diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cbd92f45f..2f6f1f7e2e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ env: RUST_BACKTRACE: 1 concurrency: - group: ${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true permissions: @@ -24,7 +24,7 @@ jobs: name: rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: sfackler/actions/rustup@master - uses: sfackler/actions/rustfmt@master @@ -32,7 +32,7 @@ jobs: name: clippy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version @@ -58,11 +58,11 @@ jobs: name: min-version runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs` - uses: sfackler/actions/rustup@master with: - version: 1.63.0 + version: 1.70.0 - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - uses: actions/cache@v4 @@ -86,15 +86,22 @@ jobs: - run: cargo check -p openssl windows-vcpkg: - name: windows-vcpkg - runs-on: windows-latest + strategy: + matrix: + os: + - runner: windows-latest + arch: x64 + - runner: windows-11-arm + arch: arm64 + name: windows-vcpkg-${{ matrix.os.arch }} + runs-on: ${{ matrix.os.runner }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - - run: vcpkg install openssl:x64-windows-static-md + - run: vcpkg install openssl:${{ matrix.os.arch }}-windows-static-md - uses: actions/cache@v4 with: path: ~/.cargo/registry/index @@ -119,7 +126,7 @@ jobs: name: macos-homebrew runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version @@ -156,7 +163,7 @@ jobs: - name: aws-lc version: vendored - name: boringssl - version: 71bae60c26549ce1875f07d8c394b934de4b0f7b + version: 338f44af3c92ef665bf740a8127a2d69c872b52a - name: openssl version: vendored - name: openssl @@ -178,51 +185,52 @@ jobs: version: 1.0.2u old: true dl-path: /old/1.0.2 - - name: openssl - version: 1.0.1u - old: true - dl-path: /old/1.0.1 include: - target: x86_64-unknown-linux-gnu bindgen: true library: name: libressl - version: 2.5.5 + version: 3.5.3 - target: x86_64-unknown-linux-gnu bindgen: true library: name: libressl - version: 3.9.2 + version: 4.0.0 - target: x86_64-unknown-linux-gnu bindgen: true library: name: libressl - version: 4.0.0 + version: 4.1.0 - target: x86_64-unknown-linux-gnu bindgen: true library: name: libressl - version: 4.1.0 + version: 4.2.0 - target: x86_64-unknown-linux-gnu bindgen: false library: name: libressl - version: 2.5.5 + version: 3.5.3 - target: x86_64-unknown-linux-gnu bindgen: false library: name: libressl - version: 3.9.2 + version: 4.0.0 - target: x86_64-unknown-linux-gnu bindgen: false library: name: libressl - version: 4.0.0 + version: 4.1.0 - target: x86_64-unknown-linux-gnu bindgen: false library: name: libressl - version: 4.1.0 + version: 4.2.0 + - target: x86_64-unknown-linux-gnu + bindgen: false + library: + name: openssl-no-deprecated + version: 3.5.0 name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }} runs-on: ubuntu-22.04 env: @@ -231,7 +239,7 @@ jobs: CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_AR: arm-linux-gnueabihf-ar CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER: qemu-arm -L /usr/arm-linux-gnueabihf steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version @@ -266,7 +274,7 @@ jobs: - name: Build OpenSSL run: | case "${{ matrix.library.name }}" in - "openssl") + "openssl"*) if [[ "${{ matrix.library.old }}" == "true" ]]; then url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz" else @@ -320,6 +328,11 @@ jobs: make make install_sw ;; + "openssl-no-deprecated") + ./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS --api=3.0 no-deprecated no-shared + make + make install_sw + ;; "libressl") ./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic make @@ -394,6 +407,7 @@ jobs: cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} - name: Test openssl + if: ${{ ! endsWith(matrix.library.name, 'no-deprecated') }} run: | if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then features="--features unstable_boringssl" @@ -419,4 +433,4 @@ jobs: features="$features --features openssl-sys/bindgen" fi cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features - if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} + if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc' || endsWith(matrix.library.name, 'no-deprecated')) }} diff --git a/openssl-errors/CHANGELOG.md b/openssl-errors/CHANGELOG.md index 50610a9061..065078853d 100644 --- a/openssl-errors/CHANGELOG.md +++ b/openssl-errors/CHANGELOG.md @@ -16,5 +16,5 @@ Initial release -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-errors-v0.2.0...master -[v0.2.0]: https://github.com/sfackler/rust-openssl/compare/openssl-errors-v0.1.0...openssl-errors-v0.2.0 +[Unreleased]: https://github.com/rust-openssl/rust-openssl/compare/openssl-errors-v0.2.0...master +[v0.2.0]: https://github.com/rust-openssl/rust-openssl/compare/openssl-errors-v0.1.0...openssl-errors-v0.2.0 diff --git a/openssl-errors/Cargo.toml b/openssl-errors/Cargo.toml index 24f724678f..014f46a527 100644 --- a/openssl-errors/Cargo.toml +++ b/openssl-errors/Cargo.toml @@ -5,10 +5,10 @@ authors = ["Steven Fackler "] edition = "2021" license = "MIT OR Apache-2.0" description = "Custom error library support for the openssl crate." -repository = "https://github.com/sfackler/rust-openssl" +repository = "https://github.com/rust-openssl/rust-openssl" readme = "README.md" categories = ["api-bindings"] -rust-version = "1.63.0" +rust-version = "1.70.0" [dependencies] cfg-if = "1.0" diff --git a/openssl-macros/Cargo.toml b/openssl-macros/Cargo.toml index 40134616b3..9774d194ed 100644 --- a/openssl-macros/Cargo.toml +++ b/openssl-macros/Cargo.toml @@ -4,8 +4,8 @@ version = "0.1.1" edition = "2021" license = "MIT OR Apache-2.0" description = "Internal macros used by the openssl crate." -repository = "https://github.com/sfackler/rust-openssl" -rust-version = "1.63.0" +repository = "https://github.com/rust-openssl/rust-openssl" +rust-version = "1.70.0" [lib] proc-macro = true diff --git a/openssl-macros/src/lib.rs b/openssl-macros/src/lib.rs index 99db988818..3f755235bc 100644 --- a/openssl-macros/src/lib.rs +++ b/openssl-macros/src/lib.rs @@ -12,7 +12,7 @@ pub fn corresponds(attr: TokenStream, item: TokenStream) -> TokenStream { let function = function.to_string(); let line = format!( - "This corresponds to [`{0}`](https://www.openssl.org/docs/manmaster/man3/{0}.html).", + "This corresponds to [`{0}`](https://docs.openssl.org/master/man3/{0}/).", function ); diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md index f153892abf..00f2788f5d 100644 --- a/openssl-sys/CHANGELOG.md +++ b/openssl-sys/CHANGELOG.md @@ -2,6 +2,30 @@ ## [Unreleased] +## [v0.9.110] - 2025-10-14 + +### Added + +* Added support for LibreSSL 4.2.0. +* Added bindings to many OpenSSL APIs. + +### Changed + +* Bumped bindgen to 0.72.0. +* Bumped MSRV to 1.70. + +### Fixed + +* Fixed missing `__off_t` on NetBSD 10. +* Fixed building with `OPENSSL_NO_COMP`. +* Fixed building with `OPENSSL_NO_SRTP`. +* Fixed finding OpenSSL on AIX. + +### Removed + +* Removed support for OpenSSL <1.0.2. +* Removed support for LibreSSL <3.5. + ## [v0.9.109] - 2025-05-28 ### Fixed @@ -655,71 +679,72 @@ Fixed builds against OpenSSL built with `no-cast`. * Added `X509_verify` and `X509_REQ_verify`. * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.109..master -[v0.9.109]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.108...openssl-sys-v0.9.109 -[v0.9.108]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.107...openssl-sys-v0.9.108 -[v0.9.107]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106...openssl-sys-v0.9.107 -[v0.9.106]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.105...openssl-sys-v0.9.106 -[v0.9.105]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.104...openssl-sys-v0.9.105 -[v0.9.104]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104 -[v0.9.103]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.102...openssl-sys-v0.9.103 -[v0.9.102]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.101...openssl-sys-v0.9.102 -[v0.9.101]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101 -[v0.9.100]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99...openssl-sys-v0.9.100 -[v0.9.99]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99 -[v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98 -[v0.9.97]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97 -[v0.9.96]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.95...openssl-sys-v0.9.96 -[v0.9.95]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.94...openssl-sys-v0.9.95 -[v0.9.94]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.93...openssl-sys-v0.9.94 -[v0.9.93]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.92...openssl-sys-v0.9.93 -[v0.9.92]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.91...openssl-sys-v0.9.92 -[v0.9.91]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.90...openssl-sys-v0.9.91 -[v0.9.90]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.89...openssl-sys-v0.9.90 -[v0.9.89]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.88...openssl-sys-v0.9.89 -[v0.9.88]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.87...openssl-sys-v0.9.88 -[v0.9.87]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.86...openssl-sys-v0.9.87 -[v0.9.86]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.85...openssl-sys-v0.9.86 -[v0.9.85]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.84...openssl-sys-v0.9.85 -[v0.9.84]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.83...openssl-sys-v0.9.84 -[v0.9.83]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.82...openssl-sys-v0.9.83 -[v0.9.82]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.81...openssl-sys-v0.9.82 -[v0.9.81]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.80...openssl-sys-v0.9.81 -[v0.9.80]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.79...openssl-sys-v0.9.80 -[v0.9.79]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.78...openssl-sys-v0.9.79 -[v0.9.78]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.77...openssl-sys-v0.9.78 -[v0.9.77]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.76...openssl-sys-v0.9.77 -[v0.9.76]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.75...openssl-sys-v0.9.76 -[v0.9.75]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.74...openssl-sys-v0.9.75 -[v0.9.74]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.73...openssl-sys-v0.9.74 -[v0.9.73]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.72...openssl-sys-v0.9.73 -[v0.9.72]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.71...openssl-sys-v0.9.72 -[v0.9.71]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.70...openssl-sys-v0.9.71 -[v0.9.70]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.69...openssl-sys-v0.9.70 -[v0.9.69]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.68...openssl-sys-v0.9.69 -[v0.9.68]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.67...openssl-sys-v0.9.68 -[v0.9.67]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.66...openssl-sys-v0.9.67 -[v0.9.66]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.65...openssl-sys-v0.9.66 -[v0.9.65]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.64...openssl-sys-v0.9.65 -[v0.9.64]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.63...openssl-sys-v0.9.64 -[v0.9.63]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.62...openssl-sys-v0.9.63 -[v0.9.62]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.61...openssl-sys-v0.9.62 -[v0.9.61]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.60...openssl-sys-v0.9.61 -[v0.9.60]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.59...openssl-sys-v0.9.60 -[v0.9.59]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.58...openssl-sys-v0.9.59 -[v0.9.58]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.57...openssl-sys-v0.9.58 -[v0.9.57]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.56...openssl-sys-v0.9.57 -[v0.9.56]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.55...openssl-sys-v0.9.56 -[v0.9.55]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.54...openssl-sys-v0.9.55 -[v0.9.54]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.53...openssl-sys-v0.9.54 -[v0.9.53]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.52...openssl-sys-v0.9.53 -[v0.9.52]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.51...openssl-sys-v0.9.52 -[v0.9.51]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.50...openssl-sys-v0.9.51 -[v0.9.50]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.49...openssl-sys-v0.9.50 -[v0.9.49]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.48...openssl-sys-v0.9.49 -[v0.9.48]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.47...openssl-sys-v0.9.48 -[v0.9.47]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.46...openssl-sys-v0.9.47 -[v0.9.46]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.45...openssl-sys-v0.9.46 -[v0.9.45]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.44...openssl-sys-v0.9.45 -[v0.9.44]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.43...openssl-sys-v0.9.44 -[v0.9.43]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.42...openssl-sys-v0.9.43 +[Unreleased]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.110..master +[v0.9.110]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.109...openssl-sys-v0.9.110 +[v0.9.109]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.108...openssl-sys-v0.9.109 +[v0.9.108]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.107...openssl-sys-v0.9.108 +[v0.9.107]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.106...openssl-sys-v0.9.107 +[v0.9.106]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.105...openssl-sys-v0.9.106 +[v0.9.105]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.104...openssl-sys-v0.9.105 +[v0.9.104]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104 +[v0.9.103]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.102...openssl-sys-v0.9.103 +[v0.9.102]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.101...openssl-sys-v0.9.102 +[v0.9.101]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101 +[v0.9.100]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.99...openssl-sys-v0.9.100 +[v0.9.99]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99 +[v0.9.98]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98 +[v0.9.97]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97 +[v0.9.96]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.95...openssl-sys-v0.9.96 +[v0.9.95]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.94...openssl-sys-v0.9.95 +[v0.9.94]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.93...openssl-sys-v0.9.94 +[v0.9.93]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.92...openssl-sys-v0.9.93 +[v0.9.92]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.91...openssl-sys-v0.9.92 +[v0.9.91]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.90...openssl-sys-v0.9.91 +[v0.9.90]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.89...openssl-sys-v0.9.90 +[v0.9.89]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.88...openssl-sys-v0.9.89 +[v0.9.88]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.87...openssl-sys-v0.9.88 +[v0.9.87]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.86...openssl-sys-v0.9.87 +[v0.9.86]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.85...openssl-sys-v0.9.86 +[v0.9.85]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.84...openssl-sys-v0.9.85 +[v0.9.84]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.83...openssl-sys-v0.9.84 +[v0.9.83]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.82...openssl-sys-v0.9.83 +[v0.9.82]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.81...openssl-sys-v0.9.82 +[v0.9.81]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.80...openssl-sys-v0.9.81 +[v0.9.80]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.79...openssl-sys-v0.9.80 +[v0.9.79]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.78...openssl-sys-v0.9.79 +[v0.9.78]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.77...openssl-sys-v0.9.78 +[v0.9.77]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.76...openssl-sys-v0.9.77 +[v0.9.76]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.75...openssl-sys-v0.9.76 +[v0.9.75]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.74...openssl-sys-v0.9.75 +[v0.9.74]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.73...openssl-sys-v0.9.74 +[v0.9.73]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.72...openssl-sys-v0.9.73 +[v0.9.72]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.71...openssl-sys-v0.9.72 +[v0.9.71]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.70...openssl-sys-v0.9.71 +[v0.9.70]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.69...openssl-sys-v0.9.70 +[v0.9.69]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.68...openssl-sys-v0.9.69 +[v0.9.68]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.67...openssl-sys-v0.9.68 +[v0.9.67]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.66...openssl-sys-v0.9.67 +[v0.9.66]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.65...openssl-sys-v0.9.66 +[v0.9.65]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.64...openssl-sys-v0.9.65 +[v0.9.64]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.63...openssl-sys-v0.9.64 +[v0.9.63]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.62...openssl-sys-v0.9.63 +[v0.9.62]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.61...openssl-sys-v0.9.62 +[v0.9.61]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.60...openssl-sys-v0.9.61 +[v0.9.60]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.59...openssl-sys-v0.9.60 +[v0.9.59]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.58...openssl-sys-v0.9.59 +[v0.9.58]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.57...openssl-sys-v0.9.58 +[v0.9.57]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.56...openssl-sys-v0.9.57 +[v0.9.56]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.55...openssl-sys-v0.9.56 +[v0.9.55]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.54...openssl-sys-v0.9.55 +[v0.9.54]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.53...openssl-sys-v0.9.54 +[v0.9.53]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.52...openssl-sys-v0.9.53 +[v0.9.52]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.51...openssl-sys-v0.9.52 +[v0.9.51]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.50...openssl-sys-v0.9.51 +[v0.9.50]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.49...openssl-sys-v0.9.50 +[v0.9.49]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.48...openssl-sys-v0.9.49 +[v0.9.48]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.47...openssl-sys-v0.9.48 +[v0.9.47]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.46...openssl-sys-v0.9.47 +[v0.9.46]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.45...openssl-sys-v0.9.46 +[v0.9.45]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.44...openssl-sys-v0.9.45 +[v0.9.44]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.43...openssl-sys-v0.9.44 +[v0.9.43]: https://github.com/rust-openssl/rust-openssl/compare/openssl-sys-v0.9.42...openssl-sys-v0.9.43 diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 2ca5ce93bb..da1fb837c1 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,32 +1,34 @@ [package] name = "openssl-sys" -version = "0.9.109" +version = "0.9.110" authors = [ "Alex Crichton ", "Steven Fackler ", ] license = "MIT" description = "FFI bindings to OpenSSL" -repository = "https://github.com/sfackler/rust-openssl" +repository = "https://github.com/rust-openssl/rust-openssl" readme = "README.md" categories = ["cryptography", "external-ffi-bindings"] links = "openssl" build = "build/main.rs" edition = "2021" -rust-version = "1.63.0" +rust-version = "1.70.0" [features] vendored = ['openssl-src'] unstable_boringssl = ['bssl-sys'] aws-lc = ['dep:aws-lc-sys'] +aws-lc-fips = ['dep:aws-lc-fips-sys'] [dependencies] libc = "0.2" bssl-sys = { version = "0.1.0", optional = true } aws-lc-sys = { version = "0.27", features = ["ssl"], optional = true } +aws-lc-fips-sys = { version = "0.13", features = ["ssl", "bindgen"], optional = true } [build-dependencies] -bindgen = { version = "0.69.0", optional = true, features = ["experimental"] } +bindgen = { version = "0.72.0", optional = true, features = ["experimental"] } cc = "1.0.61" openssl-src = { version = "300.2.0", optional = true, features = ["legacy"] } pkg-config = "0.3.9" diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs index ca9970740b..14118b06b8 100644 --- a/openssl-sys/build/cfgs.rs +++ b/openssl-sys/build/cfgs.rs @@ -5,48 +5,21 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& if let Some(libressl_version) = libressl_version { cfgs.push("libressl"); - if libressl_version >= 0x2_05_01_00_0 { - cfgs.push("libressl251"); - } - if libressl_version >= 0x2_05_02_00_0 { - cfgs.push("libressl252"); - } - if libressl_version >= 0x2_06_01_00_0 { - cfgs.push("libressl261"); - } - if libressl_version >= 0x2_07_00_00_0 { - cfgs.push("libressl270"); - } - if libressl_version >= 0x2_07_01_00_0 { - cfgs.push("libressl271"); - } - if libressl_version >= 0x2_07_03_00_0 { - cfgs.push("libressl273"); - } - if libressl_version >= 0x2_08_00_00_0 { - cfgs.push("libressl280"); - } - if libressl_version >= 0x2_08_01_00_0 { - cfgs.push("libressl281"); - } - if libressl_version >= 0x2_09_01_00_0 { - cfgs.push("libressl291"); - } - if libressl_version >= 0x3_01_00_00_0 { - cfgs.push("libressl310"); - } - if libressl_version >= 0x3_02_01_00_0 { - cfgs.push("libressl321"); - } - if libressl_version >= 0x3_03_02_00_0 { - cfgs.push("libressl332"); - } - if libressl_version >= 0x3_04_00_00_0 { - cfgs.push("libressl340"); - } - if libressl_version >= 0x3_05_00_00_0 { - cfgs.push("libressl350"); - } + cfgs.push("libressl251"); + cfgs.push("libressl252"); + cfgs.push("libressl261"); + cfgs.push("libressl270"); + cfgs.push("libressl271"); + cfgs.push("libressl273"); + cfgs.push("libressl280"); + cfgs.push("libressl281"); + cfgs.push("libressl291"); + cfgs.push("libressl310"); + cfgs.push("libressl321"); + cfgs.push("libressl332"); + cfgs.push("libressl340"); + cfgs.push("libressl350"); + if libressl_version >= 0x3_06_00_00_0 { cfgs.push("libressl360"); } @@ -71,27 +44,14 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& if libressl_version >= 0x4_01_00_00_0 { cfgs.push("libressl410"); } + if libressl_version >= 0x4_02_00_00_0 { + cfgs.push("libressl420"); + } } else { let openssl_version = openssl_version.unwrap(); + cfgs.push("ossl101"); + cfgs.push("ossl102"); - if openssl_version >= 0x3_04_00_00_0 { - cfgs.push("ossl340"); - } - if openssl_version >= 0x3_03_00_00_0 { - cfgs.push("ossl330"); - } - if openssl_version >= 0x3_02_00_00_0 { - cfgs.push("ossl320"); - } - if openssl_version >= 0x3_00_00_00_0 { - cfgs.push("ossl300"); - } - if openssl_version >= 0x1_00_01_00_0 { - cfgs.push("ossl101"); - } - if openssl_version >= 0x1_00_02_00_0 { - cfgs.push("ossl102"); - } if openssl_version >= 0x1_00_02_06_0 { cfgs.push("ossl102f"); } @@ -122,6 +82,21 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& if openssl_version >= 0x1_01_01_04_0 { cfgs.push("ossl111d"); } + if openssl_version >= 0x3_00_00_00_0 { + cfgs.push("ossl300"); + } + if openssl_version >= 0x3_02_00_00_0 { + cfgs.push("ossl320"); + } + if openssl_version >= 0x3_03_00_00_0 { + cfgs.push("ossl330"); + } + if openssl_version >= 0x3_04_00_00_0 { + cfgs.push("ossl340"); + } + if openssl_version >= 0x3_05_00_00_0 { + cfgs.push("ossl350"); + } } cfgs diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index cebed1b70b..0380516391 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -111,6 +111,10 @@ RUST_CONF_OPENSSL_NO_SHA RUST_CONF_OPENSSL_NO_SRP #endif +#ifdef OPENSSL_NO_SRTP +RUST_CONF_OPENSSL_NO_SRTP +#endif + #ifdef OPENSSL_NO_SSL3_METHOD RUST_CONF_OPENSSL_NO_SSL3_METHOD #endif diff --git a/openssl-sys/build/find_normal.rs b/openssl-sys/build/find_normal.rs index 6ab95259ee..cad0afda11 100644 --- a/openssl-sys/build/find_normal.rs +++ b/openssl-sys/build/find_normal.rs @@ -38,7 +38,7 @@ fn resolve_with_wellknown_homebrew_location(dir: &str) -> Option { // for quick resolution if possible. // `pkg-config` on brew doesn't necessarily contain settings for openssl apparently. for version in &versions { - let homebrew = Path::new(dir).join(format!("opt/{}", version)); + let homebrew = Path::new(dir).join(format!("opt/{version}")); if homebrew.exists() { return Some(homebrew); } @@ -92,8 +92,11 @@ fn find_openssl_dir(target: &str) -> OsString { try_pkg_config(); try_vcpkg(); - // FreeBSD and OpenBSD ship with Libre|OpenSSL but don't include a pkg-config file - if host == target && (target.contains("freebsd") || target.contains("openbsd")) { + // FreeBSD, OpenBSD, and AIX ship with Libre|OpenSSL + // TODO: see of this is still needed for OpenBSD + if host == target + && (target.contains("freebsd") || target.contains("openbsd") || target.contains("aix")) + { return OsString::from("/usr"); } @@ -122,7 +125,7 @@ Make sure you also have the development packages of openssl installed. For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora. If you're in a situation where you think the directory *should* be found -automatically, please open a bug at https://github.com/sfackler/rust-openssl +automatically, please open a bug at https://github.com/rust-openssl/rust-openssl and include information about your system as well as this message. $HOST = {} @@ -190,13 +193,13 @@ installation. If there isn't one installed then you can try the rust-openssl README for more information about how to download precompiled binaries of OpenSSL: -https://github.com/sfackler/rust-openssl#windows +https://github.com/rust-openssl/rust-openssl#windows ", ); } - eprintln!("{}", msg); + eprintln!("{msg}"); std::process::exit(101); // same as panic previously } @@ -222,7 +225,7 @@ fn try_pkg_config() { { Ok(lib) => lib, Err(e) => { - println!("\n\nCould not find openssl via pkg-config:\n{}\n", e); + println!("\n\nCould not find openssl via pkg-config:\n{e}\n"); return; } }; @@ -255,7 +258,7 @@ fn try_vcpkg() { { Ok(lib) => lib, Err(e) => { - println!("note: vcpkg did not find openssl: {}", e); + println!("note: vcpkg did not find openssl: {e}"); return; } }; diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 4007a2658d..cbbeb961da 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -29,11 +29,11 @@ enum Version { fn env_inner(name: &str) -> Option { let var = env::var_os(name); - println!("cargo:rerun-if-env-changed={}", name); + println!("cargo:rerun-if-env-changed={name}"); match var { Some(ref v) => println!("{} = {}", name, v.to_string_lossy()), - None => println!("{} unset", name), + None => println!("{name} unset"), } var @@ -41,7 +41,7 @@ fn env_inner(name: &str) -> Option { fn env(name: &str) -> Option { let prefix = env::var("TARGET").unwrap().to_uppercase().replace('-', "_"); - let prefixed = format!("{}_{}", prefix, name); + let prefixed = format!("{prefix}_{name}"); env_inner(&prefixed).or_else(|| env_inner(name)) } @@ -64,9 +64,9 @@ fn check_ssl_kind() { if let Ok(vars) = env::var("DEP_BSSL_CONF") { for var in vars.split(',') { - println!("cargo:rustc-cfg=osslconf=\"{}\"", var); + println!("cargo:rustc-cfg=osslconf=\"{var}\""); } - println!("cargo:conf={}", vars); + println!("cargo:conf={vars}"); } // BoringSSL does not have any build logic, exit early @@ -74,11 +74,9 @@ fn check_ssl_kind() { } let is_aws_lc = cfg!(feature = "aws-lc"); + let is_aws_lc_fips = cfg!(feature = "aws-lc-fips"); - if is_aws_lc { - println!("cargo:rustc-cfg=awslc"); - println!("cargo:awslc=true"); - + if is_aws_lc || is_aws_lc_fips { // The aws-lc-sys crate uses a link name that embeds // the version number of crate. Examples (crate-name => links name): // * aws-lc-sys => aws_lc_0_26_0 @@ -86,12 +84,23 @@ fn check_ssl_kind() { // were to resolve to multiple versions for the same crate. // // Due to this we need to determine what version of the AWS-LC has been selected (fips or non-fips) - // and then need to parse out the pieces we are interested in ignoring the version componenet of the name. - const AWS_LC_ENV_VAR_PREFIX: &str = "DEP_AWS_LC_"; + // and then need to parse out the pieces we are interested in ignoring the version component of the name. + let aws_lc_env_var_prefix: &'static str = if is_aws_lc_fips { + "DEP_AWS_LC_FIPS_" + } else { + "DEP_AWS_LC_" + }; + + println!("cargo:rustc-cfg=awslc"); + println!("cargo:awslc=true"); + if is_aws_lc_fips { + println!("cargo:rustc-cfg=awslc_fips"); + println!("cargo:awslc_fips=true"); + } let mut version = None; for (name, _) in std::env::vars() { - if let Some(name) = name.strip_prefix(AWS_LC_ENV_VAR_PREFIX) { + if let Some(name) = name.strip_prefix(aws_lc_env_var_prefix) { if let Some(name) = name.strip_suffix("_INCLUDE") { version = Some(name.to_owned()); break; @@ -101,7 +110,7 @@ fn check_ssl_kind() { let version = version.expect("aws-lc version detected"); // Read the OpenSSL configuration statements and emit rust-cfg for each. - if let Ok(vars) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_CONF")) { + if let Ok(vars) = std::env::var(format!("{aws_lc_env_var_prefix}{version}_CONF")) { for var in vars.split(',') { println!("cargo:rustc-cfg=osslconf=\"{var}\""); } @@ -110,7 +119,7 @@ fn check_ssl_kind() { // Emit the include header directory from the aws-lc(-fips)-sys crate so that it can be used if needed // by crates consuming openssl-sys. - if let Ok(val) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_INCLUDE")) { + if let Ok(val) = std::env::var(format!("{aws_lc_env_var_prefix}{version}_INCLUDE")) { println!("cargo:include={val}"); } @@ -120,7 +129,7 @@ fn check_ssl_kind() { } fn main() { - println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_SSL3_METHOD\", \"OPENSSL_NO_KRB5\", \"OPENSSL_NO_TLSEXT\", \"OPENSSL_NO_SRP\", \"OPENSSL_NO_RFC3779\", \"OPENSSL_NO_SHA\", \"OPENSSL_NO_NEXTPROTONEG\", \"OPENSSL_NO_ENGINE\", \"OPENSSL_NO_BUF_FREELISTS\", \"OPENSSL_NO_RC2\"))"); + println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_SSL3_METHOD\", \"OPENSSL_NO_KRB5\", \"OPENSSL_NO_TLSEXT\", \"OPENSSL_NO_SRP\", \"OPENSSL_NO_SRTP\", \"OPENSSL_NO_RFC3779\", \"OPENSSL_NO_SHA\", \"OPENSSL_NO_NEXTPROTONEG\", \"OPENSSL_NO_ENGINE\", \"OPENSSL_NO_BUF_FREELISTS\", \"OPENSSL_NO_RC2\"))"); println!("cargo:rustc-check-cfg=cfg(openssl)"); println!("cargo:rustc-check-cfg=cfg(libressl)"); @@ -151,6 +160,7 @@ fn main() { println!("cargo:rustc-check-cfg=cfg(libressl390)"); println!("cargo:rustc-check-cfg=cfg(libressl400)"); println!("cargo:rustc-check-cfg=cfg(libressl410)"); + println!("cargo:rustc-check-cfg=cfg(libressl420)"); println!("cargo:rustc-check-cfg=cfg(ossl101)"); println!("cargo:rustc-check-cfg=cfg(ossl102)"); @@ -181,12 +191,12 @@ fn main() { let potential_path = include_dir.join("openssl"); if potential_path.exists() && !cfg!(feature = "vendored") { if let Some(printable_include) = potential_path.to_str() { - println!("cargo:rerun-if-changed={}", printable_include); + println!("cargo:rerun-if-changed={printable_include}"); } } if !lib_dirs.iter().all(|p| p.exists()) { - panic!("OpenSSL library directory does not exist: {:?}", lib_dirs); + panic!("OpenSSL library directory does not exist: {lib_dirs:?}"); } if !include_dir.exists() { panic!( @@ -225,7 +235,7 @@ fn main() { let kind = determine_mode(&lib_dirs, &libs); for lib in libs.into_iter() { - println!("cargo:rustc-link-lib={}={}", kind, lib); + println!("cargo:rustc-link-lib={kind}={lib}"); } // libssl in BoringSSL requires the C++ runtime, and static libraries do @@ -256,7 +266,7 @@ fn main() { "macos" => "c++", _ => "stdc++", }; - println!("cargo:rustc-link-lib={}", cpp_lib); + println!("cargo:rustc-link-lib={cpp_lib}"); } // https://github.com/openssl/openssl/pull/15086 @@ -294,7 +304,7 @@ fn postprocess(include_dirs: &[PathBuf]) -> Version { /// version string of OpenSSL. #[allow(clippy::unusual_byte_groupings)] fn validate_headers(include_dirs: &[PathBuf]) -> Version { - // This `*-sys` crate only works with OpenSSL 1.0.1, 1.0.2, 1.1.0, 1.1.1 and 3.0.0. + // This `*-sys` crate only works with OpenSSL 1.0.2, 1.1.0, 1.1.1 and 3.0.0. // To correctly expose the right API from this crate, take a look at // `opensslv.h` to see what version OpenSSL claims to be. // @@ -315,7 +325,7 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version { panic!( " Header expansion error: -{:?} +{e:?} Failed to find OpenSSL development headers. @@ -335,8 +345,7 @@ specific to your distribution: See rust-openssl documentation for more information: https://docs.rs/openssl -", - e +" ); } }; @@ -377,7 +386,7 @@ See rust-openssl documentation for more information: } for enabled in &enabled { - println!("cargo:rustc-cfg=osslconf=\"{}\"", enabled); + println!("cargo:rustc-cfg=osslconf=\"{enabled}\""); } println!("cargo:conf={}", enabled.join(",")); @@ -399,43 +408,16 @@ See rust-openssl documentation for more information: println!("cargo:rustc-cfg=openssl"); for cfg in cfgs::get(openssl_version, libressl_version) { - println!("cargo:rustc-cfg={}", cfg); + println!("cargo:rustc-cfg={cfg}"); } if let Some(libressl_version) = libressl_version { - println!("cargo:libressl_version_number={:x}", libressl_version); + println!("cargo:libressl_version_number={libressl_version:x}"); let major = (libressl_version >> 28) as u8; let minor = (libressl_version >> 20) as u8; let fix = (libressl_version >> 12) as u8; let (major, minor, fix) = match (major, minor, fix) { - (2, 5, 0) => ('2', '5', '0'), - (2, 5, 1) => ('2', '5', '1'), - (2, 5, 2) => ('2', '5', '2'), - (2, 5, _) => ('2', '5', 'x'), - (2, 6, 0) => ('2', '6', '0'), - (2, 6, 1) => ('2', '6', '1'), - (2, 6, 2) => ('2', '6', '2'), - (2, 6, _) => ('2', '6', 'x'), - (2, 7, _) => ('2', '7', 'x'), - (2, 8, 0) => ('2', '8', '0'), - (2, 8, 1) => ('2', '8', '1'), - (2, 8, _) => ('2', '8', 'x'), - (2, 9, 0) => ('2', '9', '0'), - (2, 9, _) => ('2', '9', 'x'), - (3, 0, 0) => ('3', '0', '0'), - (3, 0, 1) => ('3', '0', '1'), - (3, 0, _) => ('3', '0', 'x'), - (3, 1, 0) => ('3', '1', '0'), - (3, 1, _) => ('3', '1', 'x'), - (3, 2, 0) => ('3', '2', '0'), - (3, 2, 1) => ('3', '2', '1'), - (3, 2, _) => ('3', '2', 'x'), - (3, 3, 0) => ('3', '3', '0'), - (3, 3, 1) => ('3', '3', '1'), - (3, 3, _) => ('3', '3', 'x'), - (3, 4, 0) => ('3', '4', '0'), - (3, 4, _) => ('3', '4', 'x'), (3, 5, _) => ('3', '5', 'x'), (3, 6, 0) => ('3', '6', '0'), (3, 6, _) => ('3', '6', 'x'), @@ -451,16 +433,17 @@ See rust-openssl documentation for more information: (4, 0, _) => ('4', '0', 'x'), (4, 1, 0) => ('4', '1', '0'), (4, 1, _) => ('4', '1', 'x'), + (4, 2, _) => ('4', '2', 'x'), _ => version_error(), }; println!("cargo:libressl=true"); - println!("cargo:libressl_version={}{}{}", major, minor, fix); + println!("cargo:libressl_version={major}{minor}{fix}"); println!