From af370cf9b7630292c552db55513c063959961fd1 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Thu, 14 Sep 2017 11:56:36 +0200 Subject: [PATCH 1/7] openssl-sys: support libressl 2.6.1 Signed-off-by: Marc-Antoine Perennou --- openssl-sys/build.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index df530032..5071cbd4 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -307,8 +307,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version { #include #include -#if LIBRESSL_VERSION_NUMBER >= 0x20601000 +#if LIBRESSL_VERSION_NUMBER >= 0x20602000 RUST_LIBRESSL_NEW +#elif LIBRESSL_VERSION_NUMBER >= 0x20601000 +RUST_LIBRESSL_261 #elif LIBRESSL_VERSION_NUMBER >= 0x20600000 RUST_LIBRESSL_260 #elif LIBRESSL_VERSION_NUMBER >= 0x20506000 @@ -441,6 +443,12 @@ See rust-openssl README for more information: println!("cargo:libressl=true"); println!("cargo:version=101"); Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_261") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl261"); + println!("cargo:libressl=true"); + println!("cargo:version=101"); + Version::Libressl } else if expanded.contains("RUST_OPENSSL_110F") { println!("cargo:rustc-cfg=ossl110"); println!("cargo:rustc-cfg=ossl110f"); From 70f72ae1770fa9d81c1e7da03629f37cadf0c214 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Sun, 17 Sep 2017 11:11:05 +0200 Subject: [PATCH 2/7] ci: use libressl 2.6.1 Signed-off-by: Marc-Antoine Perennou --- .circleci/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 59f899f2..2c2fb0d5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -78,9 +78,9 @@ openssl_101: &OPENSSL_101 libressl_250: &LIBRESSL_250 LIBRARY: libressl VERSION: 2.5.0 -libressl_260: &LIBRESSL_260 +libressl_261: &LIBRESSL_261 LIBRARY: libressl - VERSION: 2.6.0 + VERSION: 2.6.1 x86_64: &X86_64 TARGET: x86_64-unknown-linux-gnu @@ -139,10 +139,10 @@ jobs: <<: *JOB environment: <<: [*LIBRESSL_250, *X86_64, *BASE] - x86_64-libressl-2.6.0: + x86_64-libressl-2.6.1: <<: *JOB environment: - <<: [*LIBRESSL_260, *X86_64, *BASE] + <<: [*LIBRESSL_261, *X86_64, *BASE] workflows: version: 2 tests: @@ -157,4 +157,4 @@ workflows: - armhf-openssl-1.0.2 - armhf-openssl-1.0.1 - x86_64-libressl-2.5.0 - - x86_64-libressl-2.6.0 + - x86_64-libressl-2.6.1 From 579d4a86d2e1e4bd405b4fd99f2152fcf422b2ca Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Sun, 17 Sep 2017 11:43:10 +0200 Subject: [PATCH 3/7] openssl-sys: define libressl version Signed-off-by: Marc-Antoine Perennou --- openssl-sys/build.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index 5071cbd4..82d919c2 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -405,48 +405,56 @@ See rust-openssl README for more information: println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl250"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=250"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_251") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl251"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=251"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_252") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl252"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=252"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_253") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl253"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=253"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_254") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl254"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=254"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_255") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl255"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=255"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_260") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl260"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=250"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_LIBRESSL_261") { println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl261"); println!("cargo:libressl=true"); + println!("cargo:libressl_version=261"); println!("cargo:version=101"); Version::Libressl } else if expanded.contains("RUST_OPENSSL_110F") { From c103ba2c875c9d1eb23fdb574399c1a576f357de Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Thu, 14 Sep 2017 15:17:13 +0200 Subject: [PATCH 4/7] systest: don't include cms.h for libressl 2.6.1 Signed-off-by: Marc-Antoine Perennou --- systest/build.