diff --git a/.circleci/config.yml b/.circleci/config.yml index d39f47df33d3045553aeb0d13b449b46d06ac53b..af6536da0a860402d4618a04f0b6df12e1792abe 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -90,6 +90,9 @@ macos_job: &MACOS_JOB cargo test --manifest-path=openssl/Cargo.toml --all-features - *SAVE_DEPS +openssl_111: &OPENSSL_111 + LIBRARY: openssl + VERSION: 1.1.1-pre1 openssl_110: &OPENSSL_110 LIBRARY: openssl VERSION: 1.1.0g @@ -125,6 +128,10 @@ base: &BASE version: 2 jobs: + x86_64-openssl-1.1.1: + <<: *JOB + environment: + <<: [*OPENSSL_111, *X86_64, *BASE] x86_64-openssl-1.1.0: <<: *JOB environment: @@ -137,6 +144,10 @@ jobs: <<: *JOB environment: <<: [*OPENSSL_101, *X86_64, *BASE] + i686-openssl-1.1.1: + <<: *JOB + environment: + <<: [*OPENSSL_111, *I686, *BASE] i686-openssl-1.1.0: <<: *JOB environment: @@ -145,10 +156,10 @@ jobs: <<: *JOB environment: <<: [*OPENSSL_102, *I686, *BASE] - i686-openssl-1.0.1: + armhf-openssl-1.1.1: <<: *JOB environment: - <<: [*OPENSSL_101, *I686, *BASE] + <<: [*OPENSSL_111, *ARMHF, *BASE] armhf-openssl-1.1.0: <<: *JOB environment: @@ -157,10 +168,6 @@ jobs: <<: *JOB environment: <<: [*OPENSSL_102, *ARMHF, *BASE] - armhf-openssl-1.0.1: - <<: *JOB - environment: - <<: [*OPENSSL_101, *ARMHF, *BASE] x86_64-libressl-2.5.0: <<: *JOB environment: @@ -175,15 +182,16 @@ workflows: version: 2 tests: jobs: + - x86_64-openssl-1.1.1 - x86_64-openssl-1.1.0 - x86_64-openssl-1.0.2 - x86_64-openssl-1.0.1 + - i686-openssl-1.1.1 - i686-openssl-1.1.0 - i686-openssl-1.0.2 - - i686-openssl-1.0.1 + - armhf-openssl-1.1.1 - armhf-openssl-1.1.0 - armhf-openssl-1.0.2 - - armhf-openssl-1.0.1 - x86_64-libressl-2.5.0 - x86_64-libressl-2.6.3 - macos diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index 3d6829628d93e462810a1c361868e14990da894a..7df226f2a459604ab07383bcb2dd453a119a3d5a 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -343,8 +343,10 @@ RUST_LIBRESSL_251 RUST_LIBRESSL_250 #elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000 RUST_LIBRESSL_OLD -#elif OPENSSL_VERSION_NUMBER >= 0x10101000 +#elif OPENSSL_VERSION_NUMBER >= 0x10102000 RUST_OPENSSL_NEW +#elif OPENSSL_VERSION_NUMBER >= 0x10101000 +RUST_OPENSSL_111 #elif OPENSSL_VERSION_NUMBER >= 0x10100060 RUST_OPENSSL_110F #elif OPENSSL_VERSION_NUMBER >= 0x10100000 @@ -471,6 +473,11 @@ See rust-openssl README for more information: println!("cargo:libressl_version=26x"); println!("cargo:version=101"); Version::Libressl + } else if expanded.contains("RUST_OPENSSL_111") { + println!("cargo:rustc-cfg=ossl111"); + println!("cargo:rustc-cfg=ossl110"); + println!("cargo:version=111"); + Version::Openssl110 } else if expanded.contains("RUST_OPENSSL_110F") { println!("cargo:rustc-cfg=ossl110"); println!("cargo:rustc-cfg=ossl110f"); @@ -493,9 +500,9 @@ See rust-openssl README for more information: panic!( " -This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, or LibreSSL -2.5 and 2.6.0, but a different version of OpenSSL was found. The build is now -aborting due to this version mismatch. +This crate is only compatible with OpenSSL 1.0.1 through 1.1.1, or LibreSSL 2.5 +and 2.6, but a different version of OpenSSL was found. The build is now aborting +due to this version mismatch. " ); diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 52b5eda44ae3e2ebf3cd3f9c20d72931f76d0b1a..c26d254c3ef23d9a1ff55a69460f46d7d0861338 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1255,9 +1255,9 @@ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; #[cfg(not(libressl))] pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; -#[cfg(not(any(libressl, ossl110f)))] +#[cfg(not(any(libressl, ossl110f, ossl111)))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; -#[cfg(ossl110f)] +#[cfg(any(ossl110f, ossl111))] pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; @@ -1276,16 +1276,22 @@ pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; #[cfg(not(libressl))] pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; -pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; +pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; +#[cfg(ossl111)] +pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; #[cfg(not(any(ossl101, libressl)))] pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; #[cfg(not(any(ossl101, libressl)))] pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(not(any(ossl101, libressl, ossl111)))] pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; +#[cfg(ossl111)] +pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 + | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 + | SSL_OP_NO_TLSv1_3; pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM; pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1; @@ -2498,9 +2504,9 @@ extern "C" { ); pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION; pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; - #[cfg(not(any(ossl101, libressl, ossl110f)))] + #[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))] pub fn SSL_is_server(s: *mut SSL) -> c_int; - #[cfg(ossl110f)] + #[cfg(any(ossl110f, ossl111))] pub fn SSL_is_server(s: *const SSL) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 0ed91b8df862a31c3d5812842b28da1eeae6b8d9..b8e88ea934ce2a5cc48cabb05483374dddb35544 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -17,6 +17,7 @@ all-features = true v101 = [] v102 = [] v110 = [] +v111 = [] [dependencies] bitflags = "1.0" diff --git a/openssl/build.rs b/openssl/build.rs index eb8894fd3f6d4fdeaeb46f7153e35d551ef86eeb..2d44c46d60f2f2fb88640c3d0ab45e05f11eb137 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -13,6 +13,10 @@ fn main() { Ok(ref v) if v == "110" => { println!("cargo:rustc-cfg=ossl110"); } + Ok(ref v) if v == "111" => { + println!("cargo:rustc-cfg=ossl110"); + println!("cargo:rustc-cfg=ossl111"); + } _ => panic!("Unable to detect OpenSSL version"), } diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index bd0ecd17510ee074ed76863f3980602991b70662..58b4026c34994ff3356dddce41f49880f053081e 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -83,8 +83,9 @@ impl Dh { ffi::d2i_DHparams } - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn get_1024_160() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -92,8 +93,9 @@ impl Dh { } } - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn get_2048_224() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -101,8 +103,9 @@ impl Dh { } } - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn get_2048_256() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -142,7 +145,8 @@ mod tests { use ssl::{SslContext, SslMethod}; #[test] - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_dh_rfc5114() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let dh1 = Dh::get_1024_160().unwrap(); diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index 02201f02ce1b308fcbd4f8f38a243d01dcf124c1..7253837f3b6473250b6db2dae4c2be36da0b7a26 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -59,9 +59,9 @@ pub fn bytes_to_key( ))?; let mut key = vec![0; len as usize]; - let iv_ptr = iv.as_mut().map(|v| v.as_mut_ptr()).unwrap_or( - ptr::null_mut(), - ); + let iv_ptr = iv.as_mut() + .map(|v| v.as_mut_ptr()) + .unwrap_or(ptr::null_mut()); cvt(ffi::EVP_BytesToKey( cipher, @@ -107,8 +107,8 @@ pub fn pbkdf2_hmac( /// Derives a key from a password and salt using the scrypt algorithm. /// -/// Requires the `v110` feature and OpenSSL 1.1.0. -#[cfg(all(feature = "v110", ossl110))] +/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. +#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub fn scrypt( pass: &[u8], salt: &[u8], @@ -150,24 +150,9 @@ mod tests { assert_eq!( buf, &[ - 0x55_u8, - 0xac_u8, - 0x04_u8, - 0x6e_u8, - 0x56_u8, - 0xe3_u8, - 0x08_u8, - 0x9f_u8, - 0xec_u8, - 0x16_u8, - 0x91_u8, - 0xc2_u8, - 0x25_u8, - 0x44_u8, - 0xb6_u8, - 0x05_u8, - ] - [..] + 0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, 0xec_u8, + 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8, + ][..] ); super::pbkdf2_hmac( @@ -180,24 +165,9 @@ mod tests { assert_eq!( buf, &[ - 0x4d_u8, - 0xdc_u8, - 0xd8_u8, - 0xf6_u8, - 0x0b_u8, - 0x98_u8, - 0xbe_u8, - 0x21_u8, - 0x83_u8, - 0x0c_u8, - 0xee_u8, - 0x5e_u8, - 0xf2_u8, - 0x27_u8, - 0x01_u8, - 0xf9_u8, - ] - [..] + 0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, 0x83_u8, + 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8, + ][..] ); } @@ -211,72 +181,15 @@ mod tests { assert_eq!( &buf[..], &[ - 0x73_u8, - 0xde_u8, - 0xcf_u8, - 0xa5_u8, - 0x8a_u8, - 0xa2_u8, - 0xe8_u8, - 0x4f_u8, - 0x94_u8, - 0x77_u8, - 0x1a_u8, - 0x75_u8, - 0x73_u8, - 0x6b_u8, - 0xb8_u8, - 0x8b_u8, - 0xd3_u8, - 0xc7_u8, - 0xb3_u8, - 0x82_u8, - 0x70_u8, - 0xcf_u8, - 0xb5_u8, - 0x0c_u8, - 0xb3_u8, - 0x90_u8, - 0xed_u8, - 0x78_u8, - 0xb3_u8, - 0x05_u8, - 0x65_u8, - 0x6a_u8, - 0xf8_u8, - 0x14_u8, - 0x8e_u8, - 0x52_u8, - 0x45_u8, - 0x2b_u8, - 0x22_u8, - 0x16_u8, - 0xb2_u8, - 0xb8_u8, - 0x09_u8, - 0x8b_u8, - 0x76_u8, - 0x1f_u8, - 0xc6_u8, - 0x33_u8, - 0x60_u8, - 0x60_u8, - 0xa0_u8, - 0x9f_u8, - 0x76_u8, - 0x41_u8, - 0x5e_u8, - 0x9f_u8, - 0x71_u8, - 0xea_u8, - 0x47_u8, - 0xf9_u8, - 0xe9_u8, + 0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, 0x94_u8, + 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8, + 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xb3_u8, 0x90_u8, 0xed_u8, + 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, + 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, + 0x1f_u8, 0xc6_u8, 0x33_u8, 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, + 0x5e_u8, 0x9f_u8, 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8, - 0x43_u8, - 0x06_u8, - ] - [..] + ][..] ); super::pbkdf2_hmac( @@ -289,72 +202,15 @@ mod tests { assert_eq!