min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #117 from nox/bump-boringssl 

Update boringssl to latest upstream commit (fixes #100)
This commit is contained in:
Ivan Nikulin 2023-05-11 16:23:28 +01:00 committed by GitHub
parent 561d786c10 6274f70726
commit 0dd85d187b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boring-sys/deps/boringssl

@ -1 +1 @@
Subproject commit f1c75347daa2ea81a941e953f2263e0a4d970c8d
Subproject commit 44b3df6f03d85c901767250329c571db405122d5

10
boring/src/bio.rs
View File

@ -1,6 +1,5 @@
use crate::ffi;
use crate::ffi::BIO_new_mem_buf;
use libc::c_int;
use std::marker::PhantomData;
use std::ptr;
use std::slice;
@ -20,13 +19,18 @@ impl<'a> Drop for MemBioSlice<'a> {
impl<'a> MemBioSlice<'a> {
pub fn new(buf: &'a [u8]) -> Result<MemBioSlice<'a>, ErrorStack> {
#[cfg(not(feature = "fips"))]
type BufLen = isize;
#[cfg(feature = "fips")]
type BufLen = libc::c_int;
ffi::init();
assert!(buf.len() <= c_int::max_value() as usize);
assert!(buf.len() <= BufLen::max_value() as usize);
let bio = unsafe {
cvt_p(BIO_new_mem_buf(
buf.as_ptr() as *const _,
buf.len() as c_int,
buf.len() as BufLen,
))?
};

21
boring/src/ssl/mod.rs
View File

@ -621,8 +621,6 @@ impl SslCurve {
pub const SECP521R1: SslCurve = SslCurve(ffi::NID_secp521r1);
pub const X25519: SslCurve = SslCurve(ffi::NID_X25519);
pub const CECPQ2: SslCurve = SslCurve(ffi::NID_CECPQ2);
}
/// A standard implementation of protocol selection for Application Layer Protocol Negotiation
@ -1165,11 +1163,14 @@ impl SslContextBuilder {
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize);
#[cfg_attr(not(feature = "fips"), allow(clippy::unnecessary_cast))]
{
assert!(protocols.len() <= ProtosLen::max_value() as usize);
}
let r = ffi::SSL_CTX_set_alpn_protos(
self.as_ptr(),
protocols.as_ptr(),
protocols.len() as c_uint,
protocols.len() as ProtosLen,
);
// fun fact, SSL_CTX_set_alpn_protos has a reversed return code D:
if r == 0 {
@ -1768,6 +1769,11 @@ impl SslContextRef {
}
}
#[cfg(not(feature = "fips"))]
type ProtosLen = usize;
#[cfg(feature = "fips")]
type ProtosLen = libc::c_uint;
/// Information about the state of a cipher.
pub struct CipherBits {
/// The number of secret bits used for the cipher.
@ -2266,11 +2272,14 @@ impl SslRef {
/// [`SSL_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_alpn_protos.html
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize);
#[cfg_attr(not(feature = "fips"), allow(clippy::unnecessary_cast))]
{
assert!(protocols.len() <= ProtosLen::max_value() as usize);
}
let r = ffi::SSL_set_alpn_protos(
self.as_ptr(),
protocols.as_ptr(),
protocols.len() as c_uint,
protocols.len() as ProtosLen,
);
// fun fact, SSL_set_alpn_protos has a reversed return code D:
if r == 0 {

13
boring/src/x509/mod.rs
View File

@ -809,13 +809,13 @@ impl X509NameBuilder {
pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).unwrap();
assert!(value.len() <= c_int::max_value() as usize);
assert!(value.len() <= ValueLen::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
self.0.as_ptr(),
field.as_ptr() as *mut _,
ffi::MBSTRING_UTF8,
value.as_ptr(),
value.len() as c_int,
value.len() as ValueLen,
-1,
0,
))
@ -830,13 +830,13 @@ impl X509NameBuilder {
/// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_NAME_add_entry_by_NID.html
pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
unsafe {
assert!(value.len() <= c_int::max_value() as usize);
assert!(value.len() <= ValueLen::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
self.0.as_ptr(),
field.as_raw(),
ffi::MBSTRING_UTF8,
value.as_ptr() as *mut _,
value.len() as c_int,
value.len() as ValueLen,
-1,
0,
))
@ -850,6 +850,11 @@ impl X509NameBuilder {
}
}
#[cfg(not(feature = "fips"))]
type ValueLen = isize;
#[cfg(feature = "fips")]
type ValueLen = i32;
foreign_type_and_impl_send_sync! {
type CType = ffi::X509_NAME;
fn drop = ffi::X509_NAME_free;

6
boring/src/x509/store.rs
View File

@ -8,6 +8,7 @@
//! ```rust
//! use boring::x509::store::{X509StoreBuilder, X509Store};
//! use boring::x509::{X509, X509Name};
//! use boring::asn1::Asn1Time;
//! use boring::pkey::PKey;
//! use boring::hash::MessageDigest;
//! use boring::rsa::Rsa;
@ -22,10 +23,15 @@
//! let name = name.build();
//! let mut builder = X509::builder().unwrap();
//!
//! // Sep 27th, 2016
//! let sample_time = Asn1Time::from_unix(1474934400).unwrap();
//!
//! builder.set_version(2).unwrap();
//! builder.set_subject_name(&name).unwrap();
//! builder.set_issuer_name(&name).unwrap();
//! builder.set_pubkey(&pkey).unwrap();
//! builder.set_not_before(&sample_time);
//! builder.set_not_after(&sample_time);
//! builder.sign(&pkey, MessageDigest::sha256()).unwrap();
//!
//! let certificate: X509 = builder.build();

2
boring/src/x509/tests.rs
View File

@ -260,7 +260,7 @@ fn x509_req_builder() {
let name = name.build();
let mut builder = X509Req::builder().unwrap();
builder.set_version(2).unwrap();
builder.set_version(0).unwrap();
builder.set_subject_name(&name).unwrap();
builder.set_pubkey(&pkey).unwrap();