diff options
| author | Steven Fackler <[email protected]> | 2016-10-14 11:39:43 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2016-10-14 11:39:43 -0700 |
| commit | 98e71596fb48ce7cdabd46e581f32a9a54398cce (patch) | |
| tree | 7d600055248d58edfccd4ed5577c32c86bac3ff2 /openssl-sys | |
| parent | Rename NoPadding to None (diff) | |
| parent | Ignore DTLS tests on Windows/ARM for now (diff) | |
| download | rust-openssl-98e71596fb48ce7cdabd46e581f32a9a54398cce.tar.xz rust-openssl-98e71596fb48ce7cdabd46e581f32a9a54398cce.zip | |
Merge pull request #464 from alexcrichton/systest
Add support for OpenSSL 1.1.0
Diffstat (limited to 'openssl-sys')
| -rw-r--r-- | openssl-sys/Cargo.toml | 26 | ||||
| -rw-r--r-- | openssl-sys/build.rs | 376 | ||||
| -rw-r--r-- | openssl-sys/src/lib.rs | 743 | ||||
| -rw-r--r-- | openssl-sys/src/ossl10x.rs | 569 | ||||
| -rw-r--r-- | openssl-sys/src/ossl110.rs | 146 | ||||
| -rw-r--r-- | openssl-sys/src/probe.rs | 77 |
6 files changed, 1214 insertions, 723 deletions
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index dcdf9d1a..d44dcfc1 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -10,38 +10,12 @@ documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.17/openssl_sys links = "openssl" build = "build.rs" -[features] -tlsv1_2 = [] -tlsv1_1 = [] -dtlsv1 = [] -dtlsv1_2 = [] -sslv2 = [] -sslv3 = [] -aes_xts = [] -aes_ctr = [] -npn = [] -alpn = [] -rfc5114 = [] -pkcs5_pbkdf2_hmac = [] -ecdh_auto = [] -hmac_clone = [] - [dependencies] libc = "0.2" [build-dependencies] pkg-config = "0.3" -[target.le32-unknown-nacl.dependencies] -libressl-pnacl-sys = "2.1.0" -[target.x86_64-unknown-nacl.dependencies] -libressl-pnacl-sys = "2.1.0" -[target.i686-unknown-nacl.dependencies] -libressl-pnacl-sys = "2.1.0" -[target.arm-unknown-nacl.dependencies] -libressl-pnacl-sys = "2.1.0" - -# Only here to make sure we link to these in a static build on Windows [target.'cfg(windows)'.dependencies] user32-sys = "0.2" gdi32-sys = "0.2" diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index 0e3a76d2..9f5b3877 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -1,86 +1,344 @@ extern crate pkg_config; +use std::collections::HashSet; use std::env; +use std::ffi::OsString; +use std::fs::File; +use std::io::Read; +use std::path::{Path, PathBuf}; fn main() { let target = env::var("TARGET").unwrap(); - // libressl_pnacl_sys links the libs needed. - if target.ends_with("nacl") { return; } + let openssl_dir = env::var_os("OPENSSL_DIR").unwrap_or_else(|| { + find_openssl_dir(&target) + }); - let lib_dir = env::var("OPENSSL_LIB_DIR").ok(); - let include_dir = env::var("OPENSSL_INCLUDE_DIR").ok(); + let lib_dir = Path::new(&openssl_dir).join("lib"); + let include_dir = Path::new(&openssl_dir).join("include"); + if !Path::new(&lib_dir).exists() { + panic!("OpenSSL library directory does not exist: {}", + lib_dir.to_string_lossy()); + } - if lib_dir.is_none() && include_dir.is_none() { - // rustc doesn't seem to work with pkg-config's output in mingw64 - if !target.contains("windows") { - if let Ok(info) = pkg_config::find_library("openssl") { - // avoid empty include paths as they are not supported by GCC - if info.include_paths.len() > 0 { - let paths = env::join_paths(info.include_paths).unwrap(); - println!("cargo:include={}", paths.to_str().unwrap()); - } - return; - } + if !Path::new(&include_dir).exists() { + panic!("OpenSSL include directory does not exist: {}", + include_dir.to_string_lossy()); + } + + println!("cargo:rustc-link-search=native={}", lib_dir.to_string_lossy()); + println!("cargo:include={}", include_dir.to_string_lossy()); + + let version = validate_headers(&[include_dir.clone().into()], + &[lib_dir.clone().into()]); + + let libs = if (version.contains("0x10001") || + version.contains("0x10002")) && + target.contains("windows") { + ["ssleay32", "libeay32"] + } else if target.contains("windows") { + ["libssl", "libcrypto"] + } else { + ["ssl", "crypto"] + }; + + let kind = determine_mode(Path::new(&lib_dir), &libs); + for lib in libs.iter() { + println!("cargo:rustc-link-lib={}={}", kind, lib); + } +} + +fn find_openssl_dir(target: &str) -> OsString { + let host = env::var("HOST").unwrap(); + + if host.contains("apple-darwin") && target.contains("apple-darwin") { + let homebrew = Path::new("/usr/local/opt/openssl"); + if homebrew.exists() { + return homebrew.to_path_buf().into() } - if let Some(mingw_paths) = get_mingw_in_path() { - for path in mingw_paths { - println!("cargo:rustc-link-search=native={}", path); - } + let homebrew = Path::new("/usr/local/opt/[email protected]"); + if homebrew.exists() { + return homebrew.to_path_buf().into() } } - let libs_env = env::var("OPENSSL_LIBS").ok(); - let libs = match libs_env { - Some(ref v) => v.split(":").collect(), - None => if target.contains("windows") { - if get_mingw_in_path().is_some() && lib_dir.is_none() && include_dir.is_none() { - vec!["ssleay32", "eay32"] - } else { - vec!["ssl32", "eay32"] - } - } else { - vec!["ssl", "crypto"] + try_pkg_config(); + + let mut msg = format!(" + +Could not find directory of OpenSSL installation, and this `-sys` crate cannot +proceed without this knowledge. If OpenSSL is installed and this crate had +trouble finding it, you can set the `OPENSSL_DIR` environment variable for the +compilation process. + +If you're in a situation where you think the directory *should* be found +automatically, please open a bug at https://github.com/sfackler/rust-openssl +and include information about your system as well as this message. + + $HOST = {} + $TARGET = {} + openssl-sys = {} + +", + host, target, env!("CARGO_PKG_VERSION")); + + if host.contains("apple-darwin") && target.contains("apple-darwin") { + let system = Path::new("/usr/lib/libssl.0.9.8.dylib"); + if system.exists() { + msg.push_str(&format!(" + +It looks like you're compiling on macOS, where the system contains a version of +OpenSSL 0.9.8. This crate no longer supports OpenSSL 0.9.8. + +As a consumer of this crate, you can fix this error by using Homebrew to +install the `openssl` package, or as a maintainer you can use the openssl-sys +0.7 crate for support with OpenSSL 0.9.8. + +Unfortunately though the compile cannot continue, so aborting. + +")); } - }; + } - let mode = if env::var_os("OPENSSL_STATIC").is_some() { - "static" - } else { - "dylib" - }; + if host.contains("windows") && target.contains("windows-gnu") { + msg.push_str(&format!(" +It looks like you're compiling for MinGW but you may not have either OpenSSL or +pkg-config installed. You can install these two dependencies with: + + pacman -S openssl pkg-config - if let Some(lib_dir) = lib_dir { - println!("cargo:rustc-link-search=native={}", lib_dir); +and try building this crate again. + +" +)); } - for lib in libs { - println!("cargo:rustc-link-lib={}={}", mode, lib); + if host.contains("windows") && target.contains("windows-msvc") { + msg.push_str(&format!(" +It looks like you're compiling for MSVC but we couldn't detect an OpenSSL +installation. If there isn't one installed then you can try the rust-openssl +README for more information about how to download precompiled binaries of +OpenSSL: + + https://github.com/sfackler/rust-openssl#windows + +" +)); } - if let Some(include_dir) = include_dir { - println!("cargo:include={}", include_dir); + panic!(msg); +} + +/// Attempt to find OpenSSL through pkg-config. +/// +/// Note that if this succeeds then the function does not return as pkg-config +/// typically tells us all the information that we need. +fn try_pkg_config() { + let target = env::var("TARGET").unwrap(); + let host = env::var("HOST").unwrap(); + + // If we're going to windows-gnu we can use pkg-config, but only so long as + // we're coming from a windows host. + // + // Otherwise if we're going to windows we probably can't use pkg-config. + if target.contains("windows-gnu") && host.contains("windows") { + env::set_var("PKG_CONFIG_ALLOW_CROSS", "1"); + } else if target.contains("windows") { + return + } + + // We're going to be looking at header files, so show us all the system + // cflags dirs for showing us lots of `-I`. + env::set_var("PKG_CONFIG_ALLOW_SYSTEM_CFLAGS", "1"); + + let lib = match pkg_config::find_library("openssl") { + Ok(lib) => lib, + Err(_) => return, + }; + + if lib.include_paths.len() == 0 { + panic!(" + +Used pkg-config to discover the OpenSSL installation, but pkg-config did not +return any include paths for the installation. This crate needs to take a peek +at the header files so it cannot proceed unless they're found. + +You can try fixing this by setting the `OPENSSL_DIR` environment variable +pointing to your OpenSSL installation. + +"); } + + validate_headers(&lib.include_paths, &lib.link_paths); + + for include in lib.include_paths.iter() { + println!("cargo:include={}", include.display()); + } + + std::process::exit(0); } -fn get_mingw_in_path() -> Option<Vec<String>> { - match env::var_os("PATH") { - Some(env_path) => { - let paths: Vec<String> = env::split_paths(&env_path).filter_map(|path| { - use std::ascii::AsciiExt; - - match path.to_str() { - Some(path_str) => { - if path_str.to_ascii_lowercase().contains("mingw") { - Some(path_str.to_string()) - } else { None } - }, - None => None +/// Validates the header files found in `include_dir` and then returns the +/// version string of OpenSSL. +fn validate_headers(include_dirs: &[PathBuf], + libdirs: &[PathBuf]) -> String { + // This `*-sys` crate only works with OpenSSL 1.0.1, 1.0.2, and 1.1.0. To + // correctly expose the right API from this crate, take a look at + // `opensslv.h` to see what version OpenSSL claims to be. + let mut version_header = String::new(); + let mut include = include_dirs.iter() + .map(|p| p.join("openssl/opensslv.h")) + .filter(|p| p.exists()); + let mut f = match include.next() { + Some(f) => File::open(f).unwrap(), + None => { + panic!