diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8a07d6181..1d35e2224 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -151,6 +151,10 @@ jobs: - true - false library: + - name: aws-lc + version: v1.48.2 + - name: aws-lc + version: vendored - name: boringssl version: e23fe9b6eecc10e4f9ea1f0027fea5eaee7bd6b6 - name: openssl @@ -276,18 +280,25 @@ jobs: url="https://boringssl.googlesource.com/boringssl/+archive/${{ matrix.library.version }}.tar.gz" tar_flags="" ;; + "aws-lc") + url="https://github.com/aws/aws-lc/archive/refs/tags/${{ matrix.library.version }}.tar.gz" + tar_flags="--strip-components=1" + ;; esac case "${{ matrix.target}}" in "x86_64-unknown-linux-gnu") + CPU=x86_64 OS_COMPILER=linux-x86_64 OS_FLAGS="" ;; "i686-unknown-linux-gnu") + CPU=i686 OS_COMPILER=linux-elf OS_FLAGS="-m32 -msse2" ;; "arm-unknown-linux-gnueabihf") + CPU=armv4 OS_COMPILER=linux-armv4 OS_FLAGS="" export AR=arm-linux-gnueabihf-ar @@ -317,7 +328,7 @@ jobs: cd build echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake - echo "set(CMAKE_SYSTEM_PROCESSOR $cpu)" >> toolchain.cmake + echo "set(CMAKE_SYSTEM_PROCESSOR $CPU)" >> toolchain.cmake echo "set(triple ${{ matrix.target }})" >> toolchain.cmake echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake @@ -330,6 +341,22 @@ jobs: # Copy stuff around so it's all as the build system expects. cp -r ../rust/ "$OPENSSL_DIR/rust" cp -r ./ "$OPENSSL_DIR/build" + ;; + "aws-lc") + mkdir build + cd build + + echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake + echo "set(CMAKE_SYSTEM_PROCESSOR $CPU)" >> toolchain.cmake + echo "set(triple ${{ matrix.target }})" >> toolchain.cmake + echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake + echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake + echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake + + cmake .. -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake + make -j "$(nproc)" + make install + ;; esac if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit @@ -359,11 +386,11 @@ jobs: if [[ "${{ matrix.library.version }}" == "vendored" ]]; then features="--features vendored" fi - if [[ "${{ matrix.bindgen }}" == "true" && "${{ matrix.library.name }}" != "boringssl" ]]; then + if [[ "${{ matrix.bindgen }}" == "true" ]]; then features="$features --features bindgen" fi cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features - if: matrix.library.name != 'boringssl' + if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} - name: Test openssl run: | if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then @@ -371,7 +398,11 @@ jobs: BORINGSSL_BUILD_DIR="$OPENSSL_DIR/build/" fi if [[ "${{ matrix.library.version }}" == "vendored" ]]; then - features="--features vendored" + if [[ "${{ matrix.library.name }}" == "aws-lc" ]]; then + features="--features aws-lc" + else + features="--features vendored" + fi fi if [[ "${{ matrix.bindgen }}" == "true" ]]; then features="$features --features bindgen" @@ -386,4 +417,4 @@ jobs: features="$features --features openssl-sys/bindgen" fi cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features - if: matrix.library.name != 'boringssl' + if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index d7012c4ea..542ff268c 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -18,10 +18,12 @@ rust-version = "1.63.0" [features] vendored = ['openssl-src'] unstable_boringssl = ['bssl-sys'] +aws-lc = ['dep:aws-lc-sys'] [dependencies] libc = "0.2" bssl-sys = { version = "0.1.0", optional = true } +aws-lc-sys = { version = "0.27", features = ["ssl"], optional = true } [build-dependencies] bindgen = { version = "0.69.0", optional = true, features = ["experimental"] } diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index 88f5f63d2..cebed1b70 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -19,6 +19,10 @@ VERSION(OPENSSL, OPENSSL_VERSION_NUMBER) RUST_OPENSSL_IS_BORINGSSL #endif +#ifdef OPENSSL_IS_AWSLC +RUST_OPENSSL_IS_AWSLC +#endif + #ifdef OPENSSL_NO_BF RUST_CONF_OPENSSL_NO_BF #endif @@ -142,3 +146,9 @@ RUST_CONF_OPENSSL_NO_SEED #ifdef OPENSSL_NO_SCRYPT RUST_CONF_OPENSSL_NO_SCRYPT #endif + +#define SYMBOL_PREFIX2(X) RUST_BINDGEN_SYMBOL_PREFIX_##X##_ +#define SYMBOL_PREFIX(X) SYMBOL_PREFIX2(X) +#if defined(OPENSSL_IS_AWSLC) && defined(BORINGSSL_PREFIX) +SYMBOL_PREFIX(BORINGSSL_PREFIX) +#endif diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 7fd548d6b..c4ac240e3 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -24,6 +24,7 @@ enum Version { Openssl10x, Libressl, Boringssl, + AwsLc, } fn env_inner(name: &str) -> Option { @@ -71,6 +72,51 @@ fn check_ssl_kind() { // BoringSSL does not have any build logic, exit early std::process::exit(0); } + + let is_aws_lc = cfg!(feature = "aws-lc"); + + if is_aws_lc { + println!("cargo:rustc-cfg=awslc"); + println!("cargo:awslc=true"); + + // The aws-lc-sys crate uses a link name that embeds + // the version number of crate. Examples (crate-name => links name): + // * aws-lc-sys => aws_lc_0_26_0 + // This is done to avoid issues if the cargo dependency graph for an application + // were to resolve to multiple versions for the same crate. + // + // Due to this we need to determine what version of the AWS-LC has been selected (fips or non-fips) + // and then need to parse out the pieces we are interested in ignoring the version componenet of the name. + const AWS_LC_ENV_VAR_PREFIX: &str = "DEP_AWS_LC_"; + + let mut version = None; + for (name, _) in std::env::vars() { + if let Some(name) = name.strip_prefix(AWS_LC_ENV_VAR_PREFIX) { + if let Some(name) = name.strip_suffix("_INCLUDE") { + version = Some(name.to_owned()); + break; + } + } + } + let version = version.expect("aws-lc version detected"); + + // Read the OpenSSL configuration statements and emit rust-cfg for each. + if let Ok(vars) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_CONF")) { + for var in vars.split(',') { + println!("cargo:rustc-cfg=osslconf=\"{var}\""); + } + println!("cargo:conf={vars}"); + } + + // Emit the include header directory from the aws-lc(-fips)-sys crate so that it can be used if needed + // by crates consuming openssl-sys. + if let Ok(val) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_INCLUDE")) { + println!("cargo:include={val}"); + } + + // AWS-LC does not have any build logic, exit early + std::process::exit(0); + } } fn main() { @@ -79,6 +125,7 @@ fn main() { println!("cargo:rustc-check-cfg=cfg(openssl)"); println!("cargo:rustc-check-cfg=cfg(libressl)"); println!("cargo:rustc-check-cfg=cfg(boringssl)"); + println!("cargo:rustc-check-cfg=cfg(awslc)"); println!("cargo:rustc-check-cfg=cfg(libressl250)"); println!("cargo:rustc-check-cfg=cfg(libressl251)"); @@ -201,7 +248,10 @@ fn main() { // try to match the behavior for common platforms. For a more robust option, // this likely needs to be deferred to the caller with an environment // variable. - if version == Version::Boringssl && kind == "static" && env::var("CARGO_CFG_UNIX").is_ok() { + if (version == Version::Boringssl || version == Version::AwsLc) + && kind == "static" + && env::var("CARGO_CFG_UNIX").is_ok() + { let cpp_lib = match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() { "macos" => "c++", _ => "stdc++", @@ -231,8 +281,8 @@ fn main() { fn postprocess(include_dirs: &[PathBuf]) -> Version { let version = validate_headers(include_dirs); - // Never run bindgen for BoringSSL, if it was needed we already ran it. - if version != Version::Boringssl { + // Never run bindgen for BoringSSL or AWS-LC, if it was needed we already ran it. + if !(version == Version::Boringssl || version == Version::AwsLc) { #[cfg(feature = "bindgen")] run_bindgen::run(&include_dirs); } @@ -296,6 +346,8 @@ See rust-openssl documentation for more information: let mut openssl_version = None; let mut libressl_version = None; let mut is_boringssl = false; + let mut is_awslc = false; + let mut bindgen_symbol_prefix: Option = None; for line in expanded.lines() { let line = line.trim(); @@ -303,7 +355,9 @@ See rust-openssl documentation for more information: let new_openssl_prefix = "RUST_VERSION_NEW_OPENSSL_"; let libressl_prefix = "RUST_VERSION_LIBRESSL_"; let boringssl_prefix = "RUST_OPENSSL_IS_BORINGSSL"; + let awslc_prefix = "RUST_OPENSSL_IS_AWSLC"; let conf_prefix = "RUST_CONF_"; + let symbol_prefix = "RUST_BINDGEN_SYMBOL_PREFIX_"; if let Some(version) = line.strip_prefix(openssl_prefix) { openssl_version = Some(parse_version(version)); } else if let Some(version) = line.strip_prefix(new_openssl_prefix) { @@ -314,6 +368,11 @@ See rust-openssl documentation for more information: enabled.push(conf); } else if line.starts_with(boringssl_prefix) { is_boringssl = true; + } else if line.starts_with(awslc_prefix) { + is_awslc = true; + } else if line.starts_with(symbol_prefix) { + let sym_prefix = String::from(line.strip_prefix(symbol_prefix).unwrap()); + bindgen_symbol_prefix = Some(sym_prefix); } } @@ -329,6 +388,13 @@ See rust-openssl documentation for more information: return Version::Boringssl; } + if is_awslc { + println!("cargo:rustc-cfg=awslc"); + println!("cargo:awslc=true"); + run_bindgen::run_awslc(include_dirs, bindgen_symbol_prefix); + return Version::AwsLc; + } + // We set this for any non-BoringSSL lib. println!("cargo:rustc-cfg=openssl"); diff --git a/openssl-sys/build/run_bindgen.rs b/openssl-sys/build/run_bindgen.rs index 27bd482b3..d883dd255 100644 --- a/openssl-sys/build/run_bindgen.rs +++ b/openssl-sys/build/run_bindgen.rs @@ -36,15 +36,20 @@ const INCLUDES: &str = " #include #include +#if !defined(OPENSSL_IS_AWSLC) // this must be included after ssl.h for libressl! #include +#endif -#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) +#if !(defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) #include #endif -#if !defined(OPENSSL_IS_BORINGSSL) +#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) #include +#endif + +#if !defined(OPENSSL_IS_BORINGSSL) #include #endif @@ -60,7 +65,7 @@ const INCLUDES: &str = " #include #endif -#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) +#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) #include #endif @@ -216,6 +221,127 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) { .compile("boring_static_wrapper"); } +#[cfg(feature = "bindgen")] +mod bindgen_options { + use bindgen::callbacks::{ItemInfo, ParseCallbacks}; + + #[derive(Debug)] + pub struct StripPrefixCallback { + remove_prefix: Option, + } + + impl StripPrefixCallback { + pub fn new(prefix: &str) -> StripPrefixCallback { + StripPrefixCallback { + remove_prefix: Some(prefix.to_string()), + } + } + } + + impl ParseCallbacks for StripPrefixCallback { + fn generated_name_override(&self, item_info: ItemInfo<'_>) -> Option { + self.remove_prefix + .as_ref() + .and_then(|s| item_info.name.strip_prefix(s.as_str()).map(String::from)) + } + } +} + +#[cfg(feature = "bindgen")] +pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option) { + let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()); + + fs::File::create(out_dir.join("awslc_static_wrapper.h")) + .expect("Failed to create awslc_static_wrapper.h") + .write_all(INCLUDES.as_bytes()) + .expect("Failed to write contents to awslc_static_wrapper.h"); + + let mut builder = bindgen::builder() + .rust_target(RustTarget::Stable_1_47) + .ctypes_prefix("::libc") + .raw_line("use libc::*;") + .derive_default(false) + .enable_function_attribute_detection() + .default_macro_constant_type(MacroTypeVariation::Signed) + .rustified_enum("point_conversion_form_t") + .allowlist_file(r".*(/|\\)openssl((/|\\)[^/\\]+)+\.h") + .wrap_static_fns(true) + .wrap_static_fns_path(out_dir.join("awslc_static_wrapper").display().to_string()) + .layout_tests(false) + .header(out_dir.join("awslc_static_wrapper.h").display().to_string()); + + if let Some(prefix) = symbol_prefix { + use bindgen_options::StripPrefixCallback; + let callback = StripPrefixCallback::new(prefix.as_str()); + builder = builder.parse_callbacks(Box::from(callback)); + } + + for include_dir in include_dirs { + builder = builder + .clang_arg("-I") + .clang_arg(include_dir.display().to_string()); + } + + builder + .generate() + .unwrap() + .write_to_file(out_dir.join("bindgen.rs")) + .unwrap(); + + cc::Build::new() + .file(out_dir.join("awslc_static_wrapper.c")) + .includes(include_dirs) + .compile("awslc_static_wrapper"); +} + +#[cfg(not(feature = "bindgen"))] +pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option) { + if symbol_prefix.is_some() { + panic!