Bump boring to v5, align FIPS to SP 800-52r2, clean up features
- Bump boring/boring-sys from v4 to v5 (zero API breaks) - Merge fips/fips-only into a single fips feature that both enables FIPS-validated BoringSSL and restricts algorithms to SP 800-52r2 - Tighten FIPS KX groups to P-256 and P-384 only (aligned with boring's fips202205 compliance policy) - Remove ECDSA_P521_SHA512 from FIPS signature verification set - Simplify fips feature to forward boring/fips only (drop redundant boring-sys/fips) - Add fips-precompiled as deprecated alias matching boring's naming - Change default features to empty (TLS 1.2 now requires explicit tls12 feature opt-in) - Gate TLS 1.2 code paths properly so the crate compiles and passes tests with default (TLS 1.3 only) features - Update README to reflect current state: boring v5, feature docs, FIPS mode documentation, workspace structure
This commit is contained in:
Jan Rüth
Jan
parent
490340afa7
commit
271acbb315
11 changed files with 273 additions and 77 deletions
11
Makefile
11
Makefile
|
|
@ -1,4 +1,5 @@
|
|||
FEATURES ?= logging,tls12
|
||||
CARGO_FEATURES := $(if $(strip $(FEATURES)),-F "$(FEATURES)",)
|
||||
|
||||
|
||||
.PHONY: fmt
|
||||
|
|
@ -7,12 +8,16 @@ fmt:
|
|||
|
||||
.PHONY: lint
|
||||
lint:
|
||||
cargo clippy --workspace --all-targets -F "$(FEATURES)"
|
||||
cargo clippy --workspace --all-targets $(CARGO_FEATURES)
|
||||
|
||||
.PHONY: check
|
||||
check:
|
||||
cargo check --workspace --all-targets $(CARGO_FEATURES)
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
cargo test --all-targets -F "$(FEATURES)"
|
||||
cargo test --all-targets $(CARGO_FEATURES)
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
cargo build --all-targets -F "$(FEATURES)"
|
||||
cargo build --all-targets $(CARGO_FEATURES)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue