Merge branch 'master' into sbgp-extension

sfackler · Jan 25, 2024 · 7cb5e43 · 7cb5e43
2 parents fa9e0b3 + 2ed3c60
commit 7cb5e43
Show file tree

Hide file tree

Showing 51 changed files with 1,384 additions and 419 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -154,14 +154,11 @@ jobs:
             - false
           library:
             - name: boringssl
-              version: bcecc7d834fc44ad257b2f23f88e1cf597ab2736
+              version: e6489902b7fb692875341b8ab5e57f0515f47bc1
             - name: openssl
               version: vendored
             - name: openssl
-              version: 3.2.0-alpha2
-              dl-path: /
-            - name: openssl
-              version: 3.1.3
+              version: 3.2.0
               dl-path: /
             - name: openssl
               version: 1.1.1w
@@ -190,7 +187,7 @@ jobs:
               bindgen: true
               library:
                 name: libressl
-                version: 3.8.0
+                version: 3.8.2
             - target: x86_64-unknown-linux-gnu
               bindgen: false
               library:
@@ -205,7 +202,7 @@ jobs:
               bindgen: false
               library:
                 name: libressl
-                version: 3.8.1
+                version: 3.8.2
       name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
       runs-on: ubuntu-latest
       env:
@@ -239,7 +236,7 @@ jobs:
         - uses: actions/cache@v3
           with:
             path: /opt/openssl
-            key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-2
+            key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-6
           if: matrix.library.version != 'vendored'
           id: openssl-cache
         - run: |
@@ -250,7 +247,7 @@ jobs:
           run: |
             case "${{ matrix.library.name }}" in
             "openssl")
-              url="https://openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
+              url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
               tar_flags="--strip-components=1"
               ;;
             "libressl")
@@ -313,11 +310,8 @@ jobs:
               make install
 
               # Copy stuff around so it's all as the build system expects.
-              cp -r rust/ "$OPENSSL_DIR/rust"
-              mkdir -p "$OPENSSL_DIR/crypto/"
-              mkdir -p "$OPENSSL_DIR/ssl/"
-              cp "$OPENSSL_DIR/lib/libcrypto.a" "$OPENSSL_DIR/crypto/"
-              cp "$OPENSSL_DIR/lib/libssl.a" "$OPENSSL_DIR/ssl/"
+              cp -r ../rust/ "$OPENSSL_DIR/rust"
+              cp -r ./ "$OPENSSL_DIR/build"
             esac
 
           if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit
@@ -356,6 +350,7 @@ jobs:
           run: |
             if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then
               features="--features unstable_boringssl"
+              BORINGSSL_BUILD_DIR="$OPENSSL_DIR/build/"
             fi
             if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
               features="--features vendored"

diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md
@@ -2,6 +2,76 @@
 
 ## [Unreleased]
 
+## [v0.9.99] - 2024-01-19
+
+### Added
+
+* On macOS added Homebrew's `[email protected]` to the list of candidates to build against.
+* `NID_brainpoolP256r1`, `NID_brainpoolP320r1`, `NID_brainpoolP384r1`, and `NID_brainpoolP512r1` are now available on LibreSSL.
+
+### Changed
+
+* `X509_PURPOSE` is now opaque on LibreSSL 3.9.0+.
+
+## [v0.9.98] - 2023-12-22
+
+### Added
+
+* Added `RAND_priv_bytes`.
+* Added `NID_brainpoolP320r1`.
+
+### Changed
+
+* `X509_PURPOSE_get0` now returns a `const` pointer on LibreSSL 3.9.0+.
+* `X509V3_EXT_add_alias` is removed on LibreSSL 3.9.0+.
+
+## [v0.9.97] - 2023-12-04
+
+### Changed
+
+* libatomic is no longer dynamically linked for 32 bit ARM targets.
+
+### Added
+
+* Added `SSL_read_ex`, `SSL_peek_ex`, and `SSL_write_ex`.
+
+## [v0.9.96] - 2023-11-22
+
+### Changed
+
+* `EVP_chacha20` is now available on LibreSSL
+
+### Added
+
+* Added `EVP_des_ede3_ecb`, `EVP_des_ede3_cfb8`, `EVP_des_ede3_ofb`, `EVP_camellia_128_ofb`, `EVP_camellia_192_ofb`, `EVP_camellia_256_ofb`, `EVP_cast5_ofb`, `EVP_idea_ofb`
+* Added `X509_STORE_get1_all_certs`
+* Added `SSL_CTRL_GET_PEER_TMP_KEY`, `SSL_CTRL_GET_TMP_KEY`, `SSL_get_peer_tmp_key`, `SSL_get_tmp_key`
+
+## [v0.9.95] - 2023-11-03
+
+### Changed
+
+* Fixed the availability of `EVP_PKEY_RSA_PSS` on OpenSSL
+
+### Added
+
+* Added support for LibreSSL 3.8.x.
+* Added `NID_chacha20_poly1305`
+
+## [v0.9.94] - 2023-11-01
+
+### Changed
+
+* `X509_ALGOR` is now opaque on new LibreSSL releases
+
+### Added
+
+* Added support for building with `OPENSSL_NO_SCRYPT`
+* Added `EVP_PKEY_RSA_PSS` and `EVP_PKEY_DHX`
+* Functions and constants for using HKDF `EVP_PKEY` are now available on LibreSSL.
+* Added `SSL_CTX_set_security_level`, `SSL_set_security_level`, `SSL_CTX_get_security_level`, `SSL_get_security_level`
+* Added `X509_check_host`, `X509_check_email`, `X509_check_ip`, `X509_check_ip_asc`
+
 ## [v0.9.93] - 2023-09-04
 
