From 2bb003e4520d2a84db16a80ce007cb727da95faa Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Sun, 12 May 2024 16:02:12 -0700 Subject: [PATCH 01/18] Updates to the new boring fork's hash with FIPS enforcement. This hash is on a branch and should be changed once that branch is merged. It includes the `set_fips_compliance_policy` function which is used to enforce FIPS-valid ciphers in the connection. This commit also updates `Cargo.lock` generally by having called `cargo update` before committing the changes. --- Cargo.lock | 578 ++++++++++++----------- lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 +- lib/srv/desktop/rdp/rdpclient/src/ssl.rs | 1 + 3 files changed, 306 insertions(+), 277 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 737fa3c81c19c..5188dbc1b0e81 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,9 +19,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -30,56 +30,57 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] [[package]] name = "anstream" -version = "0.6.11" +version = "0.6.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" dependencies = [ "anstyle", "anstyle-parse", "anstyle-query", "anstyle-wincon", "colorchoice", + "is_terminal_polyfill", "utf8parse", ] [[package]] name = "anstyle" -version = "1.0.6" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" [[package]] name = "anstyle-parse" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" +checksum = "a64c907d4e79225ac72e2a354c9ce84d50ebb4586dee56c82b3ee73004f537f5" dependencies = [ "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.2" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" dependencies = [ "anstyle", "windows-sys 0.52.0", @@ -108,7 +109,7 @@ checksum = "7378575ff571966e99a744addeff0bff98b8ada0dedf1956d59e634db95eaac1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", "synstructure", ] @@ -120,7 +121,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -144,13 +145,13 @@ dependencies = [ [[package]] name = "async-recursion" -version = "1.0.5" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0" +checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -175,15 +176,15 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" dependencies = [ "addr2line", "cc", @@ -202,9 +203,9 @@ checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -229,7 +230,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -283,7 +284,7 @@ dependencies = [ [[package]] name = "boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=605253d99d5e363e178bcf97e1d4622e33844cd5#605253d99d5e363e178bcf97e1d4622e33844cd5" +source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" dependencies = [ "bitflags 2.5.0", "boring-sys", @@ -295,7 +296,7 @@ dependencies = [ [[package]] name = "boring-sys" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=605253d99d5e363e178bcf97e1d4622e33844cd5#605253d99d5e363e178bcf97e1d4622e33844cd5" +source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" dependencies = [ "bindgen", "cmake", @@ -305,9 +306,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.14.0" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "byteorder" @@ -351,12 +352,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "099a5357d84c4c61eb35fc8eafa9a79a902c2f76911e5747ced4e032edd8d9b4" [[package]] name = "cexpr" @@ -391,9 +389,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" dependencies = [ "glob", "libc", @@ -435,9 +433,9 @@ dependencies = [ [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" [[package]] name = "console_error_panic_hook" @@ -451,9 +449,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "core-foundation" @@ -473,9 +471,9 @@ checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -529,9 +527,9 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" dependencies = [ "cfg-if", "cpufeatures", @@ -552,7 +550,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -566,9 +564,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "der_derive", @@ -598,14 +596,14 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] name = "deranged" -version = "0.3.10" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8eb30d70a07a3b04884d2677f06bec33509dc67ca60d92949e5535352d3191dc" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", ] @@ -639,7 +637,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -668,9 +666,9 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", "ed25519", @@ -704,9 +702,9 @@ dependencies = [ [[package]] name = "encoding_rs" -version = "0.8.33" +version = "0.8.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" +checksum = "b45de904aa0b010bce2ab45264d0631681847fa7b6f2eaa7dab7619943bc4f59" dependencies = [ "cfg-if", ] @@ -742,9 +740,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -752,9 +750,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "ff" @@ -768,15 +766,15 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "flagset" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a7e408202050813e6f1d9addadcaafef3dca7530c7ddfb005d4081cce6779" +checksum = "cdeb3aa5e95cf9aabc17f060cfa0ced7b83f042390760ca53bf09df9968acaa1" [[package]] name = "fnv" @@ -802,7 +800,7 @@ checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -844,9 +842,9 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0290714b38af9b4a7b094b8a37086d1b4e61f2df9122c3cad2577669145335" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" dependencies = [ "futures-channel", "futures-core", @@ -859,9 +857,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", "futures-sink", @@ -869,15 +867,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4fb8693db0cf099eadcca0efe2a5a22e4550f98ed16aba6c48700da29597bc" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" dependencies = [ "futures-core", "futures-task", @@ -886,38 +884,38 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-util" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-channel", "futures-core", @@ -990,7 +988,7 @@ dependencies = [ "futures-sink", "futures-util", "http", - "indexmap 2.1.0", + "indexmap 2.2.6", "slab", "tokio", "tokio-util", @@ -1014,9 +1012,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heapless" @@ -1048,15 +1046,15 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.3.3" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hkdf" -version = "0.12.3" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ "hmac", ] @@ -1072,9 +1070,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" dependencies = [ "bytes", "fnv", @@ -1083,9 +1081,9 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" dependencies = [ "bytes", "http", @@ -1112,9 +1110,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.27" +version = "0.14.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468" +checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" dependencies = [ "bytes", "futures-channel", @@ -1127,7 +1125,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.10", + "socket2", "tokio", "tower-service", "tracing", @@ -1170,12 +1168,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", - "hashbrown 0.14.3", + "hashbrown 0.14.5", ] [[package]] @@ -1254,7 +1252,7 @@ dependencies = [ "ironrdp-pdu", "ironrdp-svc", "rand_core", - "sspi 0.11.0", + "sspi 0.11.1", "tracing", "url", "winapi", @@ -1391,6 +1389,12 @@ dependencies = [ "tokio", ] +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" + [[package]] name = "iso7816" version = "0.1.2" @@ -1412,9 +1416,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "js-sys" @@ -1427,9 +1431,9 @@ dependencies = [ [[package]] name = "keccak" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f6d5ed8676d904364de097082f4e7d240b571b67989ced0240f08b7f966f940" +checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" dependencies = [ "cpufeatures", ] @@ -1457,12 +1461,12 @@ checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" [[package]] name = "libloading" -version = "0.7.4" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" dependencies = [ "cfg-if", - "winapi", + "windows-targets 0.52.5", ] [[package]] @@ -1473,15 +1477,15 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "linux-raw-sys" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -1514,9 +1518,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "mime" @@ -1532,9 +1536,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" dependencies = [ "adler", ] @@ -1572,11 +1576,10 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" dependencies = [ - "autocfg", "num-integer", "num-traits", ] @@ -1607,30 +1610,29 @@ checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" [[package]] name = "num-derive" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" +checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -1639,9 +1641,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -1653,15 +1655,15 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi 0.3.3", + "hermit-abi 0.3.9", "libc", ] [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -1677,9 +1679,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl-probe" @@ -1741,7 +1743,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7e4af0ca4f6caed20e900d564c242b8e5d4903fdacf31d3daf527b66fe6f42fb" dependencies = [ "lock_api", - "parking_lot_core 0.9.9", + "parking_lot_core 0.9.10", ] [[package]] @@ -1760,15 +1762,15 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.4.1", + "redox_syscall 0.5.1", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.5", ] [[package]] @@ -1898,9 +1900,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1931,15 +1933,15 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "platforms" -version = "3.2.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" [[package]] name = "portpicker" @@ -1973,18 +1975,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "8ad3d49ab951a01fbaafe34f2ec74122942fe18a3f9814c3268f1bb72042131b" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -2073,18 +2075,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", ] [[package]] name = "regex" -version = "1.10.2" +version = "1.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", @@ -2094,9 +2096,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", @@ -2105,15 +2107,15 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "reqwest" -version = "0.11.22" +version = "0.11.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" +checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" dependencies = [ "base64", "bytes", @@ -2138,6 +2140,7 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", + "sync_wrapper", "system-configuration", "tokio", "tokio-rustls", @@ -2162,16 +2165,17 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.6" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if", "getrandom", "libc", "spin 0.9.8", "untrusted", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2196,9 +2200,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -2226,9 +2230,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ "bitflags 2.5.0", "errno", @@ -2239,9 +2243,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.11" +version = "0.21.