From 61b600331b23a81b6866629a50dc761aa2a40c6f Mon Sep 17 00:00:00 2001 From: Ivan Nikulin Date: Wed, 11 Nov 2020 13:21:33 +0000 Subject: [PATCH] Remove ossl101 gate --- openssl-sys/build.rs | 1 - openssl-sys/src/asn1.rs | 2 - openssl-sys/src/crypto.rs | 2 - openssl-sys/src/ossl_typ.rs | 2 +- openssl-sys/src/pkcs7.rs | 2 - openssl-sys/src/ssl.rs | 76 +++++++----------------------------- openssl/build.rs | 1 - openssl/src/sign.rs | 11 ------ openssl/src/ssl/callbacks.rs | 58 --------------------------- openssl/src/ssl/mod.rs | 42 -------------------- openssl/src/ssl/test/mod.rs | 48 ----------------------- systest/build.rs | 1 - 12 files changed, 15 insertions(+), 231 deletions(-) diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index ffd347d7..e0692034 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -187,7 +187,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl101"); cfgs.push("ossl102"); cfgs.push("ossl102f"); cfgs.push("ossl102h"); diff --git a/openssl-sys/src/asn1.rs b/openssl-sys/src/asn1.rs index 621caeb8..b1fdf9e8 100644 --- a/openssl-sys/src/asn1.rs +++ b/openssl-sys/src/asn1.rs @@ -28,8 +28,6 @@ extern "C" { pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; #[cfg(any(ossl110, libressl273))] pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar; - #[cfg(any(all(ossl101, not(ossl110)), libressl))] - pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar; pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING); diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 65c64062..4d9f9c3c 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -92,9 +92,7 @@ extern "C" { } extern "C" { - #[cfg(ossl101)] pub fn FIPS_mode() -> c_int; - #[cfg(ossl101)] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index b3914521..c897205f 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -643,7 +643,7 @@ cfg_if! { ))] next_proto_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))] srtp_profiles: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void, diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index c7c612b0..5282740c 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -20,8 +20,6 @@ pub const PKCS7_BINARY: c_int = 0x80; pub const PKCS7_NOATTR: c_int = 0x100; pub const PKCS7_NOSMIMECAP: c_int = 0x200; pub const PKCS7_STREAM: c_int = 0x1000; -#[cfg(not(any(ossl101, ossl102, libressl)))] -pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; extern "C" { pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: size_t) -> *mut PKCS7; diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 93aff131..53520d9c 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -113,27 +113,15 @@ pub const SSL_OP_NO_QUERY_MTU: c_uint = 0x00001000; pub const SSL_OP_NO_TICKET: c_uint = 0x00004000; pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_uint = 0x00010000; -cfg_if! { - if #[cfg(ossl101)] { - pub const SSL_OP_NO_COMPRESSION: c_uint = 0x00020000; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x00040000; - } else { - pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0; - } -} + +pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0; +pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_uint = 0x00400000; pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0x00800000; -cfg_if! { - if #[cfg(ossl101)] { - pub const SSL_OP_NO_SSLv3: c_uint = 0x02000000; - } else { - pub const SSL_OP_NO_SSLv3: c_uint = 0x0; - } -} +pub const SSL_OP_NO_SSLv3: c_uint = 0x0; pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000; pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000; @@ -150,52 +138,24 @@ pub const SSL_OP_NO_RENEGOTIATION: c_uint = 0x40000000; pub const SSL_OP_ALL: c_uint = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT; -cfg_if! { - if #[cfg(ossl110)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000000; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000000; - pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000000; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000000; - pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000; - pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000; - pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000; - } else if #[cfg(ossl101)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000001; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000002; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000008; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000020; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000080; - pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000100; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000200; - pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_uint = 0x01000000; - } else { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x0; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x0; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x0; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x0; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x0; - pub const SSL_OP_TLS_D5_BUG: c_uint = 0x0; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x0; - pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_uint = 0x0; - } -} +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000000; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000000; +pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000000; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000000; +pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000; +pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000; +pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_uint = 0x1; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_uint = 0x2; pub const SSL_MODE_AUTO_RETRY: c_uint = 0x4; pub const SSL_MODE_NO_AUTO_CHAIN: c_uint = 0x8; pub const SSL_MODE_RELEASE_BUFFERS: c_uint = 0x10; -#[cfg(ossl101)] pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_uint = 0x20; -#[cfg(ossl101)] pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_uint = 0x40; -#[cfg(ossl101)] pub const SSL_MODE_SEND_FALLBACK_SCSV: c_uint = 0x80; extern "C" { @@ -374,14 +334,6 @@ pub const SSL_ERROR_ZERO_RETURN: c_int = 6; pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] -pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] -pub const SSL_CTRL_OPTIONS: c_int = 32; -#[cfg(any(libressl, all(ossl101, not(ossl110))))] -pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; -#[cfg(any(libressl, all(ossl102, not(ossl110))))] -pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; extern "C" { pub fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *const DH) -> c_int; diff --git a/openssl/build.rs b/openssl/build.rs index 208ede90..28ee51cf 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -1,7 +1,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl101"); cfgs.push("ossl102"); cfgs.push("ossl102f"); cfgs.push("ossl102h"); diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 3976d4ae..b3216654 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -577,19 +577,8 @@ impl<'a> Write for Verifier<'a> { } } -#[cfg(not(ossl101))] use ffi::EVP_DigestVerifyFinal; -#[cfg(ossl101)] -#[allow(bad_style)] -unsafe fn EVP_DigestVerifyFinal( - ctx: *mut ffi::EVP_MD_CTX, - sigret: *const ::libc::c_uchar, - siglen: ::libc::size_t, -) -> ::libc::c_int { - ffi::EVP_DigestVerifyFinal(ctx, sigret as *mut _, siglen) -} - #[cfg(test)] mod test { use super::RsaPssSaltlen; diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 07e42602..0df11cd7 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -10,8 +10,6 @@ use std::slice; use std::str; use std::sync::Arc; -#[cfg(all(ossl101, not(ossl110)))] -use ec::EcKey; use error::ErrorStack; #[cfg(any(ossl102, libressl261))] use ssl::AlpnError; @@ -194,62 +192,6 @@ where } } -#[cfg(all(ossl101, not(ossl110)))] -pub unsafe extern "C" fn raw_tmp_ecdh( - ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int, -) -> *mut ffi::EC_KEY -where - F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, -{ - let ssl = SslRef::from_ptr_mut(ssl); - let callback = ssl - .ssl_context() - .ex_data(SslContext::cached_ex_index::()) - .expect("BUG: tmp ecdh callback missing") as *const F; - - match (*callback)(ssl, is_export != 0, keylength as u32) { - Ok(ec_key) => { - let ptr = ec_key.as_ptr(); - mem::forget(ec_key); - ptr - } - Err(e) => { - e.put(); - ptr::null_mut() - } - } -} - -#[cfg(all(ossl101, not(ossl110)))] -pub unsafe extern "C" fn raw_tmp_ecdh_ssl( - ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int, -) -> *mut ffi::EC_KEY -where - F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, -{ - let ssl = SslRef::from_ptr_mut(ssl); - let callback = ssl - .ex_data(Ssl::cached_ex_index::>()) - .expect("BUG: ssl tmp ecdh callback missing") - .clone(); - - match callback(ssl, is_export != 0, keylength as u32) { - Ok(ec_key) => { - let ptr = ec_key.as_ptr(); - mem::forget(ec_key); - ptr - } - Err(e) => { - e.put(); - ptr::null_mut() - } - } -} - pub unsafe extern "C" fn raw_tlsext_status(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int where F: Fn(&mut SslRef) -> Result + 'static + Sync + Send, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 92c21258..c9f1f2fc 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -79,8 +79,6 @@ use std::str; use std::sync::{Arc, Mutex}; use dh::DhRef; -#[cfg(all(ossl101, not(ossl110)))] -use ec::EcKey; use ec::EcKeyRef; use error::ErrorStack; use ex_data::Index; @@ -724,27 +722,6 @@ impl SslContextBuilder { unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } } - /// Sets the callback which will generate parameters to be used during ephemeral elliptic curve - /// Diffie-Hellman key exchange. - /// - /// The callback is provided with a reference to the `Ssl` for the session, as well as a boolean - /// indicating if the selected cipher is export-grade, and the key length. The export and key - /// length options are archaic and should be ignored in almost all cases. - /// - /// Requires OpenSSL 1.0.1 or 1.0.2. - /// - /// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`. - #[cfg(all(ossl101, not(ossl110)))] - pub fn set_tmp_ecdh_callback(&mut self, callback: F) - where - F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, - { - unsafe { - self.set_ex_data(SslContext::cached_ex_index::(), callback); - ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), raw_tmp_ecdh::); - } - } - /// Use the default locations of trusted certificates for verification. /// /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables @@ -2108,25 +2085,6 @@ impl SslRef { unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } } - /// Like [`SslContextBuilder::set_tmp_ecdh_callback`]. - /// - /// Requires OpenSSL 1.0.1 or 1.0.2. - /// - /// This corresponds to `SSL_set_tmp_ecdh_callback`. - /// - /// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback - #[cfg(any(all(ossl101, not(ossl110))))] - pub fn set_tmp_ecdh_callback(&mut self, callback: F) - where - F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, - { - unsafe { - // this needs to be in an Arc since the callback can register a new callback! - self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback)); - ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), raw_tmp_ecdh_ssl::); - } - } - /// Like [`SslContextBuilder::set_ecdh_auto`]. /// /// Requires OpenSSL 1.0.2. diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 00364c3f..7f8c2965 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -832,54 +832,6 @@ fn cert_store() { client.connect(); } -#[test] -#[cfg(all(ossl101, not(ossl110)))] -fn tmp_ecdh_callback() { - use ec::EcKey; - use nid::Nid; - - static CALLED_BACK: AtomicBool = AtomicBool::new(false); - - let mut server = Server::builder(); - server.ctx().set_tmp_ecdh_callback(|_, _, _| { - CALLED_BACK.store(true, Ordering::SeqCst); - EcKey::from_curve_name(Nid::X9_62_PRIME256V1) - }); - - let server = server.build(); - - let mut client = server.client(); - client.ctx().set_cipher_list("ECDH").unwrap(); - client.connect(); - - assert!(CALLED_BACK.load(Ordering::SeqCst)); -} - -#[test] -#[cfg(all(ossl101, not(ossl110)))] -fn tmp_ecdh_callback_ssl() { - use ec::EcKey; - use nid::Nid; - - static CALLED_BACK: AtomicBool = AtomicBool::new(false); - - let mut server = Server::builder(); - server.ssl_cb(|ssl| { - ssl.set_tmp_ecdh_callback(|_, _, _| { - CALLED_BACK.store(true, Ordering::SeqCst); - EcKey::from_curve_name(Nid::X9_62_PRIME256V1) - }); - }); - - let server = server.build(); - - let mut client = server.client(); - client.ctx().set_cipher_list("ECDH").unwrap(); - client.connect(); - - assert!(CALLED_BACK.load(Ordering::SeqCst)); -} - #[test] fn idle_session() { let ctx = SslContext::builder(SslMethod::tls()).unwrap().build(); diff --git a/systest/build.rs b/systest/build.rs index 9e601320..e63abe57 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -25,7 +25,6 @@ fn main() { let mut cfgs = vec![]; - cfgs.push("ossl101"); cfgs.push("ossl102"); cfgs.push("ossl102f"); cfgs.push("ossl102h");