Merge remote-tracking branch 'upstream/master' into support-xof-squeeze

Author: initsecret

.github/workflows/ci.yml

@@ -62,7 +62,7 @@ jobs:
       # Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs`
       - uses: sfackler/actions/rustup@master
         with:
-          version: 1.56.0
+          version: 1.63.0
       - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
         id: rust-version
       - uses: actions/cache@v4
@@ -72,8 +72,6 @@ jobs:
           restore-keys: |
             index-${{ runner.os }}-
       - run: cargo generate-lockfile
-      - run: |
-          cargo update -p cc --precise 1.0.94
       - uses: actions/cache@v4
         with:
           path: ~/.cargo/registry/cache
@@ -155,22 +153,26 @@ jobs:
               version: e23fe9b6eecc10e4f9ea1f0027fea5eaee7bd6b6
             - name: openssl
               version: vendored
+            - name: openssl
+              version: 3.4.0-beta1
             - name: openssl
               version: 3.3.0
             - name: openssl
               version: 3.2.0
-              dl-path: /
             - name: openssl
+              old: true
               version: 1.1.1w
-              dl-path: /
             - name: openssl
               version: 1.1.0l
+              old: true
               dl-path: /old/1.1.0
             - name: openssl
               version: 1.0.2u
+              old: true
               dl-path: /old/1.0.2
             - name: openssl
               version: 1.0.1u
+              old: true
               dl-path: /old/1.0.1
           include:
             - target: x86_64-unknown-linux-gnu
@@ -182,17 +184,17 @@ jobs:
               bindgen: true
               library:
                 name: libressl
-                version: 3.7.3
+                version: 3.8.4
             - target: x86_64-unknown-linux-gnu
               bindgen: true
               library:
                 name: libressl
-                version: 3.8.3
+                version: 3.9.2
             - target: x86_64-unknown-linux-gnu
               bindgen: true
               library:
                 name: libressl
-                version: 3.9.1
+                version: 4.0.0
             - target: x86_64-unknown-linux-gnu
               bindgen: false
               library:
@@ -202,17 +204,17 @@ jobs:
               bindgen: false
               library:
                 name: libressl
-                version: 3.7.3
+                version: 3.8.4
             - target: x86_64-unknown-linux-gnu
               bindgen: false
               library:
                 name: libressl
-                version: 3.8.3
+                version: 3.9.2
             - target: x86_64-unknown-linux-gnu
               bindgen: false
               library:
                 name: libressl
-                version: 3.9.1
+                version: 4.0.0
       name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
       runs-on: ubuntu-latest
       env:
@@ -257,7 +259,11 @@ jobs:
           run: |
             case "${{ matrix.library.name }}" in
             "openssl")
-              url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
+              if [[ "${{ matrix.library.old }}" == "true" ]]; then
+                url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
+              else
+                url="https://github.com/openssl/openssl/releases/download/openssl-${{ matrix.library.version }}/openssl-${{ matrix.library.version }}.tar.gz"
+              fi
               tar_flags="--strip-components=1"
               ;;
             "libressl")

.rustfmt.toml

@@ -0,0 +1 @@
+# this project uses the default rustfmt settings

Cargo.toml

@@ -1,4 +1,5 @@
 [workspace]
+resolver = "2"
 members = [
     "openssl",
     "openssl-errors",

openssl-errors/Cargo.toml

@@ -2,12 +2,13 @@
 name = "openssl-errors"
 version = "0.2.0"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
-edition = "2018"
+edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "Custom error library support for the openssl crate."
 repository = "https://github.com/sfackler/rust-openssl"
 readme = "README.md"
 categories = ["api-bindings"]
+rust-version = "1.63.0"
 
 [dependencies]
 cfg-if = "1.0"

openssl-macros/Cargo.toml

@@ -1,10 +1,11 @@
 [package]
 name = "openssl-macros"
 version = "0.1.1"
-edition = "2018"
+edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "Internal macros used by the openssl crate."
 repository = "https://github.com/sfackler/rust-openssl"
+rust-version = "1.63.0"
 
 [lib]
 proc-macro = true

openssl-sys/CHANGELOG.md

@@ -2,6 +2,22 @@
 
 ## [Unreleased]
 
+## [v0.9.104] - 2024-10-15
+
+### Added
+
+* Added support for LibreSSL 4.0.x.
+* Added `EVP_KDF_*` and `EVP_KDF_CTX_*` bindings.
+* Added `EVP_DigestSqueeze`.
+* Added `OSSL_PARAM_construct_octet_string`.
+* Added `OSSL_set_max_threads` and `OSSL_get_max_threads`.
+
+### Changed
+
+* `openssl-sys` is now a 2021 edition crate
+* Explicitly specify the MSRV in `Cargo.toml`
+* Raised the `bindgen` (optional) dependency from 0.65 to 0.69
+
 ## [v0.9.103] - 2024-07-20
 
