diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 588296d490..b25057dd69 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,6 +72,8 @@ jobs: restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile + - run: | + cargo update -p cc --precise 1.0.94 - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache @@ -150,9 +152,11 @@ jobs: - false library: - name: boringssl - version: e6489902b7fb692875341b8ab5e57f0515f47bc1 + version: 2db0eb3f96a5756298dcd7f9319e56a98585bd10 - name: openssl version: vendored + - name: openssl + version: 3.3.0 - name: openssl version: 3.2.0 dl-path: / @@ -183,7 +187,12 @@ jobs: bindgen: true library: name: libressl - version: 3.8.2 + version: 3.8.3 + - target: x86_64-unknown-linux-gnu + bindgen: true + library: + name: libressl + version: 3.9.1 - target: x86_64-unknown-linux-gnu bindgen: false library: @@ -198,7 +207,12 @@ jobs: bindgen: false library: name: libressl - version: 3.8.2 + version: 3.8.3 + - target: x86_64-unknown-linux-gnu + bindgen: false + library: + name: libressl + version: 3.9.1 name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }} runs-on: ubuntu-latest env: @@ -263,7 +277,7 @@ jobs: ;; "i686-unknown-linux-gnu") OS_COMPILER=linux-elf - OS_FLAGS=-m32 + OS_FLAGS="-m32 -msse2" ;; "arm-unknown-linux-gnueabihf") OS_COMPILER=linux-armv4 diff --git a/openssl-errors/build.rs b/openssl-errors/build.rs index 5ecd7bae79..bef4b990a0 100644 --- a/openssl-errors/build.rs +++ b/openssl-errors/build.rs @@ -3,6 +3,8 @@ use std::env; fn main() { + println!("cargo:rustc-check-cfg=cfg(ossl300)"); + if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { let version = u64::from_str_radix(&version, 16).unwrap(); diff --git a/openssl-macros/Cargo.toml b/openssl-macros/Cargo.toml index 7f0c1c7e44..90abfdfa2a 100644 --- a/openssl-macros/Cargo.toml +++ b/openssl-macros/Cargo.toml @@ -4,6 +4,7 @@ version = "0.1.1" edition = "2018" license = "MIT OR Apache-2.0" description = "Internal macros used by the openssl crate." +repository = "https://github.com/sfackler/rust-openssl" [lib] proc-macro = true diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md index 0dcc2e561b..37f35e0a66 100644 --- a/openssl-sys/CHANGELOG.md +++ b/openssl-sys/CHANGELOG.md @@ -2,6 +2,26 @@ ## [Unreleased] +## [v0.9.103] - 2024-07-20 + +### Added + +* Added several functions and constants for datagram `BIO`s. +* Added `EVP_PKEY_set1_DSA`, `EVP_PKEY_set1_DH`, and `EVP_PKEY_set1_EC_KEY`. +* Added several functions related to QUIC support. + +## [v0.9.102] - 2024-03-28 + +### Added + +* Added support for LibreSSL 3.9.x. + +## [v0.9.101] - 2024-02-21 + +### Fixed + +* Fixed a bug where, when building with the `vendored` feature, this crate always needed to be rebuilt. + ## [v0.9.100] - 2024-02-19 ### Added @@ -587,7 +607,10 @@ Fixed builds against OpenSSL built with `no-cast`. * Added `X509_verify` and `X509_REQ_verify`. * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100..master +[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103..master +[v0.9.103]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.102...openssl-sys-v0.9.103 +[v0.9.102]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.101...openssl-sys-v0.9.102 +[v0.9.101]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101 [v0.9.100]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99...openssl-sys-v0.9.100 [v0.9.99]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99 [v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98 diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 02513d1adb..131ebe684e 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "openssl-sys" -version = "0.9.100" +version = "0.9.103" authors = [ "Alex Crichton ", "Steven Fackler ", @@ -25,7 +25,7 @@ bssl-sys = { version = "0.1.0", optional = true } [build-dependencies] bindgen = { version = "0.65.0", optional = true, features = ["experimental"] } cc = "1.0.61" -openssl-src = { version = "300.1.2", optional = true, features = ["legacy"] } +openssl-src = { version = "300.2.0", optional = true, features = ["legacy"] } pkg-config = "0.3.9" vcpkg = "0.2.8" diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs index 91cb734c34..bbd3be59f3 100644 --- a/openssl-sys/build/cfgs.rs +++ b/openssl-sys/build/cfgs.rs @@ -65,9 +65,15 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& if libressl_version >= 0x3_09_00_00_0 { cfgs.push("libressl390"); } + if libressl_version >= 0x4_00_00_00_0 { + cfgs.push("libressl400"); + } } else { let openssl_version = openssl_version.unwrap(); + if openssl_version >= 0x3_03_00_00_0 { + cfgs.push("ossl330"); + } if openssl_version >= 0x3_02_00_00_0 { cfgs.push("ossl320"); } diff --git a/openssl-sys/build/find_normal.rs b/openssl-sys/build/find_normal.rs index ce278f5c76..1e910a0eee 100644 --- a/openssl-sys/build/find_normal.rs +++ b/openssl-sys/build/find_normal.rs @@ -165,7 +165,7 @@ installing `pkg-config`. It looks like you're compiling for MinGW but you may not have either OpenSSL or pkg-config installed. You can install these two dependencies with: -pacman -S openssl-devel pkg-config +pacman -S openssl-devel pkgconf and try building this crate again. diff --git a/openssl-sys/build/find_vendored.rs b/openssl-sys/build/find_vendored.rs index c92b2bd39b..fd21ed6267 100644 --- a/openssl-sys/build/find_vendored.rs +++ b/openssl-sys/build/find_vendored.rs @@ -1,8 +1,17 @@ use openssl_src; use std::path::PathBuf; +use super::env; + pub fn get_openssl(_target: &str) -> (Vec, PathBuf) { - let artifacts = openssl_src::Build::new().build(); + let openssl_config_dir = env("OPENSSL_CONFIG_DIR"); + + let mut openssl_src_build = openssl_src::Build::new(); + if let Some(value) = openssl_config_dir { + openssl_src_build.openssl_dir(PathBuf::from(value)); + } + + let artifacts = openssl_src_build.build(); println!("cargo:vendored=1"); println!( "cargo:root={}", diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 0ab823cdb3..98d6926fcb 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -74,13 +74,66 @@ fn check_ssl_kind() { } fn main() { + println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\"))"); + + println!("cargo:rustc-check-cfg=cfg(openssl)"); + println!("cargo:rustc-check-cfg=cfg(libressl)"); + println!("cargo:rustc-check-cfg=cfg(boringssl)"); + + println!("cargo:rustc-check-cfg=cfg(libressl250)"); + println!("cargo:rustc-check-cfg=cfg(libressl251)"); + println!("cargo:rustc-check-cfg=cfg(libressl252)"); + println!("cargo:rustc-check-cfg=cfg(libressl261)"); + println!("cargo:rustc-check-cfg=cfg(libressl270)"); + println!("cargo:rustc-check-cfg=cfg(libressl271)"); + println!("cargo:rustc-check-cfg=cfg(libressl273)"); + println!("cargo:rustc-check-cfg=cfg(libressl280)"); + println!("cargo:rustc-check-cfg=cfg(libressl281)"); + println!("cargo:rustc-check-cfg=cfg(libressl291)"); + println!("cargo:rustc-check-cfg=cfg(libressl310)"); + println!("cargo:rustc-check-cfg=cfg(libressl321)"); + println!("cargo:rustc-check-cfg=cfg(libressl332)"); + println!("cargo:rustc-check-cfg=cfg(libressl340)"); + println!("cargo:rustc-check-cfg=cfg(libressl350)"); + println!("cargo:rustc-check-cfg=cfg(libressl360)"); + println!("cargo:rustc-check-cfg=cfg(libressl361)"); + println!("cargo:rustc-check-cfg=cfg(libressl370)"); + println!("cargo:rustc-check-cfg=cfg(libressl380)"); + println!("cargo:rustc-check-cfg=cfg(libressl381)"); + println!("cargo:rustc-check-cfg=cfg(libressl382)"); + println!("cargo:rustc-check-cfg=cfg(libressl390)"); + println!("cargo:rustc-check-cfg=cfg(libressl400)"); + + println!("cargo:rustc-check-cfg=cfg(ossl101)"); + println!("cargo:rustc-check-cfg=cfg(ossl102)"); + println!("cargo:rustc-check-cfg=cfg(ossl102f)"); + println!("cargo:rustc-check-cfg=cfg(ossl102h)"); + println!("cargo:rustc-check-cfg=cfg(ossl110)"); + println!("cargo:rustc-check-cfg=cfg(ossl110f)"); + println!("cargo:rustc-check-cfg=cfg(ossl110g)"); + println!("cargo:rustc-check-cfg=cfg(ossl110h)"); + println!("cargo:rustc-check-cfg=cfg(ossl111)"); + println!("cargo:rustc-check-cfg=cfg(ossl111b)"); + println!("cargo:rustc-check-cfg=cfg(ossl111c)"); + println!("cargo:rustc-check-cfg=cfg(ossl111d)"); + println!("cargo:rustc-check-cfg=cfg(ossl300)"); + println!("cargo:rustc-check-cfg=cfg(ossl310)"); + println!("cargo:rustc-check-cfg=cfg(ossl320)"); + println!("cargo:rustc-check-cfg=cfg(ossl330)"); + check_ssl_kind(); let target = env::var("TARGET").unwrap(); let (lib_dirs, include_dir) = find_openssl(&target); - if let Some(printable_include) = include_dir.join("openssl").to_str() { - println!("cargo:rerun-if-changed={}", printable_include); + // rerun-if-changed causes openssl-sys to rebuild if the openssl include + // dir has changed since the last build. However, this causes a rebuild + // every time when vendoring so we disable it. + let potential_path = include_dir.join("openssl"); + if potential_path.exists() && !cfg!(feature = "vendored") { + if let Some(printable_include) = potential_path.to_str() { + println!("cargo:rerun-if-changed={}", printable_include); + } } if !lib_dirs.iter().all(|p| p.exists()) { @@ -126,6 +179,34 @@ fn main() { println!("cargo:rustc-link-lib={}={}", kind, lib); } + // libssl in BoringSSL requires the C++ runtime, and static libraries do + // not carry dependency information. On unix-like platforms, the C++ + // runtime and standard library are typically picked up by default via the + // C++ compiler, which has a platform-specific default. (See implementations + // of `GetDefaultCXXStdlibType` in Clang.) Builds may also choose to + // override this and specify their own with `-nostdinc++` and `-nostdlib++` + // flags. Some compilers also provide options like `-stdlib=libc++`. + // + // Typically, such information is carried all the way up the build graph, + // but Cargo is not an integrated cross-language build system, so it cannot + // safely handle any of these situations. As a result, we need to make + // guesses. Getting this wrong may result in symbol conflicts and memory + // errors, but this unsafety is inherent to driving builds with + // externally-built libraries using Cargo. + // + // For now, we guess that the build was made with the defaults. This too is + // difficult because Rust does not expose this information from Clang, but + // try to match the behavior for common platforms. For a more robust option, + // this likely needs to be deferred to the caller with an environment + // variable. + if version == Version::Boringssl && kind == "static" && env::var("CARGO_CFG_UNIX").is_ok() { + let cpp_lib = match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() { + "macos" => "c++", + _ => "stdc++", + }; + println!("cargo:rustc-link-lib={}", cpp_lib); + } + // https://github.com/openssl/openssl/pull/15086 if version == Version::Openssl3xx && kind == "static" @@ -191,13 +272,13 @@ pointing to your OpenSSL installation or installing OpenSSL headers package specific to your distribution: # On Ubuntu - sudo apt-get install libssl-dev + sudo apt-get install pkg-config libssl-dev # On Arch Linux - sudo pacman -S openssl + sudo pacman -S pkgconf openssl # On Fedora - sudo dnf install openssl-devel + sudo dnf install pkgconf perl-FindBin perl-IPC-Cmd openssl-devel # On Alpine Linux - apk add openssl-dev + apk add pkgconf openssl-dev See rust-openssl documentation for more information: @@ -296,6 +377,8 @@ See rust-openssl documentation for more information: (3, 8, 0) => ('3', '8', '0'), (3, 8, 1) => ('3', '8', '1'), (3, 8, _) => ('3', '8', 'x'), + (3, 9, 0) => ('3', '9', '0'), + (3, 9, _) => ('3', '9', 'x'), _ => version_error(), }; @@ -338,7 +421,7 @@ fn version_error() -> ! { " This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5 -through 3.8.1, but a different version of OpenSSL was found. The build is now aborting +through 3.9.x, but a different version of OpenSSL was found. The build is now aborting due to this version mismatch. " diff --git a/openssl-sys/build/run_bindgen.rs b/openssl-sys/build/run_bindgen.rs index 5e62237f35..ffaecdc81b 100644 --- a/openssl-sys/build/run_bindgen.rs +++ b/openssl-sys/build/run_bindgen.rs @@ -56,6 +56,10 @@ const INCLUDES: &str = " #include #endif +#if OPENSSL_VERSION_NUMBER >= 0x30200000 +#include +#endif + #if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) #include #endif @@ -70,8 +74,9 @@ pub fn run(include_dirs: &[PathBuf]) { .rust_target(RustTarget::Stable_1_47) .ctypes_prefix("::libc") .raw_line("use libc::*;") + .raw_line("#[cfg(windows)] use std::os::windows::raw::HANDLE;") .raw_line("type evp_pkey_st = EVP_PKEY;") - .allowlist_file(".*/openssl/[^/]+\\.h") + .allowlist_file(".*[/\\\\]openssl/[^/\\\\]+\\.h") .allowlist_recursively(false) // libc is missing pthread_once_t on macOS .blocklist_type("CRYPTO_ONCE") @@ -85,6 +90,8 @@ pub fn run(include_dirs: &[PathBuf]) { .blocklist_type("OSSL_FUNC_core_vset_error_fn") .blocklist_type("OSSL_FUNC_BIO_vprintf_fn") .blocklist_type("OSSL_FUNC_BIO_vsnprintf_fn") + // struct hostent * does not exist on Windows + .blocklist_function("BIO_gethostbyname") // Maintain compatibility for existing enum definitions .rustified_enum("point_conversion_form_t") // Maintain compatibility for pre-union definitions @@ -205,6 +212,7 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) { .compile("boring_static_wrapper"); } +#[cfg(feature = "bindgen")] #[derive(Debug)] struct OpensslCallbacks; diff --git a/openssl-sys/src/bio.rs b/openssl-sys/src/bio.rs index ea6053b592..f6ec71d3b1 100644 --- a/openssl-sys/src/bio.rs +++ b/openssl-sys/src/bio.rs @@ -70,3 +70,47 @@ extern "C" { destroy: unsafe extern "C" fn(*mut BIO) -> c_int, ) -> c_int; } + +cfg_if! { + if #[cfg(ossl320)] { + use std::ptr; + + pub const BIO_CTRL_DGRAM_GET_MTU: c_int = 41; + pub const BIO_CTRL_DGRAM_SET_MTU: c_int = 42; + pub const BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: c_int = 82; + pub const BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: c_int = 83; + pub const BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: c_int = 84; + pub const BIO_CTRL_DGRAM_GET_CAPS: c_int = 86; + pub const BIO_CTRL_DGRAM_SET_CAPS: c_int = 87; + pub const BIO_CTRL_DGRAM_GET_NO_TRUNC: c_int = 88; + pub const BIO_CTRL_DGRAM_SET_NO_TRUNC: c_int = 89; + + pub unsafe fn BIO_dgram_get_no_trunc(bio: *mut BIO) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, ptr::null_mut()) as c_int + } + pub unsafe fn BIO_dgram_set_no_trunc(bio: *mut BIO, enable: c_int) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_NO_TRUNC, enable as c_long, ptr::null_mut()) as c_int + } + pub unsafe fn BIO_dgram_get_cap(bio: *mut BIO) -> u32 { + BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_CAPS, 0, ptr::null_mut()) as u32 + } + pub unsafe fn BIO_dgram_set_cap(bio: *mut BIO, cap: u32) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CAPS, cap as c_long, ptr::null_mut()) as c_int + } + pub unsafe fn BIO_dgram_get_local_addr_cap(bio: *mut BIO) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, ptr::null_mut()) as c_int + } + pub unsafe fn BIO_dgram_get_local_addr_enable(bio: *mut BIO, enable: *mut c_int) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, enable as *mut c_void) as c_int + } + pub unsafe fn BIO_dgram_set_local_addr_enable(bio: *mut BIO, enable: c_int) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, enable as c_long, ptr::null_mut()) as c_int + } + pub unsafe fn BIO_dgram_get_mtu(bio: *mut BIO) -> c_uint { + BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_MTU, 0, ptr::null_mut()) as c_uint + } + pub unsafe fn BIO_dgram_set_mtu(bio: *mut BIO, mtu: c_uint) -> c_int { + BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_MTU, mtu as c_long, ptr::null_mut()) as c_int + } + } +} diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index 4a6a2775e4..a2c0f0fb92 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -9,8 +9,8 @@ pub const ERR_LIB_ASN1: c_int = 13; cfg_if! { if #[cfg(ossl300)] { - pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1; - pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong; + pub const ERR_SYSTEM_FLAG: c_ulong = c_int::MAX as c_ulong + 1; + pub const ERR_SYSTEM_MASK: c_ulong = c_int::MAX as c_ulong; pub const ERR_LIB_OFFSET: c_ulong = 23; pub const ERR_LIB_MASK: c_ulong = 0xff; diff --git a/openssl-sys/src/handwritten/bio.rs b/openssl-sys/src/handwritten/bio.rs index 5f65ec5e5c..9461d71be3 100644 --- a/openssl-sys/src/handwritten/bio.rs +++ b/openssl-sys/src/handwritten/bio.rs @@ -106,3 +106,60 @@ extern "C" { destroy: Option c_int>, ) -> c_int; } + +#[cfg(ossl320)] +extern "C" { + pub fn BIO_meth_set_sendmmsg( + biom: *mut BIO_METHOD, + f: Option< + unsafe extern "C" fn( + arg1: *mut BIO, + arg2: *mut BIO_MSG, + arg3: usize, + arg4: usize, + arg5: u64, + arg6: *mut usize, + ) -> c_int, + >, + ) -> c_int; + pub fn BIO_meth_set_recvmmsg( + biom: *mut BIO_METHOD, + f: Option< + unsafe extern "C" fn( + arg1: *mut BIO, + arg2: *mut BIO_MSG, + arg3: usize, + arg4: usize, + arg5: u64, + arg6: *mut usize, + ) -> c_int, + >, + ) -> c_int; + pub fn BIO_new_bio_dgram_pair( + bio1: *mut *mut BIO, + writebuf1: usize, + bio2: *mut *mut BIO, + writebuf2: usize, + ) -> c_int; + pub fn BIO_s_dgram_pair() -> *const BIO_METHOD; + pub fn BIO_s_datagram() -> *const BIO_METHOD; + pub fn BIO_get_rpoll_descriptor(b: *mut BIO, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int; + pub fn BIO_get_wpoll_descriptor(b: *mut BIO, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int; + pub fn BIO_sendmmsg( + b: *mut BIO, + msg: *mut BIO_MSG, + stride: usize, + num_msg: usize, + flags: u64, + msgs_processed: *mut usize, + ) -> c_int; + pub fn BIO_recvmmsg( + b: *mut BIO, + msg: *mut BIO_MSG, + stride: usize, + num_msg: usize, + flags: u64, + msgs_processed: *mut usize, + ) -> c_int; + pub fn BIO_err_is_non_fatal(errcode: c_uint) -> c_int; +} diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index e9a7413c21..9e277453e2 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -470,8 +470,11 @@ extern "C" { pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int; pub fn EVP_PKEY_get1_RSA(k: *mut EVP_PKEY) -> *mut RSA; + pub fn EVP_PKEY_set1_DSA(k: *mut EVP_PKEY, k: *mut DSA) -> c_int; pub fn EVP_PKEY_get1_DSA(k: *mut EVP_PKEY) -> *mut DSA; + pub fn EVP_PKEY_set1_DH(k: *mut EVP_PKEY, k: *mut DH) -> c_int; pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH; + pub fn EVP_PKEY_set1_EC_KEY(k: *mut EVP_PKEY, k: *mut EC_KEY) -> c_int; pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY; pub fn EVP_PKEY_new() -> *mut EVP_PKEY; diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs index cdcdea5881..b86a54cbed 100644 --- a/openssl-sys/src/handwritten/ssl.rs +++ b/openssl-sys/src/handwritten/ssl.rs @@ -951,3 +951,59 @@ extern "C" { #[cfg(any(ossl110, libressl360))] pub fn SSL_get_security_level(s: *const SSL) -> c_int; } + +#[cfg(ossl320)] +extern "C" { + pub fn OSSL_QUIC_client_method() -> *const SSL_METHOD; + pub fn OSSL_QUIC_client_thread_method() -> *const SSL_METHOD; + pub fn SSL_get_event_timeout(s: *mut SSL, tv: *mut timeval, is_infinite: *mut c_int) -> c_int; + pub fn SSL_handle_events(s: *mut SSL) -> c_int; + pub fn SSL_get_blocking_mode(s: *mut SSL) -> c_int; + pub fn SSL_set_blocking_mode(s: *mut SSL, blocking: c_int) -> c_int; + pub fn SSL_get_rpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int; + pub fn SSL_get_wpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int; + pub fn SSL_net_read_desired(s: *mut SSL) -> c_int; + pub fn SSL_net_write_desired(s: *mut SSL) -> c_int; + pub fn SSL_set1_initial_peer_addr(s: *mut SSL, peer_addr: *const BIO_ADDR) -> c_int; + pub fn SSL_shutdown_ex( + ssl: *mut SSL, + flags: u64, + args: *const SSL_SHUTDOWN_EX_ARGS, + args_len: usize, + ) -> c_int; + pub fn SSL_stream_conclude(ssl: *mut SSL, flags: u64) -> c_int; + pub fn SSL_stream_reset( + ssl: *mut SSL, + args: *const SSL_STREAM_RESET_ARGS, + args_len: usize, + ) -> c_int; + pub fn SSL_get_stream_read_state(ssl: *mut SSL) -> c_int; + pub fn SSL_get_stream_write_state(ssl: *mut SSL) -> c_int; + pub fn SSL_get_conn_close_info( + ssl: *mut SSL, + info: *mut SSL_CONN_CLOSE_INFO, + info_len: usize, + ) -> c_int; + pub fn SSL_get0_connection(s: *mut SSL) -> *mut SSL; + pub fn SSL_is_connection(s: *mut SSL) -> c_int; + pub fn SSL_get_stream_type(s: *mut SSL) -> c_int; + pub fn SSL_get_stream_id(s: *mut SSL) -> u64; + pub fn SSL_new_stream(s: *mut SSL, flags: u64) -> *mut SSL; + pub fn SSL_accept_stream(s: *mut SSL, flags: u64) -> *mut SSL; + pub fn SSL_set_incoming_stream_policy(s: *mut SSL, policy: c_int, aec: u64) -> c_int; + pub fn SSL_get_accept_stream_queue_len(s: *mut SSL) -> usize; + pub fn SSL_set_default_stream_mode(s: *mut SSL, mode: u32) -> c_int; +} + +#[cfg(ossl330)] +extern "C" { + pub fn SSL_write_ex2( + s: *mut SSL, + buf: *const c_void, + num: usize, + flags: u64, + written: *mut usize, + ) -> c_int; + pub fn SSL_get_value_uint(s: *mut SSL, class_: u32, id: u32, v: *mut u64) -> c_int; + pub fn SSL_set_value_uint(s: *mut SSL, class_: u32, id: u32, v: u64) -> c_int; +} diff --git a/openssl-sys/src/handwritten/types.rs b/openssl-sys/src/handwritten/types.rs index 57c8113aa4..8c69c3efb3 100644 --- a/openssl-sys/src/handwritten/types.rs +++ b/openssl-sys/src/handwritten/types.rs @@ -52,6 +52,20 @@ cfg_if! { } } } +cfg_if! { + if #[cfg(ossl320)] { + pub enum BIO_ADDR {} + pub enum BIO_POLL_DESCRIPTOR {} + #[repr(C)] + pub struct BIO_MSG { + pub data: *mut c_void, + pub data_len: usize, + pub peer: *mut BIO_ADDR, + pub local: *mut BIO_ADDR, + pub flags: u64, + } + } +} cfg_if! { if #[cfg(any(ossl110, libressl350))] { pub enum BIGNUM {} @@ -1032,6 +1046,27 @@ cfg_if! { } } } +cfg_if! { + if #[cfg(ossl320)] { + #[repr(C)] + pub struct SSL_CONN_CLOSE_INFO { + pub error_code: u64, + pub frame_type: u64, + pub reason: *const ::libc::c_char, + pub reason_len: usize, + pub flags: u32, + } + #[repr(C)] + pub struct SSL_SHUTDOWN_EX_ARGS { + pub quic_error_code: u64, + pub quic_reason: *const c_char, + } + #[repr(C)] + pub struct SSL_STREAM_RESET_ARGS { + pub quic_error_code: u64, + } + } +} pub enum COMP_CTX {} diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs index 7642dcd3b9..0bb682764c 100644 --- a/openssl-sys/src/handwritten/x509.rs +++ b/openssl-sys/src/handwritten/x509.rs @@ -1,10 +1,16 @@ use super::super::*; use libc::*; -#[repr(C)] -pub struct X509_VAL { - pub notBefore: *mut ASN1_TIME, - pub notAfter: *mut ASN1_TIME, +cfg_if! { + if #[cfg(libressl400)] { + pub enum X509_VAL {} + } else { + #[repr(C)] + pub struct X509_VAL { + pub notBefore: *mut ASN1_TIME, + pub notAfter: *mut ASN1_TIME, + } + } } pub enum X509_NAME_ENTRY {} diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 52ea5b2135..38d2184b40 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -644,3 +644,73 @@ pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int { pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000; #[cfg(ossl111b)] pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000; + +cfg_if! { + if #[cfg(ossl330)] { + pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0; + pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1; + pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2; + pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3; + + pub const SSL_VALUE_NONE: c_uint = 0; + pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1; + pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2; + pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3; + pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4; + pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5; + pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6; + pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7; + pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8; + pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9; + + pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0; + pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1; + pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2; + + pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int { + SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value) + } + pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int { + SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value) + } + pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int { + SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value) + } + pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int { + SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value) + } + pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int { + SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value) + } + pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int { + SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value) + } + pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value) + } + pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value) + } + pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value) + } + pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value) + } + pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value) + } + pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int { + SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value) + } + pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value) + } + pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value) + } + pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int { + SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value) + } + } +} diff --git a/openssl-sys/src/tls1.rs b/openssl-sys/src/tls1.rs index 2cb08a91f3..7ff0b9df9b 100644 --- a/openssl-sys/src/tls1.rs +++ b/openssl-sys/src/tls1.rs @@ -74,7 +74,16 @@ pub unsafe fn SSL_CTX_set_tlsext_servername_callback__fixed_rust( ctx: *mut SSL_CTX, cb: Option c_int>, ) -> c_long { - SSL_CTX_callback_ctrl__fixed_rust(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, mem::transmute(cb)) + SSL_CTX_callback_ctrl__fixed_rust( + ctx, + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, + mem::transmute::< + std::option::Option< + unsafe extern "C" fn(*mut SSL, *mut c_int, *mut libc::c_void) -> i32, + >, + std::option::Option, + >(cb), + ) } pub const SSL_TLSEXT_ERR_OK: c_int = 0; @@ -90,7 +99,14 @@ pub unsafe fn SSL_CTX_set_tlsext_status_cb( ctx: *mut SSL_CTX, cb: Option c_int>, ) -> c_long { - SSL_CTX_callback_ctrl__fixed_rust(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, mem::transmute(cb)) + SSL_CTX_callback_ctrl__fixed_rust( + ctx, + SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, + mem::transmute::< + std::option::Option i32>, + std::option::Option, + >(cb), + ) } pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long { diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index 2f72808a82..d734fbbce6 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -2,6 +2,16 @@ ## [Unreleased] +## [v0.10.65] - 2024-07-20 + +### Fixed + +* Ensure we are initialized in `MessageDigest::from_nid`, `Md::from_nid`, `Md::fetch` + +### Changed + +* Expose `SslContextBuilder::set_keylog_callback` on BoringSSL + ## [v0.10.64] - 2024-02-19 ### Added @@ -892,7 +902,8 @@ Look at the [release tags] for information about older releases. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...master +[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.65...master +[v0.10.65]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65 [v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64 [v0.10.63]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 [v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index b852549160..bb94398288 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "openssl" -version = "0.10.64" +version = "0.10.65" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" @@ -30,7 +30,7 @@ libc = "0.2" once_cell = "1.5.2" openssl-macros = { version = "0.1.0", path = "../openssl-macros" } -ffi = { package = "openssl-sys", version = "0.9.100", path = "../openssl-sys" } +ffi = { package = "openssl-sys", version = "0.9.103", path = "../openssl-sys" } [dev-dependencies] hex = "0.3" diff --git a/openssl/build.rs b/openssl/build.rs index 7677abc086..58f5fb9aad 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -7,6 +7,43 @@ use std::env; fn main() { + println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\"))"); + + println!("cargo:rustc-check-cfg=cfg(libressl)"); + println!("cargo:rustc-check-cfg=cfg(boringssl)"); + + println!("cargo:rustc-check-cfg=cfg(libressl250)"); + println!("cargo:rustc-check-cfg=cfg(libressl251)"); + println!("cargo:rustc-check-cfg=cfg(libressl261)"); + println!("cargo:rustc-check-cfg=cfg(libressl270)"); + println!("cargo:rustc-check-cfg=cfg(libressl271)"); + println!("cargo:rustc-check-cfg=cfg(libressl273)"); + println!("cargo:rustc-check-cfg=cfg(libressl280)"); + println!("cargo:rustc-check-cfg=cfg(libressl291)"); + println!("cargo:rustc-check-cfg=cfg(libressl310)"); + println!("cargo:rustc-check-cfg=cfg(libressl321)"); + println!("cargo:rustc-check-cfg=cfg(libressl332)"); + println!("cargo:rustc-check-cfg=cfg(libressl340)"); + println!("cargo:rustc-check-cfg=cfg(libressl350)"); + println!("cargo:rustc-check-cfg=cfg(libressl360)"); + println!("cargo:rustc-check-cfg=cfg(libressl361)"); + println!("cargo:rustc-check-cfg=cfg(libressl370)"); + println!("cargo:rustc-check-cfg=cfg(libressl380)"); + println!("cargo:rustc-check-cfg=cfg(libressl382)"); + println!("cargo:rustc-check-cfg=cfg(libressl390)"); + + println!("cargo:rustc-check-cfg=cfg(ossl101)"); + println!("cargo:rustc-check-cfg=cfg(ossl102)"); + println!("cargo:rustc-check-cfg=cfg(ossl110)"); + println!("cargo:rustc-check-cfg=cfg(ossl110g)"); + println!("cargo:rustc-check-cfg=cfg(ossl110h)"); + println!("cargo:rustc-check-cfg=cfg(ossl111)"); + println!("cargo:rustc-check-cfg=cfg(ossl111d)"); + println!("cargo:rustc-check-cfg=cfg(ossl300)"); + println!("cargo:rustc-check-cfg=cfg(ossl310)"); + println!("cargo:rustc-check-cfg=cfg(ossl320)"); + println!("cargo:rustc-check-cfg=cfg(ossl330)"); + if env::var("DEP_OPENSSL_LIBRESSL").is_ok() { println!("cargo:rustc-cfg=libressl"); } @@ -104,6 +141,9 @@ fn main() { if version >= 0x1_01_01_00_0 { println!("cargo:rustc-cfg=ossl111"); } + if version >= 0x1_01_01_04_0 { + println!("cargo:rustc-cfg=ossl111d"); + } if version >= 0x3_00_00_00_0 { println!("cargo:rustc-cfg=ossl300"); } @@ -113,5 +153,8 @@ fn main() { if version >= 0x3_02_00_00_0 { println!("cargo:rustc-cfg=ossl320"); } + if version >= 0x3_03_00_00_0 { + println!("cargo:rustc-cfg=ossl330"); + } } } diff --git a/openssl/src/aes.rs b/openssl/src/aes.rs index cbc4999bb8..cd1f3ed117 100644 --- a/openssl/src/aes.rs +++ b/openssl/src/aes.rs @@ -95,7 +95,7 @@ impl AesKey { #[corresponds(AES_set_encrypt_key)] pub fn new_encrypt(key: &[u8]) -> Result { unsafe { - assert!(key.len() <= c_int::max_value() as usize / 8); + assert!(key.len() <= c_int::MAX as usize / 8); let mut aes_key = MaybeUninit::uninit(); let r = ffi::AES_set_encrypt_key( @@ -119,7 +119,7 @@ impl AesKey { #[corresponds(AES_set_decrypt_key)] pub fn new_decrypt(key: &[u8]) -> Result { unsafe { - assert!(key.len() <= c_int::max_value() as usize / 8); + assert!(key.len() <= c_int::MAX as usize / 8); let mut aes_key = MaybeUninit::uninit(); let r = ffi::AES_set_decrypt_key( diff --git a/openssl/src/base64.rs b/openssl/src/base64.rs index bfa8cbcf8d..5ac3547355 100644 --- a/openssl/src/base64.rs +++ b/openssl/src/base64.rs @@ -11,7 +11,7 @@ use openssl_macros::corresponds; /// Panics if the input length or computed output length overflow a signed C integer. #[corresponds(EVP_EncodeBlock)] pub fn encode_block(src: &[u8]) -> String { - assert!(src.len() <= c_int::max_value() as usize); + assert!(src.len() <= c_int::MAX as usize); let src_len = src.len() as LenType; let len = encoded_len(src_len).unwrap(); @@ -42,7 +42,7 @@ pub fn decode_block(src: &str) -> Result, ErrorStack> { return Ok(vec![]); } - assert!(src.len() <= c_int::max_value() as usize); + assert!(src.len() <= c_int::MAX as usize); let src_len = src.len() as LenType; let len = decoded_len(src_len).unwrap(); diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs index 0f54935a6b..96a63d19c4 100644 --- a/openssl/src/bio.rs +++ b/openssl/src/bio.rs @@ -21,7 +21,7 @@ impl<'a> MemBioSlice<'a> { pub fn new(buf: &'a [u8]) -> Result, ErrorStack> { ffi::init(); - assert!(buf.len() <= c_int::max_value() as usize); + assert!(buf.len() <= c_int::MAX as usize); let bio = unsafe { cvt_p(BIO_new_mem_buf( buf.as_ptr() as *const _, diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index 1ae450bb75..ba784aab1a 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -187,7 +187,7 @@ impl BigNumRef { pub fn div_word(&mut self, w: u32) -> Result { unsafe { let r = ffi::BN_div_word(self.as_ptr(), w.into()); - if r == ffi::BN_ULONG::max_value() { + if r == ffi::BN_ULONG::MAX { Err(ErrorStack::get()) } else { Ok(r.into()) @@ -201,7 +201,7 @@ impl BigNumRef { pub fn mod_word(&self, w: u32) -> Result { unsafe { let r = ffi::BN_mod_word(self.as_ptr(), w.into()); - if r == ffi::BN_ULONG::max_value() { + if r == ffi::BN_ULONG::MAX { Err(ErrorStack::get()) } else { Ok(r.into()) @@ -1108,7 +1108,7 @@ impl BigNum { pub fn from_slice(n: &[u8]) -> Result { unsafe { ffi::init(); - assert!(n.len() <= LenType::max_value() as usize); + assert!(n.len() <= LenType::MAX as usize); cvt_p(ffi::BN_bin2bn( n.as_ptr(), @@ -1136,7 +1136,7 @@ impl BigNum { #[corresponds(BN_bin2bn)] pub fn copy_from_slice(&mut self, n: &[u8]) -> Result<(), ErrorStack> { unsafe { - assert!(n.len() <= LenType::max_value() as usize); + assert!(n.len() <= LenType::MAX as usize); cvt_p(ffi::BN_bin2bn(n.as_ptr(), n.len() as LenType, self.0))?; Ok(()) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 3dc17c68dd..26c6ddd5fb 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -32,7 +32,7 @@ impl EcdsaSig { T: HasPrivate, { unsafe { - assert!(data.len() <= c_int::max_value() as usize); + assert!(data.len() <= c_int::MAX as usize); let sig = cvt_p(ffi::ECDSA_do_sign( data.as_ptr(), data.len() as LenType, @@ -77,7 +77,7 @@ impl EcdsaSigRef { T: HasPublic, { unsafe { - assert!(data.len() <= c_int::max_value() as usize); + assert!(data.len() <= c_int::MAX as usize); cvt_n(ffi::ECDSA_do_verify( data.as_ptr(), data.len() as LenType, diff --git a/openssl/src/envelope.rs b/openssl/src/envelope.rs index 25055ac4d9..f6ebc722f4 100644 --- a/openssl/src/envelope.rs +++ b/openssl/src/envelope.rs @@ -75,7 +75,7 @@ impl Seal { /// /// Panics if `output.len() < input.len() + block_size` where `block_size` is /// the block size of the cipher (see `Cipher::block_size`), or if - /// `output.len() > c_int::max_value()`. + /// `output.len() > c_int::MAX`. pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result { self.ctx.cipher_update(input, Some(output)) } @@ -130,7 +130,7 @@ impl Open { /// /// Panics if `output.len() < input.len() + block_size` where /// `block_size` is the block size of the cipher (see `Cipher::block_size`), - /// or if `output.len() > c_int::max_value()`. + /// or if `output.len() > c_int::MAX`. pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result { self.ctx.cipher_update(input, Some(output)) } diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index 01d7097b09..f2f2698f3e 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -70,6 +70,7 @@ impl MessageDigest { /// /// [`EVP_get_digestbynid`]: https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html pub fn from_nid(type_: Nid) -> Option { + ffi::init(); unsafe { let ptr = ffi::EVP_get_digestbynid(type_.as_raw()); if ptr.is_null() { diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index a73dbea4cb..555eda9720 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -19,8 +19,9 @@ //! openssl = { version = "0.10", features = ["vendored"] } //! ``` //! -//! The vendored copy will not be configured to automatically find the system's root certificates, but the -//! `openssl-probe` crate can be used to do that instead. +//! The vendored copy will be configured to automatically find a configuration and root certificates at `/usr/local/ssl`. +//! This path can be overridden with an environment variable (see the manual section below). +//! Alternatively, the `openssl-probe` crate can be used to find root certificates at runtime. //! //! ## Automatic //! @@ -38,16 +39,16 @@ //! $ sudo pkgin install openssl //! //! # Arch Linux -//! $ sudo pacman -S pkg-config openssl +//! $ sudo pacman -S pkgconf openssl //! //! # Debian and Ubuntu //! $ sudo apt-get install pkg-config libssl-dev //! //! # Fedora -//! $ sudo dnf install pkg-config perl-FindBin openssl-devel +//! $ sudo dnf install pkgconf perl-FindBin perl-IPC-Cmd openssl-devel //! //! # Alpine Linux -//! $ apk add pkgconfig openssl-dev +//! $ apk add pkgconf openssl-dev //! //! # openSUSE //! $ sudo zypper in libopenssl-devel @@ -67,6 +68,12 @@ //! if nonstandard library names were used for whatever reason. //! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled. //! +//! If the `vendored` Cargo feature is enabled, the following environment variable can also be used to further configure +//! the OpenSSL build. +//! +//! * `OPENSSL_CONFIG_DIR` - If set, the copy of OpenSSL built by the `openssl-src` crate will be configured to look for +//! configuration files and root certificates in this directory. +//! //! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g. //! `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling. //! diff --git a/openssl/src/macros.rs b/openssl/src/macros.rs index 671a11b82d..69d1459737 100644 --- a/openssl/src/macros.rs +++ b/openssl/src/macros.rs @@ -59,7 +59,7 @@ macro_rules! private_key_to_pem { ) -> Result, crate::error::ErrorStack> { unsafe { let bio = crate::bio::MemBio::new()?; - assert!(passphrase.len() <= ::libc::c_int::max_value() as usize); + assert!(passphrase.len() <= ::libc::c_int::MAX as usize); cvt($f(bio.as_ptr(), self.as_ptr(), cipher.as_ptr(), @@ -109,7 +109,7 @@ macro_rules! from_der { use std::convert::TryInto; unsafe { ffi::init(); - let len = ::std::cmp::min(der.len(), ::libc::c_long::max_value() as usize) as ::libc::c_long; + let len = ::std::cmp::min(der.len(), ::libc::c_long::MAX as usize) as ::libc::c_long; crate::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len.try_into().unwrap())) .map(|p| ::foreign_types::ForeignType::from_ptr(p)) } diff --git a/openssl/src/md.rs b/openssl/src/md.rs index 08e4aacf3e..a9df311400 100644 --- a/openssl/src/md.rs +++ b/openssl/src/md.rs @@ -80,6 +80,7 @@ impl Md { /// Returns the `Md` corresponding to an [`Nid`]. #[corresponds(EVP_get_digestbynid)] pub fn from_nid(type_: Nid) -> Option<&'static MdRef> { + ffi::init(); unsafe { let ptr = ffi::EVP_get_digestbynid(type_.as_raw()); if ptr.is_null() { @@ -100,6 +101,7 @@ impl Md { algorithm: &str, properties: Option<&str>, ) -> Result { + ffi::init(); let algorithm = CString::new(algorithm).unwrap(); let properties = properties.map(|s| CString::new(s).unwrap()); diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index afaae55a29..594b5fc4d8 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -38,7 +38,7 @@ pub fn bytes_to_key( count: i32, ) -> Result { unsafe { - assert!(data.len() <= c_int::max_value() as usize); + assert!(data.len() <= c_int::MAX as usize); let salt_ptr = match salt { Some(salt) => { assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index 7892e65cb1..f2cedd271c 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -60,6 +60,7 @@ use openssl_macros::corresponds; use std::convert::{TryFrom, TryInto}; use std::ffi::CString; use std::fmt; +#[cfg(all(not(boringssl), ossl110))] use std::mem; use std::ptr; @@ -407,38 +408,37 @@ impl Clone for PKey { impl PKey { /// Creates a new `PKey` containing an RSA key. - #[corresponds(EVP_PKEY_assign_RSA)] + #[corresponds(EVP_PKEY_set1_RSA)] pub fn from_rsa(rsa: Rsa) -> Result, ErrorStack> { + // TODO: Next time we make backwards incompatible changes, this could + // become an `&RsaRef`. Same for all the other `from_*` methods. unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; let pkey = PKey::from_ptr(evp); - cvt(ffi::EVP_PKEY_assign_RSA(pkey.0, rsa.as_ptr()))?; - mem::forget(rsa); + cvt(ffi::EVP_PKEY_set1_RSA(pkey.0, rsa.as_ptr()))?; Ok(pkey) } } /// Creates a new `PKey` containing a DSA key. - #[corresponds(EVP_PKEY_assign_DSA)] + #[corresponds(EVP_PKEY_set1_DSA)] pub fn from_dsa(dsa: Dsa) -> Result, ErrorStack> { unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; let pkey = PKey::from_ptr(evp); - cvt(ffi::EVP_PKEY_assign_DSA(pkey.0, dsa.as_ptr()))?; - mem::forget(dsa); + cvt(ffi::EVP_PKEY_set1_DSA(pkey.0, dsa.as_ptr()))?; Ok(pkey) } } /// Creates a new `PKey` containing a Diffie-Hellman key. - #[corresponds(EVP_PKEY_assign_DH)] + #[corresponds(EVP_PKEY_set1_DH)] #[cfg(not(boringssl))] pub fn from_dh(dh: Dh) -> Result, ErrorStack> { unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; let pkey = PKey::from_ptr(evp); - cvt(ffi::EVP_PKEY_assign_DH(pkey.0, dh.as_ptr()))?; - mem::forget(dh); + cvt(ffi::EVP_PKEY_set1_DH(pkey.0, dh.as_ptr()))?; Ok(pkey) } } @@ -460,13 +460,12 @@ impl PKey { } /// Creates a new `PKey` containing an elliptic curve key. - #[corresponds(EVP_PKEY_assign_EC_KEY)] + #[corresponds(EVP_PKEY_set1_EC_KEY)] pub fn from_ec_key(ec_key: EcKey) -> Result, ErrorStack> { unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; let pkey = PKey::from_ptr(evp); - cvt(ffi::EVP_PKEY_assign_EC_KEY(pkey.0, ec_key.as_ptr()))?; - mem::forget(ec_key); + cvt(ffi::EVP_PKEY_set1_EC_KEY(pkey.0, ec_key.as_ptr()))?; Ok(pkey) } } @@ -482,7 +481,7 @@ impl PKey { #[cfg(not(boringssl))] pub fn hmac(key: &[u8]) -> Result, ErrorStack> { unsafe { - assert!(key.len() <= c_int::max_value() as usize); + assert!(key.len() <= c_int::MAX as usize); let key = cvt_p(ffi::EVP_PKEY_new_mac_key( ffi::EVP_PKEY_HMAC, ptr::null_mut(), @@ -676,7 +675,7 @@ impl PKey { pub fn private_key_from_pkcs8(der: &[u8]) -> Result, ErrorStack> { unsafe { ffi::init(); - let len = der.len().min(c_long::max_value() as usize) as c_long; + let len = der.len().min(c_long::MAX as usize) as c_long; let p8inf = cvt_p(ffi::d2i_PKCS8_PRIV_KEY_INFO( ptr::null_mut(), &mut der.as_ptr(), diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs index ef0f7685cc..fe8423b99a 100644 --- a/openssl/src/rand.rs +++ b/openssl/src/rand.rs @@ -32,7 +32,7 @@ use openssl_macros::corresponds; pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { ffi::init(); - assert!(buf.len() <= c_int::max_value() as usize); + assert!(buf.len() <= c_int::MAX as usize); cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as LenType)).map(|_| ()) } } @@ -57,7 +57,7 @@ pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { pub fn rand_priv_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { ffi::init(); - assert!(buf.len() <= c_int::max_value() as usize); + assert!(buf.len() <= c_int::MAX as usize); cvt(ffi::RAND_priv_bytes(buf.as_mut_ptr(), buf.len() as LenType)).map(|_| ()) } } diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index f155b12dfe..9ef56942bf 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -129,7 +129,7 @@ where to: &mut [u8], padding: Padding, ) -> Result { - assert!(from.len() <= i32::max_value() as usize); + assert!(from.len() <= i32::MAX as usize); assert!(to.len() >= self.size() as usize); unsafe { @@ -157,7 +157,7 @@ where to: &mut [u8], padding: Padding, ) -> Result { - assert!(from.len() <= i32::max_value() as usize); + assert!(from.len() <= i32::MAX as usize); assert!(to.len() >= self.size() as usize); unsafe { @@ -301,7 +301,7 @@ where to: &mut [u8], padding: Padding, ) -> Result { - assert!(from.len() <= i32::max_value() as usize); + assert!(from.len() <= i32::MAX as usize); assert!(to.len() >= self.size() as usize); unsafe { @@ -328,7 +328,7 @@ where to: &mut [u8], padding: Padding, ) -> Result { - assert!(from.len() <= i32::max_value() as usize); + assert!(from.len() <= i32::MAX as usize); assert!(to.len() >= self.size() as usize); unsafe { diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index 36cea23fdc..a5561dc722 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -72,7 +72,7 @@ pub unsafe fn get_mut<'a, S: 'a>(bio: *mut BIO) -> &'a mut S { } pub unsafe fn set_dtls_mtu_size(bio: *mut BIO, mtu_size: usize) { - if mtu_size as u64 > c_long::max_value() as u64 { + if mtu_size as u64 > c_long::MAX as u64 { panic!( "Given MTU size {} can't be represented in a positive `c_long` range", mtu_size diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index c6414fb517..be8909ee4a 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -11,7 +11,7 @@ use std::ffi::CStr; use std::mem; use std::ptr; use std::slice; -#[cfg(ossl111)] +#[cfg(any(ossl111, boringssl))] use std::str; use std::sync::Arc; @@ -28,7 +28,7 @@ use crate::ssl::{ }; #[cfg(ossl111)] use crate::ssl::{ClientHelloResponse, ExtensionContext}; -#[cfg(ossl111)] +#[cfg(any(ossl111, boringssl))] use crate::util::ForeignTypeRefExt; #[cfg(ossl111)] use crate::x509::X509Ref; @@ -429,7 +429,7 @@ where } } -#[cfg(ossl111)] +#[cfg(any(ossl111, boringssl))] pub unsafe extern "C" fn raw_keylog(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 2ff9dac1fd..a540d41468 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -965,7 +965,7 @@ impl SslContextBuilder { #[corresponds(SSL_CTX_set_session_id_context)] pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack> { unsafe { - assert!(sid_ctx.len() <= c_uint::max_value() as usize); + assert!(sid_ctx.len() <= c_uint::MAX as usize); cvt(ffi::SSL_CTX_set_session_id_context( self.as_ptr(), sid_ctx.as_ptr(), @@ -1228,7 +1228,7 @@ impl SslContextBuilder { #[cfg(any(ossl102, libressl261, boringssl))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { - assert!(protocols.len() <= c_uint::max_value() as usize); + assert!(protocols.len() <= c_uint::MAX as usize); let r = ffi::SSL_CTX_set_alpn_protos( self.as_ptr(), protocols.as_ptr(), @@ -1470,7 +1470,7 @@ impl SslContextBuilder { /// /// Requires OpenSSL 1.1.1 or newer. #[corresponds(SSL_CTX_set_keylog_callback)] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn set_keylog_callback(&mut self, callback: F) where F: Fn(&SslRef, &str) + 'static + Sync + Send, @@ -2487,7 +2487,7 @@ impl SslRef { #[cfg(any(ossl102, libressl261, boringssl))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { - assert!(protocols.len() <= c_uint::max_value() as usize); + assert!(protocols.len() <= c_uint::MAX as usize); let r = ffi::SSL_set_alpn_protos(self.as_ptr(), protocols.as_ptr(), protocols.len() as _); // fun fact, SSL_set_alpn_protos has a reversed return code D: @@ -2938,7 +2938,7 @@ impl SslRef { #[cfg(not(boringssl))] pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { unsafe { - assert!(response.len() <= c_int::max_value() as usize); + assert!(response.len() <= c_int::MAX as usize); let p = cvt_p(ffi::OPENSSL_malloc(response.len() as _))?; ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len()); cvt(ffi::SSL_set_tlsext_status_ocsp_resp( @@ -3801,7 +3801,7 @@ impl SslStream { return Ok(0); } - let len = usize::min(c_int::max_value() as usize, buf.len()) as c_int; + let len = usize::min(c_int::MAX as usize, buf.len()) as c_int; let ret = unsafe { ffi::SSL_read(self.ssl().as_ptr(), buf.as_mut_ptr().cast(), len) }; @@ -3842,7 +3842,7 @@ impl SslStream { return Ok(0); } - let len = usize::min(c_int::max_value() as usize, buf.len()) as c_int; + let len = usize::min(c_int::MAX as usize, buf.len()) as c_int; let ret = unsafe { ffi::SSL_write(self.ssl().as_ptr(), buf.as_ptr().cast(), len) }; @@ -3880,7 +3880,7 @@ impl SslStream { return Ok(0); } - let len = usize::min(c_int::max_value() as usize, buf.len()) as c_int; + let len = usize::min(c_int::MAX as usize, buf.len()) as c_int; let ret = unsafe { ffi::SSL_peek(self.ssl().as_ptr(), buf.as_mut_ptr().cast(), len) }; diff --git a/openssl/src/stack.rs b/openssl/src/stack.rs index 416efd5ade..58acac61ad 100644 --- a/openssl/src/stack.rs +++ b/openssl/src/stack.rs @@ -14,7 +14,7 @@ use crate::util::ForeignTypeExt; use crate::{cvt, cvt_p, LenType}; cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, boringssl))] { use ffi::{ OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, OPENSSL_sk_new_null, OPENSSL_sk_push, diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index 0ff9d874e2..0aae69db4f 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -691,7 +691,7 @@ impl Crypter { /// Panics for block ciphers if `output.len() < input.len() + block_size`, /// where `block_size` is the block size of the cipher (see `Cipher::block_size`). /// - /// Panics if `output.len() > c_int::max_value()`. + /// Panics if `output.len() > c_int::MAX`. pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result { self.ctx.cipher_update(input, Some(output)) } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a64524cbea..05aec9a9c7 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1093,7 +1093,7 @@ impl X509NameBuilder { pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> { unsafe { let field = CString::new(field).unwrap(); - assert!(value.len() <= crate::SLenType::max_value() as usize); + assert!(value.len() <= crate::SLenType::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_txt( self.0.as_ptr(), field.as_ptr() as *mut _, @@ -1120,7 +1120,7 @@ impl X509NameBuilder { ) -> Result<(), ErrorStack> { unsafe { let field = CString::new(field).unwrap(); - assert!(value.len() <= crate::SLenType::max_value() as usize); + assert!(value.len() <= crate::SLenType::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_txt( self.0.as_ptr(), field.as_ptr() as *mut _, @@ -1141,7 +1141,7 @@ impl X509NameBuilder { /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> { unsafe { - assert!(value.len() <= crate::SLenType::max_value() as usize); + assert!(value.len() <= crate::SLenType::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_NID( self.0.as_ptr(), field.as_raw(), @@ -1167,7 +1167,7 @@ impl X509NameBuilder { ty: Asn1Type, ) -> Result<(), ErrorStack> { unsafe { - assert!(value.len() <= crate::SLenType::max_value() as usize); + assert!(value.len() <= crate::SLenType::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_NID( self.0.as_ptr(), field.as_raw(), diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index ae61a2ad34..25c2da0125 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -944,7 +944,7 @@ fn test_verify_param_set_depth_fails_verification() { store_bldr.add_cert(ca).unwrap(); let mut verify_params = X509VerifyParam::new().unwrap(); // OpenSSL 1.1.0+ considers the root certificate to not be part of the chain, while 1.0.2 and LibreSSL do - let expected_depth = if cfg!(any(ossl110)) { 0 } else { 1 }; + let expected_depth = if cfg!(any(ossl110, boringssl)) { 0 } else { 1 }; verify_params.set_depth(expected_depth); store_bldr.set_param(&verify_params).unwrap(); let store = store_bldr.build(); diff --git a/systest/build.rs b/systest/build.rs index 833e09fb5c..56230ada60 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -103,7 +103,7 @@ fn main() { && s.chars().next().unwrap().is_lowercase() { format!("struct {}", s) - } else if s.starts_with("stack_st_") { + } else if s.starts_with("stack_st_") || s == "timeval" { format!("struct {}", s) } else { s.to_string() pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy