min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OpenSSL 1.1.1 support

This commit is contained in:
Steven Fackler 2018-02-13 22:28:01 -08:00
parent 41598534b6
commit 2765775535
14 changed files with 203 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.circleci/config.yml
View File

@ -90,6 +90,9 @@ macos_job: &MACOS_JOB
cargo test --manifest-path=openssl/Cargo.toml --all-features
- *SAVE_DEPS
openssl_111: &OPENSSL_111
LIBRARY: openssl
VERSION: 1.1.1-pre1
openssl_110: &OPENSSL_110
LIBRARY: openssl
VERSION: 1.1.0g
@ -125,6 +128,10 @@ base: &BASE
version: 2
jobs:
x86_64-openssl-1.1.1:
<<: *JOB
environment:
<<: [*OPENSSL_111, *X86_64, *BASE]
x86_64-openssl-1.1.0:
<<: *JOB
environment:
@ -137,6 +144,10 @@ jobs:
<<: *JOB
environment:
<<: [*OPENSSL_101, *X86_64, *BASE]
i686-openssl-1.1.1:
<<: *JOB
environment:
<<: [*OPENSSL_111, *I686, *BASE]
i686-openssl-1.1.0:
<<: *JOB
environment:
@ -145,10 +156,10 @@ jobs:
<<: *JOB
environment:
<<: [*OPENSSL_102, *I686, *BASE]
i686-openssl-1.0.1:
armhf-openssl-1.1.1:
<<: *JOB
environment:
<<: [*OPENSSL_101, *I686, *BASE]
<<: [*OPENSSL_111, *ARMHF, *BASE]
armhf-openssl-1.1.0:
<<: *JOB
environment:
@ -157,10 +168,6 @@ jobs:
<<: *JOB
environment:
<<: [*OPENSSL_102, *ARMHF, *BASE]
armhf-openssl-1.0.1:
<<: *JOB
environment:
<<: [*OPENSSL_101, *ARMHF, *BASE]
x86_64-libressl-2.5.0:
<<: *JOB
environment:
@ -175,15 +182,16 @@ workflows:
version: 2
tests:
jobs:
- x86_64-openssl-1.1.1
- x86_64-openssl-1.1.0
- x86_64-openssl-1.0.2
- x86_64-openssl-1.0.1
- i686-openssl-1.1.1
- i686-openssl-1.1.0
- i686-openssl-1.0.2
- i686-openssl-1.0.1
- armhf-openssl-1.1.1
- armhf-openssl-1.1.0
- armhf-openssl-1.0.2
- armhf-openssl-1.0.1
- x86_64-libressl-2.5.0
- x86_64-libressl-2.6.3
- macos

15
openssl-sys/build.rs
View File

@ -343,8 +343,10 @@ RUST_LIBRESSL_251
RUST_LIBRESSL_250
#elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000
RUST_LIBRESSL_OLD
#elif OPENSSL_VERSION_NUMBER >= 0x10101000
#elif OPENSSL_VERSION_NUMBER >= 0x10102000
RUST_OPENSSL_NEW
#elif OPENSSL_VERSION_NUMBER >= 0x10101000
RUST_OPENSSL_111
#elif OPENSSL_VERSION_NUMBER >= 0x10100060
RUST_OPENSSL_110F
#elif OPENSSL_VERSION_NUMBER >= 0x10100000
@ -471,6 +473,11 @@ See rust-openssl README for more information:
println!("cargo:libressl_version=26x");
println!("cargo:version=101");
Version::Libressl
} else if expanded.contains("RUST_OPENSSL_111") {
println!("cargo:rustc-cfg=ossl111");
println!("cargo:rustc-cfg=ossl110");
println!("cargo:version=111");
Version::Openssl110
} else if expanded.contains("RUST_OPENSSL_110F") {
println!("cargo:rustc-cfg=ossl110");
println!("cargo:rustc-cfg=ossl110f");
@ -493,9 +500,9 @@ See rust-openssl README for more information:
panic!(
"
This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, or LibreSSL
2.5 and 2.6.0, but a different version of OpenSSL was found. The build is now
aborting due to this version mismatch.
This crate is only compatible with OpenSSL 1.0.1 through 1.1.1, or LibreSSL 2.5
and 2.6, but a different version of OpenSSL was found. The build is now aborting
due to this version mismatch.
"
);

