From e12ee79b467ca32a5c723ec47e97a87e84829479 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Sun, 21 Jan 2024 18:34:26 +0100 Subject: [PATCH 01/20] Make _STACK opaque for LibreSSL >= 3.9.0 --- openssl-sys/src/handwritten/stack.rs | 2 ++ openssl-sys/src/macros.rs | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/handwritten/stack.rs b/openssl-sys/src/handwritten/stack.rs index 7f2feef6d7..7bc81359d8 100644 --- a/openssl-sys/src/handwritten/stack.rs +++ b/openssl-sys/src/handwritten/stack.rs @@ -3,6 +3,8 @@ use libc::*; cfg_if! { if #[cfg(ossl110)] { pub enum OPENSSL_STACK {} + } else if #[cfg(libressl390)] { + pub enum _STACK {} } else { #[repr(C)] pub struct _STACK { diff --git a/openssl-sys/src/macros.rs b/openssl-sys/src/macros.rs index 96523db8f4..e1c1427c67 100644 --- a/openssl-sys/src/macros.rs +++ b/openssl-sys/src/macros.rs @@ -58,7 +58,7 @@ macro_rules! cfg_if { macro_rules! stack { ($t:ident) => { cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl390))] { pub enum $t {} } else { #[repr(C)] From f0100bfa562d5297a8a40cf860e79c952755f2fe Mon Sep 17 00:00:00 2001 From: Zhang Jingqiang Date: Thu, 25 Jan 2024 15:30:21 +0800 Subject: [PATCH 02/20] enable x509 verify and groups list for boringssl --- openssl/src/ssl/mod.rs | 18 +++++------ openssl/src/x509/mod.rs | 2 +- openssl/src/x509/store.rs | 6 ++-- openssl/src/x509/tests.rs | 26 ++++++++-------- openssl/src/x509/verify.rs | 62 +++++++++++++++++++------------------- 5 files changed, 57 insertions(+), 57 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 30fd23665d..2ff9dac1fd 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -79,7 +79,7 @@ use crate::ssl::error::InnerError; use crate::stack::{Stack, StackRef, Stackable}; use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::X509VerifyParamRef; use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use crate::{cvt, cvt_n, cvt_p, init}; @@ -1307,18 +1307,18 @@ impl SslContextBuilder { /// Returns a reference to the X509 verification configuration. /// - /// Requires OpenSSL 1.0.2 or newer. + /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param(&self) -> &X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) } } /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires OpenSSL 1.0.2 or newer. + /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_CTX_get0_param)] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261))] pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) } } @@ -1719,9 +1719,9 @@ impl SslContextBuilder { /// Sets the context's supported elliptic curve groups. /// - /// Requires OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. + /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer. #[corresponds(SSL_CTX_set1_groups_list)] - #[cfg(any(ossl111, libressl251))] + #[cfg(any(ossl111, boringssl, libressl251))] pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { let groups = CString::new(groups).unwrap(); unsafe { @@ -2769,9 +2769,9 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires OpenSSL 1.0.2 or newer. + /// Requires BoringSSL or OpenSSL 1.0.2 or newer. #[corresponds(SSL_get0_param)] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index cf3e3c76fb..0df1f17593 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -41,7 +41,7 @@ use crate::util::{ForeignTypeExt, ForeignTypeRefExt}; use crate::{cvt, cvt_n, cvt_p, cvt_p_const}; use openssl_macros::corresponds; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] pub mod verify; pub mod extension; diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs index 944a2803e6..3a173bea7c 100644 --- a/openssl/src/x509/store.rs +++ b/openssl/src/x509/store.rs @@ -52,7 +52,7 @@ use crate::ssl::SslFiletype; use crate::stack::Stack; use crate::stack::StackRef; use crate::util::ForeignTypeRefExt; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef}; use crate::x509::{X509Object, X509PurposeId, X509}; use crate::{cvt, cvt_p}; @@ -123,7 +123,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related flags. #[corresponds(X509_STORE_set_flags)] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } @@ -137,7 +137,7 @@ impl X509StoreBuilderRef { /// Sets certificate chain validation related parameters. #[corresponds[X509_STORE_set1_param]] - #[cfg(any(ossl102, libressl261))] + #[cfg(any(ossl102, boringssl, libressl261))] pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 7d66112811..ae61a2ad34 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -16,11 +16,11 @@ use crate::x509::extension::{ #[cfg(not(boringssl))] use crate::x509::store::X509Lookup; use crate::x509::store::X509StoreBuilder; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::verify::{X509VerifyFlags, X509VerifyParam}; -#[cfg(ossl102)] +#[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] use crate::x509::X509PurposeRef; #[cfg(ossl110)] use crate::x509::{CrlReason, X509Builder}; @@ -31,7 +31,7 @@ use crate::x509::{ #[cfg(ossl110)] use foreign_types::ForeignType; use hex::{self, FromHex}; -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] use libc::time_t; use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode}; @@ -557,7 +557,7 @@ fn test_verify_fails() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -584,7 +584,7 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_purpose() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -611,7 +611,7 @@ fn test_verify_cert_with_purpose() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_cert_with_wrong_purpose_fails() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -846,7 +846,7 @@ fn test_name_to_owned() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time_fails_verification() { const TEST_T_2030: time_t = 1893456000; @@ -877,7 +877,7 @@ fn test_verify_param_set_time_fails_verification() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_time() { const TEST_T_2020: time_t = 1577836800; @@ -901,7 +901,7 @@ fn test_verify_param_set_time() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] fn test_verify_param_set_depth() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -928,7 +928,7 @@ fn test_verify_param_set_depth() { } #[test] -#[cfg(any(ossl102, libressl261))] +#[cfg(any(ossl102, boringssl, libressl261))] #[allow(clippy::bool_to_int_with_if)] fn test_verify_param_set_depth_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); @@ -1003,7 +1003,7 @@ fn test_verify_param_auth_level() { } #[test] -#[cfg(ossl102)] +#[cfg(any(ossl102, boringssl))] fn test_set_purpose() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); @@ -1028,7 +1028,7 @@ fn test_set_purpose() { } #[test] -#[cfg(ossl102)] +#[cfg(any(ossl102, boringssl))] fn test_set_purpose_fails_verification() { let cert = include_bytes!