diff --git a/Cargo.toml b/Cargo.toml index afa530053..d332a547a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,7 @@ members = [ resolver = "2" [workspace.package] -version = "4.21.1" +version = "4.21.2" repository = "https://github.com/cloudflare/boring" edition = "2021" @@ -19,9 +19,9 @@ tag-prefix = "" publish = false [workspace.dependencies] -boring-sys = { version = "4.21.1", path = "./boring-sys" } -boring = { version = "4.21.1", path = "./boring" } -tokio-boring = { version = "4.21.1", path = "./tokio-boring" } +boring-sys = { version = "4.21.2", path = "./boring-sys" } +boring = { version = "4.21.2", path = "./boring" } +tokio-boring = { version = "4.21.2", path = "./tokio-boring" } bindgen = { version = "0.72.0", default-features = false, features = ["runtime"] } bitflags = "2.9" diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index 5879ede4b..c13da7dbf 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -153,7 +153,7 @@ fn get_boringssl_source_path(config: &Config) -> &PathBuf { /// MSVC generator on Windows place static libs in a target sub-folder, /// so adjust library location based on platform and build target. /// See issue: -fn get_boringssl_platform_output_path(config: &Config) -> String { +fn msvc_lib_subdir(config: &Config) -> Option<&'static str> { if config.target.ends_with("-msvc") { // Code under this branch should match the logic in cmake-rs let debug_env_var = config @@ -187,9 +187,9 @@ fn get_boringssl_platform_output_path(config: &Config) -> String { _ => panic!("Unknown OPT_LEVEL={opt_env_var:?} env var."), }; - subdir.to_string() + Some(subdir) } else { - String::new() + None } } @@ -571,7 +571,7 @@ fn run_command(command: &mut Command) -> io::Result { Ok(out) } -fn built_boring_source_path(config: &Config) -> &PathBuf { +fn built_boring_source_path(config: &Config) -> &Path { if let Some(path) = &config.env.path { return path; } @@ -603,7 +603,13 @@ fn built_boring_source_path(config: &Config) -> &PathBuf { } cfg.build_target("ssl").build(); - cfg.build_target("crypto").build() + let path = cfg.build_target("crypto").build(); + let build_dir = path.join("build"); + if build_dir.exists() { + build_dir + } else { + path + } }) } @@ -614,12 +620,9 @@ fn link_in_precompiled_bcm_o(config: &Config) { let bcm_o_src_path = config.env.precompiled_bcm_o.as_ref() .expect("`fips-link-precompiled` requires `BORING_BSSL_FIPS_PRECOMPILED_BCM_O` env variable to be specified"); - let libcrypto_path = bssl_dir - .join("build/crypto/libcrypto.a") - .canonicalize() - .unwrap(); + let libcrypto_path = bssl_dir.join("crypto/libcrypto.a").canonicalize().unwrap(); - let bcm_o_dst_path = bssl_dir.join("build/bcm-fips.o"); + let bcm_o_dst_path = bssl_dir.join("bcm-fips.o"); fs::copy(bcm_o_src_path, &bcm_o_dst_path).unwrap(); @@ -678,35 +681,22 @@ fn main() { fn emit_link_directives(config: &Config) { let bssl_dir = built_boring_source_path(config); - let build_path = get_boringssl_platform_output_path(config); + let msvc_lib_subdir = msvc_lib_subdir(config); - if config.is_bazel || (config.features.is_fips_like() && config.env.path.is_some()) { - println!( - "cargo:rustc-link-search=native={}/lib/{}", - bssl_dir.display(), - build_path - ); - } else { - // todo(rmehra): clean this up, I think these are pretty redundant - println!( - "cargo:rustc-link-search=native={}/build/crypto/{}", - bssl_dir.display(), - build_path - ); - println!( - "cargo:rustc-link-search=native={}/build/ssl/{}", - bssl_dir.display(), - build_path - ); - println!( - "cargo:rustc-link-search=native={}/build/{}", - bssl_dir.display(), - build_path - ); - println!( - "cargo:rustc-link-search=native={}/build", - bssl_dir.display(), - ); + let subdirs = + if config.is_bazel || (config.features.is_fips_like() && config.env.path.is_some()) { + &["lib"][..] + } else { + &["lib", "crypto", "ssl", ""][..] + }; + + for subdir in subdirs { + let dir = bssl_dir.join(subdir); + let dir = msvc_lib_subdir + .map(|s| dir.join(s)) + .filter(|d| d.exists()) + .unwrap_or(dir); + println!