min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Split stuff requiring a shim out to a separate crate

This commit is contained in:
Steven Fackler 2015-11-10 21:32:19 -08:00
parent 8139fadbff
commit a8a10e64ad
14 changed files with 249 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openssl-sys-extras/Cargo.toml Normal file
View File

@ -0,0 +1,16 @@
[package]
name = "openssl-sys-extras"
version = "0.6.7"
authors = ["Steven Fackler <sfackler@gmail.com>"]
links = "openssl_shim"
build = "build.rs"
[features]
ecdh_auto = []
[dependencies]
libc = "0.2"
openssl-sys = { version = "0.6.7", path = "../openssl-sys" }
[build-dependencies]
gcc = "0.3"

77
openssl-sys-extras/build.rs Normal file
View File

@ -0,0 +1,77 @@
extern crate gcc;
use std::env;
use std::path::PathBuf;
use std::fs::File;
use std::io::Write as IoWrite;
use std::fmt::Write;
fn main() {
let options_shim_file = generate_options_shim();
let mut config = gcc::Config::new();
if let Some(paths) = env::var_os("DEP_OPENSSL_INCLUDE") {
for path in env::split_paths(&paths) {
config.include(PathBuf::from(path));
}
}
config.file("src/openssl_shim.c")
.file(options_shim_file)
.compile("libopenssl_shim.a");
}
macro_rules! import_options {
( $( $name:ident $val:expr )* ) => {
&[ $( (stringify!($name),$val), )* ]
};
}
fn generate_options_shim() -> PathBuf {
let options: &[(&'static str,u64)]=include!("src/ssl_options.rs");
let mut shim = String::new();
writeln!(shim,"#include <stdint.h>").unwrap();
writeln!(shim,"#include <openssl/ssl.h>").unwrap();
for &(name,value) in options {
writeln!(shim,"#define RUST_{} UINT64_C({})",name,value).unwrap();
writeln!(shim,"#ifndef {}",name).unwrap();
writeln!(shim,"# define {} 0",name).unwrap();
writeln!(shim,"#endif").unwrap();
}
writeln!(shim,"#define COPY_MASK ( \\").unwrap();
let mut it=options.iter().peekable();
while let Some(&(name,_))=it.next() {
let eol=match it.peek() {
Some(_) => " | \\",
None => " )"
};
writeln!(shim," ((RUST_{0}==(uint64_t)(uint32_t){0})?RUST_{0}:UINT64_C(0)){1}",name,eol).unwrap();
}
writeln!(shim,"long rust_openssl_ssl_ctx_options_rust_to_c(uint64_t rustval) {{").unwrap();
writeln!(shim," long cval=rustval&COPY_MASK;").unwrap();
for &(name,_) in options {
writeln!(shim," if (rustval&RUST_{0}) cval|={0};",name).unwrap();
}
writeln!(shim," return cval;").unwrap();
writeln!(shim,"}}").unwrap();
writeln!(shim,"uint64_t rust_openssl_ssl_ctx_options_c_to_rust(long cval) {{").unwrap();
writeln!(shim," uint64_t rustval=cval&COPY_MASK;").unwrap();
for &(name,_) in options {
writeln!(shim," if (cval&{0}) rustval|=RUST_{0};",name).unwrap();
}
writeln!(shim," return rustval;").unwrap();
writeln!(shim,"}}").unwrap();
let out_dir = env::var("OUT_DIR").unwrap();
let dest_file = PathBuf::from(&out_dir).join("ssl_ctx_options_shim.c");
let mut f = File::create(&dest_file).unwrap();
f.write_all(shim.as_bytes()).unwrap();
dest_file
}

