Roll BoringSSL, update bindgen
The latest version of bindgen converts the C type `size_t` to a new
Rust type alias of the same name. On most platforms, this is an alias
to the unsigned integer type of platform's pointer width (e.g., `u32`
on 32-bit platforms, `u64` on 64-bit platforms, etc). Thus, we just
assume that that will be the case on all platforms we're compiled on,
and introduce some machinery to convert between `size_t` and `usize`
easily that will fail compilation if the conversion is not valid on
the target platform. See the `IntoSizeT` and `IntoUsize` traits in
the `boringssl::raw` module.
Change-Id: I2c22ba83de149587772668b8fd01a7f997604600
Reviewed-on: https://fuchsia-review.googlesource.com/c/mundane/+/375794
Reviewed-by: Drew Fisher <zarvox@google.com>
diff --git a/boringssl/boringssl b/boringssl/boringssl
index 49de1fc..9ae40ce 160000
--- a/boringssl/boringssl
+++ b/boringssl/boringssl
@@ -1 +1 @@
-Subproject commit 49de1fc2910524c888866c7e2b0db1ba8af2a530
+Subproject commit 9ae40ce9ad7e2b1e0140dc98318bc742e8387f88
diff --git a/boringssl/boringssl.rs b/boringssl/boringssl.rs
index 78e190a..45645f0 100644
--- a/boringssl/boringssl.rs
+++ b/boringssl/boringssl.rs
@@ -102,9 +102,45 @@
pub const SHA256_DIGEST_LENGTH: u32 = 32;
pub const SHA384_DIGEST_LENGTH: u32 = 48;
pub const SHA512_DIGEST_LENGTH: u32 = 64;
-pub type __uint8_t = ::std::os::raw::c_uchar;
-pub type __uint32_t = ::std::os::raw::c_uint;
-pub type __uint64_t = ::std::os::raw::c_ulong;
+pub type size_t = ::std::os::raw::c_ulong;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct _opaque_pthread_rwlock_t {
+ pub __sig: ::std::os::raw::c_long,
+ pub __opaque: [::std::os::raw::c_char; 192usize],
+}
+#[test]
+fn bindgen_test_layout__opaque_pthread_rwlock_t() {
+ assert_eq!(
+ ::std::mem::size_of::<_opaque_pthread_rwlock_t>(),
+ 200usize,
+ concat!("Size of: ", stringify!(_opaque_pthread_rwlock_t))
+ );
+ assert_eq!(
+ ::std::mem::align_of::<_opaque_pthread_rwlock_t>(),
+ 8usize,
+ concat!("Alignment of ", stringify!(_opaque_pthread_rwlock_t))
+ );
+ assert_eq!(
+ unsafe { &(*(::std::ptr::null::<_opaque_pthread_rwlock_t>())).__sig as *const _ as usize },
+ 0usize,
+ concat!("Offset of field: ", stringify!(_opaque_pthread_rwlock_t), "::", stringify!(__sig))
+ );
+ assert_eq!(
+ unsafe {
+ &(*(::std::ptr::null::<_opaque_pthread_rwlock_t>())).__opaque as *const _ as usize
+ },
+ 8usize,
+ concat!(
+ "Offset of field: ",
+ stringify!(_opaque_pthread_rwlock_t),
+ "::",
+ stringify!(__opaque)
+ )
+ );
+}
+pub type __darwin_pthread_rwlock_t = _opaque_pthread_rwlock_t;
+pub type pthread_rwlock_t = __darwin_pthread_rwlock_t;
pub type BIGNUM = bignum_st;
pub type BN_GENCB = bn_gencb_st;
pub type BN_MONT_CTX = bn_mont_ctx_st;
@@ -167,37 +203,7 @@
pub type SHA256_CTX = sha256_state_st;
pub type SHA512_CTX = sha512_state_st;
pub type SHA_CTX = sha_state_st;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union crypto_mutex_st {
- pub alignment: f64,
- pub padding: [u8; 56usize],
- _bindgen_union_align: [u64; 7usize],
-}
-#[test]
-fn bindgen_test_layout_crypto_mutex_st() {
- assert_eq!(
- ::std::mem::size_of::<crypto_mutex_st>(),
- 56usize,
- concat!("Size of: ", stringify!(crypto_mutex_st))
- );
- assert_eq!(
- ::std::mem::align_of::<crypto_mutex_st>(),
- 8usize,
- concat!("Alignment of ", stringify!(crypto_mutex_st))
- );
- assert_eq!(
- unsafe { &(*(::std::ptr::null::<crypto_mutex_st>())).alignment as *const _ as usize },
- 0usize,
- concat!("Offset of field: ", stringify!(crypto_mutex_st), "::", stringify!(alignment))
- );
- assert_eq!(
- unsafe { &(*(::std::ptr::null::<crypto_mutex_st>())).padding as *const _ as usize },
- 0usize,
- concat!("Offset of field: ", stringify!(crypto_mutex_st), "::", stringify!(padding))
- );
-}
-pub type CRYPTO_MUTEX = crypto_mutex_st;
+pub type CRYPTO_MUTEX = pthread_rwlock_t;