( &buf[..], &[ - 0x71_u8, - 0xa0_u8, - 0xec_u8, - 0x84_u8, - 0x2a_u8, - 0xbd_u8, - 0x5c_u8, - 0x67_u8, - 0x8b_u8, - 0xcf_u8, - 0xd1_u8, - 0x45_u8, - 0xf0_u8, - 0x9d_u8, - 0x83_u8, - 0x52_u8, - 0x2f_u8, - 0x93_u8, - 0x36_u8, - 0x15_u8, - 0x60_u8, - 0x56_u8, - 0x3c_u8, - 0x4d_u8, - 0x0d_u8, - 0x63_u8, - 0xb8_u8, - 0x83_u8, - 0x29_u8, - 0x87_u8, - 0x10_u8, - 0x90_u8, - 0xe7_u8, - 0x66_u8, - 0x04_u8, - 0xa4_u8, - 0x9a_u8, - 0xf0_u8, - 0x8f_u8, - 0xe7_u8, - 0xc9_u8, - 0xf5_u8, - 0x71_u8, - 0x56_u8, - 0xc8_u8, - 0x79_u8, - 0x09_u8, - 0x96_u8, - 0xb2_u8, - 0x0f_u8, - 0x06_u8, - 0xbc_u8, - 0x53_u8, - 0x5e_u8, - 0x5a_u8, - 0xb5_u8, - 0x44_u8, - 0x0d_u8, - 0xf7_u8, - 0xe8_u8, - 0x78_u8, - 0x29_u8, - 0x6f_u8, + 0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, 0x8b_u8, + 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8, + 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, 0x0d_u8, 0x63_u8, 0xb8_u8, + 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, + 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, + 0x79_u8, 0x09_u8, 0x96_u8, 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, + 0x5a_u8, 0xb5_u8, 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8, - ] - [..] + ][..] ); super::pbkdf2_hmac( @@ -367,72 +223,15 @@ mod tests { assert_eq!( &buf[..], &[ - 0x01_u8, - 0x68_u8, - 0x71_u8, - 0xa4_u8, - 0xc4_u8, - 0xb7_u8, - 0x5f_u8, - 0x96_u8, - 0x85_u8, - 0x7f_u8, - 0xd2_u8, - 0xb9_u8, - 0xf8_u8, - 0xca_u8, - 0x28_u8, - 0x02_u8, - 0x3b_u8, - 0x30_u8, - 0xee_u8, - 0x2a_u8, + 0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, 0x85_u8, + 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, 0x3b_u8, 0x30_u8, + 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, 0xc8_u8, 0xc9_u8, 0x37_u8, + 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, + 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, + 0x00_u8, 0x56_u8, 0xc6_u8, 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, + 0x4b_u8, 0x1a_u8, 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8, - 0xf5_u8, - 0xad_u8, - 0xca_u8, - 0xc8_u8, - 0xc9_u8, - 0x37_u8, - 0x5f_u8, - 0x9b_u8, - 0xda_u8, - 0x1c_u8, - 0xcd_u8, - 0x1b_u8, - 0x6f_u8, - 0x0b_u8, - 0x2f_u8, - 0xc3_u8, - 0xad_u8, - 0xda_u8, - 0x50_u8, - 0x54_u8, - 0x12_u8, - 0xe7_u8, - 0x9d_u8, - 0x89_u8, - 0x00_u8, - 0x56_u8, - 0xc6_u8, - 0x2e_u8, - 0x52_u8, - 0x4c_u8, - 0x7d_u8, - 0x51_u8, - 0x15_u8, - 0x4b_u8, - 0x1a_u8, - 0x85_u8, - 0x34_u8, - 0x57_u8, - 0x5b_u8, - 0xd0_u8, - 0x2d_u8, - 0xee_u8, - 0x39_u8, - ] - [..] + ][..] ); } @@ -441,93 +240,19 @@ mod tests { let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; let data = [ - 143_u8, - 210_u8, - 75_u8, - 63_u8, - 214_u8, - 179_u8, - 155_u8, - 241_u8, - 242_u8, - 31_u8, - 154_u8, - 56_u8, - 198_u8, - 145_u8, - 192_u8, - 64_u8, - 2_u8, - 245_u8, - 167_u8, - 220_u8, - 55_u8, - 119_u8, - 233_u8, - 136_u8, - 139_u8, - 27_u8, - 71_u8, - 242_u8, - 119_u8, - 175_u8, - 65_u8, - 207_u8, + 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8, + 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, + 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8, ]; - - let expected_key = vec![ - 249_u8, - 115_u8, - 114_u8, - 97_u8, - 32_u8, - 213_u8, - 165_u8, - 146_u8, - 58_u8, - 87_u8, - 234_u8, - 3_u8, - 43_u8, - 250_u8, - 97_u8, - 114_u8, - 26_u8, - 98_u8, - 245_u8, - 246_u8, - 238_u8, - 177_u8, - 229_u8, - 161_u8, - 183_u8, - 224_u8, - 174_u8, - 3_u8, - 6_u8, - 244_u8, - 236_u8, - 255_u8, + 249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, 58_u8, 87_u8, 234_u8, + 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, 98_u8, 245_u8, 246_u8, 238_u8, 177_u8, + 229_u8, 161_u8, 183_u8, 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8, ]; let expected_iv = vec![ - 4_u8, - 223_u8, - 153_u8, - 219_u8, - 28_u8, - 142_u8, - 234_u8, - 68_u8, - 227_u8, - 69_u8, - 98_u8, - 107_u8, - 208_u8, - 14_u8, - 236_u8, - 60_u8, + 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8, + 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, ]; assert_eq!( @@ -546,14 +271,15 @@ mod tests { } #[test] - #[cfg(all(feature = "v110", ossl110))] + #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] fn scrypt() { use hex; let pass = "pleaseletmein"; let salt = "SodiumChloride"; - let expected = "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\ - f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887"; + let expected = + "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\ + f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887"; let mut actual = [0; 64]; super::scrypt( diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 7d884b4ebfffc18a0a1652131e2a79823b08f964..9a3d3de1c1382240fcf4ef4d422ad3f7f3c7d8bf 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -12,7 +12,8 @@ use dh::Dh; use ec::EcKey; use pkey::Params; use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslRef}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use ssl::AlpnError; use x509::X509StoreContextRef; @@ -107,7 +108,8 @@ where } } -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 9e485ab98cd130c092e0fea72307f45533d1d617..9d1ceadc9a0a197905d4a04a01d973555b339697 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -206,6 +206,12 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_intermediate(method: SslMethod) -> Result { let mut ctx = ctx(method)?; + #[cfg(ossl111)] + { + ctx.set_options(SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } let dh = Dh::params_from_pem(DHPARAM_PEM.as_bytes())?; ctx.set_tmp_dh(&dh)?; setup_curves(&mut ctx)?; @@ -232,6 +238,13 @@ impl SslAcceptor { /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS pub fn mozilla_modern(method: SslMethod) -> Result { let mut ctx = ctx(method)?; + ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); + #[cfg(ossl111)] + { + ctx.set_options(SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } setup_curves(&mut ctx)?; ctx.set_cipher_list( "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 2474c2abc3a88c0ab2d2d2fd6eb1c72ac59320df..8e483015a7201928768e89d83e6623906b1e010a 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -85,7 +85,8 @@ use ec::EcKeyRef; use ec::EcKey; use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use x509::store::{X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use x509::store::X509Store; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; @@ -177,22 +178,30 @@ bitflags! { /// Disables the use of TLSv1.2. const NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2; + /// Disables the use of TLSv1.3. + /// + /// Requires the `v111` feature and OpenSSL 1.1.1. + #[cfg(all(feature = "v111", ossl111))] + const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3; + /// Disables the use of DTLSv1.0 /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; /// Disables the use of DTLSv1.2. - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; /// Disables the use of all (D)TLS protocol versions. /// /// This can be used as a mask when whitelisting protocol versions. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// # Examples /// @@ -203,7 +212,8 @@ bitflags! { /// /// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2; /// ``` - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK; } } @@ -453,17 +463,19 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// -/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] #[derive(Debug, Copy, Clone)] pub struct AlpnError(c_int); -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// - /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(feature = "v110", ossl110))] + /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); /// Do not select a protocol, but continue the handshake. @@ -610,17 +622,17 @@ impl SslContextBuilder { /// Sets a custom certificate store for verifying peer certificates. /// - /// Requires the `v102` feature and OpenSSL 1.0.2, or the `v110` feature and OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { let ptr = cert_store.as_ptr(); - cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) - as c_int)?; + cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int)?; mem::forget(cert_store); Ok(()) @@ -650,8 +662,8 @@ impl SslContextBuilder { /// [`SSL_CTX_set_mode`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_mode.html pub fn set_mode(&mut self, mode: SslMode) -> SslMode { unsafe { - let mode = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits()); - SslMode::from_bits(mode).unwrap() + let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits()); + SslMode { bits } } } @@ -694,11 +706,7 @@ impl SslContextBuilder { /// /// This corresponds to `SSL_CTX_set_tmp_ecdh`. pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) - as c_int) - .map(|_| ()) - } + unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) } } /// Sets the callback which will generate parameters to be used during ephemeral elliptic curve @@ -942,8 +950,8 @@ impl SslContextBuilder { /// /// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html pub fn set_options(&mut self, option: SslOptions) -> SslOptions { - let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) }; - SslOptions::from_bits(ret).unwrap() + let bits = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) }; + SslOptions { bits } } /// Returns the options used by the context. @@ -952,8 +960,8 @@ impl SslContextBuilder { /// /// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html pub fn options(&self) -> SslOptions { - let ret = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) }; - SslOptions::from_bits(ret).unwrap() + let bits = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) }; + SslOptions { bits } } /// Clears the options used by the context, returning the old set. @@ -962,8 +970,8 @@ impl SslContextBuilder { /// /// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { - let ret = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) }; - SslOptions::from_bits(ret).unwrap() + let bits = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) }; + SslOptions { bits } } /// Sets the protocols to sent to the server for Application Layer Protocol Negotiation (ALPN). @@ -975,10 +983,11 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_alpn_protos`]. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::max_value() as usize); @@ -1006,12 +1015,13 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_alpn_select_cb`]. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, @@ -1086,9 +1096,7 @@ impl SslContextBuilder { Box::into_raw(callback) as *mut c_void, ); let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::; - cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) - as c_int) - .map(|_| ()) + cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ()) } } @@ -1206,12 +1214,13 @@ impl SslContext { impl SslContextRef { /// Returns the certificate associated with this `SslContext`, if present. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_CTX_get0_certificate`]. /// /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn certificate(&self) -> Option<&X509Ref> { unsafe { let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); @@ -1225,12 +1234,13 @@ impl SslContextRef { /// Returns the private key associated with this `SslContext`, if present. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_CTX_get0_privatekey`]. /// /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn private_key(&self) -> Option<&PKeyRef> { unsafe { let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); @@ -1782,12 +1792,13 @@ impl SslRef { /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// to interpret it. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get0_alpn_selected`]. /// /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -1857,12 +1868,13 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0. + /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get0_param`]. /// /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { self._param_mut() } diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index dc58c4fafa53722197e9d0de594ef3328efbdc42..51ae6cae0cbfbd674de47f3f909f2e4c82c251ba 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -21,7 +21,8 @@ use ssl; use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext, SslFiletype, SslMethod, SslStream, SslVerifyMode, StatusType}; use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use x509::verify::X509CheckFlags; use pkey::PKey; @@ -135,14 +136,17 @@ macro_rules! run_test( use ssl::{SslContext, Ssl, SslStream, SslVerifyMode, SslOptions}; use hash::MessageDigest; use x509::{X509StoreContext, X509VerifyResult}; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use x509::X509; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use x509::store::X509StoreBuilder; use hex::FromHex; use foreign_types::ForeignTypeRef; use super::Server; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] + #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] use super::ROOT_CERT; #[test] @@ -182,7 +186,8 @@ run_test!(verify_trusted, |method, stream| { } }); -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] run_test!(verify_trusted_with_set_cert, |method, stream| { let x509 = X509::from_pem(ROOT_CERT).unwrap(); let mut store = X509StoreBuilder::new().unwrap(); @@ -477,7 +482,8 @@ fn test_state() { /// Tests that connecting with the client using ALPN, but the server not does not /// break the existing connection behavior. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_connect_with_unilateral_alpn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -499,7 +505,8 @@ fn test_connect_with_unilateral_alpn() { /// Tests that when both the client as well as the server use ALPN and their /// lists of supported protocols have an overlap, the correct protocol is chosen. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_connect_with_alpn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -522,7 +529,8 @@ fn test_connect_with_alpn_successful_multiple_matching() { /// lists of supported protocols have an overlap -- with only ONE protocol /// being valid for both. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_connect_with_alpn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -544,7 +552,8 @@ fn test_connect_with_alpn_successful_single_match() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_alpn_server_advertise_multiple() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -586,7 +595,7 @@ fn test_alpn_server_advertise_multiple() { } #[test] -#[cfg(all(feature = "v110", ossl110))] +#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] fn test_alpn_server_select_none_fatal() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -620,7 +629,8 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn test_alpn_server_select_none() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -763,8 +773,11 @@ fn default_verify_paths() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SslVerifyMode::PEER); + let ctx = ctx.build(); let s = TcpStream::connect("google.com:443").unwrap(); - let mut socket = Ssl::new(&ctx.build()).unwrap().connect(s).unwrap(); + let mut ssl = Ssl::new(&ctx).unwrap(); + ssl.set_hostname("google.com").unwrap(); + let mut socket = ssl.connect(s).unwrap(); socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap(); let mut result = vec![]; @@ -784,7 +797,8 @@ fn add_extra_chain_cert() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn verify_valid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -794,6 +808,7 @@ fn verify_valid_hostname() { ssl.param_mut() .set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); ssl.param_mut().set_host("google.com").unwrap(); + ssl.set_hostname("google.com").unwrap(); let s = TcpStream::connect("google.com:443").unwrap(); let mut socket = ssl.connect(s).unwrap(); @@ -808,7 +823,8 @@ fn verify_valid_hostname() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] fn verify_invalid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -855,7 +871,6 @@ fn connector_invalid_no_hostname_verification() { connector .configure() .unwrap() - .use_server_name_indication(false) .verify_hostname(false) .connect("foobar.com", s) .unwrap(); @@ -895,7 +910,7 @@ fn connector_no_hostname_can_disable_verify() { #[test] fn connector_client_server_mozilla_intermediate() { - let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let listener = TcpListener::bind("127.0.0.1:1234").unwrap(); let port = listener.local_addr().unwrap().port(); let t = thread::spawn(move || { @@ -1038,6 +1053,13 @@ fn tmp_dh_callback() { let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + // TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :( + #[cfg(ossl111)] + { + ctx.set_options(super::SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); @@ -1106,6 +1128,13 @@ fn tmp_dh_callback_ssl() { let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); + // TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :( + #[cfg(ossl111)] + { + ctx.set_options(super::SslOptions { + bits: ::ffi::SSL_OP_NO_TLSv1_3, + }); + } ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index 5df77785aa59e7a023c73e962ec64744c0d839b4..7863fafb7f1fc5f8e6598fec85107db09dea3bd1 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -141,14 +141,14 @@ impl Cipher { unsafe { Cipher(ffi::EVP_rc4()) } } - /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(ossl110, feature = "v110"))] + /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] pub fn chacha20() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20()) } } - /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(ossl110, feature = "v110"))] + /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] pub fn chacha20_poly1305() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } } @@ -171,7 +171,11 @@ impl Cipher { pub fn iv_len(&self) -> Option { unsafe { let len = EVP_CIPHER_iv_length(self.0) as usize; - if len == 0 { None } else { Some(len) } + if len == 0 { + None + } else { + Some(len) + } } } @@ -594,7 +598,7 @@ pub fn decrypt_aead( } #[cfg(ossl110)] -use ffi::{EVP_CIPHER_iv_length, EVP_CIPHER_block_size, EVP_CIPHER_key_length}; +use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; #[cfg(ossl10x)] #[allow(bad_style)] @@ -627,74 +631,17 @@ mod tests { #[test] fn test_aes_256_ecb() { let k0 = [ - 0x00u8, - 0x01u8, - 0x02u8, - 0x03u8, - 0x04u8, - 0x05u8, - 0x06u8, - 0x07u8, - 0x08u8, - 0x09u8, - 0x0au8, - 0x0bu8, - 0x0cu8, - 0x0du8, - 0x0eu8, - 0x0fu8, - 0x10u8, - 0x11u8, - 0x12u8, - 0x13u8, - 0x14u8, - 0x15u8, - 0x16u8, - 0x17u8, - 0x18u8, - 0x19u8, - 0x1au8, - 0x1bu8, - 0x1cu8, - 0x1du8, - 0x1eu8, - 0x1fu8, + 0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, 0x08u8, 0x09u8, 0x0au8, + 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8, + 0x16u8, 0x17u8, 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8, ]; let p0 = [ - 0x00u8, - 0x11u8, - 0x22u8, - 0x33u8, - 0x44u8, - 0x55u8, - 0x66u8, - 0x77u8, - 0x88u8, - 0x99u8, - 0xaau8, - 0xbbu8, - 0xccu8, - 0xddu8, - 0xeeu8, - 0xffu8, + 0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, 0x88u8, 0x99u8, 0xaau8, + 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8, ]; let c0 = [ - 0x8eu8, - 0xa2u8, - 0xb7u8, - 0xcau8, - 0x51u8, - 0x67u8, - 0x45u8, - 0xbfu8, - 0xeau8, - 0xfcu8, - 0x49u8, - 0x90u8, - 0x4bu8, - 0x49u8, - 0x60u8, - 0x89u8, + 0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, 0x49u8, + 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8, ]; let mut c = super::Crypter::new( super::Cipher::aes_256_ecb(), @@ -726,74 +673,17 @@ mod tests { #[test] fn test_aes_256_cbc_decrypt() { let iv = [ - 4_u8, - 223_u8, - 153_u8, - 219_u8, - 28_u8, - 142_u8, - 234_u8, - 68_u8, - 227_u8, - 69_u8, - 98_u8, - 107_u8, - 208_u8, - 14_u8, - 236_u8, - 60_u8, + 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8, + 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, ]; let data = [ - 143_u8, - 210_u8, - 75_u8, - 63_u8, - 214_u8, - 179_u8, - 155_u8, - 241_u8, - 242_u8, - 31_u8, - 154_u8, - 56_u8, - 198_u8, - 145_u8, - 192_u8, - 64_u8, - 2_u8, - 245_u8, - 167_u8, - 220_u8, - 55_u8, - 119_u8, - 233_u8, - 136_u8, - 139_u8, - 27_u8, - 71_u8, - 242_u8, - 119_u8, - 175_u8, - 65_u8, - 207_u8, + 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8, + 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, + 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8, ]; let ciphered_data = [ - 0x4a_u8, - 0x2e_u8, - 0xe5_u8, - 0x6_u8, - 0xbf_u8, - 0xcf_u8, - 0xf2_u8, - 0xd7_u8, - 0xea_u8, - 0x2d_u8, - 0xb1_u8, - 0x85_u8, - 0x6c_u8, - 0x93_u8, - 0x65_u8, - 0x6f_u8, + 0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, 0xea_u8, + 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8, ]; let mut cr = super::Crypter::new( super::Cipher::aes_256_cbc(), @@ -868,7 +758,6 @@ mod tests { #[test] fn test_rc4() { - let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4"; let key = "97CD440324DA5FD1F7955C1C13B6B466"; @@ -894,7 +783,6 @@ mod tests { #[test] fn test_aes128_ctr() { - let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\ @@ -919,7 +807,6 @@ mod tests { #[test] fn test_aes128_cfb128() { - let pt = "6bc1bee22e409f96e93d7e117393172a"; let ct = "3b3fd92eb72dad20333449f8e83cfb4a"; let key = "2b7e151628aed2a6abf7158809cf4f3c"; @@ -930,7 +817,6 @@ mod tests { #[test] fn test_aes128_cfb8() { - let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9"; let key = "2b7e151628aed2a6abf7158809cf4f3c"; @@ -941,7 +827,6 @@ mod tests { #[test] fn test_aes256_cfb1() { - let pt = "6bc1"; let ct = "9029"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; @@ -952,7 +837,6 @@ mod tests { #[test] fn test_aes256_cfb128() { - let pt = "6bc1bee22e409f96e93d7e117393172a"; let ct = "dc7e84bfda79164b7ecd8486985d3860"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; @@ -963,7 +847,6 @@ mod tests { #[test] fn test_aes256_cfb8() { - let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let ct = "dc1f1a8520a64db55fcc8ac554844e889700"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; @@ -986,7 +869,6 @@ mod tests { #[test] fn test_bf_ecb() { - let pt = "5CD54CA83DEF57DA"; let ct = "B1B8CC0B250F09A0"; let key = "0131D9619DC1376E"; @@ -997,7 +879,6 @@ mod tests { #[test] fn test_bf_cfb64() { - let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3"; let key = "0123456789ABCDEFF0E1D2C3B4A59687"; @@ -1008,7 +889,6 @@ mod tests { #[test] fn test_bf_ofb() { - let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"; let key = "0123456789ABCDEFF0E1D2C3B4A59687"; @@ -1019,7 +899,6 @@ mod tests { #[test] fn test_des_cbc() { - let pt = "54686973206973206120746573742e"; let ct = "6f2867cfefda048a4046ef7e556c7132"; let key = "7cb66337f3d3c0fe"; @@ -1030,7 +909,6 @@ mod tests { #[test] fn test_des_ecb() { - let pt = "54686973206973206120746573742e"; let ct = "0050ab8aecec758843fe157b4dde938c"; let key = "7cb66337f3d3c0fe"; @@ -1041,7 +919,6 @@ mod tests { #[test] fn test_des_ede3() { - let pt = "9994f4c69d40ae4f34ff403b5cf39d4c8207ea5d3e19a5fd"; let ct = "9e5c4297d60582f81071ac8ab7d0698d4c79de8b94c519858207ea5d3e19a5fd"; let key = "010203040506070801020304050607080102030405060708"; @@ -1091,30 +968,34 @@ mod tests { } #[test] - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] fn test_chacha20() { let key = "0000000000000000000000000000000000000000000000000000000000000000"; let iv = "00000000000000000000000000000000"; - let pt = "000000000000000000000000000000000000000000000000000000000000000000000000000000000\ - 00000000000000000000000000000000000000000000000"; - let ct = "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\ - 724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"; + let