Skip to content

Build fixes for v4 #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kornelski merged 2 commits into from
Feb 12, 2026
Merged

Build fixes for v4 #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c429bf
More robust int conversion
kornelski Feb 12, 2026
00c674a
Don't add build/ to non-FIPS pre-built path
kornelski Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ members = [
resolver = "2"

[workspace.package]
version = "4.21.1"
version = "4.21.2"
repository = "https://github.com/cloudflare/boring"
edition = "2021"

Expand All @@ -19,9 +19,9 @@ tag-prefix = ""
publish = false

[workspace.dependencies]
boring-sys = { version = "4.21.1", path = "./boring-sys" }
boring = { version = "4.21.1", path = "./boring" }
tokio-boring = { version = "4.21.1", path = "./tokio-boring" }
boring-sys = { version = "4.21.2", path = "./boring-sys" }
boring = { version = "4.21.2", path = "./boring" }
tokio-boring = { version = "4.21.2", path = "./tokio-boring" }

bindgen = { version = "0.72.0", default-features = false, features = ["runtime"] }
bitflags = "2.9"
Expand Down
66 changes: 28 additions & 38 deletions boring-sys/build/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ fn get_boringssl_source_path(config: &Config) -> &PathBuf {
/// MSVC generator on Windows place static libs in a target sub-folder,
/// so adjust library location based on platform and build target.
/// See issue: <https://github.com/alexcrichton/cmake-rs/issues/18>
fn get_boringssl_platform_output_path(config: &Config) -> String {
fn msvc_lib_subdir(config: &Config) -> Option<&'static str> {
if config.target.ends_with("-msvc") {
// Code under this branch should match the logic in cmake-rs
let debug_env_var = config
Expand Down Expand Up @@ -187,9 +187,9 @@ fn get_boringssl_platform_output_path(config: &Config) -> String {
_ => panic!("Unknown OPT_LEVEL={opt_env_var:?} env var."),
};

subdir.to_string()
Some(subdir)
} else {
String::new()
None
}
}

Expand Down Expand Up @@ -571,7 +571,7 @@ fn run_command(command: &mut Command) -> io::Result<Output> {
Ok(out)
}

fn built_boring_source_path(config: &Config) -> &PathBuf {
fn built_boring_source_path(config: &Config) -> &Path {
if let Some(path) = &config.env.path {
return path;
}
Expand Down Expand Up @@ -603,7 +603,13 @@ fn built_boring_source_path(config: &Config) -> &PathBuf {
}

cfg.build_target("ssl").build();
cfg.build_target("crypto").build()
let path = cfg.build_target("crypto").build();
let build_dir = path.join("build");
if build_dir.exists() {
build_dir
} else {
path
}
})
}

Expand All @@ -614,12 +620,9 @@ fn link_in_precompiled_bcm_o(config: &Config) {
let bcm_o_src_path = config.env.precompiled_bcm_o.as_ref()
.expect("`fips-link-precompiled` requires `BORING_BSSL_FIPS_PRECOMPILED_BCM_O` env variable to be specified");

let libcrypto_path = bssl_dir
.join("build/crypto/libcrypto.a")
.canonicalize()
.unwrap();
let libcrypto_path = bssl_dir.join("crypto/libcrypto.a").canonicalize().unwrap();

let bcm_o_dst_path = bssl_dir.join("build/bcm-fips.o");
let bcm_o_dst_path = bssl_dir.join("bcm-fips.o");

fs::copy(bcm_o_src_path, &bcm_o_dst_path).unwrap();

Expand Down Expand Up @@ -678,35 +681,22 @@ fn main() {

fn emit_link_directives(config: &Config) {
let bssl_dir = built_boring_source_path(config);
let build_path = get_boringssl_platform_output_path(config);
let msvc_lib_subdir = msvc_lib_subdir(config);

if config.is_bazel || (config.features.is_fips_like() && config.env.path.is_some()) {
println!(
"cargo:rustc-link-search=native={}/lib/{}",
bssl_dir.display(),
build_path
);
} else {
// todo(rmehra): clean this up, I think these are pretty redundant
println!(
"cargo:rustc-link-search=native={}/build/crypto/{}",
bssl_dir.display(),
build_path
);
println!(
"cargo:rustc-link-search=native={}/build/ssl/{}",
bssl_dir.display(),
build_path
);
println!(
"cargo:rustc-link-search=native={}/build/{}",
bssl_dir.display(),
build_path
);
println!(
"cargo:rustc-link-search=native={}/build",
bssl_dir.display(),
);
let subdirs =
if config.is_bazel || (config.features.is_fips_like() && config.env.path.is_some()) {
&["lib"][..]
} else {
&["lib", "crypto", "ssl", ""][..]
};

for subdir in subdirs {
let dir = bssl_dir.join(subdir);
let dir = msvc_lib_subdir
.map(|s| dir.join(s))
.filter(|d| d.exists())
.unwrap_or(dir);
println!("cargo:rustc-link-search=native={}", dir.display());
}

