diff options
Diffstat (limited to 'openssl')
| -rw-r--r-- | openssl/Cargo.toml | 4 | ||||
| -rw-r--r-- | openssl/build.rs | 4 | ||||
| -rw-r--r-- | openssl/src/asn1.rs | 2 | ||||
| -rw-r--r-- | openssl/src/dh.rs | 2 | ||||
| -rw-r--r-- | openssl/src/dsa.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ecdsa.rs | 2 | ||||
| -rw-r--r-- | openssl/src/rsa.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/bio.rs | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 130 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 116 | ||||
| -rw-r--r-- | openssl/src/symm.rs | 2 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 52 |
12 files changed, 207 insertions, 113 deletions
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 81568472..b14a7d28 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "openssl" -version = "0.10.9" +version = "0.10.10" authors = ["Steven Fackler <[email protected]>"] license = "Apache-2.0" description = "OpenSSL bindings" @@ -23,7 +23,7 @@ foreign-types = "0.3.1" lazy_static = "1" libc = "0.2" -openssl-sys = { version = "0.9.32", path = "../openssl-sys" } +openssl-sys = { version = "0.9.33", path = "../openssl-sys" } [dev-dependencies] tempdir = "0.3" diff --git a/openssl/build.rs b/openssl/build.rs index 5a5b86f2..f1166d62 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -45,5 +45,9 @@ fn main() { if version >= 0x2_07_00_00_0 { println!("cargo:rustc-cfg=libressl270"); } + + if version >= 0x2_07_03_00_0 { + println!("cargo:rustc-cfg=libressl273"); + } } } diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 03546a4d..633407ea 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -297,7 +297,7 @@ impl fmt::Display for Asn1ObjectRef { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::ASN1_STRING_get0_data; } else { #[allow(bad_style)] diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 730a5180..478e794f 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -107,7 +107,7 @@ impl Dh<Params> { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::DH_set0_pqg; } else { #[allow(bad_style)] diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index abc2e297..e8d78dcb 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -188,7 +188,7 @@ impl<T> fmt::Debug for Dsa<T> { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::DSA_get0_pqg; } else { #[allow(bad_style)] diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index d07dfda4..4edbbf50 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -105,7 +105,7 @@ impl EcdsaSig { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0}; } else { #[allow(bad_style)] diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 92a5799e..d2131d28 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -645,7 +645,7 @@ impl<T> fmt::Debug for Rsa<T> { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::{ RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index 1a149b6d..c1c5f871 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -175,7 +175,7 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int { } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::{BIO_get_data, BIO_set_data, BIO_set_flags, BIO_set_init}; #[allow(bad_style)] diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index dac23114..1feb3ca6 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -952,7 +952,9 @@ impl SslContextBuilder { unsafe { cvt(ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr())).map(|_| ()) } } - /// Sets the list of supported ciphers. + /// Sets the list of supported ciphers for protocols before TLSv1.3. + /// + /// The `set_ciphersuites` method controls the cipher suites for TLSv1.3. /// /// See [`ciphers`] for details on the format. /// @@ -970,6 +972,29 @@ impl SslContextBuilder { } } + /// Sets the list of supported ciphers for the TLSv1.3 protocol. + /// + /// The `set_cipher_list` method controls lthe cipher suites for protocols before TLSv1.3. + /// + /// The format consists of TLSv1.3 ciphersuite names separated by `:` characters in order of + /// preference. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_CTX_set_ciphersuites`]. + /// + /// [`SSL_CTX_set_ciphersuites`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html + #[cfg(ossl111)] + pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { + let cipher_list = CString::new(cipher_list).unwrap(); + unsafe { + cvt(ffi::SSL_CTX_set_ciphersuites( + self.as_ptr(), + cipher_list.as_ptr() as *const _, + )).map(|_| ()) + } + } + /// Enables ECDHE key exchange with an automatically chosen curve list. /// /// Requires OpenSSL 1.0.2. @@ -2188,6 +2213,32 @@ impl SslRef { unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } } + /// Like [`SslContextBuilder::set_alpn_protos`]. + /// + /// Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer. + /// + /// This corresponds to [`SSL_set_alpn_protos`]. + /// + /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos + /// [`SSL_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_alpn_protos.html + #[cfg(any(ossl102, libressl261))] + pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { + unsafe { + assert!(protocols.len() <= c_uint::max_value() as usize); + let r = ffi::SSL_set_alpn_protos( + self.as_ptr(), + protocols.as_ptr(), + protocols.len() as c_uint, + ); + // fun fact, SSL_set_alpn_protos has a reversed return code D: + if r == 0 { + Ok(()) + } else { + Err(ErrorStack::get()) + } + } + } + /// Returns the current cipher if the session is active. /// /// This corresponds to [`SSL_get_current_cipher`]. @@ -3291,44 +3342,9 @@ pub enum ShutdownResult { } cfg_if! { - if #[cfg(ossl110)] { - use ffi::{ - SSL_CTX_up_ref, - SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server, TLS_method, DTLS_method, - }; - - pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index( - ffi::CRYPTO_EX_INDEX_SSL_CTX, - 0, - ptr::null_mut(), - None, - None, - Some(f), - ) - } - - pub unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::CRYPTO_get_ex_new_index( - ffi::CRYPTO_EX_INDEX_SSL, - 0, - ptr::null_mut(), - None, - None, - Some(f), - ) - } + if #[cfg(any(ossl110, libressl273))] { + use ffi::{SSL_CTX_up_ref, SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server}; } else { - use ffi::{SSLv23_method as TLS_method, DTLSv1_method as DTLS_method}; - - pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) - } - - pub unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { - ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) - } - #[allow(bad_style)] pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> c_int { ffi::CRYPTO_add_lock( @@ -3375,3 +3391,41 @@ cfg_if! { } } } + +cfg_if! { + if #[cfg(ossl110)] { + use ffi::{TLS_method, DTLS_method}; + + pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { + ffi::CRYPTO_get_ex_new_index( + ffi::CRYPTO_EX_INDEX_SSL_CTX, + 0, + ptr::null_mut(), + None, + None, + Some(f), + ) + } + + pub unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { + ffi::CRYPTO_get_ex_new_index( + ffi::CRYPTO_EX_INDEX_SSL, + 0, + ptr::null_mut(), + None, + None, + Some(f), + ) + } + } else { + use ffi::{SSLv23_method as TLS_method, DTLSv1_method as DTLS_method}; + + pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { + ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) + } + + pub unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int { + ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) + } + } +} diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index af51be0c..05938af4 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -567,9 +567,10 @@ fn test_alpn_server_advertise_multiple() { ctx.build() }; // Have the listener wait on the connection in a different thread. - thread::spawn(move || { + let guard = thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); - Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); + let mut stream = Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -581,12 +582,16 @@ fn test_alpn_server_advertise_multiple() { } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); - let stream = match Ssl::new(&ctx.build()).unwrap().connect(stream) { + let mut stream = match Ssl::new(&ctx.build()).unwrap().connect(stream) { Ok(stream) => stream, Err(err) => panic!("Expected success, got {:?}", err), }; // SPDY is selected since that's the only thing the client supports. assert_eq!(b"spdy/3.1", stream.ssl().selected_alpn_protocol().unwrap()); + let mut buf = [0]; + stream.read_exact(&mut buf).unwrap(); + + guard.join().unwrap(); } #[test] @@ -643,9 +648,10 @@ fn test_alpn_server_select_none() { ctx.build() }; // Have the listener wait on the connection in a different thread. - thread::spawn(move || { + let guard = thread::spawn(move || { let (stream, _) = listener.accept().unwrap(); - Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); + let mut stream = Ssl::new(&listener_ctx).unwrap().accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); @@ -654,10 +660,15 @@ fn test_alpn_server_select_none() { ctx.set_ca_file(&Path::new("test/root-ca.pem")).unwrap(); // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); - let stream = Ssl::new(&ctx.build()).unwrap().connect(stream).unwrap(); + let mut stream = Ssl::new(&ctx.build()).unwrap().connect(stream).unwrap(); // Since the protocols from the server and client don't overlap at all, no protocol is selected assert_eq!(None, stream.ssl().selected_alpn_protocol()); + + let mut buf = [0]; + stream.read_exact(&mut buf).unwrap(); + + guard.join().unwrap(); } #[test] @@ -972,7 +983,7 @@ fn shutdown() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -999,6 +1010,8 @@ fn shutdown() { assert_eq!(stream.shutdown().unwrap(), ShutdownResult::Sent); assert_eq!(stream.shutdown().unwrap(), ShutdownResult::Received); + + guard.join().unwrap(); } #[test] @@ -1030,7 +1043,7 @@ fn tmp_dh_callback() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -1043,23 +1056,24 @@ fn tmp_dh_callback() { Dh::params_from_pem(dh) }); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - // TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :( + // TLS 1.3 has no DH suites, so make sure we don't pick that version #[cfg(ossl111)] - { - ctx.set_options(super::SslOptions { - bits: ::ffi::SSL_OP_NO_TLSv1_3, - }); - } + ctx.set_options(super::SslOptions::NO_TLSV1_3); ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + + stream.read_exact(&mut [0]).unwrap(); assert!(CALLED_BACK.load(Ordering::SeqCst)); + + guard.join().unwrap(); } #[test] @@ -1073,7 +1087,7 @@ fn tmp_ecdh_callback() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -1085,16 +1099,20 @@ fn tmp_ecdh_callback() { EcKey::from_curve_name(Nid::X9_62_PRIME256V1) }); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + stream.read_exact(&mut [0]).unwrap(); assert!(CALLED_BACK.load(Ordering::SeqCst)); + + guard.join().unwrap(); } #[test] @@ -1104,7 +1122,7 @@ fn tmp_dh_callback_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -1117,23 +1135,23 @@ fn tmp_dh_callback_ssl() { let dh = include_bytes!("../../test/dhparams.pem"); Dh::params_from_pem(dh) }); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - // TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :( + // TLS 1.3 has no DH suites, so make sure we don't pick that version #[cfg(ossl111)] - { - ctx.set_options(super::SslOptions { - bits: ::ffi::SSL_OP_NO_TLSv1_3, - }); - } + ctx.set_options(super::SslOptions::NO_TLSV1_3); ctx.set_cipher_list("EDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + stream.read_exact(&mut [0]).unwrap(); assert!(CALLED_BACK.load(Ordering::SeqCst)); + + guard.join().unwrap(); } #[test] @@ -1147,7 +1165,7 @@ fn tmp_ecdh_callback_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -1159,16 +1177,20 @@ fn tmp_ecdh_callback_ssl() { CALLED_BACK.store(true, Ordering::SeqCst); EcKey::from_curve_name(Nid::X9_62_PRIME256V1) }); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_cipher_list("ECDH").unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + stream.read_exact(&mut [0]).unwrap(); assert!(CALLED_BACK.load(Ordering::SeqCst)); + + guard.join().unwrap(); } #[test] @@ -1200,7 +1222,7 @@ fn status_callbacks() { static CALLED_BACK_SERVER: AtomicBool = ATOMIC_BOOL_INIT; static CALLED_BACK_CLIENT: AtomicBool = ATOMIC_BOOL_INIT; - let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let listener = TcpListener::bind("127.0.0.1:12345").unwrap(); let port = listener.local_addr().unwrap().port(); let guard = thread::spawn(move || { @@ -1218,7 +1240,8 @@ fn status_callbacks() { Ok(true) }).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); @@ -1231,7 +1254,9 @@ fn status_callbacks() { }).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_status_type(StatusType::OCSP).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + let mut buf = [0]; + stream.read_exact(&mut buf).unwrap(); assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst)); assert!