18
openssl-sys/src/lib.rs
View File

@ -1255,9 +1255,9 @@ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
#[cfg(not(libressl))]
pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
#[cfg(not(any(libressl, ossl110f)))]
#[cfg(not(any(libressl, ossl110f, ossl111)))]
pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
#[cfg(ossl110f)]
#[cfg(any(ossl110f, ossl111))]
pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
| SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
@ -1276,16 +1276,22 @@ pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000;
#[cfg(not(libressl))]
pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000;
pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
#[cfg(ossl111)]
pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000;
#[cfg(not(any(ossl101, libressl)))]
pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000;
#[cfg(not(any(ossl101, libressl)))]
pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
#[cfg(not(any(ossl101, libressl)))]
#[cfg(not(any(ossl101, libressl, ossl111)))]
pub const SSL_OP_NO_SSL_MASK: c_ulong =
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
#[cfg(ossl111)]
pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
| SSL_OP_NO_TLSv1_3;
pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
@ -2498,9 +2504,9 @@ extern "C" {
);
pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
#[cfg(not(any(ossl101, libressl, ossl110f)))]
#[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))]
pub fn SSL_is_server(s: *mut SSL) -> c_int;
#[cfg(ossl110f)]
#[cfg(any(ossl110f, ossl111))]
pub fn SSL_is_server(s: *const SSL) -> c_int;
pub fn SSL_SESSION_free(s: *mut SSL_SESSION);

1
openssl/Cargo.toml
View File

@ -17,6 +17,7 @@ all-features = true
v101 = []
v102 = []
v110 = []
v111 = ["v110"]
[dependencies]
bitflags = "1.0"

4
openssl/build.rs
View File

@ -13,6 +13,10 @@ fn main() {
Ok(ref v) if v == "110" => {
println!("cargo:rustc-cfg=ossl110");
}
Ok(ref v) if v == "111" => {
println!("cargo:rustc-cfg=ossl110");
println!("cargo:rustc-cfg=ossl111");
}
_ => panic!("Unable to detect OpenSSL version"),
}

6
openssl/src/dh.rs
View File

@ -83,7 +83,7 @@ impl Dh<Params> {
ffi::d2i_DHparams
}
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
unsafe {
@ -92,7 +92,7 @@ impl Dh<Params> {
}
}
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
unsafe {
@ -101,7 +101,7 @@ impl Dh<Params> {
}
}
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
unsafe {

