File Update-crate-openssl-to-v0.10.73.patch of Package sevctl.40373
From 1ab53d4563c58f913af297d6d9b3b555286a3466 Mon Sep 17 00:00:00 2001
From: Caleb Crane <ccrane@suse.de>
Date: Tue, 26 Aug 2025 13:59:04 -0400
Subject: [PATCH] Update crate rust-openssl-to-0.10.73
Signed-off-by: Caleb Crane <ccrane@suse.de>
---
Cargo.lock | 8 +-
Cargo.toml | 2 +-
vendor/openssl-sys/.cargo-checksum.json | 2 +-
vendor/openssl-sys/CHANGELOG.md | 56 +++-
vendor/openssl-sys/Cargo.toml | 30 +-
vendor/openssl-sys/build/cfgs.rs | 6 +
vendor/openssl-sys/build/expando.c | 14 +
vendor/openssl-sys/build/find_normal.rs | 23 +-
vendor/openssl-sys/build/main.rs | 86 +++++-
vendor/openssl-sys/build/run_bindgen.rs | 137 ++++++++-
vendor/openssl-sys/src/evp.rs | 30 +-
vendor/openssl-sys/src/handwritten/conf.rs | 8 +-
vendor/openssl-sys/src/handwritten/ec.rs | 4 +-
vendor/openssl-sys/src/handwritten/evp.rs | 7 +
vendor/openssl-sys/src/handwritten/kdf.rs | 8 +
vendor/openssl-sys/src/handwritten/mod.rs | 4 +
vendor/openssl-sys/src/handwritten/params.rs | 7 +
vendor/openssl-sys/src/handwritten/ssl.rs | 4 +
vendor/openssl-sys/src/handwritten/thread.rs | 7 +
vendor/openssl-sys/src/handwritten/types.rs | 6 +
.../openssl-sys/src/handwritten/x509_vfy.rs | 17 +-
vendor/openssl-sys/src/lib.rs | 42 ++-
vendor/openssl-sys/src/obj_mac.rs | 8 +-
vendor/openssl/.cargo-checksum.json | 2 +-
vendor/openssl/CHANGELOG.md | 80 +++++-
vendor/openssl/Cargo.lock | 204 ++++++++------
vendor/openssl/Cargo.toml | 46 ++-
vendor/openssl/LICENSE-APACHE | 202 ++++++++++++++
vendor/openssl/build.rs | 15 +-
vendor/openssl/src/aes.rs | 16 +-
vendor/openssl/src/asn1.rs | 53 ++--
vendor/openssl/src/bio.rs | 14 +-
vendor/openssl/src/bn.rs | 54 ++--
vendor/openssl/src/cipher.rs | 26 +-
vendor/openssl/src/cipher_ctx.rs | 181 +++++++++++-
vendor/openssl/src/conf.rs | 4 +-
vendor/openssl/src/derive.rs | 6 +-
vendor/openssl/src/dh.rs | 6 +-
vendor/openssl/src/dsa.rs | 10 +-
vendor/openssl/src/ec.rs | 14 +-
vendor/openssl/src/ecdsa.rs | 2 +-
vendor/openssl/src/encrypt.rs | 20 +-
vendor/openssl/src/error.rs | 24 +-
vendor/openssl/src/hash.rs | 138 +++++++--
vendor/openssl/src/kdf.rs | 176 ++++++++++++
vendor/openssl/src/lib.rs | 21 +-
vendor/openssl/src/md.rs | 14 +-
vendor/openssl/src/md_ctx.rs | 30 +-
vendor/openssl/src/nid.rs | 20 +-
vendor/openssl/src/ocsp.rs | 24 +-
vendor/openssl/src/pkcs12.rs | 6 +-
vendor/openssl/src/pkcs5.rs | 16 +-
vendor/openssl/src/pkey.rs | 78 ++++--
vendor/openssl/src/pkey_ctx.rs | 50 ++--
vendor/openssl/src/rsa.rs | 33 ++-
vendor/openssl/src/sign.rs | 120 +++-----
vendor/openssl/src/srtp.rs | 4 +-
vendor/openssl/src/ssl/bio.rs | 40 ++-
vendor/openssl/src/ssl/callbacks.rs | 40 +--
vendor/openssl/src/ssl/connector.rs | 2 +-
vendor/openssl/src/ssl/mod.rs | 261 +++++++++---------
vendor/openssl/src/ssl/test/mod.rs | 38 +--
vendor/openssl/src/stack.rs | 6 +-
vendor/openssl/src/string.rs | 4 +-
vendor/openssl/src/symm.rs | 81 +++---
vendor/openssl/src/util.rs | 27 +-
vendor/openssl/src/version.rs | 7 +-
vendor/openssl/src/x509/mod.rs | 143 ++++------
vendor/openssl/src/x509/store.rs | 18 +-
vendor/openssl/src/x509/tests.rs | 56 ++--
vendor/openssl/src/x509/verify.rs | 12 +-
vendor/openssl/test/corrupted-rsa.pem | 28 ++
72 files changed, 2116 insertions(+), 872 deletions(-)
create mode 100644 vendor/openssl-sys/src/handwritten/thread.rs
create mode 100644 vendor/openssl/LICENSE-APACHE
create mode 100644 vendor/openssl/src/kdf.rs
create mode 100644 vendor/openssl/test/corrupted-rsa.pem
diff --git a/Cargo.lock b/Cargo.lock
index f258f06c..b019815f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -646,9 +646,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
[[package]]
name = "openssl"
-version = "0.10.66"
+version = "0.10.73"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1"
+checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8"
dependencies = [
"bitflags 2.6.0",
"cfg-if",
@@ -687,9 +687,9 @@ dependencies = [
[[package]]
name = "openssl-sys"
-version = "0.9.103"
+version = "0.9.109"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"
+checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571"
dependencies = [
"cc",
"libc",
diff --git a/Cargo.toml b/Cargo.toml
index 243bea66..7a8c5682 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -34,7 +34,7 @@ codicon = "3.0"
colorful = "0.2.2"
libc = "0.2.139"
base64 = "0.13.0"
-openssl = { version = "0.10", features = ["vendored"] }
+openssl = { version = "0.10.73", features = ["vendored"] }
uuid = "1.3.2"
anyhow = "1.0.57"
log = "0.4"
diff --git a/vendor/openssl-sys/.cargo-checksum.json b/vendor/openssl-sys/.cargo-checksum.json
index 8ef7f54c..26529db2 100644
--- a/vendor/openssl-sys/.cargo-checksum.json
+++ b/vendor/openssl-sys/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"d3d7b84142e4fc72afe5577f0ca415236af58c468e2676ed38756a84626deefe","Cargo.toml":"e3f0287eed1741001bf8240745cd4421d6727d5669039ab6c884abee095cb5ed","LICENSE-MIT":"378f5840b258e2779c39418f3f2d7b2ba96f1c7917dd6be0713f88305dbda397","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build/cfgs.rs":"23cffeff7341cad55ed1619bb6b9ddb30aead613d563cc75eff7bb7b435fa21f","build/expando.c":"70183c7062c6bf4808376e9e9ef81ee76eface58616bbeea2abf7cd1bbda50ba","build/find_normal.rs":"36e2826349598ab3bf4d0b873fe3281d006523f54e5f7414bae075d588dcf5a1","build/find_vendored.rs":"2d565046018a6855b6fbffa47dc6a28b027704ba234b1a00c1fe336b88e3745f","build/main.rs":"ed33fc31c2e9387d39c85b68713e6726489f866ee1f57d7a9c21544d1731399b","build/run_bindgen.rs":"232ff3a6552827ef50d8d4353903647eef381cfb716005cb42e9ab372683e911","src/aes.rs":"e744b2d608216fb98d365dced84e044951939b6e1868ab52226bf0eeaac3c0f5","src/asn1.rs":"88ce843ffd803b9c6768869d179ddc38b8c1225b092272fdfddd9bd1bdcb3c44","src/bio.rs":"1f11cfaf6fe1e12c9541f609b5c2fbdf4e2be8db48ee7fe11b48fb08ea96e364","src/bn.rs":"d1b7578c0ec448e3f8ebe68d5048f2761e46715619d81173a5aa89205b9ba8b2","src/cms.rs":"6dbd69d39da588ece53fabdb3a1e2136602eb24ed26106f59c8b852bce0d1a84","src/crypto.rs":"465609c7ad3dfaff9402412b6b3eb555a02921638cb4c4e0c1820b9517efadf7","src/dtls1.rs":"0477022d5bcf2b7a620c70ece4da08a2958be3eca5a57127c89d79525c692ebd","src/ec.rs":"2fa5d9a495bc80bf583064c2a0671e13051da2e11bfd725accf2f32e1dabfb0b","src/err.rs":"5b0ae1dcccb4e44e9d0c35b03e1b203affb441e8a4854a2485ff558a0c048057","src/evp.rs":"4b23453d673e7d347c0e4ec093380a90ce115a17ec4d960cead0fd263ad7876d","src/handwritten/aes.rs":"31d07045f63d7ea88d1d182487f6cbd42a613119bed32f12affef37bcba26879","src/handwritten/asn1.rs":"218fd7b3f14a374f7585ed665a68a240a4e3f2422b809255770bc0412c5c9924","src/handwritten/bio.rs":"63f04c4925a700f7549c8da9811bbdca85ec56d5ee0e9ace018d483288f15a02","src/handwritten/bn.rs":"ee4370b17e313996f63e0d525caab3271cb6c489ac055b54feb73a207a19f7c2","src/handwritten/cmac.rs":"0ec98c75d6f3d5b097a435a651af101f0e6bde003d0913f62009aff1f51c1f0c","src/handwritten/cms.rs":"2aeff50ca7061f8cba7d0cf9d5da7e17e38909aff0295e5b6301aaa7655c5bfd","src/handwritten/conf.rs":"56835aece385e1093665684fa65b7ade778e3f244e1cc9254d75aa6258eef6b2","src/handwritten/crypto.rs":"a4b93d79a1db7afc9213ab9df3d33d50cce05a2ecbc1bd5e71cbc22fdba004b7","src/handwritten/dh.rs":"d062c91151f3687186c642d709957a2dca6440f95200b8b9e4e4a91c8d425008","src/handwritten/dsa.rs":"69da4a548c4bcde09cf1b7ca9d0fb20185fd95d1728638a3efcaf7e4c25fc0e4","src/handwritten/ec.rs":"46ce0880b27ce5d1f7df28ab464cdef144028c9b32477d95d499f1e54ebc44fc","src/handwritten/err.rs":"391a867241db4656411b3da5cc8b30ab23dcc9e928a290f6f215caeeb498403d","src/handwritten/evp.rs":"ea51b3c8a8d46b033ca79a6a3d89c3d990109ee67bc55f3c04604d4b461a6b89","src/handwritten/hmac.rs":"f31cb39769625adb3bcaf5689a0666801ebea4bf5383077b1e76747451a4d07b","src/handwritten/kdf.rs":"bf4ed9a10d8cbeacbdb7a738c76b1a26885e4aa87758879f217a273a5172607a","src/handwritten/mod.rs":"9606d62028ea090872659240fe0e7f422e48dd2847ff054caea01d5256f36b29","src/handwritten/object.rs":"3a91e4b03fa4f84b5211cddd5a02cc908ccf9ea5f4413d8ef2c503884592f368","src/handwritten/ocsp.rs":"27979cc0439dff61f4c21c68e3d585c0221bd025425ff9bc181c8e870d44f1a7","src/handwritten/params.rs":"e0b207cc1797c8ac45686099358a965f20dd8c9015a41d47d167665ccc9931c9","src/handwritten/pem.rs":"1d04f7b600f7422a24e81705d8f9467fdf63a5fa4c61468178da4b71c85ea429","src/handwritten/pkcs12.rs":"65534ca2844850576e08113990be3a3241ac54c486c48ceae77b382a657facc0","src/handwritten/pkcs7.rs":"9614eb04fdaa430f219cb13df116d6874cb8ca7d6a88ff66d0f6f649670221c2","src/handwritten/poly1305.rs":"3c96081a77ea69441d572a4845d2fccb0bb17dc31006bc936f96e8531e6caa4c","src/handwritten/provider.rs":"86d1dbfd1147fcd3bb7ecde52c5b694e7beb599cd5a26754c5af1b179b170f5d","src/handwritten/rand.rs":"fb65a8669ca31664c996aa7d975f02bc01d7b60b192f8e4a3cb31e8aa7e04e25","src/handwritten/rsa.rs":"64c34e9d207bb562514e6b7fa9892777b2fb1df32a49d4672bf4eb33345a6e30","src/handwritten/safestack.rs":"6c39e28565d34efad707d77561d4caa99e3f028fcac3a2ef6fd403a78de1190c","src/handwritten/sha.rs":"7107e2e7e09e9f8b10433b0005a3f4aafead896d7d35949b607dc42b76e24d44","src/handwritten/srtp.rs":"0e9693c840c696cb31774c35c5af55f197de675a6c7e3326a19d7c79958f1e78","src/handwritten/ssl.rs":"1bf896644e103566fce64416c281449a3433962f5dbdcf282a971dcb2fac81d5","src/handwritten/stack.rs":"a139a7291a302d73feea267d756f8245fe0d9ad4453368e9e9f0b48b839e2f55","src/handwritten/tls1.rs":"eccb78cf777389a975ec79d5efa634a44802fc963a6a392888640c1cfb00da11","src/handwritten/types.rs":"f36684907459430e88e8f8d9b4cd37070b4b1ef9e149f5c01744ca8ffa406ecd","src/handwritten/x509.rs":"ac2ba51ec3a81af4ca50884d750aa4be0d9c8af2b351a19ce9668068c613b866","src/handwritten/x509_vfy.rs":"f97861f4ce0a20942eae43b852fe73fd0f3a279035c7884eb5853b9e2d890c82","src/handwritten/x509v3.rs":"5296c824fbe4fe2c176281395a7f83e916219cf70a1c03d5491ec248d807c747","src/lib.rs":"b9ba62ea8fd44f47a38b02f952f02b415450f6491363201f871ce6b590f50345","src/macros.rs":"aca43e8c1d2eb93d10a53c475d2ac5b1c0f82dea8856f6cfc706a992dec56321","src/obj_mac.rs":"15da8a4645390c39e68fa7368b928c39c12863e5f1a08d39a25b186afa85d645","src/ocsp.rs":"63c9ce598f67eb0bb162d4c8d78cb5049c53c4baa41988328b42f7b1bd982ac8","src/pem.rs":"3a0197173331d8b6143d8036a6b121e6b59cac260107d8f42f9b1a1a3426d6fe","src/pkcs7.rs":"f77db0a26e5546d752001701ea43cd55a0c1f7c317425e1f7529ff92590c5076","src/rsa.rs":"8ac9c7a88687ecc8035d56e57c69ba400b3779fd434993c9f53b3e26acd928f0","src/sha.rs":"a5c50aee5fe7a9ba6287129836fce23b9cb35b18de331778d4edbf500b1163b7","src/srtp.rs":"2829d69f64a7c64635340b5e8db48af1d32678b42e7c3b8266c29e26f5b83838","src/ssl.rs":"198663148a119061ba76bef7d90aacade342d0bdb5d953830cc10651f15b78b0","src/ssl3.rs":"9336c816e00847d552dea22587d4ac72ff3cbd469fa5ff750423a19ea11e68eb","src/tls1.rs":"f5a669239bc7981129ef2fdc49f32fed71c57feea4251a35f60f685c6d514ee9","src/types.rs":"e201d386731c7d20ee827acab33d10d0fe8aa65559f3e61efbf465e468fb34eb","src/x509.rs":"3193e9e0de000571468ec7467887ed931fede88de54584f8823a789fdb1edd58","src/x509_vfy.rs":"eb4a8f36623bafc40ccba26ba3eada5c57fd1f4e780bfc0e6210e4d772ce09fc","src/x509v3.rs":"bbaca7754f6a5f587f2213204eeaa10ea1afddc3c837b3cf7a6da915d2413742"},"package":"7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"6c25d93affaa9ed663dd8d9ca0d5313ac555db3deb8f2d1e271ff8e5b126260d","Cargo.toml":"c89c4eaf07ab8093eabc22c851fdfe693303f927cfbd843dafa40a04c2ac8f9a","LICENSE-MIT":"378f5840b258e2779c39418f3f2d7b2ba96f1c7917dd6be0713f88305dbda397","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build/cfgs.rs":"ae09df0ecd3382740a816952b42f641ed65d3ec65fdd711fafb12440cb43820d","build/expando.c":"a140c838f6b5d02ecad8c84a980bef08eb151b84807ebb11272c20c4fc42a6a3","build/find_normal.rs":"f66ce762ec63c28621a0d6d48bd5872b96e71f0bfb6f88576a6e2cba0c229e12","build/find_vendored.rs":"2d565046018a6855b6fbffa47dc6a28b027704ba234b1a00c1fe336b88e3745f","build/main.rs":"112fcb6f18b81f31c23c60e7be5fddc87603c05a595f2e22b6e8f7ed2ea89e5f","build/run_bindgen.rs":"841edeb47be5940921bf98c4f685a0c18dd11b87f12fb4c4862907364cf4076d","src/aes.rs":"e744b2d608216fb98d365dced84e044951939b6e1868ab52226bf0eeaac3c0f5","src/asn1.rs":"88ce843ffd803b9c6768869d179ddc38b8c1225b092272fdfddd9bd1bdcb3c44","src/bio.rs":"1f11cfaf6fe1e12c9541f609b5c2fbdf4e2be8db48ee7fe11b48fb08ea96e364","src/bn.rs":"d1b7578c0ec448e3f8ebe68d5048f2761e46715619d81173a5aa89205b9ba8b2","src/cms.rs":"6dbd69d39da588ece53fabdb3a1e2136602eb24ed26106f59c8b852bce0d1a84","src/crypto.rs":"465609c7ad3dfaff9402412b6b3eb555a02921638cb4c4e0c1820b9517efadf7","src/dtls1.rs":"0477022d5bcf2b7a620c70ece4da08a2958be3eca5a57127c89d79525c692ebd","src/ec.rs":"2fa5d9a495bc80bf583064c2a0671e13051da2e11bfd725accf2f32e1dabfb0b","src/err.rs":"5b0ae1dcccb4e44e9d0c35b03e1b203affb441e8a4854a2485ff558a0c048057","src/evp.rs":"3800f7ee5523e5a0ca6b399106dc7ccccb54fd4c579f6977d9e9f9d5d96ff61f","src/handwritten/aes.rs":"31d07045f63d7ea88d1d182487f6cbd42a613119bed32f12affef37bcba26879","src/handwritten/asn1.rs":"218fd7b3f14a374f7585ed665a68a240a4e3f2422b809255770bc0412c5c9924","src/handwritten/bio.rs":"63f04c4925a700f7549c8da9811bbdca85ec56d5ee0e9ace018d483288f15a02","src/handwritten/bn.rs":"ee4370b17e313996f63e0d525caab3271cb6c489ac055b54feb73a207a19f7c2","src/handwritten/cmac.rs":"0ec98c75d6f3d5b097a435a651af101f0e6bde003d0913f62009aff1f51c1f0c","src/handwritten/cms.rs":"2aeff50ca7061f8cba7d0cf9d5da7e17e38909aff0295e5b6301aaa7655c5bfd","src/handwritten/conf.rs":"6c7f8077206c0afcb3d61d8fbfa6203ff0f7099bcd25c6f52773e3403047a285","src/handwritten/crypto.rs":"a4b93d79a1db7afc9213ab9df3d33d50cce05a2ecbc1bd5e71cbc22fdba004b7","src/handwritten/dh.rs":"d062c91151f3687186c642d709957a2dca6440f95200b8b9e4e4a91c8d425008","src/handwritten/dsa.rs":"69da4a548c4bcde09cf1b7ca9d0fb20185fd95d1728638a3efcaf7e4c25fc0e4","src/handwritten/ec.rs":"cecee2124e2ba9172174361375ad258dce6558c3b660f35734c629a8a7d4f6e5","src/handwritten/err.rs":"391a867241db4656411b3da5cc8b30ab23dcc9e928a290f6f215caeeb498403d","src/handwritten/evp.rs":"17945bf513ede6c79cbb8a411a8163fae2d6e485183dd1836c9f54726c7eb7f7","src/handwritten/hmac.rs":"f31cb39769625adb3bcaf5689a0666801ebea4bf5383077b1e76747451a4d07b","src/handwritten/kdf.rs":"5834da41c95ade70671e26edeed5818029da240293bae8a3aa5e64038bfe02ce","src/handwritten/mod.rs":"e09194245e37ce007a6f7e40e3e730a4cf669e7f12d0367be6bfe0750f238eea","src/handwritten/object.rs":"3a91e4b03fa4f84b5211cddd5a02cc908ccf9ea5f4413d8ef2c503884592f368","src/handwritten/ocsp.rs":"27979cc0439dff61f4c21c68e3d585c0221bd025425ff9bc181c8e870d44f1a7","src/handwritten/params.rs":"dbaf7d40e96da7780ca651a201088c1ba1b4dba237890e86623c215b2ffe21b4","src/handwritten/pem.rs":"1d04f7b600f7422a24e81705d8f9467fdf63a5fa4c61468178da4b71c85ea429","src/handwritten/pkcs12.rs":"65534ca2844850576e08113990be3a3241ac54c486c48ceae77b382a657facc0","src/handwritten/pkcs7.rs":"9614eb04fdaa430f219cb13df116d6874cb8ca7d6a88ff66d0f6f649670221c2","src/handwritten/poly1305.rs":"3c96081a77ea69441d572a4845d2fccb0bb17dc31006bc936f96e8531e6caa4c","src/handwritten/provider.rs":"86d1dbfd1147fcd3bb7ecde52c5b694e7beb599cd5a26754c5af1b179b170f5d","src/handwritten/rand.rs":"fb65a8669ca31664c996aa7d975f02bc01d7b60b192f8e4a3cb31e8aa7e04e25","src/handwritten/rsa.rs":"64c34e9d207bb562514e6b7fa9892777b2fb1df32a49d4672bf4eb33345a6e30","src/handwritten/safestack.rs":"6c39e28565d34efad707d77561d4caa99e3f028fcac3a2ef6fd403a78de1190c","src/handwritten/sha.rs":"7107e2e7e09e9f8b10433b0005a3f4aafead896d7d35949b607dc42b76e24d44","src/handwritten/srtp.rs":"0e9693c840c696cb31774c35c5af55f197de675a6c7e3326a19d7c79958f1e78","src/handwritten/ssl.rs":"c5a3abffb6dd7ad7628c3979ddf3b2b742857c120bb15df2eb2657059c419350","src/handwritten/stack.rs":"a139a7291a302d73feea267d756f8245fe0d9ad4453368e9e9f0b48b839e2f55","src/handwritten/thread.rs":"2e626eb74feee9f77ce699b1360160163ff9d7a1dc9c0385eb3f51d2b9d9b062","src/handwritten/tls1.rs":"eccb78cf777389a975ec79d5efa634a44802fc963a6a392888640c1cfb00da11","src/handwritten/types.rs":"1e62caed330c38199b22c64a677733a172546539d12e10dd9f111002342588e2","src/handwritten/x509.rs":"ac2ba51ec3a81af4ca50884d750aa4be0d9c8af2b351a19ce9668068c613b866","src/handwritten/x509_vfy.rs":"553eb0d9a5bf60d63941c17582edd44ba97b5e91c8cf2ed4bff9e4ad7ed9d8dd","src/handwritten/x509v3.rs":"5296c824fbe4fe2c176281395a7f83e916219cf70a1c03d5491ec248d807c747","src/lib.rs":"c96e8aa4c4926ddd86b474fa07f5af3b2c480bb7b2f99e61259c15814a35092f","src/macros.rs":"aca43e8c1d2eb93d10a53c475d2ac5b1c0f82dea8856f6cfc706a992dec56321","src/obj_mac.rs":"a858271fdb39ed63f4a3ed7d0d3abe760d32145da9d952669acb756508397036","src/ocsp.rs":"63c9ce598f67eb0bb162d4c8d78cb5049c53c4baa41988328b42f7b1bd982ac8","src/pem.rs":"3a0197173331d8b6143d8036a6b121e6b59cac260107d8f42f9b1a1a3426d6fe","src/pkcs7.rs":"f77db0a26e5546d752001701ea43cd55a0c1f7c317425e1f7529ff92590c5076","src/rsa.rs":"8ac9c7a88687ecc8035d56e57c69ba400b3779fd434993c9f53b3e26acd928f0","src/sha.rs":"a5c50aee5fe7a9ba6287129836fce23b9cb35b18de331778d4edbf500b1163b7","src/srtp.rs":"2829d69f64a7c64635340b5e8db48af1d32678b42e7c3b8266c29e26f5b83838","src/ssl.rs":"198663148a119061ba76bef7d90aacade342d0bdb5d953830cc10651f15b78b0","src/ssl3.rs":"9336c816e00847d552dea22587d4ac72ff3cbd469fa5ff750423a19ea11e68eb","src/tls1.rs":"f5a669239bc7981129ef2fdc49f32fed71c57feea4251a35f60f685c6d514ee9","src/types.rs":"e201d386731c7d20ee827acab33d10d0fe8aa65559f3e61efbf465e468fb34eb","src/x509.rs":"3193e9e0de000571468ec7467887ed931fede88de54584f8823a789fdb1edd58","src/x509_vfy.rs":"eb4a8f36623bafc40ccba26ba3eada5c57fd1f4e780bfc0e6210e4d772ce09fc","src/x509v3.rs":"bbaca7754f6a5f587f2213204eeaa10ea1afddc3c837b3cf7a6da915d2413742"},"package":"90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571"}
\ No newline at end of file
diff --git a/vendor/openssl-sys/CHANGELOG.md b/vendor/openssl-sys/CHANGELOG.md
index 37f35e0a..f153892a 100644
--- a/vendor/openssl-sys/CHANGELOG.md
+++ b/vendor/openssl-sys/CHANGELOG.md
@@ -2,6 +2,54 @@
## [Unreleased]
+## [v0.9.109] - 2025-05-28
+
+### Fixed
+
+* Fixed building with `vcpkg`, a statically linked OpenSSL, and rust 1.87.0.
+* Fixed building on the latest BoringSSL.
+
+## [v0.9.108] - 2025-04-30
+
+### Added
+
+* Added support for LibreSSL 4.1.x.
+
+## [v0.9.107] - 2025-04-04
+
+### Added
+
+* Support for building with AWS-LC.
+
+## [v0.9.106] - 2025-02-15
+
+### Added
+
+* Support building with `OPENSSL_NO_RC2`.
+* Exposed `EVP_rc2_cbc` and `EVP_rc2_40_cbc`.
+
+## [v0.9.105] - 2025-02-02
+
+### Added
+
+* Added `DTLS_server_method` and `DTLS_client_method`.
+
+## [v0.9.104] - 2024-10-15
+
+### Added
+
+* Added support for LibreSSL 4.0.x.
+* Added `EVP_KDF_*` and `EVP_KDF_CTX_*` bindings.
+* Added `EVP_DigestSqueeze`.
+* Added `OSSL_PARAM_construct_octet_string`.
+* Added `OSSL_set_max_threads` and `OSSL_get_max_threads`.
+
+### Changed
+
+* `openssl-sys` is now a 2021 edition crate
+* Explicitly specify the MSRV in `Cargo.toml`
+* Raised the `bindgen` (optional) dependency from 0.65 to 0.69
+
## [v0.9.103] - 2024-07-20
### Added
@@ -607,7 +655,13 @@ Fixed builds against OpenSSL built with `no-cast`.
* Added `X509_verify` and `X509_REQ_verify`.
* Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.109..master
+[v0.9.109]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.108...openssl-sys-v0.9.109
+[v0.9.108]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.107...openssl-sys-v0.9.108
+[v0.9.107]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106...openssl-sys-v0.9.107
+[v0.9.106]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.105...openssl-sys-v0.9.106
+[v0.9.105]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.104...openssl-sys-v0.9.105
+[v0.9.104]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104
[v0.9.103]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.102...openssl-sys-v0.9.103
[v0.9.102]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.101...openssl-sys-v0.9.102
[v0.9.101]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.100...openssl-sys-v0.9.101
diff --git a/vendor/openssl-sys/Cargo.toml b/vendor/openssl-sys/Cargo.toml
index d89970f7..04b7830a 100644
--- a/vendor/openssl-sys/Cargo.toml
+++ b/vendor/openssl-sys/Cargo.toml
@@ -10,15 +10,21 @@
# See Cargo.toml.orig for the original contents.
[package]
-edition = "2018"
+edition = "2021"
+rust-version = "1.63.0"
name = "openssl-sys"
-version = "0.9.103"
+version = "0.9.109"
authors = [
"Alex Crichton <alex@alexcrichton.com>",
"Steven Fackler <sfackler@gmail.com>",
]
build = "build/main.rs"
links = "openssl"
+autolib = false
+autobins = false
+autoexamples = false
+autotests = false
+autobenches = false
description = "FFI bindings to OpenSSL"
readme = "README.md"
categories = [
@@ -31,6 +37,20 @@ repository = "https://github.com/sfackler/rust-openssl"
[package.metadata.pkg-config]
openssl = "1.0.1"
+[features]
+aws-lc = ["dep:aws-lc-sys"]
+unstable_boringssl = ["bssl-sys"]
+vendored = ["openssl-src"]
+
+[lib]
+name = "openssl_sys"
+path = "src/lib.rs"
+
+[dependencies.aws-lc-sys]
+version = "0.27"
+features = ["ssl"]
+optional = true
+
[dependencies.bssl-sys]
version = "0.1.0"
optional = true
@@ -39,7 +59,7 @@ optional = true
version = "0.2"
[build-dependencies.bindgen]
-version = "0.65.0"
+version = "0.69.0"
features = ["experimental"]
optional = true
@@ -56,7 +76,3 @@ version = "0.3.9"
[build-dependencies.vcpkg]
version = "0.2.8"
-
-[features]
-unstable_boringssl = ["bssl-sys"]
-vendored = ["openssl-src"]
diff --git a/vendor/openssl-sys/build/cfgs.rs b/vendor/openssl-sys/build/cfgs.rs
index bbd3be59..ca997074 100644
--- a/vendor/openssl-sys/build/cfgs.rs
+++ b/vendor/openssl-sys/build/cfgs.rs
@@ -68,9 +68,15 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
if libressl_version >= 0x4_00_00_00_0 {
cfgs.push("libressl400");
}
+ if libressl_version >= 0x4_01_00_00_0 {
+ cfgs.push("libressl410");
+ }
} else {
let openssl_version = openssl_version.unwrap();
+ if openssl_version >= 0x3_04_00_00_0 {
+ cfgs.push("ossl340");
+ }
if openssl_version >= 0x3_03_00_00_0 {
cfgs.push("ossl330");
}
diff --git a/vendor/openssl-sys/build/expando.c b/vendor/openssl-sys/build/expando.c
index e171621d..cebed1b7 100644
--- a/vendor/openssl-sys/build/expando.c
+++ b/vendor/openssl-sys/build/expando.c
@@ -19,6 +19,10 @@ VERSION(OPENSSL, OPENSSL_VERSION_NUMBER)
RUST_OPENSSL_IS_BORINGSSL
#endif
+#ifdef OPENSSL_IS_AWSLC
+RUST_OPENSSL_IS_AWSLC
+#endif
+
#ifdef OPENSSL_NO_BF
RUST_CONF_OPENSSL_NO_BF
#endif
@@ -87,6 +91,10 @@ RUST_CONF_OPENSSL_NO_PSK
RUST_CONF_OPENSSL_NO_RC4
#endif
+#ifdef OPENSSL_NO_RC2
+RUST_CONF_OPENSSL_NO_RC2
+#endif
+
#ifdef OPENSSL_NO_RFC3779
RUST_CONF_OPENSSL_NO_RFC3779
#endif
@@ -138,3 +146,9 @@ RUST_CONF_OPENSSL_NO_SEED
#ifdef OPENSSL_NO_SCRYPT
RUST_CONF_OPENSSL_NO_SCRYPT
#endif
+
+#define SYMBOL_PREFIX2(X) RUST_BINDGEN_SYMBOL_PREFIX_##X##_
+#define SYMBOL_PREFIX(X) SYMBOL_PREFIX2(X)
+#if defined(OPENSSL_IS_AWSLC) && defined(BORINGSSL_PREFIX)
+SYMBOL_PREFIX(BORINGSSL_PREFIX)
+#endif
diff --git a/vendor/openssl-sys/build/find_normal.rs b/vendor/openssl-sys/build/find_normal.rs
index 1e910a0e..6ab95259 100644
--- a/vendor/openssl-sys/build/find_normal.rs
+++ b/vendor/openssl-sys/build/find_normal.rs
@@ -102,13 +102,21 @@ fn find_openssl_dir(target: &str) -> OsString {
return OsString::from("/usr/local");
}
+ let msg_header =
+ "Could not find directory of OpenSSL installation, and this `-sys` crate cannot
+proceed without this knowledge. If OpenSSL is installed and this crate had
+trouble finding it, you can set the `OPENSSL_DIR` environment variable for the
+compilation process.";
+
+ println!(
+ "cargo:warning={} See stderr section below for further information.",
+ msg_header.replace('\n', " ")
+ );
+
let mut msg = format!(
"
-Could not find directory of OpenSSL installation, and this `-sys` crate cannot
-proceed without this knowledge. If OpenSSL is installed and this crate had
-trouble finding it, you can set the `OPENSSL_DIR` environment variable for the
-compilation process.
+{}
Make sure you also have the development packages of openssl installed.
For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
@@ -122,6 +130,7 @@ $TARGET = {}
openssl-sys = {}
",
+ msg_header,
host,
target,
env!("CARGO_PKG_VERSION")
@@ -187,7 +196,8 @@ https://github.com/sfackler/rust-openssl#windows
);
}
- panic!("{}", msg);
+ eprintln!("{}", msg);
+ std::process::exit(101); // same as panic previously
}
/// Attempt to find OpenSSL through pkg-config.
