Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose various APIs necessary for certificate selection logic #240

Merged
merged 10 commits into from
Jun 26, 2024
Merged

Expose various APIs necessary for certificate selection logic #240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b7fea02
Impl From for SslSignatureAlgorithm
rushilmehra Jun 14, 2024
7701d2d
Add NIDs for cipher authentication types
rushilmehra Jun 18, 2024
245adb3
Expose SSL_CIPHER_is_aead and SSL_CIPHER_auth_nid
rushilmehra Jun 18, 2024
fa46409
Add APIs to expose client and server cipher lists
rushilmehra Jun 18, 2024
58a5828
Expose SSL_{get|set}_{max|min}_proto_version
rushilmehra Jun 18, 2024
17870b3
Expose SSL_{set|clear}_mode
rushilmehra Jun 18, 2024
42e7c9d
Expose SSL_add1_chain_cert
rushilmehra Jun 18, 2024
3dcab4b
Expose X509_check_host
rushilmehra Jun 18, 2024
24a359e
clippy: *::max_value() -> *::MAX
rushilmehra Jun 18, 2024
fa5ef54
Fix workflows file, pin mac os FIPS crossbuild runner to macos-13
rushilmehra Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
name: rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Install Rust
run: rustup update stable && rustup default stable
- name: Check formatting
Expand All @@ -27,7 +27,7 @@ jobs:
name: clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust
Expand Down Expand Up @@ -184,7 +184,7 @@ jobs:
extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand Down Expand Up @@ -238,7 +238,7 @@ jobs:
name: Test FIPS integration
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand All @@ -250,7 +250,6 @@ jobs:
version: "12.0.0"
directory: ${{ runner.temp }}/llvm
- name: Install golang
uses: actions/checkout@v4
uses: actions/setup-go@v5
with:
go-version: '>=1.22.0'
Expand Down Expand Up @@ -280,7 +279,7 @@ jobs:
include:
- target: x86_64-unknown-linux-gnu
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand All @@ -298,18 +297,22 @@ jobs:

cross-build-fips:
name: Cross build from macOS to Linux (FIPS)
runs-on: macos-latest
runs-on: macos-13 # Need an Intel (x86_64) runner for Clang 12.0.0
strategy:
matrix:
include:
- target: x86_64-unknown-linux-gnu
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
run: rustup update stable --no-self-update && rustup default stable && rustup target add ${{ matrix.target }}
shell: bash
- name: Install golang
uses: actions/setup-go@v5
with:
go-version: '>=1.22.0'
- name: Install Clang-12
uses: KyleMayes/install-llvm-action@v1
with:
Expand All @@ -335,7 +338,7 @@ jobs:
name: Test features
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand Down
4 changes: 2 additions & 2 deletions boring/src/aes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ impl AesKey {
#[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
pub fn new_encrypt(key: &[u8]) -> Result<AesKey, KeyError> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize / 8);
assert!(key.len() <= c_int::MAX as usize / 8);

let mut aes_key = MaybeUninit::uninit();
let r = ffi::AES_set_encrypt_key(
Expand All @@ -82,7 +82,7 @@ impl AesKey {
#[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
pub fn new_decrypt(key: &[u8]) -> Result<AesKey, KeyError> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize / 8);
assert!(key.len() <= c_int::MAX as usize / 8);

let mut aes_key = MaybeUninit::uninit();
let r = ffi::AES_set_decrypt_key(
Expand Down
4 changes: 2 additions & 2 deletions boring/src/base64.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ use libc::c_int;
///
/// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html
pub fn encode_block(src: &[u8]) -> String {
assert!(src.len() <= c_int::max_value() as usize);
assert!(src.len() <= c_int::MAX as usize);
let src_len = src.len();

let len = encoded_len(src_len).unwrap();
Expand Down Expand Up @@ -48,7 +48,7 @@ pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {
return Ok(vec![]);
}

assert!(src.len() <= c_int::max_value() as usize);
assert!(src.len() <= c_int::MAX as usize);
let src_len = src.len();

let len = decoded_len(src_len).unwrap();
Expand Down
2 changes: 1 addition & 1 deletion boring/src/bio.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ impl<'a> MemBioSlice<'a> {

ffi::init();

