Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP tls: add feature to build against OpenSSL #126

Closed
wants to merge 1 commit into from
Closed

WIP tls: add feature to build against OpenSSL #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ default = ["boringssl-vendored"]
# Build vendored BoringSSL library.
boringssl-vendored = []

# Build quiche against OpenSSL instead of BoringSSL.
openssl = ["pkg-config"]

# Generate pkg-config metadata file for libquiche.
pkg-config-meta = []

Expand All @@ -33,6 +36,7 @@ default-features = false

[build-dependencies]
cmake = "0.1"
pkg-config = { version = "0.3", optional = true }

[dependencies]
log = "0.4"
Expand Down
10 changes: 9 additions & 1 deletion src/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ Cflags: -I${{includedir}}
}

fn main() {
if cfg!(feature = "boringssl-vendored") {
if cfg!(feature = "boringssl-vendored") && !cfg!(feature = "openssl") {
let bssl_dir = std::env::var("QUICHE_BSSL_PATH").unwrap_or_else(|_| {
get_boringssl_cmake_config()
.build_target("bssl")
Expand All @@ -173,6 +173,14 @@ fn main() {
println!("cargo:rustc-link-lib=static=ssl");
}

if cfg!(feature = "openssl") {
#[cfg(feature = "openssl")]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The order of libcrypto and libssl below should be swapped. I failed to build quiche with unresolved symbols because the linker command line had -lcrypto -lssl in that order. Swapping the two here fixed it.

pkg_config::probe_library("libcrypto").unwrap();

#[cfg(feature = "openssl")]
pkg_config::probe_library("libssl").unwrap();
}

if cfg!(feature = "pkg-config-meta") {
write_pkg_config();
}
Expand Down
75 changes: 75 additions & 0 deletions src/tls.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -780,6 +780,7 @@ extern {
);

// SSL
#[cfg(not(feature = "openssl"))]
fn SSL_get_ex_new_index(
argl: c_long, argp: *const c_void, unused: *const c_void,
dup_unused: *const c_void, free_func: *const c_void,
Expand All @@ -799,11 +800,14 @@ extern {

fn SSL_get_current_cipher(ssl: *mut SSL) -> *const SSL_CIPHER;

#[cfg(not(feature = "openssl"))]
fn SSL_set_min_proto_version(ssl: *mut SSL, version: u16);
#[cfg(not(feature = "openssl"))]
fn SSL_set_max_proto_version(ssl: *mut SSL, version: u16);

fn SSL_set_quiet_shutdown(ssl: *mut SSL, mode: c_int);

#[cfg(not(feature = "openssl"))]
fn SSL_set_tlsext_host_name(ssl: *mut SSL, name: *const c_char) -> c_int;

fn SSL_set_quic_transport_params(
Expand Down Expand Up @@ -834,6 +838,11 @@ extern {

fn SSL_clear(ssl: *mut SSL) -> c_int;

#[cfg(feature = "openssl")]
fn SSL_ctrl(
ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void,
) -> c_int;

fn SSL_free(ssl: *mut SSL);

// SSL_CIPHER
Expand All @@ -858,4 +867,70 @@ extern {
fn ERR_peek_error() -> c_uint;

fn ERR_error_string_n(err: c_uint, buf: *const u8, len: usize);

// CRYPTO
#[cfg(feature = "openssl")]
fn CRYPTO_get_ex_new_index(
class_index: c_int, argl: c_long, argp: *const c_void,
new_func: *const c_void, dup_func: *const c_void,
free_func: *const c_void,
) -> c_int;
}

// OpenSSL compatibility functions.
//
// These don't 100% follow the OpenSSL API (e.g. some arguments have slightly
// different types) in order to make them compatible with the BoringSSL API.

#[cfg(feature = "openssl")]
#[allow(non_snake_case)]
unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: u16) {
const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;

SSL_ctrl(
s,
SSL_CTRL_SET_MIN_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
);
}

#[cfg(feature = "openssl")]
#[allow(non_snake_case)]
unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: u16) {
const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;

SSL_ctrl(
s,
SSL_CTRL_SET_MAX_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
);
}

#[cfg(feature = "openssl")]
#[allow(non_snake_case)]
unsafe fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_int {
const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;

#[allow(non_upper_case_globals)]
const TLSEXT_NAMETYPE_host_name: c_long = 0;

SSL_ctrl(
s,
SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name,
name as *mut c_void,
)
}

#[cfg(feature = "openssl")]
#[allow(non_snake_case)]
unsafe fn SSL_get_ex_new_index(
argl: c_long, argp: *const c_void, newf: *const c_void, dupf: *const c_void,
freef: *const c_void,
) -> c_int {
const CRYPTO_EX_INDEX_SSL: c_int = 0;

CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, newf, dupf, freef)
}