("../../test/leaf.pem"); let cert = X509::from_pem(cert).unwrap(); diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs index 541cd82663..2cde93f28e 100644 --- a/openssl/src/x509/verify.rs +++ b/openssl/src/x509/verify.rs @@ -4,7 +4,7 @@ use libc::{c_int, c_uint, c_ulong, time_t}; use std::net::IpAddr; use crate::error::ErrorStack; -#[cfg(ossl102)] +#[cfg(any(ossl102, boringssl))] use crate::x509::X509PurposeId; use crate::{cvt, cvt_p}; use openssl_macros::corresponds; @@ -14,17 +14,17 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509CheckFlags: c_uint { - const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; - const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; - const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; - const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; - const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; + const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT as _; + const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; + const NO_PARTIAL_WILDCARDS = ffi::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS as _; + const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS as _; + const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS as _; /// Requires OpenSSL 1.1.0 or newer. #[cfg(any(ossl110))] const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; #[deprecated(since = "0.10.6", note = "renamed to NO_WILDCARDS")] - const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; + const FLAG_NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS as _; } } @@ -33,35 +33,35 @@ bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct X509VerifyFlags: c_ulong { - const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; - const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; - const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK; - const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL; - const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL; - const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT; - const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS; - const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK; - const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY; - const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY; - const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP; - const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY; - const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT; - const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS; - const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE; - #[cfg(ossl102)] - const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST; + const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK as _; + const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME as _; + const CRL_CHECK = ffi::X509_V_FLAG_CRL_CHECK as _; + const CRL_CHECK_ALL = ffi::X509_V_FLAG_CRL_CHECK_ALL as _; + const IGNORE_CRITICAL = ffi::X509_V_FLAG_IGNORE_CRITICAL as _; + const X509_STRICT = ffi::X509_V_FLAG_X509_STRICT as _; + const ALLOW_PROXY_CERTS = ffi::X509_V_FLAG_ALLOW_PROXY_CERTS as _; + const POLICY_CHECK = ffi::X509_V_FLAG_POLICY_CHECK as _; + const EXPLICIT_POLICY = ffi::X509_V_FLAG_EXPLICIT_POLICY as _; + const INHIBIT_ANY = ffi::X509_V_FLAG_INHIBIT_ANY as _; + const INHIBIT_MAP = ffi::X509_V_FLAG_INHIBIT_MAP as _; + const NOTIFY_POLICY = ffi::X509_V_FLAG_NOTIFY_POLICY as _; + const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _; + const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _; + const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _; + #[cfg(any(ossl102, boringssl))] + const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _; #[cfg(ossl102)] const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY; #[cfg(ossl102)] const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS; #[cfg(ossl102)] const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS; - #[cfg(ossl102)] - const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN; - #[cfg(ossl110)] - const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS; - #[cfg(ossl110)] - const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME; + #[cfg(any(ossl102, boringssl))] + const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _; + #[cfg(any(ossl110, boringssl))] + const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _; + #[cfg(any(ossl110, boringssl))] + const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _; } } @@ -208,7 +208,7 @@ impl X509VerifyParamRef { /// Sets the verification purpose #[corresponds(X509_VERIFY_PARAM_set_purpose)] - #[cfg(ossl102)] + #[cfg(any(ossl102, boringssl))] pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) } } From 67f955c81d15edcd65e5bc4cfba914094081a049 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 30 Jan 2024 08:55:57 -0600 Subject: [PATCH 03/20] rebuild openssl-sys if the underlying openssl has changed --- openssl-sys/build/main.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 692ff72508..2dc157d66e 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -79,6 +79,9 @@ fn main() { let target = env::var("TARGET").unwrap(); let (lib_dirs, include_dir) = find_openssl(&target); + if let Some(printable_include) = include_dir.to_str() { + println!