From 7c333469609bc08d740ebaef10a0234f23dd85b8 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 18 Mar 2018 21:17:49 -0700 Subject: [PATCH] Remove version-specific features Closes #852 --- .circleci/config.yml | 3 +- openssl/Cargo.toml | 1 + openssl/src/dh.rs | 18 ++-- openssl/src/pkcs5.rs | 6 +- openssl/src/ssl/callbacks.rs | 34 ++++--- openssl/src/ssl/connector.rs | 4 +- openssl/src/ssl/mod.rs | 167 +++++++++++++++++------------------ openssl/src/ssl/test.rs | 63 ++++++------- openssl/src/symm.rs | 20 +++-- openssl/src/verify.rs | 4 +- openssl/src/x509/mod.rs | 3 +- 11 files changed, 152 insertions(+), 171 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4363e3769..35c235489 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -55,7 +55,6 @@ job: &JOB cargo test \ --manifest-path=openssl/Cargo.toml \ --target $TARGET \ - --all-features \ $TEST_ARGS - run: command: | @@ -87,7 +86,7 @@ macos_job: &MACOS_JOB - run: cargo run --manifest-path=systest/Cargo.toml - run: | PATH=/usr/local/opt/openssl/bin:$PATH - cargo test --manifest-path=openssl/Cargo.toml --all-features + cargo test --manifest-path=openssl/Cargo.toml - *SAVE_DEPS openssl_111: &OPENSSL_111 diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 7378a94a0..e78b65aa2 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -13,6 +13,7 @@ build = "build.rs" [package.metadata.docs.rs] all-features = true +# these are deprecated and don't do anything anymore [features] v101 = [] v102 = [] diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 58b4026c3..a90b10b86 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -83,9 +83,8 @@ impl Dh { ffi::d2i_DHparams } - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(any(ossl102, ossl110))] pub fn get_1024_160() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -93,9 +92,8 @@ impl Dh { } } - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(any(ossl102, ossl110))] pub fn get_2048_224() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -103,9 +101,8 @@ impl Dh { } } - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(any(ossl102, ossl110))] pub fn get_2048_256() -> Result, ErrorStack> { unsafe { ffi::init(); @@ -145,8 +142,7 @@ mod tests { use ssl::{SslContext, SslMethod}; #[test] - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] fn test_dh_rfc5114() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let dh1 = Dh::get_1024_160().unwrap(); diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index 7253837f3..03e3ee448 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -107,8 +107,8 @@ pub fn pbkdf2_hmac( /// Derives a key from a password and salt using the scrypt algorithm. /// -/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. -#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] +/// Requires OpenSSL 1.1.0 or newer. +#[cfg(any(ossl110))] pub fn scrypt( pass: &[u8], salt: &[u8], @@ -271,7 +271,7 @@ mod tests { } #[test] - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] fn scrypt() { use hex; diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 146679804..5b95ed029 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -1,30 +1,29 @@ use ffi; use libc::{c_char, c_int, c_uchar, c_uint, c_void}; -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] use libc::size_t; use std::ffi::CStr; use std::ptr; use std::slice; use std::mem; -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] use std::str; use foreign_types::ForeignTypeRef; use foreign_types::ForeignType; use error::ErrorStack; use dh::Dh; -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(ossl101, ossl102))] use ec::EcKey; use pkey::Params; use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContextRef, SslRef, SslSession, SslSessionRef}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] use ssl::AlpnError; use x509::X509StoreContextRef; -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] use ssl::ExtensionContext; -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] use x509::X509Ref; pub extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int @@ -118,8 +117,7 @@ where } } -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] pub extern "C" fn raw_alpn_select( ssl: *mut ffi::SSL, out: *mut *const c_uchar, @@ -175,7 +173,7 @@ where } } -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(ossl101, ossl102))] pub unsafe extern "C" fn raw_tmp_ecdh( ssl: *mut ffi::SSL, is_export: c_int, @@ -227,7 +225,7 @@ where } } -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(ossl101, ossl102))] pub unsafe extern "C" fn raw_tmp_ecdh_ssl( ssl: *mut ffi::SSL, is_export: c_int, @@ -320,9 +318,9 @@ pub unsafe extern "C" fn raw_remove_session( callback(ctx, session) } -#[cfg(any(ossl110, ossl111))] +#[cfg(any(ossl110))] type DataPtr = *const c_uchar; -#[cfg(not(any(ossl110, ossl111)))] +#[cfg(not(any(ossl110)))] type DataPtr = *mut c_uchar; pub unsafe extern "C" fn raw_get_session( @@ -352,7 +350,7 @@ where } } -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] pub unsafe extern "C" fn raw_keylog(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send, @@ -423,10 +421,10 @@ where } } -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] pub struct CustomExtAddState(Option); -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] pub extern "C" fn raw_custom_ext_add( ssl: *mut ffi::SSL, _: c_uint, @@ -480,7 +478,7 @@ where } } -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] pub extern "C" fn raw_custom_ext_free( ssl: *mut ffi::SSL, _: c_uint, @@ -497,7 +495,7 @@ pub extern "C" fn raw_custom_ext_free( } } -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] pub extern "C" fn raw_custom_ext_parse( ssl: *mut ffi::SSL, _: c_uint, diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index c04147069..89eb0ac32 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -296,7 +296,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { #[cfg(ossl102)] fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { - ctx._set_ecdh_auto(true) + ctx.set_ecdh_auto(true) } #[cfg(ossl110)] @@ -316,7 +316,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) { #[cfg(any(ossl102, ossl110))] fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { - let param = ssl._param_mut(); + let param = ssl.param_mut(); param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS); match domain.parse() { Ok(ip) => param.set_ip(ip), diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index f7f46a7f9..f3c4ed3a4 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -80,12 +80,11 @@ use std::sync::Mutex; use {cvt, cvt_n, cvt_p, init}; use dh::{Dh, DhRef}; use ec::EcKeyRef; -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +#[cfg(any(ossl101, ossl102))] use ec::EcKey; use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use x509::store::{X509StoreBuilderRef, X509StoreRef}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] use x509::store::X509Store; #[cfg(any(ossl102, ossl110))] use verify::X509VerifyParamRef; @@ -97,6 +96,7 @@ use ssl::bio::BioMethod; use ssl::error::InnerError; use ssl::callbacks::*; use nid::Nid; +#[cfg(ossl111)] use hash::MessageDigest; pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector, @@ -181,28 +181,27 @@ bitflags! { /// Disables the use of TLSv1.3. /// - /// Requires the `v111` feature and OpenSSL 1.1.1. - #[cfg(all(feature = "v111", ossl111))] + /// Requires OpenSSL 1.1.1 or newer. + #[cfg(ossl111)] const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3; /// Disables the use of DTLSv1.0 /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(any(ossl102, ossl110))] const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; /// Disables the use of DTLSv1.2. - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + /// + /// Requires OpenSSL 1.0.2, or newer. + #[cfg(any(ossl102, ossl110))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; /// Disables the use of all (D)TLS protocol versions. /// /// This can be used as a mask when whitelisting protocol versions. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// # Examples /// @@ -213,15 +212,14 @@ bitflags! { /// /// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2; /// ``` - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK; /// Enable TLSv1.3 Compatibility mode. /// - /// This is on by default in OpenSSL 1.1.1. A future version may have this - /// disabled by default. - #[cfg(all(feature = "v111", ossl111))] + /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version + /// may have this disabled by default. + #[cfg(ossl111)] const ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT; } } @@ -368,7 +366,7 @@ bitflags! { } } -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] bitflags! { /// Which messages and under which conditions an extension should be added or expected. pub struct ExtensionContext: c_uint { @@ -542,19 +540,17 @@ impl SslAlert { /// An error returned from an ALPN selection callback. /// -/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +/// Requires OpenSSL 1.0.2 or newer. +#[cfg(any(ossl102, ossl110))] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] impl AlpnError { /// Terminate the handshake with a fatal alert. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(any(ossl110))] pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); /// Do not select a protocol, but continue the handshake. @@ -580,8 +576,8 @@ impl SslVersion { /// TLSv1.3 /// - /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. - #[cfg(all(feature = "v111", ossl111))] + /// Requires OpenSSL 1.1.1 or newer. + #[cfg(ossl111)] pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION); } @@ -725,13 +721,12 @@ impl SslContextBuilder { /// Sets a custom certificate store for verifying peer certificates. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// /// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { unsafe { let ptr = cert_store.as_ptr(); @@ -819,10 +814,10 @@ impl SslContextBuilder { /// indicating if the selected cipher is export-grade, and the key length. The export and key /// length options are archaic and should be ignored in almost all cases. /// - /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2. + /// Requires OpenSSL 1.0.1 or 1.0.2. /// /// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`. - #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] + #[cfg(any(ossl101, ossl102))] pub fn set_tmp_ecdh_callback(&mut self, callback: F) where F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, @@ -1032,18 +1027,13 @@ impl SslContextBuilder { /// Enables ECDHE key exchange with an automatically chosen curve list. /// - /// Requires the `v102` feature and OpenSSL 1.0.2. + /// Requires OpenSSL 1.0.2. /// /// This corresponds to [`SSL_CTX_set_ecdh_auto`]. /// /// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html - #[cfg(all(feature = "v102", any(ossl102, libressl)))] - pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { - self._set_ecdh_auto(onoff) - } - #[cfg(any(ossl102, libressl))] - fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { + pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } } @@ -1089,10 +1079,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn set_min_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_min_proto_version( @@ -1109,10 +1099,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn set_max_proto_version(&mut self, version: Option) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_max_proto_version( @@ -1129,10 +1119,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn min_proto_version(&mut self) -> Option { unsafe { let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr()); @@ -1151,10 +1141,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn max_proto_version(&mut self) -> Option { unsafe { let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr()); @@ -1175,11 +1165,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_alpn_protos`]. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(protocols.len() <= c_uint::max_value() as usize); @@ -1207,13 +1196,12 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_alpn_select_cb`]. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`select_next_proto`]: fn.select_next_proto.html /// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn set_alpn_select_callback(&mut self, callback: F) where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, @@ -1409,12 +1397,12 @@ impl SslContextBuilder { /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message /// traffic. The line does not contain a trailing newline. /// - /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.1 or newer. /// /// This corresponds to [`SSL_CTX_set_keylog_callback`]. /// /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html - #[cfg(all(feature = "v111", ossl111))] + #[cfg(ossl111)] pub fn set_keylog_callback(&mut self, callback: F) where F: Fn(&SslRef, &str) + 'static + Sync + Send, @@ -1510,10 +1498,12 @@ impl SslContextBuilder { /// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions. /// + /// Requires OpenSSL 1.1.1 or newer. + /// /// This corresponds to [`SSL_CTX_add_custom_ext`]. /// /// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html - #[cfg(all(feature = "v111", ossl111))] + #[cfg(ossl111)] pub fn add_custom_ext( &mut self, ext_type: u16, @@ -1632,13 +1622,12 @@ impl SslContext { impl SslContextRef { /// Returns the certificate associated with this `SslContext`, if present. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_certificate`]. /// /// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn certificate(&self) -> Option<&X509Ref> { unsafe { let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr()); @@ -1652,13 +1641,12 @@ impl SslContextRef { /// Returns the private key associated with this `SslContext`, if present. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_CTX_get0_privatekey`]. /// /// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn private_key(&self) -> Option<&PKeyRef> { unsafe { let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr()); @@ -1819,26 +1807,38 @@ impl SslCipherRef { /// Returns the handshake digest of the cipher. /// - /// Available as of OpenSSL 1.1.1. This corresponds to [`SSL_CIPHER_get_handshake_digest`]. + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_CIPHER_get_handshake_digest`]. /// /// [`SSL_CIPHER_get_handshake_digest`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_handshake_digest.html - #[cfg(all(feature = "v111", ossl111))] + #[cfg(ossl111)] pub fn handshake_digest(&self) -> Option { unsafe { let ptr = ffi::SSL_CIPHER_get_handshake_digest(self.as_ptr()); - if ptr.is_null() { None } else { Some(MessageDigest::from_ptr(ptr)) } + if ptr.is_null() { + None + } else { + Some(MessageDigest::from_ptr(ptr)) + } } } /// Returns the NID corresponding to the cipher. /// - /// Available as of OpenSSL 1.1.0. This corresponds to [`SSL_CIPHER_get_cipher_nid`] + /// Requires OpenSSL 1.1.0 or newer. + /// + /// This corresponds to [`SSL_CIPHER_get_cipher_nid`]. /// /// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn cipher_nid(&self) -> Option { let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) }; - if n == 0 { None } else { Some(Nid::from_raw(n)) } + if n == 0 { + None + } else { + Some(Nid::from_raw(n)) + } } } @@ -2053,12 +2053,12 @@ impl SslRef { /// Like [`SslContextBuilder::set_tmp_ecdh_callback`]. /// - /// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2. + /// Requires OpenSSL 1.0.1 or 1.0.2. /// /// This corresponds to `SSL_set_tmp_ecdh_callback`. /// /// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback - #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] + #[cfg(any(ossl101, ossl102))] pub fn set_tmp_ecdh_callback(&mut self, callback: F) where F: Fn(&mut SslRef, bool, u32) -> Result, ErrorStack> + 'static + Sync + Send, @@ -2077,13 +2077,13 @@ impl SslRef { /// Like [`SslContextBuilder::set_ecdh_auto`]. /// - /// Requires the `v102` feature and OpenSSL 1.0.2. + /// Requires OpenSSL 1.0.2. /// /// This corresponds to [`SSL_set_ecdh_auto`]. /// /// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh /// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html - #[cfg(all(feature = "v102", ossl102))] + #[cfg(ossl102)] pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } } @@ -2255,13 +2255,12 @@ impl SslRef { /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// to interpret it. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_get0_alpn_selected`]. /// /// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { unsafe { let mut data: *const c_uchar = ptr::null(); @@ -2331,19 +2330,13 @@ impl SslRef { /// Returns a mutable reference to the X509 verification configuration. /// - /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.0.2 or newer. /// /// This corresponds to [`SSL_get0_param`]. /// /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] - pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { - self._param_mut() - } - #[cfg(any(ossl102, ossl110))] - fn _param_mut(&mut self) -> &mut X509VerifyParamRef { + pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } } @@ -2377,12 +2370,12 @@ impl SslRef { /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random /// value. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// This corresponds to [`SSL_get_client_random`]. /// /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn client_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) @@ -2394,12 +2387,12 @@ impl SslRef { /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random /// value. /// - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. + /// Requires OpenSSL 1.1.0 or newer. /// /// This corresponds to [`SSL_get_server_random`]. /// /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + #[cfg(any(ossl110))] pub fn server_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index 8be3e4d69..c732f3fc9 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -20,11 +20,10 @@ use ocsp::{OcspResponse, OcspResponseStatus}; use ssl; use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType}; -#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] +#[cfg(any(ossl110))] use ssl::SslVersion; use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] use x509::verify::X509CheckFlags; use pkey::PKey; @@ -138,17 +137,14 @@ macro_rules! run_test( use ssl::{SslContext, Ssl, SslStream, SslVerifyMode, SslOptions}; use hash::MessageDigest; use x509::{X509StoreContext, X509VerifyResult}; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] use x509::X509; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] use x509::store::X509StoreBuilder; use hex::FromHex; use foreign_types::ForeignTypeRef; use super::Server; - #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] + #[cfg(any(ossl102, ossl110))] use super::ROOT_CERT; #[test] @@ -188,8 +184,7 @@ run_test!(verify_trusted, |method, stream| { } }); -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] run_test!(verify_trusted_with_set_cert, |method, stream| { let x509 = X509::from_pem(ROOT_CERT).unwrap(); let mut store = X509StoreBuilder::new().unwrap(); @@ -484,8 +479,7 @@ fn test_state() { /// Tests that connecting with the client using ALPN, but the server not does not /// break the existing connection behavior. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn test_connect_with_unilateral_alpn() { let (_s, stream) = Server::new(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -507,8 +501,7 @@ fn test_connect_with_unilateral_alpn() { /// Tests that when both the client as well as the server use ALPN and their /// lists of supported protocols have an overlap, the correct protocol is chosen. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn test_connect_with_alpn_successful_multiple_matching() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -531,8 +524,7 @@ fn test_connect_with_alpn_successful_multiple_matching() { /// lists of supported protocols have an overlap -- with only ONE protocol /// being valid for both. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn test_connect_with_alpn_successful_single_match() { let (_s, stream) = Server::new_alpn(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -554,8 +546,7 @@ fn test_connect_with_alpn_successful_single_match() { /// Tests that when the `SslStream` is created as a server stream, the protocols /// are correctly advertised to the client. #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn test_alpn_server_advertise_multiple() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -597,7 +588,7 @@ fn test_alpn_server_advertise_multiple() { } #[test] -#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] +#[cfg(any(ossl110))] fn test_alpn_server_select_none_fatal() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -631,8 +622,7 @@ fn test_alpn_server_select_none_fatal() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn test_alpn_server_select_none() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let localhost = listener.local_addr().unwrap(); @@ -799,8 +789,7 @@ fn add_extra_chain_cert() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn verify_valid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -825,8 +814,7 @@ fn verify_valid_hostname() { } #[test] -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] fn verify_invalid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -1070,8 +1058,7 @@ fn tmp_dh_callback() { } #[test] -#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))), - all(feature = "v102", ossl102)))] +#[cfg(any(all(ossl101, not(libressl)), ossl102))] fn tmp_ecdh_callback() { use ec::EcKey; use nid::Nid; @@ -1145,8 +1132,7 @@ fn tmp_dh_callback_ssl() { } #[test] -#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))), - all(feature = "v102", ossl102)))] +#[cfg(any(all(ossl101, not(libressl)), ossl102))] fn tmp_ecdh_callback_ssl() { use ec::EcKey; use nid::Nid; @@ -1323,7 +1309,7 @@ fn keying_export() { } #[test] -#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] +#[cfg(any(ossl110))] fn no_version_overlap() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); @@ -1354,7 +1340,7 @@ fn no_version_overlap() { } #[test] -#[cfg(all(feature = "v111", ossl111))] +#[cfg(ossl111)] fn custom_extensions() { static FOUND_EXTENSION: AtomicBool = ATOMIC_BOOL_INIT; @@ -1369,9 +1355,13 @@ fn custom_extensions() { ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); ctx.add_custom_ext( - 12345, ssl::ExtensionContext::CLIENT_HELLO, + 12345, + ssl::ExtensionContext::CLIENT_HELLO, |_, _, _| -> Result, _> { unreachable!() }, - |_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) } + |_, _, data, _| { + FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); + Ok(()) + }, ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.accept(stream).unwrap(); @@ -1380,9 +1370,10 @@ fn custom_extensions() { let stream = TcpStream::connect(addr).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.add_custom_ext( - 12345, ssl::ExtensionContext::CLIENT_HELLO, + 12345, + ssl::ExtensionContext::CLIENT_HELLO, |_, _, _| Ok(Some(b"hello")), - |_, _, _, _| unreachable!() + |_, _, _, _| unreachable!(), ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.connect(stream).unwrap(); diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index a70685847..1937dbc7f 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -83,7 +83,11 @@ impl Cipher { /// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_get_cipherbyname.html pub fn from_nid(nid: Nid) -> Option { let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) }; - if ptr.is_null() { None } else { Some(Cipher(ptr)) } + if ptr.is_null() { + None + } else { + Some(Cipher(ptr)) + } } pub fn aes_128_ecb() -> Cipher { @@ -194,14 +198,14 @@ impl Cipher { unsafe { Cipher(ffi::EVP_rc4()) } } - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(any(ossl110))] pub fn chacha20() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20()) } } - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(any(ossl110))] pub fn chacha20_poly1305() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } } @@ -439,7 +443,7 @@ impl Crypter { /// /// The total plaintext or ciphertext length MUST be passed to the cipher when it operates in /// CCM mode. - pub fn set_data_len(&mut self, data_len: usize)-> Result<(), ErrorStack> { + pub fn set_data_len(&mut self, data_len: usize) -> Result<(), ErrorStack> { unsafe { assert!(data_len <= c_int::max_value() as usize); let mut len = 0; @@ -1203,7 +1207,7 @@ mod tests { } #[test] - #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] + #[cfg(any(ossl110))] fn test_chacha20() { let key = "0000000000000000000000000000000000000000000000000000000000000000"; let iv = "00000000000000000000000000000000"; @@ -1218,7 +1222,7 @@ mod tests { } #[test] - #[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))] + #[cfg(any(ossl110))] fn test_chacha20_poly1305() { let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"; let iv = "070000004041424344454647"; diff --git a/openssl/src/verify.rs b/openssl/src/verify.rs index de76f61fb..19e57c178 100644 --- a/openssl/src/verify.rs +++ b/openssl/src/verify.rs @@ -15,8 +15,8 @@ bitflags! { const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; const SINGLE_LABEL_SUBDOMAINS = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; - /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. - #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(any(ossl110))] const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index ef4b57e55..d4714f88b 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -40,8 +40,7 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data, X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain, X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore}; -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), - all(feature = "v111", ossl111)))] +#[cfg(any(ossl102, ossl110))] pub mod verify; pub mod extension; -- GitLab