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" +checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" dependencies = [ "log", "ring", @@ -2282,17 +2286,17 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2327,11 +2331,11 @@ dependencies = [ [[package]] name = "security-framework" -version = "2.9.2" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de" +checksum = "c627723fd09706bacdb5cf41499e95098555af3c3c29d014dc3c458ef6be11c0" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "core-foundation", "core-foundation-sys", "libc", @@ -2340,9 +2344,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.9.1" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a" +checksum = "317936bbbd05227752583946b9e66d7ce3b489f84e11a94a510b4437fef407d7" dependencies = [ "core-foundation-sys", "libc", @@ -2350,44 +2354,44 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.20" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.193" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c" dependencies = [ "serde_derive", ] [[package]] name = "serde_bytes" -version = "0.11.12" +version = "0.11.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab33ec92f677585af6d88c65593ae2375adde54efdbf16d597f2cbc7a6d368ff" +checksum = "8b8497c313fd43ab992087548117643f6fcd935cbf36f176ffda0aacf9591734" dependencies = [ "serde", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "c5e405930b9796f1c00bee880d03fc7e0bb4b9a11afc776885ffe84320da2865" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" dependencies = [ "itoa", "ryu", @@ -2455,9 +2459,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook-registry" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" dependencies = [ "libc", ] @@ -2489,22 +2493,12 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" -dependencies = [ - "libc", - "winapi", -] - -[[package]] -name = "socket2" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2578,9 +2572,9 @@ dependencies = [ [[package]] name = "sspi" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf9e7d03e3a0314c94b37625112eeaba08068b0ffbb181deefd4c7deae5ba046" +checksum = "18d31fab47d9290be28a8d027c8428756826f1d4fe1e5ba0f51d24f52c568e21" dependencies = [ "async-dnssd", "async-recursion", @@ -2678,15 +2672,21 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.39" +version = "2.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "bf5be731623ca1a1fb7d8be6f261a3be6d3e2337b8a1f97be944d020c8fcb704" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + [[package]] name = "synstructure" version = "0.13.1" @@ -2695,7 +2695,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -2739,44 +2739,44 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] [[package]] name = "textwrap" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" +checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9" [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] name = "thread_local" -version = "1.1.7" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" +checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" dependencies = [ "cfg-if", "once_cell", @@ -2829,6 +2829,27 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls_codec" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.63", +] + [[package]] name = "tokio" version = "1.37.0" @@ -2843,7 +2864,7 @@ dependencies = [ "parking_lot 0.12.2", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.5", + "socket2", "tokio-macros", "windows-sys 0.48.0", ] @@ -2851,7 +2872,7 @@ dependencies = [ [[package]] name = "tokio-boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=605253d99d5e363e178bcf97e1d4622e33844cd5#605253d99d5e363e178bcf97e1d4622e33844cd5" +source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" dependencies = [ "boring", "boring-sys", @@ -2867,7 +2888,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -2882,16 +2903,15 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] @@ -2929,7 +2949,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] [[package]] @@ -2983,9 +3003,9 @@ dependencies = [ [[package]] name = "try-lock" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "typenum" @@ -2995,9 +3015,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" [[package]] name = "unicode-ident" @@ -3007,9 +3027,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" dependencies = [ "tinyvec", ] @@ -3104,15 +3124,15 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.39" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac36a15a220124ac510204aec1c3e5db8a22ab06fd6706d881dc6149f8ed9a12" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" dependencies = [ "cfg-if", "js-sys", @@ -3138,7 +3158,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3161,15 +3181,15 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.3" +version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "widestring" -version = "1.0.2" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" +checksum = "7219d36b6eac893fa81e84ebe06485e7dcbb616177469b142df14f1f4deb1311" [[package]] name = "winapi" @@ -3189,11 +3209,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -3236,7 +3256,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.5", ] [[package]] @@ -3256,17 +3276,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -3277,9 +3298,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" @@ -3289,9 +3310,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" @@ -3301,9 +3322,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" @@ -3313,9 +3340,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" @@ -3325,9 +3352,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" @@ -3337,9 +3364,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" @@ -3349,9 +3376,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "winreg" @@ -3384,9 +3411,9 @@ dependencies = [ [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", @@ -3396,13 +3423,14 @@ dependencies = [ [[package]] name = "x509-cert" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", "der", "spki", + "tls_codec", ] [[package]] @@ -3422,5 +3450,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.63", ] diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index