Merge pull request #884 from sfackler/libressl-27

Support LibreSSL 2.7.0

.circleci/config.yml

@@ -104,9 +104,9 @@ openssl_101: &OPENSSL_101
 libressl_250: &LIBRESSL_250
   LIBRARY: libressl
   VERSION: 2.5.0
-libressl_263: &LIBRESSL_263
+libressl_263: &LIBRESSL_270
   LIBRARY: libressl
-  VERSION: 2.6.3
+  VERSION: 2.7.0
 
 x86_64: &X86_64
   TARGET: x86_64-unknown-linux-gnu
@@ -171,10 +171,10 @@ jobs:
     <<: *JOB
     environment:
       <<: [*LIBRESSL_250, *X86_64, *BASE]
-  x86_64-libressl-2.6.3:
+  x86_64-libressl-2.7.0:
     <<: *JOB
     environment:
-      <<: [*LIBRESSL_263, *X86_64, *BASE]
+      <<: [*LIBRESSL_270, *X86_64, *BASE]
   macos:
     <<: *MACOS_JOB
 workflows:
@@ -192,5 +192,5 @@ workflows:
     - armhf-openssl-1.1.0
     - armhf-openssl-1.0.2
     - x86_64-libressl-2.5.0
-    - x86_64-libressl-2.6.3
+    - x86_64-libressl-2.7.0
     - macos

openssl-sys/build.rs

@@ -323,8 +323,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version {
 #include <openssl/opensslv.h>
 #include <openssl/opensslconf.h>
 
-#if LIBRESSL_VERSION_NUMBER >= 0x20700000
+#if LIBRESSL_VERSION_NUMBER >= 0x20701000
 RUST_LIBRESSL_NEW
+#elif LIBRESSL_VERSION_NUMBER >= 0x20700000
+RUST_LIBRESSL_270
 #elif LIBRESSL_VERSION_NUMBER >= 0x20603000
 RUST_LIBRESSL_26X
 #elif LIBRESSL_VERSION_NUMBER >= 0x20602000
@@ -473,6 +475,13 @@ See rust-openssl README for more information:
         println!("cargo:libressl_version=26x");
         println!("cargo:version=101");
         Version::Libressl
+    } else if expanded.contains("RUST_LIBRESSL_270") {
+        println!("cargo:rustc-cfg=libressl");
+        println!("cargo:rustc-cfg=libressl270");
+        println!("cargo:libressl=true");
+        println!("cargo:libressl_version=270");
+        println!("cargo:version=101");
+        Version::Libressl
     } else if expanded.contains("RUST_OPENSSL_111") {
         println!("cargo:rustc-cfg=ossl111");
         println!("cargo:rustc-cfg=ossl110");

openssl-sys/src/lib.rs

@@ -247,7 +247,8 @@ pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
 pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
 
 pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY
-    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX;
+    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX
+    | EVP_PKEY_OP_VERIFYCTX;
 
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
 
@@ -1276,14 +1277,14 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(any(libressl261, libressl262, libressl26x, ossl101)))]
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl270, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
-#[cfg(any(libressl261, libressl262, libressl26x))]
+#[cfg(any(libressl261, libressl262, libressl26x, libressl270))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl270)))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
-#[cfg(any(libressl261, libressl262, libressl26x))]
+#[cfg(any(libressl261, libressl262, libressl26x, libressl270))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(libressl))]
@@ -1927,9 +1928,17 @@ extern "C" {
 
     pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
     pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
-    pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
+    pub fn ECDSA_do_verify(
-                           sig: *const ECDSA_SIG, eckey: *mut EC_KEY) -> c_int;
+        dgst: *const c_uchar,
-    pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut EC_KEY) -> *mut ECDSA_SIG;
+        dgst_len: c_int,
+        sig: *const ECDSA_SIG,
+        eckey: *mut EC_KEY,
+    ) -> c_int;
+    pub fn ECDSA_do_sign(
+        dgst: *const c_uchar,
+        dgst_len: c_int,
+        eckey: *mut EC_KEY,
+    ) -> *mut ECDSA_SIG;
 
     pub fn ERR_peek_last_error() -> c_ulong;
     pub fn ERR_get_error() -> c_ulong;
@@ -2704,7 +2713,12 @@ extern "C" {
 
     pub fn X509_STORE_CTX_new() -> *mut X509_STORE_CTX;
     pub fn X509_STORE_CTX_cleanup(ctx: *mut X509_STORE_CTX);
-    pub fn X509_STORE_CTX_init(ctx: *mut X509_STORE_CTX, store: *mut X509_STORE, x509: *mut X509, chain: *mut stack_st_X509) -> c_int;
+    pub fn X509_STORE_CTX_init(
+        ctx: *mut X509_STORE_CTX,
+        store: *mut X509_STORE,
+        x509: *mut X509,
+        chain: *mut stack_st_X509,
+    ) -> c_int;
     pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX);
     pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509;
     pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int;
@@ -2839,31 +2853,23 @@ extern "C" {
 
     pub fn SSL_CTX_set_cookie_generate_cb(
         s: *mut SSL_CTX,
-        cb: Option<extern "C" fn(
+        cb: Option<
-            ssl: *mut SSL,
+            extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
-            cookie: *mut c_uchar,
+        >,
-            cookie_len: *mut c_uint
-        ) -> c_int>
     );
 
     #[cfg(ossl110)]
     pub fn SSL_CTX_set_cookie_verify_cb(
         s: *mut SSL_CTX,
-        cb: Option<extern "C" fn(
+        cb: Option<
-            ssl: *mut SSL,
+            extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int,
-            cookie: *const c_uchar,
+        >,
-            cookie_len: c_uint
-        ) -> c_int>
     );
 
     #[cfg(not(ossl110))]
     pub fn SSL_CTX_set_cookie_verify_cb(
         s: *mut SSL_CTX,
-        cb: Option<extern "C" fn(
+        cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: c_uint) -> c_int>,
-            ssl: *mut SSL,
-            cookie: *mut c_uchar,
-            cookie_len: c_uint
-        ) -> c_int>
     );
 
     pub fn EVP_MD_size(md: *const EVP_MD) -> c_int;

openssl-sys/src/libressl/mod.rs

@@ -136,7 +136,7 @@ pub struct DSA {
 #[repr(C)]
 pub struct ECDSA_SIG {
     pub r: *mut ::BIGNUM,
-    pub s: *mut ::BIGNUM
+    pub s: *mut ::BIGNUM,
 }
 
 #[repr(C)]
@@ -337,9 +337,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
-#[cfg(any(libressl261, libressl262, libressl26x))]
+#[cfg(any(libressl261, libressl262, libressl26x, libressl270))]
 pub const SSL_OP_ALL: c_ulong = 0x4;
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl270)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -352,9 +352,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
-#[cfg(any(libressl261, libressl262, libressl26x))]
+#[cfg(any(libressl261, libressl262, libressl26x, libressl270))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl270)))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;