@@ -212,7 +222,7 @@ fn try_pkg_config() {
{
Ok(lib) => lib,
Err(e) => {
- println!("run pkg_config fail: {:?}", e);
+ println!("\n\nCould not find openssl via pkg-config:\n{}\n", e);
return;
}
};
@@ -255,6 +265,7 @@ fn try_vcpkg() {
println!("cargo:rustc-link-lib=user32");
println!("cargo:rustc-link-lib=gdi32");
println!("cargo:rustc-link-lib=crypt32");
+ println!("cargo:rustc-link-lib=advapi32");
process::exit(0);
}
diff --git a/vendor/openssl-sys/build/main.rs b/vendor/openssl-sys/build/main.rs
index 98d6926f..4007a265 100644
--- a/vendor/openssl-sys/build/main.rs
+++ b/vendor/openssl-sys/build/main.rs
@@ -24,6 +24,7 @@ enum Version {
Openssl10x,
Libressl,
Boringssl,
+ AwsLc,
}
fn env_inner(name: &str) -> Option<OsString> {
@@ -71,14 +72,60 @@ fn check_ssl_kind() {
// BoringSSL does not have any build logic, exit early
std::process::exit(0);
}
+
+ let is_aws_lc = cfg!(feature = "aws-lc");
+
+ if is_aws_lc {
+ println!("cargo:rustc-cfg=awslc");
+ println!("cargo:awslc=true");
+
+ // The aws-lc-sys crate uses a link name that embeds
+ // the version number of crate. Examples (crate-name => links name):
+ // * aws-lc-sys => aws_lc_0_26_0
+ // This is done to avoid issues if the cargo dependency graph for an application
+ // were to resolve to multiple versions for the same crate.
+ //
+ // Due to this we need to determine what version of the AWS-LC has been selected (fips or non-fips)
+ // and then need to parse out the pieces we are interested in ignoring the version componenet of the name.
+ const AWS_LC_ENV_VAR_PREFIX: &str = "DEP_AWS_LC_";
+
+ let mut version = None;
+ for (name, _) in std::env::vars() {
+ if let Some(name) = name.strip_prefix(AWS_LC_ENV_VAR_PREFIX) {
+ if let Some(name) = name.strip_suffix("_INCLUDE") {
+ version = Some(name.to_owned());
+ break;
+ }
+ }
+ }
+ let version = version.expect("aws-lc version detected");
+
+ // Read the OpenSSL configuration statements and emit rust-cfg for each.
+ if let Ok(vars) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_CONF")) {
+ for var in vars.split(',') {
+ println!("cargo:rustc-cfg=osslconf=\"{var}\"");
+ }
+ println!("cargo:conf={vars}");
+ }
+
+ // Emit the include header directory from the aws-lc(-fips)-sys crate so that it can be used if needed
+ // by crates consuming openssl-sys.
+ if let Ok(val) = std::env::var(format!("{AWS_LC_ENV_VAR_PREFIX}{version}_INCLUDE")) {
+ println!("cargo:include={val}");
+ }
+
+ // AWS-LC does not have any build logic, exit early
+ std::process::exit(0);
+ }
}
fn main() {
- println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\"))");
+ println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_SSL3_METHOD\", \"OPENSSL_NO_KRB5\", \"OPENSSL_NO_TLSEXT\", \"OPENSSL_NO_SRP\", \"OPENSSL_NO_RFC3779\", \"OPENSSL_NO_SHA\", \"OPENSSL_NO_NEXTPROTONEG\", \"OPENSSL_NO_ENGINE\", \"OPENSSL_NO_BUF_FREELISTS\", \"OPENSSL_NO_RC2\"))");
println!("cargo:rustc-check-cfg=cfg(openssl)");
println!("cargo:rustc-check-cfg=cfg(libressl)");
println!("cargo:rustc-check-cfg=cfg(boringssl)");
+ println!("cargo:rustc-check-cfg=cfg(awslc)");
println!("cargo:rustc-check-cfg=cfg(libressl250)");
println!("cargo:rustc-check-cfg=cfg(libressl251)");
@@ -103,6 +150,7 @@ fn main() {
println!("cargo:rustc-check-cfg=cfg(libressl382)");
println!("cargo:rustc-check-cfg=cfg(libressl390)");
println!("cargo:rustc-check-cfg=cfg(libressl400)");
+ println!("cargo:rustc-check-cfg=cfg(libressl410)");
println!("cargo:rustc-check-cfg=cfg(ossl101)");
println!("cargo:rustc-check-cfg=cfg(ossl102)");
@@ -120,6 +168,7 @@ fn main() {
println!("cargo:rustc-check-cfg=cfg(ossl310)");
println!("cargo:rustc-check-cfg=cfg(ossl320)");
println!("cargo:rustc-check-cfg=cfg(ossl330)");
+ println!("cargo:rustc-check-cfg=cfg(ossl340)");
check_ssl_kind();
@@ -199,7 +248,10 @@ fn main() {
// try to match the behavior for common platforms. For a more robust option,
// this likely needs to be deferred to the caller with an environment
// variable.
- if version == Version::Boringssl && kind == "static" && env::var("CARGO_CFG_UNIX").is_ok() {
+ if (version == Version::Boringssl || version == Version::AwsLc)
+ && kind == "static"
+ && env::var("CARGO_CFG_UNIX").is_ok()
+ {
let cpp_lib = match env::var("CARGO_CFG_TARGET_OS").unwrap().as_ref() {
"macos" => "c++",
_ => "stdc++",
@@ -229,8 +281,8 @@ fn main() {
fn postprocess(include_dirs: &[PathBuf]) -> Version {
let version = validate_headers(include_dirs);
- // Never run bindgen for BoringSSL, if it was needed we already ran it.
- if version != Version::Boringssl {
+ // Never run bindgen for BoringSSL or AWS-LC, if it was needed we already ran it.
+ if !(version == Version::Boringssl || version == Version::AwsLc) {
#[cfg(feature = "bindgen")]
run_bindgen::run(&include_dirs);
}
@@ -294,14 +346,18 @@ See rust-openssl documentation for more information:
let mut openssl_version = None;
let mut libressl_version = None;
let mut is_boringssl = false;
+ let mut is_awslc = false;
+ let mut bindgen_symbol_prefix: Option<String> = None;
for line in expanded.lines() {
let line = line.trim();
let openssl_prefix = "RUST_VERSION_OPENSSL_";
let new_openssl_prefix = "RUST_VERSION_NEW_OPENSSL_";
let libressl_prefix = "RUST_VERSION_LIBRESSL_";
- let boringsl_prefix = "RUST_OPENSSL_IS_BORINGSSL";
+ let boringssl_prefix = "RUST_OPENSSL_IS_BORINGSSL";
+ let awslc_prefix = "RUST_OPENSSL_IS_AWSLC";
let conf_prefix = "RUST_CONF_";
+ let symbol_prefix = "RUST_BINDGEN_SYMBOL_PREFIX_";
if let Some(version) = line.strip_prefix(openssl_prefix) {
openssl_version = Some(parse_version(version));
} else if let Some(version) = line.strip_prefix(new_openssl_prefix) {
@@ -310,8 +366,13 @@ See rust-openssl documentation for more information:
libressl_version = Some(parse_version(version));
} else if let Some(conf) = line.strip_prefix(conf_prefix) {
enabled.push(conf);
- } else if line.starts_with(boringsl_prefix) {
+ } else if line.starts_with(boringssl_prefix) {
is_boringssl = true;
+ } else if line.starts_with(awslc_prefix) {
+ is_awslc = true;
+ } else if line.starts_with(symbol_prefix) {
+ let sym_prefix = String::from(line.strip_prefix(symbol_prefix).unwrap());
+ bindgen_symbol_prefix = Some(sym_prefix);
}
}
@@ -327,6 +388,13 @@ See rust-openssl documentation for more information:
return Version::Boringssl;
}
+ if is_awslc {
+ println!("cargo:rustc-cfg=awslc");
+ println!("cargo:awslc=true");
+ run_bindgen::run_awslc(include_dirs, bindgen_symbol_prefix);
+ return Version::AwsLc;
+ }
+
// We set this for any non-BoringSSL lib.
println!("cargo:rustc-cfg=openssl");
@@ -379,6 +447,10 @@ See rust-openssl documentation for more information:
(3, 8, _) => ('3', '8', 'x'),
(3, 9, 0) => ('3', '9', '0'),
(3, 9, _) => ('3', '9', 'x'),
+ (4, 0, 0) => ('4', '0', '0'),
+ (4, 0, _) => ('4', '0', 'x'),
+ (4, 1, 0) => ('4', '1', '0'),
+ (4, 1, _) => ('4', '1', 'x'),
_ => version_error(),
};
@@ -421,7 +493,7 @@ fn version_error() -> ! {
"
This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5
-through 3.9.x, but a different version of OpenSSL was found. The build is now aborting
+through 4.1.x, but a different version of OpenSSL was found. The build is now aborting
due to this version mismatch.
"
diff --git a/vendor/openssl-sys/build/run_bindgen.rs b/vendor/openssl-sys/build/run_bindgen.rs
index ffaecdc8..cc0efd8b 100644
--- a/vendor/openssl-sys/build/run_bindgen.rs
+++ b/vendor/openssl-sys/build/run_bindgen.rs
@@ -36,15 +36,20 @@ const INCLUDES: &str = "
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
+#if !defined(OPENSSL_IS_AWSLC)
// this must be included after ssl.h for libressl!
#include <openssl/srtp.h>
+#endif
-#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
+#if !(defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))
#include <openssl/cms.h>
#endif
-#if !defined(OPENSSL_IS_BORINGSSL)
+#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))
#include <openssl/comp.h>
+#endif
+
+#if !defined(OPENSSL_IS_BORINGSSL)
#include <openssl/ocsp.h>
#endif
@@ -60,9 +65,13 @@ const INCLUDES: &str = "
#include <openssl/quic.h>
#endif
-#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
+#if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
#include <openssl/poly1305.h>
#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30200000
+#include <openssl/thread.h>
+#endif
";
#[cfg(feature = "bindgen")]
@@ -212,6 +221,128 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
.compile("boring_static_wrapper");
}
+#[cfg(feature = "bindgen")]
+mod bindgen_options {
+ use bindgen::callbacks::{ItemInfo, ParseCallbacks};
+
+ #[derive(Debug)]
+ pub struct StripPrefixCallback {
+ remove_prefix: Option<String>,
+ }
+
+ impl StripPrefixCallback {
+ pub fn new(prefix: &str) -> StripPrefixCallback {
+ StripPrefixCallback {
+ remove_prefix: Some(prefix.to_string()),
+ }
+ }
+ }
+
+ impl ParseCallbacks for StripPrefixCallback {
+ fn generated_name_override(&self, item_info: ItemInfo<'_>) -> Option<String> {
+ self.remove_prefix
+ .as_ref()
+ .and_then(|s| item_info.name.strip_prefix(s.as_str()).map(String::from))
+ }
+ }
+}
+
+#[cfg(feature = "bindgen")]
+pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option<String>) {
+ let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+ fs::File::create(out_dir.join("awslc_static_wrapper.h"))
+ .expect("Failed to create awslc_static_wrapper.h")
+ .write_all(INCLUDES.as_bytes())
+ .expect("Failed to write contents to awslc_static_wrapper.h");
+
+ let mut builder = bindgen::builder()
+ .rust_target(RustTarget::Stable_1_47)
+ .ctypes_prefix("::libc")
+ .raw_line("use libc::*;")
+ .derive_default(false)
+ .enable_function_attribute_detection()
+ .default_macro_constant_type(MacroTypeVariation::Signed)
+ .rustified_enum("point_conversion_form_t")
+ .allowlist_file(r".*(/|\\)openssl((/|\\)[^/\\]+)+\.h")
+ .wrap_static_fns(true)
+ .wrap_static_fns_path(out_dir.join("awslc_static_wrapper").display().to_string())
+ .layout_tests(false)
+ .header(out_dir.join("awslc_static_wrapper.h").display().to_string());
+
+ if let Some(prefix) = symbol_prefix {
+ use bindgen_options::StripPrefixCallback;
+ let callback = StripPrefixCallback::new(prefix.as_str());
+ builder = builder.parse_callbacks(Box::from(callback));
+ }
+
+ for include_dir in include_dirs {
+ builder = builder
+ .clang_arg("-I")
+ .clang_arg(include_dir.display().to_string());
+ }
+
+ builder
+ .generate()
+ .unwrap()
+ .write_to_file(out_dir.join("bindgen.rs"))
+ .unwrap();
+
+ cc::Build::new()
+ .file(out_dir.join("awslc_static_wrapper.c"))
+ .includes(include_dirs)
+ .compile("awslc_static_wrapper");
+}
+
+#[cfg(not(feature = "bindgen"))]
+pub fn run_awslc(include_dirs: &[PathBuf], symbol_prefix: Option<String>) {
+ if symbol_prefix.is_some() {
+ panic!("aws-lc installation has prefixed symbols, but bindgen-cli does not support removing prefixes. \
+ Enable the bindgen crate feature to support this installation.")
+ }
+
+ let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+ fs::File::create(out_dir.join("awslc_static_wrapper.h"))
+ .expect("Failed to create awslc_static_wrapper.h")
+ .write_all(INCLUDES.as_bytes())
+ .expect("Failed to write contents to awslc_static_wrapper.h");
+
+ let mut bindgen_cmd = process::Command::new("bindgen");
+ bindgen_cmd
+ .arg("-o")
+ .arg(out_dir.join("bindgen.rs"))
+ // Must be a valid version from
+ // https://docs.rs/bindgen/latest/bindgen/enum.RustTarget.html
+ .arg("--rust-target=1.47")
+ .arg("--ctypes-prefix=::libc")
+ .arg("--raw-line=use libc::*;")
+ .arg("--no-derive-default")
+ .arg("--enable-function-attribute-detection")
+ .arg("--default-macro-constant-type=signed")
+ .arg("--rustified-enum=point_conversion_form_t")
+ .arg(r"--allowlist-file=.*(/|\\)openssl((/|\\)[^/\\]+)+\.h")
+ .arg("--experimental")
+ .arg("--wrap-static-fns")
+ .arg("--wrap-static-fns-path")
+ .arg(out_dir.join("awslc_static_wrapper").display().to_string())
+ .arg(out_dir.join("awslc_static_wrapper.h"))
+ .arg("--")
+ .arg(format!("--target={}", env::var("TARGET").unwrap()));
+
+ for include_dir in include_dirs {
+ bindgen_cmd.arg("-I").arg(include_dir.display().to_string());
+ }
+
+ let result = bindgen_cmd.status().expect("bindgen failed to execute");
+ assert!(result.success());
+
+ cc::Build::new()
+ .file(out_dir.join("awslc_static_wrapper.c"))
+ .includes(include_dirs)
+ .compile("awslc_static_wrapper");
+}
+
#[cfg(feature = "bindgen")]
#[derive(Debug)]
struct OpensslCallbacks;
diff --git a/vendor/openssl-sys/src/evp.rs b/vendor/openssl-sys/src/evp.rs
index a3a8a84f..5fad4b97 100644
--- a/vendor/openssl-sys/src/evp.rs
+++ b/vendor/openssl-sys/src/evp.rs
@@ -7,7 +7,7 @@ pub const PKCS5_SALT_LEN: c_int = 8;
pub const PKCS12_DEFAULT_ITER: c_int = 2048;
pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption;
-#[cfg(any(ossl111, libressl310, boringssl))]
+#[cfg(any(ossl111, libressl310, boringssl, awslc))]
pub const EVP_PKEY_RSA_PSS: c_int = NID_rsassaPss;
pub const EVP_PKEY_DSA: c_int = NID_dsa;
pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement;
@@ -184,12 +184,28 @@ cfg_if! {
pub const EVP_PKEY_OP_DERIVE: c_int = 1 << 10;
}
}
+#[cfg(ossl340)]
+pub const EVP_PKEY_OP_SIGNMSG: c_int = 1 << 14;
+#[cfg(ossl340)]
+pub const EVP_PKEY_OP_VERIFYMSG: c_int = 1 << 15;
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
- | EVP_PKEY_OP_VERIFY
- | EVP_PKEY_OP_VERIFYRECOVER
- | EVP_PKEY_OP_SIGNCTX
- | EVP_PKEY_OP_VERIFYCTX;
+cfg_if! {
+ if #[cfg(ossl340)] {
+ pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+ | EVP_PKEY_OP_SIGNMSG
+ | EVP_PKEY_OP_VERIFY
+ | EVP_PKEY_OP_VERIFYMSG
+ | EVP_PKEY_OP_VERIFYRECOVER
+ | EVP_PKEY_OP_SIGNCTX
+ | EVP_PKEY_OP_VERIFYCTX;
+ } else {
+ pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+ | EVP_PKEY_OP_VERIFY
+ | EVP_PKEY_OP_VERIFYRECOVER
+ | EVP_PKEY_OP_SIGNCTX
+ | EVP_PKEY_OP_VERIFYCTX;
+ }
+}
pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
@@ -297,7 +313,7 @@ pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info(
)
}
-#[cfg(all(not(ossl300), not(boringssl)))]
+#[cfg(not(any(ossl300, boringssl, awslc)))]
pub unsafe fn EVP_PKEY_CTX_set_signature_md(cxt: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int {
EVP_PKEY_CTX_ctrl(
cxt,
diff --git a/vendor/openssl-sys/src/handwritten/conf.rs b/vendor/openssl-sys/src/handwritten/conf.rs
index 2348d7d4..fa05c555 100644
--- a/vendor/openssl-sys/src/handwritten/conf.rs
+++ b/vendor/openssl-sys/src/handwritten/conf.rs
@@ -1,7 +1,13 @@
use super::super::*;
+const_ptr_api! {
+ extern "C" {
+ pub fn NCONF_new(meth: #[const_ptr_if(libressl400)] CONF_METHOD) -> *mut CONF;
+ }
+}
+
extern "C" {
- pub fn NCONF_new(meth: *mut CONF_METHOD) -> *mut CONF;
+ #[cfg(not(libressl400))]
pub fn NCONF_default() -> *mut CONF_METHOD;
pub fn NCONF_free(conf: *mut CONF);
}
diff --git a/vendor/openssl-sys/src/handwritten/ec.rs b/vendor/openssl-sys/src/handwritten/ec.rs
index f199bc89..84925100 100644
--- a/vendor/openssl-sys/src/handwritten/ec.rs
+++ b/vendor/openssl-sys/src/handwritten/ec.rs
@@ -9,6 +9,7 @@ pub enum point_conversion_form_t {
POINT_CONVERSION_HYBRID = 6,
}
+#[cfg(not(libressl410))]
pub enum EC_METHOD {}
pub enum EC_GROUP {}
pub enum EC_POINT {}
@@ -17,6 +18,7 @@ extern "C" {
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn EC_GF2m_simple_method() -> *const EC_METHOD;
+ #[cfg(not(libressl410))]
pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP;
pub fn EC_GROUP_free(group: *mut EC_GROUP);
@@ -101,7 +103,7 @@ extern "C" {
pub fn EC_POINT_dup(p: *const EC_POINT, group: *const EC_GROUP) -> *mut EC_POINT;
- #[cfg(any(ossl111, boringssl, libressl350))]
+ #[cfg(any(ossl111, boringssl, libressl350, awslc))]
pub fn EC_POINT_get_affine_coordinates(
group: *const EC_GROUP,
p: *const EC_POINT,
diff --git a/vendor/openssl-sys/src/handwritten/evp.rs b/vendor/openssl-sys/src/handwritten/evp.rs
index 9e277453..a1be1da6 100644
--- a/vendor/openssl-sys/src/handwritten/evp.rs
+++ b/vendor/openssl-sys/src/handwritten/evp.rs
@@ -93,6 +93,8 @@ extern "C" {
pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int;
#[cfg(ossl111)]
pub fn EVP_DigestFinalXOF(ctx: *mut EVP_MD_CTX, res: *mut u8, len: usize) -> c_int;
+ #[cfg(ossl330)]
+ pub fn EVP_DigestSqueeze(ctx: *mut EVP_MD_CTX, res: *mut u8, len: usize) -> c_int;
#[cfg(ossl300)]
pub fn EVP_MD_fetch(
@@ -438,6 +440,11 @@ extern "C" {
#[cfg(not(osslconf = "OPENSSL_NO_IDEA"))]
pub fn EVP_idea_ofb() -> *const EVP_CIPHER;
+ #[cfg(not(osslconf = "OPENSSL_NO_RC2"))]
+ pub fn EVP_rc2_cbc() -> *const EVP_CIPHER;
+ #[cfg(not(osslconf = "OPENSSL_NO_RC2"))]
+ pub fn EVP_rc2_40_cbc() -> *const EVP_CIPHER;
+
#[cfg(not(ossl110))]
pub fn OPENSSL_add_all_algorithms_noconf();
diff --git a/vendor/openssl-sys/src/handwritten/kdf.rs b/vendor/openssl-sys/src/handwritten/kdf.rs
index 0f14b63a..d34f2745 100644
--- a/vendor/openssl-sys/src/handwritten/kdf.rs
+++ b/vendor/openssl-sys/src/handwritten/kdf.rs
@@ -21,6 +21,14 @@ cfg_if! {
info: *const u8,
infolen: c_int,
) -> c_int;
+ pub fn EVP_KDF_CTX_new(kdf: *mut EVP_KDF) -> *mut EVP_KDF_CTX;
+ pub fn EVP_KDF_CTX_free(ctx: *mut EVP_KDF_CTX);
+ pub fn EVP_KDF_CTX_reset(ctx: *mut EVP_KDF_CTX);
+ pub fn EVP_KDF_CTX_get_kdf_size(ctx: *mut EVP_KDF_CTX) -> size_t;
+ pub fn EVP_KDF_derive(ctx: *mut EVP_KDF_CTX, key: *mut u8, keylen: size_t, params: *const OSSL_PARAM) -> c_int;
+ pub fn EVP_KDF_fetch(ctx: *mut OSSL_LIB_CTX, algorithm: *const c_char, properties: *const c_char) -> *mut EVP_KDF;
+ pub fn EVP_KDF_free(kdf: *mut EVP_KDF);
}
+
}
}
diff --git a/vendor/openssl-sys/src/handwritten/mod.rs b/vendor/openssl-sys/src/handwritten/mod.rs
index f54ec9be..47b3360f 100644
--- a/vendor/openssl-sys/src/handwritten/mod.rs
+++ b/vendor/openssl-sys/src/handwritten/mod.rs
@@ -29,6 +29,8 @@ pub use self::sha::*;
pub use self::srtp::*;
pub use self::ssl::*;
pub use self::stack::*;
+#[cfg(ossl320)]
+pub use self::thread::*;
pub use self::tls1::*;
pub use self::types::*;
pub use self::x509::*;
@@ -66,6 +68,8 @@ mod sha;
mod srtp;
mod ssl;
mod stack;
+#[cfg(ossl320)]
+mod thread;
mod tls1;
mod types;
mod x509;
diff --git a/vendor/openssl-sys/src/handwritten/params.rs b/vendor/openssl-sys/src/handwritten/params.rs
index 3ed00c04..542cef33 100644
--- a/vendor/openssl-sys/src/handwritten/params.rs
+++ b/vendor/openssl-sys/src/handwritten/params.rs
@@ -6,4 +6,11 @@ extern "C" {
pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM;
#[cfg(ossl300)]
pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM;
+ #[cfg(ossl300)]
+ pub fn OSSL_PARAM_construct_octet_string(
+ key: *const c_char,
+ buf: *mut c_void,
+ bsize: size_t,
+ ) -> OSSL_PARAM;
+
}
diff --git a/vendor/openssl-sys/src/handwritten/ssl.rs b/vendor/openssl-sys/src/handwritten/ssl.rs
index b86a54cb..163c75ae 100644
--- a/vendor/openssl-sys/src/handwritten/ssl.rs
+++ b/vendor/openssl-sys/src/handwritten/ssl.rs
@@ -701,6 +701,10 @@ cfg_if! {
pub fn TLS_server_method() -> *const SSL_METHOD;
pub fn TLS_client_method() -> *const SSL_METHOD;
+
+ pub fn DTLS_server_method() -> *const SSL_METHOD;
+
+ pub fn DTLS_client_method() -> *const SSL_METHOD;
}
} else {
extern "C" {
diff --git a/vendor/openssl-sys/src/handwritten/thread.rs b/vendor/openssl-sys/src/handwritten/thread.rs
new file mode 100644
index 00000000..de661e1c
--- /dev/null
+++ b/vendor/openssl-sys/src/handwritten/thread.rs
@@ -0,0 +1,7 @@
+use super::super::*;
+use libc::*;
+
+extern "C" {
+ pub fn OSSL_set_max_threads(ctx: *mut OSSL_LIB_CTX, max_threads: u64) -> c_int;
+ pub fn OSSL_get_max_threads(ctx: *mut OSSL_LIB_CTX) -> u64;
+}
diff --git a/vendor/openssl-sys/src/handwritten/types.rs b/vendor/openssl-sys/src/handwritten/types.rs
index 8c69c3ef..d465a441 100644
--- a/vendor/openssl-sys/src/handwritten/types.rs
+++ b/vendor/openssl-sys/src/handwritten/types.rs
@@ -472,6 +472,7 @@ pub struct X509V3_CTX {
subject_cert: *mut c_void,
subject_req: *mut c_void,
crl: *mut c_void,
+ #[cfg(not(libressl400))]
db_meth: *mut c_void,
db: *mut c_void,
#[cfg(ossl300)]
@@ -1138,3 +1139,8 @@ pub struct OSSL_PARAM {
data_size: size_t,
return_size: size_t,
}
+
+#[cfg(ossl300)]
+pub enum EVP_KDF {}
+#[cfg(ossl300)]
+pub enum EVP_KDF_CTX {}
diff --git a/vendor/openssl-sys/src/handwritten/x509_vfy.rs b/vendor/openssl-sys/src/handwritten/x509_vfy.rs
index a560e586..31928f89 100644
--- a/vendor/openssl-sys/src/handwritten/x509_vfy.rs
+++ b/vendor/openssl-sys/src/handwritten/x509_vfy.rs
@@ -9,10 +9,14 @@ extern "C" {
pub fn X509_LOOKUP_meth_free(method: *mut X509_LOOKUP_METHOD);
}
+const_ptr_api! {
+ extern "C" {
+ pub fn X509_LOOKUP_hash_dir() -> #[const_ptr_if(libressl400)] X509_LOOKUP_METHOD;
+ pub fn X509_LOOKUP_file() -> #[const_ptr_if(libressl400)] X509_LOOKUP_METHOD;
+ }
+}
extern "C" {
pub fn X509_LOOKUP_free(ctx: *mut X509_LOOKUP);
- pub fn X509_LOOKUP_hash_dir() -> *mut X509_LOOKUP_METHOD;
- pub fn X509_LOOKUP_file() -> *mut X509_LOOKUP_METHOD;
pub fn X509_LOOKUP_ctrl(
ctx: *mut X509_LOOKUP,
cmd: c_int,
@@ -41,11 +45,6 @@ extern "C" {
pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int;
- pub fn X509_STORE_add_lookup(
- store: *mut X509_STORE,
- meth: *mut X509_LOOKUP_METHOD,
- ) -> *mut X509_LOOKUP;
-
pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int;
pub fn X509_STORE_set_flags(store: *mut X509_STORE, flags: c_ulong) -> c_int;
pub fn X509_STORE_set_purpose(ctx: *mut X509_STORE, purpose: c_int) -> c_int;
@@ -55,6 +54,10 @@ extern "C" {
const_ptr_api! {
extern "C" {
+ pub fn X509_STORE_add_lookup(
+ store: *mut X509_STORE,
+ meth: #[const_ptr_if(libressl400)] X509_LOOKUP_METHOD,
+ ) -> *mut X509_LOOKUP;
pub fn X509_STORE_set1_param(store: *mut X509_STORE, pm: #[const_ptr_if(ossl300)] X509_VERIFY_PARAM) -> c_int;
}
}
diff --git a/vendor/openssl-sys/src/lib.rs b/vendor/openssl-sys/src/lib.rs
index 0e23386f..0e8923ba 100644
--- a/vendor/openssl-sys/src/lib.rs
+++ b/vendor/openssl-sys/src/lib.rs
@@ -6,7 +6,6 @@
non_upper_case_globals,
unused_imports
)]
-#![cfg_attr(feature = "unstable_boringssl", allow(ambiguous_glob_reexports))]
#![doc(html_root_url = "https://docs.rs/openssl-sys/0.9")]
#![recursion_limit = "128"] // configure fixed limit across all rust versions
@@ -15,22 +14,47 @@ pub use libc::c_int;
#[cfg(feature = "unstable_boringssl")]
extern crate bssl_sys;
-#[cfg(feature = "unstable_boringssl")]
-pub use bssl_sys::*;
-#[cfg(all(boringssl, not(feature = "unstable_boringssl")))]
+#[cfg(boringssl)]
#[path = "."]
mod boringssl {
+ #[cfg(feature = "unstable_boringssl")]
+ pub use bssl_sys::*;
+ #[cfg(not(feature = "unstable_boringssl"))]
+ include!(concat!(env!("OUT_DIR"), "/bindgen.rs"));
+
+ // BoringSSL does not require initialization.
+ pub fn init() {}
+}
+#[cfg(boringssl)]
+pub use boringssl::*;
+
+#[cfg(feature = "aws-lc")]
+extern crate aws_lc_sys;
+
+#[cfg(awslc)]
+#[path = "."]
+mod aws_lc {
+ #[cfg(feature = "aws-lc")]
+ pub use aws_lc_sys::*;
+
+ #[cfg(not(feature = "aws-lc"))]
include!(concat!(env!("OUT_DIR"), "/bindgen.rs"));
+ use libc::{c_char, c_long, c_void};
+
pub fn init() {
- unsafe {
- CRYPTO_library_init();
- }
+ unsafe { CRYPTO_library_init() }
+ }
+
+ // BIO_get_mem_data is a C preprocessor macro by definition
+ #[allow(non_snake_case, clippy::not_unsafe_ptr_arg_deref)]
+ pub fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long {
+ unsafe { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp.cast::<c_void>()) }
}
}
-#[cfg(all(boringssl, not(feature = "unstable_boringssl")))]
-pub use boringssl::*;
+#[cfg(awslc)]
+pub use aws_lc::*;
#[cfg(openssl)]
#[path = "."]
diff --git a/vendor/openssl-sys/src/obj_mac.rs b/vendor/openssl-sys/src/obj_mac.rs
index 400f7338..8dd720a7 100644
--- a/vendor/openssl-sys/src/obj_mac.rs
+++ b/vendor/openssl-sys/src/obj_mac.rs
@@ -346,7 +346,6 @@ pub const NID_id_mod_cmp2000: c_int = 284;
pub const NID_info_access: c_int = 177;
pub const NID_biometricInfo: c_int = 285;
pub const NID_qcStatements: c_int = 286;
-pub const NID_ac_auditEntity: c_int = 287;
pub const NID_ac_targeting: c_int = 288;
pub const NID_aaControls: c_int = 289;
pub const NID_sbgp_ipAddrBlock: c_int = 290;
@@ -1015,3 +1014,10 @@ pub const NID_shake256: c_int = 1101;
pub const NID_chacha20_poly1305: c_int = 1018;
#[cfg(libressl271)]
pub const NID_chacha20_poly1305: c_int = 967;
+cfg_if! {
+ if #[cfg(ossl340)] {
+ pub const NID_ac_auditEntity: c_int = 1323;
+ } else {
+ pub const NID_ac_auditEntity: c_int = 287;
+ }
+}
diff --git a/vendor/openssl/.cargo-checksum.json b/vendor/openssl/.cargo-checksum.json
index 80bade8c..3de6ab62 100644
--- a/vendor/openssl/.cargo-checksum.json
+++ b/vendor/openssl/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"2e890996f61f7bf0f5eff5b1722c1b11da46315a5eea26fb8d94f21609066560","Cargo.lock":"884becf9d65fb50d031dca2e7ce85f14363f6a06a525e52b2df00eb95b2def86","Cargo.toml":"2a879f9fdfe0600ce7c54bf0c048a9e82a6b538884e3323ced6b321643060c56","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"04a0d492f539b96444229d03c977386fc6360a03eca34bdb2a064e439ee45b85","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"c1ad71fc0a76dd7fbb07864583e47c7da8764f8e6029a4ff8c310bf2fde63e15","src/asn1.rs":"d250233df5913879a6dc205e16f2404bd7512e29a2b8dab2b9ea83c670ee85be","src/base64.rs":"9087b546206c3a824aec3af6cf0e54d890515cc62d859951fd46ef72fbeba3aa","src/bio.rs":"ea03f0d3fbbf9538277e304738e95cbb844c2796057d9abd126b6ebac6140367","src/bn.rs":"42c3a1798f70b9f797de78a238d0b05a706df71c980714611ff53888ec7315eb","src/cipher.rs":"3bf4595773be7c5f292b671c9272979d2b300b0e2961e14d3aa0d1c03a24b83d","src/cipher_ctx.rs":"01ffd0005693695c41e5dd1d86b448bca4808e43d5778c5b9f707c1e867a75bb","src/cms.rs":"0dfa2f1134b84de1c7c9a8ad78ad2b8cd773cea75c9b80cf57bcf181f7ed4573","src/conf.rs":"c374003c606c331fedbe9075abfaf41eba38bfbbbefe9c9f2d2a1d445e4b1606","src/derive.rs":"963694c3cf7b0b70802b5b2b3f93f857ed7b320d5db331b57c2ff11bcb0891ad","src/dh.rs":"e9fc6d5910241a6cba0b7c6ce4139ba8cbd04be7de5c92a479406ddc79a581cd","src/dsa.rs":"10b6aca140fe332cb35c78cb3b0e9f1aa7cf18971059ac93a9a458481de26f85","src/ec.rs":"43142ab898dd4dc25efd7cd5c081be4f1a65c39d48e715fa3a208c7a2c5cb534","src/ecdsa.rs":"895136cad2a938f6a274e56fe2218e0bf066d4df33f5ad77c98d50921a25f50a","src/encrypt.rs":"d1c6de4f5998f06d33de66005a1926eab895f0ecff01396b46dc697dc1593b26","src/envelope.rs":"d842c52a3297620121446514b57b6441e88faf5c48d98ae723f4e05164ea0a2b","src/error.rs":"ede27beebf1594a9165f16aa8732816f28501a8454d3125b6eb5ce98756e0255","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"f8c18f3095236d7ea9ee5be244032207b6bf5b97ddfbb960ab0800c5f72a6244","src/lib.rs":"a4e1994538c5a18371edf46439a253a488fff0b94692208796b782d6ab0b0030","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"fc83887358d36f7edd61f2718e0d7a83161b1c23eccbf782fd2918b34a8f5a12","src/md.rs":"fd241588f1c5860ee43b1abd74952a74e2c0432c045ded4b2950a419bb4597ee","src/md_ctx.rs":"a00fbe465477fd1209fffd7b83eebb1e86af2bfd3acf2c1ca691f19da1a5b35f","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"8ed819d454abb0e531d5dd359bc6ca8c16c7c48ec8cf07dd52e59a7bebd1d77a","src/ocsp.rs":"bfb378fa87945eee583521e350f427406888bbb8a804a90aeb06bdbf1b656ddf","src/pkcs12.rs":"b4171fa4423eaf8e1b060cf68f9b85fe0bc84d6c5fe23dabf3ddb0fed9a8cb23","src/pkcs5.rs":"5afbbb784714cde2fb39b34c867db7a600c0cd0f1173d1971ec645f9c3376caf","src/pkcs7.rs":"24431303749047c08aad278f53ea47d6e47130318d368dd5213194e27bd58620","src/pkey.rs":"c500536756324354aa698509ca03f488cf180e3eba9c3b1ba198e68b991eb22f","src/pkey_ctx.rs":"0da4de8cc6cd814133a96a941ace5dbc76ea8b19f145ae71a150f32e2397aa8a","src/provider.rs":"5ab0b25e8866ecea327ad764d44594912f1dc09eb73c3ed5db134714e9f4b73e","src/rand.rs":"4007c6e88a8e875fb8eb475895ba5579e2e789634536303ea8e99ec1866b71a3","src/rsa.rs":"b972ab6ee3c3ad70314959eb5cda6a2251f514bf12d88551ce7746b4e9024294","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"9af5544b9c5d81c494ba055c247c8d152e5853a26efa60ff7c1788b569225fd9","src/srtp.rs":"3defe1815cfc790e2407ff935f8ca7b0e8d504242886e8841715279e0d85f721","src/ssl/bio.rs":"4677c018ebc35a1c31fc92a3fd180e03b00fdc031aa7464d4ee53d0e4d5c78d3","src/ssl/callbacks.rs":"3b5530c06709705b1a216913f2f5a900ea6d9baa9d497d7c8bd5f2fefa53c8d5","src/ssl/connector.rs":"32afe0925584b349b3595aaabd0dadbf6ab383b5879c49c68ad2d0fddf0b0e4a","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"ede8850d07edf6033d0b3b34ef001ff5b621eb6f9c5ed1d02eadc75f5297b4e7","src/ssl/test/mod.rs":"0bf87ab47287ce40f1317016beeb54602a9a5836d00e0424072e67bedafa9c35","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"ce68f06b3fa7135798d9af3489a2412823cfcd39984931b39d68be387f8fb5ac","src/string.rs":"8276d719b35cd74ee0efbecce9e58e754d50d8cc96111f2febd3c0d8849847a8","src/symm.rs":"87abe78720dc89710369a4fe8c74faa52c4226a118add635bc6458cb7db03c66","src/util.rs":"e6794bf0643d0c29e96325653f2bb4a00221de55bb5b3c6c96d5dbae3debe238","src/version.rs":"e3acbb0db2095ab616870055c7c7a902fb7b1439520574fd20b7c1164b1178b7","src/x509/extension.rs":"26a265248eb0e54c3b106708f8fce7d5fb5b91b7195f17a97e1b8b1d3b6fa119","src/x509/mod.rs":"1de4893a55ca91296216a052d14d1319fe180cd7b792fa3593de3fa7cc4f1dee","src/x509/store.rs":"e42823f931ce2b6e4bac5f7314f3790c70dd12002398da03a2ebecd96f248c98","src/x509/tests.rs":"efd1573171de75b70416a8d2f708e457601fc64c472fdb5507e32f74f4968fd0","src/x509/verify.rs":"9db665ffccecfd8a29874f8f4b0b3c09d195899daaa927dffdf57d6e9d32403e","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/authority_key_identifier.pem":"4644b83bbcd36a6e1917d1f7bd3b8ff913bf86cc74917c07dd78b6731b4d5bec","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/entry_extensions.crl":"bee73d33a326bde92d3c38f275b3f94943e46cf778d7043e1176e84413dc22e9","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"426ee73189b7a2cd6264463c3c3af54d2575271cd17b05ebfa0a59d24e840ced","Cargo.lock":"b8fc0c91e6a803fbd1553d28be8630404988503ca8377e7b3f51656862b5d76a","Cargo.toml":"5c9c1937399944f99877367f820676a26d928c84bb230e5cbd9caa9c386c9f7c","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","LICENSE-APACHE":"c6596eb7be8581c18be736c846fb9173b69eccf6ef94c5135893ec56bd92ba08","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"cbb97a4cc2ff81cb33d9c2cef88858f81721d60b871ec8dbe919c2887200b4b0","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"8af2d642fb31e5a2d57c606373db110d3622a755836f0c6e437cb4dd4f25bd7c","src/asn1.rs":"f59cb79112a11a1c0e7d2e49dfaa6f78579bfde01730fbbc5132c5404ea6fb47","src/base64.rs":"9087b546206c3a824aec3af6cf0e54d890515cc62d859951fd46ef72fbeba3aa","src/bio.rs":"c2cc684a2422f7cdd7bc9ec35dfca8146890c0a52c08bb7a32a5a21f9cb09bce","src/bn.rs":"ad161091b027f876b9a96a12fd31f1b5b31faa0ee5a6763c1621b0ebc527d30c","src/cipher.rs":"f5772040433370ea5e1870a7227d204286226c1d902d957a5ae7ddf3e7ee89f4","src/cipher_ctx.rs":"e7ff3f7762587ba8175af6043e9222cd6086da893210ba44c42617a2d9f48730","src/cms.rs":"0dfa2f1134b84de1c7c9a8ad78ad2b8cd773cea75c9b80cf57bcf181f7ed4573","src/conf.rs":"bd2ee843bd4c325a087878eb55a52971caffb46dec7c750cf3e9ec4b8e3e86bf","src/derive.rs":"ccb6087ac9f51330a292d02d2c4ec80784bbb2fb9c4beb46f7d5484961303340","src/dh.rs":"9ac5e80b07d2c83f4028d031fdb54692c2aada745e8c2ee33eceeb81f1f82f62","src/dsa.rs":"48ce7e08b320b11cc61fac0ad09d5a9287fc7cf80a061a42acf0e13a8bad5005","src/ec.rs":"d9d86d8bb46f5748f56b3537711704d097796567fd6b91b535c598fd44c77787","src/ecdsa.rs":"4c095f20c0e9659ac88cde5ba1046b1b39e9756999ebe7d6551b340ef98fb7f8","src/encrypt.rs":"d1fd716bec64934838360e9d046d3bd1e21bb8eb5f0fe9565ea4e46c6fdfb646","src/envelope.rs":"d842c52a3297620121446514b57b6441e88faf5c48d98ae723f4e05164ea0a2b","src/error.rs":"504f8435637f4ee059da824e26ad2267516a8f041e1b726765ee6232ebce0256","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"221c8e1fae0c4e9b44998d64a25387665069d47a37b18f205c63373155924877","src/kdf.rs":"52e2430f4351c7e507c68350fdc6f270ddd54731ddc5bbb61f0723417ff1215c","src/lib.rs":"9b773aa9c612445012bbd40e096d725f644411edfac079b9fe4e39d3e358bc70","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"fc83887358d36f7edd61f2718e0d7a83161b1c23eccbf782fd2918b34a8f5a12","src/md.rs":"be680e7c5cd2686a82ded5f4db460c2ce2213640bc8f86d14fc15cbae84a55de","src/md_ctx.rs":"e8668cd9d683d98a2cd89dc856b121117f38d7128bcb73b96e78658d7bc70024","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"fea5f5121995ef14a7c9a00091086bbe84c0c75a84320110611889931934e9f6","src/ocsp.rs":"935da69782e717c70ae54018044718f74167ce784d62f9c7bfa2c0bd72eb45e8","src/pkcs12.rs":"f4a66628a209f7bee3c79c8c37f5570fd45ee91a7cc9df62200cce7d61681a72","src/pkcs5.rs":"6e43c3cf36f91397fb7f15112bfb6e15252c6a9088198f98d68e49e1d250e1d1","src/pkcs7.rs":"24431303749047c08aad278f53ea47d6e47130318d368dd5213194e27bd58620","src/pkey.rs":"67dc9a96a3c32550d86bdfb6d44e9af98c5dca64b2aa42fd60da264a3af17edf","src/pkey_ctx.rs":"cd881a1da8db054f11015c91ff75ba61f297c2bb0f4406500de1be8ec0ad6b24","src/provider.rs":"5ab0b25e8866ecea327ad764d44594912f1dc09eb73c3ed5db134714e9f4b73e","src/rand.rs":"4007c6e88a8e875fb8eb475895ba5579e2e789634536303ea8e99ec1866b71a3","src/rsa.rs":"8931d5985c1ce0219980cb90f965653a363743b773a3e842b3834b6824e9ca39","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"d863e593a4d95b8987c0afe6c464926033f676a2624e2cbe228611244855000f","src/srtp.rs":"0dcd496a34819f4f515ba934a7e5683100a2b5a63d46736b2b655df30a22fd85","src/ssl/bio.rs":"5429cae22a34e307b3ddbdc65d00de34ea1c6808478a55e162cc089bef22801f","src/ssl/callbacks.rs":"deaaa3250cd37d6b4cbe289018af5c42ed291a673f8ba21f15785f4432b2b426","src/ssl/connector.rs":"d5a6f5c2be9301164895f88a090ad0848fb57a75bb3629eec3d7a452e1af819f","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"80e1f46d85fad084d13ae764ebf377615d185a5b764afd53ac52e6e0dd11ab26","src/ssl/test/mod.rs":"1224f3a66d03883e6b959970aa4091f59abd93c5a608659490c0ea5b825984fa","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"9be126b4a1b5c01fc9c5a42f46e1bc9307ed92624a623efe4242aca1e8c4f15e","src/string.rs":"4b359b577b008735d144df687ba22da33354549581839f32ef5d649053ac53cd","src/symm.rs":"f686ce63761b2f6a48214465028df8ae18a227f54b9ed14bd496b94dfbd06ecf","src/util.rs":"09701e853997f00c46336da9cff99142b22af5a20f6284ed6a8c597c238e8ad6","src/version.rs":"9c6b7dd29a4cf53a2927d7be247a3b85083f9a8e0a0c779e311eff612463926e","src/x509/extension.rs":"26a265248eb0e54c3b106708f8fce7d5fb5b91b7195f17a97e1b8b1d3b6fa119","src/x509/mod.rs":"5b2abbf9254291a916ee856bd259f11eff5945ae832ba7a3c4c34cc99f88ac36","src/x509/store.rs":"1687ca1833f2ba7c5e5d385369a52ed00cd10e2e4c42ccab755372e618ec3c07","src/x509/tests.rs":"233bce3b2e025dfd4b0f058892fd2863f30708cedcd1c38af89c0fdf05a38e91","src/x509/verify.rs":"a5930624886d6a88680e47a2b0e74e2cab1032b902e886530110d79dff837efb","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/authority_key_identifier.pem":"4644b83bbcd36a6e1917d1f7bd3b8ff913bf86cc74917c07dd78b6731b4d5bec","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/corrupted-rsa.pem":"cff269f11b8db1222ae94a5bdfb16b5d4795c23cac7250ebe2c892a2428f5890","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/entry_extensions.crl":"bee73d33a326bde92d3c38f275b3f94943e46cf778d7043e1176e84413dc22e9","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8"}
\ No newline at end of file
diff --git a/vendor/openssl/CHANGELOG.md b/vendor/openssl/CHANGELOG.md
index e3d1045a..250c619e 100644
--- a/vendor/openssl/CHANGELOG.md
+++ b/vendor/openssl/CHANGELOG.md
@@ -2,6 +2,77 @@
## [Unreleased]
+## [v0.10.73] - 2025-05-28
+
+### Fixed
+
+* Fixed building on the latest BoringSSL.
+
+### Changed
+
+* Replaced ctest2 with ctest in systest.
+
+## [v0.10.72] - 2025-04-04
+
+### Fixed
+
+* Fixed use-after-free in `Md::fetch` and `Cipher::fetch` when `properties` is `Some(...)`. In practice this use-after-free most likely resulted in OpenSSL treating the `properties` as `b""`.
+
+### Added
+
+* Support for building with AWS-LC.
+
+## [v0.10.71] - 2025-02-15
+
+### Added
+
+* Added `Cipher::rc2_cbc` and `Cipher::rc2_40_cbc`.
+
+## [v0.10.70] - 2025-02-02
+
+### Fixed
+
+* Fixed improper lifetime constraints in `ssl::select_next_proto` that allowed a use after free.
+
+### Added
+
+* Added `SslMethod::dtls_client` and `SslMethod::dtls_server`.
+
+## [v0.10.69] - 2025-01-25
+
+### Fixed
+
+* Fixed the version constraint on `openssl-macros`.
+
+### Added
+
+* Added `SslContextBuilder::load_verify_locations`.
+* Added `Hasher::squeeze_xof`.
+* Added `SslContextBuilder::set_alpn_select_callback` support for boringssl.
+
+## [v0.10.68] - 2024-10-16
+
+### Fixed
+
+* Fixed building on Rust 1.63.0 (our MSRV) with OpenSSL 3.2 or newer.
+
+## [v0.10.67] - 2024-10-15
+
+### Added
+
+* Added support for LibreSSL 4.0.x.
+* Added `argon2id`
+
+### Fixed
+
+* Fixed a case where `MdCtxRef::digest_verify_final` could leave an error on the stack.
+* Fixed a case where `RsaRef::check_key` could leave an errror on the stack.
+
+### Changed
+
+* `openssl` is now a 2021 edition crate
+* Explicitly specify the MSRV in `Cargo.toml`
+
## [v0.10.66] - 2024-07-21
### Fixed
@@ -908,7 +979,14 @@
Look at the [release tags] for information about older releases.
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.73...master
+[v0.10.73]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73
+[v0.10.72]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72
+[v0.10.71]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.71
+[v0.10.70]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70
+[v0.10.69]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69
+[v0.10.68]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.67...openssl-v0.10.68
+[v0.10.67]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.67
[v0.10.66]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66
[v0.10.65]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65
[v0.10.64]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64
diff --git a/vendor/openssl/Cargo.lock b/vendor/openssl/Cargo.lock
index a93f7fa1..aaf839a5 100644
--- a/vendor/openssl/Cargo.lock
+++ b/vendor/openssl/Cargo.lock
@@ -21,20 +21,33 @@ dependencies = [
"yansi-term",
]
+[[package]]
+name = "aws-lc-sys"
+version = "0.27.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77926887776171ced7d662120a75998e444d3750c951abfe07f90da130514b1f"
+dependencies = [
+ "bindgen",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+]
+
[[package]]
name = "bindgen"
-version = "0.65.1"
+version = "0.69.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cfdf7b466f9a4903edc73f95d6d2bcd5baf8ae620638762244d3f60143643cc5"
+checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
dependencies = [
"annotate-snippets",
- "bitflags 1.3.2",
+ "bitflags",
"cexpr",
"clang-sys",
+ "itertools",
"lazy_static",
"lazycell",
"log",
- "peeking_take_while",
"prettyplease",
"proc-macro2",
"quote",
@@ -47,15 +60,9 @@ dependencies = [
[[package]]
name = "bitflags"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-
-[[package]]
-name = "bitflags"
-version = "2.5.0"
+version = "2.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1"
+checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
[[package]]
name = "bssl-sys"
@@ -65,9 +72,14 @@ checksum = "312d12393c060384f2e6ed14c7b4be37b3dd90249857485613c1a91b9a1abb5c"
[[package]]
name = "cc"
-version = "1.0.94"
+version = "1.1.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17f6e324229dc011159fcc089755d1e2e216a90d43a7dea6853ca740b84f35e7"
+checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48"
+dependencies = [
+ "jobserver",
+ "libc",
+ "shlex",
+]
[[package]]
name = "cexpr"
@@ -86,26 +98,41 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clang-sys"
-version = "1.7.0"
+version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
dependencies = [
"glob",
"libc",
"libloading",
]
+[[package]]
+name = "cmake"
+version = "0.1.54"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "dunce"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
+
[[package]]
name = "either"
-version = "1.11.0"
+version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
+checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
[[package]]
name = "errno"
-version = "0.3.8"
+version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
+checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
dependencies = [
"libc",
"windows-sys",
@@ -126,6 +153,12 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
[[package]]
name = "glob"
version = "0.3.1"
@@ -134,9 +167,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "hex"
-version = "0.3.2"
+version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
[[package]]
name = "home"
@@ -147,11 +180,29 @@ dependencies = [
"windows-sys",
]
+[[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "jobserver"
+version = "0.1.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
+dependencies = [
+ "libc",
+]
+
[[package]]
name = "lazy_static"
-version = "1.4.0"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
[[package]]
name = "lazycell"
@@ -161,15 +212,15 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
[[package]]
name = "libc"
-version = "0.2.153"
+version = "0.2.156"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"
+checksum = "a5f43f184355eefb8d17fc948dbecf6c13be3c141f20d834ae842193a448c72a"
[[package]]
name = "libloading"
-version = "0.8.3"
+version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
+checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
dependencies = [
"cfg-if",
"windows-targets",
@@ -177,21 +228,21 @@ dependencies = [
[[package]]
name = "linux-raw-sys"
-version = "0.4.13"
+version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
+checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
[[package]]
name = "log"
-version = "0.4.21"
+version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"
+checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
[[package]]
name = "memchr"
-version = "2.7.2"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
[[package]]
name = "minimal-lexical"
@@ -217,9 +268,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
[[package]]
name = "openssl"
-version = "0.10.66"
+version = "0.10.73"
dependencies = [
- "bitflags 2.5.0",
+ "bitflags",
"cfg-if",
"foreign-types",
"hex",
@@ -242,19 +293,20 @@ dependencies = [
[[package]]
name = "openssl-src"
-version = "300.2.3+3.2.1"
+version = "300.3.1+3.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cff92b6f71555b61bb9315f7c64da3ca43d87531622120fea0195fc761b4843"
+checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91"
dependencies = [
"cc",
]
[[package]]
name = "openssl-sys"
-version = "0.9.103"
+version = "0.9.109"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"
+checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571"
dependencies = [
+ "aws-lc-sys",
"bindgen",
"bssl-sys",
"cc",
@@ -264,12 +316,6 @@ dependencies = [
"vcpkg",
]
-[[package]]
-name = "peeking_take_while"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
-
[[package]]
name = "pkg-config"
version = "0.3.30"
@@ -278,9 +324,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
[[package]]
name = "prettyplease"
-version = "0.2.19"
+version = "0.2.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ac2cf0f2e4f42b49f5ffd07dae8d746508ef7526c13940e5f524012ae6c6550"
+checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e"
dependencies = [
"proc-macro2",
"syn",
@@ -288,9 +334,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
-version = "1.0.81"
+version = "1.0.86"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba"
+checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
dependencies = [
"unicode-ident",
]
@@ -306,9 +352,9 @@ dependencies = [
[[package]]
name = "regex"
-version = "1.10.4"
+version = "1.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c"
+checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
dependencies = [
"aho-corasick",
"memchr",
@@ -318,9 +364,9 @@ dependencies = [
[[package]]
name = "regex-automata"
-version = "0.4.6"
+version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea"
+checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
dependencies = [
"aho-corasick",
"memchr",
@@ -329,9 +375,9 @@ dependencies = [
[[package]]
name = "regex-syntax"
-version = "0.8.3"
+version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56"
+checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
[[package]]
name = "rustc-hash"
@@ -345,7 +391,7 @@ version = "0.38.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
dependencies = [
- "bitflags 2.5.0",
+ "bitflags",
"errno",
"libc",
"linux-raw-sys",
@@ -360,9 +406,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "syn"
-version = "2.0.60"
+version = "2.0.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3"
+checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7"
dependencies = [
"proc-macro2",
"quote",
@@ -377,9 +423,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
[[package]]
name = "unicode-width"
-version = "0.1.12"
+version = "0.1.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68f5e5f3158ecfd4b8ff6fe086db7c8467a2dfdac97fe420f2b7c4aa97af66d6"
+checksum = "0336d538f7abc86d282a4189614dfaa90810dfc2c6f6427eaf88e16311dd225d"
[[package]]
name = "vcpkg"
@@ -432,9 +478,9 @@ dependencies = [
[[package]]
name = "windows-targets"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
@@ -448,51 +494,51 @@ dependencies = [
[[package]]
name = "windows_aarch64_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]]
name = "windows_aarch64_msvc"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]]
name = "windows_i686_gnu"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
[[package]]
name = "windows_i686_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]]
name = "windows_i686_msvc"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]]
name = "windows_x86_64_gnu"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]]
name = "windows_x86_64_gnullvm"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]]
name = "windows_x86_64_msvc"
-version = "0.52.5"
+version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "yansi-term"
diff --git a/vendor/openssl/Cargo.toml b/vendor/openssl/Cargo.toml
index befffbdc..3b96ba57 100644
--- a/vendor/openssl/Cargo.toml
+++ b/vendor/openssl/Cargo.toml
@@ -10,10 +10,17 @@
# See Cargo.toml.orig for the original contents.
[package]
-edition = "2018"
+edition = "2021"
+rust-version = "1.63.0"
name = "openssl"
-version = "0.10.66"
+version = "0.10.73"
authors = ["Steven Fackler <sfackler@gmail.com>"]
+build = "build.rs"
+autolib = false
+autobins = false
+autoexamples = false
+autotests = false
+autobenches = false
description = "OpenSSL bindings"
readme = "README.md"
keywords = [
@@ -29,6 +36,25 @@ categories = [
license = "Apache-2.0"
repository = "https://github.com/sfackler/rust-openssl"
+[features]
+aws-lc = ["ffi/aws-lc"]
+bindgen = ["ffi/bindgen"]
+default = []
+unstable_boringssl = ["ffi/unstable_boringssl"]
+v101 = []
+v102 = []
+v110 = []
+v111 = []
+vendored = ["ffi/vendored"]
+
+[lib]
+name = "openssl"
+path = "src/lib.rs"
+
+[[example]]
+name = "mk_certs"
+path = "examples/mk_certs.rs"
+
[dependencies.bitflags]
version = "2.2.1"
@@ -36,7 +62,7 @@ version = "2.2.1"
version = "1.0"
[dependencies.ffi]
-version = "0.9.103"
+version = "0.9.109"
package = "openssl-sys"
[dependencies.foreign-types]
@@ -49,17 +75,7 @@ version = "0.2"
version = "1.5.2"
[dependencies.openssl-macros]
-version = "0.1.0"
+version = "0.1.1"
[dev-dependencies.hex]
-version = "0.3"
-
-[features]
-bindgen = ["ffi/bindgen"]
-default = []
-unstable_boringssl = ["ffi/unstable_boringssl"]
-v101 = []
-v102 = []
-v110 = []
-v111 = []
-vendored = ["ffi/vendored"]
+version = "0.4"
diff --git a/vendor/openssl/LICENSE-APACHE b/vendor/openssl/LICENSE-APACHE
new file mode 100644
index 00000000..8f71f43f
--- /dev/null
+++ b/vendor/openssl/LICENSE-APACHE
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/vendor/openssl/build.rs b/vendor/openssl/build.rs
index 58f5fb9a..d6d65798 100644
--- a/vendor/openssl/build.rs
+++ b/vendor/openssl/build.rs
@@ -7,10 +7,11 @@
use std::env;
fn main() {
- println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\"))");
+ println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_ARGON2\", \"OPENSSL_NO_RC2\"))");
println!("cargo:rustc-check-cfg=cfg(libressl)");
println!("cargo:rustc-check-cfg=cfg(boringssl)");
+ println!("cargo:rustc-check-cfg=cfg(awslc)");
println!("cargo:rustc-check-cfg=cfg(libressl250)");
println!("cargo:rustc-check-cfg=cfg(libressl251)");
@@ -31,6 +32,8 @@ fn main() {
println!("cargo:rustc-check-cfg=cfg(libressl380)");
println!("cargo:rustc-check-cfg=cfg(libressl382)");
println!("cargo:rustc-check-cfg=cfg(libressl390)");
+ println!("cargo:rustc-check-cfg=cfg(libressl400)");
+ println!("cargo:rustc-check-cfg=cfg(libressl410)");
println!("cargo:rustc-check-cfg=cfg(ossl101)");
println!("cargo:rustc-check-cfg=cfg(ossl102)");
@@ -52,6 +55,10 @@ fn main() {
println!("cargo:rustc-cfg=boringssl");
}
+ if env::var("DEP_OPENSSL_AWSLC").is_ok() {
+ println!("cargo:rustc-cfg=awslc");
+ }
+
if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") {
let version = u64::from_str_radix(&v, 16).unwrap();
@@ -112,6 +119,12 @@ fn main() {
if version >= 0x3_09_00_00_0 {
println!("cargo:rustc-cfg=libressl390");
}
+ if version >= 0x4_00_00_00_0 {
+ println!("cargo:rustc-cfg=libressl400");
+ }
+ if version >= 0x4_01_00_00_0 {
+ println!("cargo:rustc-cfg=libressl410");
+ }
}
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
diff --git a/vendor/openssl/src/aes.rs b/vendor/openssl/src/aes.rs
index cd1f3ed1..25de83d5 100644
--- a/vendor/openssl/src/aes.rs
+++ b/vendor/openssl/src/aes.rs
@@ -23,7 +23,11 @@
//! # Examples
#![cfg_attr(
- all(not(boringssl), not(osslconf = "OPENSSL_NO_DEPRECATED_3_0")),
+ all(
+ not(boringssl),
+ not(awslc),
+ not(osslconf = "OPENSSL_NO_DEPRECATED_3_0")
+ ),
doc = r#"\
## AES IGE
```rust
@@ -65,7 +69,7 @@ use libc::{c_int, c_uint};
use std::mem::MaybeUninit;
use std::ptr;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::symm::Mode;
use openssl_macros::corresponds;
@@ -77,7 +81,7 @@ pub struct KeyError(());
pub struct AesKey(ffi::AES_KEY);
cfg_if! {
- if #[cfg(boringssl)] {
+ if #[cfg(any(boringssl, awslc))] {
type AesBitType = c_uint;
type AesSizeType = usize;
} else {
@@ -155,7 +159,7 @@ impl AesKey {
///
/// Panics if `in_` is not the same length as `out`, if that length is not a multiple of 16, or if
/// `iv` is not at least 32 bytes.
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
#[corresponds(AES_ige_encrypt)]
pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mode) {
@@ -263,12 +267,12 @@ mod test {
use hex::FromHex;
use super::*;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
use crate::symm::Mode;
// From https://www.mgp25.com/AESIGE/
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
fn ige_vector_1() {
let raw_key = "000102030405060708090A0B0C0D0E0F";
diff --git a/vendor/openssl/src/asn1.rs b/vendor/openssl/src/asn1.rs
index 8618be0e..06df31a0 100644
--- a/vendor/openssl/src/asn1.rs
+++ b/vendor/openssl/src/asn1.rs
@@ -32,7 +32,6 @@ use std::convert::TryInto;
use std::ffi::CString;
use std::fmt;
use std::ptr;
-use std::slice;
use std::str;
use crate::bio::MemBio;
@@ -41,7 +40,7 @@ use crate::error::ErrorStack;
use crate::nid::Nid;
use crate::stack::Stackable;
use crate::string::OpensslString;
-use crate::{cvt, cvt_p};
+use crate::{cvt, cvt_p, util};
use openssl_macros::corresponds;
foreign_type_and_impl_send_sync! {
@@ -166,7 +165,7 @@ impl Asn1Type {
/// [`diff`]: struct.Asn1TimeRef.html#method.diff
/// [`Asn1TimeRef`]: struct.Asn1TimeRef.html
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
pub struct TimeDiff {
/// Difference in days
pub days: c_int,
@@ -199,7 +198,7 @@ foreign_type_and_impl_send_sync! {
impl Asn1TimeRef {
/// Find difference between two times
#[corresponds(ASN1_TIME_diff)]
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
pub fn diff(&self, compare: &Self) -> Result<TimeDiff, ErrorStack> {
let mut days = 0;
let mut secs = 0;
@@ -215,7 +214,7 @@ impl Asn1TimeRef {
/// Compare two times
#[corresponds(ASN1_TIME_compare)]
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
pub fn compare(&self, other: &Self) -> Result<Ordering, ErrorStack> {
let d = self.diff(other)?;
if d.days > 0 || d.secs > 0 {
@@ -229,7 +228,7 @@ impl Asn1TimeRef {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialEq for Asn1TimeRef {
fn eq(&self, other: &Asn1TimeRef) -> bool {
self.diff(other)
@@ -238,7 +237,7 @@ impl PartialEq for Asn1TimeRef {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialEq<Asn1Time> for Asn1TimeRef {
fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other)
@@ -247,8 +246,8 @@ impl PartialEq<Asn1Time> for Asn1TimeRef {
}
}
-#[cfg(any(ossl102, boringssl))]
-impl<'a> PartialEq<Asn1Time> for &'a Asn1TimeRef {
+#[cfg(any(ossl102, boringssl, awslc))]
+impl PartialEq<Asn1Time> for &Asn1TimeRef {
fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other)
.map(|t| t.days == 0 && t.secs == 0)
@@ -256,22 +255,22 @@ impl<'a> PartialEq<Asn1Time> for &'a Asn1TimeRef {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialOrd for Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok()
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialOrd<Asn1Time> for Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok()
}
}
-#[cfg(any(ossl102, boringssl))]
-impl<'a> PartialOrd<Asn1Time> for &'a Asn1TimeRef {
+#[cfg(any(ossl102, boringssl, awslc))]
+impl PartialOrd<Asn1Time> for &Asn1TimeRef {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok()
}
@@ -354,7 +353,7 @@ impl Asn1Time {
///
/// Requires BoringSSL or OpenSSL 1.1.1 or newer.
#[corresponds(ASN1_TIME_set_string_X509)]
- #[cfg(any(ossl111, boringssl))]
+ #[cfg(any(ossl111, boringssl, awslc))]
pub fn from_str_x509(s: &str) -> Result<Asn1Time, ErrorStack> {
unsafe {
let s = CString::new(s).unwrap();
@@ -367,7 +366,7 @@ impl Asn1Time {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialEq for Asn1Time {
fn eq(&self, other: &Asn1Time) -> bool {
self.diff(other)
@@ -376,7 +375,7 @@ impl PartialEq for Asn1Time {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialEq<Asn1TimeRef> for Asn1Time {
fn eq(&self, other: &Asn1TimeRef) -> bool {
self.diff(other)
@@ -385,7 +384,7 @@ impl PartialEq<Asn1TimeRef> for Asn1Time {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time {
fn eq(&self, other: &&'a Asn1TimeRef) -> bool {
self.diff(other)
@@ -394,21 +393,21 @@ impl<'a> PartialEq<&'a Asn1TimeRef> for Asn1Time {
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialOrd for Asn1Time {
fn partial_cmp(&self, other: &Asn1Time) -> Option<Ordering> {
self.compare(other).ok()
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl PartialOrd<Asn1TimeRef> for Asn1Time {
fn partial_cmp(&self, other: &Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok()
}
}
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
impl<'a> PartialOrd<&'a Asn1TimeRef> for Asn1Time {
fn partial_cmp(&self, other: &&'a Asn1TimeRef) -> Option<Ordering> {
self.compare(other).ok()
@@ -457,7 +456,7 @@ impl Asn1StringRef {
/// [`as_utf8`]: struct.Asn1String.html#method.as_utf8
#[corresponds(ASN1_STRING_get0_data)]
pub fn as_slice(&self) -> &[u8] {
- unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }
+ unsafe { util::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }
}
/// Returns the number of bytes in the string.
@@ -597,7 +596,7 @@ impl Asn1BitStringRef {
/// Returns the Asn1BitString as a slice.
#[corresponds(ASN1_STRING_get0_data)]
pub fn as_slice(&self) -> &[u8] {
- unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
+ unsafe { util::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
}
/// Returns the number of bytes in the string.
@@ -637,7 +636,7 @@ impl Asn1OctetStringRef {
/// Returns the octet string as an array of bytes.
#[corresponds(ASN1_STRING_get0_data)]
pub fn as_slice(&self) -> &[u8] {
- unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr().cast()), self.len()) }
+ unsafe { util::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr().cast()), self.len()) }
}
/// Returns the number of bytes in the octet string.
@@ -701,7 +700,7 @@ impl Asn1Object {
pub fn as_slice(&self) -> &[u8] {
unsafe {
let len = ffi::OBJ_length(self.as_ptr());
- slice::from_raw_parts(ffi::OBJ_get0_data(self.as_ptr()), len)
+ util::from_raw_parts(ffi::OBJ_get0_data(self.as_ptr()), len)
}
}
}
@@ -738,7 +737,7 @@ impl fmt::Debug for Asn1ObjectRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273, boringssl))] {
+ if #[cfg(any(ossl110, libressl273, boringssl, awslc))] {
use ffi::ASN1_STRING_get0_data;
} else {
#[allow(bad_style)]
@@ -809,7 +808,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
fn time_eq() {
let a = Asn1Time::from_str("99991231235959Z").unwrap();
let b = Asn1Time::from_str("99991231235959Z").unwrap();
@@ -828,7 +827,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
fn time_ord() {
let a = Asn1Time::from_str("99991231235959Z").unwrap();
let b = Asn1Time::from_str("99991231235959Z").unwrap();
diff --git a/vendor/openssl/src/bio.rs b/vendor/openssl/src/bio.rs
index 1595f89f..ebd079f2 100644
--- a/vendor/openssl/src/bio.rs
+++ b/vendor/openssl/src/bio.rs
@@ -2,14 +2,14 @@ use cfg_if::cfg_if;
use libc::c_int;
use std::marker::PhantomData;
use std::ptr;
-use std::slice;
use crate::cvt_p;
use crate::error::ErrorStack;
+use crate::util;
pub struct MemBioSlice<'a>(*mut ffi::BIO, PhantomData<&'a [u8]>);
-impl<'a> Drop for MemBioSlice<'a> {
+impl Drop for MemBioSlice<'_> {
fn drop(&mut self) {
unsafe {
ffi::BIO_free_all(self.0);
@@ -63,22 +63,18 @@ impl MemBio {
unsafe {
let mut ptr = ptr::null_mut();
let len = ffi::BIO_get_mem_data(self.0, &mut ptr);
- if len == 0 {
- &[]
- } else {
- slice::from_raw_parts(ptr as *const _ as *const _, len as usize)
- }
+ util::from_raw_parts(ptr as *const _ as *const _, len as usize)
}
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub unsafe fn from_ptr(bio: *mut ffi::BIO) -> MemBio {
MemBio(bio)
}
}
cfg_if! {
- if #[cfg(any(ossl102, boringssl))] {
+ if #[cfg(any(ossl102, boringssl, awslc))] {
use ffi::BIO_new_mem_buf;
} else {
#[allow(bad_style)]
diff --git a/vendor/openssl/src/bn.rs b/vendor/openssl/src/bn.rs
index ba784aab..910dae0d 100644
--- a/vendor/openssl/src/bn.rs
+++ b/vendor/openssl/src/bn.rs
@@ -37,18 +37,15 @@ use crate::{cvt, cvt_n, cvt_p, LenType};
use openssl_macros::corresponds;
cfg_if! {
- if #[cfg(any(ossl110, libressl350))] {
+ if #[cfg(any(ossl110, libressl350, awslc))] {
use ffi::{
- BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
- BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
+ BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative,
};
} else if #[cfg(boringssl)] {
use ffi::BN_is_negative;
} else {
use ffi::{
- get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
- get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
@@ -64,6 +61,19 @@ cfg_if! {
}
}
+cfg_if! {
+ if #[cfg(any(ossl110, libressl350))] {
+ use ffi::{
+ BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768
+ };
+ } else if #[cfg(not(any(boringssl, awslc)))] {
+ use ffi::{
+ get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
+ get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
+ };
+ }
+}
+
/// Options for the most significant bits of a randomly generated `BigNum`.
pub struct MsbOption(c_int);
@@ -337,14 +347,14 @@ impl BigNumRef {
/// Returns `true` is `self` is even.
#[corresponds(BN_is_even)]
- #[cfg(any(ossl110, boringssl, libressl350))]
+ #[cfg(any(ossl110, boringssl, libressl350, awslc))]
pub fn is_even(&self) -> bool {
!self.is_odd()
}
/// Returns `true` is `self` is odd.
#[corresponds(BN_is_odd)]
- #[cfg(any(ossl110, boringssl, libressl350))]
+ #[cfg(any(ossl110, boringssl, libressl350, awslc))]
pub fn is_odd(&self) -> bool {
unsafe { ffi::BN_is_odd(self.as_ptr()) == 1 }
}
@@ -847,7 +857,7 @@ impl BigNumRef {
/// assert_eq!(&bn_vec, &[0, 0, 0x45, 0x43]);
/// ```
#[corresponds(BN_bn2binpad)]
- #[cfg(any(ossl110, libressl340, boringssl))]
+ #[cfg(any(ossl110, libressl340, boringssl, awslc))]
pub fn to_vec_padded(&self, pad_to: i32) -> Result<Vec<u8>, ErrorStack> {
let mut v = Vec::with_capacity(pad_to as usize);
unsafe {
@@ -986,7 +996,7 @@ impl BigNum {
///
/// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
#[corresponds(BN_get_rfc2409_prime_768)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn get_rfc2409_prime_768() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
@@ -1000,7 +1010,7 @@ impl BigNum {
///
/// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
#[corresponds(BN_get_rfc2409_prime_1024)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn get_rfc2409_prime_1024() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
@@ -1272,7 +1282,7 @@ macro_rules! delegate {
};
}
-impl<'a, 'b> Add<&'b BigNumRef> for &'a BigNumRef {
+impl Add<&BigNumRef> for &BigNumRef {
type Output = BigNum;
fn add(self, oth: &BigNumRef) -> BigNum {
@@ -1284,7 +1294,7 @@ impl<'a, 'b> Add<&'b BigNumRef> for &'a BigNumRef {
delegate!(Add, add);
-impl<'a, 'b> Sub<&'b BigNumRef> for &'a BigNumRef {
+impl Sub<&BigNumRef> for &BigNumRef {
type Output = BigNum;
fn sub(self, oth: &BigNumRef) -> BigNum {
@@ -1296,7 +1306,7 @@ impl<'a, 'b> Sub<&'b BigNumRef> for &'a BigNumRef {
delegate!(Sub, sub);
-impl<'a, 'b> Mul<&'b BigNumRef> for &'a BigNumRef {
+impl Mul<&BigNumRef> for &BigNumRef {
type Output = BigNum;
fn mul(self, oth: &BigNumRef) -> BigNum {
@@ -1309,7 +1319,7 @@ impl<'a, 'b> Mul<&'b BigNumRef> for &'a BigNumRef {
delegate!(Mul, mul);
-impl<'a, 'b> Div<&'b BigNumRef> for &'a BigNumRef {
+impl<'b> Div<&'b BigNumRef> for &BigNumRef {
type Output = BigNum;
fn div(self, oth: &'b BigNumRef) -> BigNum {
@@ -1322,7 +1332,7 @@ impl<'a, 'b> Div<&'b BigNumRef> for &'a BigNumRef {
delegate!(Div, div);
-impl<'a, 'b> Rem<&'b BigNumRef> for &'a BigNumRef {
+impl<'b> Rem<&'b BigNumRef> for &BigNumRef {
type Output = BigNum;
fn rem(self, oth: &'b BigNumRef) -> BigNum {
@@ -1335,7 +1345,7 @@ impl<'a, 'b> Rem<&'b BigNumRef> for &'a BigNumRef {
delegate!(Rem, rem);
-impl<'a> Shl<i32> for &'a BigNumRef {
+impl Shl<i32> for &BigNumRef {
type Output = BigNum;
fn shl(self, n: i32) -> BigNum {
@@ -1345,7 +1355,7 @@ impl<'a> Shl<i32> for &'a BigNumRef {
}
}
-impl<'a> Shl<i32> for &'a BigNum {
+impl Shl<i32> for &BigNum {
type Output = BigNum;
fn shl(self, n: i32) -> BigNum {
@@ -1353,7 +1363,7 @@ impl<'a> Shl<i32> for &'a BigNum {
}
}
-impl<'a> Shr<i32> for &'a BigNumRef {
+impl Shr<i32> for &BigNumRef {
type Output = BigNum;
fn shr(self, n: i32) -> BigNum {
@@ -1363,7 +1373,7 @@ impl<'a> Shr<i32> for &'a BigNumRef {
}
}
-impl<'a> Shr<i32> for &'a BigNum {
+impl Shr<i32> for &BigNum {
type Output = BigNum;
fn shr(self, n: i32) -> BigNum {
@@ -1371,7 +1381,7 @@ impl<'a> Shr<i32> for &'a BigNum {
}
}
-impl<'a> Neg for &'a BigNumRef {
+impl Neg for &BigNumRef {
type Output = BigNum;
fn neg(self) -> BigNum {
@@ -1379,7 +1389,7 @@ impl<'a> Neg for &'a BigNumRef {
}
}
-impl<'a> Neg for &'a BigNum {
+impl Neg for &BigNum {
type Output = BigNum;
fn neg(self) -> BigNum {
@@ -1509,7 +1519,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110, boringssl, libressl350))]
+ #[cfg(any(ossl110, boringssl, libressl350, awslc))]
fn test_odd_even() {
let a = BigNum::from_u32(17).unwrap();
let b = BigNum::from_u32(18).unwrap();
diff --git a/vendor/openssl/src/cipher.rs b/vendor/openssl/src/cipher.rs
index c4cb2604..f8ebd4d7 100644
--- a/vendor/openssl/src/cipher.rs
+++ b/vendor/openssl/src/cipher.rs
@@ -17,7 +17,7 @@ use std::ops::{Deref, DerefMut};
use std::ptr;
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl273))] {
+ if #[cfg(any(boringssl, ossl110, libressl273, awslc))] {
use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length};
} else {
use libc::c_int;
@@ -146,7 +146,7 @@ impl Cipher {
let ptr = cvt_p(ffi::EVP_CIPHER_fetch(
ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
algorithm.as_ptr(),
- properties.map_or(ptr::null_mut(), |s| s.as_ptr()),
+ properties.as_ref().map_or(ptr::null_mut(), |s| s.as_ptr()),
))?;
Ok(Cipher::from_ptr(ptr))
@@ -161,7 +161,7 @@ impl Cipher {
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cbc() as *mut _) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn aes_128_xts() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_xts() as *mut _) }
}
@@ -375,17 +375,17 @@ impl Cipher {
unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cbc() as *mut _) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_cfb8() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cfb8() as *mut _) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_cfb64() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cfb64() as *mut _) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_ofb() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_ofb() as *mut _) }
}
@@ -500,7 +500,7 @@ impl Cipher {
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20() as *mut _) }
}
- #[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))]
+ #[cfg(all(any(ossl110, libressl360, awslc), not(osslconf = "OPENSSL_NO_CHACHA")))]
pub fn chacha20_poly1305() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20_poly1305() as *mut _) }
}
@@ -595,3 +595,15 @@ impl CipherRef {
unsafe { EVP_CIPHER_block_size(self.as_ptr()) as usize }
}
}
+
+#[cfg(test)]
+mod test {
+ #[cfg(ossl300)]
+ use super::Cipher;
+
+ #[test]
+ #[cfg(ossl300)]
+ fn test_cipher_fetch_properties() {
+ assert!(Cipher::fetch(None, "AES-128-GCM", Some("provider=gibberish")).is_err());
+ }
+}
diff --git a/vendor/openssl/src/cipher_ctx.rs b/vendor/openssl/src/cipher_ctx.rs
index abb1f11e..dc888723 100644
--- a/vendor/openssl/src/cipher_ctx.rs
+++ b/vendor/openssl/src/cipher_ctx.rs
@@ -52,7 +52,7 @@
use crate::cipher::CipherRef;
use crate::error::ErrorStack;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::pkey::{HasPrivate, HasPublic, PKey, PKeyRef};
use crate::{cvt, cvt_p};
#[cfg(ossl102)]
@@ -202,7 +202,7 @@ impl CipherCtxRef {
/// Panics if `pub_keys` is not the same size as `encrypted_keys`, the IV buffer is smaller than the cipher's IV
/// size, or if an IV is provided before the cipher.
#[corresponds(EVP_SealInit)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn seal_init<T>(
&mut self,
type_: Option<&CipherRef>,
@@ -259,7 +259,7 @@ impl CipherCtxRef {
/// Panics if the IV buffer is smaller than the cipher's required IV size or if the IV is provided before the
/// cipher.
#[corresponds(EVP_OpenInit)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn open_init<T>(
&mut self,
type_: Option<&CipherRef>,
@@ -328,12 +328,8 @@ impl CipherCtxRef {
///
/// Panics if the context has not been initialized with a cipher or if the buffer is smaller than the cipher's key
/// length.
- ///
- /// This corresponds to [`EVP_CIPHER_CTX_rand_key`].
- ///
- /// [`EVP_CIPHER_CTX_rand_key`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_rand_key.html
#[corresponds(EVP_CIPHER_CTX_rand_key)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn rand_key(&self, buf: &mut [u8]) -> Result<(), ErrorStack> {
assert!(buf.len() >= self.key_length());
@@ -732,11 +728,11 @@ impl CipherCtxRef {
mod test {
use super::*;
use crate::{cipher::Cipher, rand::rand_bytes};
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
use std::slice;
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn seal_open() {
let private_pem = include_bytes!("../test/rsa.pem");
let public_pem = include_bytes!("../test/rsa.pem.pub");
@@ -813,8 +809,173 @@ mod test {
aes_128_cbc(cipher);
}
+ #[cfg(not(boringssl))]
+ #[test]
+ fn default_aes_128_ccm() {
+ // from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
+ let cipher = Cipher::aes_128_ccm();
+ aes_ccm(
+ cipher,
+ "26511fb51fcfa75cb4b44da75a6e5a0e",
+ "ea98ec44f5a86715014783172e",
+ "4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
+ "e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
+ "1bf0ba0ebb20d8edba59f29a9371750c9c714078f73c335d",
+ "2f1322ac69b848b001476323aed84c47",
+ );
+ }
+
+ #[cfg(not(boringssl))]
+ #[test]
+ fn default_aes_192_ccm() {
+ // from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
+ let cipher = Cipher::aes_192_ccm();
+ aes_ccm(
+ cipher,
+ "26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886",
+ "ea98ec44f5a86715014783172e",
+ "4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
+ "e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
+ "30c154c616946eccc2e241d336ad33720953e449a0e6b0f0",
+ "dbf8e9464909bdf337e48093c082a10b",
+ );
+ }
+
+ #[cfg(not(boringssl))]
+ #[test]
+ fn default_aes_256_ccm() {
+ // from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
+ let cipher = Cipher::aes_256_ccm();
+ aes_ccm(
+ cipher,
+ "314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e",
+ "3542fbe0f59a6d5f3abf619b7d",
+ "c5b3d71312ea14f2f8fae5bd1a453192b6604a45db75c5ed",
+ "dd4531f158a2fa3bc8a339f770595048f4a42bc1b03f2e824efc6ba4985119d8",
+ "39c2e8f6edfe663b90963b98eb79e2d4f7f28a5053ae8881",
+ "567a6b4426f1667136bed4a5e32a2bc1",
+ );
+ }
+
+ #[cfg(not(boringssl))]
+ fn aes_ccm(
+ cipher: &CipherRef,
+ key: &'static str,
+ iv: &'static str,
+ pt: &'static str,
+ aad: &'static str,
+ ct: &'static str,
+ tag: &'static str,
+ ) {
+ let key = hex::decode(key).unwrap();
+ let iv = hex::decode(iv).unwrap();
+ let pt = hex::decode(pt).unwrap();
+ let ct = hex::decode(ct).unwrap();
+ let aad = hex::decode(aad).unwrap();
+ let tag = hex::decode(tag).unwrap();
+
+ let mut ctx = CipherCtx::new().unwrap();
+
+ ctx.encrypt_init(Some(cipher), None, None).unwrap();
+ ctx.set_iv_length(iv.len()).unwrap();
+ ctx.set_tag_length(tag.len()).unwrap();
+ ctx.encrypt_init(None, Some(&key), Some(&iv)).unwrap();
+ ctx.set_data_len(pt.len()).unwrap();
+
+ let mut buf = vec![];
+ ctx.cipher_update(&aad, None).unwrap();
+ ctx.cipher_update_vec(&pt, &mut buf).unwrap();
+ ctx.cipher_final_vec(&mut buf).unwrap();
+ assert_eq!(buf, ct);
+
+ let mut out_tag = vec![0u8; tag.len()];
+ ctx.tag(&mut out_tag).unwrap();
+ assert_eq!(tag, out_tag);
+
+ ctx.decrypt_init(Some(cipher), None, None).unwrap();
+ ctx.set_iv_length(iv.len()).unwrap();
+ ctx.set_tag(&tag).unwrap();
+ ctx.decrypt_init(None, Some(&key), Some(&iv)).unwrap();
+ ctx.set_data_len(pt.len()).unwrap();
+
+ let mut buf = vec![];
+ ctx.cipher_update(&aad, None).unwrap();
+ ctx.cipher_update_vec(&ct, &mut buf).unwrap();
+ // Some older libraries don't support calling EVP_CipherFinal/EVP_DecryptFinal for CCM
+ // https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_CCM_mode
+ #[cfg(any(ossl111, awslc, boringssl))]
+ ctx.cipher_final_vec(&mut buf).unwrap();
+
+ assert_eq!(buf, pt);
+ }
+
+ #[cfg(not(any(boringssl, awslc)))]
+ #[test]
+ fn default_aes_128_xts() {
+ // https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
+ let cipher = Cipher::aes_128_xts();
+ aes_xts(
+ cipher,
+ "a1b90cba3f06ac353b2c343876081762090923026e91771815f29dab01932f2f",
+ "4faef7117cda59c66e4b92013e768ad5",
+ "ebabce95b14d3c8d6fb350390790311c",
+ "778ae8b43cb98d5a825081d5be471c63",
+ );
+ }
+
+ #[cfg(not(boringssl))]
+ #[test]
+ fn default_aes_256_xts() {
+ // https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
+ let cipher = Cipher::aes_256_xts();
+ aes_xts(cipher, "1ea661c58d943a0e4801e42f4b0947149e7f9f8e3e68d0c7505210bd311a0e7cd6e13ffdf2418d8d1911c004cda58da3d619b7e2b9141e58318eea392cf41b08", "adf8d92627464ad2f0428e84a9f87564", "2eedea52cd8215e1acc647e810bbc3642e87287f8d2e57e36c0a24fbc12a202e", "cbaad0e2f6cea3f50b37f934d46a9b130b9d54f07e34f36af793e86f73c6d7db");
+ }
+
+ #[cfg(not(boringssl))]
+ fn aes_xts(
+ cipher: &CipherRef,
+ key: &'static str,
+ i: &'static str,
+ pt: &'static str,
+ ct: &'static str,
+ ) {
+ let key = hex::decode(key).unwrap();
+ let i = hex::decode(i).unwrap();
+ let pt = hex::decode(pt).unwrap();
+ let ct = hex::decode(ct).unwrap();
+
+ let mut ctx = CipherCtx::new().unwrap();
+ ctx.encrypt_init(Some(cipher), Some(&key), Some(&i))
+ .unwrap();
+ let mut buf = vec![];
+ ctx.cipher_update_vec(&pt, &mut buf).unwrap();
+ ctx.cipher_final_vec(&mut buf).unwrap();
+
+ assert_eq!(ct, buf);
+
+ ctx.decrypt_init(Some(cipher), Some(&key), Some(&i))
+ .unwrap();
+ let mut buf = vec![];
+ ctx.cipher_update_vec(&ct, &mut buf).unwrap();
+ ctx.cipher_final_vec(&mut buf).unwrap();
+
+ assert_eq!(pt, buf);
+ }
+
#[test]
fn test_stream_ciphers() {
+ #[cfg(not(boringssl))]
+ {
+ test_stream_cipher(Cipher::aes_128_cfb1());
+ test_stream_cipher(Cipher::aes_128_cfb8());
+ test_stream_cipher(Cipher::aes_128_cfb128());
+ test_stream_cipher(Cipher::aes_192_cfb1());
+ test_stream_cipher(Cipher::aes_192_cfb8());
+ test_stream_cipher(Cipher::aes_192_cfb128());
+ test_stream_cipher(Cipher::aes_256_cfb1());
+ test_stream_cipher(Cipher::aes_256_cfb8());
+ test_stream_cipher(Cipher::aes_256_cfb128());
+ }
test_stream_cipher(Cipher::aes_192_ctr());
test_stream_cipher(Cipher::aes_256_ctr());
}
diff --git a/vendor/openssl/src/conf.rs b/vendor/openssl/src/conf.rs
index 715519c5..8fc0d054 100644
--- a/vendor/openssl/src/conf.rs
+++ b/vendor/openssl/src/conf.rs
@@ -8,7 +8,7 @@ foreign_type_and_impl_send_sync! {
pub struct ConfRef;
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, libressl400, awslc)))]
mod methods {
use super::Conf;
use crate::cvt_p;
@@ -61,5 +61,5 @@ mod methods {
}
}
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, libressl400, awslc)))]
pub use methods::*;
diff --git a/vendor/openssl/src/derive.rs b/vendor/openssl/src/derive.rs
index 424c5f92..90a5650c 100644
--- a/vendor/openssl/src/derive.rs
+++ b/vendor/openssl/src/derive.rs
@@ -61,8 +61,8 @@ use openssl_macros::corresponds;
/// A type used to derive a shared secret between two keys.
pub struct Deriver<'a>(*mut ffi::EVP_PKEY_CTX, PhantomData<&'a ()>);
-unsafe impl<'a> Sync for Deriver<'a> {}
-unsafe impl<'a> Send for Deriver<'a> {}
+unsafe impl Sync for Deriver<'_> {}
+unsafe impl Send for Deriver<'_> {}
#[allow(clippy::len_without_is_empty)]
impl<'a> Deriver<'a> {
@@ -163,7 +163,7 @@ impl<'a> Deriver<'a> {
}
}
-impl<'a> Drop for Deriver<'a> {
+impl Drop for Deriver<'_> {
fn drop(&mut self) {
unsafe {
ffi::EVP_PKEY_CTX_free(self.0);
diff --git a/vendor/openssl/src/dh.rs b/vendor/openssl/src/dh.rs
index c8d135f3..92ea0442 100644
--- a/vendor/openssl/src/dh.rs
+++ b/vendor/openssl/src/dh.rs
@@ -269,7 +269,7 @@ where
}
cfg_if! {
- if #[cfg(any(ossl110, libressl270, boringssl))] {
+ if #[cfg(any(ossl110, libressl270, boringssl, awslc))] {
use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key};
} else {
#[allow(bad_style)]
@@ -334,7 +334,7 @@ cfg_if! {
mod tests {
use crate::bn::BigNum;
use crate::dh::Dh;
- #[cfg(all(not(boringssl), ossl110))]
+ #[cfg(all(not(any(boringssl, awslc)), ossl110))]
use crate::pkey::PKey;
use crate::ssl::{SslContext, SslMethod};
@@ -385,7 +385,7 @@ mod tests {
}
#[test]
- #[cfg(all(not(boringssl), ossl110))]
+ #[cfg(all(not(any(boringssl, awslc)), ossl110))]
fn test_from_dhx_serializes_q() {
let p = BigNum::from_hex_str("00ad107e1e9123a9d0d660faa79559c51fa20d64e5683b9fd1b54b1597b61d0a75e6fa141df95a56dbaf9a3c407ba1df15eb3d688a309c180e1de6b85a1274a0a66d3f8152ad6ac2129037c9edefda4df8d91e8fef55b7394b7ad5b7d0b6c12207c9f98d11ed34dbf6c6ba0b2c8bbc27be6a00e0a0b9c49708b3bf8a317091883681286130bc8985db1602e714415d9330278273c7de31efdc7310f7121fd5a07415987d9adc0a486dcdf93acc44328387315d75e198c641a480cd86a1b9e587e8be60e69cc928b2b9c52172e413042e9b23f10b0e16e79763c9b53dcf4ba80a29e3fb73c16b8e75b97ef363e2ffa31f71cf9de5384e71b81c0ac4dffe0c10e64f").unwrap();
let g = BigNum::from_hex_str("00ac4032ef4f2d9ae39df30b5c8ffdac506cdebe7b89998caf74866a08cfe4ffe3a6824a4e10b9a6f0dd921f01a70c4afaab739d7700c29f52c57db17c620a8652be5e9001a8d66ad7c17669101999024af4d027275ac1348bb8a762d0521bc98ae247150422ea1ed409939d54da7460cdb5f6c6b250717cbef180eb34118e98d119529a45d6f834566e3025e316a330efbb77a86f0c1ab15b051ae3d428c8f8acb70a8137150b8eeb10e183edd19963ddd9e263e4770589ef6aa21e7f5f2ff381b539cce3409d13cd566afbb48d6c019181e1bcfe94b30269edfe72fe9b6aa4bd7b5a0f1c71cfff4c19c418e1f6ec017981bc087f2a7065b384b890d3191f2bfa").unwrap();
diff --git a/vendor/openssl/src/dsa.rs b/vendor/openssl/src/dsa.rs
index 1a63e8ad..cceda212 100644
--- a/vendor/openssl/src/dsa.rs
+++ b/vendor/openssl/src/dsa.rs
@@ -7,7 +7,7 @@
use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use libc::c_int;
use std::fmt;
use std::mem;
@@ -186,9 +186,9 @@ where
}
}
}
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type BitType = libc::c_uint;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type BitType = c_int;
impl Dsa<Params> {
@@ -315,7 +315,7 @@ impl<T> fmt::Debug for Dsa<T> {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273, boringssl))] {
+ if #[cfg(any(ossl110, libressl273, boringssl, awslc))] {
use ffi::{DSA_get0_key, DSA_get0_pqg, DSA_set0_key, DSA_set0_pqg};
} else {
#[allow(bad_style)]
@@ -494,7 +494,7 @@ impl DsaSigRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273, boringssl))] {
+ if #[cfg(any(ossl110, libressl273, boringssl, awslc))] {
use ffi::{DSA_SIG_set0, DSA_SIG_get0};
} else {
#[allow(bad_style)]
diff --git a/vendor/openssl/src/ec.rs b/vendor/openssl/src/ec.rs
index 0dda1dbb..a52bb670 100644
--- a/vendor/openssl/src/ec.rs
+++ b/vendor/openssl/src/ec.rs
@@ -30,7 +30,7 @@ use crate::{cvt, cvt_n, cvt_p, init};
use openssl_macros::corresponds;
cfg_if! {
- if #[cfg(not(boringssl))] {
+ if #[cfg(not(any(boringssl, awslc)))] {
use std::ffi::CString;
use crate::string::OpensslString;
}
@@ -473,7 +473,7 @@ impl EcPointRef {
/// Serializes the point to a hexadecimal string representation.
#[corresponds(EC_POINT_point2hex)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn to_hex_str(
&self,
group: &EcGroupRef,
@@ -519,7 +519,7 @@ impl EcPointRef {
/// Places affine coordinates of a curve over a prime field in the provided
/// `x` and `y` `BigNum`s.
#[corresponds(EC_POINT_get_affine_coordinates)]
- #[cfg(any(ossl111, boringssl, libressl350))]
+ #[cfg(any(ossl111, boringssl, libressl350, awslc))]
pub fn affine_coordinates(
&self,
group: &EcGroupRef,
@@ -662,7 +662,7 @@ impl EcPoint {
/// Creates point from a hexadecimal string representation
#[corresponds(EC_POINT_hex2point)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn from_hex_str(
group: &EcGroupRef,
s: &str,
@@ -1171,7 +1171,7 @@ mod test {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn point_hex_str() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let key = EcKey::generate(&group).unwrap();
@@ -1260,7 +1260,7 @@ mod test {
assert!(ec_key.check_key().is_ok());
}
- #[cfg(any(ossl111, boringssl, libressl350))]
+ #[cfg(any(ossl111, boringssl, libressl350, awslc))]
#[test]
fn get_affine_coordinates() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
@@ -1336,7 +1336,7 @@ mod test {
}
#[test]
- #[cfg(any(boringssl, ossl111, libressl350))]
+ #[cfg(any(boringssl, ossl111, libressl350, awslc))]
fn asn1_flag() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let flag = group.asn1_flag();
diff --git a/vendor/openssl/src/ecdsa.rs b/vendor/openssl/src/ecdsa.rs
index 26c6ddd5..0d962c71 100644
--- a/vendor/openssl/src/ecdsa.rs
+++ b/vendor/openssl/src/ecdsa.rs
@@ -110,7 +110,7 @@ impl EcdsaSigRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273, boringssl))] {
+ if #[cfg(any(ossl110, libressl273, boringssl, awslc))] {
use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0};
} else {
#[allow(bad_style)]
diff --git a/vendor/openssl/src/encrypt.rs b/vendor/openssl/src/encrypt.rs
index 4522146f..cd08d653 100644
--- a/vendor/openssl/src/encrypt.rs
+++ b/vendor/openssl/src/encrypt.rs
@@ -56,10 +56,10 @@ pub struct Encrypter<'a> {
_p: PhantomData<&'a ()>,
}
-unsafe impl<'a> Sync for Encrypter<'a> {}
-unsafe impl<'a> Send for Encrypter<'a> {}
+unsafe impl Sync for Encrypter<'_> {}
+unsafe impl Send for Encrypter<'_> {}
-impl<'a> Drop for Encrypter<'a> {
+impl Drop for Encrypter<'_> {
fn drop(&mut self) {
unsafe {
ffi::EVP_PKEY_CTX_free(self.pctx);
@@ -148,7 +148,7 @@ impl<'a> Encrypter<'a> {
/// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`].
///
/// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html
- #[cfg(any(ossl102, libressl310))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md(
@@ -260,10 +260,10 @@ pub struct Decrypter<'a> {
_p: PhantomData<&'a ()>,
}
-unsafe impl<'a> Sync for Decrypter<'a> {}
-unsafe impl<'a> Send for Decrypter<'a> {}
+unsafe impl Sync for Decrypter<'_> {}
+unsafe impl Send for Decrypter<'_> {}
-impl<'a> Drop for Decrypter<'a> {
+impl Drop for Decrypter<'_> {
fn drop(&mut self) {
unsafe {
ffi::EVP_PKEY_CTX_free(self.pctx);
@@ -352,7 +352,7 @@ impl<'a> Decrypter<'a> {
/// This corresponds to [`EVP_PKEY_CTX_set_rsa_oaep_md`].
///
/// [`EVP_PKEY_CTX_set_rsa_oaep_md`]: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_rsa_oaep_md.html
- #[cfg(any(ossl102, libressl310))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
pub fn set_rsa_oaep_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_oaep_md(
@@ -478,7 +478,7 @@ mod test {
use hex::FromHex;
use crate::encrypt::{Decrypter, Encrypter};
- #[cfg(any(ossl102, libressl310))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
use crate::hash::MessageDigest;
use crate::pkey::PKey;
use crate::rsa::{Padding, Rsa};
@@ -513,7 +513,7 @@ mod test {
}
#[test]
- #[cfg(any(ossl102, libressl310))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
fn rsa_encrypt_decrypt_with_sha256() {
let key = include_bytes!("../test/rsa.pem");
let private_key = Rsa::private_key_from_pem(key).unwrap();
diff --git a/vendor/openssl/src/error.rs b/vendor/openssl/src/error.rs
index e097ce68..c4553c68 100644
--- a/vendor/openssl/src/error.rs
+++ b/vendor/openssl/src/error.rs
@@ -18,7 +18,7 @@
use cfg_if::cfg_if;
use libc::{c_char, c_int};
use std::borrow::Cow;
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
use std::convert::TryInto;
use std::error;
use std::ffi::CStr;
@@ -27,9 +27,9 @@ use std::io;
use std::ptr;
use std::str;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type ErrType = libc::c_ulong;
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type ErrType = libc::c_uint;
/// Collection of [`Error`]s from OpenSSL.
@@ -127,13 +127,13 @@ impl Error {
let data = if flags & ffi::ERR_TXT_STRING != 0 {
let bytes = CStr::from_ptr(data as *const _).to_bytes();
let data = str::from_utf8(bytes).unwrap();
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let data = if flags & ffi::ERR_TXT_MALLOCED != 0 {
Cow::Owned(data.to_string())
} else {
Cow::Borrowed(data)
};
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let data = Cow::Borrowed(data);
Some(data)
} else {
@@ -204,9 +204,9 @@ impl Error {
#[cfg(not(ossl300))]
fn put_error(&self) {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let line = self.line;
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let line = self.line.try_into().unwrap();
unsafe {
ffi::ERR_put_error(
@@ -238,7 +238,7 @@ impl Error {
/// Returns the raw OpenSSL error constant for the library reporting the
/// error.
- // On BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
+ // On AWS-LC and BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
// OpenSSL/LibreSSL they're safe.
#[allow(unused_unsafe)]
pub fn library_code(&self) -> libc::c_int {
@@ -263,7 +263,7 @@ impl Error {
}
/// Returns the raw OpenSSL error constant for the reason for the error.
- // On BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
+ // On AWS-LC and BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
// OpenSSL/LibreSSL they're safe.
#[allow(unused_unsafe)]
pub fn reason_code(&self) -> libc::c_int {
@@ -310,7 +310,7 @@ impl fmt::Debug for Error {
}
impl fmt::Display for Error {
- // On BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
+ // On AWS-LC and BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
// OpenSSL/LibreSSL they're safe.
#[allow(unused_unsafe)]
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
@@ -410,9 +410,9 @@ mod tests {
fn test_error_library_code() {
let stack = Nid::create("not-an-oid", "invalid", "invalid").unwrap_err();
let errors = stack.errors();
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
assert_eq!(errors[0].library_code(), ffi::ERR_LIB_ASN1);
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
assert_eq!(errors[0].library_code(), ffi::ERR_LIB_OBJ as libc::c_int);
}
}
diff --git a/vendor/openssl/src/hash.rs b/vendor/openssl/src/hash.rs
index f2f2698f..5acaf925 100644
--- a/vendor/openssl/src/hash.rs
+++ b/vendor/openssl/src/hash.rs
@@ -41,9 +41,10 @@ use std::ptr;
use crate::error::ErrorStack;
use crate::nid::Nid;
use crate::{cvt, cvt_p};
+use openssl_macros::corresponds;
cfg_if! {
- if #[cfg(any(ossl110, boringssl, libressl382))] {
+ if #[cfg(any(ossl110, boringssl, libressl382, awslc))] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
} else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
@@ -65,10 +66,7 @@ impl MessageDigest {
}
/// Returns the `MessageDigest` corresponding to an `Nid`.
- ///
- /// This corresponds to [`EVP_get_digestbynid`].
- ///
- /// [`EVP_get_digestbynid`]: https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html
+ #[corresponds(EVP_get_digestbynid)]
pub fn from_nid(type_: Nid) -> Option<MessageDigest> {
ffi::init();
unsafe {
@@ -82,10 +80,7 @@ impl MessageDigest {
}
/// Returns the `MessageDigest` corresponding to an algorithm name.
- ///
- /// This corresponds to [`EVP_get_digestbyname`].
