271acbb315
- Bump boring/boring-sys from v4 to v5 (zero API breaks) - Merge fips/fips-only into a single fips feature that both enables FIPS-validated BoringSSL and restricts algorithms to SP 800-52r2 - Tighten FIPS KX groups to P-256 and P-384 only (aligned with boring's fips202205 compliance policy) - Remove ECDSA_P521_SHA512 from FIPS signature verification set - Simplify fips feature to forward boring/fips only (drop redundant boring-sys/fips) - Add fips-precompiled as deprecated alias matching boring's naming - Change default features to empty (TLS 1.2 now requires explicit tls12 feature opt-in) - Gate TLS 1.2 code paths properly so the crate compiles and passes tests with default (TLS 1.3 only) features - Update README to reflect current state: boring v5, feature docs, FIPS mode documentation, workspace structure
76 lines
1.9 KiB
YAML
76 lines
1.9 KiB
YAML
name: Rust check
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
RUSTFLAGS: -Dwarnings
|
|
|
|
jobs:
|
|
fmt:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install dependencies
|
|
run: sudo apt-get install -y cmake clang
|
|
- name: Check fmt
|
|
run: make fmt
|
|
|
|
test-default:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install dependencies
|
|
run: sudo apt-get install -y cmake clang
|
|
- name: Lint (default features)
|
|
run: make lint FEATURES=""
|
|
- name: Test (default features)
|
|
run: make test FEATURES=""
|
|
- name: Build (default features)
|
|
run: make build FEATURES=""
|
|
|
|
test-tls12:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install dependencies
|
|
run: sudo apt-get install -y cmake clang
|
|
- name: Lint (tls12)
|
|
run: make lint FEATURES="tls12"
|
|
- name: Test (tls12)
|
|
run: make test FEATURES="tls12"
|
|
- name: Build (tls12)
|
|
run: make build FEATURES="tls12"
|
|
|
|
test-logging-tls12:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install dependencies
|
|
run: sudo apt-get install -y cmake clang
|
|
- name: Lint (logging,tls12)
|
|
run: make lint FEATURES="logging,tls12"
|
|
- name: Test (logging,tls12)
|
|
run: make test FEATURES="logging,tls12"
|
|
- name: Build (logging,tls12)
|
|
run: make build FEATURES="logging,tls12"
|
|
|
|
check-fips:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install dependencies
|
|
run: sudo apt-get install -y cmake clang
|
|
- name: Check (fips)
|
|
run: cargo check -p boring-rustls-provider --all-targets --features fips
|
|
- name: Check (fips-precompiled)
|
|
run: cargo check -p boring-rustls-provider --all-targets --features fips-precompiled
|