pt = + "000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + 00000000000000000000000000000000000000000000000"; + let ct = + "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\ + 724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"; cipher_test(Cipher::chacha20(), pt, ct, key, iv); } #[test] - #[cfg(all(ossl110, feature = "v110"))] + #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] fn test_chacha20_poly1305() { let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"; let iv = "070000004041424344454647"; let aad = "50515253c0c1c2c3c4c5c6c7"; - let pt = "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\ - a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\ - 6865206675747572652c2073756e73637265656e20776f756c642062652069742e"; - let ct = "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\ - 2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\ - b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"; + let pt = + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\ + a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\ + 6865206675747572652c2073756e73637265656e20776f756c642062652069742e"; + let ct = + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\ + 2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\ + b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"; let tag = "1ae10b594f09e26a7e902ecbd0600691"; let mut actual_tag = [0; 16]; diff --git a/openssl/src/verify.rs b/openssl/src/verify.rs index 9ed8053995f7464f659033890be7f50eb37d28da..de76f61fb1e7c099b6572dcec12b2e0425f22acf 100644 --- a/openssl/src/verify.rs +++ b/openssl/src/verify.rs @@ -15,8 +15,8 @@ bitflags! { const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; - /// Requires the `v110` feature and OpenSSL 1.1.0. - #[cfg(all(feature = "v110", ossl110))] + /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index f3a8b8e61c74f29f25ce57d38524d4e7be7c6c68..a4bbb5f0cd23feb48aac511f4b171873d1c35de9 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -73,7 +73,8 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data, X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain, X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), + all(feature = "v111", ossl111)))] pub mod verify; pub mod extension; @@ -1090,7 +1091,6 @@ foreign_type_and_impl_send_sync! { } impl GeneralNameRef { - fn ia5_string(&self, ffi_type: c_int) -> Option<&str> { unsafe { if (*self.as_ptr()).type_ != ffi_type { diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs index c062125fd97d7bd2ae8dc11208a4222cdf946791..8a57ce5c2449d394f3d7594f691499dc2605cff2 100644 --- a/openssl/src/x509/verify.rs +++ b/openssl/src/x509/verify.rs @@ -1,5 +1,5 @@ //! X509 certificate verification //! -//! Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0. +//! Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. pub use verify::*; diff --git a/systest/build.rs b/systest/build.rs index af8ebbc145bef813b818f3eb4d90bb426a492c32..457d372bab50afbbb3905b16d9f24eecfe8ac5c1 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -28,13 +28,14 @@ fn main() { is_libressl = true; } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") { cfg.cfg(&format!("ossl{}", version), None); + if version == "111" { + cfg.cfg("ossl110", None); + } } - if let (Ok(version), Ok(patch)) = - ( - env::var("DEP_OPENSSL_VERSION"), - env::var("DEP_OPENSSL_PATCH"), - ) - { + if let (Ok(version), Ok(patch)) = ( + env::var("DEP_OPENSSL_VERSION"), + env::var("DEP_OPENSSL_PATCH"), + ) { cfg.cfg(&format!("ossl{}{}", version, patch), None); } if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { @@ -74,10 +75,12 @@ fn main() { } else if s == "_STACK" { format!("struct stack_st") // This logic should really be cleaned up - } else if is_struct && s != "point_conversion_form_t" && - s.chars().next().unwrap().is_lowercase() + } else if is_struct && s != "point_conversion_form_t" + && s.chars().next().unwrap().is_lowercase() { format!("struct {}", s) + } else if s.starts_with("stack_st_") { + format!("struct {}", s) } else { format!("{}", s) } @@ -104,13 +107,15 @@ fn main() { (s == "GENERAL_NAME" && field == "d") // union }); cfg.skip_signededness(|s| { - s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") || - s.starts_with("CRYPTO_") || s == "PasswordCallback" + s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") + || s.starts_with("CRYPTO_") || s == "PasswordCallback" }); - cfg.field_name(|_s, field| if field == "type_" { - format!("type") - } else { - format!("{}", field) + cfg.field_name(|_s, field| { + if field == "type_" { + format!("type") + } else { + format!("{}", field) + } }); cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string()); cfg.generate("../openssl-sys/src/lib.rs", "all.rs");