- ///
- /// [`EVP_get_digestbyname`]: https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html
+ #[corresponds(EVP_get_digestbyname)]
pub fn from_name(name: &str) -> Option<MessageDigest> {
ffi::init();
let name = CString::new(name).ok()?;
@@ -128,32 +123,32 @@ impl MessageDigest {
unsafe { MessageDigest(ffi::EVP_sha512()) }
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub fn sha3_224() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_sha3_224()) }
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub fn sha3_256() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_sha3_256()) }
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub fn sha3_384() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_sha3_384()) }
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub fn sha3_512() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_sha3_512()) }
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub fn shake_128() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_shake128()) }
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub fn shake_256() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_shake256()) }
}
@@ -199,6 +194,8 @@ unsafe impl Send for MessageDigest {}
enum State {
Reset,
Updated,
+ #[cfg(ossl330)]
+ Squeeze,
Finalized,
}
@@ -265,6 +262,8 @@ impl Hasher {
Updated => {
self.finish()?;
}
+ #[cfg(ossl330)]
+ Squeeze => (),
Finalized => (),
}
unsafe {
@@ -279,6 +278,19 @@ impl Hasher {
if self.state == Finalized {
self.init()?;
}
+ #[cfg(ossl330)]
+ if self.state == Squeeze {
+ // [`EVP_DigestUpdate`], depending on the implementation, may allow Updates after Squeezes.
+ // But, [FIPS 202], as shown in Figure 7, has a distinguished absorbing phase followed by a squeezing phase.
+ // Indeed, the [`sha3.c`] implmentation disallows Updates after Squeezes.
+ // For consistency, we always return an error when Update is called after Squeeze.
+ //
+ // [`EVP_DigestUpdate`]: https://github.com/openssl/openssl/blob/b3bb214720f20f3b126ae4b9c330e9a48b835415/crypto/evp/digest.c#L385-L393
+ // [FIPS 202]: https://dx.doi.org/10.6028/NIST.FIPS.202
+ // [`sha3.c`]: https://github.com/openssl/openssl/blob/b3bb214720f20f3b126ae4b9c330e9a48b835415/crypto/sha/sha3.c#L52-L63
+ let errors = ErrorStack::get();
+ return Err(errors);
+ }
unsafe {
cvt(ffi::EVP_DigestUpdate(
self.ctx,
@@ -290,15 +302,30 @@ impl Hasher {
Ok(())
}
+ /// Squeezes buf out of the hasher. Can be called multiple times, unlike `finish_xof`.
+ /// The output will be as long as the buf.
+ #[cfg(ossl330)]
+ pub fn squeeze_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> {
+ unsafe {
+ cvt(ffi::EVP_DigestSqueeze(
+ self.ctx,
+ buf.as_mut_ptr(),
+ buf.len(),
+ ))?;
+ self.state = Squeeze;
+ Ok(())
+ }
+ }
+
/// Returns the hash of the data written and resets the non-XOF hasher.
pub fn finish(&mut self) -> Result<DigestBytes, ErrorStack> {
if self.state == Finalized {
self.init()?;
}
unsafe {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let mut len = ffi::EVP_MAX_MD_SIZE;
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let mut len = ffi::EVP_MAX_MD_SIZE as u32;
let mut buf = [0; ffi::EVP_MAX_MD_SIZE as usize];
cvt(ffi::EVP_DigestFinal_ex(
@@ -316,7 +343,7 @@ impl Hasher {
/// Writes the hash of the data into the supplied buf and resets the XOF hasher.
/// The hash will be as long as the buf.
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub fn finish_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> {
if self.state == Finalized {
self.init()?;
@@ -454,7 +481,7 @@ pub fn hash(t: MessageDigest, data: &[u8]) -> Result<DigestBytes, ErrorStack> {
/// assert_eq!(buf, spec);
/// ```
///
-#[cfg(ossl111)]
+#[cfg(any(ossl111, awslc))]
pub fn hash_xof(t: MessageDigest, data: &[u8], buf: &mut [u8]) -> Result<(), ErrorStack> {
let mut h = Hasher::new(t)?;
h.update(data)?;
@@ -473,7 +500,7 @@ mod tests {
assert_eq!(hex::encode(res), hashtest.1);
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
fn hash_xof_test(hashtype: MessageDigest, hashtest: &(&str, &str)) {
let expected = Vec::from_hex(hashtest.1).unwrap();
let mut buf = vec![0; expected.len()];
@@ -486,6 +513,21 @@ mod tests {
assert_eq!(buf, expected);
}
+ /// Squeezes the expected length by doing two squeezes.
+ #[cfg(ossl330)]
+ fn hash_xof_squeeze_test(hashtype: MessageDigest, hashtest: &(&str, &str)) {
+ let data = Vec::from_hex(hashtest.0).unwrap();
+ let mut h = Hasher::new(hashtype).unwrap();
+ h.update(&data).unwrap();
+
+ let expected = Vec::from_hex(hashtest.1).unwrap();
+ let mut buf = vec![0; expected.len()];
+ assert!(expected.len() > 10);
+ h.squeeze_xof(&mut buf[..10]).unwrap();
+ h.squeeze_xof(&mut buf[10..]).unwrap();
+ assert_eq!(buf, expected);
+ }
+
fn hash_recycle_test(h: &mut Hasher, hashtest: &(&str, &str)) {
h.write_all(&Vec::from_hex(hashtest.0).unwrap()).unwrap();
let res = h.finish().unwrap();
@@ -542,6 +584,40 @@ mod tests {
assert_eq!(&*res, &*null);
}
+ #[cfg(ossl330)]
+ #[test]
+ fn test_finish_then_squeeze() {
+ let digest = MessageDigest::shake_128();
+ let mut h = Hasher::new(digest).unwrap();
+ let mut buf = vec![0; digest.size()];
+ h.finish_xof(&mut buf).unwrap();
+ h.squeeze_xof(&mut buf)
+ .expect_err("squeezing after finalize should fail");
+ }
+
+ #[cfg(ossl330)]
+ #[test]
+ fn test_squeeze_then_update() {
+ let digest = MessageDigest::shake_128();
+ let data = Vec::from_hex(MD5_TESTS[6].0).unwrap();
+ let mut h = Hasher::new(digest).unwrap();
+ let mut buf = vec![0; digest.size()];
+ h.squeeze_xof(&mut buf).unwrap();
+ h.update(&data)
+ .expect_err("updating after squeeze should fail");
+ }
+
+ #[cfg(ossl330)]
+ #[test]
+ fn test_squeeze_then_finalize() {
+ let digest = MessageDigest::shake_128();
+ let mut h = Hasher::new(digest).unwrap();
+ let mut buf = vec![0; digest.size()];
+ h.squeeze_xof(&mut buf).unwrap();
+ h.finish_xof(&mut buf)
+ .expect_err("finalize after squeeze should fail");
+ }
+
#[test]
#[allow(clippy::redundant_clone)]
fn test_clone() {
@@ -625,7 +701,7 @@ mod tests {
);
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
#[test]
fn test_sha3_224() {
let tests = [(
@@ -645,7 +721,7 @@ mod tests {
);
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
#[test]
fn test_sha3_256() {
let tests = [(
@@ -665,7 +741,7 @@ mod tests {
);
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
#[test]
fn test_sha3_384() {
let tests = [("416c6c20796f75722062617365206172652062656c6f6e6720746f207573",
@@ -685,7 +761,7 @@ mod tests {
);
}
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
#[test]
fn test_sha3_512() {
let tests = [("416c6c20796f75722062617365206172652062656c6f6e6720746f207573",
@@ -705,7 +781,7 @@ mod tests {
);
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
#[test]
fn test_shake_128() {
let tests = [(
@@ -715,17 +791,22 @@ mod tests {
for test in tests.iter() {
hash_xof_test(MessageDigest::shake_128(), test);
+ #[cfg(ossl330)]
+ hash_xof_squeeze_test(MessageDigest::shake_128(), test);
}
assert_eq!(MessageDigest::shake_128().block_size(), 168);
+ #[cfg(ossl111)]
assert_eq!(MessageDigest::shake_128().size(), 16);
+ #[cfg(awslc)]
+ assert_eq!(MessageDigest::shake_128().size(), 0);
assert_eq!(
MessageDigest::shake_128().type_().as_raw(),
Nid::SHAKE128.as_raw()
);
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
#[test]
fn test_shake_256() {
let tests = [(
@@ -735,10 +816,15 @@ mod tests {
for test in tests.iter() {
hash_xof_test(MessageDigest::shake_256(), test);
+ #[cfg(ossl330)]
+ hash_xof_squeeze_test(MessageDigest::shake_256(), test);
}
assert_eq!(MessageDigest::shake_256().block_size(), 136);
+ #[cfg(ossl111)]
assert_eq!(MessageDigest::shake_256().size(), 32);
+ #[cfg(awslc)]
+ assert_eq!(MessageDigest::shake_256().size(), 0);
assert_eq!(
MessageDigest::shake_256().type_().as_raw(),
Nid::SHAKE256.as_raw()
diff --git a/vendor/openssl/src/kdf.rs b/vendor/openssl/src/kdf.rs
new file mode 100644
index 00000000..a5da3525
--- /dev/null
+++ b/vendor/openssl/src/kdf.rs
@@ -0,0 +1,176 @@
+#[cfg(ossl320)]
+struct EvpKdf(*mut ffi::EVP_KDF);
+
+#[cfg(ossl320)]
+impl Drop for EvpKdf {
+ fn drop(&mut self) {
+ unsafe {
+ ffi::EVP_KDF_free(self.0);
+ }
+ }
+}
+
+#[cfg(ossl320)]
+struct EvpKdfCtx(*mut ffi::EVP_KDF_CTX);
+
+#[cfg(ossl320)]
+impl Drop for EvpKdfCtx {
+ fn drop(&mut self) {
+ unsafe {
+ ffi::EVP_KDF_CTX_free(self.0);
+ }
+ }
+}
+
+cfg_if::cfg_if! {
+ if #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] {
+ use std::cmp;
+ use std::ffi::c_void;
+ use std::mem::MaybeUninit;
+ use std::ptr;
+ use foreign_types::ForeignTypeRef;
+ use libc::c_char;
+ use crate::{cvt, cvt_p};
+ use crate::lib_ctx::LibCtxRef;
+ use crate::error::ErrorStack;
+
+ /// Derives a key using the argon2id algorithm.
+ ///
+ /// To use multiple cores to process the lanes in parallel you must
+ /// set a global max thread count using `OSSL_set_max_threads`. On
+ /// builds with no threads all lanes will be processed sequentially.
+ ///
+ /// Requires OpenSSL 3.2.0 or newer.
+ #[allow(clippy::too_many_arguments)]
+ pub fn argon2id(
+ ctx: Option<&LibCtxRef>,
+ pass: &[u8],
+ salt: &[u8],
+ ad: Option<&[u8]>,
+ secret: Option<&[u8]>,
+ mut iter: u32,
+ mut lanes: u32,
+ mut memcost: u32,
+ out: &mut [u8],
+ ) -> Result<(), ErrorStack> {
+ unsafe {
+ ffi::init();
+ let libctx = ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr);
+
+ let max_threads = ffi::OSSL_get_max_threads(libctx);
+ let mut threads = 1;
+ // If max_threads is 0, then this isn't a threaded build.
+ // If max_threads is > u32::MAX we need to clamp since
+ // argon2id's threads parameter is a u32.
+ if max_threads > 0 {
+ threads = cmp::min(lanes, cmp::min(max_threads, u32::MAX as u64) as u32);
+ }
+ let mut params: [ffi::OSSL_PARAM; 10] =
+ core::array::from_fn(|_| MaybeUninit::<ffi::OSSL_PARAM>::zeroed().assume_init());
+ let mut idx = 0;
+ params[idx] = ffi::OSSL_PARAM_construct_octet_string(
+ b"pass\0".as_ptr() as *const c_char,
+ pass.as_ptr() as *mut c_void,
+ pass.len(),
+ );
+ idx += 1;
+ params[idx] = ffi::OSSL_PARAM_construct_octet_string(
+ b"salt\0".as_ptr() as *const c_char,
+ salt.as_ptr() as *mut c_void,
+ salt.len(),
+ );
+ idx += 1;
+ params[idx] =
+ ffi::OSSL_PARAM_construct_uint(b"threads\0".as_ptr() as *const c_char, &mut threads);
+ idx += 1;
+ params[idx] =
+ ffi::OSSL_PARAM_construct_uint(b"lanes\0".as_ptr() as *const c_char, &mut lanes);
+ idx += 1;
+ params[idx] =
+ ffi::OSSL_PARAM_construct_uint(b"memcost\0".as_ptr() as *const c_char, &mut memcost);
+ idx += 1;
+ params[idx] =
+ ffi::OSSL_PARAM_construct_uint(b"iter\0".as_ptr() as *const c_char, &mut iter);
+ idx += 1;
+ let mut size = out.len() as u32;
+ params[idx] =
+ ffi::OSSL_PARAM_construct_uint(b"size\0".as_ptr() as *const c_char, &mut size);
+ idx += 1;
+ if let Some(ad) = ad {
+ params[idx] = ffi::OSSL_PARAM_construct_octet_string(
+ b"ad\0".as_ptr() as *const c_char,
+ ad.as_ptr() as *mut c_void,
+ ad.len(),
+ );
+ idx += 1;
+ }
+ if let Some(secret) = secret {
+ params[idx] = ffi::OSSL_PARAM_construct_octet_string(
+ b"secret\0".as_ptr() as *const c_char,
+ secret.as_ptr() as *mut c_void,
+ secret.len(),
+ );
+ idx += 1;
+ }
+ params[idx] = ffi::OSSL_PARAM_construct_end();
+
+ let argon2 = EvpKdf(cvt_p(ffi::EVP_KDF_fetch(
+ libctx,
+ b"ARGON2ID\0".as_ptr() as *const c_char,
+ ptr::null(),
+ ))?);
+ let ctx = EvpKdfCtx(cvt_p(ffi::EVP_KDF_CTX_new(argon2.0))?);
+ cvt(ffi::EVP_KDF_derive(
+ ctx.0,
+ out.as_mut_ptr(),
+ out.len(),
+ params.as_ptr(),
+ ))
+ .map(|_| ())
+ }
+ }
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ #[test]
+ #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))]
+ fn argon2id() {
+ // RFC 9106 test vector for argon2id
+ let pass = hex::decode("0101010101010101010101010101010101010101010101010101010101010101")
+ .unwrap();
+ let salt = hex::decode("02020202020202020202020202020202").unwrap();
+ let secret = hex::decode("0303030303030303").unwrap();
+ let ad = hex::decode("040404040404040404040404").unwrap();
+ let expected = "0d640df58d78766c08c037a34a8b53c9d01ef0452d75b65eb52520e96b01e659";
+
+ let mut actual = [0u8; 32];
+ super::argon2id(
+ None,
+ &pass,
+ &salt,
+ Some(&ad),
+ Some(&secret),
+ 3,
+ 4,
+ 32,
+ &mut actual,
+ )
+ .unwrap();
+ assert_eq!(hex::encode(&actual[..]), expected);
+ }
+
+ #[test]
+ #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))]
+ fn argon2id_no_ad_secret() {
+ // Test vector from OpenSSL
+ let pass = b"";
+ let salt = hex::decode("02020202020202020202020202020202").unwrap();
+ let expected = "0a34f1abde67086c82e785eaf17c68382259a264f4e61b91cd2763cb75ac189a";
+
+ let mut actual = [0u8; 32];
+ super::argon2id(None, pass, &salt, None, None, 3, 4, 32, &mut actual).unwrap();
+ assert_eq!(hex::encode(&actual[..]), expected);
+ }
+}
diff --git a/vendor/openssl/src/lib.rs b/vendor/openssl/src/lib.rs
index 555eda97..1afe5de3 100644
--- a/vendor/openssl/src/lib.rs
+++ b/vendor/openssl/src/lib.rs
@@ -60,19 +60,19 @@
//! override the automatic detection logic.
//!
//! * `OPENSSL_DIR` - If specified, the directory of an OpenSSL installation. The directory should contain `lib` and
-//! `include` subdirectories containing the libraries and headers respectively.
+//! `include` subdirectories containing the libraries and headers respectively.
//! * `OPENSSL_LIB_DIR` and `OPENSSL_INCLUDE_DIR` - If specified, the directories containing the OpenSSL libraries and
-//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
+//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
//! * `OPENSSL_STATIC` - If set, the crate will statically link to OpenSSL rather than dynamically link.
//! * `OPENSSL_LIBS` - If set, a `:`-separated list of library names to link to (e.g. `ssl:crypto`). This can be used
-//! if nonstandard library names were used for whatever reason.
+//! if nonstandard library names were used for whatever reason.
//! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled.
//!
//! If the `vendored` Cargo feature is enabled, the following environment variable can also be used to further configure
//! the OpenSSL build.
//!
//! * `OPENSSL_CONFIG_DIR` - If set, the copy of OpenSSL built by the `openssl-src` crate will be configured to look for
-//! configuration files and root certificates in this directory.
+//! configuration files and root certificates in this directory.
//!
//! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g.
//! `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling.
@@ -161,13 +161,14 @@ pub mod dsa;
pub mod ec;
pub mod ecdsa;
pub mod encrypt;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
pub mod envelope;
pub mod error;
pub mod ex_data;
#[cfg(not(any(libressl, ossl300)))]
pub mod fips;
pub mod hash;
+pub mod kdf;
#[cfg(ossl300)]
pub mod lib_ctx;
pub mod md;
@@ -178,7 +179,7 @@ pub mod nid;
pub mod ocsp;
pub mod pkcs12;
pub mod pkcs5;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
pub mod pkcs7;
pub mod pkey;
pub mod pkey_ctx;
@@ -196,14 +197,14 @@ pub mod symm;
pub mod version;
pub mod x509;
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type LenType = libc::size_t;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type LenType = libc::c_int;
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type SLenType = libc::ssize_t;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type SLenType = libc::c_int;
#[inline]
diff --git a/vendor/openssl/src/md.rs b/vendor/openssl/src/md.rs
index a9df3114..b02ddfdd 100644
--- a/vendor/openssl/src/md.rs
+++ b/vendor/openssl/src/md.rs
@@ -109,7 +109,7 @@ impl Md {
let ptr = cvt_p(ffi::EVP_MD_fetch(
ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
algorithm.as_ptr(),
- properties.map_or(ptr::null_mut(), |s| s.as_ptr()),
+ properties.as_ref().map_or(ptr::null_mut(), |s| s.as_ptr()),
))?;
Ok(Md::from_ptr(ptr))
@@ -233,3 +233,15 @@ impl MdRef {
unsafe { Nid::from_raw(ffi::EVP_MD_type(self.as_ptr())) }
}
}
+
+#[cfg(test)]
+mod test {
+ #[cfg(ossl300)]
+ use super::Md;
+
+ #[test]
+ #[cfg(ossl300)]
+ fn test_md_fetch_properties() {
+ assert!(Md::fetch(None, "SHA-256", Some("provider=gibberish")).is_err());
+ }
+}
diff --git a/vendor/openssl/src/md_ctx.rs b/vendor/openssl/src/md_ctx.rs
index 30e0337b..0182907a 100644
--- a/vendor/openssl/src/md_ctx.rs
+++ b/vendor/openssl/src/md_ctx.rs
@@ -52,7 +52,7 @@
//!
#![cfg_attr(
- not(boringssl),
+ not(any(boringssl, awslc)),
doc = r#"\
Compute and verify an HMAC-SHA256
@@ -85,7 +85,7 @@ use crate::error::ErrorStack;
use crate::md::MdRef;
use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
use crate::pkey_ctx::PkeyCtxRef;
-use crate::{cvt, cvt_n, cvt_p};
+use crate::{cvt, cvt_p};
use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
use openssl_macros::corresponds;
@@ -93,7 +93,7 @@ use std::convert::TryFrom;
use std::ptr;
cfg_if! {
- if #[cfg(any(ossl110, boringssl, libressl382))] {
+ if #[cfg(any(ossl110, boringssl, libressl382, awslc))] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
} else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
@@ -258,7 +258,7 @@ impl MdCtxRef {
/// Requires OpenSSL 1.1.1 or newer.
#[corresponds(EVP_DigestFinalXOF)]
#[inline]
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub fn digest_final_xof(&mut self, out: &mut [u8]) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_DigestFinalXOF(
@@ -309,12 +309,21 @@ impl MdCtxRef {
#[inline]
pub fn digest_verify_final(&mut self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
- let r = cvt_n(ffi::EVP_DigestVerifyFinal(
+ let r = ffi::EVP_DigestVerifyFinal(
self.as_ptr(),
signature.as_ptr() as *mut _,
signature.len(),
- ))?;
- Ok(r == 1)
+ );
+ if r == 1 {
+ Ok(true)
+ } else {
+ let errors = ErrorStack::get();
+ if errors.errors().is_empty() {
+ Ok(false)
+ } else {
+ Err(errors)
+ }
+ }
}
}
@@ -424,8 +433,11 @@ mod test {
ctx.digest_verify_init(Some(md), &key1).unwrap();
ctx.digest_verify_update(bad_data).unwrap();
- let valid = ctx.digest_verify_final(&signature).unwrap();
- assert!(!valid);
+ assert!(matches!(
+ ctx.digest_verify_final(&signature),
+ Ok(false) | Err(_)
+ ));
+ assert!(ErrorStack::get().errors().is_empty());
}
#[test]
diff --git a/vendor/openssl/src/nid.rs b/vendor/openssl/src/nid.rs
index e50feb06..453a87c9 100644
--- a/vendor/openssl/src/nid.rs
+++ b/vendor/openssl/src/nid.rs
@@ -79,8 +79,6 @@ impl Nid {
}
/// Returns the `Nid`s of the digest and public key algorithms associated with a signature ID.
- ///
- /// This corresponds to `OBJ_find_sigid_algs`.
#[corresponds(OBJ_find_sigid_algs)]
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn signature_algorithms(&self) -> Option<SignatureAlgorithms> {
@@ -120,11 +118,11 @@ impl Nid {
pub const UNDEF: Nid = Nid(ffi::NID_undef);
pub const ITU_T: Nid = Nid(ffi::NID_itu_t);
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub const CCITT: Nid = Nid(ffi::NID_ccitt);
pub const ISO: Nid = Nid(ffi::NID_iso);
pub const JOINT_ISO_ITU_T: Nid = Nid(ffi::NID_joint_iso_itu_t);
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub const JOINT_ISO_CCITT: Nid = Nid(ffi::NID_joint_iso_ccitt);
pub const MEMBER_BODY: Nid = Nid(ffi::NID_member_body);
pub const IDENTIFIED_ORGANIZATION: Nid = Nid(ffi::NID_identified_organization);
@@ -1080,19 +1078,19 @@ impl Nid {
pub const SM2: Nid = Nid(ffi::NID_sm2);
#[cfg(any(ossl111, libressl291))]
pub const SM3: Nid = Nid(ffi::NID_sm3);
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub const SHA3_224: Nid = Nid(ffi::NID_sha3_224);
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub const SHA3_256: Nid = Nid(ffi::NID_sha3_256);
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub const SHA3_384: Nid = Nid(ffi::NID_sha3_384);
- #[cfg(any(ossl111, libressl380))]
+ #[cfg(any(ossl111, libressl380, awslc))]
pub const SHA3_512: Nid = Nid(ffi::NID_sha3_512);
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub const SHAKE128: Nid = Nid(ffi::NID_shake128);
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
pub const SHAKE256: Nid = Nid(ffi::NID_shake256);
- #[cfg(any(ossl110, libressl271))]
+ #[cfg(any(ossl110, libressl271, awslc))]
pub const CHACHA20_POLY1305: Nid = Nid(ffi::NID_chacha20_poly1305);
}
diff --git a/vendor/openssl/src/ocsp.rs b/vendor/openssl/src/ocsp.rs
index 93a5d36b..556499c9 100644
--- a/vendor/openssl/src/ocsp.rs
+++ b/vendor/openssl/src/ocsp.rs
@@ -18,17 +18,17 @@ bitflags! {
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct OcspFlag: c_ulong {
- const NO_CERTS = ffi::OCSP_NOCERTS;
- const NO_INTERN = ffi::OCSP_NOINTERN;
- const NO_CHAIN = ffi::OCSP_NOCHAIN;
- const NO_VERIFY = ffi::OCSP_NOVERIFY;
- const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT;
- const NO_CA_SIGN = ffi::OCSP_NOCASIGN;
- const NO_DELEGATED = ffi::OCSP_NODELEGATED;
- const NO_CHECKS = ffi::OCSP_NOCHECKS;
- const TRUST_OTHER = ffi::OCSP_TRUSTOTHER;
- const RESPID_KEY = ffi::OCSP_RESPID_KEY;
- const NO_TIME = ffi::OCSP_NOTIME;
+ const NO_CERTS = ffi::OCSP_NOCERTS as c_ulong;
+ const NO_INTERN = ffi::OCSP_NOINTERN as c_ulong;
+ const NO_CHAIN = ffi::OCSP_NOCHAIN as c_ulong;
+ const NO_VERIFY = ffi::OCSP_NOVERIFY as c_ulong;
+ const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT as c_ulong;
+ const NO_CA_SIGN = ffi::OCSP_NOCASIGN as c_ulong;
+ const NO_DELEGATED = ffi::OCSP_NODELEGATED as c_ulong;
+ const NO_CHECKS = ffi::OCSP_NOCHECKS as c_ulong;
+ const TRUST_OTHER = ffi::OCSP_TRUSTOTHER as c_ulong;
+ const RESPID_KEY = ffi::OCSP_RESPID_KEY as c_ulong;
+ const NO_TIME = ffi::OCSP_NOTIME as c_ulong;
}
}
@@ -122,7 +122,7 @@ pub struct OcspStatus<'a> {
pub next_update: &'a Asn1GeneralizedTimeRef,
}
-impl<'a> OcspStatus<'a> {
+impl OcspStatus<'_> {
/// Checks validity of the `this_update` and `next_update` fields.
///
/// The `nsec` parameter specifies an amount of slack time that will be used when comparing
diff --git a/vendor/openssl/src/pkcs12.rs b/vendor/openssl/src/pkcs12.rs
index 5f171da9..14d760af 100644
--- a/vendor/openssl/src/pkcs12.rs
+++ b/vendor/openssl/src/pkcs12.rs
@@ -226,6 +226,8 @@ impl Pkcs12Builder {
pub fn build2(&self, password: &str) -> Result<Pkcs12, ErrorStack> {
unsafe {
let pass = CString::new(password).unwrap();
+ #[cfg(not(boringssl))]
+ let pass_len = pass.as_bytes().len();
let pass = pass.as_ptr();
let friendly_name = self.name.as_ref().map_or(ptr::null(), |p| p.as_ptr());
let pkey = self.pkey.as_ref().map_or(ptr::null(), |p| p.as_ptr());
@@ -259,7 +261,7 @@ impl Pkcs12Builder {
#[cfg(not(boringssl))]
// BoringSSL does not support overriding the MAC and will always
- // use SHA-1
+ // use SHA-1.
{
let md_type = self
.mac_md
@@ -269,7 +271,7 @@ impl Pkcs12Builder {
cvt(ffi::PKCS12_set_mac(
pkcs12.as_ptr(),
pass,
- -1,
+ pass_len.try_into().unwrap(),
ptr::null_mut(),
0,
self.mac_iter,
diff --git a/vendor/openssl/src/pkcs5.rs b/vendor/openssl/src/pkcs5.rs
index 594b5fc4..a72e0b1a 100644
--- a/vendor/openssl/src/pkcs5.rs
+++ b/vendor/openssl/src/pkcs5.rs
@@ -1,13 +1,13 @@
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use libc::c_int;
use std::convert::TryInto;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use std::ptr;
use crate::cvt;
use crate::error::ErrorStack;
use crate::hash::MessageDigest;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::symm::Cipher;
use openssl_macros::corresponds;
@@ -29,7 +29,7 @@ pub struct KeyIvPair {
/// `pbkdf2_hmac` or another more modern key derivation algorithm.
#[corresponds(EVP_BytesToKey)]
#[allow(clippy::useless_conversion)]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
pub fn bytes_to_key(
cipher: Cipher,
digest: MessageDigest,
@@ -115,7 +115,7 @@ pub fn pbkdf2_hmac(
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PBE_scrypt)]
-#[cfg(all(any(ossl110, boringssl), not(osslconf = "OPENSSL_NO_SCRYPT")))]
+#[cfg(all(any(ossl110, boringssl, awslc), not(osslconf = "OPENSSL_NO_SCRYPT")))]
#[allow(clippy::useless_conversion)]
pub fn scrypt(
pass: &[u8],
@@ -147,7 +147,7 @@ pub fn scrypt(
#[cfg(test)]
mod tests {
use crate::hash::MessageDigest;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
use crate::symm::Cipher;
// Test vectors from
@@ -249,7 +249,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn bytes_to_key() {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
@@ -286,7 +286,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
fn scrypt() {
let pass = "pleaseletmein";
let salt = "SodiumChloride";
diff --git a/vendor/openssl/src/pkey.rs b/vendor/openssl/src/pkey.rs
index f2cedd27..8d69e1cd 100644
--- a/vendor/openssl/src/pkey.rs
+++ b/vendor/openssl/src/pkey.rs
@@ -47,7 +47,7 @@ use crate::dh::Dh;
use crate::dsa::Dsa;
use crate::ec::EcKey;
use crate::error::ErrorStack;
-#[cfg(any(ossl110, boringssl, libressl370))]
+#[cfg(any(ossl110, boringssl, libressl370, awslc))]
use crate::pkey_ctx::PkeyCtx;
use crate::rsa::Rsa;
use crate::symm::Cipher;
@@ -60,7 +60,7 @@ use openssl_macros::corresponds;
use std::convert::{TryFrom, TryInto};
use std::ffi::CString;
use std::fmt;
-#[cfg(all(not(boringssl), ossl110))]
+#[cfg(all(not(any(boringssl, awslc)), ossl110))]
use std::mem;
use std::ptr;
@@ -79,11 +79,11 @@ pub struct Id(c_int);
impl Id {
pub const RSA: Id = Id(ffi::EVP_PKEY_RSA);
- #[cfg(any(ossl111, libressl310, boringssl))]
+ #[cfg(any(ossl111, libressl310, boringssl, awslc))]
pub const RSA_PSS: Id = Id(ffi::EVP_PKEY_RSA_PSS);
#[cfg(not(boringssl))]
pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC);
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub const CMAC: Id = Id(ffi::EVP_PKEY_CMAC);
pub const DSA: Id = Id(ffi::EVP_PKEY_DSA);
pub const DH: Id = Id(ffi::EVP_PKEY_DH);
@@ -93,14 +93,14 @@ impl Id {
#[cfg(ossl111)]
pub const SM2: Id = Id(ffi::EVP_PKEY_SM2);
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519);
#[cfg(ossl111)]
pub const ED448: Id = Id(ffi::EVP_PKEY_ED448);
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub const X25519: Id = Id(ffi::EVP_PKEY_X25519);
#[cfg(ossl111)]
pub const X448: Id = Id(ffi::EVP_PKEY_X448);
@@ -265,7 +265,7 @@ where
/// This function only works for algorithms that support raw public keys.
/// Currently this is: [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
#[corresponds(EVP_PKEY_get_raw_public_key)]
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn raw_public_key(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
@@ -316,7 +316,7 @@ where
/// This function only works for algorithms that support raw private keys.
/// Currently this is: [`Id::HMAC`], [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
#[corresponds(EVP_PKEY_get_raw_private_key)]
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn raw_private_key(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
@@ -384,15 +384,31 @@ impl<T> fmt::Debug for PKey<T> {
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
let alg = match self.id() {
Id::RSA => "RSA",
+ #[cfg(any(ossl111, libressl310, boringssl, awslc))]
+ Id::RSA_PSS => "RSA-PSS",
#[cfg(not(boringssl))]
Id::HMAC => "HMAC",
+ #[cfg(not(any(boringssl, awslc)))]
+ Id::CMAC => "CMAC",
Id::DSA => "DSA",
Id::DH => "DH",
+ #[cfg(ossl110)]
+ Id::DHX => "DHX",
Id::EC => "EC",
#[cfg(ossl111)]
+ Id::SM2 => "SM2",
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
+ Id::HKDF => "HKDF",
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
Id::ED25519 => "Ed25519",
#[cfg(ossl111)]
Id::ED448 => "Ed448",
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
+ Id::X25519 => "X25519",
+ #[cfg(ossl111)]
+ Id::X448 => "X448",
+ #[cfg(ossl111)]
+ Id::POLY1305 => "POLY1305",
_ => "unknown",
};
fmt.debug_struct("PKey").field("algorithm", &alg).finish()
@@ -444,7 +460,7 @@ impl<T> PKey<T> {
}
/// Creates a new `PKey` containing a Diffie-Hellman key with type DHX.
- #[cfg(all(not(boringssl), ossl110))]
+ #[cfg(all(not(any(boringssl, awslc)), ossl110))]
pub fn from_dhx(dh: Dh<T>) -> Result<PKey<T>, ErrorStack> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
@@ -480,13 +496,17 @@ impl PKey<Private> {
#[corresponds(EVP_PKEY_new_mac_key)]
#[cfg(not(boringssl))]
pub fn hmac(key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
+ #[cfg(awslc)]
+ let key_len = key.len();
+ #[cfg(not(awslc))]
+ let key_len = key.len() as c_int;
unsafe {
assert!(key.len() <= c_int::MAX as usize);
let key = cvt_p(ffi::EVP_PKEY_new_mac_key(
ffi::EVP_PKEY_HMAC,
ptr::null_mut(),
key.as_ptr() as *const _,
- key.len() as c_int,
+ key_len,
))?;
Ok(PKey::from_ptr(key))
}
@@ -499,7 +519,7 @@ impl PKey<Private> {
/// # Note
///
/// To compute CMAC values, use the `sign` module.
- #[cfg(all(not(boringssl), ossl110))]
+ #[cfg(all(not(any(boringssl, awslc)), ossl110))]
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn cmac(cipher: &Cipher, key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
let mut ctx = PkeyCtx::new_id(Id::CMAC)?;
@@ -509,7 +529,7 @@ impl PKey<Private> {
ctx.keygen()
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
fn generate_eddsa(id: Id) -> Result<PKey<Private>, ErrorStack> {
let mut ctx = PkeyCtx::new_id(id)?;
ctx.keygen_init()?;
@@ -539,7 +559,7 @@ impl PKey<Private> {
/// assert_eq!(secret.len(), 32);
/// # Ok(()) }
/// ```
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn generate_x25519() -> Result<PKey<Private>, ErrorStack> {
PKey::generate_eddsa(Id::X25519)
}
@@ -593,7 +613,7 @@ impl PKey<Private> {
/// assert_eq!(signature.len(), 64);
/// # Ok(()) }
/// ```
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn generate_ed25519() -> Result<PKey<Private>, ErrorStack> {
PKey::generate_eddsa(Id::ED25519)
}
@@ -743,7 +763,7 @@ impl PKey<Private> {
///
/// Algorithm types that support raw private keys are HMAC, X25519, ED25519, X448 or ED448
#[corresponds(EVP_PKEY_new_raw_private_key)]
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn private_key_from_raw_bytes(
bytes: &[u8],
key_type: Id,
@@ -794,7 +814,7 @@ impl PKey<Public> {
///
/// Algorithm types that support raw public keys are X25519, ED25519, X448 or ED448
#[corresponds(EVP_PKEY_new_raw_public_key)]
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn public_key_from_raw_bytes(
bytes: &[u8],
key_type: Id,
@@ -813,7 +833,7 @@ impl PKey<Public> {
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl270))] {
+ if #[cfg(any(boringssl, ossl110, libressl270, awslc))] {
use ffi::EVP_PKEY_up_ref;
} else {
#[allow(bad_style)]
@@ -909,7 +929,7 @@ mod tests {
use super::*;
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
use crate::rand::rand_bytes;
#[test]
@@ -1102,7 +1122,7 @@ mod tests {
assert_eq!(&g, dh_.generator());
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
fn test_raw_public_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
// Generate a new key
let key = gen().unwrap();
@@ -1118,7 +1138,7 @@ mod tests {
);
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
fn test_raw_private_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
// Generate a new key
let key = gen().unwrap();
@@ -1134,29 +1154,29 @@ mod tests {
);
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
#[test]
fn test_raw_public_key_bytes() {
test_raw_public_key(PKey::generate_x25519, Id::X25519);
test_raw_public_key(PKey::generate_ed25519, Id::ED25519);
- #[cfg(all(not(boringssl), not(libressl370)))]
+ #[cfg(not(any(boringssl, libressl370, awslc)))]
test_raw_public_key(PKey::generate_x448, Id::X448);
- #[cfg(all(not(boringssl), not(libressl370)))]
+ #[cfg(not(any(boringssl, libressl370, awslc)))]
test_raw_public_key(PKey::generate_ed448, Id::ED448);
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
#[test]
fn test_raw_private_key_bytes() {
test_raw_private_key(PKey::generate_x25519, Id::X25519);
test_raw_private_key(PKey::generate_ed25519, Id::ED25519);
- #[cfg(all(not(boringssl), not(libressl370)))]
+ #[cfg(not(any(boringssl, libressl370, awslc)))]
test_raw_private_key(PKey::generate_x448, Id::X448);
- #[cfg(all(not(boringssl), not(libressl370)))]
+ #[cfg(not(any(boringssl, libressl370, awslc)))]
test_raw_private_key(PKey::generate_ed448, Id::ED448);
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
#[test]
fn test_raw_hmac() {
let mut test_bytes = vec![0u8; 32];
@@ -1169,7 +1189,7 @@ mod tests {
assert_eq!(key_bytes, test_bytes);
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
#[test]
fn test_raw_key_fail() {
// Getting a raw byte representation will not work with Nist curves
diff --git a/vendor/openssl/src/pkey_ctx.rs b/vendor/openssl/src/pkey_ctx.rs
index add78304..aa39a0f9 100644
--- a/vendor/openssl/src/pkey_ctx.rs
+++ b/vendor/openssl/src/pkey_ctx.rs
@@ -21,7 +21,7 @@
//! ```
#![cfg_attr(
- not(boringssl),
+ not(any(boringssl, awslc)),
doc = r#"\
Generate a CMAC key
@@ -64,7 +64,7 @@ let cmac_key = ctx.keygen().unwrap();
//! let valid = ctx.verify(text, &signature).unwrap();
//! assert!(valid);
//! ```
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::cipher::CipherRef;
use crate::error::ErrorStack;
use crate::md::MdRef;
@@ -73,7 +73,7 @@ use crate::rsa::Padding;
use crate::sign::RsaPssSaltlen;
use crate::{cvt, cvt_p};
use foreign_types::{ForeignType, ForeignTypeRef};
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use libc::c_int;
#[cfg(ossl320)]
use libc::c_uint;
@@ -148,7 +148,7 @@ impl<T> PkeyCtx<T> {
impl PkeyCtx<()> {
/// Creates a new pkey context for the specified algorithm ID.
- #[corresponds(EVP_PKEY_new_id)]
+ #[corresponds(EVP_PKEY_CTX_new_id)]
#[inline]
pub fn new_id(id: Id) -> Result<Self, ErrorStack> {
unsafe {
@@ -501,7 +501,7 @@ impl<T> PkeyCtxRef<T> {
///
/// This is only useful for RSA keys.
#[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)]
- #[cfg(any(ossl102, libressl310, boringssl))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
#[inline]
pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack> {
unsafe {
@@ -518,7 +518,7 @@ impl<T> PkeyCtxRef<T> {
///
/// This is only useful for RSA keys.
#[corresponds(EVP_PKEY_CTX_set0_rsa_oaep_label)]
- #[cfg(any(ossl102, libressl310, boringssl))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack> {
use crate::LenType;
let len = LenType::try_from(label.len()).unwrap();
@@ -542,7 +542,7 @@ impl<T> PkeyCtxRef<T> {
}
/// Sets the cipher used during key generation.
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
#[corresponds(EVP_PKEY_CTX_ctrl)]
#[inline]
pub fn set_keygen_cipher(&mut self, cipher: &CipherRef) -> Result<(), ErrorStack> {
@@ -561,7 +561,7 @@ impl<T> PkeyCtxRef<T> {
}
/// Sets the key MAC key used during key generation.
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
#[corresponds(EVP_PKEY_CTX_ctrl)]
#[inline]
pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> {
@@ -585,7 +585,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set_hkdf_md)]
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
#[inline]
pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack> {
unsafe {
@@ -627,12 +627,12 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_key)]
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
#[inline]
pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let len = c_int::try_from(key.len()).unwrap();
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let len = key.len();
unsafe {
@@ -652,12 +652,12 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_salt)]
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
#[inline]
pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack> {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let len = c_int::try_from(salt.len()).unwrap();
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let len = salt.len();
unsafe {
@@ -677,12 +677,12 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_add1_hkdf_info)]
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
#[inline]
pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack> {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let len = c_int::try_from(info.len()).unwrap();
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let len = info.len();
unsafe {
@@ -785,7 +785,7 @@ impl<T> PkeyCtxRef<T> {
#[cfg(test)]
mod test {
use super::*;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
use crate::cipher::Cipher;
use crate::ec::{EcGroup, EcKey};
use crate::hash::{hash, MessageDigest};
@@ -819,7 +819,7 @@ mod test {
}
#[test]
- #[cfg(any(ossl102, libressl310, boringssl))]
+ #[cfg(any(ossl102, libressl310, boringssl, awslc))]
fn rsa_oaep() {
let key = include_bytes!("../test/rsa.pem");
let rsa = Rsa::private_key_from_pem(key).unwrap();
@@ -910,7 +910,7 @@ mod test {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn cmac_keygen() {
let mut ctx = PkeyCtx::new_id(Id::CMAC).unwrap();
ctx.keygen_init().unwrap();
@@ -921,7 +921,7 @@ mod test {
}
#[test]
- #[cfg(any(ossl110, boringssl, libressl360))]
+ #[cfg(any(ossl110, boringssl, libressl360, awslc))]
fn hkdf() {
let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
ctx.derive_init().unwrap();
@@ -1087,14 +1087,14 @@ mod test {
#[cfg(ossl320)]
fn ecdsa_deterministic_signature() {
let private_key_pem = "-----BEGIN PRIVATE KEY-----
-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhvqwNJNOTA/Jrmf1tWWanX0f79GH7g
-n9Q=
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDJr6nYRbp1FmtcIVdnsdaTTlDD2zbo
+mxJ7imIrEg9nIQ==
-----END PRIVATE KEY-----";
let key1 = EcKey::private_key_from_pem(private_key_pem.as_bytes()).unwrap();
let key1 = PKey::from_ec_key(key1).unwrap();
let input = "sample";
- let expected_output = hex::decode("303502190098C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF021857A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64").unwrap();
+ let expected_output = hex::decode("3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB").unwrap();
let hashed_input = hash(MessageDigest::sha1(), input.as_bytes()).unwrap();
let mut ctx = PkeyCtx::new(&key1).unwrap();
diff --git a/vendor/openssl/src/rsa.rs b/vendor/openssl/src/rsa.rs
index 9ef56942..ea1548c7 100644
--- a/vendor/openssl/src/rsa.rs
+++ b/vendor/openssl/src/rsa.rs
@@ -234,14 +234,18 @@ where
/// Validates RSA parameters for correctness
#[corresponds(RSA_check_key)]
- #[allow(clippy::unnecessary_cast)]
pub fn check_key(&self) -> Result<bool, ErrorStack> {
unsafe {
- let result = ffi::RSA_check_key(self.as_ptr()) as i32;
- if result == -1 {
- Err(ErrorStack::get())
+ let result = ffi::RSA_check_key(self.as_ptr());
+ if result != 1 {
+ let errors = ErrorStack::get();
+ if errors.errors().is_empty() {
+ Ok(false)
+ } else {
+ Err(errors)
+ }
} else {
- Ok(result == 1)
+ Ok(true)
}
}
}
@@ -581,7 +585,7 @@ impl<T> fmt::Debug for Rsa<T> {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273, boringssl))] {
+ if #[cfg(any(ossl110, libressl273, boringssl, awslc))] {
use ffi::{
RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors,
RSA_set0_crt_params,
@@ -849,4 +853,21 @@ mod test {
let e = BigNum::from_u32(0x10001).unwrap();
Rsa::generate_with_e(2048, &e).unwrap();
}
+
+ #[test]
+ fn test_check_key() {
+ let k = Rsa::private_key_from_pem_passphrase(
+ include_bytes!("../test/rsa-encrypted.pem"),
+ b"mypass",
+ )
+ .unwrap();
+ assert!(matches!(k.check_key(), Ok(true)));
+ assert!(ErrorStack::get().errors().is_empty());
+
+ // BoringSSL simply rejects this key, because its corrupted!
+ if let Ok(k) = Rsa::private_key_from_pem(include_bytes!("../test/corrupted-rsa.pem")) {
+ assert!(matches!(k.check_key(), Ok(false) | Err(_)));
+ assert!(ErrorStack::get().errors().is_empty());
+ }
+ }
}
diff --git a/vendor/openssl/src/sign.rs b/vendor/openssl/src/sign.rs
index 0154b1d4..0e967a8e 100644
--- a/vendor/openssl/src/sign.rs
+++ b/vendor/openssl/src/sign.rs
@@ -36,7 +36,7 @@
//! ```
#![cfg_attr(
- not(boringssl),
+ not(any(boringssl, awslc)),
doc = r#"\
Compute an HMAC:
@@ -79,6 +79,7 @@ use crate::hash::MessageDigest;
use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
use crate::rsa::Padding;
use crate::{cvt, cvt_p};
+use openssl_macros::corresponds;
cfg_if! {
if #[cfg(any(ossl110, libressl382))] {
@@ -135,10 +136,7 @@ impl Signer<'_> {
///
/// This cannot be used with Ed25519 or Ed448 keys. Please refer to
/// `new_without_digest`.
- ///
- /// OpenSSL documentation at [`EVP_DigestSignInit`].
- ///
- /// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
+ #[corresponds(EVP_DigestSignInit)]
pub fn new<'a, T>(type_: MessageDigest, pkey: &PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
where
T: HasPrivate,
@@ -150,10 +148,7 @@ impl Signer<'_> {
///
/// This is the only way to create a `Verifier` for Ed25519 or Ed448 keys.
/// It can also be used to create a CMAC.
- ///
- /// OpenSSL documentation at [`EVP_DigestSignInit`].
- ///
- /// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
+ #[corresponds(EVP_DigestSignInit)]
pub fn new_without_digest<'a, T>(pkey: &PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
where
T: HasPrivate,
@@ -198,8 +193,7 @@ impl Signer<'_> {
/// Returns the RSA padding mode in use.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to `EVP_PKEY_CTX_get_rsa_padding`.
+ #[corresponds(EVP_PKEY_CTX_get_rsa_padding)]
pub fn rsa_padding(&self) -> Result<Padding, ErrorStack> {
unsafe {
let mut pad = 0;
@@ -211,10 +205,7 @@ impl Signer<'_> {
/// Sets the RSA padding mode.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_padding.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_padding)]
pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_padding(
@@ -228,10 +219,7 @@ impl Signer<'_> {
/// Sets the RSA PSS salt length.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_pss_saltlen)]
pub fn set_rsa_pss_saltlen(&mut self, len: RsaPssSaltlen) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen(
@@ -245,10 +233,7 @@ impl Signer<'_> {
/// Sets the RSA MGF1 algorithm.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_mgf1_md)]
pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md(
@@ -263,10 +248,7 @@ impl Signer<'_> {
///
/// Please note that PureEdDSA (Ed25519 and Ed448 keys) do not support streaming.
/// Use `sign_oneshot` instead.
- ///
- /// OpenSSL documentation at [`EVP_DigestUpdate`].
- ///
- /// [`EVP_DigestUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
+ #[corresponds(EVP_DigestUpdate)]
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_DigestUpdate(
@@ -282,15 +264,12 @@ impl Signer<'_> {
///
/// The actual signature may be shorter than this value. Check the return value of
/// `sign` to get the exact length.
- ///
- /// OpenSSL documentation at [`EVP_DigestSignFinal`].
- ///
- /// [`EVP_DigestSignFinal`]: https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignFinal.html
+ #[corresponds(EVP_DigestSignFinal)]
pub fn len(&self) -> Result<usize, ErrorStack> {
self.len_intern()
}
- #[cfg(all(not(ossl111), not(boringssl), not(libressl370)))]
+ #[cfg(not(any(ossl111, boringssl, libressl370, awslc)))]
fn len_intern(&self) -> Result<usize, ErrorStack> {
unsafe {
let mut len = 0;
@@ -303,7 +282,7 @@ impl Signer<'_> {
}
}
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
fn len_intern(&self) -> Result<usize, ErrorStack> {
unsafe {
let mut len = 0;
@@ -322,10 +301,7 @@ impl Signer<'_> {
///
/// This method will fail if the buffer is not large enough for the signature. Use the `len`
/// method to get an upper bound on the required size.
- ///
- /// OpenSSL documentation at [`EVP_DigestSignFinal`].
- ///
- /// [`EVP_DigestSignFinal`]: https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignFinal.html
+ #[corresponds(EVP_DigestSignFinal)]
pub fn sign(&self, buf: &mut [u8]) -> Result<usize, ErrorStack> {
unsafe {
let mut len = buf.len();
@@ -356,11 +332,8 @@ impl Signer<'_> {
///
/// This method will fail if the buffer is not large enough for the signature. Use the `len`
/// method to get an upper bound on the required size.
- ///
- /// OpenSSL documentation at [`EVP_DigestSign`].
- ///
- /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[corresponds(EVP_DigestSign)]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn sign_oneshot(
&mut self,
sig_buf: &mut [u8],
@@ -382,7 +355,7 @@ impl Signer<'_> {
/// Returns the signature.
///
/// This is a simple convenience wrapper over `len` and `sign_oneshot`.
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn sign_oneshot_to_vec(&mut self, data_buf: &[u8]) -> Result<Vec<u8>, ErrorStack> {
let mut sig_buf = vec![0; self.len()?];
let len = self.sign_oneshot(&mut sig_buf, data_buf)?;
@@ -392,7 +365,7 @@ impl Signer<'_> {
}
}
-impl<'a> Write for Signer<'a> {
+impl Write for Signer<'_> {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.update(buf)?;
Ok(buf.len())
@@ -411,10 +384,10 @@ pub struct Verifier<'a> {
pkey_pd: PhantomData<&'a ()>,
}
-unsafe impl<'a> Sync for Verifier<'a> {}
-unsafe impl<'a> Send for Verifier<'a> {}
+unsafe impl Sync for Verifier<'_> {}
+unsafe impl Send for Verifier<'_> {}
-impl<'a> Drop for Verifier<'a> {
+impl Drop for Verifier<'_> {
fn drop(&mut self) {
// pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
unsafe {
@@ -429,10 +402,7 @@ impl<'a> Verifier<'a> {
///
/// This cannot be used with Ed25519 or Ed448 keys. Please refer to
/// [`Verifier::new_without_digest`].
- ///
- /// OpenSSL documentation at [`EVP_DigestVerifyInit`].
- ///
- /// [`EVP_DigestVerifyInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyInit.html
+ #[corresponds(EVP_DigestVerifyInit)]
pub fn new<T>(type_: MessageDigest, pkey: &'a PKeyRef<T>) -> Result<Verifier<'a>, ErrorStack>
where
T: HasPublic,
@@ -443,10 +413,7 @@ impl<'a> Verifier<'a> {
/// Creates a new `Verifier` without a digest.
///
/// This is the only way to create a `Verifier` for Ed25519 or Ed448 keys.
- ///
- /// OpenSSL documentation at [`EVP_DigestVerifyInit`].
- ///
- /// [`EVP_DigestVerifyInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyInit.html
+ #[corresponds(EVP_DigestVerifyInit)]
pub fn new_without_digest<T>(pkey: &'a PKeyRef<T>) -> Result<Verifier<'a>, ErrorStack>
where
T: HasPublic,
@@ -491,8 +458,7 @@ impl<'a> Verifier<'a> {
/// Returns the RSA padding mode in use.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to `EVP_PKEY_CTX_get_rsa_padding`.
+ #[corresponds(EVP_PKEY_CTX_get_rsa_padding)]
pub fn rsa_padding(&self) -> Result<Padding, ErrorStack> {
unsafe {
let mut pad = 0;
@@ -504,10 +470,7 @@ impl<'a> Verifier<'a> {
/// Sets the RSA padding mode.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_padding.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_padding)]
pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_padding(
@@ -521,10 +484,7 @@ impl<'a> Verifier<'a> {
/// Sets the RSA PSS salt length.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_pss_saltlen)]
pub fn set_rsa_pss_saltlen(&mut self, len: RsaPssSaltlen) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen(
@@ -538,10 +498,7 @@ impl<'a> Verifier<'a> {
/// Sets the RSA MGF1 algorithm.
///
/// This is only useful for RSA keys.
- ///
- /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
- ///
- /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
+ #[corresponds(EVP_PKEY_CTX_set_rsa_mgf1_md)]
pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md(
@@ -556,10 +513,7 @@ impl<'a> Verifier<'a> {
///
/// Please note that PureEdDSA (Ed25519 and Ed448 keys) do not support streaming.
/// Use [`Verifier::verify_oneshot`] instead.
- ///
- /// OpenSSL documentation at [`EVP_DigestUpdate`].
- ///
- /// [`EVP_DigestUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
+ #[corresponds(EVP_DigestUpdate)]
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EVP_DigestUpdate(
@@ -572,10 +526,7 @@ impl<'a> Verifier<'a> {
}
/// Determines if the data fed into the `Verifier` matches the provided signature.
- ///
- /// OpenSSL documentation at [`EVP_DigestVerifyFinal`].
- ///
- /// [`EVP_DigestVerifyFinal`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyFinal.html
+ #[corresponds(EVP_DigestVerifyFinal)]
pub fn verify(&self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
let r =
@@ -592,11 +543,8 @@ impl<'a> Verifier<'a> {
}
/// Determines if the data given in `buf` matches the provided signature.
- ///
- /// OpenSSL documentation at [`EVP_DigestVerify`].
- ///
- /// [`EVP_DigestVerify`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerify.html
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[corresponds(EVP_DigestVerify)]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
pub fn verify_oneshot(&mut self, signature: &[u8], buf: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
let r = ffi::EVP_DigestVerify(
@@ -618,7 +566,7 @@ impl<'a> Verifier<'a> {
}
}
-impl<'a> Write for Verifier<'a> {
+impl Write for Verifier<'_> {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.update(buf)?;
Ok(buf.len())
@@ -653,7 +601,7 @@ mod test {
use crate::nid::Nid;
use crate::pkey::PKey;
use crate::rsa::{Padding, Rsa};
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
use crate::sign::RsaPssSaltlen;
use crate::sign::{Signer, Verifier};
@@ -846,7 +794,7 @@ mod test {
}
#[test]
- #[cfg(any(ossl111, boringssl, libressl370))]
+ #[cfg(any(ossl111, boringssl, libressl370, awslc))]
fn eddsa() {
let key = PKey::generate_ed25519().unwrap();
@@ -858,7 +806,7 @@ mod test {
}
#[test]
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, awslc))]
fn rsa_sign_verify() {
let key = include_bytes!("../test/rsa.pem");
let private_key = Rsa::private_key_from_pem(key).unwrap();
diff --git a/vendor/openssl/src/srtp.rs b/vendor/openssl/src/srtp.rs
index 595757dc..44ef4346 100644
--- a/vendor/openssl/src/srtp.rs
+++ b/vendor/openssl/src/srtp.rs
@@ -46,10 +46,10 @@ impl SrtpProfileId {
SrtpProfileId(ffi::SRTP_AES128_F8_SHA1_32 as c_ulong);
pub const SRTP_NULL_SHA1_80: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_80 as c_ulong);
pub const SRTP_NULL_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_32 as c_ulong);
- #[cfg(any(boringssl, ossl110))]
+ #[cfg(any(boringssl, ossl110, awslc))]
pub const SRTP_AEAD_AES_128_GCM: SrtpProfileId =
SrtpProfileId(ffi::SRTP_AEAD_AES_128_GCM as c_ulong);
- #[cfg(any(boringssl, ossl110))]
+ #[cfg(any(boringssl, ossl110, awslc))]
pub const SRTP_AEAD_AES_256_GCM: SrtpProfileId =
SrtpProfileId(ffi::SRTP_AEAD_AES_256_GCM as c_ulong);
diff --git a/vendor/openssl/src/ssl/bio.rs b/vendor/openssl/src/ssl/bio.rs
index a5561dc7..ecd74c9a 100644
--- a/vendor/openssl/src/ssl/bio.rs
+++ b/vendor/openssl/src/ssl/bio.rs
@@ -9,10 +9,9 @@ use std::io;
use std::io::prelude::*;
use std::panic::{catch_unwind, AssertUnwindSafe};
use std::ptr;
-use std::slice;
-use crate::cvt_p;
use crate::error::ErrorStack;
+use crate::{cvt_p, util};
pub struct StreamState<S> {
pub stream: S,
@@ -89,7 +88,7 @@ unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_
BIO_clear_retry_flags(bio);
let state = state::<S>(bio);
- let buf = slice::from_raw_parts(buf as *const _, len as usize);
+ let buf = util::from_raw_parts(buf as *const _, len as usize);
match catch_unwind(AssertUnwindSafe(|| state.stream.write(buf))) {
Ok(Ok(len)) => len as c_int,
@@ -111,7 +110,7 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
BIO_clear_retry_flags(bio);
let state = state::<S>(bio);
- let buf = slice::from_raw_parts_mut(buf as *mut _, len as usize);
+ let buf = util::from_raw_parts_mut(buf as *mut _, len as usize);
match catch_unwind(AssertUnwindSafe(|| state.stream.read(buf))) {
Ok(Ok(len)) => len as c_int,
@@ -190,7 +189,7 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::{BIO_get_data, BIO_set_data, BIO_set_flags, BIO_set_init};
use crate::cvt;
@@ -202,15 +201,34 @@ cfg_if! {
impl BIO_METHOD {
fn new<S: Read + Write>() -> Result<BIO_METHOD, ErrorStack> {
+ #[cfg(not(boringssl))]
+ use ffi::{
+ BIO_meth_set_write__fixed_rust as BIO_meth_set_write,
+ BIO_meth_set_read__fixed_rust as BIO_meth_set_read,
+ BIO_meth_set_puts__fixed_rust as BIO_meth_set_puts,
+ BIO_meth_set_ctrl__fixed_rust as BIO_meth_set_ctrl,
+ BIO_meth_set_create__fixed_rust as BIO_meth_set_create,
+ BIO_meth_set_destroy__fixed_rust as BIO_meth_set_destroy,
+ };
+ #[cfg(boringssl)]
+ use ffi::{
+ BIO_meth_set_write,
+ BIO_meth_set_read,
+ BIO_meth_set_puts,
+ BIO_meth_set_ctrl,
+ BIO_meth_set_create,
+ BIO_meth_set_destroy,
+ };
+
unsafe {
let ptr = cvt_p(ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr() as *const _))?;
let method = BIO_METHOD(ptr);
- cvt(ffi::BIO_meth_set_write__fixed_rust(method.0, Some(bwrite::<S>)))?;
- cvt(ffi::BIO_meth_set_read__fixed_rust(method.0, Some(bread::<S>)))?;
- cvt(ffi::BIO_meth_set_puts__fixed_rust(method.0, Some(bputs::<S>)))?;
- cvt(ffi::BIO_meth_set_ctrl__fixed_rust(method.0, Some(ctrl::<S>)))?;
- cvt(ffi::BIO_meth_set_create__fixed_rust(method.0, Some(create)))?;
- cvt(ffi::BIO_meth_set_destroy__fixed_rust(method.0, Some(destroy::<S>)))?;
+ cvt(BIO_meth_set_write(method.0, Some(bwrite::<S>)))?;
+ cvt(BIO_meth_set_read(method.0, Some(bread::<S>)))?;
+ cvt(BIO_meth_set_puts(method.0, Some(bputs::<S>)))?;
+ cvt(BIO_meth_set_ctrl(method.0, Some(ctrl::<S>)))?;
+ cvt(BIO_meth_set_create(method.0, Some(create)))?;
+ cvt(BIO_meth_set_destroy(method.0, Some(destroy::<S>)))?;
Ok(method)
}
}
diff --git a/vendor/openssl/src/ssl/callbacks.rs b/vendor/openssl/src/ssl/callbacks.rs
index be8909ee..22eb600f 100644
--- a/vendor/openssl/src/ssl/callbacks.rs
+++ b/vendor/openssl/src/ssl/callbacks.rs
@@ -10,8 +10,7 @@ use libc::{c_int, c_uchar, c_uint, c_void};
use std::ffi::CStr;
use std::mem;
use std::ptr;
-use std::slice;
-#[cfg(any(ossl111, boringssl))]
+#[cfg(any(ossl111, boringssl, awslc))]
use std::str;
use std::sync::Arc;
@@ -20,7 +19,7 @@ use crate::dh::Dh;
use crate::ec::EcKey;
use crate::error::ErrorStack;
use crate::pkey::Params;
-#[cfg(any(ossl102, libressl261))]
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
use crate::ssl::AlpnError;
use crate::ssl::{
try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef,
@@ -28,7 +27,8 @@ use crate::ssl::{
};
#[cfg(ossl111)]
use crate::ssl::{ClientHelloResponse, ExtensionContext};
-#[cfg(any(ossl111, boringssl))]
+use crate::util;
+#[cfg(any(ossl111, boringssl, awslc))]
use crate::util::ForeignTypeRefExt;
#[cfg(ossl111)]
use crate::x509::X509Ref;
@@ -85,9 +85,9 @@ where
None
};
// Give the callback mutable slices into which it can write the identity and psk.
- let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize);
+ let identity_sl = util::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize);
#[allow(clippy::unnecessary_cast)]
- let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
+ let psk_sl = util::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
match (*callback)(ssl, hint, identity_sl, psk_sl) {
Ok(psk_len) => psk_len as u32,
Err(e) => {
@@ -126,7 +126,7 @@ where
};
// Give the callback mutable slices into which it can write the psk.
#[allow(clippy::unnecessary_cast)]
- let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
+ let psk_sl = util::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
match (*callback)(ssl, identity, psk_sl) {
Ok(psk_len) => psk_len as u32,
Err(e) => {
@@ -178,7 +178,7 @@ where
}
}
-#[cfg(any(ossl102, libressl261))]
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL,
out: *mut *const c_uchar,
@@ -197,7 +197,7 @@ where
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: alpn callback missing") as *const F;
#[allow(clippy::unnecessary_cast)]
- let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize);
+ let protos = util::from_raw_parts(inbuf as *const u8, inlen as usize);
match (*callback)(ssl, protos) {
Ok(proto) => {
@@ -391,7 +391,7 @@ pub unsafe extern "C" fn raw_remove_session<F>(
}
cfg_if! {
- if #[cfg(any(ossl110, libressl280, boringssl))] {
+ if #[cfg(any(ossl110, libressl280, boringssl, awslc))] {
type DataPtr = *const c_uchar;
} else {
type DataPtr = *mut c_uchar;
@@ -416,7 +416,7 @@ where
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: get session callback missing") as *const F;
#[allow(clippy::unnecessary_cast)]
- let data = slice::from_raw_parts(data as *const u8, len as usize);
+ let data = util::from_raw_parts(data as *const u8, len as usize);
match (*callback)(ssl, data) {
Some(session) => {
@@ -429,7 +429,7 @@ where
}
}
-#[cfg(any(ossl111, boringssl))]
+#[cfg(any(ossl111, boringssl, awslc))]
pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -460,7 +460,7 @@ where
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: stateless cookie generate callback missing") as *const F;
#[allow(clippy::unnecessary_cast)]
- let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
+ let slice = util::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
match (*callback)(ssl, slice) {
Ok(len) => {
*cookie_len = len as size_t;
@@ -488,11 +488,11 @@ where
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: stateless cookie verify callback missing") as *const F;
#[allow(clippy::unnecessary_cast)]
- let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len);
+ let slice = util::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len);
(*callback)(ssl, slice) as c_int
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
pub extern "C" fn raw_cookie_generate<F>(
ssl: *mut ffi::SSL,
cookie: *mut c_uchar,
@@ -511,7 +511,7 @@ where
// compatibility. See comments in dtls1.h.
#[allow(clippy::unnecessary_cast)]
let slice =
- slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);
+ util::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);
match (*callback)(ssl, slice) {
Ok(len) => {
*cookie_len = len as c_uint;
@@ -525,7 +525,7 @@ where
}
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
cfg_if! {
if #[cfg(any(ossl110, libressl280))] {
type CookiePtr = *const c_uchar;
@@ -534,7 +534,7 @@ cfg_if! {
}
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
pub extern "C" fn raw_cookie_verify<F>(
ssl: *mut ffi::SSL,
cookie: CookiePtr,
@@ -551,7 +551,7 @@ where
.expect("BUG: cookie verify callback missing") as *const F;
#[allow(clippy::unnecessary_cast)]
let slice =
- slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
+ util::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
(*callback)(ssl, slice) as c_int
}
}
@@ -663,7 +663,7 @@ where
.expect("BUG: custom ext parse callback missing") as *const F;
let ectx = ExtensionContext::from_bits_truncate(context);
#[allow(clippy::unnecessary_cast)]
- let slice = slice::from_raw_parts(input as *const u8, inlen);
+ let slice = util::from_raw_parts(input as *const u8, inlen);
let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) {
Some((chainidx, X509Ref::from_ptr(x)))
} else {
diff --git a/vendor/openssl/src/ssl/connector.rs b/vendor/openssl/src/ssl/connector.rs
index 66d1bd89..8992f5a9 100644
--- a/vendor/openssl/src/ssl/connector.rs
+++ b/vendor/openssl/src/ssl/connector.rs
@@ -29,7 +29,7 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
let mut ctx = SslContextBuilder::new(method)?;
cfg_if! {
- if #[cfg(not(boringssl))] {
+ if #[cfg(not(any(boringssl, awslc)))] {
let mut opts = SslOptions::ALL
| SslOptions::NO_COMPRESSION
| SslOptions::NO_SSLV2
diff --git a/vendor/openssl/src/ssl/mod.rs b/vendor/openssl/src/ssl/mod.rs
index a540d414..696be013 100644
--- a/vendor/openssl/src/ssl/mod.rs
+++ b/vendor/openssl/src/ssl/mod.rs
@@ -77,9 +77,10 @@ use crate::ssl::bio::BioMethod;
use crate::ssl::callbacks::*;
use crate::ssl::error::InnerError;
use crate::stack::{Stack, StackRef, Stackable};
+use crate::util;
use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
use crate::x509::verify::X509VerifyParamRef;
use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};
use crate::{cvt, cvt_n, cvt_p, init};
@@ -101,7 +102,6 @@ use std::ops::{Deref, DerefMut};
use std::panic::resume_unwind;
use std::path::Path;
use std::ptr;
-use std::slice;
use std::str;
use std::sync::{Arc, Mutex};
@@ -137,7 +137,7 @@ pub fn cipher_name(std_name: &str) -> &'static str {
cfg_if! {
if #[cfg(ossl300)] {
type SslOptionsRepr = u64;
- } else if #[cfg(boringssl)] {
+ } else if #[cfg(any(boringssl, awslc))] {
type SslOptionsRepr = u32;
} else {
type SslOptionsRepr = libc::c_ulong;
@@ -153,7 +153,7 @@ bitflags! {
const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr;
/// A "reasonable default" set of options which enables compatibility flags.
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
const ALL = ffi::SSL_OP_ALL as SslOptionsRepr;
/// Do not query the MTU.
@@ -166,19 +166,19 @@ bitflags! {
/// Only affects DTLS connections.
///
/// [RFC 4347 Section 4.2.1]: https://tools.ietf.org/html/rfc4347#section-4.2.1
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
const COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE as SslOptionsRepr;
/// Disables the use of session tickets for session resumption.
const NO_TICKET = ffi::SSL_OP_NO_TICKET as SslOptionsRepr;
/// Always start a new session when performing a renegotiation on the server side.
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
const NO_SESSION_RESUMPTION_ON_RENEGOTIATION =
ffi::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION as SslOptionsRepr;
/// Disables the use of TLS compression.
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
const NO_COMPRESSION = ffi::SSL_OP_NO_COMPRESSION as SslOptionsRepr;
/// Allow legacy insecure renegotiation with servers or clients that do not support secure
@@ -222,19 +222,19 @@ bitflags! {
/// Disables the use of TLSv1.3.
///
/// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
- #[cfg(any(boringssl, ossl111, libressl340))]
+ #[cfg(any(boringssl, ossl111, libressl340, awslc))]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3 as SslOptionsRepr;
/// Disables the use of DTLSv1.0
///
/// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.
