From 03b48134ca0582ddaea9488eee476aceaa3a444e Mon Sep 17 00:00:00 2001
From: John Howard <howardjohn@google.com>
Date: Tue, 20 Feb 2024 17:39:00 -0800
Subject: [PATCH] Fix QUIC compilation and FIPS features

Fix a build issue due to lack of trait constraints.

Pass FIPS feature flag through and test it
---
 boring-rustls-provider/Cargo.toml    |  3 +--
 boring-rustls-provider/src/aead.rs   |  2 +-
 boring-rustls-provider/src/helper.rs |  2 +-
 boring-rustls-provider/tests/e2e.rs  | 12 ++++++++++++
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/boring-rustls-provider/Cargo.toml b/boring-rustls-provider/Cargo.toml
index 53ac217..8b60daf 100644
--- a/boring-rustls-provider/Cargo.toml
+++ b/boring-rustls-provider/Cargo.toml
@@ -12,10 +12,9 @@ default = ["tls12"]
 # Use a FIPS-validated version of boringssl.
 fips = ["boring/fips", "boring-sys/fips"]
 logging = ["log"]
-fips-only = []
+fips-only = ["boring/fips", "boring-sys/fips"]
 tls12 = ["rustls/tls12"]
 
-
 [dependencies]
 aead = {version = "0.5", default_features = false, features = ["alloc"] }
 boring = { workspace = true }
diff --git a/boring-rustls-provider/src/aead.rs b/boring-rustls-provider/src/aead.rs
index cf93908..800b487 100644
--- a/boring-rustls-provider/src/aead.rs
+++ b/boring-rustls-provider/src/aead.rs
@@ -32,7 +32,7 @@ pub(crate) trait BoringCipher {
     fn extract_keys(key: cipher::AeadKey, iv: cipher::Iv) -> ConnectionTrafficSecrets;
 }
 
-pub(crate) trait QuicCipher {
+pub(crate) trait QuicCipher: Send + Sync {
     /// The key size in bytes
     const KEY_SIZE: usize;
 
diff --git a/boring-rustls-provider/src/helper.rs b/boring-rustls-provider/src/helper.rs
index 6d7f173..b632357 100644
--- a/boring-rustls-provider/src/helper.rs
+++ b/boring-rustls-provider/src/helper.rs
@@ -38,6 +38,6 @@ pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, ma
 }
 
 #[cfg(not(feature = "log"))]
-pub(crate) fn log_and_map<E: core::fmt::Display, T>(func: &'static str, e: E, mapped: T) -> T {
+pub(crate) fn log_and_map<E: core::fmt::Display, T>(_func: &'static str, _e: E, mapped: T) -> T {
     mapped
 }
diff --git a/boring-rustls-provider/tests/e2e.rs b/boring-rustls-provider/tests/e2e.rs
index dcba7f3..21b017a 100644
--- a/boring-rustls-provider/tests/e2e.rs
+++ b/boring-rustls-provider/tests/e2e.rs
@@ -40,6 +40,18 @@ async fn test_tls13_crypto() {
     }
 }
 
+#[test]
+#[cfg(any(feature = "fips", feature = "fips-only"))]
+fn is_fips_enabled() {
+    assert!(boring::fips::enabled());
+}
+
+#[test]
+#[cfg(not(any(feature = "fips", feature = "fips-only")))]
+fn is_fips_disabled() {
+    assert!(!boring::fips::enabled());
+}
+
 #[tokio::test]
 async fn test_tls12_ec_crypto() {
     let pki = TestPki::new(&rcgen::PKCS_ECDSA_P256_SHA256);