Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2f1164b

Browse filesBrowse files
skmcgrailskmcgrail
committed
Enable additional capabilities for AWS-LC
1 parent dde9ffb commit 2f1164b
Copy full SHA for 2f1164b

File tree

Expand file treeCollapse file tree

14 files changed

+316
-106
lines changed
Filter options
Expand file treeCollapse file tree

14 files changed

+316
-106
lines changed

‎openssl/build.rs

Copy file name to clipboardExpand all lines: openssl/build.rs
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ fn main() {
3333
println!("cargo:rustc-check-cfg=cfg(libressl382)");
3434
println!("cargo:rustc-check-cfg=cfg(libressl390)");
3535
println!("cargo:rustc-check-cfg=cfg(libressl400)");
36+
println!("cargo:rustc-check-cfg=cfg(libressl410)");
3637

3738
println!("cargo:rustc-check-cfg=cfg(ossl101)");
3839
println!("cargo:rustc-check-cfg=cfg(ossl102)");
@@ -121,6 +122,9 @@ fn main() {
121122
if version >= 0x4_00_00_00_0 {
122123
println!("cargo:rustc-cfg=libressl400");
123124
}
125+
if version >= 0x4_01_00_00_0 {
126+
println!("cargo:rustc-cfg=libressl410");
127+
}
124128
}
125129

126130
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {

‎openssl/src/bn.rs

Copy file name to clipboardExpand all lines: openssl/src/bn.rs
+22-12Lines changed: 22 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -37,18 +37,15 @@ use crate::{cvt, cvt_n, cvt_p, LenType};
3737
use openssl_macros::corresponds;
3838

3939
cfg_if! {
40-
if #[cfg(any(ossl110, libressl350))] {
40+
if #[cfg(any(ossl110, libressl350, awslc))] {
4141
use ffi::{
42-
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
43-
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
42+
BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
4443
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative,
4544
};
46-
} else if #[cfg(any(boringssl, awslc))] {
45+
} else if #[cfg(boringssl)] {
4746
use ffi::BN_is_negative;
4847
} else {
4948
use ffi::{
50-
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
51-
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
5249
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
5350
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
5451
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
@@ -64,6 +61,19 @@ cfg_if! {
6461
}
6562
}
6663

64+
cfg_if! {
65+
if #[cfg(any(ossl110, libressl350))] {
66+
use ffi::{
67+
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768
68+
};
69+
} else if #[cfg(not(any(boringssl, awslc)))] {
70+
use ffi::{
71+
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
72+
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
73+
};
74+
}
75+
}
76+
6777
/// Options for the most significant bits of a randomly generated `BigNum`.
6878
pub struct MsbOption(c_int);
6979

@@ -1014,7 +1024,7 @@ impl BigNum {
10141024
///
10151025
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
10161026
#[corresponds(BN_get_rfc3526_prime_1536)]
1017-
#[cfg(not(any(boringssl, awslc)))]
1027+
#[cfg(not(boringssl))]
10181028
pub fn get_rfc3526_prime_1536() -> Result<BigNum, ErrorStack> {
10191029
unsafe {
10201030
ffi::init();
@@ -1028,7 +1038,7 @@ impl BigNum {
10281038
///
10291039
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
10301040
#[corresponds(BN_get_rfc3526_prime_2048)]
1031-
#[cfg(not(any(boringssl, awslc)))]
1041+
#[cfg(not(boringssl))]
10321042
pub fn get_rfc3526_prime_2048() -> Result<BigNum, ErrorStack> {
10331043
unsafe {
10341044
ffi::init();
@@ -1042,7 +1052,7 @@ impl BigNum {
10421052
///
10431053
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
10441054
#[corresponds(BN_get_rfc3526_prime_3072)]
1045-
#[cfg(not(any(boringssl, awslc)))]
1055+
#[cfg(not(boringssl))]
10461056
pub fn get_rfc3526_prime_3072() -> Result<BigNum, ErrorStack> {
10471057
unsafe {
10481058
ffi::init();
@@ -1056,7 +1066,7 @@ impl BigNum {
10561066
///
10571067
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
10581068
#[corresponds(BN_get_rfc3526_prime_4096)]
1059-
#[cfg(not(any(boringssl, awslc)))]
1069+
#[cfg(not(boringssl))]
10601070
pub fn get_rfc3526_prime_4096() -> Result<BigNum, ErrorStack> {
10611071
unsafe {
10621072
ffi::init();
@@ -1070,7 +1080,7 @@ impl BigNum {
10701080
///
10711081
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
10721082
#[corresponds(BN_get_rfc3526_prime_6114)]
1073-
#[cfg(not(any(boringssl, awslc)))]
1083+
#[cfg(not(boringssl))]
10741084
pub fn get_rfc3526_prime_6144() -> Result<BigNum, ErrorStack> {
10751085
unsafe {
10761086
ffi::init();
@@ -1084,7 +1094,7 @@ impl BigNum {
10841094
///
10851095
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
10861096
#[corresponds(BN_get_rfc3526_prime_8192)]
1087-
#[cfg(not(any(boringssl, awslc)))]
1097+
#[cfg(not(boringssl))]
10881098
pub fn get_rfc3526_prime_8192() -> Result<BigNum, ErrorStack> {
10891099
unsafe {
10901100
ffi::init();

