From 43c951f743e68fac5f45119eda7c994882a1d489 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 30 Sep 2016 00:43:05 -0700 Subject: Add support for OpenSSL 1.1.0 This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `*-sys` crate. * Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452 --- openssl/src/dh/mod.rs | 59 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 20 deletions(-) (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index e0cf885a..4ee2d890 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -3,24 +3,22 @@ use error::ErrorStack; use bio::MemBioSlice; use std::ptr; -#[cfg(feature = "dh_from_params")] use bn::BigNum; -#[cfg(feature = "dh_from_params")] use std::mem; pub struct DH(*mut ffi::DH); impl DH { - /// Requires the `dh_from_params` feature. - #[cfg(feature = "dh_from_params")] pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result { - let dh = unsafe { - try_ssl_null!(::c_helpers::rust_0_8_DH_new_from_params(p.as_ptr(), g.as_ptr(), q.as_ptr())) - }; - mem::forget(p); - mem::forget(g); - mem::forget(q); - Ok(DH(dh)) + unsafe { + let dh = DH(try_ssl_null!(ffi::DH_new())); + try_ssl!(compat::DH_set0_pqg(dh.0, + p.as_ptr(), + q.as_ptr(), + g.as_ptr())); + mem::forget((p, g, q)); + Ok(dh) + } } pub fn from_pem(buf: &[u8]) -> Result { @@ -32,19 +30,19 @@ impl DH { Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_1024_160() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_2048_224() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_2048_256() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); Ok(DH(dh)) @@ -64,17 +62,39 @@ impl Drop for DH { } } +#[cfg(ossl110)] +mod compat { + pub use ffi::DH_set0_pqg; +} + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use ffi; + use libc::c_int; + + pub unsafe fn DH_set0_pqg(dh: *mut ffi::DH, + p: *mut ffi::BIGNUM, + q: *mut ffi::BIGNUM, + g: *mut ffi::BIGNUM) -> c_int { + (*dh).p = p; + (*dh).q = q; + (*dh).g = g; + 1 + } +} + #[cfg(test)] mod tests { use super::DH; use bn::BigNum; use ssl::SslContext; - use ssl::SslMethod::Sslv23; + use ssl::SslMethod::Tls; #[test] - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] fn test_dh_rfc5114() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let dh1 = DH::get_1024_160().unwrap(); ctx.set_tmp_dh(&dh1).unwrap(); let dh2 = DH::get_2048_224().unwrap(); @@ -84,9 +104,8 @@ mod tests { } #[test] - #[cfg(feature = "dh_from_params")] fn test_dh() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ @@ -116,7 +135,7 @@ mod tests { #[test] fn test_dh_from_pem() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let params = include_bytes!("../../test/dhparams.pem"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(&dh).unwrap(); -- cgit v1.2.3 From edfc50f37db8d230eb17480f124b9fd70166a940 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 13 Oct 2016 19:46:13 -0700 Subject: Clean up features --- openssl/src/dh/mod.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index 4ee2d890..b716ffe0 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -30,19 +30,19 @@ impl DH { Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_1024_160() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_2048_224() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_2048_256() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); Ok(DH(dh)) @@ -92,7 +92,7 @@ mod tests { use ssl::SslMethod::Tls; #[test] - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] fn test_dh_rfc5114() { let mut ctx = SslContext::new(Tls).unwrap(); let dh1 = DH::get_1024_160().unwrap(); -- cgit v1.2.3