("failed to open header file at `openssl/opensslv.h` to learn + about OpenSSL's version number, looked inside:\n\n{:#?}\n\n", + include_dirs); + } + }; + f.read_to_string(&mut version_header).unwrap(); + + // Do a bit of string parsing to find `#define OPENSSL_VERSION_NUMBER ...` + let version_line = version_header.lines().find(|l| { + l.contains("define ") && l.contains("OPENSSL_VERSION_NUMBER") + }).and_then(|line| { + let start = match line.find("0x") { + Some(start) => start, + None => return None, + }; + Some(line[start..].trim()) + }); + let version_text = match version_line { + Some(text) => text, + None => { + panic!("header file at `{}` did not include `OPENSSL_VERSION_NUMBER` \ + that this crate recognized, failed to learn about the \ + OpenSSL version number"); + } + }; + if version_text.contains("0x10001") { + println!("cargo:rustc-cfg=ossl101"); + println!("cargo:is_101=1"); + } else if version_text.contains("0x10002") { + println!("cargo:rustc-cfg=ossl102"); + println!("cargo:is_102=1"); + } else if version_text.contains("0x10100") { + println!("cargo:rustc-cfg=ossl110"); + println!("cargo:is_110=1"); + } else { + panic!(" + +This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, but a +different version of OpenSSL was found: + + {} + +The build is now aborting due to this version mismatch. + +", version_text); + } + + // OpenSSL has a number of build-time configuration options which affect + // various structs and such. Since OpenSSL 1.1.0 this isn't really a problem + // as the library is much more FFI-friendly, but 1.0.{1,2} suffer this problem. + // + // To handle all this conditional compilation we slurp up the configuration + // file of OpenSSL, `opensslconf.h`, and then dump out everything it defines + // as our own #[cfg] directives. That way the `ossl10x.rs` bindings can + // account for compile differences and such. + if version_text.contains("0x1000") { + let mut conf_header = String::new(); + let mut include = include_dirs.iter() + .map(|p| p.join("openssl/opensslconf.h")) + .filter(|p| p.exists()); + let mut f = match include.next() { + Some(f) => File::open(f).unwrap(), + None => { + // It's been seen that on linux the include dir printed out by + // `pkg-config` doesn't actually have opensslconf.h. Instead + // it's in an architecture-specific include directory. + // + // Try to detect that case to see if it exists. + let mut libdirs = libdirs.iter().map(|p| { + p.iter() + .map(|p| if p == "lib" {"include".as_ref()} else {p}) + .collect::<PathBuf>() + }).map(|p| { + p.join("openssl/opensslconf.h") + }).filter(|p| p.exists()); + match libdirs.next() { + Some(f) => File::open(f).unwrap(), + None => { + panic!("failed to open header file at + `openssl/opensslconf.h` to learn about \ + OpenSSL's version number, looked \ + inside:\n\n{:#?}\n\n", + include_dirs); + } } - }).collect(); + } + }; + f.read_to_string(&mut conf_header).unwrap(); + + // Look for `#define OPENSSL_FOO`, print out everything as our own + // #[cfg] flag. + for line in conf_header.lines() { + let i = match line.find("define ") { + Some(i) => i, + None => continue, + }; + let var = line[i + "define ".len()..].trim(); + if var.starts_with("OPENSSL") && !var.contains(" ") { + println!("cargo:rustc-cfg=osslconf=\"{}\"", var); + } + } + } + + return version_text.to_string() +} - if paths.len() > 0 { Some(paths) } else { None } - }, - None => None +/// Given a libdir for OpenSSL (where artifacts are located) as well as the name +/// of the libraries we're linking to, figure out whether we should link them +/// statically or dynamically. +fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str { + // First see if a mode was explicitly requested + let kind = env::var("OPENSSL_STATIC").ok(); + match kind.as_ref().map(|s| &s[..]) { + Some("0") => return "dylib", + Some(_) => return "static", + None => {} } + + // Next, see what files we actually have to link against, and see what our + // possibilities even are. + let files = libdir.read_dir().unwrap() + .map(|e| e.unwrap()) + .map(|e| e.file_name()) + .filter_map(|e| e.into_string().ok()) + .collect::<HashSet<_>>(); + let can_static = libs.iter().all(|l| { + files.contains(&format!("lib{}.a", l)) || + files.contains(&format!("{}.lib", l)) + }); + let can_dylib = libs.iter().all(|l| { + files.contains(&format!("lib{}.so", l)) || + files.contains(&format!("{}.dll", l)) || + files.contains(&format!("lib{}.dylib", l)) + }); + match (can_static, can_dylib) { + (true, false) => return "static", + (false, true) => return "dylib", + (false, false) => { + panic!("OpenSSL libdir at `{}` does not contain the required files \ + to either statically or dynamically link OpenSSL", + libdir.display()); + } + (true, true) => {} + } + + // Ok, we've got not explicit preference and can *either* link statically or + // link dynamically. In the interest of "security upgrades" and/or "best + // practices with security libs", let's link dynamically. + "dylib" } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b7a61c52..e3c5bd95 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,64 +1,45 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] -#![allow(dead_code)] +#![allow(dead_code, overflowing_literals)] #![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.17")] extern crate libc; -#[cfg(target_os = "nacl")] -extern crate libressl_pnacl_sys; - use libc::{c_void, c_int, c_char, c_ulong, c_long, c_uint, c_uchar, size_t, FILE}; -use std::mem; use std::ptr; -use std::sync::{Mutex, MutexGuard}; -use std::sync::{Once, ONCE_INIT}; - -pub type ASN1_INTEGER = c_void; -pub type ASN1_STRING = c_void; -pub type ASN1_TIME = c_void; -pub type ASN1_TYPE = c_void; -pub type BN_CTX = c_void; -pub type BN_GENCB = c_void; -pub type COMP_METHOD = c_void; -pub type DH = c_void; -pub type ENGINE = c_void; -pub type EVP_CIPHER_CTX = c_void; -pub type EVP_MD = c_void; -pub type EVP_PKEY_CTX = c_void; -pub type SSL = c_void; -pub type SSL_CIPHER = c_void; -pub type SSL_CTX = c_void; -pub type SSL_METHOD = c_void; -pub type X509 = c_void; -pub type X509_CRL = c_void; -pub type X509_EXTENSION = c_void; -pub type X509_NAME = c_void; -pub type X509_NAME_ENTRY = c_void; -pub type X509_REQ = c_void; -pub type X509_STORE_CTX = c_void; -pub type bio_st = c_void; -#[repr(C)] -pub struct PKCS12(c_void); -#[repr(C)] -pub struct stack_st_X509 { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_X509_EXTENSION { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_GENERAL_NAME { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_void { - pub stack: _STACK, -} +#[cfg(any(ossl101, ossl102))] +mod ossl10x; +#[cfg(any(ossl101, ossl102))] +pub use ossl10x::*; + +#[cfg(ossl110)] +mod ossl110; +#[cfg(ossl110)] +pub use ossl110::*; + +pub enum ASN1_INTEGER {} +pub enum ASN1_STRING {} +pub enum ASN1_TIME {} +pub enum ASN1_TYPE {} +pub enum BN_CTX {} +pub enum BN_GENCB {} +pub enum COMP_METHOD {} +pub enum ENGINE {} +pub enum EVP_CIPHER_CTX {} +pub enum EVP_MD {} +pub enum EVP_PKEY_CTX {} +pub enum SSL {} +pub enum SSL_CIPHER {} +pub enum SSL_METHOD {} +pub enum X509_CRL {} +pub enum X509_EXTENSION {} +pub enum X509_NAME {} +pub enum X509_NAME_ENTRY {} +pub enum X509_REQ {} +pub enum X509_STORE_CTX {} +pub enum bio_st {} +pub enum PKCS12 {} +pub enum DH_METHOD {} pub type bio_info_cb = Option<unsafe extern "C" fn(*mut BIO, c_int, @@ -67,188 +48,16 @@ pub type bio_info_cb = Option<unsafe extern "C" fn(*mut BIO, c_long, c_long)>; -#[repr(C)] -#[derive(Copy, Clone)] -pub struct BIO_METHOD { - pub type_: c_int, - pub name: *const c_char, - pub bwrite: Option<unsafe extern "C" fn(*mut BIO, *const c_char, c_int) -> c_int>, - pub bread: Option<unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int>, - pub bputs: Option<unsafe extern "C" fn(*mut BIO, *const c_char) -> c_int>, - pub bgets: Option<unsafe extern "C" fn(*mut BIO, *mut c_char, c_int) -> c_int>, - pub ctrl: Option<unsafe extern "C" fn(*mut BIO, c_int, c_long, *mut c_void) -> c_long>, - pub create: Option<unsafe extern "C" fn(*mut BIO) -> c_int>, - pub destroy: Option<unsafe extern "C" fn(*mut BIO) -> c_int>, - pub callback_ctrl: Option<unsafe extern "C" fn(*mut BIO, c_int, bio_info_cb) -> c_long>, -} - -// so we can create static BIO_METHODs -unsafe impl Sync for BIO_METHOD {} - -#[repr(C)] -pub struct _STACK { - pub num: c_int, - pub data: *mut *mut c_char, - pub sorted: c_int, - pub num_alloc: c_int, - pub comp: Option<unsafe extern "C" fn(*const c_void, *const c_void)>, -} - -#[repr(C)] -pub struct RSA { - pub pad: c_int, - pub version: c_long, - pub meth: *const c_void, - - pub engine: *mut c_void, - pub n: *mut BIGNUM, - pub e: *mut BIGNUM, - pub d: *mut BIGNUM, - pub p: *mut BIGNUM, - pub q: *mut BIGNUM, - pub dmp1: *mut BIGNUM, - pub dmq1: *mut BIGNUM, - pub iqmp: *mut BIGNUM, - - pub ex_data: *mut c_void, - pub references: c_int, - pub flags: c_int, - - pub _method_mod_n: *mut c_void, - pub _method_mod_p: *mut c_void, - pub _method_mod_q: *mut c_void, - - pub bignum_data: *mut c_char, - pub blinding: *mut c_void, - pub mt_blinding: *mut c_void, -} - -#[repr(C)] -pub struct DSA { - pub pad: c_int, - pub version: c_long, - pub write_params: c_int, - - pub p: *mut BIGNUM, - pub q: *mut BIGNUM, - pub g: *mut BIGNUM, - pub pub_key: *mut BIGNUM, - pub priv_key: *mut BIGNUM, - pub kinv: *mut BIGNUM, - pub r: *mut BIGNUM, - - pub flags: c_int, - pub _method_mont_p: *mut c_void, - pub references: c_int, - pub ex_data: *mut c_void, - pub meth: *const c_void, - pub engine: *const c_void, -} +pub enum RSA_METHOD {} +pub enum BN_MONT_CTX {} +pub enum BN_BLINDING {} +pub enum DSA_METHOD {} +pub enum EVP_PKEY_ASN1_METHOD {} #[repr(C)] -pub struct EVP_PKEY { +pub struct GENERAL_NAME { pub type_: c_int, - pub save_type: c_int, - pub references: c_int, - pub ameth: *const c_void, - pub engine: *mut ENGINE, - pub pkey: *mut c_void, - pub save_parameters: c_int, - pub attributes: *mut c_void, -} - -#[repr(C)] -pub struct BIO { - pub method: *mut BIO_METHOD, - pub callback: Option<unsafe extern "C" fn(*mut BIO, - c_int, - *const c_char, - c_int, - c_long, - c_long) - -> c_long>, - pub cb_arg: *mut c_char, - pub init: c_int, - pub shutdown: c_int, - pub flags: c_int, - pub retry_reason: c_int, - pub num: c_int, - pub ptr: *mut c_void, - pub next_bio: *mut BIO, - pub prev_bio: *mut BIO, - pub references: c_int, - pub num_read: c_ulong, - pub num_write: c_ulong, - pub ex_data: CRYPTO_EX_DATA, -} - -#[repr(C)] -pub struct CRYPTO_EX_DATA { - pub sk: *mut stack_st_void, - pub dummy: c_int, -} - -#[repr(C)] -pub struct EVP_MD_CTX { - digest: *mut EVP_MD, - engine: *mut c_void, - flags: c_ulong, - md_data: *mut c_void, - pctx: *mut EVP_PKEY_CTX, - update: *mut c_void -} - -impl Copy for EVP_MD_CTX {} -impl Clone for EVP_MD_CTX { - fn clone(&self) -> EVP_MD_CTX { *self } -} - -#[repr(C)] -pub struct EVP_CIPHER { - pub nid: c_int, - pub block_size: c_int, - pub key_len: c_int, - pub iv_len: c_int, - pub flags: c_ulong, - pub init: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX, - *mut c_uchar, - *const c_uchar, - size_t) -> c_int>, - pub do_cipher: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX, - *mut c_uchar, - *const c_uchar, - size_t) -> c_int>, - pub cleanup: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX) -> c_int>, - pub ctx_size: c_int, - pub set_asn1_parameters: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX, - *mut ASN1_TYPE) -> c_int>, - pub get_asn1_parameters: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX, - *mut ASN1_TYPE) -> c_int>, - pub ctrl: Option<unsafe extern "C" fn(*mut EVP_CIPHER_CTX, - c_int, - c_int, - *mut c_void) -> c_int>, - pub app_data: *mut c_void, -} - -impl Copy for EVP_CIPHER {} -impl Clone for EVP_CIPHER { - fn clone(&self) -> EVP_CIPHER { *self } -} - -#[repr(C)] -pub struct HMAC_CTX { - md: *mut EVP_MD, - md_ctx: EVP_MD_CTX, - i_ctx: EVP_MD_CTX, - o_ctx: EVP_MD_CTX, - key_length: c_uint, - key: [c_uchar; 128] -} - -impl Copy for HMAC_CTX {} -impl Clone for HMAC_CTX { - fn clone(&self) -> HMAC_CTX { *self } + pub d: *mut c_void, } #[repr(C)] @@ -264,35 +73,10 @@ pub struct X509V3_CTX { // Maybe more here } -#[repr(C)] -pub struct GENERAL_NAME { - pub type_: c_int, - pub d: *mut c_void, -} - -impl Copy for GENERAL_NAME {} -impl Clone for GENERAL_NAME { - fn clone(&self) -> GENERAL_NAME { *self } -} - -impl Copy for X509V3_CTX {} -impl Clone for X509V3_CTX { - fn clone(&self) -> X509V3_CTX { *self } -} - -#[repr(C)] -pub struct BIGNUM { - pub d: *mut c_void, - pub top: c_int, - pub dmax: c_int, - pub neg: c_int, - pub flags: c_int, -} - -impl Copy for BIGNUM {} -impl Clone for BIGNUM { - fn clone(&self) -> BIGNUM { *self } -} +#[cfg(target_pointer_width = "64")] +pub type BN_ULONG = libc::c_ulonglong; +#[cfg(target_pointer_width = "32")] +pub type BN_ULONG = c_uint; pub type CRYPTO_EX_new = extern "C" fn(parent: *mut c_void, ptr: *mut c_void, ad: *const CRYPTO_EX_DATA, idx: c_int, @@ -348,15 +132,11 @@ pub const RSA_X931_PADDING: c_int = 5; pub const SSL_CTRL_SET_TMP_DH: c_int = 3; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; -pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_MODE: c_int = 33; pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41; pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53; pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54; pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55; -pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; -#[cfg(feature = "ecdh_auto")] -pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 2; pub const SSL_MODE_AUTO_RETRY: c_long = 4; @@ -374,60 +154,41 @@ pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_long = 0x00000001; -pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_long = 0x00000002; -pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_long = 0x00000008; -pub const SSL_OP_TLSEXT_PADDING: c_long = 0x00000010; -pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_long = 0x00000020; -pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_long = 0x00000080; -pub const SSL_OP_TLS_D5_BUG: c_long = 0x00000100; -pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_long = 0x00000200; -pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_long = 0x00000800; -pub const SSL_OP_ALL: c_long = 0x80000BFF; -pub const SSL_OP_NO_QUERY_MTU: c_long = 0x00001000; -pub const SSL_OP_COOKIE_EXCHANGE: c_long = 0x00002000; -pub const SSL_OP_NO_TICKET: c_long = 0x00004000; -pub const SSL_OP_CISCO_ANYCONNECT: c_long = 0x00008000; -pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_long = 0x00010000; -pub const SSL_OP_NO_COMPRESSION: c_long = 0x00020000; -pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_long = 0x00040000; -pub const SSL_OP_SINGLE_ECDH_USE: c_long = 0x00080000; -pub const SSL_OP_SINGLE_DH_USE: c_long = 0x00100000; -pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_long = 0x00400000; -pub const SSL_OP_TLS_ROLLBACK_BUG: c_long = 0x00800000; -pub const SSL_OP_NO_SSLv2: c_long = 0x01000000; -pub const SSL_OP_NO_SSLv3: c_long = 0x02000000; -pub const SSL_OP_NO_TLSv1: c_long = 0x04000000; - -// Intentionally not bound since they conflict with SSL_OP_PKCS1_CHECK_1 and -// SSL_OP_PKCS1_CHECK_2 on 0.9.8 :( -/* -pub const SSL_OP_NO_TLSv1_2: c_long = 0x08000000; -pub const SSL_OP_NO_TLSv1_1: c_long = 0x10000000; -pub const SSL_OP_NO_DTLSv1: c_long = 0x04000000; -pub const SSL_OP_NO_DTLSv1_2: c_long = 0x08000000; -pub const SSL_OP_NO_SSL_MASK: c_long = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | +#[cfg(not(ossl101))] +pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; +pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +pub const SSL_OP_ALL: c_ulong = 0x80000BFF; +pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; +pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; +pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; +pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; +pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; +pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; +pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; +pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; +pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; +pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; +pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; +pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; +pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; + +#[cfg(not(ossl101))] +pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; +#[cfg(not(ossl101))] +pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; +#[cfg(not(ossl101))] +pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; -*/ -pub const TLSEXT_NAMETYPE_host_name: c_long = 0; +pub const TLSEXT_NAMETYPE_host_name: c_int = 0; pub const SSL_TLSEXT_ERR_OK: c_int = 0; pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1; pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2; pub const SSL_TLSEXT_ERR_NOACK: c_int = 3; -pub const SSLEAY_VERSION : c_int = 0; -pub const SSLEAY_CFLAGS : c_int = 2; -pub const SSLEAY_BUILT_ON : c_int = 3; -pub const SSLEAY_PLATFORM : c_int = 4; -pub const SSLEAY_DIR : c_int = 5; - -#[cfg(any(feature = "npn", feature = "alpn"))] pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0; -#[cfg(any(feature = "npn", feature = "alpn"))] pub const OPENSSL_NPN_NEGOTIATED: c_int = 1; -#[cfg(any(feature = "npn", feature = "alpn"))] pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2; pub const V_ASN1_GENERALIZEDTIME: c_int = 24; @@ -501,59 +262,6 @@ pub const GEN_URI: c_int = 6; pub const GEN_IPADD: c_int = 7; pub const GEN_RID: c_int = 8; -static mut MUTEXES: *mut Vec<Mutex<()>> = 0 as *mut Vec<Mutex<()>>; -static mut GUARDS: *mut Vec<Option<MutexGuard<'static, ()>>> = 0 as *mut Vec<Option<MutexGuard<'static, ()>>>; - -unsafe extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char, - _line: c_int) { - let mutex = &(*MUTEXES)[n as usize]; - - if mode & CRYPTO_LOCK != 0 { - (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); - } else { - &(*GUARDS)[n as usize].take(); - } -} - -pub fn init() { - static INIT: Once = ONCE_INIT; - - INIT.call_once(|| { - unsafe { - SSL_library_init(); - SSL_load_error_strings(); - OPENSSL_add_all_algorithms_noconf(); - - let num_locks = CRYPTO_num_locks(); - let mut mutexes = Box::new(Vec::new()); - for _ in 0..num_locks { - mutexes.push(Mutex::new(())); - } - MUTEXES = mem::transmute(mutexes); - let guards: Box<Vec<Option<MutexGuard<()>>>> = - Box::new((0..num_locks).map(|_| None).collect()); - GUARDS = mem::transmute(guards); - - CRYPTO_set_locking_callback(locking_function); - set_id_callback(); - } - }) -} - -#[cfg(unix)] -fn set_id_callback() { - unsafe extern "C" fn thread_id() -> c_ulong { - libc::pthread_self() as c_ulong - } - - unsafe { - CRYPTO_set_id_callback(thread_id); - } -} - -#[cfg(not(unix))] -fn set_id_callback() {} - // macros pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void) @@ -575,18 +283,6 @@ pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut()) } -pub unsafe fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, op, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_OPTIONS, op, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_get_options(ctx: *mut SSL_CTX) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) -} - pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut()) } @@ -599,11 +295,6 @@ pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) } -#[cfg(feature = "ecdh_auto")] -pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff, ptr::null_mut()) -} - pub unsafe fn SSL_CTX_set_tlsext_servername_callback(ctx: *mut SSL_CTX, cb: Option<extern "C" fn()>) -> c_long { @@ -611,23 +302,12 @@ pub unsafe fn SSL_CTX_set_tlsext_servername_callback(ctx: *mut SSL_CTX, } pub unsafe fn SSL_set_tlsext_host_name(s: *mut SSL, name: *mut c_char) -> c_long { - SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name as *mut c_void) + SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, + TLSEXT_NAMETYPE_host_name as c_long, + name as *mut c_void) } -pub unsafe fn EVP_CIPHER_block_size(e: *const EVP_CIPHER) -> c_int { - (*e).block_size -} - -pub unsafe fn EVP_CIPHER_key_length(e: *const EVP_CIPHER) -> c_int { - (*e).key_len -} - -pub unsafe fn EVP_CIPHER_iv_length(e: *const EVP_CIPHER) -> c_int { - (*e).iv_len -} - -// True functions -extern "C" { +extern { pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int; pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; pub fn ASN1_TIME_free(tm: *mut ASN1_TIME); @@ -635,116 +315,101 @@ extern "C" { pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; pub fn BIO_free_all(b: *mut BIO); - pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; pub fn BIO_new_fp(stream: *mut FILE, close_flag: c_int) -> *mut BIO; pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; - pub fn BIO_s_file() -> *const BIO_METHOD; - pub fn BIO_s_mem() -> *const BIO_METHOD; pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; pub fn BIO_set_flags(b: *mut BIO, flags: c_int); pub fn BIO_clear_flags(b: *mut BIO, flags: c_int); pub fn BN_new() -> *mut BIGNUM; - pub fn BN_dup(n: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_dup(n: *const BIGNUM) -> *mut BIGNUM; pub fn BN_clear_free(bn: *mut BIGNUM); pub fn BN_CTX_new() -> *mut BN_CTX; pub fn BN_CTX_free(ctx: *mut BN_CTX); - pub fn BN_num_bits(bn: *mut BIGNUM) -> c_int; + pub fn BN_num_bits(bn: *const BIGNUM) -> c_int; pub fn BN_set_negative(bn: *mut BIGNUM, n: c_int); - pub fn BN_set_word(bn: *mut BIGNUM, n: c_ulong) -> c_int; + pub fn BN_set_word(bn: *mut BIGNUM, n: BN_ULONG) -> c_int; /* Arithmetic operations on BIGNUMs */ - pub fn BN_add(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM) -> c_int; - pub fn BN_div(dv: *mut BIGNUM, rem: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_exp(r: *mut BIGNUM, a: *mut BIGNUM, p: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_gcd(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mod_add(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mod_exp(r: *mut BIGNUM, a: *mut BIGNUM, p: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mod_inverse(r: *mut BIGNUM, a: *mut BIGNUM, n: *mut BIGNUM, ctx: *mut BN_CTX) -> *const BIGNUM; - pub fn BN_mod_mul(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mod_sqr(r: *mut BIGNUM, a: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mod_sub(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_mul(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_nnmod(rem: *mut BIGNUM, a: *mut BIGNUM, m: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_add_word(r: *mut BIGNUM, w: c_ulong) -> c_int; - pub fn BN_sub_word(r: *mut BIGNUM, w: c_ulong) -> c_int; - pub fn BN_mul_word(r: *mut BIGNUM, w: c_ulong) -> c_int; - pub fn BN_div_word(r: *mut BIGNUM, w: c_ulong) -> c_ulong; - pub fn BN_mod_word(r: *const BIGNUM, w: c_ulong) -> c_ulong; - pub fn BN_sqr(r: *mut BIGNUM, a: *mut BIGNUM, ctx: *mut BN_CTX) -> c_int; - pub fn BN_sub(r: *mut BIGNUM, a: *mut BIGNUM, b: *mut BIGNUM) -> c_int; + pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; + pub fn BN_div(dv: *mut BIGNUM, rem: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_gcd(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mod_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mod_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mod_inverse(r: *mut BIGNUM, a: *const BIGNUM, n: *const BIGNUM, ctx: *mut BN_CTX) -> *mut BIGNUM; + pub fn BN_mod_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mod_sqr(r: *mut BIGNUM, a: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mod_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_mul(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_nnmod(rem: *mut BIGNUM, a: *const BIGNUM, m: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_add_word(r: *mut BIGNUM, w: BN_ULONG) -> c_int; + pub fn BN_sub_word(r: *mut BIGNUM, w: BN_ULONG) -> c_int; + pub fn BN_mul_word(r: *mut BIGNUM, w: BN_ULONG) -> c_int; + pub fn BN_div_word(r: *mut BIGNUM, w: BN_ULONG) -> BN_ULONG; + pub fn BN_mod_word(r: *const BIGNUM, w: BN_ULONG) -> BN_ULONG; + pub fn BN_sqr(r: *mut BIGNUM, a: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; + pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; /* Bit operations on BIGNUMs */ pub fn BN_clear_bit(a: *mut BIGNUM, n: c_int) -> c_int; - pub fn BN_is_bit_set(a: *mut BIGNUM, n: c_int) -> c_int; - pub fn BN_lshift(r: *mut BIGNUM, a: *mut BIGNUM, n: c_int) -> c_int; - pub fn BN_lshift1(r: *mut BIGNUM, a: *mut BIGNUM) -> c_int; + pub fn BN_is_bit_set(a: *const BIGNUM, n: c_int) -> c_int; + pub fn BN_lshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int; + pub fn BN_lshift1(r: *mut BIGNUM, a: *const BIGNUM) -> c_int; pub fn BN_mask_bits(a: *mut BIGNUM, n: c_int) -> c_int; - pub fn BN_rshift(r: *mut BIGNUM, a: *mut BIGNUM, n: c_int) -> c_int; + pub fn BN_rshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int; pub fn BN_set_bit(a: *mut BIGNUM, n: c_int) -> c_int; - pub fn BN_rshift1(r: *mut BIGNUM, a: *mut BIGNUM) -> c_int; + pub fn BN_rshift1(r: *mut BIGNUM, a: *const BIGNUM) -> c_int; /* Comparisons on BIGNUMs */ - pub fn BN_cmp(a: *mut BIGNUM, b: *mut BIGNUM) -> c_int; - pub fn BN_ucmp(a: *mut BIGNUM, b: *mut BIGNUM) -> c_int; + pub fn BN_cmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int; + pub fn BN_ucmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int; /* Prime handling */ - pub fn BN_generate_prime_ex(r: *mut BIGNUM, bits: c_int, safe: c_int, add: *mut BIGNUM, rem: *mut BIGNUM, cb: *const c_void) -> c_int; - pub fn BN_is_prime_ex(p: *mut BIGNUM, checks: c_int, ctx: *mut BN_CTX, cb: *const c_void) -> c_int; - pub fn BN_is_prime_fasttest_ex(p: *mut BIGNUM, checks: c_int, ctx: *mut BN_CTX, do_trial_division: c_int, cb: *const c_void) -> c_int; + pub fn BN_generate_prime_ex(r: *mut BIGNUM, bits: c_int, safe: c_int, add: *const BIGNUM, rem: *const BIGNUM, cb: *mut BN_GENCB) -> c_int; + pub fn BN_is_prime_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, cb: *mut BN_GENCB) -> c_int; + pub fn BN_is_prime_fasttest_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, do_trial_division: c_int, cb: *mut BN_GENCB) -> c_int; /* Random number handling */ pub fn BN_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int; pub fn BN_pseudo_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int; - pub fn BN_rand_range(r: *mut BIGNUM, range: *mut BIGNUM) -> c_int; - pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *mut BIGNUM) -> c_int; + pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; + pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; /* Conversion from/to binary representation */ pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_bn2bin(a: *mut BIGNUM, to: *mut u8) -> c_int; + pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int; /* Conversion from/to decimal string representation */ - pub fn BN_dec2bn(a: *const *mut BIGNUM, s: *const c_char) -> c_int; - pub fn BN_bn2dec(a: *mut BIGNUM) -> *const c_char; + pub fn BN_dec2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int; + pub fn BN_bn2dec(a: *const BIGNUM) -> *mut c_char; /* Conversion from/to hexidecimal string representation */ - pub fn BN_hex2bn(a: *const *mut BIGNUM, s: *const c_char) -> c_int; - pub fn BN_bn2hex(a: *mut BIGNUM) -> *const c_char; - - pub fn CRYPTO_num_locks() -> c_int; - pub fn CRYPTO_set_locking_callback(func: unsafe extern "C" fn(mode: c_int, - n: c_int, - file: *const c_char, - line: c_int)); - pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); - pub fn CRYPTO_free(buf: *mut c_void); + pub fn BN_hex2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int; + pub fn BN_bn2hex(a: *const BIGNUM) -> *mut c_char; + pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; pub fn DH_free(dh: *mut DH); - #[cfg(feature = "rfc5114")] + #[cfg(not(ossl101))] pub fn DH_get_1024_160() -> *mut DH; - #[cfg(feature = "rfc5114")] + #[cfg(not(ossl101))] pub fn DH_get_2048_224() -> *mut DH; - #[cfg(feature = "rfc5114")] + #[cfg(not(ossl101))] pub fn DH_get_2048_256() -> *mut DH; - // FIXME delete on next version bump - pub fn DH_new_from_params(p: *mut BIGNUM, g: *mut BIGNUM, q: *mut BIGNUM) -> *mut DH; - pub fn ERR_get_error() -> c_ulong; pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char; pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; - pub fn ERR_load_crypto_strings(); - pub fn EVP_md5() -> *const EVP_MD; pub fn EVP_ripemd160() -> *const EVP_MD; pub fn EVP_sha1() -> *const EVP_MD; @@ -755,9 +420,7 @@ extern "C" { pub fn EVP_aes_128_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_128_ecb() -> *const EVP_CIPHER; - #[cfg(feature = "aes_xts")] pub fn EVP_aes_128_xts() -> *const EVP_CIPHER; - #[cfg(feature = "aes_ctr")] pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; // fn EVP_aes_128_gcm() -> EVP_CIPHER; pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER; @@ -765,9 +428,7 @@ extern "C" { pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER; pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER; - #[cfg(feature = "aes_xts")] pub fn EVP_aes_256_xts() -> *const EVP_CIPHER; - #[cfg(feature = "aes_ctr")] pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; // fn EVP_aes_256_gcm() -> EVP_CIPHER; pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER; @@ -792,35 +453,34 @@ extern "C" { pub fn EVP_CipherInit_ex(ctx: *mut EVP_CIPHER_CTX, type_: *const EVP_CIPHER, impl_: *mut ENGINE, - key: *mut c_uchar, - iv: *mut c_uchar, + key: *const c_uchar, + iv: *const c_uchar, enc: c_int) -> c_int; pub fn EVP_CipherUpdate(ctx: *mut EVP_CIPHER_CTX, outbuf: *mut u8, - outlen: &mut c_int, inbuf: *const u8, inlen: c_int) -> c_int; - pub fn EVP_CipherFinal(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: &mut c_int) -> c_int; + outlen: *mut c_int, inbuf: *const u8, inlen: c_int) -> c_int; + pub fn EVP_CipherFinal(ctx: *mut EVP_CIPHER_CTX, res: *mut u8, len: *mut c_int) -> c_int; pub fn EVP_DigestInit(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD) -> c_int; - pub fn EVP_DigestInit_ex(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD, imple: *const ENGINE) -> c_int; - pub fn EVP_DigestUpdate(ctx: *mut EVP_MD_CTX, data: *const u8, n: c_uint) -> c_int; + pub fn EVP_DigestInit_ex(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD, imple: *mut ENGINE) -> c_int; + pub fn EVP_DigestUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, n: size_t) -> c_int; pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; pub fn EVP_DigestFinal_ex(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; - pub fn EVP_MD_CTX_create() -> *mut EVP_MD_CTX; + #[cfg_attr(any(ossl101, ossl102), link_name = "EVP_MD_CTX_create")] + pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX; pub fn EVP_MD_CTX_copy_ex(dst: *mut EVP_MD_CTX, src: *const EVP_MD_CTX) -> c_int; - pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX); + #[cfg_attr(any(ossl101, ossl102), link_name = "EVP_MD_CTX_destroy")] + pub fn EVP_MD_CTX_free(ctx: *mut EVP_MD_CTX); pub fn EVP_PKEY_new() -> *mut EVP_PKEY; pub fn EVP_PKEY_free(k: *mut EVP_PKEY); - pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *const c_void) -> c_int; + pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int; pub fn EVP_PKEY_copy_parameters(to: *mut EVP_PKEY, from: *const EVP_PKEY) -> c_int; pub fn EVP_PKEY_get1_RSA(k: *mut EVP_PKEY) -> *mut RSA; pub fn EVP_PKEY_set1_RSA(k: *mut EVP_PKEY, r: *mut RSA) -> c_int; pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; - pub fn HMAC_CTX_init(ctx: *mut HMAC_CTX); - pub fn HMAC_CTX_cleanup(ctx: *mut HMAC_CTX); - #[cfg(feature = "hmac_clone")] - pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int; + pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: Option<PasswordCallback>, user_data: *mut c_void) -> *mut DH; @@ -845,7 +505,7 @@ extern "C" { kstr: *mut c_uchar, klen: c_int, callback: Option<PasswordCallback>, user_data: *mut c_void) -> c_int; - pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int; + pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int; pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; pub fn PEM_read_bio_DSAPrivateKey(bp: *mut BIO, dsa: *mut *mut DSA, callback: Option<PasswordCallback>, @@ -862,13 +522,12 @@ extern "C" { pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; - pub fn PKCS5_PBKDF2_HMAC_SHA1(pass: *const u8, passlen: c_int, + pub fn PKCS5_PBKDF2_HMAC_SHA1(pass: *const c_char, passlen: c_int, salt: *const u8, saltlen: c_int, iter: c_int, keylen: c_int, out: *mut u8) -> c_int; - #[cfg(feature = "pkcs5_pbkdf2_hmac")] - pub fn PKCS5_PBKDF2_HMAC(pass: *const u8, passlen: c_int, - salt: *const u8, saltlen: c_int, + pub fn PKCS5_PBKDF2_HMAC(pass: *const c_char, passlen: c_int, + salt: *const c_uchar, saltlen: c_int, iter: c_int, digest: *const EVP_MD, keylen: c_int, out: *mut u8) -> c_int; @@ -877,7 +536,6 @@ extern "C" { pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); - pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA; pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *mut BN_GENCB) -> c_int; pub fn RSA_private_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int; @@ -889,7 +547,7 @@ extern "C" { pad: c_int) -> c_int; pub fn RSA_sign(t: c_int, m: *const u8, mlen: c_uint, sig: *mut u8, siglen: *mut c_uint, k: *mut RSA) -> c_int; - pub fn RSA_size(k: *mut RSA) -> c_int; + pub fn RSA_size(k: *const RSA) -> c_int; pub fn RSA_verify(t: c_int, m: *const u8, mlen: c_uint, sig: *const u8, siglen: c_uint, k: *mut RSA) -> c_int; @@ -898,75 +556,51 @@ extern "C" { pub fn DSA_size(dsa: *const DSA) -> c_int; pub fn DSA_generate_parameters_ex(dsa: *mut DSA, bits: c_int, seed: *const c_uchar, seed_len: c_int, counter_ref: *mut c_int, h_ret: *mut c_ulong, - cb: *const c_void) -> c_int; + cb: *mut BN_GENCB) -> c_int; pub fn DSA_generate_key(dsa: *mut DSA) -> c_int; pub fn DSA_sign(dummy: c_int, dgst: *const c_uchar, len: c_int, sigret: *mut c_uchar, siglen: *mut c_uint, dsa: *mut DSA) -> c_int; pub fn DSA_verify(dummy: c_int, dgst: *const c_uchar, len: c_int, sigbuf: *const c_uchar, siglen: c_int, dsa: *mut DSA) -> c_int; - pub fn SSL_library_init() -> c_int; - pub fn SSL_load_error_strings(); - pub fn OPENSSL_add_all_algorithms_noconf(); - - #[cfg(feature = "sslv2")] - pub fn SSLv2_method() -> *const SSL_METHOD; - pub fn SSLv3_method() -> *const SSL_METHOD; - pub fn TLSv1_method() -> *const SSL_METHOD; - #[cfg(feature = "tlsv1_1")] - pub fn TLSv1_1_method() -> *const SSL_METHOD; - #[cfg(feature = "tlsv1_2")] - pub fn TLSv1_2_method() -> *const SSL_METHOD; - #[cfg(feature = "dtlsv1")] - pub fn DTLSv1_method() -> *const SSL_METHOD; - #[cfg(feature = "dtlsv1_2")] - pub fn DTLSv1_2_method() -> *const SSL_METHOD; - pub fn SSLv23_method() -> *const SSL_METHOD; - pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; pub fn SSL_pending(ssl: *const SSL) -> c_int; pub fn SSL_free(ssl: *mut SSL); pub fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO); - pub fn SSL_get_rbio(ssl: *mut SSL) -> *mut BIO; - pub fn SSL_get_wbio(ssl: *mut SSL) -> *mut BIO; + pub fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO; + pub fn SSL_get_wbio(ssl: *const SSL) -> *mut BIO; pub fn SSL_accept(ssl: *mut SSL) -> c_int; pub fn SSL_connect(ssl: *mut SSL) -> c_int; pub fn SSL_do_handshake(ssl: *mut SSL) -> c_int; pub fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; - pub fn SSL_get_error(ssl: *mut SSL, ret: c_int) -> c_int; + pub fn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int; pub fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; pub fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int; pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; - pub fn SSL_get_SSL_CTX(ssl: *mut SSL) -> *mut SSL_CTX; + pub fn SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX; pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX; pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; - pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; + pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; - pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char; - pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; - pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; + pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; + pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; + pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; pub fn SSL_set_verify(ssl: *mut SSL, mode: c_int, verify_callback: Option<extern fn(c_int, *mut X509_STORE_CTX) -> c_int>); - pub fn SSL_get_ex_new_index(argl: c_long, argp: *const c_void, - new_func: Option<CRYPTO_EX_new>, - dup_func: Option<CRYPTO_EX_dup>, - free_func: Option<CRYPTO_EX_free>) - -> c_int; pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int; - pub fn SSL_get_ex_data(ssl: *mut SSL, idx: c_int) -> *mut c_void; + pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; - pub fn SSL_get_servername(ssl: *const SSL, name_type: c_long) -> *const c_char; + pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char; pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; - pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; - pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; + pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int; + pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *mut c_char; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); @@ -978,34 +612,27 @@ extern "C" { pub fn SSL_CTX_load_verify_locations(ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char) -> c_int; pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; - pub fn SSL_CTX_get_ex_new_index(argl: c_long, argp: *const c_void, - new_func: Option<CRYPTO_EX_new>, - dup_func: Option<CRYPTO_EX_dup>, - free_func: Option<CRYPTO_EX_free>) - -> c_int; pub fn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int; - pub fn SSL_CTX_get_ex_data(ctx: *mut SSL_CTX, idx: c_int) -> *mut c_void; + pub fn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void; pub fn SSL_CTX_set_session_id_context(ssl: *mut SSL_CTX, sid_ctx: *const c_uchar, sid_ctx_len: c_uint) -> c_int; pub fn SSL_CTX_use_certificate_file(ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int) -> c_int; - pub fn SSL_CTX_use_certificate_chain_file(ctx: *mut SSL_CTX, cert_chain_file: *const c_char, file_type: c_int) -> c_int; + pub fn SSL_CTX_use_certificate_chain_file(ctx: *mut SSL_CTX, cert_chain_file: *const c_char) -> c_int; pub fn SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int; pub fn SSL_CTX_use_PrivateKey_file(ctx: *mut SSL_CTX, key_file: *const c_char, file_type: c_int) -> c_int; pub fn SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int; - pub fn SSL_CTX_check_private_key(ctx: *mut SSL_CTX) -> c_int; + pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int; pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; - #[cfg(feature = "npn")] pub fn SSL_CTX_set_next_protos_advertised_cb(ssl: *mut SSL_CTX, cb: extern "C" fn(ssl: *mut SSL, out: *mut *const c_uchar, outlen: *mut c_uint, arg: *mut c_void) -> c_int, arg: *mut c_void); - #[cfg(feature = "npn")] pub fn SSL_CTX_set_next_proto_select_cb(ssl: *mut SSL_CTX, cb: extern "C" fn(ssl: *mut SSL, out: *mut *mut c_uchar, @@ -1014,59 +641,49 @@ extern "C" { inlen: c_uint, arg: *mut c_void) -> c_int, arg: *mut c_void); - #[cfg(any(feature = "alpn", feature = "npn"))] pub fn SSL_select_next_proto(out: *mut *mut c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, client: *const c_uchar, client_len: c_uint) -> c_int; - #[cfg(feature = "npn")] pub fn SSL_get0_next_proto_negotiated(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); - #[cfg(feature = "alpn")] + #[cfg(not(ossl101))] pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(feature = "alpn")] + #[cfg(not(ossl101))] pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(feature = "alpn")] + #[cfg(not(ossl101))] pub fn SSL_CTX_set_alpn_select_cb(ssl: *mut SSL_CTX, - cb: extern "C" fn(ssl: *mut SSL, - out: *mut *mut c_uchar, - outlen: *mut c_uchar, - inbuf: *const c_uchar, - inlen: c_uint, - arg: *mut c_void) -> c_int, - arg: *mut c_void); - #[cfg(feature = "alpn")] + cb: extern fn(ssl: *mut SSL, + out: *mut *const c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + arg: *mut c_void) -> c_int, + arg: *mut c_void); + #[cfg(not(ossl101))] pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; - pub fn X509_digest(x: *mut X509, digest: *const EVP_MD, buf: *mut c_char, len: *mut c_uint) -> c_int; + pub fn X509_digest(x: *const X509, digest: *const EVP_MD, buf: *mut c_uchar, len: *mut c_uint) -> c_int; pub fn X509_free(x: *mut X509); pub fn X509_REQ_free(x: *mut X509_REQ); pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER; - pub fn X509_get_subject_name(x: *mut X509) -> *mut X509_NAME; pub fn X509_gmtime_adj(time: *mut ASN1_TIME, adj: c_long) -> *mut ASN1_TIME; pub fn X509_new() -> *mut X509; pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; - pub fn X509_set_notAfter(x: *mut X509, tm: *const ASN1_TIME) -> c_int; - pub fn X509_set_notBefore(x: *mut X509, tm: *const ASN1_TIME) -> c_int; - pub fn X509_set_version(x: *mut X509, version: c_ulong) -> c_int; + pub fn X509_set_version(x: *mut X509, version: c_long) -> c_int; pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY; pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ; - pub fn X509_get_ext_d2i(x: *mut X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); - pub fn X509_NAME_add_entry_by_txt(x: *mut X509, field: *const c_char, ty: c_int, bytes: *const c_char, len: c_int, loc: c_int, set: c_int) -> c_int; + pub fn X509_NAME_add_entry_by_txt(x: *mut X509_NAME, field: *const c_char, ty: c_int, bytes: *const c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int; pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) ->c_int; - pub fn X509_NAME_get_entry(n: *mut X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; - pub fn X509_NAME_ENTRY_get_data(ne: *mut X509_NAME_ENTRY) -> *mut ASN1_STRING; - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_char, s: *mut ASN1_STRING) -> c_int; - pub fn ASN1_STRING_length(x: *mut ASN1_STRING) -> c_int; - pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar; + pub fn ASN1_STRING_length(x: *const ASN1_STRING) -> c_int; pub fn X509_STORE_CTX_get_current_cert(ct: *mut X509_STORE_CTX) -> *mut X509; pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; @@ -1080,14 +697,14 @@ extern "C" { pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; - pub fn d2i_X509(a: *mut *mut X509, pp: *mut *mut c_uchar, length: c_long) -> *mut X509; + pub fn d2i_X509(a: *mut *mut X509, pp: *mut *const c_uchar, length: c_long) -> *mut X509; pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int; pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int; - pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *const *mut u8) -> c_int; - pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; - pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int; - pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; + pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; + pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; + pub fn i2d_RSAPrivateKey(k: *const RSA, buf: *mut *mut u8) -> c_int; + pub fn d2i_RSAPrivateKey(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; pub fn PKCS12_parse(p12: *mut PKCS12, @@ -1098,14 +715,18 @@ extern "C" { -> c_int; pub fn PKCS12_free(p12: *mut PKCS12); - pub fn sk_free(st: *mut _STACK); - pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); - pub fn sk_pop(st: *mut _STACK) -> *mut c_char; - pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME); - pub fn SSLeay() -> c_long; - pub fn SSLeay_version(key: c_int) -> *const c_char; + pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, + key: *const c_void, + len: c_int, + md: *const EVP_MD, + impl_: *mut ENGINE) -> c_int; + pub fn HMAC_Update(ctx: *mut HMAC_CTX, + data: *const c_uchar, + len: size_t) -> c_int; + pub fn HMAC_Final(ctx: *mut HMAC_CTX, + md: *mut c_uchar, + len: *mut c_uint) -> c_int; + pub fn DH_new() -> *mut DH; } - -pub mod probe; diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs new file mode 100644 index 00000000..8420846a --- /dev/null +++ b/openssl-sys/src/ossl10x.rs @@ -0,0 +1,569 @@ +use std::sync::{Mutex, MutexGuard}; +use std::sync::{Once, ONCE_INIT}; +use std::mem; + +use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong}; + +#[repr(C)] +pub struct stack_st_X509 { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509_ATTRIBUTE { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509_EXTENSION { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_GENERAL_NAME { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_void { + pub stack: _STACK, +} + +#[repr(C)] +pub struct _STACK { + pub num: c_int, + pub data: *mut *mut c_char, + pub sorted: c_int, + pub num_alloc: c_int, + pub comp: Option<unsafe extern fn(*const c_void, *const c_void) -> c_int>, +} + +#[repr(C)] +pub struct BIO_METHOD { + pub type_: c_int, + pub name: *const c_char, + pub bwrite: Option<unsafe extern fn(*mut ::BIO, *const c_char, c_int) -> c_int>, + pub bread: Option<unsafe extern fn(*mut ::BIO, *mut c_char, c_int) -> c_int>, + pub bputs: Option<unsafe extern fn(*mut ::BIO, *const c_char) -> c_int>, + pub bgets: Option<unsafe extern fn(*mut ::BIO, *mut c_char, c_int) -> c_int>, + pub ctrl: Option<unsafe extern fn(*mut ::BIO, c_int, c_long, *mut c_void) -> c_long>, + pub create: Option<unsafe extern fn(*mut ::BIO) -> c_int>, + pub destroy: Option<unsafe extern fn(*mut ::BIO) -> c_int>, + pub callback_ctrl: Option<unsafe extern fn(*mut ::BIO, c_int, ::bio_info_cb) -> c_long>, +} + +#[repr(C)] +pub struct RSA { + pub pad: c_int, + pub version: c_long, + pub meth: *const ::RSA_METHOD, + + pub engine: *mut ::ENGINE, + pub n: *mut ::BIGNUM, + pub e: *mut ::BIGNUM, + pub d: *mut ::BIGNUM, + pub p: *mut ::BIGNUM, + pub q: *mut ::BIGNUM, + pub dmp1: *mut ::BIGNUM, + pub dmq1: *mut ::BIGNUM, + pub iqmp: *mut ::BIGNUM, + + pub ex_data: ::CRYPTO_EX_DATA, + pub references: c_int, + pub flags: c_int, + + pub _method_mod_n: *mut ::BN_MONT_CTX, + pub _method_mod_p: *mut ::BN_MONT_CTX, + pub _method_mod_q: *mut ::BN_MONT_CTX, + + pub bignum_data: *mut c_char, + pub blinding: *mut ::BN_BLINDING, + pub mt_blinding: *mut ::BN_BLINDING, +} + +#[repr(C)] +pub struct DSA { + pub pad: c_int, + pub version: c_long, + pub write_params: c_int, + + pub p: *mut ::BIGNUM, + pub q: *mut ::BIGNUM, + pub g: *mut ::BIGNUM, + pub pub_key: *mut ::BIGNUM, + pub priv_key: *mut ::BIGNUM, + pub kinv: *mut ::BIGNUM, + pub r: *mut ::BIGNUM, + + pub flags: c_int, + pub method_mont_p: *mut ::BN_MONT_CTX, + pub references: c_int, + pub ex_data: ::CRYPTO_EX_DATA, + pub meth: *const ::DSA_METHOD, + pub engine: *mut ::ENGINE, +} + +#[repr(C)] +pub struct EVP_PKEY { + pub type_: c_int, + pub save_type: c_int, + pub references: c_int, + pub ameth: *const ::EVP_PKEY_ASN1_METHOD, + pub engine: *mut ::ENGINE, + pub pkey: *mut c_void, + pub save_parameters: c_int, + pub attributes: *mut stack_st_X509_ATTRIBUTE, +} + +#[repr(C)] +pub struct BIO { + pub method: *mut ::BIO_METHOD, + pub callback: Option<unsafe extern fn(*mut ::BIO, + c_int, + *const c_char, + c_int, + c_long, + c_long) + -> c_long>, + pub cb_arg: *mut c_char, + pub init: c_int, + pub shutdown: c_int, + pub flags: c_int, + pub retry_reason: c_int, + pub num: c_int, + pub ptr: *mut c_void, + pub next_bio: *mut ::BIO, + pub prev_bio: *mut ::BIO, + pub references: c_int, + pub num_read: c_ulong, + pub num_write: c_ulong, + pub ex_data: ::CRYPTO_EX_DATA, +} + +#[repr(C)] +pub struct CRYPTO_EX_DATA { + pub sk: *mut ::stack_st_void, + pub dummy: c_int, +} + +#[repr(C)] +pub struct EVP_MD_CTX { + digest: *mut ::EVP_MD, + engine: *mut ::ENGINE, + flags: c_ulong, + md_data: *mut c_void, + pctx: *mut ::EVP_PKEY_CTX, + update: *mut c_void +} + +#[repr(C)] +pub struct EVP_CIPHER { + pub nid: c_int, + pub block_size: c_int, + pub key_len: c_int, + pub iv_len: c_int, + pub flags: c_ulong, + pub init: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX, + *const c_uchar, + *const c_uchar, + c_int) -> c_int>, + pub do_cipher: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX, + *mut c_uchar, + *const c_uchar, + size_t) -> c_int>, + pub cleanup: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX) -> c_int>, + pub ctx_size: c_int, + pub set_asn1_parameters: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX, + *mut ::ASN1_TYPE) -> c_int>, + pub get_asn1_parameters: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX, + *mut ::ASN1_TYPE) -> c_int>, + pub ctrl: Option<unsafe extern fn(*mut ::EVP_CIPHER_CTX, + c_int, + c_int, + *mut c_void) -> c_int>, + pub app_data: *mut c_void, +} + +#[repr(C)] +pub struct HMAC_CTX { + md: *mut ::EVP_MD, + md_ctx: ::EVP_MD_CTX, + i_ctx: ::EVP_MD_CTX, + o_ctx: ::EVP_MD_CTX, + key_length: c_uint, + key: [c_uchar; 128] +} + +#[repr(C)] +pub struct BIGNUM { + pub d: *mut ::BN_ULONG, + pub top: c_int, + pub dmax: c_int, + pub neg: c_int, + pub flags: c_int, +} + +#[repr(C)] +pub struct DH { + pub pad: c_int, + pub version: c_int, + pub p: *mut ::BIGNUM, + pub g: *mut ::BIGNUM, + pub length: c_long, + pub pub_key: *mut ::BIGNUM, + pub priv_key: *mut ::BIGNUM, + pub flags: c_int, + pub method_mont_p: *mut ::BN_MONT_CTX, + pub q: *mut ::BIGNUM, + pub j: *mut ::BIGNUM, + pub seed: *mut c_uchar, + pub seedlen: c_int, + pub counter: *mut ::BIGNUM, + pub references: c_int, + pub ex_data: ::CRYPTO_EX_DATA, + pub meth: *const ::DH_METHOD, + pub engine: *mut ::ENGINE, +} + +#[repr(C)] +pub struct X509 { + pub cert_info: *mut X509_CINF, + sig_alg: *mut c_void, + signature: *mut c_void, + pub valid: c_int, + pub references: c_int, + pub name: *mut c_char, + pub ex_data: ::CRYPTO_EX_DATA, + pub ex_pathlen: c_long, + pub ex_pcpathlen: c_long, + pub ex_flags: c_ulong, + pub ex_kusage: c_ulong, + pub ex_xkusage: c_ulong, + pub ex_nscert: c_ulong, + skid: *mut c_void, + akid: *mut c_void, + policy_cache: *mut c_void, + crldp: *mut c_void, + altname: *mut c_void, + nc: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] + rfc3779_addr: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] + rfc3779_asid: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] + sha1_hash: [c_uchar; 20], + aux: *mut c_void, +} + +#[repr(C)] +pub struct X509_CINF { + version: *mut c_void, + serialNumber: *mut c_void, + signature: *mut c_void, + issuer: *mut c_void, + pub validity: *mut X509_VAL, + subject: *mut c_void, + key: *mut c_void, + issuerUID: *mut c_void, + subjectUID: *mut c_void, + pub extensions: *mut stack_st_X509_EXTENSION, + enc: ASN1_ENCODING, +} + +#[repr(C)] +pub struct ASN1_ENCODING { + pub enc: *mut c_uchar, + pub len: c_long, + pub modified: c_int, +} + +#[repr(C)] +pub struct X509_VAL { + pub notBefore: *mut ::ASN1_TIME, + pub notAfter: *mut ::ASN1_TIME, +} + +#[repr(C)] +pub struct SSL_CTX { + method: *mut c_void, + cipher_list: *mut c_void, + cipher_list_by_id: *mut c_void, + cert_store: *mut c_void, + sessions: *mut c_void, + session_cache_size: c_ulong, + session_cache_head: *mut c_void, + session_cache_tail: *mut c_void, + session_cache_mode: c_int, + session_timeout: c_long, + new_session_cb: *mut c_void, + remove_session_cb: *mut c_void, + get_session_cb: *mut c_void, + stats: [c_int; 11], + pub references: c_int, + app_verify_callback: *mut c_void, + app_verify_arg: *mut c_void, + default_passwd_callback: *mut c_void, + default_passwd_callback_userdata: *mut c_void, + client_cert_cb: *mut c_void, + app_gen_cookie_cb: *mut c_void, + app_verify_cookie_cb: *mut c_void, + ex_dat: ::CRYPTO_EX_DATA, + rsa_md5: *mut c_void, + md5: *mut c_void, + sha1: *mut c_void, + extra_certs: *mut c_void, + comp_methods: *mut c_void, + info_callback: *mut c_void, + client_CA: *mut c_void, + options: c_ulong, + mode: c_ulong, + max_cert_list: c_long, + cert: *mut c_void, + read_ahead: c_int, + msg_callback: *mut c_void, + msg_callback_arg: *mut c_void, + verify_mode: c_int, + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; 32], + default_verify_callback: *mut c_void, + generate_session_id: *mut c_void, + param: *mut c_void, + quiet_shutdown: c_int, + max_send_fragment: c_uint, + + #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] + client_cert_engine: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_servername_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsect_servername_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_key_name: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_hmac_key: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_aes_key: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ticket_key_cb: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_cb: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input_callback_arg: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_identity_hint: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_client_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_server_callback: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + freelist_max_len: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + wbuf_freelist: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + rbuf_freelist: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] + srp_ctx: SRP_CTX, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_protos_advertised_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_protos_advertised_cb_arg: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_select_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_select_cb_arg: *mut c_void, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] + srtp_profiles: *mut c_void, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + srtp_profiles: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_select_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_select_cb_arg: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list_len: c_uint, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ecpointformatlist: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ellipticcurvelist: *mut c_uchar, +} + +#[repr(C)] +pub struct SRP_CTX { + SRP_cb_arg: *mut c_void, + TLS_ext_srp_username_callback: *mut c_void, + SRP_verify_param_callback: *mut c_void, + SRP_give_srp_client_pwd_callback: *mut c_void, + login: *mut c_void, + N: *mut c_void, + g: *mut c_void, + s: *mut c_void, + B: *mut c_void, + A: *mut c_void, + a: *mut c_void, + b: *mut c_void, + v: *mut c_void, + info: *mut c_void, + stringth: c_int, + srp_Mask: c_ulong, +} + +pub const SSL_CTRL_OPTIONS: c_int = 32; +pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; +#[cfg(ossl102)] +pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; + +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; +pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; +pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; +pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; +pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; + +pub const SSLEAY_VERSION : c_int = 0; +pub const SSLEAY_CFLAGS : c_int = 2; +pub const SSLEAY_BUILT_ON : c_int = 3; +pub const SSLEAY_PLATFORM : c_int = 4; +pub const SSLEAY_DIR : c_int = 5; + +pub const CRYPTO_LOCK_X509: c_int = 3; +pub const CRYPTO_LOCK_SSL_CTX: c_int = 12; + +static mut MUTEXES: *mut Vec<Mutex<()>> = 0 as *mut Vec<Mutex<()>>; +static mut GUARDS: *mut Vec<Option<MutexGuard<'static, ()>>> = 0 as *mut Vec<Option<MutexGuard<'static, ()>>>; + +unsafe extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char, + _line: c_int) { + let mutex = &(*MUTEXES)[n as usize]; + + if mode & ::CRYPTO_LOCK != 0 { + (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); + } else { + &(*GUARDS)[n as usize].take(); + } +} + +pub fn init() { + static INIT: Once = ONCE_INIT; + + INIT.call_once(|| { + unsafe { + SSL_library_init(); + SSL_load_error_strings(); + OPENSSL_add_all_algorithms_noconf(); + + let num_locks = ::CRYPTO_num_locks(); + let mut mutexes = Box::new(Vec::new()); + for _ in 0..num_locks { + mutexes.push(Mutex::new(())); + } + MUTEXES = mem::transmute(mutexes); + let guards: Box<Vec<Option<MutexGuard<()>>>> = + Box::new((0..num_locks).map(|_| None).collect()); + GUARDS = mem::transmute(guards); + + CRYPTO_set_locking_callback(locking_function); + set_id_callback(); + } + }) +} + +#[cfg(unix)] +fn set_id_callback() { + unsafe extern fn thread_id() -> c_ulong { + ::libc::pthread_self() as c_ulong + } + + unsafe { + CRYPTO_set_id_callback(thread_id); + } +} + +#[cfg(not(unix))] +fn set_id_callback() {} + +extern { + pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> *mut BIO_METHOD; + pub fn BIO_s_mem() -> *mut BIO_METHOD; + pub fn CRYPTO_free(buf: *mut c_void); + pub fn CRYPTO_num_locks() -> c_int; + pub fn CRYPTO_set_locking_callback(func: unsafe extern "C" fn(mode: c_int, + n: c_int, + file: *const c_char, + line: c_int)); + pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); + + pub fn ERR_load_crypto_strings(); + + pub fn RSA_generate_key(modsz: c_int, + e: c_ulong, + cb: Option<extern fn(c_int, c_int, *mut c_void)>, + cbarg: *mut c_void) -> *mut RSA; + + pub fn SSL_library_init() -> c_int; + pub fn SSL_load_error_strings(); + pub fn OPENSSL_add_all_algorithms_noconf(); + pub fn HMAC_CTX_init(ctx: *mut ::HMAC_CTX); + pub fn HMAC_CTX_cleanup(ctx: *mut ::HMAC_CTX); + pub fn SSLv3_method() -> *const ::SSL_METHOD; + pub fn TLSv1_method() -> *const ::SSL_METHOD; + pub fn SSLv23_method() -> *const ::SSL_METHOD; + pub fn TLSv1_1_method() -> *const ::SSL_METHOD; + pub fn TLSv1_2_method() -> *const ::SSL_METHOD; + pub fn DTLSv1_method() -> *const ::SSL_METHOD; + #[cfg(ossl102)] + pub fn DTLSv1_2_method() -> *const ::SSL_METHOD; + pub fn SSL_get_ex_new_index(argl: c_long, argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>) + -> c_int; + pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *mut c_char; + pub fn SSL_CTX_get_ex_new_index(argl: c_long, argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>) + -> c_int; + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; + pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; + pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ::ASN1_STRING) -> c_int; + pub fn ASN1_STRING_data(x: *mut ::ASN1_STRING) -> *mut c_uchar; + pub fn CRYPTO_add_lock(pointer: *mut c_int, + amount: c_int, + type_: c_int, + file: *const c_char, + line: c_int) -> c_int; + + pub fn sk_free(st: *mut _STACK); + pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); + pub fn sk_pop(st: *mut _STACK) -> *mut c_void; + + pub fn SSLeay() -> c_ulong; + pub fn SSLeay_version(key: c_int) -> *const c_char; +} diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs new file mode 100644 index 00000000..62a66cd5 --- /dev/null +++ b/openssl-sys/src/ossl110.rs @@ -0,0 +1,146 @@ +use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long}; + +pub enum stack_st_X509 {} +pub enum stack_st_X509_ATTRIBUTE {} +pub enum stack_st_X509_EXTENSION {} +pub enum stack_st_GENERAL_NAME {} +pub enum stack_st_void {} +pub enum _STACK {} +pub enum BIO_METHOD {} +pub enum RSA {} +pub enum DSA {} +pub enum EVP_PKEY {} +pub enum BIO {} +pub enum CRYPTO_EX_DATA {} +pub enum EVP_MD_CTX {} +pub enum EVP_CIPHER {} +pub enum HMAC_CTX {} +pub enum BIGNUM {} +pub enum OPENSSL_STACK {} +pub enum DH {} +pub enum X509 {} +pub enum SSL_CTX {} + +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; +pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; +pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; +pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; +pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; + +pub const OPENSSL_VERSION: c_int = 0; +pub const OPENSSL_CFLAGS: c_int = 1; +pub const OPENSSL_BUILT_ON: c_int = 2; +pub const OPENSSL_PLATFORM: c_int = 3; +pub const OPENSSL_DIR: c_int = 4; + +pub const CRYPTO_EX_INDEX_SSL: c_int = 0; +pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1; + +pub fn init() {} + +extern { + pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> *const BIO_METHOD; + pub fn BIO_s_mem() -> *const BIO_METHOD; + pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int); + pub fn HMAC_CTX_new() -> *mut HMAC_CTX; + pub fn HMAC_CTX_free(ctx: *mut HMAC_CTX); + pub fn TLS_method() -> *const ::SSL_METHOD; + pub fn DTLS_method() -> *const ::SSL_METHOD; + pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *const c_char; + pub fn X509_get_subject_name(x: *const ::X509) -> *mut ::X509_NAME; + pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_get_ext_d2i(x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; + pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; + pub fn X509_NAME_ENTRY_get_data(ne: *const ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ::ASN1_STRING) -> c_int; + pub fn BN_is_negative(b: *const ::BIGNUM) -> c_int; + pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn DSA_get0_pqg(d: *const ::DSA, + p: *mut *const ::BIGNUM, + q: *mut *const ::BIGNUM, + q: *mut *const ::BIGNUM); + pub fn DSA_get0_key(d: *const ::DSA, + pub_key: *mut *const ::BIGNUM, + priv_key: *mut *const ::BIGNUM); + pub fn RSA_get0_key(r: *const ::RSA, + n: *mut *const ::BIGNUM, + e: *mut *const ::BIGNUM, + d: *mut *const ::BIGNUM); + pub fn RSA_get0_factors(r: *const ::RSA, + p: *mut *const ::BIGNUM, + q: *mut *const ::BIGNUM); + pub fn RSA_set0_key(r: *mut ::RSA, + n: *mut ::BIGNUM, + e: *mut ::BIGNUM, + d: *mut ::BIGNUM) -> c_int; + pub fn RSA_set0_factors(r: *mut ::RSA, + p: *mut ::BIGNUM, + q: *mut ::BIGNUM) -> c_int; + pub fn RSA_set0_crt_params(r: *mut ::RSA, + dmp1: *mut ::BIGNUM, + dmq1: *mut ::BIGNUM, + iqmp: *mut ::BIGNUM) -> c_int; + pub fn ASN1_STRING_get0_data(x: *const ::ASN1_STRING) -> *const c_uchar; + pub fn OPENSSL_sk_num(stack: *const ::OPENSSL_STACK) -> c_int; + pub fn OPENSSL_sk_value(stack: *const ::OPENSSL_STACK, + idx: c_int) -> *mut c_void; + pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong; + pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; + pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; + pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn DH_set0_pqg(dh: *mut ::DH, + p: *mut ::BIGNUM, + q: *mut ::BIGNUM, + g: *mut ::BIGNUM) -> c_int; + pub fn BIO_set_init(a: *mut ::BIO, init: c_int); + pub fn BIO_set_data(a: *mut ::BIO, data: *mut c_void); + pub fn BIO_get_data(a: *mut ::BIO) -> *mut c_void; + pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut ::BIO_METHOD; + pub fn BIO_meth_free(biom: *mut ::BIO_METHOD); + pub fn BIO_meth_set_write(biom: *mut ::BIO_METHOD, + write: unsafe extern fn(*mut ::BIO, + *const c_char, + c_int) -> c_int) -> c_int; + pub fn BIO_meth_set_read(biom: *mut ::BIO_METHOD, + read: unsafe extern fn(*mut ::BIO, + *mut c_char, + c_int) -> c_int) -> c_int; + pub fn BIO_meth_set_puts(biom: *mut ::BIO_METHOD, + read: unsafe extern fn(*mut ::BIO, + *const c_char) -> c_int) -> c_int; + pub fn BIO_meth_set_ctrl(biom: *mut ::BIO_METHOD, + read: unsafe extern fn(*mut ::BIO, + c_int, + c_long, + *mut c_void) -> c_long) -> c_int; + pub fn BIO_meth_set_create(biom: *mut ::BIO_METHOD, + create: unsafe extern fn(*mut ::BIO) -> c_int) -> c_int; + pub fn BIO_meth_set_destroy(biom: *mut ::BIO_METHOD, + destroy: unsafe extern fn(*mut ::BIO) -> c_int) -> c_int; + pub fn CRYPTO_get_ex_new_index(class_index: c_int, + argl: c_long, + argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>) + -> c_int; + pub fn X509_up_ref(x: *mut X509) -> c_int; + pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; + pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; + + pub fn OpenSSL_version_num() -> c_ulong; + pub fn OpenSSL_version(key: c_int) -> *const c_char; + pub fn OPENSSL_sk_free(st: *mut _STACK); + pub fn OPENSSL_sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); + pub fn OPENSSL_sk_pop(st: *mut _STACK) -> *mut c_void; +} diff --git a/openssl-sys/src/probe.rs b/openssl-sys/src/probe.rs deleted file mode 100644 index e3711b54..00000000 --- a/openssl-sys/src/probe.rs +++ /dev/null @@ -1,77 +0,0 @@ -use std::env; -use std::fs; -use std::path::PathBuf; - -pub struct ProbeResult { - pub cert_file: Option<PathBuf>, - pub cert_dir: Option<PathBuf>, -} - -/// Probe the system for the directory in which CA certificates should likely be -/// found. -/// -/// This will only search known system locations. -pub fn find_certs_dirs() -> Vec<PathBuf> { - // see http://gagravarr.org/writing/openssl-certs/others.shtml - [ - "/var/ssl", - "/usr/share/ssl", - "/usr/local/ssl", - "/usr/local/openssl", - "/usr/local/share", - "/usr/lib/ssl", - "/usr/ssl", - "/etc/openssl", - "/etc/pki/tls", - "/etc/ssl", - ].iter().map(|s| PathBuf::from(*s)).filter(|p| { - fs::metadata(p).is_ok() - }).collect() -} - -pub fn init_ssl_cert_env_vars() { - let ProbeResult { cert_file, cert_dir } = probe(); - match cert_file { - Some(path) => put("SSL_CERT_FILE", path), - None => {} - } - match cert_dir { - Some(path) => put("SSL_CERT_DIR", path), - None => {} - } - - fn put(var: &str, path: PathBuf) { - // Don't stomp over what anyone else has set - match env::var(var) { - Ok(..) => {} - Err(..) => env::set_var(var, &path), - } - } -} - -pub fn probe() -> ProbeResult { - let mut result = ProbeResult { - cert_file: env::var_os("SSL_CERT_FILE").map(PathBuf::from), - cert_dir: env::var_os("SSL_CERT_DIR").map(PathBuf::from), - }; - for certs_dir in find_certs_dirs().iter() { - // cert.pem looks to be an openssl 1.0.1 thing, while - // certs/ca-certificates.crt appears to be a 0.9.8 thing - for cert in [ - "cert.pem", - "certs.pem", - "certs/ca-certificates.crt", - "certs/ca-root-nss.crt" - ].iter() { - try(&mut result.cert_file, certs_dir.join(cert)); - } - try(&mut result.cert_dir, certs_dir.join("certs")); - } - result -} - -fn try(dst: &mut Option<PathBuf>, val: PathBuf) { - if dst.is_none() && fs::metadata(&val).is_ok() { - *dst = Some(val); - } -} |