Merge pull request sfackler#1573 from sfackler/bindgen

Initial sketch of optional bindgen support

.github/workflows/ci.yml

@@ -147,6 +147,9 @@ jobs:
             - x86_64-unknown-linux-gnu
             - i686-unknown-linux-gnu
             - arm-unknown-linux-gnueabihf
+          bindgen:
+            - true
+            - false
           library:
             - name: openssl
               version: vendored
@@ -167,14 +170,26 @@ jobs:
               dl-path: /old/1.0.1
           include:
             - target: x86_64-unknown-linux-gnu
+              bindgen: true
               library:
                 name: libressl
                 version: 2.5.5
             - target: x86_64-unknown-linux-gnu
+              bindgen: true
               library:
                 name: libressl
                 version: 3.4.2
-      name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}
+            - target: x86_64-unknown-linux-gnu
+              bindgen: false
+              library:
+                name: libressl
+                version: 2.5.5
+            - target: x86_64-unknown-linux-gnu
+              bindgen: false
+              library:
+                name: libressl
+                version: 3.4.2
+      name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
       runs-on: ubuntu-latest
       env:
         OPENSSL_DIR: /opt/openssl
@@ -203,6 +218,7 @@ jobs:
 
             sudo apt-get update
             sudo apt-get install -y $packages
+        - run: sudo apt-get remove -y libssl-dev
         - uses: actions/cache@v2
           with:
             path: /opt/openssl
@@ -254,7 +270,9 @@ jobs:
             make
             make install_sw
           if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit
-        - run: echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV
+        - run: |
+            echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV
+            echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV
           if: matrix.target == 'arm-unknown-linux-gnueabihf'
         - uses: actions/cache@v1
           with:
@@ -271,22 +289,31 @@ jobs:
         - uses: actions/cache@v1
           with:
             path: target
-            key: target-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
+            key: target-${{ matrix.target }}-${{ matrix.bindgen }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
         - name: Run systest
           run: |
             if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
               features="--features vendored"
             fi
+            if [[ "${{ matrix.bindgen }}" == "true" ]]; then
+              features="$features --features bindgen"
+            fi
             cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features
         - name: Test openssl
           run: |
             if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
               features="--features vendored"
             fi
+            if [[ "${{ matrix.bindgen }}" == "true" ]]; then
+              features="$features --features bindgen"
+            fi
             cargo test --manifest-path=openssl/Cargo.toml --target ${{ matrix.target }} $features
         - name: Test openssl-errors
           run: |
             if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
               features="--features openssl-sys/vendored"
             fi
+            if [[ "${{ matrix.bindgen }}" == "true" ]]; then
+              features="$features --features openssl-sys/bindgen"
+            fi
             cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features

Cargo.toml

@@ -6,3 +6,6 @@ members = [
     "openssl-sys",
     "systest",
 ]
+
+[patch.crates-io]
+bindgen = { git = "https://github.com/daviddrysdale/rust-bindgen", branch = "allowlist-file" }

openssl-sys/Cargo.toml

@@ -20,6 +20,7 @@ vendored = ['openssl-src']
 libc = "0.2"
 
 [build-dependencies]
+bindgen = { version = "0.59.2", optional = true }
 cc = "1.0"
 openssl-src = { version = "111", optional = true }
 pkg-config = "0.3.9"

openssl-sys/build/find_normal.rs

@@ -209,7 +209,7 @@ fn try_pkg_config() {
         }
     };
 
-    super::validate_headers(&lib.include_paths);
+    super::postprocess(&lib.include_paths);
 
     for include in lib.include_paths.iter() {
         println!("cargo:include={}", include.display());
@@ -227,17 +227,18 @@ fn try_vcpkg() {
     // vcpkg will not emit any metadata if it can not find libraries
     // appropriate for the target triple with the desired linkage.
 
-    let lib = vcpkg::Config::new()
+    let lib = match vcpkg::Config::new()
         .emit_includes(true)
-        .find_package("openssl");
-
-    if let Err(e) = lib {
-        println!("note: vcpkg did not find openssl: {}", e);
-        return;
-    }
+        .find_package("openssl")
+    {
+        Ok(lib) => lib,
+        Err(e) => {
+            println!("note: vcpkg did not find openssl: {}", e);
+            return;
+        }
+    };
 
-    let lib = lib.unwrap();
-    super::validate_headers(&lib.include_paths);
+    super::postprocess(&lib.include_paths);
 
     println!("cargo:rustc-link-lib=user32");
     println!("cargo:rustc-link-lib=gdi32");

openssl-sys/build/main.rs

@@ -1,6 +1,8 @@
 #![allow(clippy::inconsistent_digit_grouping, clippy::unusual_byte_groupings)]
 
 extern crate autocfg;
+#[cfg(feature = "bindgen")]
+extern crate bindgen;
 extern crate cc;
 #[cfg(feature = "vendored")]
 extern crate openssl_src;
@@ -12,12 +14,13 @@ use std::collections::HashSet;
 use std::env;
 use std::ffi::OsString;
 use std::path::{Path, PathBuf};
-
 mod cfgs;
 
 mod find_normal;
 #[cfg(feature = "vendored")]
 mod find_vendored;
+#[cfg(feature = "bindgen")]
+mod run_bindgen;
 
 #[derive(PartialEq)]
 enum Version {
@@ -83,7 +86,7 @@ fn main() {
     );
     println!("cargo:include={}", include_dir.to_string_lossy());
 
-    let version = validate_headers(&[include_dir]);
+    let version = postprocess(&[include_dir]);
 
     let libs_env = env("OPENSSL_LIBS");
     let libs = match libs_env.as_ref().and_then(|s| s.to_str()) {
@@ -135,6 +138,15 @@ fn check_rustc_versions() {
     }
 }
 
+#[allow(clippy::let_and_return)]
+fn postprocess(include_dirs: &[PathBuf]) -> Version {
+    let version = validate_headers(include_dirs);
+    #[cfg(feature = "bindgen")]
+    run_bindgen::run(&include_dirs);
+
+    version
+}
+
 /// Validates the header files found in `include_dir` and then returns the
 /// version string of OpenSSL.
 #[allow(clippy::manual_strip)] // we need to support pre-1.45.0

openssl-sys/build/run_bindgen.rs

@@ -0,0 +1,125 @@
+use bindgen::callbacks::{MacroParsingBehavior, ParseCallbacks};
+use bindgen::RustTarget;
+use std::env;
+use std::path::PathBuf;
+
+const INCLUDES: &str = "
+#include <openssl/aes.h>
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include <openssl/conf.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pkcs7.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/safestack.h>
+#include <openssl/sha.h>
+#include <openssl/ssl.h>
+#include <openssl/stack.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+// this must be included after ssl.h for libressl!
+#include <openssl/srtp.h>
+
+#if !defined(LIBRESSL_VERSION_NUMBER)
+#include <openssl/cms.h>
+#endif
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x010100000
+#include <openssl/kdf.h>
+#endif
+";
+
+pub fn run(include_dirs: &[PathBuf]) {
+    let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
+
+    let mut builder = bindgen::builder()
+        .parse_callbacks(Box::new(OpensslCallbacks))
+        .rust_target(RustTarget::Stable_1_47)
+        .ctypes_prefix("::libc")
+        .raw_line("use libc::*;")
+        .raw_line("type evp_pkey_st = EVP_PKEY;")
+        .allowlist_file(".*/openssl/[^/]+\\.h")
+        .allowlist_recursively(false)
+        // libc is missing pthread_once_t on macOS
+        .blocklist_type("CRYPTO_ONCE")
+        .blocklist_function("CRYPTO_THREAD_run_once")
+        // we don't want to mess with va_list
+        .blocklist_function("BIO_vprintf")
+        .blocklist_function("BIO_vsnprintf")
+        .blocklist_function("ERR_vset_error")
+        .blocklist_function("ERR_add_error_vdata")
+        .blocklist_function("EVP_KDF_vctrl")
+        .blocklist_type("OSSL_FUNC_core_vset_error_fn")
+        .blocklist_type("OSSL_FUNC_BIO_vprintf_fn")
+        .blocklist_type("OSSL_FUNC_BIO_vsnprintf_fn")
+        // Maintain compatibility for existing enum definitions
+        .rustified_enum("point_conversion_form_t")
+        // Maintain compatibility for pre-union definitions
+        .blocklist_type("GENERAL_NAME")
+        .blocklist_type("GENERAL_NAME_st")
+        .blocklist_type("EVP_PKEY")
+        .blocklist_type("evp_pkey_st")
+        .layout_tests(false)
+        .header_contents("includes.h", INCLUDES);
+
+    for include_dir in include_dirs {
+        builder = builder
+            .clang_arg("-I")
+            .clang_arg(include_dir.display().to_string());
+    }
+
+    builder
+        .generate()
+        .unwrap()
+        .write_to_file(out_dir.join("bindgen.rs"))
+        .unwrap();
+}
+
+#[derive(Debug)]
+struct OpensslCallbacks;
+
+impl ParseCallbacks for OpensslCallbacks {
+    // for now we'll continue hand-writing constants
+    fn will_parse_macro(&self, _name: &str) -> MacroParsingBehavior {
+        MacroParsingBehavior::Ignore
+    }
+
+    fn item_name(&self, original_item_name: &str) -> Option<String> {
+        match original_item_name {
+            // Our original definitions of these are wrong, so rename to avoid breakage
+            "CRYPTO_EX_new"
+            | "CRYPTO_EX_dup"
+            | "CRYPTO_EX_free"
+            | "BIO_meth_set_write"
+            | "BIO_meth_set_read"
+            | "BIO_meth_set_puts"
+            | "BIO_meth_set_ctrl"
+            | "BIO_meth_set_create"
+            | "BIO_meth_set_destroy"
+            | "CRYPTO_set_locking_callback"
+            | "CRYPTO_set_id_callback"
+            | "SSL_CTX_set_tmp_dh_callback"
+            | "SSL_set_tmp_dh_callback"
+            | "SSL_CTX_set_tmp_ecdh_callback"
+            | "SSL_set_tmp_ecdh_callback"
+            | "SSL_CTX_callback_ctrl"
+            | "SSL_CTX_set_alpn_select_cb" => Some(format!("{}__fixed_rust", original_item_name)),
+            _ => None,
+        }
+    }
+}

openssl-sys/src/aes.rs

@@ -5,40 +5,3 @@ pub const AES_DECRYPT: c_int = 0;
 
 pub const AES_MAXNR: c_int = 14;
 pub const AES_BLOCK_SIZE: c_int = 16;
-
-#[repr(C)]
-pub struct AES_KEY {
-    // There is some business with AES_LONG which is there to ensure the values here are 32 bits
-    rd_key: [u32; 4 * (AES_MAXNR as usize + 1)],
-    rounds: c_int,
-}
-
-extern "C" {
-    pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int;
-    pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int;
-
-    pub fn AES_ige_encrypt(
-        in_: *const c_uchar,
-        out: *mut c_uchar,
-        length: size_t,
-        key: *const AES_KEY,
-        ivec: *mut c_uchar,
-        enc: c_int,
-    );
-
-    pub fn AES_wrap_key(
-        key: *mut AES_KEY,
-        iv: *const c_uchar,
-        out: *mut c_uchar,
-        in_: *const c_uchar,
-        inlen: c_uint,
-    ) -> c_int;
-
-    pub fn AES_unwrap_key(
-        key: *mut AES_KEY,
-        iv: *const c_uchar,
-        out: *mut c_uchar,
-        in_: *const c_uchar,
-        inlen: c_uint,
-    ) -> c_int;
-}