in to comment.