Merge "Import upstream fixes to type-safety flaws in rust-openssl" into main am: f261b8bfbd

Original change: https://android-review.googlesource.com/c/platform/external/rust/crates/openssl/+/2882766 Change-Id: I517f9de783ff4c38638c2c7814361c2ee4bfb40c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2024-01-04 19:47:37 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2024-01-04 19:47:37 +0000
commit: f8e69420527309bee4548c3449ac30cd1812b4d1 (patch)
tree: 5cbdc7aded2ed5d90e7c962b899f9acd672fc157
parent: 4f1b0842e9aea467d3853d30ff19f99d32b54a70 (diff)
parent: f261b8bfbdb3c94065c20ab66e9e76b6b81b15e4 (diff)
download: openssl-f8e69420527309bee4548c3449ac30cd1812b4d1.tar.gz
5 files changed, 106 insertions, 3 deletions
diff --git a/patches/0009-type-safety-fix.diff b/patches/0009-type-safety-fix.diff
new file mode 100644
index 0000000..a21da62
--- /dev/null
+++ b/patches/0009-type-safety-fix.diff
@@ -0,0 +1,26 @@
+diff --git a/src/x509/store.rs b/src/x509/store.rs
+index a685fa1..418a8f2 100644
+--- a/src/x509/store.rs
++++ b/src/x509/store.rs
+@@ -156,7 +156,9 @@ impl X509Lookup<HashDir> {
+     /// directory.
+     #[corresponds(X509_LOOKUP_hash_dir)]
+     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
++        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
++        // ok because we only return an immutable reference.
++        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir() as *mut _) }
+     }
+ }
+ 
+@@ -188,7 +190,9 @@ impl X509Lookup<File> {
+     /// into memory at the time the file is added as a lookup source.
+     #[corresponds(X509_LOOKUP_file)]
+     pub fn file() -> &'static X509LookupMethodRef<File> {
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file()) }
++        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
++        // ok because we only return an immutable reference.
++        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file() as *mut _) }
+     }
+ }
+ 
diff --git a/patches/0010-type-safety-fix.diff b/patches/0010-type-safety-fix.diff
new file mode 100644
index 0000000..a3173b4
--- /dev/null
+++ b/patches/0010-type-safety-fix.diff
@@ -0,0 +1,67 @@
+diff --git a/src/lib.rs b/src/lib.rs
+index e8d07d8..cfc6efc 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -210,6 +210,15 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
+     }
+ }
+ 
++#[inline]
++fn cvt_p_const<T>(r: *const T) -> Result<*const T, ErrorStack> {
++    if r.is_null() {
++        Err(ErrorStack::get())
++    } else {
++        Ok(r)
++    }
++}
++
+ #[inline]
+ fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
+     if r <= 0 {
+diff --git a/src/x509/mod.rs b/src/x509/mod.rs
+index a03a8aa..40e5022 100644
+--- a/src/x509/mod.rs
++++ b/src/x509/mod.rs
+@@ -35,7 +35,7 @@ use crate::ssl::SslRef;
+ use crate::stack::{Stack, StackRef, Stackable};
+ use crate::string::OpensslString;
+ use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
+-use crate::{cvt, cvt_n, cvt_p};
++use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
+ use openssl_macros::corresponds;
+ 
+ #[cfg(any(ossl102, libressl261))]
+diff --git a/src/x509/store.rs b/src/x509/store.rs
+index 418a8f2..2219cfc 100644
+--- a/src/x509/store.rs
++++ b/src/x509/store.rs
+@@ -49,6 +49,7 @@ use crate::error::ErrorStack;
+ #[cfg(not(boringssl))]
+ use crate::ssl::SslFiletype;
+ use crate::stack::StackRef;
++use crate::util::ForeignTypeRefExt;
+ #[cfg(any(ossl102, libressl261))]
+ use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
+ use crate::x509::{X509Object, X509};
+@@ -156,9 +157,7 @@ impl X509Lookup<HashDir> {
+     /// directory.
+     #[corresponds(X509_LOOKUP_hash_dir)]
+     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
+-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
+-        // ok because we only return an immutable reference.
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir() as *mut _) }
++        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_hash_dir()) }
+     }
+ }
+ 
+@@ -190,9 +189,7 @@ impl X509Lookup<File> {
+     /// into memory at the time the file is added as a lookup source.
+     #[corresponds(X509_LOOKUP_file)]
+     pub fn file() -> &'static X509LookupMethodRef<File> {
+-        // `*mut` cast is needed because BoringSSL returns a `*const`. This is
+-        // ok because we only return an immutable reference.
+-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file() as *mut _) }
++        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_file()) }
+     }
+ }
+ 
diff --git a/src/lib.rs b/src/lib.rs
index 0dc67a2..a5d3523 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -211,6 +211,15 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
 }
 
 #[inline]
+fn cvt_p_const<T>(r: *const T) -> Result<*const T, ErrorStack> {
+    if r.is_null() {
+        Err(ErrorStack::get())
+    } else {
+        Ok(r)
+    }
+}
+
+#[inline]
 fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
     if r <= 0 {
         Err(ErrorStack::get())
diff --git a/src/x509/mod.rs b/src/x509/mod.rs
index a03a8aa..40e5022 100644
--- a/src/x509/mod.rs
+++ b/src/x509/mod.rs
@@ -35,7 +35,7 @@ use crate::ssl::SslRef;
 use crate::stack::{Stack, StackRef, Stackable};
 use crate::string::OpensslString;
 use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
-use crate::{cvt, cvt_n, cvt_p};
+use crate::{cvt, cvt_n, cvt_p, cvt_p_const};
 use openssl_macros::corresponds;
 
 #[cfg(any(ossl102, libressl261))]
diff --git a/src/x509/store.rs b/src/x509/store.rs
index a685fa1..2219cfc 100644
--- a/src/x509/store.rs
+++ b/src/x509/store.rs
@@ -49,6 +49,7 @@ use crate::error::ErrorStack;
 #[cfg(not(boringssl))]
 use crate::ssl::SslFiletype;
 use crate::stack::StackRef;
+use crate::util::ForeignTypeRefExt;
 #[cfg(any(ossl102, libressl261))]
 use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
 use crate::x509::{X509Object, X509};
@@ -156,7 +157,7 @@ impl X509Lookup<HashDir> {
     /// directory.
     #[corresponds(X509_LOOKUP_hash_dir)]
     pub fn hash_dir() -> &'static X509LookupMethodRef<HashDir> {
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_hash_dir()) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_hash_dir()) }
     }
 }
 
@@ -188,7 +189,7 @@ impl X509Lookup<File> {
     /// into memory at the time the file is added as a lookup source.
     #[corresponds(X509_LOOKUP_file)]
     pub fn file() -> &'static X509LookupMethodRef<File> {
-        unsafe { X509LookupMethodRef::from_ptr(ffi::X509_LOOKUP_file()) }
+        unsafe { X509LookupMethodRef::from_const_ptr(ffi::X509_LOOKUP_file()) }
     }
 }
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2024-01-04 19:47:37 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2024-01-04 19:47:37 +0000
commit	f8e69420527309bee4548c3449ac30cd1812b4d1 (patch)
tree	5cbdc7aded2ed5d90e7c962b899f9acd672fc157
parent	4f1b0842e9aea467d3853d30ff19f99d32b54a70 (diff)
parent	f261b8bfbdb3c94065c20ab66e9e76b6b81b15e4 (diff)
download	openssl-f8e69420527309bee4548c3449ac30cd1812b4d1.tar.gz