‎openssl/src/cipher.rs

Copy file name to clipboardExpand all lines: openssl/src/cipher.rs
+12-12Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ impl Cipher {
166166
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_xts() as *mut _) }
167167
}
168168

169-
#[cfg(not(any(boringssl, awslc)))]
169+
#[cfg(not(boringssl))]
170170
pub fn aes_256_xts() -> &'static CipherRef {
171171
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_xts() as *mut _) }
172172
}
@@ -175,17 +175,17 @@ impl Cipher {
175175
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ctr() as *mut _) }
176176
}
177177

178-
#[cfg(not(any(boringssl, awslc)))]
178+
#[cfg(not(boringssl))]
179179
pub fn aes_128_cfb1() -> &'static CipherRef {
180180
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb1() as *mut _) }
181181
}
182182

183-
#[cfg(not(any(boringssl, awslc)))]
183+
#[cfg(not(boringssl))]
184184
pub fn aes_128_cfb128() -> &'static CipherRef {
185185
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb128() as *mut _) }
186186
}
187187

188-
#[cfg(not(any(boringssl, awslc)))]
188+
#[cfg(not(boringssl))]
189189
pub fn aes_128_cfb8() -> &'static CipherRef {
190190
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb8() as *mut _) }
191191
}
@@ -194,7 +194,7 @@ impl Cipher {
194194
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_gcm() as *mut _) }
195195
}
196196

197-
#[cfg(not(any(boringssl, awslc)))]
197+
#[cfg(not(boringssl))]
198198
pub fn aes_128_ccm() -> &'static CipherRef {
199199
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ccm() as *mut _) }
200200
}
@@ -233,7 +233,7 @@ impl Cipher {
233233
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ctr() as *mut _) }
234234
}
235235

236-
#[cfg(not(any(boringssl, awslc)))]
236+
#[cfg(not(boringssl))]
237237
pub fn aes_192_cfb1() -> &'static CipherRef {
238238
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb1() as *mut _) }
239239
}
@@ -242,7 +242,7 @@ impl Cipher {
242242
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb128() as *mut _) }
243243
}
244244

245-
#[cfg(not(any(boringssl, awslc)))]
245+
#[cfg(not(boringssl))]
246246
pub fn aes_192_cfb8() -> &'static CipherRef {
247247
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb8() as *mut _) }
248248
}
@@ -251,7 +251,7 @@ impl Cipher {
251251
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_gcm() as *mut _) }
252252
}
253253

254-
#[cfg(not(any(boringssl, awslc)))]
254+
#[cfg(not(boringssl))]
255255
pub fn aes_192_ccm() -> &'static CipherRef {
256256
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ccm() as *mut _) }
257257
}
@@ -290,7 +290,7 @@ impl Cipher {
290290
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ctr() as *mut _) }
291291
}
292292

293-
#[cfg(not(any(boringssl, awslc)))]
293+
#[cfg(not(boringssl))]
294294
pub fn aes_256_cfb1() -> &'static CipherRef {
295295
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb1() as *mut _) }
296296
}
@@ -299,7 +299,7 @@ impl Cipher {
299299
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb128() as *mut _) }
300300
}
301301

302-
#[cfg(not(any(boringssl, awslc)))]
302+
#[cfg(not(boringssl))]
303303
pub fn aes_256_cfb8() -> &'static CipherRef {
304304
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb8() as *mut _) }
305305
}
@@ -308,7 +308,7 @@ impl Cipher {
308308
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_gcm() as *mut _) }
309309
}
310310