pub type CRYPTO_refcount_t = u32;
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_BN_init"]
@@ -332,7 +338,7 @@
#[derive(Debug, Copy, Clone)]
pub struct cbs_st {
pub data: *const u8,
- pub len: usize,
+ pub len: size_t,
}
#[test]
fn bindgen_test_layout_cbs_st() {
@@ -355,18 +361,18 @@
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_CBS_init"]
- pub fn CBS_init(cbs: *mut CBS, data: *const u8, len: usize);
+ pub fn CBS_init(cbs: *mut CBS, data: *const u8, len: size_t);
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_CBS_len"]
- pub fn CBS_len(cbs: *const CBS) -> usize;
+ pub fn CBS_len(cbs: *const CBS) -> size_t;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct cbb_buffer_st {
pub buf: *mut u8,
- pub len: usize,
- pub cap: usize,
+ pub len: size_t,
+ pub cap: size_t,
pub can_resize: ::std::os::raw::c_char,
pub error: ::std::os::raw::c_char,
}
@@ -413,7 +419,7 @@
pub struct cbb_st {
pub base: *mut cbb_buffer_st,
pub child: *mut CBB,
- pub offset: usize,
+ pub offset: size_t,
pub pending_len_len: u8,
pub pending_is_asn1: ::std::os::raw::c_char,
pub is_child: ::std::os::raw::c_char,
@@ -459,7 +465,7 @@
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_CBB_init"]
- pub fn CBB_init(cbb: *mut CBB, initial_capacity: usize) -> ::std::os::raw::c_int;
+ pub fn CBB_init(cbb: *mut CBB, initial_capacity: size_t) -> ::std::os::raw::c_int;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_CBB_cleanup"]
@@ -471,7 +477,7 @@
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_CBB_len"]
- pub fn CBB_len(cbb: *const CBB) -> usize;
+ pub fn CBB_len(cbb: *const CBB) -> size_t;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_ED25519_keypair"]
@@ -482,7 +488,7 @@
pub fn ED25519_sign(
out_sig: *mut u8,
message: *const u8,
- message_len: usize,
+ message_len: size_t,
private_key: *const u8,
) -> ::std::os::raw::c_int;
}
@@ -490,7 +496,7 @@
#[link_name = "__RUST_MUNDANE_0_4_2_ED25519_verify"]
pub fn ED25519_verify(
message: *const u8,
- message_len: usize,
+ message_len: size_t,
signature: *const u8,
public_key: *const u8,
) -> ::std::os::raw::c_int;
@@ -628,7 +634,7 @@
pub fn ECDSA_sign(
type_: ::std::os::raw::c_int,
digest: *const u8,
- digest_len: usize,
+ digest_len: size_t,
sig: *mut u8,
sig_len: *mut ::std::os::raw::c_uint,
key: *const EC_KEY,
@@ -639,20 +645,20 @@
pub fn ECDSA_verify(
type_: ::std::os::raw::c_int,
digest: *const u8,
- digest_len: usize,
+ digest_len: size_t,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
key: *const EC_KEY,
) -> ::std::os::raw::c_int;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_ECDSA_size"]
- pub fn ECDSA_size(key: *const EC_KEY) -> usize;
+ pub fn ECDSA_size(key: *const EC_KEY) -> size_t;
}
pub type ERR_print_errors_callback_t = ::std::option::Option<
unsafe extern "C" fn(
str: *const ::std::os::raw::c_char,
- len: usize,
+ len: size_t,
ctx: *mut ::std::os::raw::c_void,
) -> ::std::os::raw::c_int,
>;
@@ -769,12 +775,12 @@
#[link_name = "__RUST_MUNDANE_0_4_2_PKCS5_PBKDF2_HMAC"]
pub fn PKCS5_PBKDF2_HMAC(
password: *const ::std::os::raw::c_char,
- password_len: usize,
+ password_len: size_t,
salt: *const u8,
- salt_len: usize,
+ salt_len: size_t,
iterations: ::std::os::raw::c_uint,
digest: *const EVP_MD,
- key_len: usize,
+ key_len: size_t,
out_key: *mut u8,
) -> ::std::os::raw::c_int;
}
@@ -782,15 +788,15 @@
#[link_name = "__RUST_MUNDANE_0_4_2_EVP_PBE_scrypt"]
pub fn EVP_PBE_scrypt(
password: *const ::std::os::raw::c_char,
- password_len: usize,
+ password_len: size_t,
salt: *const u8,
- salt_len: usize,
+ salt_len: size_t,
N: u64,
r: u64,
p: u64,
- max_mem: usize,
+ max_mem: size_t,
out_key: *mut u8,
- key_len: usize,
+ key_len: size_t,
) -> ::std::os::raw::c_int;
}
#[repr(C)]
@@ -895,7 +901,7 @@
pub fn HMAC_Init_ex(
ctx: *mut HMAC_CTX,
key: *const ::std::os::raw::c_void,
- key_len: usize,
+ key_len: size_t,
md: *const EVP_MD,
impl_: *mut ENGINE,
) -> ::std::os::raw::c_int;
@@ -905,7 +911,7 @@
pub fn HMAC_Update(
ctx: *mut HMAC_CTX,
data: *const u8,
- data_len: usize,
+ data_len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -918,7 +924,7 @@
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_HMAC_size"]
- pub fn HMAC_size(ctx: *const HMAC_CTX) -> usize;
+ pub fn HMAC_size(ctx: *const HMAC_CTX) -> size_t;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_HMAC_CTX_copy"]
@@ -974,7 +980,7 @@
pub fn MD5_Update(
md5: *mut MD5_CTX,
data: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -1037,12 +1043,12 @@
pub fn CRYPTO_memcmp(
a: *const ::std::os::raw::c_void,
b: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_RAND_bytes"]
- pub fn RAND_bytes(buf: *mut u8, len: usize) -> ::std::os::raw::c_int;
+ pub fn RAND_bytes(buf: *mut u8, len: size_t) -> ::std::os::raw::c_int;
}
extern "C" {
#[link_name = "__RUST_MUNDANE_0_4_2_RSA_new"]
@@ -1084,11 +1090,11 @@
#[link_name = "__RUST_MUNDANE_0_4_2_RSA_sign_pss_mgf1"]
pub fn RSA_sign_pss_mgf1(
rsa: *mut RSA,
- out_len: *mut usize,
+ out_len: *mut size_t,
out: *mut u8,
- max_out: usize,
+ max_out: size_t,
in_: *const u8,
- in_len: usize,
+ in_len: size_t,
md: *const EVP_MD,
mgf1_md: *const EVP_MD,
salt_len: ::std::os::raw::c_int,
@@ -1099,9 +1105,9 @@
pub fn RSA_verify(
hash_nid: ::std::os::raw::c_int,
msg: *const u8,
- msg_len: usize,
+ msg_len: size_t,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
rsa: *mut RSA,
) -> ::std::os::raw::c_int;
}
@@ -1110,12 +1116,12 @@
pub fn RSA_verify_pss_mgf1(
rsa: *mut RSA,
msg: *const u8,
- msg_len: usize,
+ msg_len: size_t,
md: *const EVP_MD,
mgf1_md: *const EVP_MD,
salt_len: ::std::os::raw::c_int,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -1137,7 +1143,7 @@
pub app_data: *mut ::std::os::raw::c_void,
pub init: ::std::option::Option<unsafe extern "C" fn(rsa: *mut RSA) -> ::std::os::raw::c_int>,
pub finish: ::std::option::Option<unsafe extern "C" fn(rsa: *mut RSA) -> ::std::os::raw::c_int>,
- pub size: ::std::option::Option<unsafe extern "C" fn(rsa: *const RSA) -> usize>,
+ pub size: ::std::option::Option<unsafe extern "C" fn(rsa: *const RSA) -> size_t>,
pub sign: ::std::option::Option<
unsafe extern "C" fn(
type_: ::std::os::raw::c_int,
@@ -1151,22 +1157,22 @@
pub sign_raw: ::std::option::Option<
unsafe extern "C" fn(
rsa: *mut RSA,
- out_len: *mut usize,
+ out_len: *mut size_t,
out: *mut u8,
- max_out: usize,
+ max_out: size_t,
in_: *const u8,
- in_len: usize,
+ in_len: size_t,
padding: ::std::os::raw::c_int,
) -> ::std::os::raw::c_int,
>,
pub decrypt: ::std::option::Option<
unsafe extern "C" fn(
rsa: *mut RSA,
- out_len: *mut usize,
+ out_len: *mut size_t,
out: *mut u8,
- max_out: usize,
+ max_out: size_t,
in_: *const u8,
- in_len: usize,
+ in_len: size_t,
padding: ::std::os::raw::c_int,
) -> ::std::os::raw::c_int,
>,
@@ -1175,7 +1181,7 @@
rsa: *mut RSA,
out: *mut u8,
in_: *const u8,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int,
>,
pub flags: ::std::os::raw::c_int,
@@ -1280,7 +1286,7 @@
}
#[test]
fn bindgen_test_layout_rsa_st() {
- assert_eq!(::std::mem::size_of::<rsa_st>(), 232usize, concat!("Size of: ", stringify!(rsa_st)));
+ assert_eq!(::std::mem::size_of::<rsa_st>(), 376usize, concat!("Size of: ", stringify!(rsa_st)));
assert_eq!(
::std::mem::align_of::<rsa_st>(),
8usize,
@@ -1353,37 +1359,37 @@
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).mont_n as *const _ as usize },
- 144usize,
+ 288usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(mont_n))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).mont_p as *const _ as usize },
- 152usize,
+ 296usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(mont_p))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).mont_q as *const _ as usize },
- 160usize,
+ 304usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(mont_q))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).d_fixed as *const _ as usize },
- 168usize,
+ 312usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(d_fixed))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).dmp1_fixed as *const _ as usize },
- 176usize,
+ 320usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(dmp1_fixed))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).dmq1_fixed as *const _ as usize },
- 184usize,
+ 328usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(dmq1_fixed))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).inv_small_mod_large_mont as *const _ as usize },
- 192usize,
+ 336usize,
concat!(
"Offset of field: ",
stringify!(rsa_st),
@@ -1393,17 +1399,17 @@
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).num_blindings as *const _ as usize },
- 200usize,
+ 344usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(num_blindings))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).blindings as *const _ as usize },
- 208usize,
+ 352usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(blindings))
);
assert_eq!(
unsafe { &(*(::std::ptr::null::<rsa_st>())).blindings_inuse as *const _ as usize },
- 216usize,
+ 360usize,
concat!("Offset of field: ", stringify!(rsa_st), "::", stringify!(blindings_inuse))
);
}
@@ -1441,7 +1447,7 @@
pub fn SHA1_Update(
sha: *mut SHA_CTX,
data: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -1611,7 +1617,7 @@
pub fn SHA256_Update(
sha: *mut SHA256_CTX,
data: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -1680,7 +1686,7 @@
pub fn SHA384_Update(
sha: *mut SHA512_CTX,
data: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
@@ -1696,7 +1702,7 @@
pub fn SHA512_Update(
sha: *mut SHA512_CTX,
data: *const ::std::os::raw::c_void,
- len: usize,
+ len: size_t,
) -> ::std::os::raw::c_int;
}
extern "C" {
diff --git a/src/boringssl/mod.rs b/src/boringssl/mod.rs
index 1f723f0..516dd56 100644
--- a/src/boringssl/mod.rs
+++ b/src/boringssl/mod.rs
@@ -104,15 +104,16 @@
use boringssl::abort::UnwrapAbort;
use boringssl::raw::{
- BN_set_u64, CBB_data, CBB_init, CBB_len, CBS_init, CBS_len, CRYPTO_memcmp, ECDSA_sign,
+ size_t, BN_set_u64, CBB_data, CBB_init, CBB_len, CBS_init, CBS_len, CRYPTO_memcmp, ECDSA_sign,
ECDSA_size, ECDSA_verify, EC_GROUP_get_curve_name, EC_GROUP_new_by_curve_name,
EC_KEY_generate_key, EC_KEY_get0_group, EC_KEY_marshal_private_key, EC_KEY_parse_private_key,
EC_KEY_set_group, EC_curve_nid2nist, ED25519_keypair, ED25519_keypair_from_seed, ED25519_sign,
ED25519_verify, ERR_print_errors_cb, EVP_PBE_scrypt, EVP_PKEY_assign_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get1_RSA, EVP_marshal_public_key,
EVP_parse_public_key, HMAC_CTX_copy, HMAC_CTX_init, HMAC_Final, HMAC_Init_ex, HMAC_Update,
- HMAC_size, RAND_bytes, RSA_bits, RSA_generate_key_ex, RSA_marshal_private_key,
- RSA_parse_private_key, RSA_sign_pss_mgf1, RSA_size, RSA_verify_pss_mgf1, SHA384_Init,
+ HMAC_size, IntoSizeT, IntoUsize, RAND_bytes, RSA_bits, RSA_generate_key_ex,
+ RSA_marshal_private_key, RSA_parse_private_key, RSA_sign_pss_mgf1, RSA_size,
+ RSA_verify_pss_mgf1, SHA384_Init,
};
#[cfg(feature = "rsa-pkcs1v15")]
use boringssl::raw::{RSA_sign, RSA_verify};
@@ -133,7 +134,7 @@
pub fn cbb_new(initial_capacity: usize) -> Result<CStackWrapper<CBB>, BoringError> {
unsafe {
let mut cbb = MaybeUninit::uninit();
- CBB_init(cbb.as_mut_ptr(), initial_capacity)?;
+ CBB_init(cbb.as_mut_ptr(), initial_capacity.into_size_t())?;
Ok(CStackWrapper::new(cbb.assume_init()))
}
}
@@ -161,7 +162,7 @@
let ptr = CBB_data(self.as_const()).unwrap_abort();
// TODO(joshlf): Can with_data use this to smuggle out the
// reference, outliving the lifetime of self?
- with_data(slice::from_raw_parts(ptr.as_ptr(), len))
+ with_data(slice::from_raw_parts(ptr.as_ptr(), len.into_usize()))
}
}
}
@@ -171,7 +172,7 @@
/// The `CBS_len` function.
