From 43c951f743e68fac5f45119eda7c994882a1d489 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 30 Sep 2016 00:43:05 -0700 Subject: Add support for OpenSSL 1.1.0 This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `*-sys` crate. * Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452 --- openssl/src/dh/mod.rs | 59 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 20 deletions(-) (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index e0cf885a..4ee2d890 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -3,24 +3,22 @@ use error::ErrorStack; use bio::MemBioSlice; use std::ptr; -#[cfg(feature = "dh_from_params")] use bn::BigNum; -#[cfg(feature = "dh_from_params")] use std::mem; pub struct DH(*mut ffi::DH); impl DH { - /// Requires the `dh_from_params` feature. - #[cfg(feature = "dh_from_params")] pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result { - let dh = unsafe { - try_ssl_null!(::c_helpers::rust_0_8_DH_new_from_params(p.as_ptr(), g.as_ptr(), q.as_ptr())) - }; - mem::forget(p); - mem::forget(g); - mem::forget(q); - Ok(DH(dh)) + unsafe { + let dh = DH(try_ssl_null!(ffi::DH_new())); + try_ssl!(compat::DH_set0_pqg(dh.0, + p.as_ptr(), + q.as_ptr(), + g.as_ptr())); + mem::forget((p, g, q)); + Ok(dh) + } } pub fn from_pem(buf: &[u8]) -> Result { @@ -32,19 +30,19 @@ impl DH { Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_1024_160() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_2048_224() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); Ok(DH(dh)) } - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] pub fn get_2048_256() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); Ok(DH(dh)) @@ -64,17 +62,39 @@ impl Drop for DH { } } +#[cfg(ossl110)] +mod compat { + pub use ffi::DH_set0_pqg; +} + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use ffi; + use libc::c_int; + + pub unsafe fn DH_set0_pqg(dh: *mut ffi::DH, + p: *mut ffi::BIGNUM, + q: *mut ffi::BIGNUM, + g: *mut ffi::BIGNUM) -> c_int { + (*dh).p = p; + (*dh).q = q; + (*dh).g = g; + 1 + } +} + #[cfg(test)] mod tests { use super::DH; use bn::BigNum; use ssl::SslContext; - use ssl::SslMethod::Sslv23; + use ssl::SslMethod::Tls; #[test] - #[cfg(feature = "rfc5114")] + #[cfg(all(feature = "rfc5114", not(ossl101)))] fn test_dh_rfc5114() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let dh1 = DH::get_1024_160().unwrap(); ctx.set_tmp_dh(&dh1).unwrap(); let dh2 = DH::get_2048_224().unwrap(); @@ -84,9 +104,8 @@ mod tests { } #[test] - #[cfg(feature = "dh_from_params")] fn test_dh() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ @@ -116,7 +135,7 @@ mod tests { #[test] fn test_dh_from_pem() { - let mut ctx = SslContext::new(Sslv23).unwrap(); + let mut ctx = SslContext::new(Tls).unwrap(); let params = include_bytes!("../../test/dhparams.pem"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(&dh).unwrap(); -- cgit v1.2.3 From edfc50f37db8d230eb17480f124b9fd70166a940 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 13 Oct 2016 19:46:13 -0700 Subject: Clean up features --- openssl/src/dh/mod.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index 4ee2d890..b716ffe0 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -30,19 +30,19 @@ impl DH { Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_1024_160() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_2048_224() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); Ok(DH(dh)) } - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] pub fn get_2048_256() -> Result { let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); Ok(DH(dh)) @@ -92,7 +92,7 @@ mod tests { use ssl::SslMethod::Tls; #[test] - #[cfg(all(feature = "rfc5114", not(ossl101)))] + #[cfg(feature = "openssl-102")] fn test_dh_rfc5114() { let mut ctx = SslContext::new(Tls).unwrap(); let dh1 = DH::get_1024_160().unwrap(); -- cgit v1.2.3 From ee189885843b2b4f75f180ccc5b66689c3cdd553 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 15 Oct 2016 16:10:03 -0700 Subject: De-enumify SslMethod --- openssl/src/dh/mod.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index b716ffe0..83807f39 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -88,13 +88,12 @@ mod compat { mod tests { use super::DH; use bn::BigNum; - use ssl::SslContext; - use ssl::SslMethod::Tls; + use ssl::{SslMethod, SslContext}; #[test] #[cfg(feature = "openssl-102")] fn test_dh_rfc5114() { - let mut ctx = SslContext::new(Tls).unwrap(); + let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let dh1 = DH::get_1024_160().unwrap(); ctx.set_tmp_dh(&dh1).unwrap(); let dh2 = DH::get_2048_224().unwrap(); @@ -105,7 +104,7 @@ mod tests { #[test] fn test_dh() { - let mut ctx = SslContext::new(Tls).unwrap(); + let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ @@ -135,7 +134,7 @@ mod tests { #[test] fn test_dh_from_pem() { - let mut ctx = SslContext::new(Tls).unwrap(); + let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let params = include_bytes!