Add support for OpenSSL 1.1.0

This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `*-sys` crate. * Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452
author: Alex Crichton <[email protected]> 2016-09-30 00:43:05 -0700
committer: Alex Crichton <[email protected]> 2016-10-12 22:49:55 -0700
commit: 43c951f743e68fac5f45119eda7c994882a1d489 (patch)
tree: 45169f1b92858a3ba2ad0287de1bf1ecb395804b /openssl/src/dh
parent: Rename NoPadding to None (diff)
download: rust-openssl-43c951f743e68fac5f45119eda7c994882a1d489.tar.xz
rust-openssl-43c951f743e68fac5f45119eda7c994882a1d489.zip
1 files changed, 39 insertions, 20 deletions
diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs
index e0cf885a..4ee2d890 100644
--- a/openssl/src/dh/mod.rs
+++ b/openssl/src/dh/mod.rs
@@ -3,24 +3,22 @@ use error::ErrorStack;
 use bio::MemBioSlice;
 use std::ptr;
 
-#[cfg(feature = "dh_from_params")]
 use bn::BigNum;
-#[cfg(feature = "dh_from_params")]
 use std::mem;
 
 pub struct DH(*mut ffi::DH);
 
 impl DH {
-    /// Requires the `dh_from_params` feature.
-    #[cfg(feature = "dh_from_params")]
     pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<DH, ErrorStack> {
-        let dh = unsafe {
-            try_ssl_null!(::c_helpers::rust_0_8_DH_new_from_params(p.as_ptr(), g.as_ptr(), q.as_ptr()))
-        };
-        mem::forget(p);
-        mem::forget(g);
-        mem::forget(q);
-        Ok(DH(dh))
+        unsafe {
+            let dh = DH(try_ssl_null!(ffi::DH_new()));
+            try_ssl!(compat::DH_set0_pqg(dh.0,
+                                         p.as_ptr(),
+                                         q.as_ptr(),
+                                         g.as_ptr()));
+            mem::forget((p, g, q));
+            Ok(dh)
+        }
     }
 
     pub fn from_pem(buf: &[u8]) -> Result<DH, ErrorStack> {
@@ -32,19 +30,19 @@ impl DH {
         Ok(DH(dh))
     }
 
-    #[cfg(feature = "rfc5114")]
+    #[cfg(all(feature = "rfc5114", not(ossl101)))]
     pub fn get_1024_160() -> Result<DH, ErrorStack> {
         let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() });
         Ok(DH(dh))
     }
 
-    #[cfg(feature = "rfc5114")]
+    #[cfg(all(feature = "rfc5114", not(ossl101)))]
     pub fn get_2048_224() -> Result<DH, ErrorStack> {
         let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() });
         Ok(DH(dh))
     }
 
-    #[cfg(feature = "rfc5114")]
+    #[cfg(all(feature = "rfc5114", not(ossl101)))]
     pub fn get_2048_256() -> Result<DH, ErrorStack> {
         let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() });
         Ok(DH(dh))
@@ -64,17 +62,39 @@ impl Drop for DH {
     }
 }
 
+#[cfg(ossl110)]
+mod compat {
+    pub use ffi::DH_set0_pqg;
+}
+
+#[cfg(ossl10x)]
+#[allow(bad_style)]
+mod compat {
+    use ffi;
+    use libc::c_int;
+
+    pub unsafe fn DH_set0_pqg(dh: *mut ffi::DH,
+                              p: *mut ffi::BIGNUM,
+                              q: *mut ffi::BIGNUM,
+                              g: *mut ffi::BIGNUM) -> c_int {
+        (*dh).p = p;
+        (*dh).q = q;
+        (*dh).g = g;
+        1
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::DH;
     use bn::BigNum;
     use ssl::SslContext;
-    use ssl::SslMethod::Sslv23;
+    use ssl::SslMethod::Tls;
 
     #[test]
-    #[cfg(feature = "rfc5114")]
+    #[cfg(all(feature = "rfc5114", not(ossl101)))]
     fn test_dh_rfc5114() {
-        let mut ctx = SslContext::new(Sslv23).unwrap();
+        let mut ctx = SslContext::new(Tls).unwrap();
         let dh1 = DH::get_1024_160().unwrap();
         ctx.set_tmp_dh(&dh1).unwrap();
         let dh2 = DH::get_2048_224().unwrap();
@@ -84,9 +104,8 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "dh_from_params")]
     fn test_dh() {
-        let mut ctx = SslContext::new(Sslv23).unwrap();
+        let mut ctx = SslContext::new(Tls).unwrap();
         let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\
                                       E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\
                                       6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\
@@ -116,7 +135,7 @@ mod tests {
 
     #[test]
     fn test_dh_from_pem() {
-        let mut ctx = SslContext::new(Sslv23).unwrap();
+        let mut ctx = SslContext::new(Tls).unwrap();
         let params = include_bytes!("../../test/dhparams.pem");
         let dh = DH::from_pem(params).ok().expect("Failed to load PEM");
         ctx.set_tmp_dh(&dh).unwrap();
author	Alex Crichton <[email protected]>	2016-09-30 00:43:05 -0700
committer	Alex Crichton <[email protected]>	2016-10-12 22:49:55 -0700
commit	43c951f743e68fac5f45119eda7c994882a1d489 (patch)
tree	45169f1b92858a3ba2ad0287de1bf1ecb395804b /openssl/src/dh
parent	Rename NoPadding to None (diff)
download	rust-openssl-43c951f743e68fac5f45119eda7c994882a1d489.tar.xz rust-openssl-43c951f743e68fac5f45119eda7c994882a1d489.zip