("aws-lc installation has prefixed symbols, but bindgen-cli does not support removing prefixes. \ + Enable the bindgen crate feature to support this installation.") + } + + let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()); + + fs::File::create(out_dir.join("awslc_static_wrapper.h")) + .expect("Failed to create awslc_static_wrapper.h") + .write_all(INCLUDES.as_bytes()) + .expect("Failed to write contents to awslc_static_wrapper.h"); + + let mut bindgen_cmd = process::Command::new("bindgen"); + bindgen_cmd + .arg("-o") + .arg(out_dir.join("bindgen.rs")) + // Must be a valid version from + // https://docs.rs/bindgen/latest/bindgen/enum.RustTarget.html + .arg("--rust-target=1.47") + .arg("--ctypes-prefix=::libc") + .arg("--raw-line=use libc::*;") + .arg("--no-derive-default") + .arg("--enable-function-attribute-detection") + .arg("--default-macro-constant-type=signed") + .arg("--rustified-enum=point_conversion_form_t") + .arg(r"--allowlist-file=.*(/|\\)openssl((/|\\)[^/\\]+)+\.h") + .arg("--wrap-static-fns") + .arg("--wrap-static-fns-path") + .arg(out_dir.join("awslc_static_wrapper").display().to_string()) + .arg(out_dir.join("awslc_static_wrapper.h")) + .arg("--") + .arg(format!("--target={}", env::var("TARGET").unwrap())); + + for include_dir in include_dirs { + bindgen_cmd.arg("-I").arg(include_dir.display().to_string()); + } + + let result = bindgen_cmd.status().expect("bindgen failed to execute"); + assert!(result.success()); + + cc::Build::new() + .file(out_dir.join("awslc_static_wrapper.c")) + .includes(include_dirs) + .compile("awslc_static_wrapper"); +} + #[cfg(feature = "bindgen")] #[derive(Debug)] struct OpensslCallbacks; diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 4d26f0f60..5fad4b977 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -7,7 +7,7 @@ pub const PKCS5_SALT_LEN: c_int = 8; pub const PKCS12_DEFAULT_ITER: c_int = 2048; pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption; -#[cfg(any(ossl111, libressl310, boringssl))] +#[cfg(any(ossl111, libressl310, boringssl, awslc))] pub const EVP_PKEY_RSA_PSS: c_int = NID_rsassaPss; pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; @@ -313,7 +313,7 @@ pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info( ) } -#[cfg(all(not(ossl300), not(boringssl)))] +#[cfg(not(any(ossl300, boringssl, awslc)))] pub unsafe fn EVP_PKEY_CTX_set_signature_md(cxt: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { EVP_PKEY_CTX_ctrl( cxt, diff --git a/openssl-sys/src/handwritten/ec.rs b/openssl-sys/src/handwritten/ec.rs index 19d93a55e..849251000 100644 --- a/openssl-sys/src/handwritten/ec.rs +++ b/openssl-sys/src/handwritten/ec.rs @@ -103,7 +103,7 @@ extern "C" { pub fn EC_POINT_dup(p: *const EC_POINT, group: *const EC_GROUP) -> *mut EC_POINT; - #[cfg(any(ossl111, boringssl, libressl350))] + #[cfg(any(ossl111, boringssl, libressl350, awslc))] pub fn EC_POINT_get_affine_coordinates( group: *const EC_GROUP, p: *const EC_POINT, diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 0a262db89..0e8923bac 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -29,6 +29,33 @@ mod boringssl { #[cfg(boringssl)] pub use boringssl::*; +#[cfg(feature = "aws-lc")] +extern crate aws_lc_sys; + +#[cfg(awslc)] +#[path = "."] +mod aws_lc { + #[cfg(feature = "aws-lc")] + pub use aws_lc_sys::*; + + #[cfg(not(feature = "aws-lc"))] + include!(concat!(env!("OUT_DIR"), "/bindgen.rs")); + + use libc::{c_char, c_long, c_void}; + + pub fn init() { + unsafe { CRYPTO_library_init() } + } + + // BIO_get_mem_data is a C preprocessor macro by definition + #[allow(non_snake_case, clippy::not_unsafe_ptr_arg_deref)] + pub fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { + unsafe { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp.cast::()) } + } +} +#[cfg(awslc)] +pub use aws_lc::*; + #[cfg(openssl)] #[path = "."] mod openssl { diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index bc5a6c395..0414eda50 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -21,6 +21,7 @@ v111 = [] vendored = ['ffi/vendored'] bindgen = ['ffi/bindgen'] unstable_boringssl = ["ffi/unstable_boringssl"] +aws-lc = ["ffi/aws-lc"] default = [] [dependencies] diff --git a/openssl/build.rs b/openssl/build.rs index 52f3e89fe..fa98881a8 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -11,6 +11,7 @@ fn main() { println!("cargo:rustc-check-cfg=cfg(libressl)"); println!("cargo:rustc-check-cfg=cfg(boringssl)"); + println!("cargo:rustc-check-cfg=cfg(awslc)"); println!("cargo:rustc-check-cfg=cfg(libressl250)"); println!("cargo:rustc-check-cfg=cfg(libressl251)"); @@ -53,6 +54,10 @@ fn main() { println!("cargo:rustc-cfg=boringssl"); } + if env::var("DEP_OPENSSL_AWSLC").is_ok() { + println!("cargo:rustc-cfg=awslc"); + } + if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { let version = u64::from_str_radix(&v, 16).unwrap(); diff --git a/openssl/src/aes.rs b/openssl/src/aes.rs index cd1f3ed11..25de83d5c 100644 --- a/openssl/src/aes.rs +++ b/openssl/src/aes.rs @@ -23,7 +23,11 @@ //! # Examples #![cfg_attr( - all(not(boringssl), not(osslconf = "OPENSSL_NO_DEPRECATED_3_0")), + all( + not(boringssl), + not(awslc), + not(osslconf = "OPENSSL_NO_DEPRECATED_3_0") + ), doc = r#"\ ## AES IGE ```rust @@ -65,7 +69,7 @@ use libc::{c_int, c_uint}; use std::mem::MaybeUninit; use std::ptr; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::symm::Mode; use openssl_macros::corresponds; @@ -77,7 +81,7 @@ pub struct KeyError(()); pub struct AesKey(ffi::AES_KEY); cfg_if! { - if #[cfg(boringssl)] { + if #[cfg(any(boringssl, awslc))] { type AesBitType = c_uint; type AesSizeType = usize; } else { @@ -155,7 +159,7 @@ impl AesKey { /// /// Panics if `in_` is not the same length as `out`, if that length is not a multiple of 16, or if /// `iv` is not at least 32 bytes. -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[corresponds(AES_ige_encrypt)] pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mode) { @@ -263,12 +267,12 @@ mod test { use hex::FromHex; use super::*; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::symm::Mode; // From https://www.mgp25.com/AESIGE/ #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn ige_vector_1() { let raw_key = "000102030405060708090A0B0C0D0E0F"; diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 19bd3b57b..06df31a03 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -165,7 +165,7 @@ impl Asn1Type { /// [`diff`]: struct.Asn1TimeRef.html#method.diff /// [`Asn1TimeRef`]: struct.Asn1TimeRef.html #[derive(Debug, Clone, PartialEq, Eq, Hash)] -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] pub struct TimeDiff { /// Difference in days pub days: c_int, @@ -198,7 +198,7 @@ foreign_type_and_impl_send_sync! { impl Asn1TimeRef { /// Find difference between two times #[corresponds(ASN1_TIME_diff)] - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] pub fn diff(&self, compare: &Self) -> Result { let mut days = 0; let mut secs = 0; @@ -214,7 +214,7 @@ impl Asn1TimeRef { /// Compare two times #[corresponds(ASN1_TIME_compare)] - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] pub fn compare(&self, other: &Self) -> Result { let d = self.diff(other)?; if d.days > 0 || d.secs > 0 { @@ -228,7 +228,7 @@ impl Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -237,7 +237,7 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -246,7 +246,7 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for &Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -255,21 +255,21 @@ impl PartialEq for &Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for &Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() @@ -353,7 +353,7 @@ impl Asn1Time { /// /// Requires BoringSSL or OpenSSL 1.1.1 or newer. #[corresponds(ASN1_TIME_set_string_X509)] - #[cfg(any(ossl111, boringssl))] + #[cfg(any(ossl111, boringssl, awslc))] pub fn from_str_x509(s: &str) -> Result { unsafe { let s = CString::new(s).unwrap(); @@ -366,7 +366,7 @@ impl Asn1Time { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -375,7 +375,7 @@ impl PartialEq for Asn1Time { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -384,7 +384,7 @@ impl PartialEq for Asn1Time { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { fn eq(&self, other: &&'a Asn1TimeRef) -> bool { self.diff(other) @@ -393,21 +393,21 @@ impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time { fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option { self.compare(other).ok() @@ -737,7 +737,7 @@ impl fmt::Debug for Asn1ObjectRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { use ffi::ASN1_STRING_get0_data; } else { #[allow(bad_style)] @@ -808,7 +808,7 @@ mod tests { } #[test] - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] fn time_eq() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); @@ -827,7 +827,7 @@ mod tests { } #[test] - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] fn time_ord() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs index e97374b8d..ebd079f20 100644 --- a/openssl/src/bio.rs +++ b/openssl/src/bio.rs @@ -67,14 +67,14 @@ impl MemBio { } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub unsafe fn from_ptr(bio: *mut ffi::BIO) -> MemBio { MemBio(bio) } } cfg_if! { - if #[cfg(any(ossl102, boringssl))] { + if #[cfg(any(ossl102, boringssl, awslc))] { use ffi::BIO_new_mem_buf; } else { #[allow(bad_style)] diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index 99292fd0f..ec8aadad8 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -43,7 +43,7 @@ cfg_if! { BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative, }; - } else if #[cfg(boringssl)] { + } else if #[cfg(any(boringssl, awslc))] { use ffi::BN_is_negative; } else { use ffi::{ @@ -337,14 +337,14 @@ impl BigNumRef { /// Returns `true` is `self` is even. #[corresponds(BN_is_even)] - #[cfg(any(ossl110, boringssl, libressl350))] + #[cfg(any(ossl110, boringssl, libressl350, awslc))] pub fn is_even(&self) -> bool { !self.is_odd() } /// Returns `true` is `self` is odd. #[corresponds(BN_is_odd)] - #[cfg(any(ossl110, boringssl, libressl350))] + #[cfg(any(ossl110, boringssl, libressl350, awslc))] pub fn is_odd(&self) -> bool { unsafe { ffi::BN_is_odd(self.as_ptr()) == 1 } } @@ -847,7 +847,7 @@ impl BigNumRef { /// assert_eq!(&bn_vec, &[0, 0, 0x45, 0x43]); /// ``` #[corresponds(BN_bn2binpad)] - #[cfg(any(ossl110, libressl340, boringssl))] + #[cfg(any(ossl110, libressl340, boringssl, awslc))] pub fn to_vec_padded(&self, pad_to: i32) -> Result, ErrorStack> { let mut v = Vec::with_capacity(pad_to as usize); unsafe { @@ -986,7 +986,7 @@ impl BigNum { /// /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21 #[corresponds(BN_get_rfc2409_prime_768)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc2409_prime_768() -> Result { unsafe { ffi::init(); @@ -1000,7 +1000,7 @@ impl BigNum { /// /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21 #[corresponds(BN_get_rfc2409_prime_1024)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc2409_prime_1024() -> Result { unsafe { ffi::init(); @@ -1014,7 +1014,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3 #[corresponds(BN_get_rfc3526_prime_1536)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_1536() -> Result { unsafe { ffi::init(); @@ -1028,7 +1028,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3 #[corresponds(BN_get_rfc3526_prime_2048)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_2048() -> Result { unsafe { ffi::init(); @@ -1042,7 +1042,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4 #[corresponds(BN_get_rfc3526_prime_3072)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_3072() -> Result { unsafe { ffi::init(); @@ -1056,7 +1056,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4 #[corresponds(BN_get_rfc3526_prime_4096)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_4096() -> Result { unsafe { ffi::init(); @@ -1070,7 +1070,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6 #[corresponds(BN_get_rfc3526_prime_6114)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_6144() -> Result { unsafe { ffi::init(); @@ -1084,7 +1084,7 @@ impl BigNum { /// /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6 #[corresponds(BN_get_rfc3526_prime_8192)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn get_rfc3526_prime_8192() -> Result { unsafe { ffi::init(); @@ -1509,7 +1509,7 @@ mod tests { } #[test] - #[cfg(any(ossl110, boringssl, libressl350))] + #[cfg(any(ossl110, boringssl, libressl350, awslc))] fn test_odd_even() { let a = BigNum::from_u32(17).unwrap(); let b = BigNum::from_u32(18).unwrap(); diff --git a/openssl/src/cipher.rs b/openssl/src/cipher.rs index c4cb26043..423db39ed 100644 --- a/openssl/src/cipher.rs +++ b/openssl/src/cipher.rs @@ -17,7 +17,7 @@ use std::ops::{Deref, DerefMut}; use std::ptr; cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273))] { + if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; } else { use libc::c_int; @@ -161,12 +161,12 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cbc() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_xts() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_xts() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_xts() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_xts() as *mut _) } } @@ -175,17 +175,17 