#[must_use]
pub fn cbs_len(&self) -> usize {
- unsafe { CBS_len(self.as_const()) }
+ unsafe { CBS_len(self.as_const()).into_usize() }
}
/// Invokes a callback on a temporary `CBS`.
@@ -187,7 +188,7 @@
) -> O {
unsafe {
let mut cbs = MaybeUninit::uninit();
- CBS_init(cbs.as_mut_ptr(), bytes.as_ptr(), bytes.len());
+ CBS_init(cbs.as_mut_ptr(), bytes.as_ptr(), bytes.len().into_size_t());
let mut cbs = CStackWrapper::new(cbs.assume_init());
with_cbs(&mut cbs)
}
@@ -289,7 +290,7 @@
ECDSA_sign(
0,
digest.as_ptr(),
- digest.len(),
+ digest.len().into_size_t(),
sig.as_mut_ptr(),
&mut sig_len,
key.as_const(),
@@ -306,7 +307,14 @@
#[must_use]
pub fn ecdsa_verify(digest: &[u8], sig: &[u8], key: &CHeapWrapper<EC_KEY>) -> bool {
unsafe {
- ECDSA_verify(0, digest.as_ptr(), digest.len(), sig.as_ptr(), sig.len(), key.as_const())
+ ECDSA_verify(
+ 0,
+ digest.as_ptr(),
+ digest.len().into_size_t(),
+ sig.as_ptr(),
+ sig.len().into_size_t(),
+ key.as_const(),
+ )
}
}
@@ -331,7 +339,7 @@
#[must_use]
pub fn ed25519_sign(message: &[u8], private_key: &[u8; 64]) -> Result<[u8; 64], BoringError> {
let mut sig = [0u8; 64];
- unsafe { ED25519_sign(&mut sig, message.as_ptr(), message.len(), private_key)? };
+ unsafe { ED25519_sign(&mut sig, message.as_ptr(), message.len().into_size_t(), private_key)? };
Ok(sig)
}
@@ -353,7 +361,7 @@
/// The `ED25519_verify` function.
#[must_use]
pub fn ed25519_verify(message: &[u8], signature: &[u8; 64], public_key: &[u8; 32]) -> bool {
- unsafe { ED25519_verify(message.as_ptr(), message.len(), signature, public_key) }
+ unsafe { ED25519_verify(message.as_ptr(), message.len().into_size_t(), signature, public_key) }
}
impl CHeapWrapper<EVP_PKEY> {
@@ -429,15 +437,15 @@
unsafe {
EVP_PBE_scrypt(
password.as_ptr() as *const c_char,
- password.len(),
+ password.len().into_size_t(),
salt.as_ptr(),
- salt.len(),
+ salt.len().into_size_t(),
N,
r,
p,
- max_mem,
+ max_mem.into_size_t(),
out_key.as_mut_ptr(),
- out_key.len(),
+ out_key.len().into_size_t(),
)
}
}
@@ -455,12 +463,12 @@
unsafe {
raw::PKCS5_PBKDF2_HMAC(
password.as_ptr() as *const c_char,
- password.len(),
+ password.len().into_size_t(),
salt.as_ptr(),
- salt.len(),
+ salt.len().into_size_t(),
iterations,
digest.as_const(),
- out_key.len(),
+ out_key.len().into_size_t(),
out_key.as_mut_ptr(),
)
}
@@ -539,7 +547,7 @@
HMAC_Init_ex(
ctx.as_mut_ptr(),
key.as_ptr() as *const c_void,
- key.len(),
+ key.len().into_size_t(),
md.as_const(),
)?;
Ok(CStackWrapper::new(ctx.assume_init()))
@@ -548,7 +556,7 @@
/// The `HMAC_Update` function.
pub fn hmac_update(&mut self, data: &[u8]) {
- unsafe { HMAC_Update(self.as_mut(), data.as_ptr(), data.len()) }
+ unsafe { HMAC_Update(self.as_mut(), data.as_ptr(), data.len().into_size_t()) }
}
// NOTE(joshlf): We require exactly the right length (as opposed to just
@@ -562,9 +570,9 @@
/// by `HMAC_size`).
pub fn hmac_final(&mut self, out: &mut [u8]) {
unsafe {
- let size = HMAC_size(self.as_const());
- assert_abort_eq!(out.len(), size);
- let mut size = 0;
+ let hmac_size = HMAC_size(self.as_const()).into_usize();
+ assert_abort_eq!(out.len(), hmac_size);
+ let mut hmac_final_size: u32 = 0;
// HMAC_Final is documented to fail on allocation failure, but an
// internal comment states that it's infallible. In either case, we
// want to panic. Normally, for allocation failure, we'd put the
@@ -573,9 +581,18 @@
//
// TODO(joshlf): Remove this comment once HMAC_Final is documented
// as being infallible.
