From 67a4c4a209e5e7033fabd123c827be0c868bcd4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-S=C3=A9bastien=20P=C3=A9dron?= Date: Wed, 11 Oct 2017 12:28:00 +0000 Subject: lang/rust: Add support for LibreSSL 2.6.1 and 2.6.2 Patches come from upstream: https://github.com/sfackler/rust-openssl PR: 222359 Reported by: Charlie Li , Piotr Kubaj , w.schwarzenfeld@utanet.at, nhoyle@hoyletech.com --- lang/rust/Makefile | 25 +++---- .../files/patch-src_vendor_openssl-sys_build.rs | 80 ++++++++++++++++++++++ .../files/patch-src_vendor_openssl-sys_src_lib.rs | 19 +++++ ...atch-src_vendor_openssl-sys_src_libressl_mod.rs | 22 ++++++ lang/rust/files/patch-src_vendor_openssl_build.rs | 13 ++++ .../files/patch-src_vendor_openssl_src_ssl_mod.rs | 18 +++++ .../patch-src_vendor_openssl_src_ssl_tests_mod.rs | 36 ++++++++++ 7 files changed, 201 insertions(+), 12 deletions(-) create mode 100644 lang/rust/files/patch-src_vendor_openssl-sys_build.rs create mode 100644 lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs create mode 100644 lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs create mode 100644 lang/rust/files/patch-src_vendor_openssl_build.rs create mode 100644 lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs create mode 100644 lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs (limited to 'lang') diff --git a/lang/rust/Makefile b/lang/rust/Makefile index cc85847a3726..7c394d37e7dd 100644 --- a/lang/rust/Makefile +++ b/lang/rust/Makefile @@ -185,18 +185,19 @@ post-patch: 's|cargo-nightly-|cargo-${CARGO_BOOTSTRAP_VERSION_${ARCH}:U${CARGO_BOOTSTRAP_VERSION}}-|' \ ${WRKSRC}/src/bootstrap/bootstrap.py; \ fi -# `extra-patch-ino64` may be applied. If that's the case, we need to -# update `.cargo-checksum.json` to reflect the new checksums verified by -# Cargo. - @cd "${WRKSRC}/src/vendor/libc"; \ - for file in $$(${FIND} * -name "*.orig"); do \ - old_checksum=$$(${SHA256} -q "$$file"); \ - new_checksum=$$(${SHA256} -q "$${file%%.orig}"); \ - regex="$$regex -e s|\"$${file%%.orig}\":\"$$old_checksum\"|\"$${file%%.orig}\":\"$$new_checksum\"|"; \ - done; \ - if test "$$regex"; then \ - ${REINPLACE_CMD} -E $$regex .cargo-checksum.json; \ - fi +# After patching crates, we need to update their corresponding +# `.cargo-checksum.json` to reflect the new checksums verified by Cargo. + @for dir in "${WRKSRC}/src/vendor/libc" "${WRKSRC}/src/vendor/openssl" "${WRKSRC}/src/vendor/openssl-sys"; do \ + cd "$$dir"; \ + for file in $$(${FIND} * -name "*.orig"); do \ + old_checksum=$$(${SHA256} -q "$$file"); \ + new_checksum=$$(${SHA256} -q "$${file%%.orig}"); \ + regex="$$regex -e s|\"$${file%%.orig}\":\"$$old_checksum\"|\"$${file%%.orig}\":\"$$new_checksum\"|"; \ + done; \ + if test "$$regex"; then \ + ${REINPLACE_CMD} -E $$regex .cargo-checksum.json; \ + fi; \ + done # We make a backup of a few files before the FreeBSD 10 autotools # fix is applied. We'll need them in `do-configure` to update the # `.cargo-checksum.json` files. diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_build.rs b/lang/rust/files/patch-src_vendor_openssl-sys_build.rs new file mode 100644 index 000000000000..3c8a74ec11d3 --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl-sys_build.rs @@ -0,0 +1,80 @@ +--- src/vendor/openssl-sys/build.rs.orig 2017-10-10 20:21:44 UTC ++++ src/vendor/openssl-sys/build.rs +@@ -260,8 +260,12 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Versi + #include + #include + +-#if LIBRESSL_VERSION_NUMBER >= 0x20601000 ++#if LIBRESSL_VERSION_NUMBER >= 0x20603000 + RUST_LIBRESSL_NEW ++#elif LIBRESSL_VERSION_NUMBER >= 0x20602000 ++RUST_LIBRESSL_262 ++#elif LIBRESSL_VERSION_NUMBER >= 0x20601000 ++RUST_LIBRESSL_261 + #elif LIBRESSL_VERSION_NUMBER >= 0x20600000 + RUST_LIBRESSL_260 + #elif LIBRESSL_VERSION_NUMBER >= 0x20506000 +@@ -356,42 +360,63 @@ See rust-openssl README for more information: + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl250"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=250"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_251") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl251"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=251"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_252") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl252"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=252"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_253") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl253"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=253"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_254") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl254"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=254"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_255") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl255"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=255"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_LIBRESSL_260") { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:rustc-cfg=libressl260"); + println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=260"); ++ println!("cargo:version=101"); ++ Version::Libressl ++ } else if expanded.contains("RUST_LIBRESSL_261") { ++ println!("cargo:rustc-cfg=libressl"); ++ println!("cargo:rustc-cfg=libressl261"); ++ println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=261"); ++ println!("cargo:version=101"); ++ Version::Libressl ++ } else if expanded.contains("RUST_LIBRESSL_262") { ++ println!("cargo:rustc-cfg=libressl"); ++ println!("cargo:rustc-cfg=libressl262"); ++ println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=262"); + println!