4 files changed, 87 insertions, 15 deletions
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index 437f7fb6..b13fc80a 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -1,12 +1,12 @@
 [package]
 name = "openssl-sys"
-version = "0.6.5"
+version = "0.6.6"
 authors = ["Alex Crichton <[email protected]>",
            "Steven Fackler <[email protected]>"]
 license = "MIT"
 description = "FFI bindings to OpenSSL"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.5/openssl_sys"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.6/openssl_sys"
 
 links = "openssl"
 build = "build.rs"
@@ -21,6 +21,8 @@ aes_xts = []
 aes_ctr = []
 npn = []
 alpn = []
+rfc5114 = []
+ecdh_auto = []
 
 [dependencies]
 libc = "0.1"
diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs
index b4a00566..5f934888 100644
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build.rs
@@ -36,12 +36,12 @@ fn main() {
         Some(ref v) => v.split(":").collect(),
         None => if target.contains("windows") {
             if get_mingw_in_path().is_some() && lib_dir.is_none() && include_dir.is_none() {
-                vec!("eay32", "ssleay32")
+                vec!["ssleay32", "eay32"]
             } else {
-                vec!("eay32", "ssl32")
+                vec!["ssl32", "eay32"]
             }
         } else {
-            vec!("crypto", "ssl")
+            vec!["ssl", "crypto"]
         }
     };
 
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 0e0ef8a5..3bc9e59a 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1,6 +1,6 @@
 #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
 #![allow(dead_code)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.5")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.6")]
 
 extern crate libc;
 
@@ -20,6 +20,7 @@ pub type BIO_METHOD = c_void;
 pub type BN_CTX = c_void;
 pub type COMP_METHOD = c_void;
 pub type CRYPTO_EX_DATA = c_void;
+pub type DH = c_void;
 pub type ENGINE = c_void;
 pub type EVP_CIPHER = c_void;
 pub type EVP_CIPHER_CTX = c_void;
@@ -166,11 +167,11 @@ macro_rules! import_options {
 
 include!("ssl_options.rs");
 
-#[cfg(feature = "npn")]
+#[cfg(any(feature = "npn", feature = "alpn"))]
 pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
-#[cfg(feature = "npn")]
+#[cfg(any(feature = "npn", feature = "alpn"))]
 pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
-#[cfg(feature = "npn")]
+#[cfg(any(feature = "npn", feature = "alpn"))]
 pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
 
 pub const V_ASN1_GENERALIZEDTIME: c_int = 24;
@@ -251,10 +252,10 @@ extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char,
 }
 
 pub fn init() {
-    static mut INIT: Once = ONCE_INIT;
+    static INIT: Once = ONCE_INIT;
 
-    unsafe {
-        INIT.call_once(|| {
+    INIT.call_once(|| {
+        unsafe {
             SSL_library_init();
             SSL_load_error_strings();
 
@@ -269,8 +270,9 @@ pub fn init() {
             GUARDS = mem::transmute(guards);
 
             CRYPTO_set_locking_callback(locking_function);
-        })
-    }
+            rust_openssl_set_id_callback();
+        }
+    })
 }
 
 pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
@@ -289,6 +291,7 @@ pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
 extern "C" {
     fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long;
     fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64;
+    fn rust_openssl_set_id_callback();
 
     pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
@@ -380,6 +383,17 @@ extern "C" {
     pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void,
                          len: size_t) -> c_int;
 
+    pub fn DH_free(dh: *mut DH);
+
+    #[cfg(feature = "rfc5114")]
+    pub fn DH_get_1024_160() -> *mut DH;
+    #[cfg(feature = "rfc5114")]
+    pub fn DH_get_2048_224() -> *mut DH;
+    #[cfg(feature = "rfc5114")]
+    pub fn DH_get_2048_256() -> *mut DH;
+
+    pub fn DH_new_from_params(p: *mut BIGNUM, g: *mut BIGNUM, q: *mut BIGNUM) -> *mut DH;
+
     pub fn ERR_get_error() -> c_ulong;
 
     pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char;
@@ -465,7 +479,8 @@ extern "C" {
     #[cfg_attr(target_os = "nacl", link_name = "HMAC_Update")]
     pub fn HMAC_Update_shim(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int;
 
-
+    pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: Option<PasswordCallback>,
+                             user_data: *mut c_void) -> *mut DH;
     pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: Option<PasswordCallback>,
                              user_data: *mut c_void) -> *mut X509;
     pub fn PEM_read_bio_X509_REQ(bio: *mut BIO, out: *mut *mut X509_REQ, callback: Option<PasswordCallback>,
@@ -662,8 +677,13 @@ extern "C" {
     pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
     #[link_name = "SSL_CTX_set_read_ahead_shim"]
     pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;
+    #[cfg(feature = "ecdh_auto")]
+    #[link_name = "SSL_CTX_set_ecdh_auto_shim"]
+    pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int;
     #[link_name = "SSL_set_tlsext_host_name_shim"]
     pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;
+    #[link_name = "SSL_CTX_set_tmp_dh_shim"]
+    pub fn SSL_CTX_set_tmp_dh(s: *mut SSL, dh: *const DH) -> c_long;
     #[link_name = "X509_get_extensions_shim"]
     pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION;
 }
diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c
index f0622d2d..f0f55b27 100644
--- a/openssl-sys/src/openssl_shim.c
+++ b/openssl-sys/src/openssl_shim.c
@@ -1,5 +1,33 @@
 #include <openssl/hmac.h>
 #include <openssl/ssl.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+
+#if defined(__APPLE__) || defined(__linux)
+
+#include<pthread.h>
+#include<openssl/crypto.h>
+
+unsigned long thread_id()
+{
+    return (unsigned long) pthread_self();
+}
+
+void rust_openssl_set_id_callback() {
+  CRYPTO_set_id_callback(thread_id);
+}
+
+#else
+// Openssl already handles Windows directly, so we don't
+// need to explicitly set it
+
+void rust_openssl_set_id_callback() {
+  // We don't know how to set the callback for arbitrary OSes
+  // Let openssl use its defaults and hope they work.
+}
+
+#endif
+
 
 #if OPENSSL_VERSION_NUMBER < 0x1000000L
 // Copied from openssl crypto/hmac/hmac.c
@@ -79,6 +107,28 @@ long SSL_CTX_set_read_ahead_shim(SSL_CTX *ctx, long m) {
     return SSL_CTX_set_read_ahead(ctx, m);
 }
 
+long SSL_CTX_set_tmp_dh_shim(SSL_CTX *ctx, DH *dh) {
+    return SSL_CTX_set_tmp_dh(ctx, dh);
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000200L
+int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) {
+    return SSL_CTX_set_ecdh_auto(ctx, onoff);
+}
+#endif
+
+DH *DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
+    DH *dh;
+
+    if ((dh = DH_new()) == NULL) {
+        return NULL;
+    }
+    dh->p = p;
+    dh->g = g;
+    dh->q = q;
+    return dh;
+}
+
 long SSL_set_tlsext_host_name_shim(SSL *s, char *name) {
     return SSL_set_tlsext_host_name(s, name);
 }