if config.features.fips_link_precompiled {
Expand Down
9 changes: 1 addition & 8 deletions boring/src/bio.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,11 @@ impl Drop for MemBioSlice<'_> {

impl<'a> MemBioSlice<'a> {
pub fn new(buf: &'a [u8]) -> Result<MemBioSlice<'a>, ErrorStack> {
#[cfg(not(feature = "fips-compat"))]
type BufLen = isize;
#[cfg(feature = "fips-compat")]
type BufLen = libc::c_int;

ffi::init();

assert!(buf.len() <= BufLen::MAX as usize);
let bio = unsafe {
cvt_p(BIO_new_mem_buf(
buf.as_ptr() as *const _,
buf.len() as BufLen,
buf.len().try_into().map_err(ErrorStack::internal_error)?,
))?
};

Expand Down
25 changes: 10 additions & 15 deletions boring/src/ssl/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1612,14 +1612,14 @@ impl SslContextBuilder {
#[corresponds(SSL_CTX_set_alpn_protos)]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
#[cfg_attr(not(feature = "fips-compat"), allow(clippy::unnecessary_cast))]
{
assert!(protocols.len() <= ProtosLen::MAX as usize);
}
let r = ffi::SSL_CTX_set_alpn_protos(
self.as_ptr(),
protocols.as_ptr(),
protocols.len() as ProtosLen,
#[allow(clippy::useless_conversion)]
protocols
.len()
.try_into()
.map_err(ErrorStack::internal_error)?,
);
// fun fact, SSL_CTX_set_alpn_protos has a reversed return code D:
if r == 0 {
Expand Down Expand Up @@ -2401,11 +2401,6 @@ impl SslContextRef {
#[derive(Debug)]
pub struct GetSessionPendingError;

#[cfg(not(feature = "fips-compat"))]
type ProtosLen = usize;
#[cfg(feature = "fips-compat")]
type ProtosLen = libc::c_uint;

/// Information about the state of a cipher.
pub struct CipherBits {
/// The number of secret bits used for the cipher.
Expand Down Expand Up @@ -3187,14 +3182,14 @@ impl SslRef {
#[corresponds(SSL_set_alpn_protos)]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
#[cfg_attr(not(feature = "fips-compat"), allow(clippy::unnecessary_cast))]
{
assert!(protocols.len() <= ProtosLen::MAX as usize);
}
let r = ffi::SSL_set_alpn_protos(
self.as_ptr(),
protocols.as_ptr(),
protocols.len() as ProtosLen,
#[allow(clippy::useless_conversion)]
protocols
.len()
.try_into()
.map_err(ErrorStack::internal_error)?,
);
// fun fact, SSL_set_alpn_protos has a reversed return code D:
if r == 0 {
Expand Down
17 changes: 4 additions & 13 deletions boring/src/x509/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1032,13 +1032,12 @@ impl X509NameBuilder {
pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).map_err(ErrorStack::internal_error)?;
assert!(value.len() <= ValueLen::MAX as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
self.0.as_ptr(),
field.as_ptr() as *mut _,
ffi::MBSTRING_UTF8,
value.as_ptr(),
value.len() as ValueLen,
value.len().try_into().map_err(ErrorStack::internal_error)?,
-1,
0,
))
Expand All @@ -1056,13 +1055,12 @@ impl X509NameBuilder {
) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).map_err(ErrorStack::internal_error)?;
assert!(value.len() <= ValueLen::MAX as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
self.0.as_ptr(),
field.as_ptr() as *mut _,
ty.as_raw(),
value.as_ptr(),
value.len() as ValueLen,
value.len().try_into().map_err(ErrorStack::internal_error)?,
-1,
0,
))
Expand All @@ -1074,13 +1072,12 @@ impl X509NameBuilder {
#[corresponds(X509_NAME_add_entry_by_NID)]
pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
unsafe {
assert!(value.len() <= ValueLen::MAX as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
self.0.as_ptr(),
field.as_raw(),
ffi::MBSTRING_UTF8,
value.as_ptr() as *mut _,
value.len() as ValueLen,
value.len().try_into().map_err(ErrorStack::internal_error)?,
-1,
0,
))
Expand All @@ -1097,13 +1094,12 @@ impl X509NameBuilder {
ty: Asn1Type,
) -> Result<(), ErrorStack> {
unsafe {
assert!(value.len() <= ValueLen::MAX as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
self.0.as_ptr(),
field.as_raw(),
ty.as_raw(),
value.as_ptr() as *mut _,
value.len() as ValueLen,
value.len().try_into().map_err(ErrorStack::internal_error)?,
-1,
0,
))
Expand All @@ -1121,11 +1117,6 @@ impl X509NameBuilder {
}
}

#[cfg(not(feature = "fips-compat"))]
type ValueLen = isize;
#[cfg(feature = "fips-compat")]
type ValueLen = i32;

foreign_type_and_impl_send_sync! {
type CType = ffi::X509_NAME;
fn drop = ffi::X509_NAME_free;
Expand Down
Loading