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ctr() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_cfb1() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb1() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_cfb128() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb128() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_cfb8() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb8() as *mut _) } } @@ -194,7 +194,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_gcm() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_ccm() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ccm() as *mut _) } } @@ -233,7 +233,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ctr() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_cfb1() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb1() as *mut _) } } @@ -242,7 +242,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb128() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_cfb8() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb8() as *mut _) } } @@ -251,7 +251,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_gcm() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_ccm() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ccm() as *mut _) } } @@ -290,7 +290,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ctr() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_cfb1() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb1() as *mut _) } } @@ -299,7 +299,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb128() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_cfb8() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb8() as *mut _) } } @@ -308,7 +308,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_gcm() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_ccm() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ccm() as *mut _) } } @@ -375,17 +375,17 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cbc() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_cfb8() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cfb8() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_cfb64() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cfb64() as *mut _) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_ofb() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_ofb() as *mut _) } } diff --git a/openssl/src/cipher_ctx.rs b/openssl/src/cipher_ctx.rs index d31830ad0..d4ad2c313 100644 --- a/openssl/src/cipher_ctx.rs +++ b/openssl/src/cipher_ctx.rs @@ -52,7 +52,7 @@ use crate::cipher::CipherRef; use crate::error::ErrorStack; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::pkey::{HasPrivate, HasPublic, PKey, PKeyRef}; use crate::{cvt, cvt_p}; #[cfg(ossl102)] @@ -202,7 +202,7 @@ impl CipherCtxRef { /// Panics if `pub_keys` is not the same size as `encrypted_keys`, the IV buffer is smaller than the cipher's IV /// size, or if an IV is provided before the cipher. #[corresponds(EVP_SealInit)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn seal_init( &mut self, type_: Option<&CipherRef>, @@ -259,7 +259,7 @@ impl CipherCtxRef { /// Panics if the IV buffer is smaller than the cipher's required IV size or if the IV is provided before the /// cipher. #[corresponds(EVP_OpenInit)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn open_init( &mut self, type_: Option<&CipherRef>, @@ -329,7 +329,7 @@ impl CipherCtxRef { /// Panics if the context has not been initialized with a cipher or if the buffer is smaller than the cipher's key /// length. #[corresponds(EVP_CIPHER_CTX_rand_key)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn rand_key(&self, buf: &mut [u8]) -> Result<(), ErrorStack> { assert!(buf.len() >= self.key_length()); @@ -728,11 +728,11 @@ impl CipherCtxRef { mod test { use super::*; use crate::{cipher::Cipher, rand::rand_bytes}; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use std::slice; #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn seal_open() { let private_pem = include_bytes!("../test/rsa.pem"); let public_pem = include_bytes!("../test/rsa.pem.pub"); diff --git a/openssl/src/conf.rs b/openssl/src/conf.rs index 88740298b..8fc0d0542 100644 --- a/openssl/src/conf.rs +++ b/openssl/src/conf.rs @@ -8,7 +8,7 @@ foreign_type_and_impl_send_sync! { pub struct ConfRef; } -#[cfg(not(any(boringssl, libressl400)))] +#[cfg(not(any(boringssl, libressl400, awslc)))] mod methods { use super::Conf; use crate::cvt_p; @@ -61,5 +61,5 @@ mod methods { } } } -#[cfg(not(any(boringssl, libressl400)))] +#[cfg(not(any(boringssl, libressl400, awslc)))] pub use methods::*; diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index c8d135f30..92ea04424 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -269,7 +269,7 @@ where } cfg_if! { - if #[cfg(any(ossl110, libressl270, boringssl))] { + if #[cfg(any(ossl110, libressl270, boringssl, awslc))] { use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key}; } else { #[allow(bad_style)] @@ -334,7 +334,7 @@ cfg_if! { mod tests { use crate::bn::BigNum; use crate::dh::Dh; - #[cfg(all(not(boringssl), ossl110))] + #[cfg(all(not(any(boringssl, awslc)), ossl110))] use crate::pkey::PKey; use crate::ssl::{SslContext, SslMethod}; @@ -385,7 +385,7 @@ mod tests { } #[test] - #[cfg(all(not(boringssl), ossl110))] + #[cfg(all(not(any(boringssl, awslc)), ossl110))] fn test_from_dhx_serializes_q() { let p = BigNum::from_hex_str("00ad107e1e9123a9d0d660faa79559c51fa20d64e5683b9fd1b54b1597b61d0a75e6fa141df95a56dbaf9a3c407ba1df15eb3d688a309c180e1de6b85a1274a0a66d3f8152ad6ac2129037c9edefda4df8d91e8fef55b7394b7ad5b7d0b6c12207c9f98d11ed34dbf6c6ba0b2c8bbc27be6a00e0a0b9c49708b3bf8a317091883681286130bc8985db1602e714415d9330278273c7de31efdc7310f7121fd5a07415987d9adc0a486dcdf93acc44328387315d75e198c641a480cd86a1b9e587e8be60e69cc928b2b9c52172e413042e9b23f10b0e16e79763c9b53dcf4ba80a29e3fb73c16b8e75b97ef363e2ffa31f71cf9de5384e71b81c0ac4dffe0c10e64f").unwrap(); let g = BigNum::from_hex_str("00ac4032ef4f2d9ae39df30b5c8ffdac506cdebe7b89998caf74866a08cfe4ffe3a6824a4e10b9a6f0dd921f01a70c4afaab739d7700c29f52c57db17c620a8652be5e9001a8d66ad7c17669101999024af4d027275ac1348bb8a762d0521bc98ae247150422ea1ed409939d54da7460cdb5f6c6b250717cbef180eb34118e98d119529a45d6f834566e3025e316a330efbb77a86f0c1ab15b051ae3d428c8f8acb70a8137150b8eeb10e183edd19963ddd9e263e4770589ef6aa21e7f5f2ff381b539cce3409d13cd566afbb48d6c019181e1bcfe94b30269edfe72fe9b6aa4bd7b5a0f1c71cfff4c19c418e1f6ec017981bc087f2a7065b384b890d3191f2bfa").unwrap(); diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index 1a63e8ad8..a5a7a58f7 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -7,7 +7,7 @@ use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use libc::c_int; use std::fmt; use std::mem; @@ -186,9 +186,9 @@ where } } } -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type BitType = libc::c_uint; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type BitType = c_int; impl Dsa { @@ -315,7 +315,7 @@ impl fmt::Debug for Dsa { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { use ffi::{DSA_get0_key, DSA_get0_pqg, DSA_set0_key, DSA_set0_pqg}; } else { #[allow(bad_style)] @@ -494,7 +494,7 @@ impl DsaSigRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { use ffi::{DSA_SIG_set0, DSA_SIG_get0}; } else { #[allow(bad_style)] @@ -533,11 +533,11 @@ cfg_if! { mod test { use super::*; use crate::bn::BigNumContext; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::hash::MessageDigest; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::pkey::PKey; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::sign::{Signer, Verifier}; #[test] @@ -607,7 +607,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_signature() { const TEST_DATA: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; let dsa_ref = Dsa::generate(1024).unwrap(); @@ -648,7 +648,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_signature_der() { use std::convert::TryInto; diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 0dda1dbbc..a52bb6708 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -30,7 +30,7 @@ use crate::{cvt, cvt_n, cvt_p, init}; use openssl_macros::corresponds; cfg_if! { - if #[cfg(not(boringssl))] { + if #[cfg(not(any(boringssl, awslc)))] { use std::ffi::CString; use crate::string::OpensslString; } @@ -473,7 +473,7 @@ impl EcPointRef { /// Serializes the point to a hexadecimal string representation. #[corresponds(EC_POINT_point2hex)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn to_hex_str( &self, group: &EcGroupRef, @@ -519,7 +519,7 @@ impl EcPointRef { /// Places affine coordinates of a curve over a prime field in the provided /// `x` and `y` `BigNum`s. #[corresponds(EC_POINT_get_affine_coordinates)] - #[cfg(any(ossl111, boringssl, libressl350))] + #[cfg(any(ossl111, boringssl, libressl350, awslc))] pub fn affine_coordinates( &self, group: &EcGroupRef, @@ -662,7 +662,7 @@ impl EcPoint { /// Creates point from a hexadecimal string representation #[corresponds(EC_POINT_hex2point)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn from_hex_str( group: &EcGroupRef, s: &str, @@ -1171,7 +1171,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn point_hex_str() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); @@ -1260,7 +1260,7 @@ mod test { assert!(ec_key.check_key().is_ok()); } - #[cfg(any(ossl111, boringssl, libressl350))] + #[cfg(any(ossl111, boringssl, libressl350, awslc))] #[test] fn get_affine_coordinates() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); @@ -1336,7 +1336,7 @@ mod test { } #[test] - #[cfg(any(boringssl, ossl111, libressl350))] + #[cfg(any(boringssl, ossl111, libressl350, awslc))] fn asn1_flag() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let flag = group.asn1_flag(); diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 26c6ddd5f..0d962c718 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -110,7 +110,7 @@ impl EcdsaSigRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0}; } else { #[allow(bad_style)] diff --git a/openssl/src/encrypt.rs b/openssl/src/encrypt.rs index e50d6d13c..cd08d6530 100644 --- a/openssl/src/encrypt.rs +++ b/openssl/src/encrypt.rs @@ -148,7 +148,7 @@ impl<'a> Encrypter<'a> { /// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`]. /// /// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md( @@ -352,7 +352,7 @@ impl<'a> Decrypter<'a> { /// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`]. /// /// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md( @@ -478,7 +478,7 @@ mod test { use hex::FromHex; use crate::encrypt::{Decrypter, Encrypter}; - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] use crate::hash::MessageDigest; use crate::pkey::PKey; use crate::rsa::{Padding, Rsa}; @@ -513,7 +513,7 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] fn rsa_encrypt_decrypt_with_sha256() { let key = include_bytes!("../test/rsa.pem"); let private_key = Rsa::private_key_from_pem(key).unwrap(); diff --git a/openssl/src/error.rs b/openssl/src/error.rs index e097ce688..065f12cbc 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -18,7 +18,7 @@ use cfg_if::cfg_if; use libc::{c_char, c_int}; use std::borrow::Cow; -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] use std::convert::TryInto; use std::error; use std::ffi::CStr; @@ -27,9 +27,9 @@ use std::io; use std::ptr; use std::str; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type ErrType = libc::c_ulong; -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type ErrType = libc::c_uint; /// Collection of [`Error`]s from OpenSSL. @@ -127,13 +127,13 @@ impl Error { let data = if flags & ffi::ERR_TXT_STRING != 0 { let bytes = CStr::from_ptr(data as *const _).to_bytes(); let data = str::from_utf8(bytes).unwrap(); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let data = if flags & ffi::ERR_TXT_MALLOCED != 0 { Cow::Owned(data.to_string()) } else { Cow::Borrowed(data) }; - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let data = Cow::Borrowed(data); Some(data) } else { @@ -204,9 +204,9 @@ impl Error { #[cfg(not(ossl300))] fn put_error(&self) { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let line = self.line; - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let line = self.line.try_into().unwrap(); unsafe { ffi::ERR_put_error( @@ -410,9 +410,9 @@ mod tests { fn test_error_library_code() { let stack = Nid::create("not-an-oid", "invalid", "invalid").unwrap_err(); let errors = stack.errors(); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] assert_eq!(errors[0].library_code(), ffi::ERR_LIB_ASN1); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] assert_eq!