364
openssl/src/pkcs5.rs
View File

@ -59,9 +59,9 @@ pub fn bytes_to_key(
))?;
let mut key = vec![0; len as usize];
let iv_ptr = iv.as_mut().map(|v| v.as_mut_ptr()).unwrap_or(
ptr::null_mut(),
);
let iv_ptr = iv.as_mut()
.map(|v| v.as_mut_ptr())
.unwrap_or(ptr::null_mut());
cvt(ffi::EVP_BytesToKey(
cipher,
@ -107,7 +107,7 @@ pub fn pbkdf2_hmac(
/// Derives a key from a password and salt using the scrypt algorithm.
///
/// Requires the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))]
pub fn scrypt(
pass: &[u8],
@ -150,24 +150,9 @@ mod tests {
assert_eq!(
buf,
&[
0x55_u8,
0xac_u8,
0x04_u8,
0x6e_u8,
0x56_u8,
0xe3_u8,
0x08_u8,
0x9f_u8,
0xec_u8,
0x16_u8,
0x91_u8,
0xc2_u8,
0x25_u8,
0x44_u8,
0xb6_u8,
0x05_u8,
]
[..]
0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, 0xec_u8,
0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8,
][..]
);
super::pbkdf2_hmac(
@ -180,24 +165,9 @@ mod tests {
assert_eq!(
buf,
&[
0x4d_u8,
0xdc_u8,
0xd8_u8,
0xf6_u8,
0x0b_u8,
0x98_u8,
0xbe_u8,
0x21_u8,
0x83_u8,
0x0c_u8,
0xee_u8,
0x5e_u8,
0xf2_u8,
0x27_u8,
0x01_u8,
0xf9_u8,
]
[..]
0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, 0x83_u8,
0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8,
][..]
);
}
@ -211,72 +181,15 @@ mod tests {
assert_eq!(
&buf[..],
&[
0x73_u8,
0xde_u8,
0xcf_u8,
0xa5_u8,
0x8a_u8,
0xa2_u8,
0xe8_u8,
0x4f_u8,
0x94_u8,
0x77_u8,
0x1a_u8,
0x75_u8,
0x73_u8,
0x6b_u8,
0xb8_u8,
0x8b_u8,
0xd3_u8,
0xc7_u8,
0xb3_u8,
0x82_u8,
0x70_u8,
0xcf_u8,
0xb5_u8,
0x0c_u8,
0xb3_u8,
0x90_u8,
0xed_u8,
0x78_u8,
0xb3_u8,
0x05_u8,
0x65_u8,
0x6a_u8,
0xf8_u8,
0x14_u8,
0x8e_u8,
0x52_u8,
0x45_u8,
0x2b_u8,
0x22_u8,
0x16_u8,
0xb2_u8,
0xb8_u8,
0x09_u8,
0x8b_u8,
0x76_u8,
0x1f_u8,
0xc6_u8,
0x33_u8,
0x60_u8,
0x60_u8,
0xa0_u8,
0x9f_u8,
0x76_u8,
0x41_u8,
0x5e_u8,
0x9f_u8,
0x71_u8,
0xea_u8,
0x47_u8,
0xf9_u8,
0xe9_u8,
0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, 0x94_u8,
0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8,
0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xb3_u8, 0x90_u8, 0xed_u8,
0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8,
0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8,
0x1f_u8, 0xc6_u8, 0x33_u8, 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8,
0x5e_u8, 0x9f_u8, 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8,
0x06_u8,
0x43_u8,
0x06_u8,
]
[..]
][..]
);
super::pbkdf2_hmac(
@ -289,72 +202,15 @@ mod tests {
assert_eq!(
&buf[..],
&[
0x71_u8,
0xa0_u8,
0xec_u8,
0x84_u8,
0x2a_u8,
0xbd_u8,
0x5c_u8,
0x67_u8,
0x8b_u8,
0xcf_u8,
0xd1_u8,
0x45_u8,
0xf0_u8,
0x9d_u8,
0x83_u8,
0x52_u8,
0x2f_u8,
0x93_u8,
0x36_u8,
0x15_u8,
0x60_u8,
0x56_u8,
0x3c_u8,
0x4d_u8,
0x0d_u8,
0x63_u8,
0xb8_u8,
0x83_u8,
0x29_u8,
0x87_u8,
0x10_u8,
0x90_u8,
0xe7_u8,
0x66_u8,
0x04_u8,
0xa4_u8,
0x9a_u8,
0xf0_u8,
0x8f_u8,
0xe7_u8,
0xc9_u8,
0xf5_u8,
0x71_u8,
0x56_u8,
0xc8_u8,
0x79_u8,
0x09_u8,
0x96_u8,
0xb2_u8,
0x0f_u8,
0x06_u8,
0xbc_u8,
0x53_u8,
0x5e_u8,
0x5a_u8,
0xb5_u8,
0x44_u8,
0x0d_u8,
0xf7_u8,
0xe8_u8,
0x78_u8,
0x29_u8,
0x6f_u8,
0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, 0x8b_u8,
0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8,
0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, 0x0d_u8, 0x63_u8, 0xb8_u8,
