min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove ossl101 gate

This commit is contained in:
Ivan Nikulin 2020-11-11 13:21:33 +00:00
parent a4c8a21997
commit 61b600331b
12 changed files with 15 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssl-sys/build.rs
View File

@ -187,7 +187,6 @@ fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl101");
cfgs.push("ossl102"); cfgs.push("ossl102");
cfgs.push("ossl102f"); cfgs.push("ossl102f");
cfgs.push("ossl102h"); cfgs.push("ossl102h");

2
openssl-sys/src/asn1.rs
View File

@ -28,8 +28,6 @@ extern "C" {
pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar; pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar;
#[cfg(any(all(ossl101, not(ossl110)), libressl))]
pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar;
pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING); pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);

2
openssl-sys/src/crypto.rs
View File

@ -92,9 +92,7 @@ extern "C" {
} }
extern "C" { extern "C" {
#[cfg(ossl101)]
pub fn FIPS_mode() -> c_int; pub fn FIPS_mode() -> c_int;
#[cfg(ossl101)]
pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn FIPS_mode_set(onoff: c_int) -> c_int;
pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int;

2
openssl-sys/src/ossl_typ.rs
View File

@ -643,7 +643,7 @@ cfg_if! {
))] ))]
next_proto_select_cb_arg: *mut c_void, next_proto_select_cb_arg: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT")))]
srtp_profiles: *mut c_void, srtp_profiles: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
alpn_select_cb: *mut c_void, alpn_select_cb: *mut c_void,

2
openssl-sys/src/pkcs7.rs
View File

@ -20,8 +20,6 @@ pub const PKCS7_BINARY: c_int = 0x80;
pub const PKCS7_NOATTR: c_int = 0x100; pub const PKCS7_NOATTR: c_int = 0x100;
pub const PKCS7_NOSMIMECAP: c_int = 0x200; pub const PKCS7_NOSMIMECAP: c_int = 0x200;
pub const PKCS7_STREAM: c_int = 0x1000; pub const PKCS7_STREAM: c_int = 0x1000;
#[cfg(not(any(ossl101, ossl102, libressl)))]
pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000;
extern "C" { extern "C" {
pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: size_t) -> *mut PKCS7; pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: size_t) -> *mut PKCS7;

50
openssl-sys/src/ssl.rs
View File

@ -113,27 +113,15 @@ pub const SSL_OP_NO_QUERY_MTU: c_uint = 0x00001000;
pub const SSL_OP_NO_TICKET: c_uint = 0x00004000; pub const SSL_OP_NO_TICKET: c_uint = 0x00004000;
pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_uint = 0x00010000; pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_uint = 0x00010000;
cfg_if! {
if #[cfg(ossl101)] {
pub const SSL_OP_NO_COMPRESSION: c_uint = 0x00020000;
pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x00040000;
} else {
pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0; pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0;
pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0; pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0;
}
}
pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_uint = 0x00400000; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_uint = 0x00400000;
pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0x00800000; pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0x00800000;
cfg_if! {
if #[cfg(ossl101)] {
pub const SSL_OP_NO_SSLv3: c_uint = 0x02000000;
} else {
pub const SSL_OP_NO_SSLv3: c_uint = 0x0; pub const SSL_OP_NO_SSLv3: c_uint = 0x0;
}
}
pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000; pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000;
pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000;
@ -150,8 +138,6 @@ pub const SSL_OP_NO_RENEGOTIATION: c_uint = 0x40000000;
pub const SSL_OP_ALL: c_uint = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT; pub const SSL_OP_ALL: c_uint = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT;
cfg_if! {
if #[cfg(ossl110)] {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000;
@ -162,40 +148,14 @@ cfg_if! {
pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000; pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000;
pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000; pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000;
pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000; pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000;
} else if #[cfg(ossl101)] {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000001;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000002;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000008;
pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000020;
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000080;
pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000100;
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000200;
pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000;
pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000;
pub const SSL_OP_NO_SSLv2: c_uint = 0x01000000;
} else {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x0;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x0;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x0;
pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x0;
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x0;
pub const SSL_OP_TLS_D5_BUG: c_uint = 0x0;
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x0;
pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000;
pub const SSL_OP_NO_SSLv2: c_uint = 0x0;
}
}
pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_uint = 0x1; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_uint = 0x1;
pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_uint = 0x2; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_uint = 0x2;
pub const SSL_MODE_AUTO_RETRY: c_uint = 0x4; pub const SSL_MODE_AUTO_RETRY: c_uint = 0x4;
pub const SSL_MODE_NO_AUTO_CHAIN: c_uint = 0x8; pub const SSL_MODE_NO_AUTO_CHAIN: c_uint = 0x8;
pub const SSL_MODE_RELEASE_BUFFERS: c_uint = 0x10; pub const SSL_MODE_RELEASE_BUFFERS: c_uint = 0x10;
#[cfg(ossl101)]
pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_uint = 0x20; pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_uint = 0x20;
#[cfg(ossl101)]
pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_uint = 0x40; pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_uint = 0x40;
#[cfg(ossl101)]
pub const SSL_MODE_SEND_FALLBACK_SCSV: c_uint = 0x80; pub const SSL_MODE_SEND_FALLBACK_SCSV: c_uint = 0x80;
extern "C" { extern "C" {
@ -374,14 +334,6 @@ pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_NONE: c_int = 0;
pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_PEER: c_int = 1;
pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
#[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
#[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_OPTIONS: c_int = 32;
#[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
#[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
extern "C" { extern "C" {
pub fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *const DH) -> c_int; pub fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *const DH) -> c_int;

