7 files changed, 201 insertions, 12 deletions

diff --git a/lang/rust/Makefile b/lang/rust/Makefile
index cc85847a3726..7c394d37e7dd 100644
--- a/lang/rust/Makefile
+++ b/lang/rust/Makefile
@@ -185,18 +185,19 @@ post-patch:
 		's|cargo-nightly-|cargo-${CARGO_BOOTSTRAP_VERSION_${ARCH}:U${CARGO_BOOTSTRAP_VERSION}}-|' \
 		${WRKSRC}/src/bootstrap/bootstrap.py; \
 	fi
-# `extra-patch-ino64` may be applied. If that's the case, we need to
-# update `.cargo-checksum.json` to reflect the new checksums verified by
-# Cargo.
-	@cd "${WRKSRC}/src/vendor/libc"; \
-	for file in $$(${FIND} * -name "*.orig"); do \
-		old_checksum=$$(${SHA256} -q "$$file"); \
-		new_checksum=$$(${SHA256} -q "$${file%%.orig}"); \
-		regex="$$regex -e s|\"$${file%%.orig}\":\"$$old_checksum\"|\"$${file%%.orig}\":\"$$new_checksum\"|"; \
-	done; \
-	if test "$$regex"; then \
-		${REINPLACE_CMD} -E $$regex .cargo-checksum.json; \
-	fi
+# After patching crates, we need to update their corresponding
+# `.cargo-checksum.json` to reflect the new checksums verified by Cargo.
+	@for dir in "${WRKSRC}/src/vendor/libc" "${WRKSRC}/src/vendor/openssl" "${WRKSRC}/src/vendor/openssl-sys"; do \
+		cd "$$dir"; \
+		for file in $$(${FIND} * -name "*.orig"); do \
+			old_checksum=$$(${SHA256} -q "$$file"); \
+			new_checksum=$$(${SHA256} -q "$${file%%.orig}"); \
+			regex="$$regex -e s|\"$${file%%.orig}\":\"$$old_checksum\"|\"$${file%%.orig}\":\"$$new_checksum\"|"; \
+		done; \
+		if test "$$regex"; then \
+			${REINPLACE_CMD} -E $$regex .cargo-checksum.json; \
+		fi; \
+	done
 # We make a backup of a few files before the FreeBSD 10 autotools
 # fix is applied. We'll need them in `do-configure` to update the
 # `.cargo-checksum.json` files.
diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_build.rs b/lang/rust/files/patch-src_vendor_openssl-sys_build.rs
new file mode 100644
index 000000000000..3c8a74ec11d3
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl-sys_build.rs
@@ -0,0 +1,80 @@
+--- src/vendor/openssl-sys/build.rs.orig	2017-10-10 20:21:44 UTC
++++ src/vendor/openssl-sys/build.rs
+@@ -260,8 +260,12 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Versi
+ #include <openssl/opensslv.h>
+ #include <openssl/opensslconf.h>
+ 
+-#if LIBRESSL_VERSION_NUMBER >= 0x20601000
++#if LIBRESSL_VERSION_NUMBER >= 0x20603000
+ RUST_LIBRESSL_NEW
++#elif LIBRESSL_VERSION_NUMBER >= 0x20602000
++RUST_LIBRESSL_262
++#elif LIBRESSL_VERSION_NUMBER >= 0x20601000
++RUST_LIBRESSL_261
+ #elif LIBRESSL_VERSION_NUMBER >= 0x20600000
+ RUST_LIBRESSL_260
+ #elif LIBRESSL_VERSION_NUMBER >= 0x20506000
+@@ -356,42 +360,63 @@ See rust-openssl README for more information:
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl250");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=250");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_251") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl251");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=251");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_252") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl252");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=252");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_253") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl253");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=253");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_254") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl254");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=254");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_255") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl255");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=255");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_LIBRESSL_260") {
+         println!("cargo:rustc-cfg=libressl");
+         println!("cargo:rustc-cfg=libressl260");
+         println!("cargo:libressl=true");
++        println!("cargo:libressl_version=260");
++        println!("cargo:version=101");
++        Version::Libressl
++    } else if expanded.contains("RUST_LIBRESSL_261") {
++        println!("cargo:rustc-cfg=libressl");
++        println!("cargo:rustc-cfg=libressl261");
++        println!("cargo:libressl=true");
++        println!("cargo:libressl_version=261");
++        println!("cargo:version=101");
++        Version::Libressl
++    } else if expanded.contains("RUST_LIBRESSL_262") {
++        println!("cargo:rustc-cfg=libressl");
++        println!("cargo:rustc-cfg=libressl262");
++        println!("cargo:libressl=true");
++        println!("cargo:libressl_version=262");
+         println!("cargo:version=101");
+         Version::Libressl
+     } else if expanded.contains("RUST_OPENSSL_110F") {
diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs b/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs
new file mode 100644
index 000000000000..1496836ffb0e
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs
@@ -0,0 +1,19 @@
+--- src/vendor/openssl-sys/src/lib.rs.orig	2017-10-10 20:22:00 UTC
++++ src/vendor/openssl-sys/src/lib.rs
+@@ -1210,10 +1210,15 @@ pub const SSL_VERIFY_NONE: c_int = 0;
+ pub const SSL_VERIFY_PEER: c_int = 1;
+ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
+ 
+-#[cfg(not(ossl101))]
++#[cfg(not(any(libressl261, libressl262, ossl101)))]
+ pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
++#[cfg(any(libressl261, libressl262))]
++pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
+ pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
++#[cfg(not(any(libressl261, libressl262)))]
+ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
++#[cfg(any(libressl261, libressl262))]
++pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
+ pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
+ #[cfg(not(libressl))]
+ pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs b/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs
new file mode 100644
index 000000000000..b591c910d2fd
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs
@@ -0,0 +1,22 @@
+--- src/vendor/openssl-sys/src/libressl/mod.rs.orig	2017-10-10 20:22:20 UTC
++++ src/vendor/openssl-sys/src/libressl/mod.rs
+@@ -345,6 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
+ pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
+ pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
+ 
++#[cfg(any(libressl261, libressl262))]
++pub const SSL_OP_ALL: c_ulong = 0x4;
++#[cfg(not(any(libressl261, libressl262)))]
+ pub const SSL_OP_ALL: c_ulong = 0x80000014;
+ pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
+ pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
+@@ -357,6 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong =
+ pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
+ pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
+ pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
++#[cfg(any(libressl261, libressl262))]
++pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
++#[cfg(not(any(libressl261, libressl262)))]
+ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
+ pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
+ pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
diff --git a/lang/rust/files/patch-src_vendor_openssl_build.rs b/lang/rust/files/patch-src_vendor_openssl_build.rs
new file mode 100644
index 000000000000..18f8446dccd5
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl_build.rs
@@ -0,0 +1,13 @@
+--- src/vendor/openssl/build.rs.orig	2017-10-10 20:21:28 UTC
++++ src/vendor/openssl/build.rs
+@@ -20,6 +20,10 @@ fn main() {
+         println!("cargo:rustc-cfg=libressl");
+     }
+ 
++    if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
++        println!("cargo:rustc-cfg=libressl{}", v);
++    }
++
+     if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
+         for var in vars.split(",") {
+             println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
diff --git a/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs b/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs
new file mode 100644
index 000000000000..bca6db1b44cf
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs
@@ -0,0 +1,18 @@
+--- src/vendor/openssl/src/ssl/mod.rs.orig	2017-10-10 20:21:00 UTC
++++ src/vendor/openssl/src/ssl/mod.rs
+@@ -652,6 +652,7 @@ impl SslContextBuilder {
+ 
+     /// Set the protocols to be used during Next Protocol Negotiation (the protocols
+     /// supported by the application).
++    #[cfg(not(any(libressl261, libressl262)))]
+     pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
+         // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
+         // APIs -- a list of length-prefixed strings.
+@@ -1295,6 +1296,7 @@ impl SslRef {
+     ///
+     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
+     /// to interpret it.
++    #[cfg(not(any(libressl261, libressl262)))]
+     pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
+         unsafe {
+             let mut data: *const c_uchar = ptr::null();
diff --git a/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs b/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs
new file mode 100644
index 000000000000..69f33b0d699e
--- /dev/null
+++ b/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs
@@ -0,0 +1,36 @@
+--- src/vendor/openssl/src/ssl/tests/mod.rs.orig	2017-10-10 20:21:13 UTC
++++ src/vendor/openssl/src/ssl/tests/mod.rs
+@@ -564,6 +564,7 @@ fn test_connect_with_unilateral_alpn() {
+ /// Tests that connecting with the client using NPN, but the server not does not
+ /// break the existing connection behavior.
+ #[test]
++#[cfg(not(any(libressl261, libressl262)))]
+ fn test_connect_with_unilateral_npn() {
+     let (_s, stream) = Server::new();
+     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+@@ -676,6 +677,7 @@ fn test_connect_with_npn_successful_single_match() {
+ /// Tests that when the `SslStream` is created as a server stream, the protocols
+ /// are correctly advertised to the client.
+ #[test]
++#[cfg(not(any(libressl261, libressl262)))]
+ fn test_npn_server_advertise_multiple() {
+     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
+     let localhost = listener.local_addr().unwrap();
+@@ -1311,7 +1313,7 @@ fn tmp_dh_callback() {
+ }
+ 
+ #[test]
+-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
+ fn tmp_ecdh_callback() {
+     use ec::EcKey;
+     use nid;
+@@ -1378,7 +1380,7 @@ fn tmp_dh_callback_ssl() {
+ }
+ 
+ #[test]
+-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
+ fn tmp_ecdh_callback_ssl() {
+     use ec::EcKey;
+     use nid;