Enable HKDF support for LibreSSL >= 3.6.0 (96567a22) · Commits · Public Repositories / Rust Openssl

openssl-sys/src/evp.rs

+14 −14

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ pub const EVP_PKEY_HMAC: c_int = NID_hmac;
		pub const EVP_PKEY_CMAC: c_int = NID_cmac;
		#[cfg(ossl111)]
		pub const EVP_PKEY_POLY1305: c_int = NID_poly1305;
		#[cfg(ossl110)]
		#[cfg(any(ossl110, libressl360))]
		pub const EVP_PKEY_HKDF: c_int = NID_hkdf;

		#[cfg(ossl102)]
		@@ -201,31 +201,31 @@ pub const EVP_PKEY_CTRL_CIPHER: c_int = 12;

		pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000;

		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		pub const EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: c_int = 0;

		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		pub const EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: c_int = 1;

		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		pub const EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: c_int = 2;

		#[cfg(ossl110)]
		#[cfg(any(ossl110, libressl360))]
		pub const EVP_PKEY_CTRL_HKDF_MD: c_int = EVP_PKEY_ALG_CTRL + 3;

		#[cfg(ossl110)]
		#[cfg(any(ossl110, libressl360))]
		pub const EVP_PKEY_CTRL_HKDF_SALT: c_int = EVP_PKEY_ALG_CTRL + 4;

		#[cfg(ossl110)]
		#[cfg(any(ossl110, libressl360))]
		pub const EVP_PKEY_CTRL_HKDF_KEY: c_int = EVP_PKEY_ALG_CTRL + 5;

		#[cfg(ossl110)]
		#[cfg(any(ossl110, libressl360))]
		pub const EVP_PKEY_CTRL_HKDF_INFO: c_int = EVP_PKEY_ALG_CTRL + 6;

		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		pub const EVP_PKEY_CTRL_HKDF_MODE: c_int = EVP_PKEY_ALG_CTRL + 7;

		#[cfg(all(ossl111, not(ossl300)))]
		#[cfg(any(all(ossl111, not(ossl300)), libressl360))]
		pub unsafe fn EVP_PKEY_CTX_set_hkdf_mode(ctx: *mut EVP_PKEY_CTX, mode: c_int) -> c_int {
		EVP_PKEY_CTX_ctrl(
		ctx,
		@@ -237,7 +237,7 @@ pub unsafe fn EVP_PKEY_CTX_set_hkdf_mode(ctx: *mut EVP_PKEY_CTX, mode: c_int) ->
		)
		}

		#[cfg(all(ossl110, not(ossl300)))]
		#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
		pub unsafe fn EVP_PKEY_CTX_set_hkdf_md(ctx: mut EVP_PKEY_CTX, md: const EVP_MD) -> c_int {
		EVP_PKEY_CTX_ctrl(
		ctx,
		@@ -249,7 +249,7 @@ pub unsafe fn EVP_PKEY_CTX_set_hkdf_md(ctx: mut EVP_PKEY_CTX, md: const EVP_MD
		)
		}

		#[cfg(all(ossl110, not(ossl300)))]
		#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
		pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(
		ctx: *mut EVP_PKEY_CTX,
		salt: *const u8,
		@@ -265,7 +265,7 @@ pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(
		)
		}

		#[cfg(all(ossl110, not(ossl300)))]
		#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
		pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(
		ctx: *mut EVP_PKEY_CTX,
		key: *const u8,
		@@ -281,7 +281,7 @@ pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(
		)
		}

		#[cfg(all(ossl110, not(ossl300)))]
		#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
		pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info(
		ctx: *mut EVP_PKEY_CTX,
		info: *const u8,

openssl-sys/src/obj_mac.rs

+2 −0

Original line number	Diff line number	Diff line
		@@ -928,6 +928,8 @@ pub const NID_X25519: c_int = 950;
		pub const NID_X448: c_int = 1035;
		#[cfg(ossl110)]
		pub const NID_hkdf: c_int = 1036;
		#[cfg(libressl360)]
		pub const NID_hkdf: c_int = 1022;
		#[cfg(ossl111)]
		pub const NID_poly1305: c_int = 1061;
		#[cfg(ossl111)]

openssl/src/pkey.rs

+1 −1

Original line number	Diff line number	Diff line
		@@ -92,7 +92,7 @@ impl Id {
		#[cfg(ossl111)]
		pub const SM2: Id = Id(ffi::EVP_PKEY_SM2);

		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);

		#[cfg(any(ossl111, boringssl, libressl370))]

openssl/src/pkey_ctx.rs

+10 −10

Original line number	Diff line number	Diff line
		@@ -80,10 +80,10 @@ use std::convert::TryFrom;
		use std::ptr;

		/// HKDF modes of operation.
		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		pub struct HkdfMode(c_int);

		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		impl HkdfMode {
		/// This is the default mode. Calling [`derive`][PkeyCtxRef::derive] on a [`PkeyCtxRef`] set up
		/// for HKDF will perform an extract followed by an expand operation in one go. The derived key
		@@ -566,7 +566,7 @@ impl<T> PkeyCtxRef<T> {
		///
		/// Requires OpenSSL 1.1.0 or newer.
		#[corresponds(EVP_PKEY_CTX_set_hkdf_md)]
		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		#[inline]
		pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack> {
		unsafe {
		@@ -589,7 +589,7 @@ impl<T> PkeyCtxRef<T> {
		///
		/// Requires OpenSSL 1.1.1 or newer.
		#[corresponds(EVP_PKEY_CTX_set_hkdf_mode)]
		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		#[inline]
		pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack> {
		unsafe {
		@@ -608,7 +608,7 @@ impl<T> PkeyCtxRef<T> {
		///
		/// Requires OpenSSL 1.1.0 or newer.
		#[corresponds(EVP_PKEY_CTX_set1_hkdf_key)]
		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		#[inline]
		pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> {
		#[cfg(not(boringssl))]
		@@ -633,7 +633,7 @@ impl<T> PkeyCtxRef<T> {
		///
		/// Requires OpenSSL 1.1.0 or newer.
		#[corresponds(EVP_PKEY_CTX_set1_hkdf_salt)]
		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		#[inline]
		pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack> {
		#[cfg(not(boringssl))]
		@@ -658,7 +658,7 @@ impl<T> PkeyCtxRef<T> {
		///
		/// Requires OpenSSL 1.1.0 or newer.
		#[corresponds(EVP_PKEY_CTX_add1_hkdf_info)]
		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		#[inline]
		pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack> {
		#[cfg(not(boringssl))]
		@@ -855,7 +855,7 @@ mod test {
		}

		#[test]
		#[cfg(any(ossl110, boringssl))]
		#[cfg(any(ossl110, boringssl, libressl360))]
		fn hkdf() {
		let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
		ctx.derive_init().unwrap();
		@@ -877,7 +877,7 @@ mod test {
		}

		#[test]
		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		fn hkdf_expand() {
		let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
		ctx.derive_init().unwrap();
		@@ -901,7 +901,7 @@ mod test {
		}

		#[test]
		#[cfg(ossl111)]
		#[cfg(any(ossl111, libressl360))]
		fn hkdf_extract() {
		let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
		ctx.derive_init().unwrap();

systest/build.rs

+4 −1

Original line number	Diff line number	Diff line
		@@ -69,8 +69,11 @@ fn main() {
		.header("openssl/evp.h")
		.header("openssl/x509_vfy.h");

		if libressl_version.is_some() {
		if let Some(version) = libressl_version {
		cfg.header("openssl/poly1305.h");
		if version >= 0x30600000 {
		cfg.header("openssl/kdf.h");
		}
		}

		if let Some(version) = openssl_version {