sfackler · Mar 15, 2023 · Mar 15, 2023 · Mar 15, 2023 · Mar 15, 2023 · Mar 15, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -181,17 +181,7 @@ jobs:
               bindgen: true
               library:
                 name: libressl
-                version: 3.5.3
-            - target: x86_64-unknown-linux-gnu
-              bindgen: true
-              library:
-                name: libressl
-                version: 3.6.1
-            - target: x86_64-unknown-linux-gnu
-              bindgen: true
-              library:
-                name: libressl
-                version: 3.7.0
+                version: 3.7.1
             - target: x86_64-unknown-linux-gnu
               bindgen: false
               library:
@@ -201,17 +191,7 @@ jobs:
               bindgen: false
               library:
                 name: libressl
-                version: 3.5.3
-            - target: x86_64-unknown-linux-gnu
-              bindgen: false
-              library:
-                name: libressl
-                version: 3.6.1
-            - target: x86_64-unknown-linux-gnu
-              bindgen: false
-              library:
-                name: libressl
-                version: 3.7.0
+                version: 3.7.1
       name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
       runs-on: ubuntu-latest
       env:

diff --git a/openssl-sys/CHANGELOG.md b/openssl-sys/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 ## [Unreleased]
 
+## [v0.9.82] - 2023-03-19
+
+### Added
+
+* Added support for LibreSSL 3.7.1.
+* Added support for X25519 and Ed25519 on LibreSSL and BoringSSL.
+
 ## [v0.9.81] - 2023-03-14
 
 ### Fixed
@@ -392,7 +399,9 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.80..master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.82..master
+[v0.9.82]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.81...openssl-sys-v0.9.82
+[v0.9.81]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.80...openssl-sys-v0.9.81
 [v0.9.80]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.79...openssl-sys-v0.9.80
 [v0.9.79]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.78...openssl-sys-v0.9.79
 [v0.9.78]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.77...openssl-sys-v0.9.78

diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.81"
+version = "0.9.82"
 authors = [
     "Alex Crichton <alex@alexcrichton.com>",
     "Steven Fackler <sfackler@gmail.com>",

diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
@@ -294,6 +294,7 @@ See rust-openssl documentation for more information:
             (3, 6, 0) => ('3', '6', '0'),
             (3, 6, _) => ('3', '6', 'x'),
             (3, 7, 0) => ('3', '7', '0'),
+            (3, 7, 1) => ('3', '7', '1'),
             _ => version_error(),
         };
 
@@ -336,7 +337,7 @@ fn version_error() -> ! {
         "
 
 This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL 2.5
-through 3.7.0, but a different version of OpenSSL was found. The build is now aborting
+through 3.7.1, but a different version of OpenSSL was found. The build is now aborting
 due to this version mismatch.
 
 "

diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs
@@ -10,9 +10,9 @@ pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption;
 pub const EVP_PKEY_DSA: c_int = NID_dsa;
 pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement;
 pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey;
-#[cfg(ossl111)]
+#[cfg(any(ossl111, libressl370))]
 pub const EVP_PKEY_X25519: c_int = NID_X25519;
-#[cfg(ossl111)]
+#[cfg(any(ossl111, libressl370))]
 pub const EVP_PKEY_ED25519: c_int = NID_ED25519;
 #[cfg(ossl111)]
 pub const EVP_PKEY_X448: c_int = NID_X448;

diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs
@@ -230,7 +230,7 @@ cfg_if! {
     }
 }
 cfg_if! {
-    if #[cfg(ossl111)] {
+    if #[cfg(any(ossl111, libressl370))] {
         extern "C" {
             pub fn EVP_DigestSign(
                 ctx: *mut EVP_MD_CTX,
@@ -566,7 +566,7 @@ const_ptr_api! {
 }
 
 cfg_if! {
-    if #[cfg(any(ossl111))] {
+    if #[cfg(any(ossl111, libressl370))] {
         extern "C" {
             pub fn EVP_PKEY_get_raw_public_key(
                 pkey: *const EVP_PKEY,

diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs
@@ -920,12 +920,16 @@ pub const NID_aes_192_cbc_hmac_sha1: c_int = 917;
 pub const NID_aes_256_cbc_hmac_sha1: c_int = 918;
 #[cfg(ossl111)]
 pub const NID_X25519: c_int = 1034;
+#[cfg(libressl370)]
+pub const NID_X25519: c_int = 950;
 #[cfg(ossl111)]
 pub const NID_X448: c_int = 1035;
 #[cfg(ossl110)]
 pub const NID_hkdf: c_int = 1036;
 #[cfg(ossl111)]
 pub const NID_ED25519: c_int = 1087;
+#[cfg(libressl370)]
+pub const NID_ED25519: c_int = 952;
 #[cfg(ossl111)]
 pub const NID_ED448: c_int = 1088;
 #[cfg(ossl111)]

diff --git a/openssl/CHANGELOG.md b/openssl/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 ## [Unreleased]
 
+## [v0.10.47] - 2023-03-19
+
+### Added
+
+* Added support for X25519 and Ed25519 on LibreSSL and BoringSSL.
+* Added `Error::library_code` and `Error::reason_code`.
+
 ## [v0.10.46] - 2023-03-14
 
 ### Fixed
@@ -690,7 +697,8 @@
 
 Look at the [release tags] for information about older releases.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...master
+[v0.10.47]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.46...openssl-v0.10.47
 [v0.10.46]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.46
 [v0.10.45]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.44...openssl-v0.10.45
 [v0.10.44]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.43...openssl-v0.10.44

diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "openssl"
-version = "0.10.46"
+version = "0.10.47"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
@@ -30,7 +30,7 @@ libc = "0.2"
 once_cell = "1.5.2"
 
 openssl-macros = { version = "0.1.0", path = "../openssl-macros" }
-ffi = { package = "openssl-sys", version = "0.9.81", path = "../openssl-sys" }
+ffi = { package = "openssl-sys", version = "0.9.82", path = "../openssl-sys" }
 
 [dev-dependencies]
 hex = "0.3"
diff --git a/openssl/src/error.rs b/openssl/src/error.rs
@@ -198,11 +198,7 @@ impl Error {
                 self.line,
                 self.func.as_ref().map_or(ptr::null(), |s| s.as_ptr()),
             );
-            ffi::ERR_set_error(
-                ffi::ERR_GET_LIB(self.code),
-                ffi::ERR_GET_REASON(self.code),
-                ptr::null(),
-            );
+            ffi::ERR_set_error(self.library_code(), self.reason_code(), ptr::null());
         }
     }
 
@@ -214,9 +210,9 @@ impl Error {
         let line = self.line.try_into().unwrap();
         unsafe {
             ffi::ERR_put_error(
-                ffi::ERR_GET_LIB(self.code),
+                self.library_code(),
                 ffi::ERR_GET_FUNC(self.code),
-                ffi::ERR_GET_REASON(self.code),
+                self.reason_code(),
                 self.file.as_ptr(),
                 line,
             );
@@ -240,6 +236,15 @@ impl Error {
         }
     }
 
+    /// Returns the raw OpenSSL error constant for the library reporting the
+    /// error.
+    // On BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
+    // OpenSSL/LibreSSL they're safe.
+    #[allow(unused_unsafe)]
+    pub fn library_code(&self) -> libc::c_int {
+        unsafe { ffi::ERR_GET_LIB(self.code) }
+    }
+
     /// Returns the name of the function reporting the error.
     pub fn function(&self) -> Option<RetStr<'_>> {
         self.func.as_ref().map(|s| s.as_str())
@@ -257,6 +262,14 @@ impl Error {
         }
     }
 
+    /// Returns the raw OpenSSL error constant for the reason for the error.
+    // On BoringSSL ERR_GET_{LIB,FUNC,REASON} are `unsafe`, but on
+    // OpenSSL/LibreSSL they're safe.
+    #[allow(unused_unsafe)]
+    pub fn reason_code(&self) -> libc::c_int {
+        unsafe { ffi::ERR_GET_REASON(self.code) }
+    }
+
     /// Returns the name of the source file which encountered the error.
     pub fn file(&self) -> RetStr<'_> {
         self.file.as_str()
@@ -304,17 +317,15 @@ impl fmt::Display for Error {
         write!(fmt, "error:{:08X}", self.code())?;
         match self.library() {
             Some(l) => write!(fmt, ":{}", l)?,
-            None => write!(fmt, ":lib({})", unsafe { ffi::ERR_GET_LIB(self.code()) })?,
+            None => write!(fmt, ":lib({})", self.library_code())?,
         }
         match self.function() {
             Some(f) => write!(fmt, ":{}", f)?,
             None => write!(fmt, ":func({})", unsafe { ffi::ERR_GET_FUNC(self.code()) })?,
         }
         match self.reason() {
             Some(r) => write!(fmt, ":{}", r)?,
-            None => write!(fmt, ":reason({})", unsafe {
-                ffi::ERR_GET_REASON(self.code())
-            })?,
+            None => write!(fmt, ":reason({})", self.reason_code())?,
         }
         write!(
             fmt,
@@ -387,3 +398,18 @@ cfg_if! {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::nid::Nid;
+
+    #[test]
+    fn test_error_library_code() {
+        let stack = Nid::create("not-an-oid", "invalid", "invalid").unwrap_err();
+        let errors = stack.errors();
+        #[cfg(not(boringssl))]
+        assert_eq!(errors[0].library_code(), ffi::ERR_LIB_ASN1);
+        #[cfg(boringssl)]
+        assert_eq!(errors[0].library_code(), ffi::ERR_LIB_OBJ as libc::c_int);
+    }
+}