 ### Changed
@@ -508,7 +578,13 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.93..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.99..master
+[v0.9.99]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.98...openssl-sys-v0.9.99
+[v0.9.98]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98
+[v0.9.97]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.96...openssl-sys-v0.9.97
+[v0.9.96]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.95...openssl-sys-v0.9.96
+[v0.9.95]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.94...openssl-sys-v0.9.95
+[v0.9.94]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.93...openssl-sys-v0.9.94
 [v0.9.93]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.92...openssl-sys-v0.9.93
 [v0.9.92]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.91...openssl-sys-v0.9.92
 [v0.9.91]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.90...openssl-sys-v0.9.91

diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.93"
+version = "0.9.99"
 authors = [
     "Alex Crichton <[email protected]>",
     "Steven Fackler <[email protected]>",
@@ -23,7 +23,7 @@ libc = "0.2"
 bssl-sys = { version = "0.1.0", optional = true }
 
 [build-dependencies]
-bindgen = { version = "0.64.0", optional = true, features = ["experimental"] }
+bindgen = { version = "0.65.0", optional = true, features = ["experimental"] }
 cc = "1.0.61"
 openssl-src = { version = "300.1.2", optional = true, features = ["legacy"] }
 pkg-config = "0.3.9"

diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs
@@ -53,9 +53,18 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
         if libressl_version >= 0x3_07_00_00_0 {
             cfgs.push("libressl370");
         }
+        if libressl_version >= 0x3_08_00_00_0 {
+            cfgs.push("libressl380");
+        }
         if libressl_version >= 0x3_08_01_00_0 {
             cfgs.push("libressl381");
         }
+        if libressl_version >= 0x3_08_02_00_0 {
+            cfgs.push("libressl382");
+        }
+        if libressl_version >= 0x3_09_00_00_0 {
+            cfgs.push("libressl390");
+        }
     } else {
         let openssl_version = openssl_version.unwrap();
 

diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c
@@ -134,3 +134,7 @@ RUST_CONF_OPENSSL_NO_DEPRECATED_3_0
 #ifdef OPENSSL_NO_SEED
 RUST_CONF_OPENSSL_NO_SEED
 #endif
+
+#ifdef OPENSSL_NO_SCRYPT
+RUST_CONF_OPENSSL_NO_SCRYPT
+#endif
diff --git a/openssl-sys/build/find_normal.rs b/openssl-sys/build/find_normal.rs
@@ -32,7 +32,7 @@ pub fn get_openssl(target: &str) -> (Vec<PathBuf>, PathBuf) {
 }
 
 fn resolve_with_wellknown_homebrew_location(dir: &str) -> Option<PathBuf> {
-    let versions = ["openssl@3", "[email protected]"];
+    let versions = ["openssl@3", "openssl@3.0", "openssl@1.1"];
 
     // Check up default aarch 64 Homebrew installation location first
     // for quick resolution if possible.

diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
@@ -60,6 +60,14 @@ fn check_ssl_kind() {
     if cfg!(feature = "unstable_boringssl") {
         println!("cargo:rustc-cfg=boringssl");
         println!("cargo:boringssl=true");
+
+        if let Ok(vars) = env::var("DEP_BSSL_CONF") {
+            for var in vars.split(',') {
+                println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
+            }
+            println!("cargo:conf={}", vars);
+        }
+
         // BoringSSL does not have any build logic, exit early
         std::process::exit(0);
     }
@@ -122,7 +130,7 @@ fn main() {
             || env::var("CARGO_CFG_TARGET_OS").unwrap() == "android")
         && env::var("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap() == "32"
     {
-        println!("cargo:rustc-link-lib=dylib=atomic");
+        println!("cargo:rustc-link-lib=atomic");
     }
 
     if kind == "static" && target.contains("windows") {
@@ -223,6 +231,11 @@ See rust-openssl documentation for more information:
         }
     }
 
