Remove LibreSSL leftovers

2020-11-11 14:18:00 +00:00 · 2020-11-11 14:18:00 +00:00 · 0f5daa8eb5
parent 9bd7645701
commit 0f5daa8eb5
5 changed files with 2 additions and 171 deletions
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -376,7 +376,6 @@ extern "C" {
    pub fn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME);
    #[cfg(not(libressl))]
    pub fn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int;
    pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@ -1,113 +1,7 @@
 //! Bindings to OpenSSL
 //!
-//! This crate provides a safe interface to the popular OpenSSL cryptography library. OpenSSL versions 1.0.1 through
+//! This crate provides a safe interface to the BoringSSL cryptography library.
-//! 1.1.1 and LibreSSL versions 2.5 through 2.8 are supported.
+
 //!
 //! # Building
 //!
 //! Both OpenSSL libraries and headers are required to build this crate. There are multiple options available to locate
 //! OpenSSL.
 //!
 //! ## Vendored
 //!
 //! If the `vendored` Cargo feature is enabled, the `openssl-src` crate will be used to compile and statically link to
 //! a copy of OpenSSL. The build process requires a C compiler, perl, and make. The OpenSSL version will generally track
 //! the newest OpenSSL release, and changes to the version are *not* considered breaking changes.
 //!
 //! ```toml
 //! [dependencies]
 //! openssl = { version = "0.10", features = ["vendored"] }
 //! ```
 //!
 //! The vendored copy will not be configured to automatically find the system's root certificates, but the
 //! `openssl-probe` crate can be used to do that instead.
 //!
 //! ## Automatic
 //!
 //! The `openssl-sys` crate will automatically detect OpenSSL installations via Homebrew on macOS and vcpkg on Windows.
 //! Additionally, it will use `pkg-config` on Unix-like systems to find the system installation.
 //!
 //! ```not_rust
 //! # macOS
 //! $ brew install openssl@1.1
 //!
 //! # Arch Linux
 //! $ sudo pacman -S pkg-config openssl
 //!
 //! # Debian and Ubuntu
 //! $ sudo apt-get install pkg-config libssl-dev
 //!
 //! # Fedora
 //! $ sudo dnf install pkg-config openssl-devel
 //! ```
 //!
 //! ## Manual
 //!
 //! A set of environment variables can be used to point `openssl-sys` towards an OpenSSL installation. They will
 //! override the automatic detection logic.
 //!
 //! * `OPENSSL_DIR` - If specified, the directory of an OpenSSL installation. The directory should contain `lib` and
 //!     `include` subdirectories containing the libraries and headers respectively.
 //! * `OPENSSL_LIB_DIR` and `OPENSSL_INCLUDE_DIR` - If specified, the directories containing the OpenSSL libraries and
 //!     headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
 //! * `OPENSSL_STATIC` - If set, the crate will statically link to OpenSSL rather than dynamically link.
 //! * `OPENSSL_LIBS` - If set, a `:`-separated list of library names to link to (e.g. `ssl:crypto`). This can be used
 //!     if nonstandard library names were used for whatever reason.
 //! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled.
 //!
 //! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g.
 //!     `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling.
 //!
 //! # Feature Detection
 //!
 //! APIs have been added to and removed from the various supported OpenSSL versions, and this library exposes the
 //! functionality available in the version being linked against. This means that methods, constants, and even modules
 //! will be present when building against one version of OpenSSL but not when building against another! APIs will
 //! document any version-specific availability restrictions.
 //!
 //! A build script can be used to detect the OpenSSL or LibreSSL version at compile time if needed. The `openssl-sys`
 //! crate propagates the version via the `DEP_OPENSSL_VERSION_NUMBER` and `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER`
 //! environment variables to build scripts. The version format is a hex-encoding of the OpenSSL release version:
 //! `0xMNNFFPPS`. For example, version 1.0.2g's encoding is `0x1_00_02_07_0`.
 //!
 //! For example, let's say we want to adjust the TLSv1.3 cipher suites used by a client, but also want to compile
 //! against OpenSSL versions that don't support TLSv1.3:
 //!
 //! Cargo.toml:
 //!
 //! ```toml
 //! [dependencies]
 //! openssl-sys = "0.9"
 //! openssl = "0.10"
 //! ```
 //!
 //! build.rs:
 //!
 //! ```
 //! use std::env;
 //!
 //! fn main() {
 //!     if let Ok(v) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
 //!         let version = u64::from_str_radix(&v, 16).unwrap();
 //!
 //!         if version >= 0x1_01_01_00_0 {
 //!             println!("cargo:rustc-cfg=openssl111");
 //!         }
 //!     }
 //! }
 //! ```
 //!
 //! lib.rs:
 //!
