Skip to content

add hpke bindings #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tofay merged 1 commit into from
Dec 13, 2024
Merged

add hpke bindings #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@ repository = "https://github.com/tofay/rustls-openssl"
readme = "README.md"

[dependencies]
foreign-types-shared = { version = "0.1.1", optional = true }
foreign-types = "0.3.1"
once_cell = "1.8.0"
openssl = "0.10.68"
openssl-sys = "0.9.104"
rustls = { version = "0.23.0", default-features = false }
rustls-webpki = { version = "0.102.2", default-features = false }
once_cell = "1.8.0"
zeroize = "1.8.1"

[features]
default = ["tls12"]
fips = []
tls12 = ["rustls/tls12", "foreign-types-shared"]
tls12 = ["rustls/tls12"]

[dev-dependencies]
hex = "0.4.3"
Expand Down
5 changes: 5 additions & 0 deletions build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const OPENSSL_NO_CHACHA: &str = "OPENSSL_NO_CHACHA";
fn main() {
println!("cargo:rustc-check-cfg=cfg(chacha)");
println!("cargo:rustc-check-cfg=cfg(fips_module)");
println!("cargo:rustc-check-cfg=cfg(ossl320)");
// Determine whether to work around https://github.com/openssl/openssl/issues/23448
// according to the OpenSSL version
println!("cargo:rustc-check-cfg=cfg(bugged_add_hkdf_info)");
Expand All @@ -20,6 +21,10 @@ fn main() {
if version < 0x3_00_00_00_0 {
println!("cargo:rustc-cfg=fips_module");
}

if version >= 0x3_02_00_00_0 {
println!("cargo:rustc-cfg=ossl320");
}
}

// Enable the `chacha` cfg if the `OPENSSL_NO_CHACHA` OpenSSL config is not set.
Expand Down
15 changes: 4 additions & 11 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,7 @@
//! - `tls12`: Enables TLS 1.2 cipher suites. Enabled by default.
//! - `fips`: Enabling this feature removes non-FIPS-approved cipher suites and key exchanges. Disabled by default. See [fips].
#![warn(missing_docs)]
use openssl::error::ErrorStack;
use openssl::rand::rand_priv_bytes;
use openssl_sys::c_int;
use rustls::crypto::{CryptoProvider, GetRandomFailed, SupportedKxGroup};
use rustls::SupportedCipherSuite;

Expand All @@ -65,6 +63,7 @@
mod hkdf;
mod hmac;
mod kx;
mod openssl_internal;
#[cfg(feature = "tls12")]
mod prf;
mod quic;
Expand Down Expand Up @@ -225,14 +224,6 @@
}
}

pub(crate) fn cvt(r: c_int) -> Result<i32, ErrorStack> {
if r <= 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}

pub mod fips {
//! # FIPS support
//!
Expand Down Expand Up @@ -288,12 +279,14 @@
pub fn enable() {
// Use OnceCell to ensure that the provider is only loaded once
use once_cell::sync::OnceCell;

use crate::openssl_internal;
static PROVIDER: OnceCell<openssl::provider::Provider> = OnceCell::new();
PROVIDER.get_or_init(|| {
let provider = openssl::provider::Provider::load(None, "fips")
.expect("Failed to load FIPS provider.");
unsafe {
crate::cvt(openssl_sys::EVP_default_properties_enable_fips(
openssl_internal::cvt(openssl_sys::EVP_default_properties_enable_fips(

Check warning on line 289 in src/lib.rs

View check run for this annotation

Codecov / codecov/patch

src/lib.rs#L289 

Added line #L289 was not covered by tests
std::ptr::null_mut(),
1,
))
Expand Down
Loading
Loading