- HMAC_Final(self.as_mut(), out.as_mut_ptr(), &mut size).unwrap_abort();
- // Guaranteed to be the value returned by HMAC_size.
- assert_abort_eq!(out.len(), size as usize);
+ HMAC_Final(self.as_mut(), out.as_mut_ptr(), &mut hmac_final_size).unwrap_abort();
+ // `HMAC_Final` guarantees that it will set its out argument to the
+ // same value returned by `HMAC_size`. If the conversion from `u32`
+ // to `usize` fails, that means that a) we are on a 16-bit platform
+ // and b) that `HMAC_Final` failed to uphold its contract.
+ assert_abort_eq!(
+ hmac_size,
+ hmac_final_size
+ .try_into()
+ .expect("`HMAC_Final` returned size out of range of `usize`")
+ );
+ assert_abort_eq!(out.len(), hmac_size);
}
}
@@ -685,7 +702,7 @@
salt_len: c_int,
) -> Result<usize, BoringError> {
unsafe {
- let mut sig_len: usize = 0;
+ let mut sig_len: size_t = 0;
RSA_sign_pss_mgf1(
// RSA_sign_pss_mgf1 does not mutate its argument but, for
// backwards-compatibility reasons, continues to take a normal
@@ -693,9 +710,9 @@
key.as_const() as *mut _,
&mut sig_len,
sig.as_mut_ptr(),
- sig.len(),
+ sig.len().into_size_t(),
digest.as_ptr(),
- digest.len(),
+ digest.len().into_size_t(),
md.as_const(),
mgf1_md.map(CRef::as_const).unwrap_or(ptr::null()),
salt_len,
@@ -704,6 +721,7 @@
// RSA_sign_pss_mgf1 guarantees that it only needs RSA_size bytes for
// the signature.
let rsa_size = key.rsa_size().unwrap_abort();
+ let sig_len = sig_len.into_usize();
assert_abort!(sig_len <= rsa_size.get());
Ok(sig_len)
}
@@ -717,9 +735,9 @@
RSA_verify(
hash_nid,
digest.as_ptr(),
- digest.len(),
+ digest.len().into_size_t(),
sig.as_ptr(),
- sig.len(),
+ sig.len().into_size_t(),
// RSA_verify does not mutate its argument but, for
// backwards-compatibility reasons, continues to take a normal
// (non-const) pointer.
@@ -745,12 +763,12 @@
// (non-const) pointer.
key.as_const() as *mut _,
digest.as_ptr(),
- digest.len(),
+ digest.len().into_size_t(),
md.as_const(),
mgf1_md.map(CRef::as_const).unwrap_or(ptr::null()),
salt_len,
sig.as_ptr(),
- sig.len(),
+ sig.len().into_size_t(),
)
}
}
@@ -772,7 +790,7 @@
::boringssl::raw::$update_raw(
self.as_mut(),
data.as_ptr() as *const c_void,
- data.len(),
+ data.len().into_size_t(),
)
}
}
@@ -881,12 +899,18 @@
if a.len() != b.len() {
return false;
}
- unsafe { CRYPTO_memcmp(a.as_ptr() as *const c_void, b.as_ptr() as *const c_void, a.len()) == 0 }
+ unsafe {
+ CRYPTO_memcmp(
+ a.as_ptr() as *const c_void,
+ b.as_ptr() as *const c_void,
+ a.len().into_size_t(),
+ ) == 0
+ }
}
/// The `RAND_bytes` function.
pub fn rand_bytes(buf: &mut [u8]) {
- unsafe { RAND_bytes(buf.as_mut_ptr(), buf.len()) }
+ unsafe { RAND_bytes(buf.as_mut_ptr(), buf.len().into_size_t()) }
}
/// An error generated by BoringSSL.
@@ -941,9 +965,13 @@
fn get_error_stack_trace() -> Vec<String> {
// Credit to agl@google.com for this implementation.
- unsafe extern "C" fn error_callback(s: *const c_char, s_len: usize, ctx: *mut c_void) -> c_int {
+ unsafe extern "C" fn error_callback(
+ s: *const c_char,
+ s_len: size_t,
+ ctx: *mut c_void,
+ ) -> c_int {
let stack_trace = ctx as *mut Vec<String>;
- let s = ::std::slice::from_raw_parts(s as *const u8, s_len - 1);
+ let s = ::std::slice::from_raw_parts(s as *const u8, s_len.into_usize() - 1);
(*stack_trace).push(String::from_utf8_lossy(s).to_string());
1
}
diff --git a/src/boringssl/raw.rs b/src/boringssl/raw.rs
index 9beadd4..c51aed0 100644
--- a/src/boringssl/raw.rs
+++ b/src/boringssl/raw.rs
@@ -14,9 +14,9 @@
//! This module also directly re-exports any raw bindings which are infallible
//! (e.g., `void` functions).
