From a6f5beeb333342a5e84a3f36ee2f8b80a6f8d602 Mon Sep 17 00:00:00 2001 From: Ivan Nikulin Date: Tue, 10 Nov 2020 00:18:28 +0000 Subject: [PATCH] Remove decrepit and unavaliable API and fix signatures --- Cargo.toml | 1 + openssl-sys/src/aes.rs | 23 +- openssl-sys/src/asn1.rs | 12 +- openssl-sys/src/bn.rs | 32 +- openssl-sys/src/cms.rs | 95 ------ openssl-sys/src/conf.rs | 3 +- openssl-sys/src/crypto.rs | 35 +- openssl-sys/src/dh.rs | 7 - openssl-sys/src/dsa.rs | 16 +- openssl-sys/src/dtls1.rs | 3 - openssl-sys/src/ec.rs | 45 +-- openssl-sys/src/err.rs | 35 +- openssl-sys/src/evp.rs | 166 ++-------- openssl-sys/src/hmac.rs | 4 +- openssl-sys/src/lib.rs | 6 - openssl-sys/src/obj_mac.rs | 2 - openssl-sys/src/ocsp.rs | 118 ------- openssl-sys/src/ossl_typ.rs | 5 - openssl-sys/src/pem.rs | 10 - openssl-sys/src/pkcs12.rs | 54 +-- openssl-sys/src/pkcs7.rs | 42 +-- openssl-sys/src/rand.rs | 2 +- openssl-sys/src/rsa.rs | 82 +---- openssl-sys/src/sha.rs | 40 +-- openssl-sys/src/srtp.rs | 2 +- openssl-sys/src/ssl.rs | 624 ++++++++--------------------------- openssl-sys/src/ssl3.rs | 2 +- openssl-sys/src/stack.rs | 54 +-- openssl-sys/src/tls1.rs | 86 ++--- openssl-sys/src/x509.rs | 206 +++++------- openssl-sys/src/x509_vfy.rs | 19 +- openssl-sys/src/x509v3.rs | 4 +- openssl/src/aes.rs | 18 +- openssl/src/base64.rs | 8 +- openssl/src/bn.rs | 151 +-------- openssl/src/cms.rs | 285 ---------------- openssl/src/conf.rs | 17 +- openssl/src/dh.rs | 30 +- openssl/src/dsa.rs | 7 +- openssl/src/ec.rs | 62 +--- openssl/src/ecdsa.rs | 9 +- openssl/src/envelope.rs | 288 ---------------- openssl/src/error.rs | 34 +- openssl/src/hash.rs | 8 - openssl/src/lib.rs | 14 +- openssl/src/macros.rs | 4 +- openssl/src/nid.rs | 2 - openssl/src/ocsp.rs | 355 -------------------- openssl/src/pkcs12.rs | 9 +- openssl/src/pkcs5.rs | 25 +- openssl/src/pkcs7.rs | 160 +-------- openssl/src/pkey.rs | 89 +---- openssl/src/rand.rs | 2 +- openssl/src/rsa.rs | 33 +- openssl/src/ssl/callbacks.rs | 5 +- openssl/src/ssl/mod.rs | 200 +++-------- openssl/src/stack.rs | 39 +-- openssl/src/string.rs | 6 +- openssl/src/symm.rs | 150 +-------- openssl/src/x509/mod.rs | 19 +- systest/Cargo.toml | 11 + systest/build.rs | 127 +++++++ systest/src/main.rs | 9 + 63 files changed, 719 insertions(+), 3292 deletions(-) delete mode 100644 openssl-sys/src/cms.rs delete mode 100644 openssl-sys/src/dtls1.rs delete mode 100644 openssl-sys/src/ocsp.rs delete mode 100644 openssl/src/cms.rs delete mode 100644 openssl/src/envelope.rs delete mode 100644 openssl/src/ocsp.rs create mode 100644 systest/Cargo.toml create mode 100644 systest/build.rs create mode 100644 systest/src/main.rs diff --git a/Cargo.toml b/Cargo.toml index ea6b6572..d21a25f0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,4 +2,5 @@ members = [ "openssl", "openssl-sys", + "systest" ] diff --git a/openssl-sys/src/aes.rs b/openssl-sys/src/aes.rs index a03a9e78..34f08361 100644 --- a/openssl-sys/src/aes.rs +++ b/openssl-sys/src/aes.rs @@ -10,35 +10,26 @@ pub const AES_BLOCK_SIZE: c_int = 16; pub struct AES_KEY { // There is some business with AES_LONG which is there to ensure the values here are 32 bits rd_key: [u32; 4 * (AES_MAXNR as usize + 1)], - rounds: c_int, + rounds: c_uint, } extern "C" { - pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; - pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; - - pub fn AES_ige_encrypt( - in_: *const c_uchar, - out: *mut c_uchar, - length: size_t, - key: *const AES_KEY, - ivec: *mut c_uchar, - enc: c_int, - ); + pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_uint, key: *mut AES_KEY) -> c_int; + pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_uint, key: *mut AES_KEY) -> c_int; pub fn AES_wrap_key( - key: *mut AES_KEY, + key: *const AES_KEY, iv: *const c_uchar, out: *mut c_uchar, in_: *const c_uchar, - inlen: c_uint, + inlen: size_t, ) -> c_int; pub fn AES_unwrap_key( - key: *mut AES_KEY, + key: *const AES_KEY, iv: *const c_uchar, out: *mut c_uchar, in_: *const c_uchar, - inlen: c_uint, + inlen: size_t, ) -> c_int; } diff --git a/openssl-sys/src/asn1.rs b/openssl-sys/src/asn1.rs index a42c1c54..169e521f 100644 --- a/openssl-sys/src/asn1.rs +++ b/openssl-sys/src/asn1.rs @@ -61,14 +61,6 @@ extern "C" { pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ASN1_STRING) -> c_int; - } - } else { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int; - } - } +extern "C" { + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int; } diff --git a/openssl-sys/src/bn.rs b/openssl-sys/src/bn.rs index 59c1e7f1..793ce2c6 100644 --- a/openssl-sys/src/bn.rs +++ b/openssl-sys/src/bn.rs @@ -15,10 +15,10 @@ extern "C" { pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_new() -> *mut BIGNUM; - pub fn BN_num_bits(bn: *const BIGNUM) -> c_int; + pub fn BN_num_bits(bn: *const BIGNUM) -> c_uint; pub fn BN_clear_free(bn: *mut BIGNUM); - pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int; + pub fn BN_bin2bn(s: *const u8, size: size_t, ret: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> size_t; pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; @@ -132,29 +132,3 @@ extern "C" { cb: *mut BN_GENCB, ) -> c_int; } - -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn BN_get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; - } - } else { - extern "C" { - pub fn get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; - } - } -} diff --git a/openssl-sys/src/cms.rs b/openssl-sys/src/cms.rs deleted file mode 100644 index ad5d7160..00000000 --- a/openssl-sys/src/cms.rs +++ /dev/null @@ -1,95 +0,0 @@ -use libc::*; -use *; - -pub enum CMS_ContentInfo {} - -extern "C" { - #[cfg(ossl101)] - pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo); - #[cfg(ossl101)] - pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; - - #[cfg(ossl101)] - pub fn d2i_CMS_ContentInfo( - a: *mut *mut ::CMS_ContentInfo, - pp: *mut *const c_uchar, - length: c_long, - ) -> *mut ::CMS_ContentInfo; -} - -#[cfg(ossl101)] -pub const CMS_TEXT: c_uint = 0x1; -#[cfg(ossl101)] -pub const CMS_NOCERTS: c_uint = 0x2; -#[cfg(ossl101)] -pub const CMS_NO_CONTENT_VERIFY: c_uint = 0x4; -#[cfg(ossl101)] -pub const CMS_NO_ATTR_VERIFY: c_uint = 0x8; -#[cfg(ossl101)] -pub const CMS_NOSIGS: c_uint = 0x4 | 0x8; -#[cfg(ossl101)] -pub const CMS_NOINTERN: c_uint = 0x10; -#[cfg(ossl101)] -pub const CMS_NO_SIGNER_CERT_VERIFY: c_uint = 0x20; -#[cfg(ossl101)] -pub const CMS_NOVERIFY: c_uint = 0x20; -#[cfg(ossl101)] -pub const CMS_DETACHED: c_uint = 0x40; -#[cfg(ossl101)] -pub const CMS_BINARY: c_uint = 0x80; -#[cfg(ossl101)] -pub const CMS_NOATTR: c_uint = 0x100; -#[cfg(ossl101)] -pub const CMS_NOSMIMECAP: c_uint = 0x200; -#[cfg(ossl101)] -pub const CMS_NOOLDMIMETYPE: c_uint = 0x400; -#[cfg(ossl101)] -pub const CMS_CRLFEOL: c_uint = 0x800; -#[cfg(ossl101)] -pub const CMS_STREAM: c_uint = 0x1000; -#[cfg(ossl101)] -pub const CMS_NOCRL: c_uint = 0x2000; -#[cfg(ossl101)] -pub const CMS_PARTIAL: c_uint = 0x4000; -#[cfg(ossl101)] -pub const CMS_REUSE_DIGEST: c_uint = 0x8000; -#[cfg(ossl101)] -pub const CMS_USE_KEYID: c_uint = 0x10000; -#[cfg(ossl101)] -pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; -#[cfg(ossl102)] -pub const CMS_KEY_PARAM: c_uint = 0x40000; -#[cfg(ossl110)] -pub const CMS_ASCIICRLF: c_uint = 0x80000; - -extern "C" { - #[cfg(ossl101)] - pub fn SMIME_read_CMS(bio: *mut ::BIO, bcont: *mut *mut ::BIO) -> *mut ::CMS_ContentInfo; - - #[cfg(ossl101)] - pub fn CMS_sign( - signcert: *mut ::X509, - pkey: *mut ::EVP_PKEY, - certs: *mut ::stack_st_X509, - data: *mut ::BIO, - flags: c_uint, - ) -> *mut ::CMS_ContentInfo; - - #[cfg(ossl101)] - pub fn CMS_encrypt( - certs: *mut stack_st_X509, - data: *mut ::BIO, - cipher: *const EVP_CIPHER, - flags: c_uint, - ) -> *mut ::CMS_ContentInfo; - - #[cfg(ossl101)] - pub fn CMS_decrypt( - cms: *mut ::CMS_ContentInfo, - pkey: *mut ::EVP_PKEY, - cert: *mut ::X509, - dcont: *mut ::BIO, - out: *mut ::BIO, - flags: c_uint, - ) -> c_int; -} diff --git a/openssl-sys/src/conf.rs b/openssl-sys/src/conf.rs index 9b9d4b26..ebf21118 100644 --- a/openssl-sys/src/conf.rs +++ b/openssl-sys/src/conf.rs @@ -1,7 +1,6 @@ use *; extern "C" { - pub fn NCONF_new(meth: *mut CONF_METHOD) -> *mut CONF; - pub fn NCONF_default() -> *mut CONF_METHOD; + pub fn NCONF_new(meth: *mut c_void) -> *mut CONF; pub fn NCONF_free(conf: *mut CONF); } diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 6d8096f7..65c64062 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -13,15 +13,6 @@ pub const CRYPTO_LOCK_SSL_SESSION: c_int = 14; stack!(stack_st_void); -cfg_if! { - if #[cfg(ossl110)] { - pub const CRYPTO_EX_INDEX_SSL: c_int = 0; - pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1; - } else if #[cfg(libressl)] { - pub const CRYPTO_EX_INDEX_SSL: c_int = 1; - pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 2; - } -} cfg_if! { if #[cfg(any(ossl110, libressl271))] { extern "C" { @@ -71,17 +62,6 @@ pub type CRYPTO_EX_free = unsafe extern "C" fn( argl: c_long, argp: *mut c_void, ); -extern "C" { - #[cfg(any(ossl110, libressl))] - pub fn CRYPTO_get_ex_new_index( - class_index: c_int, - argl: c_long, - argp: *mut c_void, - new_func: Option, - dup_func: Option, - free_func: Option, - ) -> c_int; -} pub const CRYPTO_LOCK: c_int = 1; @@ -106,18 +86,9 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn CRYPTO_malloc(num: size_t, file: *const c_char, line: c_int) -> *mut c_void; - pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int); - } - } else { - extern "C" { - pub fn CRYPTO_malloc(num: c_int, file: *const c_char, line: c_int) -> *mut c_void; - pub fn CRYPTO_free(buf: *mut c_void); - } - } +extern "C" { + pub fn OPENSSL_malloc(num: size_t) -> *mut c_void; + pub fn OPENSSL_free(buf: *mut c_void); } extern "C" { diff --git a/openssl-sys/src/dh.rs b/openssl-sys/src/dh.rs index d6866871..e6fd4dd9 100644 --- a/openssl-sys/src/dh.rs +++ b/openssl-sys/src/dh.rs @@ -7,13 +7,6 @@ extern "C" { pub fn d2i_DHparams(k: *mut *mut DH, pp: *mut *const c_uchar, length: c_long) -> *mut DH; pub fn i2d_DHparams(dh: *const DH, pp: *mut *mut c_uchar) -> c_int; - #[cfg(ossl102)] - pub fn DH_get_1024_160() -> *mut DH; - #[cfg(ossl102)] - pub fn DH_get_2048_224() -> *mut DH; - #[cfg(ossl102)] - pub fn DH_get_2048_256() -> *mut DH; - #[cfg(any(ossl110, libressl273))] pub fn DH_set0_pqg(dh: *mut DH, p: *mut BIGNUM, q: *mut BIGNUM, g: *mut BIGNUM) -> c_int; } diff --git a/openssl-sys/src/dsa.rs b/openssl-sys/src/dsa.rs index 604c68f0..d1858ec5 100644 --- a/openssl-sys/src/dsa.rs +++ b/openssl-sys/src/dsa.rs @@ -10,29 +10,31 @@ extern "C" { pub fn DSA_sign( dummy: c_int, dgst: *const c_uchar, - len: c_int, + len: size_t, sigret: *mut c_uchar, siglen: *mut c_uint, - dsa: *mut DSA, + dsa: *const DSA, ) -> c_int; pub fn DSA_verify( dummy: c_int, dgst: *const c_uchar, - len: c_int, + len: size_t, sigbuf: *const c_uchar, - siglen: c_int, - dsa: *mut DSA, + siglen: size_t, + dsa: *const DSA, ) -> c_int; pub fn d2i_DSAPublicKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; pub fn d2i_DSAPrivateKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; + // int (struct dsa_st *, unsigned int, const unsigned char *, unsigned long, int *, unsigned long *, struct bn_gencb_st *) + // int (struct dsa_st *, int, const unsigned char *, int, int *, unsigned long *, struct bn_gencb_st *) pub fn DSA_generate_parameters_ex( dsa: *mut DSA, - bits: c_int, + bits: c_uint, seed: *const c_uchar, - seed_len: c_int, + seed_len: size_t, counter_ref: *mut c_int, h_ret: *mut c_ulong, cb: *mut BN_GENCB, diff --git a/openssl-sys/src/dtls1.rs b/openssl-sys/src/dtls1.rs deleted file mode 100644 index 08b7a489..00000000 --- a/openssl-sys/src/dtls1.rs +++ /dev/null @@ -1,3 +0,0 @@ -use libc::*; - -pub const DTLS1_COOKIE_LENGTH: c_uint = 256; diff --git a/openssl-sys/src/ec.rs b/openssl-sys/src/ec.rs index 98e233fb..5bf32495 100644 --- a/openssl-sys/src/ec.rs +++ b/openssl-sys/src/ec.rs @@ -17,11 +17,6 @@ pub enum EC_POINT {} pub const OPENSSL_EC_NAMED_CURVE: c_int = 1; extern "C" { - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GF2m_simple_method() -> *const EC_METHOD; - - pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP; - pub fn EC_GROUP_free(group: *mut EC_GROUP); pub fn EC_GROUP_get_order( @@ -50,16 +45,7 @@ extern "C" { ctx: *mut BN_CTX, ) -> c_int; - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GROUP_get_curve_GF2m( - group: *const EC_GROUP, - p: *mut BIGNUM, - a: *mut BIGNUM, - b: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_int; + pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_uint; #[cfg(ossl110)] pub fn EC_GROUP_order_bits(group: *const EC_GROUP) -> c_int; @@ -71,14 +57,6 @@ extern "C" { ctx: *mut BN_CTX, ) -> *mut EC_GROUP; - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GROUP_new_curve_GF2m( - p: *const BIGNUM, - a: *const BIGNUM, - b: *const BIGNUM, - ctx: *mut BN_CTX, - ) -> *mut EC_GROUP; - pub fn EC_GROUP_new_by_curve_name(nid: c_int) -> *mut EC_GROUP; pub fn EC_POINT_new(group: *const EC_GROUP) -> *mut EC_POINT; @@ -95,15 +73,6 @@ extern "C" { ctx: *mut BN_CTX, ) -> c_int; - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_POINT_get_affine_coordinates_GF2m( - group: *const EC_GROUP, - p: *const EC_POINT, - x: *mut BIGNUM, - y: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - pub fn EC_POINT_point2oct( group: *const EC_GROUP, p: *const EC_POINT, @@ -175,8 +144,8 @@ extern "C" { pub fn EC_KEY_set_public_key_affine_coordinates( key: *mut EC_KEY, - x: *mut BIGNUM, - y: *mut BIGNUM, + x: *const BIGNUM, + y: *const BIGNUM, ) -> c_int; } @@ -205,15 +174,15 @@ extern "C" { pub fn ECDSA_do_sign( dgst: *const c_uchar, - dgst_len: c_int, - eckey: *mut EC_KEY, + dgst_len: size_t, + eckey: *const EC_KEY, ) -> *mut ECDSA_SIG; pub fn ECDSA_do_verify( dgst: *const c_uchar, - dgst_len: c_int, + dgst_len: size_t, sig: *const ECDSA_SIG, - eckey: *mut EC_KEY, + eckey: *const EC_KEY, ) -> c_int; pub fn d2i_ECDSA_SIG( diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index dc02b8f1..2652ac6f 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -1,7 +1,6 @@ use libc::*; -pub const ERR_TXT_MALLOCED: c_int = 0x01; -pub const ERR_TXT_STRING: c_int = 0x02; +pub const ERR_FLAG_STRING: c_int = 0x01; pub const ERR_LIB_PEM: c_int = 9; @@ -12,45 +11,35 @@ const_fn! { (r as c_ulong & 0xFFF) } - pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { + pub const fn ERR_GET_LIB(l: c_uint) -> c_int { ((l >> 24) & 0x0FF) as c_int } - pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { + pub const fn ERR_GET_FUNC(l: c_uint) -> c_int { ((l >> 12) & 0xFFF) as c_int } - pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { + pub const fn ERR_GET_REASON(l: c_uint) -> c_int { (l & 0xFFF) as c_int } } -#[repr(C)] -pub struct ERR_STRING_DATA { - pub error: c_ulong, - pub string: *const c_char, -} - extern "C" { - pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); - pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); + pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_uint); + pub fn ERR_add_error_data(count: c_uint, ...); - pub fn ERR_get_error() -> c_ulong; + pub fn ERR_get_error() -> c_uint; pub fn ERR_get_error_line_data( file: *mut *const c_char, line: *mut c_int, data: *mut *const c_char, flags: *mut c_int, - ) -> c_ulong; - pub fn ERR_peek_last_error() -> c_ulong; + ) -> c_uint; + pub fn ERR_peek_last_error() -> c_uint; pub fn ERR_clear_error(); - pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char; - pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; - pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; - #[cfg(ossl110)] - pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA) -> c_int; - #[cfg(not(ossl110))] - pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA); + pub fn ERR_lib_error_string(err: c_uint) -> *const c_char; + pub fn ERR_func_error_string(err: c_uint) -> *const c_char; + pub fn ERR_reason_error_string(err: c_uint) -> *const c_char; #[cfg(not(ossl110))] pub fn ERR_load_crypto_strings(); diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 820dd14c..7f472334 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -3,9 +3,6 @@ use *; pub const EVP_MAX_MD_SIZE: c_uint = 64; -pub const PKCS5_SALT_LEN: c_int = 8; -pub const PKCS12_DEFAULT_ITER: c_int = 2048; - pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption; pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; @@ -18,8 +15,6 @@ pub const EVP_PKEY_ED25519: c_int = NID_ED25519; pub const EVP_PKEY_X448: c_int = NID_X448; #[cfg(ossl111)] pub const EVP_PKEY_ED448: c_int = NID_ED448; -pub const EVP_PKEY_HMAC: c_int = NID_hmac; -pub const EVP_PKEY_CMAC: c_int = NID_cmac; pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; @@ -30,12 +25,12 @@ pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD { } extern "C" { - pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; + pub fn EVP_MD_size(md: *const EVP_MD) -> size_t; pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; - pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_uint; + pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_uint; + pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_uint; } cfg_if! { @@ -67,8 +62,8 @@ extern "C" { md: *const EVP_MD, salt: *const u8, data: *const u8, - datalen: c_int, - count: c_int, + datalen: size_t, + count: c_uint, key: *mut u8, iv: *mut u8, ) -> c_int; @@ -95,7 +90,7 @@ extern "C" { inbuf: *const u8, inlen: c_int, ) -> c_int; - pub fn EVP_CipherFinal(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int; + pub fn EVP_CipherFinal_ex(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int; pub fn EVP_DigestSignInit( ctx: *mut EVP_MD_CTX, @@ -116,16 +111,6 @@ extern "C" { e: *mut ENGINE, pkey: *mut EVP_PKEY, ) -> c_int; - pub fn EVP_SealInit( - ctx: *mut EVP_CIPHER_CTX, - type_: *const EVP_CIPHER, - ek: *mut *mut c_uchar, - ekl: *mut c_int, - iv: *mut c_uchar, - pubk: *mut *mut EVP_PKEY, - npubk: c_int, - ) -> c_int; - pub fn EVP_SealFinal(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int) -> c_int; pub fn EVP_EncryptInit_ex( ctx: *mut EVP_CIPHER_CTX, cipher: *const EVP_CIPHER, @@ -145,15 +130,6 @@ extern "C" { out: *mut c_uchar, outl: *mut c_int, ) -> c_int; - pub fn EVP_OpenInit( - ctx: *mut EVP_CIPHER_CTX, - type_: *const EVP_CIPHER, - ek: *const c_uchar, - ekl: c_int, - iv: *const c_uchar, - priv_: *mut EVP_PKEY, - ) -> c_int; - pub fn EVP_OpenFinal(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int) -> c_int; pub fn EVP_DecryptInit_ex( ctx: *mut EVP_CIPHER_CTX, cipher: *const EVP_CIPHER, @@ -174,17 +150,11 @@ extern "C" { outl: *mut c_int, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl111b, libressl280))] { - extern "C" { - pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int; - } - } else { - extern "C" { - pub fn EVP_PKEY_size(pkey: *mut EVP_PKEY) -> c_int; - } - } + +extern "C" { + pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int; } + cfg_if! { if #[cfg(ossl111)] { extern "C" { @@ -230,7 +200,7 @@ extern "C" { pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX; pub fn EVP_CIPHER_CTX_free(ctx: *mut EVP_CIPHER_CTX); pub fn EVP_MD_CTX_copy_ex(dst: *mut EVP_MD_CTX, src: *const EVP_MD_CTX) -> c_int; - pub fn EVP_CIPHER_CTX_set_key_length(ctx: *mut EVP_CIPHER_CTX, keylen: c_int) -> c_int; + pub fn EVP_CIPHER_CTX_set_key_length(ctx: *mut EVP_CIPHER_CTX, keylen: c_uint) -> c_int; pub fn EVP_CIPHER_CTX_set_padding(ctx: *mut EVP_CIPHER_CTX, padding: c_int) -> c_int; pub fn EVP_CIPHER_CTX_ctrl( ctx: *mut EVP_CIPHER_CTX, @@ -239,7 +209,6 @@ extern "C" { ptr: *mut c_void, ) -> c_int; - pub fn EVP_md_null() -> *const EVP_MD; pub fn EVP_md5() -> *const EVP_MD; pub fn EVP_sha1() -> *const EVP_MD; pub fn EVP_sha224() -> *const EVP_MD; @@ -258,56 +227,26 @@ extern "C" { pub fn EVP_shake128() -> *const EVP_MD; #[cfg(ossl111)] pub fn EVP_shake256() -> *const EVP_MD; - pub fn EVP_ripemd160() -> *const EVP_MD; pub fn EVP_des_ecb() -> *const EVP_CIPHER; pub fn EVP_des_ede3() -> *const EVP_CIPHER; pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER; - pub fn EVP_des_ede3_cfb64() -> *const EVP_CIPHER; pub fn EVP_des_cbc() -> *const EVP_CIPHER; pub fn EVP_rc4() -> *const EVP_CIPHER; - pub fn EVP_bf_ecb() -> *const EVP_CIPHER; - pub fn EVP_bf_cbc() -> *const EVP_CIPHER; - pub fn EVP_bf_cfb64() -> *const EVP_CIPHER; - pub fn EVP_bf_ofb() -> *const EVP_CIPHER; pub fn EVP_aes_128_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_128_cbc() -> *const EVP_CIPHER; - pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER; - pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER; - pub fn EVP_aes_128_cfb128() -> *const EVP_CIPHER; pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; - pub fn EVP_aes_128_ccm() -> *const EVP_CIPHER; pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER; - pub fn EVP_aes_128_xts() -> *const EVP_CIPHER; pub fn EVP_aes_128_ofb() -> *const EVP_CIPHER; - #[cfg(ossl110)] - pub fn EVP_aes_128_ocb() -> *const EVP_CIPHER; pub fn EVP_aes_192_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_192_cbc() -> *const EVP_CIPHER; - pub fn EVP_aes_192_cfb1() -> *const EVP_CIPHER; - pub fn EVP_aes_192_cfb8() -> *const EVP_CIPHER; - pub fn EVP_aes_192_cfb128() -> *const EVP_CIPHER; pub fn EVP_aes_192_ctr() -> *const EVP_CIPHER; - pub fn EVP_aes_192_ccm() -> *const EVP_CIPHER; pub fn EVP_aes_192_gcm() -> *const EVP_CIPHER; pub fn EVP_aes_192_ofb() -> *const EVP_CIPHER; - #[cfg(ossl110)] - pub fn EVP_aes_192_ocb() -> *const EVP_CIPHER; pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER; - pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER; - pub fn EVP_aes_256_cfb8() -> *const EVP_CIPHER; - pub fn EVP_aes_256_cfb128() -> *const EVP_CIPHER; pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; - pub fn EVP_aes_256_ccm() -> *const EVP_CIPHER; pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER; - pub fn EVP_aes_256_xts() -> *const EVP_CIPHER; pub fn EVP_aes_256_ofb() -> *const EVP_CIPHER; - #[cfg(ossl110)] - pub fn EVP_aes_256_ocb() -> *const EVP_CIPHER; - #[cfg(ossl110)] - pub fn EVP_chacha20() -> *const ::EVP_CIPHER; - #[cfg(ossl110)] - pub fn EVP_chacha20_poly1305() -> *const ::EVP_CIPHER; #[cfg(not(ossl110))] pub fn OPENSSL_add_all_algorithms_noconf(); @@ -332,10 +271,10 @@ extern "C" { pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int; pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int; - pub fn EVP_PKEY_get1_RSA(k: *mut EVP_PKEY) -> *mut RSA; - pub fn EVP_PKEY_get1_DSA(k: *mut EVP_PKEY) -> *mut DSA; - pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH; - pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY; + pub fn EVP_PKEY_get1_RSA(k: *const EVP_PKEY) -> *mut RSA; + pub fn EVP_PKEY_get1_DSA(k: *const EVP_PKEY) -> *mut DSA; + pub fn EVP_PKEY_get1_DH(k: *const EVP_PKEY) -> *mut DH; + pub fn EVP_PKEY_get1_EC_KEY(k: *const EVP_PKEY) -> *mut EC_KEY; pub fn EVP_PKEY_new() -> *mut EVP_PKEY; pub fn EVP_PKEY_free(k: *mut EVP_PKEY); @@ -354,21 +293,21 @@ extern "C" { pub fn PKCS5_PBKDF2_HMAC_SHA1( pass: *const c_char, - passlen: c_int, + passlen: size_t, salt: *const u8, - saltlen: c_int, - iter: c_int, - keylen: c_int, + saltlen: size_t, + iter: c_uint, + keylen: size_t, out: *mut u8, ) -> c_int; pub fn PKCS5_PBKDF2_HMAC( pass: *const c_char, - passlen: c_int, + passlen: size_t, salt: *const c_uchar, - saltlen: c_int, - iter: c_int, + saltlen: size_t, + iter: c_uint, digest: *const EVP_MD, - keylen: c_int, + keylen: size_t, out: *mut u8, ) -> c_int; @@ -381,56 +320,17 @@ extern "C" { N: u64, r: u64, p: u64, - maxmem: u64, + maxmem: size_t, key: *mut c_uchar, keylen: size_t, ) -> c_int; } -pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; -pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; -pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; -pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; -pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; -pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; -pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; -pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; - -pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN - | EVP_PKEY_OP_VERIFY - | EVP_PKEY_OP_VERIFYRECOVER - | EVP_PKEY_OP_SIGNCTX - | EVP_PKEY_OP_VERIFYCTX; - -pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT; - -pub const EVP_PKEY_CTRL_SET_MAC_KEY: c_int = 6; - -pub const EVP_PKEY_CTRL_CIPHER: c_int = 12; - -pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000; - extern "C" { pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX); - pub fn EVP_PKEY_CTX_ctrl( - ctx: *mut EVP_PKEY_CTX, - keytype: c_int, - optype: c_int, - cmd: c_int, - p1: c_int, - p2: *mut c_void, - ) -> c_int; - - pub fn EVP_PKEY_new_mac_key( - type_: c_int, - e: *mut ENGINE, - key: *const c_uchar, - keylen: c_int, - ) -> *mut EVP_PKEY; - pub fn EVP_PKEY_derive_init(ctx: *mut EVP_PKEY_CTX) -> c_int; pub fn EVP_PKEY_derive_set_peer(ctx: *mut EVP_PKEY_CTX, peer: *mut EVP_PKEY) -> c_int; pub fn EVP_PKEY_derive(ctx: *mut EVP_PKEY_CTX, key: *mut c_uchar, size: *mut size_t) -> c_int; @@ -456,16 +356,8 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *const PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } - } +extern "C" { + pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; } cfg_if! { @@ -498,6 +390,6 @@ cfg_if! { } extern "C" { - pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; - pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; + pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: size_t) -> size_t; + pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: size_t) -> c_int; } diff --git a/openssl-sys/src/hmac.rs b/openssl-sys/src/hmac.rs index 11e38ec3..023b6017 100644 --- a/openssl-sys/src/hmac.rs +++ b/openssl-sys/src/hmac.rs @@ -20,11 +20,11 @@ extern "C" { pub fn HMAC_Init_ex( ctx: *mut HMAC_CTX, key: *const c_void, - len: c_int, + len: size_t, md: *const EVP_MD, impl_: *mut ENGINE, ) -> c_int; pub fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const c_uchar, len: size_t) -> c_int; pub fn HMAC_Final(ctx: *mut HMAC_CTX, md: *mut c_uchar, len: *mut c_uint) -> c_int; - pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; + pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int; } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 55964be2..7226a05d 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -18,19 +18,16 @@ pub use aes::*; pub use asn1::*; pub use bio::*; pub use bn::*; -pub use cms::*; pub use conf::*; pub use crypto::*; pub use dh::*; pub use dsa::*; -pub use dtls1::*; pub use ec::*; pub use err::*; pub use evp::*; pub use hmac::*; pub use obj_mac::*; pub use object::*; -pub use ocsp::*; pub use ossl_typ::*; pub use pem::*; pub use pkcs12::*; @@ -55,19 +52,16 @@ mod aes; mod asn1; mod bio; mod bn; -mod cms; mod conf; mod crypto; mod dh; mod dsa; -mod dtls1; mod ec; mod err; mod evp; mod hmac; mod obj_mac; mod object; -mod ocsp; mod ossl_typ; mod pem; mod pkcs12; diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs index d78416da..e187a3f0 100644 --- a/openssl-sys/src/obj_mac.rs +++ b/openssl-sys/src/obj_mac.rs @@ -2,10 +2,8 @@ use libc::*; pub const NID_undef: c_int = 0; pub const NID_itu_t: c_int = 645; -pub const NID_ccitt: c_int = 404; pub const NID_iso: c_int = 181; pub const NID_joint_iso_itu_t: c_int = 646; -pub const NID_joint_iso_ccitt: c_int = 393; pub const NID_member_body: c_int = 182; pub const NID_identified_organization: c_int = 676; pub const NID_hmac_md5: c_int = 780; diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs deleted file mode 100644 index 82157f32..00000000 --- a/openssl-sys/src/ocsp.rs +++ /dev/null @@ -1,118 +0,0 @@ -use libc::*; - -use *; - -pub const OCSP_REVOKED_STATUS_NOSTATUS: c_int = -1; -pub const OCSP_REVOKED_STATUS_UNSPECIFIED: c_int = 0; -pub const OCSP_REVOKED_STATUS_KEYCOMPROMISE: c_int = 1; -pub const OCSP_REVOKED_STATUS_CACOMPROMISE: c_int = 2; -pub const OCSP_REVOKED_STATUS_AFFILIATIONCHANGED: c_int = 3; -pub const OCSP_REVOKED_STATUS_SUPERSEDED: c_int = 4; -pub const OCSP_REVOKED_STATUS_CESSATIONOFOPERATION: c_int = 5; -pub const OCSP_REVOKED_STATUS_CERTIFICATEHOLD: c_int = 6; -pub const OCSP_REVOKED_STATUS_REMOVEFROMCRL: c_int = 8; - -pub const OCSP_NOCERTS: c_ulong = 0x1; -pub const OCSP_NOINTERN: c_ulong = 0x2; -pub const OCSP_NOSIGS: c_ulong = 0x4; -pub const OCSP_NOCHAIN: c_ulong = 0x8; -pub const OCSP_NOVERIFY: c_ulong = 0x10; -pub const OCSP_NOEXPLICIT: c_ulong = 0x20; -pub const OCSP_NOCASIGN: c_ulong = 0x40; -pub const OCSP_NODELEGATED: c_ulong = 0x80; -pub const OCSP_NOCHECKS: c_ulong = 0x100; -pub const OCSP_TRUSTOTHER: c_ulong = 0x200; -pub const OCSP_RESPID_KEY: c_ulong = 0x400; -pub const OCSP_NOTIME: c_ulong = 0x800; - -pub enum OCSP_CERTID {} - -pub enum OCSP_ONEREQ {} - -pub enum OCSP_REQUEST {} - -pub const OCSP_RESPONSE_STATUS_SUCCESSFUL: c_int = 0; -pub const OCSP_RESPONSE_STATUS_MALFORMEDREQUEST: c_int = 1; -pub const OCSP_RESPONSE_STATUS_INTERNALERROR: c_int = 2; -pub const OCSP_RESPONSE_STATUS_TRYLATER: c_int = 3; -pub const OCSP_RESPONSE_STATUS_SIGREQUIRED: c_int = 5; -pub const OCSP_RESPONSE_STATUS_UNAUTHORIZED: c_int = 6; - -pub const V_OCSP_CERTSTATUS_GOOD: c_int = 0; -pub const V_OCSP_CERTSTATUS_REVOKED: c_int = 1; -pub const V_OCSP_CERTSTATUS_UNKNOWN: c_int = 2; - -pub enum OCSP_BASICRESP {} - -cfg_if! { - if #[cfg(any(ossl110, libressl281))] { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *const X509, - issuer: *const X509, - ) -> *mut OCSP_CERTID; - } - } else { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *mut X509, - issuer: *mut X509, - ) -> *mut ::OCSP_CERTID; - } - } -} - -extern "C" { - pub fn OCSP_request_add0_id(r: *mut OCSP_REQUEST, id: *mut OCSP_CERTID) -> *mut OCSP_ONEREQ; - - pub fn OCSP_resp_find_status( - bs: *mut OCSP_BASICRESP, - id: *mut OCSP_CERTID, - status: *mut c_int, - reason: *mut c_int, - revtime: *mut *mut ASN1_GENERALIZEDTIME, - thisupd: *mut *mut ASN1_GENERALIZEDTIME, - nextupd: *mut *mut ASN1_GENERALIZEDTIME, - ) -> c_int; - pub fn OCSP_check_validity( - thisupd: *mut ASN1_GENERALIZEDTIME, - nextupd: *mut ASN1_GENERALIZEDTIME, - sec: c_long, - maxsec: c_long, - ) -> c_int; - - pub fn OCSP_response_status(resp: *mut OCSP_RESPONSE) -> c_int; - pub fn OCSP_response_get1_basic(resp: *mut OCSP_RESPONSE) -> *mut OCSP_BASICRESP; - - pub fn OCSP_response_create(status: c_int, bs: *mut OCSP_BASICRESP) -> *mut OCSP_RESPONSE; - - pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP; - pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); - pub fn OCSP_RESPONSE_new() -> *mut OCSP_RESPONSE; - pub fn OCSP_RESPONSE_free(r: *mut OCSP_RESPONSE); - pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; - pub fn d2i_OCSP_RESPONSE( - a: *mut *mut OCSP_RESPONSE, - pp: *mut *const c_uchar, - length: c_long, - ) -> *mut OCSP_RESPONSE; - pub fn OCSP_ONEREQ_free(r: *mut OCSP_ONEREQ); - pub fn OCSP_CERTID_free(id: *mut OCSP_CERTID); - pub fn OCSP_REQUEST_new() -> *mut OCSP_REQUEST; - pub fn OCSP_REQUEST_free(r: *mut OCSP_REQUEST); - pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; - pub fn d2i_OCSP_REQUEST( - a: *mut *mut OCSP_REQUEST, - pp: *mut *const c_uchar, - length: c_long, - ) -> *mut OCSP_REQUEST; - - pub fn OCSP_basic_verify( - bs: *mut OCSP_BASICRESP, - certs: *mut stack_st_X509, - st: *mut X509_STORE, - flags: c_ulong, - ) -> c_int; -} diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index b67b029e..45cc8caf 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -532,7 +532,6 @@ cfg_if! { sid_ctx_length: c_uint, sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], session: *mut ::SSL_SESSION, - generate_session_id: ::GEN_SESSION_CB, verify_mode: c_int, verify_callback: Option c_int>, info_callback: Option, @@ -567,7 +566,6 @@ cfg_if! { tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist: *mut c_uchar, tlsext_session_ticket: *mut c_void, - tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn, tls_session_ticket_ext_cb_arg: *mut c_void, tls_session_secret_cb: ::tls_session_secret_cb_fn, tls_session_secret_cb_arg: *mut c_void, @@ -630,7 +628,6 @@ cfg_if! { sid_ctx_length: c_uint, sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], session: *mut ::SSL_SESSION, - generate_session_id: ::GEN_SESSION_CB, verify_mode: c_int, verify_callback: Option c_int>, info_callback: Option, @@ -708,8 +705,6 @@ cfg_if! { #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_session_ticket: *mut c_void, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_ticket_ext_cb_arg: *mut c_void, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_secret_cb: ::tls_session_secret_cb_fn, diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 3cdc8982..34e507b7 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -166,16 +166,6 @@ extern "C" { ) -> *mut PKCS7; pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; - - #[cfg(ossl101)] - pub fn PEM_read_bio_CMS( - bio: *mut BIO, - out: *mut *mut CMS_ContentInfo, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut CMS_ContentInfo; - #[cfg(ossl101)] - pub fn PEM_write_bio_CMS(bio: *mut BIO, cms: *const CMS_ContentInfo) -> c_int; } pub const PEM_R_NO_START_LINE: c_int = 108; diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index 9cdba7e1..83fdf2e7 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -6,51 +6,33 @@ pub enum PKCS12 {} extern "C" { pub fn PKCS12_free(p12: *mut PKCS12); - pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; - pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; + pub fn i2d_PKCS12(a: *const PKCS12, buf: *mut *mut u8) -> c_int; + pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: size_t) -> *mut PKCS12; pub fn PKCS12_parse( - p12: *mut PKCS12, + p12: *const PKCS12, pass: *const c_char, pkey: *mut *mut EVP_PKEY, cert: *mut *mut X509, ca: *mut *mut stack_st_X509, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn PKCS12_create( - pass: *const c_char, - friendly_name: *const c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } - } else { - extern "C" { - pub fn PKCS12_create( - pass: *mut c_char, - friendly_name: *mut c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } - } + +extern "C" { + pub fn PKCS12_create( + pass: *const c_char, + friendly_name: *const c_char, + pkey: *const EVP_PKEY, + cert: *mut X509, + ca: *const stack_st_X509, + nid_key: c_int, + nid_cert: c_int, + iter: c_int, + mac_iter: c_int, + keytype: c_int, + ) -> *mut PKCS12; } extern "C" { - pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; + pub fn i2d_PKCS12_bio(b: *mut BIO, a: *const PKCS12) -> c_int; } diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index 5aa55ff8..c7c612b0 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -19,35 +19,14 @@ pub const PKCS7_DETACHED: c_int = 0x40; pub const PKCS7_BINARY: c_int = 0x80; pub const PKCS7_NOATTR: c_int = 0x100; pub const PKCS7_NOSMIMECAP: c_int = 0x200; -pub const PKCS7_NOOLDMIMETYPE: c_int = 0x400; -pub const PKCS7_CRLFEOL: c_int = 0x800; pub const PKCS7_STREAM: c_int = 0x1000; -pub const PKCS7_NOCRL: c_int = 0x2000; -pub const PKCS7_PARTIAL: c_int = 0x4000; -pub const PKCS7_REUSE_DIGEST: c_int = 0x8000; #[cfg(not(any(ossl101, ossl102, libressl)))] pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; extern "C" { - pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7; + pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: size_t) -> *mut PKCS7; - pub fn i2d_PKCS7(a: *mut PKCS7, buf: *mut *mut u8) -> c_int; - - pub fn PKCS7_encrypt( - certs: *mut stack_st_X509, - b: *mut BIO, - cipher: *const EVP_CIPHER, - flags: c_int, - ) -> *mut PKCS7; - - pub fn PKCS7_verify( - pkcs7: *mut PKCS7, - certs: *mut stack_st_X509, - store: *mut X509_STORE, - indata: *mut BIO, - out: *mut BIO, - flags: c_int, - ) -> c_int; + pub fn i2d_PKCS7(a: *const PKCS7, buf: *mut *mut u8) -> c_int; pub fn PKCS7_sign( signcert: *mut X509, @@ -57,22 +36,5 @@ extern "C" { flags: c_int, ) -> *mut PKCS7; - pub fn PKCS7_decrypt( - pkcs7: *mut PKCS7, - pkey: *mut EVP_PKEY, - cert: *mut X509, - data: *mut BIO, - flags: c_int, - ) -> c_int; - pub fn PKCS7_free(pkcs7: *mut PKCS7); - - pub fn SMIME_write_PKCS7( - out: *mut BIO, - pkcs7: *mut PKCS7, - data: *mut BIO, - flags: c_int, - ) -> c_int; - - pub fn SMIME_read_PKCS7(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut PKCS7; } diff --git a/openssl-sys/src/rand.rs b/openssl-sys/src/rand.rs index 7380702d..67d8aa82 100644 --- a/openssl-sys/src/rand.rs +++ b/openssl-sys/src/rand.rs @@ -1,7 +1,7 @@ use libc::*; extern "C" { - pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int; + pub fn RAND_bytes(buf: *mut u8, num: size_t) -> c_int; #[cfg(ossl111)] pub fn RAND_keep_random_devices_open(keep: c_int); diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs index 9b6ab82f..666ba217 100644 --- a/openssl-sys/src/rsa.rs +++ b/openssl-sys/src/rsa.rs @@ -5,67 +5,19 @@ use *; pub const RSA_F4: c_long = 0x10001; -pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_RSA_PADDING, - pad, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_GET_RSA_PADDING, - 0, - ppad as *mut c_void, - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, - len, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, - 0, - md as *mut c_void, - ) -} - -pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; -pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2; - -pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5; - -pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; - pub const RSA_PKCS1_PADDING: c_int = 1; -pub const RSA_SSLV23_PADDING: c_int = 2; pub const RSA_NO_PADDING: c_int = 3; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; -pub const RSA_X931_PADDING: c_int = 5; pub const RSA_PKCS1_PSS_PADDING: c_int = 6; extern "C" { pub fn RSA_new() -> *mut RSA; - pub fn RSA_size(k: *const RSA) -> c_int; + pub fn RSA_size(k: *const RSA) -> c_uint; + + pub fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int; + pub fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int; + pub fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int; + pub fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int; #[cfg(any(ossl110, libressl273))] pub fn RSA_set0_key( @@ -111,33 +63,33 @@ extern "C" { pub fn RSA_generate_key_ex( rsa: *mut RSA, bits: c_int, - e: *mut BIGNUM, + e: *const BIGNUM, cb: *mut BN_GENCB, ) -> c_int; pub fn RSA_public_encrypt( - flen: c_int, + flen: size_t, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int, ) -> c_int; pub fn RSA_private_encrypt( - flen: c_int, + flen: size_t, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int, ) -> c_int; pub fn RSA_public_decrypt( - flen: c_int, + flen: size_t, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int, ) -> c_int; pub fn RSA_private_decrypt( - flen: c_int, + flen: size_t, from: *const u8, to: *mut u8, k: *mut RSA, @@ -163,17 +115,9 @@ extern "C" { pub fn RSA_verify( t: c_int, m: *const u8, - mlen: c_uint, + mlen: size_t, sig: *const u8, - siglen: c_uint, + siglen: size_t, k: *mut RSA, ) -> c_int; - - pub fn RSA_padding_check_PKCS1_type_2( - to: *mut c_uchar, - tlen: c_int, - f: *const c_uchar, - fl: c_int, - rsa_len: c_int, - ) -> c_int; } diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index e8d1403f..94a79f47 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -1,20 +1,18 @@ use libc::*; -pub type SHA_LONG = c_uint; - -pub const SHA_LBLOCK: c_int = 16; +pub const SHA_CBLOCK: c_uint = 64; #[repr(C)] #[derive(Clone)] pub struct SHA_CTX { - pub h0: SHA_LONG, - pub h1: SHA_LONG, - pub h2: SHA_LONG, - pub h3: SHA_LONG, - pub h4: SHA_LONG, - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub h0: c_uint, + pub h1: c_uint, + pub h2: c_uint, + pub h3: c_uint, + pub h4: c_uint, + pub Nl: c_uint, + pub Nh: c_uint, + pub data: [c_uchar; SHA_CBLOCK as usize], pub num: c_uint, } @@ -25,13 +23,15 @@ extern "C" { pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; } +pub const SHA256_CBLOCK: c_int = 64; + #[repr(C)] #[derive(Clone)] pub struct SHA256_CTX { - pub h: [SHA_LONG; 8], - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub h: [c_uint; 8], + pub Nl: c_uint, + pub Nh: c_uint, + pub data: [c_uchar; SHA256_CBLOCK as usize], pub num: c_uint, pub md_len: c_uint, } @@ -47,16 +47,16 @@ extern "C" { pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; } -pub type SHA_LONG64 = u64; +pub const SHA512_CBLOCK: c_int = 128; #[repr(C)] #[derive(Clone)] pub struct SHA512_CTX { - pub h: [SHA_LONG64; 8], - pub Nl: SHA_LONG64, - pub Nh: SHA_LONG64, + pub h: [u64; 8], + pub Nl: u64, + pub Nh: u64, // this is a union but we don't want to require 1.19 - u: [SHA_LONG64; SHA_LBLOCK as usize], + u: [c_uchar; SHA512_CBLOCK as usize], pub num: c_uint, pub md_len: c_uint, } diff --git a/openssl-sys/src/srtp.rs b/openssl-sys/src/srtp.rs index d31aa06e..ac599a82 100644 --- a/openssl-sys/src/srtp.rs +++ b/openssl-sys/src/srtp.rs @@ -14,5 +14,5 @@ extern "C" { pub fn SSL_set_tlsext_use_srtp(ssl: *mut SSL, profiles: *const c_char) -> c_int; pub fn SSL_get_srtp_profiles(ssl: *mut SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; - pub fn SSL_get_selected_srtp_profile(ssl: *mut SSL) -> *mut SRTP_PROTECTION_PROFILE; + pub fn SSL_get_selected_srtp_profile(ssl: *mut SSL) -> *const SRTP_PROTECTION_PROFILE; } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 1d4dcc5e..0e73f8fb 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -161,19 +161,6 @@ pub struct SRTP_PROTECTION_PROFILE { stack!(stack_st_SRTP_PROTECTION_PROFILE); -pub type tls_session_ticket_ext_cb_fn = - Option c_int>; -pub type tls_session_secret_cb_fn = Option< - unsafe extern "C" fn( - *mut SSL, - *mut c_void, - *mut c_int, - *mut stack_st_SSL_CIPHER, - *mut *mut SSL_CIPHER, - *mut c_void, - ) -> c_int, ->; - #[cfg(ossl111)] pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; /* This extension is only allowed in DTLS */ @@ -253,218 +240,148 @@ pub type SSL_custom_ext_parse_cb_ex = Option< ) -> c_int, >; -pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; -cfg_if! { - if #[cfg(libressl261)] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; - } else if #[cfg(any(ossl102, libressl))] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x10; - } -} -#[cfg(ossl101)] -pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; +pub const SSL_OP_LEGACY_SERVER_CONNECT: c_uint = 0x00000004; -pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_uint = 0x00000800; -pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; -pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; -pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; +pub const SSL_OP_NO_QUERY_MTU: c_uint = 0x00001000; +pub const SSL_OP_NO_TICKET: c_uint = 0x00004000; + +pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_uint = 0x00010000; cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; + pub const SSL_OP_NO_COMPRESSION: c_uint = 0x00020000; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x00040000; } else { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; - } -} - -pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; -cfg_if! { - if #[cfg(ossl101)] { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; - } else { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x0; + pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0; } } #[cfg(ossl111)] -pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; +pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_uint = 0x00100000; -pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; +pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_uint = 0x00400000; cfg_if! { if #[cfg(libressl280)] { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0; + pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0; } else { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; + pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0x00800000; } } cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; + pub const SSL_OP_NO_SSLv3: c_uint = 0x02000000; } else { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x0; + pub const SSL_OP_NO_SSLv3: c_uint = 0x0; } } -pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; -pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; +pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000; +pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000; -pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; +pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000; #[cfg(ossl102)] -pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; +pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000; #[cfg(ossl102)] -pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; +pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000; #[cfg(ossl111)] -pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; +pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000; #[cfg(ossl110h)] -pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000; - -cfg_if! { - if #[cfg(ossl111)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 - | SSL_OP_NO_SSLv3 - | SSL_OP_NO_TLSv1 - | SSL_OP_NO_TLSv1_1 - | SSL_OP_NO_TLSv1_2 - | SSL_OP_NO_TLSv1_3; - } else if #[cfg(ossl102)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = - SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; - } -} - -cfg_if! { - if #[cfg(libressl261)] { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; - } else { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; - } -} +pub const SSL_OP_NO_RENEGOTIATION: c_uint = 0x40000000; cfg_if! { if #[cfg(ossl110f)] { - pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG - | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - | SSL_OP_LEGACY_SERVER_CONNECT - | SSL_OP_TLSEXT_PADDING - | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; + pub const SSL_OP_ALL: c_uint = + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_LEGACY_SERVER_CONNECT; } else if #[cfg(libressl261)] { - pub const SSL_OP_ALL: c_ulong = 0x4; + pub const SSL_OP_ALL: c_uint = 0x4; } else if #[cfg(libressl)] { - pub const SSL_OP_ALL: c_ulong = 0x80000014; + pub const SSL_OP_ALL: c_uint = 0x80000014; } else { - pub const SSL_OP_ALL: c_ulong = 0x80000BFF; + pub const SSL_OP_ALL: c_uint = 0x80000BFF; } } cfg_if! { if #[cfg(ossl110)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000000; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000000; + pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000000; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000000; + pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000; + pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000; + pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000; } else if #[cfg(ossl101)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000001; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000002; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000008; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000020; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000080; + pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000100; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000200; + pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000; + pub const SSL_OP_NO_SSLv2: c_uint = 0x01000000; } else { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x0; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x0; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x0; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x0; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x0; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x0; + pub const SSL_OP_TLS_D5_BUG: c_uint = 0x0; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x0; #[cfg(libressl261)] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x0; #[cfg(not(libressl261))] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000; + pub const SSL_OP_NO_SSLv2: c_uint = 0x0; } } -pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1; -pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; -pub const SSL_MODE_AUTO_RETRY: c_long = 0x4; -pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8; -pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10; +pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_uint = 0x1; +pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_uint = 0x2; +pub const SSL_MODE_AUTO_RETRY: c_uint = 0x4; +pub const SSL_MODE_NO_AUTO_CHAIN: c_uint = 0x8; +pub const SSL_MODE_RELEASE_BUFFERS: c_uint = 0x10; #[cfg(ossl101)] -pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; +pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_uint = 0x20; #[cfg(ossl101)] -pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; +pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_uint = 0x40; #[cfg(ossl101)] -pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; +pub const SSL_MODE_SEND_FALLBACK_SCSV: c_uint = 0x80; -pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut()) +extern "C" { + pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_uint) -> c_uint; } #[cfg(ossl111)] pub const SSL_COOKIE_LENGTH: c_int = 4096; -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong; - pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong; - pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong; - } - } else { - pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong { - SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong - } - - pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong { - SSL_CTX_ctrl( - ctx as *mut _, - SSL_CTRL_OPTIONS, - op as c_long, - ptr::null_mut(), - ) as c_ulong - } - - pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong { - SSL_CTX_ctrl( - ctx as *mut _, - SSL_CTRL_CLEAR_OPTIONS, - op as c_long, - ptr::null_mut(), - ) as c_ulong - } - } +extern "C" { + pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_uint; + pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_uint) -> c_uint; + pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_uint) -> c_uint; } -pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long { - SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut()) +extern "C" { + pub fn SSL_set_mtu(ssl: *mut SSL, mtu: c_uint) -> c_int; } -pub type GEN_SESSION_CB = - Option c_int>; - -pub const SSL_SESS_CACHE_OFF: c_long = 0x0; -pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1; -pub const SSL_SESS_CACHE_SERVER: c_long = 0x2; -pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER; -pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80; -pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100; -pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200; -pub const SSL_SESS_CACHE_NO_INTERNAL: c_long = +pub const SSL_SESS_CACHE_OFF: c_int = 0x0; +pub const SSL_SESS_CACHE_CLIENT: c_int = 0x1; +pub const SSL_SESS_CACHE_SERVER: c_int = 0x2; +pub const SSL_SESS_CACHE_BOTH: c_int = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER; +pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_int = 0x80; +pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_int = 0x100; +pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_int = 0x200; +pub const SSL_SESS_CACHE_NO_INTERNAL: c_int = SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE; extern "C" { @@ -498,35 +415,6 @@ cfg_if! { } } } -extern "C" { - // FIXME change to unsafe extern "C" fn - pub fn SSL_CTX_set_cookie_generate_cb( - s: *mut SSL_CTX, - cb: Option< - extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int, - >, - ); -} - -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn SSL_CTX_set_cookie_verify_cb( - s: *mut SSL_CTX, - cb: Option< - extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int, - >, - ); - } - } else { - extern "C" { - pub fn SSL_CTX_set_cookie_verify_cb( - s: *mut SSL_CTX, - cb: Option c_int>, - ); - } - } -} extern "C" { #[cfg(ossl111)] @@ -652,9 +540,6 @@ extern "C" { parse_cb: SSL_custom_ext_parse_cb_ex, parse_arg: *mut c_void, ) -> c_int; - - #[cfg(ossl102)] - pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; } #[cfg(ossl111)] @@ -681,16 +566,8 @@ extern "C" { pub fn SSL_get_verify_mode(s: *const SSL) -> c_int; } -cfg_if! { - if #[cfg(ossl111)] { - extern "C" { - pub fn SSL_is_init_finished(s: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_is_init_finished(s: *mut SSL) -> c_int; - } - } +extern "C" { + pub fn SSL_is_init_finished(s: *const SSL) -> c_int; } pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER; @@ -710,200 +587,40 @@ pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11; pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -pub const SSL_CTRL_SET_TMP_DH: c_int = 3; -pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; #[cfg(any(libressl, all(ossl101, not(ossl110))))] pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; -pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; -pub const SSL_CTRL_SET_MTU: c_int = 17; #[cfg(any(libressl, all(ossl101, not(ossl110))))] pub const SSL_CTRL_OPTIONS: c_int = 32; -pub const SSL_CTRL_MODE: c_int = 33; -pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41; -pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42; -pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43; -pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44; -pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53; -pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54; -pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55; -pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63; -pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64; -pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65; -pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70; -pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71; #[cfg(any(libressl, all(ossl101, not(ossl110))))] pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; -pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82; #[cfg(ossl111)] pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92; #[cfg(any(libressl, all(ossl102, not(ossl110))))] pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; -#[cfg(ossl102)] -pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98; -#[cfg(ossl102)] -pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; -#[cfg(ossl110)] -pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; -#[cfg(ossl110)] -pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; -#[cfg(ossl110g)] -pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; -#[cfg(ossl110g)] -pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; - -pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) -} - -pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) -} - -pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long { - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) -} - -pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long { - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) -} - -pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) -} - -pub unsafe fn SSL_CTX_get_extra_chain_certs( - ctx: *mut SSL_CTX, - chain: *mut *mut stack_st_X509, -) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void) -} - -#[cfg(ossl102)] -pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void) -} - -#[cfg(ossl111)] -pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long { - SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_GROUPS_LIST, - 0, - s as *const c_void as *mut c_void, - ) -} - -#[cfg(ossl102)] -pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long { - SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_SIGALGS_LIST, - 0, - s as *const c_void as *mut c_void, - ) -} - -#[cfg(any(libressl, all(ossl102, not(ossl110))))] -pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int { - SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_ECDH_AUTO, - onoff as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(any(libress, all(ossl102, not(ossl110))))] -pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int { - SSL_ctrl( - ssl, - SSL_CTRL_SET_ECDH_AUTO, - onoff as c_long, - ptr::null_mut(), - ) as c_int -} - -cfg_if! { - if #[cfg(ossl110)] { - pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int { - SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_MIN_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int - } - - pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int { - SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_MAX_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int - } - } else if #[cfg(libressl261)] { - extern "C" { - pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; - pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; - } - } -} - -cfg_if! { - if #[cfg(ossl110g)] { - #[cfg(ossl110g)] - pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int { - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int - } - - #[cfg(ossl110g)] - pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int { - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int - } - } else if #[cfg(libressl270)] { - extern "C" { - pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int; - pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int; - } - } -} - -#[cfg(ossl110)] -pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int { - SSL_ctrl( - s, - SSL_CTRL_SET_MIN_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(ossl110)] -pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int { - SSL_ctrl( - s, - SSL_CTRL_SET_MAX_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int { - SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int { - SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} extern "C" { + pub fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *const DH) -> c_int; + pub fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *const DH) -> c_int; + pub fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *const EC_KEY) -> c_int; + pub fn SSL_set_tmp_ecdh(ctx: *mut SSL, key: *const EC_KEY) -> c_int; + pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_int; + pub fn SSL_CTX_get_extra_chain_certs( + ctx: *const SSL_CTX, + chain: *mut *mut stack_st_X509, + ) -> c_int; + pub fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_int; + pub fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int; + pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + pub fn SSL_CTX_get_min_proto_version(ctx: *const ::SSL_CTX) -> u16; + pub fn SSL_CTX_get_max_proto_version(ctx: *const ::SSL_CTX) -> u16; + pub fn SSL_set_min_proto_version(s: *mut SSL, version: u16) -> c_int; + pub fn SSL_set_max_proto_version(s: *mut SSL, version: u16) -> c_int; + pub fn SSL_get_min_proto_version(s: *const SSL) -> u16; + pub fn SSL_get_max_proto_version(s: *const SSL) -> u16; pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); - #[cfg(any(ossl110, libressl273))] pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); @@ -969,10 +686,10 @@ extern "C" { pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; - pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long; - pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long; + pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> u64; + pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> u32; #[cfg(ossl110)] - pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int; + pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> u16; #[cfg(ossl111)] pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int; @@ -1009,7 +726,7 @@ extern "C" { pub fn SSL_CTX_set_session_id_context( ssl: *mut SSL_CTX, sid_ctx: *const c_uchar, - sid_ctx_len: c_uint, + sid_ctx_len: size_t, ) -> c_int; pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; @@ -1095,13 +812,6 @@ extern "C" { num: size_t, written: *mut size_t, ) -> c_int; - pub fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; - pub fn SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; - pub fn SSL_CTX_callback_ctrl( - ctx: *mut SSL_CTX, - cmd: c_int, - fp: Option, - ) -> c_long; } cfg_if! { @@ -1160,18 +870,6 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(ossl111b)] { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *const SSL) -> *const SSL_METHOD; - } - } else { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; - } - } -} - extern "C" { pub fn SSL_set_connect_state(s: *mut SSL); pub fn SSL_set_accept_state(s: *mut SSL); @@ -1183,7 +881,7 @@ extern "C" { cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int, - ) -> *mut c_char; + ) -> *const c_char; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; } @@ -1213,9 +911,6 @@ extern "C" { pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX; pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long; - #[cfg(ossl110)] - pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509; - #[cfg(ossl110)] pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; #[cfg(ossl110)] @@ -1228,56 +923,31 @@ extern "C" { ) -> size_t; } -cfg_if! { - if #[cfg(ossl110)] { - pub unsafe fn SSL_get_ex_new_index( - l: c_long, - p: *mut c_void, - newf: Option, - dupf: Option, - freef: Option, - ) -> c_int { - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) - } - } else { - extern "C" { - pub fn SSL_get_ex_new_index( - argl: c_long, - argp: *mut c_void, - new_func: Option, - dup_func: Option, - free_func: Option, - ) -> c_int; - } - } +extern "C" { + pub fn SSL_get_ex_new_index( + argl: c_long, + argp: *mut c_void, + new_func: *mut c_int, + dup_func: Option, + free_func: Option, + ) -> c_int; } + extern "C" { pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int; pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; } -cfg_if! { - if #[cfg(ossl110)] { - pub unsafe fn SSL_CTX_get_ex_new_index( - l: c_long, - p: *mut c_void, - newf: Option, - dupf: Option, - freef: Option, - ) -> c_int { - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) - } - } else { - extern "C" { - pub fn SSL_CTX_get_ex_new_index( - argl: c_long, - argp: *mut c_void, - new_func: Option<::CRYPTO_EX_new>, - dup_func: Option<::CRYPTO_EX_dup>, - free_func: Option<::CRYPTO_EX_free>, - ) -> c_int; - } - } + +extern "C" { + pub fn SSL_CTX_get_ex_new_index( + argl: c_long, + argp: *mut c_void, + new_func: *mut c_int, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>, + ) -> c_int; } + extern "C" { pub fn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int; pub fn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void; @@ -1285,20 +955,11 @@ extern "C" { pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; } -pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut()) +extern "C" { + pub fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_ulong) -> c_ulong; + pub fn SSL_CTX_sess_get_cache_size(ctx: *const SSL_CTX) -> c_ulong; + pub fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_int) -> c_int; + pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_int) -> c_int; } extern "C" { @@ -1369,21 +1030,10 @@ extern "C" { pub fn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int; } -cfg_if! { - if #[cfg(ossl111c)] { - extern "C" { - pub fn SSL_session_reused(ssl: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_session_reused(ssl: *mut SSL) -> c_int; - } - } else { - pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int { - SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int - } - } +extern "C" { + pub fn SSL_session_reused(ssl: *const SSL) -> c_int; } + cfg_if! { if #[cfg(any(ossl110f, libressl273))] { extern "C" { diff --git a/openssl-sys/src/ssl3.rs b/openssl-sys/src/ssl3.rs index 822613eb..fc52714d 100644 --- a/openssl-sys/src/ssl3.rs +++ b/openssl-sys/src/ssl3.rs @@ -1,5 +1,5 @@ use libc::*; -pub const SSL3_VERSION: c_int = 0x300; +pub const SSL3_VERSION: u16 = 0x300; pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47; diff --git a/openssl-sys/src/stack.rs b/openssl-sys/src/stack.rs index 7f2feef6..10a62c27 100644 --- a/openssl-sys/src/stack.rs +++ b/openssl-sys/src/stack.rs @@ -1,45 +1,21 @@ use libc::*; -cfg_if! { - if #[cfg(ossl110)] { - pub enum OPENSSL_STACK {} - } else { - #[repr(C)] - pub struct _STACK { - pub num: c_int, - pub data: *mut *mut c_char, - pub sorted: c_int, - pub num_alloc: c_int, - pub comp: Option c_int>, - } - } +#[repr(C)] +pub struct _STACK { + pub num: size_t, + pub data: *mut *mut c_void, + pub sorted: c_int, + pub num_alloc: size_t, + pub comp: Option c_int>, } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn OPENSSL_sk_num(stack: *const OPENSSL_STACK) -> c_int; - pub fn OPENSSL_sk_value(stack: *const OPENSSL_STACK, idx: c_int) -> *mut c_void; +extern "C" { + pub fn sk_num(st: *const _STACK) -> size_t; + pub fn sk_value(st: *const _STACK, n: size_t) -> *mut c_void; - pub fn OPENSSL_sk_new_null() -> *mut OPENSSL_STACK; - pub fn OPENSSL_sk_free(st: *mut OPENSSL_STACK); - pub fn OPENSSL_sk_pop_free( - st: *mut OPENSSL_STACK, - free: Option, - ); - pub fn OPENSSL_sk_push(st: *mut OPENSSL_STACK, data: *const c_void) -> c_int; - pub fn OPENSSL_sk_pop(st: *mut OPENSSL_STACK) -> *mut c_void; - } - } else { - extern "C" { - pub fn sk_num(st: *const _STACK) -> c_int; - pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void; - - pub fn sk_new_null() -> *mut _STACK; - pub fn sk_free(st: *mut _STACK); - pub fn sk_pop_free(st: *mut _STACK, free: Option); - pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int; - pub fn sk_pop(st: *mut _STACK) -> *mut c_void; - } - } + pub fn sk_new_null() -> *mut _STACK; + pub fn sk_free(st: *mut _STACK); + pub fn sk_pop_free(st: *mut _STACK, free: Option); + pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> size_t; + pub fn sk_pop(st: *mut _STACK) -> *mut c_void; } diff --git a/openssl-sys/src/tls1.rs b/openssl-sys/src/tls1.rs index c336257d..1807a77c 100644 --- a/openssl-sys/src/tls1.rs +++ b/openssl-sys/src/tls1.rs @@ -4,11 +4,11 @@ use std::ptr; use *; -pub const TLS1_VERSION: c_int = 0x301; -pub const TLS1_1_VERSION: c_int = 0x302; -pub const TLS1_2_VERSION: c_int = 0x303; +pub const TLS1_VERSION: u16 = 0x301; +pub const TLS1_1_VERSION: u16 = 0x302; +pub const TLS1_2_VERSION: u16 = 0x303; #[cfg(ossl111)] -pub const TLS1_3_VERSION: c_int = 0x304; +pub const TLS1_3_VERSION: u16 = 0x304; pub const TLS1_AD_DECODE_ERROR: c_int = 50; pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112; @@ -40,54 +40,20 @@ extern "C" { context: *const c_uchar, contextlen: size_t, ) -> c_int; + + pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_int; + pub fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_int; + pub fn SSL_get_tlsext_status_ocsp_resp(ssl: *const SSL, resp: *mut *const c_uchar) -> size_t; + pub fn SSL_set_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut c_uchar, len: size_t) + -> c_int; } -pub unsafe fn SSL_set_tlsext_host_name(s: *mut SSL, name: *mut c_char) -> c_long { - SSL_ctrl( - s, - SSL_CTRL_SET_TLSEXT_HOSTNAME, - TLSEXT_NAMETYPE_host_name as c_long, - name as *mut c_void, - ) -} - -pub unsafe fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_long { - SSL_ctrl( - s, - SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, - type_ as c_long, - ptr::null_mut(), - ) -} - -pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long { - SSL_ctrl( - ssl, - SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP, - 0, - resp as *mut c_void, - ) -} - -pub unsafe fn SSL_set_tlsext_status_ocsp_resp( - ssl: *mut SSL, - resp: *mut c_uchar, - len: c_long, -) -> c_long { - SSL_ctrl( - ssl, - SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP, - len, - resp as *mut c_void, - ) -} - -pub unsafe fn SSL_CTX_set_tlsext_servername_callback( - ctx: *mut SSL_CTX, - // FIXME should have the right signature - cb: Option, -) -> c_long { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, cb) +extern "C" { + pub fn SSL_CTX_set_tlsext_servername_callback( + ctx: *mut SSL_CTX, + // FIXME should have the right signature + cb: Option c_int>, + ) -> c_int; } pub const SSL_TLSEXT_ERR_OK: c_int = 0; @@ -95,17 +61,11 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1; pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2; pub const SSL_TLSEXT_ERR_NOACK: c_int = 3; -pub unsafe fn SSL_CTX_set_tlsext_servername_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg) -} - -pub unsafe fn SSL_CTX_set_tlsext_status_cb( - ctx: *mut SSL_CTX, - cb: Option c_int>, -) -> c_long { - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, mem::transmute(cb)) -} - -pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg) +extern "C" { + pub fn SSL_CTX_set_tlsext_servername_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_int; + pub fn SSL_CTX_set_tlsext_status_cb( + ctx: *mut SSL_CTX, + cb: Option c_int>, + ) -> c_int; + pub fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_int; } diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 491af381..c653aad4 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -189,26 +189,26 @@ extern "C" { pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_PUBKEY(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; - pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; + pub fn i2d_RSA_PUBKEY(k: *const RSA, buf: *mut *mut u8) -> c_int; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; - pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_DSA_PUBKEY(a: *const DSA, pp: *mut *mut c_uchar) -> c_int; pub fn d2i_EC_PUBKEY( a: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EC_KEY; - pub fn i2d_EC_PUBKEY(a: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_EC_PUBKEY(a: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_PrivateKey(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn d2i_ECPrivateKey( k: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EC_KEY; - pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int; } cfg_if! { @@ -366,9 +366,9 @@ extern "C" { pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; #[cfg(any(ossl110, libressl273))] - pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME; + pub fn X509_getm_notBefore(x: *mut X509) -> *mut ASN1_TIME; #[cfg(any(ossl110, libressl273))] - pub fn X509_getm_notAfter(x: *const X509) -> *mut ASN1_TIME; + pub fn X509_getm_notAfter(x: *mut X509) -> *mut ASN1_TIME; #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; @@ -448,17 +448,10 @@ cfg_if! { } } -cfg_if! { - if #[cfg(libressl280)] { - extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - } - } else { - extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - } - } +extern "C" { + pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; } + cfg_if! { if #[cfg(any(ossl110, libressl280))] { extern "C" { @@ -566,105 +559,82 @@ extern "C" { ex: *mut *mut X509_EXTENSION, nid: c_int, crit: c_int, - data: *mut ASN1_OCTET_STRING, + data: *const ASN1_OCTET_STRING, ) -> *mut X509_EXTENSION; pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; - pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; + pub fn X509_EXTENSION_set_data( + ex: *mut X509_EXTENSION, + data: *const ASN1_OCTET_STRING, + ) -> c_int; pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - // in X509 - pub fn X509_get_ext_count(x: *const X509) -> c_int; - pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_OBJ(x: *const X509, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_critical(x: *const X509, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext(x: *const X509, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_get_ext_d2i( - x: *const ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_CRL - pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; - pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_OBJ(x: *const X509_CRL, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_CRL_get_ext_d2i( - x: *const ::X509_CRL, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_REVOKED - pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; - pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_OBJ(x: *const X509_REVOKED, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_critical(x: *const X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_REVOKED_get_ext_d2i( - x: *const ::X509_REVOKED, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // X509_EXTENSION stack - pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - // X509_EXTENSION itself - pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; - pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; - pub fn X509_EXTENSION_get_critical(ex: *const X509_EXTENSION) -> c_int; - } - } else { - extern "C" { - // in X509 - pub fn X509_get_ext_count(x: *mut X509) -> c_int; - pub fn X509_get_ext_by_NID(x: *mut X509, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_OBJ(x: *mut X509, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_critical(x: *mut X509, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_get_ext_d2i( - x: *mut ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_CRL - pub fn X509_CRL_get_ext_count(x: *mut X509_CRL) -> c_int; - pub fn X509_CRL_get_ext_by_NID(x: *mut X509_CRL, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_OBJ(x: *mut X509_CRL, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_critical(x: *mut X509_CRL, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_CRL_get_ext_d2i( - x: *mut ::X509_CRL, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_REVOKED - pub fn X509_REVOKED_get_ext_count(x: *mut X509_REVOKED) -> c_int; - pub fn X509_REVOKED_get_ext_by_NID(x: *mut X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_OBJ(x: *mut X509_REVOKED, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_critical(x: *mut X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_REVOKED_get_ext_d2i( - x: *mut ::X509_REVOKED, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // X509_EXTENSION stack - pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - // X509_EXTENSION itself - pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; - pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int; - pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; - } - } + +extern "C" { + // in X509 + pub fn X509_get_ext_count(x: *const X509) -> c_int; + pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: *const X509, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: *const X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: *const X509, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_get_ext_d2i( + x: *const ::X509, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ( + x: *const X509_CRL, + obj: *const ASN1_OBJECT, + lastpos: c_int, + ) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: *const ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) + -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ( + x: *const X509_REVOKED, + obj: *const ASN1_OBJECT, + lastpos: c_int, + ) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical( + x: *const X509_REVOKED, + crit: c_int, + lastpos: c_int, + ) -> c_int; + pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: *const ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION stack + pub fn X509v3_get_ext_by_OBJ( + x: *const stack_st_X509_EXTENSION, + obj: *const ASN1_OBJECT, + lastpos: c_int, + ) -> c_int; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ( + ex: *mut *mut X509_EXTENSION, + obj: *const ASN1_OBJECT, + crit: c_int, + data: *const ASN1_OCTET_STRING, + ) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; } extern "C" { @@ -677,14 +647,6 @@ extern "C" { pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509; } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn X509_OBJECT_free(a: *mut X509_OBJECT); - } - } else { - extern "C" { - pub fn X509_OBJECT_free_contents(a: *mut X509_OBJECT); - } - } +extern "C" { + pub fn X509_OBJECT_free_contents(a: *mut X509_OBJECT); } diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 73d97091..8ab77e2b 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -79,21 +79,10 @@ pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62; pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; #[cfg(ossl102)] pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; -cfg_if! { - if #[cfg(ossl110)] { - pub const X509_V_ERR_DANE_NO_MATCH: c_int = 65; - pub const X509_V_ERR_EE_KEY_TOO_SMALL: c_int = 66; - pub const X509_V_ERR_CA_KEY_TOO_SMALL: c_int = 67; - pub const X509_V_ERR_CA_MD_TOO_WEAK: c_int = 68; - pub const X509_V_ERR_INVALID_CALL: c_int = 69; - pub const X509_V_ERR_STORE_LOOKUP: c_int = 70; - pub const X509_V_ERR_NO_VALID_SCTS: c_int = 71; - } else if #[cfg(ossl102h)] { - pub const X509_V_ERR_INVALID_CALL: c_int = 65; - pub const X509_V_ERR_STORE_LOOKUP: c_int = 66; - pub const X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: c_int = 67; - } -} + +pub const X509_V_ERR_INVALID_CALL: c_int = 65; +pub const X509_V_ERR_STORE_LOOKUP: c_int = 66; +pub const X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS: c_int = 67; extern "C" { pub fn X509_STORE_new() -> *mut X509_STORE; diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index e93bc446..19356309 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -2,8 +2,6 @@ use libc::*; use *; -pub enum CONF_METHOD {} - pub const GEN_OTHERNAME: c_int = 0; pub const GEN_EMAIL: c_int = 1; pub const GEN_DNS: c_int = 2; @@ -190,7 +188,7 @@ pub const XKU_DVCS: u32 = 0x80; pub const XKU_ANYEKU: u32 = 0x100; extern "C" { - pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; + pub fn X509V3_EXT_d2i(ext: *const X509_EXTENSION) -> *mut c_void; pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; pub fn X509V3_add1_i2d( x: *mut *mut stack_st_X509_EXTENSION, diff --git a/openssl/src/aes.rs b/openssl/src/aes.rs index 2cda15b0..4a71d2e0 100644 --- a/openssl/src/aes.rs +++ b/openssl/src/aes.rs @@ -56,7 +56,7 @@ //! ``` //! use ffi; -use libc::{c_int, c_uint}; +use libc::{c_int, c_uint, size_t}; use std::{mem, ptr}; use symm::Mode; @@ -82,7 +82,7 @@ impl AesKey { let mut aes_key = mem::uninitialized(); let r = ffi::AES_set_encrypt_key( key.as_ptr() as *const _, - key.len() as c_int * 8, + key.len() as c_uint * 8, &mut aes_key, ); if r == 0 { @@ -106,7 +106,7 @@ impl AesKey { let mut aes_key = mem::uninitialized(); let r = ffi::AES_set_decrypt_key( key.as_ptr() as *const _, - key.len() as c_int * 8, + key.len() as c_uint * 8, &mut aes_key, ); @@ -147,14 +147,6 @@ pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mo Mode::Encrypt => ffi::AES_ENCRYPT, Mode::Decrypt => ffi::AES_DECRYPT, }; - ffi::AES_ige_encrypt( - in_.as_ptr() as *const _, - out.as_mut_ptr() as *mut _, - in_.len(), - &key.0, - iv.as_mut_ptr() as *mut _, - mode, - ); } } @@ -186,7 +178,7 @@ pub fn wrap_key( .map_or(ptr::null(), |iv| iv.as_ptr() as *const _), out.as_ptr() as *mut _, in_.as_ptr() as *const _, - in_.len() as c_uint, + in_.len() as size_t, ); if written <= 0 { Err(KeyError(())) @@ -224,7 +216,7 @@ pub fn unwrap_key( .map_or(ptr::null(), |iv| iv.as_ptr() as *const _), out.as_ptr() as *mut _, in_.as_ptr() as *const _, - in_.len() as c_uint, + in_.len() as size_t, ); if written <= 0 { diff --git a/openssl/src/base64.rs b/openssl/src/base64.rs index 072df6b2..63d0725d 100644 --- a/openssl/src/base64.rs +++ b/openssl/src/base64.rs @@ -15,7 +15,7 @@ use libc::c_int; /// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html pub fn encode_block(src: &[u8]) -> String { assert!(src.len() <= c_int::max_value() as usize); - let src_len = src.len() as c_int; + let src_len = src.len(); let len = encoded_len(src_len).unwrap(); let mut out = Vec::with_capacity(len as usize); @@ -49,7 +49,7 @@ pub fn decode_block(src: &str) -> Result, ErrorStack> { } assert!(src.len() <= c_int::max_value() as usize); - let src_len = src.len() as c_int; + let src_len = src.len(); let len = decoded_len(src_len).unwrap(); let mut out = Vec::with_capacity(len as usize); @@ -78,7 +78,7 @@ pub fn decode_block(src: &str) -> Result, ErrorStack> { Ok(out) } -fn encoded_len(src_len: c_int) -> Option { +fn encoded_len(src_len: usize) -> Option { let mut len = (src_len / 3).checked_mul(4)?; if src_len % 3 != 0 { @@ -90,7 +90,7 @@ fn encoded_len(src_len: c_int) -> Option { Some(len) } -fn decoded_len(src_len: c_int) -> Option { +fn decoded_len(src_len: usize) -> Option { let mut len = (src_len / 4).checked_mul(3)?; if src_len % 4 != 0 { diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index e9ed1f4d..35800969 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -24,7 +24,7 @@ //! [`BIGNUM`]: https://wiki.openssl.org/index.php/Manual:Bn_internal(3) use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use libc::c_int; +use libc::{c_int, size_t}; use std::cmp::Ordering; use std::ffi::CString; use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; @@ -32,35 +32,10 @@ use std::{fmt, ptr}; use asn1::Asn1Integer; use error::ErrorStack; +use ffi::BN_is_negative; use string::OpensslString; use {cvt, cvt_n, cvt_p}; -cfg_if! { - if #[cfg(ossl110)] { - use ffi::{ - BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536, - BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, - BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative, - }; - } else { - use ffi::{ - get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, - get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, - get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536, - get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048, - get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072, - get_rfc3526_prime_4096 as BN_get_rfc3526_prime_4096, - get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144, - get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192, - }; - - #[allow(bad_style)] - unsafe fn BN_is_negative(bn: *const ffi::BIGNUM) -> c_int { - (*bn).neg - } - } -} - /// Options for the most significant bits of a randomly generated `BigNum`. pub struct MsbOption(c_int); @@ -975,126 +950,6 @@ impl BigNum { } } - /// Returns a constant used in IKE as defined in [`RFC 2409`]. This prime number is in - /// the order of magnitude of `2 ^ 768`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled Oakley group id 1. - /// - /// OpenSSL documentation at [`BN_get_rfc2409_prime_768`] - /// - /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21 - /// [`BN_get_rfc2409_prime_768`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc2409_prime_768.html - pub fn get_rfc2409_prime_768() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc2409_prime_768(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 2409`]. This prime number is in - /// the order of magnitude of `2 ^ 1024`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled Oakly group 2. - /// - /// OpenSSL documentation at [`BN_get_rfc2409_prime_1024`] - /// - /// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21 - /// [`BN_get_rfc2409_prime_1024`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc2409_prime_1024.html - pub fn get_rfc2409_prime_1024() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc2409_prime_1024(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 1536`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 5. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_1536`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3 - /// [`BN_get_rfc3526_prime_1536`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_1536.html - pub fn get_rfc3526_prime_1536() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_1536(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 2048`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 14. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_2048`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3 - /// [`BN_get_rfc3526_prime_2048`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_2048.html - pub fn get_rfc3526_prime_2048() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_2048(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 3072`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 15. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_3072`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4 - /// [`BN_get_rfc3526_prime_3072`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_3072.html - pub fn get_rfc3526_prime_3072() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_3072(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 4096`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 16. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_4096`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4 - /// [`BN_get_rfc3526_prime_4096`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_4096.html - pub fn get_rfc3526_prime_4096() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_4096(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 6144`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 17. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_6144`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6 - /// [`BN_get_rfc3526_prime_6144`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_6144.html - pub fn get_rfc3526_prime_6144() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_6144(ptr::null_mut())).map(BigNum) - } - } - - /// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order - /// of magnitude of `2 ^ 8192`. This number is used during calculated key - /// exchanges such as Diffie-Hellman. This number is labeled MODP group 18. - /// - /// OpenSSL documentation at [`BN_get_rfc3526_prime_8192`] - /// - /// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6 - /// [`BN_get_rfc3526_prime_8192`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_8192.html - pub fn get_rfc3526_prime_8192() -> Result { - unsafe { - ffi::init(); - cvt_p(BN_get_rfc3526_prime_8192(ptr::null_mut())).map(BigNum) - } - } - /// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length. /// /// OpenSSL documentation at [`BN_bin2bn`] @@ -1113,7 +968,7 @@ impl BigNum { assert!(n.len() <= c_int::max_value() as usize); cvt_p(ffi::BN_bin2bn( n.as_ptr(), - n.len() as c_int, + n.len() as size_t, ptr::null_mut(), )) .map(|p| BigNum::from_ptr(p)) diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs deleted file mode 100644 index 8c5efd64..00000000 --- a/openssl/src/cms.rs +++ /dev/null @@ -1,285 +0,0 @@ -//! SMIME implementation using CMS -//! -//! CMS (PKCS#7) is an encyption standard. It allows signing and ecrypting data using -//! X.509 certificates. The OpenSSL implementation of CMS is used in email encryption -//! generated from a `Vec` of bytes. This `Vec` follows the smime protocol standards. -//! Data accepted by this module will be smime type `enveloped-data`. - -use ffi; -use foreign_types::{ForeignType, ForeignTypeRef}; -use std::ptr; - -use bio::{MemBio, MemBioSlice}; -use error::ErrorStack; -use libc::c_uint; -use pkey::{HasPrivate, PKeyRef}; -use stack::StackRef; -use symm::Cipher; -use x509::{X509Ref, X509}; -use {cvt, cvt_p}; - -bitflags! { - pub struct CMSOptions : c_uint { - const TEXT = ffi::CMS_TEXT; - const CMS_NOCERTS = ffi::CMS_NOCERTS; - const NO_CONTENT_VERIFY = ffi::CMS_NO_CONTENT_VERIFY; - const NO_ATTR_VERIFY = ffi::CMS_NO_ATTR_VERIFY; - const NOSIGS = ffi::CMS_NOSIGS; - const NOINTERN = ffi::CMS_NOINTERN; - const NO_SIGNER_CERT_VERIFY = ffi::CMS_NO_SIGNER_CERT_VERIFY; - const NOVERIFY = ffi::CMS_NOVERIFY; - const DETACHED = ffi::CMS_DETACHED; - const BINARY = ffi::CMS_BINARY; - const NOATTR = ffi::CMS_NOATTR; - const NOSMIMECAP = ffi::CMS_NOSMIMECAP; - const NOOLDMIMETYPE = ffi::CMS_NOOLDMIMETYPE; - const CRLFEOL = ffi::CMS_CRLFEOL; - const STREAM = ffi::CMS_STREAM; - const NOCRL = ffi::CMS_NOCRL; - const PARTIAL = ffi::CMS_PARTIAL; - const REUSE_DIGEST = ffi::CMS_REUSE_DIGEST; - const USE_KEYID = ffi::CMS_USE_KEYID; - const DEBUG_DECRYPT = ffi::CMS_DEBUG_DECRYPT; - #[cfg(all(not(libressl), not(ossl101)))] - const KEY_PARAM = ffi::CMS_KEY_PARAM; - #[cfg(all(not(libressl), not(ossl101), not(ossl102)))] - const ASCIICRLF = ffi::CMS_ASCIICRLF; - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::CMS_ContentInfo; - fn drop = ffi::CMS_ContentInfo_free; - - /// High level CMS wrapper - /// - /// CMS supports nesting various types of data, including signatures, certificates, - /// encrypted data, smime messages (encrypted email), and data digest. The ContentInfo - /// content type is the encapsulation of all those content types. [`RFC 5652`] describes - /// CMS and OpenSSL follows this RFC's implmentation. - /// - /// [`RFC 5652`]: https://tools.ietf.org/html/rfc5652#page-6 - pub struct CmsContentInfo; - /// Reference to [`CMSContentInfo`] - /// - /// [`CMSContentInfo`]:struct.CmsContentInfo.html - pub struct CmsContentInfoRef; -} - -impl CmsContentInfoRef { - /// Given the sender's private key, `pkey` and the recipient's certificiate, `cert`, - /// decrypt the data in `self`. - /// - /// OpenSSL documentation at [`CMS_decrypt`] - /// - /// [`CMS_decrypt`]: https://www.openssl.org/docs/man1.1.0/crypto/CMS_decrypt.html - pub fn decrypt(&self, pkey: &PKeyRef, cert: &X509) -> Result, ErrorStack> - where - T: HasPrivate, - { - unsafe { - let pkey = pkey.as_ptr(); - let cert = cert.as_ptr(); - let out = MemBio::new()?; - - cvt(ffi::CMS_decrypt( - self.as_ptr(), - pkey, - cert, - ptr::null_mut(), - out.as_ptr(), - 0, - ))?; - - Ok(out.get_buf().to_owned()) - } - } - - to_der! { - /// Serializes this CmsContentInfo using DER. - /// - /// OpenSSL documentation at [`i2d_CMS_ContentInfo`] - /// - /// [`i2d_CMS_ContentInfo`]: https://www.openssl.org/docs/man1.0.2/crypto/i2d_CMS_ContentInfo.html - to_der, - ffi::i2d_CMS_ContentInfo - } - - to_pem! { - /// Serializes this CmsContentInfo using DER. - /// - /// OpenSSL documentation at [`PEM_write_bio_CMS`] - /// - /// [`PEM_write_bio_CMS`]: https://www.openssl.org/docs/man1.1.0/man3/PEM_write_bio_CMS.html - to_pem, - ffi::PEM_write_bio_CMS - } -} - -impl CmsContentInfo { - /// Parses a smime formatted `vec` of bytes into a `CmsContentInfo`. - /// - /// OpenSSL documentation at [`SMIME_read_CMS`] - /// - /// [`SMIME_read_CMS`]: https://www.openssl.org/docs/man1.0.2/crypto/SMIME_read_CMS.html - pub fn smime_read_cms(smime: &[u8]) -> Result { - unsafe { - let bio = MemBioSlice::new(smime)?; - - let cms = cvt_p(ffi::SMIME_read_CMS(bio.as_ptr(), ptr::null_mut()))?; - - Ok(CmsContentInfo::from_ptr(cms)) - } - } - - from_der! { - /// Deserializes a DER-encoded ContentInfo structure. - /// - /// This corresponds to [`d2i_CMS_ContentInfo`]. - /// - /// [`d2i_CMS_ContentInfo`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509.html - from_der, - CmsContentInfo, - ffi::d2i_CMS_ContentInfo - } - - from_pem! { - /// Deserializes a PEM-encoded ContentInfo structure. - /// - /// This corresponds to [`PEM_read_bio_CMS`]. - /// - /// [`PEM_read_bio_CMS`]: https://www.openssl.org/docs/man1.1.0/man3/PEM_read_bio_CMS.html - from_pem, - CmsContentInfo, - ffi::PEM_read_bio_CMS - } - - /// Given a signing cert `signcert`, private key `pkey`, a certificate stack `certs`, - /// data `data` and flags `flags`, create a CmsContentInfo struct. - /// - /// All arguments are optional. - /// - /// OpenSSL documentation at [`CMS_sign`] - /// - /// [`CMS_sign`]: https://www.openssl.org/docs/manmaster/man3/CMS_sign.html - pub fn sign( - signcert: Option<&X509Ref>, - pkey: Option<&PKeyRef>, - certs: Option<&StackRef>, - data: Option<&[u8]>, - flags: CMSOptions, - ) -> Result - where - T: HasPrivate, - { - unsafe { - let signcert = signcert.map_or(ptr::null_mut(), |p| p.as_ptr()); - let pkey = pkey.map_or(ptr::null_mut(), |p| p.as_ptr()); - let data_bio = match data { - Some(data) => Some(MemBioSlice::new(data)?), - None => None, - }; - let data_bio_ptr = data_bio.as_ref().map_or(ptr::null_mut(), |p| p.as_ptr()); - let certs = certs.map_or(ptr::null_mut(), |p| p.as_ptr()); - - let cms = cvt_p(ffi::CMS_sign( - signcert, - pkey, - certs, - data_bio_ptr, - flags.bits(), - ))?; - - Ok(CmsContentInfo::from_ptr(cms)) - } - } - - /// Given a certificate stack `certs`, data `data`, cipher `cipher` and flags `flags`, - /// create a CmsContentInfo struct. - /// - /// OpenSSL documentation at [`CMS_encrypt`] - /// - /// [`CMS_encrypt`]: https://www.openssl.org/docs/manmaster/man3/CMS_encrypt.html - pub fn encrypt( - certs: &StackRef, - data: &[u8], - cipher: Cipher, - flags: CMSOptions, - ) -> Result { - unsafe { - let data_bio = MemBioSlice::new(data)?; - - let cms = cvt_p(ffi::CMS_encrypt( - certs.as_ptr(), - data_bio.as_ptr(), - cipher.as_ptr(), - flags.bits(), - ))?; - - Ok(CmsContentInfo::from_ptr(cms)) - } - } -} - -#[cfg(test)] -mod test { - use super::*; - use pkcs12::Pkcs12; - use stack::Stack; - use x509::X509; - - #[test] - fn cms_encrypt_decrypt() { - // load cert with public key only - let pub_cert_bytes = include_bytes!("../test/cms_pubkey.der"); - let pub_cert = X509::from_der(pub_cert_bytes).expect("failed to load pub cert"); - - // load cert with private key - let priv_cert_bytes = include_bytes!("../test/cms.p12"); - let priv_cert = Pkcs12::from_der(priv_cert_bytes).expect("failed to load priv cert"); - let priv_cert = priv_cert - .parse("mypass") - .expect("failed to parse priv cert"); - - // encrypt cms message using public key cert - let input = String::from("My Message"); - let mut cert_stack = Stack::new().expect("failed to create stack"); - cert_stack - .push(pub_cert) - .expect("failed to add pub cert to stack"); - - let encrypt = CmsContentInfo::encrypt( - &cert_stack, - &input.as_bytes(), - Cipher::des_ede3_cbc(), - CMSOptions::empty(), - ) - .expect("failed create encrypted cms"); - - // decrypt cms message using private key cert (DER) - { - let encrypted_der = encrypt.to_der().expect("failed to create der from cms"); - let decrypt = - CmsContentInfo::from_der(&encrypted_der).expect("failed read cms from der"); - let decrypt = decrypt - .decrypt(&priv_cert.pkey, &priv_cert.cert) - .expect("failed to decrypt cms"); - let decrypt = - String::from_utf8(decrypt).expect("failed to create string from cms content"); - assert_eq!(input, decrypt); - } - - // decrypt cms message using private key cert (PEM) - { - let encrypted_pem = encrypt.to_pem().expect("failed to create pem from cms"); - let decrypt = - CmsContentInfo::from_pem(&encrypted_pem).expect("failed read cms from pem"); - let decrypt = decrypt - .decrypt(&priv_cert.pkey, &priv_cert.cert) - .expect("failed to decrypt cms"); - let decrypt = - String::from_utf8(decrypt).expect("failed to create string from cms content"); - assert_eq!(input, decrypt); - } - } -} diff --git a/openssl/src/conf.rs b/openssl/src/conf.rs index 43ff3530..da51a300 100644 --- a/openssl/src/conf.rs +++ b/openssl/src/conf.rs @@ -1,33 +1,24 @@ //! Interface for processing OpenSSL configuration files. use ffi; +use libc::c_void; use cvt_p; use error::ErrorStack; -pub struct ConfMethod(*mut ffi::CONF_METHOD); +pub struct ConfMethod(*mut c_void); impl ConfMethod { - /// Retrieve handle to the default OpenSSL configuration file processing function. - pub fn default() -> ConfMethod { - unsafe { - ffi::init(); - // `NCONF` stands for "New Conf", as described in crypto/conf/conf_lib.c. This is - // a newer API than the "CONF classic" functions. - ConfMethod(ffi::NCONF_default()) - } - } - /// Construct from raw pointer. /// /// # Safety /// /// The caller must ensure that the pointer is valid. - pub unsafe fn from_ptr(ptr: *mut ffi::CONF_METHOD) -> ConfMethod { + pub unsafe fn from_ptr(ptr: *mut c_void) -> ConfMethod { ConfMethod(ptr) } /// Convert to raw pointer. - pub fn as_ptr(&self) -> *mut ffi::CONF_METHOD { + pub fn as_ptr(&self) -> *mut c_void { self.0 } } diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 337c7cb0..0b9103f7 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -75,34 +75,8 @@ impl Dh { /// [`d2i_DHparams`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_DHparams.html params_from_der, Dh, - ffi::d2i_DHparams - } - - /// Requires OpenSSL 1.0.2 or newer. - #[cfg(any(ossl102, ossl110))] - pub fn get_1024_160() -> Result, ErrorStack> { - unsafe { - ffi::init(); - cvt_p(ffi::DH_get_1024_160()).map(|p| Dh::from_ptr(p)) - } - } - - /// Requires OpenSSL 1.0.2 or newer. - #[cfg(any(ossl102, ossl110))] - pub fn get_2048_224() -> Result, ErrorStack> { - unsafe { - ffi::init(); - cvt_p(ffi::DH_get_2048_224()).map(|p| Dh::from_ptr(p)) - } - } - - /// Requires OpenSSL 1.0.2 or newer. - #[cfg(any(ossl102, ossl110))] - pub fn get_2048_256() -> Result, ErrorStack> { - unsafe { - ffi::init(); - cvt_p(ffi::DH_get_2048_256()).map(|p| Dh::from_ptr(p)) - } + ffi::d2i_DHparams, + ::libc::c_long } } diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index 2231a79e..6889f361 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -7,7 +7,7 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use libc::c_int; +use libc::{c_int, c_uint}; use std::fmt; use std::mem; use std::ptr; @@ -203,7 +203,7 @@ impl Dsa { let dsa = Dsa::from_ptr(cvt_p(ffi::DSA_new())?); cvt(ffi::DSA_generate_parameters_ex( dsa.0, - bits as c_int, + bits as c_uint, ptr::null(), 0, ptr::null_mut(), @@ -261,7 +261,8 @@ impl Dsa { /// [`d2i_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_DSA_PUBKEY.html public_key_from_der, Dsa, - ffi::d2i_DSA_PUBKEY + ffi::d2i_DSA_PUBKEY, + ::libc::c_long } /// Create a new DSA key with only public components. diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 23d4015d..b1f31e82 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -153,36 +153,6 @@ impl EcGroupRef { } } - /// Places the components of a curve over a binary field in the provided `BigNum`s. - /// The components make up the formula `y^2 + xy = x^3 + ax^2 + b`. - /// - /// In this form `p` relates to the irreducible polynomial. Each bit represents - /// a term in the polynomial. It will be set to 3 `1`s or 5 `1`s depending on - /// using a trinomial or pentanomial. - /// - /// OpenSSL documentation at [`EC_GROUP_get_curve_GF2m`]. - /// - /// [`EC_GROUP_get_curve_GF2m`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_curve_GF2m.html - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn components_gf2m( - &self, - p: &mut BigNumRef, - a: &mut BigNumRef, - b: &mut BigNumRef, - ctx: &mut BigNumContextRef, - ) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::EC_GROUP_get_curve_GF2m( - self.as_ptr(), - p.as_ptr(), - a.as_ptr(), - b.as_ptr(), - ctx.as_ptr(), - )) - .map(|_| ()) - } - } - /// Places the cofactor of the group in the provided `BigNum`. /// /// OpenSSL documentation at [`EC_GROUP_get_cofactor`] @@ -501,32 +471,6 @@ impl EcPointRef { .map(|_| ()) } } - - /// Place affine coordinates of a curve over a binary field in the provided - /// `x` and `y` `BigNum`s - /// - /// OpenSSL documentation at [`EC_POINT_get_affine_coordinates_GF2m`] - /// - /// [`EC_POINT_get_affine_coordinates_GF2m`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_get_affine_coordinates_GF2m.html - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn affine_coordinates_gf2m( - &self, - group: &EcGroupRef, - x: &mut BigNumRef, - y: &mut BigNumRef, - ctx: &mut BigNumContextRef, - ) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::EC_POINT_get_affine_coordinates_GF2m( - group.as_ptr(), - self.as_ptr(), - x.as_ptr(), - y.as_ptr(), - ctx.as_ptr(), - )) - .map(|_| ()) - } - } } impl EcPoint { @@ -822,7 +766,8 @@ impl EcKey { /// [`d2i_EC_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_EC_PUBKEY.html public_key_from_der, EcKey, - ffi::d2i_EC_PUBKEY + ffi::d2i_EC_PUBKEY, + ::libc::c_long } } @@ -903,7 +848,8 @@ impl EcKey { /// [`d2i_ECPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_ECPrivate_key.html private_key_from_der, EcKey, - ffi::d2i_ECPrivateKey + ffi::d2i_ECPrivateKey, + ::libc::c_long } } diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 1380e4cd..11881617 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -2,7 +2,7 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use libc::c_int; +use libc::{c_int, size_t}; use std::mem; use std::ptr; @@ -42,7 +42,7 @@ impl EcdsaSig { assert!(data.len() <= c_int::max_value() as usize); let sig = cvt_p(ffi::ECDSA_do_sign( data.as_ptr(), - data.len() as c_int, + data.len() as size_t, eckey.as_ptr(), ))?; Ok(EcdsaSig::from_ptr(sig as *mut _)) @@ -72,7 +72,8 @@ impl EcdsaSig { /// [`d2i_ECDSA_SIG`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_ECDSA_SIG.html from_der, EcdsaSig, - ffi::d2i_ECDSA_SIG + ffi::d2i_ECDSA_SIG, + ::libc::c_long } } @@ -100,7 +101,7 @@ impl EcdsaSigRef { assert!(data.len() <= c_int::max_value() as usize); cvt_n(ffi::ECDSA_do_verify( data.as_ptr(), - data.len() as c_int, + data.len() as size_t, self.as_ptr(), eckey.as_ptr(), )) diff --git a/openssl/src/envelope.rs b/openssl/src/envelope.rs deleted file mode 100644 index bd4e1b43..00000000 --- a/openssl/src/envelope.rs +++ /dev/null @@ -1,288 +0,0 @@ -//! Envelope encryption. -//! -//! # Example -//! -//! ```rust -//! -//! extern crate openssl; -//! -//! use openssl::rsa::Rsa; -//! use openssl::envelope::Seal; -//! use openssl::pkey::PKey; -//! use openssl::symm::Cipher; -//! -//! fn main() { -//! let rsa = Rsa::generate(2048).unwrap(); -//! let key = PKey::from_rsa(rsa).unwrap(); -//! -//! let cipher = Cipher::aes_256_cbc(); -//! let mut seal = Seal::new(cipher, &[key]).unwrap(); -//! -//! let secret = b"My secret message"; -//! let mut encrypted = vec![0; secret.len() + cipher.block_size()]; -//! -//! let mut enc_len = seal.update(secret, &mut encrypted).unwrap(); -//! enc_len += seal.finalize(&mut encrypted[enc_len..]).unwrap(); -//! encrypted.truncate(enc_len); -//! } -//! ``` -use error::ErrorStack; -use ffi; -use foreign_types::{ForeignType, ForeignTypeRef}; -use libc::c_int; -use pkey::{HasPrivate, HasPublic, PKey, PKeyRef}; -use std::cmp; -use std::ptr; -use symm::Cipher; -use {cvt, cvt_p}; - -/// Represents an EVP_Seal context. -pub struct Seal { - ctx: *mut ffi::EVP_CIPHER_CTX, - block_size: usize, - iv: Option>, - enc_keys: Vec>, -} - -impl Seal { - /// Creates a new `Seal`. - pub fn new(cipher: Cipher, pub_keys: &[PKey]) -> Result - where - T: HasPublic, - { - unsafe { - assert!(pub_keys.len() <= c_int::max_value() as usize); - - let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?; - let mut enc_key_ptrs = vec![]; - let mut pub_key_ptrs = vec![]; - let mut enc_keys = vec![]; - for key in pub_keys { - let mut enc_key = vec![0; key.size()]; - let enc_key_ptr = enc_key.as_mut_ptr(); - enc_keys.push(enc_key); - enc_key_ptrs.push(enc_key_ptr); - pub_key_ptrs.push(key.as_ptr()); - } - let mut iv = cipher.iv_len().map(|len| vec![0; len]); - let iv_ptr = iv.as_mut().map_or(ptr::null_mut(), |v| v.as_mut_ptr()); - let mut enc_key_lens = vec![0; enc_keys.len()]; - - cvt(ffi::EVP_SealInit( - ctx, - cipher.as_ptr(), - enc_key_ptrs.as_mut_ptr(), - enc_key_lens.as_mut_ptr(), - iv_ptr, - pub_key_ptrs.as_mut_ptr(), - pub_key_ptrs.len() as c_int, - ))?; - - for (buf, len) in enc_keys.iter_mut().zip(&enc_key_lens) { - buf.truncate(*len as usize); - } - - Ok(Seal { - ctx, - block_size: cipher.block_size(), - iv, - enc_keys, - }) - } - } - - /// Returns the initialization vector, if the cipher uses one. - #[allow(clippy::option_as_ref_deref)] - pub fn iv(&self) -> Option<&[u8]> { - self.iv.as_ref().map(|v| &**v) - } - - /// Returns the encrypted keys. - pub fn encrypted_keys(&self) -> &[Vec] { - &self.enc_keys - } - - /// Feeds data from `input` through the cipher, writing encrypted bytes into `output`. - /// - /// The number of bytes written to `output` is returned. Note that this may - /// not be equal to the length of `input`. - /// - /// # Panics - /// - /// Panics if `output.len() < input.len() + block_size` where `block_size` is - /// the block size of the cipher (see `Cipher::block_size`), or if - /// `output.len() > c_int::max_value()`. - pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result { - unsafe { - assert!(output.len() >= input.len() + self.block_size); - assert!(output.len() <= c_int::max_value() as usize); - let mut outl = output.len() as c_int; - let inl = input.len() as c_int; - cvt(ffi::EVP_EncryptUpdate( - self.ctx, - output.as_mut_ptr(), - &mut outl, - input.as_ptr(), - inl, - ))?; - Ok(outl as usize) - } - } - - /// Finishes the encryption process, writing any remaining data to `output`. - /// - /// The number of bytes written to `output` is returned. - /// - /// `update` should not be called after this method. - /// - /// # Panics - /// - /// Panics if `output` is less than the cipher's block size. - pub fn finalize(&mut self, output: &mut [u8]) -> Result { - unsafe { - assert!(output.len() >= self.block_size); - let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int; - - cvt(ffi::EVP_SealFinal(self.ctx, output.as_mut_ptr(), &mut outl))?; - - Ok(outl as usize) - } - } -} - -impl Drop for Seal { - fn drop(&mut self) { - unsafe { - ffi::EVP_CIPHER_CTX_free(self.ctx); - } - } -} - -/// Represents an EVP_Open context. -pub struct Open { - ctx: *mut ffi::EVP_CIPHER_CTX, - block_size: usize, -} - -impl Open { - /// Creates a new `Open`. - pub fn new( - cipher: Cipher, - priv_key: &PKeyRef, - iv: Option<&[u8]>, - encrypted_key: &[u8], - ) -> Result - where - T: HasPrivate, - { - unsafe { - assert!(encrypted_key.len() <= c_int::max_value() as usize); - match (cipher.iv_len(), iv) { - (Some(len), Some(iv)) => assert_eq!(len, iv.len(), "IV length mismatch"), - (None, None) => {} - (Some(_), None) => panic!("an IV was required but not provided"), - (None, Some(_)) => panic!("an IV was provided but not required"), - } - - let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?; - cvt(ffi::EVP_OpenInit( - ctx, - cipher.as_ptr(), - encrypted_key.as_ptr(), - encrypted_key.len() as c_int, - iv.map_or(ptr::null(), |v| v.as_ptr()), - priv_key.as_ptr(), - ))?; - Ok(Open { - ctx, - block_size: cipher.block_size(), - }) - } - } - - /// Feeds data from `input` through the cipher, writing decrypted bytes into `output`. - /// - /// The number of bytes written to `output` is returned. Note that this may - /// not be equal to the length of `input`. - /// - /// # Panics - /// - /// Panics if `output.len() < input.len() + block_size` where - /// `block_size` is the block size of the cipher (see `Cipher::block_size`), - /// or if `output.len() > c_int::max_value()`. - pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result { - unsafe { - assert!(output.len() >= input.len() + self.block_size); - assert!(output.len() <= c_int::max_value() as usize); - let mut outl = output.len() as c_int; - let inl = input.len() as c_int; - cvt(ffi::EVP_DecryptUpdate( - self.ctx, - output.as_mut_ptr(), - &mut outl, - input.as_ptr(), - inl, - ))?; - Ok(outl as usize) - } - } - - /// Finishes the decryption process, writing any remaining data to `output`. - /// - /// The number of bytes written to `output` is returned. - /// - /// `update` should not be called after this method. - /// - /// # Panics - /// - /// Panics if `output` is less than the cipher's block size. - pub fn finalize(&mut self, output: &mut [u8]) -> Result { - unsafe { - assert!(output.len() >= self.block_size); - let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int; - - cvt(ffi::EVP_OpenFinal(self.ctx, output.as_mut_ptr(), &mut outl))?; - - Ok(outl as usize) - } - } -} - -impl Drop for Open { - fn drop(&mut self) { - unsafe { - ffi::EVP_CIPHER_CTX_free(self.ctx); - } - } -} - -#[cfg(test)] -mod test { - use super::*; - use pkey::PKey; - use symm::Cipher; - - #[test] - fn public_encrypt_private_decrypt() { - let private_pem = include_bytes!("../test/rsa.pem"); - let public_pem = include_bytes!("../test/rsa.pem.pub"); - let private_key = PKey::private_key_from_pem(private_pem).unwrap(); - let public_key = PKey::public_key_from_pem(public_pem).unwrap(); - let cipher = Cipher::aes_256_cbc(); - let secret = b"My secret message"; - - let mut seal = Seal::new(cipher, &[public_key]).unwrap(); - let mut encrypted = vec![0; secret.len() + cipher.block_size()]; - let mut enc_len = seal.update(secret, &mut encrypted).unwrap(); - enc_len += seal.finalize(&mut encrypted[enc_len..]).unwrap(); - let iv = seal.iv(); - let encrypted_key = &seal.encrypted_keys()[0]; - - let mut open = Open::new(cipher, &private_key, iv, &encrypted_key).unwrap(); - let mut decrypted = vec![0; enc_len + cipher.block_size()]; - let mut dec_len = open.update(&encrypted[..enc_len], &mut decrypted).unwrap(); - dec_len += open.finalize(&mut decrypted[dec_len..]).unwrap(); - - assert_eq!(&secret[..], &decrypted[..dec_len]); - } -} diff --git a/openssl/src/error.rs b/openssl/src/error.rs index 55567e2b..9aea94de 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -15,7 +15,7 @@ //! Err(e) => println!("Parsing Error: {:?}", e), //! } //! ``` -use libc::{c_char, c_int, c_ulong}; +use libc::{c_char, c_uint, c_ulong}; use std::borrow::Cow; use std::error; use std::ffi::CStr; @@ -92,9 +92,9 @@ impl From for fmt::Error { /// An error reported from OpenSSL. #[derive(Clone)] pub struct Error { - code: c_ulong, + code: c_uint, file: *const c_char, - line: c_int, + line: c_uint, data: Option>, } @@ -116,14 +116,10 @@ impl Error { code => { // The memory referenced by data is only valid until that slot is overwritten // in the error stack, so we'll need to copy it off if it's dynamic - let data = if flags & ffi::ERR_TXT_STRING != 0 { + let data = if flags & ffi::ERR_FLAG_STRING != 0 { let bytes = CStr::from_ptr(data as *const _).to_bytes(); let data = str::from_utf8(bytes).unwrap(); - let data = if flags & ffi::ERR_TXT_MALLOCED != 0 { - Cow::Owned(data.to_string()) - } else { - Cow::Borrowed(data) - }; + let data = Cow::Owned(data.to_string()); Some(data) } else { None @@ -131,7 +127,7 @@ impl Error { Some(Error { code, file, - line, + line: line as c_uint, data, }) } @@ -149,32 +145,28 @@ impl Error { self.file, self.line, ); - let data = match self.data { - Some(Cow::Borrowed(data)) => Some((data.as_ptr() as *mut c_char, 0)), + let ptr = match self.data { + Some(Cow::Borrowed(data)) => Some(data.as_ptr() as *mut c_char), Some(Cow::Owned(ref data)) => { - let ptr = ffi::CRYPTO_malloc( - (data.len() + 1) as _, - concat!(file!(), "\0").as_ptr() as _, - line!() as _, - ) as *mut c_char; + let ptr = ffi::OPENSSL_malloc((data.len() + 1) as _) as *mut c_char; if ptr.is_null() { None } else { ptr::copy_nonoverlapping(data.as_ptr(), ptr as *mut u8, data.len()); *ptr.add(data.len()) = 0; - Some((ptr, ffi::ERR_TXT_MALLOCED)) + Some(ptr) } } None => None, }; - if let Some((ptr, flags)) = data { - ffi::ERR_set_error_data(ptr, flags | ffi::ERR_TXT_STRING); + if let Some(ptr) = ptr { + ffi::ERR_add_error_data(1, ptr); } } } /// Returns the raw OpenSSL error code for this error. - pub fn code(&self) -> c_ulong { + pub fn code(&self) -> c_uint { self.code } diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index 1136b6b1..51fe2e6a 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -46,10 +46,6 @@ impl MessageDigest { } } - pub fn null() -> MessageDigest { - unsafe { MessageDigest(ffi::EVP_md_null()) } - } - pub fn md5() -> MessageDigest { unsafe { MessageDigest(ffi::EVP_md5()) } } @@ -104,10 +100,6 @@ impl MessageDigest { unsafe { MessageDigest(ffi::EVP_shake256()) } } - pub fn ripemd160() -> MessageDigest { - unsafe { MessageDigest(ffi::EVP_ripemd160()) } - } - #[allow(clippy::trivially_copy_pass_by_ref)] pub fn as_ptr(&self) -> *const ffi::EVP_MD { self.0 diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index b4e647c0..30e61aea 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -129,7 +129,7 @@ extern crate tempdir; #[doc(inline)] pub use ffi::init; -use libc::c_int; +use libc::{c_int, size_t}; use error::ErrorStack; @@ -143,15 +143,12 @@ pub mod aes; pub mod asn1; pub mod base64; pub mod bn; -#[cfg(not(libressl))] -pub mod cms; pub mod conf; pub mod derive; pub mod dh; pub mod dsa; pub mod ec; pub mod ecdsa; -pub mod envelope; pub mod error; pub mod ex_data; #[cfg(not(libressl))] @@ -159,7 +156,6 @@ pub mod fips; pub mod hash; pub mod memcmp; pub mod nid; -pub mod ocsp; pub mod pkcs12; pub mod pkcs5; pub mod pkcs7; @@ -184,6 +180,14 @@ fn cvt_p(r: *mut T) -> Result<*mut T, ErrorStack> { } } +fn cvt_0(r: size_t) -> Result { + if r == 0 { + Err(ErrorStack::get()) + } else { + Ok(r) + } +} + fn cvt(r: c_int) -> Result { if r <= 0 { Err(ErrorStack::get()) diff --git a/openssl/src/macros.rs b/openssl/src/macros.rs index 06e3c019..8023d57e 100644 --- a/openssl/src/macros.rs +++ b/openssl/src/macros.rs @@ -103,12 +103,12 @@ macro_rules! to_der { } macro_rules! from_der { - ($(#[$m:meta])* $n:ident, $t:ty, $f:path) => { + ($(#[$m:meta])* $n:ident, $t:ty, $f:path, $len_ty:ty) => { $(#[$m])* pub fn $n(der: &[u8]) -> Result<$t, ::error::ErrorStack> { unsafe { ::ffi::init(); - let len = ::std::cmp::min(der.len(), ::libc::c_long::max_value() as usize) as ::libc::c_long; + let len = ::std::cmp::min(der.len(), <$len_ty>::max_value() as usize) as $len_ty; ::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len)) .map(|p| ::foreign_types::ForeignType::from_ptr(p)) } diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index cbff7f82..e9978ccc 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -105,10 +105,8 @@ impl Nid { pub const UNDEF: Nid = Nid(ffi::NID_undef); pub const ITU_T: Nid = Nid(ffi::NID_itu_t); - pub const CCITT: Nid = Nid(ffi::NID_ccitt); pub const ISO: Nid = Nid(ffi::NID_iso); pub const JOINT_ISO_ITU_T: Nid = Nid(ffi::NID_joint_iso_itu_t); - pub const JOINT_ISO_CCITT: Nid = Nid(ffi::NID_joint_iso_ccitt); pub const MEMBER_BODY: Nid = Nid(ffi::NID_member_body); pub const IDENTIFIED_ORGANIZATION: Nid = Nid(ffi::NID_identified_organization); pub const HMAC_MD5: Nid = Nid(ffi::NID_hmac_md5); diff --git a/openssl/src/ocsp.rs b/openssl/src/ocsp.rs deleted file mode 100644 index fbe02993..00000000 --- a/openssl/src/ocsp.rs +++ /dev/null @@ -1,355 +0,0 @@ -use ffi; -use foreign_types::ForeignTypeRef; -use libc::{c_int, c_long, c_ulong}; -use std::mem; -use std::ptr; - -use asn1::Asn1GeneralizedTimeRef; -use error::ErrorStack; -use hash::MessageDigest; -use stack::StackRef; -use x509::store::X509StoreRef; -use x509::{X509Ref, X509}; -use {cvt, cvt_p}; - -bitflags! { - pub struct OcspFlag: c_ulong { - const NO_CERTS = ffi::OCSP_NOCERTS; - const NO_INTERN = ffi::OCSP_NOINTERN; - const NO_CHAIN = ffi::OCSP_NOCHAIN; - const NO_VERIFY = ffi::OCSP_NOVERIFY; - const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT; - const NO_CA_SIGN = ffi::OCSP_NOCASIGN; - const NO_DELEGATED = ffi::OCSP_NODELEGATED; - const NO_CHECKS = ffi::OCSP_NOCHECKS; - const TRUST_OTHER = ffi::OCSP_TRUSTOTHER; - const RESPID_KEY = ffi::OCSP_RESPID_KEY; - const NO_TIME = ffi::OCSP_NOTIME; - } -} - -#[derive(Copy, Clone, Debug, PartialEq, Eq)] -pub struct OcspResponseStatus(c_int); - -impl OcspResponseStatus { - pub const SUCCESSFUL: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); - pub const MALFORMED_REQUEST: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); - pub const INTERNAL_ERROR: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); - pub const TRY_LATER: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); - pub const SIG_REQUIRED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); - pub const UNAUTHORIZED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); - - pub fn from_raw(raw: c_int) -> OcspResponseStatus { - OcspResponseStatus(raw) - } - - #[allow(clippy::trivially_copy_pass_by_ref)] - pub fn as_raw(&self) -> c_int { - self.0 - } -} - -#[derive(Copy, Clone, Debug, PartialEq, Eq)] -pub struct OcspCertStatus(c_int); - -impl OcspCertStatus { - pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); - pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); - pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); - - pub fn from_raw(raw: c_int) -> OcspCertStatus { - OcspCertStatus(raw) - } - - #[allow(clippy::trivially_copy_pass_by_ref)] - pub fn as_raw(&self) -> c_int { - self.0 - } -} - -#[derive(Copy, Clone, Debug, PartialEq, Eq)] -pub struct OcspRevokedStatus(c_int); - -impl OcspRevokedStatus { - pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); - pub const UNSPECIFIED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); - pub const KEY_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); - pub const CA_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); - pub const AFFILIATION_CHANGED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); - pub const STATUS_SUPERSEDED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); - pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); - pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); - pub const REMOVE_FROM_CRL: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); - - pub fn from_raw(raw: c_int) -> OcspRevokedStatus { - OcspRevokedStatus(raw) - } - - #[allow(clippy::trivially_copy_pass_by_ref)] - pub fn as_raw(&self) -> c_int { - self.0 - } -} - -pub struct OcspStatus<'a> { - /// The overall status of the response. - pub status: OcspCertStatus, - /// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation. - pub reason: OcspRevokedStatus, - /// If `status` is `CERT_STATUS_REVOKED`, the time at which the certificate was revoked. - pub revocation_time: Option<&'a Asn1GeneralizedTimeRef>, - /// The time that this revocation check was performed. - pub this_update: &'a Asn1GeneralizedTimeRef, - /// The time at which this revocation check expires. - pub next_update: &'a Asn1GeneralizedTimeRef, -} - -impl<'a> OcspStatus<'a> { - /// Checks validity of the `this_update` and `next_update` fields. - /// - /// The `nsec` parameter specifies an amount of slack time that will be used when comparing - /// those times with the current time to account for delays and clock skew. - /// - /// The `maxsec` parameter limits the maximum age of the `this_update` parameter to prohibit - /// very old responses. - pub fn check_validity(&self, nsec: u32, maxsec: Option) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::OCSP_check_validity( - self.this_update.as_ptr(), - self.next_update.as_ptr(), - nsec as c_long, - maxsec.map(|n| n as c_long).unwrap_or(-1), - )) - .map(|_| ()) - } - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::OCSP_BASICRESP; - fn drop = ffi::OCSP_BASICRESP_free; - - pub struct OcspBasicResponse; - pub struct OcspBasicResponseRef; -} - -impl OcspBasicResponseRef { - /// Verifies the validity of the response. - /// - /// The `certs` parameter contains a set of certificates that will be searched when locating the - /// OCSP response signing certificate. Some responders do not include this in the response. - pub fn verify( - &self, - certs: &StackRef, - store: &X509StoreRef, - flags: OcspFlag, - ) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::OCSP_basic_verify( - self.as_ptr(), - certs.as_ptr(), - store.as_ptr(), - flags.bits(), - )) - .map(|_| ()) - } - } - - /// Looks up the status for the specified certificate ID. - pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option> { - unsafe { - let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN; - let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS; - let mut revocation_time = ptr::null_mut(); - let mut this_update = ptr::null_mut(); - let mut next_update = ptr::null_mut(); - - let r = ffi::OCSP_resp_find_status( - self.as_ptr(), - id.as_ptr(), - &mut status, - &mut reason, - &mut revocation_time, - &mut this_update, - &mut next_update, - ); - if r == 1 { - let revocation_time = if revocation_time.is_null() { - None - } else { - Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time)) - }; - - Some(OcspStatus { - status: OcspCertStatus(status), - reason: OcspRevokedStatus(status), - revocation_time, - this_update: Asn1GeneralizedTimeRef::from_ptr(this_update), - next_update: Asn1GeneralizedTimeRef::from_ptr(next_update), - }) - } else { - None - } - } - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::OCSP_CERTID; - fn drop = ffi::OCSP_CERTID_free; - - pub struct OcspCertId; - pub struct OcspCertIdRef; -} - -impl OcspCertId { - /// Constructs a certificate ID for certificate `subject`. - pub fn from_cert( - digest: MessageDigest, - subject: &X509Ref, - issuer: &X509Ref, - ) -> Result { - unsafe { - cvt_p(ffi::OCSP_cert_to_id( - digest.as_ptr(), - subject.as_ptr(), - issuer.as_ptr(), - )) - .map(OcspCertId) - } - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::OCSP_RESPONSE; - fn drop = ffi::OCSP_RESPONSE_free; - - pub struct OcspResponse; - pub struct OcspResponseRef; -} - -impl OcspResponse { - /// Creates an OCSP response from the status and optional body. - /// - /// A body should only be provided if `status` is `RESPONSE_STATUS_SUCCESSFUL`. - pub fn create( - status: OcspResponseStatus, - body: Option<&OcspBasicResponseRef>, - ) -> Result { - unsafe { - ffi::init(); - - cvt_p(ffi::OCSP_response_create( - status.as_raw(), - body.map(|r| r.as_ptr()).unwrap_or(ptr::null_mut()), - )) - .map(OcspResponse) - } - } - - from_der! { - /// Deserializes a DER-encoded OCSP response. - /// - /// This corresponds to [`d2i_OCSP_RESPONSE`]. - /// - /// [`d2i_OCSP_RESPONSE`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_OCSP_RESPONSE.html - from_der, - OcspResponse, - ffi::d2i_OCSP_RESPONSE - } -} - -impl OcspResponseRef { - to_der! { - /// Serializes the response to its standard DER encoding. - /// - /// This corresponds to [`i2d_OCSP_RESPONSE`]. - /// - /// [`i2d_OCSP_RESPONSE`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_OCSP_RESPONSE.html - to_der, - ffi::i2d_OCSP_RESPONSE - } - - /// Returns the status of the response. - pub fn status(&self) -> OcspResponseStatus { - unsafe { OcspResponseStatus(ffi::OCSP_response_status(self.as_ptr())) } - } - - /// Returns the basic response. - /// - /// This will only succeed if `status()` returns `RESPONSE_STATUS_SUCCESSFUL`. - pub fn basic(&self) -> Result { - unsafe { cvt_p(ffi::OCSP_response_get1_basic(self.as_ptr())).map(OcspBasicResponse) } - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::OCSP_REQUEST; - fn drop = ffi::OCSP_REQUEST_free; - - pub struct OcspRequest; - pub struct OcspRequestRef; -} - -impl OcspRequest { - pub fn new() -> Result { - unsafe { - ffi::init(); - - cvt_p(ffi::OCSP_REQUEST_new()).map(OcspRequest) - } - } - - from_der! { - /// Deserializes a DER-encoded OCSP request. - /// - /// This corresponds to [`d2i_OCSP_REQUEST`]. - /// - /// [`d2i_OCSP_REQUEST`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_OCSP_REQUEST.html - from_der, - OcspRequest, - ffi::d2i_OCSP_REQUEST - } -} - -impl OcspRequestRef { - to_der! { - /// Serializes the request to its standard DER encoding. - /// - /// This corresponds to [`i2d_OCSP_REQUEST`]. - /// - /// [`i2d_OCSP_REQUEST`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_OCSP_REQUEST.html - to_der, - ffi::i2d_OCSP_REQUEST - } - - pub fn add_id(&mut self, id: OcspCertId) -> Result<&mut OcspOneReqRef, ErrorStack> { - unsafe { - let ptr = cvt_p(ffi::OCSP_request_add0_id(self.as_ptr(), id.as_ptr()))?; - mem::forget(id); - Ok(OcspOneReqRef::from_ptr_mut(ptr)) - } - } -} - -foreign_type_and_impl_send_sync! { - type CType = ffi::OCSP_ONEREQ; - fn drop = ffi::OCSP_ONEREQ_free; - - pub struct OcspOneReq; - pub struct OcspOneReqRef; -} diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index 2656cb48..87f87f95 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -13,6 +13,8 @@ use stack::Stack; use x509::{X509Ref, X509}; use {cvt, cvt_p}; +pub const PKCS12_DEFAULT_ITER: c_int = 2048; + foreign_type_and_impl_send_sync! { type CType = ffi::PKCS12; fn drop = ffi::PKCS12_free; @@ -72,7 +74,8 @@ impl Pkcs12 { /// [`d2i_PKCS12`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PKCS12.html from_der, Pkcs12, - ffi::d2i_PKCS12 + ffi::d2i_PKCS12, + ::libc::size_t } /// Creates a new builder for a protected pkcs12 certificate. @@ -89,8 +92,8 @@ impl Pkcs12 { Pkcs12Builder { nid_key: Nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC, nid_cert: Nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC, - iter: ffi::PKCS12_DEFAULT_ITER, - mac_iter: ffi::PKCS12_DEFAULT_ITER, + iter: PKCS12_DEFAULT_ITER, + mac_iter: PKCS12_DEFAULT_ITER, ca: None, } } diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs index 5c25f3d1..f43af27b 100644 --- a/openssl/src/pkcs5.rs +++ b/openssl/src/pkcs5.rs @@ -1,5 +1,5 @@ use ffi; -use libc::c_int; +use libc::{c_int, c_uint}; use std::ptr; use cvt; @@ -29,13 +29,14 @@ pub fn bytes_to_key( digest: MessageDigest, data: &[u8], salt: Option<&[u8]>, - count: i32, + count: u32, ) -> Result { unsafe { assert!(data.len() <= c_int::max_value() as usize); let salt_ptr = match salt { Some(salt) => { - assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); + pub const PKCS5_SALT_LEN: c_int = 8; + assert_eq!(salt.len(), PKCS5_SALT_LEN as usize); salt.as_ptr() } None => ptr::null(), @@ -53,8 +54,8 @@ pub fn bytes_to_key( digest, salt_ptr, ptr::null(), - data.len() as c_int, - count.into(), + data.len(), + count, ptr::null_mut(), ptr::null_mut(), ))?; @@ -70,8 +71,8 @@ pub fn bytes_to_key( digest, salt_ptr, data.as_ptr(), - data.len() as c_int, - count as c_int, + data.len(), + count, key.as_mut_ptr(), iv_ptr, ))?; @@ -96,12 +97,12 @@ pub fn pbkdf2_hmac( ffi::init(); cvt(ffi::PKCS5_PBKDF2_HMAC( pass.as_ptr() as *const _, - pass.len() as c_int, + pass.len(), salt.as_ptr(), - salt.len() as c_int, - iter as c_int, + salt.len(), + iter as c_uint, hash.as_ptr(), - key.len() as c_int, + key.len(), key.as_mut_ptr(), )) .map(|_| ()) @@ -118,7 +119,7 @@ pub fn scrypt( n: u64, r: u64, p: u64, - maxmem: u64, + maxmem: usize, key: &mut [u8], ) -> Result<(), ErrorStack> { unsafe { diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index 7820739c..c6249dd8 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -36,12 +36,7 @@ bitflags! { const BINARY = ffi::PKCS7_BINARY; const NOATTR = ffi::PKCS7_NOATTR; const NOSMIMECAP = ffi::PKCS7_NOSMIMECAP; - const NOOLDMIMETYPE = ffi::PKCS7_NOOLDMIMETYPE; - const CRLFEOL = ffi::PKCS7_CRLFEOL; const STREAM = ffi::PKCS7_STREAM; - const NOCRL = ffi::PKCS7_NOCRL; - const PARTIAL = ffi::PKCS7_PARTIAL; - const REUSE_DIGEST = ffi::PKCS7_REUSE_DIGEST; #[cfg(not(any(ossl101, ossl102, libressl)))] const NO_DUAL_CONTENT = ffi::PKCS7_NO_DUAL_CONTENT; } @@ -69,61 +64,8 @@ impl Pkcs7 { /// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html from_der, Pkcs7, - ffi::d2i_PKCS7 - } - - /// Parses a message in S/MIME format. - /// - /// Returns the loaded signature, along with the cleartext message (if - /// available). - /// - /// This corresponds to [`SMIME_read_PKCS7`]. - /// - /// [`SMIME_read_PKCS7`]: https://www.openssl.org/docs/man1.1.0/crypto/SMIME_read_PKCS7.html - pub fn from_smime(input: &[u8]) -> Result<(Pkcs7, Option>), ErrorStack> { - ffi::init(); - - let input_bio = MemBioSlice::new(input)?; - let mut bcont_bio = ptr::null_mut(); - unsafe { - let pkcs7 = - cvt_p(ffi::SMIME_read_PKCS7(input_bio.as_ptr(), &mut bcont_bio)).map(Pkcs7)?; - let out = if !bcont_bio.is_null() { - let bcont_bio = MemBio::from_ptr(bcont_bio); - Some(bcont_bio.get_buf().to_vec()) - } else { - None - }; - Ok((pkcs7, out)) - } - } - - /// Creates and returns a PKCS#7 `envelopedData` structure. - /// - /// `certs` is a list of recipient certificates. `input` is the content to be - /// encrypted. `cipher` is the symmetric cipher to use. `flags` is an optional - /// set of flags. - /// - /// This corresponds to [`PKCS7_encrypt`]. - /// - /// [`PKCS7_encrypt`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_encrypt.html - pub fn encrypt( - certs: &StackRef, - input: &[u8], - cipher: Cipher, - flags: Pkcs7Flags, - ) -> Result { - let input_bio = MemBioSlice::new(input)?; - - unsafe { - cvt_p(ffi::PKCS7_encrypt( - certs.as_ptr(), - input_bio.as_ptr(), - cipher.as_ptr(), - flags.bits, - )) - .map(Pkcs7) - } + ffi::d2i_PKCS7, + ::libc::size_t } /// Creates and returns a PKCS#7 `signedData` structure. @@ -161,25 +103,6 @@ impl Pkcs7 { } impl Pkcs7Ref { - /// Converts PKCS#7 structure to S/MIME format - /// - /// This corresponds to [`SMIME_write_PKCS7`]. - /// - /// [`SMIME_write_PKCS7`]: https://www.openssl.org/docs/man1.1.0/crypto/SMIME_write_PKCS7.html - pub fn to_smime(&self, input: &[u8], flags: Pkcs7Flags) -> Result, ErrorStack> { - let input_bio = MemBioSlice::new(input)?; - let output = MemBio::new()?; - unsafe { - cvt(ffi::SMIME_write_PKCS7( - output.as_ptr(), - self.as_ptr(), - input_bio.as_ptr(), - flags.bits, - )) - .map(|_| output.get_buf().to_owned()) - } - } - to_pem! { /// Serializes the data into a PEM-encoded PKCS#7 structure. /// @@ -201,85 +124,6 @@ impl Pkcs7Ref { to_der, ffi::i2d_PKCS7 } - - /// Decrypts data using the provided private key. - /// - /// `pkey` is the recipient's private key, and `cert` is the recipient's - /// certificate. - /// - /// Returns the decrypted message. - /// - /// This corresponds to [`PKCS7_decrypt`]. - /// - /// [`PKCS7_decrypt`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_decrypt.html - pub fn decrypt( - &self, - pkey: &PKeyRef, - cert: &X509Ref, - flags: Pkcs7Flags, - ) -> Result, ErrorStack> - where - PT: HasPrivate, - { - let output = MemBio::new()?; - - unsafe { - cvt(ffi::PKCS7_decrypt( - self.as_ptr(), - pkey.as_ptr(), - cert.as_ptr(), - output.as_ptr(), - flags.bits, - )) - .map(|_| output.get_buf().to_owned()) - } - } - - /// Verifies the PKCS#7 `signedData` structure contained by `&self`. - /// - /// `certs` is a set of certificates in which to search for the signer's - /// certificate. `store` is a trusted certificate store (used for chain - /// verification). `indata` is the signed data if the content is not present - /// in `&self`. The content is written to `out` if it is not `None`. - /// - /// This corresponds to [`PKCS7_verify`]. - /// - /// [`PKCS7_verify`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_verify.html - pub fn verify( - &self, - certs: &StackRef, - store: &X509StoreRef, - indata: Option<&[u8]>, - out: Option<&mut Vec>, - flags: Pkcs7Flags, - ) -> Result<(), ErrorStack> { - let out_bio = MemBio::new()?; - - let indata_bio = match indata { - Some(data) => Some(MemBioSlice::new(data)?), - None => None, - }; - let indata_bio_ptr = indata_bio.as_ref().map_or(ptr::null_mut(), |p| p.as_ptr()); - - unsafe { - cvt(ffi::PKCS7_verify( - self.as_ptr(), - certs.as_ptr(), - store.as_ptr(), - indata_bio_ptr, - out_bio.as_ptr(), - flags.bits, - )) - .map(|_| ())? - } - - if let Some(data) = out { - data.clear(); - data.extend_from_slice(out_bio.get_buf()); - } - - Ok(()) - } } #[cfg(test)] diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index ff0746ff..7ff28a63 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -79,7 +79,6 @@ pub struct Id(c_int); impl Id { pub const RSA: Id = Id(ffi::EVP_PKEY_RSA); - pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC); pub const DSA: Id = Id(ffi::EVP_PKEY_DSA); pub const DH: Id = Id(ffi::EVP_PKEY_DH); pub const EC: Id = Id(ffi::EVP_PKEY_EC); @@ -295,7 +294,6 @@ impl fmt::Debug for PKey { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { let alg = match self.id() { Id::RSA => "RSA", - Id::HMAC => "HMAC", Id::DSA => "DSA", Id::DH => "DH", Id::EC => "EC", @@ -395,87 +393,6 @@ impl PKey { } impl PKey { - /// Creates a new `PKey` containing an HMAC key. - /// - /// # Note - /// - /// To compute HMAC values, use the `sign` module. - pub fn hmac(key: &[u8]) -> Result, ErrorStack> { - unsafe { - assert!(key.len() <= c_int::max_value() as usize); - let key = cvt_p(ffi::EVP_PKEY_new_mac_key( - ffi::EVP_PKEY_HMAC, - ptr::null_mut(), - key.as_ptr() as *const _, - key.len() as c_int, - ))?; - Ok(PKey::from_ptr(key)) - } - } - - /// Creates a new `PKey` containing a CMAC key. - /// - /// Requires OpenSSL 1.1.0 or newer. - /// - /// # Note - /// - /// To compute CMAC values, use the `sign` module. - #[cfg(ossl110)] - #[allow(clippy::trivially_copy_pass_by_ref)] - pub fn cmac(cipher: &Cipher, key: &[u8]) -> Result, ErrorStack> { - unsafe { - assert!(key.len() <= c_int::max_value() as usize); - let kctx = cvt_p(ffi::EVP_PKEY_CTX_new_id( - ffi::EVP_PKEY_CMAC, - ptr::null_mut(), - ))?; - - let ret = (|| { - cvt(ffi::EVP_PKEY_keygen_init(kctx))?; - - // Set cipher for cmac - cvt(ffi::EVP_PKEY_CTX_ctrl( - kctx, - -1, - ffi::EVP_PKEY_OP_KEYGEN, - ffi::EVP_PKEY_CTRL_CIPHER, - 0, - cipher.as_ptr() as *mut _, - ))?; - - // Set the key data - cvt(ffi::EVP_PKEY_CTX_ctrl( - kctx, - -1, - ffi::EVP_PKEY_OP_KEYGEN, - ffi::EVP_PKEY_CTRL_SET_MAC_KEY, - key.len() as c_int, - key.as_ptr() as *mut _, - ))?; - Ok(()) - })(); - - if let Err(e) = ret { - // Free memory - ffi::EVP_PKEY_CTX_free(kctx); - return Err(e); - } - - // Generate key - let mut key = ptr::null_mut(); - let ret = cvt(ffi::EVP_PKEY_keygen(kctx, &mut key)); - - // Free memory - ffi::EVP_PKEY_CTX_free(kctx); - - if let Err(e) = ret { - return Err(e); - } - - Ok(PKey::from_ptr(key)) - } - } - #[cfg(ossl110)] fn generate_eddsa(nid: c_int) -> Result, ErrorStack> { unsafe { @@ -561,7 +478,8 @@ impl PKey { /// [`d2i_AutoPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_AutoPrivateKey.html private_key_from_der, PKey, - ffi::d2i_AutoPrivateKey + ffi::d2i_AutoPrivateKey, + ::libc::c_long } /// Deserializes a DER-formatted PKCS#8 unencrypted private key. @@ -655,7 +573,8 @@ impl PKey { /// [`d2i_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PUBKEY.html public_key_from_der, PKey, - ffi::d2i_PUBKEY + ffi::d2i_PUBKEY, + ::libc::c_long } } diff --git a/openssl/src/rand.rs b/openssl/src/rand.rs index 88011de7..9c2bdfe8 100644 --- a/openssl/src/rand.rs +++ b/openssl/src/rand.rs @@ -36,7 +36,7 @@ pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { ffi::init(); assert!(buf.len() <= c_int::max_value() as usize); - cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ()) + cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len())).map(|_| ()) } } diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 08a5d957..745665a3 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -40,6 +40,22 @@ use error::ErrorStack; use pkey::{HasPrivate, HasPublic, Private, Public}; use {cvt, cvt_n, cvt_p}; +pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; +pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; +pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; +pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; +pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; +pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; +pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; + +pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN + | EVP_PKEY_OP_VERIFY + | EVP_PKEY_OP_VERIFYRECOVER + | EVP_PKEY_OP_SIGNCTX + | EVP_PKEY_OP_VERIFYCTX; + +pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT; + /// Type of encryption padding to use. /// /// Random length padding is primarily used to prevent attackers from @@ -145,7 +161,7 @@ where unsafe { let len = cvt_n(ffi::RSA_private_decrypt( - from.len() as c_int, + from.len(), from.as_ptr(), to.as_mut_ptr(), self.as_ptr(), @@ -172,7 +188,7 @@ where unsafe { let len = cvt_n(ffi::RSA_private_encrypt( - from.len() as c_int, + from.len(), from.as_ptr(), to.as_mut_ptr(), self.as_ptr(), @@ -370,7 +386,7 @@ where unsafe { let len = cvt_n(ffi::RSA_public_decrypt( - from.len() as c_int, + from.len(), from.as_ptr(), to.as_mut_ptr(), self.as_ptr(), @@ -396,7 +412,7 @@ where unsafe { let len = cvt_n(ffi::RSA_public_encrypt( - from.len() as c_int, + from.len(), from.as_ptr(), to.as_mut_ptr(), self.as_ptr(), @@ -486,7 +502,8 @@ impl Rsa { /// [`d2i_RSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html public_key_from_der, Rsa, - ffi::d2i_RSA_PUBKEY + ffi::d2i_RSA_PUBKEY, + ::libc::c_long } from_der! { @@ -497,7 +514,8 @@ impl Rsa { /// [`d2i_RSAPublicKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html public_key_from_der_pkcs1, Rsa, - ffi::d2i_RSAPublicKey + ffi::d2i_RSAPublicKey, + ::libc::c_long } } @@ -665,7 +683,8 @@ impl Rsa { /// [`d2i_RSAPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html private_key_from_der, Rsa, - ffi::d2i_RSAPrivateKey + ffi::d2i_RSAPrivateKey, + ::libc::c_long } } diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 5de21ccb..2fcf8aac 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -488,6 +488,8 @@ pub extern "C" fn raw_cookie_generate( where F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, { + pub const DTLS1_COOKIE_LENGTH: c_uint = 256; + unsafe { let ssl = SslRef::from_ptr_mut(ssl); let callback = ssl @@ -496,8 +498,7 @@ where .expect("BUG: cookie generate callback missing") as *const F; // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for // compatibility. See comments in dtls1.h. - let slice = - slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1); + let slice = slice::from_raw_parts_mut(cookie as *mut u8, DTLS1_COOKIE_LENGTH as usize - 1); match (*callback)(ssl, slice) { Ok(len) => { *cookie_len = len as c_uint; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index e69b3ca5..563f9c41 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -63,6 +63,7 @@ use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void}; use std::any::TypeId; use std::cmp; use std::collections::HashMap; +use std::convert::TryInto; use std::ffi::{CStr, CString}; use std::fmt; use std::io; @@ -133,7 +134,7 @@ pub fn cipher_name(std_name: &str) -> &'static str { bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslOptions: c_ulong { + pub struct SslOptions: c_uint { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; @@ -145,13 +146,6 @@ bitflags! { /// Only affects DTLS connections. const NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU; - /// Enables Cookie Exchange as described in [RFC 4347 Section 4.2.1]. - /// - /// Only affects DTLS connections. - /// - /// [RFC 4347 Section 4.2.1]: https://tools.ietf.org/html/rfc4347#section-4.2.1 - const COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE; - /// Disables the use of session tickets for session resumption. const NO_TICKET = ffi::SSL_OP_NO_TICKET; @@ -218,24 +212,6 @@ bitflags! { #[cfg(any(ossl102, ossl110))] const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; - /// Disables the use of all (D)TLS protocol versions. - /// - /// This can be used as a mask when whitelisting protocol versions. - /// - /// Requires OpenSSL 1.0.2 or newer. - /// - /// # Examples - /// - /// Only support TLSv1.2: - /// - /// ```rust - /// use openssl::ssl::SslOptions; - /// - /// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2; - /// ``` - #[cfg(any(ossl102, ossl110))] - const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK; - /// Disallow all renegotiation in TLSv1.2 and earlier. /// /// Requires OpenSSL 1.1.0h or newer. @@ -253,7 +229,7 @@ bitflags! { bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslMode: c_long { + pub struct SslMode: c_uint { /// Enables "short writes". /// /// Normally, a write in OpenSSL will always write out all of the requested data, even if it @@ -380,7 +356,7 @@ bitflags! { bitflags! { /// Options controlling the behavior of session caching. - pub struct SslSessionCacheMode: c_long { + pub struct SslSessionCacheMode: c_int { /// No session caching for the client or server takes place. const OFF = ffi::SSL_SESS_CACHE_OFF; @@ -592,7 +568,7 @@ impl ClientHelloResponse { /// An SSL/TLS protocol version. #[derive(Debug, Copy, Clone, PartialEq, Eq)] -pub struct SslVersion(c_int); +pub struct SslVersion(u16); impl SslVersion { /// SSLv3 @@ -736,7 +712,6 @@ impl SslContextBuilder { ffi::SSL_CTX_set_tlsext_servername_arg(self.as_ptr(), arg); let f: extern "C" fn(_, _, _) -> _ = raw_sni::; - let f: extern "C" fn() = mem::transmute(f); ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(f)); } } @@ -796,7 +771,7 @@ impl SslContextBuilder { /// [`SSL_CTX_set_read_ahead`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_read_ahead.html pub fn set_read_ahead(&mut self, read_ahead: bool) { unsafe { - ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_long); + ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_int); } } @@ -944,7 +919,7 @@ impl SslContextBuilder { cvt(ffi::SSL_CTX_set_session_id_context( self.as_ptr(), sid_ctx.as_ptr(), - sid_ctx.len() as c_uint, + sid_ctx.len(), )) .map(|_| ()) } @@ -1579,38 +1554,6 @@ impl SslContextBuilder { } } - /// Sets the callback for generating a DTLSv1 cookie - /// - /// The callback will be called with the SSL context and a slice into which the cookie - /// should be written. The callback should return the number of bytes written. - /// - /// This corresponds to `SSL_CTX_set_cookie_generate_cb`. - pub fn set_cookie_generate_cb(&mut self, callback: F) - where - F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, - { - unsafe { - self.set_ex_data(SslContext::cached_ex_index::(), callback); - ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::)); - } - } - - /// Sets the callback for verifying a DTLSv1 cookie - /// - /// The callback will be called with the SSL context and the cookie supplied by the - /// client. It should return true if and only if the cookie is valid. - /// - /// This corresponds to `SSL_CTX_set_cookie_verify_cb`. - pub fn set_cookie_verify_cb(&mut self, callback: F) - where - F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, - { - unsafe { - self.set_ex_data(SslContext::cached_ex_index::(), callback); - ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::)); - } - } - /// Sets the extra data at the specified index. /// /// This can be used to provide data to callbacks registered with the context. Use the @@ -1739,7 +1682,7 @@ impl SslContextBuilder { /// /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html #[allow(clippy::useless_conversion)] - pub fn set_session_cache_size(&mut self, size: i32) -> i64 { + pub fn set_session_cache_size(&mut self, size: u64) -> u64 { unsafe { ffi::SSL_CTX_sess_set_cache_size(self.as_ptr(), size.into()).into() } } @@ -1759,21 +1702,6 @@ impl SslContextBuilder { } } - /// Sets the context's supported elliptic curve groups. - /// - /// This corresponds to [`SSL_CTX_set1_groups_list`]. - /// - /// Requires OpenSSL 1.1.1 or newer. - /// - /// [`SSL_CTX_set1_groups_list`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html - #[cfg(ossl111)] - pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { - let groups = CString::new(groups).unwrap(); - unsafe { - cvt(ffi::SSL_CTX_set1_groups_list(self.as_ptr(), groups.as_ptr()) as c_int).map(|_| ()) - } - } - /// Consumes the builder, returning a new `SslContext`. pub fn build(self) -> SslContext { self.0 @@ -1981,7 +1909,7 @@ impl SslContextRef { /// /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html #[allow(clippy::useless_conversion)] - pub fn session_cache_size(&self) -> i64 { + pub fn session_cache_size(&self) -> u64 { unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() } } @@ -2191,7 +2119,8 @@ impl SslSession { /// [`d2i_SSL_SESSION`]: https://www.openssl.org/docs/man1.0.2/ssl/d2i_SSL_SESSION.html from_der, SslSession, - ffi::d2i_SSL_SESSION + ffi::d2i_SSL_SESSION, + ::libc::c_long } } @@ -2258,8 +2187,8 @@ impl SslSessionRef { /// /// [`SSL_SESSION_get_time`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html #[allow(clippy::useless_conversion)] - pub fn time(&self) -> i64 { - unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()).into() } + pub fn time(&self) -> u64 { + unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()) } } /// Returns the sessions timeout, in seconds. @@ -2270,8 +2199,8 @@ impl SslSessionRef { /// /// [`SSL_SESSION_get_timeout`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html #[allow(clippy::useless_conversion)] - pub fn timeout(&self) -> i64 { - unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()).into() } + pub fn timeout(&self) -> u32 { + unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()) } } /// Returns the session's TLS protocol version. @@ -2664,30 +2593,6 @@ impl SslRef { } } - /// Returns the verified certificate chain of the peer, including the leaf certificate. - /// - /// If verification was not successful (i.e. [`verify_result`] does not return - /// [`X509VerifyResult::OK`]), this chain may be incomplete or invalid. - /// - /// Requires OpenSSL 1.1.0 or newer. - /// - /// This corresponds to [`SSL_get0_verified_chain`]. - /// - /// [`verify_result`]: #method.verify_result - /// [`X509VerifyResult::OK`]: ../x509/struct.X509VerifyResult.html#associatedconstant.OK - /// [`SSL_get0_verified_chain`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get0_verified_chain.html - #[cfg(ossl110)] - pub fn verified_chain(&self) -> Option<&StackRef> { - unsafe { - let ptr = ffi::SSL_get0_verified_chain(self.as_ptr()); - if ptr.is_null() { - None - } else { - Some(StackRef::from_ptr(ptr)) - } - } - } - /// Like [`SslContext::certificate`]. /// /// This corresponds to `SSL_get_certificate`. @@ -2736,7 +2641,7 @@ impl SslRef { if r == 0 { None } else { - Some(SslVersion(r)) + r.try_into().ok().map(SslVersion) } } } @@ -3091,7 +2996,7 @@ impl SslRef { /// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html pub fn ocsp_status(&self) -> Option<&[u8]> { unsafe { - let mut p = ptr::null_mut(); + let mut p = ptr::null(); let len = ffi::SSL_get_tlsext_status_ocsp_resp(self.as_ptr(), &mut p); if len < 0 { @@ -3110,16 +3015,12 @@ impl SslRef { pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { unsafe { assert!(response.len() <= c_int::max_value() as usize); - let p = cvt_p(ffi::CRYPTO_malloc( - response.len() as _, - concat!(file!(), "\0").as_ptr() as *const _, - line!() as c_int, - ))?; + let p = cvt_p(ffi::OPENSSL_malloc(response.len() as _))?; ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len()); cvt(ffi::SSL_set_tlsext_status_ocsp_resp( self.as_ptr(), p as *mut c_uchar, - response.len() as c_long, + response.len(), ) as c_int) .map(|_| ()) } @@ -3373,7 +3274,7 @@ impl SslRef { /// /// This corresponds to `SSL_set_mtu`. pub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::SSL_set_mtu(self.as_ptr(), mtu as c_long) as c_int).map(|_| ()) } + unsafe { cvt(ffi::SSL_set_mtu(self.as_ptr(), mtu as c_uint) as c_int).map(|_| ()) } } } @@ -4001,50 +3902,25 @@ cfg_if! { }; } } -cfg_if! { - if #[cfg(ossl110)] { - unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index( - ffi::CRYPTO_EX_INDEX_SSL_CTX, - 0, - ptr::null_mut(), - None, - None, - Some(f), - ) - } - unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index( - ffi::CRYPTO_EX_INDEX_SSL, - 0, - ptr::null_mut(), - None, - None, - Some(f), - ) - } - } else { - use std::sync::Once; +use std::sync::Once; - unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { - // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest - static ONCE: Once = Once::new(); - ONCE.call_once(|| { - ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, None); - }); +unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { + // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest + static ONCE: Once = Once::new(); + ONCE.call_once(|| { + ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None); + }); - ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) - } - - unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { - // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest - static ONCE: Once = Once::new(); - ONCE.call_once(|| { - ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, None); - }); - - ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) - } - } + ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, Some(f)) +} + +unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { + // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest + static ONCE: Once = Once::new(); + ONCE.call_once(|| { + ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None); + }); + + ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, Some(f)) } diff --git a/openssl/src/stack.rs b/openssl/src/stack.rs index 4e00318d..54e76169 100644 --- a/openssl/src/stack.rs +++ b/openssl/src/stack.rs @@ -1,6 +1,6 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; -use libc::c_int; +use libc::{c_int, size_t}; use std::borrow::Borrow; use std::convert::AsRef; use std::fmt; @@ -10,22 +10,13 @@ use std::mem; use std::ops::{Deref, DerefMut, Index, IndexMut, Range}; use error::ErrorStack; -use {cvt, cvt_p}; +use {cvt, cvt_0, cvt_p}; -cfg_if! { - if #[cfg(ossl110)] { - use ffi::{ - OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, - OPENSSL_sk_new_null, OPENSSL_sk_push, - }; - } else { - use ffi::{ - sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num, - sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK, - sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push, - }; - } -} +use ffi::{ + sk_free as OPENSSL_sk_free, sk_new_null as OPENSSL_sk_new_null, sk_num as OPENSSL_sk_num, + sk_pop as OPENSSL_sk_pop, sk_push as OPENSSL_sk_push, sk_value as OPENSSL_sk_value, + _STACK as OPENSSL_STACK, +}; /// Trait implemented by types which can be placed in a stack. /// @@ -79,7 +70,7 @@ impl iter::IntoIterator for Stack { fn into_iter(self) -> IntoIter { let it = IntoIter { stack: self.0, - idxs: 0..self.len() as c_int, + idxs: 0..self.len(), }; mem::forget(self); it @@ -134,7 +125,7 @@ impl DerefMut for Stack { pub struct IntoIter { stack: *mut T::StackType, - idxs: Range, + idxs: Range, } impl Drop for IntoIter { @@ -201,13 +192,13 @@ impl StackRef { pub fn iter(&self) -> Iter { Iter { stack: self, - idxs: 0..self.len() as c_int, + idxs: 0..self.len(), } } pub fn iter_mut(&mut self) -> IterMut { IterMut { - idxs: 0..self.len() as c_int, + idxs: 0..self.len(), stack: self, } } @@ -239,7 +230,7 @@ impl StackRef { /// Pushes a value onto the top of the stack. pub fn push(&mut self, data: T) -> Result<(), ErrorStack> { unsafe { - cvt(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _))?; + cvt_0(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _))?; mem::forget(data); Ok(()) } @@ -258,7 +249,7 @@ impl StackRef { } unsafe fn _get(&self, idx: usize) -> *mut T::CType { - OPENSSL_sk_value(self.as_stack(), idx as c_int) as *mut _ + OPENSSL_sk_value(self.as_stack(), idx) as *mut _ } } @@ -318,7 +309,7 @@ where T: 'a, { stack: &'a StackRef, - idxs: Range, + idxs: Range, } impl<'a, T: Stackable> Iterator for Iter<'a, T> { @@ -352,7 +343,7 @@ impl<'a, T: Stackable> ExactSizeIterator for Iter<'a, T> {} /// A mutable iterator over the stack's contents. pub struct IterMut<'a, T: Stackable + 'a> { stack: &'a mut StackRef, - idxs: Range, + idxs: Range, } impl<'a, T: Stackable> Iterator for IterMut<'a, T> { diff --git a/openssl/src/string.rs b/openssl/src/string.rs index 9796500a..8feac041 100644 --- a/openssl/src/string.rs +++ b/openssl/src/string.rs @@ -87,9 +87,5 @@ unsafe fn free(buf: *mut c_char) { #[cfg(ossl110)] unsafe fn free(buf: *mut c_char) { - ::ffi::CRYPTO_free( - buf as *mut c_void, - concat!(file!(), "\0").as_ptr() as *const c_char, - line!() as ::libc::c_int, - ); + ::ffi::OPENSSL_free(buf as *mut c_void); } diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index 45c5dd9b..08604849 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -53,7 +53,7 @@ //! ``` use ffi; -use libc::c_int; +use libc::{c_int, c_uint}; use std::cmp; use std::ptr; @@ -98,44 +98,18 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_128_cbc()) } } - pub fn aes_128_xts() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_xts()) } - } - pub fn aes_128_ctr() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_ctr()) } } - pub fn aes_128_cfb1() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_cfb1()) } - } - - pub fn aes_128_cfb128() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_cfb128()) } - } - - pub fn aes_128_cfb8() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_cfb8()) } - } - pub fn aes_128_gcm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_gcm()) } } - pub fn aes_128_ccm() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_ccm()) } - } - pub fn aes_128_ofb() -> Cipher { unsafe { Cipher(ffi::EVP_aes_128_ofb()) } } - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(ossl110)] - pub fn aes_128_ocb() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_128_ocb()) } - } - pub fn aes_192_ecb() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_ecb()) } } @@ -148,36 +122,14 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_192_ctr()) } } - pub fn aes_192_cfb1() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_192_cfb1()) } - } - - pub fn aes_192_cfb128() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_192_cfb128()) } - } - - pub fn aes_192_cfb8() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_192_cfb8()) } - } - pub fn aes_192_gcm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_gcm()) } } - pub fn aes_192_ccm() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_192_ccm()) } - } - pub fn aes_192_ofb() -> Cipher { unsafe { Cipher(ffi::EVP_aes_192_ofb()) } } - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(ossl110)] - pub fn aes_192_ocb() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_192_ocb()) } - } - pub fn aes_256_ecb() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_ecb()) } } @@ -186,60 +138,18 @@ impl Cipher { unsafe { Cipher(ffi::EVP_aes_256_cbc()) } } - pub fn aes_256_xts() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_xts()) } - } - pub fn aes_256_ctr() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_ctr()) } } - pub fn aes_256_cfb1() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_cfb1()) } - } - - pub fn aes_256_cfb128() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_cfb128()) } - } - - pub fn aes_256_cfb8() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_cfb8()) } - } - pub fn aes_256_gcm() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_gcm()) } } - pub fn aes_256_ccm() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_ccm()) } - } - pub fn aes_256_ofb() -> Cipher { unsafe { Cipher(ffi::EVP_aes_256_ofb()) } } - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(ossl110)] - pub fn aes_256_ocb() -> Cipher { - unsafe { Cipher(ffi::EVP_aes_256_ocb()) } - } - - pub fn bf_cbc() -> Cipher { - unsafe { Cipher(ffi::EVP_bf_cbc()) } - } - - pub fn bf_ecb() -> Cipher { - unsafe { Cipher(ffi::EVP_bf_ecb()) } - } - - pub fn bf_cfb64() -> Cipher { - unsafe { Cipher(ffi::EVP_bf_cfb64()) } - } - - pub fn bf_ofb() -> Cipher { - unsafe { Cipher(ffi::EVP_bf_ofb()) } - } - pub fn des_cbc() -> Cipher { unsafe { Cipher(ffi::EVP_des_cbc()) } } @@ -256,26 +166,10 @@ impl Cipher { unsafe { Cipher(ffi::EVP_des_ede3_cbc()) } } - pub fn des_ede3_cfb64() -> Cipher { - unsafe { Cipher(ffi::EVP_des_ede3_cfb64()) } - } - pub fn rc4() -> Cipher { unsafe { Cipher(ffi::EVP_rc4()) } } - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(any(ossl110))] - pub fn chacha20() -> Cipher { - unsafe { Cipher(ffi::EVP_chacha20()) } - } - - /// Requires OpenSSL 1.1.0 or newer. - #[cfg(any(ossl110))] - pub fn chacha20_poly1305() -> Cipher { - unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } - } - /// Creates a `Cipher` from a raw pointer to its OpenSSL type. /// /// # Safety @@ -320,20 +214,6 @@ impl Cipher { unsafe { EVP_CIPHER_block_size(self.0) as usize } } - /// Determines whether the cipher is using CCM mode - fn is_ccm(self) -> bool { - // NOTE: OpenSSL returns pointers to static structs, which makes this work as expected - self == Cipher::aes_128_ccm() || self == Cipher::aes_256_ccm() - } - - /// Determines whether the cipher is using OCB mode - #[cfg(ossl110)] - fn is_ocb(self) -> bool { - self == Cipher::aes_128_ocb() - || self == Cipher::aes_192_ocb() - || self == Cipher::aes_256_ocb() - } - #[cfg(not(ossl110))] const fn is_ocb(self) -> bool { false @@ -451,7 +331,7 @@ impl Crypter { assert!(key.len() <= c_int::max_value() as usize); cvt(ffi::EVP_CIPHER_CTX_set_key_length( crypter.ctx, - key.len() as c_int, + key.len() as c_uint, ))?; let key = key.as_ptr() as *mut _; @@ -624,7 +504,7 @@ impl Crypter { } let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int; - cvt(ffi::EVP_CipherFinal( + cvt(ffi::EVP_CipherFinal_ex( self.ctx, output.as_mut_ptr(), &mut outl, @@ -776,14 +656,6 @@ pub fn encrypt_aead( let mut c = Crypter::new(t, Mode::Encrypt, key, iv)?; let mut out = vec![0; data.len() + t.block_size()]; - let is_ccm = t.is_ccm(); - if is_ccm || t.is_ocb() { - c.set_tag_len(tag.len())?; - if is_ccm { - c.set_data_len(data.len())?; - } - } - c.aad_update(aad)?; let count = c.update(data, &mut out)?; let rest = c.finalize(&mut out[count..])?; @@ -807,23 +679,11 @@ pub fn decrypt_aead( let mut c = Crypter::new(t, Mode::Decrypt, key, iv)?; let mut out = vec![0; data.len() + t.block_size()]; - let is_ccm = t.is_ccm(); - if is_ccm || t.is_ocb() { - c.set_tag(tag)?; - if is_ccm { - c.set_data_len(data.len())?; - } - } - c.aad_update(aad)?; let count = c.update(data, &mut out)?; - let rest = if t.is_ccm() { - 0 - } else { - c.set_tag(tag)?; - c.finalize(&mut out[count..])? - }; + c.set_tag(tag)?; + let rest = c.finalize(&mut out[count..])?; out.truncate(count + rest); Ok(out) diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 775aac69..103d7694 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -639,7 +639,8 @@ impl X509 { /// [`d2i_X509`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509.html from_der, X509, - ffi::d2i_X509 + ffi::d2i_X509, + ::libc::c_long } /// Deserializes a list of PEM-formatted certificates. @@ -1142,7 +1143,8 @@ impl X509Req { /// [`d2i_X509_REQ`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_X509_REQ.html from_der, X509Req, - ffi::d2i_X509_REQ + ffi::d2i_X509_REQ, + ::libc::c_long } } @@ -1512,14 +1514,7 @@ cfg_if! { } } -cfg_if! { - if #[cfg(ossl110)] { - use ffi::X509_OBJECT_free; - } else { - #[allow(bad_style)] - unsafe fn X509_OBJECT_free(x: *mut ffi::X509_OBJECT) { - ffi::X509_OBJECT_free_contents(x); - ffi::CRYPTO_free(x as *mut libc::c_void); - } - } +unsafe fn X509_OBJECT_free(x: *mut ffi::X509_OBJECT) { + ffi::X509_OBJECT_free_contents(x); + ffi::OPENSSL_free(x as *mut libc::c_void); } diff --git a/systest/Cargo.toml b/systest/Cargo.toml new file mode 100644 index 00000000..1b05c80e --- /dev/null +++ b/systest/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "systest" +version = "0.1.0" +authors = ["Alex Crichton "] + +[dependencies] +libc = "0.2" +openssl-sys = { path = "../openssl-sys" } + +[build-dependencies] +ctest = "0.2" diff --git a/systest/build.rs b/systest/build.rs new file mode 100644 index 00000000..7b3eb726 --- /dev/null +++ b/systest/build.rs @@ -0,0 +1,127 @@ +extern crate ctest; + +use std::env; + +fn main() { + let mut cfg = ctest::TestGenerator::new(); + let target = env::var("TARGET").unwrap(); + + cfg.include("../openssl-sys/deps/boringssl/src/include"); + + // Needed to get OpenSSL to correctly undef symbols that are already on + // Windows like X509_NAME + if target.contains("windows") { + cfg.header("windows.h"); + + // weird "different 'const' qualifiers" error on Windows, maybe a cl.exe + // thing? + if target.contains("msvc") { + cfg.flag("/wd4090"); + } + + // https://github.com/sfackler/rust-openssl/issues/889 + cfg.define("WIN32_LEAN_AND_MEAN", None); + } + + let mut cfgs = vec![]; + + cfgs.push("ossl101"); + cfgs.push("ossl102"); + cfgs.push("ossl102f"); + cfgs.push("ossl102h"); + cfgs.push("ossl110"); + cfgs.push("ossl110f"); + cfgs.push("ossl110g"); + + for c in cfgs { + cfg.cfg(c, None); + } + + cfg.header("openssl/dh.h") + .header("openssl/ossl_typ.h") + .header("openssl/stack.h") + .header("openssl/x509.h") + .header("openssl/bio.h") + .header("openssl/x509v3.h") + .header("openssl/safestack.h") + .header("openssl/hmac.h") + .header("openssl/ssl.h") + .header("openssl/err.h") + .header("openssl/rand.h") + .header("openssl/pkcs12.h") + .header("openssl/bn.h") + .header("openssl/aes.h") + .header("openssl/evp.h") + .header("openssl/x509_vfy.h"); + + #[allow(clippy::if_same_then_else)] + cfg.type_name(|s, is_struct, _is_union| { + // Add some `*` on some callback parameters to get function pointer to + // typecheck in C, especially on MSVC. + if s == "PasswordCallback" { + "pem_password_cb*".to_string() + } else if s == "bio_info_cb" { + "bio_info_cb*".to_string() + } else if s == "_STACK" { + "struct stack_st".to_string() + // This logic should really be cleaned up + } else if is_struct + && s != "point_conversion_form_t" + && s.chars().next().unwrap().is_lowercase() + { + format!("struct {}", s) + } else if s.starts_with("stack_st_") { + format!("struct {}", s) + } else { + s.to_string() + } + }); + cfg.skip_type(|s| { + // function pointers are declared without a `*` in openssl so their + // sizeof is 1 which isn't what we want. + s == "PasswordCallback" + || s == "pem_password_cb" + || s == "bio_info_cb" + || s.starts_with("CRYPTO_EX_") + }); + cfg.skip_struct(|s| { + s == "ProbeResult" || s == "X509_OBJECT_data" // inline union + }); + cfg.skip_fn(move |s| { + s == "CRYPTO_memcmp" || // uses volatile + + // Skip some functions with function pointers on windows, not entirely + // sure how to get them to work out... + (target.contains("windows") && { + s.starts_with("PEM_read_bio_") || + (s.starts_with("PEM_write_bio_") && s.ends_with("PrivateKey")) || + s == "d2i_PKCS8PrivateKey_bio" || + s == "SSL_get_ex_new_index" || + s == "SSL_CTX_get_ex_new_index" || + s == "CRYPTO_get_ex_new_index" + }) + }); + cfg.skip_field_type(|s, field| { + (s == "EVP_PKEY" && field == "pkey") || // union + (s == "GENERAL_NAME" && field == "d") || // union + (s == "X509_OBJECT" && field == "data") // union + }); + cfg.skip_signededness(|s| { + s.ends_with("_cb") + || s.ends_with("_CB") + || s.ends_with("_cb_fn") + || s.starts_with("CRYPTO_") + || s == "PasswordCallback" + || s.ends_with("_cb_func") + || s.ends_with("_cb_ex") + }); + cfg.field_name(|_s, field| { + if field == "type_" { + "type".to_string() + } else { + field.to_string() + } + }); + cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string()); + cfg.generate("../openssl-sys/src/lib.rs", "all.rs"); +} diff --git a/systest/src/main.rs b/systest/src/main.rs new file mode 100644 index 00000000..3e5888c8 --- /dev/null +++ b/systest/src/main.rs @@ -0,0 +1,9 @@ +#![allow(bad_style, clippy::all)] + +extern crate libc; +extern crate openssl_sys; + +use libc::*; +use openssl_sys::*; + +include!(concat!(env!("OUT_DIR"), "/all.rs"));