0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8,
0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8,
0x79_u8, 0x09_u8, 0x96_u8, 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8,
0x5a_u8, 0xb5_u8, 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8,
0xa7_u8,
]
[..]
][..]
);
super::pbkdf2_hmac(
@ -367,72 +223,15 @@ mod tests {
assert_eq!(
&buf[..],
&[
0x01_u8,
0x68_u8,
0x71_u8,
0xa4_u8,
0xc4_u8,
0xb7_u8,
0x5f_u8,
0x96_u8,
0x85_u8,
0x7f_u8,
0xd2_u8,
0xb9_u8,
0xf8_u8,
0xca_u8,
0x28_u8,
0x02_u8,
0x3b_u8,
0x30_u8,
0xee_u8,
0x2a_u8,
0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, 0x85_u8,
0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, 0x3b_u8, 0x30_u8,
0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, 0xc8_u8, 0xc9_u8, 0x37_u8,
0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8,
0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8,
0x00_u8, 0x56_u8, 0xc6_u8, 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8,
0x4b_u8, 0x1a_u8, 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8,
0x39_u8,
0xf5_u8,
0xad_u8,
0xca_u8,
0xc8_u8,
0xc9_u8,
0x37_u8,
0x5f_u8,
0x9b_u8,
0xda_u8,
0x1c_u8,
0xcd_u8,
0x1b_u8,
0x6f_u8,
0x0b_u8,
0x2f_u8,
0xc3_u8,
0xad_u8,
0xda_u8,
0x50_u8,
0x54_u8,
0x12_u8,
0xe7_u8,
0x9d_u8,
0x89_u8,
0x00_u8,
0x56_u8,
0xc6_u8,
0x2e_u8,
0x52_u8,
0x4c_u8,
0x7d_u8,
0x51_u8,
0x15_u8,
0x4b_u8,
0x1a_u8,
0x85_u8,
0x34_u8,
0x57_u8,
0x5b_u8,
0xd0_u8,
0x2d_u8,
0xee_u8,
0x39_u8,
]
[..]
][..]
);
}
@ -441,93 +240,19 @@ mod tests {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
let data = [
143_u8,
210_u8,
75_u8,
63_u8,
214_u8,
179_u8,
155_u8,
241_u8,
242_u8,
31_u8,
154_u8,
56_u8,
198_u8,
145_u8,
192_u8,
64_u8,
2_u8,
245_u8,
167_u8,
220_u8,
55_u8,
119_u8,
233_u8,
136_u8,
139_u8,
27_u8,
71_u8,
242_u8,
119_u8,
175_u8,
65_u8,
207_u8,
143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8,
56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8,
233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8,
];
let expected_key = vec![
249_u8,
115_u8,
114_u8,
97_u8,
32_u8,
213_u8,
165_u8,
146_u8,
58_u8,
87_u8,
234_u8,
3_u8,
43_u8,
250_u8,
97_u8,
114_u8,
26_u8,
98_u8,
245_u8,
246_u8,
238_u8,
177_u8,
229_u8,
161_u8,
183_u8,
224_u8,
174_u8,
3_u8,
6_u8,
244_u8,
236_u8,
255_u8,
249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, 58_u8, 87_u8, 234_u8,
3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, 98_u8, 245_u8, 246_u8, 238_u8, 177_u8,
229_u8, 161_u8, 183_u8, 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8,
];
let expected_iv = vec![
4_u8,
223_u8,
153_u8,
219_u8,
28_u8,
142_u8,
234_u8,
68_u8,
227_u8,
69_u8,
98_u8,
107_u8,
208_u8,
14_u8,
236_u8,
60_u8,
4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8,
107_u8, 208_u8, 14_u8, 236_u8, 60_u8,
];
assert_eq!(
@ -552,8 +277,9 @@ mod tests {
let pass = "pleaseletmein";
let salt = "SodiumChloride";
let expected = "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\
f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887";
let expected =
"7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\
f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887";
let mut actual = [0; 64];
super::scrypt(