("cargo:version=101"); + Version::Libressl + } else if expanded.contains("RUST_OPENSSL_110F") { diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs b/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs new file mode 100644 index 000000000000..1496836ffb0e --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs @@ -0,0 +1,19 @@ +--- src/vendor/openssl-sys/src/lib.rs.orig 2017-10-10 20:22:00 UTC ++++ src/vendor/openssl-sys/src/lib.rs +@@ -1210,10 +1210,15 @@ pub const SSL_VERIFY_NONE: c_int = 0; + pub const SSL_VERIFY_PEER: c_int = 1; + pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; + +-#[cfg(not(ossl101))] ++#[cfg(not(any(libressl261, libressl262, ossl101)))] + pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; ++#[cfg(any(libressl261, libressl262))] ++pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; + pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; ++#[cfg(not(any(libressl261, libressl262)))] + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; ++#[cfg(any(libressl261, libressl262))] ++pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; + pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; + #[cfg(not(libressl))] + pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; diff --git a/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs b/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs new file mode 100644 index 000000000000..b591c910d2fd --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs @@ -0,0 +1,22 @@ +--- src/vendor/openssl-sys/src/libressl/mod.rs.orig 2017-10-10 20:22:20 UTC ++++ src/vendor/openssl-sys/src/libressl/mod.rs +@@ -345,6 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32; + pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; + pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; + ++#[cfg(any(libressl261, libressl262))] ++pub const SSL_OP_ALL: c_ulong = 0x4; ++#[cfg(not(any(libressl261, libressl262)))] + pub const SSL_OP_ALL: c_ulong = 0x80000014; + pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; + pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; +@@ -357,6 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; + pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; ++#[cfg(any(libressl261, libressl262))] ++pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; ++#[cfg(not(any(libressl261, libressl262)))] + pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; + pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; diff --git a/lang/rust/files/patch-src_vendor_openssl_build.rs b/lang/rust/files/patch-src_vendor_openssl_build.rs new file mode 100644 index 000000000000..18f8446dccd5 --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl_build.rs @@ -0,0 +1,13 @@ +--- src/vendor/openssl/build.rs.orig 2017-10-10 20:21:28 UTC ++++ src/vendor/openssl/build.rs +@@ -20,6 +20,10 @@ fn main() { + println!("cargo:rustc-cfg=libressl"); + } + ++ if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") { ++ println!("cargo:rustc-cfg=libressl{}", v); ++ } ++ + if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { + for var in vars.split(",") { + println!("cargo:rustc-cfg=osslconf=\"{}\"", var); diff --git a/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs b/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs new file mode 100644 index 000000000000..bca6db1b44cf --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl_src_ssl_mod.rs @@ -0,0 +1,18 @@ +--- src/vendor/openssl/src/ssl/mod.rs.orig 2017-10-10 20:21:00 UTC ++++ src/vendor/openssl/src/ssl/mod.rs +@@ -652,6 +652,7 @@ impl SslContextBuilder { + + /// Set the protocols to be used during Next Protocol Negotiation (the protocols + /// supported by the application). ++ #[cfg(not(any(libressl261, libressl262)))] + pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> { + // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL + // APIs -- a list of length-prefixed strings. +@@ -1295,6 +1296,7 @@ impl SslRef { + /// + /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client + /// to interpret it. ++ #[cfg(not(any(libressl261, libressl262)))] + pub fn selected_npn_protocol(&self) -> Option<&[u8]> { + unsafe { + let mut data: *const c_uchar = ptr::null(); diff --git a/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs b/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs new file mode 100644 index 000000000000..69f33b0d699e --- /dev/null +++ b/lang/rust/files/patch-src_vendor_openssl_src_ssl_tests_mod.rs @@ -0,0 +1,36 @@ +--- src/vendor/openssl/src/ssl/tests/mod.rs.orig 2017-10-10 20:21:13 UTC ++++ src/vendor/openssl/src/ssl/tests/mod.rs +@@ -564,6 +564,7 @@ fn test_connect_with_unilateral_alpn() { + /// Tests that connecting with the client using NPN, but the server not does not + /// break the existing connection behavior. + #[test] ++#[cfg(not(any(libressl261, libressl262)))] + fn test_connect_with_unilateral_npn() { + let (_s, stream) = Server::new(); + let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); +@@ -676,6 +677,7 @@ fn test_connect_with_npn_successful_single_match() { + /// Tests that when the `SslStream` is created as a server stream, the protocols + /// are correctly advertised to the client. + #[test] ++#[cfg(not(any(libressl261, libressl262)))] + fn test_npn_server_advertise_multiple() { + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let localhost = listener.local_addr().unwrap(); +@@ -1311,7 +1313,7 @@ fn tmp_dh_callback() { + } + + #[test] +-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] ++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))] + fn tmp_ecdh_callback() { + use ec::EcKey; + use nid; +@@ -1378,7 +1380,7 @@ fn tmp_dh_callback_ssl() { + } + + #[test] +-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] ++#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))] + fn tmp_ecdh_callback_ssl() { + use ec::EcKey; + use nid; -- cgit v1.2.3