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/systest/build.rs b/systest/build.rs index 700d8565..45e335c0 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -41,6 +41,12 @@ fn main() { } } + let has_cms_h = if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") { + version != "261" + } else { + true + }; + cfg.header("openssl/comp.h") .header("openssl/dh.h") .header("openssl/ossl_typ.h") @@ -56,8 +62,12 @@ fn main() { .header("openssl/pkcs12.h") .header("openssl/bn.h") .header("openssl/aes.h") - .header("openssl/ocsp.h") - .header("openssl/cms.h"); + .header("openssl/ocsp.h"); + + if has_cms_h { + cfg.header("openssl/cms.h"); + } + cfg.type_name(|s, is_struct| { // Add some `*` on some callback parameters to get function pointer to // typecheck in C, especially on MSVC. From bf85e41d749ef96c43344c3a8827fa79bfaf8224 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Sun, 17 Sep 2017 19:31:10 +0200 Subject: [PATCH 5/7] =?UTF-8?q?openssl=C3=A8-sys:=20adjust=20some=20consta?= =?UTF-8?q?nts=20to=20libressl=202.6.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marc-Antoine Perennou --- openssl-sys/src/lib.rs | 7 ++++++- openssl-sys/src/libressl/mod.rs | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 48d07b4a..81145432 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1250,10 +1250,15 @@ pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -#[cfg(not(ossl101))] +#[cfg(not(any(libressl261, ossl101)))] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; +#[cfg(libressl261)] +pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +#[cfg(not(libressl261))] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; +#[cfg(libressl261)] +pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; #[cfg(not(libressl))] pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index f69198e2..f4806e8a 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -345,6 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; +#[cfg(libressl261)] +pub const SSL_OP_ALL: c_ulong = 0x4; +#[cfg(not(libressl261))] pub const SSL_OP_ALL: c_ulong = 0x80000014; pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; @@ -357,6 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; +#[cfg(libressl261)] +pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; +#[cfg(not(libressl261))] pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; From 50918303790805d75521ceeabe168e87eebbbd0f Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Sun, 17 Sep 2017 19:46:05 +0200 Subject: [PATCH 6/7] openssl: libressl 2.6.1 dropped suuport for npn Signed-off-by: Marc-Antoine Perennou --- openssl/build.rs | 4 ++++ openssl/src/ssl/mod.rs | 2 ++ openssl/src/ssl/tests/mod.rs | 2 ++ 3 files changed, 8 insertions(+) diff --git a/openssl/build.rs b/openssl/build.rs index 954e9b0c..eb8894fd 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -20,6 +20,10 @@ fn main() { println!("cargo:rustc-cfg=libressl"); } + if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") { + println!("cargo:rustc-cfg=libressl{}", v); + } + if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { for var in vars.split(",") { println!("cargo:rustc-cfg=osslconf=\"{}\"", var); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index dc0f5448..762118a5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -652,6 +652,7 @@ impl SslContextBuilder { /// Set the protocols to be used during Next Protocol Negotiation (the protocols /// supported by the application). + #[cfg(not(libressl261))] pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> { // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL // APIs -- a list of length-prefixed strings. @@ -1310,6 +1311,7 @@ impl SslRef { /// /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// to interpret it. + #[cfg(not(libressl261))] pub fn selected_npn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index cfad9cca..b23de763 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -503,6 +503,7 @@ fn test_connect_with_unilateral_alpn() { /// Tests that connecting with the client using NPN, but the server not does not /// break the existing connection behavior. #[test] +#[cfg(not(libressl261))] fn test_connect_with_unilateral_npn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -615,6 +616,7 @@ fn test_connect_with_npn_successful_single_match() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] +#[cfg(not(libressl261))] fn test_npn_server_advertise_multiple() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); From b73548da1896ad0cf114d49c74591ca893643557 Mon Sep 17 00:00:00 2001 From: Marc-Antoine Perennou Date: Sun, 17 Sep 2017 19:55:47 +0200 Subject: [PATCH 7/7] openssl: ecdh_tmp_callback doesn't work with libressl 2.6.1 Signed-off-by: Marc-Antoine Perennou --- openssl/src/ssl/tests/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index b23de763..a3ac6832 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1241,7 +1241,7 @@ fn tmp_dh_callback() { } #[test] -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))] fn tmp_ecdh_callback() { use ec::EcKey; use nid; @@ -1308,7 +1308,7 @@ fn tmp_dh_callback_ssl() { } #[test] -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))] fn tmp_ecdh_callback_ssl() { use ec::EcKey; use nid;