-// infallible functions
+// Infallible functions and the `size_t` type.
pub use boringssl::ffi::{
- CBB_cleanup, CBB_len, CBS_init, CBS_len, CRYPTO_memcmp, EC_GROUP_get_curve_name,
+ size_t, CBB_cleanup, CBB_len, CBS_init, CBS_len, CRYPTO_memcmp, EC_GROUP_get_curve_name,
ED25519_keypair, ED25519_keypair_from_seed, ERR_print_errors_cb, HMAC_CTX_init, HMAC_size,
RSA_bits,
};
@@ -37,7 +37,7 @@
macro_rules! impl_hash_context {
($ctx:ident, $update:ident, $final:ident) => {
#[allow(non_snake_case)]
- pub unsafe fn $update(ctx: *mut ffi::$ctx, data: *const c_void, len: usize) {
+ pub unsafe fn $update(ctx: *mut ffi::$ctx, data: *const c_void, len: size_t) {
// All XXX_Update functions promise to return 1.
assert_abort_eq!(ffi::$update(ctx, data, len), 1);
}
@@ -68,7 +68,7 @@
#[allow(non_snake_case)]
#[must_use]
-pub unsafe fn CBB_init(cbb: *mut CBB, initial_capacity: usize) -> Result<(), BoringError> {
+pub unsafe fn CBB_init(cbb: *mut CBB, initial_capacity: size_t) -> Result<(), BoringError> {
one_or_err("CBB_init", ffi::CBB_init(cbb, initial_capacity))
}
@@ -85,7 +85,7 @@
pub unsafe fn ED25519_sign(
out: *mut [u8; 64],
message: *const u8,
- message_len: usize,
+ message_len: size_t,
private_key: *const [u8; 64],
) -> Result<(), BoringError> {
one_or_err(
@@ -98,7 +98,7 @@
#[must_use]
pub unsafe fn ED25519_verify(
message: *const u8,
- message_len: usize,
+ message_len: size_t,
signature: *const [u8; 64],
public_key: *const [u8; 32],
) -> bool {
@@ -198,7 +198,7 @@
pub unsafe fn ECDSA_sign(
type_: c_int,
digest: *const u8,
- digest_len: usize,
+ digest_len: size_t,
sig: *mut u8,
sig_len: *mut c_uint,
key: *const EC_KEY,
@@ -209,7 +209,8 @@
#[allow(non_snake_case)]
#[must_use]
pub unsafe fn ECDSA_size(key: *const EC_KEY) -> Result<NonZeroUsize, BoringError> {
- NonZeroUsize::new(ffi::ECDSA_size(key)).ok_or_else(|| BoringError::consume_stack("ECDSA_size"))
+ NonZeroUsize::new(ffi::ECDSA_size(key).into_usize())
+ .ok_or_else(|| BoringError::consume_stack("ECDSA_size"))
}
#[allow(non_snake_case)]
@@ -217,9 +218,9 @@
pub unsafe fn ECDSA_verify(
type_: c_int,
digest: *const u8,
- digest_len: usize,
+ digest_len: size_t,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
key: *const EC_KEY,
) -> bool {
match ffi::ECDSA_verify(type_, digest, digest_len, sig, sig_len, key) {
@@ -279,15 +280,15 @@
#[must_use]
pub unsafe fn EVP_PBE_scrypt(
password: *const c_char,
- password_len: usize,
+ password_len: size_t,
salt: *const u8,
- salt_len: usize,
+ salt_len: size_t,
N: u64,
r: u64,
p: u64,
- max_mem: usize,
+ max_mem: size_t,
out_key: *mut u8,
- key_len: usize,
+ key_len: size_t,
) -> Result<(), BoringError> {
one_or_err(
"EVP_PBE_scrypt",
@@ -312,12 +313,12 @@
#[must_use]
pub unsafe fn PKCS5_PBKDF2_HMAC(
password: *const c_char,
- password_len: usize,
+ password_len: size_t,
salt: *const u8,
- salt_len: usize,
+ salt_len: size_t,
iterations: c_uint,
digest: *const EVP_MD,
- key_len: usize,
+ key_len: size_t,
out_key: *mut u8,
) -> Result<(), BoringError> {
one_or_err(
@@ -350,14 +351,14 @@
pub unsafe fn HMAC_Init_ex(
ctx: *mut HMAC_CTX,
key: *const c_void,
- key_len: usize,
+ key_len: size_t,
md: *const EVP_MD,
) -> Result<(), BoringError> {
one_or_err("HMAC_Init_ex", ffi::HMAC_Init_ex(ctx, key, key_len, md, ptr::null_mut()))
}
#[allow(non_snake_case)]
-pub unsafe fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const u8, data_len: usize) {
+pub unsafe fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const u8, data_len: size_t) {
// HMAC_Update promises to return 1.