assert!(buf.len() <= BufLen::max_value() as usize);
assert!(buf.len() <= BufLen::MAX as usize);
let bio = unsafe {
cvt_p(BIO_new_mem_buf(
buf.as_ptr() as *const _,
Expand Down
6 changes: 3 additions & 3 deletions boring/src/bn.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ impl BigNumRef {
pub fn div_word(&mut self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_div_word(self.as_ptr(), w.into());
if r == ffi::BN_ULONG::max_value() {
if r == ffi::BN_ULONG::MAX {
Err(ErrorStack::get())
} else {
Ok(r.into())
Expand All @@ -176,7 +176,7 @@ impl BigNumRef {
pub fn mod_word(&self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_mod_word(self.as_ptr(), w.into());
if r == ffi::BN_ULONG::max_value() {
if r == ffi::BN_ULONG::MAX {
Err(ErrorStack::get())
} else {
Ok(r.into())
Expand Down Expand Up @@ -987,7 +987,7 @@ impl BigNum {
pub fn from_slice(n: &[u8]) -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
assert!(n.len() <= c_int::max_value() as usize);
assert!(n.len() <= c_int::MAX as usize);
cvt_p(ffi::BN_bin2bn(
n.as_ptr(),
n.len() as size_t,
Expand Down
4 changes: 2 additions & 2 deletions boring/src/ecdsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ impl EcdsaSig {
T: HasPrivate,
{
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
let sig = cvt_p(ffi::ECDSA_do_sign(
data.as_ptr(),
data.len() as size_t,
Expand Down Expand Up @@ -94,7 +94,7 @@ impl EcdsaSigRef {
T: HasPublic,
{
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
cvt_n(ffi::ECDSA_do_verify(
data.as_ptr(),
data.len() as size_t,
Expand Down
4 changes: 2 additions & 2 deletions boring/src/macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ macro_rules! private_key_to_pem {
) -> Result<Vec<u8>, crate::error::ErrorStack> {
unsafe {
let bio = crate::bio::MemBio::new()?;
assert!(passphrase.len() <= ::libc::c_int::max_value() as usize);
assert!(passphrase.len() <= ::libc::c_int::MAX as usize);
cvt($f(bio.as_ptr(),
self.as_ptr(),
cipher.as_ptr(),
Expand Down Expand Up @@ -108,7 +108,7 @@ macro_rules! from_der {
pub fn $n(der: &[u8]) -> Result<$t, crate::error::ErrorStack> {
unsafe {
crate::ffi::init();
let len = ::std::cmp::min(der.len(), <$len_ty>::max_value() as usize) as $len_ty;
let len = ::std::cmp::min(der.len(), <$len_ty>::MAX as usize) as $len_ty;
crate::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len))
.map(|p| ::foreign_types::ForeignType::from_ptr(p))
}
Expand Down
4 changes: 4 additions & 0 deletions boring/src/nid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1050,6 +1050,10 @@ impl Nid {
pub const AES_128_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_128_cbc_hmac_sha1);
pub const AES_192_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_192_cbc_hmac_sha1);
pub const AES_256_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_256_cbc_hmac_sha1);
pub const AUTH_RSA: Nid = Nid(ffi::NID_auth_rsa);
pub const AUTH_ECDSA: Nid = Nid(ffi::NID_auth_ecdsa);
pub const AUTH_PSK: Nid = Nid(ffi::NID_auth_psk);
pub const AUTH_ANY: Nid = Nid(ffi::NID_auth_any);
}

#[cfg(test)]
Expand Down
8 changes: 4 additions & 4 deletions boring/src/pkcs5.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ pub fn bytes_to_key(
count: u32,
) -> Result<KeyIvPair, ErrorStack> {
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
let salt_ptr = match salt {
Some(salt) => {
pub const PKCS5_SALT_LEN: c_int = 8;
Expand Down Expand Up @@ -90,9 +90,9 @@ pub fn pbkdf2_hmac(
key: &mut [u8],
) -> Result<(), ErrorStack> {
unsafe {
assert!(pass.len() <= c_int::max_value() as usize);
assert!(salt.len() <= c_int::max_value() as usize);
assert!(key.len() <= c_int::max_value() as usize);
assert!(pass.len() <= c_int::MAX as usize);
assert!(salt.len() <= c_int::MAX as usize);
assert!(key.len() <= c_int::MAX as usize);

ffi::init();
cvt(ffi::PKCS5_PBKDF2_HMAC(
Expand Down
2 changes: 1 addition & 1 deletion boring/src/pkey.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ impl PKey<Private> {
pub fn private_key_from_pkcs8(der: &[u8]) -> Result<PKey<Private>, ErrorStack> {
unsafe {
ffi::init();
let len = der.len().min(c_long::max_value() as usize) as c_long;
let len = der.len().min(c_long::MAX as usize) as c_long;
let p8inf = cvt_p(ffi::d2i_PKCS8_PRIV_KEY_INFO(
ptr::null_mut(),
&mut der.as_ptr(),
Expand Down
2 changes: 1 addition & 1 deletion boring/src/rand.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ use crate::error::ErrorStack;
pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
unsafe {
ffi::init();
assert!(buf.len() <= c_int::max_value() as usize);
assert!(buf.len() <= c_int::MAX as usize);
cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len())).map(|_| ())
}
}
Expand Down
8 changes: 4 additions & 4 deletions boring/src/rsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand All @@ -178,7 +178,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand Down Expand Up @@ -378,7 +378,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand All @@ -404,7 +404,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand Down
2 changes: 1 addition & 1 deletion boring/src/ssl/bio.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ pub unsafe extern "C" fn take_stream<S>(bio: *mut BIO) -> S {
}

pub unsafe fn set_dtls_mtu_size<S>(bio: *mut BIO, mtu_size: usize) {
if mtu_size as u64 > c_long::max_value() as u64 {
if mtu_size as u64 > c_long::MAX as u64 {
panic!(
"Given MTU size {} can't be represented in a positive `c_long` range",
mtu_size
Expand Down
Loading
Loading