diff options
| author | Steven Fackler <[email protected]> | 2018-05-19 19:43:02 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2018-05-19 19:57:12 -0700 |
| commit | d991566f2b1b6803ad214fe6bf531d5870ab43fd (patch) | |
| tree | d1d6e42fef37739dde443d8e5a66851a59af1c74 | |
| parent | Merge pull request #921 from eonil/master (diff) | |
| download | rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.tar.xz rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.zip | |
Support min/max version in LibreSSL
Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
| -rw-r--r-- | openssl-sys/Cargo.toml | 1 | ||||
| -rw-r--r-- | openssl-sys/build/cfgs.rs | 45 | ||||
| -rw-r--r-- | openssl-sys/build/main.rs (renamed from openssl-sys/build.rs) | 36 | ||||
| -rw-r--r-- | openssl-sys/src/lib.rs | 27 | ||||
| -rw-r--r-- | openssl-sys/src/libressl/mod.rs | 32 | ||||
| -rw-r--r-- | openssl-sys/src/libressl/v251.rs (renamed from openssl-sys/src/libressl/v25x.rs) | 4 | ||||
| -rw-r--r-- | openssl/build.rs | 12 | ||||
| -rw-r--r-- | openssl/src/ec.rs | 16 | ||||
| -rw-r--r-- | openssl/src/rsa.rs | 11 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 26 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 8 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 13 | ||||
| -rw-r--r-- | systest/build.rs | 43 |
13 files changed, 174 insertions, 100 deletions
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 1153dd5a..3b76c416 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -9,6 +9,7 @@ repository = "https://github.com/sfackler/rust-openssl" readme = "README.md" categories = ["cryptography", "external-ffi-bindings"] links = "openssl" +build = "build/main.rs" [dependencies] libc = "0.2" diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs new file mode 100644 index 00000000..3e063aa3 --- /dev/null +++ b/openssl-sys/build/cfgs.rs @@ -0,0 +1,45 @@ +pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&'static str> { + let mut cfgs = vec![]; + + if let Some(libressl_version) = libressl_version { + cfgs.push("libressl"); + + if libressl_version >= 0x2_05_01_00_0 { + cfgs.push("libressl251"); + } + + if libressl_version >= 0x2_06_01_00_0 { + cfgs.push("libressl261"); + } + + if libressl_version >= 0x2_07_00_00_0 { + cfgs.push("libressl270"); + } + } else { + let openssl_version = openssl_version.unwrap(); + + if openssl_version >= 0x1_00_02_08_0 { + cfgs.push("ossl102h"); + } + + if openssl_version >= 0x1_01_00_07_0 { + cfgs.push("ossl110g"); + } + + if openssl_version >= 0x1_01_01_00_0 { + cfgs.push("ossl111"); + cfgs.push("ossl110"); + } else if openssl_version >= 0x1_01_00_06_0 { + cfgs.push("ossl110"); + cfgs.push("ossl110f"); + } else if openssl_version >= 0x1_01_00_00_0 { + cfgs.push("ossl110"); + } else if openssl_version >= 0x1_00_02_00_0 { + cfgs.push("ossl102"); + } else if openssl_version >= 0x1_00_01_00_0 { + cfgs.push("ossl101"); + } + } + + cfgs +} diff --git a/openssl-sys/build.rs b/openssl-sys/build/main.rs index c5630556..e2b3108c 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build/main.rs @@ -11,6 +11,8 @@ use std::io::{BufWriter, Write}; use std::path::{Path, PathBuf}; use std::process::Command; +mod cfgs; + // The set of `OPENSSL_NO_<FOO>`s that we care about. const DEFINES: &'static [&'static str] = &[ "OPENSSL_NO_BUF_FREELISTS", @@ -114,7 +116,7 @@ fn find_openssl_dir(target: &str) -> OsString { if homebrew.exists() { return homebrew.to_path_buf().into(); } - // Calling `brew --prefix <package>` command usually slow and + // Calling `brew --prefix <package>` command usually slow and // takes seconds, and will be used only as a last resort. let output = execute_command_and_get_output("brew", &["--prefix", "[email protected]"]); if let Some(ref output) = output { @@ -427,6 +429,10 @@ See rust-openssl README for more information: } println!("cargo:conf={}", enabled.join(",")); + for cfg in cfgs::get(openssl_version, libressl_version) { + println!("cargo:rustc-cfg={}", cfg); + } + if let Some(libressl_version) = libressl_version { println!("cargo:libressl_version_number={:x}", libressl_version); @@ -445,8 +451,6 @@ See rust-openssl README for more information: _ => version_error(), }; - println!("cargo:rustc-cfg=libressl"); - println!("cargo:rustc-cfg=libressl2{}{}", minor, fix); println!("cargo:libressl=true"); println!("cargo:libressl_version=2{}{}", minor, fix); println!("cargo:version=101"); @@ -455,37 +459,22 @@ See rust-openssl README for more information: let openssl_version = openssl_version.unwrap(); println!("cargo:version_number={:x}", openssl_version); - if openssl_version >= 0x1_00_02_08_0 { - println!("cargo:rustc-cfg=ossl102h"); - } - - if openssl_version >= 0x1_01_00_07_0 { - println!("cargo:rustc-cfg=ossl110g"); - } - if openssl_version >= 0x1_01_02_00_0 { version_error() } else if openssl_version >= 0x1_01_01_00_0 { - println!("cargo:rustc-cfg=ossl111"); - println!("cargo:rustc-cfg=ossl110"); println!("cargo:version=111"); Version::Openssl11x } else if openssl_version >= 0x1_01_00_06_0 { - println!("cargo:rustc-cfg=ossl110"); - println!