commit | 28ad98e3d0c99f0cb414861b67cc02ede77538a2 | [log] [tgz] |
---|---|---|
author | Joshua Liebow-Feeser <joshlf@google.com> | Tue Mar 02 01:19:56 2021 +0000 |
committer | Joshua Liebow-Feeser <joshlf@google.com> | Tue Mar 02 01:19:56 2021 +0000 |
tree | 6d7bbaea0c310e2534219a95126821a570073789 | |
parent | aae101e4157cce7258c69687779e3bfc639824ac [diff] |
Restrict use of BoringSSL's RSA setter API The BoringSSL setter pattern, inherited from OpenSSL, is dangerous, as it can cause keys to enter an invalid state without care around how the keys are used. This change refactors the `rsa` module slightly to make it less likely to accidentally make use of this dangerous pattern. It also adds a comment explaining why this pattern is dangerous. Change-Id: Idb0eaf70460d7a26d81e933872e5050274af4550 Reviewed-on: https://fuchsia-review.googlesource.com/c/mundane/+/493422 Reviewed-by: Drew Fisher <zarvox@google.com>
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
We use GitHub issues for issue tracking, and Gerrit for code reviews. See CONTRIBUTING.md
for more details.
Rust 1.36 or newer is required.
Mundane vendors a copy of the BoringSSL source, so BoringSSL does not need to be installed locally in order to build. However, the BoringSSL build system has the following dependencies:
MOVBE
. If using GNU binutils, you must have 2.22 or later.In order to avoid errors at link time due to conflicting symbols, we build BoringSSL with a custom prefix for all of its symbols which is based on the name and version of this crate. That way, even if multiple different versions of Mundane are present in the same dependency graph, none of the symbols from one version‘s BoringSSL will conflict with the symbols from another version’s BoringSSL.
Mundane supports being built on and for Linux and Mac. Windows support is under development. Cross-compilation is not supported.
Everything outside of the boringssl/boringssl
directory is licensed under an MIT license which can be found in the LICENSE
file. Everything in the boringssl/boringssl
directory is licensed with a license that can be found in the boringssl/boringssl/LICENSE
file.
Disclaimer: Mundane is not an officially supported Google product.