64
openssl-sys-extras/src/lib.rs Normal file
View File

@ -0,0 +1,64 @@
#![allow(non_upper_case_globals, non_snake_case)]
extern crate openssl_sys;
extern crate libc;
use libc::{c_int, c_uint, c_long, c_char};
use openssl_sys::{HMAC_CTX, EVP_MD, ENGINE, SSL_CTX, BIO, X509, stack_st_X509_EXTENSION, SSL, DH};
macro_rules! import_options {
( $( $name:ident $val:expr )* ) => {
$( pub const $name: u64 = $val; )*
};
}
include!("ssl_options.rs");
pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
}
pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl))
}
pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
}
extern {
fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long;
fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64;
// Pre-1.0 versions of these didn't return anything, so the shims bridge that gap
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Init_ex_shim")]
pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int;
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Final_shim")]
pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int;
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Update_shim")]
pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int;
// These functions are defined in OpenSSL as macros, so we shim them
#[link_name = "BIO_eof_shim"]
pub fn BIO_eof(b: *mut BIO) -> c_int;
#[link_name = "BIO_set_nbio_shim"]
pub fn BIO_set_nbio(b: *mut BIO, enabled: c_long) -> c_long;
#[link_name = "BIO_set_mem_eof_return_shim"]
pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int);
pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
#[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
#[link_name = "SSL_CTX_set_read_ahead_shim"]
pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;
#[cfg(feature = "ecdh_auto")]
#[link_name = "SSL_CTX_set_ecdh_auto_shim"]
pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int;
#[link_name = "SSL_set_tlsext_host_name_shim"]
pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;
#[link_name = "SSL_CTX_set_tmp_dh_shim"]
pub fn SSL_CTX_set_tmp_dh(s: *mut SSL, dh: *const DH) -> c_long;
#[link_name = "X509_get_extensions_shim"]
pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION;
}

0
openssl-sys/src/openssl_shim.c → openssl-sys-extras/src/openssl_shim.c
View File

0
openssl-sys/src/ssl_options.rs → openssl-sys-extras/src/ssl_options.rs
View File

1
openssl-sys/Cargo.toml
View File

@ -23,7 +23,6 @@ aes_ctr = []
npn = []
alpn = []
rfc5114 = []
ecdh_auto = []
[dependencies]
libc = "0.2"

80
openssl-sys/build.rs
View File

@ -2,10 +2,6 @@ extern crate pkg_config;
extern crate gcc;
use std::env;
use std::fmt::Write as FmtWrite;
use std::path::PathBuf;
use std::fs::File;
use std::io::Write;
fn main() {
let target = env::var("TARGET").unwrap();
@ -20,7 +16,8 @@ fn main() {
// rustc doesn't seem to work with pkg-config's output in mingw64
if !target.contains("windows") {
if let Ok(info) = pkg_config::find_library("openssl") {
build_openssl_shim(&info.include_paths);
let paths = env::join_paths(info.include_paths).unwrap();
println!("cargo:include={}", paths.to_str().unwrap());
return;
}
}
@ -59,82 +56,9 @@ fn main() {
println!("cargo:rustc-link-lib={}={}", mode, lib);
}
let mut include_dirs = vec![];
if let Some(include_dir) = include_dir {
println!("cargo:include={}", include_dir);
include_dirs.push(PathBuf::from(&include_dir));
}
build_openssl_shim(&include_dirs);
}
macro_rules! import_options {
( $( $name:ident $val:expr )* ) => {
&[ $( (stringify!($name),$val), )* ]
};
}
fn generate_options_shim() -> PathBuf {
let options: &[(&'static str,u64)]=include!("src/ssl_options.rs");
let mut shim = String::new();
writeln!(shim,"#include <stdint.h>").unwrap();
writeln!(shim,"#include <openssl/ssl.h>").unwrap();
for &(name,value) in options {
writeln!(shim,"#define RUST_{} UINT64_C({})",name,value).unwrap();
writeln!(shim,"#ifndef {}",name).unwrap();
writeln!(shim,"# define {} 0",name).unwrap();
writeln!(shim,"#endif").unwrap();
}
writeln!(shim,"#define COPY_MASK ( \\").unwrap();
let mut it=options.iter().peekable();
while let Some(&(name,_))=it.next() {
let eol=match it.peek() {
Some(_) => " | \\",
None => " )"
};
writeln!(shim," ((RUST_{0}==(uint64_t)(uint32_t){0})?RUST_{0}:UINT64_C(0)){1}",name,eol).unwrap();
}
writeln!(shim,"long rust_openssl_ssl_ctx_options_rust_to_c(uint64_t rustval) {{").unwrap();
writeln!(shim," long cval=rustval&COPY_MASK;").unwrap();
for &(name,_) in options {
writeln!(shim," if (rustval&RUST_{0}) cval|={0};",name).unwrap();
}
writeln!(shim," return cval;").unwrap();
writeln!(shim,"}}").unwrap();
writeln!(shim,"uint64_t rust_openssl_ssl_ctx_options_c_to_rust(long cval) {{").unwrap();
writeln!(shim," uint64_t rustval=cval&COPY_MASK;").unwrap();
for &(name,_) in options {
writeln!(shim," if (cval&{0}) rustval|=RUST_{0};",name).unwrap();
}
writeln!(shim," return rustval;").unwrap();
writeln!(shim,"}}").unwrap();
let out_dir = env::var("OUT_DIR").unwrap();
let dest_file = PathBuf::from(&out_dir).join("ssl_ctx_options_shim.c");
let mut f = File::create(&dest_file).unwrap();
f.write_all(shim.as_bytes()).unwrap();
dest_file
}
fn build_openssl_shim(include_paths: &[PathBuf]) {
let options_shim_file = generate_options_shim();
let mut config = gcc::Config::new();
for path in include_paths {
config.include(path);
}
config.file("src/openssl_shim.c")
.file(options_shim_file)
.compile("libopenssl_shim.a");
}
fn get_mingw_in_path() -> Option<Vec<String>> {