("cargo:version=101"); Version::Libressl } else { let openssl_version = openssl_version.unwrap(); - println!("cargo:version_number={:x}", openssl_version); + println!("cargo:version_number={openssl_version:x}"); if openssl_version >= 0x4_00_00_00_0 { version_error() @@ -479,9 +462,6 @@ See rust-openssl documentation for more information: } else if openssl_version >= 0x1_00_02_00_0 { println!("cargo:version=102"); Version::Openssl10x - } else if openssl_version >= 0x1_00_01_00_0 { - println!("cargo:version=101"); - Version::Openssl10x } else { version_error() } @@ -492,8 +472,8 @@ fn version_error() -> ! { panic!( " -This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5 -through 4.1.x, but a different version of OpenSSL was found. The build is now aborting +This crate is only compatible with OpenSSL (version 1.0.2 through 1.1.1, or 3), or LibreSSL 3.5 +through 4.2.x, but a different version of OpenSSL was found. The build is now aborting due to this version mismatch. " @@ -514,7 +494,7 @@ fn parse_version(version: &str) -> u64 { // parses a string that looks like 3_0_0 fn parse_new_version(version: &str) -> u64 { - println!("version: {}", version); + println!("version: {version}"); let mut it = version.split('_'); let major = it.next().unwrap().parse::().unwrap(); let minor = it.next().unwrap().parse::().unwrap(); @@ -551,20 +531,19 @@ fn determine_mode(libdirs: &[PathBuf], libs: &[&str]) -> &'static str { } let can_static = libs .iter() - .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l))); + .all(|l| files.contains(&format!("lib{l}.a")) || files.contains(&format!("{l}.lib"))); let can_dylib = libs.iter().all(|l| { - files.contains(&format!("lib{}.so", l)) - || files.contains(&format!("{}.dll", l)) - || files.contains(&format!("lib{}.dylib", l)) + files.contains(&format!("lib{l}.so")) + || files.contains(&format!("{l}.dll")) + || files.contains(&format!("lib{l}.dylib")) }); match (can_static, can_dylib) { (true, false) => return "static", (false, true) => return "dylib", (false, false) => { panic!( - "OpenSSL libdir at `{:?}` does not contain the required files \ - to either statically or dynamically link OpenSSL", - libdirs + "OpenSSL libdir at `{libdirs:?}` does not contain the required files \ + to either statically or dynamically link OpenSSL" ); } (true, true) => {} diff --git a/openssl-sys/build/run_bindgen.rs b/openssl-sys/build/run_bindgen.rs index cc0efd8b56..edba9ce90f 100644 --- a/openssl-sys/build/run_bindgen.rs +++ b/openssl-sys/build/run_bindgen.rs @@ -1,5 +1,5 @@ #[cfg(feature = "bindgen")] -use bindgen::callbacks::{MacroParsingBehavior, ParseCallbacks}; +use bindgen::callbacks::{ItemInfo, MacroParsingBehavior, ParseCallbacks}; #[cfg(feature = "bindgen")] use bindgen::{MacroTypeVariation, RustTarget}; use std::io::Write; @@ -41,11 +41,11 @@ const INCLUDES: &str = " #include #endif -#if !(defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) +#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) #include #endif -#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) +#if !defined(OPENSSL_NO_COMP) && !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) #include #endif @@ -58,7 +58,11 @@ const INCLUDES: &str = " #endif #if OPENSSL_VERSION_NUMBER >= 0x30000000 +#include +#include #include +#include +#include #endif #if OPENSSL_VERSION_NUMBER >= 0x30200000 @@ -69,6 +73,10 @@ const INCLUDES: &str = " #include #endif +#if defined(OPENSSL_IS_BORINGSSL) +#include +#endif + #if OPENSSL_VERSION_NUMBER >= 0x30200000 #include #endif @@ -80,7 +88,7 @@ pub fn run(include_dirs: &[PathBuf]) { let mut builder = bindgen::builder() .parse_callbacks(Box::new(OpensslCallbacks)) - .rust_target(RustTarget::Stable_1_47) + .rust_target(RustTarget::stable(70, 0).unwrap()) .ctypes_prefix("::libc") .raw_line("use libc::*;") .raw_line("#[cfg(windows)] use std::os::windows::raw::HANDLE;") @@ -134,7 +142,7 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) { .expect("Failed to write contents to boring_static_wrapper.h"); let mut builder = bindgen::builder() - .rust_target(RustTarget::Stable_1_47) + .rust_target(RustTarget::stable(70, 0).unwrap()) .ctypes_prefix("::libc") .raw_line("use libc::*;") .derive_default(false) @@ -186,9 +194,7 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) { bindgen_cmd .arg("-o") .arg(out_dir.join("bindgen.rs")) - // Must be a valid version from - // https://docs.rs/bindgen/latest/bindgen/enum.RustTarget.html - .arg("--rust-target=1.47") + .arg("--rust-target=1.70") .arg("--ctypes-prefix=::libc") .arg("--raw-line=use libc::*;") .arg("--no-derive-default") @@ -257,7 +263,7 @@ pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option) { .expect("Failed to write contents to awslc_static_wrapper.h"); let mut builder = bindgen::builder() - .rust_target(RustTarget::Stable_1_47) + .rust_target(RustTarget::stable(70, 0).unwrap()) .ctypes_prefix("::libc") .raw_line("use libc::*;") .derive_default(false) @@ -312,9 +318,7 @@ pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option) { bindgen_cmd .arg("-o") .arg(out_dir.join("bindgen.rs")) - // Must be a valid version from - // https://docs.rs/bindgen/latest/bindgen/enum.RustTarget.html - .arg("--rust-target=1.47") + .arg("--rust-target=1.70") .arg("--ctypes-prefix=::libc") .arg("--raw-line=use libc::*;") .arg("--no-derive-default") @@ -354,8 +358,8 @@ impl ParseCallbacks for OpensslCallbacks { MacroParsingBehavior::Ignore } - fn item_name(&self, original_item_name: &str) -> Option { - match original_item_name { + fn item_name(&self, item_info: ItemInfo) -> Option { + match item_info.name { // Our original definitions of these are wrong, so rename to avoid breakage "CRYPTO_EX_new" | "CRYPTO_EX_dup" @@ -373,7 +377,9 @@ impl ParseCallbacks for OpensslCallbacks { | "SSL_CTX_set_tmp_ecdh_callback" | "SSL_set_tmp_ecdh_callback" | "SSL_CTX_callback_ctrl" - | "SSL_CTX_set_alpn_select_cb" => Some(format!("{}__fixed_rust", original_item_name)), + | "SSL_CTX_set_alpn_select_cb" => Some(format!("{}__fixed_rust", item_info.name)), + // On NetBSD, "off_t" is generated as "__off_t". + "__off_t" => Some("off_t".to_string()), _ => None, } } diff --git a/openssl-sys/src/aes.rs b/openssl-sys/src/aes.rs index ade6e842f4..7fcb838cee 100644 --- a/openssl-sys/src/aes.rs +++ b/openssl-sys/src/aes.rs @@ -1,7 +1,10 @@ use libc::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_ENCRYPT: c_int = 1; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_DECRYPT: c_int = 0; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_MAXNR: c_int = 14; pub const AES_BLOCK_SIZE: c_int = 16; diff --git a/openssl-sys/src/bio.rs b/openssl-sys/src/bio.rs index f6ec71d3b1..1f4fcbca7e 100644 --- a/openssl-sys/src/bio.rs +++ b/openssl-sys/src/bio.rs @@ -34,37 +34,37 @@ pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { extern "C" { #[deprecated(note = "use BIO_meth_set_write__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_write( biom: *mut BIO_METHOD, write: unsafe extern "C" fn(*mut BIO, *const c_char, c_int) -> c_int, ) -> c_int; #[deprecated(note = "use BIO_meth_set_read__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_read( biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int, ) -> c_int; #[deprecated(note = "use BIO_meth_set_puts__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_puts( biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int, ) -> c_int; #[deprecated(note = "use BIO_meth_set_ctrl__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_ctrl( biom: *mut BIO_METHOD, read: unsafe extern "C" fn(*mut BIO, c_int, c_long, *mut c_void) -> c_long, ) -> c_int; #[deprecated(note = "use BIO_meth_set_create__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_create( biom: *mut BIO_METHOD, create: unsafe extern "C" fn(*mut BIO) -> c_int, ) -> c_int; #[deprecated(note = "use BIO_meth_set_destroy__fixed_rust instead")] - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_set_destroy( biom: *mut BIO_METHOD, destroy: unsafe extern "C" fn(*mut BIO) -> c_int, diff --git a/openssl-sys/src/cms.rs b/openssl-sys/src/cms.rs index f008adb1c7..050e88d6d9 100644 --- a/openssl-sys/src/cms.rs +++ b/openssl-sys/src/cms.rs @@ -1,46 +1,25 @@ use libc::*; -#[cfg(ossl101)] pub const CMS_TEXT: c_uint = 0x1; -#[cfg(ossl101)] pub const CMS_NOCERTS: c_uint = 0x2; -#[cfg(ossl101)] pub const CMS_NO_CONTENT_VERIFY: c_uint = 0x4; -#[cfg(ossl101)] pub const CMS_NO_ATTR_VERIFY: c_uint = 0x8; -#[cfg(ossl101)] pub const CMS_NOSIGS: c_uint = 0x4 | 0x8; -#[cfg(ossl101)] pub const CMS_NOINTERN: c_uint = 0x10; -#[cfg(ossl101)] pub const CMS_NO_SIGNER_CERT_VERIFY: c_uint = 0x20; -#[cfg(ossl101)] pub const CMS_NOVERIFY: c_uint = 0x20; -#[cfg(ossl101)] pub const CMS_DETACHED: c_uint = 0x40; -#[cfg(ossl101)] pub const CMS_BINARY: c_uint = 0x80; -#[cfg(ossl101)] pub const CMS_NOATTR: c_uint = 0x100; -#[cfg(ossl101)] pub const CMS_NOSMIMECAP: c_uint = 0x200; -#[cfg(ossl101)] pub const CMS_NOOLDMIMETYPE: c_uint = 0x400; -#[cfg(ossl101)] pub const CMS_CRLFEOL: c_uint = 0x800; -#[cfg(ossl101)] pub const CMS_STREAM: c_uint = 0x1000; -#[cfg(ossl101)] pub const CMS_NOCRL: c_uint = 0x2000; -#[cfg(ossl101)] pub const CMS_PARTIAL: c_uint = 0x4000; -#[cfg(ossl101)] pub const CMS_REUSE_DIGEST: c_uint = 0x8000; -#[cfg(ossl101)] pub const CMS_USE_KEYID: c_uint = 0x10000; -#[cfg(ossl101)] pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; -#[cfg(ossl102)] pub const CMS_KEY_PARAM: c_uint = 0x40000; -#[cfg(ossl110)] +#[cfg(any(ossl110, libressl))] pub const CMS_ASCIICRLF: c_uint = 0x80000; diff --git a/openssl-sys/src/core_dispatch.rs b/openssl-sys/src/core_dispatch.rs new file mode 100644 index 0000000000..446dfc96e6 --- /dev/null +++ b/openssl-sys/src/core_dispatch.rs @@ -0,0 +1,11 @@ +use super::*; +use libc::*; + +/* OpenSSL 3.* only */ + +pub const OSSL_KEYMGMT_SELECT_PRIVATE_KEY: c_int = 0x01; +pub const OSSL_KEYMGMT_SELECT_PUBLIC_KEY: c_int = 0x02; +pub const OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS: c_int = 0x04; +pub const OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS: c_int = 0x80; +pub const OSSL_KEYMGMT_SELECT_ALL_PARAMETERS: c_int = + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 7eff6a847b..a927e7568d 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -116,7 +116,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl271))] { + if #[cfg(any(ossl110, libressl))] { pub const OPENSSL_VERSION: c_int = 0; pub const OPENSSL_CFLAGS: c_int = 1; pub const OPENSSL_BUILT_ON: c_int = 2; @@ -131,4 +131,5 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const CRYPTO_LOCK: c_int = 1; diff --git a/openssl-sys/src/dh.rs b/openssl-sys/src/dh.rs new file mode 100644 index 0000000000..05ae66ba1b --- /dev/null +++ b/openssl-sys/src/dh.rs @@ -0,0 +1,32 @@ +use libc::*; +use std::ptr; + +use super::super::*; + +cfg_if! { + if #[cfg(not(ossl300))] { + pub unsafe fn EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_DH, + EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, + len, + ptr::null_mut(), + ) + } + pub unsafe fn EVP_PKEY_CTX_set_dh_paramgen_generator(ctx: *mut EVP_PKEY_CTX, gen: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_DH, + EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, + gen, + ptr::null_mut(), + ) + } + } +} + +pub const EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: c_int = EVP_PKEY_ALG_CTRL + 1; +pub const EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: c_int = EVP_PKEY_ALG_CTRL + 2; diff --git a/openssl-sys/src/dsa.rs b/openssl-sys/src/dsa.rs new file mode 100644 index 0000000000..cd5abfec83 --- /dev/null +++ b/openssl-sys/src/dsa.rs @@ -0,0 +1,21 @@ +use libc::*; +use std::ptr; + +use super::super::*; + +cfg_if! { + if #[cfg(not(ossl300))] { + pub unsafe fn EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx: *mut EVP_PKEY_CTX, nbits: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, + nbits, + ptr::null_mut(), + ) + } + + pub const EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: c_int = EVP_PKEY_ALG_CTRL + 1; + } +} diff --git a/openssl-sys/src/ec.rs b/openssl-sys/src/ec.rs index 995a84ff64..61fa0b1340 100644 --- a/openssl-sys/src/ec.rs +++ b/openssl-sys/src/ec.rs @@ -5,6 +5,20 @@ use super::*; pub const OPENSSL_EC_NAMED_CURVE: c_int = 1; +cfg_if! { + if #[cfg(not(ossl300))] { + pub unsafe fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx: *mut EVP_PKEY_CTX, nid: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_EC, + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, + nid, + ptr::null_mut(), + ) + } + } +} #[cfg(ossl300)] pub unsafe fn EVP_EC_gen(curve: *const c_char) -> *mut EVP_PKEY { EVP_PKEY_Q_keygen( @@ -14,3 +28,5 @@ pub unsafe fn EVP_EC_gen(curve: *const c_char) -> *mut EVP_PKEY { curve, ) } + +pub const EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: c_int = EVP_PKEY_ALG_CTRL + 1; diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 5fad4b9775..e39f144171 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -7,7 +7,7 @@ pub const PKCS5_SALT_LEN: c_int = 8; pub const PKCS12_DEFAULT_ITER: c_int = 2048; pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption; -#[cfg(any(ossl111, libressl310, boringssl, awslc))] +#[cfg(any(ossl111, libressl, boringssl, awslc))] pub const EVP_PKEY_RSA_PSS: c_int = NID_rsassaPss; pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; @@ -38,6 +38,15 @@ pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11; +cfg_if! { + if #[cfg(ossl300)] { + pub const EVP_PKEY_KEY_PARAMETERS: c_int = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; + pub const EVP_PKEY_PRIVATE_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY; + pub const EVP_PKEY_PUBLIC_KEY: c_int = EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + pub const EVP_PKEY_KEYPAIR: c_int = EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY; + } +} + pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD { EVP_get_digestbyname(OBJ_nid2sn(type_)) } @@ -162,6 +171,7 @@ cfg_if! { } } +pub const EVP_PKEY_OP_PARAMGEN: c_int = 1 << 1; pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; cfg_if! { if #[cfg(ossl300)] { @@ -325,18 +335,22 @@ pub unsafe fn EVP_PKEY_CTX_set_signature_md(cxt: *mut EVP_PKEY_CTX, md: *mut EVP ) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_RSA(pkey: *mut EVP_PKEY, rsa: *mut RSA) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_DSA(pkey: *mut EVP_PKEY, dsa: *mut DSA) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_DH(pkey: *mut EVP_PKEY, dh: *mut DH) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_EC_KEY(pkey: *mut EVP_PKEY, ec_key: *mut EC_KEY) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec_key as *mut c_void) } diff --git a/openssl-sys/src/handwritten/aes.rs b/openssl-sys/src/handwritten/aes.rs index ba249362cb..fea137bb39 100644 --- a/openssl-sys/src/handwritten/aes.rs +++ b/openssl-sys/src/handwritten/aes.rs @@ -1,6 +1,7 @@ use super::super::*; use libc::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[repr(C)] pub struct AES_KEY { // There is some business with AES_LONG which is there to ensure the values here are 32 bits @@ -8,6 +9,7 @@ pub struct AES_KEY { rounds: c_int, } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; diff --git a/openssl-sys/src/handwritten/asn1.rs b/openssl-sys/src/handwritten/asn1.rs index 16ffcccfe7..d0a92a75fa 100644 --- a/openssl-sys/src/handwritten/asn1.rs +++ b/openssl-sys/src/handwritten/asn1.rs @@ -47,9 +47,9 @@ pub union ASN1_TYPE_value { extern "C" { pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar; - #[cfg(any(all(ossl101, not(ossl110)), libressl))] + #[cfg(any(all(ossl102, not(ossl110)), libressl))] pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar; pub fn ASN1_STRING_new() -> *mut ASN1_STRING; pub fn ASN1_OCTET_STRING_new() -> *mut ASN1_OCTET_STRING; @@ -68,7 +68,6 @@ extern "C" { pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME); pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int; pub fn ASN1_TIME_new() -> *mut ASN1_TIME; - #[cfg(ossl102)] pub fn ASN1_TIME_diff( pday: *mut c_int, psec: *mut c_int, @@ -107,9 +106,9 @@ extern "C" { const_ptr_api! { extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int; - pub fn ASN1_STRING_type(x: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int; - pub fn ASN1_generate_v3(str: #[const_ptr_if(any(ossl110, libressl280))] c_char, cnf: *mut X509V3_CTX) -> *mut ASN1_TYPE; + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl))] ASN1_STRING) -> c_int; + pub fn ASN1_STRING_type(x: #[const_ptr_if(any(ossl110, libressl))] ASN1_STRING) -> c_int; + pub fn ASN1_generate_v3(str: #[const_ptr_if(any(ossl110, libressl))] c_char, cnf: *mut X509V3_CTX) -> *mut ASN1_TYPE; pub fn i2d_ASN1_TYPE(a: #[const_ptr_if(ossl300)] ASN1_TYPE, pp: *mut *mut c_uchar) -> c_int; } } diff --git a/openssl-sys/src/handwritten/bio.rs b/openssl-sys/src/handwritten/bio.rs index 9461d71be3..e027539bf7 100644 --- a/openssl-sys/src/handwritten/bio.rs +++ b/openssl-sys/src/handwritten/bio.rs @@ -10,7 +10,7 @@ pub type bio_info_cb = Option; cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum BIO_METHOD {} } else { #[repr(C)] @@ -31,29 +31,29 @@ cfg_if! { const_ptr_api! { extern "C" { - pub fn BIO_s_file() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; - pub fn BIO_new(type_: #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> #[const_ptr_if(any(ossl110, libressl))] BIO_METHOD; + pub fn BIO_new(type_: #[const_ptr_if(any(ossl110, libressl))] BIO_METHOD) -> *mut BIO; } } extern "C" { #[cfg(not(osslconf = "OPENSSL_NO_STDIO"))] pub fn BIO_new_fp(stream: *mut FILE, close_flag: c_int) -> *mut BIO; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_set_data(a: *mut BIO, data: *mut c_void); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_get_data(a: *mut BIO) -> *mut c_void; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_set_init(a: *mut BIO, init: c_int); pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; pub fn BIO_free_all(b: *mut BIO); + pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; } const_ptr_api! { extern "C" { - pub fn BIO_s_mem() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; - pub fn BIO_new_mem_buf(buf: #[const_ptr_if(any(ossl102, libressl280))] c_void, len: c_int) -> *mut BIO; + pub fn BIO_s_mem() -> #[const_ptr_if(any(ossl110, libressl))] BIO_METHOD; } } @@ -61,45 +61,45 @@ extern "C" { #[cfg(not(osslconf = "OPENSSL_NO_SOCK"))] pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut BIO_METHOD; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn BIO_meth_free(biom: *mut BIO_METHOD); } #[allow(clashing_extern_declarations)] extern "C" { - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_write"] pub fn BIO_meth_set_write__fixed_rust( biom: *mut BIO_METHOD, write: Option c_int>, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_read"] pub fn BIO_meth_set_read__fixed_rust( biom: *mut BIO_METHOD, read: Option c_int>, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_puts"] pub fn BIO_meth_set_puts__fixed_rust( biom: *mut BIO_METHOD, read: Option c_int>, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_ctrl"] pub fn BIO_meth_set_ctrl__fixed_rust( biom: *mut BIO_METHOD, read: Option c_long>, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_create"] pub fn BIO_meth_set_create__fixed_rust( biom: *mut BIO_METHOD, create: Option c_int>, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] #[link_name = "BIO_meth_set_destroy"] pub fn BIO_meth_set_destroy__fixed_rust( biom: *mut BIO_METHOD, diff --git a/openssl-sys/src/handwritten/bn.rs b/openssl-sys/src/handwritten/bn.rs index fb55f6b82c..0d45bac23e 100644 --- a/openssl-sys/src/handwritten/bn.rs +++ b/openssl-sys/src/handwritten/bn.rs @@ -23,16 +23,16 @@ extern "C" { pub fn BN_clear_free(bn: *mut BIGNUM); pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM; pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int; - #[cfg(any(ossl110, libressl340))] + #[cfg(any(ossl110, libressl))] pub fn BN_bn2binpad(a: *const BIGNUM, to: *mut u8, tolen: c_int) -> c_int; pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_sqr(r: *mut BIGNUM, a: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_set_negative(bn: *mut BIGNUM, n: c_int); - #[cfg(any(ossl110, libressl350))] + #[cfg(any(ossl110, libressl))] pub fn BN_is_negative(b: *const BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl350))] + #[cfg(any(ossl110, libressl))] pub fn BN_is_odd(b: *const BIGNUM) -> c_int; pub fn BN_div( @@ -150,7 +150,7 @@ extern "C" { } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn BN_get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; pub fn BN_get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; diff --git a/openssl-sys/src/handwritten/cmac.rs b/openssl-sys/src/handwritten/cmac.rs index e44094d21a..10a23260f2 100644 --- a/openssl-sys/src/handwritten/cmac.rs +++ b/openssl-sys/src/handwritten/cmac.rs @@ -2,6 +2,7 @@ use libc::*; use super::super::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn CMAC_CTX_new() -> *mut CMAC_CTX; pub fn CMAC_CTX_free(ctx: *mut CMAC_CTX); diff --git a/openssl-sys/src/handwritten/cms.rs b/openssl-sys/src/handwritten/cms.rs index a13ea423c4..2fc58c235b 100644 --- a/openssl-sys/src/handwritten/cms.rs +++ b/openssl-sys/src/handwritten/cms.rs @@ -4,29 +4,24 @@ use libc::*; pub enum CMS_ContentInfo {} extern "C" { - #[cfg(ossl101)] pub fn CMS_ContentInfo_free(cms: *mut CMS_ContentInfo); } const_ptr_api! { extern "C" { - #[cfg(ossl101)] pub fn i2d_CMS_ContentInfo(a: #[const_ptr_if(ossl300)] CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; } } extern "C" { - #[cfg(ossl101)] pub fn d2i_CMS_ContentInfo( a: *mut *mut CMS_ContentInfo, pp: *mut *const c_uchar, length: c_long, ) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] pub fn SMIME_read_CMS(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] pub fn CMS_sign( signcert: *mut X509, pkey: *mut EVP_PKEY, @@ -35,7 +30,6 @@ extern "C" { flags: c_uint, ) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] pub fn CMS_verify( cms: *mut CMS_ContentInfo, certs: *mut stack_st_X509, @@ -45,7 +39,6 @@ extern "C" { flags: c_uint, ) -> c_int; - #[cfg(ossl101)] pub fn CMS_encrypt( certs: *mut stack_st_X509, data: *mut BIO, @@ -53,7 +46,6 @@ extern "C" { flags: c_uint, ) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] pub fn CMS_decrypt( cms: *mut CMS_ContentInfo, pkey: *mut EVP_PKEY, diff --git a/openssl-sys/src/handwritten/crypto.rs b/openssl-sys/src/handwritten/crypto.rs index 0b3f24a429..49cc88cb59 100644 --- a/openssl-sys/src/handwritten/crypto.rs +++ b/openssl-sys/src/handwritten/crypto.rs @@ -4,7 +4,7 @@ use libc::*; stack!(stack_st_void); cfg_if! { - if #[cfg(any(ossl110, libressl271))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn OpenSSL_version_num() -> c_ulong; pub fn OpenSSL_version(key: c_int) -> *const c_char; @@ -71,9 +71,9 @@ cfg_if! { } extern "C" { - #[cfg(all(ossl101, not(ossl300)))] + #[cfg(all(ossl102, not(ossl300)))] pub fn FIPS_mode() -> c_int; - #[cfg(all(ossl101, not(ossl300)))] + #[cfg(all(ossl102, not(ossl300)))] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/handwritten/decoder.rs b/openssl-sys/src/handwritten/decoder.rs new file mode 100644 index 0000000000..4b684d37d9 --- /dev/null +++ b/openssl-sys/src/handwritten/decoder.rs @@ -0,0 +1,52 @@ +use super::super::*; +use libc::*; + +extern "C" { + pub fn OSSL_DECODER_CTX_new() -> *mut OSSL_DECODER_CTX; + pub fn OSSL_DECODER_CTX_free(ctx: *mut OSSL_DECODER_CTX); + + pub fn OSSL_DECODER_CTX_new_for_pkey( + pkey: *mut *mut EVP_PKEY, + input_type: *const c_char, + input_struct: *const c_char, + keytype: *const c_char, + selection: c_int, + libctx: *mut OSSL_LIB_CTX, + propquery: *const c_char, + ) -> *mut OSSL_DECODER_CTX; + + pub fn OSSL_DECODER_CTX_set_selection(ctx: *mut OSSL_DECODER_CTX, selection: c_int) -> c_int; + pub fn OSSL_DECODER_CTX_set_input_type( + ctx: *mut OSSL_DECODER_CTX, + input_type: *const c_char, + ) -> c_int; + pub fn OSSL_DECODER_CTX_set_input_structure( + ctx: *mut OSSL_DECODER_CTX, + input_structure: *const c_char, + ) -> c_int; + + pub fn OSSL_DECODER_CTX_set_passphrase( + ctx: *mut OSSL_DECODER_CTX, + kstr: *const c_uchar, + klen: size_t, + ) -> c_int; + pub fn OSSL_DECODER_CTX_set_pem_password_cb( + ctx: *mut OSSL_DECODER_CTX, + cb: pem_password_cb, + cbarg: *mut c_void, + ) -> c_int; + pub fn OSSL_DECODER_CTX_set_passphrase_cb( + ctx: *mut OSSL_DECODER_CTX, + cb: OSSL_PASSPHRASE_CALLBACK, + cbarg: *mut c_void, + ) -> c_int; + + pub fn OSSL_DECODER_from_bio(ctx: *mut OSSL_DECODER_CTX, b_in: *mut BIO) -> c_int; + #[cfg(not(osslconf = "OPENSSL_NO_STDIO"))] + pub fn OSSL_DECODER_from_fp(ctx: *mut OSSL_DECODER_CTX, fp: *mut FILE) -> c_int; + pub fn OSSL_DECODER_from_data( + ctx: *mut OSSL_DECODER_CTX, + pdata: *mut *const c_uchar, + pdata_len: *mut size_t, + ) -> c_int; +} diff --git a/openssl-sys/src/handwritten/dh.rs b/openssl-sys/src/handwritten/dh.rs index c4671c969f..4686355291 100644 --- a/openssl-sys/src/handwritten/dh.rs +++ b/openssl-sys/src/handwritten/dh.rs @@ -1,5 +1,12 @@ use super::super::*; +#[cfg(ossl300)] +extern "C" { + pub fn EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int; + pub fn EVP_PKEY_CTX_set_dh_paramgen_generator(ctx: *mut EVP_PKEY_CTX, gen: c_int) -> c_int; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn DH_new() -> *mut DH; pub fn DH_free(dh: *mut DH); @@ -34,9 +41,9 @@ extern "C" { #[cfg(ossl102)] pub fn DH_get_2048_256() -> *mut DH; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn DH_set0_pqg(dh: *mut DH, p: *mut BIGNUM, q: *mut BIGNUM, g: *mut BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn DH_get0_pqg( dh: *const DH, p: *mut *const BIGNUM, @@ -44,9 +51,9 @@ extern "C" { g: *mut *const BIGNUM, ); - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn DH_set0_key(dh: *mut DH, pub_key: *mut BIGNUM, priv_key: *mut BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn DH_get0_key(dh: *const DH, pub_key: *mut *const BIGNUM, priv_key: *mut *const BIGNUM); } diff --git a/openssl-sys/src/handwritten/dsa.rs b/openssl-sys/src/handwritten/dsa.rs index be25f23b67..ce12d6b740 100644 --- a/openssl-sys/src/handwritten/dsa.rs +++ b/openssl-sys/src/handwritten/dsa.rs @@ -2,8 +2,13 @@ use libc::*; use super::super::*; +#[cfg(ossl300)] +extern "C" { + pub fn EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx: *mut EVP_PKEY_CTX, nbits: c_int) -> c_int; +} + cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum DSA_SIG {} } else { #[repr(C)] @@ -14,6 +19,7 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn DSA_new() -> *mut DSA; pub fn DSA_free(dsa: *mut DSA); @@ -54,19 +60,22 @@ extern "C" { pub fn i2d_DSAPublicKey(a: *const DSA, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_DSAPrivateKey(a: *const DSA, pp: *mut *mut c_uchar) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_get0_pqg( d: *const DSA, p: *mut *const BIGNUM, q: *mut *const BIGNUM, q: *mut *const BIGNUM, ); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_set0_pqg(d: *mut DSA, p: *mut BIGNUM, q: *mut BIGNUM, q: *mut BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_get0_key(d: *const DSA, pub_key: *mut *const BIGNUM, priv_key: *mut *const BIGNUM); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_set0_key(d: *mut DSA, pub_key: *mut BIGNUM, priv_key: *mut BIGNUM) -> c_int; +} + +extern "C" { pub fn d2i_DSA_SIG( sig: *mut *mut DSA_SIG, pp: *mut *const c_uchar, @@ -77,9 +86,9 @@ extern "C" { pub fn DSA_SIG_new() -> *mut DSA_SIG; pub fn DSA_SIG_free(sig: *mut DSA_SIG); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_SIG_get0(sig: *const DSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn DSA_SIG_set0(sig: *mut DSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; } diff --git a/openssl-sys/src/handwritten/ec.rs b/openssl-sys/src/handwritten/ec.rs index 849251000b..7d02086fc8 100644 --- a/openssl-sys/src/handwritten/ec.rs +++ b/openssl-sys/src/handwritten/ec.rs @@ -1,6 +1,11 @@ use super::super::*; use libc::*; +#[cfg(ossl300)] +extern "C" { + pub fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx: *mut EVP_PKEY_CTX, nid: c_int) -> c_int; +} + #[repr(C)] #[derive(Copy, Clone)] pub enum point_conversion_form_t { @@ -9,18 +14,17 @@ pub enum point_conversion_form_t { POINT_CONVERSION_HYBRID = 6, } -#[cfg(not(libressl410))] +#[cfg(not(any(libressl410, osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub enum EC_METHOD {} pub enum EC_GROUP {} pub enum EC_POINT {} extern "C" { - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GF2m_simple_method() -> *const EC_METHOD; - - #[cfg(not(libressl410))] + #[cfg(not(any(libressl410, osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP; + pub fn EC_GROUP_dup(group: *const EC_GROUP) -> *mut EC_GROUP; + pub fn EC_GROUP_free(group: *mut EC_GROUP); pub fn EC_GROUP_get_order( @@ -50,26 +54,9 @@ extern "C" { pub fn EC_GROUP_get_asn1_flag(group: *const EC_GROUP) -> c_int; - pub fn EC_GROUP_get_curve_GFp( - group: *const EC_GROUP, - p: *mut BIGNUM, - a: *mut BIGNUM, - b: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GROUP_get_curve_GF2m( - group: *const EC_GROUP, - p: *mut BIGNUM, - a: *mut BIGNUM, - b: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_int; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl))] pub fn EC_GROUP_order_bits(group: *const EC_GROUP) -> c_int; pub fn EC_GROUP_new_curve_GFp( @@ -103,7 +90,7 @@ extern "C" { pub fn EC_POINT_dup(p: *const EC_POINT, group: *const EC_GROUP) -> *mut EC_POINT; - #[cfg(any(ossl111, boringssl, libressl350, awslc))] + #[cfg(any(ossl111, boringssl, libressl, awslc))] pub fn EC_POINT_get_affine_coordinates( group: *const EC_GROUP, p: *const EC_POINT, @@ -111,16 +98,8 @@ extern "C" { y: *mut BIGNUM, ctx: *mut BN_CTX, ) -> c_int; - - pub fn EC_POINT_get_affine_coordinates_GFp( - group: *const EC_GROUP, - p: *const EC_POINT, - x: *mut BIGNUM, - y: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - pub fn EC_POINT_set_affine_coordinates_GFp( + #[cfg(any(ossl111, boringssl, libressl, awslc))] + pub fn EC_POINT_set_affine_coordinates( group: *const EC_GROUP, p: *mut EC_POINT, x: *const BIGNUM, @@ -128,15 +107,6 @@ extern "C" { ctx: *mut BN_CTX, ) -> c_int; - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_POINT_get_affine_coordinates_GF2m( - group: *const EC_GROUP, - p: *const EC_POINT, - x: *mut BIGNUM, - y: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - pub fn EC_POINT_point2oct( group: *const EC_GROUP, p: *const EC_POINT, @@ -193,6 +163,54 @@ extern "C" { m: *const BIGNUM, ctx: *mut BN_CTX, ) -> c_int; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_GF2m_simple_method() -> *const EC_METHOD; + + pub fn EC_GROUP_get_curve_GFp( + group: *const EC_GROUP, + p: *mut BIGNUM, + a: *mut BIGNUM, + b: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_GROUP_get_curve_GF2m( + group: *const EC_GROUP, + p: *mut BIGNUM, + a: *mut BIGNUM, + b: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + pub fn EC_POINT_get_affine_coordinates_GFp( + group: *const EC_GROUP, + p: *const EC_POINT, + x: *mut BIGNUM, + y: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + pub fn EC_POINT_set_affine_coordinates_GFp( + group: *const EC_GROUP, + p: *mut EC_POINT, + x: *const BIGNUM, + y: *const BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_POINT_get_affine_coordinates_GF2m( + group: *const EC_GROUP, + p: *const EC_POINT, + x: *mut BIGNUM, + y: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; pub fn EC_KEY_new() -> *mut EC_KEY; @@ -228,7 +246,7 @@ extern "C" { } cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum ECDSA_SIG {} } else { #[repr(C)] @@ -244,12 +262,23 @@ extern "C" { pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; + pub fn d2i_ECDSA_SIG( + sig: *mut *mut ECDSA_SIG, + inp: *mut *const c_uchar, + length: c_long, + ) -> *mut ECDSA_SIG; + + pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, out: *mut *mut c_uchar) -> c_int; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { pub fn ECDSA_do_sign( dgst: *const c_uchar, dgst_len: c_int, @@ -262,12 +291,4 @@ extern "C" { sig: *const ECDSA_SIG, eckey: *mut EC_KEY, ) -> c_int; - - pub fn d2i_ECDSA_SIG( - sig: *mut *mut ECDSA_SIG, - inp: *mut *const c_uchar, - length: c_long, - ) -> *mut ECDSA_SIG; - - pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, out: *mut *mut c_uchar) -> c_int; } diff --git a/openssl-sys/src/handwritten/encoder.rs b/openssl-sys/src/handwritten/encoder.rs new file mode 100644 index 0000000000..3613fab1c2 --- /dev/null +++ b/openssl-sys/src/handwritten/encoder.rs @@ -0,0 +1,56 @@ +use super::super::*; +use libc::*; + +#[cfg(ossl300)] +extern "C" { + pub fn OSSL_ENCODER_CTX_new() -> *mut OSSL_ENCODER_CTX; + pub fn OSSL_ENCODER_CTX_free(ctx: *mut OSSL_ENCODER_CTX); + + pub fn OSSL_ENCODER_CTX_new_for_pkey( + pkey: *const EVP_PKEY, + selection: c_int, + output_type: *const c_char, + output_structure: *const c_char, + propquery: *const c_char, + ) -> *mut OSSL_ENCODER_CTX; + + pub fn OSSL_ENCODER_CTX_set_selection(ctx: *mut OSSL_ENCODER_CTX, selection: c_int) -> c_int; + pub fn OSSL_ENCODER_CTX_set_output_type( + ctx: *mut OSSL_ENCODER_CTX, + output_type: *const c_char, + ) -> c_int; + pub fn OSSL_ENCODER_CTX_set_output_structure( + ctx: *mut OSSL_ENCODER_CTX, + output_structure: *const c_char, + ) -> c_int; + + pub fn OSSL_ENCODER_CTX_set_cipher( + ctx: *mut OSSL_ENCODER_CTX, + cipher_name: *const c_char, + propquery: *const c_char, + ) -> c_int; + pub fn OSSL_ENCODER_CTX_set_passphrase( + ctx: *mut OSSL_ENCODER_CTX, + kstr: *const c_uchar, + klen: size_t, + ) -> c_int; + pub fn OSSL_ENCODER_CTX_set_pem_password_cb( + ctx: *mut OSSL_ENCODER_CTX, + cb: pem_password_cb, + cbarg: *mut c_void, + ) -> c_int; + pub fn OSSL_ENCODER_CTX_set_passphrase_cb( + ctx: *mut OSSL_ENCODER_CTX, + cb: OSSL_PASSPHRASE_CALLBACK, + cbarg: *mut c_void, + ) -> c_int; + + pub fn OSSL_ENCODER_to_data( + ctx: *mut OSSL_ENCODER_CTX, + pdata: *mut *mut c_uchar, + pdata_len: *mut size_t, + ) -> c_int; + pub fn OSSL_ENCODER_to_bio(ctx: *mut OSSL_ENCODER_CTX, out: *mut BIO) -> c_int; + #[cfg(not(osslconf = "OPENSSL_NO_STDIO"))] + pub fn OSSL_ENCODER_to_fp(ctx: *mut OSSL_ENCODER_CTX, fp: *mut FILE) -> c_int; +} diff --git a/openssl-sys/src/handwritten/err.rs b/openssl-sys/src/handwritten/err.rs index 5653c1d18a..9ebc605cd9 100644 --- a/openssl-sys/src/handwritten/err.rs +++ b/openssl-sys/src/handwritten/err.rs @@ -33,16 +33,9 @@ extern "C" { data: *mut *const c_char, flags: *mut c_int, ) -> c_ulong; - pub fn ERR_get_error_line_data( - file: *mut *const c_char, - line: *mut c_int, - data: *mut *const c_char, - flags: *mut c_int, - ) -> c_ulong; pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_clear_error(); pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char; - pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; #[cfg(ossl110)] pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA) -> c_int; @@ -53,3 +46,14 @@ extern "C" { pub fn ERR_get_next_error_library() -> c_int; } + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { + pub fn ERR_get_error_line_data( + file: *mut *const c_char, + line: *mut c_int, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong; + pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; +} diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index a1be1da682..a361b294ae 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -93,7 +93,7 @@ extern "C" { pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; #[cfg(ossl111)] pub fn EVP_DigestFinalXOF(ctx: *mut EVP_MD_CTX, res: *mut u8, len: usize) -> c_int; - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] pub fn EVP_DigestSqueeze(ctx: *mut EVP_MD_CTX, res: *mut u8, len: usize) -> c_int; #[cfg(ossl300)] @@ -169,6 +169,11 @@ extern "C" { data: *const c_void, dsize: size_t, ) -> c_int; + pub fn EVP_DigestVerifyFinal( + ctx: *mut EVP_MD_CTX, + sigret: *const c_uchar, + siglen: size_t, + ) -> c_int; pub fn EVP_SealInit( ctx: *mut EVP_CIPHER_CTX, type_: *const EVP_CIPHER, @@ -235,7 +240,7 @@ cfg_if! { } else { const_ptr_api! { extern "C" { - pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; + pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl))] EVP_PKEY) -> c_int; } } } @@ -261,15 +266,6 @@ cfg_if! { } } } -const_ptr_api! { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: #[const_ptr_if(any(ossl102, libressl280))] c_uchar, - siglen: size_t, - ) -> c_int; - } -} extern "C" { pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX; @@ -310,7 +306,7 @@ extern "C" { #[cfg(ossl111)] pub fn EVP_shake256() -> *const EVP_MD; pub fn EVP_ripemd160() -> *const EVP_MD; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM3")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM3")))] pub fn EVP_sm3() -> *const EVP_MD; pub fn EVP_des_ecb() -> *const EVP_CIPHER; pub fn EVP_des_ede3() -> *const EVP_CIPHER; @@ -373,7 +369,7 @@ extern "C" { pub fn EVP_aes_256_wrap() -> *const EVP_CIPHER; #[cfg(ossl110)] pub fn EVP_aes_256_wrap_pad() -> *const EVP_CIPHER; - #[cfg(all(any(ossl110, libressl310), not(osslconf = "OPENSSL_NO_CHACHA")))] + #[cfg(all(any(ossl110, libressl), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn EVP_chacha20() -> *const EVP_CIPHER; #[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn EVP_chacha20_poly1305() -> *const EVP_CIPHER; @@ -386,15 +382,15 @@ extern "C" { #[cfg(not(osslconf = "OPENSSL_NO_SEED"))] pub fn EVP_seed_ofb() -> *const EVP_CIPHER; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn EVP_sm4_ecb() -> *const EVP_CIPHER; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn EVP_sm4_cbc() -> *const EVP_CIPHER; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn EVP_sm4_cfb128() -> *const EVP_CIPHER; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn EVP_sm4_ofb() -> *const EVP_CIPHER; - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn EVP_sm4_ctr() -> *const EVP_CIPHER; #[cfg(not(osslconf = "OPENSSL_NO_CAMELLIA"))] @@ -465,37 +461,71 @@ cfg_if! { } const_ptr_api! { extern "C" { - pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl))] EVP_PKEY) -> c_int; #[cfg(any(ossl110, libressl360))] - pub fn EVP_PKEY_security_bits(pkey: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + pub fn EVP_PKEY_security_bits(pkey: #[const_ptr_if(any(ossl110, libressl))] EVP_PKEY) -> c_int; } } } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_get1_RSA(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut RSA; + pub fn EVP_PKEY_get1_DSA(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut DSA; + pub fn EVP_PKEY_get1_DH(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut DH; + pub fn EVP_PKEY_get1_EC_KEY(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut EC_KEY; + } +} +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int; pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int; - pub fn EVP_PKEY_get1_RSA(k: *mut EVP_PKEY) -> *mut RSA; pub fn EVP_PKEY_set1_DSA(k: *mut EVP_PKEY, k: *mut DSA) -> c_int; - pub fn EVP_PKEY_get1_DSA(k: *mut EVP_PKEY) -> *mut DSA; pub fn EVP_PKEY_set1_DH(k: *mut EVP_PKEY, k: *mut DH) -> c_int; - pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH; pub fn EVP_PKEY_set1_EC_KEY(k: *mut EVP_PKEY, k: *mut EC_KEY) -> c_int; - pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY; + pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; +} + +extern "C" { pub fn EVP_PKEY_new() -> *mut EVP_PKEY; pub fn EVP_PKEY_free(k: *mut EVP_PKEY); - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn EVP_PKEY_up_ref(pkey: *mut EVP_PKEY) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_fromdata_init(ctx: *mut EVP_PKEY_CTX) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_fromdata( + ctx: *mut EVP_PKEY_CTX, + ppkey: *mut *mut EVP_PKEY, + selection: c_int, + param: *mut OSSL_PARAM, + ) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_todata( + ppkey: *const EVP_PKEY, + selection: c_int, + param: *mut *mut OSSL_PARAM, + ) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_generate(ctx: *mut EVP_PKEY_CTX, k: *mut *mut EVP_PKEY) -> c_int; + pub fn d2i_AutoPrivateKey( a: *mut *mut EVP_PKEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EVP_PKEY; - pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_eq(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_parameters_eq(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; pub fn EVP_PKEY_copy_parameters(to: *mut EVP_PKEY, from: *const EVP_PKEY) -> c_int; @@ -535,6 +565,12 @@ extern "C" { pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; + #[cfg(ossl300)] + pub fn EVP_PKEY_CTX_new_from_name( + libctx: *mut OSSL_LIB_CTX, + name: *const c_char, + propquery: *const c_char, + ) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX); pub fn EVP_PKEY_CTX_ctrl( @@ -580,9 +616,26 @@ extern "C" { ... ) -> *mut EVP_PKEY; pub fn EVP_PKEY_keygen_init(ctx: *mut EVP_PKEY_CTX) -> c_int; + pub fn EVP_PKEY_paramgen_init(ctx: *mut EVP_PKEY_CTX) -> c_int; pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int; + pub fn EVP_PKEY_paramgen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int; + + #[cfg(ossl111)] + pub fn EVP_PKEY_param_check(ctx: *mut EVP_PKEY_CTX) -> c_int; + #[cfg(ossl111)] + pub fn EVP_PKEY_public_check(ctx: *mut EVP_PKEY_CTX) -> c_int; + #[cfg(ossl111)] + pub fn EVP_PKEY_check(ctx: *mut EVP_PKEY_CTX) -> c_int; pub fn EVP_PKEY_sign_init(ctx: *mut EVP_PKEY_CTX) -> c_int; + + #[cfg(ossl340)] + pub fn EVP_PKEY_sign_message_init( + ctx: *mut EVP_PKEY_CTX, + algo: *mut EVP_SIGNATURE, + params: *const OSSL_PARAM, + ) -> c_int; + pub fn EVP_PKEY_sign( ctx: *mut EVP_PKEY_CTX, sig: *mut c_uchar, @@ -591,6 +644,14 @@ extern "C" { tbslen: size_t, ) -> c_int; pub fn EVP_PKEY_verify_init(ctx: *mut EVP_PKEY_CTX) -> c_int; + + #[cfg(ossl340)] + pub fn EVP_PKEY_verify_message_init( + ctx: *mut EVP_PKEY_CTX, + algo: *mut EVP_SIGNATURE, + params: *const OSSL_PARAM, + ) -> c_int; + pub fn EVP_PKEY_verify( ctx: *mut EVP_PKEY_CTX, sig: *const c_uchar, @@ -622,11 +683,34 @@ extern "C" { sig: *const c_uchar, siglen: size_t, ) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_encapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_encapsulate( + ctx: *mut EVP_PKEY_CTX, + wrappedkey: *mut c_uchar, + wrappedkeylen: *mut size_t, + genkey: *mut c_uchar, + genkeylen: *mut size_t, + ) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_decapsulate_init(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_decapsulate( + ctx: *mut EVP_PKEY_CTX, + genkey: *mut c_uchar, + genkeylen: *mut size_t, + wrappedkey: *const c_uchar, + wrappedkeylen: size_t, + ) -> c_int; } const_ptr_api! { extern "C" { - pub fn EVP_PKCS82PKEY(p8: #[const_ptr_if(any(ossl110, libressl280))] PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; + pub fn EVP_PKCS82PKEY(p8: #[const_ptr_if(any(ossl110, libressl))] PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; + pub fn EVP_PKEY2PKCS8(pkey: #[const_ptr_if(any(ossl300))] EVP_PKEY) -> *mut PKCS8_PRIV_KEY_INFO; } } @@ -663,3 +747,78 @@ extern "C" { pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; } + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_gettable_params(pkey: *const EVP_PKEY) -> *const OSSL_PARAM; + pub fn EVP_PKEY_get_params(pkey: *const EVP_PKEY, params: *mut OSSL_PARAM) -> c_int; + pub fn EVP_PKEY_get_int_param( + pkey: *const EVP_PKEY, + key_name: *const c_char, + out: *mut c_int, + ) -> c_int; + pub fn EVP_PKEY_get_size_t_param( + pkey: *const EVP_PKEY, + key_name: *const c_char, + out: *mut size_t, + ) -> c_int; + pub fn EVP_PKEY_get_bn_param( + pkey: *const EVP_PKEY, + key_name: *const c_char, + out: *mut *mut BIGNUM, + ) -> c_int; + pub fn EVP_PKEY_get_utf8_string_param( + pkey: *const EVP_PKEY, + key_name: *const c_char, + str: *mut c_char, + max_buf_sz: size_t, + out_len: *mut size_t, + ) -> c_int; + pub fn EVP_PKEY_get_octet_string_param( + pkey: *const EVP_PKEY, + key_name: *const c_char, + buf: *mut c_uchar, + max_buf_sz: size_t, + out_len: *mut size_t, + ) -> c_int; + + pub fn EVP_PKEY_settable_params(pkey: *const EVP_PKEY) -> *const OSSL_PARAM; + pub fn EVP_PKEY_set_params(pkey: *mut EVP_PKEY, params: *mut OSSL_PARAM) -> c_int; + pub fn EVP_PKEY_set_int_param( + pkey: *mut EVP_PKEY, + key_name: *const c_char, + in_val: c_int, + ) -> c_int; + pub fn EVP_PKEY_set_size_t_param( + pkey: *mut EVP_PKEY, + key_name: *const c_char, + in_val: size_t, + ) -> c_int; + pub fn EVP_PKEY_set_bn_param( + pkey: *mut EVP_PKEY, + key_name: *const c_char, + bn: *const BIGNUM, + ) -> c_int; + pub fn EVP_PKEY_set_utf8_string_param( + pkey: *mut EVP_PKEY, + key_name: *const c_char, + str: *const c_char, + ) -> c_int; + pub fn EVP_PKEY_set_octet_string_param( + pkey: *mut EVP_PKEY, + key_name: *const c_char, + buf: *const c_uchar, + bsize: size_t, + ) -> c_int; + pub fn EVP_SIGNATURE_free(s: *mut EVP_SIGNATURE); + pub fn EVP_SIGNATURE_up_ref(s: *mut EVP_SIGNATURE) -> c_int; + pub fn EVP_SIGNATURE_fetch(ctx: *mut OSSL_LIB_CTX, + algorithm: *const c_char, + properties: *const c_char) + -> *mut EVP_SIGNATURE; + pub fn EVP_SIGNATURE_get0_name(s: *const EVP_SIGNATURE) -> *const c_char; + pub fn EVP_SIGNATURE_get0_description(s: *const EVP_SIGNATURE) -> *const c_char; + } + } +} diff --git a/openssl-sys/src/handwritten/hmac.rs b/openssl-sys/src/handwritten/hmac.rs index b52d63fb1f..949b33da0c 100644 --- a/openssl-sys/src/handwritten/hmac.rs +++ b/openssl-sys/src/handwritten/hmac.rs @@ -2,8 +2,9 @@ use libc::*; use super::super::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn HMAC_CTX_new() -> *mut HMAC_CTX; pub fn HMAC_CTX_free(ctx: *mut HMAC_CTX); @@ -16,6 +17,7 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn HMAC_Init_ex( ctx: *mut HMAC_CTX, diff --git a/openssl-sys/src/handwritten/mod.rs b/openssl-sys/src/handwritten/mod.rs index 47b3360fd8..e4005af3c5 100644 --- a/openssl-sys/src/handwritten/mod.rs +++ b/openssl-sys/src/handwritten/mod.rs @@ -6,15 +6,20 @@ pub use self::cmac::*; pub use self::cms::*; pub use self::conf::*; pub use self::crypto::*; +#[cfg(ossl300)] +pub use self::decoder::*; pub use self::dh::*; pub use self::dsa::*; pub use self::ec::*; +#[cfg(ossl300)] +pub use self::encoder::*; pub use self::err::*; pub use self::evp::*; pub use self::hmac::*; pub use self::kdf::*; pub use self::object::*; pub use self::ocsp::*; +#[cfg(ossl300)] pub use self::params::*; pub use self::pem::*; pub use self::pkcs12::*; @@ -45,15 +50,20 @@ mod cmac; mod cms; mod conf; mod crypto; +#[cfg(ossl300)] +mod decoder; mod dh; mod dsa; mod ec; +#[cfg(ossl300)] +mod encoder; mod err; mod evp; mod hmac; mod kdf; mod object; mod ocsp; +#[cfg(ossl300)] mod params; mod pem; mod pkcs12; diff --git a/openssl-sys/src/handwritten/ocsp.rs b/openssl-sys/src/handwritten/ocsp.rs index c194a831b9..4a14f5fe52 100644 --- a/openssl-sys/src/handwritten/ocsp.rs +++ b/openssl-sys/src/handwritten/ocsp.rs @@ -13,8 +13,8 @@ const_ptr_api! { extern "C" { pub fn OCSP_cert_to_id( dgst: *const EVP_MD, - subject: #[const_ptr_if(any(ossl110, libressl281))] X509, - issuer: #[const_ptr_if(any(ossl110, libressl281))] X509, + subject: #[const_ptr_if(any(ossl110, libressl))] X509, + issuer: #[const_ptr_if(any(ossl110, libressl))] X509, ) -> *mut OCSP_CERTID; } } diff --git a/openssl-sys/src/handwritten/params.rs b/openssl-sys/src/handwritten/params.rs index 542cef3374..8fae2f218b 100644 --- a/openssl-sys/src/handwritten/params.rs +++ b/openssl-sys/src/handwritten/params.rs @@ -2,15 +2,90 @@ use super::super::*; use libc::*; extern "C" { - #[cfg(ossl300)] + pub fn OSSL_PARAM_free(p: *mut OSSL_PARAM); + pub fn OSSL_PARAM_dup(params: *const OSSL_PARAM) -> *mut OSSL_PARAM; + pub fn OSSL_PARAM_merge( + params: *const OSSL_PARAM, + params1: *const OSSL_PARAM, + ) -> *mut OSSL_PARAM; pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; - #[cfg(ossl300)] pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; - #[cfg(ossl300)] pub fn OSSL_PARAM_construct_octet_string( key: *const c_char, buf: *mut c_void, bsize: size_t, ) -> OSSL_PARAM; + pub fn OSSL_PARAM_locate(p: *mut OSSL_PARAM, key: *const c_char) -> *mut OSSL_PARAM; + pub fn OSSL_PARAM_locate_const( + params: *const OSSL_PARAM, + key: *const c_char, + ) -> *const OSSL_PARAM; + pub fn OSSL_PARAM_get_BN(p: *const OSSL_PARAM, val: *mut *mut BIGNUM) -> c_int; + pub fn OSSL_PARAM_get_utf8_string( + p: *const OSSL_PARAM, + val: *mut *mut c_char, + max_len: usize, + ) -> c_int; + pub fn OSSL_PARAM_get_utf8_string_ptr(p: *const OSSL_PARAM, val: *mut *const c_char) -> c_int; + pub fn OSSL_PARAM_get_octet_string( + p: *const OSSL_PARAM, + val: *mut *mut c_void, + max_len: usize, + used_len: *mut usize, + ) -> c_int; + pub fn OSSL_PARAM_get_octet_string_ptr( + p: *const OSSL_PARAM, + val: *mut *const c_void, + used_len: *mut usize, + ) -> c_int; + + pub fn OSSL_PARAM_BLD_new() -> *mut OSSL_PARAM_BLD; + pub fn OSSL_PARAM_BLD_free(bld: *mut OSSL_PARAM_BLD); + pub fn OSSL_PARAM_BLD_to_param(bld: *mut OSSL_PARAM_BLD) -> *mut OSSL_PARAM; + pub fn OSSL_PARAM_BLD_push_uint( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + val: c_uint, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_size_t( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + val: size_t, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_BN( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + bn: *const BIGNUM, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_BN_pad( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + bn: *const BIGNUM, + sz: size_t, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_utf8_string( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + buf: *const c_char, + bsize: size_t, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_utf8_ptr( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + buf: *mut c_char, + bsize: size_t, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_octet_string( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + buf: *const c_void, + bsize: size_t, + ) -> c_int; + pub fn OSSL_PARAM_BLD_push_octet_ptr( + bld: *mut OSSL_PARAM_BLD, + key: *const c_char, + buf: *mut c_void, + bsize: size_t, + ) -> c_int; } diff --git a/openssl-sys/src/handwritten/pem.rs b/openssl-sys/src/handwritten/pem.rs index 42997177e4..e69e5fe43b 100644 --- a/openssl-sys/src/handwritten/pem.rs +++ b/openssl-sys/src/handwritten/pem.rs @@ -15,35 +15,6 @@ const_ptr_api! { pub fn PEM_write_bio_X509(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_CRL) -> c_int; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: #[const_ptr_if(ossl300)] RSA, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: #[const_ptr_if(ossl300)] DSA, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: #[const_ptr_if(ossl300)] EC_KEY, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; pub fn PEM_write_bio_PrivateKey( bio: *mut BIO, pkey: #[const_ptr_if(ossl300)] EVP_PKEY, @@ -64,7 +35,6 @@ const_ptr_api! { user_data: *mut c_void, ) -> c_int; pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: #[const_ptr_if(ossl300)] PKCS7) -> c_int; - pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; pub fn i2d_PKCS8PrivateKey_bio( bp: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY, @@ -96,56 +66,6 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509_CRL; - pub fn PEM_read_bio_RSAPrivateKey( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_read_bio_RSAPublicKey( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int; - pub fn PEM_read_bio_RSA_PUBKEY( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_read_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *mut *mut DSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DSA; - pub fn PEM_read_bio_DSA_PUBKEY( - bp: *mut BIO, - dsa: *mut *mut DSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DSA; - pub fn PEM_read_bio_ECPrivateKey( - bio: *mut BIO, - key: *mut *mut EC_KEY, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut EC_KEY; - pub fn PEM_read_bio_EC_PUBKEY( - bp: *mut BIO, - ec: *mut *mut EC_KEY, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut EC_KEY; - pub fn PEM_read_bio_DHparams( - bio: *mut BIO, - out: *mut *mut DH, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DH; - pub fn PEM_write_bio_DHparams(bio: *mut BIO, x: *const DH) -> c_int; pub fn PEM_read_bio_PrivateKey( bio: *mut BIO, out: *mut *mut EVP_PKEY, @@ -179,13 +99,98 @@ extern "C" { u: *mut c_void, ) -> *mut PKCS7; - #[cfg(ossl101)] pub fn PEM_read_bio_CMS( bio: *mut BIO, out: *mut *mut CMS_ContentInfo, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] pub fn PEM_write_bio_CMS(bio: *mut BIO, cms: *const CMS_ContentInfo) -> c_int; } + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +const_ptr_api! { + extern "C" { + pub fn PEM_read_bio_DHparams( + bio: *mut BIO, + out: *mut *mut DH, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DH; + pub fn PEM_read_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: *mut *mut DSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DSA; + pub fn PEM_read_bio_DSA_PUBKEY( + bp: *mut BIO, + dsa: *mut *mut DSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DSA; + pub fn PEM_read_bio_ECPrivateKey( + bio: *mut BIO, + key: *mut *mut EC_KEY, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut EC_KEY; + pub fn PEM_read_bio_EC_PUBKEY( + bp: *mut BIO, + ec: *mut *mut EC_KEY, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut EC_KEY; + pub fn PEM_read_bio_RSAPrivateKey( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + pub fn PEM_read_bio_RSA_PUBKEY( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + pub fn PEM_read_bio_RSAPublicKey( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + + pub fn PEM_write_bio_DHparams(bio: *mut BIO, x: *const DH) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: #[const_ptr_if(ossl300)] DSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: #[const_ptr_if(ossl300)] EC_KEY, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: #[const_ptr_if(ossl300)] RSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; + pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int; + } +} diff --git a/openssl-sys/src/handwritten/pkcs12.rs b/openssl-sys/src/handwritten/pkcs12.rs index 728c333ad2..0553dfd2f6 100644 --- a/openssl-sys/src/handwritten/pkcs12.rs +++ b/openssl-sys/src/handwritten/pkcs12.rs @@ -36,8 +36,8 @@ extern "C" { const_ptr_api! { extern "C" { pub fn PKCS12_create( - pass: #[const_ptr_if(any(ossl110, libressl280))] c_char, - friendly_name: #[const_ptr_if(any(ossl110, libressl280))] c_char, + pass: #[const_ptr_if(any(ossl110, libressl))] c_char, + friendly_name: #[const_ptr_if(any(ossl110, libressl))] c_char, pkey: *mut EVP_PKEY, cert: *mut X509, ca: *mut stack_st_X509, diff --git a/openssl-sys/src/handwritten/rsa.rs b/openssl-sys/src/handwritten/rsa.rs index d05edfc301..ddc42a2db6 100644 --- a/openssl-sys/src/handwritten/rsa.rs +++ b/openssl-sys/src/handwritten/rsa.rs @@ -4,6 +4,9 @@ use libc::*; cfg_if! { if #[cfg(ossl300)] { extern "C" { + pub fn EVP_PKEY_CTX_set_rsa_keygen_bits(ctx: *mut EVP_PKEY_CTX, bits: c_int) -> c_int; + pub fn EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx: *mut EVP_PKEY_CTX, pubexp: *mut BIGNUM) -> c_int; + pub fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: c_int) -> c_int; pub fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: *mut c_int) -> c_int; @@ -13,31 +16,32 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn RSA_new() -> *mut RSA; pub fn RSA_size(k: *const RSA) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_set0_key(r: *mut RSA, n: *mut BIGNUM, e: *mut BIGNUM, d: *mut BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_set0_factors(r: *mut RSA, p: *mut BIGNUM, q: *mut BIGNUM) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_set0_crt_params( r: *mut RSA, dmp1: *mut BIGNUM, dmq1: *mut BIGNUM, iqmp: *mut BIGNUM, ) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_get0_key( r: *const RSA, n: *mut *const BIGNUM, e: *mut *const BIGNUM, d: *mut *const BIGNUM, ); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_get0_factors(r: *const RSA, p: *mut *const BIGNUM, q: *mut *const BIGNUM); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn RSA_get0_crt_params( r: *const RSA, dmp1: *mut *const BIGNUM, diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs index 163c75aed9..c7b718e0f8 100644 --- a/openssl-sys/src/handwritten/ssl.rs +++ b/openssl-sys/src/handwritten/ssl.rs @@ -4,64 +4,8 @@ use libc::*; pub enum SSL_METHOD {} pub enum SSL_CIPHER {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum SSL_SESSION {} - } else if #[cfg(libressl251)] { - #[repr(C)] - pub struct SSL_SESSION { - ssl_version: c_int, - pub master_key_length: c_int, - pub master_key: [c_uchar; 48], - session_id_length: c_uint, - session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - peer: *mut X509, - verify_result: c_long, - timeout: c_long, - time: time_t, - pub references: c_int, - cipher: *const SSL_CIPHER, - cipher_id: c_long, - ciphers: *mut stack_st_SSL_CIPHER, - tlsext_hostname: *mut c_char, - tlsext_tick: *mut c_uchar, - tlsext_ticklen: size_t, - tlsext_tick_lifetime_int: c_long, - internal: *mut c_void, - } - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct SSL_SESSION { - ssl_version: c_int, - pub master_key_length: c_int, - pub master_key: [c_uchar; 48], - session_id_length: c_uint, - session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - not_resumable: c_int, - sess_cert: *mut c_void, - peer: *mut X509, - verify_result: c_long, - timeout: c_long, - time: time_t, - pub references: c_int, - cipher: *const c_void, - cipher_id: c_ulong, - ciphers: *mut c_void, - ex_data: CRYPTO_EX_DATA, - prev: *mut c_void, - next: *mut c_void, - tlsext_hostname: *mut c_char, - tlsext_ecpointformatlist_length: size_t, - tlsext_ecpointformatlist: *mut u8, - tlsext_ellipticcurvelist_length: size_t, - tlsext_ellipticcurvelist: *mut u16, - tlsext_tick: *mut c_uchar, - tlsext_ticklen: size_t, - tlsext_tick_lifetime_hint: c_long, - } } else { #[repr(C)] pub struct SSL_SESSION { @@ -225,7 +169,7 @@ extern "C" { } cfg_if! { // const change in passed function pointer signature - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn SSL_CTX_sess_set_get_cb( ctx: *mut SSL_CTX, @@ -257,7 +201,7 @@ extern "C" { cfg_if! { // const change in passed function pointer signature - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn SSL_CTX_set_cookie_verify_cb( s: *mut SSL_CTX, @@ -339,11 +283,8 @@ extern "C" { } extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(any(ossl102, libressl261))] #[link_name = "SSL_CTX_set_alpn_select_cb"] pub fn SSL_CTX_set_alpn_select_cb__fixed_rust( ssl: *mut SSL_CTX, @@ -359,7 +300,6 @@ extern "C" { >, arg: *mut c_void, ); - #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); } @@ -413,13 +353,13 @@ extern "C" { #[cfg(ossl111)] pub fn SSL_CTX_set_keylog_callback(ctx: *mut SSL_CTX, cb: SSL_CTX_keylog_cb_func); - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_CTX_set_max_early_data(ctx: *mut SSL_CTX, max_early_data: u32) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_CTX_get_max_early_data(ctx: *const SSL_CTX) -> u32; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_set_max_early_data(ctx: *mut SSL, max_early_data: u32) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_get_max_early_data(ctx: *const SSL) -> u32; pub fn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t; @@ -437,19 +377,13 @@ const_ptr_api! { } cfg_if! { - if #[cfg(libressl261)] { + if #[cfg(libressl)] { extern "C" { pub fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: u16) -> c_int; pub fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: u16) -> c_int; pub fn SSL_set_min_proto_version(s: *mut SSL, version: u16) -> c_int; pub fn SSL_set_max_proto_version(s: *mut SSL, version: u16) -> c_int; - } - } -} -cfg_if! { - if #[cfg(libressl270)] { - extern "C" { pub fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int; pub fn SSL_get_min_proto_version(s: *mut SSL) -> c_int; @@ -462,7 +396,7 @@ extern "C" { pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); @@ -472,12 +406,14 @@ extern "C" { } const_ptr_api! { extern "C" { - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl280))] c_char; + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl))] c_char; } } extern "C" { #[cfg(ossl111)] pub fn SSL_CIPHER_get_handshake_digest(cipher: *const SSL_CIPHER) -> *const EVP_MD; + #[cfg(ossl111)] + pub fn SSL_CIPHER_get_protocol_id(cipher: *const SSL_CIPHER) -> u16; pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; #[cfg(ossl111)] pub fn SSL_CIPHER_standard_name(cipher: *const SSL_CIPHER) -> *const c_char; @@ -488,9 +424,9 @@ extern "C" { pub fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO); pub fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO; pub fn SSL_get_wbio(ssl: *const SSL) -> *mut BIO; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_set_ciphersuites(ssl: *mut SSL, str: *const c_char) -> c_int; pub fn SSL_set_cipher_list(ssl: *mut SSL, s: *const c_char) -> c_int; pub fn SSL_set_ssl_method(s: *mut SSL, method: *const SSL_METHOD) -> c_int; @@ -520,7 +456,7 @@ extern "C" { pub fn SSL_use_PrivateKey_file(ssl: *mut SSL, file: *const c_char, type_: c_int) -> c_int; pub fn SSL_use_PrivateKey(ssl: *mut SSL, pkey: *mut EVP_PKEY) -> c_int; pub fn SSL_use_certificate(ssl: *mut SSL, x: *mut X509) -> c_int; - #[cfg(any(ossl110, libressl332))] + #[cfg(any(ossl110, libressl))] pub fn SSL_use_certificate_chain_file(ssl: *mut SSL, file: *const c_char) -> c_int; pub fn SSL_set_client_CA_list(s: *mut SSL, name_list: *mut stack_st_X509_NAME); pub fn SSL_add_client_CA(ssl: *mut SSL, x: *mut X509) -> c_int; @@ -533,16 +469,16 @@ extern "C" { pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long; pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_SESSION_get_max_early_data(ctx: *const SSL_SESSION) -> u32; pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); } @@ -575,7 +511,7 @@ extern "C" { ); pub fn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int); - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_CTX_set_post_handshake_auth(ctx: *mut SSL_CTX, val: c_int); pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int; @@ -588,10 +524,8 @@ extern "C" { pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; - #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM; - #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; } @@ -640,14 +574,14 @@ extern "C" { pub fn SSL_stateless(s: *mut SSL) -> c_int; pub fn SSL_connect(ssl: *mut SSL) -> c_int; pub fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; - #[cfg(any(ossl111, libressl350))] + #[cfg(any(ossl111, libressl))] pub fn SSL_read_ex(ssl: *mut SSL, buf: *mut c_void, num: usize, readbytes: *mut usize) -> c_int; pub fn SSL_peek(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; - #[cfg(any(ossl111, libressl350))] + #[cfg(any(ossl111, libressl))] pub fn SSL_peek_ex(ssl: *mut SSL, buf: *mut c_void, num: usize, readbytes: *mut usize) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_read_early_data( s: *mut SSL, buf: *mut c_void, @@ -667,14 +601,14 @@ extern "C" { extern "C" { pub fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int; - #[cfg(any(ossl111, libressl350))] + #[cfg(any(ossl111, libressl))] pub fn SSL_write_ex( ssl: *mut SSL, buf: *const c_void, num: size_t, written: *mut size_t, ) -> c_int; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn SSL_write_early_data( s: *mut SSL, buf: *const c_void, @@ -692,7 +626,7 @@ extern "C" { } cfg_if! { - if #[cfg(any(ossl110, libressl291))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn TLS_method() -> *const SSL_METHOD; @@ -770,17 +704,11 @@ extern "C" { ) -> *mut c_char; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; -} -const_ptr_api! { - extern "C" { - pub fn SSL_get_privatekey(ssl: #[const_ptr_if(any(ossl102, libressl280))] SSL) -> *mut EVP_PKEY; - } + pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; } extern "C" { - #[cfg(any(ossl102, libressl270))] pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; - #[cfg(any(ossl102, libressl340))] pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY; pub fn SSL_set_shutdown(ss: *mut SSL, mode: c_int); @@ -794,11 +722,11 @@ extern "C" { #[cfg(ossl110)] pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn SSL_SESSION_get_master_key( session: *const SSL_SESSION, out: *mut c_uchar, @@ -834,6 +762,7 @@ extern "C" { pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { #[link_name = "SSL_CTX_set_tmp_dh_callback"] pub fn SSL_CTX_set_tmp_dh_callback__fixed_rust( @@ -899,9 +828,9 @@ extern "C" { } extern "C" { - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn SSL_CIPHER_get_cipher_nid(c: *const SSL_CIPHER) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int; } @@ -914,8 +843,7 @@ const_ptr_api! { const_ptr_api! { extern "C" { - #[cfg(any(ossl102, libressl273))] - pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl273))] SSL) -> c_int; + pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl))] SSL) -> c_int; } } @@ -997,6 +925,7 @@ extern "C" { pub fn SSL_set_incoming_stream_policy(s: *mut SSL, policy: c_int, aec: u64) -> c_int; pub fn SSL_get_accept_stream_queue_len(s: *mut SSL) -> usize; pub fn SSL_set_default_stream_mode(s: *mut SSL, mode: u32) -> c_int; + pub fn SSL_get0_group_name(s: *mut SSL) -> *const c_char; } #[cfg(ossl330)] @@ -1011,3 +940,9 @@ extern "C" { pub fn SSL_get_value_uint(s: *mut SSL, class_: u32, id: u32, v: *mut u64) -> c_int; pub fn SSL_set_value_uint(s: *mut SSL, class_: u32, id: u32, v: u64) -> c_int; } + +#[cfg(ossl300)] +extern "C" { + pub fn SSL_CTX_set0_tmp_dh_pkey(ctx: *mut SSL_CTX, dhpkey: *mut EVP_PKEY) -> c_int; + pub fn SSL_set0_tmp_dh_pkey(s: *mut SSL, dhpkey: *mut EVP_PKEY) -> c_int; +} diff --git a/openssl-sys/src/handwritten/types.rs b/openssl-sys/src/handwritten/types.rs index d465a44148..9caa607774 100644 --- a/openssl-sys/src/handwritten/types.rs +++ b/openssl-sys/src/handwritten/types.rs @@ -27,7 +27,7 @@ pub enum ASN1_UTF8STRING {} pub enum bio_st {} // FIXME remove cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum BIO {} } else { #[repr(C)] @@ -67,7 +67,7 @@ cfg_if! { } } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum BIGNUM {} } else { #[repr(C)] @@ -87,7 +87,7 @@ pub enum BN_CTX {} pub enum BN_GENCB {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum EVP_CIPHER {} } else { #[repr(C)] @@ -118,7 +118,7 @@ cfg_if! { pub enum EVP_CIPHER_CTX {} pub enum EVP_MD {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum EVP_MD_CTX {} } else { #[repr(C)] @@ -142,7 +142,7 @@ pub enum EVP_PKEY_CTX {} pub enum CMAC_CTX {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum HMAC_CTX {} } else { #[repr(C)] @@ -158,7 +158,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum DH {} } else { #[repr(C)] @@ -187,7 +187,7 @@ cfg_if! { pub enum DH_METHOD {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum DSA {} } else { #[repr(C)] @@ -216,36 +216,8 @@ cfg_if! { pub enum DSA_METHOD {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum RSA {} - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct RSA { - pub pad: c_int, - pub version: c_long, - pub meth: *const RSA_METHOD, - - pub engine: *mut ENGINE, - pub n: *mut BIGNUM, - pub e: *mut BIGNUM, - pub d: *mut BIGNUM, - pub p: *mut BIGNUM, - pub q: *mut BIGNUM, - pub dmp1: *mut BIGNUM, - pub dmq1: *mut BIGNUM, - pub iqmp: *mut BIGNUM, - - pub ex_data: CRYPTO_EX_DATA, - pub references: c_int, - pub flags: c_int, - - pub _method_mod_n: *mut BN_MONT_CTX, - pub _method_mod_p: *mut BN_MONT_CTX, - pub _method_mod_q: *mut BN_MONT_CTX, - - pub blinding: *mut BN_BLINDING, - pub mt_blinding: *mut BN_BLINDING, - } } else { #[repr(C)] pub struct RSA { @@ -282,34 +254,8 @@ pub enum RSA_METHOD {} pub enum EC_KEY {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509 {} - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct X509 { - pub cert_info: *mut X509_CINF, - pub sig_alg: *mut X509_ALGOR, - pub signature: *mut ASN1_BIT_STRING, - pub valid: c_int, - pub references: c_int, - pub name: *mut c_char, - pub ex_data: CRYPTO_EX_DATA, - pub ex_pathlen: c_long, - pub ex_pcpathlen: c_long, - pub ex_flags: c_ulong, - pub ex_kusage: c_ulong, - pub ex_xkusage: c_ulong, - pub ex_nscert: c_ulong, - skid: *mut c_void, - akid: *mut c_void, - policy_cache: *mut c_void, - crldp: *mut c_void, - altname: *mut c_void, - nc: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] - sha1_hash: [c_uchar; 20], - aux: *mut c_void, - } } else { #[repr(C)] pub struct X509 { @@ -361,7 +307,7 @@ pub enum X509_LOOKUP_METHOD {} pub enum X509_NAME {} cfg_if! { - if #[cfg(any(ossl110, libressl270))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_STORE {} } else { #[repr(C)] @@ -399,34 +345,8 @@ cfg_if! { pub enum X509_STORE_CTX {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_VERIFY_PARAM {} - } else if #[cfg(libressl251)] { - #[repr(C)] - pub struct X509_VERIFY_PARAM { - pub name: *mut c_char, - pub check_time: time_t, - pub inh_flags: c_ulong, - pub flags: c_ulong, - pub purpose: c_int, - pub trust: c_int, - pub depth: c_int, - pub policies: *mut stack_st_ASN1_OBJECT, - id: *mut c_void, - } - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct X509_VERIFY_PARAM { - pub name: *mut c_char, - pub check_time: time_t, - pub inh_flags: c_ulong, - pub flags: c_ulong, - pub purpose: c_int, - pub trust: c_int, - pub depth: c_int, - pub policies: *mut stack_st_ASN1_OBJECT, - //pub id: *mut X509_VERIFY_PARAM_ID, - } } else { #[repr(C)] pub struct X509_VERIFY_PARAM { @@ -445,7 +365,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl270))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_OBJECT {} } else { #[repr(C)] @@ -486,143 +406,8 @@ pub enum OPENSSL_INIT_SETTINGS {} pub enum ENGINE {} cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum SSL {} - } else if #[cfg(libressl251)] { - #[repr(C)] - pub struct SSL { - version: c_int, - method: *const SSL_METHOD, - rbio: *mut BIO, - wbio: *mut BIO, - bbio: *mut BIO, - pub server: c_int, - s3: *mut c_void, - d1: *mut c_void, - param: *mut c_void, - cipher_list: *mut stack_st_SSL_CIPHER, - cert: *mut