(errors[0].library_code(), ffi::ERR_LIB_OBJ as libc::c_int); } } diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index f66c5ce01..c5662267e 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -44,7 +44,7 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; cfg_if! { - if #[cfg(any(ossl110, boringssl, libressl382))] { + if #[cfg(any(ossl110, boringssl, libressl382, awslc))] { use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new}; } else { use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; @@ -94,7 +94,7 @@ impl MessageDigest { } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn null() -> MessageDigest { unsafe { MessageDigest(ffi::EVP_md_null()) } } @@ -323,9 +323,9 @@ impl Hasher { self.init()?; } unsafe { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let mut len = ffi::EVP_MAX_MD_SIZE; - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let mut len = ffi::EVP_MAX_MD_SIZE as u32; let mut buf = [0; ffi::EVP_MAX_MD_SIZE as usize]; cvt(ffi::EVP_DigestFinal_ex( @@ -343,7 +343,7 @@ impl Hasher { /// Writes the hash of the data into the supplied buf and resets the XOF hasher. /// The hash will be as long as the buf. - #[cfg(ossl111)] + #[cfg(any(ossl111, awslc))] pub fn finish_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> { if self.state == Finalized { self.init()?; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index c58e5bf59..229235983 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -161,7 +161,7 @@ pub mod dsa; pub mod ec; pub mod ecdsa; pub mod encrypt; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] pub mod envelope; pub mod error; pub mod ex_data; @@ -179,7 +179,7 @@ pub mod nid; pub mod ocsp; pub mod pkcs12; pub mod pkcs5; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] pub mod pkcs7; pub mod pkey; pub mod pkey_ctx; @@ -197,14 +197,14 @@ pub mod symm; pub mod version; pub mod x509; -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type LenType = libc::size_t; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type LenType = libc::c_int; -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type SLenType = libc::ssize_t; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type SLenType = libc::c_int; #[inline] diff --git a/openssl/src/md.rs b/openssl/src/md.rs index a9df31140..0d375d67c 100644 --- a/openssl/src/md.rs +++ b/openssl/src/md.rs @@ -117,7 +117,7 @@ impl Md { } #[inline] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn null() -> &'static MdRef { unsafe { MdRef::from_ptr(ffi::EVP_md_null() as *mut _) } } diff --git a/openssl/src/md_ctx.rs b/openssl/src/md_ctx.rs index 36be3e996..0182907ad 100644 --- a/openssl/src/md_ctx.rs +++ b/openssl/src/md_ctx.rs @@ -52,7 +52,7 @@ //! #![cfg_attr( - not(boringssl), + not(any(boringssl, awslc)), doc = r#"\ Compute and verify an HMAC-SHA256 @@ -93,7 +93,7 @@ use std::convert::TryFrom; use std::ptr; cfg_if! { - if #[cfg(any(ossl110, boringssl, libressl382))] { + if #[cfg(any(ossl110, boringssl, libressl382, awslc))] { use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new}; } else { use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; @@ -258,7 +258,7 @@ impl MdCtxRef { /// Requires OpenSSL 1.1.1 or newer. #[corresponds(EVP_DigestFinalXOF)] #[inline] - #[cfg(ossl111)] + #[cfg(any(ossl111, awslc))] pub fn digest_final_xof(&mut self, out: &mut [u8]) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_DigestFinalXOF( diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index d093c6763..dfc030511 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -118,11 +118,11 @@ impl Nid { pub const UNDEF: Nid = Nid(ffi::NID_undef); pub const ITU_T: Nid = Nid(ffi::NID_itu_t); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub const CCITT: Nid = Nid(ffi::NID_ccitt); pub const ISO: Nid = Nid(ffi::NID_iso); pub const JOINT_ISO_ITU_T: Nid = Nid(ffi::NID_joint_iso_itu_t); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub const JOINT_ISO_CCITT: Nid = Nid(ffi::NID_joint_iso_ccitt); pub const MEMBER_BODY: Nid = Nid(ffi::NID_member_body); pub const IDENTIFIED_ORGANIZATION: Nid = Nid(ffi::NID_identified_organization); diff --git a/openssl/src/ocsp.rs b/openssl/src/ocsp.rs index 570b8c2d0..556499c9d 100644 --- a/openssl/src/ocsp.rs +++ b/openssl/src/ocsp.rs @@ -18,17 +18,17 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct OcspFlag: c_ulong { - const NO_CERTS = ffi::OCSP_NOCERTS; - const NO_INTERN = ffi::OCSP_NOINTERN; - const NO_CHAIN = ffi::OCSP_NOCHAIN; - const NO_VERIFY = ffi::OCSP_NOVERIFY; - const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT; - const NO_CA_SIGN = ffi::OCSP_NOCASIGN; - const NO_DELEGATED = ffi::OCSP_NODELEGATED; - const NO_CHECKS = ffi::OCSP_NOCHECKS; - const TRUST_OTHER = ffi::OCSP_TRUSTOTHER; - const RESPID_KEY = ffi::OCSP_RESPID_KEY; - const NO_TIME = ffi::OCSP_NOTIME; + const NO_CERTS = ffi::OCSP_NOCERTS as c_ulong; + const NO_INTERN = ffi::OCSP_NOINTERN as c_ulong; + const NO_CHAIN = ffi::OCSP_NOCHAIN as c_ulong; + const NO_VERIFY = ffi::OCSP_NOVERIFY as c_ulong; + const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT as c_ulong; + const NO_CA_SIGN = ffi::OCSP_NOCASIGN as c_ulong; + const NO_DELEGATED = ffi::OCSP_NODELEGATED as c_ulong; + const NO_CHECKS = ffi::OCSP_NOCHECKS as c_ulong; + const TRUST_OTHER = ffi::OCSP_TRUSTOTHER as c_ulong; + const RESPID_KEY = ffi::OCSP_RESPID_KEY as c_ulong; + const NO_TIME = ffi::OCSP_NOTIME as c_ulong; } } diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index 5f171da9b..2e0de82fa 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -6,7 +6,7 @@ use std::ffi::CString; use std::ptr; use crate::error::ErrorStack; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::hash::MessageDigest; use crate::nid::Nid; use crate::pkey::{HasPrivate, PKey, PKeyRef, Private}; @@ -102,7 +102,7 @@ impl Pkcs12 { nid_cert: Nid::UNDEF, iter: ffi::PKCS12_DEFAULT_ITER, mac_iter: ffi::PKCS12_DEFAULT_ITER, - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] mac_md: None, } } @@ -132,7 +132,7 @@ pub struct Pkcs12Builder { iter: c_int, mac_iter: c_int, // FIXME remove - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] mac_md: Option, } @@ -194,7 +194,7 @@ impl Pkcs12Builder { } /// MAC message digest type - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn mac_md(&mut self, md: MessageDigest) -> &mut Self { self.mac_md = Some(md); self @@ -257,7 +257,7 @@ impl Pkcs12Builder { )) .map(Pkcs12)?; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] // BoringSSL does not support overriding the MAC and will always // use SHA-1 { diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index 594b5fc4d..a72e0b1a1 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -1,13 +1,13 @@ -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use libc::c_int; use std::convert::TryInto; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use std::ptr; use crate::cvt; use crate::error::ErrorStack; use crate::hash::MessageDigest; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::symm::Cipher; use openssl_macros::corresponds; @@ -29,7 +29,7 @@ pub struct KeyIvPair { /// `pbkdf2_hmac` or another more modern key derivation algorithm. #[corresponds(EVP_BytesToKey)] #[allow(clippy::useless_conversion)] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] pub fn bytes_to_key( cipher: Cipher, digest: MessageDigest, @@ -115,7 +115,7 @@ pub fn pbkdf2_hmac( /// /// Requires OpenSSL 1.1.0 or newer. #[corresponds(EVP_PBE_scrypt)] -#[cfg(all(any(ossl110, boringssl), not(osslconf = "OPENSSL_NO_SCRYPT")))] +#[cfg(all(any(ossl110, boringssl, awslc), not(osslconf = "OPENSSL_NO_SCRYPT")))] #[allow(clippy::useless_conversion)] pub fn scrypt( pass: &[u8], @@ -147,7 +147,7 @@ pub fn scrypt( #[cfg(test)] mod tests { use crate::hash::MessageDigest; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::symm::Cipher; // Test vectors from @@ -249,7 +249,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn bytes_to_key() { let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; @@ -286,7 +286,7 @@ mod tests { } #[test] - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] fn scrypt() { let pass = "pleaseletmein"; let salt = "SodiumChloride"; diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index f2cedd271..9bdd7468e 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -47,7 +47,7 @@ use crate::dh::Dh; use crate::dsa::Dsa; use crate::ec::EcKey; use crate::error::ErrorStack; -#[cfg(any(ossl110, boringssl, libressl370))] +#[cfg(any(ossl110, boringssl, libressl370, awslc))] use crate::pkey_ctx::PkeyCtx; use crate::rsa::Rsa; use crate::symm::Cipher; @@ -60,7 +60,7 @@ use openssl_macros::corresponds; use std::convert::{TryFrom, TryInto}; use std::ffi::CString; use std::fmt; -#[cfg(all(not(boringssl), ossl110))] +#[cfg(all(not(any(boringssl, awslc)), ossl110))] use std::mem; use std::ptr; @@ -79,11 +79,11 @@ pub struct Id(c_int); impl Id { pub const RSA: Id = Id(ffi::EVP_PKEY_RSA); - #[cfg(any(ossl111, libressl310, boringssl))] + #[cfg(any(ossl111, libressl310, boringssl, awslc))] pub const RSA_PSS: Id = Id(ffi::EVP_PKEY_RSA_PSS); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub const CMAC: Id = Id(ffi::EVP_PKEY_CMAC); pub const DSA: Id = Id(ffi::EVP_PKEY_DSA); pub const DH: Id = Id(ffi::EVP_PKEY_DH); @@ -93,14 +93,14 @@ impl Id { #[cfg(ossl111)] pub const SM2: Id = Id(ffi::EVP_PKEY_SM2); - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF); - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519); #[cfg(ossl111)] pub const ED448: Id = Id(ffi::EVP_PKEY_ED448); - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub const X25519: Id = Id(ffi::EVP_PKEY_X25519); #[cfg(ossl111)] pub const X448: Id = Id(ffi::EVP_PKEY_X448); @@ -265,7 +265,7 @@ where /// This function only works for algorithms that support raw public keys. /// Currently this is: [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`]. #[corresponds(EVP_PKEY_get_raw_public_key)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn raw_public_key(&self) -> Result, ErrorStack> { unsafe { let mut len = 0; @@ -316,7 +316,7 @@ where /// This function only works for algorithms that support raw private keys. /// Currently this is: [`Id::HMAC`], [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`]. #[corresponds(EVP_PKEY_get_raw_private_key)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn raw_private_key(&self) -> Result, ErrorStack> { unsafe { let mut len = 0; @@ -384,7 +384,7 @@ impl fmt::Debug for PKey { fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { let alg = match self.id() { Id::RSA => "RSA", - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] Id::HMAC => "HMAC", Id::DSA => "DSA", Id::DH => "DH", @@ -433,7 +433,7 @@ impl PKey { /// Creates a new `PKey` containing a Diffie-Hellman key. #[corresponds(EVP_PKEY_set1_DH)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn from_dh(dh: Dh) -> Result, ErrorStack> { unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; @@ -444,7 +444,7 @@ impl PKey { } /// Creates a new `PKey` containing a Diffie-Hellman key with type DHX. - #[cfg(all(not(boringssl), ossl110))] + #[cfg(all(not(any(boringssl, awslc)), ossl110))] pub fn from_dhx(dh: Dh) -> Result, ErrorStack> { unsafe { let evp = cvt_p(ffi::EVP_PKEY_new())?; @@ -478,7 +478,7 @@ impl PKey { /// /// To compute HMAC values, use the `sign` module. #[corresponds(EVP_PKEY_new_mac_key)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn hmac(key: &[u8]) -> Result, ErrorStack> { unsafe { assert!(key.len() <= c_int::MAX as usize); @@ -499,7 +499,7 @@ impl PKey { /// # Note /// /// To compute CMAC values, use the `sign` module. - #[cfg(all(not(boringssl), ossl110))] + #[cfg(all(not(any(boringssl, awslc)), ossl110))] #[allow(clippy::trivially_copy_pass_by_ref)] pub fn cmac(cipher: &Cipher, key: &[u8]) -> Result, ErrorStack> { let mut ctx = PkeyCtx::new_id(Id::CMAC)?; @@ -509,7 +509,7 @@ impl PKey { ctx.keygen() } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] fn generate_eddsa(id: Id) -> Result, ErrorStack> { let mut ctx = PkeyCtx::new_id(id)?; ctx.keygen_init()?; @@ -539,7 +539,7 @@ impl PKey { /// assert_eq!(secret.len(), 32); /// # Ok(()) } /// ``` - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn generate_x25519() -> Result, ErrorStack> { PKey::generate_eddsa(Id::X25519) } @@ -593,7 +593,7 @@ impl PKey { /// assert_eq!(signature.len(), 64); /// # Ok(()) } /// ``` - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn generate_ed25519() -> Result, ErrorStack> { PKey::generate_eddsa(Id::ED25519) } @@ -743,7 +743,7 @@ impl PKey { /// /// Algorithm types that support raw private keys are HMAC, X25519, ED25519, X448 or ED448 #[corresponds(EVP_PKEY_new_raw_private_key)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn private_key_from_raw_bytes( bytes: &[u8], key_type: Id, @@ -794,7 +794,7 @@ impl PKey { /// /// Algorithm types that support raw public keys are X25519, ED25519, X448 or ED448 #[corresponds(EVP_PKEY_new_raw_public_key)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn public_key_from_raw_bytes( bytes: &[u8], key_type: Id, @@ -813,7 +813,7 @@ impl PKey { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl270))] { + if #[cfg(any(boringssl, ossl110, libressl270, awslc))] { use ffi::EVP_PKEY_up_ref; } else { #[allow(bad_style)] @@ -877,7 +877,7 @@ impl TryFrom> for Dsa { } } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] impl TryFrom> for PKey { type Error = ErrorStack; @@ -898,7 +898,7 @@ impl TryFrom> for Dh { mod tests { use std::convert::TryInto; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::dh::Dh; use crate::dsa::Dsa; use crate::ec::EcKey; @@ -1023,7 +1023,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_dh_accessor() { let dh = include_bytes!