e849640c09910..1e8521c5a2138 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="605253d99d5e363e178bcf97e1d4622e33844cd5", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="cdf030220da36e6053a2811ee17676eb0ef3ffbf", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="605253d99d5e363e178bcf97e1d4622e33844cd5", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="cdf030220da36e6053a2811ee17676eb0ef3ffbf", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } diff --git a/lib/srv/desktop/rdp/rdpclient/src/ssl.rs b/lib/srv/desktop/rdp/rdpclient/src/ssl.rs index 563a71f84ca78..55fd39c6fabe8 100644 --- a/lib/srv/desktop/rdp/rdpclient/src/ssl.rs +++ b/lib/srv/desktop/rdp/rdpclient/src/ssl.rs @@ -48,6 +48,7 @@ pub(crate) async fn upgrade( use tokio::io::AsyncWriteExt; let mut builder = SslConnector::builder(SslMethod::tls_client())?; builder.set_verify(SslVerifyMode::NONE); + builder.set_fips_compliance_policy()?; let configuration = builder.build().configure()?; let mut tls_stream = tokio_boring::connect(configuration, server_name, initial_stream).await?; From ab8738ffa1d4cc65bf384696143f97e3d8b3f61a Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Mon, 13 May 2024 11:43:32 -0700 Subject: [PATCH 02/18] reverts previous changes such that we are again using clang 12.0.0 rather than 14.0.6 --- build.assets/Dockerfile-centos7-assets | 56 +++++++++++------------- common.mk | 4 +- lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 +- 3 files changed, 30 insertions(+), 34 deletions(-) diff --git a/build.assets/Dockerfile-centos7-assets b/build.assets/Dockerfile-centos7-assets index 3660e273cfe9c..d9a336f2d415c 100644 --- a/build.assets/Dockerfile-centos7-assets +++ b/build.assets/Dockerfile-centos7-assets @@ -22,17 +22,17 @@ RUN yum groupinstall -y 'Development Tools' && \ yum update -y && \ yum install -y centos-release-scl-rh && \ yum install -y \ - centos-release-scl \ - cmake3 \ - git \ - scl-utils && \ + centos-release-scl \ + cmake3 \ + git \ + scl-utils && \ yum clean all # As mentioned above, these packages are unsigned. RUN yum install --nogpgcheck -y \ - ${DEVTOOLSET}-gcc \ - ${DEVTOOLSET}-gcc-c++ \ - ${DEVTOOLSET}-make && \ + ${DEVTOOLSET}-gcc \ + ${DEVTOOLSET}-gcc-c++ \ + ${DEVTOOLSET}-make && \ yum clean all ## NINJA-BUILD ################################################################### @@ -43,13 +43,13 @@ FROM --platform=$BUILDPLATFORM centos-devtoolset AS ninja-build # Install additional required dependencies. RUN yum install -y expat-devel \ - gettext \ - libcurl-devel \ - openssl-devel \ - pcre-devel \ - xmlto \ - zlib-devel \ - && yum clean all + gettext \ + libcurl-devel \ + openssl-devel \ + pcre-devel \ + xmlto \ + zlib-devel \ + && yum clean all # mno-outline-atomics flag is needed to make the build works on ARM64 docker. RUN git clone --depth=1 https://github.com/Kitware/CMake.git -b v3.28.1 && \ @@ -60,21 +60,18 @@ RUN git clone --depth=1 https://github.com/Kitware/CMake.git -b v3.28.1 && \ ENV PATH="/opt/cmake/bin:$PATH" RUN git clone --depth=1 https://github.com/ninja-build/ninja.git -b v1.11.1 && \ - cd ninja && \ - [ "$(git rev-parse HEAD)" = 'a524bf3f6bacd1b4ad85d719eed2737d8562f27a' ] && \ - scl enable ${DEVTOOLSET} "cmake -Bbuild-cmake && \ + cd ninja && \ + [ "$(git rev-parse HEAD)" = 'a524bf3f6bacd1b4ad85d719eed2737d8562f27a' ] && \ + scl enable ${DEVTOOLSET} "cmake -Bbuild-cmake && \ cmake --build build-cmake -j"$(nproc)" && \ cmake --build build-cmake --target install" # Use just created devtool image with newer GCC and Cmake -FROM --platform=$BUILDPLATFORM centos-devtoolset as clang14 +FROM --platform=$BUILDPLATFORM centos-devtoolset as clang12 ARG DEVTOOLSET -# Bring in our custom ninja build, needed for building clang. -COPY --from=ninja-build /usr/local/bin/ninja /usr/local/bin/ninja - -# Compile Clang 14.0.6 from source. It is needed to create BoringSSL and BPF files. +# Compile Clang 12.0.0 from source. It is needed to create BoringSSL and BPF files. # CentOS 7 doesn't provide it as a package unfortunately. # This version of Clang is explicitly required for FIPS compliance when building BoringSSL. # For more information please refer to the section 12. Guidance and Secure Operation of: @@ -83,18 +80,17 @@ COPY --from=ninja-build /usr/local/bin/ninja /usr/local/bin/ninja # CLANG_BUILD_TOOLS must be on, it builds clang binary, # LLVM_BUILD_TOOLS must be on, it builds llvm-strip binary. # the rest is disabled to speedup the compilation. -RUN git clone --branch llvmorg-14.0.6 --depth=1 https://github.com/llvm/llvm-project.git && \ +RUN git clone --branch llvmorg-12.0.0 --depth=1 https://github.com/llvm/llvm-project.git && \ cd llvm-project/ && \ - [ "$(git rev-parse HEAD)" = 'f28c006a5895fc0e329fe15fead81e37457cb1d1' ] && \ + [ "$(git rev-parse HEAD)" = 'd28af7c654d8db0b68c175db5ce212d74fb5e9bc' ] && \ mkdir build && cd build/ && \ scl enable ${DEVTOOLSET} 'bash -c "cmake3 \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/opt/llvm \ - -DLLVM_ENABLE_PROJECTS=\"clang;libcxx;libcxxabi\" \ - -DLLVM_ENABLE_LIBCXX=ON \ - -G \"Ninja\" ../llvm && \ - cmake3 --build . && \ - cmake3 -DCMAKE_INSTALL_PREFIX=/opt/llvm -P cmake_install.cmake"' && \ + -DLLVM_ENABLE_PROJECTS=clang \ + -DLLVM_BUILD_TOOLS=ON \ + -G \"Unix Makefiles\" ../llvm && \ + make -j$(grep -c processor /proc/cpuinfo) install-llvm-strip install-clang-format install-clang install-clang-resource-headers install-libclang"' && \ cd ../.. && \ rm -rf llvm-project @@ -127,7 +123,7 @@ RUN mkdir -p /opt/custom-packages && cd /opt && \ FROM scratch AS buildbox-centos7-assets # Copy Clang into the final image. -COPY --from=clang14 /opt/llvm /opt/llvm/ +COPY --from=clang12 /opt/llvm /opt/llvm/ # Copy ninja into the final image. COPY --from=ninja-build /usr/local/bin/ninja /usr/local/bin/ninja diff --git a/common.mk b/common.mk index 6a918edfa14d3..1f9f9ec20f413 100644 --- a/common.mk +++ b/common.mk @@ -23,8 +23,8 @@ ifneq ("$(wildcard /usr/libbpf-${LIBBPF_VER}/include/bpf/bpf.h)","") with_bpf := yes BPF_TAG := bpf BPF_MESSAGE := with-BPF-support -CLANG ?