c_void, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - session: *mut SSL_SESSION, - verify_mode: c_int, - error: c_int, - error_code: c_int, - ctx: *mut SSL_CTX, - verify_result: c_long, - references: c_int, - client_version: c_int, - max_send_fragment: c_uint, - tlsext_hostname: *mut c_char, - tlsext_status_type: c_int, - initial_ctx: *mut SSL_CTX, - enc_read_ctx: *mut EVP_CIPHER_CTX, - read_hash: *mut EVP_MD_CTX, - internal: *mut c_void, - } - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct SSL { - version: c_int, - type_: c_int, - method: *const SSL_METHOD, - rbio: *mut c_void, - wbio: *mut c_void, - bbio: *mut c_void, - rwstate: c_int, - in_handshake: c_int, - handshake_func: Option c_int>, - pub server: c_int, - new_session: c_int, - quiet_shutdown: c_int, - shutdown: c_int, - state: c_int, - rstate: c_int, - init_buf: *mut c_void, - init_msg: *mut c_void, - init_num: c_int, - init_off: c_int, - packet: *mut c_uchar, - packet_length: c_uint, - s3: *mut c_void, - d1: *mut c_void, - read_ahead: c_int, - msg_callback: Option< - unsafe extern "C" fn(c_int, - c_int, - c_int, - *const c_void, - size_t, - *mut SSL, - *mut c_void), - >, - msg_callback_arg: *mut c_void, - hit: c_int, - param: *mut c_void, - cipher_list: *mut stack_st_SSL_CIPHER, - cipher_list_by_id: *mut stack_st_SSL_CIPHER, - mac_flags: c_int, - aead_read_ctx: *mut c_void, - enc_read_ctx: *mut EVP_CIPHER_CTX, - read_hash: *mut EVP_MD_CTX, - aead_write_ctx: *mut c_void, - enc_write_ctx: *mut EVP_CIPHER_CTX, - write_hash: *mut EVP_MD_CTX, - cert: *mut c_void, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - session: *mut SSL_SESSION, - generate_session_id: GEN_SESSION_CB, - verify_mode: c_int, - verify_callback: Option c_int>, - info_callback: Option, - error: c_int, - error_code: c_int, - ctx: *mut SSL_CTX, - debug: c_int, - verify_result: c_long, - ex_data: CRYPTO_EX_DATA, - client_CA: *mut stack_st_X509_NAME, - references: c_int, - options: c_ulong, - mode: c_ulong, - max_cert_list: c_long, - first_packet: c_int, - client_version: c_int, - max_send_fragment: c_uint, - tlsext_debug_cb: - Option, - tlsext_debug_arg: *mut c_void, - tlsext_hostname: *mut c_char, - servername_done: c_int, - tlsext_status_type: c_int, - tlsext_status_expected: c_int, - tlsext_ocsp_ids: *mut c_void, - tlsext_ocsp_exts: *mut c_void, - tlsext_ocsp_resp: *mut c_uchar, - tlsext_ocsp_resplen: c_int, - tlsext_ticket_expected: c_int, - tlsext_ecpointformatlist_length: size_t, - tlsext_ecpointformatlist: *mut c_uchar, - tlsext_ellipticcurvelist_length: size_t, - tlsext_ellipticcurvelist: *mut c_uchar, - tlsext_session_ticket: *mut c_void, - tlsext_session_ticket_ext_cb: tls_session_ticket_ext_cb_fn, - tls_session_ticket_ext_cb_arg: *mut c_void, - tls_session_secret_cb: tls_session_secret_cb_fn, - tls_session_secret_cb_arg: *mut c_void, - initial_ctx: *mut SSL_CTX, - next_proto_negotiated: *mut c_uchar, - next_proto_negotiated_len: c_uchar, - srtp_profiles: *mut c_void, - srtp_profile: *mut c_void, - tlsext_heartbeat: c_uint, - tlsext_hb_pending: c_uint, - tlsext_hb_seq: c_uint, - alpn_client_proto_list: *mut c_uchar, - alpn_client_proto_list_len: c_uint, - renegotiate: c_int, - } } else { #[repr(C)] pub struct SSL { @@ -788,95 +573,8 @@ cfg_if! { } } cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum SSL_CTX {} - } else if #[cfg(libressl251)] { - #[repr(C)] - pub struct SSL_CTX { - method: *const SSL_METHOD, - cipher_list: *mut stack_st_SSL_CIPHER, - cert_store: *mut c_void, - session_timeout: c_long, - pub references: c_int, - extra_certs: *mut stack_st_X509, - verify_mode: c_int, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - param: *mut X509_VERIFY_PARAM, - default_passwd_callback: *mut c_void, - default_passwd_callback_userdata: *mut c_void, - internal: *mut c_void, - } - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct SSL_CTX { - method: *mut c_void, - cipher_list: *mut c_void, - cipher_list_by_id: *mut c_void, - cert_store: *mut c_void, - sessions: *mut c_void, - session_cache_size: c_ulong, - session_cache_head: *mut c_void, - session_cache_tail: *mut c_void, - session_cache_mode: c_int, - session_timeout: c_long, - new_session_cb: *mut c_void, - remove_session_cb: *mut c_void, - get_session_cb: *mut c_void, - stats: [c_int; 11], - pub references: c_int, - app_verify_callback: *mut c_void, - app_verify_arg: *mut c_void, - default_passwd_callback: *mut c_void, - default_passwd_callback_userdata: *mut c_void, - client_cert_cb: *mut c_void, - app_gen_cookie_cb: *mut c_void, - app_verify_cookie_cb: *mut c_void, - ex_dat: CRYPTO_EX_DATA, - rsa_md5: *mut c_void, - md5: *mut c_void, - sha1: *mut c_void, - extra_certs: *mut c_void, - comp_methods: *mut c_void, - info_callback: *mut c_void, - client_CA: *mut c_void, - options: c_ulong, - mode: c_ulong, - max_cert_list: c_long, - cert: *mut c_void, - read_ahead: c_int, - msg_callback: *mut c_void, - msg_callback_arg: *mut c_void, - verify_mode: c_int, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; 32], - default_verify_callback: *mut c_void, - generate_session_id: *mut c_void, - param: *mut c_void, - quiet_shutdown: c_int, - max_send_fragment: c_uint, - - #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] - client_cert_engine: *mut c_void, - - tlsext_servername_callback: *mut c_void, - tlsect_servername_arg: *mut c_void, - tlsext_tick_key_name: [c_uchar; 16], - tlsext_tick_hmac_key: [c_uchar; 16], - tlsext_tick_aes_key: [c_uchar; 16], - tlsext_ticket_key_cb: *mut c_void, - tlsext_status_cb: *mut c_void, - tlsext_status_arg: *mut c_void, - tlsext_opaque_prf_input_callback: *mut c_void, - tlsext_opaque_prf_input_callback_arg: *mut c_void, - - next_protos_advertised_cb: *mut c_void, - next_protos_advertised_cb_arg: *mut c_void, - next_proto_select_cb: *mut c_void, - next_proto_select_cb_arg: *mut c_void, - - srtp_profiles: *mut c_void, - } } else { #[repr(C)] pub struct SSL_CTX { @@ -988,7 +686,7 @@ cfg_if! { ))] next_proto_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profiles: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void, @@ -1072,9 +770,9 @@ cfg_if! { pub enum COMP_CTX {} cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(all(any(ossl110, libressl), not(osslconf = "OPENSSL_NO_COMP")))] { pub enum COMP_METHOD {} - } else { + } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] { #[repr(C)] pub struct COMP_METHOD { pub type_: c_int, @@ -1106,13 +804,8 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum CRYPTO_EX_DATA {} - } else if #[cfg(libressl)] { - #[repr(C)] - pub struct CRYPTO_EX_DATA { - pub sk: *mut stack_st_void, - } } else { #[repr(C)] pub struct CRYPTO_EX_DATA { @@ -1134,13 +827,32 @@ pub enum OSSL_LIB_CTX {} #[repr(C)] pub struct OSSL_PARAM { key: *const c_char, - data_type: c_uchar, + data_type: c_uint, data: *mut c_void, data_size: size_t, return_size: size_t, } +#[cfg(ossl300)] +pub enum OSSL_PARAM_BLD {} + #[cfg(ossl300)] pub enum EVP_KDF {} #[cfg(ossl300)] pub enum EVP_KDF_CTX {} + +#[cfg(ossl300)] +pub enum OSSL_ENCODER_CTX {} +#[cfg(ossl300)] +pub enum OSSL_DECODER_CTX {} + +#[cfg(ossl300)] +pub type OSSL_PASSPHRASE_CALLBACK = Option< + unsafe extern "C" fn( + pass: *mut c_char, + pass_size: size_t, + pass_len: *mut size_t, + params: *const OSSL_PARAM, + arg: *mut c_void, + ) -> c_int, +>; diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs index 0bb682764c..de7d5dacbd 100644 --- a/openssl-sys/src/handwritten/x509.rs +++ b/openssl-sys/src/handwritten/x509.rs @@ -28,7 +28,7 @@ pub enum X509_ATTRIBUTE {} stack!(stack_st_X509_ATTRIBUTE); cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_REQ_INFO {} } else { #[repr(C)] @@ -43,7 +43,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_CRL {} } else { #[repr(C)] @@ -70,7 +70,7 @@ cfg_if! { stack!(stack_st_X509_CRL); cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_CRL_INFO {} } else { #[repr(C)] @@ -88,7 +88,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_REVOKED {} } else { #[repr(C)] @@ -106,7 +106,7 @@ cfg_if! { stack!(stack_st_X509_REVOKED); cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_REQ {} } else { #[repr(C)] @@ -120,7 +120,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { pub enum X509_CINF {} } else { #[repr(C)] @@ -169,15 +169,25 @@ const_ptr_api! { pub fn i2d_PUBKEY_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; pub fn i2d_PUBKEY(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + } +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +const_ptr_api! { + extern "C" { pub fn i2d_RSA_PUBKEY(k: #[const_ptr_if(ossl300)] RSA, buf: *mut *mut u8) -> c_int; pub fn i2d_DSA_PUBKEY(a: #[const_ptr_if(ossl300)] DSA, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn i2d_ECPrivateKey(ec_key: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_EC_PUBKEY(a: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; } } extern "C" { pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; pub fn d2i_EC_PUBKEY( @@ -195,12 +205,11 @@ extern "C" { const_ptr_api! { extern "C" { - #[cfg(any(ossl102, libressl350))] pub fn X509_ALGOR_get0( - paobj: *mut #[const_ptr_if(any(ossl110, libressl350))] ASN1_OBJECT, + paobj: *mut #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, pptype: *mut c_int, - ppval: *mut #[const_ptr_if(any(ossl110, libressl350))] c_void, - alg: #[const_ptr_if(any(ossl110, libressl350))] X509_ALGOR, + ppval: *mut #[const_ptr_if(any(ossl110, libressl))] c_void, + alg: #[const_ptr_if(any(ossl110, libressl))] X509_ALGOR, ); } } @@ -217,7 +226,7 @@ extern "C" { } const_ptr_api! { extern "C" { - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_REVOKED_dup(rev: #[const_ptr_if(ossl300)] X509_REVOKED) -> *mut X509_REVOKED; } } @@ -246,7 +255,7 @@ extern "C" { const_ptr_api! { extern "C" { pub fn i2d_X509_CRL(x: #[const_ptr_if(ossl300)] X509_CRL, buf: *mut *mut u8) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_dup(x: #[const_ptr_if(ossl300)] X509_CRL) -> *mut X509_CRL; } } @@ -264,14 +273,13 @@ const_ptr_api! { extern "C" { pub fn i2d_X509_REQ(x: #[const_ptr_if(ossl300)] X509_REQ, buf: *mut *mut u8) -> c_int; - #[cfg(any(ossl102, libressl273))] pub fn X509_get0_signature( - psig: *mut #[const_ptr_if(any(ossl110, libressl273))] ASN1_BIT_STRING, - palg: *mut #[const_ptr_if(any(ossl110, libressl273))] X509_ALGOR, + psig: *mut #[const_ptr_if(any(ossl110, libressl))] ASN1_BIT_STRING, + palg: *mut #[const_ptr_if(any(ossl110, libressl))] X509_ALGOR, x: *const X509, ); - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_REQ_dup(x: #[const_ptr_if(ossl300)] X509_REQ) -> *mut X509_REQ; } } @@ -293,11 +301,10 @@ extern "C" { const_ptr_api! { extern "C" { pub fn i2d_X509(x: #[const_ptr_if(ossl300)] X509, buf: *mut *mut u8) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_NAME_dup(x: #[const_ptr_if(ossl300)] X509_NAME) -> *mut X509_NAME; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_dup(x: #[const_ptr_if(ossl300)] X509) -> *mut X509; - #[cfg(any(ossl101, libressl350))] pub fn X509_NAME_add_entry( name: *mut X509_NAME, ne: #[const_ptr_if(any(ossl110, libressl))] X509_NAME_ENTRY, @@ -330,13 +337,13 @@ extern "C" { } const_ptr_api! { extern "C" { - pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] X509) -> *mut X509_NAME; + pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl))] X509) -> *mut X509_NAME; pub fn X509_set_subject_name(x: *mut X509, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; - pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl280))] X509) -> *mut X509_NAME; + pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl))] X509) -> *mut X509_NAME; } } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn X509_set1_notBefore(x: *mut X509, tm: *const ASN1_TIME) -> c_int; pub fn X509_set1_notAfter(x: *mut X509, tm: *const ASN1_TIME) -> c_int; @@ -349,10 +356,10 @@ cfg_if! { } } extern "C" { - #[cfg(any(ossl110, libressl350))] + #[cfg(any(ossl110, libressl))] pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; pub fn X509_REQ_set_version(req: *mut X509_REQ, version: c_long) -> c_int; - #[cfg(any(ossl110, libressl350))] + #[cfg(any(ossl110, libressl))] pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut X509_NAME; } const_ptr_api! { @@ -401,18 +408,18 @@ extern "C" { extern "C" { pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn X509_getm_notAfter(x: *const X509) -> *mut ASN1_TIME; - #[cfg(any(ossl110, libressl273))] + #[cfg(any(ossl110, libressl))] pub fn X509_up_ref(x: *mut X509) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION; pub fn X509_REVOKED_set_serialNumber(r: *mut X509_REVOKED, serial: *mut ASN1_INTEGER) -> c_int; @@ -443,13 +450,13 @@ const_ptr_api! { } extern "C" { - #[cfg(any(ossl110, libressl281))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; - #[cfg(any(ossl110, libressl281))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; - #[cfg(any(ossl110, libressl281))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_get0_lastUpdate(x: *const X509_CRL) -> *const ASN1_TIME; - #[cfg(any(ossl110, libressl281))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_get_issuer(x: *const X509_CRL) -> *mut X509_NAME; #[cfg(ossl110)] @@ -465,18 +472,18 @@ const_ptr_api! { extern "C" { pub fn X509_CRL_sort(crl: *mut X509_CRL) -> c_int; - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; pub fn X509_CRL_add0_revoked(crl: *mut X509_CRL, rev: *mut X509_REVOKED) -> c_int; } cfg_if! { - if #[cfg(any(ossl110, libressl270))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn X509_CRL_set1_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; pub fn X509_CRL_set1_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; } } else { - // libressl270 kept them, ossl110 "#define"s them to the variants above + // ossl110 "#define"s these to the variants above extern "C" { pub fn X509_CRL_set_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; pub fn X509_CRL_set_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; @@ -486,21 +493,21 @@ cfg_if! { const_ptr_api! { extern "C" { - pub fn X509_NAME_entry_count(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME) -> c_int; - pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(any(ossl300, libressl280))] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - pub fn X509_NAME_get_entry(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; + pub fn X509_NAME_entry_count(n: #[const_ptr_if(any(ossl110, libressl))] X509_NAME) -> c_int; + pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(any(ossl300, libressl))] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; + pub fn X509_NAME_get_entry(n: #[const_ptr_if(any(ossl110, libressl))] X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; pub fn X509_NAME_add_entry_by_NID( x: *mut X509_NAME, field: c_int, ty: c_int, - bytes: #[const_ptr_if(any(ossl110, libressl280))] c_uchar, + bytes: #[const_ptr_if(any(ossl110, libressl))] c_uchar, len: c_int, loc: c_int, set: c_int, ) -> c_int; pub fn i2d_X509_NAME(n: #[const_ptr_if(ossl300)] X509_NAME, buf: *mut *mut u8) -> c_int; - pub fn X509_NAME_ENTRY_get_object(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_OBJECT; - pub fn X509_NAME_ENTRY_get_data(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_STRING; + pub fn X509_NAME_ENTRY_get_object(ne: #[const_ptr_if(any(ossl110, libressl))] X509_NAME_ENTRY) -> *mut ASN1_OBJECT; + pub fn X509_NAME_ENTRY_get_data(ne: #[const_ptr_if(any(ossl110, libressl))] X509_NAME_ENTRY) -> *mut ASN1_STRING; } } extern "C" { @@ -599,47 +606,47 @@ const_ptr_api! { const_ptr_api! { extern "C" { // in X509 - pub fn X509_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509) -> c_int; - pub fn X509_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl))] X509) -> c_int; + pub fn X509_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl))] X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl))] X509, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl))] X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: #[const_ptr_if(any(ossl110, libressl))] X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_get_ext_d2i( - x: #[const_ptr_if(any(ossl110, libressl280))] X509, + x: #[const_ptr_if(any(ossl110, libressl))] X509, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; // in X509_CRL - pub fn X509_CRL_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL) -> c_int; - pub fn X509_CRL_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_CRL_get_ext_d2i( - x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, + x: #[const_ptr_if(any(ossl110, libressl))] X509_CRL, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; // in X509_REVOKED - pub fn X509_REVOKED_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED) -> c_int; - pub fn X509_REVOKED_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_REVOKED_get_ext_d2i( - x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, + x: #[const_ptr_if(any(ossl110, libressl))] X509_REVOKED, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; // X509_EXTENSION stack - pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, lastpos: c_int) -> c_int; // X509_EXTENSION itself - pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; - pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT) -> c_int; - pub fn X509_EXTENSION_get_critical(ex: #[const_ptr_if(any(ossl110, libressl280))] X509_EXTENSION) -> c_int; + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl))] ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: #[const_ptr_if(any(ossl110, libressl))] X509_EXTENSION) -> c_int; } } @@ -649,20 +656,20 @@ extern "C" { const_ptr_api! { extern "C" { - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT; #[cfg(ossl300)] pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509; } } -#[cfg(any(ossl110, libressl270))] +#[cfg(any(ossl110, libressl))] extern "C" { pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509; } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { extern "C" { pub fn X509_OBJECT_free(a: *mut X509_OBJECT); } @@ -714,8 +721,8 @@ cfg_if! { const_ptr_api! { extern "C" { - pub fn X509_PURPOSE_get_by_sname(sname: #[const_ptr_if(any(ossl110, libressl280))] c_char) -> c_int; - pub fn X509_PURPOSE_get_id(purpose: #[const_ptr_if(any(ossl110, libressl280))] X509_PURPOSE) -> c_int; + pub fn X509_PURPOSE_get_by_sname(sname: #[const_ptr_if(any(ossl110, libressl))] c_char) -> c_int; + pub fn X509_PURPOSE_get_id(purpose: #[const_ptr_if(any(ossl110, libressl))] X509_PURPOSE) -> c_int; pub fn X509_PURPOSE_get0(idx: c_int) -> #[const_ptr_if(libressl390)] X509_PURPOSE; } } @@ -773,7 +780,7 @@ extern "C" { const_ptr_api! { extern "C" { pub fn X509_ATTRIBUTE_count( - attr: #[const_ptr_if(any(ossl110, libressl280))] X509_ATTRIBUTE // const since OpenSSL v1.1.0 + attr: #[const_ptr_if(any(ossl110, libressl))] X509_ATTRIBUTE // const since OpenSSL v1.1.0 ) -> c_int; pub fn i2d_X509_ATTRIBUTE(x: #[const_ptr_if(ossl300)] X509_ATTRIBUTE, buf: *mut *mut u8) -> c_int; pub fn X509_ATTRIBUTE_dup(x: #[const_ptr_if(ossl300)] X509_ATTRIBUTE) -> *mut X509_ATTRIBUTE; diff --git a/openssl-sys/src/handwritten/x509_vfy.rs b/openssl-sys/src/handwritten/x509_vfy.rs index 31928f8979..50ef0570d8 100644 --- a/openssl-sys/src/handwritten/x509_vfy.rs +++ b/openssl-sys/src/handwritten/x509_vfy.rs @@ -74,7 +74,7 @@ extern "C" { pub fn X509_STORE_CTX_set_error(ctx: *mut X509_STORE_CTX, error: c_int); } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { const_ptr_api! { extern "C" { pub fn X509_STORE_CTX_get0_chain(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> *mut stack_st_X509; @@ -88,45 +88,34 @@ cfg_if! { } extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_new() -> *mut X509_VERIFY_PARAM; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_time(param: *mut X509_VERIFY_PARAM, t: time_t); - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_depth(param: *mut X509_VERIFY_PARAM, depth: c_int); } const_ptr_api! { extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_get_flags(param: #[const_ptr_if(ossl300)] X509_VERIFY_PARAM) -> c_ulong; } } extern "C" { - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t, ) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_email( param: *mut X509_VERIFY_PARAM, email: *const c_char, emaillen: size_t, ) -> c_int; - #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_ip( param: *mut X509_VERIFY_PARAM, ip: *const c_uchar, @@ -136,6 +125,5 @@ extern "C" { pub fn X509_VERIFY_PARAM_set_auth_level(param: *mut X509_VERIFY_PARAM, lvl: c_int); #[cfg(ossl110)] pub fn X509_VERIFY_PARAM_get_auth_level(param: *const X509_VERIFY_PARAM) -> c_int; - #[cfg(ossl102)] pub fn X509_VERIFY_PARAM_set_purpose(param: *mut X509_VERIFY_PARAM, purpose: c_int) -> c_int; } diff --git a/openssl-sys/src/handwritten/x509v3.rs b/openssl-sys/src/handwritten/x509v3.rs index 1a548c0e25..05093efed6 100644 --- a/openssl-sys/src/handwritten/x509v3.rs +++ b/openssl-sys/src/handwritten/x509v3.rs @@ -42,13 +42,13 @@ const_ptr_api! { conf: *mut CONF, ctx: *mut X509V3_CTX, ext_nid: c_int, - value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + value: #[const_ptr_if(any(ossl110, libressl))] c_char, ) -> *mut X509_EXTENSION; pub fn X509V3_EXT_nconf( conf: *mut CONF, ctx: *mut X509V3_CTX, - name: #[const_ptr_if(any(ossl110, libressl280))] c_char, - value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + name: #[const_ptr_if(any(ossl110, libressl))] c_char, + value: #[const_ptr_if(any(ossl110, libressl))] c_char, ) -> *mut X509_EXTENSION; } } @@ -74,12 +74,12 @@ extern "C" { const_ptr_api! { extern "C" { pub fn X509V3_get_d2i( - x: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, + x: #[const_ptr_if(any(ossl110, libressl))] stack_st_X509_EXTENSION, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; - pub fn X509V3_extensions_print(out: *mut BIO, title: #[const_ptr_if(any(ossl110, libressl280))] c_char, exts: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + pub fn X509V3_extensions_print(out: *mut BIO, title: #[const_ptr_if(any(ossl110, libressl))] c_char, exts: #[const_ptr_if(any(ossl110, libressl))] stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; } } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 0e8923bac4..cc99e0a084 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -35,10 +35,13 @@ extern crate aws_lc_sys; #[cfg(awslc)] #[path = "."] mod aws_lc { - #[cfg(feature = "aws-lc")] + #[cfg(all(feature = "aws-lc", not(feature = "aws-lc-fips")))] pub use aws_lc_sys::*; - #[cfg(not(feature = "aws-lc"))] + #[cfg(feature = "aws-lc-fips")] + pub use aws_lc_fips_sys::*; + + #[cfg(not(any(feature = "aws-lc", feature = "aws-lc-fips")))] include!(concat!(env!("OUT_DIR"), "/bindgen.rs")); use libc::{c_char, c_long, c_void}; @@ -69,7 +72,11 @@ mod openssl { pub use self::bio::*; pub use self::bn::*; pub use self::cms::*; + #[cfg(ossl300)] + pub use self::core_dispatch::*; pub use self::crypto::*; + pub use self::dh::*; + pub use self::dsa::*; pub use self::dtls1::*; pub use self::ec::*; pub use self::err::*; @@ -99,7 +106,11 @@ mod openssl { mod bio; mod bn; mod cms; + #[cfg(ossl300)] + mod core_dispatch; mod crypto; + mod dh; + mod dsa; mod dtls1; mod ec; mod err; @@ -147,7 +158,10 @@ mod openssl { }) } - #[cfg(not(ossl110))] + #[cfg(libressl)] + pub fn init() {} + + #[cfg(not(any(ossl110, libressl)))] pub fn init() { use std::io::{self, Write}; use std::mem; @@ -164,12 +178,12 @@ mod openssl { _file: *const c_char, _line: c_int, ) { - let mutex = &(*MUTEXES)[n as usize]; + let mutex = &(&(*MUTEXES))[n as usize]; if mode & CRYPTO_LOCK != 0 { - (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); + (&mut (*GUARDS))[n as usize] = Some(mutex.lock().unwrap()); } else { - if let None = (*GUARDS)[n as usize].take() { + if let None = (&mut (*GUARDS))[n as usize].take() { let _ = writeln!( io::stderr(), "BUG: rust-openssl lock {} already unlocked, aborting", diff --git a/openssl-sys/src/macros.rs b/openssl-sys/src/macros.rs index e1c1427c67..ec6ac46703 100644 --- a/openssl-sys/src/macros.rs +++ b/openssl-sys/src/macros.rs @@ -97,7 +97,7 @@ macro_rules! stack { macro_rules! const_ptr_api { // ---------------------------------------------------------------- // (partialarg): partial argument, waiting for "final" argument type - // MAGIC PART 1: hande conditional const ptr in argument type + // MAGIC PART 1: handle conditional const ptr in argument type ( (partialarg) { $(#[$fn_attr:meta])* pub fn $fn_name:ident } $args_packed:tt @@ -181,7 +181,7 @@ macro_rules! const_ptr_api { // ---------------------------------------------------------------- // (partialret): have partial return type, waiting for final return type - // MAGIC PART 2: hande conditional const ptr in return type + // MAGIC PART 2: handle conditional const ptr in return type ( (partialret) { $(#[$fn_attr:meta])* pub fn $fn_name:ident } $args_packed:tt diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs index 8dd720a7ac..2be9e73e68 100644 --- a/openssl-sys/src/obj_mac.rs +++ b/openssl-sys/src/obj_mac.rs @@ -956,39 +956,39 @@ pub const NID_ED448: c_int = 1088; pub const NID_sm2: c_int = 1172; #[cfg(ossl111)] pub const NID_sm3: c_int = 1143; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm3: c_int = 968; #[cfg(ossl111)] pub const NID_sm3WithRSAEncryption: c_int = 1144; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm3WithRSAEncryption: c_int = 969; #[cfg(ossl111)] pub const NID_sm4_ecb: c_int = 1133; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_ecb: c_int = 973; #[cfg(ossl111)] pub const NID_sm4_cbc: c_int = 1134; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_cbc: c_int = 974; #[cfg(ossl111)] pub const NID_sm4_ofb128: c_int = 1135; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_ofb128: c_int = 975; #[cfg(ossl111)] pub const NID_sm4_cfb128: c_int = 1137; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_cfb128: c_int = 976; #[cfg(ossl111)] pub const NID_sm4_cfb1: c_int = 1136; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_cfb1: c_int = 977; #[cfg(ossl111)] pub const NID_sm4_cfb8: c_int = 1138; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_cfb8: c_int = 978; #[cfg(ossl111)] pub const NID_sm4_ctr: c_int = 1139; -#[cfg(libressl291)] +#[cfg(libressl)] pub const NID_sm4_ctr: c_int = 979; #[cfg(ossl111)] pub const NID_sha3_224: c_int = 1096; @@ -1012,7 +1012,7 @@ pub const NID_shake128: c_int = 1100; pub const NID_shake256: c_int = 1101; #[cfg(ossl110)] pub const NID_chacha20_poly1305: c_int = 1018; -#[cfg(libressl271)] +#[cfg(libressl)] pub const NID_chacha20_poly1305: c_int = 967; cfg_if! { if #[cfg(ossl340)] { diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index 0a56225a91..6b24426fb4 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -16,5 +16,5 @@ pub const PKCS7_STREAM: c_int = 0x1000; pub const PKCS7_NOCRL: c_int = 0x2000; pub const PKCS7_PARTIAL: c_int = 0x4000; pub const PKCS7_REUSE_DIGEST: c_int = 0x8000; -#[cfg(not(any(ossl101, ossl102, libressl)))] +#[cfg(ossl110)] pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs index 64107cd6b2..5a1052b74b 100644 --- a/openssl-sys/src/rsa.rs +++ b/openssl-sys/src/rsa.rs @@ -7,6 +7,26 @@ pub const RSA_F4: c_long = 0x10001; cfg_if! { if #[cfg(not(ossl300))] { + pub unsafe fn EVP_PKEY_CTX_set_rsa_keygen_bits(ctx: *mut EVP_PKEY_CTX, bits: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, + bits, + ptr::null_mut(), + ) + } + pub unsafe fn EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx: *mut EVP_PKEY_CTX, pubexp: *mut BIGNUM) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, + 0, + pubexp as *mut _, + ) + } pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { EVP_PKEY_CTX_ctrl( ctx, @@ -52,7 +72,6 @@ cfg_if! { } } -#[cfg(any(ossl102, libressl310))] pub unsafe fn EVP_PKEY_CTX_set_rsa_oaep_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { EVP_PKEY_CTX_ctrl( ctx, @@ -64,7 +83,6 @@ pub unsafe fn EVP_PKEY_CTX_set_rsa_oaep_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_ ) } -#[cfg(any(ossl102, libressl310))] pub unsafe fn EVP_PKEY_CTX_set0_rsa_oaep_label( ctx: *mut EVP_PKEY_CTX, label: *mut c_void, @@ -82,14 +100,14 @@ pub unsafe fn EVP_PKEY_CTX_set0_rsa_oaep_label( pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2; +pub const EVP_PKEY_CTRL_RSA_KEYGEN_BITS: c_int = EVP_PKEY_ALG_CTRL + 3; +pub const EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: c_int = EVP_PKEY_ALG_CTRL + 4; pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5; pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; -#[cfg(any(ossl102, libressl310))] pub const EVP_PKEY_CTRL_RSA_OAEP_MD: c_int = EVP_PKEY_ALG_CTRL + 9; -#[cfg(any(ossl102, libressl310))] pub const EVP_PKEY_CTRL_RSA_OAEP_LABEL: c_int = EVP_PKEY_ALG_CTRL + 10; pub const RSA_PKCS1_PADDING: c_int = 1; diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 38d2184b40..058ce7dc16 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -74,13 +74,13 @@ cfg_if! { pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004; cfg_if! { - if #[cfg(libressl261)] { + if #[cfg(libressl)] { pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0; - } else if #[cfg(any(ossl102, libressl))] { + } else if #[cfg(ossl102)] { pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10; } } -#[cfg(ossl101)] +#[cfg(ossl102)] pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800; @@ -89,7 +89,7 @@ pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000; pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000; pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000; cfg_if! { - if #[cfg(ossl101)] { + if #[cfg(ossl102)] { pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000; } else { pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0; @@ -98,7 +98,7 @@ cfg_if! { pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000; cfg_if! { - if #[cfg(ossl101)] { + if #[cfg(ossl102)] { pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000; pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000; } else { @@ -114,7 +114,7 @@ pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = 0x00200000; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000; cfg_if! { - if #[cfg(libressl280)] { + if #[cfg(libressl)] { pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0; } else { pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000; @@ -122,7 +122,7 @@ cfg_if! { } cfg_if! { - if #[cfg(ossl101)] { + if #[cfg(ossl102)] { pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000; } else { pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0; @@ -136,12 +136,12 @@ cfg_if! { if #[cfg(ossl102)] { pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000; pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000; - } else if #[cfg(libressl332)] { + } else if #[cfg(libressl)] { pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000; pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000; } } -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000; #[cfg(ossl110h)] @@ -162,7 +162,7 @@ cfg_if! { } cfg_if! { - if #[cfg(libressl261)] { + if #[cfg(libressl)] { pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0; } else { pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000; @@ -181,10 +181,8 @@ cfg_if! { | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; - } else if #[cfg(libressl261)] { - pub const SSL_OP_ALL: ssl_op_type!() = 0x4; } else if #[cfg(libressl)] { - pub const SSL_OP_ALL: ssl_op_type!() = 0x80000014; + pub const SSL_OP_ALL: ssl_op_type!