 ### Added
@@ -607,7 +623,8 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.104..master
+[v0.9.104]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104
 [v0.9.103]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.102...openssl-sys-v0.9.103
 [v0.9.102]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.101...openssl-sys-v0.9.102
 [v0.9.101]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101

openssl-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.103"
+version = "0.9.104"
 authors = [
     "Alex Crichton <alex@alexcrichton.com>",
     "Steven Fackler <sfackler@gmail.com>",
@@ -12,7 +12,8 @@ readme = "README.md"
 categories = ["cryptography", "external-ffi-bindings"]
 links = "openssl"
 build = "build/main.rs"
-edition = "2018"
+edition = "2021"
+rust-version = "1.63.0"
 
 [features]
 vendored = ['openssl-src']
@@ -23,7 +24,7 @@ libc = "0.2"
 bssl-sys = { version = "0.1.0", optional = true }
 
 [build-dependencies]
-bindgen = { version = "0.65.0", optional = true, features = ["experimental"] }
+bindgen = { version = "0.69.0", optional = true, features = ["experimental"] }
 cc = "1.0.61"
 openssl-src = { version = "300.2.0", optional = true, features = ["legacy"] }
 pkg-config = "0.3.9"

openssl-sys/build/cfgs.rs

@@ -71,6 +71,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
     } else {
         let openssl_version = openssl_version.unwrap();
 
+        if openssl_version >= 0x3_04_00_00_0 {
+            cfgs.push("ossl340");
+        }
         if openssl_version >= 0x3_03_00_00_0 {
             cfgs.push("ossl330");
         }

openssl-sys/build/find_normal.rs

@@ -102,13 +102,21 @@ fn find_openssl_dir(target: &str) -> OsString {
         return OsString::from("/usr/local");
     }
 
+    let msg_header =
+        "Could not find directory of OpenSSL installation, and this `-sys` crate cannot
+proceed without this knowledge. If OpenSSL is installed and this crate had
+trouble finding it,  you can set the `OPENSSL_DIR` environment variable for the
+compilation process.";
+
+    println!(
+        "cargo:warning={} See stderr section below for further information.",
+        msg_header.replace('\n', " ")
+    );
+
     let mut msg = format!(
         "
 
-Could not find directory of OpenSSL installation, and this `-sys` crate cannot
-proceed without this knowledge. If OpenSSL is installed and this crate had
-trouble finding it,  you can set the `OPENSSL_DIR` environment variable for the
-compilation process.
+{}
 
 Make sure you also have the development packages of openssl installed.
 For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
@@ -122,6 +130,7 @@ $TARGET = {}
 openssl-sys = {}
 
 ",
+        msg_header,
         host,
         target,
         env!("CARGO_PKG_VERSION")
@@ -187,7 +196,8 @@ https://github.com/sfackler/rust-openssl#windows
         );
     }
 
-    panic!("{}", msg);
+    eprintln!("{}", msg);
+    std::process::exit(101); // same as panic previously
 }
 
 /// Attempt to find OpenSSL through pkg-config.
@@ -212,7 +222,7 @@ fn try_pkg_config() {
     {
         Ok(lib) => lib,
         Err(e) => {
-            println!("run pkg_config fail: {:?}", e);
+            println!("\n\nCould not find openssl via pkg-config:\n{}\n", e);
             return;
         }
     };

openssl-sys/build/main.rs

@@ -120,6 +120,7 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(ossl310)");
     println!("cargo:rustc-check-cfg=cfg(ossl320)");
     println!("cargo:rustc-check-cfg=cfg(ossl330)");
+    println!("cargo:rustc-check-cfg=cfg(ossl340)");
 
     check_ssl_kind();
 
@@ -379,6 +380,8 @@ See rust-openssl documentation for more information:
             (3, 8, _) => ('3', '8', 'x'),
             (3, 9, 0) => ('3', '9', '0'),
             (3, 9, _) => ('3', '9', 'x'),
+            (4, 0, 0) => ('4', '0', '0'),
+            (4, 0, _) => ('4', '0', 'x'),
             _ => version_error(),
         };
 
@@ -421,7 +424,7 @@ fn version_error() -> ! {
         "
 
 This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5
-through 3.9.x, but a different version of OpenSSL was found. The build is now aborting
+through 4.0.x, but a different version of OpenSSL was found. The build is now aborting
 due to this version mismatch.
 
