From e6b83a3c982f34c7cdf486e6724c170ed16b82fb Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 2 Feb 2023 18:07:13 -0500 Subject: [PATCH] fixes #1768 -- integrate boringssl into the build process more naturally This PR uses the in-development bindgen support for static inline functions (https://github.com/rust-lang/rust-bindgen/pull/2335) + an in-development boringssl patch (https://boringssl-review.googlesource.com/c/boringssl/+/56505) to allow using boringssl with rust-openssl without needing a .cargo/config override --- .github/workflows/ci.yml | 23 +++++------------------ openssl-sys/build/main.rs | 27 ++++++++++++++------------- openssl-sys/src/lib.rs | 13 +++++++++++-- openssl/Cargo.toml | 1 - openssl/build.rs | 2 +- openssl/src/bio.rs | 4 ++-- openssl/src/dh.rs | 2 +- openssl/src/error.rs | 8 +++++--- openssl/src/lib.rs | 5 +++++ 9 files changed, 44 insertions(+), 41 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b7b4dc9cc..126e9cca9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -308,24 +308,14 @@ jobs: make install_sw ;; "boringssl") - sed -i rust/CMakeLists.txt -e '1s%^%include_directories(../include)\n%' - cpu=`echo ${{ matrix.target }} | cut -d - -f 1` - echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake - echo "set(CMAKE_SYSTEM_PROCESSOR $cpu)" >> toolchain.cmake - echo "set(triple ${{ matrix.target }})" >> toolchain.cmake - echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake - echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake - echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake - cmake -DRUST_BINDINGS="${{ matrix.target }}" -B $OPENSSL_DIR -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake - make -C $OPENSSL_DIR + mkdir build + cd build + cmake .. -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DRUST_BINDINGS="${{ matrix.target }}" -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" + make -j "$(nproc)" + make install esac if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit - - run: | - mkdir -p .cargo - echo '[patch.crates-io]' > .cargo/config.toml - echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust" }' >> .cargo/config.toml - if: matrix.library.name == 'boringssl' - uses: actions/cache@v1 with: path: ~/.cargo/registry/index @@ -354,9 +344,6 @@ jobs: if: matrix.library.name != 'boringssl' - name: Test openssl run: | - if [[ "${{ matrix.library.name }}" == "boringssl" ]]; then - features="--features unstable_boringssl" - fi if [[ "${{ matrix.library.version }}" == "vendored" ]]; then features="--features vendored" fi diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 262ea2cbab..fffd24409d 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -32,6 +32,7 @@ enum Version { Openssl11x, Openssl10x, Libressl, + Boringssl, } fn env_inner(name: &str) -> Option { @@ -64,21 +65,9 @@ fn find_openssl(target: &str) -> (Vec, PathBuf) { find_normal::get_openssl(target) } -fn check_ssl_kind() { - if cfg!(feature = "unstable_boringssl") { - println!("cargo:rustc-cfg=boringssl"); - // BoringSSL does not have any build logic, exit early - std::process::exit(0); - } else { - println!("cargo:rustc-cfg=openssl"); - } -} - fn main() { check_rustc_versions(); - check_ssl_kind(); - let target = env::var("TARGET").unwrap(); let (lib_dirs, include_dir) = find_openssl(&target); @@ -235,9 +224,21 @@ See rust-openssl documentation for more information: } if is_boringssl { - panic!("BoringSSL detected, but `unstable_boringssl` feature wasn't specified.") + let rust_dir = include_dirs[0].join("..").join("rust"); + println!("cargo:rustc-cfg=boringssl"); + println!("cargo:boringssl=true"); + println!