("cargo:rerun-if-changed={}", printable_include); + } if !lib_dirs.iter().all(|p| Path::new(p).exists()) { panic!("OpenSSL library directory does not exist: {:?}", lib_dirs); From 69ff6ddf19dbb2eb056ee612b0dc3b14652305fc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 30 Jan 2024 11:50:12 -0600 Subject: [PATCH 04/20] only rebuild if the openssl include changes, not any include --- openssl-sys/build/main.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 2dc157d66e..2933e5766d 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -79,7 +79,9 @@ fn main() { let target = env::var("TARGET").unwrap(); let (lib_dirs, include_dir) = find_openssl(&target); - if let Some(printable_include) = include_dir.to_str() { + let mut ossl_include_dir = include_dir.clone(); + ossl_include_dir.push("openssl"); + if let Some(printable_include) = ossl_include_dir.to_str() { println!("cargo:rerun-if-changed={}", printable_include); } From 16b8858b4a4b0f0ea4895e7e08d7a6219aa35df0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 30 Jan 2024 17:52:02 -0500 Subject: [PATCH 05/20] Cleanup some not-required Path::new invocations --- openssl-sys/build/main.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 692ff72508..0ccac609bf 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -9,7 +9,7 @@ extern crate vcpkg; use std::collections::HashSet; use std::env; use std::ffi::OsString; -use std::path::{Path, PathBuf}; +use std::path::PathBuf; mod cfgs; mod find_normal; @@ -80,10 +80,10 @@ fn main() { let (lib_dirs, include_dir) = find_openssl(&target); - if !lib_dirs.iter().all(|p| Path::new(p).exists()) { + if !lib_dirs.iter().all(|p| p.exists()) { panic!("OpenSSL library directory does not exist: {:?}", lib_dirs); } - if !Path::new(&include_dir).exists() { + if !include_dir.exists() { panic!( "OpenSSL include directory does not exist: {}", include_dir.to_string_lossy() From 54621a902f253f735dcc2ebdb24435fd2c0ffe6d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 30 Jan 2024 17:12:36 -0600 Subject: [PATCH 06/20] increase elegance 20% --- openssl-sys/build/main.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 2933e5766d..6d70141a96 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -79,9 +79,7 @@ fn main() { let target = env::var("TARGET").unwrap(); let (lib_dirs, include_dir) = find_openssl(&target); - let mut ossl_include_dir = include_dir.clone(); - ossl_include_dir.push("openssl"); - if let Some(printable_include) = ossl_include_dir.to_str() { + if let Some(printable_include) = include_dir.join("openssl").to_str() { println!("cargo:rerun-if-changed={}", printable_include); } From 335b96beae6a2a3aea50c4da96257e9ed281ada3 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Thu, 4 Jan 2024 14:08:33 +0100 Subject: [PATCH 07/20] Add support for setting the nonce type and digest on a PKEY_CTX --- openssl-sys/src/handwritten/evp.rs | 19 ++++ openssl-sys/src/handwritten/types.rs | 10 ++ openssl/CHANGELOG.md | 6 ++ openssl/src/pkey_ctx.rs | 154 +++++++++++++++++++++++++++ 4 files changed, 189 insertions(+) diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index fabb13383e..33c28accc1 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -538,6 +538,12 @@ extern "C" { #[cfg(ossl300)] pub fn EVP_PKEY_CTX_set_signature_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int; + #[cfg(ossl300)] + pub fn EVP_PKEY_CTX_set_params(ctx: *mut EVP_PKEY_CTX, params: *const OSSL_PARAM) -> c_int; + + #[cfg(ossl300)] + pub fn EVP_PKEY_CTX_get_params(ctx: *mut EVP_PKEY_CTX, params: *mut OSSL_PARAM) -> c_int; + pub fn EVP_PKEY_new_mac_key( type_: c_int, e: *mut ENGINE, @@ -646,3 +652,16 @@ extern "C" { pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; } + +extern "C" { + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_utf8_string( + key: *const c_char, + buf: *mut c_char, + bsize: size_t, + ) -> OSSL_PARAM; + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; +} diff --git a/openssl-sys/src/handwritten/types.rs b/openssl-sys/src/handwritten/types.rs index a03a878305..57c8113aa4 100644 --- a/openssl-sys/src/handwritten/types.rs +++ b/openssl-sys/src/handwritten/types.rs @@ -1093,3 +1093,13 @@ pub enum OSSL_PROVIDER {} #[cfg(ossl300)] pub enum OSSL_LIB_CTX {} + +#[cfg(ossl300)] +#[repr(C)] +pub struct OSSL_PARAM { + key: *const c_char, + data_type: c_uchar, + data: *mut c_void, + data_size: size_t, + return_size: size_t, +} diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index 8b34e48cab..f0a56e9c50 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -2,6 +2,12 @@ ## [Unreleased] +### Added + +* Added `PkeyCtxRef::{digest, set_digest, nonce_type, set_nonce_type}`. +* Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_utf8_string`, `OSSL_PARAM_construct_end` to openssl-sys. +* Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params` to openssl-sys. + ## [v0.10.63] - 2024-01-19 ### Added diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index 85778e2166..e039bab81e 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -67,6 +67,8 @@ let cmac_key = ctx.keygen().unwrap(); #[cfg(not(boringssl))] use crate::cipher::CipherRef; use crate::error::ErrorStack; +#[cfg(ossl300)] +use crate::hash::MessageDigest; use crate::md::MdRef; use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private}; use crate::rsa::Padding; @@ -75,8 +77,12 @@ use crate::{cvt, cvt_p}; use foreign_types::{ForeignType, ForeignTypeRef}; #[cfg(not(boringssl))] use libc::c_int; +#[cfg(ossl320)] +use libc::c_uint; use openssl_macros::corresponds; use std::convert::TryFrom; +#[cfg(ossl300)] +use std::ffi::CString; use std::ptr; /// HKDF modes of operation. @@ -105,6 +111,21 @@ impl HkdfMode { pub const EXPAND_ONLY: Self = HkdfMode(ffi::EVP_PKEY_HKDEF_MODE_EXPAND_ONLY); } +/// Nonce type for ECDSA and DSA. +#[cfg(ossl320)] +#[derive(Debug, PartialEq)] +pub struct NonceType(c_uint); + +#[cfg(ossl320)] +impl NonceType { + /// This is the default mode. It uses a random