("../test/dhparams.pem"); let dh = Dh::params_from_pem(dh).unwrap(); @@ -1082,7 +1082,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_dh_conversion() { let dh_params = include_bytes!("../test/dhparams.pem"); let dh_params = Dh::params_from_pem(dh_params).unwrap(); @@ -1102,7 +1102,7 @@ mod tests { assert_eq!(&g, dh_.generator()); } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] fn test_raw_public_key(gen: fn() -> Result, ErrorStack>, key_type: Id) { // Generate a new key let key = gen().unwrap(); @@ -1118,7 +1118,7 @@ mod tests { ); } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] fn test_raw_private_key(gen: fn() -> Result, ErrorStack>, key_type: Id) { // Generate a new key let key = gen().unwrap(); @@ -1134,25 +1134,25 @@ mod tests { ); } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] #[test] fn test_raw_public_key_bytes() { test_raw_public_key(PKey::generate_x25519, Id::X25519); test_raw_public_key(PKey::generate_ed25519, Id::ED25519); - #[cfg(all(not(boringssl), not(libressl370)))] + #[cfg(not(any(boringssl, libressl370, awslc)))] test_raw_public_key(PKey::generate_x448, Id::X448); - #[cfg(all(not(boringssl), not(libressl370)))] + #[cfg(not(any(boringssl, libressl370, awslc)))] test_raw_public_key(PKey::generate_ed448, Id::ED448); } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] #[test] fn test_raw_private_key_bytes() { test_raw_private_key(PKey::generate_x25519, Id::X25519); test_raw_private_key(PKey::generate_ed25519, Id::ED25519); - #[cfg(all(not(boringssl), not(libressl370)))] + #[cfg(not(any(boringssl, libressl370, awslc)))] test_raw_private_key(PKey::generate_x448, Id::X448); - #[cfg(all(not(boringssl), not(libressl370)))] + #[cfg(not(any(boringssl, libressl370, awslc)))] test_raw_private_key(PKey::generate_ed448, Id::ED448); } diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index 47188111c..aa39a0f9c 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -21,7 +21,7 @@ //! ``` #![cfg_attr( - not(boringssl), + not(any(boringssl, awslc)), doc = r#"\ Generate a CMAC key @@ -64,7 +64,7 @@ let cmac_key = ctx.keygen().unwrap(); //! let valid = ctx.verify(text, &signature).unwrap(); //! assert!(valid); //! ``` -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::cipher::CipherRef; use crate::error::ErrorStack; use crate::md::MdRef; @@ -73,7 +73,7 @@ use crate::rsa::Padding; use crate::sign::RsaPssSaltlen; use crate::{cvt, cvt_p}; use foreign_types::{ForeignType, ForeignTypeRef}; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use libc::c_int; #[cfg(ossl320)] use libc::c_uint; @@ -501,7 +501,7 @@ impl PkeyCtxRef { /// /// This is only useful for RSA keys. #[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)] - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] #[inline] pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack> { unsafe { @@ -518,7 +518,7 @@ impl PkeyCtxRef { /// /// This is only useful for RSA keys. #[corresponds(EVP_PKEY_CTX_set0_rsa_oaep_label)] - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack> { use crate::LenType; let len = LenType::try_from(label.len()).unwrap(); @@ -542,7 +542,7 @@ impl PkeyCtxRef { } /// Sets the cipher used during key generation. - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] #[corresponds(EVP_PKEY_CTX_ctrl)] #[inline] pub fn set_keygen_cipher(&mut self, cipher: &CipherRef) -> Result<(), ErrorStack> { @@ -561,7 +561,7 @@ impl PkeyCtxRef { } /// Sets the key MAC key used during key generation. - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] #[corresponds(EVP_PKEY_CTX_ctrl)] #[inline] pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> { @@ -585,7 +585,7 @@ impl PkeyCtxRef { /// /// Requires OpenSSL 1.1.0 or newer. #[corresponds(EVP_PKEY_CTX_set_hkdf_md)] - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] #[inline] pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack> { unsafe { @@ -627,12 +627,12 @@ impl PkeyCtxRef { /// /// Requires OpenSSL 1.1.0 or newer. #[corresponds(EVP_PKEY_CTX_set1_hkdf_key)] - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] #[inline] pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let len = c_int::try_from(key.len()).unwrap(); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let len = key.len(); unsafe { @@ -652,12 +652,12 @@ impl PkeyCtxRef { /// /// Requires OpenSSL 1.1.0 or newer. #[corresponds(EVP_PKEY_CTX_set1_hkdf_salt)] - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] #[inline] pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack> { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let len = c_int::try_from(salt.len()).unwrap(); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let len = salt.len(); unsafe { @@ -677,12 +677,12 @@ impl PkeyCtxRef { /// /// Requires OpenSSL 1.1.0 or newer. #[corresponds(EVP_PKEY_CTX_add1_hkdf_info)] - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] #[inline] pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack> { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let len = c_int::try_from(info.len()).unwrap(); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let len = info.len(); unsafe { @@ -785,7 +785,7 @@ impl PkeyCtxRef { #[cfg(test)] mod test { use super::*; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use crate::cipher::Cipher; use crate::ec::{EcGroup, EcKey}; use crate::hash::{hash, MessageDigest}; @@ -819,7 +819,7 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310, boringssl))] + #[cfg(any(ossl102, libressl310, boringssl, awslc))] fn rsa_oaep() { let key = include_bytes!("../test/rsa.pem"); let rsa = Rsa::private_key_from_pem(key).unwrap(); @@ -910,7 +910,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn cmac_keygen() { let mut ctx = PkeyCtx::new_id(Id::CMAC).unwrap(); ctx.keygen_init().unwrap(); @@ -921,7 +921,7 @@ mod test { } #[test] - #[cfg(any(ossl110, boringssl, libressl360))] + #[cfg(any(ossl110, boringssl, libressl360, awslc))] fn hkdf() { let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap(); ctx.derive_init().unwrap(); diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 2e6614aed..ea1548c79 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -585,7 +585,7 @@ impl fmt::Debug for Rsa { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { use ffi::{ RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index bea91a5a4..d721ce820 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -36,7 +36,7 @@ //! ``` #![cfg_attr( - not(boringssl), + not(any(boringssl, awslc)), doc = r#"\ Compute an HMAC: @@ -269,7 +269,7 @@ impl Signer<'_> { self.len_intern() } - #[cfg(all(not(ossl111), not(boringssl), not(libressl370)))] + #[cfg(not(any(ossl111, boringssl, libressl370, awslc)))] fn len_intern(&self) -> Result { unsafe { let mut len = 0; @@ -282,7 +282,7 @@ impl Signer<'_> { } } - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] fn len_intern(&self) -> Result { unsafe { let mut len = 0; @@ -333,7 +333,7 @@ impl Signer<'_> { /// This method will fail if the buffer is not large enough for the signature. Use the `len` /// method to get an upper bound on the required size. #[corresponds(EVP_DigestSign)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn sign_oneshot( &mut self, sig_buf: &mut [u8], @@ -355,7 +355,7 @@ impl Signer<'_> { /// Returns the signature. /// /// This is a simple convenience wrapper over `len` and `sign_oneshot`. - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn sign_oneshot_to_vec(&mut self, data_buf: &[u8]) -> Result, ErrorStack> { let mut sig_buf = vec![0; self.len()?]; let len = self.sign_oneshot(&mut sig_buf, data_buf)?; @@ -544,7 +544,7 @@ impl<'a> Verifier<'a> { /// Determines if the data given in `buf` matches the provided signature. #[corresponds(EVP_DigestVerify)] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] pub fn verify_oneshot(&mut self, signature: &[u8], buf: &[u8]) -> Result { unsafe { let r = ffi::EVP_DigestVerify( @@ -593,7 +593,7 @@ unsafe fn EVP_DigestVerifyFinal( #[cfg(test)] mod test { use hex::{self, FromHex}; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] use std::iter; use crate::ec::{EcGroup, EcKey}; @@ -657,7 +657,7 @@ mod test { assert!(!verifier.verify(&Vec::from_hex(SIGNATURE).unwrap()).unwrap()); } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_hmac(ty: MessageDigest, tests: &[(Vec, Vec, Vec)]) { for (key, data, res) in tests.iter() { let pkey = PKey::hmac(key).unwrap(); @@ -668,7 +668,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn hmac_md5() { // test vectors from RFC 2202 let tests: [(Vec, Vec, Vec); 7] = [ @@ -715,7 +715,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn hmac_sha1() { // test vectors from RFC 2202 let tests: [(Vec, Vec, Vec); 7] = [ @@ -794,7 +794,7 @@ mod test { } #[test] - #[cfg(any(ossl111, boringssl, libressl370))] + #[cfg(any(ossl111, boringssl, libressl370, awslc))] fn eddsa() { let key = PKey::generate_ed25519().unwrap(); diff --git a/openssl/src/srtp.rs b/openssl/src/srtp.rs index 595757dc0..44ef43465 100644 --- a/openssl/src/srtp.rs +++ b/openssl/src/srtp.rs @@ -46,10 +46,10 @@ impl SrtpProfileId { SrtpProfileId(ffi::SRTP_AES128_F8_SHA1_32 as c_ulong); pub const SRTP_NULL_SHA1_80: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_80 as c_ulong); pub const SRTP_NULL_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_32 as c_ulong); - #[cfg(any(boringssl, ossl110))] + #[cfg(any(boringssl, ossl110, awslc))] pub const SRTP_AEAD_AES_128_GCM: SrtpProfileId = SrtpProfileId(ffi::SRTP_AEAD_AES_128_GCM as c_ulong); - #[cfg(any(boringssl, ossl110))] + #[cfg(any(boringssl, ossl110, awslc))] pub const SRTP_AEAD_AES_256_GCM: SrtpProfileId = SrtpProfileId(ffi::SRTP_AEAD_AES_256_GCM as c_ulong); diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index f7e51a5d3..22eb600f5 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -10,7 +10,7 @@ use libc::{c_int, c_uchar, c_uint, c_void}; use std::ffi::CStr; use std::mem; use std::ptr; -#[cfg(any(ossl111, boringssl))] +#[cfg(any(ossl111, boringssl, awslc))] use std::str; use std::sync::Arc; @@ -19,7 +19,7 @@ use crate::dh::Dh; use crate::ec::EcKey; use crate::error::ErrorStack; use crate::pkey::Params; -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] use crate::ssl::AlpnError; use crate::ssl::{ try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, @@ -28,7 +28,7 @@ use crate::ssl::{ #[cfg(ossl111)] use crate::ssl::{ClientHelloResponse, ExtensionContext}; use crate::util; -#[cfg(any(ossl111, boringssl))] +#[cfg(any(ossl111, boringssl, awslc))] use crate::util::ForeignTypeRefExt; #[cfg(ossl111)] use crate::x509::X509Ref; @@ -178,7 +178,7 @@ where } } -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, @@ -391,7 +391,7 @@ pub unsafe extern "C" fn raw_remove_session( } cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl))] { + if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { type DataPtr = *const c_uchar; } else { type DataPtr = *mut c_uchar; @@ -429,7 +429,7 @@ where } } -#[cfg(any(ossl111, boringssl))] +#[cfg(any(ossl111, boringssl, awslc))] pub unsafe extern "C" fn raw_keylog(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send, @@ -492,7 +492,7 @@ where (*callback)(ssl, slice) as c_int } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] pub extern "C" fn raw_cookie_generate( ssl: *mut ffi::SSL, cookie: *mut c_uchar, @@ -525,7 +525,7 @@ where } } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] cfg_if! { if #[cfg(any(ossl110, libressl280))] { type CookiePtr = *const c_uchar; @@ -534,7 +534,7 @@ cfg_if! { } } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] pub extern "C" fn raw_cookie_verify( ssl: *mut ffi::SSL, cookie: CookiePtr, diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 66d1bd893..8992f5a93 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -29,7 +29,7 @@ fn ctx(method: SslMethod) -> Result { let mut ctx = SslContextBuilder::new(method)?; cfg_if! { - if #[cfg(not(boringssl))] { + if #[cfg(not(any(boringssl, awslc)))] { let mut opts = SslOptions::ALL | SslOptions::NO_COMPRESSION | SslOptions::NO_SSLV2 diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index e15c48b6d..0b1d9f05d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -80,7 +80,7 @@ use crate::stack::{Stack, StackRef, Stackable}; use crate::util; use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::X509VerifyParamRef; use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use crate::{cvt, cvt_n, cvt_p, init}; @@ -137,7 +137,7 @@ pub fn cipher_name(std_name: &str) -> &'static str { cfg_if! { if #[cfg(ossl300)] { type SslOptionsRepr = u64; - } else if #[cfg(boringssl)] { + } else if #[cfg(any(boringssl, awslc))] { type SslOptionsRepr = u32; } else { type SslOptionsRepr = libc::c_ulong; @@ -153,7 +153,7 @@ bitflags! { const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr; /// A "reasonable default" set of options which enables compatibility flags. - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] const ALL = ffi::SSL_OP_ALL as SslOptionsRepr; /// Do not query the MTU. @@ -166,19 +166,19 @@ bitflags! { /// Only affects DTLS connections. /// /// [RFC 4347 Section 4.2.1]: https://tools.ietf.org/html/rfc4347#section-4.2.1 - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] const COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE as SslOptionsRepr; /// Disables the use of session tickets for session resumption. const NO_TICKET = ffi::SSL_OP_NO_TICKET as SslOptionsRepr; /// Always start a new session when performing a renegotiation on the server side. - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] const NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION as SslOptionsRepr; /// Disables the use of TLS compression. - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] const NO_COMPRESSION = ffi::SSL_OP_NO_COMPRESSION as SslOptionsRepr; /// Allow legacy insecure renegotiation with servers or clients that do not support secure @@ -222,19 +222,19 @@ bitflags! { /// Disables the use of TLSv1.3. /// /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. - #[cfg(any(boringssl, ossl111, libressl340))] + #[cfg(any(boringssl, ossl111, libressl340, awslc))] const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3 as SslOptionsRepr; /// Disables the use of DTLSv1.0 /// /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer. - #[cfg(any(boringssl, ossl102, ossl110, libressl332))] + #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))] const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1 as SslOptionsRepr; /// Disables the use of DTLSv1.2. /// /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer. - #[cfg(any(boringssl, ossl102, ossl110, libressl332))] + #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2 as SslOptionsRepr; /// Disables the use of all (D)TLS protocol versions. @@ -258,7 +258,7 @@ bitflags! { /// Disallow all renegotiation in TLSv1.2 and earlier. /// /// Requires OpenSSL 1.1.0h or newer. - #[cfg(any(boringssl, ossl110h))] + #[cfg(any(boringssl, ossl110h, awslc))] const NO_RENEGOTIATION = ffi::SSL_OP_NO_RENEGOTIATION as SslOptionsRepr; /// Enable TLSv1.3 Compatibility mode. @@ -366,14 +366,14 @@ impl SslMethod { /// Support all versions of the DTLS protocol, explicitly as a client. #[corresponds(DTLS_client_method)] - #[cfg(any(boringssl, ossl110, libressl291))] + #[cfg(any(boringssl, ossl110, libressl291, awslc))] pub fn dtls_client() -> SslMethod { unsafe { SslMethod(DTLS_client_method()) } } /// Support all versions of the DTLS protocol, explicitly as a server. #[corresponds(DTLS_server_method)] - #[cfg(any(boringssl, ossl110, libressl291))] + #[cfg(any(boringssl, ossl110, libressl291, awslc))] pub fn dtls_server() -> SslMethod { unsafe { SslMethod(DTLS_server_method()) } } @@ -421,14 +421,14 @@ bitflags! { } } -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type SslBitType = c_int; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type SslBitType = c_long; -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] type SslTimeTy = u64; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] type SslTimeTy = c_long; bitflags! { @@ -617,16 +617,16 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// /// Requires BoringSSL or OpenSSL 1.1.0 or newer. - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); /// Do not select a protocol, but continue the handshake. @@ -669,7 +669,7 @@ impl SslVersion { /// TLSv1.3 /// /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. - #[cfg(any(ossl111, libressl340, boringssl))] + #[cfg(any(ossl111, libressl340, boringssl, awslc))] pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION); /// DTLSv1.0 @@ -680,12 +680,12 @@ impl SslVersion { /// DTLSv1.2 /// /// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1. - #[cfg(any(ossl102, libressl332, boringssl))] + #[cfg(any(ossl102, libressl332, boringssl, awslc))] pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION); } cfg_if! { - if #[cfg(boringssl)] { + if #[cfg(any(boringssl, awslc))] { type SslCacheTy = i64; type SslCacheSize = libc::c_ulong; type MtuTy = u32; @@ -804,9 +804,9 @@ impl SslContextBuilder { // still stored in ex data to manage the lifetime. let arg = self.set_ex_data_inner(SslContext::cached_ex_index::(), callback); ffi::SSL_CTX_set_tlsext_servername_arg(self.as_ptr(), arg); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(raw_sni::)); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] ffi::SSL_CTX_set_tlsext_servername_callback__fixed_rust( self.as_ptr(), Some(raw_sni::), @@ -890,9 +890,9 @@ impl SslContextBuilder { unsafe { self.set_ex_data(SslContext::cached_ex_index::(), callback); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] ffi::SSL_CTX_set_tmp_dh_callback__fixed_rust(self.as_ptr(), Some(raw_tmp_dh::)); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), Some(raw_tmp_dh::)); } } @@ -1174,7 +1174,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. #[corresponds(SSL_CTX_set_min_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl))] + #[cfg(any(ossl110, libressl261, boringssl, awslc))] pub fn set_min_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_min_proto_version( @@ -1192,7 +1192,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. #[corresponds(SSL_CTX_set_max_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl))] + #[cfg(any(ossl110, libressl261, boringssl, awslc))] pub fn set_max_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_max_proto_version( @@ -1250,7 +1250,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. #[corresponds(SSL_CTX_set_alpn_protos)] - #[cfg(any(ossl102, libressl261, boringssl))] + #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::MAX as usize); @@ -1297,20 +1297,20 @@ impl SslContextBuilder { /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html #[corresponds(SSL_CTX_set_alpn_select_cb)] - #[cfg(any(ossl102, libressl261, boringssl))] + #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, { unsafe { self.set_ex_data(SslContext::cached_ex_index::(), callback); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] ffi::SSL_CTX_set_alpn_select_cb__fixed_rust( self.as_ptr(), Some(callbacks::raw_alpn_select::), ptr::null_mut(), ); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] ffi::SSL_CTX_set_alpn_select_cb( self.as_ptr(), Some(callbacks::raw_alpn_select::), @@ -1341,7 +1341,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn verify_param(&self) -> &X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) } } @@ -1350,7 +1350,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } @@ -1502,7 +1502,7 @@ impl SslContextBuilder { /// /// Requires OpenSSL 1.1.1 or newer. #[corresponds(SSL_CTX_set_keylog_callback)] - #[cfg(any(ossl111, boringssl))] + #[cfg(any(ossl111, boringssl, awslc))] pub fn set_keylog_callback(&mut self, callback: F) where F: Fn(&SslRef, &str) + 'static + Sync + Send, @@ -1572,7 +1572,7 @@ impl SslContextBuilder { /// The callback will be called with the SSL context and a slice into which the cookie /// should be written. The callback should return the number of bytes written. #[corresponds(SSL_CTX_set_cookie_generate_cb)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn set_cookie_generate_cb(&mut self, callback: F) where F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, @@ -1588,7 +1588,7 @@ impl SslContextBuilder { /// The callback will be called with the SSL context and the cookie supplied by the /// client. It should return true if and only if the cookie is valid. #[corresponds(SSL_CTX_set_cookie_verify_cb)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn set_cookie_verify_cb(&mut self, callback: F) where F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, @@ -1753,7 +1753,7 @@ impl SslContextBuilder { /// /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. #[corresponds(SSL_CTX_set1_groups_list)] - #[cfg(any(ossl111, boringssl, libressl251))] + #[cfg(any(ossl111, boringssl, libressl251, awslc))] pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { let groups = CString::new(groups).unwrap(); unsafe { @@ -1844,9 +1844,9 @@ impl SslContext { { unsafe { ffi::init(); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let idx = cvt_n(get_new_idx(Some(free_data_box::)))?; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let idx = cvt_n(get_new_idx(free_data_box::))?; Ok(Index::from_raw(idx)) } @@ -2305,9 +2305,9 @@ impl Ssl { { unsafe { ffi::init(); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let idx = cvt_n(get_new_ssl_idx(Some(free_data_box::)))?; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let idx = cvt_n(get_new_ssl_idx(free_data_box::))?; Ok(Index::from_raw(idx)) } @@ -2454,9 +2454,9 @@ impl SslRef { unsafe { // this needs to be in an Arc since the callback can register a new callback! self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback)); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] ffi::SSL_set_tmp_dh_callback(self.as_ptr(), Some(raw_tmp_dh_ssl::)); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] ffi::SSL_set_tmp_dh_callback__fixed_rust(self.as_ptr(), Some(raw_tmp_dh_ssl::)); } } @@ -2503,7 +2503,7 @@ impl SslRef { /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos #[corresponds(SSL_set_alpn_protos)] - #[cfg(any(ossl102, libressl261, boringssl))] + #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::MAX as usize); @@ -2657,7 +2657,7 @@ impl SslRef { /// /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. #[corresponds(SSL_get0_alpn_selected)] - #[cfg(any(ossl102, libressl261, boringssl))] + #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -2782,7 +2782,7 @@ impl SslRef { /// /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } @@ -2930,7 +2930,7 @@ impl SslRef { /// Returns the server's OCSP response, if present. #[corresponds(SSL_get_tlsext_status_ocsp_resp)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn ocsp_status(&self) -> Option<&[u8]> { unsafe { let mut p = ptr::null_mut(); @@ -2946,7 +2946,7 @@ impl SslRef { /// Sets the OCSP response to be returned to the client. #[corresponds(SSL_set_tlsext_status_oscp_resp)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(response.len() <= c_int::MAX as usize); @@ -3254,7 +3254,7 @@ impl SslRef { } /// Sets a new default TLS/SSL method for SSL objects - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn set_method(&mut self, method: SslMethod) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_ssl_method(self.as_ptr(), method.as_ptr()))?; @@ -3344,7 +3344,7 @@ impl SslRef { /// /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. #[corresponds(SSL_set_min_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl))] + #[cfg(any(ossl110, libressl261, boringssl, awslc))] pub fn set_min_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_min_proto_version( @@ -3362,7 +3362,7 @@ impl SslRef { /// /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. #[corresponds(SSL_set_max_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl))] + #[cfg(any(ossl110, libressl261, boringssl, awslc))] pub fn set_max_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_max_proto_version( @@ -4243,7 +4243,7 @@ bitflags! { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273))] { + if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { use ffi::{SSL_CTX_up_ref, SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server}; } else { #[allow(bad_style)] @@ -4301,7 +4301,7 @@ cfg_if! { } } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl291))] { + if #[cfg(any(boringssl, ossl110, libressl291, awslc))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method, DTLS_server_method, DTLS_client_method}; } else { use ffi::{ @@ -4341,7 +4341,7 @@ cfg_if! { static ONCE: Once = Once::new(); ONCE.call_once(|| { cfg_if! { - if #[cfg(not(boringssl))] { + if #[cfg(not(any(boringssl, awslc)))] { ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, None); } else { ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None); @@ -4350,7 +4350,7 @@ cfg_if! { }); cfg_if! { - if #[cfg(not(boringssl))] { + if #[cfg(not(any(boringssl, awslc)))] { ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) } else { ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, f) @@ -4362,15 +4362,15 @@ cfg_if! { // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest static ONCE: Once = Once::new(); ONCE.call_once(|| { - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, None); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None); }); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] return ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] return ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, f); } } diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 282558f80..69b947b90 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -17,7 +17,7 @@ use std::time::Duration; use crate::dh::Dh; use crate::error::ErrorStack; use crate::hash::MessageDigest; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::ocsp::{OcspResponse, OcspResponseStatus}; use crate::pkey::{Id, PKey}; use crate::srtp::SrtpProfileId; @@ -264,7 +264,7 @@ fn set_ctx_options() { } #[test] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] fn clear_ctx_options() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_options(SslOptions::ALL); @@ -309,17 +309,19 @@ fn pending() { #[test] fn state() { + const EXPECTED_STATE_STRING_LONG: &str = "SSL negotiation finished successfully"; + let server = Server::builder().build(); let s = server.client().connect(); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] assert_eq!