= $(shell which clang || which clang-14) -LLVM_STRIP ?= $(shell which llvm-strip || which llvm-strip-14) +CLANG ?= $(shell which clang || which clang-12) +LLVM_STRIP ?= $(shell which llvm-strip || which llvm-strip-12) KERNEL_ARCH := $(shell uname -m | sed 's/x86_64/x86/g; s/aarch64/arm64/g') INCLUDES := ER_BPF_BUILDDIR := lib/bpf/bytecode diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index 1e8521c5a2138..100fdc1778a60 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="cdf030220da36e6053a2811ee17676eb0ef3ffbf", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="f8501b301d5c4fa747dd43d1f088cb6b444d54d1", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="cdf030220da36e6053a2811ee17676eb0ef3ffbf", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="f8501b301d5c4fa747dd43d1f088cb6b444d54d1", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } From 3702f90ab9b5c03016022ab92de19585c31a4cb8 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Fri, 31 May 2024 01:49:05 +0000 Subject: [PATCH 03/18] Updates to latest boring hash --- Cargo.lock | 6 +++--- lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 ++-- lib/srv/desktop/rdp/rdpclient/src/client.rs | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5188dbc1b0e81..067c318ea21dc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -284,7 +284,7 @@ dependencies = [ [[package]] name = "boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" +source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" dependencies = [ "bitflags 2.5.0", "boring-sys", @@ -296,7 +296,7 @@ dependencies = [ [[package]] name = "boring-sys" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" +source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" dependencies = [ "bindgen", "cmake", @@ -2872,7 +2872,7 @@ dependencies = [ [[package]] name = "tokio-boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=cdf030220da36e6053a2811ee17676eb0ef3ffbf#cdf030220da36e6053a2811ee17676eb0ef3ffbf" +source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" dependencies = [ "boring", "boring-sys", diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index 100fdc1778a60..bcaea14d3284f 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="f8501b301d5c4fa747dd43d1f088cb6b444d54d1", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="26b3a25d8fb52515300083e3c55f44a11ce3e54b", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="f8501b301d5c4fa747dd43d1f088cb6b444d54d1", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="26b3a25d8fb52515300083e3c55f44a11ce3e54b", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } diff --git a/lib/srv/desktop/rdp/rdpclient/src/client.rs b/lib/srv/desktop/rdp/rdpclient/src/client.rs index 611deca70a474..74e2acdbf7c27 100644 --- a/lib/srv/desktop/rdp/rdpclient/src/client.rs +++ b/lib/srv/desktop/rdp/rdpclient/src/client.rs @@ -70,7 +70,7 @@ use crate::rdpdr::scard::SCARD_DEVICE_ID; use crate::rdpdr::TeleportRdpdrBackend; use crate::ssl::TlsStream; #[cfg(feature = "fips")] -use tokio_boring::{HandshakeError, SslStream}; +use tokio_boring::HandshakeError; const RDP_CONNECT_TIMEOUT: Duration = Duration::from_secs(5); From 24bbc501dc65df536d8229b82800aa8e25df59c7 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Fri, 31 May 2024 01:49:29 +0000 Subject: [PATCH 04/18] removes rdp client for fips builds on arm64 --- Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 7add29308ac90..0713daac9a1ec 100644 --- a/Makefile +++ b/Makefile @@ -112,14 +112,23 @@ ifeq ($(RDPCLIENT_SKIP_BUILD),0) ifneq ($(CHECK_RUST),) ifneq ($(CHECK_CARGO),) -# Do not build RDP client on ARM or 386. +is_fips_on_arm64 := no +ifneq ("$(FIPS)","") +ifeq ("$(ARCH)","arm64") +is_fips_on_arm64 := yes +endif +endif + +# Do not build RDP client on ARM or 386, or for FIPS builds on arm64. ifneq ("$(ARCH)","arm") ifneq ("$(ARCH)","386") +ifneq ("$(is_fips_on_arm64)","yes") with_rdpclient := yes RDPCLIENT_MESSAGE := with-Windows-RDP-client RDPCLIENT_TAG := desktop_access_rdp endif endif +endif endif endif From 4665940566f8d03d9c7629d2c79b8e75d646944c Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Fri, 31 May 2024 01:49:52 +0000 Subject: [PATCH 05/18] updates e to isaiah/enforce-fips head --- e | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e b/e index 5284c29789956..e48e1fcdbf740 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit 5284c29789956936e2dfecc49b6cd5effd237c3c +Subproject commit e48e1fcdbf740ed6f72963cfbd86fa332dbfc40c From 2a5ad22d629e86f87fdb8e292c0a2a6a98a5e8bd Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Mon, 3 Jun 2024 03:06:29 +0000 Subject: [PATCH 06/18] Updates boring ref --- Cargo.lock | 6 +++--- lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 067c318ea21dc..4ad38274d4c15 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -284,7 +284,7 @@ dependencies = [ [[package]] name = "boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" +source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" dependencies = [ "bitflags 2.5.0", "boring-sys", @@ -296,7 +296,7 @@ dependencies = [ [[package]] name = "boring-sys" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" +source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" dependencies = [ "bindgen", "cmake", @@ -2872,7 +2872,7 @@ dependencies = [ [[package]] name = "tokio-boring" version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=26b3a25d8fb52515300083e3c55f44a11ce3e54b#26b3a25d8fb52515300083e3c55f44a11ce3e54b" +source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" dependencies = [ "boring", "boring-sys", diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index bcaea14d3284f..89a8c8f4c835a 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="26b3a25d8fb52515300083e3c55f44a11ce3e54b", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="26b3a25d8fb52515300083e3c55f44a11ce3e54b", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } From 4fa522782844374fcb3d6f4c462207dd5de41879 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Mon, 3 Jun 2024 04:14:15 +0000 Subject: [PATCH 07/18] Updates boring ref --- Cargo.lock | 12 ++++++------ lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4ad38274d4c15..7098d39c414d1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -283,8 +283,8 @@ dependencies = [ [[package]] name = "boring" -version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" +version = "4.7.0" +source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" dependencies = [ "bitflags 2.5.0", "boring-sys", @@ -295,8 +295,8 @@ dependencies = [ [[package]] name = "boring-sys" -version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" +version = "4.7.0" +source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" dependencies = [ "bindgen", "cmake", @@ -2871,8 +2871,8 @@ dependencies = [ [[package]] name = "tokio-boring" -version = "4.4.0" -source = "git+https://github.com/gravitational/boring?rev=fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901#fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901" +version = "4.7.0" +source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" dependencies = [ "boring", "boring-sys", diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index 89a8c8f4c835a..8a1de76a379c6 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="eb5d5c9a3f9e55ecc4812365f50e168583bf3c58", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="fbd61bfb6e74f0287e2f65f8ad2a5e3f42e57901", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="eb5d5c9a3f9e55ecc4812365f50e168583bf3c58", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } From fd7e7dd579724cd4b663d1f0ffde4ba87c056917 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Mon, 3 Jun 2024 16:01:08 -0500 Subject: [PATCH 08/18] Update Makefile Co-authored-by: Zac Bergquist --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0713daac9a1ec..dff86fb024b95 100644 --- a/Makefile +++ b/Makefile @@ -119,7 +119,7 @@ is_fips_on_arm64 := yes endif endif -# Do not build RDP client on ARM or 386, or for FIPS builds on arm64. +# Do not build RDP client on 32-bit ARM or 386, or for FIPS builds on arm64. ifneq ("$(ARCH)","arm") ifneq ("$(ARCH)","386") ifneq ("$(is_fips_on_arm64)","yes") From ab64baa17a5e3b8c604275b0c6f192d669634e66 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 5 Jun 2024 20:39:33 -0700 Subject: [PATCH 09/18] Adds note about desktop access fips to fedramp docs --- .../access-controls/compliance-frameworks/fedramp.mdx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx index ae9df83f1acf4..c46cb63420a6a 100644 --- a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -231,3 +231,11 @@ is emitted to the Audit Log. - All uses of non-compliant algorithms such as NaCl are removed and replaced with compliant algorithms such as AES-GCM. - Teleport is compiled with [BoringCrypto](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407). - User, host, and CA certificates (and host keys for recording proxy mode) only use 2048-bit RSA private keys. + +## Desktop Access + +Teleport's Desktop Access feature uses Rust for RDP connections, and thus uses a fork of Cloudflare's [`boring`](https://github.com/gravitational/boring) +library under the hood for FIPS-compliant TLS cryptography. The primary noteable difference to the specifications listed above is that +TLS is restricted to TLS 1.2 only (1.3 is not supported). + +Note that Teleport's Desktop Access feature is not available in FIPS mode on `arm64`. From ca15ef976eea50567e346f1aabe4e4f992b6cb60 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 5 Jun 2024 20:46:05 -0700 Subject: [PATCH 10/18] Updates boring hash to now-merged HEAD of the `teleport` branch --- Cargo.lock | 6 +++--- lib/srv/desktop/rdp/rdpclient/Cargo.toml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7098d39c414d1..51e4bbb573cc3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -284,7 +284,7 @@ dependencies = [ [[package]] name = "boring" version = "4.7.0" -source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" +source = "git+https://github.com/gravitational/boring?rev=99897308abb5976ea05625b8314c24b16eebb01b#99897308abb5976ea05625b8314c24b16eebb01b" dependencies = [ "bitflags 2.5.0", "boring-sys", @@ -296,7 +296,7 @@ dependencies = [ [[package]] name = "boring-sys" version = "4.7.0" -source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" +source = "git+https://github.com/gravitational/boring?rev=99897308abb5976ea05625b8314c24b16eebb01b#99897308abb5976ea05625b8314c24b16eebb01b" dependencies = [ "bindgen", "cmake", @@ -2872,7 +2872,7 @@ dependencies = [ [[package]] name = "tokio-boring" version = "4.7.0" -source = "git+https://github.com/gravitational/boring?rev=eb5d5c9a3f9e55ecc4812365f50e168583bf3c58#eb5d5c9a3f9e55ecc4812365f50e168583bf3c58" +source = "git+https://github.com/gravitational/boring?rev=99897308abb5976ea05625b8314c24b16eebb01b#99897308abb5976ea05625b8314c24b16eebb01b" dependencies = [ "boring", "boring-sys", diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml index 8a1de76a379c6..346744c28d84a 100644 --- a/lib/srv/desktop/rdp/rdpclient/Cargo.toml +++ b/lib/srv/desktop/rdp/rdpclient/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["staticlib"] [dependencies] bitflags = "2.5.0" -boring = { git = "https://github.com/gravitational/boring", rev="eb5d5c9a3f9e55ecc4812365f50e168583bf3c58", optional = true } +boring = { git = "https://github.com/gravitational/boring", rev="99897308abb5976ea05625b8314c24b16eebb01b", optional = true } byteorder = "1.5.0" bytes = "1.6.0" env_logger = "0.11.3" @@ -35,7 +35,7 @@ rsa = "0.9.6" sspi = { git = "https://github.com/Devolutions/sspi-rs", rev="d54bdfcafa0e10d9d78224ebacc4f2a0992a6b79", features = ["network_client"] } static_init = "1.0.3" tokio = { version = "1.37", features = ["full"] } -tokio-boring = { git = "https://github.com/gravitational/boring", rev="eb5d5c9a3f9e55ecc4812365f50e168583bf3c58", optional = true } +tokio-boring = { git = "https://github.com/gravitational/boring", rev="99897308abb5976ea05625b8314c24b16eebb01b", optional = true } utf16string = "0.2.0" uuid = { version = "1.8.0", features = ["v4"] } From faf6c8f3a50edc6d19a4a0a642ca8a3ae450542a Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Thu, 6 Jun 2024 16:12:22 -0700 Subject: [PATCH 11/18] update e to latest head --- e | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e b/e index e48e1fcdbf740..d6a85dd031ea7 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit e48e1fcdbf740ed6f72963cfbd86fa332dbfc40c +Subproject commit d6a85dd031ea763b9e1f2e9433f2b56f8ba823ad From 038e15e3a76b2a675cab7b1696c6c7147c1df945 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Tue, 11 Jun 2024 00:29:11 +0000 Subject: [PATCH 12/18] try adding --nocheck to see if that fixes arm64 builds --- build.assets/Dockerfile-centos7-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.assets/Dockerfile-centos7-assets b/build.assets/Dockerfile-centos7-assets index d9a336f2d415c..b9320b04868f2 100644 --- a/build.assets/Dockerfile-centos7-assets +++ b/build.assets/Dockerfile-centos7-assets @@ -105,7 +105,7 @@ RUN mkdir -p /opt/custom-packages && cd /opt && \ yumdownloader --source elfutils-libelf-devel-static && \ yum-builddep -y elfutils-libelf-devel-static && \ export DIST=$(rpm -qp --queryformat '%{RELEASE}' elfutils-*.src.rpm | cut -d '.' -f 2) && \ - rpmbuild --rebuild --define "optflags `rpm -E %{optflags}` -fPIC" --define "dist .${DIST}" elfutils-*.src.rpm && \ + rpmbuild --rebuild --nocheck --define "optflags `rpm -E %{optflags}` -fPIC" --define "dist .${DIST}" elfutils-*.src.rpm && \ if [ "${BUILDARCH}" = "arm64" ]; then export BUILDARCH="aarch64"; fi && \ cp /root/rpmbuild/RPMS/${BUILDARCH}/elfutils-libelf-devel-static-*${DIST}.${BUILDARCH}.rpm /opt/custom-packages/ From b3771d6a148887694c813c7094896a5d28c898cd Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Tue, 11 Jun 2024 11:30:36 -0700 Subject: [PATCH 13/18] udates to latest HEAD --- e | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e b/e index d6a85dd031ea7..1ecd959c83bd0 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit d6a85dd031ea763b9e1f2e9433f2b56f8ba823ad +Subproject commit 1ecd959c83bd0f267c5c982dd13f75bf4a045148 From 3cf3bc49fd03a1279efdfa9f3c2367b9346a7d91 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Tue, 11 Jun 2024 11:38:18 -0700 Subject: [PATCH 14/18] latest e --- e | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e b/e index 1ecd959c83bd0..fb3ea3880bac6 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit 1ecd959c83bd0f267c5c982dd13f75bf4a045148 +Subproject commit fb3ea3880bac664d81eb69939fa39700903b800e From a45d7f7400719104fe7335e2e817e6d106f85b77 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 12 Jun 2024 16:46:36 -0500 Subject: [PATCH 15/18] Update docs/pages/access-controls/compliance-frameworks/fedramp.mdx Co-authored-by: Zac Bergquist --- docs/pages/access-controls/compliance-frameworks/fedramp.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx index f8116d7ca4228..aecaa93df1ee7 100644 --- a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -289,4 +289,4 @@ Teleport's Desktop Access feature uses Rust for RDP connections, and thus uses a library under the hood for FIPS-compliant TLS cryptography. The primary noteable difference to the specifications listed above is that TLS is restricted to TLS 1.2 only (1.3 is not supported). -Note that Teleport's Desktop Access feature is not available in FIPS mode on `arm64`. +Note that `arm64` FIPS builds do not support access to Windows desktops. From fd1de2355f3bd7384e017433deb40097c9598cd4 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 12 Jun 2024 16:46:43 -0500 Subject: [PATCH 16/18] Update docs/pages/access-controls/compliance-frameworks/fedramp.mdx Co-authored-by: Zac Bergquist --- docs/pages/access-controls/compliance-frameworks/fedramp.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx index aecaa93df1ee7..50ce5dd40813e 100644 --- a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -285,7 +285,7 @@ is emitted to the Audit Log. ## Desktop Access -Teleport's Desktop Access feature uses Rust for RDP connections, and thus uses a fork of Cloudflare's [`boring`](https://github.com/gravitational/boring) +Teleport uses Rust for RDP connections, and thus uses a fork of Cloudflare's [`boring`](https://github.com/gravitational/boring) library under the hood for FIPS-compliant TLS cryptography. The primary noteable difference to the specifications listed above is that TLS is restricted to TLS 1.2 only (1.3 is not supported). From 029674390b338787a21239e86fa13e8fc5311579 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 12 Jun 2024 16:46:48 -0500 Subject: [PATCH 17/18] Update docs/pages/access-controls/compliance-frameworks/fedramp.mdx Co-authored-by: Zac Bergquist --- docs/pages/access-controls/compliance-frameworks/fedramp.