13
openssl/src/ssl/connector.rs
View File

@ -206,6 +206,12 @@ impl SslAcceptor {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> {
let mut ctx = ctx(method)?;
#[cfg(ossl111)]
{
ctx.set_options(SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
let dh = Dh::params_from_pem(DHPARAM_PEM.as_bytes())?;
ctx.set_tmp_dh(&dh)?;
setup_curves(&mut ctx)?;
@ -232,6 +238,13 @@ impl SslAcceptor {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> {
let mut ctx = ctx(method)?;
ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1);
#[cfg(ossl111)]
{
ctx.set_options(SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
setup_curves(&mut ctx)?;
ctx.set_cipher_list(
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\

59
openssl/src/ssl/mod.rs
View File

@ -177,14 +177,20 @@ bitflags! {
/// Disables the use of TLSv1.2.
const NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2;
/// Disables the use of TLSv1.3.
///
/// Requires the `v111` feature and OpenSSL 1.1.1.
#[cfg(all(feature = "v111", ossl111))]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
/// Disables the use of DTLSv1.0
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
/// Disables the use of DTLSv1.2.
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
@ -192,7 +198,7 @@ bitflags! {
///
/// This can be used as a mask when whitelisting protocol versions.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// # Examples
///
@ -453,7 +459,7 @@ impl SslAlert {
/// An error returned from an ALPN selection callback.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
#[derive(Debug, Copy, Clone)]
pub struct AlpnError(c_int);
@ -462,7 +468,7 @@ pub struct AlpnError(c_int);
impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
/// Requires the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
@ -610,7 +616,7 @@ impl SslContextBuilder {
/// Sets a custom certificate store for verifying peer certificates.
///
/// Requires the `v102` feature and OpenSSL 1.0.2, or the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
///
@ -619,8 +625,7 @@ impl SslContextBuilder {
pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
unsafe {
let ptr = cert_store.as_ptr();
cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr)
as c_int)?;
cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int)?;
mem::forget(cert_store);
Ok(())
@ -650,8 +655,8 @@ impl SslContextBuilder {
/// [`SSL_CTX_set_mode`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_mode.html
pub fn set_mode(&mut self, mode: SslMode) -> SslMode {
unsafe {
let mode = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits());
SslMode::from_bits(mode).unwrap()
let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits());
SslMode { bits }
}
}
@ -694,11 +699,7 @@ impl SslContextBuilder {
///
/// This corresponds to `SSL_CTX_set_tmp_ecdh`.
pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr())
as c_int)
.map(|_| ())
}
unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
}
/// Sets the callback which will generate parameters to be used during ephemeral elliptic curve
@ -942,8 +943,8 @@ impl SslContextBuilder {
///
/// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
SslOptions::from_bits(ret).unwrap()
let bits = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
SslOptions { bits }
}
/// Returns the options used by the context.
@ -952,8 +953,8 @@ impl SslContextBuilder {
///
/// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn options(&self) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) };
SslOptions::from_bits(ret).unwrap()
let bits = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) };
SslOptions { bits }
}
/// Clears the options used by the context, returning the old set.
@ -962,8 +963,8 @@ impl SslContextBuilder {
///
/// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) };
SslOptions::from_bits(ret).unwrap()
let bits = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) };
SslOptions { bits }
}
/// Sets the protocols to sent to the server for Application Layer Protocol Negotiation (ALPN).
@ -975,7 +976,7 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_protos`].
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
@ -1006,7 +1007,7 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html
@ -1086,9 +1087,7 @@ impl SslContextBuilder {
Box::into_raw(callback) as *mut c_void,
);
let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::<F>;
cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f))
as c_int)
.map(|_| ())
cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ())
}
}
@ -1206,7 +1205,7 @@ impl SslContext {
impl SslContextRef {
/// Returns the certificate associated with this `SslContext`, if present.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// This corresponds to [`SSL_CTX_get0_certificate`].
///
@ -1225,7 +1224,7 @@ impl SslContextRef {
/// Returns the private key associated with this `SslContext`, if present.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// This corresponds to [`SSL_CTX_get0_privatekey`].
///
@ -1782,7 +1781,7 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// This corresponds to [`SSL_get0_alpn_selected`].
///
@ -1857,7 +1856,7 @@ impl SslRef {
/// Returns a mutable reference to the X509 verification configuration.
///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
///
/// This corresponds to [`SSL_get0_param`].
///

16
openssl/src/ssl/test.rs
View File

@ -895,7 +895,7 @@ fn connector_no_hostname_can_disable_verify() {
#[test]
fn connector_client_server_mozilla_intermediate() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let listener = TcpListener::bind("127.0.0.1:1234").unwrap();
let port = listener.local_addr().unwrap().port();
let t = thread::spawn(move || {
@ -1038,6 +1038,13 @@ fn tmp_dh_callback() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
// TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :(
#[cfg(ossl111)]
{
ctx.set_options(super::SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();
@ -1106,6 +1113,13 @@ fn tmp_dh_callback_ssl() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
// TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :(
#[cfg(ossl111)]
{
ctx.set_options(super::SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();