() = 0x4; } else { pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF; } @@ -202,7 +200,7 @@ cfg_if! { pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00000000; pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000; pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x00000000; - } else if #[cfg(ossl101)] { + } else if #[cfg(ossl102)] { pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000001; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000002; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000008; @@ -221,10 +219,8 @@ cfg_if! { pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0; pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0; - #[cfg(libressl261)] + #[cfg(libressl)] pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0; - #[cfg(not(libressl261))] - pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000; pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000; pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0; } @@ -235,11 +231,11 @@ pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; pub const SSL_MODE_AUTO_RETRY: c_long = 0x4; pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8; pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10; -#[cfg(ossl101)] +#[cfg(ossl102)] pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; -#[cfg(ossl101)] +#[cfg(ossl102)] pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; -#[cfg(ossl101)] +#[cfg(ossl102)] pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { @@ -315,13 +311,15 @@ pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11; pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const SSL_CTRL_SET_TMP_DH: c_int = 3; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] +#[cfg(any(libressl, all(ossl102, not(ossl110))))] pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; pub const SSL_CTRL_SET_MTU: c_int = 17; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] +#[cfg(any(libressl, all(ossl102, not(ossl110))))] pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_MODE: c_int = 33; pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41; @@ -336,12 +334,12 @@ pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64; pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65; pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70; pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] +#[cfg(any(libressl, all(ossl102, not(ossl110))))] pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82; #[cfg(ossl102)] pub const SSL_CTRL_CHAIN_CERT: c_int = 89; -#[cfg(any(ossl111, libressl252))] +#[cfg(any(ossl111, libressl))] pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92; #[cfg(any(libressl, all(ossl102, not(ossl110))))] pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; @@ -352,34 +350,50 @@ pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; #[cfg(ossl300)] pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109; #[cfg(ossl110)] +pub const SSL_CTRL_SET_DH_AUTO: c_int = 118; +#[cfg(ossl110)] pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122; -#[cfg(any(ossl110, libressl261))] +#[cfg(any(ossl110, libressl))] pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; -#[cfg(any(ossl110, libressl261))] +#[cfg(any(ossl110, libressl))] pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; -#[cfg(any(ossl110g, libressl270))] +#[cfg(any(ossl110g, libressl))] pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; -#[cfg(any(ossl110g, libressl270))] +#[cfg(any(ossl110g, libressl))] pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; #[cfg(ossl300)] pub const SSL_CTRL_GET_TMP_KEY: c_int = 133; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long { SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long { SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) } +#[cfg(ossl110)] +pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_long { + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut()) +} + +#[cfg(ossl110)] +pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_long { + SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut()) +} + pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) } @@ -403,6 +417,14 @@ pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> cfg_if! { if #[cfg(ossl111)] { + pub unsafe fn SSL_set1_groups_list(ctx: *mut SSL, s: *const c_char) -> c_long { + SSL_ctrl( + ctx, + SSL_CTRL_SET_GROUPS_LIST, + 0, + s as *const c_void as *mut c_void, + ) + } pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long { SSL_CTX_ctrl( ctx, @@ -411,8 +433,9 @@ cfg_if! { s as *const c_void as *mut c_void, ) } - } else if #[cfg(libressl251)] { + } else if #[cfg(libressl)] { extern "C" { + pub fn SSL_set1_groups_list(ctx: *mut SSL, list: *const c_char) -> c_int; pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int; } } @@ -529,11 +552,11 @@ pub const SSL_CLIENT_HELLO_ERROR: c_int = 0; #[cfg(ossl111)] pub const SSL_CLIENT_HELLO_RETRY: c_int = -1; -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0; -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1; -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2; cfg_if! { @@ -581,11 +604,13 @@ pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long { #[allow(clashing_extern_declarations)] extern "C" { + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")] pub fn SSL_CTX_set_tmp_dh_callback( ctx: *mut SSL_CTX, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, ); + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")] pub fn SSL_set_tmp_dh_callback( ctx: *mut SSL, @@ -620,7 +645,6 @@ extern "C" { ) -> c_long; #[deprecated(note = "use SSL_CTX_set_alpn_select_cb__fixed_rust instead")] - #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( diff --git a/openssl-sys/src/tls1.rs b/openssl-sys/src/tls1.rs index 7ff0b9df9b..b2a6b9c1cb 100644 --- a/openssl-sys/src/tls1.rs +++ b/openssl-sys/src/tls1.rs @@ -7,11 +7,10 @@ use super::*; pub const TLS1_VERSION: c_int = 0x301; pub const TLS1_1_VERSION: c_int = 0x302; pub const TLS1_2_VERSION: c_int = 0x303; -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] pub const TLS1_3_VERSION: c_int = 0x304; pub const DTLS1_VERSION: c_int = 0xFEFF; -#[cfg(any(ossl102, libressl332))] pub const DTLS1_2_VERSION: c_int = 0xFEFD; pub const TLS1_AD_DECODE_ERROR: c_int = 50; @@ -109,6 +108,7 @@ pub unsafe fn SSL_CTX_set_tlsext_status_cb( ) } +#[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg) } diff --git a/openssl-sys/src/types.rs b/openssl-sys/src/types.rs index 10c8f6771a..8b8fd9a187 100644 --- a/openssl-sys/src/types.rs +++ b/openssl-sys/src/types.rs @@ -3,7 +3,7 @@ use libc::*; use super::*; cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { pub enum EVP_PKEY {} } else { #[repr(C)] @@ -19,3 +19,9 @@ cfg_if! { } } } + +cfg_if! { + if #[cfg(ossl300)] { + pub enum EVP_SIGNATURE {} + } +} diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 714b06c9bc..ba0618c9bd 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -7,7 +7,7 @@ pub const X509_FILETYPE_DEFAULT: c_int = 3; pub const ASN1_R_HEADER_TOO_LONG: c_int = 123; cfg_if! { - if #[cfg(not(any(ossl110, libressl350)))] { + if #[cfg(not(any(ossl110, libressl)))] { pub const X509_LU_FAIL: c_int = 0; pub const X509_LU_X509: c_int = 1; pub const X509_LU_CRL: c_int = 2; diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 2fa176fed5..1d66cd513d 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -76,11 +76,8 @@ pub const X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: c_int = 59; pub const X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: c_int = 60; #[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: c_int = 61; -#[cfg(ossl102)] pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62; -#[cfg(ossl102)] pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; -#[cfg(ossl102)] pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; cfg_if! { if #[cfg(ossl110)] { @@ -102,7 +99,7 @@ pub const X509_V_ERR_INVALID_CA: c_int = 79; #[cfg(not(any(ossl110, libressl370)))] pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x1; -#[cfg(any(ossl110, libressl370))] +#[cfg(all(any(ossl110, libressl370), not(osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0; pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2; pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4; @@ -118,7 +115,6 @@ pub const X509_V_FLAG_NOTIFY_POLICY: c_ulong = 0x800; pub const X509_V_FLAG_EXTENDED_CRL_SUPPORT: c_ulong = 0x1000; pub const X509_V_FLAG_USE_DELTAS: c_ulong = 0x2000; pub const X509_V_FLAG_CHECK_SS_SIGNATURE: c_ulong = 0x4000; -#[cfg(ossl102)] pub const X509_V_FLAG_TRUSTED_FIRST: c_ulong = 0x8000; #[cfg(ossl102)] pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000; @@ -126,11 +122,10 @@ pub const X509_V_FLAG_SUITEB_128_LOS_ONLY: c_ulong = 0x10000; pub const X509_V_FLAG_SUITEB_192_LOS: c_ulong = 0x20000; #[cfg(ossl102)] pub const X509_V_FLAG_SUITEB_128_LOS: c_ulong = 0x30000; -#[cfg(ossl102)] pub const X509_V_FLAG_PARTIAL_CHAIN: c_ulong = 0x80000; -#[cfg(ossl110)] +#[cfg(any(ossl110, libressl))] pub const X509_V_FLAG_NO_ALT_CHAINS: c_ulong = 0x100000; -#[cfg(ossl110)] +#[cfg(any(ossl110, libressl))] pub const X509_V_FLAG_NO_CHECK_TIME: c_ulong = 0x200000; pub unsafe fn X509_LOOKUP_add_dir( diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 230dea1736..163486a55e 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -21,15 +21,10 @@ pub const GEN_URI: c_int = 6; pub const GEN_IPADD: c_int = 7; pub const GEN_RID: c_int = 8; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; -#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; #[cfg(ossl110)] pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; @@ -55,7 +50,6 @@ pub const EXFLAG_CRITICAL: u32 = 0x200; pub const EXFLAG_PROXY: u32 = 0x400; pub const EXFLAG_INVALID_POLICY: u32 = 0x800; pub const EXFLAG_FRESHEST: u32 = 0x1000; -#[cfg(any(ossl102, libressl261))] pub const EXFLAG_SS: u32 = 0x2000; pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index 250c619eac..9745511892 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -2,6 +2,33 @@ ## [Unreleased] +## [v0.10.74] - 2025-10-14 + +### Added + +* Added parameter generation support (`PkeyCtx::paramgen` and `PkeyCtx::paramgen_init`). +* Added key generation methods for RSA, DSA, DH, and EC via `PkeyCtx`. +* Added `Cipher::get_protocol_id`. +* Added `EcPointRef::set_affine_coordinates`. +* Added `EcGroup::order_bits` on BoringSSL, LibreSSL, and AWS-LC. +* Added `X509::append_entry` on BoringSSL and AWS-LC. +* Added XOF squeeze support on AWS-LC. +* Added argon2d and argon2i KDF variants. + +### Changed + +* Bumped MSRV to 1.70. +* The repository has moved to the rust-openssl github organization. + +### Fixed + +* Disabled AES-CFB128 ciphers for BoringSSL. + +### Removed + +* Removed support for OpenSSL <1.0.2. +* Removed support for LibreSSL <3.5. + ## [v0.10.73] - 2025-05-28 ### Fixed @@ -66,7 +93,7 @@ ### Fixed * Fixed a case where `MdCtxRef::digest_verify_final` could leave an error on the stack. -* Fixed a case where `RsaRef::check_key` could leave an errror on the stack. +* Fixed a case where `RsaRef::check_key` could leave an error on the stack. ### Changed @@ -192,7 +219,7 @@ * Added `CipherCtx::copy` ### Changed -* Updated `bitflags` dependecy to the 2.x series +* Updated `bitflags` dependency to the 2.x series ## [v0.10.56] - 2023-08-06 @@ -979,79 +1006,80 @@ Look at the [release tags] for information about older releases. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.73...master -[v0.10.73]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73 -[v0.10.72]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72 -[v0.10.71]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.71 -[v0.10.70]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70 -[v0.10.69]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69 -[v0.10.68]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.67...openssl-v0.10.68 -[v0.10.67]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.67 -[v0.10.66]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66 -[v0.10.65]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65 -[v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64 -[v0.10.63]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 -[v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 -[v0.10.61]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61 -[v0.10.60]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60 -[v0.10.59]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59 -[v0.10.58]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58 -[v0.10.57]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57 -[v0.10.56]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56 -[v0.10.55]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55 -[v0.10.54]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54 -[v0.10.53]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53 -[v0.10.52]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52 -[v0.10.51]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51 -[v0.10.50]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50 -[v0.10.49]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49 -[v0.10.48]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48 -[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47 -[v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46 -[v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45 -[v0.10.44]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44 -[v0.10.43]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43 -[v0.10.42]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42 -[v0.10.41]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41 -[v0.10.40]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40 -[v0.10.39]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39 -[v0.10.38]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38 -[v0.10.37]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37 -[v0.10.36]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36 -[v0.10.35]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35 -[v0.10.34]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34 -[v0.10.33]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33 -[v0.10.32]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32 -[v0.10.31]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31 -[v0.10.30]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30 -[v0.10.29]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29 -[v0.10.28]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28 -[v0.10.27]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27 -[v0.10.26]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26 -[v0.10.25]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25 -[v0.10.24]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24 -[v0.10.23]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23 -[v0.10.22]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22 -[v0.10.21]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21 -[v0.10.20]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20 -[v0.10.19]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19 -[v0.10.18]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18 -[v0.10.17]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17 -[v0.10.16]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16 -[v0.10.15]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15 -[v0.10.14]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14 -[v0.10.13]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13 -[v0.10.12]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12 -[v0.10.11]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11 -[v0.10.10]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10 -[v0.10.9]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9 -[v0.10.8]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8 -[v0.10.7]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7 -[v0.10.6]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6 -[v0.10.5]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5 -[v0.10.4]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4 -[v0.10.3]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3 -[v0.10.2]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2 -[v0.10.1]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1 -[v0.10.0]: https://github.com/sfackler/rust-openssl/compare/v0.9.23...openssl-v0.10.0 -[release tags]: https://github.com/sfackler/rust-openssl/releases +[Unreleased]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.74...master +[v0.10.74]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.73...openssl-v0.10.74 +[v0.10.73]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73 +[v0.10.72]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72 +[v0.10.71]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.71 +[v0.10.70]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70 +[v0.10.69]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69 +[v0.10.68]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.67...openssl-v0.10.68 +[v0.10.67]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.67 +[v0.10.66]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66 +[v0.10.65]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65 +[v0.10.64]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64 +[v0.10.63]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 +[v0.10.62]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 +[v0.10.61]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61 +[v0.10.60]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60 +[v0.10.59]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59 +[v0.10.58]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58 +[v0.10.57]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57 +[v0.10.56]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56 +[v0.10.55]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55 +[v0.10.54]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54 +[v0.10.53]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53 +[v0.10.52]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52 +[v0.10.51]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51 +[v0.10.50]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50 +[v0.10.49]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49 +[v0.10.48]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48 +[v0.10.47]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47 +[v0.10.46]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46 +[v0.10.45]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45 +[v0.10.44]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44 +[v0.10.43]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.42...openssl-v0.10.43 +[v0.10.42]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.42 +[v0.10.41]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.40...openssl-v0.10.41 +[v0.10.40]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.39...openssl-v0.10.40 +[v0.10.39]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.38...openssl-v0.10.39 +[v0.10.38]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.37...openssl-v0.10.38 +[v0.10.37]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.37 +[v0.10.36]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.35...openssl-v0.10.36 +[v0.10.35]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.34...openssl-v0.10.35 +[v0.10.34]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.33...openssl-v0.10.34 +[v0.10.33]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.32...openssl-v0.10.33 +[v0.10.32]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.31...openssl-v0.10.32 +[v0.10.31]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.30...openssl-v0.10.31 +[v0.10.30]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.29...openssl-v0.10.30 +[v0.10.29]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.28...openssl-v0.10.29 +[v0.10.28]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.27...openssl-v0.10.28 +[v0.10.27]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.26...openssl-v0.10.27 +[v0.10.26]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.25...openssl-v0.10.26 +[v0.10.25]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.24...openssl-v0.10.25 +[v0.10.24]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.23...openssl-v0.10.24 +[v0.10.23]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.22...openssl-v0.10.23 +[v0.10.22]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.21...openssl-v0.10.22 +[v0.10.21]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.20...openssl-v0.10.21 +[v0.10.20]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.19...openssl-v0.10.20 +[v0.10.19]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.18...openssl-v0.10.19 +[v0.10.18]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.17...openssl-v0.10.18 +[v0.10.17]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.16...openssl-v0.10.17 +[v0.10.16]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.15...openssl-v0.10.16 +[v0.10.15]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.14...openssl-v0.10.15 +[v0.10.14]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.13...openssl-v0.10.14 +[v0.10.13]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.12...openssl-v0.10.13 +[v0.10.12]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.11...openssl-v0.10.12 +[v0.10.11]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.10...openssl-v0.10.11 +[v0.10.10]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.9...openssl-v0.10.10 +[v0.10.9]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.8...openssl-v0.10.9 +[v0.10.8]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.7...openssl-v0.10.8 +[v0.10.7]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.6...openssl-v0.10.7 +[v0.10.6]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.5...openssl-v0.10.6 +[v0.10.5]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.4...openssl-v0.10.5 +[v0.10.4]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.3...openssl-v0.10.4 +[v0.10.3]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.2...openssl-v0.10.3 +[v0.10.2]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.1...openssl-v0.10.2 +[v0.10.1]: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.0...openssl-v0.10.1 +[v0.10.0]: https://github.com/rust-openssl/rust-openssl/compare/v0.9.23...openssl-v0.10.0 +[release tags]: https://github.com/rust-openssl/rust-openssl/releases diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index c8e809e96b..928dc35c61 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,15 +1,15 @@ [package] name = "openssl" -version = "0.10.73" +version = "0.10.74" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" -repository = "https://github.com/sfackler/rust-openssl" +repository = "https://github.com/rust-openssl/rust-openssl" readme = "README.md" keywords = ["crypto", "tls", "ssl", "dtls"] categories = ["cryptography", "api-bindings"] edition = "2021" -rust-version = "1.63.0" +rust-version = "1.70.0" # these are deprecated and don't do anything anymore [features] @@ -22,6 +22,7 @@ vendored = ['ffi/vendored'] bindgen = ['ffi/bindgen'] unstable_boringssl = ["ffi/unstable_boringssl"] aws-lc = ["ffi/aws-lc"] +aws-lc-fips = ["ffi/aws-lc-fips"] default = [] [dependencies] @@ -32,7 +33,7 @@ libc = "0.2" once_cell = "1.5.2" openssl-macros = { version = "0.1.1", path = "../openssl-macros" } -ffi = { package = "openssl-sys", version = "0.9.109", path = "../openssl-sys" } +ffi = { package = "openssl-sys", version = "0.9.110", path = "../openssl-sys" } [dev-dependencies] hex = "0.4" diff --git a/openssl/build.rs b/openssl/build.rs index d6d65798f7..5d8f251c96 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -7,11 +7,12 @@ use std::env; fn main() { - println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_ARGON2\", \"OPENSSL_NO_RC2\"))"); + println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_SRTP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_ARGON2\", \"OPENSSL_NO_RC2\"))"); println!("cargo:rustc-check-cfg=cfg(libressl)"); println!("cargo:rustc-check-cfg=cfg(boringssl)"); println!("cargo:rustc-check-cfg=cfg(awslc)"); + println!("cargo:rustc-check-cfg=cfg(awslc_fips)"); println!("cargo:rustc-check-cfg=cfg(libressl250)"); println!("cargo:rustc-check-cfg=cfg(libressl251)"); @@ -34,6 +35,7 @@ fn main() { println!("cargo:rustc-check-cfg=cfg(libressl390)"); println!("cargo:rustc-check-cfg=cfg(libressl400)"); println!("cargo:rustc-check-cfg=cfg(libressl410)"); + println!("cargo:rustc-check-cfg=cfg(libressl420)"); println!("cargo:rustc-check-cfg=cfg(ossl101)"); println!("cargo:rustc-check-cfg=cfg(ossl102)"); @@ -46,6 +48,8 @@ fn main() { println!("cargo:rustc-check-cfg=cfg(ossl310)"); println!("cargo:rustc-check-cfg=cfg(ossl320)"); println!("cargo:rustc-check-cfg=cfg(ossl330)"); + println!("cargo:rustc-check-cfg=cfg(ossl340)"); + println!("cargo:rustc-check-cfg=cfg(ossl350)"); if env::var("DEP_OPENSSL_LIBRESSL").is_ok() { println!("cargo:rustc-cfg=libressl"); @@ -59,48 +63,28 @@ fn main() { println!("cargo:rustc-cfg=awslc"); } + if env::var("DEP_OPENSSL_AWSLC_FIPS").is_ok() { + println!("cargo:rustc-cfg=awslc"); + println!("cargo:rustc-cfg=awslc_fips"); + } + if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { let version = u64::from_str_radix(&v, 16).unwrap(); - if version >= 0x2_05_00_00_0 { - println!("cargo:rustc-cfg=libressl250"); - } - if version >= 0x2_05_01_00_0 { - println!("cargo:rustc-cfg=libressl251"); - } - if version >= 0x2_06_01_00_0 { - println!("cargo:rustc-cfg=libressl261"); - } - if version >= 0x2_07_00_00_0 { - println!("cargo:rustc-cfg=libressl270"); - } - if version >= 0x2_07_01_00_0 { - println!("cargo:rustc-cfg=libressl271"); - } - if version >= 0x2_07_03_00_0 { - println!("cargo:rustc-cfg=libressl273"); - } - if version >= 0x2_08_00_00_0 { - println!("cargo:rustc-cfg=libressl280"); - } - if version >= 0x2_09_01_00_0 { - println!("cargo:rustc-cfg=libressl291"); - } - if version >= 0x3_01_00_00_0 { - println!("cargo:rustc-cfg=libressl310"); - } - if version >= 0x3_02_01_00_0 { - println!("cargo:rustc-cfg=libressl321"); - } - if version >= 0x3_03_02_00_0 { - println!("cargo:rustc-cfg=libressl332"); - } - if version >= 0x3_04_00_00_0 { - println!("cargo:rustc-cfg=libressl340"); - } - if version >= 0x3_05_00_00_0 { - println!("cargo:rustc-cfg=libressl350"); - } + println!("cargo:rustc-cfg=libressl250"); + println!("cargo:rustc-cfg=libressl251"); + println!("cargo:rustc-cfg=libressl261"); + println!("cargo:rustc-cfg=libressl270"); + println!("cargo:rustc-cfg=libressl271"); + println!("cargo:rustc-cfg=libressl273"); + println!("cargo:rustc-cfg=libressl280"); + println!("cargo:rustc-cfg=libressl291"); + println!("cargo:rustc-cfg=libressl310"); + println!("cargo:rustc-cfg=libressl321"); + println!("cargo:rustc-cfg=libressl332"); + println!("cargo:rustc-cfg=libressl340"); + println!("cargo:rustc-cfg=libressl350"); + if version >= 0x3_06_00_00_0 { println!("cargo:rustc-cfg=libressl360"); } @@ -125,6 +109,9 @@ fn main() { if version >= 0x4_01_00_00_0 { println!("cargo:rustc-cfg=libressl410"); } + if version >= 0x4_02_00_00_0 { + println!("cargo:rustc-cfg=libressl420"); + } } if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { @@ -135,13 +122,9 @@ fn main() { if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { let version = u64::from_str_radix(&version, 16).unwrap(); + println!("cargo:rustc-cfg=ossl101"); + println!("cargo:rustc-cfg=ossl102"); - if version >= 0x1_00_01_00_0 { - println!("cargo:rustc-cfg=ossl101"); - } - if version >= 0x1_00_02_00_0 { - println!("cargo:rustc-cfg=ossl102"); - } if version >= 0x1_01_00_00_0 { println!("cargo:rustc-cfg=ossl110"); } @@ -169,5 +152,11 @@ fn main() { if version >= 0x3_03_00_00_0 { println!("cargo:rustc-cfg=ossl330"); } + if version >= 0x3_04_00_00_0 { + println!("cargo:rustc-cfg=ossl340"); + } + if version >= 0x3_05_00_00_0 { + println!("cargo:rustc-cfg=ossl350"); + } } } diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 06df31a038..1ceee00f0b 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -57,7 +57,7 @@ foreign_type_and_impl_send_sync! { /// further details of implementation. Note: these docs are from the master /// branch as documentation on the 1.1.0 branch did not include this page. /// - /// [ASN1_GENERALIZEDTIME_set]: https://www.openssl.org/docs/manmaster/man3/ASN1_GENERALIZEDTIME_set.html + /// [ASN1_GENERALIZEDTIME_set]: https://docs.openssl.org/master/man3/ASN1_GENERALIZEDTIME_set/ pub struct Asn1GeneralizedTime; /// Reference to a [`Asn1GeneralizedTime`] /// @@ -165,7 +165,6 @@ impl Asn1Type { /// [`diff`]: struct.Asn1TimeRef.html#method.diff /// [`Asn1TimeRef`]: struct.Asn1TimeRef.html #[derive(Debug, Clone, PartialEq, Eq, Hash)] -#[cfg(any(ossl102, boringssl, awslc))] pub struct TimeDiff { /// Difference in days pub days: c_int, @@ -187,7 +186,7 @@ foreign_type_and_impl_send_sync! { /// [ASN_TIME_set] documentation at OpenSSL explains the ASN.1 implementation /// used by OpenSSL. /// - /// [ASN_TIME_set]: https://www.openssl.org/docs/manmaster/crypto/ASN1_TIME_set.html + /// [ASN_TIME_set]: https://docs.openssl.org/master/man3/ASN1_TIME_set/ pub struct Asn1Time; /// Reference to an [`Asn1Time`] /// @@ -198,7 +197,6 @@ foreign_type_and_impl_send_sync! { impl Asn1TimeRef { /// Find difference between two times #[corresponds(ASN1_TIME_diff)] - #[cfg(any(ossl102, boringssl, awslc))] pub fn diff(&self, compare: &Self) -> Result { let mut days = 0; let mut secs = 0; @@ -214,7 +212,6 @@ impl Asn1TimeRef { /// Compare two times #[corresponds(ASN1_TIME_compare)] - #[cfg(any(ossl102, boringssl, awslc))] pub fn compare(&self, other: &Self) -> Result { let d = self.diff(other)?; if d.days > 0 || d.secs > 0 { @@ -228,7 +225,6 @@ impl Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -237,7 +233,6 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -246,7 +241,6 @@ impl PartialEq for Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for &Asn1TimeRef { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -255,21 +249,18 @@ impl PartialEq for &Asn1TimeRef { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for &Asn1TimeRef { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() @@ -366,7 +357,6 @@ impl Asn1Time { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1Time) -> bool { self.diff(other) @@ -375,7 +365,6 @@ impl PartialEq for Asn1Time { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialEq for Asn1Time { fn eq(&self, other: &Asn1TimeRef) -> bool { self.diff(other) @@ -384,7 +373,6 @@ impl PartialEq for Asn1Time { } } -#[cfg(any(ossl102, boringssl, awslc))] impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { fn eq(&self, other: &&'a Asn1TimeRef) -> bool { self.diff(other) @@ -393,21 +381,18 @@ impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time { } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1Time) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl, awslc))] impl PartialOrd for Asn1Time { fn partial_cmp(&self, other: &Asn1TimeRef) -> Option { self.compare(other).ok() } } -#[cfg(any(ossl102, boringssl, awslc))] impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time { fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option { self.compare(other).ok() @@ -423,7 +408,7 @@ foreign_type_and_impl_send_sync! { /// structures. This implementation uses [ASN1_STRING-to_UTF8] to preserve /// compatibility with Rust's String. /// - /// [ASN1_STRING-to_UTF8]: https://www.openssl.org/docs/manmaster/crypto/ASN1_STRING_to_UTF8.html + /// [ASN1_STRING-to_UTF8]: https://docs.openssl.org/master/man3/ASN1_STRING_to_UTF8/ pub struct Asn1String; /// A reference to an [`Asn1String`]. pub struct Asn1StringRef; @@ -492,7 +477,7 @@ foreign_type_and_impl_send_sync! { /// OpenSSL documentation includes [`ASN1_INTEGER_set`]. /// /// [`bn`]: ../bn/index.html - /// [`ASN1_INTEGER_set`]: https://www.openssl.org/docs/manmaster/crypto/ASN1_INTEGER_set.html + /// [`ASN1_INTEGER_set`]: https://docs.openssl.org/master/man3/ASN1_INTEGER_set/ pub struct Asn1Integer; /// A reference to an [`Asn1Integer`]. pub struct Asn1IntegerRef; @@ -504,7 +489,7 @@ impl Asn1Integer { /// Corresponds to [`BN_to_ASN1_INTEGER`]. Also see /// [`BigNumRef::to_asn1_integer`]. /// - /// [`BN_to_ASN1_INTEGER`]: https://www.openssl.org/docs/manmaster/crypto/BN_to_ASN1_INTEGER.html + /// [`BN_to_ASN1_INTEGER`]: https://docs.openssl.org/master/man3/BN_to_ASN1_INTEGER/ /// [`BigNumRef::to_asn1_integer`]: ../bn/struct.BigNumRef.html#method.to_asn1_integer pub fn from_bn(bn: &BigNumRef) -> Result { bn.to_asn1_integer() @@ -668,7 +653,7 @@ foreign_type_and_impl_send_sync! { /// /// [`Nid`]: ../nid/index.html /// [`nid::COMMONNAME`]: ../nid/constant.COMMONNAME.html - /// [`OBJ_nid2obj`]: https://www.openssl.org/docs/manmaster/crypto/OBJ_obj2nid.html + /// [`OBJ_nid2obj`]: https://docs.openssl.org/master/man3/OBJ_obj2nid/ pub struct Asn1Object; /// A reference to an [`Asn1Object`]. pub struct Asn1ObjectRef; @@ -737,7 +722,7 @@ impl fmt::Debug for Asn1ObjectRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::ASN1_STRING_get0_data; } else { #[allow(bad_style)] @@ -808,7 +793,6 @@ mod tests { } #[test] - #[cfg(any(ossl102, boringssl, awslc))] fn time_eq() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); @@ -827,7 +811,6 @@ mod tests { } #[test] - #[cfg(any(ossl102, boringssl, awslc))] fn time_ord() { let a = Asn1Time::from_str("99991231235959Z").unwrap(); let b = Asn1Time::from_str("99991231235959Z").unwrap(); diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs index ebd079f20d..6f0fcca941 100644 --- a/openssl/src/bio.rs +++ b/openssl/src/bio.rs @@ -1,4 +1,3 @@ -use cfg_if::cfg_if; use libc::c_int; use std::marker::PhantomData; use std::ptr; @@ -23,7 +22,7 @@ impl<'a> MemBioSlice<'a> { assert!(buf.len() <= c_int::MAX as usize); let bio = unsafe { - cvt_p(BIO_new_mem_buf( + cvt_p(ffi::BIO_new_mem_buf( buf.as_ptr() as *const _, buf.len() as crate::SLenType, ))? @@ -73,17 +72,6 @@ impl MemBio { } } -cfg_if! { - if #[cfg(any(ossl102, boringssl, awslc))] { - use ffi::BIO_new_mem_buf; - } else { - #[allow(bad_style)] - unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO { - ffi::BIO_new_mem_buf(buf as *mut _, len) - } - } -} - #[cfg(test)] mod tests { use super::MemBio; diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index 910dae0ddc..b2334d516e 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -37,7 +37,7 @@ use crate::{cvt, cvt_n, cvt_p, LenType}; use openssl_macros::corresponds; cfg_if! { - if #[cfg(any(ossl110, libressl350, awslc))] { + if #[cfg(any(ossl110, libressl, awslc))] { use ffi::{ BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative, @@ -62,7 +62,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350))] { + if #[cfg(any(ossl110, libressl))] { use ffi::{ BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768 }; @@ -101,7 +101,7 @@ foreign_type_and_impl_send_sync! { /// to allocate. BigNumContext and the OpenSSL [`BN_CTX`] structure are used /// internally when passing BigNum values between subroutines. /// - /// [`BN_CTX`]: https://www.openssl.org/docs/manmaster/crypto/BN_CTX_new.html + /// [`BN_CTX`]: https://docs.openssl.org/master/man3/BN_CTX_new/ pub struct BigNumContext; /// Reference to [`BigNumContext`] /// @@ -144,7 +144,7 @@ foreign_type_and_impl_send_sync! { /// /// [`new`]: struct.BigNum.html#method.new /// [`Dref`]: struct.BigNum.html#deref-methods - /// [`BN_new`]: https://www.openssl.org/docs/manmaster/crypto/BN_new.html + /// [`BN_new`]: https://docs.openssl.org/master/man3/BN_new/ /// /// # Examples /// ``` @@ -347,14 +347,14 @@ impl BigNumRef { /// Returns `true` is `self` is even. #[corresponds(BN_is_even)] - #[cfg(any(ossl110, boringssl, libressl350, awslc))] + #[cfg(any(ossl110, boringssl, libressl, awslc))] pub fn is_even(&self) -> bool { !self.is_odd() } /// Returns `true` is `self` is odd. #[corresponds(BN_is_odd)] - #[cfg(any(ossl110, boringssl, libressl350, awslc))] + #[cfg(any(ossl110, boringssl, libressl, awslc))] pub fn is_odd(&self) -> bool { unsafe { ffi::BN_is_odd(self.as_ptr()) == 1 } } @@ -857,7 +857,7 @@ impl BigNumRef { /// assert_eq!(&bn_vec, &[0, 0, 0x45, 0x43]); /// ``` #[corresponds(BN_bn2binpad)] - #[cfg(any(ossl110, libressl340, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub fn to_vec_padded(&self, pad_to: i32) -> Result, ErrorStack> { let mut v = Vec::with_capacity(pad_to as usize); unsafe { @@ -1104,10 +1104,6 @@ impl BigNum { /// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length. /// - /// OpenSSL documentation at [`BN_bin2bn`] - /// - /// [`BN_bin2bn`]: https://www.openssl.org/docs/manmaster/crypto/BN_bin2bn.html - /// /// ``` /// # use openssl::bn::BigNum; /// let bignum = BigNum::from_slice(&[0x12, 0x00, 0x34]).unwrap(); @@ -1519,7 +1515,7 @@ mod tests { } #[test] - #[cfg(any(ossl110, boringssl, libressl350, awslc))] + #[cfg(any(ossl110, boringssl, libressl, awslc))] fn test_odd_even() { let a = BigNum::from_u32(17).unwrap(); let b = BigNum::from_u32(18).unwrap(); diff --git a/openssl/src/cipher.rs b/openssl/src/cipher.rs index f8ebd4d776..6c6d271ead 100644 --- a/openssl/src/cipher.rs +++ b/openssl/src/cipher.rs @@ -17,7 +17,7 @@ use std::ops::{Deref, DerefMut}; use std::ptr; cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; } else { use libc::c_int; @@ -238,6 +238,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb1() as *mut _) } } + #[cfg(not(boringssl))] pub fn aes_192_cfb128() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb128() as *mut _) } } @@ -295,6 +296,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb1() as *mut _) } } + #[cfg(not(boringssl))] pub fn aes_256_cfb128() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb128() as *mut _) } } @@ -495,7 +497,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_idea_ofb() as *mut _) } } - #[cfg(all(any(ossl110, libressl310), not(osslconf = "OPENSSL_NO_CHACHA")))] + #[cfg(all(any(ossl110, libressl), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn chacha20() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_chacha20() as *mut _) } } @@ -525,27 +527,27 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_seed_ofb() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ecb() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_sm4_ecb() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_cbc() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_sm4_cbc() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ctr() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_sm4_ctr() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_cfb128() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_sm4_cfb128() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ofb() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_sm4_ofb() as *mut _) } } diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs index a946230a5a..45bad89a43 100644 --- a/openssl/src/cms.rs +++ b/openssl/src/cms.rs @@ -43,9 +43,9 @@ bitflags! { const REUSE_DIGEST = ffi::CMS_REUSE_DIGEST; const USE_KEYID = ffi::CMS_USE_KEYID; const DEBUG_DECRYPT = ffi::CMS_DEBUG_DECRYPT; - #[cfg(all(not(libressl), not(ossl101)))] + #[cfg(any(ossl102, libressl))] const KEY_PARAM = ffi::CMS_KEY_PARAM; - #[cfg(all(not(libressl), not(ossl101), not(ossl102)))] + #[cfg(any(ossl110, libressl))] const ASCIICRLF = ffi::CMS_ASCIICRLF; } } @@ -206,9 +206,6 @@ impl CmsContentInfo { /// Given a certificate stack `certs`, data `data`, cipher `cipher` and flags `flags`, /// create a CmsContentInfo struct. /// - /// OpenSSL documentation at [`CMS_encrypt`] - /// - /// [`CMS_encrypt`]: https://www.openssl.org/docs/manmaster/man3/CMS_encrypt.html #[corresponds(CMS_encrypt)] pub fn encrypt( certs: &StackRef, @@ -231,7 +228,7 @@ impl CmsContentInfo { } /// Verify this CmsContentInfo's signature, - /// This will search the 'certs' list for the signing certificate. + /// This will search the 'certs' list for the signing certificate. /// Additional certificates, needed for building the certificate chain, may be /// given in 'store' as well as additional CRLs. /// A detached signature may be passed in `detached_data`. The signed content diff --git a/openssl/src/derive.rs b/openssl/src/derive.rs index 90a5650c0c..e0d35720b2 100644 --- a/openssl/src/derive.rs +++ b/openssl/src/derive.rs @@ -67,10 +67,7 @@ unsafe impl Send for Deriver<'_> {} #[allow(clippy::len_without_is_empty)] impl<'a> Deriver<'a> { /// Creates a new `Deriver` using the provided private key. - /// - /// This corresponds to [`EVP_PKEY_derive_init`]. - /// - /// [`EVP_PKEY_derive_init`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_derive_init.html + #[corresponds(EVP_PKEY_derive_init)] pub fn new(key: &'a PKeyRef) -> Result, ErrorStack> where T: HasPrivate, @@ -118,10 +115,10 @@ impl<'a> Deriver<'a> { /// /// It can be used to size the buffer passed to [`Deriver::derive`]. /// - /// This corresponds to [`EVP_PKEY_derive`]. + /// It can be used to size the buffer passed to [`Deriver::derive`]. /// /// [`Deriver::derive`]: #method.derive - /// [`EVP_PKEY_derive`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_derive_init.html + #[corresponds(EVP_PKEY_derive)] pub fn len(&mut self) -> Result { unsafe { let mut len = 0; @@ -132,10 +129,7 @@ impl<'a> Deriver<'a> { /// Derives a shared secret between the two keys, writing it into the buffer. /// /// Returns the number of bytes written. - /// - /// This corresponds to [`EVP_PKEY_derive`]. - /// - /// [`EVP_PKEY_derive`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_derive_init.html + #[corresponds(EVP_PKEY_derive)] pub fn derive(&mut self, buf: &mut [u8]) -> Result { let mut len = buf.len(); unsafe { diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 92ea04424f..f434bbe9ab 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -155,7 +155,7 @@ impl Dh { /// Requires OpenSSL 1.0.2 or newer. #[corresponds(DH_get_1024_160)] - #[cfg(any(ossl102, ossl110))] + #[cfg(ossl102)] pub fn get_1024_160() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -165,7 +165,7 @@ impl Dh { /// Requires OpenSSL 1.0.2 or newer. #[corresponds(DH_get_2048_224)] - #[cfg(any(ossl102, ossl110))] + #[cfg(ossl102)] pub fn get_2048_224() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -175,7 +175,7 @@ impl Dh { /// Requires OpenSSL 1.0.2 or newer. #[corresponds(DH_get_2048_256)] - #[cfg(any(ossl102, ossl110))] + #[cfg(ossl102)] pub fn get_2048_256() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -269,7 +269,7 @@ where } cfg_if! { - if #[cfg(any(ossl110, libressl270, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key}; } else { #[allow(bad_style)] diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index cceda212c7..49d3d340c1 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -38,7 +38,7 @@ generic_foreign_type_and_impl_send_sync! { /// /// OpenSSL documentation at [`DSA_new`] /// - /// [`DSA_new`]: https://www.openssl.org/docs/manmaster/crypto/DSA_new.html + /// [`DSA_new`]: https://docs.openssl.org/master/man3/DSA_new/ /// /// # Examples /// @@ -315,7 +315,7 @@ impl fmt::Debug for Dsa { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{DSA_get0_key, DSA_get0_pqg, DSA_set0_key, DSA_set0_pqg}; } else { #[allow(bad_style)] @@ -494,7 +494,7 @@ impl DsaSigRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{DSA_SIG_set0, DSA_SIG_get0}; } else { #[allow(bad_style)] @@ -533,11 +533,11 @@ cfg_if! { mod test { use super::*; use crate::bn::BigNumContext; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] use crate::hash::MessageDigest; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] use crate::pkey::PKey; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] use crate::sign::{Signer, Verifier}; #[test] @@ -607,7 +607,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] fn test_signature() { const TEST_DATA: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]; let dsa_ref = Dsa::generate(1024).unwrap(); @@ -648,7 +648,7 @@ mod test { } #[test] - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] fn test_signature_der() { use std::convert::TryInto; diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index a52bb6708f..d646fdd90a 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -81,7 +81,7 @@ impl Asn1Flag { /// /// OpenSSL documentation at [`EC_GROUP`] /// - /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/crypto/EC_GROUP_get_seed_len.html + /// [`EC_GROUP`]: https://docs.openssl.org/master/man3/EC_GROUP_get_seed_len/ pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); /// Standard Curves @@ -91,7 +91,7 @@ impl Asn1Flag { /// /// OpenSSL documentation at [`EC_GROUP`] /// - /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html + /// [`EC_GROUP`]: https://docs.openssl.org/master/man3/EC_GROUP_order_bits/ pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); } @@ -240,7 +240,7 @@ impl EcGroupRef { /// Returns the number of bits in the group order. #[corresponds(EC_GROUP_order_bits)] - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl, awslc, boringssl))] pub fn order_bits(&self) -> u32 { unsafe { ffi::EC_GROUP_order_bits(self.as_ptr()) as u32 } } @@ -293,7 +293,7 @@ impl EcGroupRef { /// Sets the flag determining if the group corresponds to a named curve or must be explicitly /// parameterized. /// - /// This defaults to `EXPLICIT_CURVE` in OpenSSL 1.0.1 and 1.0.2, but `NAMED_CURVE` in OpenSSL + /// This defaults to `EXPLICIT_CURVE` in OpenSSL 1.0.2, but `NAMED_CURVE` in OpenSSL /// 1.1.0. #[corresponds(EC_GROUP_set_asn1_flag)] pub fn set_asn1_flag(&mut self, flag: Asn1Flag) { @@ -519,7 +519,7 @@ impl EcPointRef { /// Places affine coordinates of a curve over a prime field in the provided /// `x` and `y` `BigNum`s. #[corresponds(EC_POINT_get_affine_coordinates)] - #[cfg(any(ossl111, boringssl, libressl350, awslc))] + #[cfg(any(ossl111, boringssl, libressl, awslc))] pub fn affine_coordinates( &self, group: &EcGroupRef, @@ -561,6 +561,29 @@ impl EcPointRef { } } + /// Sets affine coordinates of a point on an elliptic curve using the provided + /// `x` and `y` `BigNum`s + #[corresponds(EC_POINT_set_affine_coordinates)] + #[cfg(any(ossl111, boringssl, libressl, awslc))] + pub fn set_affine_coordinates( + &mut self, + group: &EcGroupRef, + x: &BigNumRef, + y: &BigNumRef, + ctx: &mut BigNumContextRef, + ) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EC_POINT_set_affine_coordinates( + group.as_ptr(), + self.as_ptr(), + x.as_ptr(), + y.as_ptr(), + ctx.as_ptr(), + )) + .map(|_| ()) + } + } + /// Sets affine coordinates of a curve over a prime field using the provided /// `x` and `y` `BigNum`s #[corresponds(EC_POINT_set_affine_coordinates_GFp)] @@ -1062,8 +1085,15 @@ mod test { let _curve = EcGroup::from_components(p, a, b, &mut ctx).unwrap(); } - #[test] - fn ec_point_set_affine() { + fn set_affine_coords_test( + set_affine_coords: fn( + &mut EcPointRef, + &EcGroupRef, + &BigNumRef, + &BigNumRef, + &mut BigNumContextRef, + ) -> Result<(), ErrorStack>, + ) { // parameters are from secp256r1 let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); @@ -1076,12 +1106,22 @@ mod test { "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", ) .unwrap(); - gen_point - .set_affine_coordinates_gfp(&group, &gen_x, &gen_y, &mut ctx) - .unwrap(); + set_affine_coords(&mut gen_point, &group, &gen_x, &gen_y, &mut ctx).unwrap(); + assert!(gen_point.is_on_curve(&group, &mut ctx).unwrap()); } + #[test] + fn ec_point_set_affine_gfp() { + set_affine_coords_test(EcPointRef::set_affine_coordinates_gfp) + } + + #[test] + #[cfg(any(ossl111, boringssl, libressl, awslc))] + fn ec_point_set_affine() { + set_affine_coords_test(EcPointRef::set_affine_coordinates) + } + #[test] fn ec_group_set_generator() { // parameters are from secp256r1 @@ -1260,7 +1300,7 @@ mod test { assert!(ec_key.check_key().is_ok()); } - #[cfg(any(ossl111, boringssl, libressl350, awslc))] + #[cfg(any(ossl111, boringssl, libressl, awslc))] #[test] fn get_affine_coordinates() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); @@ -1336,7 +1376,7 @@ mod test { } #[test] - #[cfg(any(boringssl, ossl111, libressl350, awslc))] + #[cfg(any(boringssl, ossl111, libressl, awslc))] fn asn1_flag() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let flag = group.asn1_flag(); diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 0d962c7180..25f0934cbd 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -110,7 +110,7 @@ impl EcdsaSigRef { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0}; } else { #[allow(bad_style)] diff --git a/openssl/src/encrypt.rs b/openssl/src/encrypt.rs index cd08d65308..3bbd862260 100644 --- a/openssl/src/encrypt.rs +++ b/openssl/src/encrypt.rs @@ -39,7 +39,7 @@ //! decrypted.truncate(decrypted_len); //! assert_eq!(&*decrypted, data); //! ``` -#[cfg(any(ossl102, libressl310))] +#[cfg(any(ossl102, libressl))] use libc::c_int; use std::{marker::PhantomData, ptr}; @@ -49,6 +49,7 @@ use crate::pkey::{HasPrivate, HasPublic, PKeyRef}; use crate::rsa::Padding; use crate::{cvt, cvt_p}; use foreign_types::ForeignTypeRef; +use openssl_macros::corresponds; /// A type which encrypts data. pub struct Encrypter<'a> { @@ -69,10 +70,7 @@ impl Drop for Encrypter<'_> { impl<'a> Encrypter<'a> { /// Creates a new `Encrypter`. - /// - /// OpenSSL documentation at [`EVP_PKEY_encrypt_init`]. - /// - /// [`EVP_PKEY_encrypt_init`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_encrypt_init.html + #[corresponds(EVP_PKEY_encrypt_init)] pub fn new(pkey: &'a PKeyRef) -> Result, ErrorStack> where T: HasPublic, @@ -110,10 +108,7 @@ impl<'a> Encrypter<'a> { /// Sets the RSA padding mode. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_padding.html + #[corresponds(EVP_PKEY_CTX_set_rsa_padding)] pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_padding( @@ -127,10 +122,7 @@ impl<'a> Encrypter<'a> { /// Sets the RSA MGF1 algorithm. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html + #[corresponds(EVP_PKEY_CTX_set_rsa_mgf1_md)] pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md( @@ -144,11 +136,7 @@ impl<'a> Encrypter<'a> { /// Sets the RSA OAEP algorithm. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html - #[cfg(any(ossl102, libressl310, boringssl, awslc))] + #[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)] pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md( @@ -162,11 +150,8 @@ impl<'a> Encrypter<'a> { /// Sets the RSA OAEP label. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set0_rsa_oaep_label`]. - /// - /// [`EVP_PKEY_CTX_set0_rsa_oaep_label`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.html - #[cfg(any(ossl102, libressl310))] + #[corresponds(EVP_PKEY_CTX_set0_rsa_oaep_label)] + #[cfg(any(ossl102, libressl))] pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack> { unsafe { let p = cvt_p(ffi::OPENSSL_malloc(label.len() as _))?; @@ -215,9 +200,7 @@ impl<'a> Encrypter<'a> { /// let encoded = &encoded[..encoded_len]; /// ``` /// - /// This corresponds to [`EVP_PKEY_encrypt`]. - /// - /// [`EVP_PKEY_encrypt`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_encrypt.html + #[corresponds(EVP_PKEY_encrypt)] pub fn encrypt(&self, from: &[u8], to: &mut [u8]) -> Result { let mut written = to.len(); unsafe { @@ -235,9 +218,8 @@ impl<'a> Encrypter<'a> { /// Gets the size of the buffer needed to encrypt the input data. /// - /// This corresponds to [`EVP_PKEY_encrypt`] called with a null pointer as output argument. - /// - /// [`EVP_PKEY_encrypt`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_encrypt.html + /// This corresponds to `EVP_PKEY_encrypt` called with a null pointer as output argument. + #[corresponds(EVP_PKEY_encrypt)] pub fn encrypt_len(&self, from: &[u8]) -> Result { let mut written = 0; unsafe { @@ -273,10 +255,7 @@ impl Drop for Decrypter<'_> { impl<'a> Decrypter<'a> { /// Creates a new `Decrypter`. - /// - /// OpenSSL documentation at [`EVP_PKEY_decrypt_init`]. - /// - /// [`EVP_PKEY_decrypt_init`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt_init.html + #[corresponds(EVP_PKEY_decrypt_init)] pub fn new(pkey: &'a PKeyRef) -> Result, ErrorStack> where T: HasPrivate, @@ -314,10 +293,7 @@ impl<'a> Decrypter<'a> { /// Sets the RSA padding mode. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_padding.html + #[corresponds(EVP_PKEY_CTX_set_rsa_padding)] pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_padding( @@ -331,10 +307,7 @@ impl<'a> Decrypter<'a> { /// Sets the RSA MGF1 algorithm. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html + #[corresponds(EVP_PKEY_CTX_set_rsa_mgf1_md)] pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md( @@ -348,11 +321,7 @@ impl<'a> Decrypter<'a> { /// Sets the RSA OAEP algorithm. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`]. - /// - /// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html - #[cfg(any(ossl102, libressl310, boringssl, awslc))] + #[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)] pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md( @@ -366,11 +335,8 @@ impl<'a> Decrypter<'a> { /// Sets the RSA OAEP label. /// /// This is only useful for RSA keys. - /// - /// This corresponds to [`EVP_PKEY_CTX_set0_rsa_oaep_label`]. - /// - /// [`EVP_PKEY_CTX_set0_rsa_oaep_label`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.html - #[cfg(any(ossl102, libressl310))] + #[corresponds(EVP_PKEY_CTX_set0_rsa_oaep_label)] + #[cfg(any(ossl102, libressl))] pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack> { unsafe { let p = cvt_p(ffi::OPENSSL_malloc(label.len() as _))?; @@ -434,9 +400,7 @@ impl<'a> Decrypter<'a> { /// let decoded = &decoded[..decoded_len]; /// ``` /// - /// This corresponds to [`EVP_PKEY_decrypt`]. - /// - /// [`EVP_PKEY_decrypt`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt.html + #[corresponds(EVP_PKEY_decrypt)] pub fn decrypt(&self, from: &[u8], to: &mut [u8]) -> Result { let mut written = to.len(); unsafe { @@ -454,9 +418,8 @@ impl<'a> Decrypter<'a> { /// Gets the size of the buffer needed to decrypt the input data. /// - /// This corresponds to [`EVP_PKEY_decrypt`] called with a null pointer as output argument. - /// - /// [`EVP_PKEY_decrypt`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt.html + /// This corresponds to `EVP_PKEY_decrypt` called with a null pointer as output argument. + #[corresponds(EVP_PKEY_decrypt)] pub fn decrypt_len(&self, from: &[u8]) -> Result { let mut written = 0; unsafe { @@ -478,7 +441,6 @@ mod test { use hex::FromHex; use crate::encrypt::{Decrypter, Encrypter}; - #[cfg(any(ossl102, libressl310, boringssl, awslc))] use crate::hash::MessageDigest; use crate::pkey::PKey; use crate::rsa::{Padding, Rsa}; @@ -513,7 +475,6 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310, boringssl, awslc))] fn rsa_encrypt_decrypt_with_sha256() { let key = include_bytes!("../test/rsa.pem"); let private_key = Rsa::private_key_from_pem(key).unwrap(); @@ -544,7 +505,7 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310))] + #[cfg(any(ossl102, libressl))] fn rsa_encrypt_decrypt_oaep_label() { let key = include_bytes!("../test/rsa.pem"); let private_key = Rsa::private_key_from_pem(key).unwrap(); diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index 5acaf9250a..fac3443a8e 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -158,7 +158,7 @@ impl MessageDigest { unsafe { MessageDigest(ffi::EVP_ripemd160()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM3")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM3")))] pub fn sm3() -> MessageDigest { unsafe { MessageDigest(ffi::EVP_sm3()) } } @@ -194,7 +194,7 @@ unsafe impl Send for MessageDigest {} enum State { Reset, Updated, - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] Squeeze, Finalized, } @@ -262,7 +262,7 @@ impl Hasher { Updated => { self.finish()?; } - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] Squeeze => (), Finalized => (), } @@ -278,11 +278,11 @@ impl Hasher { if self.state == Finalized { self.init()?; } - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] if self.state == Squeeze { // [`EVP_DigestUpdate`], depending on the implementation, may allow Updates after Squeezes. // But, [FIPS 202], as shown in Figure 7, has a distinguished absorbing phase followed by a squeezing phase. - // Indeed, the [`sha3.c`] implmentation disallows Updates after Squeezes. + // Indeed, the [`sha3.c`] implementation disallows Updates after Squeezes. // For consistency, we always return an error when Update is called after Squeeze. // // [`EVP_DigestUpdate`]: https://github.com/openssl/openssl/blob/b3bb214720f20f3b126ae4b9c330e9a48b835415/crypto/evp/digest.c#L385-L393 @@ -304,7 +304,7 @@ impl Hasher { /// Squeezes buf out of the hasher. Can be called multiple times, unlike `finish_xof`. /// The output will be as long as the buf. - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] pub fn squeeze_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_DigestSqueeze( @@ -514,7 +514,7 @@ mod tests { } /// Squeezes the expected length by doing two squeezes. - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] fn hash_xof_squeeze_test(hashtype: MessageDigest, hashtest: &(&str, &str)) { let data = Vec::from_hex(hashtest.0).unwrap(); let mut h = Hasher::new(hashtype).unwrap(); @@ -584,7 +584,7 @@ mod tests { assert_eq!(&*res, &*null); } - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] #[test] fn test_finish_then_squeeze() { let digest = MessageDigest::shake_128(); @@ -595,7 +595,7 @@ mod tests { .expect_err("squeezing after finalize should fail"); } - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] #[test] fn test_squeeze_then_update() { let digest = MessageDigest::shake_128(); @@ -607,15 +607,19 @@ mod tests { .expect_err("updating after squeeze should fail"); } - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] #[test] fn test_squeeze_then_finalize() { let digest = MessageDigest::shake_128(); let mut h = Hasher::new(digest).unwrap(); let mut buf = vec![0; digest.size()]; h.squeeze_xof(&mut buf).unwrap(); - h.finish_xof(&mut buf) - .expect_err("finalize after squeeze should fail"); + if cfg!(ossl330) { + h.finish_xof(&mut buf) + .expect_err("finalize after squeeze should fail"); + } else if cfg!(awslc) { + h.finish_xof(&mut buf).unwrap(); + } } #[test] @@ -791,7 +795,7 @@ mod tests { for test in tests.iter() { hash_xof_test(MessageDigest::shake_128(), test); - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] hash_xof_squeeze_test(MessageDigest::shake_128(), test); } @@ -816,7 +820,7 @@ mod tests { for test in tests.iter() { hash_xof_test(MessageDigest::shake_256(), test); - #[cfg(ossl330)] + #[cfg(any(ossl330, awslc))] hash_xof_squeeze_test(MessageDigest::shake_256(), test); } @@ -852,7 +856,7 @@ mod tests { ); } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM3")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM3")))] #[test] fn test_sm3() { let tests = [( diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index a5da352505..902b532d5c 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -25,16 +25,75 @@ impl Drop for EvpKdfCtx { cfg_if::cfg_if! { if #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] { use std::cmp; - use std::ffi::c_void; - use std::mem::MaybeUninit; + use std::ffi::CStr; use std::ptr; use foreign_types::ForeignTypeRef; use libc::c_char; use crate::{cvt, cvt_p}; use crate::lib_ctx::LibCtxRef; use crate::error::ErrorStack; + use crate::ossl_param::OsslParamBuilder; - /// Derives a key using the argon2id algorithm. + // Safety: these all have null terminators. + // We cen remove these CStr::from_bytes_with_nul_unchecked calls + // when we upgrade to Rust 1.77+ with literal c"" syntax. + + const OSSL_KDF_PARAM_PASSWORD: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"pass\0") }; + const OSSL_KDF_PARAM_SALT: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"salt\0") }; + const OSSL_KDF_PARAM_SECRET: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"secret\0") }; + const OSSL_KDF_PARAM_ITER: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"iter\0") }; + const OSSL_KDF_PARAM_SIZE: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"size\0") }; + const OSSL_KDF_PARAM_THREADS: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"threads\0") }; + const OSSL_KDF_PARAM_ARGON2_AD: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"ad\0") }; + const OSSL_KDF_PARAM_ARGON2_LANES: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"lanes\0") }; + const OSSL_KDF_PARAM_ARGON2_MEMCOST: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"memcost\0") }; + + #[allow(clippy::too_many_arguments)] + pub fn argon2d( + ctx: Option<&LibCtxRef>, + pass: &[u8], + salt: &[u8], + ad: Option<&[u8]>, + secret: Option<&[u8]>, + iter: u32, + lanes: u32, + memcost: u32, + out: &mut [u8], + ) -> Result<(), ErrorStack> { + argon2_helper(CStr::from_bytes_with_nul(b"ARGON2D\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out) + } + + #[allow(clippy::too_many_arguments)] + pub fn argon2i( + ctx: Option<&LibCtxRef>, + pass: &[u8], + salt: &[u8], + ad: Option<&[u8]>, + secret: Option<&[u8]>, + iter: u32, + lanes: u32, + memcost: u32, + out: &mut [u8], + ) -> Result<(), ErrorStack> { + argon2_helper(CStr::from_bytes_with_nul(b"ARGON2I\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out) + } + + #[allow(clippy::too_many_arguments)] + pub fn argon2id( + ctx: Option<&LibCtxRef>, + pass: &[u8], + salt: &[u8], + ad: Option<&[u8]>, + secret: Option<&[u8]>, + iter: u32, + lanes: u32, + memcost: u32, + out: &mut [u8], + ) -> Result<(), ErrorStack> { + argon2_helper(CStr::from_bytes_with_nul(b"ARGON2ID\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out) + } + + /// Derives a key using the argon2* algorithms. /// /// To use multiple cores to process the lanes in parallel you must /// set a global max thread count using `OSSL_set_max_threads`. On @@ -42,81 +101,50 @@ cfg_if::cfg_if! { /// /// Requires OpenSSL 3.2.0 or newer. #[allow(clippy::too_many_arguments)] - pub fn argon2id( + fn argon2_helper( + kdf_identifier: &CStr, ctx: Option<&LibCtxRef>, pass: &[u8], salt: &[u8], ad: Option<&[u8]>, secret: Option<&[u8]>, - mut iter: u32, - mut lanes: u32, - mut memcost: u32, + iter: u32, + lanes: u32, + memcost: u32, out: &mut [u8], ) -> Result<(), ErrorStack> { - unsafe { + let libctx = ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr); + let max_threads = unsafe { ffi::init(); - let libctx = ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr); - - let max_threads = ffi::OSSL_get_max_threads(libctx); - let mut threads = 1; - // If max_threads is 0, then this isn't a threaded build. - // If max_threads is > u32::MAX we need to clamp since - // argon2id's threads parameter is a u32. - if max_threads > 0 { - threads = cmp::min(lanes, cmp::min(max_threads, u32::MAX as u64) as u32); - } - let mut params: [ffi::OSSL_PARAM; 10] = - core::array::from_fn(|_| MaybeUninit::::zeroed().assume_init()); - let mut idx = 0; - params[idx] = ffi::OSSL_PARAM_construct_octet_string( - b"pass\0".as_ptr() as *const c_char, - pass.as_ptr() as *mut c_void, - pass.len(), - ); - idx += 1; - params[idx] = ffi::OSSL_PARAM_construct_octet_string( - b"salt\0".as_ptr() as *const c_char, - salt.as_ptr() as *mut c_void, - salt.len(), - ); - idx += 1; - params[idx] = - ffi::OSSL_PARAM_construct_uint(b"threads\0".as_ptr() as *const c_char, &mut threads); - idx += 1; - params[idx] = - ffi::OSSL_PARAM_construct_uint(b"lanes\0".as_ptr() as *const c_char, &mut lanes); - idx += 1; - params[idx] = - ffi::OSSL_PARAM_construct_uint(b"memcost\0".as_ptr() as *const c_char, &mut memcost); - idx += 1; - params[idx] = - ffi::OSSL_PARAM_construct_uint(b"iter\0".as_ptr() as *const c_char, &mut iter); - idx += 1; - let mut size = out.len() as u32; - params[idx] = - ffi::OSSL_PARAM_construct_uint(b"size\0".as_ptr() as *const c_char, &mut size); - idx += 1; - if let Some(ad) = ad { - params[idx] = ffi::OSSL_PARAM_construct_octet_string( - b"ad\0".as_ptr() as *const c_char, - ad.as_ptr() as *mut c_void, - ad.len(), - ); - idx += 1; - } - if let Some(secret) = secret { - params[idx] = ffi::OSSL_PARAM_construct_octet_string( - b"secret\0".as_ptr() as *const c_char, - secret.as_ptr() as *mut c_void, - secret.len(), - ); - idx += 1; - } - params[idx] = ffi::OSSL_PARAM_construct_end(); - + ffi::OSSL_get_max_threads(libctx) + }; + let mut threads = 1; + // If max_threads is 0, then this isn't a threaded build. + // If max_threads is > u32::MAX we need to clamp since + // argon2id's threads parameter is a u32. + if max_threads > 0 { + threads = cmp::min(lanes, cmp::min(max_threads, u32::MAX as u64) as u32); + } + let mut bld = OsslParamBuilder::new()?; + bld.add_octet_string(OSSL_KDF_PARAM_PASSWORD, pass)?; + bld.add_octet_string(OSSL_KDF_PARAM_SALT, salt)?; + bld.add_uint(OSSL_KDF_PARAM_THREADS, threads)?; + bld.add_uint(OSSL_KDF_PARAM_ARGON2_LANES, lanes)?; + bld.add_uint(OSSL_KDF_PARAM_ARGON2_MEMCOST, memcost)?; + bld.add_uint(OSSL_KDF_PARAM_ITER, iter)?; + let size = out.len() as u32; + bld.add_uint(OSSL_KDF_PARAM_SIZE, size)?; + if let Some(ad) = ad { + bld.add_octet_string(OSSL_KDF_PARAM_ARGON2_AD, ad)?; + } + if let Some(secret) = secret { + bld.add_octet_string(OSSL_KDF_PARAM_SECRET, secret)?; + } + let params = bld.to_param()?; + unsafe { let argon2 = EvpKdf(cvt_p(ffi::EVP_KDF_fetch( libctx, - b"ARGON2ID\0".as_ptr() as *const c_char, + kdf_identifier.as_ptr() as *const c_char, ptr::null(), ))?); let ctx = EvpKdfCtx(cvt_p(ffi::EVP_KDF_CTX_new(argon2.0))?); @@ -161,6 +189,60 @@ mod tests { assert_eq!(hex::encode(&actual[..]), expected); } + #[test] + #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] + fn argon2d() { + // RFC 9106 test vector for argon2d + let pass = hex::decode("0101010101010101010101010101010101010101010101010101010101010101") + .unwrap(); + let salt = hex::decode("02020202020202020202020202020202").unwrap(); + let secret = hex::decode("0303030303030303").unwrap(); + let ad = hex::decode("040404040404040404040404").unwrap(); + let expected = "512b391b6f1162975371d30919734294f868e3be3984f3c1a13a4db9fabe4acb"; + + let mut actual = [0u8; 32]; + super::argon2d( + None, + &pass, + &salt, + Some(&ad), + Some(&secret), + 3, + 4, + 32, + &mut actual, + ) + .unwrap(); + assert_eq!(hex::encode(&actual[..]), expected); + } + + #[test] + #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] + fn argon2i() { + // RFC 9106 test vector for argon2i + let pass = hex::decode("0101010101010101010101010101010101010101010101010101010101010101") + .unwrap(); + let salt = hex::decode("02020202020202020202020202020202").unwrap(); + let secret = hex::decode("0303030303030303").unwrap(); + let ad = hex::decode("040404040404040404040404").unwrap(); + let expected = "c814d9d1dc7f37aa13f0d77f2494bda1c8de6b016dd388d29952a4c4672b6ce8"; + + let mut actual = [0u8; 32]; + super::argon2i( + None, + &pass, + &salt, + Some(&ad), + Some(&secret), + 3, + 4, + 32, + &mut actual, + ) + .unwrap(); + assert_eq!(hex::encode(&actual[..]), expected); + } + #[test] #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] fn argon2id_no_ad_secret() { diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 1afe5de38c..eddf5d5bcb 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,7 +1,7 @@ //! Bindings to OpenSSL //! -//! This crate provides a safe interface to the popular OpenSSL cryptography library. OpenSSL versions 1.0.1 through -//! 3.x.x and LibreSSL versions 2.5 through 3.7.x are supported. +//! This crate provides a safe interface to the popular OpenSSL cryptography library. OpenSSL versions 1.0.2 through +//! 3.x.x and LibreSSL versions 3.5 through 4.2.x are supported. //! //! # Building //! @@ -177,6 +177,8 @@ pub mod memcmp; pub mod nid; #[cfg(not(osslconf = "OPENSSL_NO_OCSP"))] pub mod ocsp; +#[cfg(ossl300)] +mod ossl_param; pub mod pkcs12; pub mod pkcs5; #[cfg(not(any(boringssl, awslc)))] diff --git a/openssl/src/macros.rs b/openssl/src/macros.rs index 69d1459737..8b561822d3 100644 --- a/openssl/src/macros.rs +++ b/openssl/src/macros.rs @@ -8,8 +8,8 @@ macro_rules! private_key_from_pem { ffi::init(); let bio = crate::bio::MemBioSlice::new(pem)?; let passphrase = ::std::ffi::CString::new(passphrase).unwrap(); - cvt_p($f(bio.as_ptr(), - ptr::null_mut(), + crate::cvt_p($f(bio.as_ptr(), + ::std::ptr::null_mut(), None, passphrase.as_ptr() as *const _ as *mut _)) .map(|p| ::foreign_types::ForeignType::from_ptr(p)) @@ -24,8 +24,8 @@ macro_rules! private_key_from_pem { ffi::init(); let mut cb = crate::util::CallbackState::new(callback); let bio = crate::bio::MemBioSlice::new(pem)?; - cvt_p($f(bio.as_ptr(), - ptr::null_mut(), + crate::cvt_p($f(bio.as_ptr(), + ::std::ptr::null_mut(), Some(crate::util::invoke_passwd_cb::), &mut cb as *mut _ as *mut _)) .map(|p| ::foreign_types::ForeignType::from_ptr(p)) @@ -40,13 +40,13 @@ macro_rules! private_key_to_pem { pub fn $n(&self) -> Result, crate::error::ErrorStack> { unsafe { let bio = crate::bio::MemBio::new()?; - cvt($f(bio.as_ptr(), + crate::cvt($f(bio.as_ptr(), self.as_ptr(), - ptr::null(), - ptr::null_mut(), + ::std::ptr::null(), + ::std::ptr::null_mut(), -1, None, - ptr::null_mut()))?; + ::std::ptr::null_mut()))?; Ok(bio.get_buf().to_owned()) } } @@ -60,13 +60,13 @@ macro_rules! private_key_to_pem { unsafe { let bio = crate::bio::MemBio::new()?; assert!(passphrase.len() <= ::libc::c_int::MAX as usize); - cvt($f(bio.as_ptr(), + crate::cvt($f(bio.as_ptr(), self.as_ptr(), cipher.as_ptr(), passphrase.as_ptr() as *const _ as *mut _, passphrase.len() as ::libc::c_int, None, - ptr::null_mut()))?; + ::std::ptr::null_mut()))?; Ok(bio.get_buf().to_owned()) } } @@ -79,7 +79,7 @@ macro_rules! to_pem { pub fn $n(&self) -> Result, crate::error::ErrorStack> { unsafe { let bio = crate::bio::MemBio::new()?; - cvt($f(bio.as_ptr(), self.as_ptr()))?; + crate::cvt($f(bio.as_ptr(), self.as_ptr()))?; Ok(bio.get_buf().to_owned()) } } @@ -92,7 +92,7 @@ macro_rules! to_der { pub fn $n(&self) -> Result, crate::error::ErrorStack> { unsafe { let len = crate::cvt($f(::foreign_types::ForeignTypeRef::as_ptr(self), - ptr::null_mut()))?; + ::std::ptr::null_mut()))?; let mut buf = vec![0; len as usize]; crate::cvt($f(::foreign_types::ForeignTypeRef::as_ptr(self), &mut buf.as_mut_ptr()))?; @@ -124,7 +124,7 @@ macro_rules! from_pem { unsafe { crate::init(); let bio = crate::bio::MemBioSlice::new(pem)?; - cvt_p($f(bio.as_ptr(), ::std::ptr::null_mut(), None, ::std::ptr::null_mut())) + crate::cvt_p($f(bio.as_ptr(), ::std::ptr::null_mut(), None, ::std::ptr::null_mut())) .map(|p| ::foreign_types::ForeignType::from_ptr(p)) } } diff --git a/openssl/src/md.rs b/openssl/src/md.rs index b02ddfddd6..1ac9d5e313 100644 --- a/openssl/src/md.rs +++ b/openssl/src/md.rs @@ -194,7 +194,7 @@ impl Md { unsafe { MdRef::from_ptr(ffi::EVP_ripemd160() as *mut _) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM3")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM3")))] #[inline] pub fn sm3() -> &'static MdRef { unsafe { MdRef::from_ptr(ffi::EVP_sm3() as *mut _) } diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index 453a87c992..b4aba6bcbc 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -44,7 +44,7 @@ pub struct SignatureAlgorithms { /// The following documentation provides context about `Nid`s and their usage /// in OpenSSL. /// -/// - [Obj_nid2obj](https://www.openssl.org/docs/manmaster/crypto/OBJ_create.html) +/// - [Obj_nid2obj](https://docs.openssl.org/master/man3/OBJ_create/) #[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)] pub struct Nid(c_int); @@ -1076,7 +1076,7 @@ impl Nid { pub const AES_256_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_256_cbc_hmac_sha1); #[cfg(ossl111)] pub const SM2: Nid = Nid(ffi::NID_sm2); - #[cfg(any(ossl111, libressl291))] + #[cfg(any(ossl111, libressl))] pub const SM3: Nid = Nid(ffi::NID_sm3); #[cfg(any(ossl111, libressl380, awslc))] pub const SHA3_224: Nid = Nid(ffi::NID_sha3_224); @@ -1090,7 +1090,7 @@ impl Nid { pub const SHAKE128: Nid = Nid(ffi::NID_shake128); #[cfg(any(ossl111, awslc))] pub const SHAKE256: Nid = Nid(ffi::NID_shake256); - #[cfg(any(ossl110, libressl271, awslc))] + #[cfg(any(ossl110, libressl, awslc))] pub const CHACHA20_POLY1305: Nid = Nid(ffi::NID_chacha20_poly1305); } diff --git a/openssl/src/ossl_param.rs b/openssl/src/ossl_param.rs new file mode 100644 index 0000000000..702770aff6 --- /dev/null +++ b/openssl/src/ossl_param.rs @@ -0,0 +1,169 @@ +//! OSSL_PARAM management for OpenSSL 3.* +//! +//! The OSSL_PARAM structure represents an array of generic +//! attributes that can represent various +//! properties in OpenSSL, including keys and operations. +//! +//! This is always represented as an array of OSSL_PARAM +//! structures, terminated by an entry with a NULL key. +//! +//! For convenience, the OSSL_PARAM_BLD builder can be used to +//! dynamically construct these structures. +//! +//! Note, that this module is available only in OpenSSL 3.