value for the nonce k as defined in FIPS 186-4 Section 6.3 + /// “Secret Number Generation”. + pub const RANDOM_K: Self = NonceType(0); + + /// Uses a deterministic value for the nonce k as defined in RFC #6979 (See Section 3.2 “Generation of k”). + pub const DETERMINISTIC_K: Self = NonceType(1); +} + generic_foreign_type_and_impl_send_sync! { type CType = ffi::EVP_PKEY_CTX; fn drop = ffi::EVP_PKEY_CTX_free; @@ -714,6 +735,109 @@ impl PkeyCtxRef { Ok(PKey::from_ptr(key)) } } + + /// Sets the digest algorithm for a private key context. + /// + /// Requires OpenSSL 3.0.0 or newer. + #[cfg(ossl300)] + #[corresponds(EVP_PKEY_CTX_set_params)] + pub fn set_digest(&mut self, hash_algorithm: MessageDigest) -> Result<(), ErrorStack> { + let digest_name = hash_algorithm.type_().short_name()?; + let digest = CString::new(digest_name).unwrap().into_raw(); + let digest_field_name = CString::new("digest").unwrap(); + unsafe { + let param_digest = ffi::OSSL_PARAM_construct_utf8_string( + digest_field_name.as_ptr(), + digest, + digest_name.len(), + ); + let param_end = ffi::OSSL_PARAM_construct_end(); + + let params = [param_digest, param_end]; + cvt(ffi::EVP_PKEY_CTX_set_params(self.as_ptr(), params.as_ptr()))?; + + // retake pointer to free memory + let _ = CString::from_raw(digest); + } + Ok(()) + } + + /// Gets the digest algorithm for a private key context. + /// + /// Requires OpenSSL 3.0.0 or newer. + #[cfg(ossl300)] + #[corresponds(EVP_PKEY_CTX_get_params)] + pub fn digest(&mut self) -> Result, ErrorStack> { + use libc::c_char; + // From openssl/internal/sizes.h + let ossl_max_name_size = 50usize; + let digest_field_name = CString::new("digest").unwrap(); + let digest: *mut c_char = CString::new(vec![1; ossl_max_name_size]) + .unwrap() + .into_raw(); + unsafe { + let param_digest = ffi::OSSL_PARAM_construct_utf8_string( + digest_field_name.as_ptr(), + digest, + ossl_max_name_size, + ); + let param_end = ffi::OSSL_PARAM_construct_end(); + let mut params = [param_digest, param_end]; + cvt(ffi::EVP_PKEY_CTX_get_params( + self.as_ptr(), + params.as_mut_ptr(), + ))?; + let digest_str = CString::from_raw(digest); + Ok(MessageDigest::from_name(digest_str.to_str().unwrap())) + } + } + + /// Sets the nonce type for a private key context. + /// + /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979). + /// + /// This is only useful for DSA and ECDSA. + /// Requires OpenSSL 3.2.0 or newer. + #[cfg(ossl320)] + #[corresponds(EVP_PKEY_CTX_set_params)] + pub fn set_nonce_type(&mut self, nonce_type: NonceType) -> Result<(), ErrorStack> { + let nonce_field_name = CString::new("nonce-type").unwrap(); + let mut nonce_type = nonce_type.0; + unsafe { + let param_nonce = + ffi::OSSL_PARAM_construct_uint(nonce_field_name.as_ptr(), &mut nonce_type); + let param_end = ffi::OSSL_PARAM_construct_end(); + + let params = [param_nonce, param_end]; + cvt(ffi::EVP_PKEY_CTX_set_params(self.as_ptr(), params.as_ptr()))?; + } + Ok(()) + } + + /// Gets the nonce type for a private key context. + /// + /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979). + /// + /// This is only useful for DSA and ECDSA. + /// Requires OpenSSL 3.2.0 or newer. + #[cfg(ossl320)] + #[corresponds(EVP_PKEY_CTX_get_params)] + pub fn nonce_type(&mut self) -> Result { + let nonce_field_name = CString::new("nonce-type").unwrap(); + let mut nonce_type: c_uint = 0; + unsafe { + let param_nonce = + ffi::OSSL_PARAM_construct_uint(nonce_field_name.as_ptr(), &mut nonce_type); + let param_end = ffi::OSSL_PARAM_construct_end(); + + let mut params = [param_nonce, param_end]; + cvt(ffi::EVP_PKEY_CTX_get_params( + self.as_ptr(), + params.as_mut_ptr(), + ))?; + } + Ok(NonceType(nonce_type)) + } } #[cfg(test)] @@ -999,4 +1123,34 @@ mod test { // The digest is the end of the DigestInfo structure. assert_eq!(result_buf[length - digest.len()..length], digest); } + + #[test] + #[cfg(ossl300)] + fn set_digest() { + let key1 = + EcKey::generate(&EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap()).unwrap(); + let key1 = PKey::from_ec_key(key1).unwrap(); + + let mut ctx = PkeyCtx::new(&key1).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_digest(MessageDigest::sha224()).unwrap(); + let digest_name = ctx.digest().unwrap().unwrap().type_(); + assert_eq!(digest_name, MessageDigest::sha224().type_()); + assert!(ErrorStack::get().errors().is_empty()); + } + + #[test] + #[cfg(ossl320)] + fn set_nonce_type() { + let key1 = + EcKey::generate(&EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap()).unwrap(); + let key1 = PKey::from_ec_key(key1).unwrap(); + + let mut ctx = PkeyCtx::new(&key1).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_nonce_type(NonceType::DETERMINISTIC_K).unwrap(); + let nonce_type = ctx.nonce_type().unwrap(); + assert_eq!(nonce_type, NonceType::DETERMINISTIC_K); + assert!(ErrorStack::get().errors().is_empty()); + } } From e77c613db1bc5c46ae413fb4adc9f377549ab526 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Mon, 5 Feb 2024 17:56:25 +0100 Subject: [PATCH 08/20] Remove unnecessary PkeyCtxRef::set_digest function --- openssl-sys/CHANGELOG.md | 5 +++++ openssl/CHANGELOG.md | 4 +--- openssl/src/pkey_ctx.rs | 34 ++++------------------------------ 3 files changed, 10 insertions(+), 33 deletions(-) diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md index ba024b68e6..b1822b31c0 100644 --- a/openssl-sys/CHANGELOG.md +++ b/openssl-sys/CHANGELOG.md @@ -2,6 +2,11 @@ ## [Unreleased] +### Added + +* Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_utf8_string`, `OSSL_PARAM_construct_end`. +* Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params`. + ## [v0.9.99] - 2024-01-19 ### Added diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index f0a56e9c50..8392c1bdea 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -4,9 +4,7 @@ ### Added -* Added `PkeyCtxRef::{digest, set_digest, nonce_type, set_nonce_type}`. -* Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_utf8_string`, `OSSL_PARAM_construct_end` to