( + "cargo:rustc-env=BORINGSSL_RUST_WRAPPER={}/wrapper_{}.rs", + rust_dir.display(), + env::var("TARGET").unwrap() + ); + println!("cargo:rustc-link-search=native={}", rust_dir.display()); + println!("cargo:rustc-link-lib=static=rust_wrapper"); + // BoringSSL does not have any additional build logic, exit early + return Version::Boringssl; } + println!("cargo:rustc-cfg=openssl"); for enabled in &enabled { println!("cargo:rustc-cfg=osslconf=\"{}\"", enabled); } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b1d51a8580..a39b151fcc 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -17,9 +17,18 @@ extern crate libc; pub use libc::*; #[cfg(boringssl)] -extern crate bssl_sys; +#[path = "."] +mod boringssl { + include!(env!("BORINGSSL_RUST_WRAPPER")); + + pub fn init() { + unsafe { + CRYPTO_library_init(); + } + } +} #[cfg(boringssl)] -pub use bssl_sys::*; +pub use boringssl::*; #[cfg(openssl)] #[path = "."] diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 1fd24448fd..008f0afa0d 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -19,7 +19,6 @@ v111 = [] vendored = ['ffi/vendored'] bindgen = ['ffi/bindgen'] -unstable_boringssl = ["ffi/unstable_boringssl"] default = [] [dependencies] diff --git a/openssl/build.rs b/openssl/build.rs index 7651429f38..5cddce90c2 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -11,7 +11,7 @@ fn main() { println!("cargo:rustc-cfg=libressl"); } - if env::var("CARGO_FEATURE_UNSTABLE_BORINGSSL").is_ok() { + if env::var("DEP_OPENSSL_BORINGSSL").is_ok() { println!("cargo:rustc-cfg=boringssl"); return; } diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs index 6a72552adc..0f54935a6b 100644 --- a/openssl/src/bio.rs +++ b/openssl/src/bio.rs @@ -25,7 +25,7 @@ impl<'a> MemBioSlice<'a> { let bio = unsafe { cvt_p(BIO_new_mem_buf( buf.as_ptr() as *const _, - buf.len() as c_int, + buf.len() as crate::SLenType, ))? }; @@ -74,7 +74,7 @@ impl MemBio { } cfg_if! { - if #[cfg(ossl102)] { + if #[cfg(any(ossl102, boringssl))] { use ffi::BIO_new_mem_buf; } else { #[allow(bad_style)] diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 12170b994e..e781543e27 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -239,7 +239,7 @@ where } cfg_if! { - if #[cfg(any(ossl110, libressl270))] { + if #[cfg(any(ossl110, libressl270, boringssl))] { use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key}; } else { #[allow(bad_style)] diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 58b4d70a38..a1c1f7ac2f 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -301,15 +301,17 @@ impl fmt::Display for Error { write!(fmt, "error:{:08X}", self.code())?; match self.library() { Some(l) => write!(fmt, ":{}", l)?, - None => write!(fmt, ":lib({})", ffi::ERR_GET_LIB(self.code()))?, + None => write!(fmt, ":lib({})", unsafe { ffi::ERR_GET_LIB(self.code()) })?, } match self.function() { Some(f) => write!(fmt, ":{}", f)?, - None => write!(fmt, ":func({})", ffi::ERR_GET_FUNC(self.code()))?, + None => write!(fmt, ":func({})", unsafe { ffi::ERR_GET_FUNC(self.code()) })?, } match self.reason() { Some(r) => write!(fmt, ":{}", r)?, - None => write!(fmt, ":reason({})", ffi::ERR_GET_REASON(self.code()))?, + None => write!(fmt, ":reason({})", unsafe { + ffi::ERR_GET_REASON(self.code()) + })?, } write!( fmt, diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 8988f4c3c0..5678298a03 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -190,6 +190,11 @@ type LenType = libc::size_t; #[cfg(not(boringssl))] type LenType = libc::c_int; +#[cfg(boringssl)] +type SLenType = libc::ssize_t; +#[cfg(not(boringssl))] +type SLenType = libc::c_int; + #[inline] fn cvt_p(r: *mut T) -> Result<*mut T, ErrorStack> { if r.is_null() {