311-
#[cfg(not(any(boringssl, awslc)))]
311+
#[cfg(not(boringssl))]
312312
pub fn aes_256_ccm() -> &'static CipherRef {
313313
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ccm() as *mut _) }
314314
}
@@ -500,7 +500,7 @@ impl Cipher {
500500
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20() as *mut _) }
501501
}
502502

503-
#[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))]
503+
#[cfg(all(any(ossl110, libressl360, awslc), not(osslconf = "OPENSSL_NO_CHACHA")))]
504504
pub fn chacha20_poly1305() -> &'static CipherRef {
505505
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20_poly1305() as *mut _) }
506506
}

‎openssl/src/cipher_ctx.rs

Copy file name to clipboardExpand all lines: openssl/src/cipher_ctx.rs
+165Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -809,8 +809,173 @@ mod test {
809809
aes_128_cbc(cipher);
810810
}
811811

812+
#[cfg(not(boringssl))]
813+
#[test]
814+
fn default_aes_128_ccm() {
815+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
816+
let cipher = Cipher::aes_128_ccm();
817+
aes_ccm(
818+
cipher,
819+
"26511fb51fcfa75cb4b44da75a6e5a0e",
820+
"ea98ec44f5a86715014783172e",
821+
"4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
822+
"e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
823+
"1bf0ba0ebb20d8edba59f29a9371750c9c714078f73c335d",
824+
"2f1322ac69b848b001476323aed84c47",
825+
);
826+
}
827+
828+
#[cfg(not(boringssl))]
829+
#[test]
830+
fn default_aes_192_ccm() {
831+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
832+
let cipher = Cipher::aes_192_ccm();
833+
aes_ccm(
834+
cipher,
835+
"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886",
836+
"ea98ec44f5a86715014783172e",
837+
"4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
838+
"e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
839+
"30c154c616946eccc2e241d336ad33720953e449a0e6b0f0",
840+
"dbf8e9464909bdf337e48093c082a10b",
841+
);
842+
}
843+
844+
#[cfg(not(boringssl))]
845+
#[test]
846+
fn default_aes_256_ccm() {
847+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
848+
let cipher = Cipher::aes_256_ccm();
849+
aes_ccm(
850+
cipher,
851+
"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e",
852+
"3542fbe0f59a6d5f3abf619b7d",
853+
"c5b3d71312ea14f2f8fae5bd1a453192b6604a45db75c5ed",
854+
"dd4531f158a2fa3bc8a339f770595048f4a42bc1b03f2e824efc6ba4985119d8",
855+
"39c2e8f6edfe663b90963b98eb79e2d4f7f28a5053ae8881",
856+
"567a6b4426f1667136bed4a5e32a2bc1",
857+
);
858+
}
859+
860+
#[cfg(not(boringssl))]
861+
fn aes_ccm(
862+
cipher: &CipherRef,
863+
key: &'static str,
864+
iv: &'static str,
865+
pt: &'static str,
866+
aad: &'static str,
867+
ct: &'static str,
868+
tag: &'static str,
869+
) {
870+
let key = hex::decode(key).unwrap();
871+
let iv = hex::decode(iv).unwrap();
872+
let pt = hex::decode(pt).unwrap();
873+
let ct = hex::decode(ct).unwrap();
874+
let aad = hex::decode(aad).unwrap();
875+
let tag = hex::decode(tag).unwrap();
876+
877+
let mut ctx = CipherCtx::new().unwrap();
878+
879+
ctx.encrypt_init(Some(cipher), None, None).unwrap();
880+
ctx.set_iv_length(iv.len()).unwrap();
881+
ctx.set_tag_length(tag.len()).unwrap();
882+
ctx.encrypt_init(None, Some(&key), Some(&iv)).unwrap();
883+
ctx.set_data_len(pt.len()).unwrap();
884+
885+
let mut buf = vec![];
886+
ctx.cipher_update(&aad, None).unwrap();
887+
ctx.cipher_update_vec(&pt, &mut buf).unwrap();