(s.ssl().state_string().trim(), "SSLOK"); #[cfg(boringssl)] assert_eq!(s.ssl().state_string(), "!!!!!!"); - assert_eq!( - s.ssl().state_string_long(), - "SSL negotiation finished successfully" - ); + #[cfg(awslc)] + assert_eq!(s.ssl().state_string(), EXPECTED_STATE_STRING_LONG); + + assert_eq!(s.ssl().state_string_long(), EXPECTED_STATE_STRING_LONG); } // when a connection uses ECDHE P-384 key exchange, then the temp key APIs @@ -502,7 +504,7 @@ fn test_connect_with_srtp_ssl() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] fn test_alpn_server_advertise_multiple() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -517,7 +519,7 @@ fn test_alpn_server_advertise_multiple() { } #[test] -#[cfg(any(ossl110, boringssl))] +#[cfg(any(ossl110, boringssl, awslc))] fn test_alpn_server_select_none_fatal() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -533,7 +535,7 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(ossl102, libressl261, boringssl))] +#[cfg(any(ossl102, libressl261, boringssl, awslc))] fn test_alpn_server_select_none() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -552,7 +554,7 @@ fn test_alpn_server_select_none() { } #[test] -#[cfg(any(boringssl, ossl102, libressl261))] +#[cfg(any(boringssl, ossl102, libressl261, awslc))] fn test_alpn_server_unilateral() { let server = Server::builder().build(); @@ -967,7 +969,7 @@ fn cert_store() { } #[test] -#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl), ignore)] +#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)] fn tmp_dh_callback() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -1015,7 +1017,7 @@ fn tmp_ecdh_callback() { } #[test] -#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl), ignore)] +#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)] fn tmp_dh_callback_ssl() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -1094,7 +1096,7 @@ fn active_session() { } #[test] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] fn status_callbacks() { static CALLED_BACK_SERVER: AtomicBool = AtomicBool::new(false); static CALLED_BACK_CLIENT: AtomicBool = AtomicBool::new(false); @@ -1460,7 +1462,7 @@ fn psk_ciphers() { let mut client = server.client(); // This test relies on TLS 1.2 suites - #[cfg(any(boringssl, ossl111))] + #[cfg(any(boringssl, ossl111, awslc))] client.ctx().set_options(super::SslOptions::NO_TLSV1_3); client.ctx().set_cipher_list(CIPHER).unwrap(); client diff --git a/openssl/src/stack.rs b/openssl/src/stack.rs index 112aa7f64..9861f87c4 100644 --- a/openssl/src/stack.rs +++ b/openssl/src/stack.rs @@ -14,7 +14,7 @@ use crate::util::ForeignTypeExt; use crate::{cvt, cvt_p, LenType}; cfg_if! { - if #[cfg(any(ossl110, boringssl))] { + if #[cfg(any(ossl110, boringssl, awslc))] { use ffi::{ OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, OPENSSL_sk_new_null, OPENSSL_sk_push, diff --git a/openssl/src/string.rs b/openssl/src/string.rs index 95494b567..55b33623f 100644 --- a/openssl/src/string.rs +++ b/openssl/src/string.rs @@ -80,13 +80,13 @@ impl fmt::Debug for OpensslStringRef { } #[inline] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] unsafe fn free(buf: *mut c_char) { ffi::OPENSSL_free(buf as *mut c_void); } #[inline] -#[cfg(boringssl)] +#[cfg(any(boringssl, awslc))] unsafe fn free(buf: *mut c_char) { ffi::CRYPTO_free( buf as *mut c_void, diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index f446eea47..742774199 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -100,7 +100,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_cbc()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_xts() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_xts()) } } @@ -109,7 +109,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_ctr()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_cfb1() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_cfb1()) } } @@ -118,7 +118,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_cfb128()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_cfb8() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_cfb8()) } } @@ -127,7 +127,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_gcm()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_128_ccm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_ccm()) } } @@ -154,7 +154,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_192_ctr()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_cfb1() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_cfb1()) } } @@ -163,7 +163,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_192_cfb128()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_cfb8() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_cfb8()) } } @@ -172,7 +172,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_192_gcm()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_192_ccm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_ccm()) } } @@ -195,7 +195,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_cbc()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_xts() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_xts()) } } @@ -204,7 +204,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_ctr()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_cfb1() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_cfb1()) } } @@ -213,7 +213,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_cfb128()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_cfb8() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_cfb8()) } } @@ -222,7 +222,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_gcm()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn aes_256_ccm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_ccm()) } } @@ -277,17 +277,17 @@ impl Cipher { unsafe { Cipher(ffi::EVP_des_ede3_ecb()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_cfb64() -> Cipher { unsafe { Cipher(ffi::EVP_des_ede3_cfb64()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_cfb8() -> Cipher { unsafe { Cipher(ffi::EVP_des_ede3_cfb8()) } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] pub fn des_ede3_ofb() -> Cipher { unsafe { Cipher(ffi::EVP_des_ede3_ofb()) } } @@ -509,13 +509,13 @@ impl Cipher { } /// Determines whether the cipher is using CCM mode - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn is_ccm(self) -> bool { // NOTE: OpenSSL returns pointers to static structs, which makes this work as expected self == Cipher::aes_128_ccm() || self == Cipher::aes_256_ccm() } - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] fn is_ccm(self) -> bool { false } @@ -916,7 +916,7 @@ pub fn decrypt_aead( } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273))] { + if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; } else { use crate::LenType; @@ -1062,7 +1062,7 @@ mod tests { } } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn cipher_test_nopad(ciphertype: super::Cipher, pt: &str, ct: &str, key: &str, iv: &str) { let pt = Vec::from_hex(pt).unwrap(); let ct = Vec::from_hex(ct).unwrap(); @@ -1108,7 +1108,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_xts() { // Test case 174 from // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip @@ -1136,7 +1136,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes128_cfb1() { // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf @@ -1149,7 +1149,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes128_cfb128() { let pt = "6bc1bee22e409f96e93d7e117393172a"; let ct = "3b3fd92eb72dad20333449f8e83cfb4a"; @@ -1160,7 +1160,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes128_cfb8() { let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9"; @@ -1195,7 +1195,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes192_cfb1() { // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf @@ -1208,7 +1208,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes192_cfb128() { // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf @@ -1221,7 +1221,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes192_cfb8() { // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf @@ -1246,7 +1246,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_cfb1() { let pt = "6bc1"; let ct = "9029"; @@ -1257,7 +1257,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_cfb128() { let pt = "6bc1bee22e409f96e93d7e117393172a"; let ct = "dc7e84bfda79164b7ecd8486985d3860"; @@ -1268,7 +1268,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_cfb8() { let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let ct = "dc1f1a8520a64db55fcc8ac554844e889700"; @@ -1292,7 +1292,7 @@ mod tests { #[test] #[cfg_attr(ossl300, ignore)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_bf_cbc() { #[cfg(ossl300)] let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap(); @@ -1309,7 +1309,7 @@ mod tests { #[test] #[cfg_attr(ossl300, ignore)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_bf_ecb() { #[cfg(ossl300)] let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap(); @@ -1324,7 +1324,7 @@ mod tests { #[test] #[cfg_attr(ossl300, ignore)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_bf_cfb64() { #[cfg(ossl300)] let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap(); @@ -1339,7 +1339,7 @@ mod tests { #[test] #[cfg_attr(ossl300, ignore)] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_bf_ofb() { #[cfg(ossl300)] let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap(); @@ -1399,7 +1399,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_des_ede3_cfb64() { let pt = "2b1773784b5889dc788477367daa98ad"; let ct = "6f2867cfefda048a4046ef7e556c7132"; @@ -1446,7 +1446,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes128_ccm() { let key = "3ee186594f110fb788a8bf8aa8be5d4a"; let nonce = "44f705d52acf27b7f17196aa9b"; @@ -1483,7 +1483,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes128_ccm_verify_fail() { let key = "3ee186594f110fb788a8bf8aa8be5d4a"; let nonce = "44f705d52acf27b7f17196aa9b"; @@ -1504,7 +1504,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_ccm() { let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d"; let nonce = "dde2a362ce81b2b6913abc3095"; @@ -1541,7 +1541,7 @@ mod tests { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] fn test_aes256_ccm_verify_fail() { let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d"; let nonce = "dde2a362ce81b2b6913abc3095"; diff --git a/openssl/src/version.rs b/openssl/src/version.rs index 12ab3d8ae..aaadd3e4e 100644 --- a/openssl/src/version.rs +++ b/openssl/src/version.rs @@ -111,7 +111,7 @@ fn test_versions() { println!("Platform: '{}'", platform()); println!("Dir: '{}'", dir()); - #[cfg(not(any(libressl, boringssl)))] + #[cfg(not(any(libressl, boringssl, awslc)))] fn expected_name() -> &'static str { "OpenSSL" } @@ -123,6 +123,10 @@ fn test_versions() { fn expected_name() -> &'static str { "BoringSSL" } + #[cfg(awslc)] + fn expected_name() -> &'static str { + "AWS-LC" + } assert!(number() > 0); assert!