Nim FFI bindings for BoringSSL — Google's fork of OpenSSL.
The package vendors a curated subset of BoringSSL sources (libcrypto + libssl) and compiles them directly through the Nim build system: no CMake, no FIPS module, no test/tool binaries. Optimised assembly is enabled by default on supported platforms.
- Author: Status Research & Development GmbH
- License: Apache-2.0 OR MIT
- Nim:
>= 2.0.0
nimble install boringsslOr pin in your .nimble:
requires "boringssl"The BoringSSL sources live in a git submodule that tracks our vacp2p/boringssl fork. The fork exists to carry small portability patches on top of upstream — currently a Windows-specific fallback to portable C for the fiat_p256_adx_mul / fiat_p256_adx_sqrt routines, which fail to assemble cleanly under llvm-mingw.
When working from a clone, initialise submodules:
git clone --recursive https://github.com/vacp2p/nim-boringssl.git
# or, after a plain clone:
git submodule update --init --recursiveimport boringsslThe bindings expose BoringSSL's C API; refer to the headers under boringssl/include/openssl/ for the available symbols.
boringssl.nim is a generated file. It is the concatenation of prelude.nim — which carries the build glue ({.compile:.} directives for the C/assembly sources, compiler flags, platform guards) — and tmp_boringssl_ffi.nim, the raw FFI bindings produced by futhark from the BoringSSL headers. See Regenerating bindings below.
BoringSSL is a C++ library, so config.nims overrides the linker to g++ (Linux), clang++ (macOS) for downstream builds. Windows uses the default clang toolchain.
| Define | Default | Effect |
|---|---|---|
-d:BORINGSS_USE_ASM=false |
true |
Disable optimised assembly sources (portable C only) |
-d:fast |
off | Used by the test task; enables faster builds |
- Windows: builds with
clang(llvm-mingw) and assembles.asmfiles with NASM. NASM must be onPATH. - Linux i386: requires
-msse2(set automatically). - Threads: bindings are built with
--threads:onfor testing; downstream consumers may build either way.
The committed boringssl.nim only needs to be regenerated when the BoringSSL submodule is bumped or when the set of imported headers in generate_boringssl_ffi.nim changes. The build.sh script drives the whole flow:
./build.shIt installs futhark@0.15.0, runs generate_boringssl_ffi.nim to emit tmp_boringssl_ffi.nim, and prepends prelude.nim to produce the final boringssl.nim.
nimble test # debug build
nimble test_release # -d:release buildPass extra flags through NIMFLAGS, e.g.:
NIMFLAGS="--mm:orc" nimble testCI exercises Linux (amd64, i386, gcc-14), macOS (arm64) and Windows (amd64) against Nim 2.2 with both refc and orc memory managers.
Code is formatted with nph:
nimble formatLicensed under either of Apache License, Version 2.0 or MIT license at your option. BoringSSL itself is distributed under its own licenses.