openssl-sys. -* Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params` to openssl-sys. +* Added `PkeyCtxRef::{digest, nonce_type, set_nonce_type}`. ## [v0.10.63] - 2024-01-19 diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index e039bab81e..f4b46f8cef 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -736,32 +736,6 @@ impl PkeyCtxRef { } } - /// Sets the digest algorithm for a private key context. - /// - /// Requires OpenSSL 3.0.0 or newer. - #[cfg(ossl300)] - #[corresponds(EVP_PKEY_CTX_set_params)] - pub fn set_digest(&mut self, hash_algorithm: MessageDigest) -> Result<(), ErrorStack> { - let digest_name = hash_algorithm.type_().short_name()?; - let digest = CString::new(digest_name).unwrap().into_raw(); - let digest_field_name = CString::new("digest").unwrap(); - unsafe { - let param_digest = ffi::OSSL_PARAM_construct_utf8_string( - digest_field_name.as_ptr(), - digest, - digest_name.len(), - ); - let param_end = ffi::OSSL_PARAM_construct_end(); - - let params = [param_digest, param_end]; - cvt(ffi::EVP_PKEY_CTX_set_params(self.as_ptr(), params.as_ptr()))?; - - // retake pointer to free memory - let _ = CString::from_raw(digest); - } - Ok(()) - } - /// Gets the digest algorithm for a private key context. /// /// Requires OpenSSL 3.0.0 or newer. @@ -1126,16 +1100,16 @@ mod test { #[test] #[cfg(ossl300)] - fn set_digest() { + fn set_signature_md() { let key1 = EcKey::generate(&EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap()).unwrap(); let key1 = PKey::from_ec_key(key1).unwrap(); let mut ctx = PkeyCtx::new(&key1).unwrap(); ctx.sign_init().unwrap(); - ctx.set_digest(MessageDigest::sha224()).unwrap(); - let digest_name = ctx.digest().unwrap().unwrap().type_(); - assert_eq!(digest_name, MessageDigest::sha224().type_()); + ctx.set_signature_md(Md::sha224()).unwrap(); + let digest_nid = ctx.digest().unwrap().unwrap().type_(); + assert_eq!(digest_nid, Md::sha224().type_()); assert!(ErrorStack::get().errors().is_empty()); } From 76043a99817599377cbd8d1c83ae93f43ebb0e65 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Mon, 5 Feb 2024 18:04:49 +0100 Subject: [PATCH 09/20] Move OSSL_PARAM definitions to new file --- openssl-sys/src/handwritten/evp.rs | 13 ------------- openssl-sys/src/handwritten/mod.rs | 2 ++ openssl-sys/src/handwritten/params.rs | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 13 deletions(-) create mode 100644 openssl-sys/src/handwritten/params.rs diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index 33c28accc1..7da39e3bd8 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -652,16 +652,3 @@ extern "C" { pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; } - -extern "C" { - #[cfg(ossl300)] - pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; - #[cfg(ossl300)] - pub fn OSSL_PARAM_construct_utf8_string( - key: *const c_char, - buf: *mut c_char, - bsize: size_t, - ) -> OSSL_PARAM; - #[cfg(ossl300)] - pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; -} diff --git a/openssl-sys/src/handwritten/mod.rs b/openssl-sys/src/handwritten/mod.rs index d3adfa5a13..f54ec9be5e 100644 --- a/openssl-sys/src/handwritten/mod.rs +++ b/openssl-sys/src/handwritten/mod.rs @@ -15,6 +15,7 @@ pub use self::hmac::*; pub use self::kdf::*; pub use self::object::*; pub use self::ocsp::*; +pub use self::params::*; pub use self::pem::*; pub use self::pkcs12::*; pub use self::pkcs7::*; @@ -51,6 +52,7 @@ mod hmac; mod kdf; mod object; mod ocsp; +mod params; mod pem; mod pkcs12; mod pkcs7; diff --git a/openssl-sys/src/handwritten/params.rs b/openssl-sys/src/handwritten/params.rs new file mode 100644 index 0000000000..5e1401c678 --- /dev/null +++ b/openssl-sys/src/handwritten/params.rs @@ -0,0 +1,15 @@ +use super::super::*; +use libc::*; + +extern "C" { + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_utf8_string( + key: *const c_char, + buf: *mut c_char, + bsize: size_t, + ) -> OSSL_PARAM; + #[cfg(ossl300)] + pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; +} From 7a66dad2197e6f6762fd8ec3ce270f7b9cd2dd4d Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Mon, 5 Feb 2024 19:50:51 +0100 Subject: [PATCH 10/20] Add test vector for ECDSA with deterministic signature --- openssl/src/pkey_ctx.rs | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index f4b46f8cef..3056e4eeef 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -1127,4 +1127,31 @@ mod test { assert_eq!(nonce_type, NonceType::DETERMINISTIC_K); assert!(ErrorStack::get().errors().is_empty()); } + + // Test vector from + // https://github.com/openssl/openssl/blob/openssl-3.2.0/test/recipes/30-test_evp_data/evppkey_ecdsa_rfc6979.txt + #[test] + #[cfg(ossl320)] + fn ecdsa_deterministic_signature() { + let private_key_pem = "-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhvqwNJNOTA/Jrmf1tWWanX0f79GH7g +n9Q= +-----END PRIVATE KEY-----"; + + let key1 = EcKey::private_key_from_pem(private_key_pem.as_bytes()).unwrap(); + let key1 = PKey::from_ec_key(key1).unwrap(); + let input = "sample"; + let expected_output = hex::decode("303502190098C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF021857A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64").unwrap(); + + let hashed_input = hash(MessageDigest::sha1(), input.as_bytes()).unwrap(); + let mut ctx = PkeyCtx::new(&key1).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_signature_md(Md::sha1()).unwrap(); + ctx.set_nonce_type(NonceType::DETERMINISTIC_K).unwrap(); + + let mut output = vec![]; + ctx.sign_to_vec(&hashed_input, &mut output).unwrap(); + assert_eq!(output, expected_output); + assert!