- #[cfg(any(boringssl, ossl102, ossl110, libressl332))]
+ #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1 as SslOptionsRepr;
/// Disables the use of DTLSv1.2.
///
/// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.
- #[cfg(any(boringssl, ossl102, ossl110, libressl332))]
+ #[cfg(any(boringssl, ossl102, ossl110, libressl332, awslc))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2 as SslOptionsRepr;
/// Disables the use of all (D)TLS protocol versions.
@@ -258,7 +258,7 @@ bitflags! {
/// Disallow all renegotiation in TLSv1.2 and earlier.
///
/// Requires OpenSSL 1.1.0h or newer.
- #[cfg(any(boringssl, ossl110h))]
+ #[cfg(any(boringssl, ossl110h, awslc))]
const NO_RENEGOTIATION = ffi::SSL_OP_NO_RENEGOTIATION as SslOptionsRepr;
/// Enable TLSv1.3 Compatibility mode.
@@ -364,6 +364,20 @@ impl SslMethod {
unsafe { SslMethod(TLS_server_method()) }
}
+ /// Support all versions of the DTLS protocol, explicitly as a client.
+ #[corresponds(DTLS_client_method)]
+ #[cfg(any(boringssl, ossl110, libressl291, awslc))]
+ pub fn dtls_client() -> SslMethod {
+ unsafe { SslMethod(DTLS_client_method()) }
+ }
+
+ /// Support all versions of the DTLS protocol, explicitly as a server.
+ #[corresponds(DTLS_server_method)]
+ #[cfg(any(boringssl, ossl110, libressl291, awslc))]
+ pub fn dtls_server() -> SslMethod {
+ unsafe { SslMethod(DTLS_server_method()) }
+ }
+
/// Constructs an `SslMethod` from a pointer to the underlying OpenSSL value.
///
/// # Safety
@@ -407,14 +421,14 @@ bitflags! {
}
}
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type SslBitType = c_int;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type SslBitType = c_long;
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
type SslTimeTy = u64;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
type SslTimeTy = c_long;
bitflags! {
@@ -602,17 +616,17 @@ impl SslAlert {
/// An error returned from an ALPN selection callback.
///
-/// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
-#[cfg(any(ossl102, libressl261))]
+/// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int);
-#[cfg(any(ossl102, libressl261))]
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
- /// Requires OpenSSL 1.1.0 or newer.
- #[cfg(ossl110)]
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or newer.
+ #[cfg(any(ossl110, boringssl, awslc))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
/// Do not select a protocol, but continue the handshake.
@@ -654,8 +668,8 @@ impl SslVersion {
/// TLSv1.3
///
- /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
- #[cfg(any(ossl111, libressl340, boringssl))]
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
+ #[cfg(any(ossl111, libressl340, boringssl, awslc))]
pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
/// DTLSv1.0
@@ -666,12 +680,12 @@ impl SslVersion {
/// DTLSv1.2
///
/// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1.
- #[cfg(any(ossl102, libressl332, boringssl))]
+ #[cfg(any(ossl102, libressl332, boringssl, awslc))]
pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION);
}
cfg_if! {
- if #[cfg(boringssl)] {
+ if #[cfg(any(boringssl, awslc))] {
type SslCacheTy = i64;
type SslCacheSize = libc::c_ulong;
type MtuTy = u32;
@@ -695,7 +709,7 @@ cfg_if! {
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
#[corresponds(SSL_select_next_proto)]
-pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]> {
+pub fn select_next_proto<'a>(server: &'a [u8], client: &'a [u8]) -> Option<&'a [u8]> {
unsafe {
let mut out = ptr::null_mut();
let mut outlen = 0;
@@ -708,7 +722,7 @@ pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]
client.len() as c_uint,
);
if r == ffi::OPENSSL_NPN_NEGOTIATED {
- Some(slice::from_raw_parts(out as *const u8, outlen as usize))
+ Some(util::from_raw_parts(out as *const u8, outlen as usize))
} else {
None
}
@@ -790,9 +804,9 @@ impl SslContextBuilder {
// still stored in ex data to manage the lifetime.
let arg = self.set_ex_data_inner(SslContext::cached_ex_index::<F>(), callback);
ffi::SSL_CTX_set_tlsext_servername_arg(self.as_ptr(), arg);
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(raw_sni::<F>));
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
ffi::SSL_CTX_set_tlsext_servername_callback__fixed_rust(
self.as_ptr(),
Some(raw_sni::<F>),
@@ -876,9 +890,9 @@ impl SslContextBuilder {
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
ffi::SSL_CTX_set_tmp_dh_callback__fixed_rust(self.as_ptr(), Some(raw_tmp_dh::<F>));
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), Some(raw_tmp_dh::<F>));
}
}
@@ -924,12 +938,23 @@ impl SslContextBuilder {
/// The file should contain a sequence of PEM-formatted CA certificates.
#[corresponds(SSL_CTX_load_verify_locations)]
pub fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> {
- let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
+ self.load_verify_locations(Some(file.as_ref()), None)
+ }
+
+ /// Loads trusted root certificates from a file and/or a directory.
+ #[corresponds(SSL_CTX_load_verify_locations)]
+ pub fn load_verify_locations(
+ &mut self,
+ ca_file: Option<&Path>,
+ ca_path: Option<&Path>,
+ ) -> Result<(), ErrorStack> {
+ let ca_file = ca_file.map(|p| CString::new(p.as_os_str().to_str().unwrap()).unwrap());
+ let ca_path = ca_path.map(|p| CString::new(p.as_os_str().to_str().unwrap()).unwrap());
unsafe {
cvt(ffi::SSL_CTX_load_verify_locations(
self.as_ptr(),
- file.as_ptr() as *const _,
- ptr::null(),
+ ca_file.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
+ ca_path.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
))
.map(|_| ())
}
@@ -1147,9 +1172,9 @@ impl SslContextBuilder {
/// A value of `None` will enable protocol versions down to the lowest version supported by
/// OpenSSL.
///
- /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_CTX_set_min_proto_version)]
- #[cfg(any(ossl110, libressl261, boringssl))]
+ #[cfg(any(ossl110, libressl261, boringssl, awslc))]
pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_min_proto_version(
@@ -1165,9 +1190,9 @@ impl SslContextBuilder {
/// A value of `None` will enable protocol versions up to the highest version supported by
/// OpenSSL.
///
- /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_CTX_set_max_proto_version)]
- #[cfg(any(ossl110, libressl261, boringssl))]
+ #[cfg(any(ossl110, libressl261, boringssl, awslc))]
pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_max_proto_version(
@@ -1223,9 +1248,9 @@ impl SslContextBuilder {
/// and `http/1.1` is encoded as `b"\x06spdy/1\x08http/1.1"`. The protocols are ordered by
/// preference.
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_CTX_set_alpn_protos)]
- #[cfg(any(ossl102, libressl261, boringssl))]
+ #[cfg(any(ossl102, libressl261, boringssl, awslc))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::MAX as usize);
@@ -1267,23 +1292,30 @@ impl SslContextBuilder {
/// of those protocols on success. The [`select_next_proto`] function implements the standard
/// protocol selection algorithm.
///
- /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html
#[corresponds(SSL_CTX_set_alpn_select_cb)]
- #[cfg(any(ossl102, libressl261))]
+ #[cfg(any(ossl102, libressl261, boringssl, awslc))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
+ #[cfg(not(any(boringssl, awslc)))]
ffi::SSL_CTX_set_alpn_select_cb__fixed_rust(
self.as_ptr(),
Some(callbacks::raw_alpn_select::<F>),
ptr::null_mut(),
);
+ #[cfg(any(boringssl, awslc))]
+ ffi::SSL_CTX_set_alpn_select_cb(
+ self.as_ptr(),
+ Some(callbacks::raw_alpn_select::<F>),
+ ptr::null_mut(),
+ );
}
}
@@ -1307,18 +1339,18 @@ impl SslContextBuilder {
/// Returns a reference to the X509 verification configuration.
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer.
#[corresponds(SSL_CTX_get0_param)]
- #[cfg(any(ossl102, boringssl, libressl261))]
+ #[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub fn verify_param(&self) -> &X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr(ffi::SSL_CTX_get0_param(self.as_ptr())) }
}
/// Returns a mutable reference to the X509 verification configuration.
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer.
#[corresponds(SSL_CTX_get0_param)]
- #[cfg(any(ossl102, boringssl, libressl261))]
+ #[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_CTX_get0_param(self.as_ptr())) }
}
@@ -1470,7 +1502,7 @@ impl SslContextBuilder {
///
/// Requires OpenSSL 1.1.1 or newer.
#[corresponds(SSL_CTX_set_keylog_callback)]
- #[cfg(any(ossl111, boringssl))]
+ #[cfg(any(ossl111, boringssl, awslc))]
pub fn set_keylog_callback<F>(&mut self, callback: F)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@@ -1540,7 +1572,7 @@ impl SslContextBuilder {
/// The callback will be called with the SSL context and a slice into which the cookie
/// should be written. The callback should return the number of bytes written.
#[corresponds(SSL_CTX_set_cookie_generate_cb)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
@@ -1556,7 +1588,7 @@ impl SslContextBuilder {
/// The callback will be called with the SSL context and the cookie supplied by the
/// client. It should return true if and only if the cookie is valid.
#[corresponds(SSL_CTX_set_cookie_verify_cb)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn set_cookie_verify_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
@@ -1719,9 +1751,9 @@ impl SslContextBuilder {
/// Sets the context's supported elliptic curve groups.
///
- /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer.
#[corresponds(SSL_CTX_set1_groups_list)]
- #[cfg(any(ossl111, boringssl, libressl251))]
+ #[cfg(any(ossl111, boringssl, libressl251, awslc))]
pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> {
let groups = CString::new(groups).unwrap();
unsafe {
@@ -1812,9 +1844,9 @@ impl SslContext {
{
unsafe {
ffi::init();
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let idx = cvt_n(get_new_idx(Some(free_data_box::<T>)))?;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let idx = cvt_n(get_new_idx(free_data_box::<T>))?;
Ok(Index::from_raw(idx))
}
@@ -2174,7 +2206,7 @@ impl SslSessionRef {
let mut len = 0;
let p = ffi::SSL_SESSION_get_id(self.as_ptr(), &mut len);
#[allow(clippy::unnecessary_cast)]
- slice::from_raw_parts(p as *const u8, len as usize)
+ util::from_raw_parts(p as *const u8, len as usize)
}
}
@@ -2273,9 +2305,9 @@ impl Ssl {
{
unsafe {
ffi::init();
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let idx = cvt_n(get_new_ssl_idx(Some(free_data_box::<T>)))?;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let idx = cvt_n(get_new_ssl_idx(free_data_box::<T>))?;
Ok(Index::from_raw(idx))
}
@@ -2297,10 +2329,6 @@ impl Ssl {
}
/// Creates a new `Ssl`.
- ///
- /// This corresponds to [`SSL_new`].
- ///
- /// [`SSL_new`]: https://www.openssl.org/docs/manmaster/ssl/SSL_new.html
#[corresponds(SSL_new)]
pub fn new(ctx: &SslContextRef) -> Result<Ssl, ErrorStack> {
let session_ctx_index = try_get_session_ctx_index()?;
@@ -2314,15 +2342,10 @@ impl Ssl {
}
/// Initiates a client-side TLS handshake.
- ///
- /// This corresponds to [`SSL_connect`].
- ///
/// # Warning
///
/// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `SslConnector` rather than `Ssl` directly, as it manages that configuration.
- ///
- /// [`SSL_connect`]: https://www.openssl.org/docs/manmaster/man3/SSL_connect.html
#[corresponds(SSL_connect)]
#[allow(deprecated)]
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
@@ -2334,14 +2357,10 @@ impl Ssl {
/// Initiates a server-side TLS handshake.
///
- /// This corresponds to [`SSL_accept`].
- ///
/// # Warning
///
/// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `SslAcceptor` rather than `Ssl` directly, as it manages that configuration.
- ///
- /// [`SSL_accept`]: https://www.openssl.org/docs/manmaster/man3/SSL_accept.html
#[corresponds(SSL_accept)]
#[allow(deprecated)]
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
@@ -2435,9 +2454,9 @@ impl SslRef {
unsafe {
// this needs to be in an Arc since the callback can register a new callback!
self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback));
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
ffi::SSL_set_tmp_dh_callback(self.as_ptr(), Some(raw_tmp_dh_ssl::<F>));
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
ffi::SSL_set_tmp_dh_callback__fixed_rust(self.as_ptr(), Some(raw_tmp_dh_ssl::<F>));
}
}
@@ -2480,11 +2499,11 @@ impl SslRef {
/// Like [`SslContextBuilder::set_alpn_protos`].
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
#[corresponds(SSL_set_alpn_protos)]
- #[cfg(any(ossl102, libressl261, boringssl))]
+ #[cfg(any(ossl102, libressl261, boringssl, awslc))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::MAX as usize);
@@ -2636,9 +2655,9 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it.
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_get0_alpn_selected)]
- #[cfg(any(ossl102, libressl261, boringssl))]
+ #[cfg(any(ossl102, libressl261, boringssl, awslc))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe {
let mut data: *const c_uchar = ptr::null();
@@ -2650,16 +2669,12 @@ impl SslRef {
if data.is_null() {
None
} else {
- Some(slice::from_raw_parts(data, len as usize))
+ Some(util::from_raw_parts(data, len as usize))
}
}
}
/// Enables the DTLS extension "use_srtp" as defined in RFC5764.
- ///
- /// This corresponds to [`SSL_set_tlsext_use_srtp`].
- ///
- /// [`SSL_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
#[corresponds(SSL_set_tlsext_use_srtp)]
pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> {
unsafe {
@@ -2678,10 +2693,6 @@ impl SslRef {
/// Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp
///
/// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
- ///
- /// This corresponds to [`SSL_get_srtp_profiles`].
- ///
- /// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
#[corresponds(SSL_get_srtp_profiles)]
pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> {
unsafe {
@@ -2769,9 +2780,9 @@ impl SslRef {
/// Returns a mutable reference to the X509 verification configuration.
///
- /// Requires BoringSSL or OpenSSL 1.0.2 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.0.2 or newer.
#[corresponds(SSL_get0_param)]
- #[cfg(any(ossl102, boringssl, libressl261))]
+ #[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
}
@@ -2919,7 +2930,7 @@ impl SslRef {
/// Returns the server's OCSP response, if present.
#[corresponds(SSL_get_tlsext_status_ocsp_resp)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn ocsp_status(&self) -> Option<&[u8]> {
unsafe {
let mut p = ptr::null_mut();
@@ -2928,14 +2939,14 @@ impl SslRef {
if len < 0 {
None
} else {
- Some(slice::from_raw_parts(p as *const u8, len as usize))
+ Some(util::from_raw_parts(p as *const u8, len as usize))
}
}
}
/// Sets the OCSP response to be returned to the client.
#[corresponds(SSL_set_tlsext_status_oscp_resp)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(response.len() <= c_int::MAX as usize);
@@ -3099,7 +3110,7 @@ impl SslRef {
if len == 0 {
None
} else {
- Some(slice::from_raw_parts(ptr, len))
+ Some(util::from_raw_parts(ptr, len))
}
}
}
@@ -3118,7 +3129,7 @@ impl SslRef {
if len == 0 {
None
} else {
- Some(slice::from_raw_parts(ptr, len))
+ Some(util::from_raw_parts(ptr, len))
}
}
}
@@ -3137,7 +3148,7 @@ impl SslRef {
if len == 0 {
None
} else {
- Some(slice::from_raw_parts(ptr, len))
+ Some(util::from_raw_parts(ptr, len))
}
}
}
@@ -3191,7 +3202,7 @@ impl SslRef {
if len == 0 {
None
} else {
- Some(slice::from_raw_parts(ptr, len))
+ Some(util::from_raw_parts(ptr, len))
}
}
}
@@ -3243,7 +3254,7 @@ impl SslRef {
}
/// Sets a new default TLS/SSL method for SSL objects
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn set_method(&mut self, method: SslMethod) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_set_ssl_method(self.as_ptr(), method.as_ptr()))?;
@@ -3331,9 +3342,9 @@ impl SslRef {
/// A value of `None` will enable protocol versions down to the lowest version supported by
/// OpenSSL.
///
- /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_set_min_proto_version)]
- #[cfg(any(ossl110, libressl261, boringssl))]
+ #[cfg(any(ossl110, libressl261, boringssl, awslc))]
pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_set_min_proto_version(
@@ -3349,9 +3360,9 @@ impl SslRef {
/// A value of `None` will enable protocol versions up to the highest version supported by
/// OpenSSL.
///
- /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
+ /// Requires AWS-LC or BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
#[corresponds(SSL_set_max_proto_version)]
- #[cfg(any(ossl110, libressl261, boringssl))]
+ #[cfg(any(ossl110, libressl261, boringssl, awslc))]
pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_set_max_proto_version(
@@ -3526,9 +3537,7 @@ where
{
/// Restarts the handshake process.
///
- /// This corresponds to [`SSL_do_handshake`].
- ///
- /// [`SSL_do_handshake`]: https://www.openssl.org/docs/manmaster/man3/SSL_do_handshake.html
+ #[corresponds(SSL_do_handshake)]
pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> {
match self.stream.do_handshake() {
Ok(()) => Ok(self.stream),
@@ -3764,7 +3773,7 @@ impl<S: Read + Write> SslStream<S> {
pub fn ssl_read(&mut self, buf: &mut [u8]) -> Result<usize, Error> {
// SAFETY: `ssl_read_uninit` does not de-initialize the buffer.
unsafe {
- self.ssl_read_uninit(slice::from_raw_parts_mut(
+ self.ssl_read_uninit(util::from_raw_parts_mut(
buf.as_mut_ptr().cast::<MaybeUninit<u8>>(),
buf.len(),
))
@@ -3997,7 +4006,7 @@ impl<S: Read + Write> Read for SslStream<S> {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
// SAFETY: `read_uninit` does not de-initialize the buffer
unsafe {
- self.read_uninit(slice::from_raw_parts_mut(
+ self.read_uninit(util::from_raw_parts_mut(
buf.as_mut_ptr().cast::<MaybeUninit<u8>>(),
buf.len(),
))
@@ -4056,10 +4065,7 @@ where
/// `accept`. If a HelloRetryRequest containing a fresh cookie was
/// transmitted, `Ok(false)` is returned instead. If the handshake cannot
/// proceed at all, `Err` is returned.
- ///
- /// This corresponds to [`SSL_stateless`]
- ///
- /// [`SSL_stateless`]: https://www.openssl.org/docs/manmaster/man3/SSL_stateless.html
+ #[corresponds(SSL_stateless)]
#[cfg(ossl111)]
pub fn stateless(&mut self) -> Result<bool, ErrorStack> {
match unsafe { ffi::SSL_stateless(self.inner.ssl.as_ptr()) } {
@@ -4071,19 +4077,13 @@ where
}
/// Configure as an outgoing stream from a client.
- ///
- /// This corresponds to [`SSL_set_connect_state`].
- ///
- /// [`SSL_set_connect_state`]: https://www.openssl.org/docs/manmaster/man3/SSL_set_connect_state.html
+ #[corresponds(SSL_set_connect_state)]
pub fn set_connect_state(&mut self) {
unsafe { ffi::SSL_set_connect_state(self.inner.ssl.as_ptr()) }
}
/// Configure as an incoming stream to a server.
- ///
- /// This corresponds to [`SSL_set_accept_state`].
- ///
- /// [`SSL_set_accept_state`]: https://www.openssl.org/docs/manmaster/man3/SSL_set_accept_state.html
+ #[corresponds(SSL_set_accept_state)]
pub fn set_accept_state(&mut self) {
unsafe { ffi::SSL_set_accept_state(self.inner.ssl.as_ptr()) }
}
@@ -4129,10 +4129,7 @@ where
/// Initiates the handshake.
///
/// This will fail if `set_accept_state` or `set_connect_state` was not called first.
- ///
- /// This corresponds to [`SSL_do_handshake`].
- ///
- /// [`SSL_do_handshake`]: https://www.openssl.org/docs/manmaster/man3/SSL_do_handshake.html
+ #[corresponds(SSL_do_handshake)]
pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> {
match self.inner.do_handshake() {
Ok(()) => Ok(self.inner),
@@ -4160,10 +4157,7 @@ where
/// Returns `Ok(0)` if all early data has been read.
///
/// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
- ///
- /// This corresponds to [`SSL_read_early_data`].
- ///
- /// [`SSL_read_early_data`]: https://www.openssl.org/docs/manmaster/man3/SSL_read_early_data.html
+ #[corresponds(SSL_read_early_data)]
#[cfg(any(ossl111, libressl340))]
pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result<usize, Error> {
self.inner.read_early_data(buf)
@@ -4175,10 +4169,7 @@ where
/// `set_connect_state` first.
///
/// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
- ///
- /// This corresponds to [`SSL_write_early_data`].
- ///
- /// [`SSL_write_early_data`]: https://www.openssl.org/docs/manmaster/man3/SSL_write_early_data.html
+ #[corresponds(SSL_write_early_data)]
#[cfg(any(ossl111, libressl340))]
pub fn write_early_data(&mut self, buf: &[u8]) -> Result<usize, Error> {
self.inner.write_early_data(buf)
@@ -4252,7 +4243,7 @@ bitflags! {
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl273))] {
+ if #[cfg(any(boringssl, ossl110, libressl273, awslc))] {
use ffi::{SSL_CTX_up_ref, SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server};
} else {
#[allow(bad_style)]
@@ -4310,8 +4301,8 @@ cfg_if! {
}
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl291))] {
- use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method};
+ if #[cfg(any(boringssl, ossl110, libressl291, awslc))] {
+ use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method, DTLS_server_method, DTLS_client_method};
} else {
use ffi::{
SSLv23_method as TLS_method, DTLSv1_method as DTLS_method, SSLv23_client_method as TLS_client_method,
@@ -4350,7 +4341,7 @@ cfg_if! {
static ONCE: Once = Once::new();
ONCE.call_once(|| {
cfg_if! {
- if #[cfg(not(boringssl))] {
+ if #[cfg(not(any(boringssl, awslc)))] {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, None);
} else {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None);
@@ -4359,7 +4350,7 @@ cfg_if! {
});
cfg_if! {
- if #[cfg(not(boringssl))] {
+ if #[cfg(not(any(boringssl, awslc)))] {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f))
} else {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, f)
@@ -4371,15 +4362,15 @@ cfg_if! {
// hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest
static ONCE: Once = Once::new();
ONCE.call_once(|| {
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, None);
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None);
});
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
return ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f));
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
return ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, f);
}
}
diff --git a/vendor/openssl/src/ssl/test/mod.rs b/vendor/openssl/src/ssl/test/mod.rs
index a98bc564..69b947b9 100644
--- a/vendor/openssl/src/ssl/test/mod.rs
+++ b/vendor/openssl/src/ssl/test/mod.rs
@@ -17,7 +17,7 @@ use std::time::Duration;
use crate::dh::Dh;
use crate::error::ErrorStack;
use crate::hash::MessageDigest;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::ocsp::{OcspResponse, OcspResponseStatus};
use crate::pkey::{Id, PKey};
use crate::srtp::SrtpProfileId;
@@ -264,7 +264,7 @@ fn set_ctx_options() {
}
#[test]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
fn clear_ctx_options() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_options(SslOptions::ALL);
@@ -309,17 +309,19 @@ fn pending() {
#[test]
fn state() {
+ const EXPECTED_STATE_STRING_LONG: &str = "SSL negotiation finished successfully";
+
let server = Server::builder().build();
let s = server.client().connect();
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
assert_eq!(s.ssl().state_string().trim(), "SSLOK");
#[cfg(boringssl)]
assert_eq!(s.ssl().state_string(), "!!!!!!");
- assert_eq!(
- s.ssl().state_string_long(),
- "SSL negotiation finished successfully"
- );
+ #[cfg(awslc)]
+ assert_eq!(s.ssl().state_string(), EXPECTED_STATE_STRING_LONG);
+
+ assert_eq!(s.ssl().state_string_long(), EXPECTED_STATE_STRING_LONG);
}
// when a connection uses ECDHE P-384 key exchange, then the temp key APIs
@@ -502,7 +504,7 @@ fn test_connect_with_srtp_ssl() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
#[test]
-#[cfg(any(ossl102, libressl261))]
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
fn test_alpn_server_advertise_multiple() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
@@ -517,7 +519,7 @@ fn test_alpn_server_advertise_multiple() {
}
#[test]
-#[cfg(ossl110)]
+#[cfg(any(ossl110, boringssl, awslc))]
fn test_alpn_server_select_none_fatal() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
@@ -533,7 +535,7 @@ fn test_alpn_server_select_none_fatal() {
}
#[test]
-#[cfg(any(ossl102, libressl261))]
+#[cfg(any(ossl102, libressl261, boringssl, awslc))]
fn test_alpn_server_select_none() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
@@ -552,7 +554,7 @@ fn test_alpn_server_select_none() {
}
#[test]
-#[cfg(any(boringssl, ossl102, libressl261))]
+#[cfg(any(boringssl, ossl102, libressl261, awslc))]
fn test_alpn_server_unilateral() {
let server = Server::builder().build();
@@ -967,7 +969,7 @@ fn cert_store() {
}
#[test]
-#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl), ignore)]
+#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)]
fn tmp_dh_callback() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
@@ -1015,7 +1017,7 @@ fn tmp_ecdh_callback() {
}
#[test]
-#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl), ignore)]
+#[cfg_attr(any(all(libressl321, not(libressl340)), boringssl, awslc), ignore)]
fn tmp_dh_callback_ssl() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
@@ -1094,7 +1096,7 @@ fn active_session() {
}
#[test]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
fn status_callbacks() {
static CALLED_BACK_SERVER: AtomicBool = AtomicBool::new(false);
static CALLED_BACK_CLIENT: AtomicBool = AtomicBool::new(false);
@@ -1367,20 +1369,20 @@ fn stateless() {
pub struct Outgoing<'a>(&'a mut Vec<u8>);
- impl<'a> Drop for Outgoing<'a> {
+ impl Drop for Outgoing<'_> {
fn drop(&mut self) {
self.0.clear();
}
}
- impl<'a> ::std::ops::Deref for Outgoing<'a> {
+ impl ::std::ops::Deref for Outgoing<'_> {
type Target = [u8];
fn deref(&self) -> &[u8] {
self.0
}
}
- impl<'a> AsRef<[u8]> for Outgoing<'a> {
+ impl AsRef<[u8]> for Outgoing<'_> {
fn as_ref(&self) -> &[u8] {
self.0
}
@@ -1460,7 +1462,7 @@ fn psk_ciphers() {
let mut client = server.client();
// This test relies on TLS 1.2 suites
- #[cfg(any(boringssl, ossl111))]
+ #[cfg(any(boringssl, ossl111, awslc))]
client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
client.ctx().set_cipher_list(CIPHER).unwrap();
client
diff --git a/vendor/openssl/src/stack.rs b/vendor/openssl/src/stack.rs
index 58acac61..9861f87c 100644
--- a/vendor/openssl/src/stack.rs
+++ b/vendor/openssl/src/stack.rs
@@ -14,7 +14,7 @@ use crate::util::ForeignTypeExt;
use crate::{cvt, cvt_p, LenType};
cfg_if! {
- if #[cfg(any(ossl110, boringssl))] {
+ if #[cfg(any(ossl110, boringssl, awslc))] {
use ffi::{
OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK,
OPENSSL_sk_new_null, OPENSSL_sk_push,
@@ -343,7 +343,7 @@ impl<'a, T: Stackable> DoubleEndedIterator for Iter<'a, T> {
}
}
-impl<'a, T: Stackable> ExactSizeIterator for Iter<'a, T> {}
+impl<T: Stackable> ExactSizeIterator for Iter<'_, T> {}
/// A mutable iterator over the stack's contents.
pub struct IterMut<'a, T: Stackable> {
@@ -377,4 +377,4 @@ impl<'a, T: Stackable> DoubleEndedIterator for IterMut<'a, T> {
}
}
-impl<'a, T: Stackable> ExactSizeIterator for IterMut<'a, T> {}
+impl<T: Stackable> ExactSizeIterator for IterMut<'_, T> {}
diff --git a/vendor/openssl/src/string.rs b/vendor/openssl/src/string.rs
index 95494b56..55b33623 100644
--- a/vendor/openssl/src/string.rs
+++ b/vendor/openssl/src/string.rs
@@ -80,13 +80,13 @@ impl fmt::Debug for OpensslStringRef {
}
#[inline]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
unsafe fn free(buf: *mut c_char) {
ffi::OPENSSL_free(buf as *mut c_void);
}
#[inline]
-#[cfg(boringssl)]
+#[cfg(any(boringssl, awslc))]
unsafe fn free(buf: *mut c_char) {
ffi::CRYPTO_free(
buf as *mut c_void,
diff --git a/vendor/openssl/src/symm.rs b/vendor/openssl/src/symm.rs
index 0aae69db..4675772f 100644
--- a/vendor/openssl/src/symm.rs
+++ b/vendor/openssl/src/symm.rs
@@ -57,6 +57,7 @@ use crate::error::ErrorStack;
use crate::nid::Nid;
use cfg_if::cfg_if;
use foreign_types::ForeignTypeRef;
+use openssl_macros::corresponds;
#[derive(Copy, Clone)]
pub enum Mode {
@@ -74,10 +75,7 @@ pub struct Cipher(*const ffi::EVP_CIPHER);
impl Cipher {
/// Looks up the cipher for a certain nid.
- ///
- /// This corresponds to [`EVP_get_cipherbynid`]
- ///
- /// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/manmaster/crypto/EVP_get_cipherbyname.html
+ #[corresponds(EVP_get_cipherbynid)]
pub fn from_nid(nid: Nid) -> Option<Cipher> {
let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
if ptr.is_null() {
@@ -88,10 +86,7 @@ impl Cipher {
}
/// Returns the cipher's Nid.
- ///
- /// This corresponds to [`EVP_CIPHER_nid`]
- ///
- /// [`EVP_CIPHER_nid`]: https://www.openssl.org/docs/manmaster/crypto/EVP_CIPHER_nid.html
+ #[corresponds(EVP_CIPHER_nid)]
pub fn nid(&self) -> Nid {
let nid = unsafe { ffi::EVP_CIPHER_nid(self.0) };
Nid::from_raw(nid)
@@ -105,7 +100,7 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_aes_128_cbc()) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn aes_128_xts() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_xts()) }
}
@@ -177,7 +172,7 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_aes_192_gcm()) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn aes_192_ccm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ccm()) }
}
@@ -282,17 +277,17 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_ecb()) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_cfb64() -> Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_cfb64()) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_cfb8() -> Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_cfb8()) }
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
pub fn des_ede3_ofb() -> Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_ofb()) }
}
@@ -389,7 +384,7 @@ impl Cipher {
}
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))]
+ #[cfg(all(any(ossl110, libressl360, awslc), not(osslconf = "OPENSSL_NO_CHACHA")))]
pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
}
@@ -459,6 +454,16 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_sm4_ofb()) }
}
+ #[cfg(not(osslconf = "OPENSSL_NO_RC2"))]
+ pub fn rc2_cbc() -> Cipher {
+ unsafe { Cipher(ffi::EVP_rc2_cbc()) }
+ }
+
+ #[cfg(not(osslconf = "OPENSSL_NO_RC2"))]
+ pub fn rc2_40_cbc() -> Cipher {
+ unsafe { Cipher(ffi::EVP_rc2_40_cbc()) }
+ }
+
/// Creates a `Cipher` from a raw pointer to its OpenSSL type.
///
/// # Safety
@@ -504,13 +509,13 @@ impl Cipher {
}
/// Determines whether the cipher is using CCM mode
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn is_ccm(self) -> bool {
// NOTE: OpenSSL returns pointers to static structs, which makes this work as expected
self == Cipher::aes_128_ccm() || self == Cipher::aes_256_ccm()
}
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
fn is_ccm(self) -> bool {
false
}
@@ -911,7 +916,7 @@ pub fn decrypt_aead(
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl273))] {
+ if #[cfg(any(boringssl, ossl110, libressl273, awslc))] {
use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length};
} else {
use crate::LenType;
@@ -1057,7 +1062,7 @@ mod tests {
}
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn cipher_test_nopad(ciphertype: super::Cipher, pt: &str, ct: &str, key: &str, iv: &str) {
let pt = Vec::from_hex(pt).unwrap();
let ct = Vec::from_hex(ct).unwrap();
@@ -1103,7 +1108,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_xts() {
// Test case 174 from
// http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
@@ -1131,7 +1136,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes128_cfb1() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@@ -1144,7 +1149,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes128_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "3b3fd92eb72dad20333449f8e83cfb4a";
@@ -1155,7 +1160,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes128_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9";
@@ -1190,7 +1195,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes192_cfb1() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@@ -1203,7 +1208,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes192_cfb128() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@@ -1216,7 +1221,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes192_cfb8() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@@ -1241,7 +1246,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_cfb1() {
let pt = "6bc1";
let ct = "9029";
@@ -1252,7 +1257,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "dc7e84bfda79164b7ecd8486985d3860";
@@ -1263,7 +1268,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "dc1f1a8520a64db55fcc8ac554844e889700";
@@ -1287,7 +1292,7 @@ mod tests {
#[test]
#[cfg_attr(ossl300, ignore)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_bf_cbc() {
#[cfg(ossl300)]
let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
@@ -1304,7 +1309,7 @@ mod tests {
#[test]
#[cfg_attr(ossl300, ignore)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_bf_ecb() {
#[cfg(ossl300)]
let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
@@ -1319,7 +1324,7 @@ mod tests {
#[test]
#[cfg_attr(ossl300, ignore)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_bf_cfb64() {
#[cfg(ossl300)]
let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
@@ -1334,7 +1339,7 @@ mod tests {
#[test]
#[cfg_attr(ossl300, ignore)]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_bf_ofb() {
#[cfg(ossl300)]
let _provider = crate::provider::Provider::try_load(None, "legacy", true).unwrap();
@@ -1394,7 +1399,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_des_ede3_cfb64() {
let pt = "2b1773784b5889dc788477367daa98ad";
let ct = "6f2867cfefda048a4046ef7e556c7132";
@@ -1441,7 +1446,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes128_ccm() {
let key = "3ee186594f110fb788a8bf8aa8be5d4a";
let nonce = "44f705d52acf27b7f17196aa9b";
@@ -1478,7 +1483,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes128_ccm_verify_fail() {
let key = "3ee186594f110fb788a8bf8aa8be5d4a";
let nonce = "44f705d52acf27b7f17196aa9b";
@@ -1499,7 +1504,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_ccm() {
let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d";
let nonce = "dde2a362ce81b2b6913abc3095";
@@ -1536,7 +1541,7 @@ mod tests {
}
#[test]
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
fn test_aes256_ccm_verify_fail() {
let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d";
let nonce = "dde2a362ce81b2b6913abc3095";
@@ -1628,7 +1633,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110, libressl360))]
+ #[cfg(any(ossl110, libressl360, awslc))]
fn test_chacha20_poly1305() {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";
diff --git a/vendor/openssl/src/util.rs b/vendor/openssl/src/util.rs
index d852a4b9..c903a320 100644
--- a/vendor/openssl/src/util.rs
+++ b/vendor/openssl/src/util.rs
@@ -1,4 +1,5 @@
use crate::error::ErrorStack;
+use crate::util;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_char, c_int, c_void};
use std::any::Any;
@@ -49,7 +50,7 @@ where
let callback = &mut *(cb_state as *mut CallbackState<F>);
let result = panic::catch_unwind(AssertUnwindSafe(|| {
- let pass_slice = slice::from_raw_parts_mut(buf as *mut u8, size as usize);
+ let pass_slice = util::from_raw_parts_mut(buf as *mut u8, size as usize);
callback.cb.take().unwrap()(pass_slice)
}));
@@ -91,3 +92,27 @@ pub trait ForeignTypeRefExt: ForeignTypeRef {
}
}
impl<FT: ForeignTypeRef> ForeignTypeRefExt for FT {}
+
+/// The same as `slice::from_raw_parts`, except that `data` may be `NULL` if
+/// `len` is 0.
+pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
+ if len == 0 {
+ &[]
+ } else {
+ // Using this to implement the preferred API
+ #[allow(clippy::disallowed_methods)]
+ slice::from_raw_parts(data, len)
+ }
+}
+
+/// The same as `slice::from_raw_parts_mut`, except that `data` may be `NULL`
+/// if `len` is 0.
+pub unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
+ if len == 0 {
+ &mut []
+ } else {
+ // Using this to implement the preferred API
+ #[allow(clippy::disallowed_methods)]
+ slice::from_raw_parts_mut(data, len)
+ }
+}
diff --git a/vendor/openssl/src/version.rs b/vendor/openssl/src/version.rs
index f1a324c1..aaadd3e4 100644
--- a/vendor/openssl/src/version.rs
+++ b/vendor/openssl/src/version.rs
@@ -111,7 +111,7 @@ fn test_versions() {
println!("Platform: '{}'", platform());
println!("Dir: '{}'", dir());
- #[cfg(not(any(libressl, boringssl)))]
+ #[cfg(not(any(libressl, boringssl, awslc)))]
fn expected_name() -> &'static str {
"OpenSSL"
}
@@ -123,6 +123,10 @@ fn test_versions() {
fn expected_name() -> &'static str {
"BoringSSL"
}
+ #[cfg(awslc)]
+ fn expected_name() -> &'static str {
+ "AWS-LC"
+ }
assert!(number() > 0);
assert!(version().starts_with(expected_name()));
@@ -131,5 +135,4 @@ fn test_versions() {
if !built_on().is_empty() {
assert!(built_on().starts_with("built on:"));
}
- assert!(dir().starts_with("OPENSSLDIR:"));
}
diff --git a/vendor/openssl/src/x509/mod.rs b/vendor/openssl/src/x509/mod.rs
index 05aec9a9..c4e0c5b4 100644
--- a/vendor/openssl/src/x509/mod.rs
+++ b/vendor/openssl/src/x509/mod.rs
@@ -20,7 +20,6 @@ use std::mem;
use std::net::IpAddr;
use std::path::Path;
use std::ptr;
-use std::slice;
use std::str;
use crate::asn1::{
@@ -37,11 +36,11 @@ use crate::pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public};
use crate::ssl::SslRef;
use crate::stack::{Stack, StackRef, Stackable};
use crate::string::OpensslString;
-use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
+use crate::util::{self, ForeignTypeExt, ForeignTypeRefExt};
use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
use openssl_macros::corresponds;
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub mod verify;
pub mod extension;
@@ -136,7 +135,7 @@ impl X509StoreContextRef {
{
struct Cleanup<'a>(&'a mut X509StoreContextRef);
- impl<'a> Drop for Cleanup<'a> {
+ impl Drop for Cleanup<'_> {
fn drop(&mut self) {
unsafe {
ffi::X509_STORE_CTX_cleanup(self.0.as_ptr());
@@ -480,7 +479,7 @@ impl X509Ref {
/// Retrieves the path length extension from a certificate, if it exists.
#[corresponds(X509_get_pathlen)]
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
pub fn pathlen(&self) -> Option<u32> {
let v = unsafe { ffi::X509_get_pathlen(self.as_ptr()) };
u32::try_from(v).ok()
@@ -488,7 +487,7 @@ impl X509Ref {
/// Returns this certificate's subject key id, if it exists.
#[corresponds(X509_get0_subject_key_id)]
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
pub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef> {
unsafe {
let data = ffi::X509_get0_subject_key_id(self.as_ptr());
@@ -498,7 +497,7 @@ impl X509Ref {
/// Returns this certificate's authority key id, if it exists.
#[corresponds(X509_get0_authority_key_id)]
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
pub fn authority_key_id(&self) -> Option<&Asn1OctetStringRef> {
unsafe {
let data = ffi::X509_get0_authority_key_id(self.as_ptr());
@@ -662,7 +661,7 @@ impl X509Ref {
if ptr.is_null() {
None
} else {
- Some(slice::from_raw_parts(ptr, len as usize))
+ Some(util::from_raw_parts(ptr, len as usize))
}
}
}
@@ -874,7 +873,7 @@ impl Eq for X509 {}
/// A context object required to construct certain `X509` extension values.
pub struct X509v3Context<'a>(ffi::X509V3_CTX, PhantomData<(&'a X509Ref, &'a ConfRef)>);
-impl<'a> X509v3Context<'a> {
+impl X509v3Context<'_> {
pub fn as_ptr(&self) -> *mut ffi::X509V3_CTX {
&self.0 as *const _ as *mut _
}
@@ -1086,10 +1085,7 @@ impl X509NameBuilder {
}
/// Add a field entry by str.
- ///
- /// This corresponds to [`X509_NAME_add_entry_by_txt`].
- ///
- /// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html
+ #[corresponds(X509_NAME_add_entry_by_txt)]
pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).unwrap();
@@ -1108,10 +1104,7 @@ impl X509NameBuilder {
}
/// Add a field entry by str with a specific type.
- ///
- /// This corresponds to [`X509_NAME_add_entry_by_txt`].
- ///
- /// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html
+ #[corresponds(X509_NAME_add_entry_by_txt)]
pub fn append_entry_by_text_with_type(
&mut self,
field: &str,
@@ -1135,10 +1128,7 @@ impl X509NameBuilder {
}
/// Add a field entry by NID.
- ///
- /// This corresponds to [`X509_NAME_add_entry_by_NID`].
- ///
- /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
+ #[corresponds(X509_NAME_add_entry_by_NID)]
pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
unsafe {
assert!(value.len() <= crate::SLenType::MAX as usize);
@@ -1156,10 +1146,7 @@ impl X509NameBuilder {
}
/// Add a field entry by NID with a specific type.
- ///
- /// This corresponds to [`X509_NAME_add_entry_by_NID`].
- ///
- /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
+ #[corresponds(X509_NAME_add_entry_by_NID)]
pub fn append_entry_by_nid_with_type(
&mut self,
field: Nid,
@@ -1266,7 +1253,7 @@ impl X509NameRef {
/// Copies the name to a new `X509Name`.
#[corresponds(X509_NAME_dup)]
- #[cfg(any(boringssl, ossl110, libressl270))]
+ #[cfg(any(boringssl, ossl110, libressl270, awslc))]
pub fn to_owned(&self) -> Result<X509Name, ErrorStack> {
unsafe { cvt_p(ffi::X509_NAME_dup(self.as_ptr())).map(|n| X509Name::from_ptr(n)) }
}
@@ -1337,10 +1324,7 @@ foreign_type_and_impl_send_sync! {
impl X509NameEntryRef {
/// Returns the field value of an `X509NameEntry`.
- ///
- /// This corresponds to [`X509_NAME_ENTRY_get_data`].
- ///
- /// [`X509_NAME_ENTRY_get_data`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_data.html
+ #[corresponds(X509_NAME_ENTRY_get_data)]
pub fn data(&self) -> &Asn1StringRef {
unsafe {
let data = ffi::X509_NAME_ENTRY_get_data(self.as_ptr());
@@ -1350,10 +1334,7 @@ impl X509NameEntryRef {
/// Returns the `Asn1Object` value of an `X509NameEntry`.
/// This is useful for finding out about the actual `Nid` when iterating over all `X509NameEntries`.
- ///
- /// This corresponds to [`X509_NAME_ENTRY_get_object`].
- ///
- /// [`X509_NAME_ENTRY_get_object`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_object.html
+ #[corresponds(X509_NAME_ENTRY_get_object)]
pub fn object(&self) -> &Asn1ObjectRef {
unsafe {
let object = ffi::X509_NAME_ENTRY_get_object(self.as_ptr());
@@ -1373,10 +1354,7 @@ pub struct X509ReqBuilder(X509Req);
impl X509ReqBuilder {
/// Returns a builder for a certificate request.
- ///
- /// This corresponds to [`X509_REQ_new`].
- ///
- ///[`X509_REQ_new`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_new.html
+ #[corresponds(X509_REQ_new)]
pub fn new() -> Result<X509ReqBuilder, ErrorStack> {
unsafe {
ffi::init();
@@ -1385,10 +1363,7 @@ impl X509ReqBuilder {
}
/// Set the numerical value of the version field.
- ///
- /// This corresponds to [`X509_REQ_set_version`].
- ///
- ///[`X509_REQ_set_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_version.html
+ #[corresponds(X509_REQ_set_version)]
#[allow(clippy::useless_conversion)]
pub fn set_version(&mut self, version: i32) -> Result<(), ErrorStack> {
unsafe {
@@ -1401,10 +1376,7 @@ impl X509ReqBuilder {
}
/// Set the issuer name.
- ///
- /// This corresponds to [`X509_REQ_set_subject_name`].
- ///
- /// [`X509_REQ_set_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_subject_name.html
+ #[corresponds(X509_REQ_set_subject_name)]
pub fn set_subject_name(&mut self, subject_name: &X509NameRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_REQ_set_subject_name(
@@ -1416,10 +1388,7 @@ impl X509ReqBuilder {
}
/// Set the public key.
- ///
- /// This corresponds to [`X509_REQ_set_pubkey`].
- ///
- /// [`X509_REQ_set_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_pubkey.html
+ #[corresponds(X509_REQ_set_pubkey)]
pub fn set_pubkey<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
where
T: HasPublic,
@@ -1466,10 +1435,7 @@ impl X509ReqBuilder {
}
/// Sign the request using a private key.
- ///
- /// This corresponds to [`X509_REQ_sign`].
- ///
- /// [`X509_REQ_sign`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_sign.html
+ #[corresponds(X509_REQ_sign)]
pub fn sign<T>(&mut self, key: &PKeyRef<T>, hash: MessageDigest) -> Result<(), ErrorStack>
where
T: HasPrivate,
@@ -1562,20 +1528,14 @@ impl X509ReqRef {
}
/// Returns the numerical value of the version field of the certificate request.
- ///
- /// This corresponds to [`X509_REQ_get_version`]
- ///
- /// [`X509_REQ_get_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_version.html
+ #[corresponds(X509_REQ_get_version)]
#[allow(clippy::unnecessary_cast)]
pub fn version(&self) -> i32 {
unsafe { X509_REQ_get_version(self.as_ptr()) as i32 }
}
/// Returns the subject name of the certificate request.
- ///
- /// This corresponds to [`X509_REQ_get_subject_name`]
- ///
- /// [`X509_REQ_get_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_subject_name.html
+ #[corresponds(X509_REQ_get_subject_name)]
pub fn subject_name(&self) -> &X509NameRef {
unsafe {
let name = X509_REQ_get_subject_name(self.as_ptr());
@@ -1584,10 +1544,7 @@ impl X509ReqRef {
}
/// Returns the public key of the certificate request.
- ///
- /// This corresponds to [`X509_REQ_get_pubkey"]
- ///
- /// [`X509_REQ_get_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_pubkey.html
+ #[corresponds(X509_REQ_get_pubkey)]
pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack> {
unsafe {
let key = cvt_p(ffi::X509_REQ_get_pubkey(self.as_ptr()))?;
@@ -1598,10 +1555,7 @@ impl X509ReqRef {
/// Check if the certificate request is signed using the given public key.
///
/// Returns `true` if verification succeeds.
- ///
- /// This corresponds to [`X509_REQ_verify"].
- ///
- /// [`X509_REQ_verify`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_verify.html
+ #[corresponds(X509_REQ_verify)]
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>
where
T: HasPublic,
@@ -1610,8 +1564,7 @@ impl X509ReqRef {
}
/// Returns the extensions of the certificate request.
- ///
- /// This corresponds to [`X509_REQ_get_extensions"]
+ #[corresponds(X509_REQ_get_extensions)]
pub fn extensions(&self) -> Result<Stack<X509Extension>, ErrorStack> {
unsafe {
let extensions = cvt_p(ffi::X509_REQ_get_extensions(self.as_ptr()))?;
@@ -1682,7 +1635,7 @@ impl X509RevokedRef {
/// Copies the entry to a new `X509Revoked`.
#[corresponds(X509_NAME_dup)]
- #[cfg(any(boringssl, ossl110, libressl270))]
+ #[cfg(any(boringssl, ossl110, libressl270, awslc))]
pub fn to_owned(&self) -> Result<X509Revoked, ErrorStack> {
unsafe { cvt_p(ffi::X509_REVOKED_dup(self.as_ptr())).map(|n| X509Revoked::from_ptr(n)) }
}
@@ -2013,10 +1966,7 @@ impl X509VerifyResult {
}
/// Return a human readable error string from the verification error.
- ///
- /// This corresponds to [`X509_verify_cert_error_string`].
- ///
- /// [`X509_verify_cert_error_string`]: https://www.openssl.org/docs/manmaster/crypto/X509_verify_cert_error_string.html
+ #[corresponds(X509_verify_cert_error_string)]
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn error_string(&self) -> &'static str {
ffi::init();
@@ -2056,11 +2006,11 @@ impl GeneralName {
let s = cvt_p(ffi::ASN1_STRING_type_new(asn1_type.as_raw()))?;
ffi::ASN1_STRING_set(s, value.as_ptr().cast(), value.len().try_into().unwrap());
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
{
(*gn.as_ptr()).d.ptr = s.cast();
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
{
(*gn.as_ptr()).d = s.cast();
}
@@ -2097,11 +2047,11 @@ impl GeneralName {
let gn = cvt_p(ffi::GENERAL_NAME_new())?;
(*gn).type_ = ffi::GEN_RID;
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
{
(*gn).d.registeredID = oid.as_ptr();
}
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
{
(*gn).d = oid.as_ptr().cast();
}
@@ -2148,16 +2098,16 @@ impl GeneralNameRef {
return None;
}
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let d = (*self.as_ptr()).d.ptr;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let d = (*self.as_ptr()).d;
let ptr = ASN1_STRING_get0_data(d as *mut _);
let len = ffi::ASN1_STRING_length(d as *mut _);
#[allow(clippy::unnecessary_cast)]
- let slice = slice::from_raw_parts(ptr as *const u8, len as usize);
+ let slice = util::from_raw_parts(ptr as *const u8, len as usize);
// IA5Strings are stated to be ASCII (specifically IA5). Hopefully
// OpenSSL checks that when loading a certificate but if not we'll
// use this instead of from_utf8_unchecked just in case.
@@ -2177,9 +2127,9 @@ impl GeneralNameRef {
return None;
}
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let d = (*self.as_ptr()).d.ptr;
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let d = (*self.as_ptr()).d;
Some(X509NameRef::from_const_ptr(d as *const _))
@@ -2202,16 +2152,16 @@ impl GeneralNameRef {
if (*self.as_ptr()).type_ != ffi::GEN_IPADD {
return None;
}
- #[cfg(boringssl)]
+ #[cfg(any(boringssl, awslc))]
let d: *const ffi::ASN1_STRING = std::mem::transmute((*self.as_ptr()).d);
- #[cfg(not(boringssl))]
+ #[cfg(not(any(boringssl, awslc)))]
let d = (*self.as_ptr()).d;
let ptr = ASN1_STRING_get0_data(d as *mut _);
let len = ffi::ASN1_STRING_length(d as *mut _);
#[allow(clippy::unnecessary_cast)]
- Some(slice::from_raw_parts(ptr as *const u8, len as usize))
+ Some(util::from_raw_parts(ptr as *const u8, len as usize))
}
}
}
@@ -2356,7 +2306,7 @@ impl Stackable for X509Object {
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl273))] {
+ if #[cfg(any(boringssl, ossl110, libressl273, awslc))] {
use ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature};
} else {
#[allow(bad_style)]
@@ -2397,7 +2347,7 @@ cfg_if! {
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl350))] {
+ if #[cfg(any(boringssl, ossl110, libressl350, awslc))] {
use ffi::{
X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter,
X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name,
@@ -2437,7 +2387,7 @@ cfg_if! {
}
cfg_if! {
- if #[cfg(any(ossl110, boringssl, libressl270))] {
+ if #[cfg(any(ossl110, boringssl, libressl270, awslc))] {
use ffi::X509_OBJECT_get0_X509;
} else {
#[allow(bad_style)]
@@ -2452,7 +2402,7 @@ cfg_if! {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl350, boringssl))] {
+ if #[cfg(any(ossl110, libressl350, boringssl, awslc))] {
use ffi::X509_OBJECT_free;
} else {
#[allow(bad_style)]
@@ -2464,7 +2414,7 @@ cfg_if! {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl350, boringssl))] {
+ if #[cfg(any(ossl110, libressl350, boringssl, awslc))] {
use ffi::{
X509_CRL_get_issuer, X509_CRL_get0_nextUpdate, X509_CRL_get0_lastUpdate,
X509_CRL_get_REVOKED,
@@ -2545,13 +2495,14 @@ impl X509PurposeRef {
/// - "any",
/// - "ocsphelper",
/// - "timestampsign"
+ ///
/// The index can be used with `X509PurposeRef::from_idx()` to get the purpose.
#[allow(clippy::unnecessary_cast)]
pub fn get_by_sname(sname: &str) -> Result<c_int, ErrorStack> {
unsafe {
let sname = CString::new(sname).unwrap();
cfg_if! {
- if #[cfg(any(ossl110, libressl280, boringssl))] {
+ if #[cfg(any(ossl110, libressl280, boringssl, awslc))] {
let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *const _))?;
} else {
let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?;
@@ -2583,7 +2534,7 @@ impl X509PurposeRef {
pub fn purpose(&self) -> X509PurposeId {
unsafe {
cfg_if! {
- if #[cfg(any(ossl110, libressl280, boringssl))] {
+ if #[cfg(any(ossl110, libressl280, boringssl, awslc))] {
let x509_purpose = self.as_ptr() as *const ffi::X509_PURPOSE;
} else {
let x509_purpose = self.as_ptr() as *mut ffi::X509_PURPOSE;
diff --git a/vendor/openssl/src/x509/store.rs b/vendor/openssl/src/x509/store.rs
index 3a173bea..ad62ac72 100644
--- a/vendor/openssl/src/x509/store.rs
+++ b/vendor/openssl/src/x509/store.rs
@@ -46,20 +46,20 @@ use foreign_types::{ForeignType, ForeignTypeRef};
use std::mem;
use crate::error::ErrorStack;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::ssl::SslFiletype;
#[cfg(ossl300)]
use crate::stack::Stack;
use crate::stack::StackRef;
use crate::util::ForeignTypeRefExt;
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
use crate::x509::{X509Object, X509PurposeId, X509};
use crate::{cvt, cvt_p};
use openssl_macros::corresponds;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use std::ffi::CString;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use std::path::Path;
foreign_type_and_impl_send_sync! {
@@ -123,7 +123,7 @@ impl X509StoreBuilderRef {
/// Sets certificate chain validation related flags.
#[corresponds(X509_STORE_set_flags)]
- #[cfg(any(ossl102, boringssl, libressl261))]
+ #[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) }
}
@@ -137,7 +137,7 @@ impl X509StoreBuilderRef {
/// Sets certificate chain validation related parameters.
#[corresponds[X509_STORE_set1_param]]
- #[cfg(any(ossl102, boringssl, libressl261))]
+ #[cfg(any(ossl102, boringssl, libressl261, awslc))]
pub fn set_param(&mut self, param: &X509VerifyParamRef) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_STORE_set1_param(self.as_ptr(), param.as_ptr())).map(|_| ()) }
}
@@ -170,7 +170,7 @@ impl X509Lookup<HashDir> {
}
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
impl X509LookupRef<HashDir> {
/// Specifies a directory from which certificates and CRLs will be loaded
/// on-demand. Must be used with `X509Lookup::hash_dir`.
@@ -202,7 +202,7 @@ impl X509Lookup<File> {
}
}
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
impl X509LookupRef<File> {
/// Specifies a file from which certificates will be loaded
#[corresponds(X509_load_cert_file)]
@@ -284,7 +284,7 @@ impl X509StoreRef {
}
cfg_if! {
- if #[cfg(any(boringssl, ossl110, libressl270))] {
+ if #[cfg(any(boringssl, ossl110, libressl270, awslc))] {
use ffi::X509_STORE_get0_objects;
} else {
#[allow(bad_style)]
diff --git a/vendor/openssl/src/x509/tests.rs b/vendor/openssl/src/x509/tests.rs
index 25c2da01..e11f8bf2 100644
--- a/vendor/openssl/src/x509/tests.rs
+++ b/vendor/openssl/src/x509/tests.rs
@@ -6,21 +6,21 @@ use crate::hash::MessageDigest;
use crate::nid::Nid;
use crate::pkey::{PKey, Private};
use crate::rsa::Rsa;
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::ssl::SslFiletype;
use crate::stack::Stack;
use crate::x509::extension::{
AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName,
SubjectKeyIdentifier,
};
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
use crate::x509::store::X509Lookup;
use crate::x509::store::X509StoreBuilder;
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
use crate::x509::verify::{X509VerifyFlags, X509VerifyParam};
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
use crate::x509::X509PurposeId;
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
use crate::x509::X509PurposeRef;
#[cfg(ossl110)]
use crate::x509::{CrlReason, X509Builder};
@@ -31,7 +31,7 @@ use crate::x509::{
#[cfg(ossl110)]
use foreign_types::ForeignType;
use hex::{self, FromHex};
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
use libc::time_t;
use super::{AuthorityInformationAccess, CertificateIssuer, ReasonCode};
@@ -58,10 +58,10 @@ fn test_debug() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
let debugged = format!("{:#?}", cert);
- #[cfg(boringssl)]
- assert!(debugged.contains(r#"serial_number: "8771f7bdee982fa5""#));
- #[cfg(not(boringssl))]
- assert!(debugged.contains(r#"serial_number: "8771F7BDEE982FA5""#));
+ assert!(
+ debugged.contains(r#"serial_number: "8771F7BDEE982FA5""#)
+ || debugged.contains(r#"serial_number: "8771f7bdee982fa5""#)
+ );
assert!(debugged.contains(r#"signature_algorithm: sha256WithRSAEncryption"#));
assert!(debugged.contains(r#"countryName = "AU""#));
assert!(debugged.contains(r#"stateOrProvinceName = "Some-State""#));
@@ -172,7 +172,7 @@ fn test_subject_alt_name() {
}
#[test]
-#[cfg(any(ossl110, boringssl))]
+#[cfg(any(ossl110, boringssl, awslc))]
fn test_retrieve_pathlen() {
let cert = include_bytes!("../../test/root-ca.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -188,7 +188,7 @@ fn test_retrieve_pathlen() {
}
#[test]
-#[cfg(any(ossl110, boringssl))]
+#[cfg(any(ossl110, boringssl, awslc))]
fn test_subject_key_id() {
let cert = include_bytes!("../../test/certv3.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -201,7 +201,7 @@ fn test_subject_key_id() {
}
#[test]
-#[cfg(any(ossl110, boringssl))]
+#[cfg(any(ossl110, boringssl, awslc))]
fn test_authority_key_id() {
let cert = include_bytes!("../../test/certv3.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -557,7 +557,7 @@ fn test_verify_fails() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_fails_with_crl_flag_set_and_no_crl() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -584,7 +584,7 @@ fn test_verify_fails_with_crl_flag_set_and_no_crl() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_cert_with_purpose() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -611,7 +611,7 @@ fn test_verify_cert_with_purpose() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_cert_with_wrong_purpose_fails() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -836,7 +836,7 @@ fn test_name_cmp() {
}
#[test]
-#[cfg(any(boringssl, ossl110, libressl270))]
+#[cfg(any(boringssl, ossl110, libressl270, awslc))]
fn test_name_to_owned() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -846,7 +846,7 @@ fn test_name_to_owned() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_param_set_time_fails_verification() {
const TEST_T_2030: time_t = 1893456000;
@@ -877,7 +877,7 @@ fn test_verify_param_set_time_fails_verification() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_param_set_time() {
const TEST_T_2020: time_t = 1577836800;
@@ -901,7 +901,7 @@ fn test_verify_param_set_time() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
fn test_verify_param_set_depth() {
let cert = include_bytes!("../../test/leaf.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -928,7 +928,7 @@ fn test_verify_param_set_depth() {
}
#[test]
-#[cfg(any(ossl102, boringssl, libressl261))]
+#[cfg(any(ossl102, boringssl, libressl261, awslc))]
#[allow(clippy::bool_to_int_with_if)]
fn test_verify_param_set_depth_fails_verification() {
let cert = include_bytes!("../../test/leaf.pem");
@@ -944,7 +944,11 @@ fn test_verify_param_set_depth_fails_verification() {
store_bldr.add_cert(ca).unwrap();
let mut verify_params = X509VerifyParam::new().unwrap();
// OpenSSL 1.1.0+ considers the root certificate to not be part of the chain, while 1.0.2 and LibreSSL do
- let expected_depth = if cfg!(any(ossl110, boringssl)) { 0 } else { 1 };
+ let expected_depth = if cfg!(any(ossl110, boringssl, awslc)) {
+ 0
+ } else {
+ 1
+ };
verify_params.set_depth(expected_depth);
store_bldr.set_param(&verify_params).unwrap();
let store = store_bldr.build();
@@ -970,7 +974,7 @@ fn test_verify_param_set_depth_fails_verification() {
}
#[test]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
fn test_load_cert_file() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -1003,7 +1007,7 @@ fn test_verify_param_auth_level() {
}
#[test]
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
fn test_set_purpose() {
let cert = include_bytes!("../../test/leaf.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -1028,7 +1032,7 @@ fn test_set_purpose() {
}
#[test]
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
fn test_set_purpose_fails_verification() {
let cert = include_bytes!("../../test/leaf.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -1081,7 +1085,7 @@ fn test_add_name_entry() {
}
#[test]
-#[cfg(not(boringssl))]
+#[cfg(not(any(boringssl, awslc)))]
fn test_load_crl_file_fail() {
let mut store_bldr = X509StoreBuilder::new().unwrap();
let lookup = store_bldr.add_lookup(X509Lookup::file()).unwrap();
diff --git a/vendor/openssl/src/x509/verify.rs b/vendor/openssl/src/x509/verify.rs
index 2cde93f2..b719c695 100644
--- a/vendor/openssl/src/x509/verify.rs
+++ b/vendor/openssl/src/x509/verify.rs
@@ -4,7 +4,7 @@ use libc::{c_int, c_uint, c_ulong, time_t};
use std::net::IpAddr;
use crate::error::ErrorStack;
-#[cfg(any(ossl102, boringssl))]
+#[cfg(any(ossl102, boringssl, awslc))]
use crate::x509::X509PurposeId;
use crate::{cvt, cvt_p};
use openssl_macros::corresponds;
@@ -48,7 +48,7 @@ bitflags! {
const EXTENDED_CRL_SUPPORT = ffi::X509_V_FLAG_EXTENDED_CRL_SUPPORT as _;
const USE_DELTAS = ffi::X509_V_FLAG_USE_DELTAS as _;
const CHECK_SS_SIGNATURE = ffi::X509_V_FLAG_CHECK_SS_SIGNATURE as _;
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
const TRUSTED_FIRST = ffi::X509_V_FLAG_TRUSTED_FIRST as _;
#[cfg(ossl102)]
const SUITEB_128_LOS_ONLY = ffi::X509_V_FLAG_SUITEB_128_LOS_ONLY;
@@ -56,11 +56,11 @@ bitflags! {
const SUITEB_192_LOS = ffi::X509_V_FLAG_SUITEB_128_LOS;
#[cfg(ossl102)]
const SUITEB_128_LOS = ffi::X509_V_FLAG_SUITEB_192_LOS;
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
const PARTIAL_CHAIN = ffi::X509_V_FLAG_PARTIAL_CHAIN as _;
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
const NO_ALT_CHAINS = ffi::X509_V_FLAG_NO_ALT_CHAINS as _;
- #[cfg(any(ossl110, boringssl))]
+ #[cfg(any(ossl110, boringssl, awslc))]
const NO_CHECK_TIME = ffi::X509_V_FLAG_NO_CHECK_TIME as _;
}
}
@@ -208,7 +208,7 @@ impl X509VerifyParamRef {
/// Sets the verification purpose
#[corresponds(X509_VERIFY_PARAM_set_purpose)]
- #[cfg(any(ossl102, boringssl))]
+ #[cfg(any(ossl102, boringssl, awslc))]
pub fn set_purpose(&mut self, purpose: X509PurposeId) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_VERIFY_PARAM_set_purpose(self.as_ptr(), purpose.0)).map(|_| ()) }
}
diff --git a/vendor/openssl/test/corrupted-rsa.pem b/vendor/openssl/test/corrupted-rsa.pem
new file mode 100644
index 00000000..fa2cc3b1
--- /dev/null
+++ b/vendor/openssl/test/corrupted-rsa.pem
@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyiHMQLLOSG6T6
+AYpMTJj9f4WzXQF0+T0Ri/Mk6vcJMQdnLMrlEMIJA/4iCn32zvpQ0raYcuZZoyso
+/Svqg7tAeC3aQ/iFopYWfaR+SDMEnpKMl26qwiIxlPcj9J8hAQw/9WA7YneBXq+T
+ypONX4EeDn+bsp/mSNSZKYJBmwXevQ9xbnOOxmBrVd5OS07ZwYuQXy8uVsYe4IXX
+7/F+BIyULnIlUxRcVRjKp9++PeS53KLJX04H6HeqUiWC8Ntd+DuD3df0a067L38o
+sc+CVzwKXqvh75RwlXCR4/B3D9qEqSYmY7lxp9vA3hirWcSJn0xUIbHb7q1hzE0H
+rL65mLwnAgMBAAECggEADePYJpKBGBAm35KTcB3ngJWAJp/I92ZVbieNb7peJOzC
+btsJIBWT2xVgm2+7NCK5+Tl486xrfTQuLUlhNiTbQof3HUumKr4nCjHqmdlD1YtW
+yzG+7kceAkMyOoMThwL+Bn3bPP42CQPVCjJmahyGPvs8H2DK2E+jRr/4KTgxQTki
+s/MXmJa4+xhvfF4CmFVj8imkKCyUTFoaqvYevHDMrJ3cohXFONBPv0MT8X/Y0sgw
+UVaZ1aw3dbLC2PBpZFotILGxch2rODXgOcer/GBC41aGQTBB8mLPwKb6KMh0xdPd
+1E5NwyODA3YJ6W3fGe8WE0MIHoYlOkX+ukf4W4+U0wKBgQDhueBkZwrd1HdhqwhG
+QKt1/itCx24Go75G/+5vJUCB4bcdaJP49aH0/H4BiSsKI8r+GVsVJcrKP8h3tgjw
+hhuLLPSaWi9TiUsWeDTw0JrAJc7w6hwL1EYbnwcto5mRQdbfugitlkhh17yUmgdj
+gczAKLfV3igxslnR67iNOEYrlwKBgQDKejyWNnxhBJoXerpR/hijoXhMaHqV6Z7T
+gUy6F0BiJ5CqN+TOTaC17CEnsMmI28o1rWJ6bIKwOUPFXOE9Z5gyxuIJhY9M8n30
+iwm/Ug2oBTFAdZQyyCuCmPiNURnGo+Hhu1EtVwMWLt3Z0L+/DdI6pgPX8mG0NNZm
++pS96Lg9owKBgHOzCslr5638kZSGTh90Vm6McTAxeLv+gjFyTYy6022/fFSenfom
+LXWdVhkDbgQshIfqBz23uVIhj2eM7tgaZVPZHydewpNW9B34T2qAAlIrDv99gBKw
+I59UzCEgkj5aOQFEId6YAVHlesvQh6kBhymXtWLyFDgk6tUmtdns1krRAoGBAJj0
+pnhDSMpxk4ZRLBdsgGh8PkhaVOCSz2yvrKqXjgeYI+yytKI0ekdzzcgSAOzmPGc4
+R8B74G4HlG6vr2eXrp4NKAxRXOOf/A6UShTBg5d99KrhJ8cE9/l8XadDsNkiTC0e
+OECsDqTfWrCExZUqd7neV+D2NWDQ2XaJrXuZJjVJAoGAIGA5ktXIxWIDeXkxo06b
+nHeTEmOAgER/5UIikHnoSAnXo5JNZyFxqoylthWuA1fMPQw/UphAeawDwEXVKp1J
+NEhLUfVAO/p1RBUsQi8LQVoO9Nql5u5dFjqoCnlRv5tbeAAzZH5magZk7/1rOS5T
+Cj7WW2zW+iL20suUmXfCQGU=
+-----END RSA PRIVATE KEY-----
--
2.50.1
