diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29e22df..522e742 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,10 +3,10 @@ name: CI on: pull_request: branches: - - master + - '**' push: branches: - - master + - '**' env: RUSTFLAGS: -Dwarnings @@ -55,4 +55,47 @@ jobs: path: target key: target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - run: cargo test --features vendored - - run: cargo test --features vendored + + build_n_test_ios: + strategy: + fail-fast: false + runs-on: macos-latest + steps: + - uses: actions/checkout@v4 + - name: Install cargo lipo and rust compiler for ios target + if: ${{ !cancelled() }} + run: | + cargo install --locked cargo-lipo + rustup target add x86_64-apple-ios aarch64-apple-ios + - name: clippy + if: ${{ !cancelled() }} + run: cargo clippy --target x86_64-apple-ios --all-features -- -D warnings + - name: Build + if: ${{ !cancelled() }} + run: | + cargo lipo --verbose --all-features + - name: Abort on error + if: ${{ failure() }} + run: echo "iOS build job failed" && false + + build_n_test_android: + strategy: + fail-fast: false + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install cargo ndk and rust compiler for android target + if: ${{ !cancelled() }} + run: | + cargo install --locked cargo-ndk + rustup target add x86_64-linux-android + - name: clippy + if: ${{ !cancelled() }} + run: cargo ndk -t x86_64 clippy --features vendored -- -D warnings + - name: Build + if: ${{ !cancelled() }} + run: | + cargo ndk -t x86_64 rustc --verbose --features vendored --lib --crate-type=cdylib + - name: Abort on error + if: ${{ failure() }} + run: echo "Android build job failed" && false diff --git a/.gitignore b/.gitignore index 2deeb18..5b04ad2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.VSCodeCounter/ target Cargo.lock .idea diff --git a/Cargo.toml b/Cargo.toml index dc50f8c..86439a3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,7 @@ [package] name = "native-tls" version = "0.2.12" +edition = "2018" authors = ["Steven Fackler "] license = "MIT OR Apache-2.0" description = "A wrapper over a platform's native TLS implementation" @@ -12,9 +13,13 @@ rust-version = "1.53.0" features = ["alpn"] rustdoc-args = ["--cfg", "docsrs"] +[lib] +crate-type = ["staticlib", "rlib"] + [features] vendored = ["openssl/vendored"] alpn = ["security-framework/alpn"] +have_min_max_version = [] [target.'cfg(target_vendor = "apple")'.dependencies] security-framework = "2.0.0" diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 8fc4362..09e44b5 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -16,9 +16,9 @@ use std::fmt; use std::io; use std::sync::Once; -use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder}; +use crate::{Protocol, TlsAcceptorBuilder, TlsConnectorBuilder}; -#[cfg(have_min_max_version)] +#[cfg(feature = "have_min_max_version")] fn supported_protocols( min: Option, max: Option, @@ -41,7 +41,7 @@ fn supported_protocols( Ok(()) } -#[cfg(not(have_min_max_version))] +#[cfg(not(feature = "have_min_max_version"))] fn supported_protocols( min: Option, max: Option, diff --git a/src/imp/schannel.rs b/src/imp/schannel.rs index 62e5042..dd26a5f 100644 --- a/src/imp/schannel.rs +++ b/src/imp/schannel.rs @@ -10,7 +10,7 @@ use std::fmt; use std::io; use std::str; -use {TlsAcceptorBuilder, TlsConnectorBuilder}; +use crate::{TlsAcceptorBuilder, TlsConnectorBuilder}; const SEC_E_NO_CREDENTIALS: u32 = 0x8009030E; @@ -21,7 +21,10 @@ static PROTOCOLS: &'static [Protocol] = &[ Protocol::Tls12, ]; -fn convert_protocols(min: Option<::Protocol>, max: Option<::Protocol>) -> &'static [Protocol] { +fn convert_protocols( + min: Option, + max: Option, +) -> &'static [Protocol] { let mut protocols = PROTOCOLS; if let Some(p) = max.and_then(|max| protocols.get(..=max as usize)) { protocols = p; @@ -236,8 +239,8 @@ impl From for HandshakeError { pub struct TlsConnector { cert: Option, roots: CertStore, - min_protocol: Option<::Protocol>, - max_protocol: Option<::Protocol>, + min_protocol: Option, + max_protocol: Option, use_sni: bool, accept_invalid_hostnames: bool, accept_invalid_certs: bool, @@ -327,8 +330,8 @@ impl TlsConnector { #[derive(Clone)] pub struct TlsAcceptor { cert: CertContext, - min_protocol: Option<::Protocol>, - max_protocol: Option<::Protocol>, + min_protocol: Option, + max_protocol: Option, } impl TlsAcceptor { diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs index 302791a..15190cc 100644 --- a/src/imp/security_framework.rs +++ b/src/imp/security_framework.rs @@ -15,7 +15,6 @@ use std::error; use std::fmt; use std::io; use std::str; -use std::sync::Mutex; use std::sync::Once; #[cfg(not(any( @@ -56,8 +55,9 @@ use self::security_framework::os::macos::import_export::{ )))] use self::security_framework::os::macos::keychain::{self, KeychainSettings, SecKeychain}; -use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder}; +use crate::{Protocol, TlsAcceptorBuilder, TlsConnectorBuilder}; +#[allow(dead_code)] static SET_AT_EXIT: Once = Once::new(); #[cfg(not(any( @@ -66,7 +66,8 @@ static SET_AT_EXIT: Once = Once::new(); target_os = "tvos", target_os = "visionos" )))] -static TEMP_KEYCHAIN: Mutex> = Mutex::new(None); +static TEMP_KEYCHAIN: std::sync::Mutex> = + std::sync::Mutex::new(None); fn convert_protocol(protocol: Protocol) -> SslProtocol { match protocol { @@ -233,6 +234,7 @@ impl Identity { } } +#[allow(dead_code)] fn random_password() -> Result { use std::fmt::Write; let mut bytes = [0_u8; 10]; @@ -479,6 +481,7 @@ impl TlsAcceptor { pub struct TlsStream { stream: secure_transport::SslStream, + #[allow(dead_code)] cert: Option, } @@ -641,6 +644,7 @@ impl io::Write for TlsStream { } } +#[allow(dead_code)] enum Digest { Sha224, Sha256, @@ -649,9 +653,10 @@ enum Digest { } impl Digest { + #[allow(dead_code)] fn hash(&self, data: &[u8]) -> Vec { unsafe { - assert!(data.len() <= CC_LONG::max_value() as usize); + assert!(data.len() <= CC_LONG::MAX as usize); match *self { Digest::Sha224 => { let mut buf = [0; CC_SHA224_DIGEST_LENGTH]; @@ -679,16 +684,24 @@ impl Digest { } // FIXME ideally we'd pull these in from elsewhere +#[allow(dead_code)] const CC_SHA224_DIGEST_LENGTH: usize = 28; +#[allow(dead_code)] const CC_SHA256_DIGEST_LENGTH: usize = 32; +#[allow(dead_code)] const CC_SHA384_DIGEST_LENGTH: usize = 48; +#[allow(dead_code)] const CC_SHA512_DIGEST_LENGTH: usize = 64; -#[allow(non_camel_case_types)] +#[allow(non_camel_case_types, dead_code)] type CC_LONG = u32; extern "C" { + #[allow(dead_code)] fn CC_SHA224(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; + #[allow(dead_code)] fn CC_SHA256(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; + #[allow(dead_code)] fn CC_SHA384(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; + #[allow(dead_code)] fn CC_SHA512(data: *const u8, len: CC_LONG, md: *mut u8) -> *mut u8; } diff --git a/src/lib.rs b/src/lib.rs index 0f738df..7994733 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -106,7 +106,7 @@ use std::result; #[cfg(not(any(target_os = "windows", target_vendor = "apple",)))] #[macro_use] extern crate log; -#[cfg(any(target_vendor = "apple",))] +#[cfg(target_vendor = "apple")] #[path = "imp/security_framework.rs"] mod imp; #[cfg(target_os = "windows")]