(version().starts_with(expected_name())); diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 67c86ee3d..c4e0c5b4e 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -40,7 +40,7 @@ use crate::util::{self, ForeignTypeExt, ForeignTypeRefExt}; use crate::{cvt, cvt_n, cvt_p, cvt_p_const}; use openssl_macros::corresponds; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] pub mod verify; pub mod extension; @@ -479,7 +479,7 @@ impl X509Ref { /// Retrieves the path length extension from a certificate, if it exists. #[corresponds(X509_get_pathlen)] - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] pub fn pathlen(&self) -> Option { let v = unsafe { ffi::X509_get_pathlen(self.as_ptr()) }; u32::try_from(v).ok() @@ -487,7 +487,7 @@ impl X509Ref { /// Returns this certificate's subject key id, if it exists. #[corresponds(X509_get0_subject_key_id)] - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] pub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef> { unsafe { let data = ffi::X509_get0_subject_key_id(self.as_ptr()); @@ -497,7 +497,7 @@ impl X509Ref { /// Returns this certificate's authority key id, if it exists. #[corresponds(X509_get0_authority_key_id)] - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] pub fn authority_key_id(&self) -> Option<&Asn1OctetStringRef> { unsafe { let data = ffi::X509_get0_authority_key_id(self.as_ptr()); @@ -1253,7 +1253,7 @@ impl X509NameRef { /// Copies the name to a new `X509Name`. #[corresponds(X509_NAME_dup)] - #[cfg(any(boringssl, ossl110, libressl270))] + #[cfg(any(boringssl, ossl110, libressl270, awslc))] pub fn to_owned(&self) -> Result { unsafe { cvt_p(ffi::X509_NAME_dup(self.as_ptr())).map(|n| X509Name::from_ptr(n)) } } @@ -1635,7 +1635,7 @@ impl X509RevokedRef { /// Copies the entry to a new `X509Revoked`. #[corresponds(X509_NAME_dup)] - #[cfg(any(boringssl, ossl110, libressl270))] + #[cfg(any(boringssl, ossl110, libressl270, awslc))] pub fn to_owned(&self) -> Result { unsafe { cvt_p(ffi::X509_REVOKED_dup(self.as_ptr())).map(|n| X509Revoked::from_ptr(n)) } } @@ -2006,11 +2006,11 @@ impl GeneralName { let s = cvt_p(ffi::ASN1_STRING_type_new(asn1_type.as_raw()))?; ffi::ASN1_STRING_set(s, value.as_ptr().cast(), value.len().try_into().unwrap()); - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] { (*gn.as_ptr()).d.ptr = s.cast(); } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] { (*gn.as_ptr()).d = s.cast(); } @@ -2047,11 +2047,11 @@ impl GeneralName { let gn = cvt_p(ffi::GENERAL_NAME_new())?; (*gn).type_ = ffi::GEN_RID; - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] { (*gn).d.registeredID = oid.as_ptr(); } - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] { (*gn).d = oid.as_ptr().cast(); } @@ -2098,9 +2098,9 @@ impl GeneralNameRef { return None; } - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let d = (*self.as_ptr()).d.ptr; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let d = (*self.as_ptr()).d; let ptr = ASN1_STRING_get0_data(d as *mut _); @@ -2127,9 +2127,9 @@ impl GeneralNameRef { return None; } - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let d = (*self.as_ptr()).d.ptr; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let d = (*self.as_ptr()).d; Some(X509NameRef::from_const_ptr(d as *const _)) @@ -2152,9 +2152,9 @@ impl GeneralNameRef { if (*self.as_ptr()).type_ != ffi::GEN_IPADD { return None; } - #[cfg(boringssl)] + #[cfg(any(boringssl, awslc))] let d: *const ffi::ASN1_STRING = std::mem::transmute((*self.as_ptr()).d); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc)))] let d = (*self.as_ptr()).d; let ptr = ASN1_STRING_get0_data(d as *mut _); @@ -2306,7 +2306,7 @@ impl Stackable for X509Object { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273))] { + if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { use ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature}; } else { #[allow(bad_style)] @@ -2347,7 +2347,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl350))] { + if #[cfg(any(boringssl, ossl110, libressl350, awslc))] { use ffi::{ X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter, X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name, @@ -2387,7 +2387,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, boringssl, libressl270))] { + if #[cfg(any(ossl110, boringssl, libressl270, awslc))] { use ffi::X509_OBJECT_get0_X509; } else { #[allow(bad_style)] @@ -2402,7 +2402,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350, boringssl))] { + if #[cfg(any(ossl110, libressl350, boringssl, awslc))] { use ffi::X509_OBJECT_free; } else { #[allow(bad_style)] @@ -2414,7 +2414,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350, boringssl))] { + if #[cfg(any(ossl110, libressl350, boringssl, awslc))] { use ffi::{ X509_CRL_get_issuer, X509_CRL_get0_nextUpdate, X509_CRL_get0_lastUpdate, X509_CRL_get_REVOKED, @@ -2502,7 +2502,7 @@ impl X509PurposeRef { unsafe { let sname = CString::new(sname).unwrap(); cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl))] { + if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *const _))?; } else { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?; @@ -2534,7 +2534,7 @@ impl X509PurposeRef { pub fn purpose(&self) -> X509PurposeId { unsafe { cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl))] { + if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { let x509_purpose = self.as_ptr() as *const ffi::X509_PURPOSE; } else { let x509_purpose = self.as_ptr() as *mut ffi::X509_PURPOSE; diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs index 3a173bea7..ad62ac725 100644 --- a/openssl/src/x509/store.rs +++ b/openssl/src/x509/store.rs @@ -46,20 +46,20 @@ use foreign_types::{ForeignType, ForeignTypeRef}; use std::mem; use crate::error::ErrorStack; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::ssl::SslFiletype; #[cfg(ossl300)] use crate::stack::Stack; use crate::stack::StackRef; use crate::util::ForeignTypeRefExt; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use std::ffi::CString; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use std::path::Path; foreign_type_and_impl_send_sync! { @@ -123,7 +123,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related flags. #[corresponds(X509_STORE_set_flags)] - #[cfg(any(ossl102, boringssl, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } @@ -137,7 +137,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related parameters. #[corresponds[X509_STORE_set1_param]] - #[cfg(any(ossl102, boringssl, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) } } @@ -170,7 +170,7 @@ impl X509Lookup { } } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] impl X509LookupRef { /// Specifies a directory from which certificates and CRLs will be loaded /// on-demand. Must be used with `X509Lookup::hash_dir`. @@ -202,7 +202,7 @@ impl X509Lookup { } } -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] impl X509LookupRef { /// Specifies a file from which certificates will be loaded #[corresponds(X509_load_cert_file)] @@ -284,7 +284,7 @@ impl X509StoreRef { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl270))] { + if #[cfg(any(boringssl, ossl110, libressl270, awslc))] { use ffi::X509_STORE_get0_objects; } else { #[allow(bad_style)] diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 25c2da012..e11f8bf22 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -6,21 +6,21 @@ use crate::hash::MessageDigest; use crate::nid::Nid; use crate::pkey::{PKey, Private}; use crate::rsa::Rsa; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::ssl::SslFiletype; use crate::stack::Stack; use crate::x509::extension::{ AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName, SubjectKeyIdentifier, }; -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] use crate::x509::store::X509Lookup; use crate::x509::store::X509StoreBuilder; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] use crate::x509::X509PurposeId; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::X509PurposeRef; #[cfg(ossl110)] use crate::x509::{CrlReason, X509Builder}; @@ -31,7 +31,7 @@ use crate::x509::{ #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] use libc::time_t; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; @@ -58,10 +58,10 @@ fn test_debug() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let debugged = format!("{:#?}", cert); - #[cfg(boringssl)] - assert!(debugged.contains(r#"serial_number: "8771f7bdee982fa5""#)); - #[cfg(not(boringssl))] - assert!(debugged.contains(r#"serial_number: "8771F7BDEE982FA5""#)); + assert!( + debugged.contains(r#"serial_number: "8771F7BDEE982FA5""#) + || debugged.contains(r#"serial_number: "8771f7bdee982fa5""#) + ); assert!(debugged.contains(r#"signature_algorithm: sha256WithRSAEncryption"#)); assert!(debugged.contains(r#"countryName = "AU""#)); assert!(debugged.contains(r#"stateOrProvinceName = "Some-State""#)); @@ -172,7 +172,7 @@ fn test_subject_alt_name() { } #[test] -#[cfg(any(ossl110, boringssl))] +#[cfg(any(ossl110, boringssl, awslc))] fn test_retrieve_pathlen() { let cert = include_bytes!("../../test/root-ca.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -188,7 +188,7 @@ fn test_retrieve_pathlen() { } #[test] -#[cfg(any(ossl110, boringssl))] +#[cfg(any(ossl110, boringssl, awslc))] fn test_subject_key_id() { let cert = include_bytes!("../../test/certv3.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -201,7 +201,7 @@ fn test_subject_key_id() { } #[test] -#[cfg(any(ossl110, boringssl))] +#[cfg(any(ossl110, boringssl, awslc))] fn test_authority_key_id() { let cert = include_bytes!("../../test/certv3.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -557,7 +557,7 @@ fn test_verify_fails() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -584,7 +584,7 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_cert_with_purpose() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -611,7 +611,7 @@ fn test_verify_cert_with_purpose() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_cert_with_wrong_purpose_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -836,7 +836,7 @@ fn test_name_cmp() { } #[test] -#[cfg(any(boringssl, ossl110, libressl270))] +#[cfg(any(boringssl, ossl110, libressl270, awslc))] fn test_name_to_owned() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -846,7 +846,7 @@ fn test_name_to_owned() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_time_fails_verification() { const TEST_T_2030: time_t = 1893456000; @@ -877,7 +877,7 @@ fn test_verify_param_set_time_fails_verification() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_time() { const TEST_T_2020: time_t = 1577836800; @@ -901,7 +901,7 @@ fn test_verify_param_set_time() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_depth() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -928,7 +928,7 @@ fn test_verify_param_set_depth() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261, awslc))] #[allow(clippy::bool_to_int_with_if)] fn test_verify_param_set_depth_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); @@ -944,7 +944,11 @@ fn test_verify_param_set_depth_fails_verification() { store_bldr.add_cert(ca).unwrap(); let mut verify_params = X509VerifyParam::new().unwrap(); // OpenSSL 1.1.0+ considers the root certificate to not be part of the chain, while 1.0.2 and LibreSSL do - let expected_depth = if cfg!(any(ossl110, boringssl)) { 0 } else { 1 }; + let expected_depth = if cfg!(any(ossl110, boringssl, awslc)) { + 0 + } else { + 1 + }; verify_params.set_depth(expected_depth); store_bldr.set_param(&verify_params).unwrap(); let store = store_bldr.build(); @@ -970,7 +974,7 @@ fn test_verify_param_set_depth_fails_verification() { } #[test] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] fn test_load_cert_file() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -1003,7 +1007,7 @@ fn test_verify_param_auth_level() { } #[test] -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] fn test_set_purpose() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -1028,7 +1032,7 @@ fn test_set_purpose() { } #[test] -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] fn test_set_purpose_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -1081,7 +1085,7 @@ fn test_add_name_entry() { } #[test] -#[cfg(not(boringssl))] +#[cfg(not(any(boringssl, awslc)))] fn test_load_crl_file_fail() { let mut store_bldr = X509StoreBuilder::new().unwrap(); let lookup = store_bldr.add_lookup(X509Lookup::file()).unwrap(); diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs index 2cde93f28..b719c6955 100644 --- a/openssl/src/x509/verify.rs +++ b/openssl/src/x509/verify.rs @@ -4,7 +4,7 @@ use libc::{c_int, c_uint, c_ulong, time_t}; use std::net::IpAddr; use crate::error::ErrorStack; -#[cfg(any(ossl102, boringssl))] +#[cfg(any(ossl102, boringssl, awslc))] use crate::x509::X509PurposeId; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; @@ -48,7 +48,7 @@ bitflags! { const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _; - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _; #[cfg(ossl102)] const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; @@ -56,11 +56,11 @@ bitflags! { const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; #[cfg(ossl102)] const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _; - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _; - #[cfg(any(ossl110, boringssl))] + #[cfg(any(ossl110, boringssl, awslc))] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _; } } @@ -208,7 +208,7 @@ impl X509VerifyParamRef { /// Sets the verification purpose #[corresponds(X509_VERIFY_PARAM_set_purpose)] - #[cfg(any(ossl102, boringssl))] + #[cfg(any(ossl102, boringssl, awslc))] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) } }