remove vendored BoringSSL option

We should just use the one provided via boring/boring-sys crates. It
should still be possible to build a different BoringSSL version through
the facilities provided by those crates.

Author: ghedo

.github/workflows/nightly.yml

@@ -34,12 +34,12 @@ jobs:
           toolchain: ${{ env.RUSTTOOLCHAIN }}
 
       - name: Run cargo test
-        run: cargo test --verbose --all-targets --features=boringssl-boring-crate,${{ env.FEATURES }}
+        run: cargo test --verbose --all-targets --features=${{ env.FEATURES }}
 
       # Need to run doc tests separately.
       # (https://github.com/rust-lang/cargo/issues/6669)
       - name: Run cargo doc test
-        run: cargo test --verbose --doc --features=boringssl-boring-crate,${{ env.FEATURES }}
+        run: cargo test --verbose --doc --features=${{ env.FEATURES }}
 
       # NOTE: this is disabled as it fails when building changes that bump
       # version of local crates (e.g. when doing a `qlog` release) that have not

.github/workflows/stable.yml

@@ -22,8 +22,7 @@ jobs:
     strategy:
       matrix:
         tls-feature:
-          - "" # default, boringssl-vendored
-          - "boringssl-boring-crate"
+          - "" # default
           - "openssl"
     # Only run on "pull_request" event for external PRs. This is to avoid
     # duplicate builds for PRs created from internal branches.
@@ -56,29 +55,29 @@ jobs:
           echo "LD_LIBRARY_PATH=$PWD" >> "$GITHUB_ENV"
 
       - name: Run cargo test
-        if: ${{ matrix.tls-feature == 'boringssl-boring-crate' }}
-        run: cargo test --verbose --all-targets --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }}
+        if: ${{ matrix.tls-feature == '' }}
+        run: cargo test --verbose --all-targets --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }}
 
       # tokio-quiche requires the `boring` crate, so don't run its tests when
       # building without it.
       - name: Run cargo test
-        if: ${{ matrix.tls-feature != 'boringssl-boring-crate' }}
-        run: cargo test --verbose --all-targets --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }}
+        if: ${{ matrix.tls-feature != '' }}
+        run: cargo test --verbose --all-targets --no-default-features --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }}
 
       # Need to run doc tests separately.
       # (https://github.com/rust-lang/cargo/issues/6669)
       - name: Run cargo doc test
-        if: ${{ matrix.tls-feature == 'boringssl-boring-crate' }}
-        run: cargo test --verbose --doc --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }}
+        if: ${{ matrix.tls-feature == '' }}
+        run: cargo test --verbose --doc --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }}
 
       # Need to run doc tests separately.
       # (https://github.com/rust-lang/cargo/issues/6669)
       #
       # tokio-quiche requires the `boring` crate, so don't run its tests when
       # building without it.
       - name: Run cargo doc test
-        if: ${{ matrix.tls-feature != 'boringssl-boring-crate' }}
-        run: cargo test --verbose --doc --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }}
+        if: ${{ matrix.tls-feature != '' }}
+        run: cargo test --verbose --doc --no-default-features --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }}
 
       # NOTE: this is disabled as it fails when building changes that bump
       # version of local crates (e.g. when doing a `qlog` release) that have not
@@ -88,10 +87,10 @@ jobs:
       #   run: cargo package --verbose --workspace --exclude=quiche_apps --allow-dirty
 
       - name: Run cargo clippy
-        run: cargo clippy --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings
+        run: cargo clippy --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings
 
       - name: Run cargo clippy on examples
-        run: cargo clippy --examples --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings
+        run: cargo clippy --examples --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings
 
       - name: Run cargo doc
         run: cargo doc --no-deps --all-features --document-private-items
@@ -199,11 +198,11 @@ jobs:
 
       - name: Run cargo build
         if: endsWith(matrix.target, '-gnu')
-        run: cargo build --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} --features=boringssl-boring-crate
+        run: cargo build --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }}
 
