Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose various APIs necessary for certificate selection logic #240

Merged
merged 10 commits into from
Jun 26, 2024
21 changes: 12 additions & 9 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
name: rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Install Rust
run: rustup update stable && rustup default stable
- name: Check formatting
Expand All @@ -27,7 +27,7 @@ jobs:
name: clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust
Expand Down Expand Up @@ -184,7 +184,7 @@ jobs:
extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand Down Expand Up @@ -238,7 +238,7 @@ jobs:
name: Test FIPS integration
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand All @@ -250,7 +250,6 @@ jobs:
version: "12.0.0"
directory: ${{ runner.temp }}/llvm
- name: Install golang
uses: actions/checkout@v4
uses: actions/setup-go@v5
with:
go-version: '>=1.22.0'
Expand Down Expand Up @@ -280,7 +279,7 @@ jobs:
include:
- target: x86_64-unknown-linux-gnu
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand All @@ -298,18 +297,22 @@ jobs:

cross-build-fips:
name: Cross build from macOS to Linux (FIPS)
runs-on: macos-latest
runs-on: macos-13 # Need an Intel (x86_64) runner for Clang 12.0.0
strategy:
matrix:
include:
- target: x86_64-unknown-linux-gnu
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
run: rustup update stable --no-self-update && rustup default stable && rustup target add ${{ matrix.target }}
shell: bash
- name: Install golang
uses: actions/setup-go@v5
with:
go-version: '>=1.22.0'
- name: Install Clang-12
uses: KyleMayes/install-llvm-action@v1
with:
Expand All @@ -335,7 +338,7 @@ jobs:
name: Test features
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Install Rust (rustup)
Expand Down
4 changes: 2 additions & 2 deletions boring/src/aes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ impl AesKey {
#[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
pub fn new_encrypt(key: &[u8]) -> Result<AesKey, KeyError> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize / 8);
assert!(key.len() <= c_int::MAX as usize / 8);

let mut aes_key = MaybeUninit::uninit();
let r = ffi::AES_set_encrypt_key(
Expand All @@ -82,7 +82,7 @@ impl AesKey {
#[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
pub fn new_decrypt(key: &[u8]) -> Result<AesKey, KeyError> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize / 8);
assert!(key.len() <= c_int::MAX as usize / 8);

let mut aes_key = MaybeUninit::uninit();
let r = ffi::AES_set_decrypt_key(
Expand Down
4 changes: 2 additions & 2 deletions boring/src/base64.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ use libc::c_int;
///
/// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html
pub fn encode_block(src: &[u8]) -> String {
assert!(src.len() <= c_int::max_value() as usize);
assert!(src.len() <= c_int::MAX as usize);
let src_len = src.len();

let len = encoded_len(src_len).unwrap();
Expand Down Expand Up @@ -48,7 +48,7 @@ pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {
return Ok(vec![]);
}

assert!(src.len() <= c_int::max_value() as usize);
assert!(src.len() <= c_int::MAX as usize);
let src_len = src.len();

let len = decoded_len(src_len).unwrap();
Expand Down
2 changes: 1 addition & 1 deletion boring/src/bio.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ impl<'a> MemBioSlice<'a> {

ffi::init();

assert!(buf.len() <= BufLen::max_value() as usize);
assert!(buf.len() <= BufLen::MAX as usize);
let bio = unsafe {
cvt_p(BIO_new_mem_buf(
buf.as_ptr() as *const _,
Expand Down
6 changes: 3 additions & 3 deletions boring/src/bn.rs
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ impl BigNumRef {
pub fn div_word(&mut self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_div_word(self.as_ptr(), w.into());
if r == ffi::BN_ULONG::max_value() {
if r == ffi::BN_ULONG::MAX {
Err(ErrorStack::get())
} else {
Ok(r.into())
Expand All @@ -176,7 +176,7 @@ impl BigNumRef {
pub fn mod_word(&self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_mod_word(self.as_ptr(), w.into());
if r == ffi::BN_ULONG::max_value() {
if r == ffi::BN_ULONG::MAX {
Err(ErrorStack::get())
} else {
Ok(r.into())
Expand Down Expand Up @@ -987,7 +987,7 @@ impl BigNum {
pub fn from_slice(n: &[u8]) -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
assert!(n.len() <= c_int::max_value() as usize);
assert!(n.len() <= c_int::MAX as usize);
cvt_p(ffi::BN_bin2bn(
n.as_ptr(),
n.len() as size_t,
Expand Down
4 changes: 2 additions & 2 deletions boring/src/ecdsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ impl EcdsaSig {
T: HasPrivate,
{
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
let sig = cvt_p(ffi::ECDSA_do_sign(
data.as_ptr(),
data.len() as size_t,
Expand Down Expand Up @@ -94,7 +94,7 @@ impl EcdsaSigRef {
T: HasPublic,
{
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
cvt_n(ffi::ECDSA_do_verify(
data.as_ptr(),
data.len() as size_t,
Expand Down
4 changes: 2 additions & 2 deletions boring/src/macros.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ macro_rules! private_key_to_pem {
) -> Result<Vec<u8>, crate::error::ErrorStack> {
unsafe {
let bio = crate::bio::MemBio::new()?;
assert!(passphrase.len() <= ::libc::c_int::max_value() as usize);
assert!(passphrase.len() <= ::libc::c_int::MAX as usize);
cvt($f(bio.as_ptr(),
self.as_ptr(),
cipher.as_ptr(),
Expand Down Expand Up @@ -108,7 +108,7 @@ macro_rules! from_der {
pub fn $n(der: &[u8]) -> Result<$t, crate::error::ErrorStack> {
unsafe {
crate::ffi::init();
let len = ::std::cmp::min(der.len(), <$len_ty>::max_value() as usize) as $len_ty;
let len = ::std::cmp::min(der.len(), <$len_ty>::MAX as usize) as $len_ty;
crate::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len))
.map(|p| ::foreign_types::ForeignType::from_ptr(p))
}
Expand Down
4 changes: 4 additions & 0 deletions boring/src/nid.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1050,6 +1050,10 @@ impl Nid {
pub const AES_128_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_128_cbc_hmac_sha1);
pub const AES_192_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_192_cbc_hmac_sha1);
pub const AES_256_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_256_cbc_hmac_sha1);
pub const AUTH_RSA: Nid = Nid(ffi::NID_auth_rsa);
pub const AUTH_ECDSA: Nid = Nid(ffi::NID_auth_ecdsa);
pub const AUTH_PSK: Nid = Nid(ffi::NID_auth_psk);
pub const AUTH_ANY: Nid = Nid(ffi::NID_auth_any);
}

#[cfg(test)]
Expand Down
8 changes: 4 additions & 4 deletions boring/src/pkcs5.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ pub fn bytes_to_key(
count: u32,
) -> Result<KeyIvPair, ErrorStack> {
unsafe {
assert!(data.len() <= c_int::max_value() as usize);
assert!(data.len() <= c_int::MAX as usize);
let salt_ptr = match salt {
Some(salt) => {
pub const PKCS5_SALT_LEN: c_int = 8;
Expand Down Expand Up @@ -90,9 +90,9 @@ pub fn pbkdf2_hmac(
key: &mut [u8],
) -> Result<(), ErrorStack> {
unsafe {
assert!(pass.len() <= c_int::max_value() as usize);
assert!(salt.len() <= c_int::max_value() as usize);
assert!(key.len() <= c_int::max_value() as usize);
assert!(pass.len() <= c_int::MAX as usize);
assert!(salt.len() <= c_int::MAX as usize);
assert!(key.len() <= c_int::MAX as usize);

ffi::init();
cvt(ffi::PKCS5_PBKDF2_HMAC(
Expand Down
2 changes: 1 addition & 1 deletion boring/src/pkey.rs
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ impl PKey<Private> {
pub fn private_key_from_pkcs8(der: &[u8]) -> Result<PKey<Private>, ErrorStack> {
unsafe {
ffi::init();
let len = der.len().min(c_long::max_value() as usize) as c_long;
let len = der.len().min(c_long::MAX as usize) as c_long;
let p8inf = cvt_p(ffi::d2i_PKCS8_PRIV_KEY_INFO(
ptr::null_mut(),
&mut der.as_ptr(),
Expand Down
2 changes: 1 addition & 1 deletion boring/src/rand.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ use crate::error::ErrorStack;
pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
unsafe {
ffi::init();
assert!(buf.len() <= c_int::max_value() as usize);
assert!(buf.len() <= c_int::MAX as usize);
cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len())).map(|_| ())
}
}
Expand Down
8 changes: 4 additions & 4 deletions boring/src/rsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand All @@ -178,7 +178,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand Down Expand Up @@ -378,7 +378,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand All @@ -404,7 +404,7 @@ where
to: &mut [u8],
padding: Padding,
) -> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(from.len() <= i32::MAX as usize);
assert!(to.len() >= self.size() as usize);

unsafe {
Expand Down
2 changes: 1 addition & 1 deletion boring/src/ssl/bio.rs
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ pub unsafe extern "C" fn take_stream<S>(bio: *mut BIO) -> S {
}

pub unsafe fn set_dtls_mtu_size<S>(bio: *mut BIO, mtu_size: usize) {
if mtu_size as u64 > c_long::max_value() as u64 {
if mtu_size as u64 > c_long::MAX as u64 {
panic!(
"Given MTU size {} can't be represented in a positive `c_long` range",
mtu_size
Expand Down
Loading
Loading