From 9905fea64c5721c3faced07076e7435f7e289a11 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 10 Feb 2026 19:03:58 +0000
Subject: [PATCH 1/2] Make ML-KEM optional

---
 boring/Cargo.toml | 3 +++
 boring/src/lib.rs | 1 +
 2 files changed, 4 insertions(+)

diff --git a/boring/Cargo.toml b/boring/Cargo.toml
index b9605ff13..cdf9d5f68 100644
--- a/boring/Cargo.toml
+++ b/boring/Cargo.toml
@@ -29,6 +29,9 @@ legacy-compat-deprecated = []
 # PQ is always enabled. This feature is a no-op, only for backwards compatibility.
 pq-experimental = []
 
+# Interface for ML-KEM (FIPS 203) post-quantum key encapsulation. Does not affect ciphers used in TLS.
+mlkem = []
+
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 # This feature is necessary in order to compile the bindings for the
 # default branch of boringSSL. Alternatively, a version of boringSSL that
diff --git a/boring/src/lib.rs b/boring/src/lib.rs
index d1d87e595..98c4f34e2 100644
--- a/boring/src/lib.rs
+++ b/boring/src/lib.rs
@@ -137,6 +137,7 @@ pub mod hash;
 pub mod hmac;
 pub mod hpke;
 pub mod memcmp;
+#[cfg(feature = "mlkem")]
 pub mod mlkem;
 pub mod nid;
 pub mod pkcs12;

From 5ef90df67483da3c5d2580dc6c5f0015f2b7fe35 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 10 Feb 2026 19:13:54 +0000
Subject: [PATCH 2/2] Don't always require all headers from all versions of
 BoringSSL

---
 boring-sys/build/main.rs | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs
index abb733bed..bab757f7d 100644
--- a/boring-sys/build/main.rs
+++ b/boring-sys/build/main.rs
@@ -741,12 +741,13 @@ fn generate_bindings(config: &Config) {
     ];
     for header in &headers {
         let header_path = include_path.join("openssl").join(header);
-        assert!(
-            header_path.exists(),
-            "{} is missing. Is {} correct? run `cargo clean`",
-            header_path.display(),
-            include_path.display()
-        );
+        if !header_path.exists() {
+            println!(
+                "cargo::warning={} is missing. Is {} correct?",
+                header_path.display(),
+                include_path.display()
+            );
+        }
         builder = builder.header(header_path.to_str().unwrap());
     }