       - name: Run cargo test
         if: endsWith(matrix.target, '-msvc')
-        run: cargo test --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} --features=boringssl-boring-crate
+        run: cargo test --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }}
 
   quiche_multiarch:
     runs-on: ubuntu-latest

.gitmodules

@@ -1,4 +0,0 @@
-[submodule "boringssl"]
-	path = quiche/deps/boringssl
-	url = https://github.com/google/boringssl.git
-	ignore = dirty

Dockerfile

@@ -13,7 +13,7 @@ COPY quiche/ ./quiche/
 COPY task-killswitch ./task-killswitch/
 COPY tokio-quiche ./tokio-quiche/
 
-RUN apt-get update && apt-get install -y cmake && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y clang cmake && rm -rf /var/lib/apt/lists/*
 
 RUN cargo build --release --manifest-path apps/Cargo.toml
 

README.md

@@ -328,16 +328,17 @@ cargo can also be used to run the testsuite:
 Note that [BoringSSL], which is used to implement QUIC's cryptographic handshake
 based on TLS, needs to be built and linked to quiche. This is done automatically
 when building quiche using cargo, but requires the `cmake` command to be
-available during the build process. On Windows you also need
-[NASM](https://www.nasm.us/). The [official BoringSSL
+available during the build process.
+
+On Windows [NASM](https://www.nasm.us/) is also required. The [official BoringSSL
 documentation](https://github.com/google/boringssl/blob/master/BUILDING.md) has
 more details.
 
-In alternative you can use your own custom build of BoringSSL by configuring
-the BoringSSL directory with the ``QUICHE_BSSL_PATH`` environment variable:
+In alternative you can use your own custom build of BoringSSL by configuring the
+BoringSSL directory with the ``BORING_BSSL_PATH`` environment variable:
 
 ```bash
- $ QUICHE_BSSL_PATH="/path/to/boringssl" cargo build --examples
+ $ BORING_BSSL_PATH="/path/to/boringssl" cargo build --examples
 ```
 
 Alternatively you can use [OpenSSL/quictls]. To enable quiche to use this vendor

apps/Cargo.toml

@@ -16,9 +16,6 @@ fuzzing = ["quiche/fuzzing"]
 # Enable qlog support.
 qlog = ["quiche/qlog"]
 
-# Use BoringSSL provided by the boring crate.
-boringssl-boring-crate = ["quiche/boringssl-boring-crate"]
-
 # Enable sfv support.
 sfv = ["quiche/sfv"]
 

quiche/Cargo.toml

@@ -15,23 +15,14 @@ include = [
   "/*.md",
   "/*.toml",
   "/COPYING",
-  "/deps/boringssl/**/*.[chS]",
-  "/deps/boringssl/**/*.asm",
-  "/deps/boringssl/src/**/*.cc",
-  "/deps/boringssl/**/CMakeLists.txt",
-  "/deps/boringssl/**/sources.cmake",
-  "/deps/boringssl/LICENSE",
   "/examples",
   "/include",
   "/quiche.svg",
   "/src",
 ]
 
 [features]
-default = ["boringssl-vendored"]
-
-# Build the vendored BoringSSL library.
-boringssl-vendored = []
+default = ["boringssl-boring-crate"]
 
 # Use the BoringSSL library provided by the boring crate.
 boringssl-boring-crate = ["boring", "foreign-types-shared"]
@@ -60,11 +51,10 @@ tag-prefix = ""
 
 [package.metadata.docs.rs]
 no-default-features = true
-features = ["boringssl-boring-crate", "qlog"]
+features = ["qlog"]
 rustdoc-args = ["--cfg", "docsrs"]
 
 [build-dependencies]
-cmake = "0.1"
 pkg-config = { version = "0.3", optional = true }
 cdylib-link-lines = { version = "0.1", optional = true }
 

quiche/deps/boringssl

@@ -1,175 +1,3 @@
-// Additional parameters for Android build of BoringSSL.
-//
-// Requires Android NDK >= 19.
-const CMAKE_PARAMS_ANDROID_NDK: &[(&str, &[(&str, &str)])] = &[
-    ("aarch64", &[("ANDROID_ABI", "arm64-v8a")]),
-    ("arm", &[("ANDROID_ABI", "armeabi-v7a")]),
-    ("x86", &[("ANDROID_ABI", "x86")]),
-    ("x86_64", &[("ANDROID_ABI", "x86_64")]),
-];
-
-// iOS.
-const CMAKE_PARAMS_IOS: &[(&str, &[(&str, &str)])] = &[
-    ("aarch64", &[
-        ("CMAKE_OSX_ARCHITECTURES", "arm64"),
-        ("CMAKE_OSX_SYSROOT", "iphoneos"),
-    ]),
-    ("x86_64", &[
-        ("CMAKE_OSX_ARCHITECTURES", "x86_64"),
-        ("CMAKE_OSX_SYSROOT", "iphonesimulator"),
-    ]),
-];
-
-// ARM Linux.
-const CMAKE_PARAMS_ARM_LINUX: &[(&str, &[(&str, &str)])] = &[
-    ("aarch64", &[("CMAKE_SYSTEM_PROCESSOR", "aarch64")]),
-    ("arm", &[("CMAKE_SYSTEM_PROCESSOR", "arm")]),
-];
-
-/// Returns the platform-specific output path for lib.
-///
-/// MSVC generator on Windows place static libs in a target sub-folder,
-/// so adjust library location based on platform and build target.
-/// See issue: https://github.com/alexcrichton/cmake-rs/issues/18
-fn get_boringssl_platform_output_path() -> String {
-    if cfg!(target_env = "msvc") {
-        // Code under this branch should match the logic in cmake-rs
-        let debug_env_var =
-            std::env::var("DEBUG").expect("DEBUG variable not defined in env");
-
-        let deb_info = match &debug_env_var[..] {
-            "false" => false,
-            "true" => true,
-            unknown => panic!("Unknown DEBUG={unknown} env var."),
-        };
-
-        let opt_env_var = std::env::var("OPT_LEVEL")
-            .expect("OPT_LEVEL variable not defined in env");
-
-        let subdir = match &opt_env_var[..] {
-            "0" => "Debug",
-            "1" | "2" | "3" =>
-                if deb_info {
-                    "RelWithDebInfo"
-                } else {
-                    "Release"
-                },
-            "s" | "z" => "MinSizeRel",
-            unknown => panic!("Unknown OPT_LEVEL={unknown} env var."),
-        };
-
-        subdir.to_string()
-    } else {
-        "".to_string()
-    }
-}
-
-/// Returns a new cmake::Config for building BoringSSL.
-///
-/// It will add platform-specific parameters if needed.
-fn get_boringssl_cmake_config() -> cmake::Config {
-    let arch = std::env::var("CARGO_CFG_TARGET_ARCH").unwrap();
-    let os = std::env::var("CARGO_CFG_TARGET_OS").unwrap();
-    let pwd = std::env::current_dir().unwrap();
-
-    let mut boringssl_cmake = cmake::Config::new("deps/boringssl");
-
-    // Add platform-specific parameters.
-    match os.as_ref() {
-        "android" => {
-            // We need ANDROID_NDK_HOME to be set properly.
-            let android_ndk_home = std::env::var("ANDROID_NDK_HOME")
-                .expect("Please set ANDROID_NDK_HOME for Android build");
-            let android_ndk_home = std::path::Path::new(&android_ndk_home);
-            for (android_arch, params) in CMAKE_PARAMS_ANDROID_NDK {
-                if *android_arch == arch {
-                    for (name, value) in *params {
-                        boringssl_cmake.define(name, value);
-                    }
-                }
-            }
-            let toolchain_file =
-                android_ndk_home.join("build/cmake/android.toolchain.cmake");
-            let toolchain_file = toolchain_file.to_str().unwrap();
-            boringssl_cmake.define("CMAKE_TOOLCHAIN_FILE", toolchain_file);
-
-            // 21 is the minimum level tested. You can give higher value.
-            boringssl_cmake.define("ANDROID_NATIVE_API_LEVEL", "21");
-            boringssl_cmake.define("ANDROID_STL", "c++_shared");
-
-            boringssl_cmake
-        },
-
-        "ios" => {
-            for (ios_arch, params) in CMAKE_PARAMS_IOS {
-                if *ios_arch == arch {
-                    for (name, value) in *params {
-                        boringssl_cmake.define(name, value);
-                    }
-                }
-            }
-
-            // Bitcode is always on.
-            let bitcode_cflag = "-fembed-bitcode";
-
-            // Hack for Xcode 10.1.
-            let target_cflag = if arch == "x86_64" {
-                "-target x86_64-apple-ios-simulator"
-            } else {
-                ""
-            };
-
-            let cflag = format!("{bitcode_cflag} {target_cflag}");
-
-            boringssl_cmake.define("CMAKE_ASM_FLAGS", &cflag);
-            boringssl_cmake.cflag(&cflag);
-
-            boringssl_cmake
-        },
-
-        "linux" => match arch.as_ref() {
-            "aarch64" | "arm" => {
-                for (arm_arch, params) in CMAKE_PARAMS_ARM_LINUX {
-                    if *arm_arch == arch {
-                        for (name, value) in *params {
-                            boringssl_cmake.define(name, value);
-                        }
-                    }
-                }
-                boringssl_cmake.define("CMAKE_SYSTEM_NAME", "Linux");
-                boringssl_cmake.define("CMAKE_SYSTEM_VERSION", "1");
-
-                boringssl_cmake
-            },
-
-            "x86" => {
-                boringssl_cmake.define(
-                    "CMAKE_TOOLCHAIN_FILE",
-                    pwd.join("deps/boringssl/src/util/32-bit-toolchain.cmake")
-                        .as_os_str(),
-                );
-
-                boringssl_cmake
-            },
-
-            _ => boringssl_cmake,
-        },
-
-        _ => {
-            // Configure BoringSSL for building on 32-bit non-windows platforms.
-            if arch == "x86" && os != "windows" {
-                boringssl_cmake.define(
-                    "CMAKE_TOOLCHAIN_FILE",
-                    pwd.join("deps/boringssl/src/util/32-bit-toolchain.cmake")
-                        .as_os_str(),
-                );
-            }
-
-            boringssl_cmake
-        },
-    }
-}
-
 fn write_pkg_config() {
     use std::io::prelude::*;
 
@@ -216,40 +44,6 @@ fn target_dir_path() -> std::path::PathBuf {
 }
 
 fn main() {
-    if cfg!(feature = "boringssl-vendored") &&
-        !cfg!(feature = "boringssl-boring-crate") &&
-        !cfg!(feature = "openssl")
-    {
-        let bssl_dir = std::env::var("QUICHE_BSSL_PATH").unwrap_or_else(|_| {
-            let mut cfg = get_boringssl_cmake_config();
-
-            if cfg!(feature = "fuzzing") {
-                cfg.cxxflag("-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE")
-                    .cxxflag("-DBORINGSSL_UNSAFE_FUZZER_MODE");
-            }
-
-            cfg.build_target("ssl").build();
-            cfg.build_target("crypto").build().display().to_string()
-        });
-
-        println!("cargo:rustc-link-arg=-Wl,-rpath,{bssl_dir}");
-
-        let build_path = get_boringssl_platform_output_path();
-        let mut build_dir = format!("{bssl_dir}/build/{build_path}");
-
-        // If build directory doesn't exist, use the specified path as is.
-        if !std::path::Path::new(&build_dir).is_dir() {
-            build_dir = bssl_dir;
-        }
-
-        println!("cargo:rustc-link-search=native={build_dir}");
-
-        let bssl_link_kind = std::env::var("QUICHE_BSSL_LINK_KIND")
-            .unwrap_or("static".to_string());
-        println!("cargo:rustc-link-lib={bssl_link_kind}=ssl");
-        println!("cargo:rustc-link-lib={bssl_link_kind}=crypto");
-    }
-
     if cfg!(feature = "boringssl-boring-crate") {
         println!("cargo:rustc-link-lib=static=ssl");
         println!("cargo:rustc-link-lib=static=crypto");