From d5d414b16fe13d65938acd6c601445e1b3e02b55 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 03:23:30 -0700 Subject: Expose max TLS1.3 early data accessors --- openssl-sys/src/openssl/v111.rs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index 8574efc8..e284ff98 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -82,4 +82,11 @@ extern "C" { cookie_len: size_t ) -> c_int> ); + + pub fn SSL_CTX_set_max_early_data(ctx: *mut ::SSL_CTX, max_early_data: u32) -> c_int; + pub fn SSL_CTX_get_max_early_data(ctx: *const ::SSL_CTX) -> u32; + pub fn SSL_set_max_early_data(ctx: *mut ::SSL, max_early_data: u32) -> c_int; + pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; + pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; + pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; } -- cgit v1.2.3 From 69c75a178bbc70dd10d0d69ac8bf9e842cf4ff1f Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 13:16:41 -0700 Subject: Expose early keying material export --- openssl-sys/src/openssl/v111.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index e284ff98..4a3f9560 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -89,4 +89,14 @@ extern "C" { pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; + + pub fn SSL_export_keying_material_early( + s: *mut ::SSL, + out: *mut c_uchar, + olen: size_t, + label: *const c_char, + llen: size_t, + context: *const c_uchar, + contextlen: size_t, + ) -> c_int; } -- cgit v1.2.3 From 862d78416118cf8854feab92cd0ddb826e83199a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 19 May 2018 21:09:04 -0700 Subject: Clean up openssl-sys cfgs --- openssl-sys/src/openssl/mod.rs | 12 ++++++------ openssl-sys/src/openssl/v10x.rs | 15 ++++++--------- 2 files changed, 12 insertions(+), 15 deletions(-) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/mod.rs b/openssl-sys/src/openssl/mod.rs index a1e4a345..b65b6129 100644 --- a/openssl-sys/src/openssl/mod.rs +++ b/openssl-sys/src/openssl/mod.rs @@ -1,8 +1,8 @@ use libc::{c_int, c_long, c_uchar, c_uint, c_ulong}; -#[cfg(any(ossl101, ossl102))] +#[cfg(not(ossl110))] mod v10x; -#[cfg(any(ossl101, ossl102))] +#[cfg(not(ossl110))] pub use openssl::v10x::*; #[cfg(ossl110)] @@ -15,7 +15,7 @@ mod v111; #[cfg(ossl111)] pub use openssl::v111::*; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; @@ -28,9 +28,9 @@ pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; pub const X509_V_ERR_UNSPECIFIED: c_int = 1; @@ -55,7 +55,7 @@ pub const CMS_PARTIAL: c_uint = 0x4000; pub const CMS_REUSE_DIGEST: c_uint = 0x8000; pub const CMS_USE_KEYID: c_uint = 0x10000; pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const CMS_KEY_PARAM: c_uint = 0x40000; extern "C" { diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs index 6a4d4346..8ee9c58f 100644 --- a/openssl-sys/src/openssl/v10x.rs +++ b/openssl-sys/src/openssl/v10x.rs @@ -5,7 +5,7 @@ use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; -#[cfg(not(ossl101))] +#[cfg(ossl102)] use libc::time_t; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; @@ -573,9 +573,6 @@ pub struct SSL_CTX { #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] srtp_profiles: *mut c_void, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - srtp_profiles: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] @@ -669,7 +666,7 @@ pub struct SRP_CTX { } #[repr(C)] -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub struct X509_VERIFY_PARAM { pub name: *mut c_char, pub check_time: time_t, @@ -682,7 +679,7 @@ pub struct X509_VERIFY_PARAM { pub id: *mut X509_VERIFY_PARAM_ID, } -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub enum X509_VERIFY_PARAM_ID {} pub enum PKCS12 {} @@ -925,15 +922,15 @@ extern "C" { loc: c_int, set: c_int, ) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_get0_signature( psig: *mut *mut ::ASN1_BIT_STRING, palg: *mut *mut ::X509_ALGOR, x: *const ::X509, ); - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_get_signature_nid(x: *const X509) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_ALGOR_get0( paobj: *mut *mut ::ASN1_OBJECT, pptype: *mut c_int, -- cgit v1.2.3 From a6fcef01c0aa71359f583342c813b8db5835178d Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 20 May 2018 11:27:45 -0700 Subject: Overhaul openssl cfgs Also expose hostname verification on libressl --- openssl-sys/src/openssl/v10x.rs | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs index 8ee9c58f..c22bb7fc 100644 --- a/openssl-sys/src/openssl/v10x.rs +++ b/openssl-sys/src/openssl/v10x.rs @@ -807,6 +807,28 @@ pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int { ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int } +pub unsafe fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong { + ::SSL_CTX_ctrl(ctx as *mut _, ::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong +} + +pub unsafe fn SSL_CTX_set_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + +pub unsafe fn SSL_CTX_clear_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_CLEAR_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + extern "C" { pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; pub fn BIO_s_file() -> *mut BIO_METHOD; -- cgit v1.2.3 From 2e478fdcf47bcb69a098bd6c3ab6227b53d45a24 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 15:17:40 -0700 Subject: Expose early I/O --- openssl-sys/src/openssl/v111.rs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index 4a3f9560..36682663 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -55,6 +55,9 @@ pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; +pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0; +pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1; +pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2; extern "C" { pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); @@ -99,4 +102,7 @@ extern "C" { context: *const c_uchar, contextlen: size_t, ) -> c_int; + + pub fn SSL_write_early_data(s: *mut ::SSL, buf: *const c_void, num: size_t, written: *mut size_t) -> c_int; + pub fn SSL_read_early_data(s: *mut ::SSL, buf: *mut c_void, num: size_t, readbytes: *mut size_t) -> c_int; } -- cgit v1.2.3 From 3456add537d03aef8a5becc9cbaa77910a1ecb3f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 29 May 2018 21:53:22 -0700 Subject: Add SslRef::verified_chain --- openssl-sys/src/openssl/v110.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src/openssl') diff --git a/openssl-sys/src/openssl/v110.rs b/openssl-sys/src/openssl/v110.rs index 4f1aa1c1..47d2bee4 100644 --- a/openssl-sys/src/openssl/v110.rs +++ b/openssl-sys/src/openssl/v110.rs @@ -280,6 +280,7 @@ extern "C" { ); pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; + pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509; pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_get0_signature( -- cgit v1.2.3