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx index 50ce5dd40813e..5ae5e475852bc 100644 --- a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -283,7 +283,7 @@ is emitted to the Audit Log. - Teleport is compiled with [BoringCrypto](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407). - User, host, and CA certificates (and host keys for recording proxy mode) only use 2048-bit RSA private keys. -## Desktop Access +## Remote desktop access Teleport uses Rust for RDP connections, and thus uses a fork of Cloudflare's [`boring`](https://github.com/gravitational/boring) library under the hood for FIPS-compliant TLS cryptography. The primary noteable difference to the specifications listed above is that From 7ce065dae609f01e97f3a0e618ad82b7fd291982 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Mon, 17 Jun 2024 13:58:56 -0700 Subject: [PATCH 18/18] noteable --> notable --- .../compliance-frameworks/fedramp.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx index 5ae5e475852bc..2937b70b4860e 100644 --- a/docs/pages/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -3,9 +3,9 @@ title: FedRAMP Compliance for Infrastructure Access description: How to configure SSH, Kubernetes, database, and web app access to be FedRAMP compliant, including support for FIPS 140-2. --- -Teleport provides the foundation to meet FedRAMP requirements for the purposes of accessing infrastructure. +Teleport provides the foundation to meet FedRAMP requirements for the purposes of accessing infrastructure. This includes support for the Federal Information Processing Standard [FIPS 140-2](https://en.wikipedia.org/wiki/FIPS\_140-2). -This standard is the US government approved standard for cryptographic modules. This document explains how +This standard is the US government approved standard for cryptographic modules. This document explains how Teleport FIPS mode works and how it can help your company to become FedRAMP authorized. ## Obtain FedRAMP authorization with Teleport @@ -14,7 +14,7 @@ Teleport includes FedRAMP and FIPS 140-2 features to support companies that sell government agencies. ### Access controls - + | Control | Teleport Features | | - | - | | [AC-02 Account Management]((=fedramp.control_url=)AC-02) | Audit events are emitted in the Auth Service when a user is created, updated, deleted, locked, or unlocked. | @@ -62,7 +62,7 @@ government agencies. Teleport implements mTLS for all communications between user clients and Teleport servers with several exceptions listed below. -Following successful authentication to SSO Identity Provider, Teleport issues the authenticated user x.509 client certificates signed by its own internal x.509 CA. Target Teleport services and clients require valid x.509 certificates and mTLS for all target SSH, K8s, database, and web application connections. +Following successful authentication to SSO Identity Provider, Teleport issues the authenticated user x.509 client certificates signed by its own internal x.509 CA. Target Teleport services and clients require valid x.509 certificates and mTLS for all target SSH, K8s, database, and web application connections. Inside the ATO boundary, mTLS is used for communication between the Teleport proxy and internal hosts running all protocols. @@ -79,8 +79,8 @@ In FIPS builds, Teleport uses Go’s BoringCrypto-based networking stack for all For a detailed list of cryptographic algorithms used in FIPS mode please consult [Teleport FIPS documentation](#default-cryptographic-algorithms). -You also can follow the [Installation instructions](../../installation.mdx#linux) for -Teleport Enterprise edition to download and install the appropriate FIPS-compliant binaries for +You also can follow the [Installation instructions](../../installation.mdx#linux) for +Teleport Enterprise edition to download and install the appropriate FIPS-compliant binaries for your operating environment and package manager or from compressed archive (tarball). For example, you can download and install from the compressed archive by running the following commands: @@ -102,9 +102,9 @@ $ cd teleport-ent $ sudo ./install ``` -After you download and install, all of the Teleport Enterprise binaries are +After you download and install, all of the Teleport Enterprise binaries are installed in the `/usr/local/bin` directory. You can verify you have FIPS-compliant -binaries installed by running the `teleport version` command and verifying that +binaries installed by running the `teleport version` command and verifying that the `X:boringcrypto` library is listed. For example: ```code @@ -113,7 +113,7 @@ Teleport Enterprise (= teleport.version =) (= teleport.git =) (= teleport.golang ``` If your Teleport cluster runs on AWS, the cluster can run in US-East or US-West regions for services -with low or moderate impact levels. For services with a high impact level, the cluster must run +with low or moderate impact levels. For services with a high impact level, the cluster must run in a GovCloud region to support FIPS. ## Configure the Teleport Auth Service @@ -286,7 +286,7 @@ is emitted to the Audit Log. ## Remote desktop access Teleport uses Rust for RDP connections, and thus uses a fork of Cloudflare's [`boring`](https://github.com/gravitational/boring) -library under the hood for FIPS-compliant TLS cryptography. The primary noteable difference to the specifications listed above is that +library under the hood for FIPS-compliant TLS cryptography. The primary notable difference to the specifications listed above is that TLS is restricted to TLS 1.2 only (1.3 is not supported). Note that `arm64` FIPS builds do not support access to Windows desktops.