("cargo:rustc-link-search=native={}", dir.display()); } if config.features.fips_link_precompiled { diff --git a/boring/src/bio.rs b/boring/src/bio.rs index 71120606f..bb5dc8dab 100644 --- a/boring/src/bio.rs +++ b/boring/src/bio.rs @@ -19,18 +19,11 @@ impl Drop for MemBioSlice<'_> { impl<'a> MemBioSlice<'a> { pub fn new(buf: &'a [u8]) -> Result, ErrorStack> { - #[cfg(not(feature = "fips-compat"))] - type BufLen = isize; - #[cfg(feature = "fips-compat")] - type BufLen = libc::c_int; - ffi::init(); - - assert!(buf.len() <= BufLen::MAX as usize); let bio = unsafe { cvt_p(BIO_new_mem_buf( buf.as_ptr() as *const _, - buf.len() as BufLen, + buf.len().try_into().map_err(ErrorStack::internal_error)?, ))? }; diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index a697cdc37..31346b15f 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -1612,14 +1612,14 @@ impl SslContextBuilder { #[corresponds(SSL_CTX_set_alpn_protos)] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { - #[cfg_attr(not(feature = "fips-compat"), allow(clippy::unnecessary_cast))] - { - assert!(protocols.len() <= ProtosLen::MAX as usize); - } let r = ffi::SSL_CTX_set_alpn_protos( self.as_ptr(), protocols.as_ptr(), - protocols.len() as ProtosLen, + #[allow(clippy::useless_conversion)] + protocols + .len() + .try_into() + .map_err(ErrorStack::internal_error)?, ); // fun fact, SSL_CTX_set_alpn_protos has a reversed return code D: if r == 0 { @@ -2401,11 +2401,6 @@ impl SslContextRef { #[derive(Debug)] pub struct GetSessionPendingError; -#[cfg(not(feature = "fips-compat"))] -type ProtosLen = usize; -#[cfg(feature = "fips-compat")] -type ProtosLen = libc::c_uint; - /// Information about the state of a cipher. pub struct CipherBits { /// The number of secret bits used for the cipher. @@ -3187,14 +3182,14 @@ impl SslRef { #[corresponds(SSL_set_alpn_protos)] pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { unsafe { - #[cfg_attr(not(feature = "fips-compat"), allow(clippy::unnecessary_cast))] - { - assert!(protocols.len() <= ProtosLen::MAX as usize); - } let r = ffi::SSL_set_alpn_protos( self.as_ptr(), protocols.as_ptr(), - protocols.len() as ProtosLen, + #[allow(clippy::useless_conversion)] + protocols + .len() + .try_into() + .map_err(ErrorStack::internal_error)?, ); // fun fact, SSL_set_alpn_protos has a reversed return code D: if r == 0 { diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs index eed30150b..a665a888a 100644 --- a/boring/src/x509/mod.rs +++ b/boring/src/x509/mod.rs @@ -1032,13 +1032,12 @@ impl X509NameBuilder { pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> { unsafe { let field = CString::new(field).map_err(ErrorStack::internal_error)?; - assert!(value.len() <= ValueLen::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_txt( self.0.as_ptr(), field.as_ptr() as *mut _, ffi::MBSTRING_UTF8, value.as_ptr(), - value.len() as ValueLen, + value.len().try_into().map_err(ErrorStack::internal_error)?, -1, 0, )) @@ -1056,13 +1055,12 @@ impl X509NameBuilder { ) -> Result<(), ErrorStack> { unsafe { let field = CString::new(field).map_err(ErrorStack::internal_error)?; - assert!(value.len() <= ValueLen::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_txt( self.0.as_ptr(), field.as_ptr() as *mut _, ty.as_raw(), value.as_ptr(), - value.len() as ValueLen, + value.len().try_into().map_err(ErrorStack::internal_error)?, -1, 0, )) @@ -1074,13 +1072,12 @@ impl X509NameBuilder { #[corresponds(X509_NAME_add_entry_by_NID)] pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> { unsafe { - assert!(value.len() <= ValueLen::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_NID( self.0.as_ptr(), field.as_raw(), ffi::MBSTRING_UTF8, value.as_ptr() as *mut _, - value.len() as ValueLen, + value.len().try_into().map_err(ErrorStack::internal_error)?, -1, 0, )) @@ -1097,13 +1094,12 @@ impl X509NameBuilder { ty: Asn1Type, ) -> Result<(), ErrorStack> { unsafe { - assert!(value.len() <= ValueLen::MAX as usize); cvt(ffi::X509_NAME_add_entry_by_NID( self.0.as_ptr(), field.as_raw(), ty.as_raw(), value.as_ptr() as *mut _, - value.len() as ValueLen, + value.len().try_into().map_err(ErrorStack::internal_error)?, -1, 0, )) @@ -1121,11 +1117,6 @@ impl X509NameBuilder { } } -#[cfg(not(feature = "fips-compat"))] -type ValueLen = isize; -#[cfg(feature = "fips-compat")] -type ValueLen = i32; - foreign_type_and_impl_send_sync! { type CType = ffi::X509_NAME; fn drop = ffi::X509_NAME_free;