assert_abort_eq!(ffi::HMAC_Update(ctx, data, data_len), 1);
}
@@ -380,7 +381,7 @@
// rand.h
#[allow(non_snake_case)]
-pub unsafe fn RAND_bytes(buf: *mut u8, len: usize) {
+pub unsafe fn RAND_bytes(buf: *mut u8, len: size_t) {
// RAND_bytes promises to return 1.
assert_abort_eq!(ffi::RAND_bytes(buf, len), 1);
}
@@ -430,11 +431,11 @@
#[must_use]
pub unsafe fn RSA_sign_pss_mgf1(
rsa: *mut RSA,
- out_len: *mut usize,
+ out_len: *mut size_t,
out: *mut u8,
- max_out: usize,
+ max_out: size_t,
in_: *const u8,
- in_len: usize,
+ in_len: size_t,
md: *const EVP_MD,
mgf1_md: *const EVP_MD,
salt_len: c_int,
@@ -458,9 +459,9 @@
pub unsafe fn RSA_verify(
hash_nid: c_int,
msg: *const u8,
- msg_len: usize,
+ msg_len: size_t,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
rsa: *mut RSA,
) -> bool {
match ffi::RSA_verify(hash_nid, msg, msg_len, sig, sig_len, rsa) {
@@ -476,12 +477,12 @@
pub unsafe fn RSA_verify_pss_mgf1(
rsa: *mut RSA,
msg: *const u8,
- msg_len: usize,
+ msg_len: size_t,
md: *const EVP_MD,
mgf1_md: *const EVP_MD,
salt_len: c_int,
sig: *const u8,
- sig_len: usize,
+ sig_len: size_t,
) -> bool {
match ffi::RSA_verify_pss_mgf1(rsa, msg, msg_len, md, mgf1_md, salt_len, sig, sig_len) {
0 => false,
@@ -544,8 +545,11 @@
// If code is 1, returns Ok, otherwise returns Err. f should be the name of the
// function that returned this value.
#[must_use]
-pub fn one_or_err(f: &str, code: c_int) -> Result<(), BoringError> {
- if code == 1 {
+pub fn one_or_err<S: TryInto<size_t>>(f: &str, code: S) -> Result<(), BoringError> {
+ // If the conversion failed, then the value is definitely not 1 since 1 is
+ // representable in `size_t`. Thus, in that case, we assume there was an
+ // error.
+ if code.try_into().map(|code| code == 1).unwrap_or(false) {
Ok(())
} else {
Err(BoringError::consume_stack(f))
@@ -557,3 +561,65 @@
fn ptr_or_err<T>(f: &str, ptr: *mut T) -> Result<NonNull<T>, BoringError> {
NonNull::new(ptr).ok_or_else(|| BoringError::consume_stack(f))
}
+
+/// Convert from the `usize` type into the `size_t` type.
+///
+/// Bindgen generates its own `size_t` Rust type to act as the equivalent of the
+/// `size_t` C type. On all current platforms, this is an unsigned integer of
+/// the same size as the platform word size (e.g., `u64` on 64-bit platforms).
+/// On those platforms, `usize` and `size_t` are, in practice, interchangeable,
+/// though the type system doesn't know it. This trait exists to convert between
+/// them, and also to ensure that compilation fails if they are not
+/// interchangeable on a particular platform.
+pub trait IntoSizeT {
+ fn into_size_t(self) -> size_t;
+}
+
+/// Convert from the `size_t` type into the `usize` type.
+pub trait IntoUsize {
+ fn into_usize(self) -> usize;
+}
+
+#[cfg(target_pointer_width = "64")]
+impl IntoSizeT for usize {
+ fn into_size_t(self) -> size_t {
+ // This is an infallible conversion since we're on a 64-bit platform.
+ let x = self as u64;
+ // This line will stop compiling if `size_t` is no longer an alias for
+ // `u64`.
+ x
+ }
+}
+
+#[cfg(target_pointer_width = "64")]
+impl IntoUsize for size_t {
+ fn into_usize(self) -> usize {
+ // This line will stop compiling if `size_t` is no longer an alias for
+ // `u64`.
+ let x: u64 = self;
+ // This is an infallible conversion since we're on a 64-bit platform.
+ x as usize
+ }
+}
+
+#[cfg(target_pointer_width = "32")]
+impl IntoSizeT for usize {
+ fn into_size_t(self) -> size_t {
+ // This is an infallible conversion since we're on a 32-bit platform.
+ let x = self as u32;
+ // This line will stop compiling if `size_t` is no longer an alias for
+ // `u32`.
+ x
+ }
+}
+
+#[cfg(target_pointer_width = "32")]
+impl IntoUsize for size_t {
+ fn into_usize(self) -> usize {
+ // This line will stop compiling if `size_t` is no longer an alias for
+ // `u32`.
+ let x: u32 = self;
+ // This is an infallible conversion since we're on a 32-bit platform.
+ x as usize
+ }
+}
