Merge pull request #1649 from maurer/boringssl

Adds support for linking against boringssl
sfackler · Sep 26, 2022 · 0af10fb · 0af10fb
2 parents 7ef9ab2 + c49476b
commit 0af10fb
Show file tree

Hide file tree

Showing 43 changed files with 904 additions and 498 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -149,6 +149,10 @@ jobs:
             - true
             - false
           library:
+            - name: boringssl
+              version: master
+            - name: boringssl
+              version: 5697a9202615925696f8dc7f4e286d44d474769e
             - name: openssl
               version: vendored
             - name: openssl
@@ -197,6 +201,10 @@ jobs:
               library:
                 name: libressl
                 version: 3.5.2
+          exclude:
+            - library:
+                name: boringssl
+              bindgen: true
       name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
       runs-on: ubuntu-latest
       env:
@@ -217,10 +225,10 @@ jobs:
               exit 0
               ;;
             "i686-unknown-linux-gnu")
-              packages="gcc-multilib"
+              packages="gcc-multilib g++-multilib"
               ;;
             "arm-unknown-linux-gnueabihf")
-              packages="gcc-arm-linux-gnueabihf qemu-user"
+              packages="gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf qemu-user"
               ;;
             esac
 
@@ -233,14 +241,24 @@ jobs:
             key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-2
           if: matrix.library.version != 'vendored'
           id: openssl-cache
+        - run: |
+            echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV
+            echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV
+          if: matrix.target == 'arm-unknown-linux-gnueabihf'
         - name: Build OpenSSL
           run: |
             case "${{ matrix.library.name }}" in
             "openssl")
               url="https://openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
+              tar_flags="--strip-components=1"
               ;;
             "libressl")
               url="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${{ matrix.library.version }}.tar.gz"
+              tar_flags="--strip-components=1"
+              ;;
+            "boringssl")
+              url="https://boringssl.googlesource.com/boringssl/+archive/${{ matrix.library.version }}.tar.gz"
+              tar_flags=""
               ;;
             esac
 
@@ -258,30 +276,45 @@ jobs:
               OS_FLAGS=""
               export AR=arm-linux-gnueabihf-ar
               export CC=arm-linux-gnueabihf-gcc
+              export CXX=arm-linux-gnueabihf-g++
               ;;
             esac
 
             mkdir /tmp/build
             cd /tmp/build
 
-            curl -L $url | tar --strip-components=1 -xzf -
+            curl -L $url | tar $tar_flags -xzf -
 
             case "${{ matrix.library.name }}" in
             "openssl")
               ./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS no-shared
+              make
+              make install_sw
               ;;
             "libressl")
               ./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic
+              make
+              make install_sw
               ;;
+            "boringssl")
+              sed -i rust/CMakeLists.txt -e '1s%^%include_directories(../include)\n%'
+              cpu=`echo ${{ matrix.target }} | cut -d - -f 1`
+              echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake
+              echo "set(CMAKE_SYSTEM_PROCESSOR $cpu)" >> toolchain.cmake
+              echo "set(triple ${{ matrix.target }})" >> toolchain.cmake
+              echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake
+              echo 'set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS}   '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake
+              echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake
+              cmake -DRUST_BINDINGS="${{ matrix.target }}" -B $OPENSSL_DIR -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake
+              make -C $OPENSSL_DIR
             esac
 
-            make
-            make install_sw
           if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit
         - run: |
-            echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV
-            echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV
-          if: matrix.target == 'arm-unknown-linux-gnueabihf'
+            mkdir -p .cargo
+            echo '[patch.crates-io]' > .cargo/config.toml
+            echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust" }' >> .cargo/config.toml
+          if: matrix.library.name == 'boringssl'
         - uses: actions/cache@v1
           with:
             path: ~/.cargo/registry/index
@@ -307,8 +340,12 @@ jobs:
               features="$features --features bindgen"
             fi
             cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features
+          if: matrix.library.name != 'boringssl'
         - name: Test openssl
           run: |
+            if [[ "${{ matrix.library.name }}" == "boringssl" ]]; then
+              features="--features unstable_boringssl"
+            fi
             if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
               features="--features vendored"
             fi
@@ -325,3 +362,4 @@ jobs:
               features="$features --features openssl-sys/bindgen"
             fi
             cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features
+          if: matrix.library.name != 'boringssl'
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
@@ -15,9 +15,11 @@ build = "build/main.rs"
 
