min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(boring): Remove deprecated or outdated APIs (#79)

This commit is contained in:
0x676e67 2025-06-17 23:19:52 +08:00 committed by GitHub
parent ee124d7ccc
commit 4ba97ba54e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 0 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -40,5 +40,3 @@ linked_hash_set = "0.1"
openssl-macros = "0.1.1" openssl-macros = "0.1.1"
autocfg = "1.3.0" autocfg = "1.3.0"
brotli = "8" brotli = "8"
flate2 = "1"
zstd = "0.13"

6
boring/Cargo.toml
View File

@ -77,18 +77,12 @@ kx-client-pq-preferred = ["kx-safe-default", "kx-client-pq-supported"]
# Implies "kx-safe-default". # Implies "kx-safe-default".
kx-client-nist-required = ["kx-safe-default"] kx-client-nist-required = ["kx-safe-default"]
# Certificate compression
cert-compression = ["flate2", "brotli", "zstd"]
[dependencies] [dependencies]
bitflags = { workspace = true } bitflags = { workspace = true }
foreign-types = { workspace = true } foreign-types = { workspace = true }
openssl-macros = { workspace = true } openssl-macros = { workspace = true }
libc = { workspace = true } libc = { workspace = true }
boring-sys = { workspace = true } boring-sys = { workspace = true }
brotli = { workspace = true, optional = true }
flate2 = { workspace = true, optional = true }
zstd = { workspace = true, optional = true }
[dev-dependencies] [dev-dependencies]
hex = { workspace = true } hex = { workspace = true }

195
boring/src/ssl/cert_compression.rs
View File

@ -1,195 +0,0 @@
use boring_sys as ffi;
use std::{io::Read, slice};
/// IANA assigned identifier of compression algorithm.
/// See https://www.rfc-editor.org/rfc/rfc8879.html#name-compression-algorithms
#[deprecated(
since = "4.15.13",
note = "This enum is deprecated and will be removed in a future version. \
Use `boring::ssl::CertificateCompressionAlgorithm` instead."
)]
#[repr(u16)]
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub enum CertCompressionAlgorithm {
/// The Brotli compression algorithm.
Brotli = ffi::TLSEXT_cert_compression_brotli as _,
/// The zlib compression algorithm.
Zlib = ffi::TLSEXT_cert_compression_zlib as _,
/// The Zstandard compression algorithm.
Zstd = ffi::TLSEXT_cert_compression_zstd as _,
}
impl CertCompressionAlgorithm {
/// Returns the compression function for the algorithm.
pub(crate) fn compression_fn(&self) -> ffi::ssl_cert_compression_func_t {
match &self {
Self::Brotli => Some(brotli_compressor),
Self::Zlib => Some(zlib_compressor),
Self::Zstd => Some(zstd_compressor),
}
}
/// Returns the decompression function for the algorithm.
pub(crate) fn decompression_fn(&self) -> ffi::ssl_cert_decompression_func_t {
match &self {
Self::Brotli => Some(brotli_decompressor),
Self::Zlib => Some(zlib_decompressor),
Self::Zstd => Some(zstd_decompressor),
}
}
}
extern "C" fn brotli_compressor(
_ssl: *mut ffi::SSL,
buffer: *mut ffi::CBB,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let mut uncompressed = unsafe { slice::from_raw_parts(in_, in_len) };
let mut compressed = Vec::new();
let params = brotli::enc::encode::BrotliEncoderInitParams();
if brotli::BrotliCompress(&mut uncompressed, &mut compressed, &params).is_err() {
return 0;
}
unsafe { ffi::CBB_add_bytes(buffer, compressed.as_ptr(), compressed.len()) }
}
extern "C" fn zlib_compressor(
_ssl: *mut ffi::SSL,
out: *mut ffi::CBB,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let mut uncompressed = unsafe { slice::from_raw_parts(in_, in_len) };
let mut compressed = Vec::new();
let params = flate2::Compression::default();
let mut encoder = flate2::bufread::ZlibEncoder::new(&mut uncompressed, params);
if encoder.read_to_end(&mut compressed).is_err() {
return 0;
}
unsafe { ffi::CBB_add_bytes(out, compressed.as_ptr(), compressed.len()) }
}
extern "C" fn zstd_compressor(
_ssl: *mut ffi::SSL,
out: *mut ffi::CBB,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let mut uncompressed = unsafe { slice::from_raw_parts(in_, in_len) };
let compressed = if let Ok(compressed) = zstd::encode_all(&mut uncompressed, 3) {
compressed
} else {
return 0;
};
unsafe { ffi::CBB_add_bytes(out, compressed.as_ptr(), compressed.len()) }
}
extern "C" fn brotli_decompressor(
_ssl: *mut ffi::SSL,
buffer: *mut *mut ffi::CRYPTO_BUFFER,
uncompressed_len: usize,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let compressed = unsafe { slice::from_raw_parts(in_, in_len) };
let mut uncompressed = Vec::with_capacity(uncompressed_len);
if brotli::BrotliDecompress(&mut &compressed[..], &mut uncompressed).is_err() {
return 0;
}
if uncompressed.len() != uncompressed_len {
return 0;
}
unsafe {
*buffer = ffi::CRYPTO_BUFFER_new(
uncompressed.as_ptr(),
uncompressed_len,
std::ptr::null_mut(),
);
if buffer.is_null() {
return 0;
}
}
1
}
extern "C" fn zlib_decompressor(
_ssl: *mut ffi::SSL,
buffer: *mut *mut ffi::CRYPTO_BUFFER,
uncompressed_len: usize,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let mut compressed = unsafe { slice::from_raw_parts(in_, in_len) };
let mut uncompressed = Vec::with_capacity(uncompressed_len);
let mut decoder = flate2::bufread::ZlibDecoder::new(&mut compressed);
if decoder.read_to_end(&mut uncompressed).is_err() {
return 0;
}
if uncompressed.len() != uncompressed_len {
return 0;
}
unsafe {
*buffer = ffi::CRYPTO_BUFFER_new(
uncompressed.as_ptr(),
uncompressed_len,
std::ptr::null_mut(),
);
if buffer.is_null() {
return 0;
}
}
1
}
extern "C" fn zstd_decompressor(
_ssl: *mut ffi::SSL,
buffer: *mut *mut ffi::CRYPTO_BUFFER,
uncompressed_len: usize,
in_: *const u8,
in_len: usize,
) -> ::std::os::raw::c_int {
let mut compressed = unsafe { slice::from_raw_parts(in_, in_len) };
let uncompressed = if let Ok(uncompressed) = zstd::decode_all(&mut compressed) {
uncompressed
} else {
return 0;
};
if uncompressed.len() != uncompressed_len {
return 0;
}
unsafe {
*buffer = ffi::CRYPTO_BUFFER_new(
uncompressed.as_ptr(),
uncompressed_len,
std::ptr::null_mut(),
);
if buffer.is_null() {
return 0;
}
}
1
}