888+
ctx.cipher_final_vec(&mut buf).unwrap();
889+
assert_eq!(buf, ct);
890+
891+
let mut out_tag = vec![0u8; tag.len()];
892+
ctx.tag(&mut out_tag).unwrap();
893+
assert_eq!(tag, out_tag);
894+
895+
ctx.decrypt_init(Some(cipher), None, None).unwrap();
896+
ctx.set_iv_length(iv.len()).unwrap();
897+
ctx.set_tag(&tag).unwrap();
898+
ctx.decrypt_init(None, Some(&key), Some(&iv)).unwrap();
899+
ctx.set_data_len(pt.len()).unwrap();
900+
901+
let mut buf = vec![];
902+
ctx.cipher_update(&aad, None).unwrap();
903+
ctx.cipher_update_vec(&ct, &mut buf).unwrap();
904+
// Some older libraries don't support calling EVP_CipherFinal/EVP_DecryptFinal for CCM
905+
// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_CCM_mode
906+
#[cfg(any(libressl410, ossl111, awslc, boringssl))]
907+
ctx.cipher_final_vec(&mut buf).unwrap();
908+
909+
assert_eq!(buf, pt);
910+
}
911+
912+
#[cfg(not(any(boringssl, awslc)))]
913+
#[test]
914+
fn default_aes_128_xts() {
915+
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
916+
let cipher = Cipher::aes_128_xts();
917+
aes_xts(
918+
cipher,
919+
"a1b90cba3f06ac353b2c343876081762090923026e91771815f29dab01932f2f",
920+
"4faef7117cda59c66e4b92013e768ad5",
921+
"ebabce95b14d3c8d6fb350390790311c",
922+
"778ae8b43cb98d5a825081d5be471c63",
923+
);
924+
}
925+
926+
#[cfg(not(boringssl))]
927+
#[test]
928+
fn default_aes_256_xts() {
929+
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
930+
let cipher = Cipher::aes_256_xts();
931+
aes_xts(cipher, "1ea661c58d943a0e4801e42f4b0947149e7f9f8e3e68d0c7505210bd311a0e7cd6e13ffdf2418d8d1911c004cda58da3d619b7e2b9141e58318eea392cf41b08", "adf8d92627464ad2f0428e84a9f87564", "2eedea52cd8215e1acc647e810bbc3642e87287f8d2e57e36c0a24fbc12a202e", "cbaad0e2f6cea3f50b37f934d46a9b130b9d54f07e34f36af793e86f73c6d7db");
932+
}
933+
934+
#[cfg(not(boringssl))]
935+
fn aes_xts(
936+
cipher: &CipherRef,
937+
key: &'static str,
938+
i: &'static str,
939+
pt: &'static str,
940+
ct: &'static str,
941+
) {
942+
let key = hex::decode(key).unwrap();
943+
let i = hex::decode(i).unwrap();
944+
let pt = hex::decode(pt).unwrap();
945+
let ct = hex::decode(ct).unwrap();
946+
947+
let mut ctx = CipherCtx::new().unwrap();
948+
ctx.encrypt_init(Some(cipher), Some(&key), Some(&i))
949+
.unwrap();
950+
let mut buf = vec![];
951+
ctx.cipher_update_vec(&pt, &mut buf).unwrap();
952+
ctx.cipher_final_vec(&mut buf).unwrap();
953+
954+
assert_eq!(ct, buf);
955+
956+
ctx.decrypt_init(Some(cipher), Some(&key), Some(&i))
957+
.unwrap();
958+
let mut buf = vec![];
959+
ctx.cipher_update_vec(&ct, &mut buf).unwrap();
960+
ctx.cipher_final_vec(&mut buf).unwrap();
961+
962+
assert_eq!(pt, buf);
963+
}
964+
812965
#[test]
813966
fn test_stream_ciphers() {
967+
#[cfg(not(boringssl))]
968+
{
969+
test_stream_cipher(Cipher::aes_128_cfb1());
970+
test_stream_cipher(Cipher::aes_128_cfb8());
971+
test_stream_cipher(Cipher::aes_128_cfb128());
972+
test_stream_cipher(Cipher::aes_192_cfb1());
973+
test_stream_cipher(Cipher::aes_192_cfb8());
974+
test_stream_cipher(Cipher::aes_192_cfb128());
975+
test_stream_cipher(Cipher::aes_256_cfb1());
976+
test_stream_cipher(Cipher::aes_256_cfb8());
977+
test_stream_cipher(Cipher::aes_256_cfb128());
978+
}
814979
test_stream_cipher(Cipher::aes_192_ctr());
815980
test_stream_cipher(Cipher::aes_256_ctr());
816981
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.