 [features]
 vendored = ['openssl-src']
+unstable_boringssl = ['bssl-sys']
 
 [dependencies]
 libc = "0.2"
+bssl-sys = { version = "0.1.0", optional = true }
 
 [build-dependencies]
 bindgen = { version = "0.59.2", optional = true }

diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
@@ -60,9 +60,21 @@ fn find_openssl(target: &str) -> (Vec<PathBuf>, PathBuf) {
     find_normal::get_openssl(target)
 }
 
+fn check_ssl_kind() {
+    if cfg!(feature = "unstable_boringssl") {
+        println!("cargo:rustc-cfg=boringssl");
+        // BoringSSL does not have any build logic, exit early
+        std::process::exit(0);
+    } else {
+        println!("cargo:rustc-cfg=openssl");
+    }
+}
+
 fn main() {
     check_rustc_versions();
 
+    check_ssl_kind();
+
     let target = env::var("TARGET").unwrap();
 
     let (lib_dirs, include_dir) = find_openssl(&target);

diff --git a/openssl-sys/src/handwritten/mod.rs b/openssl-sys/src/handwritten/mod.rs
@@ -1,35 +1,35 @@
-pub use handwritten::aes::*;
-pub use handwritten::asn1::*;
-pub use handwritten::bio::*;
-pub use handwritten::bn::*;
-pub use handwritten::cms::*;
-pub use handwritten::conf::*;
-pub use handwritten::crypto::*;
-pub use handwritten::dh::*;
-pub use handwritten::dsa::*;
-pub use handwritten::ec::*;
-pub use handwritten::err::*;
-pub use handwritten::evp::*;
-pub use handwritten::hmac::*;
-pub use handwritten::kdf::*;
-pub use handwritten::object::*;
-pub use handwritten::ocsp::*;
-pub use handwritten::pem::*;
-pub use handwritten::pkcs12::*;
-pub use handwritten::pkcs7::*;
-pub use handwritten::provider::*;
-pub use handwritten::rand::*;
-pub use handwritten::rsa::*;
-pub use handwritten::safestack::*;
-pub use handwritten::sha::*;
-pub use handwritten::srtp::*;
-pub use handwritten::ssl::*;
-pub use handwritten::stack::*;
-pub use handwritten::tls1::*;
-pub use handwritten::types::*;
-pub use handwritten::x509::*;
-pub use handwritten::x509_vfy::*;
-pub use handwritten::x509v3::*;
+pub use self::aes::*;
+pub use self::asn1::*;
+pub use self::bio::*;
+pub use self::bn::*;
+pub use self::cms::*;
+pub use self::conf::*;
+pub use self::crypto::*;
+pub use self::dh::*;
+pub use self::dsa::*;
+pub use self::ec::*;
+pub use self::err::*;
+pub use self::evp::*;
+pub use self::hmac::*;
+pub use self::kdf::*;
+pub use self::object::*;
+pub use self::ocsp::*;
+pub use self::pem::*;
+pub use self::pkcs12::*;
+pub use self::pkcs7::*;
+pub use self::provider::*;
+pub use self::rand::*;
+pub use self::rsa::*;
+pub use self::safestack::*;
+pub use self::sha::*;
+pub use self::srtp::*;
+pub use self::ssl::*;
+pub use self::stack::*;
+pub use self::tls1::*;
+pub use self::types::*;
+pub use self::x509::*;
+pub use self::x509_vfy::*;
+pub use self::x509v3::*;
 
 mod aes;
 mod asn1;