min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove decrepit and unavaliable API and fix signatures

This commit is contained in:
Ivan Nikulin 2020-11-10 00:18:28 +00:00
parent df0b31b651
commit a6f5beeb33
63 changed files with 719 additions and 3292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@ -2,4 +2,5 @@
members = [ members = [
"openssl", "openssl",
"openssl-sys", "openssl-sys",
"systest"
] ]

23
openssl-sys/src/aes.rs
View File

@ -10,35 +10,26 @@ pub const AES_BLOCK_SIZE: c_int = 16;
pub struct AES_KEY { pub struct AES_KEY {
// There is some business with AES_LONG which is there to ensure the values here are 32 bits // There is some business with AES_LONG which is there to ensure the values here are 32 bits
rd_key: [u32; 4 * (AES_MAXNR as usize + 1)], rd_key: [u32; 4 * (AES_MAXNR as usize + 1)],
rounds: c_int, rounds: c_uint,
} }
extern "C" { extern "C" {
pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_uint, key: *mut AES_KEY) -> c_int;
pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_uint, key: *mut AES_KEY) -> c_int;
pub fn AES_ige_encrypt(
in_: *const c_uchar,
out: *mut c_uchar,
length: size_t,
key: *const AES_KEY,
ivec: *mut c_uchar,
enc: c_int,
);
pub fn AES_wrap_key( pub fn AES_wrap_key(
key: *mut AES_KEY, key: *const AES_KEY,
iv: *const c_uchar, iv: *const c_uchar,
out: *mut c_uchar, out: *mut c_uchar,
in_: *const c_uchar, in_: *const c_uchar,
inlen: c_uint, inlen: size_t,
) -> c_int; ) -> c_int;
pub fn AES_unwrap_key( pub fn AES_unwrap_key(
key: *mut AES_KEY, key: *const AES_KEY,
iv: *const c_uchar, iv: *const c_uchar,
out: *mut c_uchar, out: *mut c_uchar,
in_: *const c_uchar, in_: *const c_uchar,
inlen: c_uint, inlen: size_t,
) -> c_int; ) -> c_int;
} }

10
openssl-sys/src/asn1.rs
View File

@ -61,14 +61,6 @@ extern "C" {
pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int; pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(any(ossl110, libressl280))] {
extern "C" {
pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ASN1_STRING) -> c_int;
}
} else {
extern "C" {
pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int; pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int;
}
}
} }

32
openssl-sys/src/bn.rs
View File

@ -15,10 +15,10 @@ extern "C" {
pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int;
pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int;
pub fn BN_new() -> *mut BIGNUM; pub fn BN_new() -> *mut BIGNUM;
pub fn BN_num_bits(bn: *const BIGNUM) -> c_int; pub fn BN_num_bits(bn: *const BIGNUM) -> c_uint;
pub fn BN_clear_free(bn: *mut BIGNUM); pub fn BN_clear_free(bn: *mut BIGNUM);
pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM; pub fn BN_bin2bn(s: *const u8, size: size_t, ret: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int; pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> size_t;
pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int;
pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int;
pub fn BN_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
@ -132,29 +132,3 @@ extern "C" {
cb: *mut BN_GENCB, cb: *mut BN_GENCB,
) -> c_int; ) -> c_int;
} }
cfg_if! {
if #[cfg(ossl110)] {
extern "C" {
pub fn BN_get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM;
}
} else {
extern "C" {
pub fn get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM;
pub fn get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM;
}
}
}

95
openssl-sys/src/cms.rs
View File

@ -1,95 +0,0 @@
use libc::*;
use *;
pub enum CMS_ContentInfo {}
extern "C" {
#[cfg(ossl101)]
pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo);
#[cfg(ossl101)]
pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int;
#[cfg(ossl101)]
pub fn d2i_CMS_ContentInfo(
a: *mut *mut ::CMS_ContentInfo,
pp: *mut *const c_uchar,
length: c_long,
) -> *mut ::CMS_ContentInfo;
}
#[cfg(ossl101)]
pub const CMS_TEXT: c_uint = 0x1;
#[cfg(ossl101)]
pub const CMS_NOCERTS: c_uint = 0x2;
#[cfg(ossl101)]
pub const CMS_NO_CONTENT_VERIFY: c_uint = 0x4;
#[cfg(ossl101)]
pub const CMS_NO_ATTR_VERIFY: c_uint = 0x8;
#[cfg(ossl101)]
pub const CMS_NOSIGS: c_uint = 0x4 | 0x8;
#[cfg(ossl101)]
pub const CMS_NOINTERN: c_uint = 0x10;
#[cfg(ossl101)]
pub const CMS_NO_SIGNER_CERT_VERIFY: c_uint = 0x20;
#[cfg(ossl101)]
pub const CMS_NOVERIFY: c_uint = 0x20;
#[cfg(ossl101)]
pub const CMS_DETACHED: c_uint = 0x40;
#[cfg(ossl101)]
pub const CMS_BINARY: c_uint = 0x80;
#[cfg(ossl101)]
pub const CMS_NOATTR: c_uint = 0x100;
#[cfg(ossl101)]
pub const CMS_NOSMIMECAP: c_uint = 0x200;
#[cfg(ossl101)]
pub const CMS_NOOLDMIMETYPE: c_uint = 0x400;
#[cfg(ossl101)]
pub const CMS_CRLFEOL: c_uint = 0x800;
#[cfg(ossl101)]
pub const CMS_STREAM: c_uint = 0x1000;
#[cfg(ossl101)]
pub const CMS_NOCRL: c_uint = 0x2000;
#[cfg(ossl101)]
pub const CMS_PARTIAL: c_uint = 0x4000;
#[cfg(ossl101)]
pub const CMS_REUSE_DIGEST: c_uint = 0x8000;
#[cfg(ossl101)]
pub const CMS_USE_KEYID: c_uint = 0x10000;
#[cfg(ossl101)]
pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000;
#[cfg(ossl102)]
pub const CMS_KEY_PARAM: c_uint = 0x40000;
#[cfg(ossl110)]
pub const CMS_ASCIICRLF: c_uint = 0x80000;
extern "C" {
#[cfg(ossl101)]
pub fn SMIME_read_CMS(bio: *mut ::BIO, bcont: *mut *mut ::BIO) -> *mut ::CMS_ContentInfo;
#[cfg(ossl101)]
pub fn CMS_sign(
signcert: *mut ::X509,
pkey: *mut ::EVP_PKEY,
certs: *mut ::stack_st_X509,
data: *mut ::BIO,
flags: c_uint,
) -> *mut ::CMS_ContentInfo;
#[cfg(ossl101)]
pub fn CMS_encrypt(
certs: *mut stack_st_X509,
data: *mut ::BIO,
cipher: *const EVP_CIPHER,
flags: c_uint,
) -> *mut ::CMS_ContentInfo;
#[cfg(ossl101)]
pub fn CMS_decrypt(
cms: *mut ::CMS_ContentInfo,
pkey: *mut ::EVP_PKEY,
cert: *mut ::X509,
dcont: *mut ::BIO,
out: *mut ::BIO,
flags: c_uint,
) -> c_int;
}

3
openssl-sys/src/conf.rs
View File

@ -1,7 +1,6 @@
use *; use *;
extern "C" { extern "C" {
pub fn NCONF_new(meth: *mut CONF_METHOD) -> *mut CONF; pub fn NCONF_new(meth: *mut c_void) -> *mut CONF;
pub fn NCONF_default() -> *mut CONF_METHOD;
pub fn NCONF_free(conf: *mut CONF); pub fn NCONF_free(conf: *mut CONF);
} }

35
openssl-sys/src/crypto.rs
View File

@ -13,15 +13,6 @@ pub const CRYPTO_LOCK_SSL_SESSION: c_int = 14;
stack!(stack_st_void); stack!(stack_st_void);
cfg_if! {
if #[cfg(ossl110)] {
pub const CRYPTO_EX_INDEX_SSL: c_int = 0;
pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1;
} else if #[cfg(libressl)] {
pub const CRYPTO_EX_INDEX_SSL: c_int = 1;
pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 2;
}
}
cfg_if! { cfg_if! {
if #[cfg(any(ossl110, libressl271))] { if #[cfg(any(ossl110, libressl271))] {
extern "C" { extern "C" {
@ -71,17 +62,6 @@ pub type CRYPTO_EX_free = unsafe extern "C" fn(
argl: c_long, argl: c_long,
argp: *mut c_void, argp: *mut c_void,
); );
extern "C" {
#[cfg(any(ossl110, libressl))]
pub fn CRYPTO_get_ex_new_index(
class_index: c_int,
argl: c_long,
argp: *mut c_void,
new_func: Option<CRYPTO_EX_new>,
dup_func: Option<CRYPTO_EX_dup>,
free_func: Option<CRYPTO_EX_free>,
) -> c_int;
}
pub const CRYPTO_LOCK: c_int = 1; pub const CRYPTO_LOCK: c_int = 1;
@ -106,18 +86,9 @@ extern "C" {
) -> c_int; ) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(ossl110)] { pub fn OPENSSL_malloc(num: size_t) -> *mut c_void;
extern "C" { pub fn OPENSSL_free(buf: *mut c_void);
pub fn CRYPTO_malloc(num: size_t, file: *const c_char, line: c_int) -> *mut c_void;
pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int);
}
} else {
extern "C" {
pub fn CRYPTO_malloc(num: c_int, file: *const c_char, line: c_int) -> *mut c_void;
pub fn CRYPTO_free(buf: *mut c_void);
}
}
} }
extern "C" { extern "C" {

7
openssl-sys/src/dh.rs
View File

@ -7,13 +7,6 @@ extern "C" {
pub fn d2i_DHparams(k: *mut *mut DH, pp: *mut *const c_uchar, length: c_long) -> *mut DH; pub fn d2i_DHparams(k: *mut *mut DH, pp: *mut *const c_uchar, length: c_long) -> *mut DH;
pub fn i2d_DHparams(dh: *const DH, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_DHparams(dh: *const DH, pp: *mut *mut c_uchar) -> c_int;
#[cfg(ossl102)]
pub fn DH_get_1024_160() -> *mut DH;
#[cfg(ossl102)]
pub fn DH_get_2048_224() -> *mut DH;
#[cfg(ossl102)]
pub fn DH_get_2048_256() -> *mut DH;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn DH_set0_pqg(dh: *mut DH, p: *mut BIGNUM, q: *mut BIGNUM, g: *mut BIGNUM) -> c_int; pub fn DH_set0_pqg(dh: *mut DH, p: *mut BIGNUM, q: *mut BIGNUM, g: *mut BIGNUM) -> c_int;
} }

16
openssl-sys/src/dsa.rs
View File

@ -10,29 +10,31 @@ extern "C" {
pub fn DSA_sign( pub fn DSA_sign(
dummy: c_int, dummy: c_int,
dgst: *const c_uchar, dgst: *const c_uchar,
len: c_int, len: size_t,
sigret: *mut c_uchar, sigret: *mut c_uchar,
siglen: *mut c_uint, siglen: *mut c_uint,
dsa: *mut DSA, dsa: *const DSA,
) -> c_int; ) -> c_int;
pub fn DSA_verify( pub fn DSA_verify(
dummy: c_int, dummy: c_int,
dgst: *const c_uchar, dgst: *const c_uchar,
len: c_int, len: size_t,
sigbuf: *const c_uchar, sigbuf: *const c_uchar,
siglen: c_int, siglen: size_t,
dsa: *mut DSA, dsa: *const DSA,
) -> c_int; ) -> c_int;
pub fn d2i_DSAPublicKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; pub fn d2i_DSAPublicKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA;
pub fn d2i_DSAPrivateKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) pub fn d2i_DSAPrivateKey(a: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long)
-> *mut DSA; -> *mut DSA;
// int (struct dsa_st *, unsigned int, const unsigned char *, unsigned long, int *, unsigned long *, struct bn_gencb_st *)
// int (struct dsa_st *, int, const unsigned char *, int, int *, unsigned long *, struct bn_gencb_st *)
pub fn DSA_generate_parameters_ex( pub fn DSA_generate_parameters_ex(
dsa: *mut DSA, dsa: *mut DSA,
bits: c_int, bits: c_uint,
seed: *const c_uchar, seed: *const c_uchar,
seed_len: c_int, seed_len: size_t,
counter_ref: *mut c_int, counter_ref: *mut c_int,
h_ret: *mut c_ulong, h_ret: *mut c_ulong,
cb: *mut BN_GENCB, cb: *mut BN_GENCB,

3
openssl-sys/src/dtls1.rs
View File

@ -1,3 +0,0 @@
use libc::*;
pub const DTLS1_COOKIE_LENGTH: c_uint = 256;

45
openssl-sys/src/ec.rs
View File

@ -17,11 +17,6 @@ pub enum EC_POINT {}
pub const OPENSSL_EC_NAMED_CURVE: c_int = 1; pub const OPENSSL_EC_NAMED_CURVE: c_int = 1;
extern "C" { extern "C" {
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn EC_GF2m_simple_method() -> *const EC_METHOD;
pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP;
pub fn EC_GROUP_free(group: *mut EC_GROUP); pub fn EC_GROUP_free(group: *mut EC_GROUP);
pub fn EC_GROUP_get_order( pub fn EC_GROUP_get_order(
@ -50,16 +45,7 @@ extern "C" {
ctx: *mut BN_CTX, ctx: *mut BN_CTX,
) -> c_int; ) -> c_int;
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_uint;
pub fn EC_GROUP_get_curve_GF2m(
group: *const EC_GROUP,
p: *mut BIGNUM,
a: *mut BIGNUM,
b: *mut BIGNUM,
ctx: *mut BN_CTX,
) -> c_int;
pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_int;
#[cfg(ossl110)] #[cfg(ossl110)]
pub fn EC_GROUP_order_bits(group: *const EC_GROUP) -> c_int; pub fn EC_GROUP_order_bits(group: *const EC_GROUP) -> c_int;
@ -71,14 +57,6 @@ extern "C" {
ctx: *mut BN_CTX, ctx: *mut BN_CTX,
) -> *mut EC_GROUP; ) -> *mut EC_GROUP;
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn EC_GROUP_new_curve_GF2m(
p: *const BIGNUM,
a: *const BIGNUM,
b: *const BIGNUM,
ctx: *mut BN_CTX,
) -> *mut EC_GROUP;
pub fn EC_GROUP_new_by_curve_name(nid: c_int) -> *mut EC_GROUP; pub fn EC_GROUP_new_by_curve_name(nid: c_int) -> *mut EC_GROUP;
pub fn EC_POINT_new(group: *const EC_GROUP) -> *mut EC_POINT; pub fn EC_POINT_new(group: *const EC_GROUP) -> *mut EC_POINT;
@ -95,15 +73,6 @@ extern "C" {
ctx: *mut BN_CTX, ctx: *mut BN_CTX,
) -> c_int; ) -> c_int;
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn EC_POINT_get_affine_coordinates_GF2m(
group: *const EC_GROUP,
p: *const EC_POINT,
x: *mut BIGNUM,
y: *mut BIGNUM,
ctx: *mut BN_CTX,
) -> c_int;
pub fn EC_POINT_point2oct( pub fn EC_POINT_point2oct(
group: *const EC_GROUP, group: *const EC_GROUP,
p: *const EC_POINT, p: *const EC_POINT,
@ -175,8 +144,8 @@ extern "C" {
pub fn EC_KEY_set_public_key_affine_coordinates( pub fn EC_KEY_set_public_key_affine_coordinates(
key: *mut EC_KEY, key: *mut EC_KEY,
x: *mut BIGNUM, x: *const BIGNUM,
y: *mut BIGNUM, y: *const BIGNUM,
) -> c_int; ) -> c_int;
} }
@ -205,15 +174,15 @@ extern "C" {
pub fn ECDSA_do_sign( pub fn ECDSA_do_sign(
dgst: *const c_uchar, dgst: *const c_uchar,
dgst_len: c_int, dgst_len: size_t,
eckey: *mut EC_KEY, eckey: *const EC_KEY,
) -> *mut ECDSA_SIG; ) -> *mut ECDSA_SIG;
pub fn ECDSA_do_verify( pub fn ECDSA_do_verify(
dgst: *const c_uchar, dgst: *const c_uchar,
dgst_len: c_int, dgst_len: size_t,
sig: *const ECDSA_SIG, sig: *const ECDSA_SIG,
eckey: *mut EC_KEY, eckey: *const EC_KEY,
) -> c_int; ) -> c_int;
pub fn d2i_ECDSA_SIG( pub fn d2i_ECDSA_SIG(

35
openssl-sys/src/err.rs
View File

@ -1,7 +1,6 @@
use libc::*; use libc::*;
pub const ERR_TXT_MALLOCED: c_int = 0x01; pub const ERR_FLAG_STRING: c_int = 0x01;
pub const ERR_TXT_STRING: c_int = 0x02;
pub const ERR_LIB_PEM: c_int = 9; pub const ERR_LIB_PEM: c_int = 9;
@ -12,45 +11,35 @@ const_fn! {
(r as c_ulong & 0xFFF) (r as c_ulong & 0xFFF)
} }
pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { pub const fn ERR_GET_LIB(l: c_uint) -> c_int {
((l >> 24) & 0x0FF) as c_int ((l >> 24) & 0x0FF) as c_int
} }
pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { pub const fn ERR_GET_FUNC(l: c_uint) -> c_int {
((l >> 12) & 0xFFF) as c_int ((l >> 12) & 0xFFF) as c_int
} }
pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { pub const fn ERR_GET_REASON(l: c_uint) -> c_int {
(l & 0xFFF) as c_int (l & 0xFFF) as c_int
} }
} }
#[repr(C)]
pub struct ERR_STRING_DATA {
pub error: c_ulong,
pub string: *const c_char,
}
extern "C" { extern "C" {
pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_uint);
pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); pub fn ERR_add_error_data(count: c_uint, ...);
pub fn ERR_get_error() -> c_ulong; pub fn ERR_get_error() -> c_uint;
pub fn ERR_get_error_line_data( pub fn ERR_get_error_line_data(
file: *mut *const c_char, file: *mut *const c_char,
line: *mut c_int, line: *mut c_int,
data: *mut *const c_char, data: *mut *const c_char,
flags: *mut c_int, flags: *mut c_int,
) -> c_ulong; ) -> c_uint;
pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_peek_last_error() -> c_uint;
pub fn ERR_clear_error(); pub fn ERR_clear_error();
pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char; pub fn ERR_lib_error_string(err: c_uint) -> *const c_char;
pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; pub fn ERR_func_error_string(err: c_uint) -> *const c_char;
pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; pub fn ERR_reason_error_string(err: c_uint) -> *const c_char;
#[cfg(ossl110)]
pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA) -> c_int;
#[cfg(not(ossl110))]
pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA);
#[cfg(not(ossl110))] #[cfg(not(ossl110))]
pub fn ERR_load_crypto_strings(); pub fn ERR_load_crypto_strings();

162
openssl-sys/src/evp.rs
View File

@ -3,9 +3,6 @@ use *;
pub const EVP_MAX_MD_SIZE: c_uint = 64; pub const EVP_MAX_MD_SIZE: c_uint = 64;
pub const PKCS5_SALT_LEN: c_int = 8;
pub const PKCS12_DEFAULT_ITER: c_int = 2048;
pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption; pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption;
pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DSA: c_int = NID_dsa;
pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement;
@ -18,8 +15,6 @@ pub const EVP_PKEY_ED25519: c_int = NID_ED25519;
pub const EVP_PKEY_X448: c_int = NID_X448; pub const EVP_PKEY_X448: c_int = NID_X448;
#[cfg(ossl111)] #[cfg(ossl111)]
pub const EVP_PKEY_ED448: c_int = NID_ED448; pub const EVP_PKEY_ED448: c_int = NID_ED448;
pub const EVP_PKEY_HMAC: c_int = NID_hmac;
pub const EVP_PKEY_CMAC: c_int = NID_cmac;
pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9;
pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10;
@ -30,12 +25,12 @@ pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD {
} }
extern "C" { extern "C" {
pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; pub fn EVP_MD_size(md: *const EVP_MD) -> size_t;
pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; pub fn EVP_MD_type(md: *const EVP_MD) -> c_int;
pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_uint;
pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_uint;
pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_uint;
} }
cfg_if! { cfg_if! {
@ -67,8 +62,8 @@ extern "C" {
md: *const EVP_MD, md: *const EVP_MD,
salt: *const u8, salt: *const u8,
data: *const u8, data: *const u8,
datalen: c_int, datalen: size_t,
count: c_int, count: c_uint,
key: *mut u8, key: *mut u8,
iv: *mut u8, iv: *mut u8,
) -> c_int; ) -> c_int;
@ -95,7 +90,7 @@ extern "C" {
inbuf: *const u8, inbuf: *const u8,
inlen: c_int, inlen: c_int,
) -> c_int; ) -> c_int;
pub fn EVP_CipherFinal(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int; pub fn EVP_CipherFinal_ex(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int;
pub fn EVP_DigestSignInit( pub fn EVP_DigestSignInit(
ctx: *mut EVP_MD_CTX, ctx: *mut EVP_MD_CTX,
@ -116,16 +111,6 @@ extern "C" {
e: *mut ENGINE, e: *mut ENGINE,
pkey: *mut EVP_PKEY, pkey: *mut EVP_PKEY,
) -> c_int; ) -> c_int;
pub fn EVP_SealInit(
ctx: *mut EVP_CIPHER_CTX,
type_: *const EVP_CIPHER,
ek: *mut *mut c_uchar,
ekl: *mut c_int,
iv: *mut c_uchar,
pubk: *mut *mut EVP_PKEY,
npubk: c_int,
) -> c_int;
pub fn EVP_SealFinal(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int) -> c_int;
pub fn EVP_EncryptInit_ex( pub fn EVP_EncryptInit_ex(
ctx: *mut EVP_CIPHER_CTX, ctx: *mut EVP_CIPHER_CTX,
cipher: *const EVP_CIPHER, cipher: *const EVP_CIPHER,
@ -145,15 +130,6 @@ extern "C" {
out: *mut c_uchar, out: *mut c_uchar,
outl: *mut c_int, outl: *mut c_int,
) -> c_int; ) -> c_int;
pub fn EVP_OpenInit(
ctx: *mut EVP_CIPHER_CTX,
type_: *const EVP_CIPHER,
ek: *const c_uchar,
ekl: c_int,
iv: *const c_uchar,
priv_: *mut EVP_PKEY,
) -> c_int;
pub fn EVP_OpenFinal(ctx: *mut EVP_CIPHER_CTX, out: *mut c_uchar, outl: *mut c_int) -> c_int;
pub fn EVP_DecryptInit_ex( pub fn EVP_DecryptInit_ex(
ctx: *mut EVP_CIPHER_CTX, ctx: *mut EVP_CIPHER_CTX,
cipher: *const EVP_CIPHER, cipher: *const EVP_CIPHER,
@ -174,17 +150,11 @@ extern "C" {
outl: *mut c_int, outl: *mut c_int,
) -> c_int; ) -> c_int;
} }
cfg_if! {
if #[cfg(any(ossl111b, libressl280))] { extern "C" {
extern "C" {
pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int; pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int;
}
} else {
extern "C" {
pub fn EVP_PKEY_size(pkey: *mut EVP_PKEY) -> c_int;
}
}
} }
cfg_if! { cfg_if! {
if #[cfg(ossl111)] { if #[cfg(ossl111)] {
extern "C" { extern "C" {
@ -230,7 +200,7 @@ extern "C" {
pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX; pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX;
pub fn EVP_CIPHER_CTX_free(ctx: *mut EVP_CIPHER_CTX); pub fn EVP_CIPHER_CTX_free(ctx: *mut EVP_CIPHER_CTX);
pub fn EVP_MD_CTX_copy_ex(dst: *mut EVP_MD_CTX, src: *const EVP_MD_CTX) -> c_int; pub fn EVP_MD_CTX_copy_ex(dst: *mut EVP_MD_CTX, src: *const EVP_MD_CTX) -> c_int;
pub fn EVP_CIPHER_CTX_set_key_length(ctx: *mut EVP_CIPHER_CTX, keylen: c_int) -> c_int; pub fn EVP_CIPHER_CTX_set_key_length(ctx: *mut EVP_CIPHER_CTX, keylen: c_uint) -> c_int;
pub fn EVP_CIPHER_CTX_set_padding(ctx: *mut EVP_CIPHER_CTX, padding: c_int) -> c_int; pub fn EVP_CIPHER_CTX_set_padding(ctx: *mut EVP_CIPHER_CTX, padding: c_int) -> c_int;
pub fn EVP_CIPHER_CTX_ctrl( pub fn EVP_CIPHER_CTX_ctrl(
ctx: *mut EVP_CIPHER_CTX, ctx: *mut EVP_CIPHER_CTX,
@ -239,7 +209,6 @@ extern "C" {
ptr: *mut c_void, ptr: *mut c_void,
) -> c_int; ) -> c_int;
pub fn EVP_md_null() -> *const EVP_MD;
pub fn EVP_md5() -> *const EVP_MD; pub fn EVP_md5() -> *const EVP_MD;
pub fn EVP_sha1() -> *const EVP_MD; pub fn EVP_sha1() -> *const EVP_MD;
pub fn EVP_sha224() -> *const EVP_MD; pub fn EVP_sha224() -> *const EVP_MD;
@ -258,56 +227,26 @@ extern "C" {
pub fn EVP_shake128() -> *const EVP_MD; pub fn EVP_shake128() -> *const EVP_MD;
#[cfg(ossl111)] #[cfg(ossl111)]
pub fn EVP_shake256() -> *const EVP_MD; pub fn EVP_shake256() -> *const EVP_MD;
pub fn EVP_ripemd160() -> *const EVP_MD;
pub fn EVP_des_ecb() -> *const EVP_CIPHER; pub fn EVP_des_ecb() -> *const EVP_CIPHER;
pub fn EVP_des_ede3() -> *const EVP_CIPHER; pub fn EVP_des_ede3() -> *const EVP_CIPHER;
pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER; pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER;
pub fn EVP_des_ede3_cfb64() -> *const EVP_CIPHER;
pub fn EVP_des_cbc() -> *const EVP_CIPHER; pub fn EVP_des_cbc() -> *const EVP_CIPHER;
pub fn EVP_rc4() -> *const EVP_CIPHER; pub fn EVP_rc4() -> *const EVP_CIPHER;
pub fn EVP_bf_ecb() -> *const EVP_CIPHER;
pub fn EVP_bf_cbc() -> *const EVP_CIPHER;
pub fn EVP_bf_cfb64() -> *const EVP_CIPHER;
pub fn EVP_bf_ofb() -> *const EVP_CIPHER;
pub fn EVP_aes_128_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_128_ecb() -> *const EVP_CIPHER;
pub fn EVP_aes_128_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_128_cbc() -> *const EVP_CIPHER;
pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER;
pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER;
pub fn EVP_aes_128_cfb128() -> *const EVP_CIPHER;
pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER;
pub fn EVP_aes_128_ccm() -> *const EVP_CIPHER;
pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER; pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER;
pub fn EVP_aes_128_xts() -> *const EVP_CIPHER;
pub fn EVP_aes_128_ofb() -> *const EVP_CIPHER; pub fn EVP_aes_128_ofb() -> *const EVP_CIPHER;
#[cfg(ossl110)]
pub fn EVP_aes_128_ocb() -> *const EVP_CIPHER;
pub fn EVP_aes_192_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_192_ecb() -> *const EVP_CIPHER;
pub fn EVP_aes_192_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_192_cbc() -> *const EVP_CIPHER;
pub fn EVP_aes_192_cfb1() -> *const EVP_CIPHER;
pub fn EVP_aes_192_cfb8() -> *const EVP_CIPHER;
pub fn EVP_aes_192_cfb128() -> *const EVP_CIPHER;
pub fn EVP_aes_192_ctr() -> *const EVP_CIPHER; pub fn EVP_aes_192_ctr() -> *const EVP_CIPHER;
pub fn EVP_aes_192_ccm() -> *const EVP_CIPHER;
pub fn EVP_aes_192_gcm() -> *const EVP_CIPHER; pub fn EVP_aes_192_gcm() -> *const EVP_CIPHER;
pub fn EVP_aes_192_ofb() -> *const EVP_CIPHER; pub fn EVP_aes_192_ofb() -> *const EVP_CIPHER;
#[cfg(ossl110)]
pub fn EVP_aes_192_ocb() -> *const EVP_CIPHER;
pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER; pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER;
pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER;
pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER;
pub fn EVP_aes_256_cfb8() -> *const EVP_CIPHER;
pub fn EVP_aes_256_cfb128() -> *const EVP_CIPHER;
pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER;
pub fn EVP_aes_256_ccm() -> *const EVP_CIPHER;
pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER; pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER;
pub fn EVP_aes_256_xts() -> *const EVP_CIPHER;
pub fn EVP_aes_256_ofb() -> *const EVP_CIPHER; pub fn EVP_aes_256_ofb() -> *const EVP_CIPHER;
#[cfg(ossl110)]
pub fn EVP_aes_256_ocb() -> *const EVP_CIPHER;
#[cfg(ossl110)]
pub fn EVP_chacha20() -> *const ::EVP_CIPHER;
#[cfg(ossl110)]
pub fn EVP_chacha20_poly1305() -> *const ::EVP_CIPHER;
#[cfg(not(ossl110))] #[cfg(not(ossl110))]
pub fn OPENSSL_add_all_algorithms_noconf(); pub fn OPENSSL_add_all_algorithms_noconf();
@ -332,10 +271,10 @@ extern "C" {
pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int; pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int;
pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int; pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int;
pub fn EVP_PKEY_get1_RSA(k: *mut EVP_PKEY) -> *mut RSA; pub fn EVP_PKEY_get1_RSA(k: *const EVP_PKEY) -> *mut RSA;
pub fn EVP_PKEY_get1_DSA(k: *mut EVP_PKEY) -> *mut DSA; pub fn EVP_PKEY_get1_DSA(k: *const EVP_PKEY) -> *mut DSA;
pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH; pub fn EVP_PKEY_get1_DH(k: *const EVP_PKEY) -> *mut DH;
pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY; pub fn EVP_PKEY_get1_EC_KEY(k: *const EVP_PKEY) -> *mut EC_KEY;
pub fn EVP_PKEY_new() -> *mut EVP_PKEY; pub fn EVP_PKEY_new() -> *mut EVP_PKEY;
pub fn EVP_PKEY_free(k: *mut EVP_PKEY); pub fn EVP_PKEY_free(k: *mut EVP_PKEY);
@ -354,21 +293,21 @@ extern "C" {
pub fn PKCS5_PBKDF2_HMAC_SHA1( pub fn PKCS5_PBKDF2_HMAC_SHA1(
pass: *const c_char, pass: *const c_char,
passlen: c_int, passlen: size_t,
salt: *const u8, salt: *const u8,
saltlen: c_int, saltlen: size_t,
iter: c_int, iter: c_uint,
keylen: c_int, keylen: size_t,
out: *mut u8, out: *mut u8,
) -> c_int; ) -> c_int;
pub fn PKCS5_PBKDF2_HMAC( pub fn PKCS5_PBKDF2_HMAC(
pass: *const c_char, pass: *const c_char,
passlen: c_int, passlen: size_t,
salt: *const c_uchar, salt: *const c_uchar,
saltlen: c_int, saltlen: size_t,
iter: c_int, iter: c_uint,
digest: *const EVP_MD, digest: *const EVP_MD,
keylen: c_int, keylen: size_t,
out: *mut u8, out: *mut u8,
) -> c_int; ) -> c_int;
@ -381,56 +320,17 @@ extern "C" {
N: u64, N: u64,
r: u64, r: u64,
p: u64, p: u64,
maxmem: u64, maxmem: size_t,
key: *mut c_uchar, key: *mut c_uchar,
keylen: size_t, keylen: size_t,
) -> c_int; ) -> c_int;
} }
pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2;
pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3;
pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4;
pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5;
pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6;
pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
| EVP_PKEY_OP_VERIFY
| EVP_PKEY_OP_VERIFYRECOVER
| EVP_PKEY_OP_SIGNCTX
| EVP_PKEY_OP_VERIFYCTX;
pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
pub const EVP_PKEY_CTRL_SET_MAC_KEY: c_int = 6;
pub const EVP_PKEY_CTRL_CIPHER: c_int = 12;
pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000;
extern "C" { extern "C" {
pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX); pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
pub fn EVP_PKEY_CTX_ctrl(
ctx: *mut EVP_PKEY_CTX,
keytype: c_int,
optype: c_int,
cmd: c_int,
p1: c_int,
p2: *mut c_void,
) -> c_int;
pub fn EVP_PKEY_new_mac_key(
type_: c_int,
e: *mut ENGINE,
key: *const c_uchar,
keylen: c_int,
) -> *mut EVP_PKEY;
pub fn EVP_PKEY_derive_init(ctx: *mut EVP_PKEY_CTX) -> c_int; pub fn EVP_PKEY_derive_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
pub fn EVP_PKEY_derive_set_peer(ctx: *mut EVP_PKEY_CTX, peer: *mut EVP_PKEY) -> c_int; pub fn EVP_PKEY_derive_set_peer(ctx: *mut EVP_PKEY_CTX, peer: *mut EVP_PKEY) -> c_int;
pub fn EVP_PKEY_derive(ctx: *mut EVP_PKEY_CTX, key: *mut c_uchar, size: *mut size_t) -> c_int; pub fn EVP_PKEY_derive(ctx: *mut EVP_PKEY_CTX, key: *mut c_uchar, size: *mut size_t) -> c_int;
@ -456,16 +356,8 @@ extern "C" {
) -> c_int; ) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(any(ossl110, libressl280))] {
extern "C" {
pub fn EVP_PKCS82PKEY(p8: *const PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY;
}
} else {
extern "C" {
pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY;
}
}
} }
cfg_if! { cfg_if! {
@ -498,6 +390,6 @@ cfg_if! {
} }
extern "C" { extern "C" {
pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; pub fn EVP_EncodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: size_t) -> size_t;
pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: c_int) -> c_int; pub fn EVP_DecodeBlock(dst: *mut c_uchar, src: *const c_uchar, src_len: size_t) -> c_int;
} }

4
openssl-sys/src/hmac.rs
View File

@ -20,11 +20,11 @@ extern "C" {
pub fn HMAC_Init_ex( pub fn HMAC_Init_ex(
ctx: *mut HMAC_CTX, ctx: *mut HMAC_CTX,
key: *const c_void, key: *const c_void,
len: c_int, len: size_t,
md: *const EVP_MD, md: *const EVP_MD,
impl_: *mut ENGINE, impl_: *mut ENGINE,
) -> c_int; ) -> c_int;
pub fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const c_uchar, len: size_t) -> c_int; pub fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const c_uchar, len: size_t) -> c_int;
pub fn HMAC_Final(ctx: *mut HMAC_CTX, md: *mut c_uchar, len: *mut c_uint) -> c_int; pub fn HMAC_Final(ctx: *mut HMAC_CTX, md: *mut c_uchar, len: *mut c_uint) -> c_int;
pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int;
} }

6
openssl-sys/src/lib.rs
View File

@ -18,19 +18,16 @@ pub use aes::*;
pub use asn1::*; pub use asn1::*;
pub use bio::*; pub use bio::*;
pub use bn::*; pub use bn::*;
pub use cms::*;
pub use conf::*; pub use conf::*;
pub use crypto::*; pub use crypto::*;
pub use dh::*; pub use dh::*;
pub use dsa::*; pub use dsa::*;
pub use dtls1::*;
pub use ec::*; pub use ec::*;
pub use err::*; pub use err::*;
pub use evp::*; pub use evp::*;
pub use hmac::*; pub use hmac::*;
pub use obj_mac::*; pub use obj_mac::*;
pub use object::*; pub use object::*;
pub use ocsp::*;
pub use ossl_typ::*; pub use ossl_typ::*;
pub use pem::*; pub use pem::*;
pub use pkcs12::*; pub use pkcs12::*;
@ -55,19 +52,16 @@ mod aes;
mod asn1; mod asn1;
mod bio; mod bio;
mod bn; mod bn;
mod cms;
mod conf; mod conf;
mod crypto; mod crypto;
mod dh; mod dh;
mod dsa; mod dsa;
mod dtls1;
mod ec; mod ec;
mod err; mod err;
mod evp; mod evp;
mod hmac; mod hmac;
mod obj_mac; mod obj_mac;
mod object; mod object;
mod ocsp;
mod ossl_typ; mod ossl_typ;
mod pem; mod pem;
mod pkcs12; mod pkcs12;

2
openssl-sys/src/obj_mac.rs
View File

@ -2,10 +2,8 @@ use libc::*;
pub const NID_undef: c_int = 0; pub const NID_undef: c_int = 0;
pub const NID_itu_t: c_int = 645; pub const NID_itu_t: c_int = 645;
pub const NID_ccitt: c_int = 404;
pub const NID_iso: c_int = 181; pub const NID_iso: c_int = 181;
pub const NID_joint_iso_itu_t: c_int = 646; pub const NID_joint_iso_itu_t: c_int = 646;
pub const NID_joint_iso_ccitt: c_int = 393;
pub const NID_member_body: c_int = 182; pub const NID_member_body: c_int = 182;
pub const NID_identified_organization: c_int = 676; pub const NID_identified_organization: c_int = 676;
pub const NID_hmac_md5: c_int = 780; pub const NID_hmac_md5: c_int = 780;

118
openssl-sys/src/ocsp.rs
View File

@ -1,118 +0,0 @@
use libc::*;
use *;
pub const OCSP_REVOKED_STATUS_NOSTATUS: c_int = -1;
pub const OCSP_REVOKED_STATUS_UNSPECIFIED: c_int = 0;
pub const OCSP_REVOKED_STATUS_KEYCOMPROMISE: c_int = 1;
pub const OCSP_REVOKED_STATUS_CACOMPROMISE: c_int = 2;
pub const OCSP_REVOKED_STATUS_AFFILIATIONCHANGED: c_int = 3;
pub const OCSP_REVOKED_STATUS_SUPERSEDED: c_int = 4;
pub const OCSP_REVOKED_STATUS_CESSATIONOFOPERATION: c_int = 5;
pub const OCSP_REVOKED_STATUS_CERTIFICATEHOLD: c_int = 6;
pub const OCSP_REVOKED_STATUS_REMOVEFROMCRL: c_int = 8;
pub const OCSP_NOCERTS: c_ulong = 0x1;
pub const OCSP_NOINTERN: c_ulong = 0x2;
pub const OCSP_NOSIGS: c_ulong = 0x4;
pub const OCSP_NOCHAIN: c_ulong = 0x8;
pub const OCSP_NOVERIFY: c_ulong = 0x10;
pub const OCSP_NOEXPLICIT: c_ulong = 0x20;
pub const OCSP_NOCASIGN: c_ulong = 0x40;
pub const OCSP_NODELEGATED: c_ulong = 0x80;
pub const OCSP_NOCHECKS: c_ulong = 0x100;
pub const OCSP_TRUSTOTHER: c_ulong = 0x200;
pub const OCSP_RESPID_KEY: c_ulong = 0x400;
pub const OCSP_NOTIME: c_ulong = 0x800;
pub enum OCSP_CERTID {}
pub enum OCSP_ONEREQ {}
pub enum OCSP_REQUEST {}
pub const OCSP_RESPONSE_STATUS_SUCCESSFUL: c_int = 0;
pub const OCSP_RESPONSE_STATUS_MALFORMEDREQUEST: c_int = 1;
pub const OCSP_RESPONSE_STATUS_INTERNALERROR: c_int = 2;
pub const OCSP_RESPONSE_STATUS_TRYLATER: c_int = 3;
pub const OCSP_RESPONSE_STATUS_SIGREQUIRED: c_int = 5;
pub const OCSP_RESPONSE_STATUS_UNAUTHORIZED: c_int = 6;
pub const V_OCSP_CERTSTATUS_GOOD: c_int = 0;
pub const V_OCSP_CERTSTATUS_REVOKED: c_int = 1;
pub const V_OCSP_CERTSTATUS_UNKNOWN: c_int = 2;
pub enum OCSP_BASICRESP {}
cfg_if! {
if #[cfg(any(ossl110, libressl281))] {
extern "C" {
pub fn OCSP_cert_to_id(
dgst: *const EVP_MD,
subject: *const X509,
issuer: *const X509,
) -> *mut OCSP_CERTID;
}
} else {
extern "C" {
pub fn OCSP_cert_to_id(
dgst: *const EVP_MD,
subject: *mut X509,
issuer: *mut X509,
) -> *mut ::OCSP_CERTID;
}
}
}
extern "C" {
pub fn OCSP_request_add0_id(r: *mut OCSP_REQUEST, id: *mut OCSP_CERTID) -> *mut OCSP_ONEREQ;
pub fn OCSP_resp_find_status(
bs: *mut OCSP_BASICRESP,
id: *mut OCSP_CERTID,
status: *mut c_int,
reason: *mut c_int,
revtime: *mut *mut ASN1_GENERALIZEDTIME,
thisupd: *mut *mut ASN1_GENERALIZEDTIME,
nextupd: *mut *mut ASN1_GENERALIZEDTIME,
) -> c_int;
pub fn OCSP_check_validity(
thisupd: *mut ASN1_GENERALIZEDTIME,
nextupd: *mut ASN1_GENERALIZEDTIME,
sec: c_long,
maxsec: c_long,
) -> c_int;
pub fn OCSP_response_status(resp: *mut OCSP_RESPONSE) -> c_int;
pub fn OCSP_response_get1_basic(resp: *mut OCSP_RESPONSE) -> *mut OCSP_BASICRESP;
pub fn OCSP_response_create(status: c_int, bs: *mut OCSP_BASICRESP) -> *mut OCSP_RESPONSE;
pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP;
pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP);
pub fn OCSP_RESPONSE_new() -> *mut OCSP_RESPONSE;
pub fn OCSP_RESPONSE_free(r: *mut OCSP_RESPONSE);
pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int;
pub fn d2i_OCSP_RESPONSE(
a: *mut *mut OCSP_RESPONSE,
pp: *mut *const c_uchar,
length: c_long,
) -> *mut OCSP_RESPONSE;
pub fn OCSP_ONEREQ_free(r: *mut OCSP_ONEREQ);
pub fn OCSP_CERTID_free(id: *mut OCSP_CERTID);
pub fn OCSP_REQUEST_new() -> *mut OCSP_REQUEST;
pub fn OCSP_REQUEST_free(r: *mut OCSP_REQUEST);
pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int;
pub fn d2i_OCSP_REQUEST(
a: *mut *mut OCSP_REQUEST,
pp: *mut *const c_uchar,
length: c_long,
) -> *mut OCSP_REQUEST;
pub fn OCSP_basic_verify(
bs: *mut OCSP_BASICRESP,
certs: *mut stack_st_X509,
st: *mut X509_STORE,
flags: c_ulong,
) -> c_int;
}

5
openssl-sys/src/ossl_typ.rs
View File

@ -532,7 +532,6 @@ cfg_if! {
sid_ctx_length: c_uint, sid_ctx_length: c_uint,
sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
session: *mut ::SSL_SESSION, session: *mut ::SSL_SESSION,
generate_session_id: ::GEN_SESSION_CB,
verify_mode: c_int, verify_mode: c_int,
verify_callback: Option<unsafe extern "C" fn(c_int, *mut ::X509_STORE_CTX) -> c_int>, verify_callback: Option<unsafe extern "C" fn(c_int, *mut ::X509_STORE_CTX) -> c_int>,
info_callback: Option<unsafe extern "C" fn(*mut SSL, c_int, c_int)>, info_callback: Option<unsafe extern "C" fn(*mut SSL, c_int, c_int)>,
@ -567,7 +566,6 @@ cfg_if! {
tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist_length: size_t,
tlsext_ellipticcurvelist: *mut c_uchar, tlsext_ellipticcurvelist: *mut c_uchar,
tlsext_session_ticket: *mut c_void, tlsext_session_ticket: *mut c_void,
tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn,
tls_session_ticket_ext_cb_arg: *mut c_void, tls_session_ticket_ext_cb_arg: *mut c_void,
tls_session_secret_cb: ::tls_session_secret_cb_fn, tls_session_secret_cb: ::tls_session_secret_cb_fn,
tls_session_secret_cb_arg: *mut c_void, tls_session_secret_cb_arg: *mut c_void,
@ -630,7 +628,6 @@ cfg_if! {
sid_ctx_length: c_uint, sid_ctx_length: c_uint,
sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
session: *mut ::SSL_SESSION, session: *mut ::SSL_SESSION,
generate_session_id: ::GEN_SESSION_CB,
verify_mode: c_int, verify_mode: c_int,
verify_callback: Option<unsafe extern "C" fn(c_int, *mut ::X509_STORE_CTX) -> c_int>, verify_callback: Option<unsafe extern "C" fn(c_int, *mut ::X509_STORE_CTX) -> c_int>,
info_callback: Option<unsafe extern "C" fn(*mut SSL, c_int, c_int)>, info_callback: Option<unsafe extern "C" fn(*mut SSL, c_int, c_int)>,
@ -708,8 +705,6 @@ cfg_if! {
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_session_ticket: *mut c_void, tlsext_session_ticket: *mut c_void,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tls_session_ticket_ext_cb_arg: *mut c_void, tls_session_ticket_ext_cb_arg: *mut c_void,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tls_session_secret_cb: ::tls_session_secret_cb_fn, tls_session_secret_cb: ::tls_session_secret_cb_fn,

10
openssl-sys/src/pem.rs
View File

@ -166,16 +166,6 @@ extern "C" {
) -> *mut PKCS7; ) -> *mut PKCS7;
pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int;
#[cfg(ossl101)]
pub fn PEM_read_bio_CMS(
bio: *mut BIO,
out: *mut *mut CMS_ContentInfo,
callback: pem_password_cb,
user_data: *mut c_void,
) -> *mut CMS_ContentInfo;
#[cfg(ossl101)]
pub fn PEM_write_bio_CMS(bio: *mut BIO, cms: *const CMS_ContentInfo) -> c_int;
} }
pub const PEM_R_NO_START_LINE: c_int = 108; pub const PEM_R_NO_START_LINE: c_int = 108;

34
openssl-sys/src/pkcs12.rs
View File

@ -6,51 +6,33 @@ pub enum PKCS12 {}
extern "C" { extern "C" {
pub fn PKCS12_free(p12: *mut PKCS12); pub fn PKCS12_free(p12: *mut PKCS12);
pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; pub fn i2d_PKCS12(a: *const PKCS12, buf: *mut *mut u8) -> c_int;
pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: size_t) -> *mut PKCS12;
pub fn PKCS12_parse( pub fn PKCS12_parse(
p12: *mut PKCS12, p12: *const PKCS12,
pass: *const c_char, pass: *const c_char,
pkey: *mut *mut EVP_PKEY, pkey: *mut *mut EVP_PKEY,
cert: *mut *mut X509, cert: *mut *mut X509,
ca: *mut *mut stack_st_X509, ca: *mut *mut stack_st_X509,
) -> c_int; ) -> c_int;
} }
cfg_if! {
if #[cfg(any(ossl110, libressl280))] { extern "C" {
extern "C" {
pub fn PKCS12_create( pub fn PKCS12_create(
pass: *const c_char, pass: *const c_char,
friendly_name: *const c_char, friendly_name: *const c_char,
pkey: *mut EVP_PKEY, pkey: *const EVP_PKEY,
cert: *mut X509, cert: *mut X509,
ca: *mut stack_st_X509, ca: *const stack_st_X509,
nid_key: c_int, nid_key: c_int,
nid_cert: c_int, nid_cert: c_int,
iter: c_int, iter: c_int,
mac_iter: c_int, mac_iter: c_int,
keytype: c_int, keytype: c_int,
) -> *mut PKCS12; ) -> *mut PKCS12;
}
} else {
extern "C" {
pub fn PKCS12_create(
pass: *mut c_char,
friendly_name: *mut c_char,
pkey: *mut EVP_PKEY,
cert: *mut X509,
ca: *mut stack_st_X509,
nid_key: c_int,
nid_cert: c_int,
iter: c_int,
mac_iter: c_int,
keytype: c_int,
) -> *mut PKCS12;
}
}
} }
extern "C" { extern "C" {
pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; pub fn i2d_PKCS12_bio(b: *mut BIO, a: *const PKCS12) -> c_int;
} }

42
openssl-sys/src/pkcs7.rs
View File

@ -19,35 +19,14 @@ pub const PKCS7_DETACHED: c_int = 0x40;
pub const PKCS7_BINARY: c_int = 0x80; pub const PKCS7_BINARY: c_int = 0x80;
pub const PKCS7_NOATTR: c_int = 0x100; pub const PKCS7_NOATTR: c_int = 0x100;
pub const PKCS7_NOSMIMECAP: c_int = 0x200; pub const PKCS7_NOSMIMECAP: c_int = 0x200;
pub const PKCS7_NOOLDMIMETYPE: c_int = 0x400;
pub const PKCS7_CRLFEOL: c_int = 0x800;
pub const PKCS7_STREAM: c_int = 0x1000; pub const PKCS7_STREAM: c_int = 0x1000;
pub const PKCS7_NOCRL: c_int = 0x2000;
pub const PKCS7_PARTIAL: c_int = 0x4000;
pub const PKCS7_REUSE_DIGEST: c_int = 0x8000;
#[cfg(not(any(ossl101, ossl102, libressl)))] #[cfg(not(any(ossl101, ossl102, libressl)))]
pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000;
extern "C" { extern "C" {
pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7; pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: size_t) -> *mut PKCS7;
pub fn i2d_PKCS7(a: *mut PKCS7, buf: *mut *mut u8) -> c_int; pub fn i2d_PKCS7(a: *const PKCS7, buf: *mut *mut u8) -> c_int;
pub fn PKCS7_encrypt(
certs: *mut stack_st_X509,
b: *mut BIO,
cipher: *const EVP_CIPHER,
flags: c_int,
) -> *mut PKCS7;
pub fn PKCS7_verify(
pkcs7: *mut PKCS7,
certs: *mut stack_st_X509,
store: *mut X509_STORE,
indata: *mut BIO,
out: *mut BIO,
flags: c_int,
) -> c_int;
pub fn PKCS7_sign( pub fn PKCS7_sign(
signcert: *mut X509, signcert: *mut X509,
@ -57,22 +36,5 @@ extern "C" {
flags: c_int, flags: c_int,
) -> *mut PKCS7; ) -> *mut PKCS7;
pub fn PKCS7_decrypt(
pkcs7: *mut PKCS7,
pkey: *mut EVP_PKEY,
cert: *mut X509,
data: *mut BIO,
flags: c_int,
) -> c_int;
pub fn PKCS7_free(pkcs7: *mut PKCS7); pub fn PKCS7_free(pkcs7: *mut PKCS7);
pub fn SMIME_write_PKCS7(
out: *mut BIO,
pkcs7: *mut PKCS7,
data: *mut BIO,
flags: c_int,
) -> c_int;
pub fn SMIME_read_PKCS7(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut PKCS7;
} }