(ErrorStack::get().errors().is_empty()); + } } From ce5e9e4e6c48415ecd160fb530cecef4d5f3bc9a Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Tue, 6 Feb 2024 10:54:19 +0100 Subject: [PATCH 11/20] Remove PkeyCtxRef::digest() getter --- openssl-sys/CHANGELOG.md | 2 +- openssl-sys/src/handwritten/params.rs | 6 ---- openssl/CHANGELOG.md | 2 +- openssl/src/pkey_ctx.rs | 49 +-------------------------- 4 files changed, 3 insertions(+), 56 deletions(-) diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md index b1822b31c0..ce85d14f88 100644 --- a/openssl-sys/CHANGELOG.md +++ b/openssl-sys/CHANGELOG.md @@ -4,7 +4,7 @@ ### Added -* Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_utf8_string`, `OSSL_PARAM_construct_end`. +* Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_end`. * Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params`. ## [v0.9.99] - 2024-01-19 diff --git a/openssl-sys/src/handwritten/params.rs b/openssl-sys/src/handwritten/params.rs index 5e1401c678..3ed00c0488 100644 --- a/openssl-sys/src/handwritten/params.rs +++ b/openssl-sys/src/handwritten/params.rs @@ -5,11 +5,5 @@ extern "C" { #[cfg(ossl300)] pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; #[cfg(ossl300)] - pub fn OSSL_PARAM_construct_utf8_string( - key: *const c_char, - buf: *mut c_char, - bsize: size_t, - ) -> OSSL_PARAM; - #[cfg(ossl300)] pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; } diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index 8392c1bdea..b3a576bc98 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -4,7 +4,7 @@ ### Added -* Added `PkeyCtxRef::{digest, nonce_type, set_nonce_type}`. +* Added `PkeyCtxRef::{nonce_type, set_nonce_type}`. ## [v0.10.63] - 2024-01-19 diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index 3056e4eeef..7bb6696b3c 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -67,8 +67,6 @@ let cmac_key = ctx.keygen().unwrap(); #[cfg(not(boringssl))] use crate::cipher::CipherRef; use crate::error::ErrorStack; -#[cfg(ossl300)] -use crate::hash::MessageDigest; use crate::md::MdRef; use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private}; use crate::rsa::Padding; @@ -81,7 +79,7 @@ use libc::c_int; use libc::c_uint; use openssl_macros::corresponds; use std::convert::TryFrom; -#[cfg(ossl300)] +#[cfg(ossl320)] use std::ffi::CString; use std::ptr; @@ -736,36 +734,6 @@ impl PkeyCtxRef { } } - /// Gets the digest algorithm for a private key context. - /// - /// Requires OpenSSL 3.0.0 or newer. - #[cfg(ossl300)] - #[corresponds(EVP_PKEY_CTX_get_params)] - pub fn digest(&mut self) -> Result, ErrorStack> { - use libc::c_char; - // From openssl/internal/sizes.h - let ossl_max_name_size = 50usize; - let digest_field_name = CString::new("digest").unwrap(); - let digest: *mut c_char = CString::new(vec![1; ossl_max_name_size]) - .unwrap() - .into_raw(); - unsafe { - let param_digest = ffi::OSSL_PARAM_construct_utf8_string( - digest_field_name.as_ptr(), - digest, - ossl_max_name_size, - ); - let param_end = ffi::OSSL_PARAM_construct_end(); - let mut params = [param_digest, param_end]; - cvt(ffi::EVP_PKEY_CTX_get_params( - self.as_ptr(), - params.as_mut_ptr(), - ))?; - let digest_str = CString::from_raw(digest); - Ok(MessageDigest::from_name(digest_str.to_str().unwrap())) - } - } - /// Sets the nonce type for a private key context. /// /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979). @@ -1098,21 +1066,6 @@ mod test { assert_eq!(result_buf[length - digest.len()..length], digest); } - #[test] - #[cfg(ossl300)] - fn set_signature_md() { - let key1 = - EcKey::generate(&EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap()).unwrap(); - let key1 = PKey::from_ec_key(key1).unwrap(); - - let mut ctx = PkeyCtx::new(&key1).unwrap(); - ctx.sign_init().unwrap(); - ctx.set_signature_md(Md::sha224()).unwrap(); - let digest_nid = ctx.digest().unwrap().unwrap().type_(); - assert_eq!(digest_nid, Md::sha224().type_()); - assert!(ErrorStack::get().errors().is_empty()); - } - #[test] #[cfg(ossl320)] fn set_nonce_type() { From 16ef75c6c0c6ed858642843ce3249aba0bd56622 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 7 Feb 2024 21:07:26 -0500 Subject: [PATCH 12/20] fixed a clippy (nightly) warning There's no need for a `Vec` here --- openssl/src/x509/mod.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 0df1f17593..52ad4af8c7 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -2094,10 +2094,7 @@ impl GeneralName { } } - pub(crate) fn new_other_name( - oid: Asn1Object, - value: &Vec, - ) -> Result { + pub(crate) fn new_other_name(oid: Asn1Object, value: &[u8]) -> Result { unsafe { ffi::init(); From b52bbc3eefc77841ca05113d19032cb509977ef4 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 7 Feb 2024 21:13:50 -0500 Subject: [PATCH 13/20] Bump actions versions --- .github/dependabot.yml | 7 ++++++ .github/workflows/ci.yml | 46 ++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 25 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..65861fc082 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 1024 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab80ae61e7..588296d490 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: name: rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: sfackler/actions/rustup@master - uses: sfackler/actions/rustfmt@master @@ -32,23 +32,23 @@ jobs: name: clippy runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo fetch - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: target key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} @@ -58,26 +58,26 @@ jobs: name: min-version runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs` - uses: sfackler/actions/rustup@master with: version: 1.56.0 - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo fetch - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: target key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} @@ -87,25 +87,25 @@ jobs: name: windows-vcpkg runs-on: windows-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - run: vcpkg install openssl:x64-windows-static-md - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo fetch - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: target key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} @@ -117,26 +117,22 @@ jobs: name: macos-homebrew runs-on: macos-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo fetch - # - uses: actions/cache@v3 - # with: - # path: target - # key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo run -p systest - run: cargo test -p openssl - run: cargo test -p openssl-errors @@ -211,7 +207,7 @@ jobs: CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_AR: arm-linux-gnueabihf-ar CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER: qemu-arm -L /usr/arm-linux-gnueabihf steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: sfackler/actions/rustup@master - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT id: rust-version @@ -233,7 +229,7 @@ jobs: sudo apt-get update sudo apt-get install -y $packages - run: sudo apt-get remove -y libssl-dev - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: /opt/openssl key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-6 @@ -320,19 +316,19 @@ jobs: echo '[patch.crates-io]' > .cargo/config.toml echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust/bssl-sys" }' >> .cargo/config.toml if: matrix.library.name == 'boringssl' && !matrix.bindgen - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - run: cargo generate-lockfile - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo fetch - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: target key: target-${{ matrix.target }}-${{ matrix.bindgen }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} From 870e290c1a6b2ab6acf0ad345cfe9b8c371afea9 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Thu, 8 Feb 2024 14:48:16 +0100 Subject: [PATCH 14/20] Use CStr to avoid heap allocation --- openssl/src/pkey_ctx.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index 7bb6696b3c..69dfb7431e 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -80,7 +80,7 @@ use libc::c_uint; use openssl_macros::corresponds; use std::convert::TryFrom; #[cfg(ossl320)] -use std::ffi::CString; +use std::ffi::CStr; use std::ptr; /// HKDF modes of operation. @@ -743,7 +743,7 @@ impl PkeyCtxRef { #[cfg(ossl320)] #[corresponds(EVP_PKEY_CTX_set_params)] pub fn set_nonce_type(&mut self, nonce_type: NonceType) -> Result<(), ErrorStack> { - let nonce_field_name = CString::new("nonce-type").unwrap(); + let nonce_field_name = CStr::from_bytes_with_nul("nonce-type\0".as_bytes()).unwrap(); let mut nonce_type = nonce_type.0; unsafe { let param_nonce = @@ -765,7 +765,7 @@ impl PkeyCtxRef { #[cfg(ossl320)] #[corresponds(EVP_PKEY_CTX_get_params)] pub fn nonce_type(&mut self) -> Result { - let nonce_field_name = CString::new("nonce-type").unwrap(); + let nonce_field_name = CStr::from_bytes_with_nul("nonce-type\0".as_bytes()).unwrap(); let mut nonce_type: c_uint = 0; unsafe { let param_nonce = From 14c82479cbddb791c09953dfa5551a9b07e73177 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Thu, 8 Feb 2024 14:58:56 +0100 Subject: [PATCH 15/20] Readability improvement --- openssl/src/pkey_ctx.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs index 69dfb7431e..add7830484 100644 --- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -743,7 +743,7 @@ impl PkeyCtxRef { #[cfg(ossl320)] #[corresponds(EVP_PKEY_CTX_set_params)] pub fn set_nonce_type(&mut self, nonce_type: NonceType) -> Result<(), ErrorStack> { - let nonce_field_name = CStr::from_bytes_with_nul("nonce-type\0".as_bytes()).unwrap(); + let nonce_field_name = CStr::from_bytes_with_nul(b"nonce-type\0").unwrap(); let mut nonce_type = nonce_type.0; unsafe { let param_nonce = @@ -765,7 +765,7 @@ impl PkeyCtxRef { #[cfg(ossl320)] #[corresponds(EVP_PKEY_CTX_get_params)] pub fn nonce_type(&mut self) -> Result { - let nonce_field_name = CStr::from_bytes_with_nul("nonce-type\0".as_bytes()).unwrap(); + let nonce_field_name = CStr::from_bytes_with_nul(b"nonce-type\0").unwrap(); let mut nonce_type: c_uint = 0; unsafe { let param_nonce = From a12abe1b92c526f6995632ba43f6bfc433b5997d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 12 Feb 2024 07:26:40 -0500 Subject: [PATCH 16/20] Expose alias on X509 structs --- openssl-sys/src/handwritten/x509.rs | 1 + openssl/src/pkcs12.rs | 13 ++++++++++++- openssl/src/x509/mod.rs | 16 ++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs index 15f527e651..7642dcd3b9 100644 --- a/openssl-sys/src/handwritten/x509.rs +++ b/openssl-sys/src/handwritten/x509.rs @@ -311,6 +311,7 @@ extern "C" { pub fn X509_get_version(x: *const X509) -> c_long; pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int; pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER; + pub fn X509_alias_get0(x: *mut X509, len: *mut c_int) -> *mut c_uchar; } const_ptr_api! { extern "C" { diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index d74705eaa8..5f171da9b8 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -304,9 +304,20 @@ mod test { let parsed = pkcs12.parse2("mypass").unwrap(); assert_eq!( - hex::encode(parsed.cert.unwrap().digest(MessageDigest::sha1()).unwrap()), + hex::encode( + parsed + .cert + .as_ref() + .unwrap() + .digest(MessageDigest::sha1()) + .unwrap() + ), "59172d9313e84459bcff27f967e79e6e9217e584" ); + assert_eq!( + parsed.cert.as_ref().unwrap().alias(), + Some(b"foobar.com" as &[u8]) + ); let chain = parsed.ca.unwrap(); assert_eq!(chain.len(), 1); diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 52ad4af8c7..0d1a500f06 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -649,6 +649,22 @@ impl X509Ref { } } + /// Returns this certificate's "alias". This field is populated by + /// OpenSSL in some situations -- specifically OpenSSL will store a + /// PKCS#12 `friendlyName` in this field. + #[corresponds(X509_alias_get0)] + pub fn alias(&self) -> Option<&[u8]> { + unsafe { + let mut len = 0; + let ptr = ffi::X509_alias_get0(self.as_ptr(), &mut len); + if ptr.is_null() { + None + } else { + Some(slice::from_raw_parts(ptr, len as usize)) + } + } + } + to_pem! { /// Serializes the certificate into a PEM-encoded X509 structure. /// From 3c53dee153d4ab801cde3e10d914a16789464a6b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 12 Feb 2024 20:33:43 -0500 Subject: [PATCH 17/20] Added binding for EVP_default_properties_enable_fips --- openssl-sys/src/handwritten/evp.