min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove version-specific features 

Closes #852
This commit is contained in:
Steven Fackler 2018-03-18 21:17:49 -07:00
parent cf658e4c5c
commit 7c33346960
11 changed files with 152 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.circleci/config.yml
View File

@ -55,7 +55,6 @@ job: &JOB
cargo test \
--manifest-path=openssl/Cargo.toml \
--target $TARGET \
--all-features \
$TEST_ARGS
- run:
command: |
@ -87,7 +86,7 @@ macos_job: &MACOS_JOB
- run: cargo run --manifest-path=systest/Cargo.toml
- run: |
PATH=/usr/local/opt/openssl/bin:$PATH
cargo test --manifest-path=openssl/Cargo.toml --all-features
cargo test --manifest-path=openssl/Cargo.toml
- *SAVE_DEPS
openssl_111: &OPENSSL_111

1
openssl/Cargo.toml
View File

@ -13,6 +13,7 @@ build = "build.rs"
[package.metadata.docs.rs]
all-features = true
# these are deprecated and don't do anything anymore
[features]
v101 = []
v102 = []

18
openssl/src/dh.rs
View File

@ -83,9 +83,8 @@ impl Dh<Params> {
ffi::d2i_DHparams
}
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@ -93,9 +92,8 @@ impl Dh<Params> {
}
}
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@ -103,9 +101,8 @@ impl Dh<Params> {
}
}
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
@ -145,8 +142,7 @@ mod tests {
use ssl::{SslContext, SslMethod};
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_dh_rfc5114() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
let dh1 = Dh::get_1024_160().unwrap();

6
openssl/src/pkcs5.rs
View File

@ -107,8 +107,8 @@ pub fn pbkdf2_hmac(
/// Derives a key from a password and salt using the scrypt algorithm.
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub fn scrypt(
pass: &[u8],
salt: &[u8],
@ -271,7 +271,7 @@ mod tests {
}
#[test]
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
fn scrypt() {
use hex;

34
openssl/src/ssl/callbacks.rs
View File

@ -1,30 +1,29 @@
use ffi;
use libc::{c_char, c_int, c_uchar, c_uint, c_void};
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
use libc::size_t;
use std::ffi::CStr;
use std::ptr;
use std::slice;
use std::mem;
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
use std::str;
use foreign_types::ForeignTypeRef;
use foreign_types::ForeignType;
use error::ErrorStack;
use dh::Dh;
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
use ec::EcKey;
use pkey::Params;
use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContextRef, SslRef,
SslSession, SslSessionRef};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use ssl::AlpnError;
use x509::X509StoreContextRef;
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
use ssl::ExtensionContext;
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
use x509::X509Ref;
pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
@ -118,8 +117,7 @@ where
}
}
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub extern "C" fn raw_alpn_select<F>(
ssl: *mut ffi::SSL,
out: *mut *const c_uchar,
@ -175,7 +173,7 @@ where
}
}
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
pub unsafe extern "C" fn raw_tmp_ecdh<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
@ -227,7 +225,7 @@ where
}
}
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
@ -320,9 +318,9 @@ pub unsafe extern "C" fn raw_remove_session<F>(
callback(ctx, session)
}
#[cfg(any(ossl110, ossl111))]
#[cfg(any(ossl110))]
type DataPtr = *const c_uchar;
#[cfg(not(any(ossl110, ossl111)))]
#[cfg(not(any(ossl110)))]
type DataPtr = *mut c_uchar;
pub unsafe extern "C" fn raw_get_session<F>(
@ -352,7 +350,7 @@ where
}
}
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@ -423,10 +421,10 @@ where
}
}
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub struct CustomExtAddState<T>(Option<T>);
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_add<F, T>(
ssl: *mut ffi::SSL,
_: c_uint,
@ -480,7 +478,7 @@ where
}
}
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_free<T>(
ssl: *mut ffi::SSL,
_: c_uint,
@ -497,7 +495,7 @@ pub extern "C" fn raw_custom_ext_free<T>(
}
}
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub extern "C" fn raw_custom_ext_parse<F>(
ssl: *mut ffi::SSL,
_: c_uint,

4
openssl/src/ssl/connector.rs
View File

@ -296,7 +296,7 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
#[cfg(ossl102)]
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
ctx._set_ecdh_auto(true)
ctx.set_ecdh_auto(true)
}
#[cfg(ossl110)]
@ -316,7 +316,7 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
#[cfg(any(ossl102, ossl110))]
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
let param = ssl._param_mut();
let param = ssl.param_mut();
param.set_hostflags(::verify::X509CheckFlags::NO_PARTIAL_WILDCARDS);
match domain.parse() {
Ok(ip) => param.set_ip(ip),

167
openssl/src/ssl/mod.rs
View File

@ -80,12 +80,11 @@ use std::sync::Mutex;
use {cvt, cvt_n, cvt_p, init};
use dh::{Dh, DhRef};
use ec::EcKeyRef;
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
use ec::EcKey;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use x509::store::X509Store;
#[cfg(any(ossl102, ossl110))]
use verify::X509VerifyParamRef;
@ -97,6 +96,7 @@ use ssl::bio::BioMethod;
use ssl::error::InnerError;
use ssl::callbacks::*;
use nid::Nid;
#[cfg(ossl111)]
use hash::MessageDigest;
pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector,
@ -181,28 +181,27 @@ bitflags! {
/// Disables the use of TLSv1.3.
///
/// Requires the `v111` feature and OpenSSL 1.1.1.
#[cfg(all(feature = "v111", ossl111))]
/// Requires OpenSSL 1.1.1 or newer.
#[cfg(ossl111)]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
/// Disables the use of DTLSv1.0
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
/// Disables the use of DTLSv1.2.
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
///
/// Requires OpenSSL 1.0.2, or newer.
#[cfg(any(ossl102, ossl110))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
/// Disables the use of all (D)TLS protocol versions.
///
/// This can be used as a mask when whitelisting protocol versions.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// # Examples
///
@ -213,15 +212,14 @@ bitflags! {
///
/// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
/// ```
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
/// Enable TLSv1.3 Compatibility mode.
///
/// This is on by default in OpenSSL 1.1.1. A future version may have this
/// disabled by default.
#[cfg(all(feature = "v111", ossl111))]
/// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version
/// may have this disabled by default.
#[cfg(ossl111)]
const ENABLE_MIDDLEBOX_COMPAT = ffi::SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
}
}
@ -368,7 +366,7 @@ bitflags! {
}
}
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
bitflags! {
/// Which messages and under which conditions an extension should be added or expected.
pub struct ExtensionContext: c_uint {
@ -542,19 +540,17 @@ impl SslAlert {
/// An error returned from an ALPN selection callback.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct AlpnError(c_int);
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
/// Do not select a protocol, but continue the handshake.
@ -580,8 +576,8 @@ impl SslVersion {
/// TLSv1.3
///
/// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v111", ossl111))]
/// Requires OpenSSL 1.1.1 or newer.
#[cfg(ossl111)]
pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
}
@ -725,13 +721,12 @@ impl SslContextBuilder {
/// Sets a custom certificate store for verifying peer certificates.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
///
/// [`SSL_CTX_set0_verify_cert_store`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set0_verify_cert_store.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
unsafe {
let ptr = cert_store.as_ptr();
@ -819,10 +814,10 @@ impl SslContextBuilder {
/// indicating if the selected cipher is export-grade, and the key length. The export and key
/// length options are archaic and should be ignored in almost all cases.
///
/// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
/// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`.
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@ -1032,18 +1027,13 @@ impl SslContextBuilder {
/// Enables ECDHE key exchange with an automatically chosen curve list.
///
/// Requires the `v102` feature and OpenSSL 1.0.2.
/// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_CTX_set_ecdh_auto`].
///
/// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html
#[cfg(all(feature = "v102", any(ossl102, libressl)))]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
self._set_ecdh_auto(onoff)
}
#[cfg(any(ossl102, libressl))]
fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
@ -1089,10 +1079,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_min_proto_version`].
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_min_proto_version(
@ -1109,10 +1099,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_max_proto_version`].
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::SSL_CTX_set_max_proto_version(
@ -1129,10 +1119,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_get_min_proto_version`].
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn min_proto_version(&mut self) -> Option<SslVersion> {
unsafe {
let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@ -1151,10 +1141,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_get_max_proto_version`].
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn max_proto_version(&mut self) -> Option<SslVersion> {
unsafe {
let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@ -1175,11 +1165,10 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_protos`].
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> {
unsafe {
assert!(protocols.len() <= c_uint::max_value() as usize);
@ -1207,13 +1196,12 @@ impl SslContextBuilder {
///
/// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html
/// [`SSL_CTX_set_alpn_select_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn set_alpn_select_callback<F>(&mut self, callback: F)
where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
@ -1409,12 +1397,12 @@ impl SslContextBuilder {
/// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
/// traffic. The line does not contain a trailing newline.
///
/// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.1 or newer.
///
/// This corresponds to [`SSL_CTX_set_keylog_callback`].
///
/// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub fn set_keylog_callback<F>(&mut self, callback: F)
where
F: Fn(&SslRef, &str) + 'static + Sync + Send,
@ -1510,10 +1498,12 @@ impl SslContextBuilder {
/// Adds a custom extension for a TLS/DTLS client or server for all supported protocol versions.
///
/// Requires OpenSSL 1.1.1 or newer.
///
/// This corresponds to [`SSL_CTX_add_custom_ext`].
///
/// [`SSL_CTX_add_custom_ext`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_custom_ext.html
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub fn add_custom_ext<AddFn, ParseFn, T>(
&mut self,
ext_type: u16,
@ -1632,13 +1622,12 @@ impl SslContext {
impl SslContextRef {
/// Returns the certificate associated with this `SslContext`, if present.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_get0_certificate`].
///
/// [`SSL_CTX_get0_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn certificate(&self) -> Option<&X509Ref> {
unsafe {
let ptr = ffi::SSL_CTX_get0_certificate(self.as_ptr());
@ -1652,13 +1641,12 @@ impl SslContextRef {
/// Returns the private key associated with this `SslContext`, if present.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_CTX_get0_privatekey`].
///
/// [`SSL_CTX_get0_privatekey`]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn private_key(&self) -> Option<&PKeyRef<Private>> {
unsafe {
let ptr = ffi::SSL_CTX_get0_privatekey(self.as_ptr());
@ -1819,26 +1807,38 @@ impl SslCipherRef {
/// Returns the handshake digest of the cipher.
///
/// Available as of OpenSSL 1.1.1. This corresponds to [`SSL_CIPHER_get_handshake_digest`].
/// Requires OpenSSL 1.1.1 or newer.
///
/// This corresponds to [`SSL_CIPHER_get_handshake_digest`].
///
/// [`SSL_CIPHER_get_handshake_digest`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_handshake_digest.html
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
pub fn handshake_digest(&self) -> Option<MessageDigest> {
unsafe {
let ptr = ffi::SSL_CIPHER_get_handshake_digest(self.as_ptr());
if ptr.is_null() { None } else { Some(MessageDigest::from_ptr(ptr)) }
if ptr.is_null() {
None
} else {
Some(MessageDigest::from_ptr(ptr))
}
}
}
/// Returns the NID corresponding to the cipher.
///
/// Available as of OpenSSL 1.1.0. This corresponds to [`SSL_CIPHER_get_cipher_nid`]
/// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_CIPHER_get_cipher_nid`].
///
/// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn cipher_nid(&self) -> Option<Nid> {
let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) };
if n == 0 { None } else { Some(Nid::from_raw(n)) }
if n == 0 {
None
} else {
Some(Nid::from_raw(n))
}
}
}
@ -2053,12 +2053,12 @@ impl SslRef {
/// Like [`SslContextBuilder::set_tmp_ecdh_callback`].
///
/// Requires the `v101` feature and OpenSSL 1.0.1, or the `v102` feature and OpenSSL 1.0.2.
/// Requires OpenSSL 1.0.1 or 1.0.2.
///
/// This corresponds to `SSL_set_tmp_ecdh_callback`.
///
/// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
#[cfg(any(ossl101, ossl102))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@ -2077,13 +2077,13 @@ impl SslRef {
/// Like [`SslContextBuilder::set_ecdh_auto`].
///
/// Requires the `v102` feature and OpenSSL 1.0.2.
/// Requires OpenSSL 1.0.2.
///
/// This corresponds to [`SSL_set_ecdh_auto`].
///
/// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh
/// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html
#[cfg(all(feature = "v102", ossl102))]
#[cfg(ossl102)]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
}
@ -2255,13 +2255,12 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_get0_alpn_selected`].
///
/// [`SSL_get0_alpn_selected`]: https://www.openssl.org/docs/manmaster/man3/SSL_get0_next_proto_negotiated.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
unsafe {
let mut data: *const c_uchar = ptr::null();
@ -2331,19 +2330,13 @@ impl SslRef {
/// Returns a mutable reference to the X509 verification configuration.
///
/// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.0.2 or newer.
///
/// This corresponds to [`SSL_get0_param`].
///
/// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
self._param_mut()
}
#[cfg(any(ossl102, ossl110))]
fn _param_mut(&mut self) -> &mut X509VerifyParamRef {
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
}
@ -2377,12 +2370,12 @@ impl SslRef {
/// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
/// value.
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_get_client_random`].
///
/// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn client_random(&self, buf: &mut [u8]) -> usize {
unsafe {
ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
@ -2394,12 +2387,12 @@ impl SslRef {
/// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
/// value.
///
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
/// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_get_server_random`].
///
/// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
pub fn server_random(&self, buf: &mut [u8]) -> usize {
unsafe {
ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())

63
openssl/src/ssl/test.rs
View File

@ -20,11 +20,10 @@ use ocsp::{OcspResponse, OcspResponseStatus};
use ssl;
use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptor, SslConnector, SslContext,
SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslVerifyMode, StatusType};
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
use ssl::SslVersion;
use x509::{X509, X509Name, X509StoreContext, X509VerifyResult};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use x509::verify::X509CheckFlags;
use pkey::PKey;
@ -138,17 +137,14 @@ macro_rules! run_test(
use ssl::{SslContext, Ssl, SslStream, SslVerifyMode, SslOptions};
use hash::MessageDigest;
use x509::{X509StoreContext, X509VerifyResult};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use x509::X509;
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use x509::store::X509StoreBuilder;
use hex::FromHex;
use foreign_types::ForeignTypeRef;
use super::Server;
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
use super::ROOT_CERT;
#[test]
@ -188,8 +184,7 @@ run_test!(verify_trusted, |method, stream| {
}
});
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
run_test!(verify_trusted_with_set_cert, |method, stream| {
let x509 = X509::from_pem(ROOT_CERT).unwrap();
let mut store = X509StoreBuilder::new().unwrap();
@ -484,8 +479,7 @@ fn test_state() {
/// Tests that connecting with the client using ALPN, but the server not does not
/// break the existing connection behavior.
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_connect_with_unilateral_alpn() {
let (_s, stream) = Server::new();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -507,8 +501,7 @@ fn test_connect_with_unilateral_alpn() {
/// Tests that when both the client as well as the server use ALPN and their
/// lists of supported protocols have an overlap, the correct protocol is chosen.
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_connect_with_alpn_successful_multiple_matching() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -531,8 +524,7 @@ fn test_connect_with_alpn_successful_multiple_matching() {
/// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both.
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_connect_with_alpn_successful_single_match() {
let (_s, stream) = Server::new_alpn();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@ -554,8 +546,7 @@ fn test_connect_with_alpn_successful_single_match() {
/// Tests that when the `SslStream` is created as a server stream, the protocols
/// are correctly advertised to the client.
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_alpn_server_advertise_multiple() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@ -597,7 +588,7 @@ fn test_alpn_server_advertise_multiple() {
}
#[test]
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
fn test_alpn_server_select_none_fatal() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@ -631,8 +622,7 @@ fn test_alpn_server_select_none_fatal() {
}
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn test_alpn_server_select_none() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let localhost = listener.local_addr().unwrap();
@ -799,8 +789,7 @@ fn add_extra_chain_cert() {
}
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn verify_valid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@ -825,8 +814,7 @@ fn verify_valid_hostname() {
}
#[test]
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
fn verify_invalid_hostname() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_default_verify_paths().unwrap();
@ -1070,8 +1058,7 @@ fn tmp_dh_callback() {
}
#[test]
#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
all(feature = "v102", ossl102)))]
#[cfg(any(all(ossl101, not(libressl)), ossl102))]
fn tmp_ecdh_callback() {
use ec::EcKey;
use nid::Nid;
@ -1145,8 +1132,7 @@ fn tmp_dh_callback_ssl() {
}
#[test]
#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl26x))),
all(feature = "v102", ossl102)))]
#[cfg(any(all(ossl101, not(libressl)), ossl102))]
fn tmp_ecdh_callback_ssl() {
use ec::EcKey;
use nid::Nid;
@ -1323,7 +1309,7 @@ fn keying_export() {
}
#[test]
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
#[cfg(any(ossl110))]
fn no_version_overlap() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let addr = listener.local_addr().unwrap();
@ -1354,7 +1340,7 @@ fn no_version_overlap() {
}
#[test]
#[cfg(all(feature = "v111", ossl111))]
#[cfg(ossl111)]
fn custom_extensions() {
static FOUND_EXTENSION: AtomicBool = ATOMIC_BOOL_INIT;
@ -1369,9 +1355,13 @@ fn custom_extensions() {
ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap();
ctx.add_custom_ext(
12345, ssl::ExtensionContext::CLIENT_HELLO,
12345,
ssl::ExtensionContext::CLIENT_HELLO,
|_, _, _| -> Result<Option<&'static [u8]>, _> { unreachable!() },
|_, _, data, _| { FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst); Ok(()) }
|_, _, data, _| {
FOUND_EXTENSION.store(data == b"hello", Ordering::SeqCst);
Ok(())
},
).unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.accept(stream).unwrap();
@ -1380,9 +1370,10 @@ fn custom_extensions() {
let stream = TcpStream::connect(addr).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.add_custom_ext(
12345, ssl::ExtensionContext::CLIENT_HELLO,
12345,
ssl::ExtensionContext::CLIENT_HELLO,
|_, _, _| Ok(Some(b"hello")),
|_, _, _, _| unreachable!()
|_, _, _, _| unreachable!(),
).unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap();

20
openssl/src/symm.rs
View File

@ -83,7 +83,11 @@ impl Cipher {
/// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_get_cipherbyname.html
pub fn from_nid(nid: Nid) -> Option<Cipher> {
let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
if ptr.is_null() { None } else { Some(Cipher(ptr)) }
if ptr.is_null() {
None
} else {
Some(Cipher(ptr))
}
}
pub fn aes_128_ecb() -> Cipher {
@ -194,14 +198,14 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_rc4()) }
}
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub fn chacha20() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20()) }
}
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
}
@ -439,7 +443,7 @@ impl Crypter {
///
/// The total plaintext or ciphertext length MUST be passed to the cipher when it operates in
/// CCM mode.
pub fn set_data_len(&mut self, data_len: usize)-> Result<(), ErrorStack> {
pub fn set_data_len(&mut self, data_len: usize) -> Result<(), ErrorStack> {
unsafe {
assert!(data_len <= c_int::max_value() as usize);
let mut len = 0;
@ -1203,7 +1207,7 @@ mod tests {
}
#[test]
#[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
#[cfg(any(ossl110))]
fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000";
@ -1218,7 +1222,7 @@ mod tests {
}
#[test]
#[cfg(any(all(ossl110, feature = "v110"), all(ossl111, feature = "v111")))]
#[cfg(any(ossl110))]
fn test_chacha20_poly1305() {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";

4
openssl/src/verify.rs
View File

@ -15,8 +15,8 @@ bitflags! {
const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
const SINGLE_LABEL_SUBDOMAINS
= ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
/// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
}
}

3
openssl/src/x509/mod.rs
View File

@ -40,8 +40,7 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data,
X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain,
X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
all(feature = "v111", ossl111)))]
#[cfg(any(ossl102, ossl110))]
pub mod verify;
pub mod extension;