(CALLED_BACK_CLIENT.load(Ordering::SeqCst)); @@ -1246,7 +1271,7 @@ fn new_session_callback() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let port = listener.local_addr().unwrap().port(); - thread::spawn(move || { + let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) @@ -1265,11 +1290,11 @@ fn new_session_callback() { ctx.set_new_session_callback(|_, _| CALLED_BACK.store(true, Ordering::SeqCst)); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.connect(stream).unwrap(); - // read 1 byte to make sure the session is received for TLSv1.3 - let mut buf = [0]; - stream.read_exact(&mut buf).unwrap(); + stream.read_exact(&mut [0]).unwrap(); assert!(CALLED_BACK.load(Ordering::SeqCst)); + + guard.join().unwrap(); } #[test] @@ -1288,20 +1313,23 @@ fn keying_export() { ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - let stream = ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); let mut buf = [0; 32]; stream .ssl() .export_keying_material(&mut buf, label, Some(context)) .unwrap(); + + stream.write_all(&[0]).unwrap(); + buf }); let stream = TcpStream::connect(addr).unwrap(); let ctx = SslContext::builder(SslMethod::tls()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - let stream = ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); let mut buf = [1; 32]; stream @@ -1309,6 +1337,8 @@ fn keying_export() { .export_keying_material(&mut buf, label, Some(context)) .unwrap(); + stream.read_exact(&mut [0]).unwrap(); + let buf2 = guard.join().unwrap(); assert_eq!(buf, buf2); @@ -1374,7 +1404,8 @@ fn custom_extensions() { }, ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.accept(stream).unwrap(); + let mut stream = ssl.accept(stream).unwrap(); + stream.write_all(&[0]).unwrap(); }); let stream = TcpStream::connect(addr).unwrap(); @@ -1386,7 +1417,8 @@ fn custom_extensions() { |_, _, _, _| unreachable!(), ).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.connect(stream).unwrap(); + let mut stream = ssl.connect(stream).unwrap(); + stream.read_exact(&mut [0]).unwrap(); guard.join().unwrap(); assert!(FOUND_EXTENSION.load(Ordering::SeqCst)); diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index 33655874..0eab884b 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -719,7 +719,7 @@ pub fn decrypt_aead( } cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(any(ossl110, libressl273))] { use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; } else { #[allow(bad_style)] diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 5c1bb23f..a07fc1f1 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1245,21 +1245,9 @@ impl X509AlgorithmRef { } cfg_if! { - if #[cfg(ossl110)] { - use ffi::{ - X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version, - X509_get0_signature, X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, - ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter, - X509_set1_notBefore, - }; + if #[cfg(any(ossl110, libressl273))] { + use ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature}; } else { - use ffi::{ - ASN1_STRING_data as ASN1_STRING_get0_data, - X509_STORE_CTX_get_chain as X509_STORE_CTX_get0_chain, - X509_set_notAfter as X509_set1_notAfter, - X509_set_notBefore as X509_set1_notBefore, - }; - #[allow(bad_style)] unsafe fn X509_getm_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME { (*(*(*x).cert_info).validity).notAfter @@ -1282,16 +1270,6 @@ cfg_if! { } #[allow(bad_style)] - unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long { - ffi::ASN1_INTEGER_get((*(*x).req_info).version) - } - - #[allow(bad_style)] - unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME { - (*(*x).req_info).subject - } - - #[allow(bad_style)] unsafe fn X509_get0_signature( psig: *mut *const ffi::ASN1_BIT_STRING, palg: *mut *const ffi::X509_ALGOR, @@ -1304,6 +1282,32 @@ cfg_if! { *palg = (*x).sig_alg; } } + } +} + +cfg_if! { + if #[cfg(ossl110)] { + use ffi::{ + X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter, + X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name, + }; + } else { + use ffi::{ + ASN1_STRING_data as ASN1_STRING_get0_data, + X509_STORE_CTX_get_chain as X509_STORE_CTX_get0_chain, + X509_set_notAfter as X509_set1_notAfter, + X509_set_notBefore as X509_set1_notBefore, + }; + + #[allow(bad_style)] + unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long { + ffi::ASN1_INTEGER_get((*(*x).req_info).version) + } + + #[allow(bad_style)] + unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME { + (*(*x).req_info).subject + } #[allow(bad_style)] unsafe fn X509_ALGOR_get0( |