From b4c735e8af546dee49b54679f63bcfec16c15a0f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 28 Apr 2020 18:09:39 -0700 Subject: [PATCH 01/54] Initial support for OpenSSL 3.0.0-alpha1 --- openssl-sys/build/cfgs.rs | 3 + openssl-sys/build/expando.c | 5 ++ openssl-sys/build/main.rs | 19 +++- openssl-sys/src/cms.rs | 16 +++- openssl-sys/src/err.rs | 15 +++- openssl-sys/src/evp.rs | 28 ++++-- openssl-sys/src/ocsp.rs | 32 ++++++- openssl-sys/src/pem.rs | 171 ++++++++++++++++++++++++------------ openssl-sys/src/pkcs12.rs | 26 +++++- openssl-sys/src/rsa.rs | 95 +++++++++++--------- openssl-sys/src/ssl.rs | 14 ++- openssl-sys/src/x509.rs | 119 +++++++++++++++++++++---- openssl-sys/src/x509_vfy.rs | 29 ++++-- openssl/build.rs | 3 + openssl/src/cms.rs | 1 + openssl/src/error.rs | 35 ++++++-- openssl/src/hash.rs | 1 + openssl/src/pkcs12.rs | 3 + openssl/src/sign.rs | 7 +- openssl/src/symm.rs | 25 +++--- 20 files changed, 489 insertions(+), 158 deletions(-) diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs index b1ec33f56..cc9256bbf 100644 --- a/openssl-sys/build/cfgs.rs +++ b/openssl-sys/build/cfgs.rs @@ -31,6 +31,9 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& } else { let openssl_version = openssl_version.unwrap(); + if openssl_version >= 0x3_00_00_00_0 { + cfgs.push("ossl300"); + } if openssl_version >= 0x1_00_01_00_0 { cfgs.push("ossl101"); } diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index c8bfac879..da7c6a0bf 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -4,8 +4,13 @@ #define VERSION2(n, v) RUST_VERSION_##n##_##v #define VERSION(n, v) VERSION2(n, v) +#define NEW_VERSION2(a, b, c) RUST_VERSION_NEW_OPENSSL_##a##_##b##_##c +#define NEW_VERSION(a, b, c) NEW_VERSION2(a, b, c) + #ifdef LIBRESSL_VERSION_NUMBER VERSION(LIBRESSL, LIBRESSL_VERSION_NUMBER) +#elif defined OPENSSL_VERSION_MAJOR +NEW_VERSION(OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH) #else VERSION(OPENSSL, OPENSSL_VERSION_NUMBER) #endif diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index cc770318c..db9bab728 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -170,11 +170,15 @@ See rust-openssl README for more information: let line = line.trim(); let openssl_prefix = "RUST_VERSION_OPENSSL_"; + let new_openssl_prefix = "RUST_VERSION_NEW_OPENSSL_"; let libressl_prefix = "RUST_VERSION_LIBRESSL_"; let conf_prefix = "RUST_CONF_"; if line.starts_with(openssl_prefix) { let version = &line[openssl_prefix.len()..]; openssl_version = Some(parse_version(version)); + } else if line.starts_with(new_openssl_prefix) { + let version = &line[new_openssl_prefix.len()..]; + openssl_version = Some(parse_new_version(version)); } else if line.starts_with(libressl_prefix) { let version = &line[libressl_prefix.len()..]; libressl_version = Some(parse_version(version)); @@ -228,8 +232,10 @@ See rust-openssl README for more information: let openssl_version = openssl_version.unwrap(); println!("cargo:version_number={:x}", openssl_version); - if openssl_version >= 0x1_01_02_00_0 { + if openssl_version >= 0x4_00_00_00_0 { version_error() + } else if openssl_version >= 0x3_00_00_00_0 { + Version::Openssl11x } else if openssl_version >= 0x1_01_01_00_0 { println!("cargo:version=111"); Version::Openssl11x @@ -280,6 +286,17 @@ fn parse_version(version: &str) -> u64 { u64::from_str_radix(version, 16).unwrap() } +// parses a string that looks like 3_0_0 +fn parse_new_version(version: &str) -> u64 { + println!("version: {}", version); + let mut it = version.split('_'); + let major = it.next().unwrap().parse::().unwrap(); + let minor = it.next().unwrap().parse::().unwrap(); + let patch = it.next().unwrap().parse::().unwrap(); + + (major << 28) | (minor << 20) | (patch << 4) +} + /// Given a libdir for OpenSSL (where artifacts are located) as well as the name /// of the libraries we're linking to, figure out whether we should link them /// statically or dynamically. diff --git a/openssl-sys/src/cms.rs b/openssl-sys/src/cms.rs index ad5d7160a..3401f5db0 100644 --- a/openssl-sys/src/cms.rs +++ b/openssl-sys/src/cms.rs @@ -6,9 +6,21 @@ pub enum CMS_ContentInfo {} extern "C" { #[cfg(ossl101)] pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo); - #[cfg(ossl101)] - pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_CMS_ContentInfo(a: *const ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; + } + } else if #[cfg(ossl101)] { + extern "C" { + pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; + } + } +} + +extern "C" { #[cfg(ossl101)] pub fn d2i_CMS_ContentInfo( a: *mut *mut ::CMS_ContentInfo, diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index ecaec3ed0..c833ca6a3 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -31,8 +31,21 @@ pub struct ERR_STRING_DATA { pub string: *const c_char, } +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn ERR_new(); + pub fn ERR_set_debug(file: *const c_char, line: c_int, func: *const c_char); + pub fn ERR_set_error(lib: c_int, reason: c_int, fmt: *const c_char, ...); + } + } else { + extern "C" { + pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); + } + } +} + extern "C" { - pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); pub fn ERR_get_error() -> c_ulong; diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index b4e74c190..7b02fec6c 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -167,7 +167,7 @@ extern "C" { pub fn EVP_DecryptFinal_ex( ctx: *mut EVP_CIPHER_CTX, outm: *mut c_uchar, - outl: *mut c_int + outl: *mut c_int, ) -> c_int; } cfg_if! { @@ -378,13 +378,25 @@ extern "C" { } pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; -pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; -pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; -pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; -pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; -pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; -pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; -pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; +cfg_if! { + if #[cfg(ossl300)] { + pub const EVP_PKEY_OP_SIGN: c_int = 1 << 5; + pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 6; + pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 7; + pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 8; + pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 9; + pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 10; + pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 11; + } else { + pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; + pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; + pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; + pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; + pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; + pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; + pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; + } +} pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs index 82157f32f..ee98eb55d 100644 --- a/openssl-sys/src/ocsp.rs +++ b/openssl-sys/src/ocsp.rs @@ -92,7 +92,21 @@ extern "C" { pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); pub fn OCSP_RESPONSE_new() -> *mut OCSP_RESPONSE; pub fn OCSP_RESPONSE_free(r: *mut OCSP_RESPONSE); - pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; +} + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_OCSP_RESPONSE(a: *const OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; + } + } else { + extern "C" { + pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; + } + } +} + +extern "C" { pub fn d2i_OCSP_RESPONSE( a: *mut *mut OCSP_RESPONSE, pp: *mut *const c_uchar, @@ -102,7 +116,21 @@ extern "C" { pub fn OCSP_CERTID_free(id: *mut OCSP_CERTID); pub fn OCSP_REQUEST_new() -> *mut OCSP_REQUEST; pub fn OCSP_REQUEST_free(r: *mut OCSP_REQUEST); - pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; +} + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_OCSP_REQUEST(a: *const OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; + } + } else { + extern "C" { + pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; + } + } +} + +extern "C" { pub fn d2i_OCSP_REQUEST( a: *mut *mut OCSP_REQUEST, pp: *mut *const c_uchar, diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 474cefd29..10ece0bbf 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -18,29 +18,133 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509; - pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; +} + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *const X509) -> c_int; + pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *const X509_REQ) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: *const RSA, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *const RSA) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: *const DSA, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: *const EC_KEY, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; + pub fn PEM_write_bio_PrivateKey( + bio: *mut BIO, + pkey: *const EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *const EVP_PKEY) -> c_int; + pub fn PEM_write_bio_PKCS8PrivateKey( + bio: *mut BIO, + pkey: *const EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *const c_char, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *const PKCS7) -> c_int; + } + } else { + extern "C" { + pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; + pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: *mut RSA, + cipher: *const EVP_CIPHER, + kstr: *mut c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: *mut DSA, + cipher: *const EVP_CIPHER, + kstr: *mut c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: *mut EC_KEY, + cipher: *const EVP_CIPHER, + kstr: *mut c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; + pub fn PEM_write_bio_PrivateKey( + bio: *mut BIO, + pkey: *const EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; + pub fn PEM_write_bio_PKCS8PrivateKey( + bio: *mut BIO, + pkey: *mut EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *mut c_char, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; + } + } +} + +extern "C" { pub fn PEM_read_bio_X509_REQ( bio: *mut BIO, out: *mut *mut X509_REQ, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509_REQ; - pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; pub fn PEM_read_bio_RSAPrivateKey( bio: *mut BIO, rsa: *mut *mut RSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut RSA; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: *mut RSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_RSAPublicKey( bio: *mut BIO, rsa: *mut *mut RSA, @@ -54,44 +158,24 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut RSA; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; pub fn PEM_read_bio_DSAPrivateKey( bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut DSA; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *mut DSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_DSA_PUBKEY( bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut DSA; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *mut DSA) -> c_int; pub fn PEM_read_bio_ECPrivateKey( bio: *mut BIO, key: *mut *mut EC_KEY, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EC_KEY; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: *mut EC_KEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_DHparams( bio: *mut BIO, out: *mut *mut DH, @@ -105,32 +189,13 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EVP_PKEY; - pub fn PEM_write_bio_PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_PUBKEY( bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EVP_PKEY; - pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn PEM_write_bio_PKCS8PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_char, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn d2i_PKCS8PrivateKey_bio( bp: *mut BIO, x: *mut *mut EVP_PKEY, @@ -142,9 +207,7 @@ extern "C" { buf: *mut *const u8, length: c_long, ) -> *mut PKCS8_PRIV_KEY_INFO; - pub fn PKCS8_PRIV_KEY_INFO_free( - p8inf: *mut PKCS8_PRIV_KEY_INFO, - ); + pub fn PKCS8_PRIV_KEY_INFO_free(p8inf: *mut PKCS8_PRIV_KEY_INFO); pub fn PEM_read_bio_PKCS7( bio: *mut BIO, @@ -153,8 +216,6 @@ extern "C" { u: *mut c_void, ) -> *mut PKCS7; - pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; - #[cfg(ossl101)] pub fn PEM_read_bio_CMS( bio: *mut BIO, diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index 9cdba7e1d..e0067a5c9 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -6,7 +6,19 @@ pub enum PKCS12 {} extern "C" { pub fn PKCS12_free(p12: *mut PKCS12); - pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_PKCS12(a: *const PKCS12, buf: *mut *mut u8) -> c_int; + } + } else { + extern "C" { + pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; + } + } +} +extern "C" { pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; pub fn PKCS12_parse( @@ -51,6 +63,14 @@ cfg_if! { } } -extern "C" { - pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_PKCS12_bio(b: *mut BIO, a: *const PKCS12) -> c_int; + } + } else { + extern "C" { + pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; + } + } } diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs index 9b6ab82fb..4bcb17f50 100644 --- a/openssl-sys/src/rsa.rs +++ b/openssl-sys/src/rsa.rs @@ -5,48 +5,59 @@ use *; pub const RSA_F4: c_long = 0x10001; -pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_RSA_PADDING, - pad, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_GET_RSA_PADDING, - 0, - ppad as *mut c_void, - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, - len, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, - 0, - md as *mut c_void, - ) +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: c_int) -> c_int; + pub fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: *mut c_int) -> c_int; + + pub fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int; + pub fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int; + } + } else { + pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + -1, + EVP_PKEY_CTRL_RSA_PADDING, + pad, + ptr::null_mut(), + ) + } + pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + -1, + EVP_PKEY_CTRL_GET_RSA_PADDING, + 0, + ppad as *mut c_void, + ) + } + + pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, + len, + ptr::null_mut(), + ) + } + + pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_MGF1_MD, + 0, + md as *mut c_void, + ) + } + } } pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 1d76159dd..c399a05a9 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -978,7 +978,19 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); - pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_SSL_SESSION(s: *const SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; + } + } else { + extern "C" { + pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; + } + } +} +extern "C" { pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; pub fn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int; pub fn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int; diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 70b8bbc1c..be43bd731 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -120,26 +120,47 @@ extern "C" { ) -> c_int; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; +} - pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int; - pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int; - pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - - pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_X509_bio(b: *mut BIO, x: *const X509) -> c_int; + pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *const X509_REQ) -> c_int; + pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *const EVP_PKEY) -> c_int; + pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *const EVP_PKEY) -> c_int; + + pub fn i2d_PUBKEY(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_RSA_PUBKEY(k: *const RSA, buf: *mut *mut u8) -> c_int; + pub fn i2d_DSA_PUBKEY(a: *const DSA, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_PrivateKey(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; + } + } else { + extern "C" { + pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int; + pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int; + pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; + pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; + + pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; + pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; + } + } +} +extern "C" { pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; - pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; - pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn d2i_ECPrivateKey( k: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EC_KEY; - pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; } cfg_if! { @@ -178,7 +199,17 @@ extern "C" { pp: *mut *const c_uchar, length: c_long, ) -> *mut X509_REQ; - pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_X509_REQ(x: *const X509_REQ, buf: *mut *mut u8) -> c_int; + } + } else { + extern "C" { + pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; + } + } } cfg_if! { @@ -213,7 +244,19 @@ extern "C" { pub fn X509_new() -> *mut X509; pub fn X509_free(x: *mut X509); - pub fn i2d_X509(x: *mut X509, buf: *mut *mut u8) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn i2d_X509(x: *const X509, buf: *mut *mut u8) -> c_int; + } + } else { + extern "C" { + pub fn i2d_X509(x: *mut X509, buf: *mut *mut u8) -> c_int; + } + } +} +extern "C" { pub fn d2i_X509(a: *mut *mut X509, pp: *mut *const c_uchar, length: c_long) -> *mut X509; pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY; @@ -221,7 +264,17 @@ extern "C" { pub fn X509_set_version(x: *mut X509, version: c_long) -> c_int; pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int; pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER; - pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_set_issuer_name(x: *mut X509, name: *const X509_NAME) -> c_int; + } + } else { + extern "C" { + pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; + } + } } cfg_if! { if #[cfg(any(ossl110, libressl280))] { @@ -234,8 +287,16 @@ cfg_if! { } } } -extern "C" { - pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_set_subject_name(x: *mut X509, name: *const X509_NAME) -> c_int; + } + } else { + extern "C" { + pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int; + } + } } cfg_if! { if #[cfg(any(ossl110, libressl280))] { @@ -267,7 +328,19 @@ extern "C" { pub fn X509_REQ_set_version(req: *mut X509_REQ, version: c_long) -> c_int; #[cfg(ossl110)] pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut X509_NAME; - pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int; +} +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *const X509_NAME) -> c_int; + } + } else { + extern "C" { + pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int; + } + } +} +extern "C" { pub fn X509_REQ_set_pubkey(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_get_pubkey(req: *mut X509_REQ) -> *mut EVP_PKEY; pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; @@ -299,7 +372,7 @@ cfg_if! { } cfg_if! { - if #[cfg(libressl280)] { + if #[cfg(any(ossl300, libressl280))] { extern "C" { pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; } @@ -381,9 +454,19 @@ extern "C" { pub fn X509_verify_cert(ctx: *mut X509_STORE_CTX) -> c_int; } +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_STORE_get0_objects(ctx: *const X509_STORE) -> *mut stack_st_X509_OBJECT; + } + } else if #[cfg(any(ossl110, libressl270))] { + extern "C" { + pub fn X509_STORE_get0_objects(ctx: *mut X509_STORE) -> *mut stack_st_X509_OBJECT; + } + } +} #[cfg(any(ossl110, libressl270))] extern "C" { - pub fn X509_STORE_get0_objects(ctx: *mut X509_STORE) -> *mut stack_st_X509_OBJECT; pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509; } diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 73d97091d..3df735811 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -113,15 +113,34 @@ extern "C" { pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int; pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; +} - pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; - pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_STORE_CTX_get_ex_data(ctx: *const X509_STORE_CTX, idx: c_int) -> *mut c_void; + pub fn X509_STORE_CTX_get_error(ctx: *const X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_error_depth(ctx: *const X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_current_cert(ctx: *const X509_STORE_CTX) -> *mut X509; + } + } else { + extern "C" { + pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; + pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509; + } + } +} +extern "C" { pub fn X509_STORE_CTX_set_error(ctx: *mut X509_STORE_CTX, error: c_int); - pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509; } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(ossl300)] { + extern "C" { + pub fn X509_STORE_CTX_get0_chain(ctx: *const X509_STORE_CTX) -> *mut stack_st_X509; + } + } else if #[cfg(ossl110)] { extern "C" { pub fn X509_STORE_CTX_get0_chain(ctx: *mut X509_STORE_CTX) -> *mut stack_st_X509; } diff --git a/openssl/build.rs b/openssl/build.rs index c1a5ccff6..97c488bba 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -33,6 +33,9 @@ fn main() { if version >= 0x1_01_01_00_0 { println!("cargo:rustc-cfg=ossl111"); } + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=ossl300"); + } } if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs index bed17f028..e43dd52ae 100644 --- a/openssl/src/cms.rs +++ b/openssl/src/cms.rs @@ -230,6 +230,7 @@ mod test { use x509::X509; #[test] + #[cfg_attr(ossl300, ignore)] // 3.0.0 can't load RC2-40-CBC fn cms_encrypt_decrypt() { // load cert with public key only let pub_cert_bytes = include_bytes!("../test/cms_pubkey.der"); diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 103baff2a..acb0ce072 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -141,14 +141,9 @@ impl Error { /// Pushes the error back onto the OpenSSL error stack. pub fn put(&self) { + self.put_error(); + unsafe { - ffi::ERR_put_error( - ffi::ERR_GET_LIB(self.code), - ffi::ERR_GET_FUNC(self.code), - ffi::ERR_GET_REASON(self.code), - self.file, - self.line, - ); let data = match self.data { Some(Cow::Borrowed(data)) => Some((data.as_ptr() as *mut c_char, 0)), Some(Cow::Owned(ref data)) => { @@ -173,6 +168,32 @@ impl Error { } } + #[cfg(ossl300)] + fn put_error(&self) { + unsafe { + ffi::ERR_new(); + ffi::ERR_set_debug(self.file, self.line, ffi::ERR_func_error_string(self.code)); + ffi::ERR_set_error( + ffi::ERR_GET_LIB(self.code), + ffi::ERR_GET_REASON(self.code), + ptr::null(), + ); + } + } + + #[cfg(not(ossl300))] + fn put_error(&self) { + unsafe { + ffi::ERR_put_error( + ffi::ERR_GET_LIB(self.code), + ffi::ERR_GET_FUNC(self.code), + ffi::ERR_GET_REASON(self.code), + self.file, + self.line, + ); + } + } + /// Returns the raw OpenSSL error code for this error. pub fn code(&self) -> c_ulong { self.code diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index 73027f1f4..ea6ea0c39 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -589,6 +589,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_ripemd160() { let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")]; diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index f01a9b22a..5219eb496 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -217,6 +217,7 @@ mod test { use super::*; #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn parse() { let der = include_bytes!("../test/identity.p12"); let pkcs12 = Pkcs12::from_der(der).unwrap(); @@ -236,6 +237,7 @@ mod test { } #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn parse_empty_chain() { let der = include_bytes!("../test/keystore-empty-chain.p12"); let pkcs12 = Pkcs12::from_der(der).unwrap(); @@ -244,6 +246,7 @@ mod test { } #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn create() { let subject_name = "ns.example.com"; let rsa = Rsa::generate(2048).unwrap(); diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 075488935..f98f76c02 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -354,7 +354,11 @@ impl<'a> Signer<'a> { /// /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html #[cfg(ossl111)] - pub fn sign_oneshot(&mut self, sig_buf: &mut [u8], data_buf: &[u8]) -> Result { + pub fn sign_oneshot( + &mut self, + sig_buf: &mut [u8], + data_buf: &[u8], + ) -> Result { unsafe { let mut sig_len = sig_buf.len(); cvt(ffi::EVP_DigestSign( @@ -796,6 +800,7 @@ mod test { #[test] #[cfg(ossl110)] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11671 fn test_cmac() { let cipher = ::symm::Cipher::aes_128_cbc(); let key = Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(); diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index c0d70ab92..660f70579 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -959,6 +959,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_rc4() { let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4"; @@ -1142,6 +1143,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_cbc() { // https://www.schneier.com/code/vectors.txt @@ -1154,6 +1156,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_ecb() { let pt = "5CD54CA83DEF57DA"; let ct = "B1B8CC0B250F09A0"; @@ -1164,6 +1167,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_cfb64() { let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3"; @@ -1174,6 +1178,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_ofb() { let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"; @@ -1184,6 +1189,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_des_cbc() { let pt = "54686973206973206120746573742e"; let ct = "6f2867cfefda048a4046ef7e556c7132"; @@ -1194,6 +1200,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_des_ecb() { let pt = "54686973206973206120746573742e"; let ct = "0050ab8aecec758843fe157b4dde938c"; @@ -1235,18 +1242,12 @@ mod tests { #[test] fn test_aes128_gcm() { - let key = "0e00c76561d2bd9b40c3c15427e2b08f"; - let iv = "492cadaccd3ca3fbc9cf9f06eb3325c4e159850b0dbe98199b89b7af528806610b6f63998e1eae80c348e7\ - 4cbb921d8326631631fc6a5d304f39166daf7ea15fa1977f101819adb510b50fe9932e12c5a85aa3fd1e73\ - d8d760af218be829903a77c63359d75edd91b4f6ed5465a72662f5055999e059e7654a8edc921aa0d496"; - let pt = "fef03c2d7fb15bf0d2df18007d99f967c878ad59359034f7bb2c19af120685d78e32f6b8b83b032019956c\ - a9c0195721476b85"; - let aad = "d8f1163d8c840292a2b2dacf4ac7c36aff8733f18fabb4fa5594544125e03d1e6e5d6d0fd61656c8d8f327\ - c92839ae5539bb469c9257f109ebff85aad7bd220fdaa95c022dbd0c7bb2d878ad504122c943045d3c5eba\ - 8f1f56c0"; - let ct = "4f6cf471be7cbd2575cd5a1747aea8fe9dea83e51936beac3e68f66206922060c697ffa7af80ad6bb68f2c\ - f4fc97416ee52abe"; - let tag = "e20b6655"; + let key = "23dc8d23d95b6fd1251741a64f7d4f41"; + let iv = "f416f48ad44d9efa1179e167"; + let pt = "6cb9b71dd0ccd42cdf87e8e396fc581fd8e0d700e360f590593b748e105390de"; + let aad = "45074844c97d515c65bbe37c210a5a4b08c21c588efe5c5f73c4d9c17d34dacddc0bb6a8a53f7bf477b9780c1c2a928660df87016b2873fe876b2b887fb5886bfd63216b7eaecc046372a82c047eb043f0b063226ee52a12c69b"; + let ct = "8ad20486778e87387efb3f2574e509951c0626816722018129e578b2787969d3"; + let tag = "91e1bc09"; // this tag is smaller than you'd normally want, but I pulled this test from the part of // the NIST test vectors that cover 4 byte tags. From 676e1128f8f4af8751f60dafda6bc03a0a5d8e17 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 28 Apr 2020 18:18:24 -0700 Subject: [PATCH 02/54] fix constness --- openssl-sys/src/pem.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 10ece0bbf..bb198e850 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -107,12 +107,12 @@ cfg_if! { callback: pem_password_cb, user_data: *mut c_void, ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *mut DSA) -> c_int; pub fn PEM_write_bio_PrivateKey( bio: *mut BIO, - pkey: *const EVP_PKEY, + pkey: *mut EVP_PKEY, cipher: *const EVP_CIPHER, - kstr: *const c_uchar, + kstr: *mut c_uchar, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, From 17ef4bb1c0bb892b43062010c0aa25128968fd00 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 28 Apr 2020 18:29:20 -0700 Subject: [PATCH 03/54] Fix error function tracking --- openssl-sys/src/err.rs | 8 ++++++++ openssl/src/error.rs | 31 ++++++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index c833ca6a3..d6bd2ed43 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -49,6 +49,14 @@ extern "C" { pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); pub fn ERR_get_error() -> c_ulong; + #[cfg(ossl300)] + pub fn ERR_get_error_all( + file: *mut *const c_char, + line: *mut c_int, + func: *mut *const c_char, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong; pub fn ERR_get_error_line_data( file: *mut *const c_char, line: *mut c_int, diff --git a/openssl/src/error.rs b/openssl/src/error.rs index acb0ce072..2e9e40e1d 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -95,6 +95,7 @@ pub struct Error { code: c_ulong, file: *const c_char, line: c_int, + func: *const c_char, data: Option>, } @@ -109,9 +110,10 @@ impl Error { let mut file = ptr::null(); let mut line = 0; + let mut func = ptr::null(); let mut data = ptr::null(); let mut flags = 0; - match ffi::ERR_get_error_line_data(&mut file, &mut line, &mut data, &mut flags) { + match ERR_get_error_all(&mut file, &mut line, &mut func, &mut data, &mut flags) { 0 => None, code => { // The memory referenced by data is only valid until that slot is overwritten @@ -132,6 +134,7 @@ impl Error { code, file, line, + func, data, }) } @@ -172,7 +175,7 @@ impl Error { fn put_error(&self) { unsafe { ffi::ERR_new(); - ffi::ERR_set_debug(self.file, self.line, ffi::ERR_func_error_string(self.code)); + ffi::ERR_set_debug(self.file, self.line, self.func); ffi::ERR_set_error( ffi::ERR_GET_LIB(self.code), ffi::ERR_GET_REASON(self.code), @@ -214,11 +217,10 @@ impl Error { /// Returns the name of the function reporting the error. pub fn function(&self) -> Option<&'static str> { unsafe { - let cstr = ffi::ERR_func_error_string(self.code); - if cstr.is_null() { + if self.func.is_null() { return None; } - let bytes = CStr::from_ptr(cstr as *const _).to_bytes(); + let bytes = CStr::from_ptr(self.func).to_bytes(); Some(str::from_utf8(bytes).unwrap()) } } @@ -303,3 +305,22 @@ impl fmt::Display for Error { } impl error::Error for Error {} + +cfg_if! { + if #[cfg(ossl300)] { + use ffi::ERR_get_error_all; + } else { + #[allow(bad_style)] + unsafe extern "C" fn ERR_get_error_all( + file: *mut *const c_char, + line: *mut c_int, + func: *mut *const c_char, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong { + let code = ffi::ERR_get_error_line_data(file, line, data, flags); + *func = ffi::ERR_func_error_string(code); + code + } + } +} From d081c2b596e013b5e392ff9b9f84f2d6890beabb Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 22 Jul 2020 14:02:32 -0600 Subject: [PATCH 04/54] Update to 3.0.0-alpha5 --- openssl-sys/src/crypto.rs | 4 +-- openssl-sys/src/dtls1.rs | 8 ++++- openssl-sys/src/err.rs | 71 +++++++++++++++++++++++++++++++-------- openssl-sys/src/ssl.rs | 3 ++ openssl/src/lib.rs | 2 +- openssl/src/ssl/mod.rs | 9 ++++- openssl/src/x509/mod.rs | 1 + 7 files changed, 79 insertions(+), 19 deletions(-) diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 6d8096f73..63a95a289 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -121,9 +121,9 @@ cfg_if! { } extern "C" { - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode() -> c_int; - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/dtls1.rs b/openssl-sys/src/dtls1.rs index 08b7a489c..9ef5e77f7 100644 --- a/openssl-sys/src/dtls1.rs +++ b/openssl-sys/src/dtls1.rs @@ -1,3 +1,9 @@ use libc::*; -pub const DTLS1_COOKIE_LENGTH: c_uint = 256; +cfg_if! { + if #[cfg(ossl300)] { + pub const DTLS1_COOKIE_LENGTH: c_uint = 255; + } else { + pub const DTLS1_COOKIE_LENGTH: c_uint = 256; + } +} diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index d6bd2ed43..f81d9ea1b 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -3,25 +3,68 @@ use libc::*; pub const ERR_TXT_MALLOCED: c_int = 0x01; pub const ERR_TXT_STRING: c_int = 0x02; +pub const ERR_LIB_SYS: c_int = 2; pub const ERR_LIB_PEM: c_int = 9; -const_fn! { - pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { - ((l as c_ulong & 0x0FF) << 24) | - ((f as c_ulong & 0xFFF) << 12) | - ((r as c_ulong & 0xFFF)) - } +cfg_if! { + if #[cfg(ossl300)] { + pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1; + pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong; - pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { - ((l >> 24) & 0x0FF) as c_int - } + pub const ERR_LIB_OFFSET: c_ulong = 23; + pub const ERR_LIB_MASK: c_ulong = 0xff; + pub const ERR_RFLAGS_OFFSET: c_ulong = 19; + pub const ERR_RFLAGS_MASK: c_ulong = 0xf; + pub const ERR_REASON_MASK: c_ulong = 0x7FFFFF; - pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { - ((l >> 12) & 0xFFF) as c_int - } + pub const ERR_RFLAG_FATAL: c_ulong = 0x1 << ERR_RFLAGS_OFFSET; + + const_fn! { + pub const fn ERR_SYSTEM_ERROR(errcode: c_ulong) -> bool { + errcode & ERR_SYSTEM_FLAG != 0 + } + + pub const fn ERR_GET_LIB(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + (((errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_GET_FUNC(_errcode: c_ulong) -> c_int { + 0 + } - pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { - (l & 0xFFF) as c_int + pub const fn ERR_GET_REASON(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + ((errcode & ERR_REASON_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_PACK(lib: c_int, _func: c_int, reason: c_int) -> c_ulong { + ((lib as c_ulong & ERR_LIB_MASK) << ERR_LIB_OFFSET) | + ((reason as c_ulong & ERR_REASON_MASK)) + } + } + } else { + const_fn! { + pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { + ((l as c_ulong & 0x0FF) << 24) | + ((f as c_ulong & 0xFFF) << 12) | + ((r as c_ulong & 0xFFF)) + } + + pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { + ((l >> 24) & 0x0FF) as c_int + } + + pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { + ((l >> 12) & 0xFFF) as c_int + } + + pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { + (l & 0xFFF) as c_int + } + } } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index c399a05a9..7d8e10c0d 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -1000,7 +1000,10 @@ extern "C" { len: c_long, ) -> *mut SSL_SESSION; + #[cfg(not(ossl300))] pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; + #[cfg(ossl300)] + pub fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index b4e647c07..85d1d14f9 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -154,7 +154,7 @@ pub mod ecdsa; pub mod envelope; pub mod error; pub mod ex_data; -#[cfg(not(libressl))] +#[cfg(not(any(libressl, ossl300)))] pub mod fips; pub mod hash; pub mod memcmp; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 2561aaed8..e42a300c1 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -2619,7 +2619,7 @@ impl SslRef { /// [`SSL_get_peer_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_peer_certificate.html pub fn peer_certificate(&self) -> Option { unsafe { - let ptr = ffi::SSL_get_peer_certificate(self.as_ptr()); + let ptr = SSL_get1_peer_certificate(self.as_ptr()); if ptr.is_null() { None } else { @@ -3954,6 +3954,13 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl300)] { + use ffi::SSL_get1_peer_certificate; + } else { + use ffi::SSL_get_peer_certificate as SSL_get1_peer_certificate; + } +} cfg_if! { if #[cfg(any(ossl110, libressl291))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method}; diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 4ec47f4fd..05e76db81 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -647,6 +647,7 @@ impl X509 { ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); + println!("{}", ffi::ERR_GET_LIB(err)); if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE { From 2bc060feb65e05a8e4c69a0b57fbddcf7e6d28ad Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 24 Jul 2020 10:23:25 -0600 Subject: [PATCH 05/54] Update openssl-errors for 3.0.0 --- openssl-errors/Cargo.toml | 1 + openssl-errors/build.rs | 13 +++ openssl-errors/src/lib.rs | 191 ++++++++++++++++++++++++++--------- openssl-errors/tests/test.rs | 15 ++- 4 files changed, 171 insertions(+), 49 deletions(-) create mode 100644 openssl-errors/build.rs diff --git a/openssl-errors/Cargo.toml b/openssl-errors/Cargo.toml index 45181ddca..d0714fd5a 100644 --- a/openssl-errors/Cargo.toml +++ b/openssl-errors/Cargo.toml @@ -10,6 +10,7 @@ readme = "README.md" categories = ["api-bindings"] [dependencies] +cfg-if = "0.1" libc = "0.2" openssl-sys = { version = "0.9.42", path = "../openssl-sys" } diff --git a/openssl-errors/build.rs b/openssl-errors/build.rs new file mode 100644 index 000000000..787efaa76 --- /dev/null +++ b/openssl-errors/build.rs @@ -0,0 +1,13 @@ +#![allow(clippy::inconsistent_digit_grouping)] + +use std::env; + +fn main() { + if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { + let version = u64::from_str_radix(&version, 16).unwrap(); + + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=ossl300"); + } + } +} \ No newline at end of file diff --git a/openssl-errors/src/lib.rs b/openssl-errors/src/lib.rs index bb8d05bfd..e478975f5 100644 --- a/openssl-errors/src/lib.rs +++ b/openssl-errors/src/lib.rs @@ -47,6 +47,7 @@ #![warn(missing_docs)] #![doc(html_root_url = "https://docs.rs/openssl-errors/0.1")] +use cfg_if::cfg_if; use libc::{c_char, c_int}; use std::borrow::Cow; use std::marker::PhantomData; @@ -70,19 +71,37 @@ pub trait Library { fn id() -> c_int; } +cfg_if! { + if #[cfg(ossl300)] { + type FunctionInner = *const c_char; + } else { + type FunctionInner = c_int; + } +} + /// A function declaration, parameterized by its error library. -pub struct Function(c_int, PhantomData); +pub struct Function(FunctionInner, PhantomData); + +// manual impls necessary for the 3.0.0 case +unsafe impl Sync for Function where T: Sync {} +unsafe impl Send for Function where T: Send {} impl Function { - /// Creates a function from its raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + /// + /// # Safety + /// + /// The inner value must be valid for the lifetime of the process. + #[doc(hidden)] #[inline] - pub const fn from_raw(raw: c_int) -> Function { + pub const unsafe fn __from_raw(raw: FunctionInner) -> Function { Function(raw, PhantomData) } - /// Returns the function's raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn as_raw(&self) -> c_int { + pub const fn __as_raw(&self) -> FunctionInner { self.0 } } @@ -91,15 +110,17 @@ impl Function { pub struct Reason(c_int, PhantomData); impl Reason { - /// Creates a reason from its raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn from_raw(raw: c_int) -> Reason { + pub const fn __from_raw(raw: c_int) -> Reason { Reason(raw, PhantomData) } - /// Returns the reason's raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn as_raw(&self) -> c_int { + pub const fn __as_raw(&self) -> c_int { self.0 } } @@ -119,13 +140,37 @@ pub unsafe fn __put_error( ) where T: Library, { - openssl_sys::ERR_put_error( - T::id(), - func.as_raw(), - reason.as_raw(), - file.as_ptr() as *const c_char, - line as c_int, - ); + put_error_inner(T::id(), func.0, reason.0, file, line, message) +} + +unsafe fn put_error_inner( + library: c_int, + func: FunctionInner, + reason: c_int, + file: &'static str, + line: u32, + message: Option>, +) { + cfg_if! { + if #[cfg(ossl300)] { + openssl_sys::ERR_new(); + openssl_sys::ERR_set_debug( + file.as_ptr() as *const c_char, + line as c_int, + func, + ); + openssl_sys::ERR_set_error(library, reason, ptr::null()); + } else { + openssl_sys::ERR_put_error( + library, + func, + reason, + file.as_ptr() as *const c_char, + line as c_int, + ); + } + } + let data = match message { Some(Cow::Borrowed(s)) => Some((s.as_ptr() as *const c_char as *mut c_char, 0)), Some(Cow::Owned(s)) => { @@ -223,31 +268,11 @@ macro_rules! openssl_errors { fn id() -> $crate::export::c_int { static INIT: $crate::export::Once = $crate::export::Once::new(); static mut LIB_NUM: $crate::export::c_int = 0; - static mut STRINGS: [ - $crate::export::ERR_STRING_DATA; - 2 + $crate::openssl_errors!(@count $($func_name;)* $($reason_name;)*) - ] = [ - $crate::export::ERR_STRING_DATA { - error: 0, - string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - $( - $crate::export::ERR_STRING_DATA { - error: $crate::export::ERR_PACK(0, $lib_name::$func_name.as_raw(), 0), - string: concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - )* - $( - $crate::export::ERR_STRING_DATA { - error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.as_raw()), - string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - )* - $crate::export::ERR_STRING_DATA { - error: 0, - string: $crate::export::null(), - } - ]; + $crate::__openssl_errors_helper! { + @strings $lib_name($lib_str) + functions { $($func_name($func_str);)* } + reasons { $($reason_name($reason_str);)* } + } unsafe { INIT.call_once(|| { @@ -263,19 +288,21 @@ macro_rules! openssl_errors { } impl $lib_name { - $crate::openssl_errors!(@func_consts $lib_name; 1; $($(#[$func_attr])* $func_name;)*); + $crate::openssl_errors!(@func_consts $lib_name; 1; $($(#[$func_attr])* $func_name($func_str);)*); $crate::openssl_errors!(@reason_consts $lib_name; 1; $($(#[$reason_attr])* $reason_name;)*); } )*}; - (@func_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident; $($tt:tt)*) => { + (@func_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident($str:expr); $($tt:tt)*) => { $(#[$attr])* - pub const $name: $crate::Function<$lib_name> = $crate::Function::from_raw($n); + pub const $name: $crate::Function<$lib_name> = unsafe { + $crate::Function::__from_raw($crate::__openssl_errors_helper!(@func_value $n, $str)) + }; $crate::openssl_errors!(@func_consts $lib_name; $n + 1; $($tt)*); }; (@func_consts $lib_name:ident; $n:expr;) => {}; (@reason_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident; $($tt:tt)*) => { $(#[$attr])* - pub const $name: $crate::Reason<$lib_name> = $crate::Reason::from_raw($n); + pub const $name: $crate::Reason<$lib_name> = $crate::Reason::__from_raw($n); $crate::openssl_errors!(@reason_consts $lib_name; $n + 1; $($tt)*); }; (@reason_consts $lib_name:ident; $n:expr;) => {}; @@ -284,3 +311,77 @@ macro_rules! openssl_errors { }; (@count) => { 0 }; } + +cfg_if! { + if #[cfg(ossl300)] { + #[doc(hidden)] + #[macro_export] + macro_rules! __openssl_errors_helper { + ( + @strings $lib_name:ident($lib_str:expr) + functions { $($func_name:ident($func_str:expr);)* } + reasons { $($reason_name:ident($reason_str:expr);)* } + ) => { + static mut STRINGS: [ + $crate::export::ERR_STRING_DATA; + 2 + $crate::openssl_errors!(@count $($reason_name;)*) + ] = [ + $crate::export::ERR_STRING_DATA { + error: 0, + string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.__as_raw()), + string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $crate::export::ERR_STRING_DATA { + error: 0, + string: $crate::export::null(), + } + ]; + }; + (@func_value $n:expr, $func_str:expr) => { + concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char + }; + } + } else { + #[doc(hidden)] + #[macro_export] + macro_rules! __openssl_errors_helper { + ( + @strings $lib_name:ident($lib_str:expr) + functions { $($func_name:ident($func_str:expr);)* } + reasons { $($reason_name:ident($reason_str:expr);)* } + ) => { + static mut STRINGS: [ + $crate::export::ERR_STRING_DATA; + 2 + $crate::openssl_errors!(@count $($func_name;)* $($reason_name;)*) + ] = [ + $crate::export::ERR_STRING_DATA { + error: 0, + string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, $lib_name::$func_name.__as_raw(), 0), + string: concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.__as_raw()), + string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $crate::export::ERR_STRING_DATA { + error: 0, + string: $crate::export::null(), + } + ]; + }; + (@func_value $n:expr, $func_str:expr) => {$n}; + } + } +} diff --git a/openssl-errors/tests/test.rs b/openssl-errors/tests/test.rs index 86dfc3b1b..59eeb433f 100644 --- a/openssl-errors/tests/test.rs +++ b/openssl-errors/tests/test.rs @@ -1,3 +1,4 @@ +use cfg_if::cfg_if; use openssl::error::Error; openssl_errors::openssl_errors! { @@ -23,8 +24,14 @@ fn basic() { assert_eq!(error.function().unwrap(), "function foo"); assert_eq!(error.reason().unwrap(), "out of milk"); assert_eq!(error.file(), "openssl-errors/tests/test.rs"); - assert_eq!(error.line(), 19); - assert_eq!(error.data(), None); + assert_eq!(error.line(), 20); + cfg_if! { + if #[cfg(ossl300)] { + assert_eq!(error.data(), Some("")); + } else { + assert_eq!(error.data(), None); + } + } } #[test] @@ -36,7 +43,7 @@ fn static_data() { assert_eq!(error.function().unwrap(), "function bar"); assert_eq!(error.reason().unwrap(), "out of bacon"); assert_eq!(error.file(), "openssl-errors/tests/test.rs"); - assert_eq!(error.line(), 32); + assert_eq!(error.line(), 39); assert_eq!(error.data(), Some("foobar")); } @@ -49,6 +56,6 @@ fn dynamic_data() { assert_eq!(error.function().unwrap(), "function bar"); assert_eq!(error.reason().unwrap(), "out of milk"); assert_eq!(error.file(), "openssl-errors/tests/test.rs"); - assert_eq!(error.line(), 45); + assert_eq!(error.line(), 52); assert_eq!(error.data(), Some("hello world")); } From f824aecd6643a5164c23bcca3de0e0882d31bfd7 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 24 Jul 2020 12:22:06 -0600 Subject: [PATCH 06/54] rustfmt --- openssl-errors/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl-errors/build.rs b/openssl-errors/build.rs index 787efaa76..62be71efd 100644 --- a/openssl-errors/build.rs +++ b/openssl-errors/build.rs @@ -10,4 +10,4 @@ fn main() { println!("cargo:rustc-cfg=ossl300"); } } -} \ No newline at end of file +} From 2ab15f090c762860cc2754f1014652a4dd2817c4 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 24 Jul 2020 13:15:33 -0600 Subject: [PATCH 07/54] Add circle builds --- .circleci/config.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index e41df7679..612759d41 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,6 +207,9 @@ jobs: - ~/.cargo/registry/cache - target +openssl_300: &openssl_300 + library: openssl + version: 3.0.0-alpha5 openssl_111: &openssl_111 library: openssl version: 1.1.1g @@ -234,6 +237,10 @@ workflows: name: x86_64-vendored target: x86_64-unknown-linux-gnu vendored: true + - linux: + <<: *openssl_300 + name: x86_64-openssl-3.0.0 + target: x86_64-unknown-linux-gnu - linux: <<: *openssl_111 name: x86_64-openssl-1.1.1 @@ -254,6 +261,10 @@ workflows: name: i686-vendored target: i686-unknown-linux-gnu vendored: true + - linux: + <<: *openssl_300 + name: i686-openssl-3.0.0 + target: i686-unknown-linux-gnu - linux: <<: *openssl_111 name: i686-openssl-1.1.1 @@ -271,6 +282,11 @@ workflows: target: arm-unknown-linux-gnueabihf vendored: true no_run: true + - linux: + <<: *openssl_300 + name: armhf-openssl-3.0.0 + target: arm-unknown-linux-gnueabihf + no_run: true - linux: <<: *openssl_111 name: armhf-openssl-1.1.1 From 65b3d03ae80b2350de9c230fc3cfaff492b86981 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 24 Jul 2020 16:54:59 -0600 Subject: [PATCH 08/54] Work around openssl bug --- openssl-errors/tests/test.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openssl-errors/tests/test.rs b/openssl-errors/tests/test.rs index 59eeb433f..de7477145 100644 --- a/openssl-errors/tests/test.rs +++ b/openssl-errors/tests/test.rs @@ -27,7 +27,8 @@ fn basic() { assert_eq!(error.line(), 20); cfg_if! { if #[cfg(ossl300)] { - assert_eq!(error.data(), Some("")); + // https://github.com/openssl/openssl/issues/12530 + assert!(error.data() == None || error.data() == Some("")); } else { assert_eq!(error.data(), None); } From 695d5c88e511f34d23e39ffcac69f95a2ba5dba2 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 24 Jul 2020 17:04:47 -0600 Subject: [PATCH 09/54] fix tests --- openssl-errors/tests/test.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl-errors/tests/test.rs b/openssl-errors/tests/test.rs index de7477145..018c18a1b 100644 --- a/openssl-errors/tests/test.rs +++ b/openssl-errors/tests/test.rs @@ -44,7 +44,7 @@ fn static_data() { assert_eq!(error.function().unwrap(), "function bar"); assert_eq!(error.reason().unwrap(), "out of bacon"); assert_eq!(error.file(), "openssl-errors/tests/test.rs"); - assert_eq!(error.line(), 39); + assert_eq!(error.line(), 40); assert_eq!(error.data(), Some("foobar")); } @@ -57,6 +57,6 @@ fn dynamic_data() { assert_eq!(error.function().unwrap(), "function bar"); assert_eq!(error.reason().unwrap(), "out of milk"); assert_eq!(error.file(), "openssl-errors/tests/test.rs"); - assert_eq!(error.line(), 52); + assert_eq!(error.line(), 53); assert_eq!(error.data(), Some("hello world")); } From e4542efea415402f83e810a4c6d7ef34bb145597 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 7 Aug 2020 21:08:48 -0400 Subject: [PATCH 10/54] Update to alpha6 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 612759d41..a9b0b9dfc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -209,7 +209,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha5 + version: 3.0.0-alpha6 openssl_111: &openssl_111 library: openssl version: 1.1.1g From 203ca55c3effe181d7aea887b6268a5258c535e8 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 26 Oct 2020 17:03:36 -0400 Subject: [PATCH 11/54] Bump to alpha7 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 77f52a011..8c49545d1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha6 + version: 3.0.0-alpha7 openssl_111: &openssl_111 library: openssl version: 1.1.1h From f959bd583ec4a40b1b487beda0adedde9d6cf348 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 26 Oct 2020 17:52:02 -0400 Subject: [PATCH 12/54] fixes --- openssl-sys/src/cms.rs | 13 +++------ openssl-sys/src/ocsp.rs | 24 +++++------------ openssl-sys/src/pem.rs | 12 ++++----- openssl-sys/src/pkcs12.rs | 24 +++-------------- openssl-sys/src/ssl.rs | 12 +++------ openssl-sys/src/x509.rs | 56 +++++++++++---------------------------- 6 files changed, 38 insertions(+), 103 deletions(-) diff --git a/openssl-sys/src/cms.rs b/openssl-sys/src/cms.rs index 3401f5db0..59596307f 100644 --- a/openssl-sys/src/cms.rs +++ b/openssl-sys/src/cms.rs @@ -8,15 +8,10 @@ extern "C" { pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_CMS_ContentInfo(a: *const ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; - } - } else if #[cfg(ossl101)] { - extern "C" { - pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; - } +const_ptr_api! { + extern "C" { + #[cfg(ossl101)] + pub fn i2d_CMS_ContentInfo(a: #[const_ptr_if(ossl300)] CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; } } diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs index eff28b8f8..4a9f7752c 100644 --- a/openssl-sys/src/ocsp.rs +++ b/openssl-sys/src/ocsp.rs @@ -84,15 +84,9 @@ extern "C" { pub fn OCSP_RESPONSE_free(r: *mut OCSP_RESPONSE); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_OCSP_RESPONSE(a: *const OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; - } - } else { - extern "C" { - pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_OCSP_RESPONSE(a: #[const_ptr_if(ossl300)] OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; } } @@ -108,15 +102,9 @@ extern "C" { pub fn OCSP_REQUEST_free(r: *mut OCSP_REQUEST); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_OCSP_REQUEST(a: *const OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; - } - } else { - extern "C" { - pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_OCSP_REQUEST(a: #[const_ptr_if(ossl300)] OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; } } diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 9337b312c..561930a1f 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -28,7 +28,7 @@ const_ptr_api! { bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA, cipher: *const EVP_CIPHER, - kstr: *const c_uchar, + kstr: #[const_ptr_if(ossl300)] c_uchar, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, @@ -38,7 +38,7 @@ const_ptr_api! { bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA, cipher: *const EVP_CIPHER, - kstr: *const c_uchar, + kstr: #[const_ptr_if(ossl300)] c_uchar, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, @@ -47,17 +47,17 @@ const_ptr_api! { bio: *mut BIO, key: #[const_ptr_if(ossl300)] EC_KEY, cipher: *const EVP_CIPHER, - kstr: *const c_uchar, + kstr: #[const_ptr_if(ossl300)] c_uchar, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; pub fn PEM_write_bio_PrivateKey( bio: *mut BIO, pkey: #[const_ptr_if(ossl300)] EVP_PKEY, cipher: *const EVP_CIPHER, - kstr: *const c_uchar, + kstr: #[const_ptr_if(ossl300)] c_uchar, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, @@ -67,7 +67,7 @@ const_ptr_api! { bio: *mut BIO, pkey: #[const_ptr_if(ossl300)] EVP_PKEY, cipher: *const EVP_CIPHER, - kstr: *const c_char, + kstr: #[const_ptr_if(ossl300)] c_char, klen: c_int, callback: pem_password_cb, user_data: *mut c_void, diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index ba3e79339..583c5fc6b 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -7,15 +7,9 @@ pub enum PKCS12 {} extern "C" { pub fn PKCS12_free(p12: *mut PKCS12); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_PKCS12(a: *const PKCS12, buf: *mut *mut u8) -> c_int; - } - } else { - extern "C" { - pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_PKCS12(a: #[const_ptr_if(ossl300)] PKCS12, buf: *mut *mut u8) -> c_int; } } extern "C" { @@ -43,17 +37,7 @@ const_ptr_api! { mac_iter: c_int, keytype: c_int, ) -> *mut PKCS12; - } -} -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_PKCS12_bio(b: *mut BIO, a: *const PKCS12) -> c_int; - } - } else { - extern "C" { - pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; - } + pub fn i2d_PKCS12_bio(b: *mut BIO, a: #[const_ptr_if(ossl300)] PKCS12) -> c_int; } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 06a2d2690..b36684f85 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -973,15 +973,9 @@ extern "C" { pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_SSL_SESSION(s: *const SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; - } - } else { - extern "C" { - pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_SSL_SESSION(s: #[const_ptr_if(ossl300)] SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; } } extern "C" { diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 0e6312182..436a41366 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -185,35 +185,19 @@ extern "C" { pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_X509_bio(b: *mut BIO, x: *const X509) -> c_int; - pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *const X509_REQ) -> c_int; - pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *const EVP_PKEY) -> c_int; - pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *const EVP_PKEY) -> c_int; - - pub fn i2d_PUBKEY(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; - pub fn i2d_RSA_PUBKEY(k: *const RSA, buf: *mut *mut u8) -> c_int; - pub fn i2d_DSA_PUBKEY(a: *const DSA, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; - pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_EC_PUBKEY(a: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; - } - } else { - extern "C" { - pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int; - pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int; - pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - - pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; - pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; - pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; - pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_EC_PUBKEY(a: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_X509_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] X509) -> c_int; + pub fn i2d_X509_REQ_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; + pub fn i2d_PrivateKey_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + pub fn i2d_PUBKEY_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + + pub fn i2d_PUBKEY(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_RSA_PUBKEY(k: #[const_ptr_if(ossl300)] RSA, buf: *mut *mut u8) -> c_int; + pub fn i2d_DSA_PUBKEY(a: #[const_ptr_if(ossl300)] DSA, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_ECPrivateKey(ec_key: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_EC_PUBKEY(a: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; } } extern "C" { @@ -298,20 +282,10 @@ extern "C" { length: c_long, ) -> *mut X509_REQ; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_X509_REQ(x: *const X509_REQ, buf: *mut *mut u8) -> c_int; - } - } else { - extern "C" { - pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; - } - } -} - const_ptr_api! { extern "C" { + pub fn i2d_X509_REQ(x: #[const_ptr_if(ossl300)] X509_REQ, buf: *mut *mut u8) -> c_int; + #[cfg(any(ossl102, libressl273))] pub fn X509_get0_signature( psig: *mut #[const_ptr_if(any(ossl110, libressl273))] ASN1_BIT_STRING, From 57f748cbeb66c824791e9f9136f840c9c2be525e Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 26 Oct 2020 17:58:26 -0400 Subject: [PATCH 13/54] more fixes --- openssl-sys/src/x509.rs | 65 ++++++++----------------------------- openssl-sys/src/x509_vfy.rs | 33 +++++++------------ 2 files changed, 25 insertions(+), 73 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 436a41366..a9d16fc38 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -308,15 +308,9 @@ extern "C" { pub fn X509_new() -> *mut X509; pub fn X509_free(x: *mut X509); } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn i2d_X509(x: *const X509, buf: *mut *mut u8) -> c_int; - } - } else { - extern "C" { - pub fn i2d_X509(x: *mut X509, buf: *mut *mut u8) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn i2d_X509(x: #[const_ptr_if(ossl300)] X509, buf: *mut *mut u8) -> c_int; } } extern "C" { @@ -328,15 +322,9 @@ extern "C" { pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int; pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_set_issuer_name(x: *mut X509, name: *const X509_NAME) -> c_int; - } - } else { - extern "C" { - pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn X509_set_issuer_name(x: *mut X509, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; } } extern "C" { @@ -345,21 +333,7 @@ extern "C" { const_ptr_api! { extern "C" { pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; - } -} -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_set_subject_name(x: *mut X509, name: *const X509_NAME) -> c_int; - } - } else { - extern "C" { - pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int; - } - } -} -const_ptr_api! { - extern "C" { + pub fn X509_set_subject_name(x: *mut X509, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } @@ -383,15 +357,9 @@ extern "C" { #[cfg(ossl110)] pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut X509_NAME; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *const X509_NAME) -> c_int; - } - } else { - extern "C" { - pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; } } extern "C" { @@ -635,15 +603,10 @@ extern "C" { pub fn X509_verify_cert(ctx: *mut X509_STORE_CTX) -> c_int; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_STORE_get0_objects(ctx: *const X509_STORE) -> *mut stack_st_X509_OBJECT; - } - } else if #[cfg(any(ossl110, libressl270))] { - extern "C" { - pub fn X509_STORE_get0_objects(ctx: *mut X509_STORE) -> *mut stack_st_X509_OBJECT; - } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl110, libressl270))] + pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT; } } #[cfg(any(ossl110, libressl270))] diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 6b29b7726..a8c329e7f 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -121,34 +121,23 @@ extern "C" { pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_STORE_CTX_get_ex_data(ctx: *const X509_STORE_CTX, idx: c_int) -> *mut c_void; - pub fn X509_STORE_CTX_get_error(ctx: *const X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_error_depth(ctx: *const X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_current_cert(ctx: *const X509_STORE_CTX) -> *mut X509; - } - } else { - extern "C" { - pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; - pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509; - } +const_ptr_api! { + extern "C" { + pub fn X509_STORE_CTX_get_ex_data(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX, idx: c_int) -> *mut c_void; + pub fn X509_STORE_CTX_get_error(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_error_depth(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_current_cert(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> *mut X509; } } extern "C" { pub fn X509_STORE_CTX_set_error(ctx: *mut X509_STORE_CTX, error: c_int); } cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn X509_STORE_CTX_get0_chain(ctx: *const X509_STORE_CTX) -> *mut stack_st_X509; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn X509_STORE_CTX_get0_chain(ctx: *mut X509_STORE_CTX) -> *mut stack_st_X509; + if #[cfg(ossl110)] { + const_ptr_api! { + extern "C" { + pub fn X509_STORE_CTX_get0_chain(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> *mut stack_st_X509; + } } } else { extern "C" { From 0e7ccc1fb09b33fca4a04f0ebe7403baefd2a0e2 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 26 Oct 2020 18:51:46 -0400 Subject: [PATCH 14/54] Remove stray println --- openssl/src/x509/mod.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index e02f82f9e..775aac69f 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -654,7 +654,6 @@ impl X509 { ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); - println!("{}", ffi::ERR_GET_LIB(err)); if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE { From e71ba98d2784cf53cba4914d78de67c336c79da5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 12 Nov 2020 20:44:41 -0500 Subject: [PATCH 15/54] bump to alpha8 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8c49545d1..f3326657a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha7 + version: 3.0.0-alpha8 openssl_111: &openssl_111 library: openssl version: 1.1.1h From e1e7b40712f70ee6a75954cb7152047875dd3eed Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 28 Nov 2020 21:34:08 -0500 Subject: [PATCH 16/54] Bump to alpha9 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index fc2685fc9..4d1611e7a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha8 + version: 3.0.0-alpha9 openssl_111: &openssl_111 library: openssl version: 1.1.1h From eefdc57e9fe42ad675a2a4575fc713f16c940b8c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 2 Dec 2020 19:11:02 -0500 Subject: [PATCH 17/54] unignore test for 3.0.0 --- openssl/src/pkcs12.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index fac811bb6..bb769dad2 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -239,7 +239,6 @@ mod test { } #[test] - #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn create() { let subject_name = "ns.example.com"; let rsa = Rsa::generate(2048).unwrap(); From bd6a1257bc7d62357d54c3ba347039e0e93a2dbf Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 2 Dec 2020 19:16:30 -0500 Subject: [PATCH 18/54] fix arg mutability --- openssl-sys/src/x509_vfy.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 36b549c19..dcc9901aa 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -224,9 +224,15 @@ extern "C" { pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; - #[cfg(any(ossl102, libressl261))] - pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong; +} +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl261))] + pub fn X509_VERIFY_PARAM_get_flags(param: #[const_ptr_if(ossl300)] X509_VERIFY_PARAM) -> c_ulong; + } +} +extern "C" { #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, From 8d3cf268d80f0ae3b95408f206c22d88b9e7ea13 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 2 Dec 2020 19:22:06 -0500 Subject: [PATCH 19/54] Revert "unignore test for 3.0.0" This reverts commit eefdc57e9fe42ad675a2a4575fc713f16c940b8c. --- openssl/src/pkcs12.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index bb769dad2..fac811bb6 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -239,6 +239,7 @@ mod test { } #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn create() { let subject_name = "ns.example.com"; let rsa = Rsa::generate(2048).unwrap(); From e593a72c58fbfa072fe69af5e73f80ff40ba57ad Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 7 Jan 2021 09:21:46 -0500 Subject: [PATCH 20/54] Test against alpha10 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4d1611e7a..ccfbc08c6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha9 + version: 3.0.0-alpha10 openssl_111: &openssl_111 library: openssl version: 1.1.1h From 63a31999764ad71c3cfbb6cd5bd92a8dbd567bbb Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 4 Feb 2021 15:19:40 -0500 Subject: [PATCH 21/54] Test against alpha11 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ccfbc08c6..b0061bbcf 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha10 + version: 3.0.0-alpha11 openssl_111: &openssl_111 library: openssl version: 1.1.1h From de41f5517f39292c329b87fd6761ace59993e435 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 4 Feb 2021 20:17:21 -0500 Subject: [PATCH 22/54] fix constness in alpha11 --- openssl-sys/src/x509.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 26ebe65d4..62a9fd865 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -368,8 +368,14 @@ extern "C" { pub fn X509_REQ_set_pubkey(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_get_pubkey(req: *mut X509_REQ) -> *mut EVP_PKEY; pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; - pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) - -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: #[const_ptr_if(ossl300)] stack_st_X509_EXTENSION) + -> c_int; + } +} +extern "C" { pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; #[cfg(any(ossl110, libressl273))] From 831af85346e559b17a189bad85612d40a4e3762b Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 4 Feb 2021 20:28:06 -0500 Subject: [PATCH 23/54] fix cfg-if --- openssl/src/error.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 8865a40a9..3d2cfac65 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -15,6 +15,7 @@ //! Err(e) => println!("Parsing Error: {:?}", e), //! } //! ``` +use cfg_if::cfg_if; use libc::{c_char, c_int, c_ulong}; use std::borrow::Cow; use std::error; From 0f7182ac605287c06253e827650d548b95e62a44 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 4 Feb 2021 20:44:50 -0500 Subject: [PATCH 24/54] clippy --- openssl-errors/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl-errors/build.rs b/openssl-errors/build.rs index 62be71efd..5ecd7bae7 100644 --- a/openssl-errors/build.rs +++ b/openssl-errors/build.rs @@ -1,4 +1,4 @@ -#![allow(clippy::inconsistent_digit_grouping)] +#![allow(clippy::inconsistent_digit_grouping, clippy::unusual_byte_groupings)] use std::env; From c4797466f28c055362b106ec2143712dd6c90958 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 4 Feb 2021 20:47:34 -0500 Subject: [PATCH 25/54] Fix X509V3_CTX layout --- openssl-sys/src/ossl_typ.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 2ad6ee65c..fd9a0544e 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -439,6 +439,8 @@ pub struct X509V3_CTX { crl: *mut c_void, db_meth: *mut c_void, db: *mut c_void, + #[cfg(ossl300)] + issuer_pkey: *mut c_void, // I like the last comment line, it is copied from OpenSSL sources: // Maybe more here } From 72e1ea65c99d711668c64c3e9530934842ceb9ff Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 20 Feb 2021 14:01:29 -0500 Subject: [PATCH 26/54] update to alpha-12 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b801f3273..cf5d90362 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha11 + version: 3.0.0-alpha12 openssl_111: &openssl_111 library: openssl version: 1.1.1i From 114e815719a8e74810a22a4e3b1754c92bd95fd5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 20 Feb 2021 14:22:46 -0500 Subject: [PATCH 27/54] fix constants --- openssl-sys/src/evp.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index d0da6c753..a90849567 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -368,13 +368,13 @@ extern "C" { pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; cfg_if! { if #[cfg(ossl300)] { - pub const EVP_PKEY_OP_SIGN: c_int = 1 << 5; - pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 6; - pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 7; - pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 8; - pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 9; - pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 10; - pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 11; + pub const EVP_PKEY_OP_SIGN: c_int = 1 << 4; + pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 5; + pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 6; + pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 7; + pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 8; + pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 9; + pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 10; } else { pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; From 81676eea8d9e89e96e7e8230b4c4c47cc3c936e5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 17 Mar 2021 19:05:05 -0400 Subject: [PATCH 28/54] Update to alpha13 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cf5d90362..a60bedc7a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -207,7 +207,7 @@ jobs: openssl_300: &openssl_300 library: openssl - version: 3.0.0-alpha12 + version: 3.0.0-alpha13 openssl_111: &openssl_111 library: openssl version: 1.1.1i From 2b0ab01233c8e4f260bcf2548983bce840fffdd3 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 18 Mar 2021 08:10:45 -0400 Subject: [PATCH 29/54] Update rsa.rs --- openssl-sys/src/rsa.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs index b558190bc..8798b7cc0 100644 --- a/openssl-sys/src/rsa.rs +++ b/openssl-sys/src/rsa.rs @@ -83,6 +83,7 @@ pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; pub const EVP_PKEY_CTRL_RSA_OAEP_MD: c_int = EVP_PKEY_ALG_CTRL + 9; pub const RSA_PKCS1_PADDING: c_int = 1; +#[cfg(not(ossl300))] pub const RSA_SSLV23_PADDING: c_int = 2; pub const RSA_NO_PADDING: c_int = 3; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; From 405a581c2038a475f9f7049744ba6eb6a60b6932 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 13 Apr 2021 17:50:24 -0400 Subject: [PATCH 30/54] bump to alpha 14 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f3720d76..8dbd82de4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -146,7 +146,7 @@ jobs: - name: openssl version: vendored - name: openssl - version: 3.0.0-alpha13 + version: 3.0.0-alpha14 dl-path: / - name: openssl version: 1.1.1j From 9a32382ffba782a314a1ee5a0c7362fd344e8ce0 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 13 Apr 2021 19:20:10 -0400 Subject: [PATCH 31/54] fix DH test --- openssl/src/dh.rs | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 72c2eae97..b4dc8c9a0 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -388,40 +388,10 @@ mod tests { #[test] fn test_dh_stored_restored() { - let prime_p = BigNum::from_hex_str( - "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF\ - 4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B47\ - 58C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B6\ - 3ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5\ - 140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710\ - C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", - ).unwrap(); - let prime_q = BigNum::from_hex_str( - "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED\ - 4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A\ - 57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5\ - 045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E\ - 052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67E\ - B6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", - ).unwrap(); - let generator = BigNum::from_hex_str( - "8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", - ) - .unwrap(); - let dh1 = Dh::from_params( - prime_p.to_owned().unwrap(), - generator.to_owned().unwrap(), - prime_q.to_owned().unwrap(), - ) - .unwrap(); + let dh1 = Dh::get_2048_256().unwrap(); let key1 = dh1.generate_key().unwrap(); - let dh2 = Dh::from_params( - prime_p.to_owned().unwrap(), - generator.to_owned().unwrap(), - prime_q.to_owned().unwrap(), - ) - .unwrap(); + let dh2 = Dh::get_2048_256().unwrap(); let key2 = dh2 .set_private_key(key1.private_key().to_owned().unwrap()) .unwrap(); From a9fe5656d3ade6f55452fced74729a89bc9847b8 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 13 Apr 2021 19:39:45 -0400 Subject: [PATCH 32/54] flag off test to 102+ --- openssl/src/dh.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index b4dc8c9a0..87c4d8c11 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -387,6 +387,7 @@ mod tests { } #[test] + #[cfg(ossl102)] fn test_dh_stored_restored() { let dh1 = Dh::get_2048_256().unwrap(); let key1 = dh1.generate_key().unwrap(); From cc1c74c1a313ac46b5fa3da602a46cff6fdd06a2 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 22 Apr 2021 10:09:49 -0400 Subject: [PATCH 33/54] Update to alpha15 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5bacdb5b7..9ecd844b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,7 +148,7 @@ jobs: - name: openssl version: vendored - name: openssl - version: 3.0.0-alpha14 + version: 3.0.0-alpha15 dl-path: / - name: openssl version: 1.1.1k From 0ca60554ea938eff7c54f9f9b45f9e60fac564a6 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 8 May 2021 08:19:45 -0400 Subject: [PATCH 34/54] Update ci.yml --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ecd844b4..fad43772a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,7 +148,7 @@ jobs: - name: openssl version: vendored - name: openssl - version: 3.0.0-alpha15 + version: 3.0.0-alpha16 dl-path: / - name: openssl version: 1.1.1k From 770ba32702abd2b4cab80727958c27ac3043c3ec Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 8 May 2021 09:14:34 -0400 Subject: [PATCH 35/54] Update ssl.rs --- openssl-sys/src/ssl.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 9ae0b6de5..8d3c23b4d 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -344,7 +344,12 @@ cfg_if! { } cfg_if! { - if #[cfg(ossl110f)] { + if #[cfg(ossl300)] { + pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_TLSEXT_PADDING + | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; + } else if #[cfg(ossl110f)] { pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT From f7d5c5091060de204c4427893b5409e9a3a230c5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 13:29:48 -0400 Subject: [PATCH 36/54] bump to alpha 17 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67e06fcd2..94837efdb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,7 +148,7 @@ jobs: - name: openssl version: vendored - name: openssl - version: 3.0.0-alpha16 + version: 3.0.0-alpha17 dl-path: / - name: openssl version: 1.1.1k From 8c3e29f72497e4a5dac031d007e25b1ca196f068 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 14:35:44 -0400 Subject: [PATCH 37/54] flag off deprecated sha API in 3.0 --- openssl-sys/build/expando.c | 4 + openssl-sys/src/evp.rs | 10 + openssl-sys/src/sha.rs | 173 ++++++++++----- openssl/src/sha.rs | 417 ++++++++++++++++++------------------ 4 files changed, 346 insertions(+), 258 deletions(-) diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index d77f1eaba..0f5cff413 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -90,3 +90,7 @@ RUST_CONF_OPENSSL_NO_STDIO #ifdef OPENSSL_NO_SM3 RUST_CONF_OPENSSL_NO_SM3 #endif + +#ifdef OPENSSL_NO_DEPRECATED_3_0 +RUST_CONF_OPENSSL_NO_DEPRECATED_3_0 +#endif diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 034d236fb..04970d00b 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -58,6 +58,16 @@ extern "C" { -> c_int; pub fn EVP_DigestUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, n: size_t) -> c_int; pub fn EVP_DigestFinal_ex(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; + #[cfg(ossl300)] + pub fn EVP_Q_digest( + libctx: *mut OSSL_LIB_CTX, + name: *const c_char, + propq: *const c_char, + data: *const c_void, + count: size_t, + md: *mut c_uchar, + size: *mut c_int, + ) -> c_int; pub fn EVP_DigestInit(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD) -> c_int; pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; #[cfg(ossl111)] diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index e8d1403f7..6b60f864e 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -1,73 +1,136 @@ +use crate::*; use libc::*; +use std::ptr; pub type SHA_LONG = c_uint; pub const SHA_LBLOCK: c_int = 16; -#[repr(C)] -#[derive(Clone)] -pub struct SHA_CTX { - pub h0: SHA_LONG, - pub h1: SHA_LONG, - pub h2: SHA_LONG, - pub h3: SHA_LONG, - pub h4: SHA_LONG, - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], - pub num: c_uint, +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + #[repr(C)] + #[derive(Clone)] + pub struct SHA_CTX { + pub h0: SHA_LONG, + pub h1: SHA_LONG, + pub h2: SHA_LONG, + pub h3: SHA_LONG, + pub h4: SHA_LONG, + pub Nl: SHA_LONG, + pub Nh: SHA_LONG, + pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub num: c_uint, + } + + extern "C" { + pub fn SHA1_Init(c: *mut SHA_CTX) -> c_int; + pub fn SHA1_Update(c: *mut SHA_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA1_Final(md: *mut c_uchar, c: *mut SHA_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA1_Init(c: *mut SHA_CTX) -> c_int; - pub fn SHA1_Update(c: *mut SHA_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA1_Final(md: *mut c_uchar, c: *mut SHA_CTX) -> c_int; - pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + macro_rules! digest { + ($name:ident) => { + pub unsafe fn $name(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + concat!(stringify!($name), "\0").as_ptr() as *const c_char, + ptr::null(), + d, + n, + md, + ptr::null(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + } + } + + digest!(SHA1); + } else { + extern "C" { + pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } -#[repr(C)] -#[derive(Clone)] -pub struct SHA256_CTX { - pub h: [SHA_LONG; 8], - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], - pub num: c_uint, - pub md_len: c_uint, +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + #[repr(C)] + #[derive(Clone)] + pub struct SHA256_CTX { + pub h: [SHA_LONG; 8], + pub Nl: SHA_LONG, + pub Nh: SHA_LONG, + pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub num: c_uint, + pub md_len: c_uint, + } + + extern "C" { + pub fn SHA224_Init(c: *mut SHA256_CTX) -> c_int; + pub fn SHA224_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA224_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; + pub fn SHA256_Init(c: *mut SHA256_CTX) -> c_int; + pub fn SHA256_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA256_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA224_Init(c: *mut SHA256_CTX) -> c_int; - pub fn SHA224_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA224_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; - pub fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; - pub fn SHA256_Init(c: *mut SHA256_CTX) -> c_int; - pub fn SHA256_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA256_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; - pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + digest!(SHA224); + digest!(SHA256); + } else { + extern "C" { + pub fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } -pub type SHA_LONG64 = u64; +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + pub type SHA_LONG64 = u64; + + #[repr(C)] + #[derive(Clone)] + pub struct SHA512_CTX { + pub h: [SHA_LONG64; 8], + pub Nl: SHA_LONG64, + pub Nh: SHA_LONG64, + // this is a union but we don't want to require 1.19 + u: [SHA_LONG64; SHA_LBLOCK as usize], + pub num: c_uint, + pub md_len: c_uint, + } -#[repr(C)] -#[derive(Clone)] -pub struct SHA512_CTX { - pub h: [SHA_LONG64; 8], - pub Nl: SHA_LONG64, - pub Nh: SHA_LONG64, - // this is a union but we don't want to require 1.19 - u: [SHA_LONG64; SHA_LBLOCK as usize], - pub num: c_uint, - pub md_len: c_uint, + extern "C" { + pub fn SHA384_Init(c: *mut SHA512_CTX) -> c_int; + pub fn SHA384_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA384_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; + pub fn SHA512_Init(c: *mut SHA512_CTX) -> c_int; + pub fn SHA512_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA512_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA384_Init(c: *mut SHA512_CTX) -> c_int; - pub fn SHA384_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA384_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; - pub fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; - pub fn SHA512_Init(c: *mut SHA512_CTX) -> c_int; - pub fn SHA512_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA512_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; - pub fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + digest!(SHA384); + digest!(SHA512); + } else { + extern "C" { + pub fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + pub fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } diff --git a/openssl/src/sha.rs b/openssl/src/sha.rs index 811a5321d..c7a9a4ab7 100644 --- a/openssl/src/sha.rs +++ b/openssl/src/sha.rs @@ -37,6 +37,7 @@ //! ``` use libc::c_void; use std::mem; +use cfg_if::cfg_if; /// Computes the SHA1 hash of some data. /// @@ -98,233 +99,237 @@ pub fn sha512(data: &[u8]) -> [u8; 64] { } } -/// An object which calculates a SHA1 hash of some data. -/// -/// # Warning -/// -/// SHA1 is known to be insecure - it should not be used unless required for -/// compatibility with existing systems. -#[derive(Clone)] -pub struct Sha1(ffi::SHA_CTX); - -impl Default for Sha1 { - #[inline] - fn default() -> Sha1 { - Sha1::new() - } -} - -impl Sha1 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha1 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA1_Init(&mut ctx); - Sha1(ctx) - } - } - - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA1_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + /// An object which calculates a SHA1 hash of some data. + /// + /// # Warning + /// + /// SHA1 is known to be insecure - it should not be used unless required for + /// compatibility with existing systems. + #[derive(Clone)] + pub struct Sha1(ffi::SHA_CTX); + + impl Default for Sha1 { + #[inline] + fn default() -> Sha1 { + Sha1::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 20] { - unsafe { - let mut hash: [u8; 20] = mem::uninitialized(); - ffi::SHA1_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha1 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha1 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA1_Init(&mut ctx); + Sha1(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA1_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 20] { + unsafe { + let mut hash: [u8; 20] = mem::uninitialized(); + ffi::SHA1_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} - -/// An object which calculates a SHA224 hash of some data. -#[derive(Clone)] -pub struct Sha224(ffi::SHA256_CTX); - -impl Default for Sha224 { - #[inline] - fn default() -> Sha224 { - Sha224::new() - } -} -impl Sha224 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha224 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA224_Init(&mut ctx); - Sha224(ctx) - } - } + /// An object which calculates a SHA224 hash of some data. + #[derive(Clone)] + pub struct Sha224(ffi::SHA256_CTX); - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA224_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha224 { + #[inline] + fn default() -> Sha224 { + Sha224::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 28] { - unsafe { - let mut hash: [u8; 28] = mem::uninitialized(); - ffi::SHA224_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha224 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha224 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA224_Init(&mut ctx); + Sha224(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA224_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 28] { + unsafe { + let mut hash: [u8; 28] = mem::uninitialized(); + ffi::SHA224_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} -/// An object which calculates a SHA256 hash of some data. -#[derive(Clone)] -pub struct Sha256(ffi::SHA256_CTX); + /// An object which calculates a SHA256 hash of some data. + #[derive(Clone)] + pub struct Sha256(ffi::SHA256_CTX); -impl Default for Sha256 { - #[inline] - fn default() -> Sha256 { - Sha256::new() - } -} - -impl Sha256 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha256 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA256_Init(&mut ctx); - Sha256(ctx) - } - } - - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA256_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha256 { + #[inline] + fn default() -> Sha256 { + Sha256::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 32] { - unsafe { - let mut hash: [u8; 32] = mem::uninitialized(); - ffi::SHA256_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha256 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha256 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA256_Init(&mut ctx); + Sha256(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA256_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 32] { + unsafe { + let mut hash: [u8; 32] = mem::uninitialized(); + ffi::SHA256_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} - -/// An object which calculates a SHA384 hash of some data. -#[derive(Clone)] -pub struct Sha384(ffi::SHA512_CTX); - -impl Default for Sha384 { - #[inline] - fn default() -> Sha384 { - Sha384::new() - } -} -impl Sha384 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha384 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA384_Init(&mut ctx); - Sha384(ctx) - } - } + /// An object which calculates a SHA384 hash of some data. + #[derive(Clone)] + pub struct Sha384(ffi::SHA512_CTX); - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA384_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha384 { + #[inline] + fn default() -> Sha384 { + Sha384::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 48] { - unsafe { - let mut hash: [u8; 48] = mem::uninitialized(); - ffi::SHA384_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha384 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha384 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA384_Init(&mut ctx); + Sha384(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA384_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 48] { + unsafe { + let mut hash: [u8; 48] = mem::uninitialized(); + ffi::SHA384_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} -/// An object which calculates a SHA512 hash of some data. -#[derive(Clone)] -pub struct Sha512(ffi::SHA512_CTX); + /// An object which calculates a SHA512 hash of some data. + #[derive(Clone)] + pub struct Sha512(ffi::SHA512_CTX); -impl Default for Sha512 { - #[inline] - fn default() -> Sha512 { - Sha512::new() - } -} - -impl Sha512 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha512 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA512_Init(&mut ctx); - Sha512(ctx) + impl Default for Sha512 { + #[inline] + fn default() -> Sha512 { + Sha512::new() + } } - } - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA512_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Sha512 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha512 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA512_Init(&mut ctx); + Sha512(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA512_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 64] { + unsafe { + let mut hash: [u8; 64] = mem::uninitialized(); + ffi::SHA512_Final(hash.as_mut_ptr(), &mut self.0); + hash + } } } - - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 64] { - unsafe { - let mut hash: [u8; 64] = mem::uninitialized(); - ffi::SHA512_Final(hash.as_mut_ptr(), &mut self.0); - hash - } } } @@ -341,6 +346,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_1() { let expected = "a9993e364706816aba3e25717850c26c9cd0d89d"; @@ -351,6 +357,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn cloning_allows_incremental_hashing() { let expected = "a9993e364706816aba3e25717850c26c9cd0d89d"; @@ -373,6 +380,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_224() { let expected = "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"; @@ -391,6 +399,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_256() { let expected = "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"; @@ -411,6 +420,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_384() { let expected = "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e\ @@ -433,6 +443,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_512() { let expected = "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274\ From b50dc27cce705bed7d7c993a75cf62b370326075 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 14:39:28 -0400 Subject: [PATCH 38/54] fix sslmode size --- openssl-sys/src/ssl.rs | 8 +++++++- openssl/src/ssl/mod.rs | 10 +++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 454ad0a7f..0814d7eec 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -429,7 +429,13 @@ pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { pub const SSL_COOKIE_LENGTH: c_int = 4096; cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(ossl300)] { + extern "C" { + pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> u64; + pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> u64; + pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> u64; + } + } else if #[cfg(ossl110)] { extern "C" { pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong; pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 7dbb2ee6b..01e190d79 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -254,9 +254,17 @@ bitflags! { } } +cfg_if! { + if #[cfg(ossl300)] { + type SslModeRepr = u64; + } else { + type SslModeRepr = c_long; + } +} + bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslMode: c_long { + pub struct SslMode: SslModeRepr { /// Enables "short writes". /// /// Normally, a write in OpenSSL will always write out all of the requested data, even if it From 5febb69f3f6bdac664c518a55919f599e9e2bd66 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 17:00:17 -0400 Subject: [PATCH 39/54] define OSSL_LIB_CTX --- openssl/src/lib.rs | 1 + openssl/src/types.rs | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 openssl/src/types.rs diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 4727f3ff1..bb59d2c53 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -166,6 +166,7 @@ pub mod ssl; pub mod stack; pub mod string; pub mod symm; +pub mod types; pub mod version; pub mod x509; diff --git a/openssl/src/types.rs b/openssl/src/types.rs new file mode 100644 index 000000000..7598fb428 --- /dev/null +++ b/openssl/src/types.rs @@ -0,0 +1,2 @@ +#[cfg(ossl300)] +pub enum OSSL_LIB_CTX {} From 0c18a7965acb98cc90c1200efd6d38e927dcc204 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 17:00:38 -0400 Subject: [PATCH 40/54] rustfmt --- openssl/src/sha.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/sha.rs b/openssl/src/sha.rs index c7a9a4ab7..11a229709 100644 --- a/openssl/src/sha.rs +++ b/openssl/src/sha.rs @@ -35,9 +35,9 @@ //! let hash = sha256(b"your data or message"); //! println!("Hash = {}", hex::encode(hash)); //! ``` +use cfg_if::cfg_if; use libc::c_void; use std::mem; -use cfg_if::cfg_if; /// Computes the SHA1 hash of some data. /// From 33b868cb74cdf4ee3370c8d147ab4730e8faa069 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 17:07:10 -0400 Subject: [PATCH 41/54] wrong crate! --- openssl-sys/src/lib.rs | 2 ++ {openssl => openssl-sys}/src/types.rs | 0 openssl/src/lib.rs | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) rename {openssl => openssl-sys}/src/types.rs (100%) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9596a59b5..fd92209c2 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -46,6 +46,7 @@ pub use ssl::*; pub use ssl3::*; pub use stack::*; pub use tls1::*; +pub use types::*; pub use x509::*; pub use x509_vfy::*; pub use x509v3::*; @@ -83,6 +84,7 @@ mod ssl; mod ssl3; mod stack; mod tls1; +mod types; mod x509; mod x509_vfy; mod x509v3; diff --git a/openssl/src/types.rs b/openssl-sys/src/types.rs similarity index 100% rename from openssl/src/types.rs rename to openssl-sys/src/types.rs diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index bb59d2c53..4727f3ff1 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -166,7 +166,6 @@ pub mod ssl; pub mod stack; pub mod string; pub mod symm; -pub mod types; pub mod version; pub mod x509; From 0a511e7f46e1ff088cd7228bb2c6f98732eb689e Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 17:20:13 -0400 Subject: [PATCH 42/54] fix build --- openssl-sys/src/sha.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index 6b60f864e..5d4232a25 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -39,10 +39,10 @@ cfg_if! { ptr::null_mut(), concat!(stringify!($name), "\0").as_ptr() as *const c_char, ptr::null(), - d, + d as *const c_void, n, md, - ptr::null(), + ptr::null_mut(), ) != 0 { md } else { From 8086cc33758320e389f45780f2daa9e3f2251af4 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 17:40:19 -0400 Subject: [PATCH 43/54] we are an old edition --- openssl-sys/src/sha.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index 5d4232a25..77c607bb4 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -1,4 +1,4 @@ -use crate::*; +use *; use libc::*; use std::ptr; From 3be2f3b8b35d9896e7f5d11f40ce7d3e18f61c1c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 19:04:17 -0400 Subject: [PATCH 44/54] fix build --- openssl-sys/src/evp.rs | 2 +- openssl-sys/src/sha.rs | 99 ++++++++++++++++++++++++++++++++---------- 2 files changed, 77 insertions(+), 24 deletions(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 04970d00b..c94da2ff0 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -66,7 +66,7 @@ extern "C" { data: *const c_void, count: size_t, md: *mut c_uchar, - size: *mut c_int, + size: *mut c_uint, ) -> c_int; pub fn EVP_DigestInit(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD) -> c_int; pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index 77c607bb4..992c10b86 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -32,27 +32,22 @@ cfg_if! { cfg_if! { if #[cfg(ossl300)] { - macro_rules! digest { - ($name:ident) => { - pub unsafe fn $name(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { - if EVP_Q_digest( - ptr::null_mut(), - concat!(stringify!($name), "\0").as_ptr() as *const c_char, - ptr::null(), - d as *const c_void, - n, - md, - ptr::null_mut(), - ) != 0 { - md - } else { - ptr::null_mut() - } - } + // Ideally we'd macro define these, but that crashes ctest :( + pub unsafe fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA1\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() } } - - digest!(SHA1); } else { extern "C" { pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; @@ -86,8 +81,37 @@ cfg_if! { cfg_if! { if #[cfg(ossl300)] { - digest!(SHA224); - digest!(SHA256); + pub unsafe fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA224\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + + pub unsafe fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA256\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } } else { extern "C" { pub fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; @@ -125,8 +149,37 @@ cfg_if! { cfg_if! { if #[cfg(ossl300)] { - digest!(SHA384); - digest!(SHA512); + pub unsafe fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA384\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + + pub unsafe fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA512\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } } else { extern "C" { pub fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; From 15699ad211bc506b7ddec16ba2af36cdbb20573f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 19:08:59 -0400 Subject: [PATCH 45/54] rustfmt --- openssl-sys/src/sha.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index 992c10b86..925cb4b6a 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -1,6 +1,6 @@ -use *; use libc::*; use std::ptr; +use *; pub type SHA_LONG = c_uint; From 75cec0c4be2fec750eb8c1b5e2944a8d308d9e34 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 19:12:11 -0400 Subject: [PATCH 46/54] move constants to cfg'd area --- openssl-sys/src/sha.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index 925cb4b6a..faa57d47f 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -2,12 +2,12 @@ use libc::*; use std::ptr; use *; -pub type SHA_LONG = c_uint; - -pub const SHA_LBLOCK: c_int = 16; - cfg_if! { if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + pub type SHA_LONG = c_uint; + + pub const SHA_LBLOCK: c_int = 16; + #[repr(C)] #[derive(Clone)] pub struct SHA_CTX { From 7e68a80efa80912c0362abba4c335d125c9c68b7 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 19:26:57 -0400 Subject: [PATCH 47/54] more fixes --- openssl-sys/src/ssl.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 0814d7eec..ee3f95365 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -432,8 +432,8 @@ cfg_if! { if #[cfg(ossl300)] { extern "C" { pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> u64; - pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> u64; - pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> u64; + pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: u64) -> u64; + pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: u64) -> u64; } } else if #[cfg(ossl110)] { extern "C" { From 4a1dbecd197463d6a1d2f62e1638fb9623af7683 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 20:02:53 -0400 Subject: [PATCH 48/54] resize the right type --- openssl/src/ssl/mod.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 01e190d79..3ba9c7551 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -134,9 +134,17 @@ pub fn cipher_name(std_name: &str) -> &'static str { } } +cfg_if! { + if #[cfg(ossl300)] { + type SslOptionsRepr = u64; + } else { + type SslOptionsRepr = c_ulong; + } +} + bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslOptions: c_ulong { + pub struct SslOptions: SslOptionsRepr { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; @@ -254,17 +262,9 @@ bitflags! { } } -cfg_if! { - if #[cfg(ossl300)] { - type SslModeRepr = u64; - } else { - type SslModeRepr = c_long; - } -} - bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslMode: SslModeRepr { + pub struct SslMode: c_long { /// Enables "short writes". /// /// Normally, a write in OpenSSL will always write out all of the requested data, even if it From 11c5af3e78efbba53dd58d905244bd26fdcc1934 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 20:39:53 -0400 Subject: [PATCH 49/54] fix unused import --- openssl/src/ssl/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 3ba9c7551..ed2fe6b51 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -60,7 +60,7 @@ use bitflags::bitflags; use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void}; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; use once_cell::sync::{Lazy, OnceCell}; use std::any::TypeId; use std::cmp; @@ -138,7 +138,7 @@ cfg_if! { if #[cfg(ossl300)] { type SslOptionsRepr = u64; } else { - type SslOptionsRepr = c_ulong; + type SslOptionsRepr = libc::c_ulong; } } From a30478cefec2c7b72171c3f77331a1d9d107a4ae Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 23 May 2021 21:07:33 -0400 Subject: [PATCH 50/54] fix constant types --- openssl-sys/src/ssl.rs | 152 ++++++++++++++++++++++------------------- 1 file changed, 82 insertions(+), 70 deletions(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index ee3f95365..7ccdabb28 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -253,159 +253,171 @@ pub type SSL_custom_ext_parse_cb_ex = Option< ) -> c_int, >; -pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; +cfg_if! { + if #[cfg(ossl300)] { + macro_rules! ssl_op_type { + () => {u64}; + } + } else { + macro_rules! ssl_op_type { + () => {c_ulong}; + } + } +} + +pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004; cfg_if! { if #[cfg(libressl261)] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; + pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0; } else if #[cfg(any(ossl102, libressl))] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x10; + pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10; } } #[cfg(ossl101)] -pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; +pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040; -pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800; -pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; -pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; -pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; +pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000; +pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000; +pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000; cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; + pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000; } else { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; + pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0; } } -pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; +pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000; cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; + pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000; } else { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x0; + pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0; } } #[cfg(ossl111)] -pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; +pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000; -pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; +pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000; cfg_if! { if #[cfg(libressl280)] { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0; + pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0; } else { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; + pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000; } } cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; + pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000; } else { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x0; + pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0; } } -pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; -pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; +pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000; +pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000; -pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; +pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000; cfg_if! { if #[cfg(ossl102)] { - pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; - pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; + pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000; + pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000; } else if #[cfg(libressl332)] { - pub const SSL_OP_NO_DTLSv1: c_ulong = 0x40000000; - pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x80000000; + pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000; + pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000; } } #[cfg(ossl111)] -pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; +pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000; #[cfg(ossl110h)] -pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000; +pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000; cfg_if! { if #[cfg(ossl111)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 + pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3; } else if #[cfg(ossl102)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = + pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; } } cfg_if! { if #[cfg(libressl261)] { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0; } else { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000; } } cfg_if! { if #[cfg(ossl300)] { - pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; } else if #[cfg(ossl110f)] { - pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; } else if #[cfg(libressl261)] { - pub const SSL_OP_ALL: c_ulong = 0x4; + pub const SSL_OP_ALL: ssl_op_type!() = 0x4; } else if #[cfg(libressl)] { - pub const SSL_OP_ALL: c_ulong = 0x80000014; + pub const SSL_OP_ALL: ssl_op_type!() = 0x80000014; } else { - pub const SSL_OP_ALL: c_ulong = 0x80000BFF; + pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF; } } cfg_if! { if #[cfg(ossl110)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x00000000; } else if #[cfg(ossl101)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000001; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000002; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000008; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000020; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000080; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000100; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000200; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x01000000; } else { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x0; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0; #[cfg(libressl261)] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0; #[cfg(not(libressl261))] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0; } } From 805a9c43ee20afae4f05134735025b6cc2321d28 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 18 Jun 2021 19:32:28 -0400 Subject: [PATCH 51/54] Update ci.yml --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94837efdb..c2d096d22 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,7 +148,7 @@ jobs: - name: openssl version: vendored - name: openssl - version: 3.0.0-alpha17 + version: 3.0.0-beta1 dl-path: / - name: openssl version: 1.1.1k From 136abc0250002c2e3cbac81c9fc9d67364ea4fcd Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 18 Jun 2021 19:38:25 -0400 Subject: [PATCH 52/54] clippy --- openssl/src/ec.rs | 8 ++++---- openssl/src/pkcs7.rs | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 1c0624128..8f202b4f4 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -1163,13 +1163,13 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); - assert_eq!(g.is_infinity(&group), false); + assert!(!g.is_infinity(&group)); let mut order = BigNum::new().unwrap(); group.order(&mut order, &mut ctx).unwrap(); let mut inf = EcPoint::new(&group).unwrap(); inf.mul_generator(&group, &order, &ctx).unwrap(); - assert_eq!(inf.is_infinity(&group), true); + assert!(inf.is_infinity(&group)); } #[test] @@ -1177,9 +1177,9 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); - assert_eq!(g.is_on_curve(&group, &mut ctx).unwrap(), true); + assert!(g.is_on_curve(&group, &mut ctx).unwrap()); let group2 = EcGroup::from_curve_name(Nid::X9_62_PRIME239V3).unwrap(); - assert_eq!(g.is_on_curve(&group2, &mut ctx).unwrap(), false); + assert!(!g.is_on_curve(&group2, &mut ctx).unwrap()); } } diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index f314ae187..14ad00f23 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -469,6 +469,6 @@ mod tests { let input = String::from("Invalid SMIME Message"); let result = Pkcs7::from_smime(input.as_bytes()); - assert_eq!(result.is_err(), true) + assert!(result.is_err()); } } From cb3e9411fd1c93414053ec28d3f1a190492950ce Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 18 Jun 2021 19:49:13 -0400 Subject: [PATCH 53/54] fix function names --- openssl-sys/src/evp.rs | 109 +++++++++++++++++++++++++++++++++++------ 1 file changed, 94 insertions(+), 15 deletions(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index c94da2ff0..a31ad9a07 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -29,15 +29,60 @@ pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD { EVP_get_digestbyname(OBJ_nid2sn(type_)) } -extern "C" { - pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; - pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_MD_get_size(md: *const EVP_MD) -> c_int; + pub fn EVP_MD_get_type(md: *const EVP_MD) -> c_int; + + pub fn EVP_CIPHER_get_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_nid(cipher: *const EVP_CIPHER) -> c_int; + } + + #[inline] + pub unsafe fn EVP_MD_size(md: *const EVP_MD) -> c_int { + EVP_MD_get_size(md) + } + + #[inline] + pub unsafe fn EVP_MD_type(md: *const EVP_MD) -> c_int { + EVP_MD_get_type(md) + } + + #[inline] + pub unsafe fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_key_length(cipher) + } - pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int; + #[inline] + pub unsafe fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_block_size(cipher) + } + + #[inline] + pub unsafe fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_iv_length(cipher) + } + + #[inline] + pub unsafe fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_nid(cipher) + } + } else { + extern "C" { + pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; + pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; + + pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int; + } + } } +extern "C" {} cfg_if! { if #[cfg(ossl110)] { @@ -185,9 +230,22 @@ extern "C" { outl: *mut c_int, ) -> c_int; } -const_ptr_api! { - extern "C" { - pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_get_size(pkey: *const EVP_PKEY) -> c_int; + } + + #[inline] + pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_size(pkey) + } + } else { + const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; + } + } } } cfg_if! { @@ -311,12 +369,33 @@ extern "C" { pub fn EVP_get_digestbyname(name: *const c_char) -> *const EVP_MD; pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER; - - pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; } -const_ptr_api! { - extern "C" { - pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_get_id(pkey: *const EVP_PKEY) -> c_int; + pub fn EVP_PKEY_get_bits(key: *const EVP_PKEY) -> c_int; + } + + #[inline] + pub unsafe fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_id(pkey) + } + + #[inline] + pub unsafe fn EVP_PKEY_bits(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_bits(pkey) + } + } else { + extern "C" { + pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; + } + const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + } + } } } extern "C" { From 94343328400056b0b132daa3cda0f6ef2477595c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 18 Jun 2021 19:57:15 -0400 Subject: [PATCH 54/54] asdf --- openssl-sys/src/evp.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index a31ad9a07..5034a2b03 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -237,7 +237,7 @@ cfg_if! { } #[inline] - pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int { + pub unsafe fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int { EVP_PKEY_get_size(pkey) } } else {