Skip to content

boring-sys: Bump BoringSSL to e2a57cfb4#509

Merged
cjpatton merged 2 commits into
masterfrom
cjpatton/update-boringssl-mldsa-tls
May 28, 2026
Merged

boring-sys: Bump BoringSSL to e2a57cfb4#509
cjpatton merged 2 commits into
masterfrom
cjpatton/update-boringssl-mldsa-tls

Conversation

@cjpatton
Copy link
Copy Markdown
Collaborator

@cjpatton cjpatton commented May 27, 2026
edited
Loading

This version includes integration of ML-DSA into TLS. Update the boring-pq and rpk patches accordingly.

While at it, run add a job to CI that runs BoringSSL's unit tests against the patched version.

@cjpatton cjpatton marked this pull request as draft May 27, 2026 19:34
@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from 00e5c99 to 683dd94 Compare May 27, 2026 19:44
lukevalenta
lukevalenta reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@lukevalenta lukevalenta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upstream added a new field to these test structs: google/boringssl@bf6bb32

Comment thread boring-sys/patches/underscore-wildcards.patch
Comment thread boring-sys/patches/underscore-wildcards.patch
@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from 8305960 to aef32ec Compare May 27, 2026 20:42
@cjpatton cjpatton marked this pull request as ready for review May 27, 2026 20:42
@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from aef32ec to 683dd94 Compare May 27, 2026 20:45
@cjpatton
Copy link
Copy Markdown
Collaborator Author

cjpatton commented May 27, 2026

Upstream added a new field to these test structs: google/boringssl@bf6bb32

Hmm, I tried applying your suggestions, and applying the patch failed:

patching file ssl/test/runner/key_update_tests.go
patching file tool/client.cc
Applying rpk.patch
patching file include/openssl/ssl.h
Hunk #1 succeeded at 4028 (offset 1 line).
patching file ssl/ssl_credential.cc
patching file ssl/ssl_lib.cc
Hunk #1 succeeded at 3818 (offset 14 lines).
Applying underscore-wildcards.patch
patching file crypto/x509/v3_utl.cc
patch: **** malformed patch at line 63:  

patching file crypto/x509/x509_test.cc

Doesn't the patch already account for this?

@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from 683dd94 to 90e3b51 Compare May 27, 2026 21:01
@cjpatton
boring-sys: Bump BoringSSL to e2a57cfb4
13d0d3a 
This version includes integration of ML-DSA into TLS. Update the
boring-pq, rpk, and underscore-wildcards patches accordingly.
@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from 90e3b51 to b4fe1ae Compare May 27, 2026 21:12
@cjpatton cjpatton marked this pull request as draft May 27, 2026 21:41
lukevalenta
lukevalenta reviewed May 28, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml Outdated
@lukevalenta
Copy link
Copy Markdown
Contributor

lukevalenta commented May 28, 2026

Hmm, I tried applying your suggestions, and applying the patch failed:

Whoops yeah I guess that suggested edit didn't account for line number changes in the patch, but looks like you got that part sorted! Left a comment above with how I think we can fix the remaining failing tests.

@cjpatton @lukevalenta
Run BoringSSL tests with patches
0b12575 
Add a CI job that applies all patches to BoringSSL then runs the
BoringSSL unit tests.

Co-authored-by: Luke Valenta <lvalenta@cloudflare.com>
@cjpatton cjpatton force-pushed the cjpatton/update-boringssl-mldsa-tls branch from f3b5112 to 0b12575 Compare May 28, 2026 02:14
@cjpatton cjpatton marked this pull request as ready for review May 28, 2026 03:23
@cjpatton cjpatton merged commit 8e2a92a into master May 28, 2026
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bwesterb bwesterb bwesterb approved these changes

+1 more reviewer

@lukevalenta lukevalenta lukevalenta approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cjpatton @lukevalenta @bwesterb