 "

openssl-sys/build/run_bindgen.rs

@@ -63,6 +63,10 @@ const INCLUDES: &str = "
 #if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
 #include <openssl/poly1305.h>
 #endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30200000
+#include <openssl/thread.h>
+#endif
 ";
 
 #[cfg(feature = "bindgen")]

openssl-sys/src/evp.rs

@@ -184,12 +184,28 @@ cfg_if! {
         pub const EVP_PKEY_OP_DERIVE: c_int = 1 << 10;
     }
 }
+#[cfg(ossl340)]
+pub const EVP_PKEY_OP_SIGNMSG: c_int = 1 << 14;
+#[cfg(ossl340)]
+pub const EVP_PKEY_OP_VERIFYMSG: c_int = 1 << 15;
 
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
-    | EVP_PKEY_OP_VERIFY
-    | EVP_PKEY_OP_VERIFYRECOVER
-    | EVP_PKEY_OP_SIGNCTX
-    | EVP_PKEY_OP_VERIFYCTX;
+cfg_if! {
+    if #[cfg(ossl340)] {
+        pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+            | EVP_PKEY_OP_SIGNMSG
+            | EVP_PKEY_OP_VERIFY
+            | EVP_PKEY_OP_VERIFYMSG
+            | EVP_PKEY_OP_VERIFYRECOVER
+            | EVP_PKEY_OP_SIGNCTX
+            | EVP_PKEY_OP_VERIFYCTX;
+    } else {
+        pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+            | EVP_PKEY_OP_VERIFY
+            | EVP_PKEY_OP_VERIFYRECOVER
+            | EVP_PKEY_OP_SIGNCTX
+            | EVP_PKEY_OP_VERIFYCTX;
+    }
+}
 
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
 

openssl-sys/src/handwritten/conf.rs

@@ -1,7 +1,13 @@
 use super::super::*;
 
+const_ptr_api! {
+    extern "C" {
+        pub fn NCONF_new(meth: #[const_ptr_if(libressl400)] CONF_METHOD) -> *mut CONF;
+    }
+}
+
 extern "C" {
-    pub fn NCONF_new(meth: *mut CONF_METHOD) -> *mut CONF;
+    #[cfg(not(libressl400))]
     pub fn NCONF_default() -> *mut CONF_METHOD;
     pub fn NCONF_free(conf: *mut CONF);
 }

openssl-sys/src/handwritten/kdf.rs

@@ -21,6 +21,14 @@ cfg_if! {
                 info: *const u8,
                 infolen: c_int,
             ) -> c_int;
+            pub fn EVP_KDF_CTX_new(kdf: *mut EVP_KDF) -> *mut EVP_KDF_CTX;
+            pub fn EVP_KDF_CTX_free(ctx: *mut EVP_KDF_CTX);
+            pub fn EVP_KDF_CTX_reset(ctx: *mut EVP_KDF_CTX);
+            pub fn EVP_KDF_CTX_get_kdf_size(ctx: *mut EVP_KDF_CTX) -> size_t;
+            pub fn EVP_KDF_derive(ctx: *mut EVP_KDF_CTX, key: *mut u8, keylen: size_t, params: *const OSSL_PARAM) -> c_int;
+            pub fn EVP_KDF_fetch(ctx: *mut OSSL_LIB_CTX, algorithm: *const c_char, properties: *const c_char) -> *mut EVP_KDF;
+            pub fn EVP_KDF_free(kdf: *mut EVP_KDF);
         }
+
     }
 }

openssl-sys/src/handwritten/mod.rs

@@ -29,6 +29,8 @@ pub use self::sha::*;
 pub use self::srtp::*;
 pub use self::ssl::*;
 pub use self::stack::*;
+#[cfg(ossl320)]
+pub use self::thread::*;
 pub use self::tls1::*;
 pub use self::types::*;
 pub use self::x509::*;
@@ -66,6 +68,8 @@ mod sha;
 mod srtp;
 mod ssl;
 mod stack;
+#[cfg(ossl320)]
+mod thread;
 mod tls1;
 mod types;
 mod x509;

openssl-sys/src/handwritten/params.rs

@@ -6,4 +6,11 @@ extern "C" {
     pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM;
     #[cfg(ossl300)]
     pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM;
+    #[cfg(ossl300)]
+    pub fn OSSL_PARAM_construct_octet_string(
+        key: *const c_char,
+        buf: *mut c_void,
+        bsize: size_t,
+    ) -> OSSL_PARAM;
+
 }

openssl-sys/src/handwritten/thread.rs

@@ -0,0 +1,7 @@
+use super::super::*;
+use libc::*;
+
+extern "C" {
+    pub fn OSSL_set_max_threads(ctx: *mut OSSL_LIB_CTX, max_threads: u64) -> c_int;
+    pub fn OSSL_get_max_threads(ctx: *mut OSSL_LIB_CTX) -> u64;
+}