191
openssl/src/symm.rs
View File

@ -141,13 +141,13 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_rc4()) }
}
/// Requires the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(ossl110, feature = "v110"))]
pub fn chacha20() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20()) }
}
/// Requires the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(ossl110, feature = "v110"))]
pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
@ -171,7 +171,11 @@ impl Cipher {
pub fn iv_len(&self) -> Option<usize> {
unsafe {
let len = EVP_CIPHER_iv_length(self.0) as usize;
if len == 0 { None } else { Some(len) }
if len == 0 {
None
} else {
Some(len)
}
}
}
@ -594,7 +598,7 @@ pub fn decrypt_aead(
}
#[cfg(ossl110)]
use ffi::{EVP_CIPHER_iv_length, EVP_CIPHER_block_size, EVP_CIPHER_key_length};
use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length};
#[cfg(ossl10x)]
#[allow(bad_style)]
@ -627,74 +631,17 @@ mod tests {
#[test]
fn test_aes_256_ecb() {
let k0 = [
0x00u8,
0x01u8,
0x02u8,
0x03u8,
0x04u8,
0x05u8,
0x06u8,
0x07u8,
0x08u8,
0x09u8,
0x0au8,
0x0bu8,
0x0cu8,
0x0du8,
0x0eu8,
0x0fu8,
0x10u8,
0x11u8,
0x12u8,
0x13u8,
0x14u8,
0x15u8,
0x16u8,
0x17u8,
0x18u8,
0x19u8,
0x1au8,
0x1bu8,
0x1cu8,
0x1du8,
0x1eu8,
0x1fu8,
0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, 0x08u8, 0x09u8, 0x0au8,
0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8,
0x16u8, 0x17u8, 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8,
];
let p0 = [
0x00u8,
0x11u8,
0x22u8,
0x33u8,
0x44u8,
0x55u8,
0x66u8,
0x77u8,
0x88u8,
0x99u8,
0xaau8,
0xbbu8,
0xccu8,
0xddu8,
0xeeu8,
0xffu8,
0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, 0x88u8, 0x99u8, 0xaau8,
0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8,
];
let c0 = [
0x8eu8,
0xa2u8,
0xb7u8,
0xcau8,
0x51u8,
0x67u8,
0x45u8,
0xbfu8,
0xeau8,
0xfcu8,
0x49u8,
0x90u8,
0x4bu8,
0x49u8,
0x60u8,
0x89u8,
0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, 0x49u8,
0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8,
];
let mut c = super::Crypter::new(
super::Cipher::aes_256_ecb(),
@ -726,74 +673,17 @@ mod tests {
#[test]
fn test_aes_256_cbc_decrypt() {
let iv = [
4_u8,
223_u8,
153_u8,
219_u8,
28_u8,
142_u8,
234_u8,
68_u8,
227_u8,
69_u8,
98_u8,
107_u8,
208_u8,
14_u8,
236_u8,
60_u8,
4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8,
107_u8, 208_u8, 14_u8, 236_u8, 60_u8,
];
let data = [
143_u8,
210_u8,
75_u8,
63_u8,
214_u8,
179_u8,
155_u8,
241_u8,
242_u8,
31_u8,
154_u8,
56_u8,
198_u8,
145_u8,
192_u8,
64_u8,
2_u8,
245_u8,
167_u8,
220_u8,
55_u8,
119_u8,
233_u8,
136_u8,
139_u8,
27_u8,
71_u8,
242_u8,
119_u8,
175_u8,
65_u8,
207_u8,
143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8,
56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8,
233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8,
];
let ciphered_data = [
0x4a_u8,
0x2e_u8,
0xe5_u8,
0x6_u8,
0xbf_u8,
0xcf_u8,
0xf2_u8,
0xd7_u8,
0xea_u8,
0x2d_u8,
0xb1_u8,
0x85_u8,
0x6c_u8,
0x93_u8,
0x65_u8,
0x6f_u8,
0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, 0xea_u8,
0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8,
];
let mut cr = super::Crypter::new(
super::Cipher::aes_256_cbc(),
@ -868,7 +758,6 @@ mod tests {
#[test]
fn test_rc4() {
let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000";
let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4";
let key = "97CD440324DA5FD1F7955C1C13B6B466";
@ -894,7 +783,6 @@ mod tests {
#[test]
fn test_aes128_ctr() {
let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\
E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710";
let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\
@ -919,7 +807,6 @@ mod tests {
#[test]
fn test_aes128_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "3b3fd92eb72dad20333449f8e83cfb4a";
let key = "2b7e151628aed2a6abf7158809cf4f3c";
@ -930,7 +817,6 @@ mod tests {
#[test]
fn test_aes128_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9";
let key = "2b7e151628aed2a6abf7158809cf4f3c";
@ -941,7 +827,6 @@ mod tests {
#[test]
fn test_aes256_cfb1() {
let pt = "6bc1";
let ct = "9029";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -952,7 +837,6 @@ mod tests {
#[test]
fn test_aes256_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "dc7e84bfda79164b7ecd8486985d3860";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -963,7 +847,6 @@ mod tests {
#[test]
fn test_aes256_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "dc1f1a8520a64db55fcc8ac554844e889700";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -986,7 +869,6 @@ mod tests {
#[test]
fn test_bf_ecb() {
let pt = "5CD54CA83DEF57DA";
let ct = "B1B8CC0B250F09A0";
let key = "0131D9619DC1376E";
@ -997,7 +879,6 @@ mod tests {
#[test]
fn test_bf_cfb64() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3";
let key = "0123456789ABCDEFF0E1D2C3B4A59687";
@ -1008,7 +889,6 @@ mod tests {
#[test]
fn test_bf_ofb() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA";
let key = "0123456789ABCDEFF0E1D2C3B4A59687";
@ -1019,7 +899,6 @@ mod tests {
#[test]
fn test_des_cbc() {
let pt = "54686973206973206120746573742e";
let ct = "6f2867cfefda048a4046ef7e556c7132";
let key = "7cb66337f3d3c0fe";
@ -1030,7 +909,6 @@ mod tests {
#[test]
fn test_des_ecb() {
let pt = "54686973206973206120746573742e";
let ct = "0050ab8aecec758843fe157b4dde938c";
let key = "7cb66337f3d3c0fe";
@ -1041,7 +919,6 @@ mod tests {
#[test]
fn test_des_ede3() {
let pt = "9994f4c69d40ae4f34ff403b5cf39d4c8207ea5d3e19a5fd";
let ct = "9e5c4297d60582f81071ac8ab7d0698d4c79de8b94c519858207ea5d3e19a5fd";
let key = "010203040506070801020304050607080102030405060708";
@ -1095,10 +972,12 @@ mod tests {
fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000";
let pt = "000000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000";
let ct = "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\
724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586";
let pt =
"000000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000";
let ct =
"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\
724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586";
cipher_test(Cipher::chacha20(), pt, ct, key, iv);
}
@ -1109,12 +988,14 @@ mod tests {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";
let aad = "50515253c0c1c2c3c4c5c6c7";
let pt = "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\
a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\
6865206675747572652c2073756e73637265656e20776f756c642062652069742e";
let ct = "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\
2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\
b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116";
let pt =
"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\
a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\
6865206675747572652c2073756e73637265656e20776f756c642062652069742e";
let ct =
"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\
2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\
b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116";
let tag = "1ae10b594f09e26a7e902ecbd0600691";
let mut actual_tag = [0; 16];