70
boring/src/ssl/mod.rs
View File

@ -103,12 +103,6 @@ pub use self::async_callbacks::{
BoxCustomVerifyFuture, BoxGetSessionFinish, BoxGetSessionFuture, BoxPrivateKeyMethodFinish, BoxCustomVerifyFuture, BoxGetSessionFinish, BoxGetSessionFuture, BoxPrivateKeyMethodFinish,
BoxPrivateKeyMethodFuture, BoxSelectCertFinish, BoxSelectCertFuture, ExDataFuture, BoxPrivateKeyMethodFuture, BoxSelectCertFinish, BoxSelectCertFuture, ExDataFuture,
}; };
#[deprecated(
since = "4.15.13",
note = "Use `boring2::ssl::CertificateCompressionAlgorithm` instead"
)]
#[cfg(feature = "cert-compression")]
pub use self::cert_compression::CertCompressionAlgorithm;
pub use self::connector::{ pub use self::connector::{
ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder, ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder,
}; };
@ -119,8 +113,6 @@ pub use self::error::{Error, ErrorCode, HandshakeError};
mod async_callbacks; mod async_callbacks;
mod bio; mod bio;
mod callbacks; mod callbacks;
#[cfg(feature = "cert-compression")]
mod cert_compression;
mod connector; mod connector;
#[cfg(not(feature = "fips"))] #[cfg(not(feature = "fips"))]
mod ech; mod ech;
@ -1198,20 +1190,6 @@ impl SslContextBuilder {
} }
} }
/// Sets a custom certificate store for verifying peer certificates.
#[deprecated(since = "4.15.13", note = "Use `set_verify_cert_store` instead.")]
#[corresponds(SSL_CTX_set1_verify_cert_store)]
pub fn set_verify_cert_store_ref(
&mut self,
cert_store: &'static X509Store,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set1_verify_cert_store(self.as_ptr(), cert_store.as_ptr()) as c_int)?;
Ok(())
}
}
/// Use [`set_cert_store_builder`] or [`set_cert_store_ref`] instead. /// Use [`set_cert_store_builder`] or [`set_cert_store_ref`] instead.
/// ///
/// Replaces the context's certificate store. /// Replaces the context's certificate store.
@ -1435,28 +1413,6 @@ impl SslContextBuilder {
unsafe { cvt(ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr())).map(|_| ()) } unsafe { cvt(ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr())).map(|_| ()) }
} }
/// Sets whether a certificate compression algorithm should be used.
#[deprecated(
since = "4.15.13",
note = "Use `add_certificate_compression_algorithm` instead."
)]
#[cfg(feature = "cert-compression")]
#[corresponds(SSL_CTX_add_cert_compression_alg)]
pub fn add_cert_compression_alg(
&mut self,
alg: CertCompressionAlgorithm,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_add_cert_compression_alg(
self.as_ptr(),
alg as _,
alg.compression_fn(),
alg.decompression_fn(),
))
.map(|_| ())
}
}
/// Sets the list of supported ciphers for protocols before TLSv1.3. /// Sets the list of supported ciphers for protocols before TLSv1.3.
/// ///
/// The `set_ciphersuites` method controls the cipher suites for TLSv1.3 in OpenSSL. /// The `set_ciphersuites` method controls the cipher suites for TLSv1.3 in OpenSSL.
@ -1997,13 +1953,6 @@ impl SslContextBuilder {
unsafe { ffi::SSL_CTX_set_aes_hw_override(self.as_ptr(), enable as _) } unsafe { ffi::SSL_CTX_set_aes_hw_override(self.as_ptr(), enable as _) }
} }
/// Sets whether the context should enable there key share extension.
#[deprecated(since = "4.13.8", note = "use `set_key_shares_limit` instead")]
#[corresponds(SSL_CTX_set_key_shares_limit)]
pub fn set_key_shares_length_limit(&mut self, limit: u8) {
self.set_key_shares_limit(limit)
}
/// Sets the indices of the extensions to be permuted. /// Sets the indices of the extensions to be permuted.
/// ///
/// The indices must be in the range [0, 25). /// The indices must be in the range [0, 25).
@ -2032,25 +1981,6 @@ impl SslContextBuilder {
} }
} }
/// Sets the indices of the extensions to be permuted.
///
/// The indices must be in the range [0, 25).
/// Extension duplication will be verified by the user.
/// If duplication occurs, TLS connection failure may occur.
#[deprecated(since = "4.15.13", note = "use `set_extension_permutation` instead")]
#[corresponds(SSL_CTX_set_extension_permutation)]
#[cfg(not(feature = "fips-compat"))]
pub fn set_extension_permutation_indices(&mut self, indices: &[u8]) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_extension_permutation(
self.as_ptr(),
indices.as_ptr() as *const _,
indices.len() as _,
))
.map(|_| ())
}
}
/// Configures whether ClientHello extensions should be permuted. /// Configures whether ClientHello extensions should be permuted.
/// ///
/// Note: This is gated to non-fips because the fips feature builds with a separate /// Note: This is gated to non-fips because the fips feature builds with a separate