2
openssl-sys/src/rand.rs
View File

@ -1,7 +1,7 @@
use libc::*; use libc::*;
extern "C" { extern "C" {
pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int; pub fn RAND_bytes(buf: *mut u8, num: size_t) -> c_int;
#[cfg(ossl111)] #[cfg(ossl111)]
pub fn RAND_keep_random_devices_open(keep: c_int); pub fn RAND_keep_random_devices_open(keep: c_int);

82
openssl-sys/src/rsa.rs
View File

@ -5,67 +5,19 @@ use *;
pub const RSA_F4: c_long = 0x10001; pub const RSA_F4: c_long = 0x10001;
pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
EVP_PKEY_RSA,
-1,
EVP_PKEY_CTRL_RSA_PADDING,
pad,
ptr::null_mut(),
)
}
pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
EVP_PKEY_RSA,
-1,
EVP_PKEY_CTRL_GET_RSA_PADDING,
0,
ppad as *mut c_void,
)
}
pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
EVP_PKEY_RSA,
EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY,
EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
len,
ptr::null_mut(),
)
}
pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
EVP_PKEY_RSA,
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_MGF1_MD,
0,
md as *mut c_void,
)
}
pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1;
pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2;
pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5;
pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6;
pub const RSA_PKCS1_PADDING: c_int = 1; pub const RSA_PKCS1_PADDING: c_int = 1;
pub const RSA_SSLV23_PADDING: c_int = 2;
pub const RSA_NO_PADDING: c_int = 3; pub const RSA_NO_PADDING: c_int = 3;
pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4;
pub const RSA_X931_PADDING: c_int = 5;
pub const RSA_PKCS1_PSS_PADDING: c_int = 6; pub const RSA_PKCS1_PSS_PADDING: c_int = 6;
extern "C" { extern "C" {
pub fn RSA_new() -> *mut RSA; pub fn RSA_new() -> *mut RSA;
pub fn RSA_size(k: *const RSA) -> c_int; pub fn RSA_size(k: *const RSA) -> c_uint;
pub fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int;
pub fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int;
pub fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int;
pub fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn RSA_set0_key( pub fn RSA_set0_key(
@ -111,33 +63,33 @@ extern "C" {
pub fn RSA_generate_key_ex( pub fn RSA_generate_key_ex(
rsa: *mut RSA, rsa: *mut RSA,
bits: c_int, bits: c_int,
e: *mut BIGNUM, e: *const BIGNUM,
cb: *mut BN_GENCB, cb: *mut BN_GENCB,
) -> c_int; ) -> c_int;
pub fn RSA_public_encrypt( pub fn RSA_public_encrypt(
flen: c_int, flen: size_t,
from: *const u8, from: *const u8,
to: *mut u8, to: *mut u8,
k: *mut RSA, k: *mut RSA,
pad: c_int, pad: c_int,
) -> c_int; ) -> c_int;
pub fn RSA_private_encrypt( pub fn RSA_private_encrypt(
flen: c_int, flen: size_t,
from: *const u8, from: *const u8,
to: *mut u8, to: *mut u8,
k: *mut RSA, k: *mut RSA,
pad: c_int, pad: c_int,
) -> c_int; ) -> c_int;
pub fn RSA_public_decrypt( pub fn RSA_public_decrypt(
flen: c_int, flen: size_t,
from: *const u8, from: *const u8,
to: *mut u8, to: *mut u8,
k: *mut RSA, k: *mut RSA,
pad: c_int, pad: c_int,
) -> c_int; ) -> c_int;
pub fn RSA_private_decrypt( pub fn RSA_private_decrypt(
flen: c_int, flen: size_t,
from: *const u8, from: *const u8,
to: *mut u8, to: *mut u8,
k: *mut RSA, k: *mut RSA,
@ -163,17 +115,9 @@ extern "C" {
pub fn RSA_verify( pub fn RSA_verify(
t: c_int, t: c_int,
m: *const u8, m: *const u8,
mlen: c_uint, mlen: size_t,
sig: *const u8, sig: *const u8,
siglen: c_uint, siglen: size_t,
k: *mut RSA, k: *mut RSA,
) -> c_int; ) -> c_int;
pub fn RSA_padding_check_PKCS1_type_2(
to: *mut c_uchar,
tlen: c_int,
f: *const c_uchar,
fl: c_int,
rsa_len: c_int,
) -> c_int;
} }

40
openssl-sys/src/sha.rs
View File

@ -1,20 +1,18 @@
use libc::*; use libc::*;
pub type SHA_LONG = c_uint; pub const SHA_CBLOCK: c_uint = 64;
pub const SHA_LBLOCK: c_int = 16;
#[repr(C)] #[repr(C)]
#[derive(Clone)] #[derive(Clone)]
pub struct SHA_CTX { pub struct SHA_CTX {
pub h0: SHA_LONG, pub h0: c_uint,
pub h1: SHA_LONG, pub h1: c_uint,
pub h2: SHA_LONG, pub h2: c_uint,
pub h3: SHA_LONG, pub h3: c_uint,
pub h4: SHA_LONG, pub h4: c_uint,
pub Nl: SHA_LONG, pub Nl: c_uint,
pub Nh: SHA_LONG, pub Nh: c_uint,
pub data: [SHA_LONG; SHA_LBLOCK as usize], pub data: [c_uchar; SHA_CBLOCK as usize],
pub num: c_uint, pub num: c_uint,
} }
@ -25,13 +23,15 @@ extern "C" {
pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar;
} }
pub const SHA256_CBLOCK: c_int = 64;
#[repr(C)] #[repr(C)]
#[derive(Clone)] #[derive(Clone)]
pub struct SHA256_CTX { pub struct SHA256_CTX {
pub h: [SHA_LONG; 8], pub h: [c_uint; 8],
pub Nl: SHA_LONG, pub Nl: c_uint,
pub Nh: SHA_LONG, pub Nh: c_uint,
pub data: [SHA_LONG; SHA_LBLOCK as usize], pub data: [c_uchar; SHA256_CBLOCK as usize],
pub num: c_uint, pub num: c_uint,
pub md_len: c_uint, pub md_len: c_uint,
} }
@ -47,16 +47,16 @@ extern "C" {
pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar;
} }
pub type SHA_LONG64 = u64; pub const SHA512_CBLOCK: c_int = 128;
#[repr(C)] #[repr(C)]
#[derive(Clone)] #[derive(Clone)]
pub struct SHA512_CTX { pub struct SHA512_CTX {
pub h: [SHA_LONG64; 8], pub h: [u64; 8],
pub Nl: SHA_LONG64, pub Nl: u64,
pub Nh: SHA_LONG64, pub Nh: u64,
// this is a union but we don't want to require 1.19 // this is a union but we don't want to require 1.19
u: [SHA_LONG64; SHA_LBLOCK as usize], u: [c_uchar; SHA512_CBLOCK as usize],
pub num: c_uint, pub num: c_uint,
pub md_len: c_uint, pub md_len: c_uint,
} }

2
openssl-sys/src/srtp.rs
View File

@ -14,5 +14,5 @@ extern "C" {
pub fn SSL_set_tlsext_use_srtp(ssl: *mut SSL, profiles: *const c_char) -> c_int; pub fn SSL_set_tlsext_use_srtp(ssl: *mut SSL, profiles: *const c_char) -> c_int;
pub fn SSL_get_srtp_profiles(ssl: *mut SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; pub fn SSL_get_srtp_profiles(ssl: *mut SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE;
pub fn SSL_get_selected_srtp_profile(ssl: *mut SSL) -> *mut SRTP_PROTECTION_PROFILE; pub fn SSL_get_selected_srtp_profile(ssl: *mut SSL) -> *const SRTP_PROTECTION_PROFILE;
} }

596
openssl-sys/src/ssl.rs
View File

@ -161,19 +161,6 @@ pub struct SRTP_PROTECTION_PROFILE {
stack!(stack_st_SRTP_PROTECTION_PROFILE); stack!(stack_st_SRTP_PROTECTION_PROFILE);
pub type tls_session_ticket_ext_cb_fn =
Option<unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_void) -> c_int>;
pub type tls_session_secret_cb_fn = Option<
unsafe extern "C" fn(
*mut SSL,
*mut c_void,
*mut c_int,
*mut stack_st_SSL_CIPHER,
*mut *mut SSL_CIPHER,
*mut c_void,
) -> c_int,
>;
#[cfg(ossl111)] #[cfg(ossl111)]
pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
/* This extension is only allowed in DTLS */ /* This extension is only allowed in DTLS */
@ -253,218 +240,148 @@ pub type SSL_custom_ext_parse_cb_ex = Option<
) -> c_int, ) -> c_int,
>; >;
pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_uint = 0x00000004;
cfg_if! {
if #[cfg(libressl261)] {
pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
} else if #[cfg(any(ossl102, libressl))] {
pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x10;
}
}
#[cfg(ossl101)]
pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_uint = 0x00000800;
pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; pub const SSL_OP_NO_QUERY_MTU: c_uint = 0x00001000;
pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; pub const SSL_OP_NO_TICKET: c_uint = 0x00004000;
pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000;
pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_uint = 0x00010000;
cfg_if! { cfg_if! {
if #[cfg(ossl101)] { if #[cfg(ossl101)] {
pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; pub const SSL_OP_NO_COMPRESSION: c_uint = 0x00020000;
pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x00040000;
} else { } else {
pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; pub const SSL_OP_NO_COMPRESSION: c_uint = 0x0;
} pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_uint = 0x0;
}
pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000;
cfg_if! {
if #[cfg(ossl101)] {
pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000;
pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000;
} else {
pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x0;
} }
} }
#[cfg(ossl111)] #[cfg(ossl111)]
pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_uint = 0x00100000;
pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_uint = 0x00400000;
cfg_if! { cfg_if! {
if #[cfg(libressl280)] { if #[cfg(libressl280)] {
pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0; pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0;
} else { } else {
pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; pub const SSL_OP_TLS_ROLLBACK_BUG: c_uint = 0x00800000;
} }
} }
cfg_if! { cfg_if! {
if #[cfg(ossl101)] { if #[cfg(ossl101)] {
pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; pub const SSL_OP_NO_SSLv3: c_uint = 0x02000000;
} else { } else {
pub const SSL_OP_NO_SSLv3: c_ulong = 0x0; pub const SSL_OP_NO_SSLv3: c_uint = 0x0;
} }
} }
pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; pub const SSL_OP_NO_TLSv1_1: c_uint = 0x10000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_TLSv1_2: c_uint = 0x08000000;
pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000;
#[cfg(ossl102)] #[cfg(ossl102)]
pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000;
#[cfg(ossl102)] #[cfg(ossl102)]
pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000;
#[cfg(ossl111)] #[cfg(ossl111)]
pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000;
#[cfg(ossl110h)] #[cfg(ossl110h)]
pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000; pub const SSL_OP_NO_RENEGOTIATION: c_uint = 0x40000000;
cfg_if! {
if #[cfg(ossl111)] {
pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2
| SSL_OP_NO_SSLv3
| SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1
| SSL_OP_NO_TLSv1_2
| SSL_OP_NO_TLSv1_3;
} else if #[cfg(ossl102)] {
pub const SSL_OP_NO_SSL_MASK: c_ulong =
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
}
}
cfg_if! {
if #[cfg(libressl261)] {
pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
} else {
pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
}
}
cfg_if! { cfg_if! {
if #[cfg(ossl110f)] { if #[cfg(ossl110f)] {
pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG pub const SSL_OP_ALL: c_uint =
| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
| SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_LEGACY_SERVER_CONNECT;
| SSL_OP_TLSEXT_PADDING
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
} else if #[cfg(libressl261)] { } else if #[cfg(libressl261)] {
pub const SSL_OP_ALL: c_ulong = 0x4; pub const SSL_OP_ALL: c_uint = 0x4;
} else if #[cfg(libressl)] { } else if #[cfg(libressl)] {
pub const SSL_OP_ALL: c_ulong = 0x80000014; pub const SSL_OP_ALL: c_uint = 0x80000014;
} else { } else {
pub const SSL_OP_ALL: c_ulong = 0x80000BFF; pub const SSL_OP_ALL: c_uint = 0x80000BFF;
} }
} }
cfg_if! { cfg_if! {
if #[cfg(ossl110)] { if #[cfg(ossl110)] {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000000;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000000;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000000;
pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000000;
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000000;
pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000000;
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000000;
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00000000;
pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00000000;
pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; pub const SSL_OP_NO_SSLv2: c_uint = 0x00000000;
} else if #[cfg(ossl101)] { } else if #[cfg(ossl101)] {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x00000001;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x00000002;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x00000008;
pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x00000020;
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x00000080;
pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; pub const SSL_OP_TLS_D5_BUG: c_uint = 0x00000100;
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x00000200;
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000;
pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000;
pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; pub const SSL_OP_NO_SSLv2: c_uint = 0x01000000;
} else { } else {
pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x0; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_uint = 0x0;
pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x0; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_uint = 0x0;
pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x0; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_uint = 0x0;
pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_uint = 0x0;
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_uint = 0x0;
pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_D5_BUG: c_uint = 0x0;
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_uint = 0x0;
#[cfg(libressl261)] #[cfg(libressl261)]
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x0;
#[cfg(not(libressl261))] #[cfg(not(libressl261))]
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_ECDH_USE: c_uint = 0x00080000;
pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; pub const SSL_OP_SINGLE_DH_USE: c_uint = 0x00100000;
pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; pub const SSL_OP_NO_SSLv2: c_uint = 0x0;
} }
} }
pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_uint = 0x1;
pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_uint = 0x2;
pub const SSL_MODE_AUTO_RETRY: c_long = 0x4; pub const SSL_MODE_AUTO_RETRY: c_uint = 0x4;
pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8; pub const SSL_MODE_NO_AUTO_CHAIN: c_uint = 0x8;
pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10; pub const SSL_MODE_RELEASE_BUFFERS: c_uint = 0x10;
#[cfg(ossl101)] #[cfg(ossl101)]
pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_uint = 0x20;
#[cfg(ossl101)] #[cfg(ossl101)]
pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_uint = 0x40;
#[cfg(ossl101)] #[cfg(ossl101)]
pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; pub const SSL_MODE_SEND_FALLBACK_SCSV: c_uint = 0x80;
pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { extern "C" {
SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut()) pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_uint) -> c_uint;
} }
#[cfg(ossl111)] #[cfg(ossl111)]
pub const SSL_COOKIE_LENGTH: c_int = 4096; pub const SSL_COOKIE_LENGTH: c_int = 4096;
cfg_if! { extern "C" {
if #[cfg(ossl110)] { pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_uint;
extern "C" { pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_uint) -> c_uint;
pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong; pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_uint) -> c_uint;
pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
}
} else {
pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
}
pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
SSL_CTX_ctrl(
ctx as *mut _,
SSL_CTRL_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
SSL_CTX_ctrl(
ctx as *mut _,
SSL_CTRL_CLEAR_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
}
} }
pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long { extern "C" {
SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut()) pub fn SSL_set_mtu(ssl: *mut SSL, mtu: c_uint) -> c_int;
} }
pub type GEN_SESSION_CB = pub const SSL_SESS_CACHE_OFF: c_int = 0x0;
Option<unsafe extern "C" fn(*const SSL, *mut c_uchar, *mut c_uint) -> c_int>; pub const SSL_SESS_CACHE_CLIENT: c_int = 0x1;
pub const SSL_SESS_CACHE_SERVER: c_int = 0x2;
pub const SSL_SESS_CACHE_OFF: c_long = 0x0; pub const SSL_SESS_CACHE_BOTH: c_int = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1; pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_int = 0x80;
pub const SSL_SESS_CACHE_SERVER: c_long = 0x2; pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_int = 0x100;
pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER; pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_int = 0x200;
pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80; pub const SSL_SESS_CACHE_NO_INTERNAL: c_int =
pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE; SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
extern "C" { extern "C" {
@ -498,35 +415,6 @@ cfg_if! {
} }
} }
} }
extern "C" {
// FIXME change to unsafe extern "C" fn
pub fn SSL_CTX_set_cookie_generate_cb(
s: *mut SSL_CTX,
cb: Option<
extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
>,
);
}
cfg_if! {
if #[cfg(any(ossl110, libressl280))] {
extern "C" {
pub fn SSL_CTX_set_cookie_verify_cb(
s: *mut SSL_CTX,
cb: Option<
extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int,
>,
);
}
} else {
extern "C" {
pub fn SSL_CTX_set_cookie_verify_cb(
s: *mut SSL_CTX,
cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: c_uint) -> c_int>,
);
}
}
}
extern "C" { extern "C" {
#[cfg(ossl111)] #[cfg(ossl111)]
@ -652,9 +540,6 @@ extern "C" {
parse_cb: SSL_custom_ext_parse_cb_ex, parse_cb: SSL_custom_ext_parse_cb_ex,
parse_arg: *mut c_void, parse_arg: *mut c_void,
) -> c_int; ) -> c_int;
#[cfg(ossl102)]
pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
} }
#[cfg(ossl111)] #[cfg(ossl111)]
@ -681,16 +566,8 @@ extern "C" {
pub fn SSL_get_verify_mode(s: *const SSL) -> c_int; pub fn SSL_get_verify_mode(s: *const SSL) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(ossl111)] {
extern "C" {
pub fn SSL_is_init_finished(s: *const SSL) -> c_int; pub fn SSL_is_init_finished(s: *const SSL) -> c_int;
}
} else if #[cfg(ossl110)] {
extern "C" {
pub fn SSL_is_init_finished(s: *mut SSL) -> c_int;
}
}
} }
pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER; pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
@ -710,200 +587,40 @@ pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_NONE: c_int = 0;
pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_PEER: c_int = 1;
pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
#[cfg(any(libressl, all(ossl101, not(ossl110))))] #[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
pub const SSL_CTRL_SET_MTU: c_int = 17;
#[cfg(any(libressl, all(ossl101, not(ossl110))))] #[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_OPTIONS: c_int = 32;
pub const SSL_CTRL_MODE: c_int = 33;
pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
#[cfg(any(libressl, all(ossl101, not(ossl110))))] #[cfg(any(libressl, all(ossl101, not(ossl110))))]
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
#[cfg(ossl111)] #[cfg(ossl111)]
pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92; pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
#[cfg(any(libressl, all(ossl102, not(ossl110))))] #[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
#[cfg(ossl102)]
pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
#[cfg(ossl102)]
pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
#[cfg(ossl110)]
pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
#[cfg(ossl110)]
pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
#[cfg(ossl110g)]
pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
#[cfg(ossl110g)]
pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
}
pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
}
pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
}
pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
}
pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
}
pub unsafe fn SSL_CTX_get_extra_chain_certs(
ctx: *mut SSL_CTX,
chain: *mut *mut stack_st_X509,
) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
}
#[cfg(ossl102)]
pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
}
#[cfg(ossl111)]
pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
SSL_CTX_ctrl(
ctx,
SSL_CTRL_SET_GROUPS_LIST,
0,
s as *const c_void as *mut c_void,
)
}
#[cfg(ossl102)]
pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
SSL_CTX_ctrl(
ctx,
SSL_CTRL_SET_SIGALGS_LIST,
0,
s as *const c_void as *mut c_void,
)
}
#[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
SSL_CTX_ctrl(
ctx,
SSL_CTRL_SET_ECDH_AUTO,
onoff as c_long,
ptr::null_mut(),
) as c_int
}
#[cfg(any(libress, all(ossl102, not(ossl110))))]
pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int {
SSL_ctrl(
ssl,
SSL_CTRL_SET_ECDH_AUTO,
onoff as c_long,
ptr::null_mut(),
) as c_int
}
cfg_if! {
if #[cfg(ossl110)] {
pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
SSL_CTX_ctrl(
ctx,
SSL_CTRL_SET_MIN_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
) as c_int
}
pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
SSL_CTX_ctrl(
ctx,
SSL_CTRL_SET_MAX_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
) as c_int
}
} else if #[cfg(libressl261)] {
extern "C" {
pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
}
}
}
cfg_if! {
if #[cfg(ossl110g)] {
#[cfg(ossl110g)]
pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
}
#[cfg(ossl110g)]
pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
}
} else if #[cfg(libressl270)] {
extern "C" {
pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
}
}
}
#[cfg(ossl110)]
pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
SSL_ctrl(
s,
SSL_CTRL_SET_MIN_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
) as c_int
}
#[cfg(ossl110)]
pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
SSL_ctrl(
s,
SSL_CTRL_SET_MAX_PROTO_VERSION,
version as c_long,
ptr::null_mut(),
) as c_int
}
#[cfg(ossl110g)]
pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
}
#[cfg(ossl110g)]
pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
}
extern "C" { extern "C" {
pub fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *const DH) -> c_int;
pub fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *const DH) -> c_int;
pub fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *const EC_KEY) -> c_int;
pub fn SSL_set_tmp_ecdh(ctx: *mut SSL, key: *const EC_KEY) -> c_int;
pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_int;
pub fn SSL_CTX_get_extra_chain_certs(
ctx: *const SSL_CTX,
chain: *mut *mut stack_st_X509,
) -> c_int;
pub fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_int;
pub fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
pub fn SSL_CTX_get_min_proto_version(ctx: *const ::SSL_CTX) -> u16;
pub fn SSL_CTX_get_max_proto_version(ctx: *const ::SSL_CTX) -> u16;
pub fn SSL_set_min_proto_version(s: *mut SSL, version: u16) -> c_int;
pub fn SSL_set_max_proto_version(s: *mut SSL, version: u16) -> c_int;
pub fn SSL_get_min_proto_version(s: *const SSL) -> u16;
pub fn SSL_get_max_proto_version(s: *const SSL) -> u16;
pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int;
pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
#[cfg(any(ossl110, libressl273))]
pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);
@ -969,10 +686,10 @@ extern "C" {
pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char;
pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long; pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> u64;
pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long; pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> u32;
#[cfg(ossl110)] #[cfg(ossl110)]
pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int; pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> u16;
#[cfg(ossl111)] #[cfg(ossl111)]
pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int; pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int;
@ -1009,7 +726,7 @@ extern "C" {
pub fn SSL_CTX_set_session_id_context( pub fn SSL_CTX_set_session_id_context(
ssl: *mut SSL_CTX, ssl: *mut SSL_CTX,
sid_ctx: *const c_uchar, sid_ctx: *const c_uchar,
sid_ctx_len: c_uint, sid_ctx_len: size_t,
) -> c_int; ) -> c_int;
pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
@ -1095,13 +812,6 @@ extern "C" {
num: size_t, num: size_t,
written: *mut size_t, written: *mut size_t,
) -> c_int; ) -> c_int;
pub fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
pub fn SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
pub fn SSL_CTX_callback_ctrl(
ctx: *mut SSL_CTX,
cmd: c_int,
fp: Option<extern "C" fn()>,
) -> c_long;
} }
cfg_if! { cfg_if! {
@ -1160,18 +870,6 @@ extern "C" {
) -> c_int; ) -> c_int;
} }
cfg_if! {
if #[cfg(ossl111b)] {
extern "C" {
pub fn SSL_get_ssl_method(ssl: *const SSL) -> *const SSL_METHOD;
}
} else {
extern "C" {
pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
}
}
}
extern "C" { extern "C" {
pub fn SSL_set_connect_state(s: *mut SSL); pub fn SSL_set_connect_state(s: *mut SSL);
pub fn SSL_set_accept_state(s: *mut SSL); pub fn SSL_set_accept_state(s: *mut SSL);
@ -1183,7 +881,7 @@ extern "C" {
cipher: *const SSL_CIPHER, cipher: *const SSL_CIPHER,
buf: *mut c_char, buf: *mut c_char,
size: c_int, size: c_int,
) -> *mut c_char; ) -> *const c_char;
pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
} }
@ -1213,9 +911,6 @@ extern "C" {
pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX; pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX;
pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long; pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long;
#[cfg(ossl110)]
pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509;
#[cfg(ossl110)] #[cfg(ossl110)]
pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
#[cfg(ossl110)] #[cfg(ossl110)]
@ -1228,56 +923,31 @@ extern "C" {
) -> size_t; ) -> size_t;
} }
cfg_if! { extern "C" {
if #[cfg(ossl110)] {
pub unsafe fn SSL_get_ex_new_index(
l: c_long,
p: *mut c_void,
newf: Option<CRYPTO_EX_new>,
dupf: Option<CRYPTO_EX_dup>,
freef: Option<CRYPTO_EX_free>,
) -> c_int {
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
}
} else {
extern "C" {
pub fn SSL_get_ex_new_index( pub fn SSL_get_ex_new_index(
argl: c_long, argl: c_long,
argp: *mut c_void, argp: *mut c_void,
new_func: Option<CRYPTO_EX_new>, new_func: *mut c_int,
dup_func: Option<CRYPTO_EX_dup>, dup_func: Option<CRYPTO_EX_dup>,
free_func: Option<CRYPTO_EX_free>, free_func: Option<CRYPTO_EX_free>,
) -> c_int; ) -> c_int;
}
}
} }
extern "C" { extern "C" {
pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int; pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int;
pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;
} }
cfg_if! {
if #[cfg(ossl110)] { extern "C" {
pub unsafe fn SSL_CTX_get_ex_new_index(
l: c_long,
p: *mut c_void,
newf: Option<CRYPTO_EX_new>,
dupf: Option<CRYPTO_EX_dup>,
freef: Option<CRYPTO_EX_free>,
) -> c_int {
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
}
} else {
extern "C" {
pub fn SSL_CTX_get_ex_new_index( pub fn SSL_CTX_get_ex_new_index(
argl: c_long, argl: c_long,
argp: *mut c_void, argp: *mut c_void,
new_func: Option<::CRYPTO_EX_new>, new_func: *mut c_int,
dup_func: Option<::CRYPTO_EX_dup>, dup_func: Option<::CRYPTO_EX_dup>,
free_func: Option<::CRYPTO_EX_free>, free_func: Option<::CRYPTO_EX_free>,
) -> c_int; ) -> c_int;
}
}
} }
extern "C" { extern "C" {
pub fn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int; pub fn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int;
pub fn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void; pub fn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void;
@ -1285,20 +955,11 @@ extern "C" {
pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int;
} }
pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long { extern "C" {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut()) pub fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_ulong) -> c_ulong;
} pub fn SSL_CTX_sess_get_cache_size(ctx: *const SSL_CTX) -> c_ulong;
pub fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_int) -> c_int;
pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long { pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_int) -> c_int;
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
}
pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
}
pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
} }
extern "C" { extern "C" {
@ -1369,21 +1030,10 @@ extern "C" {
pub fn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int; pub fn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int;
} }
cfg_if! { extern "C" {
if #[cfg(ossl111c)] {
extern "C" {
pub fn SSL_session_reused(ssl: *const SSL) -> c_int; pub fn SSL_session_reused(ssl: *const SSL) -> c_int;
}
} else if #[cfg(ossl110)] {
extern "C" {
pub fn SSL_session_reused(ssl: *mut SSL) -> c_int;
}
} else {
pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
}
}
} }
cfg_if! { cfg_if! {
if #[cfg(any(ossl110f, libressl273))] { if #[cfg(any(ossl110f, libressl273))] {
extern "C" { extern "C" {

2
openssl-sys/src/ssl3.rs
View File

@ -1,5 +1,5 @@
use libc::*; use libc::*;
pub const SSL3_VERSION: c_int = 0x300; pub const SSL3_VERSION: u16 = 0x300;
pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47; pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47;

44
openssl-sys/src/stack.rs
View File

@ -1,45 +1,21 @@
use libc::*; use libc::*;
cfg_if! { #[repr(C)]
if #[cfg(ossl110)] { pub struct _STACK {
pub enum OPENSSL_STACK {} pub num: size_t,
} else { pub data: *mut *mut c_void,
#[repr(C)]
pub struct _STACK {
pub num: c_int,
pub data: *mut *mut c_char,
pub sorted: c_int, pub sorted: c_int,
pub num_alloc: c_int, pub num_alloc: size_t,
pub comp: Option<unsafe extern "C" fn(*const c_void, *const c_void) -> c_int>, pub comp: Option<unsafe extern "C" fn(*mut *const c_void, *mut *const c_void) -> c_int>,
}
}
} }
cfg_if! { extern "C" {
if #[cfg(ossl110)] { pub fn sk_num(st: *const _STACK) -> size_t;
extern "C" { pub fn sk_value(st: *const _STACK, n: size_t) -> *mut c_void;
pub fn OPENSSL_sk_num(stack: *const OPENSSL_STACK) -> c_int;
pub fn OPENSSL_sk_value(stack: *const OPENSSL_STACK, idx: c_int) -> *mut c_void;
pub fn OPENSSL_sk_new_null() -> *mut OPENSSL_STACK;
pub fn OPENSSL_sk_free(st: *mut OPENSSL_STACK);
pub fn OPENSSL_sk_pop_free(
st: *mut OPENSSL_STACK,
free: Option<unsafe extern "C" fn(*mut c_void)>,
);
pub fn OPENSSL_sk_push(st: *mut OPENSSL_STACK, data: *const c_void) -> c_int;
pub fn OPENSSL_sk_pop(st: *mut OPENSSL_STACK) -> *mut c_void;
}
} else {
extern "C" {
pub fn sk_num(st: *const _STACK) -> c_int;
pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void;
pub fn sk_new_null() -> *mut _STACK; pub fn sk_new_null() -> *mut _STACK;
pub fn sk_free(st: *mut _STACK); pub fn sk_free(st: *mut _STACK);
pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn(*mut c_void)>); pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn(*mut c_void)>);
pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int; pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> size_t;
pub fn sk_pop(st: *mut _STACK) -> *mut c_void; pub fn sk_pop(st: *mut _STACK) -> *mut c_void;
}
}
} }

78
openssl-sys/src/tls1.rs
View File

@ -4,11 +4,11 @@ use std::ptr;
use *; use *;
pub const TLS1_VERSION: c_int = 0x301; pub const TLS1_VERSION: u16 = 0x301;
pub const TLS1_1_VERSION: c_int = 0x302; pub const TLS1_1_VERSION: u16 = 0x302;
pub const TLS1_2_VERSION: c_int = 0x303; pub const TLS1_2_VERSION: u16 = 0x303;
#[cfg(ossl111)] #[cfg(ossl111)]
pub const TLS1_3_VERSION: c_int = 0x304; pub const TLS1_3_VERSION: u16 = 0x304;
pub const TLS1_AD_DECODE_ERROR: c_int = 50; pub const TLS1_AD_DECODE_ERROR: c_int = 50;
pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112; pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112;
@ -40,54 +40,20 @@ extern "C" {
context: *const c_uchar, context: *const c_uchar,
contextlen: size_t, contextlen: size_t,
) -> c_int; ) -> c_int;
pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_int;
pub fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_int;
pub fn SSL_get_tlsext_status_ocsp_resp(ssl: *const SSL, resp: *mut *const c_uchar) -> size_t;
pub fn SSL_set_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut c_uchar, len: size_t)
-> c_int;
} }
pub unsafe fn SSL_set_tlsext_host_name(s: *mut SSL, name: *mut c_char) -> c_long { extern "C" {
SSL_ctrl( pub fn SSL_CTX_set_tlsext_servername_callback(
s,
SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name as c_long,
name as *mut c_void,
)
}
pub unsafe fn SSL_set_tlsext_status_type(s: *mut SSL, type_: c_int) -> c_long {
SSL_ctrl(
s,
SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,
type_ as c_long,
ptr::null_mut(),
)
}
pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long {
SSL_ctrl(
ssl,
SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,
0,
resp as *mut c_void,
)
}
pub unsafe fn SSL_set_tlsext_status_ocsp_resp(
ssl: *mut SSL,
resp: *mut c_uchar,
len: c_long,
) -> c_long {
SSL_ctrl(
ssl,
SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,
len,
resp as *mut c_void,
)
}
pub unsafe fn SSL_CTX_set_tlsext_servername_callback(
ctx: *mut SSL_CTX, ctx: *mut SSL_CTX,
// FIXME should have the right signature // FIXME should have the right signature
cb: Option<extern "C" fn()>, cb: Option<extern "C" fn(s: *mut SSL, out_alert: *mut c_int, arg: *mut c_void) -> c_int>,
) -> c_long { ) -> c_int;
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, cb)
} }
pub const SSL_TLSEXT_ERR_OK: c_int = 0; pub const SSL_TLSEXT_ERR_OK: c_int = 0;
@ -95,17 +61,11 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1;
pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2; pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2;
pub const SSL_TLSEXT_ERR_NOACK: c_int = 3; pub const SSL_TLSEXT_ERR_NOACK: c_int = 3;
pub unsafe fn SSL_CTX_set_tlsext_servername_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long { extern "C" {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg) pub fn SSL_CTX_set_tlsext_servername_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_int;
} pub fn SSL_CTX_set_tlsext_status_cb(
pub unsafe fn SSL_CTX_set_tlsext_status_cb(
ctx: *mut SSL_CTX, ctx: *mut SSL_CTX,
cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> c_int>, cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> c_int>,
) -> c_long { ) -> c_int;
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, mem::transmute(cb)) pub fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_int;
}
pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long {
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg)
} }

130
openssl-sys/src/x509.rs
View File

@ -189,26 +189,26 @@ extern "C" {
pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int;
pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int;
pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn i2d_PUBKEY(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int;
pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY;
pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA;
pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; pub fn i2d_RSA_PUBKEY(k: *const RSA, buf: *mut *mut u8) -> c_int;
pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA;
pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_DSA_PUBKEY(a: *const DSA, pp: *mut *mut c_uchar) -> c_int;
pub fn d2i_EC_PUBKEY( pub fn d2i_EC_PUBKEY(
a: *mut *mut EC_KEY, a: *mut *mut EC_KEY,
pp: *mut *const c_uchar, pp: *mut *const c_uchar,
length: c_long, length: c_long,
) -> *mut EC_KEY; ) -> *mut EC_KEY;
pub fn i2d_EC_PUBKEY(a: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_EC_PUBKEY(a: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int;
pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn i2d_PrivateKey(k: *const EVP_PKEY, buf: *mut *mut u8) -> c_int;
pub fn d2i_ECPrivateKey( pub fn d2i_ECPrivateKey(
k: *mut *mut EC_KEY, k: *mut *mut EC_KEY,
pp: *mut *const c_uchar, pp: *mut *const c_uchar,
length: c_long, length: c_long,
) -> *mut EC_KEY; ) -> *mut EC_KEY;
pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_ECPrivateKey(ec_key: *const EC_KEY, pp: *mut *mut c_uchar) -> c_int;
} }
cfg_if! { cfg_if! {
@ -366,9 +366,9 @@ extern "C" {
pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME; pub fn X509_getm_notBefore(x: *mut X509) -> *mut ASN1_TIME;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn X509_getm_notAfter(x: *const X509) -> *mut ASN1_TIME; pub fn X509_getm_notAfter(x: *mut X509) -> *mut ASN1_TIME;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn X509_up_ref(x: *mut X509) -> c_int; pub fn X509_up_ref(x: *mut X509) -> c_int;
@ -448,17 +448,10 @@ cfg_if! {
} }
} }
cfg_if! { extern "C" {
if #[cfg(libressl280)] {
extern "C" {
pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int;
}
} else {
extern "C" {
pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int;
}
}
} }
cfg_if! { cfg_if! {
if #[cfg(any(ossl110, libressl280))] { if #[cfg(any(ossl110, libressl280))] {
extern "C" { extern "C" {
@ -566,16 +559,18 @@ extern "C" {
ex: *mut *mut X509_EXTENSION, ex: *mut *mut X509_EXTENSION,
nid: c_int, nid: c_int,
crit: c_int, crit: c_int,
data: *mut ASN1_OCTET_STRING, data: *const ASN1_OCTET_STRING,
) -> *mut X509_EXTENSION; ) -> *mut X509_EXTENSION;
pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int;
pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; pub fn X509_EXTENSION_set_data(
ex: *mut X509_EXTENSION,
data: *const ASN1_OCTET_STRING,
) -> c_int;
pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT;
pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING; pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING;
} }
cfg_if! {
if #[cfg(any(ossl110, libressl280))] { extern "C" {
extern "C" {
// in X509 // in X509
pub fn X509_get_ext_count(x: *const X509) -> c_int; pub fn X509_get_ext_count(x: *const X509) -> c_int;
pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int;
@ -591,7 +586,11 @@ cfg_if! {
// in X509_CRL // in X509_CRL
pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int;
pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int;
pub fn X509_CRL_get_ext_by_OBJ(x: *const X509_CRL, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; pub fn X509_CRL_get_ext_by_OBJ(
x: *const X509_CRL,
obj: *const ASN1_OBJECT,
lastpos: c_int,
) -> c_int;
pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int;
pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION;
pub fn X509_CRL_get_ext_d2i( pub fn X509_CRL_get_ext_d2i(
@ -602,9 +601,18 @@ cfg_if! {
) -> *mut c_void; ) -> *mut c_void;
// in X509_REVOKED // in X509_REVOKED
pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int;
pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int)
pub fn X509_REVOKED_get_ext_by_OBJ(x: *const X509_REVOKED, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; -> c_int;
pub fn X509_REVOKED_get_ext_by_critical(x: *const X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; pub fn X509_REVOKED_get_ext_by_OBJ(
x: *const X509_REVOKED,
obj: *const ASN1_OBJECT,
lastpos: c_int,
) -> c_int;
pub fn X509_REVOKED_get_ext_by_critical(
x: *const X509_REVOKED,
crit: c_int,
lastpos: c_int,
) -> c_int;
pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION;
pub fn X509_REVOKED_get_ext_d2i( pub fn X509_REVOKED_get_ext_d2i(
x: *const ::X509_REVOKED, x: *const ::X509_REVOKED,
@ -613,58 +621,20 @@ cfg_if! {
idx: *mut c_int, idx: *mut c_int,
) -> *mut c_void; ) -> *mut c_void;
// X509_EXTENSION stack // X509_EXTENSION stack
pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; pub fn X509v3_get_ext_by_OBJ(
x: *const stack_st_X509_EXTENSION,
obj: *const ASN1_OBJECT,
lastpos: c_int,
) -> c_int;
// X509_EXTENSION itself // X509_EXTENSION itself
pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; pub fn X509_EXTENSION_create_by_OBJ(
ex: *mut *mut X509_EXTENSION,
obj: *const ASN1_OBJECT,
crit: c_int,
data: *const ASN1_OCTET_STRING,
) -> *mut X509_EXTENSION;
pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int;
pub fn X509_EXTENSION_get_critical(ex: *const X509_EXTENSION) -> c_int;
}
} else {
extern "C" {
// in X509
pub fn X509_get_ext_count(x: *mut X509) -> c_int;
pub fn X509_get_ext_by_NID(x: *mut X509, nid: c_int, lastpos: c_int) -> c_int;
pub fn X509_get_ext_by_OBJ(x: *mut X509, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int;
pub fn X509_get_ext_by_critical(x: *mut X509, crit: c_int, lastpos: c_int) -> c_int;
pub fn X509_get_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION;
pub fn X509_get_ext_d2i(
x: *mut ::X509,
nid: c_int,
crit: *mut c_int,
idx: *mut c_int,
) -> *mut c_void;
// in X509_CRL
pub fn X509_CRL_get_ext_count(x: *mut X509_CRL) -> c_int;
pub fn X509_CRL_get_ext_by_NID(x: *mut X509_CRL, nid: c_int, lastpos: c_int) -> c_int;
pub fn X509_CRL_get_ext_by_OBJ(x: *mut X509_CRL, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int;
pub fn X509_CRL_get_ext_by_critical(x: *mut X509_CRL, crit: c_int, lastpos: c_int) -> c_int;
pub fn X509_CRL_get_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION;
pub fn X509_CRL_get_ext_d2i(
x: *mut ::X509_CRL,
nid: c_int,
crit: *mut c_int,
idx: *mut c_int,
) -> *mut c_void;
// in X509_REVOKED
pub fn X509_REVOKED_get_ext_count(x: *mut X509_REVOKED) -> c_int;
pub fn X509_REVOKED_get_ext_by_NID(x: *mut X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int;
pub fn X509_REVOKED_get_ext_by_OBJ(x: *mut X509_REVOKED, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int;
pub fn X509_REVOKED_get_ext_by_critical(x: *mut X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int;
pub fn X509_REVOKED_get_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION;
pub fn X509_REVOKED_get_ext_d2i(
x: *mut ::X509_REVOKED,
nid: c_int,
crit: *mut c_int,
idx: *mut c_int,
) -> *mut c_void;
// X509_EXTENSION stack
pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int;
// X509_EXTENSION itself
pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION;
pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int;
pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int;
}
}
} }
extern "C" { extern "C" {
@ -677,14 +647,6 @@ extern "C" {
pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509; pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509;
} }
cfg_if! { extern "C" {
if #[cfg(ossl110)] {
extern "C" {
pub fn X509_OBJECT_free(a: *mut X509_OBJECT);
}
} else {
extern "C" {
pub fn X509_OBJECT_free_contents(a: *mut X509_OBJECT); pub fn X509_OBJECT_free_contents(a: *mut X509_OBJECT);
}
}
} }

19
openssl-sys/src/x509_vfy.rs
View File

@ -79,21 +79,10 @@ pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62;
pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63;
#[cfg(ossl102)] #[cfg(ossl102)]
pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64;
cfg_if! {
if #[cfg(ossl110)] { pub const X509_V_ERR_INVALID_CALL: c_int = 65;
pub const X509_V_ERR_DANE_NO_MATCH: c_int = 65; pub const X509_V_ERR_STORE_LOOKUP: c_int = 66;
pub const X509_V_ERR_EE_KEY_TOO_SMALL: c_int = 66; pub const X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS: c_int = 67;
pub const X509_V_ERR_CA_KEY_TOO_SMALL: c_int = 67;
pub const X509_V_ERR_CA_MD_TOO_WEAK: c_int = 68;
pub const X509_V_ERR_INVALID_CALL: c_int = 69;
pub const X509_V_ERR_STORE_LOOKUP: c_int = 70;
pub const X509_V_ERR_NO_VALID_SCTS: c_int = 71;
} else if #[cfg(ossl102h)] {
pub const X509_V_ERR_INVALID_CALL: c_int = 65;
pub const X509_V_ERR_STORE_LOOKUP: c_int = 66;
pub const X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: c_int = 67;
}
}
extern "C" { extern "C" {
pub fn X509_STORE_new() -> *mut X509_STORE; pub fn X509_STORE_new() -> *mut X509_STORE;

4
openssl-sys/src/x509v3.rs
View File

@ -2,8 +2,6 @@ use libc::*;
use *; use *;
pub enum CONF_METHOD {}
pub const GEN_OTHERNAME: c_int = 0; pub const GEN_OTHERNAME: c_int = 0;
pub const GEN_EMAIL: c_int = 1; pub const GEN_EMAIL: c_int = 1;
pub const GEN_DNS: c_int = 2; pub const GEN_DNS: c_int = 2;
@ -190,7 +188,7 @@ pub const XKU_DVCS: u32 = 0x80;
pub const XKU_ANYEKU: u32 = 0x100; pub const XKU_ANYEKU: u32 = 0x100;
extern "C" { extern "C" {
pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; pub fn X509V3_EXT_d2i(ext: *const X509_EXTENSION) -> *mut c_void;
pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION;
pub fn X509V3_add1_i2d( pub fn X509V3_add1_i2d(
x: *mut *mut stack_st_X509_EXTENSION, x: *mut *mut stack_st_X509_EXTENSION,

18
openssl/src/aes.rs
View File

@ -56,7 +56,7 @@
//! ``` //! ```
//! //!
use ffi; use ffi;
use libc::{c_int, c_uint}; use libc::{c_int, c_uint, size_t};
use std::{mem, ptr}; use std::{mem, ptr};
use symm::Mode; use symm::Mode;
@ -82,7 +82,7 @@ impl AesKey {
let mut aes_key = mem::uninitialized(); let mut aes_key = mem::uninitialized();
let r = ffi::AES_set_encrypt_key( let r = ffi::AES_set_encrypt_key(
key.as_ptr() as *const _, key.as_ptr() as *const _,
key.len() as c_int * 8, key.len() as c_uint * 8,
&mut aes_key, &mut aes_key,
); );
if r == 0 { if r == 0 {
@ -106,7 +106,7 @@ impl AesKey {
let mut aes_key = mem::uninitialized(); let mut aes_key = mem::uninitialized();
let r = ffi::AES_set_decrypt_key( let r = ffi::AES_set_decrypt_key(
key.as_ptr() as *const _, key.as_ptr() as *const _,
key.len() as c_int * 8, key.len() as c_uint * 8,
&mut aes_key, &mut aes_key,
); );
@ -147,14 +147,6 @@ pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mo
Mode::Encrypt => ffi::AES_ENCRYPT, Mode::Encrypt => ffi::AES_ENCRYPT,
Mode::Decrypt => ffi::AES_DECRYPT, Mode::Decrypt => ffi::AES_DECRYPT,
}; };
ffi::AES_ige_encrypt(
in_.as_ptr() as *const _,
out.as_mut_ptr() as *mut _,
in_.len(),
&key.0,
iv.as_mut_ptr() as *mut _,
mode,
);
} }
} }
@ -186,7 +178,7 @@ pub fn wrap_key(
.map_or(ptr::null(), |iv| iv.as_ptr() as *const _), .map_or(ptr::null(), |iv| iv.as_ptr() as *const _),
out.as_ptr() as *mut _, out.as_ptr() as *mut _,
in_.as_ptr() as *const _, in_.as_ptr() as *const _,
in_.len() as c_uint, in_.len() as size_t,
); );
if written <= 0 { if written <= 0 {
Err(KeyError(())) Err(KeyError(()))
@ -224,7 +216,7 @@ pub fn unwrap_key(
.map_or(ptr::null(), |iv| iv.as_ptr() as *const _), .map_or(ptr::null(), |iv| iv.as_ptr() as *const _),
out.as_ptr() as *mut _, out.as_ptr() as *mut _,
in_.as_ptr() as *const _, in_.as_ptr() as *const _,
in_.len() as c_uint, in_.len() as size_t,
); );
if written <= 0 { if written <= 0 {

8
openssl/src/base64.rs
View File

@ -15,7 +15,7 @@ use libc::c_int;
/// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html /// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html
pub fn encode_block(src: &[u8]) -> String { pub fn encode_block(src: &[u8]) -> String {
assert!(src.len() <= c_int::max_value() as usize); assert!(src.len() <= c_int::max_value() as usize);
let src_len = src.len() as c_int; let src_len = src.len();
let len = encoded_len(src_len).unwrap(); let len = encoded_len(src_len).unwrap();
let mut out = Vec::with_capacity(len as usize); let mut out = Vec::with_capacity(len as usize);
@ -49,7 +49,7 @@ pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {
} }
assert!(src.len() <= c_int::max_value() as usize); assert!(src.len() <= c_int::max_value() as usize);
let src_len = src.len() as c_int; let src_len = src.len();
let len = decoded_len(src_len).unwrap(); let len = decoded_len(src_len).unwrap();
let mut out = Vec::with_capacity(len as usize); let mut out = Vec::with_capacity(len as usize);
@ -78,7 +78,7 @@ pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {
Ok(out) Ok(out)
} }
fn encoded_len(src_len: c_int) -> Option<c_int> { fn encoded_len(src_len: usize) -> Option<usize> {
let mut len = (src_len / 3).checked_mul(4)?; let mut len = (src_len / 3).checked_mul(4)?;
if src_len % 3 != 0 { if src_len % 3 != 0 {
@ -90,7 +90,7 @@ fn encoded_len(src_len: c_int) -> Option<c_int> {
Some(len) Some(len)
} }
fn decoded_len(src_len: c_int) -> Option<c_int> { fn decoded_len(src_len: usize) -> Option<usize> {
let mut len = (src_len / 4).checked_mul(3)?; let mut len = (src_len / 4).checked_mul(3)?;
if src_len % 4 != 0 { if src_len % 4 != 0 {

151
openssl/src/bn.rs
View File

@ -24,7 +24,7 @@
//! [`BIGNUM`]: https://wiki.openssl.org/index.php/Manual:Bn_internal(3) //! [`BIGNUM`]: https://wiki.openssl.org/index.php/Manual:Bn_internal(3)
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int; use libc::{c_int, size_t};
use std::cmp::Ordering; use std::cmp::Ordering;
use std::ffi::CString; use std::ffi::CString;
use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub};
@ -32,35 +32,10 @@ use std::{fmt, ptr};
use asn1::Asn1Integer; use asn1::Asn1Integer;
use error::ErrorStack; use error::ErrorStack;
use ffi::BN_is_negative;
use string::OpensslString; use string::OpensslString;
use {cvt, cvt_n, cvt_p}; use {cvt, cvt_n, cvt_p};
cfg_if! {
if #[cfg(ossl110)] {
use ffi::{
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative,
};
} else {
use ffi::{
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
get_rfc3526_prime_4096 as BN_get_rfc3526_prime_4096,
get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144,
get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192,
};
#[allow(bad_style)]
unsafe fn BN_is_negative(bn: *const ffi::BIGNUM) -> c_int {
(*bn).neg
}
}
}
/// Options for the most significant bits of a randomly generated `BigNum`. /// Options for the most significant bits of a randomly generated `BigNum`.
pub struct MsbOption(c_int); pub struct MsbOption(c_int);
@ -975,126 +950,6 @@ impl BigNum {
} }
} }
/// Returns a constant used in IKE as defined in [`RFC 2409`]. This prime number is in
/// the order of magnitude of `2 ^ 768`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled Oakley group id 1.
///
/// OpenSSL documentation at [`BN_get_rfc2409_prime_768`]
///
/// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
/// [`BN_get_rfc2409_prime_768`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc2409_prime_768.html
pub fn get_rfc2409_prime_768() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc2409_prime_768(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 2409`]. This prime number is in
/// the order of magnitude of `2 ^ 1024`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled Oakly group 2.
///
/// OpenSSL documentation at [`BN_get_rfc2409_prime_1024`]
///
/// [`RFC 2409`]: https://tools.ietf.org/html/rfc2409#page-21
/// [`BN_get_rfc2409_prime_1024`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc2409_prime_1024.html
pub fn get_rfc2409_prime_1024() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc2409_prime_1024(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 1536`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 5.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_1536`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
/// [`BN_get_rfc3526_prime_1536`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_1536.html
pub fn get_rfc3526_prime_1536() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_1536(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 2048`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 14.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_2048`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
/// [`BN_get_rfc3526_prime_2048`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_2048.html
pub fn get_rfc3526_prime_2048() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_2048(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 3072`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 15.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_3072`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
/// [`BN_get_rfc3526_prime_3072`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_3072.html
pub fn get_rfc3526_prime_3072() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_3072(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 4096`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 16.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_4096`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
/// [`BN_get_rfc3526_prime_4096`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_4096.html
pub fn get_rfc3526_prime_4096() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_4096(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 6144`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 17.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_6144`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
/// [`BN_get_rfc3526_prime_6144`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_6144.html
pub fn get_rfc3526_prime_6144() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_6144(ptr::null_mut())).map(BigNum)
}
}
/// Returns a constant used in IKE as defined in [`RFC 3526`]. The prime is in the order
/// of magnitude of `2 ^ 8192`. This number is used during calculated key
/// exchanges such as Diffie-Hellman. This number is labeled MODP group 18.
///
/// OpenSSL documentation at [`BN_get_rfc3526_prime_8192`]
///
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
/// [`BN_get_rfc3526_prime_8192`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_get_rfc3526_prime_8192.html
pub fn get_rfc3526_prime_8192() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
cvt_p(BN_get_rfc3526_prime_8192(ptr::null_mut())).map(BigNum)
}
}
/// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length. /// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length.
/// ///
/// OpenSSL documentation at [`BN_bin2bn`] /// OpenSSL documentation at [`BN_bin2bn`]
@ -1113,7 +968,7 @@ impl BigNum {
assert!(n.len() <= c_int::max_value() as usize); assert!(n.len() <= c_int::max_value() as usize);
cvt_p(ffi::BN_bin2bn( cvt_p(ffi::BN_bin2bn(
n.as_ptr(), n.as_ptr(),
n.len() as c_int, n.len() as size_t,
ptr::null_mut(), ptr::null_mut(),
)) ))
.map(|p| BigNum::from_ptr(p)) .map(|p| BigNum::from_ptr(p))

285
openssl/src/cms.rs
View File

@ -1,285 +0,0 @@
//! SMIME implementation using CMS
//!
//! CMS (PKCS#7) is an encyption standard. It allows signing and ecrypting data using
//! X.509 certificates. The OpenSSL implementation of CMS is used in email encryption
//! generated from a `Vec` of bytes. This `Vec` follows the smime protocol standards.
//! Data accepted by this module will be smime type `enveloped-data`.
use ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use std::ptr;
use bio::{MemBio, MemBioSlice};
use error::ErrorStack;
use libc::c_uint;
use pkey::{HasPrivate, PKeyRef};
use stack::StackRef;
use symm::Cipher;
use x509::{X509Ref, X509};
use {cvt, cvt_p};
bitflags! {
pub struct CMSOptions : c_uint {
const TEXT = ffi::CMS_TEXT;
const CMS_NOCERTS = ffi::CMS_NOCERTS;
const NO_CONTENT_VERIFY = ffi::CMS_NO_CONTENT_VERIFY;
const NO_ATTR_VERIFY = ffi::CMS_NO_ATTR_VERIFY;
const NOSIGS = ffi::CMS_NOSIGS;
const NOINTERN = ffi::CMS_NOINTERN;
const NO_SIGNER_CERT_VERIFY = ffi::CMS_NO_SIGNER_CERT_VERIFY;
const NOVERIFY = ffi::CMS_NOVERIFY;
const DETACHED = ffi::CMS_DETACHED;
const BINARY = ffi::CMS_BINARY;
const NOATTR = ffi::CMS_NOATTR;
const NOSMIMECAP = ffi::CMS_NOSMIMECAP;
const NOOLDMIMETYPE = ffi::CMS_NOOLDMIMETYPE;
const CRLFEOL = ffi::CMS_CRLFEOL;
const STREAM = ffi::CMS_STREAM;
const NOCRL = ffi::CMS_NOCRL;
const PARTIAL = ffi::CMS_PARTIAL;
const REUSE_DIGEST = ffi::CMS_REUSE_DIGEST;
const USE_KEYID = ffi::CMS_USE_KEYID;
const DEBUG_DECRYPT = ffi::CMS_DEBUG_DECRYPT;
#[cfg(all(not(libressl), not(ossl101)))]
const KEY_PARAM = ffi::CMS_KEY_PARAM;
#[cfg(all(not(libressl), not(ossl101), not(ossl102)))]
const ASCIICRLF = ffi::CMS_ASCIICRLF;
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::CMS_ContentInfo;
fn drop = ffi::CMS_ContentInfo_free;
/// High level CMS wrapper
///
/// CMS supports nesting various types of data, including signatures, certificates,
/// encrypted data, smime messages (encrypted email), and data digest. The ContentInfo
/// content type is the encapsulation of all those content types. [`RFC 5652`] describes
/// CMS and OpenSSL follows this RFC's implmentation.
///
/// [`RFC 5652`]: https://tools.ietf.org/html/rfc5652#page-6
pub struct CmsContentInfo;
/// Reference to [`CMSContentInfo`]
///
/// [`CMSContentInfo`]:struct.CmsContentInfo.html
pub struct CmsContentInfoRef;
}
impl CmsContentInfoRef {
/// Given the sender's private key, `pkey` and the recipient's certificiate, `cert`,
/// decrypt the data in `self`.
///
/// OpenSSL documentation at [`CMS_decrypt`]
///
/// [`CMS_decrypt`]: https://www.openssl.org/docs/man1.1.0/crypto/CMS_decrypt.html
pub fn decrypt<T>(&self, pkey: &PKeyRef<T>, cert: &X509) -> Result<Vec<u8>, ErrorStack>
where
T: HasPrivate,
{
unsafe {
let pkey = pkey.as_ptr();
let cert = cert.as_ptr();
let out = MemBio::new()?;
cvt(ffi::CMS_decrypt(
self.as_ptr(),
pkey,
cert,
ptr::null_mut(),
out.as_ptr(),
0,
))?;
Ok(out.get_buf().to_owned())
}
}
to_der! {
/// Serializes this CmsContentInfo using DER.
///
/// OpenSSL documentation at [`i2d_CMS_ContentInfo`]
///
/// [`i2d_CMS_ContentInfo`]: https://www.openssl.org/docs/man1.0.2/crypto/i2d_CMS_ContentInfo.html
to_der,
ffi::i2d_CMS_ContentInfo
}
to_pem! {
/// Serializes this CmsContentInfo using DER.
///
/// OpenSSL documentation at [`PEM_write_bio_CMS`]
///
/// [`PEM_write_bio_CMS`]: https://www.openssl.org/docs/man1.1.0/man3/PEM_write_bio_CMS.html
to_pem,
ffi::PEM_write_bio_CMS
}
}
impl CmsContentInfo {
/// Parses a smime formatted `vec` of bytes into a `CmsContentInfo`.
///
/// OpenSSL documentation at [`SMIME_read_CMS`]
///
/// [`SMIME_read_CMS`]: https://www.openssl.org/docs/man1.0.2/crypto/SMIME_read_CMS.html
pub fn smime_read_cms(smime: &[u8]) -> Result<CmsContentInfo, ErrorStack> {
unsafe {
let bio = MemBioSlice::new(smime)?;
let cms = cvt_p(ffi::SMIME_read_CMS(bio.as_ptr(), ptr::null_mut()))?;
Ok(CmsContentInfo::from_ptr(cms))
}
}
from_der! {
/// Deserializes a DER-encoded ContentInfo structure.
///
/// This corresponds to [`d2i_CMS_ContentInfo`].
///
/// [`d2i_CMS_ContentInfo`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509.html
from_der,
CmsContentInfo,
ffi::d2i_CMS_ContentInfo
}
from_pem! {
/// Deserializes a PEM-encoded ContentInfo structure.
///
/// This corresponds to [`PEM_read_bio_CMS`].
///
/// [`PEM_read_bio_CMS`]: https://www.openssl.org/docs/man1.1.0/man3/PEM_read_bio_CMS.html
from_pem,
CmsContentInfo,
ffi::PEM_read_bio_CMS
}
/// Given a signing cert `signcert`, private key `pkey`, a certificate stack `certs`,
/// data `data` and flags `flags`, create a CmsContentInfo struct.
///
/// All arguments are optional.
///
/// OpenSSL documentation at [`CMS_sign`]
///
/// [`CMS_sign`]: https://www.openssl.org/docs/manmaster/man3/CMS_sign.html
pub fn sign<T>(
signcert: Option<&X509Ref>,
pkey: Option<&PKeyRef<T>>,
certs: Option<&StackRef<X509>>,
data: Option<&[u8]>,
flags: CMSOptions,
) -> Result<CmsContentInfo, ErrorStack>
where
T: HasPrivate,
{
unsafe {
let signcert = signcert.map_or(ptr::null_mut(), |p| p.as_ptr());
let pkey = pkey.map_or(ptr::null_mut(), |p| p.as_ptr());
let data_bio = match data {
Some(data) => Some(MemBioSlice::new(data)?),
None => None,
};
let data_bio_ptr = data_bio.as_ref().map_or(ptr::null_mut(), |p| p.as_ptr());
let certs = certs.map_or(ptr::null_mut(), |p| p.as_ptr());
let cms = cvt_p(ffi::CMS_sign(
signcert,
pkey,
certs,
data_bio_ptr,
flags.bits(),
))?;
Ok(CmsContentInfo::from_ptr(cms))
}
}
/// Given a certificate stack `certs`, data `data`, cipher `cipher` and flags `flags`,
/// create a CmsContentInfo struct.
///
/// OpenSSL documentation at [`CMS_encrypt`]
///
/// [`CMS_encrypt`]: https://www.openssl.org/docs/manmaster/man3/CMS_encrypt.html
pub fn encrypt(
certs: &StackRef<X509>,
data: &[u8],
cipher: Cipher,
flags: CMSOptions,
) -> Result<CmsContentInfo, ErrorStack> {
unsafe {
let data_bio = MemBioSlice::new(data)?;
let cms = cvt_p(ffi::CMS_encrypt(
certs.as_ptr(),
data_bio.as_ptr(),
cipher.as_ptr(),
flags.bits(),
))?;
Ok(CmsContentInfo::from_ptr(cms))
}
}
}
#[cfg(test)]
mod test {
use super::*;
use pkcs12::Pkcs12;
use stack::Stack;
use x509::X509;
#[test]
fn cms_encrypt_decrypt() {
// load cert with public key only
let pub_cert_bytes = include_bytes!("../test/cms_pubkey.der");
let pub_cert = X509::from_der(pub_cert_bytes).expect("failed to load pub cert");
// load cert with private key
let priv_cert_bytes = include_bytes!("../test/cms.p12");
let priv_cert = Pkcs12::from_der(priv_cert_bytes).expect("failed to load priv cert");
let priv_cert = priv_cert
.parse("mypass")
.expect("failed to parse priv cert");
// encrypt cms message using public key cert
let input = String::from("My Message");
let mut cert_stack = Stack::new().expect("failed to create stack");
cert_stack
.push(pub_cert)
.expect("failed to add pub cert to stack");
let encrypt = CmsContentInfo::encrypt(
&cert_stack,
&input.as_bytes(),
Cipher::des_ede3_cbc(),
CMSOptions::empty(),
)
.expect("failed create encrypted cms");
// decrypt cms message using private key cert (DER)
{
let encrypted_der = encrypt.to_der().expect("failed to create der from cms");
let decrypt =
CmsContentInfo::from_der(&encrypted_der).expect("failed read cms from der");
let decrypt = decrypt
.decrypt(&priv_cert.pkey, &priv_cert.cert)
.expect("failed to decrypt cms");
let decrypt =
String::from_utf8(decrypt).expect("failed to create string from cms content");
assert_eq!(input, decrypt);
}
// decrypt cms message using private key cert (PEM)
{
let encrypted_pem = encrypt.to_pem().expect("failed to create pem from cms");
let decrypt =
CmsContentInfo::from_pem(&encrypted_pem).expect("failed read cms from pem");
let decrypt = decrypt
.decrypt(&priv_cert.pkey, &priv_cert.cert)
.expect("failed to decrypt cms");
let decrypt =
String::from_utf8(decrypt).expect("failed to create string from cms content");
assert_eq!(input, decrypt);
}
}
}

17
openssl/src/conf.rs
View File

@ -1,33 +1,24 @@
//! Interface for processing OpenSSL configuration files. //! Interface for processing OpenSSL configuration files.
use ffi; use ffi;
use libc::c_void;
use cvt_p; use cvt_p;
use error::ErrorStack; use error::ErrorStack;
pub struct ConfMethod(*mut ffi::CONF_METHOD); pub struct ConfMethod(*mut c_void);
impl ConfMethod { impl ConfMethod {
/// Retrieve handle to the default OpenSSL configuration file processing function.
pub fn default() -> ConfMethod {
unsafe {
ffi::init();
// `NCONF` stands for "New Conf", as described in crypto/conf/conf_lib.c. This is
// a newer API than the "CONF classic" functions.
ConfMethod(ffi::NCONF_default())
}
}
/// Construct from raw pointer. /// Construct from raw pointer.
/// ///
/// # Safety /// # Safety
/// ///
/// The caller must ensure that the pointer is valid. /// The caller must ensure that the pointer is valid.
pub unsafe fn from_ptr(ptr: *mut ffi::CONF_METHOD) -> ConfMethod { pub unsafe fn from_ptr(ptr: *mut c_void) -> ConfMethod {
ConfMethod(ptr) ConfMethod(ptr)
} }
/// Convert to raw pointer. /// Convert to raw pointer.
pub fn as_ptr(&self) -> *mut ffi::CONF_METHOD { pub fn as_ptr(&self) -> *mut c_void {
self.0 self.0
} }
} }

30
openssl/src/dh.rs
View File

@ -75,34 +75,8 @@ impl Dh<Params> {
/// [`d2i_DHparams`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_DHparams.html /// [`d2i_DHparams`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_DHparams.html
params_from_der, params_from_der,
Dh<Params>, Dh<Params>,
ffi::d2i_DHparams ffi::d2i_DHparams,
} ::libc::c_long
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::DH_get_1024_160()).map(|p| Dh::from_ptr(p))
}
}
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::DH_get_2048_224()).map(|p| Dh::from_ptr(p))
}
}
/// Requires OpenSSL 1.0.2 or newer.
#[cfg(any(ossl102, ossl110))]
pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::DH_get_2048_256()).map(|p| Dh::from_ptr(p))
}
} }
} }

7
openssl/src/dsa.rs
View File

@ -7,7 +7,7 @@
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int; use libc::{c_int, c_uint};
use std::fmt; use std::fmt;
use std::mem; use std::mem;
use std::ptr; use std::ptr;
@ -203,7 +203,7 @@ impl Dsa<Private> {
let dsa = Dsa::from_ptr(cvt_p(ffi::DSA_new())?); let dsa = Dsa::from_ptr(cvt_p(ffi::DSA_new())?);
cvt(ffi::DSA_generate_parameters_ex( cvt(ffi::DSA_generate_parameters_ex(
dsa.0, dsa.0,
bits as c_int, bits as c_uint,
ptr::null(), ptr::null(),
0, 0,
ptr::null_mut(), ptr::null_mut(),
@ -261,7 +261,8 @@ impl Dsa<Public> {
/// [`d2i_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_DSA_PUBKEY.html /// [`d2i_DSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_DSA_PUBKEY.html
public_key_from_der, public_key_from_der,
Dsa<Public>, Dsa<Public>,
ffi::d2i_DSA_PUBKEY ffi::d2i_DSA_PUBKEY,
::libc::c_long
} }
/// Create a new DSA key with only public components. /// Create a new DSA key with only public components.

62
openssl/src/ec.rs
View File

@ -153,36 +153,6 @@ impl EcGroupRef {
} }
} }
/// Places the components of a curve over a binary field in the provided `BigNum`s.
/// The components make up the formula `y^2 + xy = x^3 + ax^2 + b`.
///
/// In this form `p` relates to the irreducible polynomial. Each bit represents
/// a term in the polynomial. It will be set to 3 `1`s or 5 `1`s depending on
/// using a trinomial or pentanomial.
///
/// OpenSSL documentation at [`EC_GROUP_get_curve_GF2m`].
///
/// [`EC_GROUP_get_curve_GF2m`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_curve_GF2m.html
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn components_gf2m(
&self,
p: &mut BigNumRef,
a: &mut BigNumRef,
b: &mut BigNumRef,
ctx: &mut BigNumContextRef,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EC_GROUP_get_curve_GF2m(
self.as_ptr(),
p.as_ptr(),
a.as_ptr(),
b.as_ptr(),
ctx.as_ptr(),
))
.map(|_| ())
}
}
/// Places the cofactor of the group in the provided `BigNum`. /// Places the cofactor of the group in the provided `BigNum`.
/// ///
/// OpenSSL documentation at [`EC_GROUP_get_cofactor`] /// OpenSSL documentation at [`EC_GROUP_get_cofactor`]
@ -501,32 +471,6 @@ impl EcPointRef {
.map(|_| ()) .map(|_| ())
} }
} }
/// Place affine coordinates of a curve over a binary field in the provided
/// `x` and `y` `BigNum`s
///
/// OpenSSL documentation at [`EC_POINT_get_affine_coordinates_GF2m`]
///
/// [`EC_POINT_get_affine_coordinates_GF2m`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_get_affine_coordinates_GF2m.html
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
pub fn affine_coordinates_gf2m(
&self,
group: &EcGroupRef,
x: &mut BigNumRef,
y: &mut BigNumRef,
ctx: &mut BigNumContextRef,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::EC_POINT_get_affine_coordinates_GF2m(
group.as_ptr(),
self.as_ptr(),
x.as_ptr(),
y.as_ptr(),
ctx.as_ptr(),
))
.map(|_| ())
}
}
} }
impl EcPoint { impl EcPoint {
@ -822,7 +766,8 @@ impl EcKey<Public> {
/// [`d2i_EC_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_EC_PUBKEY.html /// [`d2i_EC_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_EC_PUBKEY.html
public_key_from_der, public_key_from_der,
EcKey<Public>, EcKey<Public>,
ffi::d2i_EC_PUBKEY ffi::d2i_EC_PUBKEY,
::libc::c_long
} }
} }
@ -903,7 +848,8 @@ impl EcKey<Private> {
/// [`d2i_ECPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_ECPrivate_key.html /// [`d2i_ECPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_ECPrivate_key.html
private_key_from_der, private_key_from_der,
EcKey<Private>, EcKey<Private>,
ffi::d2i_ECPrivateKey ffi::d2i_ECPrivateKey,
::libc::c_long
} }
} }

9
openssl/src/ecdsa.rs
View File

@ -2,7 +2,7 @@
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int; use libc::{c_int, size_t};
use std::mem; use std::mem;
use std::ptr; use std::ptr;
@ -42,7 +42,7 @@ impl EcdsaSig {
assert!(data.len() <= c_int::max_value() as usize); assert!(data.len() <= c_int::max_value() as usize);
let sig = cvt_p(ffi::ECDSA_do_sign( let sig = cvt_p(ffi::ECDSA_do_sign(
data.as_ptr(), data.as_ptr(),
data.len() as c_int, data.len() as size_t,
eckey.as_ptr(), eckey.as_ptr(),
))?; ))?;
Ok(EcdsaSig::from_ptr(sig as *mut _)) Ok(EcdsaSig::from_ptr(sig as *mut _))
@ -72,7 +72,8 @@ impl EcdsaSig {
/// [`d2i_ECDSA_SIG`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_ECDSA_SIG.html /// [`d2i_ECDSA_SIG`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_ECDSA_SIG.html
from_der, from_der,
EcdsaSig, EcdsaSig,
ffi::d2i_ECDSA_SIG ffi::d2i_ECDSA_SIG,
::libc::c_long
} }
} }
@ -100,7 +101,7 @@ impl EcdsaSigRef {
assert!(data.len() <= c_int::max_value() as usize); assert!(data.len() <= c_int::max_value() as usize);
cvt_n(ffi::ECDSA_do_verify( cvt_n(ffi::ECDSA_do_verify(
data.as_ptr(), data.as_ptr(),
data.len() as c_int, data.len() as size_t,
self.as_ptr(), self.as_ptr(),
eckey.as_ptr(), eckey.as_ptr(),
)) ))

288
openssl/src/envelope.rs
View File

@ -1,288 +0,0 @@
//! Envelope encryption.
//!
//! # Example
//!
//! ```rust
//!
//! extern crate openssl;
//!
//! use openssl::rsa::Rsa;
//! use openssl::envelope::Seal;
//! use openssl::pkey::PKey;
//! use openssl::symm::Cipher;
//!
//! fn main() {
//! let rsa = Rsa::generate(2048).unwrap();
//! let key = PKey::from_rsa(rsa).unwrap();
//!
//! let cipher = Cipher::aes_256_cbc();
//! let mut seal = Seal::new(cipher, &[key]).unwrap();
//!
//! let secret = b"My secret message";
//! let mut encrypted = vec![0; secret.len() + cipher.block_size()];
//!
//! let mut enc_len = seal.update(secret, &mut encrypted).unwrap();
//! enc_len += seal.finalize(&mut encrypted[enc_len..]).unwrap();
//! encrypted.truncate(enc_len);
//! }
//! ```
use error::ErrorStack;
use ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int;
use pkey::{HasPrivate, HasPublic, PKey, PKeyRef};
use std::cmp;
use std::ptr;
use symm::Cipher;
use {cvt, cvt_p};
/// Represents an EVP_Seal context.
pub struct Seal {
ctx: *mut ffi::EVP_CIPHER_CTX,
block_size: usize,
iv: Option<Vec<u8>>,
enc_keys: Vec<Vec<u8>>,
}
impl Seal {
/// Creates a new `Seal`.
pub fn new<T>(cipher: Cipher, pub_keys: &[PKey<T>]) -> Result<Seal, ErrorStack>
where
T: HasPublic,
{
unsafe {
assert!(pub_keys.len() <= c_int::max_value() as usize);
let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?;
let mut enc_key_ptrs = vec![];
let mut pub_key_ptrs = vec![];
let mut enc_keys = vec![];
for key in pub_keys {
let mut enc_key = vec![0; key.size()];
let enc_key_ptr = enc_key.as_mut_ptr();
enc_keys.push(enc_key);
enc_key_ptrs.push(enc_key_ptr);
pub_key_ptrs.push(key.as_ptr());
}
let mut iv = cipher.iv_len().map(|len| vec![0; len]);
let iv_ptr = iv.as_mut().map_or(ptr::null_mut(), |v| v.as_mut_ptr());
let mut enc_key_lens = vec![0; enc_keys.len()];
cvt(ffi::EVP_SealInit(
ctx,
cipher.as_ptr(),
enc_key_ptrs.as_mut_ptr(),
enc_key_lens.as_mut_ptr(),
iv_ptr,
pub_key_ptrs.as_mut_ptr(),
pub_key_ptrs.len() as c_int,
))?;
for (buf, len) in enc_keys.iter_mut().zip(&enc_key_lens) {
buf.truncate(*len as usize);
}
Ok(Seal {
ctx,
block_size: cipher.block_size(),
iv,
enc_keys,
})
}
}
/// Returns the initialization vector, if the cipher uses one.
#[allow(clippy::option_as_ref_deref)]
pub fn iv(&self) -> Option<&[u8]> {
self.iv.as_ref().map(|v| &**v)
}
/// Returns the encrypted keys.
pub fn encrypted_keys(&self) -> &[Vec<u8>] {
&self.enc_keys
}
/// Feeds data from `input` through the cipher, writing encrypted bytes into `output`.
///
/// The number of bytes written to `output` is returned. Note that this may
/// not be equal to the length of `input`.
///
/// # Panics
///
/// Panics if `output.len() < input.len() + block_size` where `block_size` is
/// the block size of the cipher (see `Cipher::block_size`), or if
/// `output.len() > c_int::max_value()`.
pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result<usize, ErrorStack> {
unsafe {
assert!(output.len() >= input.len() + self.block_size);
assert!(output.len() <= c_int::max_value() as usize);
let mut outl = output.len() as c_int;
let inl = input.len() as c_int;
cvt(ffi::EVP_EncryptUpdate(
self.ctx,
output.as_mut_ptr(),
&mut outl,
input.as_ptr(),
inl,
))?;
Ok(outl as usize)
}
}
/// Finishes the encryption process, writing any remaining data to `output`.
///
/// The number of bytes written to `output` is returned.
///
/// `update` should not be called after this method.
///
/// # Panics
///
/// Panics if `output` is less than the cipher's block size.
pub fn finalize(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack> {
unsafe {
assert!(output.len() >= self.block_size);
let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int;
cvt(ffi::EVP_SealFinal(self.ctx, output.as_mut_ptr(), &mut outl))?;
Ok(outl as usize)
}
}
}
impl Drop for Seal {
fn drop(&mut self) {
unsafe {
ffi::EVP_CIPHER_CTX_free(self.ctx);
}
}
}
/// Represents an EVP_Open context.
pub struct Open {
ctx: *mut ffi::EVP_CIPHER_CTX,
block_size: usize,
}
impl Open {
/// Creates a new `Open`.
pub fn new<T>(
cipher: Cipher,
priv_key: &PKeyRef<T>,
iv: Option<&[u8]>,
encrypted_key: &[u8],
) -> Result<Open, ErrorStack>
where
T: HasPrivate,
{
unsafe {
assert!(encrypted_key.len() <= c_int::max_value() as usize);
match (cipher.iv_len(), iv) {
(Some(len), Some(iv)) => assert_eq!(len, iv.len(), "IV length mismatch"),
(None, None) => {}
(Some(_), None) => panic!("an IV was required but not provided"),
(None, Some(_)) => panic!("an IV was provided but not required"),
}
let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?;
cvt(ffi::EVP_OpenInit(
ctx,
cipher.as_ptr(),
encrypted_key.as_ptr(),
encrypted_key.len() as c_int,
iv.map_or(ptr::null(), |v| v.as_ptr()),
priv_key.as_ptr(),
))?;
Ok(Open {
ctx,
block_size: cipher.block_size(),
})
}
}
/// Feeds data from `input` through the cipher, writing decrypted bytes into `output`.
///
/// The number of bytes written to `output` is returned. Note that this may
/// not be equal to the length of `input`.
///
/// # Panics
///
/// Panics if `output.len() < input.len() + block_size` where
/// `block_size` is the block size of the cipher (see `Cipher::block_size`),
/// or if `output.len() > c_int::max_value()`.
pub fn update(&mut self, input: &[u8], output: &mut [u8]) -> Result<usize, ErrorStack> {
unsafe {
assert!(output.len() >= input.len() + self.block_size);
assert!(output.len() <= c_int::max_value() as usize);
let mut outl = output.len() as c_int;
let inl = input.len() as c_int;
cvt(ffi::EVP_DecryptUpdate(
self.ctx,
output.as_mut_ptr(),
&mut outl,
input.as_ptr(),
inl,
))?;
Ok(outl as usize)
}
}
/// Finishes the decryption process, writing any remaining data to `output`.
///
/// The number of bytes written to `output` is returned.
///
/// `update` should not be called after this method.
///
/// # Panics
///
/// Panics if `output` is less than the cipher's block size.
pub fn finalize(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack> {
unsafe {
assert!(output.len() >= self.block_size);
let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int;
cvt(ffi::EVP_OpenFinal(self.ctx, output.as_mut_ptr(), &mut outl))?;
Ok(outl as usize)
}
}
}
impl Drop for Open {
fn drop(&mut self) {
unsafe {
ffi::EVP_CIPHER_CTX_free(self.ctx);
}
}
}
#[cfg(test)]
mod test {
use super::*;
use pkey::PKey;
use symm::Cipher;
#[test]
fn public_encrypt_private_decrypt() {
let private_pem = include_bytes!("../test/rsa.pem");
let public_pem = include_bytes!("../test/rsa.pem.pub");
let private_key = PKey::private_key_from_pem(private_pem).unwrap();
let public_key = PKey::public_key_from_pem(public_pem).unwrap();
let cipher = Cipher::aes_256_cbc();
let secret = b"My secret message";
let mut seal = Seal::new(cipher, &[public_key]).unwrap();
let mut encrypted = vec![0; secret.len() + cipher.block_size()];
let mut enc_len = seal.update(secret, &mut encrypted).unwrap();
enc_len += seal.finalize(&mut encrypted[enc_len..]).unwrap();
let iv = seal.iv();
let encrypted_key = &seal.encrypted_keys()[0];
let mut open = Open::new(cipher, &private_key, iv, &encrypted_key).unwrap();
let mut decrypted = vec![0; enc_len + cipher.block_size()];
let mut dec_len = open.update(&encrypted[..enc_len], &mut decrypted).unwrap();
dec_len += open.finalize(&mut decrypted[dec_len..]).unwrap();
assert_eq!(&secret[..], &decrypted[..dec_len]);
}
}

34
openssl/src/error.rs
View File

@ -15,7 +15,7 @@
//! Err(e) => println!("Parsing Error: {:?}", e), //! Err(e) => println!("Parsing Error: {:?}", e),
//! } //! }
//! ``` //! ```
use libc::{c_char, c_int, c_ulong}; use libc::{c_char, c_uint, c_ulong};
use std::borrow::Cow; use std::borrow::Cow;
use std::error; use std::error;
use std::ffi::CStr; use std::ffi::CStr;
@ -92,9 +92,9 @@ impl From<ErrorStack> for fmt::Error {
/// An error reported from OpenSSL. /// An error reported from OpenSSL.
#[derive(Clone)] #[derive(Clone)]
pub struct Error { pub struct Error {
code: c_ulong, code: c_uint,
file: *const c_char, file: *const c_char,
line: c_int, line: c_uint,
data: Option<Cow<'static, str>>, data: Option<Cow<'static, str>>,
} }
@ -116,14 +116,10 @@ impl Error {
code => { code => {
// The memory referenced by data is only valid until that slot is overwritten // The memory referenced by data is only valid until that slot is overwritten
// in the error stack, so we'll need to copy it off if it's dynamic // in the error stack, so we'll need to copy it off if it's dynamic
let data = if flags & ffi::ERR_TXT_STRING != 0 { let data = if flags & ffi::ERR_FLAG_STRING != 0 {
let bytes = CStr::from_ptr(data as *const _).to_bytes(); let bytes = CStr::from_ptr(data as *const _).to_bytes();
let data = str::from_utf8(bytes).unwrap(); let data = str::from_utf8(bytes).unwrap();
let data = if flags & ffi::ERR_TXT_MALLOCED != 0 { let data = Cow::Owned(data.to_string());
Cow::Owned(data.to_string())
} else {
Cow::Borrowed(data)
};
Some(data) Some(data)
} else { } else {
None None
@ -131,7 +127,7 @@ impl Error {
Some(Error { Some(Error {
code, code,
file, file,
line, line: line as c_uint,
data, data,
}) })
} }
@ -149,32 +145,28 @@ impl Error {
self.file, self.file,
self.line, self.line,
); );
let data = match self.data { let ptr = match self.data {
Some(Cow::Borrowed(data)) => Some((data.as_ptr() as *mut c_char, 0)), Some(Cow::Borrowed(data)) => Some(data.as_ptr() as *mut c_char),
Some(Cow::Owned(ref data)) => { Some(Cow::Owned(ref data)) => {
let ptr = ffi::CRYPTO_malloc( let ptr = ffi::OPENSSL_malloc((data.len() + 1) as _) as *mut c_char;
(data.len() + 1) as _,
concat!(file!(), "\0").as_ptr() as _,
line!() as _,
) as *mut c_char;
if ptr.is_null() { if ptr.is_null() {
None None
} else { } else {
ptr::copy_nonoverlapping(data.as_ptr(), ptr as *mut u8, data.len()); ptr::copy_nonoverlapping(data.as_ptr(), ptr as *mut u8, data.len());
*ptr.add(data.len()) = 0; *ptr.add(data.len()) = 0;
Some((ptr, ffi::ERR_TXT_MALLOCED)) Some(ptr)
} }
} }
None => None, None => None,
}; };
if let Some((ptr, flags)) = data { if let Some(ptr) = ptr {
ffi::ERR_set_error_data(ptr, flags | ffi::ERR_TXT_STRING); ffi::ERR_add_error_data(1, ptr);
} }
} }
} }
/// Returns the raw OpenSSL error code for this error. /// Returns the raw OpenSSL error code for this error.
pub fn code(&self) -> c_ulong { pub fn code(&self) -> c_uint {
self.code self.code
} }

8
openssl/src/hash.rs
View File

@ -46,10 +46,6 @@ impl MessageDigest {
} }
} }
pub fn null() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_md_null()) }
}
pub fn md5() -> MessageDigest { pub fn md5() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_md5()) } unsafe { MessageDigest(ffi::EVP_md5()) }
} }
@ -104,10 +100,6 @@ impl MessageDigest {
unsafe { MessageDigest(ffi::EVP_shake256()) } unsafe { MessageDigest(ffi::EVP_shake256()) }
} }
pub fn ripemd160() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_ripemd160()) }
}
#[allow(clippy::trivially_copy_pass_by_ref)] #[allow(clippy::trivially_copy_pass_by_ref)]
pub fn as_ptr(&self) -> *const ffi::EVP_MD { pub fn as_ptr(&self) -> *const ffi::EVP_MD {
self.0 self.0

14
openssl/src/lib.rs
View File

@ -129,7 +129,7 @@ extern crate tempdir;
#[doc(inline)] #[doc(inline)]
pub use ffi::init; pub use ffi::init;
use libc::c_int; use libc::{c_int, size_t};
use error::ErrorStack; use error::ErrorStack;
@ -143,15 +143,12 @@ pub mod aes;
pub mod asn1; pub mod asn1;
pub mod base64; pub mod base64;
pub mod bn; pub mod bn;
#[cfg(not(libressl))]
pub mod cms;
pub mod conf; pub mod conf;
pub mod derive; pub mod derive;
pub mod dh; pub mod dh;
pub mod dsa; pub mod dsa;
pub mod ec; pub mod ec;
pub mod ecdsa; pub mod ecdsa;
pub mod envelope;
pub mod error; pub mod error;
pub mod ex_data; pub mod ex_data;
#[cfg(not(libressl))] #[cfg(not(libressl))]
@ -159,7 +156,6 @@ pub mod fips;
pub mod hash; pub mod hash;
pub mod memcmp; pub mod memcmp;
pub mod nid; pub mod nid;
pub mod ocsp;
pub mod pkcs12; pub mod pkcs12;
pub mod pkcs5; pub mod pkcs5;
pub mod pkcs7; pub mod pkcs7;
@ -184,6 +180,14 @@ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
} }
} }
fn cvt_0(r: size_t) -> Result<size_t, ErrorStack> {
if r == 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}
fn cvt(r: c_int) -> Result<c_int, ErrorStack> { fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
if r <= 0 { if r <= 0 {
Err(ErrorStack::get()) Err(ErrorStack::get())

4
openssl/src/macros.rs
View File

@ -103,12 +103,12 @@ macro_rules! to_der {
} }
macro_rules! from_der { macro_rules! from_der {
($(#[$m:meta])* $n:ident, $t:ty, $f:path) => { ($(#[$m:meta])* $n:ident, $t:ty, $f:path, $len_ty:ty) => {
$(#[$m])* $(#[$m])*
pub fn $n(der: &[u8]) -> Result<$t, ::error::ErrorStack> { pub fn $n(der: &[u8]) -> Result<$t, ::error::ErrorStack> {
unsafe { unsafe {
::ffi::init(); ::ffi::init();
let len = ::std::cmp::min(der.len(), ::libc::c_long::max_value() as usize) as ::libc::c_long; let len = ::std::cmp::min(der.len(), <$len_ty>::max_value() as usize) as $len_ty;
::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len)) ::cvt_p($f(::std::ptr::null_mut(), &mut der.as_ptr(), len))
.map(|p| ::foreign_types::ForeignType::from_ptr(p)) .map(|p| ::foreign_types::ForeignType::from_ptr(p))
} }

2
openssl/src/nid.rs
View File

@ -105,10 +105,8 @@ impl Nid {
pub const UNDEF: Nid = Nid(ffi::NID_undef); pub const UNDEF: Nid = Nid(ffi::NID_undef);
pub const ITU_T: Nid = Nid(ffi::NID_itu_t); pub const ITU_T: Nid = Nid(ffi::NID_itu_t);
pub const CCITT: Nid = Nid(ffi::NID_ccitt);
pub const ISO: Nid = Nid(ffi::NID_iso); pub const ISO: Nid = Nid(ffi::NID_iso);
pub const JOINT_ISO_ITU_T: Nid = Nid(ffi::NID_joint_iso_itu_t); pub const JOINT_ISO_ITU_T: Nid = Nid(ffi::NID_joint_iso_itu_t);
pub const JOINT_ISO_CCITT: Nid = Nid(ffi::NID_joint_iso_ccitt);
pub const MEMBER_BODY: Nid = Nid(ffi::NID_member_body); pub const MEMBER_BODY: Nid = Nid(ffi::NID_member_body);
pub const IDENTIFIED_ORGANIZATION: Nid = Nid(ffi::NID_identified_organization); pub const IDENTIFIED_ORGANIZATION: Nid = Nid(ffi::NID_identified_organization);
pub const HMAC_MD5: Nid = Nid(ffi::NID_hmac_md5); pub const HMAC_MD5: Nid = Nid(ffi::NID_hmac_md5);

355
openssl/src/ocsp.rs
View File

@ -1,355 +0,0 @@
use ffi;
use foreign_types::ForeignTypeRef;
use libc::{c_int, c_long, c_ulong};
use std::mem;
use std::ptr;
use asn1::Asn1GeneralizedTimeRef;
use error::ErrorStack;
use hash::MessageDigest;
use stack::StackRef;
use x509::store::X509StoreRef;
use x509::{X509Ref, X509};
use {cvt, cvt_p};
bitflags! {
pub struct OcspFlag: c_ulong {
const NO_CERTS = ffi::OCSP_NOCERTS;
const NO_INTERN = ffi::OCSP_NOINTERN;
const NO_CHAIN = ffi::OCSP_NOCHAIN;
const NO_VERIFY = ffi::OCSP_NOVERIFY;
const NO_EXPLICIT = ffi::OCSP_NOEXPLICIT;
const NO_CA_SIGN = ffi::OCSP_NOCASIGN;
const NO_DELEGATED = ffi::OCSP_NODELEGATED;
const NO_CHECKS = ffi::OCSP_NOCHECKS;
const TRUST_OTHER = ffi::OCSP_TRUSTOTHER;
const RESPID_KEY = ffi::OCSP_RESPID_KEY;
const NO_TIME = ffi::OCSP_NOTIME;
}
}
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub struct OcspResponseStatus(c_int);
impl OcspResponseStatus {
pub const SUCCESSFUL: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL);
pub const MALFORMED_REQUEST: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST);
pub const INTERNAL_ERROR: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR);
pub const TRY_LATER: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER);
pub const SIG_REQUIRED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED);
pub const UNAUTHORIZED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED);
pub fn from_raw(raw: c_int) -> OcspResponseStatus {
OcspResponseStatus(raw)
}
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn as_raw(&self) -> c_int {
self.0
}
}
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub struct OcspCertStatus(c_int);
impl OcspCertStatus {
pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD);
pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED);
pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN);
pub fn from_raw(raw: c_int) -> OcspCertStatus {
OcspCertStatus(raw)
}
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn as_raw(&self) -> c_int {
self.0
}
}
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub struct OcspRevokedStatus(c_int);
impl OcspRevokedStatus {
pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS);
pub const UNSPECIFIED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED);
pub const KEY_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE);
pub const CA_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE);
pub const AFFILIATION_CHANGED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED);
pub const STATUS_SUPERSEDED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED);
pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION);
pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD);
pub const REMOVE_FROM_CRL: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL);
pub fn from_raw(raw: c_int) -> OcspRevokedStatus {
OcspRevokedStatus(raw)
}
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn as_raw(&self) -> c_int {
self.0
}
}
pub struct OcspStatus<'a> {
/// The overall status of the response.
pub status: OcspCertStatus,
/// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation.
pub reason: OcspRevokedStatus,
/// If `status` is `CERT_STATUS_REVOKED`, the time at which the certificate was revoked.
pub revocation_time: Option<&'a Asn1GeneralizedTimeRef>,
/// The time that this revocation check was performed.
pub this_update: &'a Asn1GeneralizedTimeRef,
/// The time at which this revocation check expires.
pub next_update: &'a Asn1GeneralizedTimeRef,
}
impl<'a> OcspStatus<'a> {
/// Checks validity of the `this_update` and `next_update` fields.
///
/// The `nsec` parameter specifies an amount of slack time that will be used when comparing
/// those times with the current time to account for delays and clock skew.
///
/// The `maxsec` parameter limits the maximum age of the `this_update` parameter to prohibit
/// very old responses.
pub fn check_validity(&self, nsec: u32, maxsec: Option<u32>) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::OCSP_check_validity(
self.this_update.as_ptr(),
self.next_update.as_ptr(),
nsec as c_long,
maxsec.map(|n| n as c_long).unwrap_or(-1),
))
.map(|_| ())
}
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::OCSP_BASICRESP;
fn drop = ffi::OCSP_BASICRESP_free;
pub struct OcspBasicResponse;
pub struct OcspBasicResponseRef;
}
impl OcspBasicResponseRef {
/// Verifies the validity of the response.
///
/// The `certs` parameter contains a set of certificates that will be searched when locating the
/// OCSP response signing certificate. Some responders do not include this in the response.
pub fn verify(
&self,
certs: &StackRef<X509>,
store: &X509StoreRef,
flags: OcspFlag,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::OCSP_basic_verify(
self.as_ptr(),
certs.as_ptr(),
store.as_ptr(),
flags.bits(),
))
.map(|_| ())
}
}
/// Looks up the status for the specified certificate ID.
pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<OcspStatus<'a>> {
unsafe {
let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN;
let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS;
let mut revocation_time = ptr::null_mut();
let mut this_update = ptr::null_mut();
let mut next_update = ptr::null_mut();
let r = ffi::OCSP_resp_find_status(
self.as_ptr(),
id.as_ptr(),
&mut status,
&mut reason,
&mut revocation_time,
&mut this_update,
&mut next_update,
);
if r == 1 {
let revocation_time = if revocation_time.is_null() {
None
} else {
Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time))
};
Some(OcspStatus {
status: OcspCertStatus(status),
reason: OcspRevokedStatus(status),
revocation_time,
this_update: Asn1GeneralizedTimeRef::from_ptr(this_update),
next_update: Asn1GeneralizedTimeRef::from_ptr(next_update),
})
} else {
None
}
}
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::OCSP_CERTID;
fn drop = ffi::OCSP_CERTID_free;
pub struct OcspCertId;
pub struct OcspCertIdRef;
}
impl OcspCertId {
/// Constructs a certificate ID for certificate `subject`.
pub fn from_cert(
digest: MessageDigest,
subject: &X509Ref,
issuer: &X509Ref,
) -> Result<OcspCertId, ErrorStack> {
unsafe {
cvt_p(ffi::OCSP_cert_to_id(
digest.as_ptr(),
subject.as_ptr(),
issuer.as_ptr(),
))
.map(OcspCertId)
}
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::OCSP_RESPONSE;
fn drop = ffi::OCSP_RESPONSE_free;
pub struct OcspResponse;
pub struct OcspResponseRef;
}
impl OcspResponse {
/// Creates an OCSP response from the status and optional body.
///
/// A body should only be provided if `status` is `RESPONSE_STATUS_SUCCESSFUL`.
pub fn create(
status: OcspResponseStatus,
body: Option<&OcspBasicResponseRef>,
) -> Result<OcspResponse, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::OCSP_response_create(
status.as_raw(),
body.map(|r| r.as_ptr()).unwrap_or(ptr::null_mut()),
))
.map(OcspResponse)
}
}
from_der! {
/// Deserializes a DER-encoded OCSP response.
///
/// This corresponds to [`d2i_OCSP_RESPONSE`].
///
/// [`d2i_OCSP_RESPONSE`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_OCSP_RESPONSE.html
from_der,
OcspResponse,
ffi::d2i_OCSP_RESPONSE
}
}
impl OcspResponseRef {
to_der! {
/// Serializes the response to its standard DER encoding.
///
/// This corresponds to [`i2d_OCSP_RESPONSE`].
///
/// [`i2d_OCSP_RESPONSE`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_OCSP_RESPONSE.html
to_der,
ffi::i2d_OCSP_RESPONSE
}
/// Returns the status of the response.
pub fn status(&self) -> OcspResponseStatus {
unsafe { OcspResponseStatus(ffi::OCSP_response_status(self.as_ptr())) }
}
/// Returns the basic response.
///
/// This will only succeed if `status()` returns `RESPONSE_STATUS_SUCCESSFUL`.
pub fn basic(&self) -> Result<OcspBasicResponse, ErrorStack> {
unsafe { cvt_p(ffi::OCSP_response_get1_basic(self.as_ptr())).map(OcspBasicResponse) }
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::OCSP_REQUEST;
fn drop = ffi::OCSP_REQUEST_free;
pub struct OcspRequest;
pub struct OcspRequestRef;
}
impl OcspRequest {
pub fn new() -> Result<OcspRequest, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::OCSP_REQUEST_new()).map(OcspRequest)
}
}
from_der! {
/// Deserializes a DER-encoded OCSP request.
///
/// This corresponds to [`d2i_OCSP_REQUEST`].
///
/// [`d2i_OCSP_REQUEST`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_OCSP_REQUEST.html
from_der,
OcspRequest,
ffi::d2i_OCSP_REQUEST
}
}
impl OcspRequestRef {
to_der! {
/// Serializes the request to its standard DER encoding.
///
/// This corresponds to [`i2d_OCSP_REQUEST`].
///
/// [`i2d_OCSP_REQUEST`]: https://www.openssl.org/docs/man1.1.0/crypto/i2d_OCSP_REQUEST.html
to_der,
ffi::i2d_OCSP_REQUEST
}
pub fn add_id(&mut self, id: OcspCertId) -> Result<&mut OcspOneReqRef, ErrorStack> {
unsafe {
let ptr = cvt_p(ffi::OCSP_request_add0_id(self.as_ptr(), id.as_ptr()))?;
mem::forget(id);
Ok(OcspOneReqRef::from_ptr_mut(ptr))
}
}
}
foreign_type_and_impl_send_sync! {
type CType = ffi::OCSP_ONEREQ;
fn drop = ffi::OCSP_ONEREQ_free;
pub struct OcspOneReq;
pub struct OcspOneReqRef;
}

9
openssl/src/pkcs12.rs
View File

@ -13,6 +13,8 @@ use stack::Stack;
use x509::{X509Ref, X509}; use x509::{X509Ref, X509};
use {cvt, cvt_p}; use {cvt, cvt_p};
pub const PKCS12_DEFAULT_ITER: c_int = 2048;
foreign_type_and_impl_send_sync! { foreign_type_and_impl_send_sync! {
type CType = ffi::PKCS12; type CType = ffi::PKCS12;
fn drop = ffi::PKCS12_free; fn drop = ffi::PKCS12_free;
@ -72,7 +74,8 @@ impl Pkcs12 {
/// [`d2i_PKCS12`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PKCS12.html /// [`d2i_PKCS12`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PKCS12.html
from_der, from_der,
Pkcs12, Pkcs12,
ffi::d2i_PKCS12 ffi::d2i_PKCS12,
::libc::size_t
} }
/// Creates a new builder for a protected pkcs12 certificate. /// Creates a new builder for a protected pkcs12 certificate.
@ -89,8 +92,8 @@ impl Pkcs12 {
Pkcs12Builder { Pkcs12Builder {
nid_key: Nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC, nid_key: Nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC,
nid_cert: Nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC, nid_cert: Nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC,
iter: ffi::PKCS12_DEFAULT_ITER, iter: PKCS12_DEFAULT_ITER,
mac_iter: ffi::PKCS12_DEFAULT_ITER, mac_iter: PKCS12_DEFAULT_ITER,
ca: None, ca: None,
} }
} }

25
openssl/src/pkcs5.rs
View File

@ -1,5 +1,5 @@
use ffi; use ffi;
use libc::c_int; use libc::{c_int, c_uint};
use std::ptr; use std::ptr;
use cvt; use cvt;
@ -29,13 +29,14 @@ pub fn bytes_to_key(
digest: MessageDigest, digest: MessageDigest,
data: &[u8], data: &[u8],
salt: Option<&[u8]>, salt: Option<&[u8]>,
count: i32, count: u32,
) -> Result<KeyIvPair, ErrorStack> { ) -> Result<KeyIvPair, ErrorStack> {
unsafe { unsafe {
assert!(data.len() <= c_int::max_value() as usize); assert!(data.len() <= c_int::max_value() as usize);
let salt_ptr = match salt { let salt_ptr = match salt {
Some(salt) => { Some(salt) => {
assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); pub const PKCS5_SALT_LEN: c_int = 8;
assert_eq!(salt.len(), PKCS5_SALT_LEN as usize);
salt.as_ptr() salt.as_ptr()
} }
None => ptr::null(), None => ptr::null(),
@ -53,8 +54,8 @@ pub fn bytes_to_key(
digest, digest,
salt_ptr, salt_ptr,
ptr::null(), ptr::null(),
data.len() as c_int, data.len(),
count.into(), count,
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut(), ptr::null_mut(),
))?; ))?;
@ -70,8 +71,8 @@ pub fn bytes_to_key(
digest, digest,
salt_ptr, salt_ptr,
data.as_ptr(), data.as_ptr(),
data.len() as c_int, data.len(),
count as c_int, count,
key.as_mut_ptr(), key.as_mut_ptr(),
iv_ptr, iv_ptr,
))?; ))?;
@ -96,12 +97,12 @@ pub fn pbkdf2_hmac(
ffi::init(); ffi::init();
cvt(ffi::PKCS5_PBKDF2_HMAC( cvt(ffi::PKCS5_PBKDF2_HMAC(
pass.as_ptr() as *const _, pass.as_ptr() as *const _,
pass.len() as c_int, pass.len(),
salt.as_ptr(), salt.as_ptr(),
salt.len() as c_int, salt.len(),
iter as c_int, iter as c_uint,
hash.as_ptr(), hash.as_ptr(),
key.len() as c_int, key.len(),
key.as_mut_ptr(), key.as_mut_ptr(),
)) ))
.map(|_| ()) .map(|_| ())
@ -118,7 +119,7 @@ pub fn scrypt(
n: u64, n: u64,
r: u64, r: u64,
p: u64, p: u64,
maxmem: u64, maxmem: usize,
key: &mut [u8], key: &mut [u8],
) -> Result<(), ErrorStack> { ) -> Result<(), ErrorStack> {
unsafe { unsafe {

160
openssl/src/pkcs7.rs
View File

@ -36,12 +36,7 @@ bitflags! {
const BINARY = ffi::PKCS7_BINARY; const BINARY = ffi::PKCS7_BINARY;
const NOATTR = ffi::PKCS7_NOATTR; const NOATTR = ffi::PKCS7_NOATTR;
const NOSMIMECAP = ffi::PKCS7_NOSMIMECAP; const NOSMIMECAP = ffi::PKCS7_NOSMIMECAP;
const NOOLDMIMETYPE = ffi::PKCS7_NOOLDMIMETYPE;
const CRLFEOL = ffi::PKCS7_CRLFEOL;
const STREAM = ffi::PKCS7_STREAM; const STREAM = ffi::PKCS7_STREAM;
const NOCRL = ffi::PKCS7_NOCRL;
const PARTIAL = ffi::PKCS7_PARTIAL;
const REUSE_DIGEST = ffi::PKCS7_REUSE_DIGEST;
#[cfg(not(any(ossl101, ossl102, libressl)))] #[cfg(not(any(ossl101, ossl102, libressl)))]
const NO_DUAL_CONTENT = ffi::PKCS7_NO_DUAL_CONTENT; const NO_DUAL_CONTENT = ffi::PKCS7_NO_DUAL_CONTENT;
} }
@ -69,61 +64,8 @@ impl Pkcs7 {
/// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html /// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html
from_der, from_der,
Pkcs7, Pkcs7,
ffi::d2i_PKCS7 ffi::d2i_PKCS7,
} ::libc::size_t
/// Parses a message in S/MIME format.
///
/// Returns the loaded signature, along with the cleartext message (if
/// available).
///
/// This corresponds to [`SMIME_read_PKCS7`].
///
/// [`SMIME_read_PKCS7`]: https://www.openssl.org/docs/man1.1.0/crypto/SMIME_read_PKCS7.html
pub fn from_smime(input: &[u8]) -> Result<(Pkcs7, Option<Vec<u8>>), ErrorStack> {
ffi::init();
let input_bio = MemBioSlice::new(input)?;
let mut bcont_bio = ptr::null_mut();
unsafe {
let pkcs7 =
cvt_p(ffi::SMIME_read_PKCS7(input_bio.as_ptr(), &mut bcont_bio)).map(Pkcs7)?;
let out = if !bcont_bio.is_null() {
let bcont_bio = MemBio::from_ptr(bcont_bio);
Some(bcont_bio.get_buf().to_vec())
} else {
None
};
Ok((pkcs7, out))
}
}
/// Creates and returns a PKCS#7 `envelopedData` structure.
///
/// `certs` is a list of recipient certificates. `input` is the content to be
/// encrypted. `cipher` is the symmetric cipher to use. `flags` is an optional
/// set of flags.
///
/// This corresponds to [`PKCS7_encrypt`].
///
/// [`PKCS7_encrypt`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_encrypt.html
pub fn encrypt(
certs: &StackRef<X509>,
input: &[u8],
cipher: Cipher,
flags: Pkcs7Flags,
) -> Result<Pkcs7, ErrorStack> {
let input_bio = MemBioSlice::new(input)?;
unsafe {
cvt_p(ffi::PKCS7_encrypt(
certs.as_ptr(),
input_bio.as_ptr(),
cipher.as_ptr(),
flags.bits,
))
.map(Pkcs7)
}
} }
/// Creates and returns a PKCS#7 `signedData` structure. /// Creates and returns a PKCS#7 `signedData` structure.
@ -161,25 +103,6 @@ impl Pkcs7 {
} }
impl Pkcs7Ref { impl Pkcs7Ref {
/// Converts PKCS#7 structure to S/MIME format
///
/// This corresponds to [`SMIME_write_PKCS7`].
///
/// [`SMIME_write_PKCS7`]: https://www.openssl.org/docs/man1.1.0/crypto/SMIME_write_PKCS7.html
pub fn to_smime(&self, input: &[u8], flags: Pkcs7Flags) -> Result<Vec<u8>, ErrorStack> {
let input_bio = MemBioSlice::new(input)?;
let output = MemBio::new()?;
unsafe {
cvt(ffi::SMIME_write_PKCS7(
output.as_ptr(),
self.as_ptr(),
input_bio.as_ptr(),
flags.bits,
))
.map(|_| output.get_buf().to_owned())
}
}
to_pem! { to_pem! {
/// Serializes the data into a PEM-encoded PKCS#7 structure. /// Serializes the data into a PEM-encoded PKCS#7 structure.
/// ///
@ -201,85 +124,6 @@ impl Pkcs7Ref {
to_der, to_der,
ffi::i2d_PKCS7 ffi::i2d_PKCS7
} }
/// Decrypts data using the provided private key.
///
/// `pkey` is the recipient's private key, and `cert` is the recipient's
/// certificate.
///
/// Returns the decrypted message.
///
/// This corresponds to [`PKCS7_decrypt`].
///
/// [`PKCS7_decrypt`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_decrypt.html
pub fn decrypt<PT>(
&self,
pkey: &PKeyRef<PT>,
cert: &X509Ref,
flags: Pkcs7Flags,
) -> Result<Vec<u8>, ErrorStack>
where
PT: HasPrivate,
{
let output = MemBio::new()?;
unsafe {
cvt(ffi::PKCS7_decrypt(
self.as_ptr(),
pkey.as_ptr(),
cert.as_ptr(),
output.as_ptr(),
flags.bits,
))
.map(|_| output.get_buf().to_owned())
}
}
/// Verifies the PKCS#7 `signedData` structure contained by `&self`.
///
/// `certs` is a set of certificates in which to search for the signer's
/// certificate. `store` is a trusted certificate store (used for chain
/// verification). `indata` is the signed data if the content is not present
/// in `&self`. The content is written to `out` if it is not `None`.
///
/// This corresponds to [`PKCS7_verify`].
///
/// [`PKCS7_verify`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_verify.html
pub fn verify(
&self,
certs: &StackRef<X509>,
store: &X509StoreRef,
indata: Option<&[u8]>,
out: Option<&mut Vec<u8>>,
flags: Pkcs7Flags,
) -> Result<(), ErrorStack> {
let out_bio = MemBio::new()?;
let indata_bio = match indata {
Some(data) => Some(MemBioSlice::new(data)?),
None => None,
};
let indata_bio_ptr = indata_bio.as_ref().map_or(ptr::null_mut(), |p| p.as_ptr());
unsafe {
cvt(ffi::PKCS7_verify(
self.as_ptr(),
certs.as_ptr(),
store.as_ptr(),
indata_bio_ptr,
out_bio.as_ptr(),
flags.bits,
))
.map(|_| ())?
}
if let Some(data) = out {
data.clear();
data.extend_from_slice(out_bio.get_buf());
}
Ok(())
}
} }
#[cfg(test)] #[cfg(test)]

89
openssl/src/pkey.rs
View File

@ -79,7 +79,6 @@ pub struct Id(c_int);
impl Id { impl Id {
pub const RSA: Id = Id(ffi::EVP_PKEY_RSA); pub const RSA: Id = Id(ffi::EVP_PKEY_RSA);
pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC);
pub const DSA: Id = Id(ffi::EVP_PKEY_DSA); pub const DSA: Id = Id(ffi::EVP_PKEY_DSA);
pub const DH: Id = Id(ffi::EVP_PKEY_DH); pub const DH: Id = Id(ffi::EVP_PKEY_DH);
pub const EC: Id = Id(ffi::EVP_PKEY_EC); pub const EC: Id = Id(ffi::EVP_PKEY_EC);
@ -295,7 +294,6 @@ impl<T> fmt::Debug for PKey<T> {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
let alg = match self.id() { let alg = match self.id() {
Id::RSA => "RSA", Id::RSA => "RSA",
Id::HMAC => "HMAC",
Id::DSA => "DSA", Id::DSA => "DSA",
Id::DH => "DH", Id::DH => "DH",
Id::EC => "EC", Id::EC => "EC",
@ -395,87 +393,6 @@ impl<T> PKey<T> {
} }
impl PKey<Private> { impl PKey<Private> {
/// Creates a new `PKey` containing an HMAC key.
///
/// # Note
///
/// To compute HMAC values, use the `sign` module.
pub fn hmac(key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize);
let key = cvt_p(ffi::EVP_PKEY_new_mac_key(
ffi::EVP_PKEY_HMAC,
ptr::null_mut(),
key.as_ptr() as *const _,
key.len() as c_int,
))?;
Ok(PKey::from_ptr(key))
}
}
/// Creates a new `PKey` containing a CMAC key.
///
/// Requires OpenSSL 1.1.0 or newer.
///
/// # Note
///
/// To compute CMAC values, use the `sign` module.
#[cfg(ossl110)]
#[allow(clippy::trivially_copy_pass_by_ref)]
pub fn cmac(cipher: &Cipher, key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
unsafe {
assert!(key.len() <= c_int::max_value() as usize);
let kctx = cvt_p(ffi::EVP_PKEY_CTX_new_id(
ffi::EVP_PKEY_CMAC,
ptr::null_mut(),
))?;
let ret = (|| {
cvt(ffi::EVP_PKEY_keygen_init(kctx))?;
// Set cipher for cmac
cvt(ffi::EVP_PKEY_CTX_ctrl(
kctx,
-1,
ffi::EVP_PKEY_OP_KEYGEN,
ffi::EVP_PKEY_CTRL_CIPHER,
0,
cipher.as_ptr() as *mut _,
))?;
// Set the key data
cvt(ffi::EVP_PKEY_CTX_ctrl(
kctx,
-1,
ffi::EVP_PKEY_OP_KEYGEN,
ffi::EVP_PKEY_CTRL_SET_MAC_KEY,
key.len() as c_int,
key.as_ptr() as *mut _,
))?;
Ok(())
})();
if let Err(e) = ret {
// Free memory
ffi::EVP_PKEY_CTX_free(kctx);
return Err(e);
}
// Generate key
let mut key = ptr::null_mut();
let ret = cvt(ffi::EVP_PKEY_keygen(kctx, &mut key));
// Free memory
ffi::EVP_PKEY_CTX_free(kctx);
if let Err(e) = ret {
return Err(e);
}
Ok(PKey::from_ptr(key))
}
}
#[cfg(ossl110)] #[cfg(ossl110)]
fn generate_eddsa(nid: c_int) -> Result<PKey<Private>, ErrorStack> { fn generate_eddsa(nid: c_int) -> Result<PKey<Private>, ErrorStack> {
unsafe { unsafe {
@ -561,7 +478,8 @@ impl PKey<Private> {
/// [`d2i_AutoPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_AutoPrivateKey.html /// [`d2i_AutoPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_AutoPrivateKey.html
private_key_from_der, private_key_from_der,
PKey<Private>, PKey<Private>,
ffi::d2i_AutoPrivateKey ffi::d2i_AutoPrivateKey,
::libc::c_long
} }
/// Deserializes a DER-formatted PKCS#8 unencrypted private key. /// Deserializes a DER-formatted PKCS#8 unencrypted private key.
@ -655,7 +573,8 @@ impl PKey<Public> {
/// [`d2i_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PUBKEY.html /// [`d2i_PUBKEY`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_PUBKEY.html
public_key_from_der, public_key_from_der,
PKey<Public>, PKey<Public>,
ffi::d2i_PUBKEY ffi::d2i_PUBKEY,
::libc::c_long
} }
} }

2
openssl/src/rand.rs
View File

@ -36,7 +36,7 @@ pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
ffi::init(); ffi::init();
assert!(buf.len() <= c_int::max_value() as usize); assert!(buf.len() <= c_int::max_value() as usize);
cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ()) cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len())).map(|_| ())
} }
} }

33
openssl/src/rsa.rs
View File

@ -40,6 +40,22 @@ use error::ErrorStack;
use pkey::{HasPrivate, HasPublic, Private, Public}; use pkey::{HasPrivate, HasPublic, Private, Public};
use {cvt, cvt_n, cvt_p}; use {cvt, cvt_n, cvt_p};
pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3;
pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4;
pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5;
pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6;
pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
| EVP_PKEY_OP_VERIFY
| EVP_PKEY_OP_VERIFYRECOVER
| EVP_PKEY_OP_SIGNCTX
| EVP_PKEY_OP_VERIFYCTX;
pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
/// Type of encryption padding to use. /// Type of encryption padding to use.
/// ///
/// Random length padding is primarily used to prevent attackers from /// Random length padding is primarily used to prevent attackers from
@ -145,7 +161,7 @@ where
unsafe { unsafe {
let len = cvt_n(ffi::RSA_private_decrypt( let len = cvt_n(ffi::RSA_private_decrypt(
from.len() as c_int, from.len(),
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.as_ptr(), self.as_ptr(),
@ -172,7 +188,7 @@ where
unsafe { unsafe {
let len = cvt_n(ffi::RSA_private_encrypt( let len = cvt_n(ffi::RSA_private_encrypt(
from.len() as c_int, from.len(),
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.as_ptr(), self.as_ptr(),
@ -370,7 +386,7 @@ where
unsafe { unsafe {
let len = cvt_n(ffi::RSA_public_decrypt( let len = cvt_n(ffi::RSA_public_decrypt(
from.len() as c_int, from.len(),
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.as_ptr(), self.as_ptr(),
@ -396,7 +412,7 @@ where
unsafe { unsafe {
let len = cvt_n(ffi::RSA_public_encrypt( let len = cvt_n(ffi::RSA_public_encrypt(
from.len() as c_int, from.len(),
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.as_ptr(), self.as_ptr(),
@ -486,7 +502,8 @@ impl Rsa<Public> {
/// [`d2i_RSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html /// [`d2i_RSA_PUBKEY`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html
public_key_from_der, public_key_from_der,
Rsa<Public>, Rsa<Public>,
ffi::d2i_RSA_PUBKEY ffi::d2i_RSA_PUBKEY,
::libc::c_long
} }
from_der! { from_der! {
@ -497,7 +514,8 @@ impl Rsa<Public> {
/// [`d2i_RSAPublicKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html /// [`d2i_RSAPublicKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html
public_key_from_der_pkcs1, public_key_from_der_pkcs1,
Rsa<Public>, Rsa<Public>,
ffi::d2i_RSAPublicKey ffi::d2i_RSAPublicKey,
::libc::c_long
} }
} }
@ -665,7 +683,8 @@ impl Rsa<Private> {
/// [`d2i_RSAPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html /// [`d2i_RSAPrivateKey`]: https://www.openssl.org/docs/man1.0.2/crypto/d2i_RSA_PUBKEY.html
private_key_from_der, private_key_from_der,
Rsa<Private>, Rsa<Private>,
ffi::d2i_RSAPrivateKey ffi::d2i_RSAPrivateKey,
::libc::c_long
} }
} }

5
openssl/src/ssl/callbacks.rs
View File

@ -488,6 +488,8 @@ pub extern "C" fn raw_cookie_generate<F>(
where where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{ {
pub const DTLS1_COOKIE_LENGTH: c_uint = 256;
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl let callback = ssl
@ -496,8 +498,7 @@ where
.expect("BUG: cookie generate callback missing") as *const F; .expect("BUG: cookie generate callback missing") as *const F;
// We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for
// compatibility. See comments in dtls1.h. // compatibility. See comments in dtls1.h.
let slice = let slice = slice::from_raw_parts_mut(cookie as *mut u8, DTLS1_COOKIE_LENGTH as usize - 1);
slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);
match (*callback)(ssl, slice) { match (*callback)(ssl, slice) {
Ok(len) => { Ok(len) => {
*cookie_len = len as c_uint; *cookie_len = len as c_uint;

192
openssl/src/ssl/mod.rs
View File

@ -63,6 +63,7 @@ use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void};
use std::any::TypeId; use std::any::TypeId;
use std::cmp; use std::cmp;
use std::collections::HashMap; use std::collections::HashMap;
use std::convert::TryInto;
use std::ffi::{CStr, CString}; use std::ffi::{CStr, CString};
use std::fmt; use std::fmt;
use std::io; use std::io;
@ -133,7 +134,7 @@ pub fn cipher_name(std_name: &str) -> &'static str {
bitflags! { bitflags! {
/// Options controlling the behavior of an `SslContext`. /// Options controlling the behavior of an `SslContext`.
pub struct SslOptions: c_ulong { pub struct SslOptions: c_uint {
/// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.
const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
@ -145,13 +146,6 @@ bitflags! {
/// Only affects DTLS connections. /// Only affects DTLS connections.
const NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU; const NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU;
/// Enables Cookie Exchange as described in [RFC 4347 Section 4.2.1].
///
/// Only affects DTLS connections.
///
/// [RFC 4347 Section 4.2.1]: https://tools.ietf.org/html/rfc4347#section-4.2.1
const COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE;
/// Disables the use of session tickets for session resumption. /// Disables the use of session tickets for session resumption.
const NO_TICKET = ffi::SSL_OP_NO_TICKET; const NO_TICKET = ffi::SSL_OP_NO_TICKET;
@ -218,24 +212,6 @@ bitflags! {
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, ossl110))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
/// Disables the use of all (D)TLS protocol versions.
///
/// This can be used as a mask when whitelisting protocol versions.
///
/// Requires OpenSSL 1.0.2 or newer.
///
/// # Examples
///
/// Only support TLSv1.2:
///
/// ```rust
/// use openssl::ssl::SslOptions;
///
/// let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
/// ```
#[cfg(any(ossl102, ossl110))]
const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
/// Disallow all renegotiation in TLSv1.2 and earlier. /// Disallow all renegotiation in TLSv1.2 and earlier.
/// ///
/// Requires OpenSSL 1.1.0h or newer. /// Requires OpenSSL 1.1.0h or newer.
@ -253,7 +229,7 @@ bitflags! {
bitflags! { bitflags! {
/// Options controlling the behavior of an `SslContext`. /// Options controlling the behavior of an `SslContext`.
pub struct SslMode: c_long { pub struct SslMode: c_uint {
/// Enables "short writes". /// Enables "short writes".
/// ///
/// Normally, a write in OpenSSL will always write out all of the requested data, even if it /// Normally, a write in OpenSSL will always write out all of the requested data, even if it
@ -380,7 +356,7 @@ bitflags! {
bitflags! { bitflags! {
/// Options controlling the behavior of session caching. /// Options controlling the behavior of session caching.
pub struct SslSessionCacheMode: c_long { pub struct SslSessionCacheMode: c_int {
/// No session caching for the client or server takes place. /// No session caching for the client or server takes place.
const OFF = ffi::SSL_SESS_CACHE_OFF; const OFF = ffi::SSL_SESS_CACHE_OFF;
@ -592,7 +568,7 @@ impl ClientHelloResponse {
/// An SSL/TLS protocol version. /// An SSL/TLS protocol version.
#[derive(Debug, Copy, Clone, PartialEq, Eq)] #[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct SslVersion(c_int); pub struct SslVersion(u16);
impl SslVersion { impl SslVersion {
/// SSLv3 /// SSLv3
@ -736,7 +712,6 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_tlsext_servername_arg(self.as_ptr(), arg); ffi::SSL_CTX_set_tlsext_servername_arg(self.as_ptr(), arg);
let f: extern "C" fn(_, _, _) -> _ = raw_sni::<F>; let f: extern "C" fn(_, _, _) -> _ = raw_sni::<F>;
let f: extern "C" fn() = mem::transmute(f);
ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(f)); ffi::SSL_CTX_set_tlsext_servername_callback(self.as_ptr(), Some(f));
} }
} }
@ -796,7 +771,7 @@ impl SslContextBuilder {
/// [`SSL_CTX_set_read_ahead`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_read_ahead.html /// [`SSL_CTX_set_read_ahead`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_read_ahead.html
pub fn set_read_ahead(&mut self, read_ahead: bool) { pub fn set_read_ahead(&mut self, read_ahead: bool) {
unsafe { unsafe {
ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_long); ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_int);
} }
} }
@ -944,7 +919,7 @@ impl SslContextBuilder {
cvt(ffi::SSL_CTX_set_session_id_context( cvt(ffi::SSL_CTX_set_session_id_context(
self.as_ptr(), self.as_ptr(),
sid_ctx.as_ptr(), sid_ctx.as_ptr(),
sid_ctx.len() as c_uint, sid_ctx.len(),
)) ))
.map(|_| ()) .map(|_| ())
} }
@ -1579,38 +1554,6 @@ impl SslContextBuilder {
} }
} }
/// Sets the callback for generating a DTLSv1 cookie
///
/// The callback will be called with the SSL context and a slice into which the cookie
/// should be written. The callback should return the number of bytes written.
///
/// This corresponds to `SSL_CTX_set_cookie_generate_cb`.
pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>));
}
}
/// Sets the callback for verifying a DTLSv1 cookie
///
/// The callback will be called with the SSL context and the cookie supplied by the
/// client. It should return true if and only if the cookie is valid.
///
/// This corresponds to `SSL_CTX_set_cookie_verify_cb`.
pub fn set_cookie_verify_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::<F>));
}
}
/// Sets the extra data at the specified index. /// Sets the extra data at the specified index.
/// ///
/// This can be used to provide data to callbacks registered with the context. Use the /// This can be used to provide data to callbacks registered with the context. Use the
@ -1739,7 +1682,7 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
#[allow(clippy::useless_conversion)] #[allow(clippy::useless_conversion)]
pub fn set_session_cache_size(&mut self, size: i32) -> i64 { pub fn set_session_cache_size(&mut self, size: u64) -> u64 {
unsafe { ffi::SSL_CTX_sess_set_cache_size(self.as_ptr(), size.into()).into() } unsafe { ffi::SSL_CTX_sess_set_cache_size(self.as_ptr(), size.into()).into() }
} }
@ -1759,21 +1702,6 @@ impl SslContextBuilder {
} }
} }
/// Sets the context's supported elliptic curve groups.
///
/// This corresponds to [`SSL_CTX_set1_groups_list`].
///
/// Requires OpenSSL 1.1.1 or newer.
///
/// [`SSL_CTX_set1_groups_list`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups_list.html
#[cfg(ossl111)]
pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> {
let groups = CString::new(groups).unwrap();
unsafe {
cvt(ffi::SSL_CTX_set1_groups_list(self.as_ptr(), groups.as_ptr()) as c_int).map(|_| ())
}
}
/// Consumes the builder, returning a new `SslContext`. /// Consumes the builder, returning a new `SslContext`.
pub fn build(self) -> SslContext { pub fn build(self) -> SslContext {
self.0 self.0
@ -1981,7 +1909,7 @@ impl SslContextRef {
/// ///
/// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
#[allow(clippy::useless_conversion)] #[allow(clippy::useless_conversion)]
pub fn session_cache_size(&self) -> i64 { pub fn session_cache_size(&self) -> u64 {
unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() } unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() }
} }
@ -2191,7 +2119,8 @@ impl SslSession {
/// [`d2i_SSL_SESSION`]: https://www.openssl.org/docs/man1.0.2/ssl/d2i_SSL_SESSION.html /// [`d2i_SSL_SESSION`]: https://www.openssl.org/docs/man1.0.2/ssl/d2i_SSL_SESSION.html
from_der, from_der,
SslSession, SslSession,
ffi::d2i_SSL_SESSION ffi::d2i_SSL_SESSION,
::libc::c_long
} }
} }
@ -2258,8 +2187,8 @@ impl SslSessionRef {
/// ///
/// [`SSL_SESSION_get_time`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html /// [`SSL_SESSION_get_time`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
#[allow(clippy::useless_conversion)] #[allow(clippy::useless_conversion)]
pub fn time(&self) -> i64 { pub fn time(&self) -> u64 {
unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()).into() } unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()) }
} }
/// Returns the sessions timeout, in seconds. /// Returns the sessions timeout, in seconds.
@ -2270,8 +2199,8 @@ impl SslSessionRef {
/// ///
/// [`SSL_SESSION_get_timeout`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html /// [`SSL_SESSION_get_timeout`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
#[allow(clippy::useless_conversion)] #[allow(clippy::useless_conversion)]
pub fn timeout(&self) -> i64 { pub fn timeout(&self) -> u32 {
unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()).into() } unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()) }
} }
/// Returns the session's TLS protocol version. /// Returns the session's TLS protocol version.
@ -2664,30 +2593,6 @@ impl SslRef {
} }
} }
/// Returns the verified certificate chain of the peer, including the leaf certificate.
///
/// If verification was not successful (i.e. [`verify_result`] does not return
/// [`X509VerifyResult::OK`]), this chain may be incomplete or invalid.
///
/// Requires OpenSSL 1.1.0 or newer.
///
/// This corresponds to [`SSL_get0_verified_chain`].
///
/// [`verify_result`]: #method.verify_result
/// [`X509VerifyResult::OK`]: ../x509/struct.X509VerifyResult.html#associatedconstant.OK
/// [`SSL_get0_verified_chain`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get0_verified_chain.html
#[cfg(ossl110)]
pub fn verified_chain(&self) -> Option<&StackRef<X509>> {
unsafe {
let ptr = ffi::SSL_get0_verified_chain(self.as_ptr());
if ptr.is_null() {
None
} else {
Some(StackRef::from_ptr(ptr))
}
}
}
/// Like [`SslContext::certificate`]. /// Like [`SslContext::certificate`].
/// ///
/// This corresponds to `SSL_get_certificate`. /// This corresponds to `SSL_get_certificate`.
@ -2736,7 +2641,7 @@ impl SslRef {
if r == 0 { if r == 0 {
None None
} else { } else {
Some(SslVersion(r)) r.try_into().ok().map(SslVersion)
} }
} }
} }
@ -3091,7 +2996,7 @@ impl SslRef {
/// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html /// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html
pub fn ocsp_status(&self) -> Option<&[u8]> { pub fn ocsp_status(&self) -> Option<&[u8]> {
unsafe { unsafe {
let mut p = ptr::null_mut(); let mut p = ptr::null();
let len = ffi::SSL_get_tlsext_status_ocsp_resp(self.as_ptr(), &mut p); let len = ffi::SSL_get_tlsext_status_ocsp_resp(self.as_ptr(), &mut p);
if len < 0 { if len < 0 {
@ -3110,16 +3015,12 @@ impl SslRef {
pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
assert!(response.len() <= c_int::max_value() as usize); assert!(response.len() <= c_int::max_value() as usize);
let p = cvt_p(ffi::CRYPTO_malloc( let p = cvt_p(ffi::OPENSSL_malloc(response.len() as _))?;
response.len() as _,
concat!(file!(), "\0").as_ptr() as *const _,
line!() as c_int,
))?;
ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len()); ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len());
cvt(ffi::SSL_set_tlsext_status_ocsp_resp( cvt(ffi::SSL_set_tlsext_status_ocsp_resp(
self.as_ptr(), self.as_ptr(),
p as *mut c_uchar, p as *mut c_uchar,
response.len() as c_long, response.len(),
) as c_int) ) as c_int)
.map(|_| ()) .map(|_| ())
} }
@ -3373,7 +3274,7 @@ impl SslRef {
/// ///
/// This corresponds to `SSL_set_mtu`. /// This corresponds to `SSL_set_mtu`.
pub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack> { pub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_set_mtu(self.as_ptr(), mtu as c_long) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_set_mtu(self.as_ptr(), mtu as c_uint) as c_int).map(|_| ()) }
} }
} }
@ -4001,50 +3902,25 @@ cfg_if! {
}; };
} }
} }
cfg_if! {
if #[cfg(ossl110)] {
unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
ffi::CRYPTO_get_ex_new_index(
ffi::CRYPTO_EX_INDEX_SSL_CTX,
0,
ptr::null_mut(),
None,
None,
Some(f),
)
}
unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { use std::sync::Once;
ffi::CRYPTO_get_ex_new_index(
ffi::CRYPTO_EX_INDEX_SSL,
0,
ptr::null_mut(),
None,
None,
Some(f),
)
}
} else {
use std::sync::Once;
unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
// hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest
static ONCE: Once = Once::new(); static ONCE: Once = Once::new();
ONCE.call_once(|| { ONCE.call_once(|| {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, None); ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None);
}); });
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, Some(f))
} }
unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int {
// hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest // hack around https://rt.openssl.org/Ticket/Display.html?id=3710&user=guest&pass=guest
static ONCE: Once = Once::new(); static ONCE: Once = Once::new();
ONCE.call_once(|| { ONCE.call_once(|| {
ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, None); ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, None);
}); });
ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) ffi::SSL_get_ex_new_index(0, ptr::null_mut(), ptr::null_mut(), None, Some(f))
}
}
} }

39
openssl/src/stack.rs
View File

@ -1,6 +1,6 @@
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use foreign_types::{ForeignType, ForeignTypeRef, Opaque};
use libc::c_int; use libc::{c_int, size_t};
use std::borrow::Borrow; use std::borrow::Borrow;
use std::convert::AsRef; use std::convert::AsRef;
use std::fmt; use std::fmt;
@ -10,22 +10,13 @@ use std::mem;
use std::ops::{Deref, DerefMut, Index, IndexMut, Range}; use std::ops::{Deref, DerefMut, Index, IndexMut, Range};
use error::ErrorStack; use error::ErrorStack;
use {cvt, cvt_p}; use {cvt, cvt_0, cvt_p};
cfg_if! { use ffi::{
if #[cfg(ossl110)] { sk_free as OPENSSL_sk_free, sk_new_null as OPENSSL_sk_new_null, sk_num as OPENSSL_sk_num,
use ffi::{ sk_pop as OPENSSL_sk_pop, sk_push as OPENSSL_sk_push, sk_value as OPENSSL_sk_value,
OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, _STACK as OPENSSL_STACK,
OPENSSL_sk_new_null, OPENSSL_sk_push, };
};
} else {
use ffi::{
sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num,
sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK,
sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push,
};
}
}
/// Trait implemented by types which can be placed in a stack. /// Trait implemented by types which can be placed in a stack.
/// ///
@ -79,7 +70,7 @@ impl<T: Stackable> iter::IntoIterator for Stack<T> {
fn into_iter(self) -> IntoIter<T> { fn into_iter(self) -> IntoIter<T> {
let it = IntoIter { let it = IntoIter {
stack: self.0, stack: self.0,
idxs: 0..self.len() as c_int, idxs: 0..self.len(),
}; };
mem::forget(self); mem::forget(self);
it it
@ -134,7 +125,7 @@ impl<T: Stackable> DerefMut for Stack<T> {
pub struct IntoIter<T: Stackable> { pub struct IntoIter<T: Stackable> {
stack: *mut T::StackType, stack: *mut T::StackType,
idxs: Range<c_int>, idxs: Range<size_t>,
} }
impl<T: Stackable> Drop for IntoIter<T> { impl<T: Stackable> Drop for IntoIter<T> {
@ -201,13 +192,13 @@ impl<T: Stackable> StackRef<T> {
pub fn iter(&self) -> Iter<T> { pub fn iter(&self) -> Iter<T> {
Iter { Iter {
stack: self, stack: self,
idxs: 0..self.len() as c_int, idxs: 0..self.len(),
} }
} }
pub fn iter_mut(&mut self) -> IterMut<T> { pub fn iter_mut(&mut self) -> IterMut<T> {
IterMut { IterMut {
idxs: 0..self.len() as c_int, idxs: 0..self.len(),
stack: self, stack: self,
} }
} }
@ -239,7 +230,7 @@ impl<T: Stackable> StackRef<T> {
/// Pushes a value onto the top of the stack. /// Pushes a value onto the top of the stack.
pub fn push(&mut self, data: T) -> Result<(), ErrorStack> { pub fn push(&mut self, data: T) -> Result<(), ErrorStack> {
unsafe { unsafe {
cvt(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _))?; cvt_0(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _))?;
mem::forget(data); mem::forget(data);
Ok(()) Ok(())
} }
@ -258,7 +249,7 @@ impl<T: Stackable> StackRef<T> {
} }
unsafe fn _get(&self, idx: usize) -> *mut T::CType { unsafe fn _get(&self, idx: usize) -> *mut T::CType {
OPENSSL_sk_value(self.as_stack(), idx as c_int) as *mut _ OPENSSL_sk_value(self.as_stack(), idx) as *mut _
} }
} }
@ -318,7 +309,7 @@ where
T: 'a, T: 'a,
{ {
stack: &'a StackRef<T>, stack: &'a StackRef<T>,
idxs: Range<c_int>, idxs: Range<size_t>,
} }
impl<'a, T: Stackable> Iterator for Iter<'a, T> { impl<'a, T: Stackable> Iterator for Iter<'a, T> {
@ -352,7 +343,7 @@ impl<'a, T: Stackable> ExactSizeIterator for Iter<'a, T> {}
/// A mutable iterator over the stack's contents. /// A mutable iterator over the stack's contents.
pub struct IterMut<'a, T: Stackable + 'a> { pub struct IterMut<'a, T: Stackable + 'a> {
stack: &'a mut StackRef<T>, stack: &'a mut StackRef<T>,
idxs: Range<c_int>, idxs: Range<size_t>,
} }
impl<'a, T: Stackable> Iterator for IterMut<'a, T> { impl<'a, T: Stackable> Iterator for IterMut<'a, T> {

6
openssl/src/string.rs
View File

@ -87,9 +87,5 @@ unsafe fn free(buf: *mut c_char) {
#[cfg(ossl110)] #[cfg(ossl110)]
unsafe fn free(buf: *mut c_char) { unsafe fn free(buf: *mut c_char) {
::ffi::CRYPTO_free( ::ffi::OPENSSL_free(buf as *mut c_void);
buf as *mut c_void,
concat!(file!(), "\0").as_ptr() as *const c_char,
line!() as ::libc::c_int,
);
} }

148
openssl/src/symm.rs
View File

@ -53,7 +53,7 @@
//! ``` //! ```
use ffi; use ffi;
use libc::c_int; use libc::{c_int, c_uint};
use std::cmp; use std::cmp;
use std::ptr; use std::ptr;
@ -98,44 +98,18 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_aes_128_cbc()) } unsafe { Cipher(ffi::EVP_aes_128_cbc()) }
} }
pub fn aes_128_xts() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_xts()) }
}
pub fn aes_128_ctr() -> Cipher { pub fn aes_128_ctr() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_ctr()) } unsafe { Cipher(ffi::EVP_aes_128_ctr()) }
} }
pub fn aes_128_cfb1() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_cfb1()) }
}
pub fn aes_128_cfb128() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_cfb128()) }
}
pub fn aes_128_cfb8() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_cfb8()) }
}
pub fn aes_128_gcm() -> Cipher { pub fn aes_128_gcm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_gcm()) } unsafe { Cipher(ffi::EVP_aes_128_gcm()) }
} }
pub fn aes_128_ccm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_ccm()) }
}
pub fn aes_128_ofb() -> Cipher { pub fn aes_128_ofb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_ofb()) } unsafe { Cipher(ffi::EVP_aes_128_ofb()) }
} }
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(ossl110)]
pub fn aes_128_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_ocb()) }
}
pub fn aes_192_ecb() -> Cipher { pub fn aes_192_ecb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ecb()) } unsafe { Cipher(ffi::EVP_aes_192_ecb()) }
} }
@ -148,36 +122,14 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ctr()) } unsafe { Cipher(ffi::EVP_aes_192_ctr()) }
} }
pub fn aes_192_cfb1() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_cfb1()) }
}
pub fn aes_192_cfb128() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_cfb128()) }
}
pub fn aes_192_cfb8() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_cfb8()) }
}
pub fn aes_192_gcm() -> Cipher { pub fn aes_192_gcm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_gcm()) } unsafe { Cipher(ffi::EVP_aes_192_gcm()) }
} }
pub fn aes_192_ccm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ccm()) }
}
pub fn aes_192_ofb() -> Cipher { pub fn aes_192_ofb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ofb()) } unsafe { Cipher(ffi::EVP_aes_192_ofb()) }
} }
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(ossl110)]
pub fn aes_192_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ocb()) }
}
pub fn aes_256_ecb() -> Cipher { pub fn aes_256_ecb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ecb()) } unsafe { Cipher(ffi::EVP_aes_256_ecb()) }
} }
@ -186,60 +138,18 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_aes_256_cbc()) } unsafe { Cipher(ffi::EVP_aes_256_cbc()) }
} }
pub fn aes_256_xts() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_xts()) }
}
pub fn aes_256_ctr() -> Cipher { pub fn aes_256_ctr() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ctr()) } unsafe { Cipher(ffi::EVP_aes_256_ctr()) }
} }
pub fn aes_256_cfb1() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_cfb1()) }
}
pub fn aes_256_cfb128() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_cfb128()) }
}
pub fn aes_256_cfb8() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_cfb8()) }
}
pub fn aes_256_gcm() -> Cipher { pub fn aes_256_gcm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_gcm()) } unsafe { Cipher(ffi::EVP_aes_256_gcm()) }
} }
pub fn aes_256_ccm() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ccm()) }
}
pub fn aes_256_ofb() -> Cipher { pub fn aes_256_ofb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ofb()) } unsafe { Cipher(ffi::EVP_aes_256_ofb()) }
} }
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(ossl110)]
pub fn aes_256_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ocb()) }
}
pub fn bf_cbc() -> Cipher {
unsafe { Cipher(ffi::EVP_bf_cbc()) }
}
pub fn bf_ecb() -> Cipher {
unsafe { Cipher(ffi::EVP_bf_ecb()) }
}
pub fn bf_cfb64() -> Cipher {
unsafe { Cipher(ffi::EVP_bf_cfb64()) }
}
pub fn bf_ofb() -> Cipher {
unsafe { Cipher(ffi::EVP_bf_ofb()) }
}
pub fn des_cbc() -> Cipher { pub fn des_cbc() -> Cipher {
unsafe { Cipher(ffi::EVP_des_cbc()) } unsafe { Cipher(ffi::EVP_des_cbc()) }
} }
@ -256,26 +166,10 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_cbc()) } unsafe { Cipher(ffi::EVP_des_ede3_cbc()) }
} }
pub fn des_ede3_cfb64() -> Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_cfb64()) }
}
pub fn rc4() -> Cipher { pub fn rc4() -> Cipher {
unsafe { Cipher(ffi::EVP_rc4()) } unsafe { Cipher(ffi::EVP_rc4()) }
} }
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub fn chacha20() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20()) }
}
/// Requires OpenSSL 1.1.0 or newer.
#[cfg(any(ossl110))]
pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
}
/// Creates a `Cipher` from a raw pointer to its OpenSSL type. /// Creates a `Cipher` from a raw pointer to its OpenSSL type.
/// ///
/// # Safety /// # Safety
@ -320,20 +214,6 @@ impl Cipher {
unsafe { EVP_CIPHER_block_size(self.0) as usize } unsafe { EVP_CIPHER_block_size(self.0) as usize }
} }
/// Determines whether the cipher is using CCM mode
fn is_ccm(self) -> bool {
// NOTE: OpenSSL returns pointers to static structs, which makes this work as expected
self == Cipher::aes_128_ccm() || self == Cipher::aes_256_ccm()
}
/// Determines whether the cipher is using OCB mode
#[cfg(ossl110)]
fn is_ocb(self) -> bool {
self == Cipher::aes_128_ocb()
|| self == Cipher::aes_192_ocb()
|| self == Cipher::aes_256_ocb()
}
#[cfg(not(ossl110))] #[cfg(not(ossl110))]
const fn is_ocb(self) -> bool { const fn is_ocb(self) -> bool {
false false
@ -451,7 +331,7 @@ impl Crypter {
assert!(key.len() <= c_int::max_value() as usize); assert!(key.len() <= c_int::max_value() as usize);
cvt(ffi::EVP_CIPHER_CTX_set_key_length( cvt(ffi::EVP_CIPHER_CTX_set_key_length(
crypter.ctx, crypter.ctx,
key.len() as c_int, key.len() as c_uint,
))?; ))?;
let key = key.as_ptr() as *mut _; let key = key.as_ptr() as *mut _;
@ -624,7 +504,7 @@ impl Crypter {
} }
let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int; let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int;
cvt(ffi::EVP_CipherFinal( cvt(ffi::EVP_CipherFinal_ex(
self.ctx, self.ctx,
output.as_mut_ptr(), output.as_mut_ptr(),
&mut outl, &mut outl,
@ -776,14 +656,6 @@ pub fn encrypt_aead(
let mut c = Crypter::new(t, Mode::Encrypt, key, iv)?; let mut c = Crypter::new(t, Mode::Encrypt, key, iv)?;
let mut out = vec![0; data.len() + t.block_size()]; let mut out = vec![0; data.len() + t.block_size()];
let is_ccm = t.is_ccm();
if is_ccm || t.is_ocb() {
c.set_tag_len(tag.len())?;
if is_ccm {
c.set_data_len(data.len())?;
}
}
c.aad_update(aad)?; c.aad_update(aad)?;
let count = c.update(data, &mut out)?; let count = c.update(data, &mut out)?;
let rest = c.finalize(&mut out[count..])?; let rest = c.finalize(&mut out[count..])?;
@ -807,23 +679,11 @@ pub fn decrypt_aead(
let mut c = Crypter::new(t, Mode::Decrypt, key, iv)?; let mut c = Crypter::new(t, Mode::Decrypt, key, iv)?;
let mut out = vec![0; data.len() + t.block_size()]; let mut out = vec![0; data.len() + t.block_size()];
let is_ccm = t.is_ccm();
if is_ccm || t.is_ocb() {
c.set_tag(tag)?;
if is_ccm {
c.set_data_len(data.len())?;
}
}
c.aad_update(aad)?; c.aad_update(aad)?;
let count = c.update(data, &mut out)?; let count = c.update(data, &mut out)?;
let rest = if t.is_ccm() {
0
} else {
c.set_tag(tag)?; c.set_tag(tag)?;
c.finalize(&mut out[count..])? let rest = c.finalize(&mut out[count..])?;
};
out.truncate(count + rest); out.truncate(count + rest);
Ok(out) Ok(out)

17
openssl/src/x509/mod.rs
View File

@ -639,7 +639,8 @@ impl X509 {
/// [`d2i_X509`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509.html /// [`d2i_X509`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509.html
from_der, from_der,
X509, X509,
ffi::d2i_X509 ffi::d2i_X509,
::libc::c_long
} }
/// Deserializes a list of PEM-formatted certificates. /// Deserializes a list of PEM-formatted certificates.
@ -1142,7 +1143,8 @@ impl X509Req {
/// [`d2i_X509_REQ`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_X509_REQ.html /// [`d2i_X509_REQ`]: https://www.openssl.org/docs/man1.1.0/crypto/d2i_X509_REQ.html
from_der, from_der,
X509Req, X509Req,
ffi::d2i_X509_REQ ffi::d2i_X509_REQ,
::libc::c_long
} }
} }
@ -1512,14 +1514,7 @@ cfg_if! {
} }
} }
cfg_if! { unsafe fn X509_OBJECT_free(x: *mut ffi::X509_OBJECT) {
if #[cfg(ossl110)] {
use ffi::X509_OBJECT_free;
} else {
#[allow(bad_style)]
unsafe fn X509_OBJECT_free(x: *mut ffi::X509_OBJECT) {
ffi::X509_OBJECT_free_contents(x); ffi::X509_OBJECT_free_contents(x);
ffi::CRYPTO_free(x as *mut libc::c_void); ffi::OPENSSL_free(x as *mut libc::c_void);
}
}
} }

11
systest/Cargo.toml Normal file
View File

@ -0,0 +1,11 @@
[package]
name = "systest"
version = "0.1.0"
authors = ["Alex Crichton <alex@alexcrichton.com>"]
[dependencies]
libc = "0.2"
openssl-sys = { path = "../openssl-sys" }
[build-dependencies]
ctest = "0.2"

127
systest/build.rs Normal file
View File

@ -0,0 +1,127 @@
extern crate ctest;
use std::env;
fn main() {
let mut cfg = ctest::TestGenerator::new();
let target = env::var("TARGET").unwrap();
cfg.include("../openssl-sys/deps/boringssl/src/include");
// Needed to get OpenSSL to correctly undef symbols that are already on
// Windows like X509_NAME
if target.contains("windows") {
cfg.header("windows.h");
// weird "different 'const' qualifiers" error on Windows, maybe a cl.exe
// thing?
if target.contains("msvc") {
cfg.flag("/wd4090");
}
// https://github.com/sfackler/rust-openssl/issues/889
cfg.define("WIN32_LEAN_AND_MEAN", None);
}
let mut cfgs = vec![];
cfgs.push("ossl101");
cfgs.push("ossl102");
cfgs.push("ossl102f");
cfgs.push("ossl102h");
cfgs.push("ossl110");
cfgs.push("ossl110f");
cfgs.push("ossl110g");
for c in cfgs {
cfg.cfg(c, None);
}
cfg.header("openssl/dh.h")
.header("openssl/ossl_typ.h")
.header("openssl/stack.h")
.header("openssl/x509.h")
.header("openssl/bio.h")
.header("openssl/x509v3.h")
.header("openssl/safestack.h")
.header("openssl/hmac.h")
.header("openssl/ssl.h")
.header("openssl/err.h")
.header("openssl/rand.h")
.header("openssl/pkcs12.h")
.header("openssl/bn.h")
.header("openssl/aes.h")
.header("openssl/evp.h")
.header("openssl/x509_vfy.h");
#[allow(clippy::if_same_then_else)]
cfg.type_name(|s, is_struct, _is_union| {
// Add some `*` on some callback parameters to get function pointer to
// typecheck in C, especially on MSVC.
if s == "PasswordCallback" {
"pem_password_cb*".to_string()
} else if s == "bio_info_cb" {
"bio_info_cb*".to_string()
} else if s == "_STACK" {
"struct stack_st".to_string()
// This logic should really be cleaned up
} else if is_struct
&& s != "point_conversion_form_t"
&& s.chars().next().unwrap().is_lowercase()
{
format!("struct {}", s)
} else if s.starts_with("stack_st_") {
format!("struct {}", s)
} else {
s.to_string()
}
});
cfg.skip_type(|s| {
// function pointers are declared without a `*` in openssl so their
// sizeof is 1 which isn't what we want.
s == "PasswordCallback"
|| s == "pem_password_cb"
|| s == "bio_info_cb"
|| s.starts_with("CRYPTO_EX_")
});
cfg.skip_struct(|s| {
s == "ProbeResult" || s == "X509_OBJECT_data" // inline union
});
cfg.skip_fn(move |s| {
s == "CRYPTO_memcmp" || // uses volatile
// Skip some functions with function pointers on windows, not entirely
// sure how to get them to work out...
(target.contains("windows") && {
s.starts_with("PEM_read_bio_") ||
(s.starts_with("PEM_write_bio_") && s.ends_with("PrivateKey")) ||
s == "d2i_PKCS8PrivateKey_bio" ||
s == "SSL_get_ex_new_index" ||
s == "SSL_CTX_get_ex_new_index" ||
s == "CRYPTO_get_ex_new_index"
})
});
cfg.skip_field_type(|s, field| {
(s == "EVP_PKEY" && field == "pkey") || // union
(s == "GENERAL_NAME" && field == "d") || // union
(s == "X509_OBJECT" && field == "data") // union
});
cfg.skip_signededness(|s| {
s.ends_with("_cb")
|| s.ends_with("_CB")
|| s.ends_with("_cb_fn")
|| s.starts_with("CRYPTO_")
|| s == "PasswordCallback"
|| s.ends_with("_cb_func")
|| s.ends_with("_cb_ex")
});
cfg.field_name(|_s, field| {
if field == "type_" {
"type".to_string()
} else {
field.to_string()
}
});
cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string());
cfg.generate("../openssl-sys/src/lib.rs", "all.rs");
}

9
systest/src/main.rs Normal file
View File

@ -0,0 +1,9 @@
#![allow(bad_style, clippy::all)]
extern crate libc;
extern crate openssl_sys;
use libc::*;
use openssl_sys::*;
include!(concat!(env!("OUT_DIR"), "/all.rs"));