2
openssl/src/verify.rs
View File

@ -15,7 +15,7 @@ bitflags! {
const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
const SINGLE_LABEL_SUBDOMAINS
= ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
/// Requires the `v110` feature and OpenSSL 1.1.0.
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))]
const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
}

2
openssl/src/x509/verify.rs
View File

@ -1,5 +1,5 @@
//! X509 certificate verification
//!
//! Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0.
//! Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
pub use verify::*;

30
systest/build.rs
View File

@ -29,12 +29,10 @@ fn main() {
} else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
cfg.cfg(&format!("ossl{}", version), None);
}
if let (Ok(version), Ok(patch)) =
(
env::var("DEP_OPENSSL_VERSION"),
env::var("DEP_OPENSSL_PATCH"),
)
{
if let (Ok(version), Ok(patch)) = (
env::var("DEP_OPENSSL_VERSION"),
env::var("DEP_OPENSSL_PATCH"),
) {
cfg.cfg(&format!("ossl{}{}", version, patch), None);
}
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
@ -74,10 +72,12 @@ fn main() {
} else if s == "_STACK" {
format!("struct stack_st")
// This logic should really be cleaned up
} else if is_struct && s != "point_conversion_form_t" &&
s.chars().next().unwrap().is_lowercase()
} else if is_struct && s != "point_conversion_form_t"
&& s.chars().next().unwrap().is_lowercase()
{
format!("struct {}", s)
} else if s.starts_with("stack_st_") {
format!("struct {}", s)
} else {
format!("{}", s)
}
@ -104,13 +104,15 @@ fn main() {
(s == "GENERAL_NAME" && field == "d") // union
});
cfg.skip_signededness(|s| {
s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") ||
s.starts_with("CRYPTO_") || s == "PasswordCallback"
s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn")
|| s.starts_with("CRYPTO_") || s == "PasswordCallback"
});
cfg.field_name(|_s, field| if field == "type_" {
format!("type")
} else {
format!("{}", field)
cfg.field_name(|_s, field| {
if field == "type_" {
format!("type")
} else {
format!("{}", field)
}
});
cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string());
cfg.generate("../openssl-sys/src/lib.rs", "all.rs");