 //! ```
 //! use openssl::ssl::{SslConnector, SslMethod};
 //!
 //! let mut ctx = SslConnector::builder(SslMethod::tls()).unwrap();
 //!
 //! // set_ciphersuites was added in OpenSSL 1.1.1, so we can only call it when linking against that version
 //! #[cfg(openssl111)]
 //! ctx.set_ciphersuites("TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256").unwrap();
 //! ```
 #![doc(html_root_url = "https://docs.rs/openssl/0.10")]
 #[macro_use]
@ -149,7 +43,6 @@ pub mod ec;
 pub mod ecdsa;
 pub mod error;
 pub mod ex_data;
 #[cfg(not(libressl))]
 pub mod fips;
 pub mod hash;
 pub mod memcmp;
--- a/openssl/src/pkcs5.rs
+++ b/openssl/src/pkcs5.rs
@ -110,8 +110,6 @@ pub fn pbkdf2_hmac(
 }
 /// Derives a key from a password and salt using the scrypt algorithm.
 ///
 /// Requires OpenSSL 1.1.0 or newer.
 pub fn scrypt(
    pass: &[u8],
    salt: &[u8],
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -136,13 +136,9 @@ bitflags! {
            ffi::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
        /// Creates a new key for each session when using ECDHE.
        ///
        /// This is always enabled in OpenSSL 1.1.0.
        const SINGLE_ECDH_USE = ffi::SSL_OP_SINGLE_ECDH_USE;
        /// Creates a new key for each session when using DHE.
        ///
        /// This is always enabled in OpenSSL 1.1.0.
        const SINGLE_DH_USE = ffi::SSL_OP_SINGLE_DH_USE;
        /// Use the server's preferences rather than the client's when selecting a cipher.
@ -169,23 +165,15 @@ bitflags! {
        const NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2;
        /// Disables the use of TLSv1.3.
        ///
        /// Requires OpenSSL 1.1.1 or newer.
        const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
        /// Disables the use of DTLSv1.0
        ///
        /// Requires OpenSSL 1.0.2 or newer.
        const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
        /// Disables the use of DTLSv1.2.
        ///
        /// Requires OpenSSL 1.0.2, or newer.
        const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
        /// Disallow all renegotiation in TLSv1.2 and earlier.
        ///
        /// Requires OpenSSL 1.1.0h or newer.
        const NO_RENEGOTIATION = ffi::SSL_OP_NO_RENEGOTIATION;
    }
 }
@ -234,7 +222,6 @@ bitflags! {
        /// attempted to downgrade the protocol version of the session.
        ///
        /// Do not use this unless you know what you're doing!
        #[cfg(not(libressl))]
        const SEND_FALLBACK_SCSV = ffi::SSL_MODE_SEND_FALLBACK_SCSV;
    }
 }
@ -465,15 +452,11 @@ impl SslAlert {
 }
 /// An error returned from an ALPN selection callback.
 ///
 /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
 #[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct AlpnError(c_int);
 impl AlpnError {
    /// Terminate the handshake with a fatal alert.
    ///
    /// Requires OpenSSL 1.1.0 or newer.
    pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
    /// Do not select a protocol, but continue the handshake.
@ -642,8 +625,6 @@ impl SslContextBuilder {
    /// Sets a custom certificate store for verifying peer certificates.
    ///
    /// Requires OpenSSL 1.0.2 or newer.
    ///
    /// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
    ///
    /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
@ -765,7 +746,6 @@ impl SslContextBuilder {
    /// This corresponds to [`SSL_CTX_add_client_CA`].
    ///
    /// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html
    #[cfg(not(libressl))]
    pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::SSL_CTX_add_client_CA(self.as_ptr(), cacert.as_ptr())).map(|_| ()) }
    }
@ -965,8 +945,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_set_min_proto_version`].
    ///
    /// Requires OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
    ///
    /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
    pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
        unsafe {
@ -985,8 +963,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_set_max_proto_version`].
    ///
    /// Requires OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
    ///
    /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
    pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
        unsafe {
@ -1005,8 +981,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_get_min_proto_version`].
    ///
    /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
    ///
    /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
    pub fn min_proto_version(&mut self) -> Option<SslVersion> {
        unsafe {
@ -1026,8 +1000,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_get_max_proto_version`].
    ///
    /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
    ///
    /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
    pub fn max_proto_version(&mut self) -> Option<SslVersion> {
        unsafe {
@ -1049,8 +1021,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_set_alpn_protos`].
    ///
    /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
    ///
    /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
    pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
        unsafe {
@ -1098,8 +1068,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
    ///
    /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
    ///
    /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
    /// [`select_next_proto`]: fn.select_next_proto.html
    /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
@ -1306,8 +1274,6 @@ impl SslContextBuilder {
    /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
    /// traffic. The line does not contain a trailing newline.