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index 7da39e3bd8..e9a7413c21 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -69,6 +69,7 @@ cfg_if! { if #[cfg(ossl300)] { extern "C" { pub fn EVP_default_properties_is_fips_enabled(libctx: *mut OSSL_LIB_CTX) -> c_int; + pub fn EVP_default_properties_enable_fips(libctx: *mut OSSL_LIB_CTX, enable: c_int) -> c_int; } } } From 83940d14e30ed4e7c885dd44e3002c1955d5d5ed Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Wed, 14 Feb 2024 10:06:10 +0100 Subject: [PATCH 18/20] LibreSSL 3.9: fix CRYPTO_malloc/free signatures --- openssl-sys/src/crypto.rs | 8 ++++---- openssl-sys/src/handwritten/crypto.rs | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index bdc0add156..7eff6a847b 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -57,7 +57,7 @@ pub type CRYPTO_EX_free = unsafe extern "C" fn( argp: *mut c_void, ); -#[cfg(ossl110)] +#[cfg(any(ossl110, libressl390))] #[inline] #[track_caller] pub unsafe fn OPENSSL_malloc(num: usize) -> *mut c_void { @@ -68,7 +68,7 @@ pub unsafe fn OPENSSL_malloc(num: usize) -> *mut c_void { ) } -#[cfg(not(ossl110))] +#[cfg(not(any(ossl110, libressl390)))] #[inline] #[track_caller] pub unsafe fn OPENSSL_malloc(num: c_int) -> *mut c_void { @@ -79,7 +79,7 @@ pub unsafe fn OPENSSL_malloc(num: c_int) -> *mut c_void { ) } -#[cfg(ossl110)] +#[cfg(any(ossl110, libressl390))] #[inline] #[track_caller] pub unsafe fn OPENSSL_free(addr: *mut c_void) { @@ -90,7 +90,7 @@ pub unsafe fn OPENSSL_free(addr: *mut c_void) { ) } -#[cfg(not(ossl110))] +#[cfg(not(any(ossl110, libressl390)))] #[inline] pub unsafe fn OPENSSL_free(addr: *mut c_void) { CRYPTO_free(addr) diff --git a/openssl-sys/src/handwritten/crypto.rs b/openssl-sys/src/handwritten/crypto.rs index 62ccbce1ec..0b3f24a429 100644 --- a/openssl-sys/src/handwritten/crypto.rs +++ b/openssl-sys/src/handwritten/crypto.rs @@ -57,7 +57,7 @@ extern "C" { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl390))] { extern "C" { pub fn CRYPTO_malloc(num: size_t, file: *const c_char, line: c_int) -> *mut c_void; pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int); From c2b124aa2c36b5fc792239391e614df7f6f1fb24 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 17 Feb 2024 10:46:28 -0500 Subject: [PATCH 19/20] Be explicit that aliases are not part of X.509 certificates --- openssl/src/x509/mod.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 0d1a500f06..a64524cbea 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -651,7 +651,9 @@ impl X509Ref { /// Returns this certificate's "alias". This field is populated by /// OpenSSL in some situations -- specifically OpenSSL will store a - /// PKCS#12 `friendlyName` in this field. + /// PKCS#12 `friendlyName` in this field. This is not a part of the X.509 + /// certificate itself, OpenSSL merely attaches it to this structure in + /// memory. #[corresponds(X509_alias_get0)] pub fn alias(&self) -> Option<&[u8]> { unsafe { From 4e0e05a6293043cf7b9392c0e286c8397ce75996 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 19 Feb 2024 13:06:10 -0800 Subject: [PATCH 20/20] bump openssl and openssl-sys + changelogs --- openssl-sys/CHANGELOG.md | 7 ++++++- openssl-sys/Cargo.toml | 2 +- openssl/CHANGELOG.md | 7 ++++++- openssl/Cargo.toml | 4 ++-- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md index ce85d14f88..0dcc2e561b 100644 --- a/openssl-sys/CHANGELOG.md +++ b/openssl-sys/CHANGELOG.md @@ -2,10 +2,14 @@ ## [Unreleased] +## [v0.9.100] - 2024-02-19 + ### Added * Added `OSSL_PARAM`, `OSSL_PARAM_construct_uint` , `OSSL_PARAM_construct_end`. * Added `EVP_PKEY_CTX_set_params` and `EVP_PKEY_CTX_get_params`. +* Added `X509_alias_get0`. +* Added `EVP_default_properties_enable_fips`. ## [v0.9.99] - 2024-01-19 @@ -583,7 +587,8 @@ Fixed builds against OpenSSL built with `no-cast`. * Added `X509_verify` and `X509_REQ_verify`. * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99..master +[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100..master +[v0.9.100]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99...openssl-sys-v0.9.100 [v0.9.99]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99 [v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98 [v0.9.97]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97 diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 11dc7f3466..02513d1adb 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "openssl-sys" -version = "0.9.99" +version = "0.9.100" authors = [ "Alex Crichton ", "Steven Fackler ", diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md index b3a576bc98..2f72808a82 100644 --- a/openssl/CHANGELOG.md +++ b/openssl/CHANGELOG.md @@ -2,9 +2,13 @@ ## [Unreleased] +## [v0.10.64] - 2024-02-19 + ### Added * Added `PkeyCtxRef::{nonce_type, set_nonce_type}`. +* Added `X509Ref::alias`. + ## [v0.10.63] - 2024-01-19 @@ -888,7 +892,8 @@ Look at the [release tags] for information about older releases. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...master +[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...master +[v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64 [v0.10.63]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.62...openssl-v0.10.63 [v0.10.62]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 [v0.10.61]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.60...openssl-v0.10.61 diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 422142248a..b852549160 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "openssl" -version = "0.10.63" +version = "0.10.64" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" @@ -30,7 +30,7 @@ libc = "0.2" once_cell = "1.5.2" openssl-macros = { version = "0.1.0", path = "../openssl-macros" } -ffi = { package = "openssl-sys", version = "0.9.99", path = "../openssl-sys" } +ffi = { package = "openssl-sys", version = "0.9.100", path = "../openssl-sys" } [dev-dependencies] hex = "0.3"