99
openssl-sys/src/lib.rs
View File

@ -159,14 +159,6 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1;
pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2;
pub const SSL_TLSEXT_ERR_NOACK: c_int = 3;
macro_rules! import_options {
( $( $name:ident $val:expr )* ) => {
$( pub const $name: u64 = $val; )*
};
}
include!("ssl_options.rs");
#[cfg(any(feature = "npn", feature = "alpn"))]
pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
#[cfg(any(feature = "npn", feature = "alpn"))]
@ -238,16 +230,14 @@ pub const X509_V_OK: c_int = 0;
static mut MUTEXES: *mut Vec<Mutex<()>> = 0 as *mut Vec<Mutex<()>>;
static mut GUARDS: *mut Vec<Option<MutexGuard<'static, ()>>> = 0 as *mut Vec<Option<MutexGuard<'static, ()>>>;
extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char,
unsafe extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char,
_line: c_int) {
unsafe {
let mutex = &(*MUTEXES)[n as usize];
let mutex = &(*MUTEXES)[n as usize];
if mode & CRYPTO_LOCK != 0 {
(*GUARDS)[n as usize] = Some(mutex.lock().unwrap());
} else {
&(*GUARDS)[n as usize].take();
}
if mode & CRYPTO_LOCK != 0 {
(*GUARDS)[n as usize] = Some(mutex.lock().unwrap());
} else {
&(*GUARDS)[n as usize].take();
}
}
@ -270,29 +260,27 @@ pub fn init() {
GUARDS = mem::transmute(guards);
CRYPTO_set_locking_callback(locking_function);
rust_openssl_set_id_callback();
set_id_callback();
}
})
}
pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
#[cfg(unix)]
fn set_id_callback() {
unsafe extern "C" fn thread_id() -> c_ulong {
libc::pthread_self() as c_ulong
}
unsafe {
CRYPTO_set_id_callback(thread_id);
}
}
pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl))
}
pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
}
#[cfg(not(unix))]
fn set_id_callback() {}
// True functions
extern "C" {
fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long;
fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64;
fn rust_openssl_set_id_callback();
pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
pub fn ASN1_TIME_free(tm: *mut ASN1_TIME);
@ -375,10 +363,11 @@ extern "C" {
pub fn BN_bn2hex(a: *mut BIGNUM) -> *const c_char;
pub fn CRYPTO_num_locks() -> c_int;
pub fn CRYPTO_set_locking_callback(func: extern "C" fn(mode: c_int,
n: c_int,
file: *const c_char,
line: c_int));
pub fn CRYPTO_set_locking_callback(func: unsafe extern "C" fn(mode: c_int,
n: c_int,
file: *const c_char,
line: c_int));
pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong);
pub fn CRYPTO_free(buf: *mut c_void);
pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void,
len: size_t) -> c_int;
@ -467,24 +456,6 @@ extern "C" {
pub fn HMAC_CTX_cleanup(ctx: *mut HMAC_CTX);
pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int;
// Pre-1.0 versions of these didn't return anything, so the shims bridge that gap
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Init_ex_shim")]
pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int;
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Final_shim")]
pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int;
#[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Update_shim")]
pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int;
/// Deprecated - use the non "_shim" version
#[cfg_attr(target_os = "nacl", link_name = "HMAC_Init_ex")]
pub fn HMAC_Init_ex_shim(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int;
/// Deprecated - use the non "_shim" version
#[cfg_attr(target_os = "nacl", link_name = "HMAC_Final")]
pub fn HMAC_Final_shim(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int;
/// Deprecated - use the non "_shim" version
#[cfg_attr(target_os = "nacl", link_name = "HMAC_Update")]
pub fn HMAC_Update_shim(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int;
pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: Option<PasswordCallback>,
user_data: *mut c_void) -> *mut DH;
pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: Option<PasswordCallback>,
@ -678,30 +649,6 @@ extern "C" {
pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;
pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int;
pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;
// These functions are defined in OpenSSL as macros, so we shim them
#[link_name = "BIO_eof_shim"]
pub fn BIO_eof(b: *mut BIO) -> c_int;
#[link_name = "BIO_set_nbio_shim"]
pub fn BIO_set_nbio(b: *mut BIO, enabled: c_long) -> c_long;
#[link_name = "BIO_set_mem_eof_return_shim"]
pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int);
pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
#[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
#[link_name = "SSL_CTX_set_read_ahead_shim"]
pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;
#[cfg(feature = "ecdh_auto")]
#[link_name = "SSL_CTX_set_ecdh_auto_shim"]
pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int;
#[link_name = "SSL_set_tlsext_host_name_shim"]
pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;
#[link_name = "SSL_CTX_set_tmp_dh_shim"]
pub fn SSL_CTX_set_tmp_dh(s: *mut SSL, dh: *const DH) -> c_long;
#[link_name = "X509_get_extensions_shim"]
pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION;
}
pub mod probe;