    ///
    /// Requires OpenSSL 1.1.1 or newer.
    ///
    /// This corresponds to [`SSL_CTX_set_keylog_callback`].
    ///
    /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html
@ -1371,8 +1337,6 @@ impl SslContextBuilder {
    ///
    /// This corresponds to [`SSL_CTX_set1_sigalgs_list`].
    ///
    /// Requires OpenSSL 1.0.2 or newer.
    ///
    /// [`SSL_CTX_set1_sigalgs_list`]: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html
    pub fn set_sigalgs_list(&mut self, sigalgs: &str) -> Result<(), ErrorStack> {
        let sigalgs = CString::new(sigalgs).unwrap();
@ -1464,8 +1428,6 @@ impl SslContext {
 impl SslContextRef {
    /// Returns the certificate associated with this `SslContext`, if present.
    ///
    /// Requires OpenSSL 1.0.2 or newer.
    ///
    /// This corresponds to [`SSL_CTX_get0_certificate`].
    ///
    /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
@ -1482,8 +1444,6 @@ impl SslContextRef {
    /// Returns the private key associated with this `SslContext`, if present.
    ///
    /// Requires OpenSSL 1.0.2 or newer.
    ///
    /// This corresponds to [`SSL_CTX_get0_privatekey`].
    ///
    /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
@ -1656,8 +1616,6 @@ impl SslCipherRef {
    /// Returns the RFC-standard name of the cipher, if one exists.
    ///
    /// Requires OpenSSL 1.1.1 or newer.
    ///
    /// This corresponds to [`SSL_CIPHER_standard_name`].
    ///
    /// [`SSL_CIPHER_standard_name`]: https://www.openssl.org/docs/manmaster/man3/SSL_CIPHER_get_name.html
@ -1719,8 +1677,6 @@ impl SslCipherRef {
    /// Returns the NID corresponding to the cipher.
    ///
    /// Requires OpenSSL 1.1.0 or newer.
    ///
    /// This corresponds to [`SSL_CIPHER_get_cipher_nid`].
    ///
    /// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html
@ -1838,8 +1794,6 @@ impl SslSessionRef {
    /// Returns the session's TLS protocol version.
    ///
    /// Requires OpenSSL 1.1.0 or newer.
    ///
    /// This corresponds to [`SSL_SESSION_get_protocol_version`].
    ///
    /// [`SSL_SESSION_get_protocol_version`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_protocol_version.html
@ -2057,8 +2011,6 @@ impl SslRef {
    /// Like [`SslContextBuilder::set_alpn_protos`].
    ///
    /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
    ///
    /// This corresponds to [`SSL_set_alpn_protos`].
    ///
    /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
@ -2247,8 +2199,6 @@ impl SslRef {
    /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
    /// to interpret it.
    ///
    /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
    ///
    /// This corresponds to [`SSL_get0_alpn_selected`].
    ///
    /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
@ -2402,8 +2352,6 @@ impl SslRef {
    /// Returns a mutable reference to the X509 verification configuration.
    ///
    /// Requires OpenSSL 1.0.2 or newer.
    ///
    /// This corresponds to [`SSL_get0_param`].
    ///
    /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
@ -2441,8 +2389,6 @@ impl SslRef {
    /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
    /// value.
    ///
    /// Requires OpenSSL 1.1.0 or newer.
    ///
    /// This corresponds to [`SSL_get_client_random`].
    ///
    /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
@ -2457,8 +2403,6 @@ impl SslRef {
    /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
    /// value.
    ///
    /// Requires OpenSSL 1.1.0 or newer.
    ///
    /// This corresponds to [`SSL_get_server_random`].
    ///
    /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
--- a/openssl/src/ssl/test/mod.rs
+++ b/openssl/src/ssl/test/mod.rs
@ -301,7 +301,6 @@ fn state() {
 /// lists of supported protocols have an overlap -- with only ONE protocol
 /// being valid for both.
 #[test]
 #[cfg_attr(libressl291, ignore)]
 fn test_connect_with_srtp_ctx() {
    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
    let addr = listener.local_addr().unwrap();
@ -360,7 +359,6 @@ fn test_connect_with_srtp_ctx() {
 /// lists of supported protocols have an overlap -- with only ONE protocol
 /// being valid for both.
 #[test]
 #[cfg_attr(libressl291, ignore)]
 fn test_connect_with_srtp_ssl() {
    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
    let addr = listener.local_addr().unwrap();
@ -589,7 +587,6 @@ fn refcount_ssl_context() {
 }
 #[test]
 #[cfg_attr(libressl250, ignore)]
 #[cfg_attr(target_os = "windows", ignore)]
 #[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)]
 fn default_verify_paths() {