Sprinkle #[must_use] (#368)

2025-06-05 20:40:35 +01:00 · 2025-06-05 20:40:35 +01:00 · 5fa9c81c88
parent 5d57b3a057
commit 5fa9c81c88
33 changed files with 320 additions and 4 deletions
--- a/boring-sys/src/lib.rs
+++ b/boring-sys/src/lib.rs
@ -32,18 +32,22 @@ pub type BN_ULONG = u64;
 #[cfg(target_pointer_width = "32")]
 pub type BN_ULONG = u32;
 #[must_use]
 pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong {
    ((l as c_ulong & 0x0FF) << 24) | ((f as c_ulong & 0xFFF) << 12) | (r as c_ulong & 0xFFF)
 }
 #[must_use]
 pub const fn ERR_GET_LIB(l: c_uint) -> c_int {
    ((l >> 24) & 0x0FF) as c_int
 }
 #[must_use]
 pub const fn ERR_GET_FUNC(l: c_uint) -> c_int {
    ((l >> 12) & 0xFFF) as c_int
 }
 #[must_use]
 pub const fn ERR_GET_REASON(l: c_uint) -> c_int {
    (l & 0xFFF) as c_int
 }
--- a/boring/src/asn1.rs
+++ b/boring/src/asn1.rs
@ -143,11 +143,13 @@ impl Asn1Type {
    pub const BMPSTRING: Asn1Type = Asn1Type(ffi::V_ASN1_BMPSTRING);
    /// Constructs an `Asn1Type` from a raw OpenSSL value.
    #[must_use]
    pub fn from_raw(value: c_int) -> Self {
        Asn1Type(value)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -415,17 +417,20 @@ impl Asn1StringRef {
    ///
    /// [`as_utf8`]: struct.Asn1String.html#method.as_utf8
    #[corresponds(ASN1_STRING_get0_data)]
    #[must_use]
    pub fn as_slice(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }
    }
    /// Returns the number of bytes in the string.
    #[corresponds(ASN1_STRING_length)]
    #[must_use]
    pub fn len(&self) -> usize {
        unsafe { ffi::ASN1_STRING_length(self.as_ptr()) as usize }
    }
    /// Determines if the string is empty.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
@ -473,6 +478,7 @@ impl Asn1IntegerRef {
    #[allow(clippy::unnecessary_cast)]
    #[allow(missing_docs)]
    #[deprecated(since = "0.10.6", note = "use to_bn instead")]
    #[must_use]
    pub fn get(&self) -> i64 {
        unsafe { crate::ffi::ASN1_INTEGER_get(self.as_ptr()) as i64 }
    }
@ -520,17 +526,20 @@ foreign_type_and_impl_send_sync! {
 impl Asn1BitStringRef {
    /// Returns the Asn1BitString as a slice.
    #[corresponds(ASN1_STRING_get0_data)]
    #[must_use]
    pub fn as_slice(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
    }
    /// Returns the number of bytes in the string.
    #[corresponds(ASN1_STRING_length)]
    #[must_use]
    pub fn len(&self) -> usize {
        unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *const _) as usize }
    }
    /// Determines if the string is empty.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
@ -576,6 +585,7 @@ impl Asn1Object {
 impl Asn1ObjectRef {
    /// Returns the NID associated with this OID.
    #[must_use]
    pub fn nid(&self) -> Nid {
        unsafe { Nid::from_raw(ffi::OBJ_obj2nid(self.as_ptr())) }
    }
--- a/boring/src/base64.rs
+++ b/boring/src/base64.rs
@ -11,6 +11,7 @@ use openssl_macros::corresponds;
 ///
 /// Panics if the input length or computed output length overflow a signed C integer.
 #[corresponds(EVP_EncodeBlock)]
 #[must_use]
 pub fn encode_block(src: &[u8]) -> String {
    assert!(src.len() <= c_int::MAX as usize);
    let src_len = src.len();
--- a/boring/src/bn.rs
+++ b/boring/src/bn.rs
@ -198,6 +198,7 @@ impl BigNumRef {
    /// Returns `true` if the `n`th bit of `self` is set to 1, `false` otherwise.
    #[corresponds(BN_is_bit_set)]
    #[allow(clippy::useless_conversion)]
    #[must_use]
    pub fn is_bit_set(&self, n: i32) -> bool {
        unsafe { ffi::BN_is_bit_set(self.as_ptr(), n.into()) == 1 }
    }
@ -279,23 +280,27 @@ impl BigNumRef {
    /// assert_eq!(s.ucmp(&o), Ordering::Equal);
    /// ```
    #[corresponds(BN_ucmp)]
    #[must_use]
    pub fn ucmp(&self, oth: &BigNumRef) -> Ordering {
        unsafe { ffi::BN_ucmp(self.as_ptr(), oth.as_ptr()).cmp(&0) }
    }
    /// Returns `true` if `self` is negative.
    #[corresponds(BN_is_negative)]
    #[must_use]
    pub fn is_negative(&self) -> bool {
        unsafe { BN_is_negative(self.as_ptr()) == 1 }
    }
    /// Returns the number of significant bits in `self`.
    #[corresponds(BN_num_bits)]
    #[must_use]
    pub fn num_bits(&self) -> i32 {
        unsafe { ffi::BN_num_bits(self.as_ptr()) as i32 }
    }
    /// Returns the size of `self` in bytes. Implemented natively.
    #[must_use]
    pub fn num_bytes(&self) -> i32 {
        (self.num_bits() + 7) / 8
    }
@ -732,6 +737,7 @@ impl BigNumRef {
    /// assert_eq!(BigNum::from_slice(&s_vec).unwrap(), r);
    /// ```
    #[corresponds(BN_bn2bin)]
    #[must_use]
    pub fn to_vec(&self) -> Vec<u8> {
        let size = self.num_bytes() as usize;
        let mut v = Vec::with_capacity(size);
--- a/boring/src/conf.rs
+++ b/boring/src/conf.rs
@ -19,6 +19,7 @@ impl ConfMethod {
    }
    /// Convert to raw pointer.
    #[must_use]
    pub fn as_ptr(&self) -> *mut c_void {
        self.0
    }
--- a/boring/src/dsa.rs
+++ b/boring/src/dsa.rs
@ -98,6 +98,7 @@ where
    }
    /// Returns a reference to the public key component of `self`.
    #[must_use]
    pub fn pub_key(&self) -> &BigNumRef {
        unsafe {
            let mut pub_key = ptr::null();
@ -126,6 +127,7 @@ where
    }
    /// Returns a reference to the private key component of `self`.
    #[must_use]
    pub fn priv_key(&self) -> &BigNumRef {
        unsafe {
            let mut priv_key = ptr::null();
@ -141,11 +143,13 @@ where
 {
    /// Returns the maximum size of the signature output by `self` in bytes.
    #[corresponds(DSA_size)]
    #[must_use]
    pub fn size(&self) -> u32 {
        unsafe { ffi::DSA_size(self.as_ptr()) as u32 }
    }
    /// Returns the DSA prime parameter of `self`.
    #[must_use]
    pub fn p(&self) -> &BigNumRef {
        unsafe {
            let mut p = ptr::null();
@ -155,6 +159,7 @@ where
    }
    /// Returns the DSA sub-prime parameter of `self`.
    #[must_use]
    pub fn q(&self) -> &BigNumRef {
        unsafe {
            let mut q = ptr::null();
@ -164,6 +169,7 @@ where
    }
    /// Returns the DSA base parameter of `self`.
    #[must_use]
    pub fn g(&self) -> &BigNumRef {
        unsafe {
            let mut g = ptr::null();
--- a/boring/src/ec.rs
+++ b/boring/src/ec.rs
@ -167,18 +167,21 @@ impl EcGroupRef {
    /// Returns the degree of the curve.
    #[corresponds(EC_GROUP_get_degree)]
    #[allow(clippy::unnecessary_cast)]
    #[must_use]
    pub fn degree(&self) -> u32 {
        unsafe { ffi::EC_GROUP_get_degree(self.as_ptr()) as u32 }
    }
    /// Returns the number of bits in the group order.
    #[corresponds(EC_GROUP_order_bits)]
    #[must_use]
    pub fn order_bits(&self) -> u32 {
        unsafe { ffi::EC_GROUP_order_bits(self.as_ptr()) as u32 }
    }
    /// Returns the generator for the given curve as a [`EcPoint`].
    #[corresponds(EC_GROUP_get0_generator)]
    #[must_use]
    pub fn generator(&self) -> &EcPointRef {
        unsafe {
            let ptr = ffi::EC_GROUP_get0_generator(self.as_ptr());
@ -216,6 +219,7 @@ impl EcGroupRef {
    /// Returns the name of the curve, if a name is associated.
    #[corresponds(EC_GROUP_get_curve_name)]
    #[must_use]
    pub fn curve_name(&self) -> Option<Nid> {
        let nid = unsafe { ffi::EC_GROUP_get_curve_name(self.as_ptr()) };
        if nid > 0 {
@ -498,6 +502,7 @@ where
    /// Return [`EcPoint`] associated with the private key
    #[corresponds(EC_KEY_get0_private_key)]
    #[must_use]
    pub fn private_key(&self) -> &BigNumRef {
        unsafe {
            let ptr = ffi::EC_KEY_get0_private_key(self.as_ptr());
@ -512,6 +517,7 @@ where
 {
    /// Returns the public key.
    #[corresponds(EC_KEY_get0_public_key)]
    #[must_use]
    pub fn public_key(&self) -> &EcPointRef {
        unsafe {
            let ptr = ffi::EC_KEY_get0_public_key(self.as_ptr());
@ -542,6 +548,7 @@ where
 {
    /// Return [`EcGroup`] of the `EcKey`
    #[corresponds(EC_KEY_get0_group)]
    #[must_use]
    pub fn group(&self) -> &EcGroupRef {
        unsafe {
            let ptr = ffi::EC_KEY_get0_group(self.as_ptr());
--- a/boring/src/ecdsa.rs
+++ b/boring/src/ecdsa.rs
@ -93,6 +93,7 @@ impl EcdsaSigRef {
    /// Returns internal component: `r` of an `EcdsaSig`. (See X9.62 or FIPS 186-2)
    #[corresponds(ECDSA_SIG_get0)]
    #[must_use]
    pub fn r(&self) -> &BigNumRef {
        unsafe {
            let mut r = ptr::null();
@ -103,6 +104,7 @@ impl EcdsaSigRef {
    /// Returns internal components: `s` of an `EcdsaSig`. (See X9.62 or FIPS 186-2)
    #[corresponds(ECDSA_SIG_get0)]
    #[must_use]
    pub fn s(&self) -> &BigNumRef {
        unsafe {
            let mut s = ptr::null();
--- a/boring/src/error.rs
+++ b/boring/src/error.rs
@ -33,7 +33,8 @@ use crate::ffi;
 pub struct ErrorStack(Vec<Error>);
 impl ErrorStack {
-    /// Returns the contents of the OpenSSL error stack.
+    /// Pops the contents of the OpenSSL error stack, and returns it.
    #[allow(clippy::must_use_candidate)]
    pub fn get() -> ErrorStack {
        let mut vec = vec![];
        while let Some(err) = Error::get() {
@ -58,6 +59,7 @@ impl ErrorStack {
 impl ErrorStack {
    /// Returns the errors in the stack.
    #[must_use]
    pub fn errors(&self) -> &[Error] {
        &self.0
    }
@ -114,7 +116,8 @@ unsafe impl Send for Error {}
 static BORING_INTERNAL: &CStr = c"boring-rust";
 impl Error {
-    /// Returns the first error on the OpenSSL error stack.
+    /// Pops the first error off the OpenSSL error stack.
    #[allow(clippy::must_use_candidate)]
    pub fn get() -> Option<Error> {
        unsafe {
            ffi::init();
@ -177,11 +180,13 @@ impl Error {
    }
    /// Returns the raw OpenSSL error code for this error.
    #[must_use]
    pub fn code(&self) -> c_uint {
        self.code
    }
    /// Returns the name of the library reporting the error, if available.
    #[must_use]
    pub fn library(&self) -> Option<&'static str> {
        if self.is_internal() {
            return None;
@ -198,11 +203,13 @@ impl Error {
    /// Returns the raw OpenSSL error constant for the library reporting the
    /// error.
    #[must_use]
    pub fn library_code(&self) -> libc::c_int {
        ffi::ERR_GET_LIB(self.code)
    }
    /// Returns the name of the function reporting the error.
    #[must_use]
    pub fn function(&self) -> Option<&'static str> {
        if self.is_internal() {
            return None;
@ -218,6 +225,7 @@ impl Error {
    }
    /// Returns the reason for the error.
    #[must_use]
    pub fn reason(&self) -> Option<&'static str> {
        unsafe {
            let cstr = ffi::ERR_reason_error_string(self.code);
@ -230,11 +238,13 @@ impl Error {
    }
    /// Returns the raw OpenSSL error constant for the reason for the error.
    #[must_use]
    pub fn reason_code(&self) -> libc::c_int {
        ffi::ERR_GET_REASON(self.code)
    }
    /// Returns the name of the source file which encountered the error.
    #[must_use]
    pub fn file(&self) -> &'static str {
        unsafe {
            if self.file.is_null() {
@ -247,11 +257,13 @@ impl Error {
    /// Returns the line in the source file which encountered the error.
    #[allow(clippy::unnecessary_cast)]
    #[must_use]
    pub fn line(&self) -> u32 {
        self.line as u32
    }
    /// Returns additional data describing the error.
    #[must_use]
    pub fn data(&self) -> Option<&str> {
        self.data.as_deref()
    }
--- a/boring/src/ex_data.rs
+++ b/boring/src/ex_data.rs
@ -21,11 +21,13 @@ impl<T, U> Index<T, U> {
    /// # Safety
    ///
    /// The caller must ensure that the index correctly maps to a `U` value stored in a `T`.
    #[must_use]
    pub unsafe fn from_raw(idx: c_int) -> Index<T, U> {
        Index(idx, PhantomData)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
--- a/boring/src/fips.rs
+++ b/boring/src/fips.rs
@ -8,6 +8,7 @@ use openssl_macros::corresponds;
 /// Determines if the library is running in the FIPS 140-2 mode of operation.
 #[corresponds(FIPS_mode)]
 #[must_use]
 pub fn enabled() -> bool {
    unsafe { ffi::FIPS_mode() != 0 }
 }
--- a/boring/src/hash.rs
+++ b/boring/src/hash.rs
@ -22,12 +22,14 @@ impl MessageDigest {
    /// # Safety
    ///
    /// The caller must ensure the pointer is valid.
    #[must_use]
    pub unsafe fn from_ptr(x: *const ffi::EVP_MD) -> Self {
        MessageDigest(x)
    }
    /// Returns the `MessageDigest` corresponding to an `Nid`.
    #[corresponds(EVP_get_digestbynid)]
    #[must_use]
    pub fn from_nid(type_: Nid) -> Option<MessageDigest> {
        unsafe {
            let ptr = ffi::EVP_get_digestbynid(type_.as_raw());
@ -39,47 +41,57 @@ impl MessageDigest {
        }
    }
    #[must_use]
    pub fn md5() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_md5()) }
    }
    #[must_use]
    pub fn sha1() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha1()) }
    }
    #[must_use]
    pub fn sha224() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha224()) }
    }
    #[must_use]
    pub fn sha256() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha256()) }
    }
    #[must_use]
    pub fn sha384() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha384()) }
    }
    #[must_use]
    pub fn sha512() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha512()) }
    }
    #[must_use]
    pub fn sha512_256() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_sha512_256()) }
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_ptr(&self) -> *const ffi::EVP_MD {
        self.0
    }
    /// The size of the digest in bytes.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn size(&self) -> usize {
        unsafe { ffi::EVP_MD_size(self.0) }
    }
    /// The name of the digest.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn type_(&self) -> Nid {
        Nid::from_raw(unsafe { ffi::EVP_MD_type(self.0) })
    }
--- a/boring/src/memcmp.rs
+++ b/boring/src/memcmp.rs
@ -61,6 +61,7 @@ use libc::size_t;
 /// assert!(!eq(&a, &b));
 /// assert!(!eq(&a, &c));
 /// ```
 #[must_use]
 pub fn eq(a: &[u8], b: &[u8]) -> bool {
    assert!(a.len() == b.len());
    let ret = unsafe {
@ -87,6 +88,6 @@ mod tests {
    #[test]
    #[should_panic]
    fn test_diff_lens() {
-        eq(&[], &[1]);
+        let _ = eq(&[], &[1]);
    }
 }
--- a/boring/src/nid.rs
+++ b/boring/src/nid.rs
@ -51,12 +51,14 @@ pub struct Nid(c_int);
 #[allow(non_snake_case)]
 impl Nid {
    /// Create a `Nid` from an integer representation.
    #[must_use]
    pub fn from_raw(raw: c_int) -> Nid {
        Nid(raw)
    }
    /// Return the integer representation of a `Nid`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -64,6 +66,7 @@ impl Nid {
    /// Returns the `Nid`s of the digest and public key algorithms associated with a signature ID.
    #[corresponds(OBJ_find_sigid_algs)]
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn signature_algorithms(&self) -> Option<SignatureAlgorithms> {
        unsafe {
            let mut digest = 0;
--- a/boring/src/pkcs12.rs
+++ b/boring/src/pkcs12.rs
@ -80,6 +80,7 @@ impl Pkcs12 {
    /// * `nid_cert` - `nid::PBE_WITHSHA1AND40BITRC2_CBC`
    /// * `iter` - `2048`
    /// * `mac_iter` - `2048`
    #[must_use]
    pub fn builder() -> Pkcs12Builder {
        ffi::init();
--- a/boring/src/pkey.rs
+++ b/boring/src/pkey.rs
@ -83,12 +83,14 @@ impl Id {
    pub const X448: Id = Id(ffi::EVP_PKEY_X448);
    /// Creates a `Id` from an integer representation.
    #[must_use]
    pub fn from_raw(value: c_int) -> Id {
        Id(value)
    }
    /// Returns the integer representation of the `Id`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -176,12 +178,14 @@ impl<T> PKeyRef<T> {
    /// Returns the `Id` that represents the type of this key.
    #[corresponds(EVP_PKEY_id)]
    #[must_use]
    pub fn id(&self) -> Id {
        unsafe { Id::from_raw(ffi::EVP_PKEY_id(self.as_ptr())) }
    }
    /// Returns the maximum size of a signature in bytes.
    #[corresponds(EVP_PKEY_size)]
    #[must_use]
    pub fn size(&self) -> usize {
        unsafe { ffi::EVP_PKEY_size(self.as_ptr()) as usize }
    }
@ -211,11 +215,13 @@ where
    ///
    /// This corresponds to the bit length of the modulus of an RSA key, and the bit length of the
    /// group order for an elliptic curve key, for example.
    #[must_use]
    pub fn bits(&self) -> u32 {
        unsafe { ffi::EVP_PKEY_bits(self.as_ptr()) as u32 }
    }
    /// Compares the public component of this key with another.
    #[must_use]
    pub fn public_eq<U>(&self, other: &PKeyRef<U>) -> bool
    where
        U: HasPublic,
--- a/boring/src/rsa.rs
+++ b/boring/src/rsa.rs
@ -67,12 +67,14 @@ impl Padding {
    pub const PKCS1_PSS: Padding = Padding(ffi::RSA_PKCS1_PSS_PADDING);
    /// Creates a `Padding` from an integer representation.
    #[must_use]
    pub fn from_raw(value: c_int) -> Padding {
        Padding(value)
    }
    /// Returns the integer representation of `Padding`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -187,6 +189,7 @@ where
    /// Returns a reference to the private exponent of the key.
    #[corresponds(RSA_get0_key)]
    #[must_use]
    pub fn d(&self) -> &BigNumRef {
        unsafe {
            let mut d = ptr::null();
@ -197,6 +200,7 @@ where
    /// Returns a reference to the first factor of the exponent of the key.
    #[corresponds(RSA_get0_factors)]
    #[must_use]
    pub fn p(&self) -> Option<&BigNumRef> {
        unsafe {
            let mut p = ptr::null();
@ -211,6 +215,7 @@ where
    /// Returns a reference to the second factor of the exponent of the key.
    #[corresponds(RSA_get0_factors)]
    #[must_use]
    pub fn q(&self) -> Option<&BigNumRef> {
        unsafe {
            let mut q = ptr::null();
@ -225,6 +230,7 @@ where
    /// Returns a reference to the first exponent used for CRT calculations.
    #[corresponds(RSA_get0_crt_params)]
    #[must_use]
    pub fn dmp1(&self) -> Option<&BigNumRef> {
        unsafe {
            let mut dp = ptr::null();
@ -239,6 +245,7 @@ where
    /// Returns a reference to the second exponent used for CRT calculations.
    #[corresponds(RSA_get0_crt_params)]
    #[must_use]
    pub fn dmq1(&self) -> Option<&BigNumRef> {
        unsafe {
            let mut dq = ptr::null();
@ -253,6 +260,7 @@ where
    /// Returns a reference to the coefficient used for CRT calculations.
    #[corresponds(RSA_get0_crt_params)]
    #[must_use]
    pub fn iqmp(&self) -> Option<&BigNumRef> {
        unsafe {
            let mut qi = ptr::null();
@ -319,6 +327,7 @@ where
    /// Returns the size of the modulus in bytes.
    #[corresponds(RSA_size)]
    #[allow(clippy::unnecessary_cast)]
    #[must_use]
    pub fn size(&self) -> u32 {
        unsafe { ffi::RSA_size(self.as_ptr()) as u32 }
    }
@ -377,6 +386,7 @@ where
    /// Returns a reference to the modulus of the key.
    #[corresponds(RSA_get0_key)]
    #[must_use]
    pub fn n(&self) -> &BigNumRef {
        unsafe {
            let mut n = ptr::null();
@ -387,6 +397,7 @@ where
    /// Returns a reference to the public exponent of the key.
    #[corresponds(RSA_get0_key)]
    #[must_use]
    pub fn e(&self) -> &BigNumRef {
        unsafe {
            let mut e = ptr::null();
@ -513,6 +524,7 @@ impl RsaPrivateKeyBuilder {
    }
    /// Returns the Rsa key.
    #[must_use]
    pub fn build(self) -> Rsa<Private> {
        self.rsa
    }
--- a/boring/src/sha.rs
+++ b/boring/src/sha.rs
@ -55,6 +55,7 @@ use std::mem::MaybeUninit;
 /// compatibility with existing systems.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha1(data: &[u8]) -> [u8; 20] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 20]> = MaybeUninit::uninit();
@ -66,6 +67,7 @@ pub fn sha1(data: &[u8]) -> [u8; 20] {
 /// Computes the SHA224 hash of some data.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha224(data: &[u8]) -> [u8; 28] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 28]> = MaybeUninit::uninit();
@ -77,6 +79,7 @@ pub fn sha224(data: &[u8]) -> [u8; 28] {
 /// Computes the SHA256 hash of some data.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha256(data: &[u8]) -> [u8; 32] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 32]> = MaybeUninit::uninit();
@ -88,6 +91,7 @@ pub fn sha256(data: &[u8]) -> [u8; 32] {
 /// Computes the SHA384 hash of some data.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha384(data: &[u8]) -> [u8; 48] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 48]> = MaybeUninit::uninit();
@ -99,6 +103,7 @@ pub fn sha384(data: &[u8]) -> [u8; 48] {
 /// Computes the SHA512 hash of some data.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha512(data: &[u8]) -> [u8; 64] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 64]> = MaybeUninit::uninit();
@ -110,6 +115,7 @@ pub fn sha512(data: &[u8]) -> [u8; 64] {
 /// Computes the SHA512-256 hash of some data.
 #[inline]
 #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
 #[must_use]
 pub fn sha512_256(data: &[u8]) -> [u8; 32] {
    unsafe {
        let mut hash: MaybeUninit<[u8; 32]> = MaybeUninit::uninit();
@ -138,6 +144,7 @@ impl Sha1 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha1 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -159,6 +166,7 @@ impl Sha1 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 20] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 20]> = MaybeUninit::uninit();
@ -183,6 +191,7 @@ impl Sha224 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha224 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -204,6 +213,7 @@ impl Sha224 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 28] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 28]> = MaybeUninit::uninit();
@ -228,6 +238,7 @@ impl Sha256 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha256 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -249,6 +260,7 @@ impl Sha256 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 32] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 32]> = MaybeUninit::uninit();
@ -273,6 +285,7 @@ impl Sha384 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha384 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -294,6 +307,7 @@ impl Sha384 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 48] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 48]> = MaybeUninit::uninit();
@ -318,6 +332,7 @@ impl Sha512 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha512 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -339,6 +354,7 @@ impl Sha512 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 64] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 64]> = MaybeUninit::uninit();
@ -363,6 +379,7 @@ impl Sha512_256 {
    /// Creates a new hasher.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn new() -> Sha512_256 {
        unsafe {
            let mut ctx = MaybeUninit::uninit();
@ -384,6 +401,7 @@ impl Sha512_256 {
    /// Returns the hash of the data.
    #[inline]
    #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566
    #[must_use]
    pub fn finish(mut self) -> [u8; 32] {
        unsafe {
            let mut hash: MaybeUninit<[u8; 32]> = MaybeUninit::uninit();
--- a/boring/src/sign.rs
+++ b/boring/src/sign.rs
@ -60,6 +60,7 @@ impl RsaPssSaltlen {
    }
    /// Sets the salt length to the given value.
    #[must_use]
    pub fn custom(val: c_int) -> RsaPssSaltlen {
        RsaPssSaltlen(val)
    }
--- a/boring/src/srtp.rs
+++ b/boring/src/srtp.rs
@ -20,9 +20,12 @@ impl Stackable for SrtpProtectionProfile {
 }
 impl SrtpProtectionProfileRef {
    #[must_use]
    pub fn id(&self) -> SrtpProfileId {
        SrtpProfileId::from_raw(unsafe { (*self.as_ptr()).id })
    }
    #[must_use]
    pub fn name(&self) -> &'static str {
        unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) }
            .to_str()
@ -47,12 +50,14 @@ impl SrtpProfileId {
    pub const SRTP_NULL_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_32 as _);
    /// Creates a `SrtpProfileId` from an integer representation.
    #[must_use]
    pub fn from_raw(value: c_ulong) -> SrtpProfileId {
        SrtpProfileId(value)
    }
    /// Returns the integer representation of `SrtpProfileId`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_ulong {
        self.0
    }
--- a/boring/src/ssl/connector.rs
+++ b/boring/src/ssl/connector.rs
@ -137,11 +137,13 @@ impl SslConnector {
    }
    /// Consumes the `SslConnector`, returning the inner raw `SslContext`.
    #[must_use]
    pub fn into_context(self) -> SslContext {
        self.0
    }
    /// Returns a shared reference to the inner raw `SslContext`.
    #[must_use]
    pub fn context(&self) -> &SslContextRef {
        &self.0
    }
@ -152,6 +154,7 @@ pub struct SslConnectorBuilder(SslContextBuilder);
 impl SslConnectorBuilder {
    /// Consumes the builder, returning an `SslConnector`.
    #[must_use]
    pub fn build(self) -> SslConnector {
        SslConnector(self.0.build())
    }
@ -180,6 +183,7 @@ pub struct ConnectConfiguration {
 impl ConnectConfiguration {
    /// A builder-style version of `set_use_server_name_indication`.
    #[must_use]
    pub fn use_server_name_indication(mut self, use_sni: bool) -> ConnectConfiguration {
        self.set_use_server_name_indication(use_sni);
        self
@ -193,6 +197,7 @@ impl ConnectConfiguration {
    }
    /// A builder-style version of `set_verify_hostname`.
    #[must_use]
    pub fn verify_hostname(mut self, verify_hostname: bool) -> ConnectConfiguration {
        self.set_verify_hostname(verify_hostname);
        self
@ -396,11 +401,13 @@ impl SslAcceptor {
    }
    /// Consumes the `SslAcceptor`, returning the inner raw `SslContext`.
    #[must_use]
    pub fn into_context(self) -> SslContext {
        self.0
    }
    /// Returns a shared reference to the inner raw `SslContext`.
    #[must_use]
    pub fn context(&self) -> &SslContextRef {
        &self.0
    }
@ -411,6 +418,7 @@ pub struct SslAcceptorBuilder(SslContextBuilder);
 impl SslAcceptorBuilder {
    /// Consumes the builder, returning a `SslAcceptor`.
    #[must_use]
    pub fn build(self) -> SslAcceptor {
        SslAcceptor(self.0.build())
    }
--- a/boring/src/ssl/error.rs
+++ b/boring/src/ssl/error.rs
@ -50,11 +50,13 @@ impl ErrorCode {
    /// An error occurred in the SSL library.
    pub const SSL: ErrorCode = ErrorCode(ffi::SSL_ERROR_SSL);
    #[must_use]
    pub fn from_raw(raw: c_int) -> ErrorCode {
        ErrorCode(raw)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -74,10 +76,12 @@ pub struct Error {
 }
 impl Error {
    #[must_use]
    pub fn code(&self) -> ErrorCode {
        self.code
    }
    #[must_use]
    pub fn io_error(&self) -> Option<&io::Error> {
        match self.cause {
            Some(InnerError::Io(ref e)) => Some(e),
@ -92,6 +96,7 @@ impl Error {
        }
    }
    #[must_use]
    pub fn ssl_error(&self) -> Option<&ErrorStack> {
        match self.cause {
            Some(InnerError::Ssl(ref e)) => Some(e),
@ -99,6 +104,7 @@ impl Error {
        }
    }
    #[must_use]
    pub fn would_block(&self) -> bool {
        matches!(
            self.code,
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -248,6 +248,7 @@ pub struct SslMethod(*const ffi::SSL_METHOD);
 impl SslMethod {
    /// Support all versions of the TLS protocol.
    #[corresponds(TLS_method)]
    #[must_use]
    pub fn tls() -> SslMethod {
        unsafe { SslMethod(TLS_method()) }
    }
@ -260,18 +261,21 @@ impl SslMethod {
    /// Support all versions of the DTLS protocol.
    #[corresponds(DTLS_method)]
    #[must_use]
    pub fn dtls() -> SslMethod {
        unsafe { SslMethod(DTLS_method()) }
    }
    /// Support all versions of the TLS protocol, explicitly as a client.
    #[corresponds(TLS_client_method)]
    #[must_use]
    pub fn tls_client() -> SslMethod {
        unsafe { SslMethod(TLS_client_method()) }
    }
    /// Support all versions of the TLS protocol, explicitly as a server.
    #[corresponds(TLS_server_method)]
    #[must_use]
    pub fn tls_server() -> SslMethod {
        unsafe { SslMethod(TLS_server_method()) }
    }
@ -282,12 +286,14 @@ impl SslMethod {
    ///
    /// The caller must ensure the pointer is valid.
    #[corresponds(TLS_server_method)]
    #[must_use]
    pub unsafe fn from_ptr(ptr: *const ffi::SSL_METHOD) -> SslMethod {
        SslMethod(ptr)
    }
    /// Returns a pointer to the underlying OpenSSL value.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_ptr(&self) -> *const ffi::SSL_METHOD {
        self.0
    }
@ -378,12 +384,14 @@ impl SslFiletype {
    pub const ASN1: SslFiletype = SslFiletype(ffi::SSL_FILETYPE_ASN1);
    /// Constructs an `SslFiletype` from a raw OpenSSL value.
    #[must_use]
    pub fn from_raw(raw: c_int) -> SslFiletype {
        SslFiletype(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -398,12 +406,14 @@ impl StatusType {
    pub const OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp);
    /// Constructs a `StatusType` from a raw OpenSSL value.
    #[must_use]
    pub fn from_raw(raw: c_int) -> StatusType {
        StatusType(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -418,12 +428,14 @@ impl NameType {
    pub const HOST_NAME: NameType = NameType(ffi::TLSEXT_NAMETYPE_host_name);
    /// Constructs a `StatusType` from a raw OpenSSL value.
    #[must_use]
    pub fn from_raw(raw: c_int) -> StatusType {
        StatusType(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -733,6 +745,7 @@ impl SslCurve {
    /// Returns the curve name
    #[corresponds(SSL_get_curve_name)]
    #[must_use]
    pub fn name(&self) -> Option<&'static str> {
        unsafe {
            let ptr = ffi::SSL_get_curve_name(self.0 as u16);
@ -830,6 +843,7 @@ impl CertificateCompressionAlgorithm {
 ///
 /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
 #[corresponds(SSL_select_next_proto)]
 #[must_use]
 pub fn select_next_proto<'a>(server: &'a [u8], client: &'a [u8]) -> Option<&'a [u8]> {
    if server.is_empty() || client.is_empty() {
        return None;
@ -901,12 +915,14 @@ pub struct SslInfoCallbackAlert(c_int);
 impl SslInfoCallbackAlert {
    /// The level of the SSL alert.
    #[must_use]
    pub fn alert_level(&self) -> Ssl3AlertLevel {
        let value = self.0 >> 8;
        Ssl3AlertLevel(value)
    }
    /// The value of the SSL alert.
    #[must_use]
    pub fn alert(&self) -> SslAlert {
        let value = self.0 & i32::from(u8::MAX);
        SslAlert(value)
@ -1033,6 +1049,7 @@ impl SslContextBuilder {
    }
    /// Returns a pointer to the raw OpenSSL value.
    #[must_use]
    pub fn as_ptr(&self) -> *mut ffi::SSL_CTX {
        self.ctx.as_ptr()
    }
@ -1490,6 +1507,7 @@ impl SslContextBuilder {
    ///
    /// [`ciphers`]: https://www.openssl.org/docs/manmaster/man1/ciphers.html
    #[corresponds(SSL_CTX_get_ciphers)]
    #[must_use]
    pub fn ciphers(&self) -> Option<&StackRef<SslCipher>> {
        self.ctx.ciphers()
    }
@ -1508,6 +1526,7 @@ impl SslContextBuilder {
    /// Returns the options used by the context.
    #[corresponds(SSL_CTX_get_options)]
    #[must_use]
    pub fn options(&self) -> SslOptions {
        let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) };
        SslOptions::from_bits_retain(bits)
@ -1731,6 +1750,7 @@ impl SslContextBuilder {
    /// Returns a shared reference to the context's certificate store.
    #[corresponds(SSL_CTX_get_cert_store)]
    #[must_use]
    pub fn cert_store(&self) -> &X509StoreBuilderRef {
        #[cfg(feature = "rpk")]
        assert!(!self.is_rpk, "This API is not supported for RPK");
@ -2086,6 +2106,7 @@ impl SslContextBuilder {
    }
    /// Consumes the builder, returning a new `SslContext`.
    #[must_use]
    pub fn build(self) -> SslContext {
        self.ctx
    }
@ -2169,6 +2190,7 @@ impl SslContext {
    ///
    /// [`ciphers`]: https://www.openssl.org/docs/manmaster/man1/ciphers.html
    #[corresponds(SSL_CTX_get_ciphers)]
    #[must_use]
    pub fn ciphers(&self) -> Option<&StackRef<SslCipher>> {
        unsafe {
            let ciphers = ffi::SSL_CTX_get_ciphers(self.as_ptr());
@ -2184,6 +2206,7 @@ impl SslContext {
 impl SslContextRef {
    /// Returns the certificate associated with this `SslContext`, if present.
    #[corresponds(SSL_CTX_get0_certificate)]
    #[must_use]
    pub fn certificate(&self) -> Option<&X509Ref> {
        #[cfg(feature = "rpk")]
        assert!(!self.is_rpk(), "This API is not supported for RPK");
@ -2200,6 +2223,7 @@ impl SslContextRef {
    /// Returns the private key associated with this `SslContext`, if present.
    #[corresponds(SSL_CTX_get0_privatekey)]
    #[must_use]
    pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
        unsafe {
            let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@ -2213,6 +2237,7 @@ impl SslContextRef {
    /// Returns a shared reference to the certificate store used for verification.
    #[corresponds(SSL_CTX_get_cert_store)]
    #[must_use]
    pub fn cert_store(&self) -> &X509StoreRef {
        #[cfg(feature = "rpk")]
        assert!(!self.is_rpk(), "This API is not supported for RPK");
@ -2222,6 +2247,7 @@ impl SslContextRef {
    /// Returns a shared reference to the stack of certificates making up the chain from the leaf.
    #[corresponds(SSL_CTX_get_extra_chain_certs)]
    #[must_use]
    pub fn extra_chain_certs(&self) -> &StackRef<X509> {
        unsafe {
            let mut chain = ptr::null_mut();
@ -2233,6 +2259,7 @@ impl SslContextRef {
    /// Returns a reference to the extra data at the specified index.
    #[corresponds(SSL_CTX_get_ex_data)]
    #[must_use]
    pub fn ex_data<T>(&self, index: Index<SslContext, T>) -> Option<&T> {
        unsafe {
            let data = ffi::SSL_CTX_get_ex_data(self.as_ptr(), index.as_raw());
@ -2288,6 +2315,7 @@ impl SslContextRef {
    /// The caller of this method is responsible for ensuring that the session has never been used with another
    /// `SslContext` than this one.
    #[corresponds(SSL_CTX_add_session)]
    #[must_use]
    pub unsafe fn add_session(&self, session: &SslSessionRef) -> bool {
        ffi::SSL_CTX_add_session(self.as_ptr(), session.as_ptr()) != 0
    }
@ -2301,6 +2329,7 @@ impl SslContextRef {
    /// The caller of this method is responsible for ensuring that the session has never been used with another
    /// `SslContext` than this one.
    #[corresponds(SSL_CTX_remove_session)]
    #[must_use]
    pub unsafe fn remove_session(&self, session: &SslSessionRef) -> bool {
        ffi::SSL_CTX_remove_session(self.as_ptr(), session.as_ptr()) != 0
    }
@ -2310,6 +2339,7 @@ impl SslContextRef {
    /// A value of 0 means that the cache size is unbounded.
    #[corresponds(SSL_CTX_sess_get_cache_size)]
    #[allow(clippy::useless_conversion)]
    #[must_use]
    pub fn session_cache_size(&self) -> u64 {
        unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() }
    }
@ -2318,6 +2348,7 @@ impl SslContextRef {
    ///
    /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify
    #[corresponds(SSL_CTX_get_verify_mode)]
    #[must_use]
    pub fn verify_mode(&self) -> SslVerifyMode {
        #[cfg(feature = "rpk")]
        assert!(!self.is_rpk(), "This API is not supported for RPK");
@ -2370,6 +2401,7 @@ pub struct ClientHello<'ssl>(&'ssl ffi::SSL_CLIENT_HELLO);
 impl ClientHello<'_> {
    /// Returns the data of a given extension, if present.
    #[corresponds(SSL_early_callback_ctx_extension_get)]
    #[must_use]
    pub fn get_extension(&self, ext_type: ExtensionType) -> Option<&[u8]> {
        unsafe {
            let mut ptr = ptr::null();
@ -2387,36 +2419,43 @@ impl ClientHello<'_> {
        unsafe { SslRef::from_ptr_mut(self.0.ssl) }
    }
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        unsafe { SslRef::from_ptr(self.0.ssl) }
    }
    /// Returns the servername sent by the client via Server Name Indication (SNI).
    #[must_use]
    pub fn servername(&self, type_: NameType) -> Option<&str> {
        self.ssl().servername(type_)
    }
    /// Returns the version sent by the client in its Client Hello record.
    #[must_use]
    pub fn client_version(&self) -> SslVersion {
        SslVersion(self.0.version)
    }
    /// Returns a string describing the protocol version of the connection.
    #[must_use]
    pub fn version_str(&self) -> &'static str {
        self.ssl().version_str()
    }
    /// Returns the raw data of the client hello message
    #[must_use]
    pub fn as_bytes(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(self.0.client_hello, self.0.client_hello_len) }
    }
    /// Returns the client random data
    #[must_use]
    pub fn random(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) }
    }
    /// Returns the raw list of ciphers supported by the client in its Client Hello record.
    #[must_use]
    pub fn ciphers(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(self.0.cipher_suites, self.0.cipher_suites_len) }
    }
@ -2427,6 +2466,7 @@ pub struct SslCipher(*mut ffi::SSL_CIPHER);
 impl SslCipher {
    #[corresponds(SSL_get_cipher_by_value)]
    #[must_use]
    pub fn from_value(value: u16) -> Option<Self> {
        unsafe {
            let ptr = ffi::SSL_get_cipher_by_value(value);
@ -2484,6 +2524,7 @@ unsafe impl ForeignTypeRef for SslCipherRef {
 impl SslCipherRef {
    /// Returns the name of the cipher.
    #[corresponds(SSL_CIPHER_get_name)]
    #[must_use]
    pub fn name(&self) -> &'static str {
        unsafe {
            let ptr = ffi::SSL_CIPHER_get_name(self.as_ptr());
@ -2493,6 +2534,7 @@ impl SslCipherRef {
    /// Returns the RFC-standard name of the cipher, if one exists.
    #[corresponds(SSL_CIPHER_standard_name)]
    #[must_use]
    pub fn standard_name(&self) -> Option<&'static str> {
        unsafe {
            let ptr = ffi::SSL_CIPHER_standard_name(self.as_ptr());
@ -2506,6 +2548,7 @@ impl SslCipherRef {
    /// Returns the SSL/TLS protocol version that first defined the cipher.
    #[corresponds(SSL_CIPHER_get_version)]
    #[must_use]
    pub fn version(&self) -> &'static str {
        let version = unsafe {
            let ptr = ffi::SSL_CIPHER_get_version(self.as_ptr());
@ -2518,6 +2561,7 @@ impl SslCipherRef {
    /// Returns the number of bits used for the cipher.
    #[corresponds(SSL_CIPHER_get_bits)]
    #[allow(clippy::useless_conversion)]
    #[must_use]
    pub fn bits(&self) -> CipherBits {
        unsafe {
            let mut algo_bits = 0;
@ -2531,6 +2575,7 @@ impl SslCipherRef {
    /// Returns a textual description of the cipher.
    #[corresponds(SSL_CIPHER_description)]
    #[must_use]
    pub fn description(&self) -> String {
        unsafe {
            // SSL_CIPHER_description requires a buffer of at least 128 bytes.
@ -2542,12 +2587,14 @@ impl SslCipherRef {
    /// Returns one if the cipher uses an AEAD cipher.
    #[corresponds(SSL_CIPHER_is_aead)]
    #[must_use]
    pub fn cipher_is_aead(&self) -> bool {
        unsafe { ffi::SSL_CIPHER_is_aead(self.as_ptr()) != 0 }
    }
    /// Returns the NID corresponding to the cipher's authentication type.
    #[corresponds(SSL_CIPHER_get_auth_nid)]
    #[must_use]
    pub fn cipher_auth_nid(&self) -> Option<Nid> {
        let n = unsafe { ffi::SSL_CIPHER_get_auth_nid(self.as_ptr()) };
        if n == 0 {
@ -2559,6 +2606,7 @@ impl SslCipherRef {
    /// Returns the NID corresponding to the cipher.
    #[corresponds(SSL_CIPHER_get_cipher_nid)]
    #[must_use]
    pub fn cipher_nid(&self) -> Option<Nid> {
        let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) };
        if n == 0 {
@ -2610,6 +2658,7 @@ impl ToOwned for SslSessionRef {
 impl SslSessionRef {
    /// Returns the SSL session ID.
    #[corresponds(SSL_SESSION_get_id)]
    #[must_use]
    pub fn id(&self) -> &[u8] {
        unsafe {
            let mut len = 0;
@ -2620,6 +2669,7 @@ impl SslSessionRef {
    /// Returns the length of the master key.
    #[corresponds(SSL_SESSION_get_master_key)]
    #[must_use]
    pub fn master_key_len(&self) -> usize {
        unsafe { SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
    }
@ -2635,6 +2685,7 @@ impl SslSessionRef {
    /// Returns the time at which the session was established, in seconds since the Unix epoch.
    #[corresponds(SSL_SESSION_get_time)]
    #[allow(clippy::useless_conversion)]
    #[must_use]
    pub fn time(&self) -> u64 {
        unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()) }
    }
@ -2644,12 +2695,14 @@ impl SslSessionRef {
    /// A session older than this time should not be used for session resumption.
    #[corresponds(SSL_SESSION_get_timeout)]
    #[allow(clippy::useless_conversion)]
    #[must_use]
    pub fn timeout(&self) -> u32 {
        unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()) }
    }
    /// Returns the session's TLS protocol version.
    #[corresponds(SSL_SESSION_get_protocol_version)]
    #[must_use]
    pub fn protocol_version(&self) -> SslVersion {
        unsafe {
            let version = ffi::SSL_SESSION_get_protocol_version(self.as_ptr());
@ -2904,6 +2957,7 @@ impl SslRef {
    /// Returns the [`SslCurve`] used for this `SslRef`.
    #[corresponds(SSL_get_curve_id)]
    #[must_use]
    pub fn curve(&self) -> Option<SslCurve> {
        let curve_id = unsafe { ffi::SSL_get_curve_id(self.as_ptr()) };
        if curve_id == 0 {
@ -2914,6 +2968,7 @@ impl SslRef {
    /// Returns an `ErrorCode` value for the most recent operation on this `SslRef`.
    #[corresponds(SSL_get_error)]
    #[must_use]
    pub fn error_code(&self, ret: c_int) -> ErrorCode {
        unsafe { ErrorCode::from_raw(ffi::SSL_get_error(self.as_ptr(), ret)) }
    }
@ -2950,6 +3005,7 @@ impl SslRef {
    /// Returns the verify mode that was set using `set_verify`.
    #[corresponds(SSL_get_verify_mode)]
    #[must_use]
    pub fn verify_mode(&self) -> SslVerifyMode {
        #[cfg(feature = "rpk")]
        assert!(
@ -3094,6 +3150,7 @@ impl SslRef {
    /// Returns the stack of available SslCiphers for `SSL`, sorted by preference.
    #[corresponds(SSL_get_ciphers)]
    #[must_use]
    pub fn ciphers(&self) -> &StackRef<SslCipher> {
        unsafe {
            let cipher_list = ffi::SSL_get_ciphers(self.as_ptr());
@ -3103,6 +3160,7 @@ impl SslRef {
    /// Returns the current cipher if the session is active.
    #[corresponds(SSL_get_current_cipher)]
    #[must_use]
    pub fn current_cipher(&self) -> Option<&SslCipherRef> {
        unsafe {
            let ptr = ffi::SSL_get_current_cipher(self.as_ptr());
@ -3117,6 +3175,7 @@ impl SslRef {
    /// Returns a short string describing the state of the session.
    #[corresponds(SSL_state_string)]
    #[must_use]
    pub fn state_string(&self) -> &'static str {
        let state = unsafe {
            let ptr = ffi::SSL_state_string(self.as_ptr());
@ -3128,6 +3187,7 @@ impl SslRef {
    /// Returns a longer string describing the state of the session.
    #[corresponds(SSL_state_string_long)]
    #[must_use]
    pub fn state_string_long(&self) -> &'static str {
        let state = unsafe {
            let ptr = ffi::SSL_state_string_long(self.as_ptr());
@ -3151,6 +3211,7 @@ impl SslRef {
    /// Returns the peer's certificate, if present.
    #[corresponds(SSL_get_peer_certificate)]
    #[must_use]
    pub fn peer_certificate(&self) -> Option<X509> {
        #[cfg(feature = "rpk")]
        assert!(
@ -3173,6 +3234,7 @@ impl SslRef {
    /// On the client side, the chain includes the leaf certificate, but on the server side it does
    /// not. Fun!
    #[corresponds(SSL_get_peer_certificate)]
    #[must_use]
    pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>> {
        #[cfg(feature = "rpk")]
        assert!(
@ -3192,6 +3254,7 @@ impl SslRef {
    /// Like [`SslContext::certificate`].
    #[corresponds(SSL_get_certificate)]
    #[must_use]
    pub fn certificate(&self) -> Option<&X509Ref> {
        #[cfg(feature = "rpk")]
        assert!(
@ -3211,6 +3274,7 @@ impl SslRef {
    /// Like [`SslContext::private_key`].
    #[corresponds(SSL_get_privatekey)]
    #[must_use]
    pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
        unsafe {
            let ptr = ffi::SSL_get_privatekey(self.as_ptr());
@ -3223,6 +3287,7 @@ impl SslRef {
    }
    #[deprecated(since = "0.10.5", note = "renamed to `version_str`")]
    #[must_use]
    pub fn version(&self) -> &str {
        self.version_str()
    }
@ -3242,6 +3307,7 @@ impl SslRef {
    /// Returns a string describing the protocol version of the session.
    #[corresponds(SSL_get_version)]
    #[must_use]
    pub fn version_str(&self) -> &'static str {
        let version = unsafe {
            let ptr = ffi::SSL_get_version(self.as_ptr());
@ -3295,6 +3361,7 @@ impl SslRef {
    /// Gets the maximum supported protocol version.
    #[corresponds(SSL_get_max_proto_version)]
    #[must_use]
    pub fn max_proto_version(&self) -> Option<SslVersion> {
        let r = unsafe { ffi::SSL_get_max_proto_version(self.as_ptr()) };
        if r == 0 {
@ -3309,6 +3376,7 @@ impl SslRef {
    /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
    /// to interpret it.
    #[corresponds(SSL_get0_alpn_selected)]
    #[must_use]
    pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
        unsafe {
            let mut data: *const c_uchar = ptr::null();
@ -3345,6 +3413,7 @@ impl SslRef {
    ///
    /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
    #[corresponds(SSL_get_strp_profiles)]
    #[must_use]
    pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> {
        unsafe {
            let chain = ffi::SSL_get_srtp_profiles(self.as_ptr());
@ -3361,6 +3430,7 @@ impl SslRef {
    ///
    /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
    #[corresponds(SSL_get_selected_srtp_profile)]
    #[must_use]
    pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef> {
        unsafe {
            let profile = ffi::SSL_get_selected_srtp_profile(self.as_ptr());
@ -3378,6 +3448,7 @@ impl SslRef {
    /// If this is greater than 0, the next call to `read` will not call down to the underlying
    /// stream.
    #[corresponds(SSL_pending)]
    #[must_use]
    pub fn pending(&self) -> usize {
        unsafe { ffi::SSL_pending(self.as_ptr()) as usize }
    }
@ -3395,6 +3466,7 @@ impl SslRef {
    ///
    // FIXME maybe rethink in 0.11?
    #[corresponds(SSL_get_servername)]
    #[must_use]
    pub fn servername(&self, type_: NameType) -> Option<&str> {
        self.servername_raw(type_)
            .and_then(|b| str::from_utf8(b).ok())
@ -3408,6 +3480,7 @@ impl SslRef {
    ///
    /// Unlike `servername`, this method does not require the name be valid UTF-8.
    #[corresponds(SSL_get_servername)]
    #[must_use]
    pub fn servername_raw(&self, type_: NameType) -> Option<&[u8]> {
        unsafe {
            let name = ffi::SSL_get_servername(self.as_ptr(), type_.0);
@ -3429,6 +3502,7 @@ impl SslRef {
    /// Returns the context corresponding to the current connection.
    #[corresponds(SSL_get_SSL_CTX)]
    #[must_use]
    pub fn ssl_context(&self) -> &SslContextRef {
        unsafe {
            let ssl_ctx = ffi::SSL_get_SSL_CTX(self.as_ptr());
@ -3467,6 +3541,7 @@ impl SslRef {
    /// Returns a shared reference to the SSL session.
    #[corresponds(SSL_get_session)]
    #[must_use]
    pub fn session(&self) -> Option<&SslSessionRef> {
        unsafe {
            let p = ffi::SSL_get_session(self.as_ptr());
@ -3544,6 +3619,7 @@ impl SslRef {
    /// Determines if the session provided to `set_session` was successfully reused.
    #[corresponds(SSL_session_reused)]
    #[must_use]
    pub fn session_reused(&self) -> bool {
        unsafe { ffi::SSL_session_reused(self.as_ptr()) != 0 }
    }
@ -3558,6 +3634,7 @@ impl SslRef {
    /// Returns the server's OCSP response, if present.
    #[corresponds(SSL_get_tlsext_status_ocsp_resp)]
    #[must_use]
    pub fn ocsp_status(&self) -> Option<&[u8]> {
        unsafe {
            let mut p = ptr::null();
@ -3589,6 +3666,7 @@ impl SslRef {
    /// Determines if this `Ssl` is configured for server-side or client-side use.
    #[corresponds(SSL_is_server)]
    #[must_use]
    pub fn is_server(&self) -> bool {
        unsafe { SSL_is_server(self.as_ptr()) != 0 }
    }
@ -3637,6 +3715,7 @@ impl SslRef {
    /// Returns a reference to the extra data at the specified index.
    #[corresponds(SSL_get_ex_data)]
    #[must_use]
    pub fn ex_data<T>(&self, index: Index<Ssl, T>) -> Option<&T> {
        unsafe {
            let data = ffi::SSL_get_ex_data(self.as_ptr(), index.as_raw());
@ -3684,6 +3763,7 @@ impl SslRef {
    /// Determines if the initial handshake has been completed.
    #[corresponds(SSL_is_init_finished)]
    #[must_use]
    pub fn is_init_finished(&self) -> bool {
        unsafe { ffi::SSL_is_init_finished(self.as_ptr()) != 0 }
    }
@ -3779,6 +3859,7 @@ impl SslRef {
    /// connection using the returned `ECHConfigList`.
    #[cfg(not(feature = "fips"))]
    #[corresponds(SSL_get0_ech_retry_configs)]
    #[must_use]
    pub fn get_ech_retry_configs(&self) -> Option<&[u8]> {
        unsafe {
            let mut data = ptr::null();
@ -3801,6 +3882,7 @@ impl SslRef {
    /// authenticate retry configs.
    #[cfg(not(feature = "fips"))]
    #[corresponds(SSL_get0_ech_name_override)]
    #[must_use]
    pub fn get_ech_name_override(&self) -> Option<&[u8]> {
        unsafe {
            let mut data: *const c_char = ptr::null();
@ -3818,6 +3900,7 @@ impl SslRef {
    // Whether or not `SSL` negotiated ECH.
    #[cfg(not(feature = "fips"))]
    #[corresponds(SSL_ech_accepted)]
    #[must_use]
    pub fn ech_accepted(&self) -> bool {
        unsafe { ffi::SSL_ech_accepted(self.as_ptr()) != 0 }
    }
@ -3850,6 +3933,7 @@ pub struct MidHandshakeSslStream<S> {
 impl<S> MidHandshakeSslStream<S> {
    /// Returns a shared reference to the inner stream.
    #[must_use]
    pub fn get_ref(&self) -> &S {
        self.stream.get_ref()
    }
@ -3860,6 +3944,7 @@ impl<S> MidHandshakeSslStream<S> {
    }
    /// Returns a shared reference to the `Ssl` of the stream.
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        self.stream.ssl()
    }
@ -3870,21 +3955,25 @@ impl<S> MidHandshakeSslStream<S> {
    }
    /// Returns the underlying error which interrupted this handshake.
    #[must_use]
    pub fn error(&self) -> &Error {
        &self.error
    }
    /// Consumes `self`, returning its error.
    #[must_use]
    pub fn into_error(self) -> Error {
        self.error
    }
    /// Returns the source data stream.
    #[must_use]
    pub fn into_source_stream(self) -> S {
        self.stream.into_inner()
    }
    /// Returns both the error and the source data stream, consuming `self`.
    #[must_use]
    pub fn into_parts(self) -> (Error, S) {
        (self.error, self.stream.into_inner())
    }
@ -4152,11 +4241,13 @@ impl<S> SslStream<S> {
    }
    /// Converts the SslStream to the underlying data stream.
    #[must_use]
    pub fn into_inner(self) -> S {
        unsafe { bio::take_stream::<S>(self.ssl.get_raw_rbio()) }
    }
    /// Returns a shared reference to the underlying stream.
    #[must_use]
    pub fn get_ref(&self) -> &S {
        unsafe {
            let bio = self.ssl.get_raw_rbio();
@ -4178,6 +4269,7 @@ impl<S> SslStream<S> {
    }
    /// Returns a shared reference to the `Ssl` object associated with this stream.
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        &self.ssl
    }
@ -4251,6 +4343,7 @@ where
    /// This method calls [`Self::set_connect_state`] and returns without actually
    /// initiating the handshake. The caller is then free to call
    /// [`MidHandshakeSslStream`] and loop on [`HandshakeError::WouldBlock`].
    #[must_use]
    pub fn setup_connect(mut self) -> MidHandshakeSslStream<S> {
        self.set_connect_state();
@ -4282,6 +4375,7 @@ where
    /// This method calls [`Self::set_accept_state`] and returns without actually
    /// initiating the handshake. The caller is then free to call
    /// [`MidHandshakeSslStream`] and loop on [`HandshakeError::WouldBlock`].
    #[must_use]
    pub fn setup_accept(mut self) -> MidHandshakeSslStream<S> {
        self.set_accept_state();
@ -4335,6 +4429,7 @@ where
 impl<S> SslStreamBuilder<S> {
    /// Returns a shared reference to the underlying stream.
    #[must_use]
    pub fn get_ref(&self) -> &S {
        unsafe {
            let bio = self.inner.ssl.get_raw_rbio();
@ -4356,6 +4451,7 @@ impl<S> SslStreamBuilder<S> {
    }
    /// Returns a shared reference to the `Ssl` object associated with this builder.
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        &self.inner.ssl
    }
--- a/boring/src/ssl/test/mod.rs
+++ b/boring/src/ssl/test/mod.rs
@ -42,7 +42,7 @@ static KEY: &[u8] = include_bytes!("../../../test/key.pem");
 #[test]
 fn get_ctx_options() {
    let ctx = SslContext::builder(SslMethod::tls()).unwrap();
-    ctx.options();
+    let _ = ctx.options();
 }
 #[test]
--- a/boring/src/stack.rs
+++ b/boring/src/stack.rs
@ -180,15 +180,18 @@ impl<T: Stackable> StackRef<T> {
    }
    /// Returns the number of items in the stack.
    #[must_use]
    pub fn len(&self) -> usize {
        unsafe { OPENSSL_sk_num(self.as_stack()) }
    }
    /// Determines if the stack is empty.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
    #[must_use]
    pub fn iter(&self) -> Iter<T> {
        Iter {
            stack: self,
@ -205,6 +208,7 @@ impl<T: Stackable> StackRef<T> {
    /// Returns a reference to the element at the given index in the
    /// stack or `None` if the index is out of bounds
    #[must_use]
    pub fn get(&self, idx: usize) -> Option<&T::Ref> {
        unsafe {
            if idx >= self.len() {
--- a/boring/src/symm.rs
+++ b/boring/src/symm.rs
@ -79,6 +79,7 @@ pub struct Cipher(*const ffi::EVP_CIPHER);
 impl Cipher {
    /// Looks up the cipher for a certain nid.
    #[corresponds(EVP_get_cipherbynid)]
    #[must_use]
    pub fn from_nid(nid: Nid) -> Option<Cipher> {
        let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
        if ptr.is_null() {
@ -88,82 +89,102 @@ impl Cipher {
        }
    }
    #[must_use]
    pub fn aes_128_ecb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_ecb()) }
    }
    #[must_use]
    pub fn aes_128_cbc() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_cbc()) }
    }
    #[must_use]
    pub fn aes_128_ctr() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_ctr()) }
    }
    #[must_use]
    pub fn aes_128_gcm() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_gcm()) }
    }
    #[must_use]
    pub fn aes_128_ofb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_ofb()) }
    }
    #[must_use]
    pub fn aes_192_ecb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_192_ecb()) }
    }
    #[must_use]
    pub fn aes_192_cbc() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_192_cbc()) }
    }
    #[must_use]
    pub fn aes_192_ctr() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_192_ctr()) }
    }
    #[must_use]
    pub fn aes_192_gcm() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_192_gcm()) }
    }
    #[must_use]
    pub fn aes_192_ofb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_192_ofb()) }
    }
    #[must_use]
    pub fn aes_256_ecb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_256_ecb()) }
    }
    #[must_use]
    pub fn aes_256_cbc() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_256_cbc()) }
    }
    #[must_use]
    pub fn aes_256_ctr() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_256_ctr()) }
    }
    #[must_use]
    pub fn aes_256_gcm() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_256_gcm()) }
    }
    #[must_use]
    pub fn aes_256_ofb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_256_ofb()) }
    }
    #[must_use]
    pub fn des_cbc() -> Cipher {
        unsafe { Cipher(ffi::EVP_des_cbc()) }
    }
    #[must_use]
    pub fn des_ecb() -> Cipher {
        unsafe { Cipher(ffi::EVP_des_ecb()) }
    }
    #[must_use]
    pub fn des_ede3() -> Cipher {
        unsafe { Cipher(ffi::EVP_des_ede3()) }
    }
    #[must_use]
    pub fn des_ede3_cbc() -> Cipher {
        unsafe { Cipher(ffi::EVP_des_ede3_cbc()) }
    }
    #[must_use]
    pub fn rc4() -> Cipher {
        unsafe { Cipher(ffi::EVP_rc4()) }
    }
@ -173,17 +194,20 @@ impl Cipher {
    /// # Safety
    ///
    /// The caller must ensure the pointer is valid for the `'static` lifetime.
    #[must_use]
    pub unsafe fn from_ptr(ptr: *const ffi::EVP_CIPHER) -> Cipher {
        Cipher(ptr)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_ptr(&self) -> *const ffi::EVP_CIPHER {
        self.0
    }
    /// Returns the length of keys used with this cipher.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn key_len(&self) -> usize {
        unsafe { EVP_CIPHER_key_length(self.0) as usize }
    }
@ -191,6 +215,7 @@ impl Cipher {
    /// Returns the length of the IV used with this cipher, or `None` if the
    /// cipher does not use an IV.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn iv_len(&self) -> Option<usize> {
        unsafe {
            let len = EVP_CIPHER_iv_length(self.0) as usize;
@ -208,6 +233,7 @@ impl Cipher {
    ///
    /// Stream ciphers such as RC4 have a block size of 1.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn block_size(&self) -> usize {
        unsafe { EVP_CIPHER_block_size(self.0) as usize }
    }
--- a/boring/src/version.rs
+++ b/boring/src/version.rs
@ -42,11 +42,13 @@ use crate::ffi::{
 /// Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f
 ///
 /// The return value of this function can be compared to the macro to make sure that the correct version of the library has been loaded, especially when using DLLs on Windows systems.
 #[must_use]
 pub fn number() -> i64 {
    unsafe { OpenSSL_version_num() as i64 }
 }
 /// The text variant of the version number and the release date. For example, "OpenSSL 0.9.5a 1 Apr 2000".
 #[must_use]
 pub fn version() -> &'static str {
    unsafe {
        CStr::from_ptr(OpenSSL_version(OPENSSL_VERSION))
@ -57,6 +59,7 @@ pub fn version() -> &'static str {
 /// The compiler flags set for the compilation process in the form "compiler: ..." if available or
 /// "compiler: information not available" otherwise.
 #[must_use]
 pub fn c_flags() -> &'static str {
    unsafe {
        CStr::from_ptr(OpenSSL_version(OPENSSL_CFLAGS))
@ -66,6 +69,7 @@ pub fn c_flags() -> &'static str {
 }
 /// The date of the build process in the form "built on: ..." if available or "built on: date not available" otherwise.
 #[must_use]
 pub fn built_on() -> &'static str {
    unsafe {
        CStr::from_ptr(OpenSSL_version(OPENSSL_BUILT_ON))
@ -75,6 +79,7 @@ pub fn built_on() -> &'static str {
 }
 /// The "Configure" target of the library build in the form "platform: ..." if available or "platform: information not available" otherwise.
 #[must_use]
 pub fn platform() -> &'static str {
    unsafe {
        CStr::from_ptr(OpenSSL_version(OPENSSL_PLATFORM))
@ -84,6 +89,7 @@ pub fn platform() -> &'static str {
 }
 /// The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" if available or "OPENSSLDIR: N/A" otherwise.
 #[must_use]
 pub fn dir() -> &'static str {
    unsafe {
        CStr::from_ptr(OpenSSL_version(OPENSSL_DIR))
--- a/boring/src/x509/extension.rs
+++ b/boring/src/x509/extension.rs
@ -38,6 +38,7 @@ impl Default for BasicConstraints {
 impl BasicConstraints {
    /// Construct a new `BasicConstraints` extension.
    #[must_use]
    pub fn new() -> BasicConstraints {
        BasicConstraints {
            critical: false,
@ -106,6 +107,7 @@ impl Default for KeyUsage {
 impl KeyUsage {
    /// Construct a new `KeyUsage` extension.
    #[must_use]
    pub fn new() -> KeyUsage {
        KeyUsage {
            critical: false,
@ -234,6 +236,7 @@ impl Default for ExtendedKeyUsage {
 impl ExtendedKeyUsage {
    /// Construct a new `ExtendedKeyUsage` extension.
    #[must_use]
    pub fn new() -> ExtendedKeyUsage {
        ExtendedKeyUsage {
            critical: false,
@ -329,6 +332,7 @@ impl Default for SubjectKeyIdentifier {
 impl SubjectKeyIdentifier {
    /// Construct a new `SubjectKeyIdentifier` extension.
    #[must_use]
    pub fn new() -> SubjectKeyIdentifier {
        SubjectKeyIdentifier { critical: false }
    }
@ -365,6 +369,7 @@ impl Default for AuthorityKeyIdentifier {
 impl AuthorityKeyIdentifier {
    /// Construct a new `AuthorityKeyIdentifier` extension.
    #[must_use]
    pub fn new() -> AuthorityKeyIdentifier {
        AuthorityKeyIdentifier {
            critical: false,
@ -433,6 +438,7 @@ impl Default for SubjectAlternativeName {
 impl SubjectAlternativeName {
    /// Construct a new `SubjectAlternativeName` extension.
    #[must_use]
    pub fn new() -> SubjectAlternativeName {
        SubjectAlternativeName {
            critical: false,
--- a/boring/src/x509/mod.rs
+++ b/boring/src/x509/mod.rs
@ -103,6 +103,7 @@ impl X509StoreContext {
 impl X509StoreContextRef {
    /// Returns application data pertaining to an `X509` store context.
    #[corresponds(X509_STORE_CTX_get_ex_data)]
    #[must_use]
    pub fn ex_data<T>(&self, index: Index<X509StoreContext, T>) -> Option<&T> {
        unsafe {
            let data = ffi::X509_STORE_CTX_get_ex_data(self.as_ptr(), index.as_raw());
@ -284,6 +285,7 @@ impl X509StoreContextRef {
    /// Returns a reference to the certificate which caused the error or None if
    /// no certificate is relevant to the error.
    #[corresponds(X509_STORE_CTX_get_current_cert)]
    #[must_use]
    pub fn current_cert(&self) -> Option<&X509Ref> {
        unsafe {
            let ptr = ffi::X509_STORE_CTX_get_current_cert(self.as_ptr());
@ -300,12 +302,14 @@ impl X509StoreContextRef {
    /// entity certificate, one if it is the certificate which signed the end
    /// entity certificate and so on.
    #[corresponds(X509_STORE_CTX_get_error_depth)]
    #[must_use]
    pub fn error_depth(&self) -> u32 {
        unsafe { ffi::X509_STORE_CTX_get_error_depth(self.as_ptr()) as u32 }
    }
    /// Returns a reference to a complete valid `X509` certificate chain.
    #[corresponds(X509_STORE_CTX_get0_chain)]
    #[must_use]
    pub fn chain(&self) -> Option<&StackRef<X509>> {
        unsafe {
            let chain = X509_STORE_CTX_get0_chain(self.as_ptr());
@ -321,6 +325,7 @@ impl X509StoreContextRef {
    /// Returns a reference to the `X509` certificates used to initialize the
    /// [`X509StoreContextRef`].
    #[corresponds(X509_STORE_CTX_get0_untrusted)]
    #[must_use]
    pub fn untrusted(&self) -> Option<&StackRef<X509>> {
        unsafe {
            let certs = ffi::X509_STORE_CTX_get0_untrusted(self.as_ptr());
@ -336,6 +341,7 @@ impl X509StoreContextRef {
    /// Returns a reference to the certificate being verified.
    /// May return None if a raw public key is being verified.
    #[corresponds(X509_STORE_CTX_get0_cert)]
    #[must_use]
    pub fn cert(&self) -> Option<&X509Ref> {
        unsafe {
            let ptr = ffi::X509_STORE_CTX_get0_cert(self.as_ptr());
@ -448,6 +454,7 @@ impl X509Builder {
    ///
    /// Set `issuer` to `None` if the certificate will be self-signed.
    #[corresponds(X509V3_set_ctx)]
    #[must_use]
    pub fn x509v3_context<'a>(
        &'a self,
        issuer: Option<&'a X509Ref>,
@ -505,6 +512,7 @@ impl X509Builder {
    }
    /// Consumes the builder, returning the certificate.
    #[must_use]
    pub fn build(self) -> X509 {
        self.0
    }
@ -521,6 +529,7 @@ foreign_type_and_impl_send_sync! {
 impl X509Ref {
    /// Returns this certificate's subject name.
    #[corresponds(X509_get_subject_name)]
    #[must_use]
    pub fn subject_name(&self) -> &X509NameRef {
        unsafe {
            let name = ffi::X509_get_subject_name(self.as_ptr());
@ -530,12 +539,14 @@ impl X509Ref {
    /// Returns the hash of the certificates subject
    #[corresponds(X509_subject_name_hash)]
    #[must_use]
    pub fn subject_name_hash(&self) -> u32 {
        unsafe { ffi::X509_subject_name_hash(self.as_ptr()) as u32 }
    }
    /// Returns this certificate's subject alternative name entries, if they exist.
    #[corresponds(X509_get_ext_d2i)]
    #[must_use]
    pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> {
        unsafe {
            let stack = ffi::X509_get_ext_d2i(
@ -554,6 +565,7 @@ impl X509Ref {
    /// Returns this certificate's issuer name.
    #[corresponds(X509_get_issuer_name)]
    #[must_use]
    pub fn issuer_name(&self) -> &X509NameRef {
        unsafe {
            let name = ffi::X509_get_issuer_name(self.as_ptr());
@ -563,6 +575,7 @@ impl X509Ref {
    /// Returns this certificate's issuer alternative name entries, if they exist.
    #[corresponds(X509_get_ext_d2i)]
    #[must_use]
    pub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>> {
        unsafe {
            let stack = ffi::X509_get_ext_d2i(
@ -581,6 +594,7 @@ impl X509Ref {
    /// Returns this certificate's subject key id, if it exists.
    #[corresponds(X509_get0_subject_key_id)]
    #[must_use]
    pub fn subject_key_id(&self) -> Option<&Asn1StringRef> {
        unsafe {
            let data = ffi::X509_get0_subject_key_id(self.as_ptr());
@ -590,6 +604,7 @@ impl X509Ref {
    /// Returns this certificate's authority key id, if it exists.
    #[corresponds(X509_get0_authority_key_id)]
    #[must_use]
    pub fn authority_key_id(&self) -> Option<&Asn1StringRef> {
        unsafe {
            let data = ffi::X509_get0_authority_key_id(self.as_ptr());
@ -633,6 +648,7 @@ impl X509Ref {
    /// Returns the certificate's Not After validity period.
    #[corresponds(X509_getm_notAfter)]
    #[must_use]
    pub fn not_after(&self) -> &Asn1TimeRef {
        unsafe {
            let date = X509_getm_notAfter(self.as_ptr());
@ -643,6 +659,7 @@ impl X509Ref {
    /// Returns the certificate's Not Before validity period.
    #[corresponds(X509_getm_notBefore)]
    #[must_use]
    pub fn not_before(&self) -> &Asn1TimeRef {
        unsafe {
            let date = X509_getm_notBefore(self.as_ptr());
@ -653,6 +670,7 @@ impl X509Ref {
    /// Returns the certificate's signature
    #[corresponds(X509_get0_signature)]
    #[must_use]
    pub fn signature(&self) -> &Asn1BitStringRef {
        unsafe {
            let mut signature = ptr::null();
@ -664,6 +682,7 @@ impl X509Ref {
    /// Returns the certificate's signature algorithm.
    #[corresponds(X509_get0_signature)]
    #[must_use]
    pub fn signature_algorithm(&self) -> &X509AlgorithmRef {
        unsafe {
            let mut algor = ptr::null();
@ -705,6 +724,7 @@ impl X509Ref {
    /// Returns this certificate's serial number.
    #[corresponds(X509_get_serialNumber)]
    #[must_use]
    pub fn serial_number(&self) -> &Asn1IntegerRef {
        unsafe {
            let r = ffi::X509_get_serialNumber(self.as_ptr());
@ -860,6 +880,7 @@ impl Stackable for X509 {
 pub struct X509v3Context<'a>(ffi::X509V3_CTX, PhantomData<(&'a X509Ref, &'a ConfRef)>);
 impl X509v3Context<'_> {
    #[must_use]
    pub fn as_ptr(&self) -> *mut ffi::X509V3_CTX {
        &self.0 as *const _ as *mut _
    }
@ -1085,6 +1106,7 @@ impl X509NameBuilder {
    }
    /// Return an `X509Name`.
    #[must_use]
    pub fn build(self) -> X509Name {
        // Round-trip through bytes because OpenSSL is not const correct and
        // names in a "modified" state compute various things lazily. This can
@ -1137,6 +1159,7 @@ impl Stackable for X509Name {
 impl X509NameRef {
    /// Returns the name entries by the nid.
    #[must_use]
    pub fn entries_by_nid(&self, nid: Nid) -> X509NameEntries<'_> {
        X509NameEntries {
            name: self,
@ -1146,6 +1169,7 @@ impl X509NameRef {
    }
    /// Returns an iterator over all `X509NameEntry` values
    #[must_use]
    pub fn entries(&self) -> X509NameEntries<'_> {
        X509NameEntries {
            name: self,
@ -1158,6 +1182,7 @@ impl X509NameRef {
    ///
    /// This function will return `None` if the underlying string contains invalid utf-8.
    #[corresponds(X509_NAME_print_ex)]
    #[must_use]
    pub fn print_ex(&self, flags: i32) -> Option<String> {
        unsafe {
            let bio = MemBio::new().ok()?;
@ -1231,6 +1256,7 @@ foreign_type_and_impl_send_sync! {
 impl X509NameEntryRef {
    /// Returns the field value of an `X509NameEntry`.
    #[corresponds(X509_NAME_ENTRY_get_data)]
    #[must_use]
    pub fn data(&self) -> &Asn1StringRef {
        unsafe {
            let data = ffi::X509_NAME_ENTRY_get_data(self.as_ptr());
@ -1241,6 +1267,7 @@ impl X509NameEntryRef {
    /// Returns the `Asn1Object` value of an `X509NameEntry`.
    /// This is useful for finding out about the actual `Nid` when iterating over all `X509NameEntries`.
    #[corresponds(X509_NAME_ENTRY_get_object)]
    #[must_use]
    pub fn object(&self) -> &Asn1ObjectRef {
        unsafe {
            let object = ffi::X509_NAME_ENTRY_get_object(self.as_ptr());
@ -1303,6 +1330,7 @@ impl X509ReqBuilder {
    /// Return an `X509v3Context`. This context object can be used to construct
    /// certain `X509` extensions.
    #[must_use]
    pub fn x509v3_context<'a>(&'a self, conf: Option<&'a ConfRef>) -> X509v3Context<'a> {
        unsafe {
            let mut ctx = mem::zeroed();
@ -1356,6 +1384,7 @@ impl X509ReqBuilder {
    }
    /// Returns the `X509Req`.
    #[must_use]
    pub fn build(self) -> X509Req {
        self.0
    }
@ -1414,12 +1443,14 @@ impl X509ReqRef {
    /// Returns the numerical value of the version field of the certificate request.
    #[corresponds(X509_REQ_get_version)]
    #[must_use]
    pub fn version(&self) -> i32 {
        unsafe { X509_REQ_get_version(self.as_ptr()) as i32 }
    }
    /// Returns the subject name of the certificate request.
    #[corresponds(X509_REQ_get_subject_name)]
    #[must_use]
    pub fn subject_name(&self) -> &X509NameRef {
        unsafe {
            let name = X509_REQ_get_subject_name(self.as_ptr());
@ -1505,6 +1536,7 @@ impl X509VerifyError {
    /// Return the integer representation of an [`X509VerifyError`].
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -1512,6 +1544,7 @@ impl X509VerifyError {
    /// Return a human readable error string from the verification error.
    #[corresponds(X509_verify_cert_error_string)]
    #[allow(clippy::trivially_copy_pass_by_ref)]
    #[must_use]
    pub fn error_string(&self) -> &'static str {
        ffi::init();
@ -1681,21 +1714,25 @@ impl GeneralNameRef {
    }
    /// Returns the contents of this `GeneralName` if it is an `rfc822Name`.
    #[must_use]
    pub fn email(&self) -> Option<&str> {
        self.ia5_string(ffi::GEN_EMAIL)
    }
    /// Returns the contents of this `GeneralName` if it is a `dNSName`.
    #[must_use]
    pub fn dnsname(&self) -> Option<&str> {
        self.ia5_string(ffi::GEN_DNS)
    }
    /// Returns the contents of this `GeneralName` if it is an `uniformResourceIdentifier`.
    #[must_use]
    pub fn uri(&self) -> Option<&str> {
        self.ia5_string(ffi::GEN_URI)
    }
    /// Returns the contents of this `GeneralName` if it is an `iPAddress`.
    #[must_use]
    pub fn ipaddress(&self) -> Option<&[u8]> {
        unsafe {
            if (*self.as_ptr()).type_ != ffi::GEN_IPADD {
@ -1741,6 +1778,7 @@ foreign_type_and_impl_send_sync! {
 impl X509AlgorithmRef {
    /// Returns the ASN.1 OID of this algorithm.
    #[must_use]
    pub fn object(&self) -> &Asn1ObjectRef {
        unsafe {
            let mut oid = ptr::null();
@ -1760,6 +1798,7 @@ foreign_type_and_impl_send_sync! {
 }
 impl X509ObjectRef {
    #[must_use]
    pub fn x509(&self) -> Option<&X509Ref> {
        unsafe {
            let ptr = X509_OBJECT_get0_X509(self.as_ptr());
--- a/boring/src/x509/store.rs
+++ b/boring/src/x509/store.rs
@ -71,6 +71,7 @@ impl X509StoreBuilder {
    }
    /// Constructs the `X509Store`.
    #[must_use]
    pub fn build(self) -> X509Store {
        let store = X509Store(self.0);
        mem::forget(self);
@ -144,6 +145,7 @@ impl X509StoreRef {
        note = "This method is unsound https://github.com/sfackler/rust-openssl/issues/2096"
    )]
    #[corresponds(X509_STORE_get0_objects)]
    #[must_use]
    pub fn objects(&self) -> &StackRef<X509Object> {
        unsafe { StackRef::from_ptr(ffi::X509_STORE_get0_objects(self.as_ptr())) }
    }
@ -151,6 +153,7 @@ impl X509StoreRef {
    /// For testing only, where it doesn't have to expose an unsafe pointer
    #[cfg(test)]
    #[allow(deprecated)]
    #[must_use]
    pub fn objects_len(&self) -> usize {
        self.objects().len()
    }
--- a/boring/src/x509/verify.rs
+++ b/boring/src/x509/verify.rs
@ -112,6 +112,7 @@ impl X509VerifyParamRef {
    /// Gets verification flags.
    #[corresponds(X509_VERIFY_PARAM_get_flags)]
    #[must_use]
    pub fn flags(&self) -> X509VerifyFlags {
        let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) };
        X509VerifyFlags::from_bits_retain(bits)
--- a/hyper-boring/src/lib.rs
+++ b/hyper-boring/src/lib.rs
@ -30,6 +30,7 @@ pub struct HttpsLayerSettings {
 impl HttpsLayerSettings {
    /// Constructs an [`HttpsLayerSettingsBuilder`] for configuring settings
    #[must_use]
    pub fn builder() -> HttpsLayerSettingsBuilder {
        HttpsLayerSettingsBuilder(HttpsLayerSettings::default())
    }
@ -54,6 +55,7 @@ impl HttpsLayerSettingsBuilder {
    }
    /// Consumes the builder, returning a new [`HttpsLayerSettings`]
    #[must_use]
    pub fn build(self) -> HttpsLayerSettings {
        self.0
    }
--- a/tokio-boring/src/lib.rs
+++ b/tokio-boring/src/lib.rs
@ -113,6 +113,7 @@ where
 impl<S> SslStreamBuilder<S> {
    /// Returns a shared reference to the `Ssl` object associated with this builder.
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        self.inner.ssl()
    }
@ -135,6 +136,7 @@ pub struct SslStream<S>(ssl::SslStream<AsyncStreamBridge<S>>);
 impl<S> SslStream<S> {
    /// Returns a shared reference to the `Ssl` object associated with this stream.
    #[must_use]
    pub fn ssl(&self) -> &SslRef {
        self.0.ssl()
    }
@ -145,6 +147,7 @@ impl<S> SslStream<S> {
    }
    /// Returns a shared reference to the underlying stream.
    #[must_use]
    pub fn get_ref(&self) -> &S {
        &self.0.get_ref().stream
    }
@ -253,6 +256,7 @@ pub struct HandshakeError<S>(ssl::HandshakeError<AsyncStreamBridge<S>>);
 impl<S> HandshakeError<S> {
    /// Returns a shared reference to the `Ssl` object associated with this error.
    #[must_use]
    pub fn ssl(&self) -> Option<&SslRef> {
        match &self.0 {
            ssl::HandshakeError::Failure(s) => Some(s.ssl()),
@ -261,6 +265,7 @@ impl<S> HandshakeError<S> {
    }
    /// Converts error to the source data stream that was used for the handshake.
    #[must_use]
    pub fn into_source_stream(self) -> Option<S> {
        match self.0 {
            ssl::HandshakeError::Failure(s) => Some(s.into_source_stream().stream),
@ -269,6 +274,7 @@ impl<S> HandshakeError<S> {
    }
    /// Returns a reference to the source data stream.
    #[must_use]
    pub fn as_source_stream(&self) -> Option<&S> {
        match &self.0 {
            ssl::HandshakeError::Failure(s) => Some(&s.get_ref().stream),
@ -277,6 +283,7 @@ impl<S> HandshakeError<S> {
    }
    /// Returns the error code, if any.
    #[must_use]
    pub fn code(&self) -> Option<ErrorCode> {
        match &self.0 {
            ssl::HandshakeError::Failure(s) => Some(s.error().code()),
@ -285,6 +292,7 @@ impl<S> HandshakeError<S> {
    }
    /// Returns a reference to the inner I/O error, if any.
    #[must_use]
    pub fn as_io_error(&self) -> Option<&io::Error> {
        match &self.0 {
            ssl::HandshakeError::Failure(s) => s.error().io_error(),