("../../test/dhparams.pem"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(&dh).unwrap(); -- cgit v1.2.3 From 8f89f0bfa98ac69582f22244dae0f5cc923046e1 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 16 Oct 2016 15:54:09 -0700 Subject: Start on error + BN refactor --- openssl/src/dh/mod.rs | 142 -------------------------------------------------- 1 file changed, 142 deletions(-) delete mode 100644 openssl/src/dh/mod.rs (limited to 'openssl/src/dh/mod.rs') diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs deleted file mode 100644 index 83807f39..00000000 --- a/openssl/src/dh/mod.rs +++ /dev/null @@ -1,142 +0,0 @@ -use ffi; -use error::ErrorStack; -use bio::MemBioSlice; -use std::ptr; - -use bn::BigNum; -use std::mem; - -pub struct DH(*mut ffi::DH); - -impl DH { - pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result { - unsafe { - let dh = DH(try_ssl_null!(ffi::DH_new())); - try_ssl!(compat::DH_set0_pqg(dh.0, - p.as_ptr(), - q.as_ptr(), - g.as_ptr())); - mem::forget((p, g, q)); - Ok(dh) - } - } - - pub fn from_pem(buf: &[u8]) -> Result { - let mem_bio = try!(MemBioSlice::new(buf)); - let dh = unsafe { - ffi::PEM_read_bio_DHparams(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()) - }; - try_ssl_null!(dh); - Ok(DH(dh)) - } - - #[cfg(feature = "openssl-102")] - pub fn get_1024_160() -> Result { - let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); - Ok(DH(dh)) - } - - #[cfg(feature = "openssl-102")] - pub fn get_2048_224() -> Result { - let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); - Ok(DH(dh)) - } - - #[cfg(feature = "openssl-102")] - pub fn get_2048_256() -> Result { - let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); - Ok(DH(dh)) - } - - pub unsafe fn as_ptr(&self) -> *mut ffi::DH { - let DH(n) = *self; - n - } -} - -impl Drop for DH { - fn drop(&mut self) { - unsafe { - ffi::DH_free(self.as_ptr()) - } - } -} - -#[cfg(ossl110)] -mod compat { - pub use ffi::DH_set0_pqg; -} - -#[cfg(ossl10x)] -#[allow(bad_style)] -mod compat { - use ffi; - use libc::c_int; - - pub unsafe fn DH_set0_pqg(dh: *mut ffi::DH, - p: *mut ffi::BIGNUM, - q: *mut ffi::BIGNUM, - g: *mut ffi::BIGNUM) -> c_int { - (*dh).p = p; - (*dh).q = q; - (*dh).g = g; - 1 - } -} - -#[cfg(test)] -mod tests { - use super::DH; - use bn::BigNum; - use ssl::{SslMethod, SslContext}; - - #[test] - #[cfg(feature = "openssl-102")] - fn test_dh_rfc5114() { - let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); - let dh1 = DH::get_1024_160().unwrap(); - ctx.set_tmp_dh(&dh1).unwrap(); - let dh2 = DH::get_2048_224().unwrap(); - ctx.set_tmp_dh(&dh2).unwrap(); - let dh3 = DH::get_2048_256().unwrap(); - ctx.set_tmp_dh(&dh3).unwrap(); - } - - #[test] - fn test_dh() { - let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); - let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ - E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ - 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ - 2E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF1230\ - 7F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9\ - A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251C\ - CACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE\ - 621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D227\ - 6E11715F693877FAD7EF09CADB094AE91E1A1597") - .unwrap(); - let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0\ - BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773\ - BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2D\ - DF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428E\ - BC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BF\ - FE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7\ - D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92\ - B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148\ - D47954515E2327CFEF98C582664B4C0F6CC41659") - .unwrap(); - let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F\ - 5FBD3") - .unwrap(); - let dh = DH::from_params(p, g, q).unwrap(); - ctx.set_tmp_dh(&dh).unwrap(); - } - - #[test] - fn test_dh_from_pem() { - let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); - let params = include_bytes!("../../test/dhparams.pem"); - let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); - ctx.set_tmp_dh(&dh).unwrap(); - } -} -- cgit v1.2.3