8
openssl/Cargo.toml
View File

@ -21,16 +21,14 @@ aes_ctr = ["openssl-sys/aes_ctr"]
npn = ["openssl-sys/npn"]
alpn = ["openssl-sys/alpn"]
rfc5114 = ["openssl-sys/rfc5114"]
ecdh_auto = ["openssl-sys/ecdh_auto"]
[dependencies.openssl-sys]
path = "../openssl-sys"
version = "0.6.7"
ecdh_auto = ["openssl-sys-extras/ecdh_auto"]
[dependencies]
bitflags = ">= 0.2, < 0.4"
lazy_static = "0.1"
libc = "0.2"
openssl-sys = { version = "0.6.7", path = "../openssl-sys" }
openssl-sys-extras = { version = "0.6.7", path = "../openssl-sys-extras" }
[dev-dependencies]
rustc-serialize = "0.3"

5
openssl/src/bio/mod.rs
View File

@ -5,6 +5,7 @@ use std::ptr;
use std::cmp;
use ffi;
use ffi_extras;
use ssl::error::{SslError};
pub struct MemBio {
@ -60,7 +61,7 @@ impl MemBio {
/// Sets the BIO's EOF state.
pub fn set_eof(&self, eof: bool) {
let v = if eof { 0 } else { -1 };
unsafe { ffi::BIO_set_mem_eof_return(self.bio, v); }
unsafe { ffi_extras::BIO_set_mem_eof_return(self.bio, v); }
}
}
@ -72,7 +73,7 @@ impl Read for MemBio {
};
if ret <= 0 {
let is_eof = unsafe { ffi::BIO_eof(self.bio) };
let is_eof = unsafe { ffi_extras::BIO_eof(self.bio) };
if is_eof != 0 {
Ok(0)
} else {