* and +//! only internally for this crate. + +use crate::error::ErrorStack; +use crate::util; +use crate::{cvt, cvt_p}; +use foreign_types::ForeignType; +use libc::{c_uint, c_void}; +use openssl_macros::corresponds; +use std::ffi::CStr; +use std::marker::PhantomData; +use std::ptr; + +foreign_type_and_impl_send_sync! { + // This is the singular type, but it is always allocated + // and used as an array of such types. + type CType = ffi::OSSL_PARAM; + // OSSL_PARMA_free correctly frees the entire array. + fn drop = ffi::OSSL_PARAM_free; + + /// `OsslParamArray` constructed using `OsslParamBuilder`. + /// Internally this is a pointer to an array of the OSSL_PARAM + /// structures. + pub struct OsslParamArray; + /// Reference to `OsslParamArray`. + pub struct OsslParamArrayRef; +} + +impl OsslParamArray { + /// Locates the individual `OSSL_PARAM` element representing an + /// octet string identified by the key in the `OsslParamArray` + /// array and returns a reference to it. + /// + /// Combines OSSL_PARAM_locate and OSSL_PARAM_get_octet_string. + #[corresponds(OSSL_PARAM_get_octet_string)] + #[allow(dead_code)] // TODO: remove when when used by ML-DSA / ML-KEM + pub(crate) fn locate_octet_string<'a>(&'a self, key: &CStr) -> Result<&'a [u8], ErrorStack> { + unsafe { + let param = cvt_p(ffi::OSSL_PARAM_locate(self.as_ptr(), key.as_ptr()))?; + let mut val: *const c_void = ptr::null_mut(); + let mut val_len: usize = 0; + cvt(ffi::OSSL_PARAM_get_octet_string_ptr( + param, + &mut val, + &mut val_len, + ))?; + Ok(util::from_raw_parts(val as *const u8, val_len)) + } + } +} + +foreign_type_and_impl_send_sync! { + type CType = ffi::OSSL_PARAM_BLD; + fn drop = ffi::OSSL_PARAM_BLD_free; + + /// Builder used to construct `OsslParamArray`. + pub struct OsslParamBuilderInternal; + /// Reference to `OsslParamBuilderInternal`. + pub struct OsslParamBuilderRefInternal; +} + +/// Wrapper around the internal OsslParamBuilderInternal that adds lifetime management +/// since the builder does not own the key and value data that is added to it. +pub struct OsslParamBuilder<'a> { + builder: OsslParamBuilderInternal, + _marker: PhantomData<&'a ()>, +} + +impl<'a> OsslParamBuilder<'a> { + /// Returns a builder for an OsslParamArray. + /// + /// The array is initially empty. + #[corresponds(OSSL_PARAM_BLD_new)] + #[cfg_attr(any(not(ossl320), osslconf = "OPENSSL_NO_ARGON2"), allow(dead_code))] + pub(crate) fn new() -> Result, ErrorStack> { + unsafe { + ffi::init(); + + cvt_p(ffi::OSSL_PARAM_BLD_new()).map(|builder| OsslParamBuilder { + builder: OsslParamBuilderInternal(builder), + _marker: PhantomData, + }) + } + } + + /// Constructs the `OsslParamArray` and clears this builder. + #[corresponds(OSSL_PARAM_BLD_to_param)] + #[cfg_attr(any(not(ossl320), osslconf = "OPENSSL_NO_ARGON2"), allow(dead_code))] + #[allow(clippy::wrong_self_convention)] + pub(crate) fn to_param(&'a mut self) -> Result { + unsafe { + let params = cvt_p(ffi::OSSL_PARAM_BLD_to_param(self.as_ptr()))?; + Ok(OsslParamArray::from_ptr(params)) + } + } + + /// Adds a octet string to `OsslParamBuilder`. + #[corresponds(OSSL_PARAM_BLD_push_octet_string)] + #[cfg_attr(any(not(ossl320), osslconf = "OPENSSL_NO_ARGON2"), allow(dead_code))] + pub(crate) fn add_octet_string( + &mut self, + key: &'a CStr, + buf: &'a [u8], + ) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::OSSL_PARAM_BLD_push_octet_string( + self.as_ptr(), + key.as_ptr(), + buf.as_ptr() as *const c_void, + buf.len(), + )) + .map(|_| ()) + } + } + + /// Adds a unsigned int to `OsslParamBuilder`. + #[corresponds(OSSL_PARAM_BLD_push_uint)] + #[cfg_attr(any(not(ossl320), osslconf = "OPENSSL_NO_ARGON2"), allow(dead_code))] + pub(crate) fn add_uint(&mut self, key: &'a CStr, val: u32) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::OSSL_PARAM_BLD_push_uint( + self.as_ptr(), + key.as_ptr(), + val as c_uint, + )) + .map(|_| ()) + } + } + + /// Returns a raw pointer to the underlying `OSSL_PARAM_BLD` structure. + pub(crate) unsafe fn as_ptr(&mut self) -> *mut ffi::OSSL_PARAM_BLD { + self.builder.as_ptr() + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[test] + fn test_builder_locate_octet_string() { + let mut builder = OsslParamBuilder::new().unwrap(); + builder + .add_octet_string(CStr::from_bytes_with_nul(b"key1\0").unwrap(), b"value1") + .unwrap(); + let params = builder.to_param().unwrap(); + + assert!(params + .locate_octet_string(CStr::from_bytes_with_nul(b"invalid\0").unwrap()) + .is_err()); + assert_eq!( + params + .locate_octet_string(CStr::from_bytes_with_nul(b"key1\0").unwrap()) + .unwrap(), + b"value1" + ); + } +} diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index 14d760afaa..1a2b9660bf 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -226,7 +226,7 @@ impl Pkcs12Builder { pub fn build2(&self, password: &str) -> Result { unsafe { let pass = CString::new(password).unwrap(); - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] let pass_len = pass.as_bytes().len(); let pass = pass.as_ptr(); let friendly_name = self.name.as_ref().map_or(ptr::null(), |p| p.as_ptr()); @@ -242,7 +242,7 @@ impl Pkcs12Builder { // According to the OpenSSL docs, keytype is a non-standard extension for MSIE, // It's values are KEY_SIG or KEY_EX, see the OpenSSL docs for more information: - // https://www.openssl.org/docs/manmaster/crypto/PKCS12_create.html + // https://docs.openssl.org/master/man3/PKCS12_create/ let keytype = 0; let pkcs12 = cvt_p(ffi::PKCS12_create( @@ -259,7 +259,7 @@ impl Pkcs12Builder { )) .map(Pkcs12)?; - #[cfg(not(boringssl))] + #[cfg(not(any(boringssl, awslc_fips)))] // BoringSSL does not support overriding the MAC and will always // use SHA-1. { diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index 65a6e7318e..9b991d473b 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -75,7 +75,7 @@ bitflags! { const NOCRL = ffi::PKCS7_NOCRL; const PARTIAL = ffi::PKCS7_PARTIAL; const REUSE_DIGEST = ffi::PKCS7_REUSE_DIGEST; - #[cfg(not(any(ossl101, ossl102, libressl)))] + #[cfg(ossl110)] const NO_DUAL_CONTENT = ffi::PKCS7_NO_DUAL_CONTENT; } } diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index 8d69e1cdcf..f55440ffbd 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -79,7 +79,7 @@ pub struct Id(c_int); impl Id { pub const RSA: Id = Id(ffi::EVP_PKEY_RSA); - #[cfg(any(ossl111, libressl310, boringssl, awslc))] + #[cfg(any(ossl111, libressl, boringssl, awslc))] pub const RSA_PSS: Id = Id(ffi::EVP_PKEY_RSA_PSS); #[cfg(not(boringssl))] pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC); @@ -384,7 +384,7 @@ impl fmt::Debug for PKey { fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { let alg = match self.id() { Id::RSA => "RSA", - #[cfg(any(ossl111, libressl310, boringssl, awslc))] + #[cfg(any(ossl111, libressl, boringssl, awslc))] Id::RSA_PSS => "RSA-PSS", #[cfg(not(boringssl))] Id::HMAC => "HMAC", @@ -833,7 +833,7 @@ impl PKey { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl270, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::EVP_PKEY_up_ref; } else { #[allow(bad_style)] diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index aa39a0f9cd..b85876c25f 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -64,14 +64,17 @@ let cmac_key = ctx.keygen().unwrap(); //! let valid = ctx.verify(text, &signature).unwrap(); //! assert!(valid); //! ``` +use crate::bn::BigNumRef; #[cfg(not(any(boringssl, awslc)))] use crate::cipher::CipherRef; use crate::error::ErrorStack; use crate::md::MdRef; -use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private}; +use crate::nid::Nid; +use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Params, Private}; use crate::rsa::Padding; use crate::sign::RsaPssSaltlen; use crate::{cvt, cvt_p}; +use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; #[cfg(not(any(boringssl, awslc)))] use libc::c_int; @@ -420,6 +423,17 @@ impl PkeyCtxRef { Ok(()) } + /// Prepares the context for key parameter generation. + #[corresponds(EVP_PKEY_paramgen_init)] + #[inline] + pub fn paramgen_init(&mut self) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_paramgen_init(self.as_ptr()))?; + } + + Ok(()) + } + /// Sets which algorithm was used to compute the digest used in a /// signature. With RSA signatures this causes the signature to be wrapped /// in a `DigestInfo` structure. This is almost always what you want with @@ -436,6 +450,72 @@ impl PkeyCtxRef { Ok(()) } + /// Sets the DH paramgen prime length. + /// + /// This is only useful for DH keys. + #[corresponds(EVP_PKEY_CTX_set_dh_paramgen_prime_len)] + #[cfg(not(boringssl))] + #[inline] + pub fn set_dh_paramgen_prime_len(&mut self, bits: u32) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_dh_paramgen_prime_len( + self.as_ptr(), + bits as i32, + ))?; + } + + Ok(()) + } + + /// Sets the DH paramgen generator. + /// + /// This is only useful for DH keys. + #[corresponds(EVP_PKEY_CTX_set_dh_paramgen_generator)] + #[cfg(not(boringssl))] + #[inline] + pub fn set_dh_paramgen_generator(&mut self, bits: u32) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_dh_paramgen_generator( + self.as_ptr(), + bits as i32, + ))?; + } + + Ok(()) + } + + /// Sets the DSA paramgen bits. + /// + /// This is only useful for DSA keys. + #[corresponds(EVP_PKEY_CTX_set_dsa_paramgen_bits)] + #[inline] + pub fn set_dsa_paramgen_bits(&mut self, bits: u32) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_dsa_paramgen_bits( + self.as_ptr(), + bits as i32, + ))?; + } + + Ok(()) + } + + /// Sets the EC paramgen curve NID. + /// + /// This is only useful for EC keys. + #[corresponds(EVP_PKEY_CTX_set_ec_paramgen_curve_nid)] + #[inline] + pub fn set_ec_paramgen_curve_nid(&mut self, nid: Nid) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_ec_paramgen_curve_nid( + self.as_ptr(), + nid.as_raw(), + ))?; + } + + Ok(()) + } + /// Returns the RSA padding mode in use. /// /// This is only useful for RSA keys. @@ -466,6 +546,48 @@ impl PkeyCtxRef { Ok(()) } + /// Sets the RSA keygen bits. + /// + /// This is only useful for RSA keys. + #[corresponds(EVP_PKEY_CTX_set_rsa_keygen_bits)] + #[inline] + pub fn set_rsa_keygen_bits(&mut self, bits: u32) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_rsa_keygen_bits( + self.as_ptr(), + bits as i32, + ))?; + } + + Ok(()) + } + + /// Sets the RSA keygen public exponent. + /// + /// This is only useful for RSA keys. + #[corresponds(EVP_PKEY_CTX_set1_rsa_keygen_pubexp)] + #[inline] + pub fn set_rsa_keygen_pubexp(&mut self, pubexp: &BigNumRef) -> Result<(), ErrorStack> { + unsafe { + cfg_if! { + if #[cfg(ossl300)] { + cvt(ffi::EVP_PKEY_CTX_set1_rsa_keygen_pubexp( + self.as_ptr(), + pubexp.as_ptr(), + ))?; + } else { + cvt(ffi::EVP_PKEY_CTX_set_rsa_keygen_pubexp( + self.as_ptr(), + // Dupe the BN because the EVP_PKEY_CTX takes ownership of it and will free it. + cvt_p(ffi::BN_dup(pubexp.as_ptr()))?, + ))?; + } + } + } + + Ok(()) + } + /// Sets the RSA PSS salt length. /// /// This is only useful for RSA keys. @@ -501,7 +623,6 @@ impl PkeyCtxRef { /// /// This is only useful for RSA keys. #[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)] - #[cfg(any(ossl102, libressl310, boringssl, awslc))] #[inline] pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack> { unsafe { @@ -518,7 +639,6 @@ impl PkeyCtxRef { /// /// This is only useful for RSA keys. #[corresponds(EVP_PKEY_CTX_set0_rsa_oaep_label)] - #[cfg(any(ossl102, libressl310, boringssl, awslc))] pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack> { use crate::LenType; let len = LenType::try_from(label.len()).unwrap(); @@ -734,6 +854,17 @@ impl PkeyCtxRef { } } + /// Generates a new set of key parameters. + #[corresponds(EVP_PKEY_paramgen)] + #[inline] + pub fn paramgen(&mut self) -> Result, ErrorStack> { + unsafe { + let mut key = ptr::null_mut(); + cvt(ffi::EVP_PKEY_paramgen(self.as_ptr(), &mut key))?; + Ok(PKey::from_ptr(key)) + } + } + /// Sets the nonce type for a private key context. /// /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979). @@ -785,6 +916,7 @@ impl PkeyCtxRef { #[cfg(test)] mod test { use super::*; + use crate::bn::BigNum; #[cfg(not(any(boringssl, awslc)))] use crate::cipher::Cipher; use crate::ec::{EcGroup, EcKey}; @@ -794,6 +926,8 @@ mod test { use crate::pkey::PKey; use crate::rsa::Rsa; use crate::sign::Verifier; + #[cfg(not(boringssl))] + use cfg_if::cfg_if; #[test] fn rsa() { @@ -819,7 +953,6 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310, boringssl, awslc))] fn rsa_oaep() { let key = include_bytes!("../test/rsa.pem"); let rsa = Rsa::private_key_from_pem(key).unwrap(); @@ -920,6 +1053,63 @@ mod test { ctx.keygen().unwrap(); } + #[test] + #[cfg(not(boringssl))] + fn dh_paramgen() { + let mut ctx = PkeyCtx::new_id(Id::DH).unwrap(); + ctx.paramgen_init().unwrap(); + ctx.set_dh_paramgen_prime_len(512).unwrap(); + ctx.set_dh_paramgen_generator(2).unwrap(); + let params = ctx.paramgen().unwrap(); + + assert_eq!(params.size(), 64); + } + + #[test] + #[cfg(not(boringssl))] + fn dsa_paramgen() { + let mut ctx = PkeyCtx::new_id(Id::DSA).unwrap(); + ctx.paramgen_init().unwrap(); + ctx.set_dsa_paramgen_bits(2048).unwrap(); + let params = ctx.paramgen().unwrap(); + + let size = { + cfg_if! { + if #[cfg(awslc)] { + 72 + } else if #[cfg(libressl)] { + 48 + } else { + 64 + } + } + }; + assert_eq!(params.size(), size); + } + + #[test] + fn ec_keygen() { + let mut ctx = PkeyCtx::new_id(Id::EC).unwrap(); + ctx.paramgen_init().unwrap(); + ctx.set_ec_paramgen_curve_nid(Nid::X9_62_PRIME256V1) + .unwrap(); + let params = ctx.paramgen().unwrap(); + + assert_eq!(params.size(), 72); + } + + #[test] + fn rsa_keygen() { + let pubexp = BigNum::from_u32(65537).unwrap(); + let mut ctx = PkeyCtx::new_id(Id::RSA).unwrap(); + ctx.keygen_init().unwrap(); + ctx.set_rsa_keygen_pubexp(&pubexp).unwrap(); + ctx.set_rsa_keygen_bits(2048).unwrap(); + let key = ctx.keygen().unwrap(); + + assert_eq!(key.bits(), 2048); + } + #[test] #[cfg(any(ossl110, boringssl, libressl360, awslc))] fn hkdf() { @@ -1051,7 +1241,7 @@ mod test { // result_buf contains the digest assert_eq!(result_buf[..length], digest); - // Attempt recovery of teh entire DigestInfo + // Attempt recovery of the entire DigestInfo let mut ctx = PkeyCtx::new(&key).unwrap(); ctx.verify_recover_init().unwrap(); ctx.set_rsa_padding(Padding::PKCS1).unwrap(); @@ -1094,12 +1284,12 @@ mxJ7imIrEg9nIQ== let key1 = EcKey::private_key_from_pem(private_key_pem.as_bytes()).unwrap(); let key1 = PKey::from_ec_key(key1).unwrap(); let input = "sample"; - let expected_output = hex::decode("3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB").unwrap(); + let expected_output = hex::decode("3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8").unwrap(); - let hashed_input = hash(MessageDigest::sha1(), input.as_bytes()).unwrap(); + let hashed_input = hash(MessageDigest::sha256(), input.as_bytes()).unwrap(); let mut ctx = PkeyCtx::new(&key1).unwrap(); ctx.sign_init().unwrap(); - ctx.set_signature_md(Md::sha1()).unwrap(); + ctx.set_signature_md(Md::sha256()).unwrap(); ctx.set_nonce_type(NonceType::DETERMINISTIC_K).unwrap(); let mut output = vec![]; diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index ea1548c797..5a5f4ba008 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -376,8 +376,8 @@ impl Rsa { /// /// This corresponds to [`RSA_new`] and uses [`RSA_set0_key`]. /// - /// [`RSA_new`]: https://www.openssl.org/docs/manmaster/crypto/RSA_new.html - /// [`RSA_set0_key`]: https://www.openssl.org/docs/manmaster/crypto/RSA_set0_key.html + /// [`RSA_new`]: https://docs.openssl.org/master/man3/RSA_new/ + /// [`RSA_set0_key`]: https://docs.openssl.org/master/man3/RSA_set0_key/ pub fn from_public_components(n: BigNum, e: BigNum) -> Result, ErrorStack> { unsafe { let rsa = cvt_p(ffi::RSA_new())?; @@ -436,8 +436,8 @@ impl RsaPrivateKeyBuilder { /// /// This corresponds to [`RSA_new`] and uses [`RSA_set0_key`]. /// - /// [`RSA_new`]: https://www.openssl.org/docs/manmaster/crypto/RSA_new.html - /// [`RSA_set0_key`]: https://www.openssl.org/docs/manmaster/crypto/RSA_set0_key.html + /// [`RSA_new`]: https://docs.openssl.org/master/man3/RSA_new/ + /// [`RSA_set0_key`]: https://docs.openssl.org/master/man3/RSA_set0_key/ pub fn new(n: BigNum, e: BigNum, d: BigNum) -> Result { unsafe { let rsa = cvt_p(ffi::RSA_new())?; @@ -585,7 +585,7 @@ impl fmt::Debug for Rsa { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{ RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 0e967a8e1f..51e6e11695 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -529,8 +529,11 @@ impl<'a> Verifier<'a> { #[corresponds(EVP_DigestVerifyFinal)] pub fn verify(&self, signature: &[u8]) -> Result { unsafe { - let r = - EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *mut _, signature.len()); + let r = ffi::EVP_DigestVerifyFinal( + self.md_ctx, + signature.as_ptr() as *mut _, + signature.len(), + ); match r { 1 => Ok(true), 0 => { @@ -577,19 +580,6 @@ impl Write for Verifier<'_> { } } -#[cfg(not(ossl101))] -use ffi::EVP_DigestVerifyFinal; - -#[cfg(ossl101)] -#[allow(bad_style)] -unsafe fn EVP_DigestVerifyFinal( - ctx: *mut ffi::EVP_MD_CTX, - sigret: *const ::libc::c_uchar, - siglen: ::libc::size_t, -) -> ::libc::c_int { - ffi::EVP_DigestVerifyFinal(ctx, sigret as *mut _, siglen) -} - #[cfg(test)] mod test { use hex::{self, FromHex}; diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index ecd74c9a13..4a0b1276ed 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -189,7 +189,7 @@ unsafe extern "C" fn destroy(bio: *mut BIO) -> c_int { } cfg_if! { - if #[cfg(any(ossl110, libressl273, boringssl))] { + if #[cfg(any(ossl110, libressl, boringssl))] { use ffi::{BIO_get_data, BIO_set_data, BIO_set_flags, BIO_set_init}; use crate::cvt; diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 22eb600f52..48ee98749b 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -15,11 +15,10 @@ use std::str; use std::sync::Arc; use crate::dh::Dh; -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] use crate::ec::EcKey; use crate::error::ErrorStack; use crate::pkey::Params; -#[cfg(any(ossl102, libressl261, boringssl, awslc))] use crate::ssl::AlpnError; use crate::ssl::{ try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, @@ -178,7 +177,6 @@ where } } -#[cfg(any(ossl102, libressl261, boringssl, awslc))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, @@ -237,7 +235,7 @@ where } } -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] pub unsafe extern "C" fn raw_tmp_ecdh( ssl: *mut ffi::SSL, is_export: c_int, @@ -292,7 +290,7 @@ where } } -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] pub unsafe extern "C" fn raw_tmp_ecdh_ssl( ssl: *mut ffi::SSL, is_export: c_int, @@ -391,7 +389,7 @@ pub unsafe extern "C" fn raw_remove_session( } cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { type DataPtr = *const c_uchar; } else { type DataPtr = *mut c_uchar; @@ -527,7 +525,7 @@ where #[cfg(not(any(boringssl, awslc)))] cfg_if! { - if #[cfg(any(ossl110, libressl280))] { + if #[cfg(any(ossl110, libressl))] { type CookiePtr = *const c_uchar; } else { type CookiePtr = *mut c_uchar; diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 8992f5a939..eae0e42f47 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -4,7 +4,7 @@ use std::ops::{Deref, DerefMut}; use crate::dh::Dh; use crate::error::ErrorStack; -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] use crate::ssl::SslVersion; use crate::ssl::{ HandshakeError, Ssl, SslContext, SslContextBuilder, SslContextRef, SslMethod, SslMode, @@ -61,9 +61,6 @@ fn ctx(method: SslMethod) -> Result { /// /// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL /// structures, configuring cipher suites, session options, hostname verification, and more. -/// -/// OpenSSL's built-in hostname verification is used when linking against OpenSSL 1.0.2 or 1.1.0, -/// and a custom implementation is used when linking against OpenSSL 1.0.1. #[derive(Clone, Debug)] pub struct SslConnector(SslContext); @@ -242,7 +239,7 @@ impl SslAcceptor { ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\ DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" )?; - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] ctx.set_ciphersuites( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256", )?; @@ -254,10 +251,10 @@ impl SslAcceptor { /// This corresponds to the modern configuration of version 5 of Mozilla's server side TLS recommendations. /// See its [documentation][docs] for more details on specifics. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. /// /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn mozilla_modern_v5(method: SslMethod) -> Result { let mut ctx = ctx(method)?; ctx.set_min_proto_version(Some(SslVersion::TLS1_3))?; @@ -278,7 +275,7 @@ impl SslAcceptor { pub fn mozilla_intermediate(method: SslMethod) -> Result { let mut ctx = ctx(method)?; ctx.set_options(SslOptions::CIPHER_SERVER_PREFERENCE); - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] ctx.set_options(SslOptions::NO_TLSV1_3); let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; ctx.set_tmp_dh(&dh)?; @@ -308,7 +305,7 @@ impl SslAcceptor { ctx.set_options( SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1, ); - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] ctx.set_options(SslOptions::NO_TLSV1_3); setup_curves(&mut ctx)?; ctx.set_cipher_list( @@ -384,222 +381,17 @@ cfg_if! { } } -cfg_if! { - if #[cfg(any(ossl102, libressl261))] { - fn setup_verify(ctx: &mut SslContextBuilder) { - ctx.set_verify(SslVerifyMode::PEER); - } - - fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { - use crate::x509::verify::X509CheckFlags; - - let param = ssl.param_mut(); - param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); - match domain.parse() { - Ok(ip) => param.set_ip(ip), - Err(_) => param.set_host(domain), - } - } - } else { - fn setup_verify(ctx: &mut SslContextBuilder) { - ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback); - } - - fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { - let domain = domain.to_string(); - let hostname_idx = verify::try_get_hostname_idx()?; - ssl.set_ex_data(*hostname_idx, domain); - Ok(()) - } +fn setup_verify(ctx: &mut SslContextBuilder) { + ctx.set_verify(SslVerifyMode::PEER); +} - mod verify { - use std::net::IpAddr; - use std::str; - use once_cell::sync::OnceCell; +fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { + use crate::x509::verify::X509CheckFlags; - use crate::error::ErrorStack; - use crate::ex_data::Index; - use crate::nid::Nid; - use crate::ssl::Ssl; - use crate::stack::Stack; - use crate::x509::{ - GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, - X509VerifyResult, - }; - - static HOSTNAME_IDX: OnceCell> = OnceCell::new(); - - pub fn try_get_hostname_idx() -> Result<&'static Index, ErrorStack> { - HOSTNAME_IDX.get_or_try_init(Ssl::new_ex_index) - } - - pub fn verify_callback(preverify_ok: bool, x509_ctx: &mut X509StoreContextRef) -> bool { - if !preverify_ok || x509_ctx.error_depth() != 0 { - return preverify_ok; - } - - let hostname_idx = - try_get_hostname_idx().expect("failed to initialize hostname index"); - let ok = match ( - x509_ctx.current_cert(), - X509StoreContext::ssl_idx() - .ok() - .and_then(|idx| x509_ctx.ex_data(idx)) - .and_then(|ssl| ssl.ex_data(*hostname_idx)), - ) { - (Some(x509), Some(domain)) => verify_hostname(domain, &x509), - _ => true, - }; - - if !ok { - x509_ctx.set_error(X509VerifyResult::APPLICATION_VERIFICATION); - } - - ok - } - - fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { - match cert.subject_alt_names() { - Some(names) => verify_subject_alt_names(domain, names), - None => verify_subject_name(domain, &cert.subject_name()), - } - } - - fn verify_subject_alt_names(domain: &str, names: Stack) -> bool { - let ip = domain.parse(); - - for name in &names { - match ip { - Ok(ip) => { - if let Some(actual) = name.ipaddress() { - if matches_ip(&ip, actual) { - return true; - } - } - } - Err(_) => { - if let Some(pattern) = name.dnsname() { - if matches_dns(pattern, domain) { - return true; - } - } - } - } - } - - false - } - - fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool { - match subject_name.entries_by_nid(Nid::COMMONNAME).next() { - Some(pattern) => { - let pattern = match str::from_utf8(pattern.data().as_slice()) { - Ok(pattern) => pattern, - Err(_) => return false, - }; - - // Unlike SANs, IP addresses in the subject name don't have a - // different encoding. - match domain.parse::() { - Ok(ip) => pattern - .parse::() - .ok() - .map_or(false, |pattern| pattern == ip), - Err(_) => matches_dns(pattern, domain), - } - } - None => false, - } - } - - fn matches_dns(mut pattern: &str, mut hostname: &str) -> bool { - // first strip trailing . off of pattern and hostname to normalize - if pattern.ends_with('.') { - pattern = &pattern[..pattern.len() - 1]; - } - if hostname.ends_with('.') { - hostname = &hostname[..hostname.len() - 1]; - } - - matches_wildcard(pattern, hostname).unwrap_or_else(|| pattern.eq_ignore_ascii_case(hostname)) - } - - fn matches_wildcard(pattern: &str, hostname: &str) -> Option { - let wildcard_location = match pattern.find('*') { - Some(l) => l, - None => return None, - }; - - let mut dot_idxs = pattern.match_indices('.').map(|(l, _)| l); - let wildcard_end = match dot_idxs.next() { - Some(l) => l, - None => return None, - }; - - // Never match wildcards if the pattern has less than 2 '.'s (no *.com) - // - // This is a bit dubious, as it doesn't disallow other TLDs like *.co.uk. - // Chrome has a black- and white-list for this, but Firefox (via NSS) does - // the same thing we do here. - // - // The Public Suffix (https://www.publicsuffix.org/) list could - // potentially be used here, but it's both huge and updated frequently - // enough that management would be a PITA. - if dot_idxs.next().is_none() { - return None; - } - - // Wildcards can only be in the first component, and must be the entire first label - if wildcard_location != 0 || wildcard_end != wildcard_location + 1 { - return None; - } - - let hostname_label_end = match hostname.find('.') { - Some(l) => l, - None => return None, - }; - - let pattern_after_wildcard = &pattern[wildcard_end..]; - let hostname_after_wildcard = &hostname[hostname_label_end..]; - - Some(pattern_after_wildcard.eq_ignore_ascii_case(hostname_after_wildcard)) - } - - fn matches_ip(expected: &IpAddr, actual: &[u8]) -> bool { - match *expected { - IpAddr::V4(ref addr) => actual == addr.octets(), - IpAddr::V6(ref addr) => actual == addr.octets(), - } - } - - #[test] - fn test_dns_match() { - use crate::ssl::connector::verify::matches_dns; - assert!(matches_dns("website.tld", "website.tld")); // A name should match itself. - assert!(matches_dns("website.tld", "wEbSiTe.tLd")); // DNS name matching ignores case of hostname. - assert!(matches_dns("wEbSiTe.TlD", "website.tld")); // DNS name matching ignores case of subject. - - assert!(matches_dns("xn--bcher-kva.tld", "xn--bcher-kva.tld")); // Likewise, nothing special to punycode names. - assert!(matches_dns("xn--bcher-kva.tld", "xn--BcHer-Kva.tLd")); // And punycode must be compared similarly case-insensitively. - - assert!(matches_dns("*.example.com", "subdomain.example.com")); // Wildcard matching works. - assert!(matches_dns("*.eXaMpLe.cOm", "subdomain.example.com")); // Wildcard matching ignores case of subject. - assert!(matches_dns("*.example.com", "sUbDoMaIn.eXaMpLe.cOm")); // Wildcard matching ignores case of hostname. - - assert!(!matches_dns("prefix*.example.com", "p.example.com")); // Prefix longer than the label works and does not match. - assert!(!matches_dns("*suffix.example.com", "s.example.com")); // Suffix longer than the label works and does not match. - - assert!(!matches_dns("prefix*.example.com", "prefix.example.com")); // Partial wildcards do not work. - assert!(!matches_dns("*suffix.example.com", "suffix.example.com")); // Partial wildcards do not work. - - assert!(!matches_dns("prefix*.example.com", "prefixdomain.example.com")); // Partial wildcards do not work. - assert!(!matches_dns("*suffix.example.com", "domainsuffix.example.com")); // Partial wildcards do not work. - - assert!(!matches_dns("xn--*.example.com", "subdomain.example.com")); // Punycode domains with wildcard parts do not match. - assert!(!matches_dns("xN--*.example.com", "subdomain.example.com")); // And we can't bypass a punycode test with weird casing. - assert!(!matches_dns("Xn--*.example.com", "subdomain.example.com")); // And we can't bypass a punycode test with weird casing. - assert!(!matches_dns("XN--*.example.com", "subdomain.example.com")); // And we can't bypass a punycode test with weird casing. - } - } + let param = ssl.param_mut(); + param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); + match domain.parse() { + Ok(ip) => param.set_ip(ip), + Err(_) => param.set_host(domain), } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 696be01340..1a442787bc 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -60,18 +60,19 @@ #[cfg(ossl300)] use crate::cvt_long; use crate::dh::{Dh, DhRef}; -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] use crate::ec::EcKey; use crate::ec::EcKeyRef; use crate::error::ErrorStack; use crate::ex_data::Index; #[cfg(ossl111)] use crate::hash::MessageDigest; -#[cfg(any(ossl110, libressl270))] +#[cfg(any(ossl110, libressl))] use crate::nid::Nid; use crate::pkey::{HasPrivate, PKeyRef, Params, Private}; #[cfg(ossl300)] use crate::pkey::{PKey, Public}; +#[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef}; use crate::ssl::bio::BioMethod; use crate::ssl::callbacks::*; @@ -80,7 +81,6 @@ use crate::stack::{Stack, StackRef, Stackable}; use crate::util; use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::X509VerifyParamRef; use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use crate::{cvt, cvt_n, cvt_p, init}; @@ -221,20 +221,14 @@ bitflags! { /// Disables the use of TLSv1.3. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. - #[cfg(any(boringssl, ossl111, libressl340, awslc))] + /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or newer or LibreSSL. + #[cfg(any(boringssl, ossl111, libressl, awslc))] const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3 as SslOptionsRepr; /// Disables the use of DTLSv1.0 - /// - /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer. - #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))] const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1 as SslOptionsRepr; /// Disables the use of DTLSv1.2. - /// - /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer. - #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2 as SslOptionsRepr; /// Disables the use of all (D)TLS protocol versions. @@ -252,7 +246,7 @@ bitflags! { /// /// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2; /// ``` - #[cfg(any(ossl102, ossl110))] + #[cfg(ossl102)] const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK as SslOptionsRepr; /// Disallow all renegotiation in TLSv1.2 and earlier. @@ -366,14 +360,14 @@ impl SslMethod { /// Support all versions of the DTLS protocol, explicitly as a client. #[corresponds(DTLS_client_method)] - #[cfg(any(boringssl, ossl110, libressl291, awslc))] + #[cfg(any(boringssl, ossl110, libressl, awslc))] pub fn dtls_client() -> SslMethod { unsafe { SslMethod(DTLS_client_method()) } } /// Support all versions of the DTLS protocol, explicitly as a server. #[corresponds(DTLS_server_method)] - #[cfg(any(boringssl, ossl110, libressl291, awslc))] + #[cfg(any(boringssl, ossl110, libressl, awslc))] pub fn dtls_server() -> SslMethod { unsafe { SslMethod(DTLS_server_method()) } } @@ -616,17 +610,15 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// -/// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. -#[cfg(any(ossl102, libressl261, boringssl, awslc))] +/// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); -#[cfg(any(ossl102, libressl261, boringssl, awslc))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or newer. - #[cfg(any(ossl110, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); /// Do not select a protocol, but continue the handshake. @@ -668,8 +660,8 @@ impl SslVersion { /// TLSv1.3 /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. - #[cfg(any(ossl111, libressl340, boringssl, awslc))] + /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or newer or LibreSSL. + #[cfg(any(ossl111, libressl, boringssl, awslc))] pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION); /// DTLSv1.0 @@ -680,7 +672,6 @@ impl SslVersion { /// DTLSv1.2 /// /// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1. - #[cfg(any(ossl102, libressl332, boringssl, awslc))] pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION); } @@ -910,9 +901,9 @@ impl SslContextBuilder { /// indicating if the selected cipher is export-grade, and the key length. The export and key /// length options are archaic and should be ignored in almost all cases. /// - /// Requires OpenSSL 1.0.1 or 1.0.2. + /// Requires OpenSSL 1.0.2. #[corresponds(SSL_CTX_set_tmp_ecdh_callback)] - #[cfg(all(ossl101, not(ossl110)))] + #[cfg(all(ossl102, not(ossl110)))] #[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")] pub fn set_tmp_ecdh_callback(&mut self, callback: F) where @@ -1096,7 +1087,7 @@ impl SslContextBuilder { /// /// See [`ciphers`] for details on the format. /// - /// [`ciphers`]: https://www.openssl.org/docs/manmaster/apps/ciphers.html + /// [`ciphers`]: https://docs.openssl.org/master/man1/ciphers/ #[corresponds(SSL_CTX_set_cipher_list)] pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { let cipher_list = CString::new(cipher_list).unwrap(); @@ -1116,9 +1107,9 @@ impl SslContextBuilder { /// The format consists of TLSv1.3 cipher suite names separated by `:` characters in order of /// preference. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_CTX_set_ciphersuites)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { let cipher_list = CString::new(cipher_list).unwrap(); unsafe { @@ -1172,9 +1163,9 @@ impl SslContextBuilder { /// A value of `None` will enable protocol versions down to the lowest version supported by /// OpenSSL. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_CTX_set_min_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub fn set_min_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_min_proto_version( @@ -1190,9 +1181,9 @@ impl SslContextBuilder { /// A value of `None` will enable protocol versions up to the highest version supported by /// OpenSSL. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_CTX_set_max_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub fn set_max_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_max_proto_version( @@ -1208,9 +1199,9 @@ impl SslContextBuilder { /// A value of `None` indicates that all versions down to the lowest version supported by /// OpenSSL are enabled. /// - /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0g or newer. #[corresponds(SSL_CTX_get_min_proto_version)] - #[cfg(any(ossl110g, libressl270))] + #[cfg(any(ossl110g, libressl))] pub fn min_proto_version(&mut self) -> Option { unsafe { let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr()); @@ -1227,9 +1218,9 @@ impl SslContextBuilder { /// A value of `None` indicates that all versions up to the highest version supported by /// OpenSSL are enabled. /// - /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0g or newer. #[corresponds(SSL_CTX_get_max_proto_version)] - #[cfg(any(ossl110g, libressl270))] + #[cfg(any(ossl110g, libressl))] pub fn max_proto_version(&mut self) -> Option { unsafe { let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr()); @@ -1248,9 +1239,8 @@ impl SslContextBuilder { /// and `http/1.1` is encoded as `b"\x06spdy/1\x08http/1.1"`. The protocols are ordered by /// preference. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_set_alpn_protos)] - #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::MAX as usize); @@ -1269,6 +1259,7 @@ impl SslContextBuilder { } /// Enables the DTLS extension "use_srtp" as defined in RFC5764. + #[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] #[corresponds(SSL_CTX_set_tlsext_use_srtp)] pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> { unsafe { @@ -1292,12 +1283,11 @@ impl SslContextBuilder { /// of those protocols on success. The [`select_next_proto`] function implements the standard /// protocol selection algorithm. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html #[corresponds(SSL_CTX_set_alpn_select_cb)] - #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, @@ -1339,18 +1329,16 @@ impl SslContextBuilder { /// Returns a reference to the X509 verification configuration. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn verify_param(&self) -> &X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } @@ -1692,9 +1680,9 @@ impl SslContextBuilder { /// /// Defaults to 0. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_CTX_set_max_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { if unsafe { ffi::SSL_CTX_set_max_early_data(self.as_ptr(), bytes) } == 1 { Ok(()) @@ -1751,9 +1739,9 @@ impl SslContextBuilder { /// Sets the context's supported elliptic curve groups. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.1.1 or newer. #[corresponds(SSL_CTX_set1_groups_list)] - #[cfg(any(ossl111, boringssl, libressl251, awslc))] + #[cfg(any(ossl111, boringssl, libressl, awslc))] pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { let groups = CString::new(groups).unwrap(); unsafe { @@ -1871,9 +1859,9 @@ impl SslContext { impl SslContextRef { /// Returns the certificate associated with this `SslContext`, if present. /// - /// Requires OpenSSL 1.0.2 or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_certificate)] - #[cfg(any(ossl102, libressl270))] + #[cfg(any(ossl102, libressl))] pub fn certificate(&self) -> Option<&X509Ref> { unsafe { let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); @@ -1883,9 +1871,9 @@ impl SslContextRef { /// Returns the private key associated with this `SslContext`, if present. /// - /// Requires OpenSSL 1.0.2 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.0.2 or newer or LibreSSL. #[corresponds(SSL_CTX_get0_privatekey)] - #[cfg(any(ossl102, libressl340))] + #[cfg(any(ossl102, libressl))] pub fn private_key(&self) -> Option<&PKeyRef> { unsafe { let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); @@ -1924,9 +1912,9 @@ impl SslContextRef { /// Gets the maximum amount of early data that will be accepted on incoming connections. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_CTX_get_max_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn max_early_data(&self) -> u32 { unsafe { ffi::SSL_CTX_get_max_early_data(self.as_ptr()) } } @@ -2130,9 +2118,9 @@ impl SslCipherRef { /// Returns the NID corresponding to the cipher. /// - /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_CIPHER_get_cipher_nid)] - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn cipher_nid(&self) -> Option { let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) }; if n == 0 { @@ -2141,6 +2129,18 @@ impl SslCipherRef { Some(Nid::from_raw(n)) } } + + /// Returns the two-byte ID of the cipher + /// + /// Requires OpenSSL 1.1.1 or newer. + #[corresponds(SSL_CIPHER_get_protocol_id)] + #[cfg(ossl111)] + pub fn protocol_id(&self) -> [u8; 2] { + unsafe { + let id = ffi::SSL_CIPHER_get_protocol_id(self.as_ptr()); + id.to_be_bytes() + } + } } impl fmt::Debug for SslCipherRef { @@ -2226,9 +2226,9 @@ impl SslSessionRef { /// Gets the maximum amount of early data that can be sent on this session. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_SESSION_get_max_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn max_early_data(&self) -> u32 { unsafe { ffi::SSL_SESSION_get_max_early_data(self.as_ptr()) } } @@ -2251,9 +2251,9 @@ impl SslSessionRef { /// Returns the session's TLS protocol version. /// - /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_SESSION_get_protocol_version)] - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn protocol_version(&self) -> SslVersion { unsafe { let version = ffi::SSL_SESSION_get_protocol_version(self.as_ptr()); @@ -2471,9 +2471,9 @@ impl SslRef { /// Like [`SslContextBuilder::set_tmp_ecdh_callback`]. /// - /// Requires OpenSSL 1.0.1 or 1.0.2. + /// Requires OpenSSL 1.0.2. #[corresponds(SSL_set_tmp_ecdh_callback)] - #[cfg(all(ossl101, not(ossl110)))] + #[cfg(all(ossl102, not(ossl110)))] #[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")] pub fn set_tmp_ecdh_callback(&mut self, callback: F) where @@ -2499,11 +2499,10 @@ impl SslRef { /// Like [`SslContextBuilder::set_alpn_protos`]. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos #[corresponds(SSL_set_alpn_protos)] - #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::MAX as usize); @@ -2655,9 +2654,8 @@ impl SslRef { /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// to interpret it. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_alpn_selected)] - #[cfg(any(ossl102, libressl261, boringssl, awslc))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -2675,6 +2673,7 @@ impl SslRef { } /// Enables the DTLS extension "use_srtp" as defined in RFC5764. + #[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] #[corresponds(SSL_set_tlsext_use_srtp)] pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> { unsafe { @@ -2693,6 +2692,7 @@ impl SslRef { /// Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp /// /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. + #[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] #[corresponds(SSL_get_srtp_profiles)] pub fn srtp_profiles(&self) -> Option<&StackRef> { unsafe { @@ -2705,6 +2705,7 @@ impl SslRef { /// Gets the SRTP profile selected by handshake. /// /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. + #[cfg(not(osslconf = "OPENSSL_NO_SRTP"))] #[corresponds(SSL_get_selected_srtp_profile)] pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef> { unsafe { @@ -2734,7 +2735,7 @@ impl SslRef { /// is not valid UTF-8, this function will return `None`. The `servername_raw` method returns /// the raw bytes and does not have this restriction. /// - /// [`SSL_get_servername`]: https://www.openssl.org/docs/manmaster/man3/SSL_get_servername.html + /// [`SSL_get_servername`]: https://docs.openssl.org/master/man3/SSL_get_servername/ #[corresponds(SSL_get_servername)] // FIXME maybe rethink in 0.11? pub fn servername(&self, type_: NameType) -> Option<&str> { @@ -2780,9 +2781,8 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_param)] - #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } @@ -2807,9 +2807,9 @@ impl SslRef { /// Returns the number of bytes copied, or if the buffer is empty, the size of the `client_random` /// value. /// - /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_get_client_random)] - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn client_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) @@ -2821,9 +2821,9 @@ impl SslRef { /// Returns the number of bytes copied, or if the buffer is empty, the size of the `server_random` /// value. /// - /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer. + /// Requires LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_get_server_random)] - #[cfg(any(ossl110, libressl270))] + #[cfg(any(ossl110, libressl))] pub fn server_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) @@ -3019,9 +3019,9 @@ impl SslRef { /// Sets the maximum amount of early data that will be accepted on this connection. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_set_max_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { if unsafe { ffi::SSL_set_max_early_data(self.as_ptr(), bytes) } == 1 { Ok(()) @@ -3032,9 +3032,9 @@ impl SslRef { /// Gets the maximum amount of early data that can be sent on this connection. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_get_max_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn max_early_data(&self) -> u32 { unsafe { ffi::SSL_get_max_early_data(self.as_ptr()) } } @@ -3305,7 +3305,7 @@ impl SslRef { /// certificate, and the remainder forming the chain of certificates up to and including the /// trusted root certificate. #[corresponds(SSL_use_certificate_chain_file)] - #[cfg(any(ossl110, libressl332))] + #[cfg(any(ossl110, libressl))] pub fn set_certificate_chain_file>( &mut self, path: P, @@ -3342,9 +3342,9 @@ impl SslRef { /// A value of `None` will enable protocol versions down to the lowest version supported by /// OpenSSL. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_set_min_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub fn set_min_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_min_proto_version( @@ -3360,9 +3360,9 @@ impl SslRef { /// A value of `None` will enable protocol versions up to the highest version supported by /// OpenSSL. /// - /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. + /// Requires AWS-LC or BoringSSL or LibreSSL or OpenSSL 1.1.0 or newer. #[corresponds(SSL_set_max_proto_version)] - #[cfg(any(ossl110, libressl261, boringssl, awslc))] + #[cfg(any(ossl110, libressl, boringssl, awslc))] pub fn set_max_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_max_proto_version( @@ -3380,9 +3380,9 @@ impl SslRef { /// The format consists of TLSv1.3 cipher suite names separated by `:` characters in order of /// preference. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_set_ciphersuites)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { let cipher_list = CString::new(cipher_list).unwrap(); unsafe { @@ -3400,7 +3400,7 @@ impl SslRef { /// /// See [`ciphers`] for details on the format. /// - /// [`ciphers`]: https://www.openssl.org/docs/manmaster/apps/ciphers.html + /// [`ciphers`]: https://docs.openssl.org/master/man1/ciphers/ #[corresponds(SSL_set_cipher_list)] pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { let cipher_list = CString::new(cipher_list).unwrap(); @@ -3628,9 +3628,9 @@ impl SslStream { /// /// Returns `Ok(0)` if all early data has been read. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_read_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result { let mut read = 0; let ret = unsafe { @@ -3654,9 +3654,9 @@ impl SslStream { /// Useful for reducing latency, but vulnerable to replay attacks. Call /// [`SslRef::set_connect_state`] first. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_write_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn write_early_data(&mut self, buf: &[u8]) -> Result { let mut written = 0; let ret = unsafe { @@ -3789,7 +3789,7 @@ impl SslStream { #[corresponds(SSL_read_ex)] pub fn ssl_read_uninit(&mut self, buf: &mut [MaybeUninit]) -> Result { cfg_if! { - if #[cfg(any(ossl111, libressl350))] { + if #[cfg(any(ossl111, libressl))] { let mut readbytes = 0; let ret = unsafe { ffi::SSL_read_ex( @@ -3830,7 +3830,7 @@ impl SslStream { #[corresponds(SSL_write_ex)] pub fn ssl_write(&mut self, buf: &[u8]) -> Result { cfg_if! { - if #[cfg(any(ossl111, libressl350))] { + if #[cfg(any(ossl111, libressl))] { let mut written = 0; let ret = unsafe { ffi::SSL_write_ex( @@ -3868,7 +3868,7 @@ impl SslStream { #[corresponds(SSL_peek_ex)] pub fn ssl_peek(&mut self, buf: &mut [u8]) -> Result { cfg_if! { - if #[cfg(any(ossl111, libressl350))] { + if #[cfg(any(ossl111, libressl))] { let mut readbytes = 0; let ret = unsafe { ffi::SSL_peek_ex( @@ -4156,9 +4156,9 @@ where /// /// Returns `Ok(0)` if all early data has been read. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_read_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result { self.inner.read_early_data(buf) } @@ -4168,9 +4168,9 @@ where /// Useful for reducing latency, but vulnerable to replay attacks. Call /// `set_connect_state` first. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. + /// Requires OpenSSL 1.1.1 or newer or LibreSSL. #[corresponds(SSL_write_early_data)] - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] pub fn write_early_data(&mut self, buf: &[u8]) -> Result { self.inner.write_early_data(buf) } @@ -4243,7 +4243,7 @@ bitflags! { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{SSL_CTX_up_ref, SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server}; } else { #[allow(bad_style)] @@ -4301,7 +4301,7 @@ cfg_if! { } } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl291, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method, DTLS_server_method, DTLS_client_method}; } else { use ffi::{ diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 69b947b90f..9c83728a1d 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -22,7 +22,7 @@ use crate::ocsp::{OcspResponse, OcspResponseStatus}; use crate::pkey::{Id, PKey}; use crate::srtp::SrtpProfileId; use crate::ssl::test::server::Server; -#[cfg(any(ossl110, ossl111, libressl261))] +#[cfg(any(ossl110, ossl111, libressl))] use crate::ssl::SslVersion; use crate::ssl::{self, NameType, SslConnectorBuilder}; #[cfg(ossl111)] @@ -504,7 +504,6 @@ fn test_connect_with_srtp_ssl() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(ossl102, libressl261, boringssl, awslc))] fn test_alpn_server_advertise_multiple() { let mut server = Server::builder(); server.ctx().set_alpn_select_callback(|_, client| { @@ -535,7 +534,6 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(ossl102, libressl261, boringssl, awslc))] fn test_alpn_server_select_none() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -554,7 +552,6 @@ fn test_alpn_server_select_none() { } #[test] -#[cfg(any(boringssl, ossl102, libressl261, awslc))] fn test_alpn_server_unilateral() { let server = Server::builder().build(); @@ -627,7 +624,6 @@ fn read_panic() { } #[test] -#[cfg_attr(all(libressl321, not(libressl340)), ignore)] #[should_panic(expected = "blammo")] fn flush_panic() { struct ExplodingStream(TcpStream); @@ -672,7 +668,7 @@ fn refcount_ssl_context() { } #[test] -#[cfg_attr(libressl250, ignore)] +#[cfg_attr(libressl, ignore)] #[cfg_attr(target_os = "windows", ignore)] #[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn default_verify_paths() { @@ -921,7 +917,7 @@ fn connector_client_server_mozilla_intermediate_v5() { } #[test] -#[cfg(any(ossl111, libressl340))] +#[cfg(any(ossl111, libressl))] fn connector_client_server_mozilla_modern_v5() { test_mozilla_server(SslAcceptor::mozilla_modern_v5); } @@ -969,7 +965,7 @@ fn cert_store() { } #[test] -#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)] +#[cfg_attr(any(boringssl, awslc), ignore)] fn tmp_dh_callback() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -984,7 +980,7 @@ fn tmp_dh_callback() { let mut client = server.client(); // TLS 1.3 has no DH suites, so make sure we don't pick that version - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] client.ctx().set_options(super::SslOptions::NO_TLSV1_3); client.ctx().set_cipher_list("EDH").unwrap(); client.connect(); @@ -993,7 +989,7 @@ fn tmp_dh_callback() { } #[test] -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] #[allow(deprecated)] fn tmp_ecdh_callback() { use crate::ec::EcKey; @@ -1017,7 +1013,7 @@ fn tmp_ecdh_callback() { } #[test] -#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)] +#[cfg_attr(any(boringssl, awslc), ignore)] fn tmp_dh_callback_ssl() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -1034,7 +1030,7 @@ fn tmp_dh_callback_ssl() { let mut client = server.client(); // TLS 1.3 has no DH suites, so make sure we don't pick that version - #[cfg(any(ossl111, libressl340))] + #[cfg(any(ossl111, libressl))] client.ctx().set_options(super::SslOptions::NO_TLSV1_3); client.ctx().set_cipher_list("EDH").unwrap(); client.connect(); @@ -1043,7 +1039,7 @@ fn tmp_dh_callback_ssl() { } #[test] -#[cfg(all(ossl101, not(ossl110)))] +#[cfg(all(ossl102, not(ossl110)))] #[allow(deprecated)] fn tmp_ecdh_callback_ssl() { use crate::ec::EcKey; @@ -1079,7 +1075,7 @@ fn idle_session() { /// not work due to lack of PSK support. The test passes with NO_TLSV1_3, /// but let's ignore it until LibreSSL supports it out of the box. #[test] -#[cfg_attr(libressl321, ignore)] +#[cfg_attr(libressl, ignore)] fn active_session() { let server = Server::builder().build(); @@ -1139,7 +1135,7 @@ fn status_callbacks() { /// not work due to lack of PSK support. The test passes with NO_TLSV1_3, /// but let's ignore it until LibreSSL supports it out of the box. #[test] -#[cfg_attr(libressl321, ignore)] +#[cfg_attr(libressl, ignore)] fn new_session_callback() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -1166,7 +1162,7 @@ fn new_session_callback() { /// not work due to lack of PSK support. The test passes with NO_TLSV1_3, /// but let's ignore it until LibreSSL supports it out of the box. #[test] -#[cfg_attr(libressl321, ignore)] +#[cfg_attr(libressl, ignore)] fn new_session_callback_swapped_ctx() { static CALLED_BACK: AtomicBool = AtomicBool::new(false); @@ -1242,7 +1238,7 @@ fn keying_export() { } #[test] -#[cfg(any(ossl110, libressl261))] +#[cfg(any(ossl110, libressl))] fn no_version_overlap() { let mut server = Server::builder(); server.ctx().set_min_proto_version(None).unwrap(); @@ -1250,7 +1246,7 @@ fn no_version_overlap() { .ctx() .set_max_proto_version(Some(SslVersion::TLS1_1)) .unwrap(); - #[cfg(any(ossl110g, libressl270))] + #[cfg(any(ossl110g, libressl))] assert_eq!(server.ctx().max_proto_version(), Some(SslVersion::TLS1_1)); server.should_error(); let server = server.build(); @@ -1687,3 +1683,21 @@ fn ssl_ex_data_leak() { drop(ssl); assert_eq!(DROPS.load(Ordering::Relaxed), 2); } + +#[test] +#[cfg(ossl111)] +fn cipher_id() { + let mut server = Server::builder(); + server + .ctx() + .set_ciphersuites("TLS_AES_256_GCM_SHA384") + .unwrap(); + let server = server.build(); + + let client = server.client(); + let s = client.connect(); + let ssl = s.ssl(); + let cipher = ssl.current_cipher().unwrap(); + let cipher_id = cipher.protocol_id(); + assert_eq!(cipher_id, [0x13, 0x02]); +} diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index 4675772f89..1ff95966a1 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -69,7 +69,7 @@ pub enum Mode { /// /// See OpenSSL doc at [`EVP_EncryptInit`] for more information on each algorithms. /// -/// [`EVP_EncryptInit`]: https://www.openssl.org/docs/manmaster/crypto/EVP_EncryptInit.html +/// [`EVP_EncryptInit`]: https://docs.openssl.org/master/man3/EVP_EncryptInit/ #[derive(Copy, Clone, PartialEq, Eq)] pub struct Cipher(*const ffi::EVP_CIPHER); @@ -114,6 +114,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_cfb1()) } } + #[cfg(not(boringssl))] pub fn aes_128_cfb128() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_cfb128()) } } @@ -159,6 +160,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_192_cfb1()) } } + #[cfg(not(boringssl))] pub fn aes_192_cfb128() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_cfb128()) } } @@ -209,6 +211,7 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_cfb1()) } } + #[cfg(not(boringssl))] pub fn aes_256_cfb128() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_cfb128()) } } @@ -378,7 +381,7 @@ impl Cipher { } /// Requires OpenSSL 1.1.0 or newer. - #[cfg(all(any(ossl110, libressl310), not(osslconf = "OPENSSL_NO_CHACHA")))] + #[cfg(all(any(ossl110, libressl), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn chacha20() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20()) } } @@ -429,27 +432,27 @@ impl Cipher { unsafe { Cipher(ffi::EVP_seed_ofb()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ecb() -> Cipher { unsafe { Cipher(ffi::EVP_sm4_ecb()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_cbc() -> Cipher { unsafe { Cipher(ffi::EVP_sm4_cbc()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ctr() -> Cipher { unsafe { Cipher(ffi::EVP_sm4_ctr()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_cfb128() -> Cipher { unsafe { Cipher(ffi::EVP_sm4_cfb128()) } } - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] pub fn sm4_ofb() -> Cipher { unsafe { Cipher(ffi::EVP_sm4_ofb()) } } @@ -916,7 +919,7 @@ pub fn decrypt_aead( } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; } else { use crate::LenType; @@ -1618,7 +1621,7 @@ mod tests { } #[test] - #[cfg(any(ossl110, libressl310))] + #[cfg(any(ossl110, libressl))] fn test_chacha20() { let key = "0000000000000000000000000000000000000000000000000000000000000000"; let iv = "00000000000000000000000000000000"; @@ -1732,7 +1735,7 @@ mod tests { // GB/T 32907-2016 // http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=7803DE42D3BC5E80B0C3E5D8E873D56A #[test] - #[cfg(all(any(ossl111, libressl291), not(osslconf = "OPENSSL_NO_SM4")))] + #[cfg(all(any(ossl111, libressl), not(osslconf = "OPENSSL_NO_SM4")))] fn test_sm4_ecb() { use std::mem; diff --git a/openssl/src/version.rs b/openssl/src/version.rs index aaadd3e4e7..dc6f66ad45 100644 --- a/openssl/src/version.rs +++ b/openssl/src/version.rs @@ -18,7 +18,7 @@ use openssl_macros::corresponds; use std::ffi::CStr; cfg_if! { - if #[cfg(any(ossl110, libressl271))] { + if #[cfg(any(ossl110, libressl))] { use ffi::{ OPENSSL_VERSION, OPENSSL_CFLAGS, OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR, OpenSSL_version_num, OpenSSL_version, diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index c4e0c5b4e2..5fe84fb623 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -40,7 +40,6 @@ use crate::util::{self, ForeignTypeExt, ForeignTypeRefExt}; use crate::{cvt, cvt_n, cvt_p, cvt_p_const}; use openssl_macros::corresponds; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] pub mod verify; pub mod extension; @@ -121,8 +120,8 @@ impl X509StoreContextRef { /// This corresponds to [`X509_STORE_CTX_init`] before calling `with_context` and to /// [`X509_STORE_CTX_cleanup`] after calling `with_context`. /// - /// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_init.html - /// [`X509_STORE_CTX_cleanup`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_cleanup.html + /// [`X509_STORE_CTX_init`]: https://docs.openssl.org/master/man3/X509_STORE_CTX_init/ + /// [`X509_STORE_CTX_cleanup`]: https://docs.openssl.org/master/man3/X509_STORE_CTX_cleanup/ pub fn init( &mut self, trust: &store::X509StoreRef, @@ -1071,7 +1070,6 @@ impl X509NameBuilder { /// Add a name entry #[corresponds(X509_NAME_add_entry)] - #[cfg(any(ossl101, libressl350))] pub fn append_entry(&mut self, ne: &X509NameEntryRef) -> std::result::Result<(), ErrorStack> { unsafe { cvt(ffi::X509_NAME_add_entry( @@ -1206,7 +1204,7 @@ impl X509Name { /// /// This corresponds to [`d2i_X509_NAME`]. /// - /// [`d2i_X509_NAME`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509_NAME.html + /// [`d2i_X509_NAME`]: https://docs.openssl.org/master/man3/d2i_X509_NAME/ from_der, X509Name, ffi::d2i_X509_NAME @@ -1253,7 +1251,7 @@ impl X509NameRef { /// Copies the name to a new `X509Name`. #[corresponds(X509_NAME_dup)] - #[cfg(any(boringssl, ossl110, libressl270, awslc))] + #[cfg(any(boringssl, ossl110, libressl, awslc))] pub fn to_owned(&self) -> Result { unsafe { cvt_p(ffi::X509_NAME_dup(self.as_ptr())).map(|n| X509Name::from_ptr(n)) } } @@ -1263,7 +1261,7 @@ impl X509NameRef { /// /// This corresponds to [`i2d_X509_NAME`]. /// - /// [`i2d_X509_NAME`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_NAME.html + /// [`i2d_X509_NAME`]: https://docs.openssl.org/master/man3/i2d_X509_NAME/ to_der, ffi::i2d_X509_NAME } @@ -1479,7 +1477,7 @@ impl X509Req { /// /// This corresponds to [`PEM_read_bio_X509_REQ`]. /// - /// [`PEM_read_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_read_bio_X509_REQ.html + /// [`PEM_read_bio_X509_REQ`]: https://docs.openssl.org/master/man3/PEM_read_bio_X509_REQ/ from_pem, X509Req, ffi::PEM_read_bio_X509_REQ @@ -1490,7 +1488,7 @@ impl X509Req { /// /// This corresponds to [`d2i_X509_REQ`]. /// - /// [`d2i_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/d2i_X509_REQ.html + /// [`d2i_X509_REQ`]: https://docs.openssl.org/master/man3/d2i_X509_REQ/ from_der, X509Req, ffi::d2i_X509_REQ @@ -1505,7 +1503,7 @@ impl X509ReqRef { /// /// This corresponds to [`PEM_write_bio_X509_REQ`]. /// - /// [`PEM_write_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_write_bio_X509_REQ.html + /// [`PEM_write_bio_X509_REQ`]: https://docs.openssl.org/master/man3/PEM_write_bio_X509_REQ/ to_pem, ffi::PEM_write_bio_X509_REQ } @@ -1515,7 +1513,7 @@ impl X509ReqRef { /// /// This corresponds to [`i2d_X509_REQ`]. /// - /// [`i2d_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_REQ.html + /// [`i2d_X509_REQ`]: https://docs.openssl.org/master/man3/i2d_X509_REQ/ to_der, ffi::i2d_X509_REQ } @@ -1635,7 +1633,7 @@ impl X509RevokedRef { /// Copies the entry to a new `X509Revoked`. #[corresponds(X509_NAME_dup)] - #[cfg(any(boringssl, ossl110, libressl270, awslc))] + #[cfg(any(boringssl, ossl110, libressl, awslc))] pub fn to_owned(&self) -> Result { unsafe { cvt_p(ffi::X509_REVOKED_dup(self.as_ptr())).map(|n| X509Revoked::from_ptr(n)) } } @@ -1740,7 +1738,7 @@ foreign_type_and_impl_send_sync! { /// /// Corresponds to the return value from the [`X509_CRL_get0_by_*`] methods. /// -/// [`X509_CRL_get0_by_*`]: https://www.openssl.org/docs/man1.1.0/man3/X509_CRL_get0_by_serial.html +/// [`X509_CRL_get0_by_*`]: https://docs.openssl.org/master/man3/X509_CRL_get0_by_serial/ pub enum CrlStatus<'a> { /// The certificate is not present in the list NotRevoked, @@ -2306,7 +2304,7 @@ impl Stackable for X509Object { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl273, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature}; } else { #[allow(bad_style)] @@ -2347,7 +2345,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl350, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::{ X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter, X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name, @@ -2387,7 +2385,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, boringssl, libressl270, awslc))] { + if #[cfg(any(ossl110, boringssl, libressl, awslc))] { use ffi::X509_OBJECT_get0_X509; } else { #[allow(bad_style)] @@ -2402,7 +2400,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::X509_OBJECT_free; } else { #[allow(bad_style)] @@ -2414,7 +2412,7 @@ cfg_if! { } cfg_if! { - if #[cfg(any(ossl110, libressl350, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { use ffi::{ X509_CRL_get_issuer, X509_CRL_get0_nextUpdate, X509_CRL_get0_lastUpdate, X509_CRL_get_REVOKED, @@ -2502,7 +2500,7 @@ impl X509PurposeRef { unsafe { let sname = CString::new(sname).unwrap(); cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *const _))?; } else { let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?; @@ -2534,7 +2532,7 @@ impl X509PurposeRef { pub fn purpose(&self) -> X509PurposeId { unsafe { cfg_if! { - if #[cfg(any(ossl110, libressl280, boringssl, awslc))] { + if #[cfg(any(ossl110, libressl, boringssl, awslc))] { let x509_purpose = self.as_ptr() as *const ffi::X509_PURPOSE; } else { let x509_purpose = self.as_ptr() as *mut ffi::X509_PURPOSE; diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs index ad62ac725d..116d7effe4 100644 --- a/openssl/src/x509/store.rs +++ b/openssl/src/x509/store.rs @@ -52,7 +52,6 @@ use crate::ssl::SslFiletype; use crate::stack::Stack; use crate::stack::StackRef; use crate::util::ForeignTypeRefExt; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; @@ -123,7 +122,6 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related flags. #[corresponds(X509_STORE_set_flags)] - #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } @@ -137,7 +135,6 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related parameters. #[corresponds[X509_STORE_set1_param]] - #[cfg(any(ossl102, boringssl, libressl261, awslc))] pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) } } @@ -155,7 +152,7 @@ generic_foreign_type_and_impl_send_sync! { /// Marker type corresponding to the [`X509_LOOKUP_hash_dir`] lookup method. /// -/// [`X509_LOOKUP_hash_dir`]: https://www.openssl.org/docs/manmaster/crypto/X509_LOOKUP_hash_dir.html +/// [`X509_LOOKUP_hash_dir`]: https://docs.openssl.org/master/man3/X509_LOOKUP_hash_dir/ // FIXME should be an enum pub struct HashDir; @@ -190,7 +187,7 @@ impl X509LookupRef { /// Marker type corresponding to the [`X509_LOOKUP_file`] lookup method. /// -/// [`X509_LOOKUP_file`]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_file.html +/// [`X509_LOOKUP_file`]: https://docs.openssl.org/master/man3/X509_LOOKUP_file/ pub struct File; impl X509Lookup { @@ -284,7 +281,7 @@ impl X509StoreRef { } cfg_if! { - if #[cfg(any(boringssl, ossl110, libressl270, awslc))] { + if #[cfg(any(boringssl, ossl110, libressl, awslc))] { use ffi::X509_STORE_get0_objects; } else { #[allow(bad_style)] diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index e11f8bf223..760e676384 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -16,11 +16,9 @@ use crate::x509::extension::{ #[cfg(not(any(boringssl, awslc)))] use crate::x509::store::X509Lookup; use crate::x509::store::X509StoreBuilder; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; #[cfg(any(ossl102, boringssl, awslc))] use crate::x509::X509PurposeId; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] use crate::x509::X509PurposeRef; #[cfg(ossl110)] use crate::x509::{CrlReason, X509Builder}; @@ -31,7 +29,6 @@ use crate::x509::{ #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; -#[cfg(any(ossl102, boringssl, libressl261, awslc))] use libc::time_t; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; @@ -557,7 +554,6 @@ fn test_verify_fails() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -584,7 +580,6 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_cert_with_purpose() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -611,7 +606,6 @@ fn test_verify_cert_with_purpose() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_cert_with_wrong_purpose_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -836,7 +830,7 @@ fn test_name_cmp() { } #[test] -#[cfg(any(boringssl, ossl110, libressl270, awslc))] +#[cfg(any(boringssl, ossl110, libressl, awslc))] fn test_name_to_owned() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -846,7 +840,6 @@ fn test_name_to_owned() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_time_fails_verification() { const TEST_T_2030: time_t = 1893456000; @@ -877,7 +870,6 @@ fn test_verify_param_set_time_fails_verification() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_time() { const TEST_T_2020: time_t = 1577836800; @@ -901,7 +893,6 @@ fn test_verify_param_set_time() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] fn test_verify_param_set_depth() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -928,7 +919,6 @@ fn test_verify_param_set_depth() { } #[test] -#[cfg(any(ossl102, boringssl, libressl261, awslc))] #[allow(clippy::bool_to_int_with_if)] fn test_verify_param_set_depth_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); @@ -954,7 +944,7 @@ fn test_verify_param_set_depth_fails_verification() { let store = store_bldr.build(); // OpenSSL 1.1.0+ added support for X509_V_ERR_CERT_CHAIN_TOO_LONG, while 1.0.2 simply ignores the intermediate - let expected_error = if cfg!(any(ossl110, libressl261)) { + let expected_error = if cfg!(any(ossl110, libressl)) { "certificate chain too long" } else { "unable to get local issuer certificate" @@ -1067,7 +1057,6 @@ fn test_set_purpose_fails_verification() { } #[test] -#[cfg(any(ossl101, libressl350))] fn test_add_name_entry() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs index b719c69555..249faf9869 100644 --- a/openssl/src/x509/verify.rs +++ b/openssl/src/x509/verify.rs @@ -4,7 +4,6 @@ use libc::{c_int, c_uint, c_ulong, time_t}; use std::net::IpAddr; use crate::error::ErrorStack; -#[cfg(any(ossl102, boringssl, awslc))] use crate::x509::X509PurposeId; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; @@ -48,7 +47,6 @@ bitflags! { const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _; const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _; const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _; - #[cfg(any(ossl102, boringssl, awslc))] const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _; #[cfg(ossl102)] const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; @@ -56,11 +54,10 @@ bitflags! { const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; #[cfg(ossl102)] const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; - #[cfg(any(ossl102, boringssl, awslc))] const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _; - #[cfg(any(ossl110, boringssl, awslc))] + #[cfg(any(ossl110, boringssl, awslc, libressl))] const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _; - #[cfg(any(ossl110, boringssl, awslc))] + #[cfg(any(ossl110, boringssl, awslc, libressl))] const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _; } } @@ -180,7 +177,7 @@ impl X509VerifyParamRef { } } - /// Set the verification time, where time is of type time_t, traditionaly defined as seconds since the epoch + /// Set the verification time, where time is of type time_t, traditionally defined as seconds since the epoch #[corresponds(X509_VERIFY_PARAM_set_time)] pub fn set_time(&mut self, time: time_t) { unsafe { ffi::X509_VERIFY_PARAM_set_time(self.as_ptr(), time) } @@ -208,7 +205,6 @@ impl X509VerifyParamRef { /// Sets the verification purpose #[corresponds(X509_VERIFY_PARAM_set_purpose)] - #[cfg(any(ossl102, boringssl, awslc))] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) } } diff --git a/systest/build.rs b/systest/build.rs index 22fc6b836e..9e74600a23 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -25,7 +25,7 @@ fn main() { cfg.flag("/wd4090"); } - // https://github.com/sfackler/rust-openssl/issues/889 + // https://github.com/rust-openssl/rust-openssl/issues/889 cfg.define("WIN32_LEAN_AND_MEAN", None); } @@ -67,10 +67,12 @@ fn main() { .header("openssl/aes.h") .header("openssl/ocsp.h") .header("openssl/evp.h") + .header("openssl/dsa.h") + .header("openssl/rsa.h") .header("openssl/x509_vfy.h"); if let Some(version) = libressl_version { - cfg.header("openssl/poly1305.h"); + cfg.header("openssl/cms.h").header("openssl/poly1305.h"); if version >= 0x30600000 { cfg.header("openssl/kdf.h"); } @@ -83,7 +85,12 @@ fn main() { } if version >= 0x30000000 { - cfg.header("openssl/provider.h"); + cfg.header("openssl/decoder.h") + .header("openssl/encoder.h") + .header("openssl/provider.h") + .header("openssl/params.h") + .header("openssl/param_build.h") + .header("openssl/ssl.h"); } if version >= 0x30200000 { cfg.header("openssl/thread.h"); @@ -118,6 +125,7 @@ fn main() { s == "PasswordCallback" || s == "pem_password_cb" || s == "bio_info_cb" + || s == "OSSL_PASSPHRASE_CALLBACK" || s.starts_with("CRYPTO_EX_") }); cfg.skip_struct(|s| {