1
openssl/build.rs
View File

@ -1,7 +1,6 @@
fn main() { fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl101");
cfgs.push("ossl102"); cfgs.push("ossl102");
cfgs.push("ossl102f"); cfgs.push("ossl102f");
cfgs.push("ossl102h"); cfgs.push("ossl102h");

11
openssl/src/sign.rs
View File

@ -577,19 +577,8 @@ impl<'a> Write for Verifier<'a> {
} }
} }
#[cfg(not(ossl101))]
use ffi::EVP_DigestVerifyFinal; use ffi::EVP_DigestVerifyFinal;
#[cfg(ossl101)]
#[allow(bad_style)]
unsafe fn EVP_DigestVerifyFinal(
ctx: *mut ffi::EVP_MD_CTX,
sigret: *const ::libc::c_uchar,
siglen: ::libc::size_t,
) -> ::libc::c_int {
ffi::EVP_DigestVerifyFinal(ctx, sigret as *mut _, siglen)
}
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use super::RsaPssSaltlen; use super::RsaPssSaltlen;

58
openssl/src/ssl/callbacks.rs
View File

@ -10,8 +10,6 @@ use std::slice;
use std::str; use std::str;
use std::sync::Arc; use std::sync::Arc;
#[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey;
use error::ErrorStack; use error::ErrorStack;
#[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, libressl261))]
use ssl::AlpnError; use ssl::AlpnError;
@ -194,62 +192,6 @@ where
} }
} }
#[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int,
) -> *mut ffi::EC_KEY
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{
let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: tmp ecdh callback missing") as *const F;
match (*callback)(ssl, is_export != 0, keylength as u32) {
Ok(ec_key) => {
let ptr = ec_key.as_ptr();
mem::forget(ec_key);
ptr
}
Err(e) => {
e.put();
ptr::null_mut()
}
}
}
#[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int,
) -> *mut ffi::EC_KEY
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{
let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl
.ex_data(Ssl::cached_ex_index::<Arc<F>>())
.expect("BUG: ssl tmp ecdh callback missing")
.clone();
match callback(ssl, is_export != 0, keylength as u32) {
Ok(ec_key) => {
let ptr = ec_key.as_ptr();
mem::forget(ec_key);
ptr
}
Err(e) => {
e.put();
ptr::null_mut()
}
}
}
pub unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int pub unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int
where where
F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,

42
openssl/src/ssl/mod.rs
View File

@ -79,8 +79,6 @@ use std::str;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use dh::DhRef; use dh::DhRef;
#[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey;
use ec::EcKeyRef; use ec::EcKeyRef;
use error::ErrorStack; use error::ErrorStack;
use ex_data::Index; use ex_data::Index;
@ -724,27 +722,6 @@ impl SslContextBuilder {
unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
} }
/// Sets the callback which will generate parameters to be used during ephemeral elliptic curve
/// Diffie-Hellman key exchange.
///
/// The callback is provided with a reference to the `Ssl` for the session, as well as a boolean
/// indicating if the selected cipher is export-grade, and the key length. The export and key
/// length options are archaic and should be ignored in almost all cases.
///
/// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`.
#[cfg(all(ossl101, not(ossl110)))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), raw_tmp_ecdh::<F>);
}
}
/// Use the default locations of trusted certificates for verification. /// Use the default locations of trusted certificates for verification.
/// ///
/// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables
@ -2108,25 +2085,6 @@ impl SslRef {
unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
} }
/// Like [`SslContextBuilder::set_tmp_ecdh_callback`].
///
/// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_set_tmp_ecdh_callback`.
///
/// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback
#[cfg(any(all(ossl101, not(ossl110))))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{
unsafe {
// this needs to be in an Arc since the callback can register a new callback!
self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback));
ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), raw_tmp_ecdh_ssl::<F>);
}
}
/// Like [`SslContextBuilder::set_ecdh_auto`]. /// Like [`SslContextBuilder::set_ecdh_auto`].
/// ///
/// Requires OpenSSL 1.0.2. /// Requires OpenSSL 1.0.2.

48
openssl/src/ssl/test/mod.rs
View File

@ -832,54 +832,6 @@ fn cert_store() {
client.connect(); client.connect();
} }
#[test]
#[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback() {
use ec::EcKey;
use nid::Nid;
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
let mut server = Server::builder();
server.ctx().set_tmp_ecdh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
});
let server = server.build();
let mut client = server.client();
client.ctx().set_cipher_list("ECDH").unwrap();
client.connect();
assert!(CALLED_BACK.load(Ordering::SeqCst));
}
#[test]
#[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback_ssl() {
use ec::EcKey;
use nid::Nid;
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
let mut server = Server::builder();
server.ssl_cb(|ssl| {
ssl.set_tmp_ecdh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
});
});
let server = server.build();
let mut client = server.client();
client.ctx().set_cipher_list("ECDH").unwrap();
client.connect();
assert!(CALLED_BACK.load(Ordering::SeqCst));
}
#[test] #[test]
fn idle_session() { fn idle_session() {
let ctx = SslContext::builder(SslMethod::tls()).unwrap().build(); let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();

1
systest/build.rs
View File

@ -25,7 +25,6 @@ fn main() {
let mut cfgs = vec![]; let mut cfgs = vec![];
cfgs.push("ossl101");
cfgs.push("ossl102"); cfgs.push("ossl102");
cfgs.push("ossl102f"); cfgs.push("ossl102f");
cfgs.push("ossl102h"); cfgs.push("ossl102h");