("cargo:rustc-cfg=ossl110f"); println!("cargo:version=110"); println!("cargo:patch=f"); Version::Openssl11x } else if openssl_version >= 0x1_01_00_00_0 { - println!("cargo:rustc-cfg=ossl110"); println!("cargo:version=110"); Version::Openssl11x } else if openssl_version >= 0x1_00_02_00_0 { - println!("cargo:rustc-cfg=ossl102"); println!("cargo:version=102"); Version::Openssl10x } else if openssl_version >= 0x1_00_01_00_0 { - println!("cargo:rustc-cfg=ossl101"); println!("cargo:version=101"); Version::Openssl10x } else { @@ -542,10 +531,12 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str { .map(|e| e.file_name()) .filter_map(|e| e.into_string().ok()) .collect::<HashSet<_>>(); - let can_static = libs.iter() + let can_static = libs + .iter() .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l))); let can_dylib = libs.iter().all(|l| { - files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l)) + files.contains(&format!("lib{}.so", l)) + || files.contains(&format!("{}.dll", l)) || files.contains(&format!("lib{}.dylib", l)) }); match (can_static, can_dylib) { @@ -567,8 +558,6 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str { "dylib" } - - fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> { let out = Command::new(cmd).args(args).output(); if let Ok(ref r1) = out { @@ -576,9 +565,8 @@ fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> { let r2 = String::from_utf8(r1.stdout.clone()); if let Ok(r3) = r2 { return Some(r3.trim().to_string()); - } + } } } return None; } - diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 61e087d0..e78c24f4 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -236,8 +236,10 @@ pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; -pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY - | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX +pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN + | EVP_PKEY_OP_VERIFY + | EVP_PKEY_OP_VERIFYRECOVER + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX; pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT; @@ -1259,21 +1261,23 @@ pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x, ossl101)))] +#[cfg(not(any(libressl261, ossl101)))] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; #[cfg(not(any(libressl, ossl110f, ossl111)))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; #[cfg(any(ossl110f, ossl111))] -pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING +pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_LEGACY_SERVER_CONNECT + | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; @@ -1289,8 +1293,11 @@ pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; #[cfg(ossl111)] -pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 - | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 +pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 + | SSL_OP_NO_SSLv3 + | SSL_OP_NO_TLSv1 + | SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3; pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM; diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index 366d9502..5ae205bc 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -1,19 +1,18 @@ +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; use std::mem; use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; -#[cfg(libressl250)] +#[cfg(not(libressl251))] pub use libressl::v250::*; -#[cfg(not(libressl250))] -pub use libressl::v25x::*; - -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; +#[cfg(libressl251)] +pub use libressl::v251::*; -#[cfg(libressl250)] +#[cfg(not(libressl251))] mod v250; -#[cfg(not(libressl250))] -mod v25x; +#[cfg(libressl251)] +mod v251; #[repr(C)] pub struct stack_st_ASN1_OBJECT { @@ -337,9 +336,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_ALL: c_ulong = 0x4; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_ALL: c_ulong = 0x80000014; pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; @@ -352,9 +351,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; @@ -540,6 +539,15 @@ extern "C" { unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, >, ); + #[cfg(libressl261)] + pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + #[cfg(libressl261)] + pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + #[cfg(libressl270)] + pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int; + #[cfg(libressl270)] + pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int; + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; diff --git a/openssl-sys/src/libressl/v25x.rs b/openssl-sys/src/libressl/v251.rs index 7e7023ec..541b61db 100644 --- a/openssl-sys/src/libressl/v25x.rs +++ b/openssl-sys/src/libressl/v251.rs @@ -1,4 +1,4 @@ -use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t}; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, time_t}; use super::*; @@ -84,6 +84,6 @@ pub struct X509_VERIFY_PARAM { pub purpose: c_int, pub trust: c_int, pub depth: c_int, - policies: *mut stack_st_ASN1_OBJECT, + pub policies: *mut stack_st_ASN1_OBJECT, id: *mut c_void, } diff --git a/openssl/build.rs b/openssl/build.rs index 612322fe..271fb662 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -41,4 +41,16 @@ fn main() { println!("cargo:rustc-cfg=ossl110g"); } } + + if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { + let version = u64::from_str_radix(&version, 16).unwrap(); + + if version >= 0x2_06_01_00_0 { + println!("cargo:rustc-cfg=libressl261"); + } + + if version >= 0x2_07_00_00_0 { + println!("cargo:rustc-cfg=libressl270"); + } + } } diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index c4800c73..573d0c00 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -33,14 +33,14 @@ //! ``` use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use std::ptr; use libc::c_int; +use std::ptr; -use {cvt, cvt_n, cvt_p, init}; use bn::{BigNumContextRef, BigNumRef}; use error::ErrorStack; use nid::Nid; use pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public}; +use {cvt, cvt_n, cvt_p, init}; /// Compressed or Uncompressed conversion /// @@ -803,10 +803,10 @@ impl<T> Clone for EcKey<T> { #[cfg(test)] mod test { + use super::*; use bn::{BigNum, BigNumContext}; - use nid::Nid; use data_encoding::BASE64URL_NOPAD; - use super::*; + use nid::Nid; #[test] fn key_new_by_curve_name() { @@ -823,7 +823,7 @@ mod test { fn dup() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); - key.clone(); + drop(key.clone()); } #[test] @@ -862,7 +862,8 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let mut ctx = BigNumContext::new().unwrap(); - let bytes = key.public_key() + let bytes = key + .public_key() .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); @@ -877,7 +878,8 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); - let dup_key = EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap(); + let dup_key = + EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap(); let res = dup_key.check_key().unwrap(); assert!(res == ()); diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 0ad55b96..718ae59d 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -751,7 +751,8 @@ mod test { #[test] fn test_to_password() { let key = Rsa::generate(2048).unwrap(); - let pem = key.private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar") + let pem = key + .private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar") .unwrap(); Rsa::private_key_from_pem_passphrase(&pem, b"foobar").unwrap(); assert!(Rsa::private_key_from_pem_passphrase(&pem, b"fizzbuzz").is_err()); @@ -791,7 +792,8 @@ mod test { k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1) .unwrap(); let mut dmesg = vec![0; k1.size() as usize]; - let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) + let len = k1 + .public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } @@ -807,7 +809,8 @@ mod test { let mut emesg = vec![0; k0.size() as usize]; k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap(); let mut dmesg = vec![0; k1.size() as usize]; - let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) + let len = k1 + .private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } @@ -883,6 +886,6 @@ mod test { #[test] fn clone() { let key = Rsa::generate(2048).unwrap(); - key.clone(); + drop(key.clone()); } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8dc605ed..adec060c 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1023,15 +1023,15 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or newer. + /// Requires OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. /// /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110))] + #[cfg(any(ossl110, libressl261))] pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_min_proto_version( self.as_ptr(), - version.map_or(0, |v| v.0), + version.map_or(0, |v| v.0 as _), )).map(|_| ()) } } @@ -1043,15 +1043,15 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or newer. + /// Requires OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. /// /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110))] + #[cfg(any(ossl110, libressl261))] pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_max_proto_version( self.as_ptr(), - version.map_or(0, |v| v.0), + version.map_or(0, |v| v.0 as _), )).map(|_| ()) } } @@ -1063,10 +1063,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0g or newer. + /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. /// /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110g))] + #[cfg(any(ossl110g, libressl270))] pub fn min_proto_version(&mut self) -> Option<SslVersion> { unsafe { let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr()); @@ -1085,10 +1085,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0g or newer. + /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. /// /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110g))] + #[cfg(any(ossl110g, libressl270))] pub fn max_proto_version(&mut self) -> Option<SslVersion> { unsafe { let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr()); @@ -2837,7 +2837,8 @@ impl<S: Read + Write> Read for SslStream<S> { } Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(e) => { - return Err(e.into_io_error() + return Err(e + .into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e))) } } @@ -2852,7 +2853,8 @@ impl<S: Read + Write> Write for SslStream<S> { Ok(n) => return Ok(n), Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(e) => { - return Err(e.into_io_error() + return Err(e + .into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e))) } } diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index 2e906728..b90199f0 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -19,7 +19,7 @@ use hash::MessageDigest; use ocsp::{OcspResponse, OcspResponseStatus}; use pkey::PKey; use ssl; -#[cfg(any(ossl110, ossl111))] +#[cfg(any(ossl110, ossl111, libressl261))] use ssl::SslVersion; use ssl::{ Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, SslConnector, @@ -1315,7 +1315,7 @@ fn keying_export() { } #[test] -#[cfg(any(ossl110))] +#[cfg(any(ossl110, libressl261))] fn no_version_overlap() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); @@ -1330,7 +1330,7 @@ fn no_version_overlap() { ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap(); #[cfg(ossl110g)] assert_eq!(ctx.min_proto_version(), None); - #[cfg(ossl110g)] + #[cfg(any(ossl110g, libressl270))] assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1)); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.accept(stream).unwrap_err(); @@ -1339,7 +1339,7 @@ fn no_version_overlap() { let stream = TcpStream::connect(addr).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap(); - #[cfg(ossl110g)] + #[cfg(any(ossl110g, libressl270))] assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2)); #[cfg(ossl110g)] assert_eq!(ctx.max_proto_version(), None); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 7ef4d160..a3c66e0c 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -7,10 +7,12 @@ use nid::Nid; use pkey::{PKey, Private}; use rsa::Rsa; use stack::Stack; -use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult}; -use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, - SubjectAlternativeName, SubjectKeyIdentifier}; +use x509::extension::{ + AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName, + SubjectKeyIdentifier, +}; use x509::store::X509StoreBuilder; +use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult}; fn pkey() -> PKey<Private> { let rsa = Rsa::generate(2048).unwrap(); @@ -197,7 +199,8 @@ fn x509_builder() { assert!(pkey.public_eq(&x509.public_key().unwrap())); - let cn = x509.subject_name() + let cn = x509 + .subject_name() .entries_by_nid(Nid::COMMONNAME) .next() .unwrap(); @@ -291,7 +294,7 @@ fn signature() { fn clone_x509() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); - cert.clone(); + drop(cert.clone()); } #[test] diff --git a/systest/build.rs b/systest/build.rs index 98e9ffb3..84c0a1ae 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -2,10 +2,12 @@ extern crate ctest; use std::env; +#[path = "../openssl-sys/build/cfgs.rs"] +mod cfgs; + fn main() { let mut cfg = ctest::TestGenerator::new(); let target = env::var("TARGET").unwrap(); - let mut is_libressl = false; if let Ok(out) = env::var("DEP_OPENSSL_INCLUDE") { cfg.include(&out); @@ -26,21 +28,17 @@ fn main() { cfg.define("WIN32_LEAN_AND_MEAN", None); } - if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") { - cfg.cfg("libressl", None); - is_libressl = true; - } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") { - cfg.cfg(&format!("ossl{}", version), None); - if version == "111" { - cfg.cfg("ossl110", None); - } - } - if let (Ok(version), Ok(patch)) = ( - env::var("DEP_OPENSSL_VERSION"), - env::var("DEP_OPENSSL_PATCH"), - ) { - cfg.cfg(&format!("ossl{}{}", version, patch), None); + let openssl_version = env::var("DEP_OPENSSL_VERSION_NUMBER") + .ok() + .map(|v| u64::from_str_radix(&v, 16).unwrap()); + let libressl_version = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") + .ok() + .map(|v| u64::from_str_radix(&v, 16).unwrap()); + + for c in cfgs::get(openssl_version, libressl_version) { + cfg.cfg(c, None); } + if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { for var in vars.split(",") { cfg.cfg("osslconf", Some(var)); @@ -65,7 +63,7 @@ fn main() { .header("openssl/ocsp.h") .header("openssl/evp.h"); - if !is_libressl { + if openssl_version.is_some() { cfg.header("openssl/cms.h"); } @@ -79,7 +77,8 @@ fn main() { } else if s == "_STACK" { format!("struct stack_st") // This logic should really be cleaned up - } else if is_struct && s != "point_conversion_form_t" + } else if is_struct + && s != "point_conversion_form_t" && s.chars().next().unwrap().is_lowercase() { format!("struct {}", s) @@ -111,9 +110,13 @@ fn main() { (s == "GENERAL_NAME" && field == "d") // union }); cfg.skip_signededness(|s| { - s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") - || s.starts_with("CRYPTO_") || s == "PasswordCallback" - || s.ends_with("_cb_func") || s.ends_with("_cb_ex") + s.ends_with("_cb") + || s.ends_with("_CB") + || s.ends_with("_cb_fn") + || s.starts_with("CRYPTO_") + || s == "PasswordCallback" + || s.ends_with("_cb_func") + || s.ends_with("_cb_ex") }); cfg.field_name(|_s, field| { if field == "type_" { |