mirror of https://github.com/briansmith/webpki
Compare commits
17 Commits
4052bfefa2
...
e6618867a5
Author | SHA1 | Date |
---|---|---|
Stefan Arentz | e6618867a5 | |
Brian Smith | 94e6e88ed9 | |
Brian Smith | 9613e5d115 | |
Brian Smith | 8f81719df5 | |
Brian Smith | fe5bbc1ee0 | |
Brian Smith | 8df253ec56 | |
Brian Smith | 1f74481e02 | |
Brian Smith | 425ee4a7a0 | |
Brian Smith | cace8bb895 | |
Brian Smith | de56edcf40 | |
Brian Smith | f84a538a5c | |
Brian Smith | f1202b34b3 | |
Brian Smith | 60e688b6c2 | |
Stefan Arentz | 0571f5cb4e | |
Stefan Arentz | cea94e4292 | |
Stefan Arentz | 9cbee3f9f8 | |
Stefan Arentz | 0277318ea8 |
|
@ -9,27 +9,21 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
components: rustfmt
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- run: cargo fmt --all -- --check
|
||||
|
||||
clippy:
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
components: clippy
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -39,22 +33,19 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-cache@v2
|
||||
- uses: briansmith/actions-cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/bin/cargo-audit
|
||||
~/.cargo/.crates.toml
|
||||
~/.cargo/.crates2.json
|
||||
key: ${{ runner.os }}-v2-cargo-audit-0.13.1
|
||||
key: ${{ runner.os }}-v2-cargo-audit-locked-0.18.3
|
||||
|
||||
- run: cargo install cargo-audit --vers "0.13.1"
|
||||
- run: cargo install cargo-audit --locked --vers "0.18.3"
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -66,22 +57,19 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-cache@v2
|
||||
- uses: briansmith/actions-cache@v3
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/bin/cargo-deny
|
||||
~/.cargo/.crates.toml
|
||||
~/.cargo/.crates2.json
|
||||
key: ${{ runner.os }}-v2-cargo-deny-locked-0.8.5
|
||||
key: ${{ runner.os }}-v2-cargo-deny-locked-0.14.3
|
||||
|
||||
- run: cargo install cargo-deny --locked --vers "0.8.5"
|
||||
- run: cargo install cargo-deny --locked --vers "0.14.3"
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -91,24 +79,10 @@ jobs:
|
|||
rustdoc:
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
rust_channel:
|
||||
- stable
|
||||
- beta
|
||||
- nightly
|
||||
|
||||
include:
|
||||
- target: x86_64-unknown-linux-gnu
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
override: true
|
||||
target: ${{ matrix.target }}
|
||||
toolchain: ${{ matrix.rust_channel }}
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -119,12 +93,9 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
profile: minimal
|
||||
- run: rustup --version
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -147,9 +118,12 @@ jobs:
|
|||
# portable.
|
||||
# Specifically choose `aarch64-pc-windows-msvc` since it was new in
|
||||
# *ring* 0.17.
|
||||
- aarch64-apple-darwin
|
||||
- aarch64-pc-windows-msvc
|
||||
- arm-unknown-linux-gnueabihf
|
||||
- i686-pc-windows-msvc
|
||||
- riscv64gc-unknown-linux-gnu
|
||||
- wasm32-wasi
|
||||
- x86_64-unknown-linux-musl
|
||||
- x86_64-unknown-linux-gnu
|
||||
|
||||
|
@ -165,12 +139,10 @@ jobs:
|
|||
|
||||
- beta
|
||||
|
||||
exclude:
|
||||
# 1.46.0 doesn't support `-Clink-self-contained`.
|
||||
- target: x86_64-unknown-linux-musl
|
||||
rust_channel: 1.46.0
|
||||
|
||||
include:
|
||||
- target: aarch64-apple-darwin
|
||||
host_os: macos-14
|
||||
|
||||
- target: aarch64-pc-windows-msvc
|
||||
host_os: windows-latest
|
||||
# GitHub Actions doesn't have a way to run this target yet.
|
||||
|
@ -182,32 +154,44 @@ jobs:
|
|||
- target: i686-pc-windows-msvc
|
||||
host_os: windows-latest
|
||||
|
||||
- target: riscv64gc-unknown-linux-gnu
|
||||
host_os: ubuntu-22.04
|
||||
|
||||
- target: wasm32-wasi
|
||||
host_os: ubuntu-22.04
|
||||
|
||||
- target: x86_64-unknown-linux-musl
|
||||
host_os: ubuntu-22.04
|
||||
|
||||
- target: x86_64-unknown-linux-gnu
|
||||
host_os: ubuntu-22.04
|
||||
|
||||
# rcgen requires *ring* 0.16 which doesn't support this target.
|
||||
- target: aarch64-pc-windows-msvc
|
||||
skip_rcgen: true
|
||||
- target: riscv64gc-unknown-linux-gnu
|
||||
skip_rcgen: true
|
||||
- target: wasm32-wasi
|
||||
skip_rcgen: true
|
||||
|
||||
- rust_channel: 1.61.0
|
||||
# rcgen requires Rust 1.67.
|
||||
skip_rcgen: true
|
||||
|
||||
steps:
|
||||
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
||||
run: sudo apt-get update -y
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- run: rustup toolchain add --profile=minimal ${{ matrix.rust_channel }}
|
||||
- run: rustup target add --toolchain=${{ matrix.rust_channel }} ${{ matrix.target }}
|
||||
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') }}
|
||||
run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
|
||||
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
override: true
|
||||
target: ${{ matrix.target }}
|
||||
toolchain: ${{ matrix.rust_channel }}
|
||||
|
||||
- if: ${{ matrix.target == 'aarch64-apple-darwin' }}
|
||||
run: echo "DEVELOPER_DIR=/Applications/Xcode_12.2.app/Contents/Developer" >> $GITHUB_ENV
|
||||
|
||||
- if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }}
|
||||
run: |
|
||||
echo "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
|
||||
|
@ -215,21 +199,20 @@ jobs:
|
|||
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') }}
|
||||
run: |
|
||||
mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
|
||||
- if: ${{ contains(matrix.host_os, 'windows') }}
|
||||
run: |
|
||||
cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
cargo +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
|
||||
# rcgen-based tests require Rust 1.67.
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') && !contains(matrix.rust_channel, '1.61.0') }}
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') && !contains(matrix.skip_rcgen, 'true') }}
|
||||
run: |
|
||||
mk/cargo.sh test -p rcgen-tests -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
mk/cargo.sh +${{ matrix.rust_channel }} test -p rcgen-tests -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
|
||||
# rcgen-based tests require Rust 1.67, and uses *ring* 0.16 which doesn't build for aarch64-pc-windows-msvc.
|
||||
- if: ${{ contains(matrix.host_os, 'windows') && !contains(matrix.rust_channel, '1.61.0') && !contains(matrix.target, 'aarch64-pc-windows-msvc') }}
|
||||
- if: ${{ contains(matrix.host_os, 'windows') && !contains(matrix.skip_rcgen, 'true') }}
|
||||
run: |
|
||||
cargo test -vv -p rcgen-tests --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
cargo +${{ matrix.rust_channel }} test -vv -p rcgen-tests --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
|
||||
coverage:
|
||||
runs-on: ${{ matrix.host_os }}
|
||||
|
@ -259,27 +242,21 @@ jobs:
|
|||
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
||||
run: sudo apt-get update -y
|
||||
|
||||
- uses: briansmith/actions-checkout@v2
|
||||
- uses: briansmith/actions-checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- run: rustup toolchain add --profile=minimal ${{ matrix.rust_channel }}
|
||||
- run: rustup target add --toolchain=${{ matrix.rust_channel }} ${{ matrix.target }}
|
||||
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') }}
|
||||
run: RING_COVERAGE=1 mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
|
||||
|
||||
- uses: briansmith/actions-rs-toolchain@v1
|
||||
with:
|
||||
override: true
|
||||
target: ${{ matrix.target }}
|
||||
toolchain: ${{ matrix.rust_channel }}
|
||||
|
||||
- if: ${{ matrix.target == 'aarch64-apple-darwin' }}
|
||||
run: echo "DEVELOPER_DIR=/Applications/Xcode_12.2.app/Contents/Developer" >> $GITHUB_ENV
|
||||
|
||||
- if: ${{ !contains(matrix.host_os, 'windows') }}
|
||||
run: |
|
||||
RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test --workspace -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
|
||||
|
||||
- uses: briansmith/codecov-codecov-action@v1
|
||||
- uses: briansmith/codecov-codecov-action@v3
|
||||
with:
|
||||
directory: ./target/${{ matrix.target }}/debug/coverage/reports
|
||||
fail_ci_if_error: true
|
||||
|
|
|
@ -22,7 +22,7 @@ name = "webpki"
|
|||
readme = "README.md"
|
||||
repository = "https://github.com/briansmith/webpki"
|
||||
rust-version = "1.61.0"
|
||||
version = "0.22.2"
|
||||
version = "0.22.4"
|
||||
|
||||
include = [
|
||||
"Cargo.toml",
|
||||
|
|
96
mk/cargo.sh
96
mk/cargo.sh
|
@ -19,8 +19,17 @@ IFS=$'\n\t'
|
|||
|
||||
rustflags_self_contained="-Clink-self-contained=yes -Clinker=rust-lld"
|
||||
qemu_aarch64="qemu-aarch64 -L /usr/aarch64-linux-gnu"
|
||||
qemu_arm="qemu-arm -L /usr/arm-linux-gnueabihf"
|
||||
qemu_arm_gnueabi="qemu-arm -L /usr/arm-linux-gnueabi"
|
||||
qemu_arm_gnueabihf="qemu-arm -L /usr/arm-linux-gnueabihf"
|
||||
qemu_mips="qemu-mips -L /usr/mips-linux-gnu"
|
||||
qemu_mips64="qemu-mips64 -L /usr/mips64-linux-gnuabi64"
|
||||
qemu_mips64el="qemu-mips64el -L /usr/mips64el-linux-gnuabi64"
|
||||
qemu_mipsel="qemu-mipsel -L /usr/mipsel-linux-gnu"
|
||||
qemu_powerpc="qemu-ppc -L /usr/powerpc-linux-gnu"
|
||||
qemu_powerpc64="qemu-ppc64 -L /usr/powerpc64-linux-gnu"
|
||||
qemu_powerpc64le="qemu-ppc64le -L /usr/powerpc64le-linux-gnu"
|
||||
qemu_riscv64="qemu-riscv64 -L /usr/riscv64-linux-gnu"
|
||||
qemu_s390x="qemu-s390x -L /usr/s390x-linux-gnu"
|
||||
|
||||
# Avoid putting the Android tools in `$PATH` because there are tools in this
|
||||
# directory like `clang` that would conflict with the same-named tools that may
|
||||
|
@ -45,7 +54,7 @@ for arg in $*; do
|
|||
done
|
||||
|
||||
# See comments in install-build-tools.sh.
|
||||
llvm_version=15
|
||||
llvm_version=18
|
||||
|
||||
case $target in
|
||||
aarch64-linux-android)
|
||||
|
@ -66,22 +75,35 @@ case $target in
|
|||
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained"
|
||||
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER="$qemu_aarch64"
|
||||
;;
|
||||
arm-unknown-linux-gnueabi)
|
||||
export CC_arm_unknown_linux_gnueabi=arm-linux-gnueabi-gcc
|
||||
export AR_arm_unknown_linux_gnueabi=arm-linux-gnueabi-gcc-ar
|
||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABI_LINKER=arm-linux-gnueabi-gcc
|
||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABI_RUNNER="$qemu_arm_gnueabi"
|
||||
;;
|
||||
arm-unknown-linux-gnueabihf)
|
||||
# XXX: clang cannot build the sha256 and x25519 assembly.
|
||||
export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc
|
||||
export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar
|
||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc
|
||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm"
|
||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm_gnueabihf"
|
||||
;;
|
||||
armv7-linux-androideabi)
|
||||
export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi19-clang
|
||||
export AR_armv7_linux_androideabi=$android_tools/llvm-ar
|
||||
export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi19-clang
|
||||
;;
|
||||
armv7-unknown-linux-gnueabihf)
|
||||
export CC_armv7_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc
|
||||
export AR_armv7_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar
|
||||
export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc
|
||||
export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm_gnueabihf"
|
||||
;;
|
||||
armv7-unknown-linux-musleabihf)
|
||||
export CC_armv7_unknown_linux_musleabihf=clang-$llvm_version
|
||||
export AR_armv7_unknown_linux_musleabihf=llvm-ar-$llvm_version
|
||||
export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUSTFLAGS="$rustflags_self_contained"
|
||||
export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm"
|
||||
export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm_gnueabihf"
|
||||
;;
|
||||
i686-unknown-linux-gnu)
|
||||
export CC_i686_unknown_linux_gnu=clang-$llvm_version
|
||||
|
@ -93,12 +115,67 @@ case $target in
|
|||
export AR_i686_unknown_linux_musl=llvm-ar-$llvm_version
|
||||
export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained"
|
||||
;;
|
||||
mips-unknown-linux-gnu)
|
||||
export CC_mips_unknown_linux_gnu=mips-linux-gnu-gcc
|
||||
export AR_mips_unknown_linux_gnu=mips-linux-gnu-gcc-ar
|
||||
export CARGO_TARGET_MIPS_UNKNOWN_LINUX_GNU_LINKER=mips-linux-gnu-gcc
|
||||
export CARGO_TARGET_MIPS_UNKNOWN_LINUX_GNU_RUNNER="$qemu_mips"
|
||||
;;
|
||||
mips64-unknown-linux-gnuabi64)
|
||||
export CC_mips64_unknown_linux_gnuabi64=mips64-linux-gnuabi64-gcc
|
||||
export AR_mips64_unknown_linux_gnuabi64=mips64-linux-gnuabi64-gcc-ar
|
||||
export CARGO_TARGET_MIPS64_UNKNOWN_LINUX_GNUABI64_LINKER=mips64-linux-gnuabi64-gcc
|
||||
export CARGO_TARGET_MIPS64_UNKNOWN_LINUX_GNUABI64_RUNNER="$qemu_mips64"
|
||||
;;
|
||||
mips64el-unknown-linux-gnuabi64)
|
||||
export CC_mips64el_unknown_linux_gnuabi64=mips64el-linux-gnuabi64-gcc
|
||||
export AR_mips64el_unknown_linux_gnuabi64=mips64el-linux-gnuabi64-gcc-ar
|
||||
export CARGO_TARGET_MIPS64EL_UNKNOWN_LINUX_GNUABI64_LINKER=mips64el-linux-gnuabi64-gcc
|
||||
export CARGO_TARGET_MIPS64EL_UNKNOWN_LINUX_GNUABI64_RUNNER="$qemu_mips64el"
|
||||
;;
|
||||
mipsel-unknown-linux-gnu)
|
||||
export CC_mipsel_unknown_linux_gnu=mipsel-linux-gnu-gcc
|
||||
export AR_mipsel_unknown_linux_gnu=mipsel-linux-gnu-gcc-ar
|
||||
export CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_LINKER=mipsel-linux-gnu-gcc
|
||||
export CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_RUNNER="$qemu_mipsel"
|
||||
;;
|
||||
powerpc-unknown-linux-gnu)
|
||||
export CC_powerpc_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_powerpc_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
export CFLAGS_powerpc_unknown_linux_gnu="--sysroot=/usr/powerpc-linux-gnu"
|
||||
export CARGO_TARGET_POWERPC_UNKNOWN_LINUX_GNU_LINKER=powerpc-linux-gnu-gcc
|
||||
export CARGO_TARGET_POWERPC_UNKNOWN_LINUX_GNU_RUNNER="$qemu_powerpc"
|
||||
;;
|
||||
powerpc64-unknown-linux-gnu)
|
||||
export CC_powerpc64_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_powerpc64_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
export CFLAGS_powerpc64_unknown_linux_gnu="--sysroot=/usr/powerpc64-linux-gnu"
|
||||
export CARGO_TARGET_POWERPC64_UNKNOWN_LINUX_GNU_LINKER=powerpc64-linux-gnu-gcc
|
||||
export CARGO_TARGET_POWERPC64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_powerpc64"
|
||||
;;
|
||||
powerpc64le-unknown-linux-gnu)
|
||||
export CC_powerpc64le_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_powerpc64le_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
export CFLAGS_powerpc64le_unknown_linux_gnu="--sysroot=/usr/powerpc64le-linux-gnu"
|
||||
export CARGO_TARGET_POWERPC64LE_UNKNOWN_LINUX_GNU_LINKER=powerpc64le-linux-gnu-gcc
|
||||
export CARGO_TARGET_POWERPC64LE_UNKNOWN_LINUX_GNU_RUNNER="$qemu_powerpc64le"
|
||||
;;
|
||||
riscv64gc-unknown-linux-gnu)
|
||||
export CC_riscv64gc_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_riscv64gc_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
export CARGO_TARGET_RISCV64GC_UNKNOWN_LINUX_GNU_LINKER=riscv64-linux-gnu-gcc
|
||||
export CARGO_TARGET_RISCV64GC_UNKNOWN_LINUX_GNU_RUNNER="$qemu_riscv64"
|
||||
;;
|
||||
s390x-unknown-linux-gnu)
|
||||
export CC_s390x_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_s390x_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
# XXX: Using -march=zEC12 to work around a z13 instruction bug in
|
||||
# QEMU 8.0.2 and earlier that causes `test_constant_time` to fail
|
||||
# (https://lists.gnu.org/archive/html/qemu-devel/2023-05/msg06965.html).
|
||||
export CFLAGS_s390x_unknown_linux_gnu="--sysroot=/usr/s390x-linux-gnu -march=zEC12"
|
||||
export CARGO_TARGET_S390X_UNKNOWN_LINUX_GNU_LINKER=s390x-linux-gnu-gcc
|
||||
export CARGO_TARGET_S390X_UNKNOWN_LINUX_GNU_RUNNER="$qemu_s390x"
|
||||
;;
|
||||
x86_64-unknown-linux-musl)
|
||||
export CC_x86_64_unknown_linux_musl=clang-$llvm_version
|
||||
export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version
|
||||
|
@ -109,6 +186,11 @@ case $target in
|
|||
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained"
|
||||
fi
|
||||
;;
|
||||
loongarch64-unknown-linux-gnu)
|
||||
export CC_loongarch64_unknown_linux_gnu=clang-$llvm_version
|
||||
export AR_loongarch64_unknown_linux_gnu=llvm-ar-$llvm_version
|
||||
export CARGO_TARGET_LOONGARCH64_UNKNOWN_LINUX_GNU_LINKER=clang-$llvm_version
|
||||
;;
|
||||
wasm32-unknown-unknown)
|
||||
# The first two are only needed for when the "wasm_c" feature is enabled.
|
||||
export CC_wasm32_unknown_unknown=clang-$llvm_version
|
||||
|
@ -116,6 +198,12 @@ case $target in
|
|||
export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner
|
||||
export WASM_BINDGEN_TEST_TIMEOUT=60
|
||||
;;
|
||||
wasm32-wasi)
|
||||
# The first two are only needed for when the "wasm_c" feature is enabled.
|
||||
export CC_wasm32_wasi=clang-$llvm_version
|
||||
export AR_wasm32_wasi=llvm-ar-$llvm_version
|
||||
export CARGO_TARGET_WASM32_WASI_RUNNER=target/tools/linux-x86_64/wasmtime/wasmtime
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
# TODO: Lock this down to a specific commit instead of always using the latest.
|
||||
git clone `
|
||||
--branch windows `
|
||||
--depth 1 `
|
||||
https://github.com/briansmith/ring-toolchain `
|
||||
target/tools/windows
|
|
@ -70,7 +70,13 @@ case $target in
|
|||
install_packages \
|
||||
qemu-user
|
||||
;;
|
||||
--target=arm-unknown-linux-gnueabihf)
|
||||
--target=arm-unknown-linux-gnueabi)
|
||||
install_packages \
|
||||
qemu-user \
|
||||
gcc-arm-linux-gnueabi \
|
||||
libc6-dev-armel-cross
|
||||
;;
|
||||
--target=arm-unknown-linux-gnueabihf|--target=armv7-unknown-linux-gnueabihf)
|
||||
install_packages \
|
||||
qemu-user \
|
||||
gcc-arm-linux-gnueabihf \
|
||||
|
@ -85,16 +91,81 @@ case $target in
|
|||
--target=i686-unknown-linux-musl|--target=x86_64-unknown-linux-musl)
|
||||
use_clang=1
|
||||
;;
|
||||
--target=loongarch64-unknown-linux-gnu)
|
||||
use_clang=1
|
||||
;;
|
||||
--target=mips-unknown-linux-gnu)
|
||||
install_packages \
|
||||
gcc-mips-linux-gnu \
|
||||
libc6-dev-mips-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=mips64-unknown-linux-gnuabi64)
|
||||
install_packages \
|
||||
gcc-mips64-linux-gnuabi64 \
|
||||
libc6-dev-mips64-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=mips64el-unknown-linux-gnuabi64)
|
||||
install_packages \
|
||||
gcc-mips64el-linux-gnuabi64 \
|
||||
libc6-dev-mips64el-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=mipsel-unknown-linux-gnu)
|
||||
install_packages \
|
||||
gcc-mipsel-linux-gnu \
|
||||
libc6-dev-mipsel-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=powerpc-unknown-linux-gnu)
|
||||
use_clang=1
|
||||
install_packages \
|
||||
gcc-powerpc-linux-gnu \
|
||||
libc6-dev-powerpc-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=powerpc64-unknown-linux-gnu)
|
||||
use_clang=1
|
||||
install_packages \
|
||||
gcc-powerpc64-linux-gnu \
|
||||
libc6-dev-ppc64-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=powerpc64le-unknown-linux-gnu)
|
||||
use_clang=1
|
||||
install_packages \
|
||||
gcc-powerpc64le-linux-gnu \
|
||||
libc6-dev-ppc64el-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=riscv64gc-unknown-linux-gnu)
|
||||
use_clang=1
|
||||
install_packages \
|
||||
gcc-riscv64-linux-gnu \
|
||||
libc6-dev-riscv64-cross \
|
||||
qemu-user
|
||||
;;
|
||||
--target=s390x-unknown-linux-gnu)
|
||||
# Clang is needed for code coverage.
|
||||
use_clang=1
|
||||
install_packages \
|
||||
qemu-user \
|
||||
gcc-s390x-linux-gnu \
|
||||
libc6-dev-s390x-cross
|
||||
;;
|
||||
--target=wasm32-unknown-unknown)
|
||||
cargo install wasm-bindgen-cli --bin wasm-bindgen-test-runner
|
||||
use_clang=1
|
||||
;;
|
||||
--target=wasm32-wasi)
|
||||
use_clang=1
|
||||
git clone \
|
||||
--branch linux-x86_64 \
|
||||
--depth 1 \
|
||||
https://github.com/briansmith/ring-toolchain \
|
||||
target/tools/linux-x86_64
|
||||
;;
|
||||
--target=*)
|
||||
;;
|
||||
esac
|
||||
|
@ -102,7 +173,7 @@ esac
|
|||
case "$OSTYPE" in
|
||||
linux*)
|
||||
ubuntu_codename=$(lsb_release --codename --short)
|
||||
llvm_version=15
|
||||
llvm_version=18
|
||||
sudo apt-key add mk/llvm-snapshot.gpg.key
|
||||
sudo add-apt-repository "deb http://apt.llvm.org/$ubuntu_codename/ llvm-toolchain-$ubuntu_codename-$llvm_version main"
|
||||
sudo apt-get update
|
||||
|
|
|
@ -62,11 +62,13 @@ pub fn time_from_ymdhms_utc(
|
|||
))
|
||||
}
|
||||
|
||||
const UNIX_EPOCH_YEAR: u64 = 1970;
|
||||
|
||||
fn days_before_year_since_unix_epoch(year: u64) -> Result<u64, Error> {
|
||||
// We don't support dates before January 1, 1970 because that is the
|
||||
// Unix epoch. It is likely that other software won't deal well with
|
||||
// certificates that have dates before the epoch.
|
||||
if year < 1970 {
|
||||
if year < UNIX_EPOCH_YEAR {
|
||||
return Err(Error::BadDerTime);
|
||||
}
|
||||
let days_before_year_ad = days_before_year_ad(year);
|
||||
|
@ -105,8 +107,25 @@ const DAYS_BEFORE_UNIX_EPOCH_AD: u64 = 719162;
|
|||
mod tests {
|
||||
#[test]
|
||||
fn test_days_before_unix_epoch() {
|
||||
use super::{days_before_year_ad, DAYS_BEFORE_UNIX_EPOCH_AD};
|
||||
assert_eq!(DAYS_BEFORE_UNIX_EPOCH_AD, days_before_year_ad(1970));
|
||||
use super::{days_before_year_ad, DAYS_BEFORE_UNIX_EPOCH_AD, UNIX_EPOCH_YEAR};
|
||||
assert_eq!(
|
||||
DAYS_BEFORE_UNIX_EPOCH_AD,
|
||||
days_before_year_ad(UNIX_EPOCH_YEAR)
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_days_before_year_since_unix_epoch() {
|
||||
use super::{days_before_year_since_unix_epoch, Error, UNIX_EPOCH_YEAR};
|
||||
assert_eq!(Ok(0), days_before_year_since_unix_epoch(UNIX_EPOCH_YEAR));
|
||||
assert_eq!(
|
||||
Ok(365),
|
||||
days_before_year_since_unix_epoch(UNIX_EPOCH_YEAR + 1)
|
||||
);
|
||||
assert_eq!(
|
||||
Err(Error::BadDerTime),
|
||||
days_before_year_since_unix_epoch(UNIX_EPOCH_YEAR - 1)
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
@ -135,7 +154,37 @@ mod tests {
|
|||
#[allow(clippy::unreadable_literal)] // TODO: Make this clear.
|
||||
#[test]
|
||||
fn test_time_from_ymdhms_utc() {
|
||||
use super::{time_from_ymdhms_utc, Time};
|
||||
use super::{time_from_ymdhms_utc, Error, Time, UNIX_EPOCH_YEAR};
|
||||
|
||||
// 1969-12-31 00:00:00
|
||||
assert_eq!(
|
||||
Err(Error::BadDerTime),
|
||||
time_from_ymdhms_utc(UNIX_EPOCH_YEAR - 1, 1, 1, 0, 0, 0)
|
||||
);
|
||||
|
||||
// 1969-12-31 23:59:59
|
||||
assert_eq!(
|
||||
Err(Error::BadDerTime),
|
||||
time_from_ymdhms_utc(UNIX_EPOCH_YEAR - 1, 12, 31, 23, 59, 59)
|
||||
);
|
||||
|
||||
// 1970-01-01 00:00:00
|
||||
assert_eq!(
|
||||
Time::from_seconds_since_unix_epoch(0),
|
||||
time_from_ymdhms_utc(UNIX_EPOCH_YEAR, 1, 1, 0, 0, 0).unwrap()
|
||||
);
|
||||
|
||||
// 1970-01-01 00:00:01
|
||||
assert_eq!(
|
||||
Time::from_seconds_since_unix_epoch(1),
|
||||
time_from_ymdhms_utc(UNIX_EPOCH_YEAR, 1, 1, 0, 0, 1).unwrap()
|
||||
);
|
||||
|
||||
// 1971-01-01 00:00:00
|
||||
assert_eq!(
|
||||
Time::from_seconds_since_unix_epoch(365 * 86400),
|
||||
time_from_ymdhms_utc(UNIX_EPOCH_YEAR + 1, 1, 1, 0, 0, 0).unwrap()
|
||||
);
|
||||
|
||||
// year boundary
|
||||
assert_eq!(
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
use crate::{calendar, time, Error};
|
||||
pub use ring::io::{
|
||||
der::{nested, Tag, CONSTRUCTED},
|
||||
der::{nested, Tag},
|
||||
Positive,
|
||||
};
|
||||
|
||||
|
|
|
@ -125,6 +125,25 @@ impl<'a> EndEntityCert<'a> {
|
|||
)
|
||||
}
|
||||
|
||||
/// Backward-SemVer-compatible wrapper around `verify_is_valid_tls_client_cert_ext`.
|
||||
///
|
||||
/// Errors that aren't representable as an `Error` are mapped to `Error::UnknownIssuer`.
|
||||
pub fn verify_is_valid_tls_client_cert(
|
||||
&self,
|
||||
supported_sig_algs: &[&SignatureAlgorithm],
|
||||
trust_anchors: &TlsClientTrustAnchors,
|
||||
intermediate_certs: &[&[u8]],
|
||||
time: Time,
|
||||
) -> Result<(), Error> {
|
||||
self.verify_is_valid_tls_client_cert_ext(
|
||||
supported_sig_algs,
|
||||
trust_anchors,
|
||||
intermediate_certs,
|
||||
time,
|
||||
)
|
||||
.map_err(ErrorExt::into_error_lossy)
|
||||
}
|
||||
|
||||
/// Verifies that the end-entity certificate is valid for use by a TLS
|
||||
/// client.
|
||||
///
|
||||
|
@ -145,7 +164,7 @@ impl<'a> EndEntityCert<'a> {
|
|||
&TlsClientTrustAnchors(trust_anchors): &TlsClientTrustAnchors,
|
||||
intermediate_certs: &[&[u8]],
|
||||
time: Time,
|
||||
) -> Result<(), Error> {
|
||||
) -> Result<(), ErrorExt> {
|
||||
verify_cert::build_chain(
|
||||
verify_cert::EKU_CLIENT_AUTH,
|
||||
supported_sig_algs,
|
||||
|
@ -154,7 +173,6 @@ impl<'a> EndEntityCert<'a> {
|
|||
&self.inner,
|
||||
time,
|
||||
)
|
||||
.map_err(ErrorExt::into_error_lossy)
|
||||
}
|
||||
|
||||
/// Verifies that the certificate is valid for the given DNS host name.
|
||||
|
|
|
@ -80,6 +80,7 @@ fn build_chain_inner(
|
|||
|
||||
// TODO: revocation.
|
||||
|
||||
#[allow(clippy::blocks_in_conditions)]
|
||||
match loop_while_non_fatal_error(trust_anchors, |trust_anchor: &TrustAnchor| {
|
||||
let trust_anchor_subject = untrusted::Input::from(trust_anchor.subject);
|
||||
if !equal(cert.issuer, trust_anchor_subject) {
|
||||
|
|
Loading…
Reference in New Issue