Fix QUIC compilation and FIPS features

Fix a build issue due to lack of trait constraints.

Pass FIPS feature flag through and test it

boring-rustls-provider/Cargo.toml

@@ -12,10 +12,9 @@ default = ["tls12"]
 # Use a FIPS-validated version of boringssl.
 fips = ["boring/fips", "boring-sys/fips"]
 logging = ["log"]
-fips-only = []
+fips-only = ["boring/fips", "boring-sys/fips"]
 tls12 = ["rustls/tls12"]
 
-
 [dependencies]
 aead = {version = "0.5", default_features = false, features = ["alloc"] }
 boring = { workspace = true }

boring-rustls-provider/src/aead.rs

@@ -32,7 +32,7 @@ pub(crate) trait BoringCipher {
     fn extract_keys(key: cipher::AeadKey, iv: cipher::Iv) -> ConnectionTrafficSecrets;
 }
 
-pub(crate) trait QuicCipher {
+pub(crate) trait QuicCipher: Send + Sync {
     /// The key size in bytes
     const KEY_SIZE: usize;
 

boring-rustls-provider/src/helper.rs

@@ -38,6 +38,6 @@ pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, ma
 }
 
 #[cfg(not(feature = "log"))]
-pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, mapped: T) -> T {
+pub(crate) fn log_and_map<E: core::fmt::Display, T>(_func: &'static str, _e: E, mapped: T) -> T {
     mapped
 }

boring-rustls-provider/tests/e2e.rs

@@ -40,6 +40,18 @@ async fn test_tls13_crypto() {
     }
 }
 
+#[test]
+#[cfg(any(feature = "fips", feature = "fips-only"))]
+fn is_fips_enabled() {
+    assert!(boring::fips::enabled());
+}
+
+#[test]
+#[cfg(not(any(feature = "fips", feature = "fips-only")))]
+fn is_fips_disabled() {
+    assert!(!boring::fips::enabled());
+}
+
 #[tokio::test]
 async fn test_tls12_ec_crypto() {
     let pki = TestPki::new(&rcgen::PKCS_ECDSA_P256_SHA256);