+    for enabled in &enabled {
+        println!("cargo:rustc-cfg=osslconf=\"{}\"", enabled);
+    }
+    println!("cargo:conf={}", enabled.join(","));
+
     if is_boringssl {
         println!("cargo:rustc-cfg=boringssl");
         println!("cargo:boringssl=true");
@@ -233,11 +246,6 @@ See rust-openssl documentation for more information:
     // We set this for any non-BoringSSL lib.
     println!("cargo:rustc-cfg=openssl");
 
-    for enabled in &enabled {
-        println!("cargo:rustc-cfg=osslconf=\"{}\"", enabled);
-    }
-    println!("cargo:conf={}", enabled.join(","));
-
     for cfg in cfgs::get(openssl_version, libressl_version) {
         println!("cargo:rustc-cfg={}", cfg);
     }
@@ -284,6 +292,7 @@ See rust-openssl documentation for more information:
             (3, 7, _) => ('3', '7', 'x'),
             (3, 8, 0) => ('3', '8', '0'),
             (3, 8, 1) => ('3', '8', '1'),
+            (3, 8, _) => ('3', '8', 'x'),
             _ => version_error(),
         };
 

diff --git a/openssl-sys/build/run_bindgen.rs b/openssl-sys/build/run_bindgen.rs
@@ -111,6 +111,12 @@ pub fn run(include_dirs: &[PathBuf]) {
 #[cfg(feature = "bindgen")]
 pub fn run_boringssl(include_dirs: &[PathBuf]) {
     let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+    fs::File::create(out_dir.join("boring_static_wrapper.h"))
+        .expect("Failed to create boring_static_wrapper.h")
+        .write_all(INCLUDES.as_bytes())
+        .expect("Failed to write contents to boring_static_wrapper.h");
+
     let mut builder = bindgen::builder()
         .rust_target(RustTarget::Stable_1_47)
         .ctypes_prefix("::libc")
@@ -119,14 +125,19 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .enable_function_attribute_detection()
         .default_macro_constant_type(MacroTypeVariation::Signed)
         .rustified_enum("point_conversion_form_t")
-        .allowlist_file(".*/openssl/[^/]+\\.h")
+        .allowlist_file(".*[/\\\\]openssl/[^/]+\\.h")
         .allowlist_recursively(false)
         .blocklist_function("BIO_vsnprintf")
         .blocklist_function("OPENSSL_vasprintf")
         .wrap_static_fns(true)
         .wrap_static_fns_path(out_dir.join("boring_static_wrapper").display().to_string())
         .layout_tests(false)
-        .header_contents("includes.h", INCLUDES);
+        .header(
+            out_dir
+                .join("boring_static_wrapper.h")
+                .display()
+                .to_string(),
+        );
 
     for include_dir in include_dirs {
         builder = builder
@@ -140,21 +151,9 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .write_to_file(out_dir.join("bindgen.rs"))
         .unwrap();
 
-    fs::File::create(out_dir.join("boring_static_wrapper.h"))
-        .expect("Failed to create boring_static_wrapper.h")
-        .write_all(INCLUDES.as_bytes())
-        .expect("Failed to write contents to boring_static_wrapper.h");
-
     cc::Build::new()
         .file(out_dir.join("boring_static_wrapper.c"))
         .includes(include_dirs)
-        .flag("-include")
-        .flag(
-            &out_dir
-                .join("boring_static_wrapper.h")
-                .display()
-                .to_string(),
-        )
         .compile("boring_static_wrapper");
 }
 
@@ -180,7 +179,7 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .arg("--enable-function-attribute-detection")
         .arg("--default-macro-constant-type=signed")
         .arg("--rustified-enum=point_conversion_form_t")
-        .arg("--allowlist-file=.*/openssl/[^/]+\\.h")
+        .arg("--allowlist-file=.*[/\\\\]openssl/[^/]+\\.h")
         .arg("--no-recursive-allowlist")
         .arg("--blocklist-function=BIO_vsnprintf")
         .arg("--blocklist-function=OPENSSL_vasprintf")
@@ -203,13 +202,6 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
     cc::Build::new()
         .file(out_dir.join("boring_static_wrapper.c"))
         .includes(include_dirs)
-        .flag("-include")
-        .flag(
-            &out_dir
-                .join("boring_static_wrapper.h")
-                .display()
-                .to_string(),
-        )
         .compile("boring_static_wrapper");
 }