Add support for OpenSSL 1.1.1

Author: ishitatsuyuki

.circleci/config.yml

@@ -89,6 +89,9 @@ macos_job: &MACOS_JOB
       cargo test --manifest-path=openssl/Cargo.toml --all-features
   - *SAVE_DEPS
 
+openssl_111: &OPENSSL_111
+  LIBRARY: openssl
+  VERSION: 1.1.1
 openssl_110: &OPENSSL_110
   LIBRARY: openssl
   VERSION: 1.1.0g
@@ -124,6 +127,10 @@ base: &BASE
 
 version: 2
 jobs:
+  x86_64-openssl-1.1.1:
+    <<: *JOB
+    environment:
+      <<: [*OPENSSL_111, *X86_64, *BASE]
   x86_64-openssl-1.1.0:
     <<: *JOB
     environment:
@@ -136,6 +143,10 @@ jobs:
     <<: *JOB
     environment:
       <<: [*OPENSSL_101, *X86_64, *BASE]
+  i686-openssl-1.1.1:
+    <<: *JOB
+    environment:
+      <<: [*OPENSSL_111, *I686, *BASE]
   i686-openssl-1.1.0:
     <<: *JOB
     environment:
@@ -148,6 +159,10 @@ jobs:
     <<: *JOB
     environment:
       <<: [*OPENSSL_101, *I686, *BASE]
+  armhf-openssl-1.1.1:
+    <<: *JOB
+    environment:
+      <<: [*OPENSSL_111, *ARMHF, *BASE]
   armhf-openssl-1.1.0:
     <<: *JOB
     environment:
@@ -174,12 +189,15 @@ workflows:
   version: 2
   tests:
     jobs:
+    - x86_64-openssl-1.1.1
     - x86_64-openssl-1.1.0
     - x86_64-openssl-1.0.2
     - x86_64-openssl-1.0.1
+    - i686-openssl-1.1.1
     - i686-openssl-1.1.0
     - i686-openssl-1.0.2
     - i686-openssl-1.0.1
+    - armhf-openssl-1.1.1
     - armhf-openssl-1.1.0
     - armhf-openssl-1.0.2
     - armhf-openssl-1.0.1

openssl/build.rs

@@ -12,6 +12,11 @@ fn main() {
         }
         Ok(ref v) if v == "110" => {
             println!("cargo:rustc-cfg=ossl110");
+            println!("cargo:rustc-cfg=ossl11x");
+        }
+        Ok(ref v) if v == "111" => {
+            println!("cargo:rustc-cfg=ossl111");
+            println!("cargo:rustc-cfg=ossl11x");
         }
         _ => panic!("Unable to detect OpenSSL version"),
     }

openssl/src/asn1.rs

@@ -288,7 +288,7 @@ impl fmt::Display for Asn1ObjectRef {
 #[cfg(any(ossl101, ossl102))]
 use ffi::ASN1_STRING_data;
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 #[allow(bad_style)]
 unsafe fn ASN1_STRING_data(s: *mut ffi::ASN1_STRING) -> *mut ::libc::c_uchar {
     ffi::ASN1_STRING_get0_data(s) as *mut _

openssl/src/bn.rs

@@ -47,7 +47,7 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
           get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144,
           get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192};
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536,
           BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
           BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192};
@@ -366,7 +366,7 @@ impl BigNumRef {
         unsafe { (*self.as_ptr()).neg == 1 }
     }
 
-    #[cfg(ossl110)]
+    #[cfg(ossl11x)]
     fn _is_negative(&self) -> bool {
         unsafe { ffi::BN_is_negative(self.as_ptr()) == 1 }
     }

openssl/src/dh.rs

@@ -40,7 +40,7 @@ impl Dh {
     from_der!(Dh, ffi::d2i_DHparams);
 
     /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn get_1024_160() -> Result<Dh, ErrorStack> {
         unsafe {
             ffi::init();
@@ -49,7 +49,7 @@ impl Dh {
     }
 
     /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn get_2048_224() -> Result<Dh, ErrorStack> {
         unsafe {
             ffi::init();
@@ -58,7 +58,7 @@ impl Dh {
     }
 
     /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn get_2048_256() -> Result<Dh, ErrorStack> {
         unsafe {
             ffi::init();
@@ -67,7 +67,7 @@ impl Dh {
     }
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 mod compat {
     pub use ffi::DH_set0_pqg;
 }
@@ -98,7 +98,7 @@ mod tests {
     use ssl::{SslMethod, SslContext};
 
     #[test]
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     fn test_dh_rfc5114() {
         let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
         let dh1 = Dh::get_1024_160().unwrap();

openssl/src/dsa.rs

@@ -189,7 +189,7 @@ impl fmt::Debug for Dsa {
     }
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 mod compat {
     use std::ptr;
     use ffi::{self, BIGNUM, DSA};

openssl/src/hash.rs

@@ -4,7 +4,7 @@ use std::ops::{Deref, DerefMut};
 use std::fmt;
 use ffi;
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
 #[cfg(any(ossl101, ossl102))]
 use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};

openssl/src/lib.rs

@@ -60,7 +60,7 @@ pub mod symm;
 pub mod types;
 pub mod version;
 pub mod x509;
-#[cfg(any(ossl102, ossl110))]
+#[cfg(any(ossl102, ossl11x))]
 mod verify;
 
 fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {

openssl/src/pkcs5.rs

@@ -108,7 +108,7 @@ pub fn pbkdf2_hmac(
 /// Derives a key from a password and salt using the scrypt algorithm.
 ///
 /// Requires the `v110` feature and OpenSSL 1.1.0.
-#[cfg(all(feature = "v110", ossl110))]
+#[cfg(all(feature = "v110", ossl11x))]
 pub fn scrypt(
     pass: &[u8],
     salt: &[u8],
@@ -546,7 +546,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(all(feature = "v110", ossl110))]
+    #[cfg(all(feature = "v110", ossl11x))]
     fn scrypt() {
         use hex::ToHex;
 

openssl/src/rsa.rs

@@ -362,7 +362,7 @@ impl fmt::Debug for Rsa {
     }
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 mod compat {
     use std::ptr;
 

openssl/src/sign.rs

@@ -72,7 +72,7 @@ use hash::MessageDigest;
 use pkey::{PKeyCtxRef, PKeyRef};
 use error::ErrorStack;
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
 #[cfg(any(ossl101, ossl102))]
 use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};

openssl/src/ssl/bio.rs

@@ -173,7 +173,7 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int {
     1
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 #[allow(bad_style)]
 mod compat {
     use std::io::{Read, Write};

openssl/src/ssl/callbacks.rs

@@ -12,7 +12,7 @@ use dh::Dh;
 #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
 use ec_key::EcKey;
 use ssl::{get_callback_idx, get_ssl_callback_idx, SslRef, SniError, NPN_PROTOS_IDX};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 use ssl::ALPN_PROTOS_IDX;
 use x509::X509StoreContextRef;
 
@@ -158,7 +158,7 @@ pub extern "C" fn raw_next_proto_select_cb(
     unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) }
 }
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 pub extern "C" fn raw_alpn_select_cb(
     ssl: *mut ffi::SSL,
     out: *mut *const c_uchar,

openssl/src/ssl/connector.rs

@@ -367,7 +367,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
     ctx._set_ecdh_auto(true)
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
     Ok(())
 }
@@ -390,7 +390,7 @@ impl SslAcceptor {
     }
 }
 
-#[cfg(any(ossl102, ossl110))]
+#[cfg(any(ossl102, ossl11x))]
 fn setup_verify(ctx: &mut SslContextBuilder) {
     ctx.set_verify(SSL_VERIFY_PEER);
 }
@@ -409,7 +409,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
     });
 }
 
-#[cfg(any(ossl102, ossl110))]
+#[cfg(any(ossl102, ossl11x))]
 fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
     let param = ssl._param_mut();
     param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

openssl/src/ssl/mod.rs

@@ -99,9 +99,9 @@ use ec::EcKeyRef;
 use ec::EcKey;
 use x509::{X509, X509FileType, X509Name, X509Ref, X509StoreContextRef, X509VerifyError};
 use x509::store::{X509StoreBuilderRef, X509StoreRef};
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 use x509::store::X509Store;
-#[cfg(any(ossl102, ossl110))]
+#[cfg(any(ossl102, ossl11x))]
 use verify::X509VerifyParamRef;
 use pkey::PKeyRef;
 use error::ErrorStack;
@@ -211,15 +211,21 @@ bitflags! {
         /// Disables the use of TLSv1.2.
         const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2;
 
+        /// Disables the use of TLSv1.3.
+        ///
+        /// Requires OpenSSL 1.1.1 or newer.
+        #[cfg(ossl111)]
+        const SSL_OP_NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
+
         /// Disables the use of DTLSv1.0
         ///
         /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
         const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
 
         /// Disables the use of DTLSv1.2.
         /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
         const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
 
         /// Disables the use of all (D)TLS protocol versions.
@@ -237,8 +243,15 @@ bitflags! {
         ///
         /// let options = SSL_OP_NO_SSL_MASK & !SSL_OP_NO_TLSV1_2;
         /// ```
-        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+        #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
         const SSL_OP_NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
+
+        /// Enable TLSv1.3 Compatibility mode.
+        ///
+        /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version
+        /// may have this disabled by default.
+        #[cfg(ossl111)]
+        const SSL_OP_ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
     }
 }
 
@@ -398,7 +411,7 @@ lazy_static! {
     static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();
 }
 
-#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
 lazy_static! {
     static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();
 }
@@ -578,7 +591,7 @@ impl SslContextBuilder {
     /// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
     ///
     /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
         unsafe {
             let ptr = cert_store.as_ptr();
@@ -970,7 +983,7 @@ impl SslContextBuilder {
     ///
     /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
     // FIXME overhaul
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn set_alpn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
         let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols));
         unsafe {
@@ -1190,7 +1203,7 @@ impl SslContextRef {
     /// This corresponds to [`SSL_CTX_get0_certificate`].
     ///
     /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn certificate(&self) -> Option<&X509Ref> {
         unsafe {
             let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
@@ -1209,7 +1222,7 @@ impl SslContextRef {
     /// This corresponds to [`SSL_CTX_get0_privatekey`].
     ///
     /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn private_key(&self) -> Option<&PKeyRef> {
         unsafe {
             let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@@ -1794,7 +1807,7 @@ impl SslRef {
     /// This corresponds to [`SSL_get0_alpn_selected`].
     ///
     /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
         unsafe {
             let mut data: *const c_uchar = ptr::null();
@@ -1894,12 +1907,12 @@ impl SslRef {
     /// This corresponds to [`SSL_get0_param`].
     ///
     /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
-    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+    #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl11x)))]
     pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
         self._param_mut()
     }
 
-    #[cfg(any(ossl102, ossl110))]
+    #[cfg(any(ossl102, ossl11x))]
     fn _param_mut(&mut self) -> &mut X509VerifyParamRef {
         unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
     }
@@ -2437,7 +2450,7 @@ pub enum ShutdownResult {
     Received,
 }
 
-#[cfg(ossl110)]
+#[cfg(ossl11x)]
 mod compat {
     use std::ptr;