Support min/max version in LibreSSL

Their implementations of the accessors don't behave expected with no bounds, so we ignore those bits of the tests.
author: Steven Fackler <[email protected]> 2018-05-19 19:43:02 -0700
committer: Steven Fackler <[email protected]> 2018-05-19 19:57:12 -0700
commit: d991566f2b1b6803ad214fe6bf531d5870ab43fd (patch)
tree: d1d6e42fef37739dde443d8e5a66851a59af1c74 /openssl-sys/src
parent: Merge pull request #921 from eonil/master (diff)
download: rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.tar.xz
rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.zip
3 files changed, 39 insertions, 24 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 61e087d0..e78c24f4 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -236,8 +236,10 @@ pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
 pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
 pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
 
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY
-    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX
+pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+    | EVP_PKEY_OP_VERIFY
+    | EVP_PKEY_OP_VERIFYRECOVER
+    | EVP_PKEY_OP_SIGNCTX
     | EVP_PKEY_OP_VERIFYCTX;
 
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
@@ -1259,21 +1261,23 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x, ossl101)))]
+#[cfg(not(any(libressl261, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(any(libressl, ossl110f, ossl111)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
 #[cfg(any(ossl110f, ossl111))]
-pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-    | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
+pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG
+    | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+    | SSL_OP_LEGACY_SERVER_CONNECT
+    | SSL_OP_TLSEXT_PADDING
     | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
@@ -1289,8 +1293,11 @@ pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
 pub const SSL_OP_NO_SSL_MASK: c_ulong =
     SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
 #[cfg(ossl111)]
-pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
-    | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2
+    | SSL_OP_NO_SSLv3
+    | SSL_OP_NO_TLSv1
+    | SSL_OP_NO_TLSv1_1
+    | SSL_OP_NO_TLSv1_2
     | SSL_OP_NO_TLSv1_3;
 
 pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs
index 366d9502..5ae205bc 100644
--- a/openssl-sys/src/libressl/mod.rs
+++ b/openssl-sys/src/libressl/mod.rs
@@ -1,19 +1,18 @@
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
 use std::mem;
 use std::ptr;
 use std::sync::{Mutex, MutexGuard};
 use std::sync::{Once, ONCE_INIT};
 
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 pub use libressl::v250::*;
-#[cfg(not(libressl250))]
-pub use libressl::v25x::*;
-
-use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
+#[cfg(libressl251)]
+pub use libressl::v251::*;
 
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 mod v250;
-#[cfg(not(libressl250))]
-mod v25x;
+#[cfg(libressl251)]
+mod v251;
 
 #[repr(C)]
 pub struct stack_st_ASN1_OBJECT {
@@ -337,9 +336,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_ALL: c_ulong = 0x4;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -352,9 +351,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
@@ -540,6 +539,15 @@ extern "C" {
             unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
         >,
     );
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+
     pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
diff --git a/openssl-sys/src/libressl/v25x.rs b/openssl-sys/src/libressl/v251.rs
index 7e7023ec..541b61db 100644
--- a/openssl-sys/src/libressl/v25x.rs
+++ b/openssl-sys/src/libressl/v251.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t};
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, time_t};
 
 use super::*;
 
@@ -84,6 +84,6 @@ pub struct X509_VERIFY_PARAM {
     pub purpose: c_int,
     pub trust: c_int,
     pub depth: c_int,
-    policies: *mut stack_st_ASN1_OBJECT,
+    pub policies: *mut stack_st_ASN1_OBJECT,
     id: *mut c_void,
 }
author	Steven Fackler <[email protected]>	2018-05-19 19:43:02 -0700
committer	Steven Fackler <[email protected]>	2018-05-19 19:57:12 -0700
commit	d991566f2b1b6803ad214fe6bf531d5870ab43fd (patch)
tree	d1d6e42fef37739dde443d8e5a66851a59af1c74 /openssl-sys/src
parent	Merge pull request #921 from eonil/master (diff)
download	rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.tar.xz rust-openssl-d991566f2b1b6803ad214fe6bf531d5870ab43fd.zip