Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix QUIC compilation and FIPS features #10

Merged
merged 1 commit into from
Feb 21, 2024
Merged

Conversation

howardjohn
Copy link
Contributor

In playing around with this crate (which is great!) I ran into a few issues:

Fixed a build issue due to lack of trait constraints.

Pass FIPS feature flag through and test it

Fix a build issue due to lack of trait constraints.

Pass FIPS feature flag through and test it
@janrueth
Copy link
Owner

Thanks for the PR! I haven‘t had time to work on this recently.

Please note that I created the crate mainly to play with the provider mechanism and I‘m not using it productively anywhere. That said, I‘m happy to review and merge PRs.

change looks good!

@janrueth janrueth merged commit 03b4813 into janrueth:main Feb 21, 2024
1 check passed
@howardjohn
Copy link
Contributor Author

Please note that I created the crate mainly to play with the provider mechanism and I‘m not using it productively anywhere. That said, I‘m happy to review and merge PRs.

I am mostly in the same boat, but given how well it is working in my current testing I am starting to look into next steps. Do you have any/know of any plans to upstream this to https://github.com/cloudflare/boring in the future?

@janrueth
Copy link
Owner

Hmm, good question. I think the interesting part of this crate is the (potential) FIPS support via boringssl. However, I'm nowhere near a FIPS expert and I'm unsure if actually all FIPS-relevant computations are already (or can be) executed as part of the FIPS-approved crypto module in boringssl.

I wouldn't be opposed to upstreaming this (but I think it requires cleanups and probably more tests), and it's already split up in a way that should make it fairly easy. There hasn't been a lot of chatter about rustls within Cloudflare (that I know of), so not sure about the interest in having this as part of cloudflare/boring.

@howardjohn
Copy link
Contributor Author

That (FIPS) is exactly my interest as well. Also not an expert, but I think the rustls provider model is setup in a way such that it could meet FIPS requirements with a custom provider - though I also didn't audit the usage here to see if it meets that (nor would that mean much, given my lack of FIPS expertise 🙂 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants