Import upstream fixes to type-safety flaws in rust-openssltrusty-main

This imports: https://github.com/sfackler/rust-openssl/commit/ed6e1ae859f40c64fb9eb0b01f9e92f8ac6ce14c https://github.com/sfackler/rust-openssl/commit/6fb228bebb8b09942242c2741e255c408cdbd0ef These patches are needed to build with the latest BoringSSL. rust-openssl uses an unsound bindings strategy that is not type-safe. While upstream rust-openssl have been fixing a few of the surface-level issues (though not the underlying design flaw), Android's copy is behind, so we need to manually import patches to unblock updates. Test: treehugger Change-Id: Ic8915ff05ea5de62c25a866c1c2dbb01ccab9015 (cherry picked from commit e2ab52a35072a7feb13446d201cfaae6529fb48d)
author: David Benjamin <davidben@google.com> 2023-12-19 17:33:03 +0000
committer: Donnie Pollitz <donpollitz@google.com> 2024-01-05 10:03:09 +0000
commit: 216fe45636d0b19b753854c181b82c390ebf80cd (patch)
tree: c0a1746aa5e489f8063bc95432653026960fe166
parent: 2f8ab9ebde5a71954c62255d32b57c01af239e09 (diff)
download: openssl-trusty-main.tar.gz
5 files changed, 106 insertions, 3 deletions
diff --git a/patches/0009-type-safety-fix.diff b/patches/0009-type-safety-fix.diff
new file mode 100644
index 0000000..a21da62
--- /dev/null
+++ b/patches/0009-type-safety-fix.diff
@@ -0,0 +1,26 @@
+diff --git a/src/x509/store.rs b/src/x509/store.rs
+index a685fa1..418a8f2 100644
+--- a/src/x509/store.rs
++++ b/src/x509/store.rs
+@@ -156,7 +156,9 @@ impl X509Lookup<HashDir> {
+     /// directory.
+     #[corresponds(X509_LOOKUP_hash_dir)]
+     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
++        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
++        // ok because we only return an immutable reference.
++        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir() as *mut _) }
+     }
+ }
+ 
+@@ -188,7 +190,9 @@ impl X509Lookup<File> {
+     /// into memory at the time the file is added as a lookup source.
+     #[corresponds(X509_LOOKUP_file)]
+     pub fn file() -> &'static X509LookupMethodRef<File> {
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file()) }
++        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
++        // ok because we only return an immutable reference.
++        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file() as *mut _) }
+     }
+ }
+ 
diff --git a/patches/0010-type-safety-fix.diff b/patches/0010-type-safety-fix.diff
new file mode 100644
index 0000000..a3173b4
--- /dev/null
+++ b/patches/0010-type-safety-fix.diff
@@ -0,0 +1,67 @@
+diff --git a/src/lib.rs b/src/lib.rs
+index e8d07d8..cfc6efc 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -210,6 +210,15 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
+     }
+ }
+ 
++#[inline]
++fn cvt_p_const<T>(r: *const T) -> Result<*const T, ErrorStack> {
++    if r.is_null() {
++        Err(ErrorStack::get())
++    } else {
++        Ok(r)
++    }
++}
++
+ #[inline]
+ fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
+     if r <= 0 {
+diff --git a/src/x509/mod.rs b/src/x509/mod.rs
+index a03a8aa..40e5022 100644
+--- a/src/x509/mod.rs
++++ b/src/x509/mod.rs
+@@ -35,7 +35,7 @@ use crate::ssl::SslRef;
+ use crate::stack::{Stack, StackRef, Stackable};
+ use crate::string::OpensslString;
+ use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
+-use crate::{cvt, cvt_n, cvt_p};
++use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
+ use openssl_macros::corresponds;
+ 
+ #[cfg(any(ossl102, libressl261))]
+diff --git a/src/x509/store.rs b/src/x509/store.rs
+index 418a8f2..2219cfc 100644
+--- a/src/x509/store.rs
++++ b/src/x509/store.rs
+@@ -49,6 +49,7 @@ use crate::error::ErrorStack;
+ #[cfg(not(boringssl))]
+ use crate::ssl::SslFiletype;
+ use crate::stack::StackRef;
++use crate::util::ForeignTypeRefExt;
+ #[cfg(any(ossl102, libressl261))]
+ use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
+ use crate::x509::{X509Object, X509};
+@@ -156,9 +157,7 @@ impl X509Lookup<HashDir> {
+     /// directory.
+     #[corresponds(X509_LOOKUP_hash_dir)]
+     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
+-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
+-        // ok because we only return an immutable reference.
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir() as *mut _) }
++        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_hash_dir()) }
+     }
+ }
+ 
+@@ -190,9 +189,7 @@ impl X509Lookup<File> {
+     /// into memory at the time the file is added as a lookup source.
+     #[corresponds(X509_LOOKUP_file)]
+     pub fn file() -> &'static X509LookupMethodRef<File> {
+-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
+-        // ok because we only return an immutable reference.
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file() as *mut _) }
++        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_file()) }
+     }
+ }
+ 
diff --git a/src/lib.rs b/src/lib.rs
index 0dc67a2..a5d3523 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -211,6 +211,15 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
 }
 
 #[inline]
+fn cvt_p_const<T>(r: *const T) -> Result<*const T, ErrorStack> {
+    if r.is_null() {
+        Err(ErrorStack::get())
+    } else {
+        Ok(r)
+    }
+}
+
+#[inline]
 fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
     if r <= 0 {
         Err(ErrorStack::get())
diff --git a/src/x509/mod.rs b/src/x509/mod.rs
index a03a8aa..40e5022 100644
--- a/src/x509/mod.rs
+++ b/src/x509/mod.rs
@@ -35,7 +35,7 @@ use crate::ssl::SslRef;
 use crate::stack::{Stack, StackRef, Stackable};
 use crate::string::OpensslString;
 use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
-use crate::{cvt, cvt_n, cvt_p};
+use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
 use openssl_macros::corresponds;
 
 #[cfg(any(ossl102, libressl261))]
diff --git a/src/x509/store.rs b/src/x509/store.rs
index a685fa1..2219cfc 100644
--- a/src/x509/store.rs
+++ b/src/x509/store.rs
@@ -49,6 +49,7 @@ use crate::error::ErrorStack;
 #[cfg(not(boringssl))]
 use crate::ssl::SslFiletype;
 use crate::stack::StackRef;
+use crate::util::ForeignTypeRefExt;
 #[cfg(any(ossl102, libressl261))]
 use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
 use crate::x509::{X509Object, X509};
@@ -156,7 +157,7 @@ impl X509Lookup<HashDir> {
     /// directory.
     #[corresponds(X509_LOOKUP_hash_dir)]
     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_hash_dir()) }
     }
 }
 
@@ -188,7 +189,7 @@ impl X509Lookup<File> {
     /// into memory at the time the file is added as a lookup source.
     #[corresponds(X509_LOOKUP_file)]
     pub fn file() -> &'static X509LookupMethodRef<File> {
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file()) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_file()) }
     }
 }
author	David Benjamin <davidben@google.com>	2023-12-19 17:33:03 +0000
committer	Donnie Pollitz <donpollitz@google.com>	2024-01-05 10:03:09 +0000
commit	216fe45636d0b19b753854c181b82c390ebf80cd (patch)
tree	c0a1746aa5e489f8063bc95432653026960fe166
parent	2f8ab9ebde5a71954c62255d32b57c01af239e09 (diff)
download	openssl-trusty-main.tar.gz