20
openssl/src/crypto/hmac.rs
View File

@ -21,6 +21,7 @@ use std::io::prelude::*;
use crypto::hash::Type;
use ffi;
use ffi_extras;
#[derive(PartialEq, Copy, Clone)]
enum State {
@ -88,9 +89,10 @@ impl HMAC {
#[inline]
fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) {
unsafe {
let r = ffi::HMAC_Init_ex(&mut self.ctx,
key.as_ptr(), key.len() as c_int,
md, 0 as *const _);
let r = ffi_extras::HMAC_Init_ex(&mut self.ctx,
key.as_ptr(),
key.len() as c_int,
md, 0 as *const _);
assert_eq!(r, 1);
}
self.state = Reset;
@ -106,9 +108,9 @@ impl HMAC {
// If the key and/or md is not supplied it's reused from the last time
// avoiding redundant initializations
unsafe {
let r = ffi::HMAC_Init_ex(&mut self.ctx,
0 as *const _, 0,
0 as *const _, 0 as *const _);
let r = ffi_extras::HMAC_Init_ex(&mut self.ctx,
0 as *const _, 0,
0 as *const _, 0 as *const _);
assert_eq!(r, 1);
}
self.state = Reset;
@ -120,7 +122,7 @@ impl HMAC {
self.init();
}
unsafe {
let r = ffi::HMAC_Update(&mut self.ctx, data.as_ptr(), data.len() as c_uint);
let r = ffi_extras::HMAC_Update(&mut self.ctx, data.as_ptr(), data.len() as c_uint);
assert_eq!(r, 1);
}
self.state = Updated;
@ -135,7 +137,7 @@ impl HMAC {
let mut res: Vec<u8> = repeat(0).take(md_len).collect();
unsafe {
let mut len = 0;
let r = ffi::HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len);
let r = ffi_extras::HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len);
self.state = Finalized;
assert_eq!(len as usize, md_len);
assert_eq!(r, 1);
@ -181,7 +183,7 @@ impl Drop for HMAC {
if self.state != Finalized {
let mut buf: Vec<u8> = repeat(0).take(self.type_.md_len()).collect();
let mut len = 0;
ffi::HMAC_Final(&mut self.ctx, buf.as_mut_ptr(), &mut len);
ffi_extras::HMAC_Final(&mut self.ctx, buf.as_mut_ptr(), &mut len);
}
ffi::HMAC_CTX_cleanup(&mut self.ctx);
}

1
openssl/src/lib.rs
View File

@ -6,6 +6,7 @@ extern crate libc;
#[macro_use]
extern crate lazy_static;
extern crate openssl_sys as ffi;
extern crate openssl_sys_extras as ffi_extras;
#[cfg(test)]
extern crate rustc_serialize as serialize;

93
openssl/src/ssl/mod.rs
View File

@ -21,6 +21,7 @@ use std::slice;
use bio::{MemBio};
use ffi;
use ffi_extras;
use dh::DH;
use ssl::error::{NonblockingSslError, SslError, SslSessionClosed, StreamError, OpenSslErrors};
use x509::{X509StoreContext, X509FileType, X509};
@ -51,43 +52,43 @@ pub fn init() {
bitflags! {
flags SslContextOptions: u64 {
const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG,
const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi::SSL_OP_NETSCAPE_CHALLENGE_BUG,
const SSL_OP_LEGACY_SERVER_CONNECT = ffi::SSL_OP_LEGACY_SERVER_CONNECT,
const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ffi::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
const SSL_OP_TLSEXT_PADDING = ffi::SSL_OP_TLSEXT_PADDING,
const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER,
const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ffi::SSL_OP_SAFARI_ECDHE_ECDSA_BUG,
const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi::SSL_OP_SSLEAY_080_CLIENT_DH_BUG,
const SSL_OP_TLS_D5_BUG = ffi::SSL_OP_TLS_D5_BUG,
const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi::SSL_OP_TLS_BLOCK_PADDING_BUG,
const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
const SSL_OP_NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU,
const SSL_OP_COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE,
const SSL_OP_NO_TICKET = ffi::SSL_OP_NO_TICKET,
const SSL_OP_CISCO_ANYCONNECT = ffi::SSL_OP_CISCO_ANYCONNECT,
const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION,
const SSL_OP_NO_COMPRESSION = ffi::SSL_OP_NO_COMPRESSION,
const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ffi::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,
const SSL_OP_SINGLE_ECDH_USE = ffi::SSL_OP_SINGLE_ECDH_USE,
const SSL_OP_SINGLE_DH_USE = ffi::SSL_OP_SINGLE_DH_USE,
const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi::SSL_OP_CIPHER_SERVER_PREFERENCE,
const SSL_OP_TLS_ROLLBACK_BUG = ffi::SSL_OP_TLS_ROLLBACK_BUG,
const SSL_OP_NO_SSLV2 = ffi::SSL_OP_NO_SSLv2,
const SSL_OP_NO_SSLV3 = ffi::SSL_OP_NO_SSLv3,
const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1,
const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1,
const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2,
const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2,
const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1,
const SSL_OP_NETSCAPE_CA_DN_BUG = ffi::SSL_OP_NETSCAPE_CA_DN_BUG,
const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ffi::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG,
const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ffi::SSL_OP_CRYPTOPRO_TLSEXT_BUG,
const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ffi::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG,
const SSL_OP_MSIE_SSLV2_RSA_PADDING = ffi::SSL_OP_MSIE_SSLV2_RSA_PADDING,
const SSL_OP_PKCS1_CHECK_1 = ffi::SSL_OP_PKCS1_CHECK_1,
const SSL_OP_PKCS1_CHECK_2 = ffi::SSL_OP_PKCS1_CHECK_2,
const SSL_OP_EPHEMERAL_RSA = ffi::SSL_OP_EPHEMERAL_RSA,
const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi_extras::SSL_OP_MICROSOFT_SESS_ID_BUG,
const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi_extras::SSL_OP_NETSCAPE_CHALLENGE_BUG,
const SSL_OP_LEGACY_SERVER_CONNECT = ffi_extras::SSL_OP_LEGACY_SERVER_CONNECT,
const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
const SSL_OP_TLSEXT_PADDING = ffi_extras::SSL_OP_TLSEXT_PADDING,
const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi_extras::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER,
const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ffi_extras::SSL_OP_SAFARI_ECDHE_ECDSA_BUG,
const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi_extras::SSL_OP_SSLEAY_080_CLIENT_DH_BUG,
const SSL_OP_TLS_D5_BUG = ffi_extras::SSL_OP_TLS_D5_BUG,
const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi_extras::SSL_OP_TLS_BLOCK_PADDING_BUG,
const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi_extras::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
const SSL_OP_NO_QUERY_MTU = ffi_extras::SSL_OP_NO_QUERY_MTU,
const SSL_OP_COOKIE_EXCHANGE = ffi_extras::SSL_OP_COOKIE_EXCHANGE,
const SSL_OP_NO_TICKET = ffi_extras::SSL_OP_NO_TICKET,
const SSL_OP_CISCO_ANYCONNECT = ffi_extras::SSL_OP_CISCO_ANYCONNECT,
const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi_extras::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION,
const SSL_OP_NO_COMPRESSION = ffi_extras::SSL_OP_NO_COMPRESSION,
const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ffi_extras::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,
const SSL_OP_SINGLE_ECDH_USE = ffi_extras::SSL_OP_SINGLE_ECDH_USE,
const SSL_OP_SINGLE_DH_USE = ffi_extras::SSL_OP_SINGLE_DH_USE,
const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi_extras::SSL_OP_CIPHER_SERVER_PREFERENCE,
const SSL_OP_TLS_ROLLBACK_BUG = ffi_extras::SSL_OP_TLS_ROLLBACK_BUG,
const SSL_OP_NO_SSLV2 = ffi_extras::SSL_OP_NO_SSLv2,
const SSL_OP_NO_SSLV3 = ffi_extras::SSL_OP_NO_SSLv3,
const SSL_OP_NO_DTLSV1 = ffi_extras::SSL_OP_NO_DTLSv1,
const SSL_OP_NO_TLSV1 = ffi_extras::SSL_OP_NO_TLSv1,
const SSL_OP_NO_DTLSV1_2 = ffi_extras::SSL_OP_NO_DTLSv1_2,
const SSL_OP_NO_TLSV1_2 = ffi_extras::SSL_OP_NO_TLSv1_2,
const SSL_OP_NO_TLSV1_1 = ffi_extras::SSL_OP_NO_TLSv1_1,
const SSL_OP_NETSCAPE_CA_DN_BUG = ffi_extras::SSL_OP_NETSCAPE_CA_DN_BUG,
const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG,
const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ffi_extras::SSL_OP_CRYPTOPRO_TLSEXT_BUG,
const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ffi_extras::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG,
const SSL_OP_MSIE_SSLV2_RSA_PADDING = ffi_extras::SSL_OP_MSIE_SSLV2_RSA_PADDING,
const SSL_OP_PKCS1_CHECK_1 = ffi_extras::SSL_OP_PKCS1_CHECK_1,
const SSL_OP_PKCS1_CHECK_2 = ffi_extras::SSL_OP_PKCS1_CHECK_2,
const SSL_OP_EPHEMERAL_RSA = ffi_extras::SSL_OP_EPHEMERAL_RSA,
const SSL_OP_ALL = SSL_OP_MICROSOFT_SESS_ID_BUG.bits|SSL_OP_NETSCAPE_CHALLENGE_BUG.bits
|SSL_OP_LEGACY_SERVER_CONNECT.bits|SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.bits
|SSL_OP_TLSEXT_PADDING.bits|SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.bits
@ -493,13 +494,13 @@ impl SslContext {
pub fn set_read_ahead(&self, m: u32) {
unsafe {
ffi::SSL_CTX_set_read_ahead(self.ctx, m as c_long);
ffi_extras::SSL_CTX_set_read_ahead(self.ctx, m as c_long);
}
}
pub fn set_tmp_dh(&self, dh: DH) -> Result<(),SslError> {
wrap_ssl_result(unsafe {
ffi::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32
ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32
})
}
@ -546,7 +547,7 @@ impl SslContext {
pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(),SslError> {
wrap_ssl_result(
unsafe {
ffi::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int
ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int
})
}
@ -592,21 +593,21 @@ impl SslContext {
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(),SslError> {
wrap_ssl_result(
unsafe {
ffi::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int)
ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int)
})
}
pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions {
let raw_bits = option.bits();
let ret = unsafe {
ffi::SSL_CTX_set_options(self.ctx, raw_bits)
ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits)
};
SslContextOptions::from_bits(ret).unwrap()
}
pub fn get_options(&mut self) -> SslContextOptions {
let ret = unsafe {
ffi::SSL_CTX_get_options(self.ctx)
ffi_extras::SSL_CTX_get_options(self.ctx)
};
SslContextOptions::from_bits(ret).unwrap()
}
@ -614,7 +615,7 @@ impl SslContext {
pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions {
let raw_bits = option.bits();
let ret = unsafe {
ffi::SSL_CTX_clear_options(self.ctx, raw_bits)
ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits)
};
SslContextOptions::from_bits(ret).unwrap()
}
@ -785,7 +786,7 @@ impl Ssl {
/// Sets the host name to be used with SNI (Server Name Indication).
pub fn set_hostname(&self, hostname: &str) -> Result<(), SslError> {
let cstr = CString::new(hostname).unwrap();
let ret = unsafe { ffi::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr()) };
let ret = unsafe { ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr()) };
// For this case, 0 indicates failure.
if ret == 0 {
@ -1435,7 +1436,7 @@ impl<S> NonblockingSslStream<S> {
fn new_base(ssl: Ssl, stream: S, sock: c_int) -> Result<NonblockingSslStream<S>, SslError> {
unsafe {
let bio = try_ssl_null!(ffi::BIO_new_socket(sock, 0));
ffi::BIO_set_nbio(bio, 1);
ffi_extras::BIO_set_nbio(bio, 1);
ffi::SSL_set_bio(ssl.ssl, bio, bio);
}

3
openssl/src/x509/mod.rs
View File

@ -18,6 +18,7 @@ use crypto::hash::Type as HashType;
use crypto::pkey::{PKey,Parts};
use crypto::rand::rand_bytes;
use ffi;
use ffi_extras;
use ssl::error::{SslError, StreamError};
use nid;
@ -400,7 +401,7 @@ impl X509Generator {
let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null());
try_ssl_null!(req);
let exts = ffi::X509_get_extensions(cert.handle);
let exts = ffi_extras::X509_get_extensions(cert.handle);
if exts != ptr::null_mut() {
try_ssl!(ffi::X509_REQ_add_extensions(req,exts));
}