Skip to content

Commit

Permalink
add hpke binding (#27)
Browse files Browse the repository at this point in the history
  • Loading branch information
tofay authored Dec 13, 2024
1 parent ff2af85 commit 553b037
Show file tree
Hide file tree
Showing 7 changed files with 867 additions and 126 deletions.
6 changes: 3 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@ repository = "https://github.com/tofay/rustls-openssl"
readme = "README.md"

[dependencies]
foreign-types-shared = { version = "0.1.1", optional = true }
foreign-types = "0.3.1"
once_cell = "1.8.0"
openssl = "0.10.68"
openssl-sys = "0.9.104"
rustls = { version = "0.23.0", default-features = false }
rustls-webpki = { version = "0.102.2", default-features = false }
once_cell = "1.8.0"
zeroize = "1.8.1"

[features]
default = ["tls12"]
fips = []
tls12 = ["rustls/tls12", "foreign-types-shared"]
tls12 = ["rustls/tls12"]

[dev-dependencies]
hex = "0.4.3"
Expand Down
5 changes: 5 additions & 0 deletions build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const OPENSSL_NO_CHACHA: &str = "OPENSSL_NO_CHACHA";
fn main() {
println!("cargo:rustc-check-cfg=cfg(chacha)");
println!("cargo:rustc-check-cfg=cfg(fips_module)");
println!("cargo:rustc-check-cfg=cfg(ossl320)");
// Determine whether to work around https://github.com/openssl/openssl/issues/23448
// according to the OpenSSL version
println!("cargo:rustc-check-cfg=cfg(bugged_add_hkdf_info)");
Expand All @@ -20,6 +21,10 @@ fn main() {
if version < 0x3_00_00_00_0 {
println!("cargo:rustc-cfg=fips_module");
}

if version >= 0x3_02_00_00_0 {
println!("cargo:rustc-cfg=ossl320");
}
}

// Enable the `chacha` cfg if the `OPENSSL_NO_CHACHA` OpenSSL config is not set.
Expand Down
15 changes: 4 additions & 11 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,7 @@
//! - `tls12`: Enables TLS 1.2 cipher suites. Enabled by default.
//! - `fips`: Enabling this feature removes non-FIPS-approved cipher suites and key exchanges. Disabled by default. See [fips].
#![warn(missing_docs)]
use openssl::error::ErrorStack;
use openssl::rand::rand_priv_bytes;
use openssl_sys::c_int;
use rustls::crypto::{CryptoProvider, GetRandomFailed, SupportedKxGroup};
use rustls::SupportedCipherSuite;

Expand All @@ -65,6 +63,7 @@ mod hash;
mod hkdf;
mod hmac;
mod kx;
mod openssl_internal;
#[cfg(feature = "tls12")]
mod prf;
mod quic;
Expand Down Expand Up @@ -225,14 +224,6 @@ impl rustls::crypto::SecureRandom for SecureRandom {
}
}

pub(crate) fn cvt(r: c_int) -> Result<i32, ErrorStack> {
if r <= 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}

pub mod fips {
//! # FIPS support
//!
Expand Down Expand Up @@ -288,12 +279,14 @@ pub mod fips {
pub fn enable() {
// Use OnceCell to ensure that the provider is only loaded once
use once_cell::sync::OnceCell;

use crate::openssl_internal;
static PROVIDER: OnceCell<openssl::provider::Provider> = OnceCell::new();
PROVIDER.get_or_init(|| {
let provider = openssl::provider::Provider::load(None, "fips")
.expect("Failed to load FIPS provider.");
unsafe {
crate::cvt(openssl_sys::EVP_default_properties_enable_fips(
openssl_internal::cvt(openssl_sys::EVP_default_properties_enable_fips(
std::ptr::null_mut(),
1,
))
Expand Down
Loading

0 comments on commit 553b037

Please sign in to comment.