From d0b769c93c623d308c02cb5d86726f4c9607f5f4 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 27 Jun 2015 15:11:11 -0700 Subject: Move macro replicas into C shim --- openssl-sys/src/lib.rs | 46 ++++++++-------------- openssl-sys/src/old_openssl_shim.c | 49 ----------------------- openssl-sys/src/openssl_shim.c | 80 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+), 79 deletions(-) delete mode 100644 openssl-sys/src/old_openssl_shim.c create mode 100644 openssl-sys/src/openssl_shim.c (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index d77264be..ce8e6e37 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -9,7 +9,6 @@ extern crate libressl_pnacl_sys; use libc::{c_void, c_int, c_char, c_ulong, c_long, c_uint, c_uchar, size_t}; use std::mem; -use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; @@ -263,35 +262,6 @@ pub fn init() { } } -// Functions converted from macros -pub unsafe fn BIO_eof(b: *mut BIO) -> bool { - BIO_ctrl(b, BIO_CTRL_EOF, 0, ptr::null_mut()) == 1 -} - -pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: c_long) -> c_long { - SSL_CTX_ctrl(ssl, SSL_CTRL_OPTIONS, op, ptr::null_mut()) -} - -pub unsafe fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int) { - BIO_ctrl(b, BIO_C_SET_BUF_MEM_EOF_RETURN, v as c_long, ptr::null_mut()); -} - -pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> c_long { - SSL_CTX_ctrl(ssl, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: c_long) -> c_long { - SSL_CTX_ctrl(ssl, SSL_CTRL_CLEAR_OPTIONS, (op), ptr::null_mut()) -} - -pub unsafe fn SSL_CTX_add_extra_chain_cert(ssl: *mut SSL_CTX, cert: *mut X509) -> c_long { - SSL_CTX_ctrl(ssl, SSL_CTRL_EXTRA_CHAIN_CERT, 0, cert) -} - -pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long { - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut()) -} - // True functions extern "C" { pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int; @@ -610,6 +580,22 @@ extern "C" { pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int; pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; + + // These functions are defined in OpenSSL as macros, so we shim them + #[link_name = "BIO_eof_shim"] + pub fn BIO_eof(b: *mut BIO) -> c_int; + #[link_name = "BIO_set_mem_eof_return_shim"] + pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int); + #[link_name = "SSL_CTX_set_options_shim"] + pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, options: c_long) -> c_long; + #[link_name = "SSL_CTX_get_options_shim"] + pub fn SSL_CTX_get_options(ctx: *mut SSL_CTX) -> c_long; + #[link_name = "SSL_CTX_clear_options_shim"] + pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, options: c_long) -> c_long; + #[link_name = "SSL_CTX_add_extra_chain_cert_shim"] + pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; + #[link_name = "SSL_CTX_set_read_ahead_shim"] + pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long; } pub mod probe; diff --git a/openssl-sys/src/old_openssl_shim.c b/openssl-sys/src/old_openssl_shim.c deleted file mode 100644 index 19ce74fc..00000000 --- a/openssl-sys/src/old_openssl_shim.c +++ /dev/null @@ -1,49 +0,0 @@ -#include - -#if OPENSSL_VERSION_NUMBER < 0x1000000L -// Copied from openssl crypto/hmac/hmac.c -int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) - { - if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) - goto err; - if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) - goto err; - if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) - goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); - dctx->key_length = sctx->key_length; - dctx->md = sctx->md; - return 1; - err: - return 0; - } - -int HMAC_Init_ex_shim(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) { - HMAC_Init_ex(ctx, key, key_len, md, impl); - return 1; -} - -int HMAC_Update_shim(HMAC_CTX *ctx, const unsigned char *data, int len) { - HMAC_Update(ctx, data, len); - return 1; -} - -int HMAC_Final_shim(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - HMAC_Final(ctx, md, len); - return 1; -} - -#else - -int HMAC_Init_ex_shim(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) { - return HMAC_Init_ex(ctx, key, key_len, md, impl); -} - -int HMAC_Update_shim(HMAC_CTX *ctx, const unsigned char *data, int len) { - return HMAC_Update(ctx, data, len); -} - -int HMAC_Final_shim(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - return HMAC_Final(ctx, md, len); -} -#endif diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c new file mode 100644 index 00000000..9b4a9fa2 --- /dev/null +++ b/openssl-sys/src/openssl_shim.c @@ -0,0 +1,80 @@ +#include +#include + +#if OPENSSL_VERSION_NUMBER < 0x1000000L +// Copied from openssl crypto/hmac/hmac.c +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) + { + if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) + goto err; + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + dctx->md = sctx->md; + return 1; + err: + return 0; + } + +int HMAC_Init_ex_shim(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) { + HMAC_Init_ex(ctx, key, key_len, md, impl); + return 1; +} + +int HMAC_Update_shim(HMAC_CTX *ctx, const unsigned char *data, int len) { + HMAC_Update(ctx, data, len); + return 1; +} + +int HMAC_Final_shim(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { + HMAC_Final(ctx, md, len); + return 1; +} + +#else + +int HMAC_Init_ex_shim(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) { + return HMAC_Init_ex(ctx, key, key_len, md, impl); +} + +int HMAC_Update_shim(HMAC_CTX *ctx, const unsigned char *data, int len) { + return HMAC_Update(ctx, data, len); +} + +int HMAC_Final_shim(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { + return HMAC_Final(ctx, md, len); +} +#endif + +// shims for OpenSSL macros + +int BIO_eof_shim(BIO *b) { + return BIO_eof(b); +} + +void BIO_set_mem_eof_return_shim(BIO *b, int v) { + BIO_set_mem_eof_return(b, v); +} + +long SSL_CTX_set_options_shim(SSL_CTX *ctx, long options) { + return SSL_CTX_set_options(ctx, options); +} + +long SSL_CTX_get_options_shim(SSL_CTX *ctx) { + return SSL_CTX_get_options(ctx); +} + +long SSL_CTX_clear_options_shim(SSL_CTX *ctx, long options) { + return SSL_CTX_clear_options(ctx, options); +} + +long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) { + return SSL_CTX_add_extra_chain_cert(ctx, x509); +} + +long SSL_CTX_set_read_ahead_shim(SSL_CTX *ctx, long m) { + return SSL_CTX_set_read_ahead(ctx, m); +} -- cgit v1.2.3 From cb7248d8cb1596f48cb916fe36aa3be2d7b91164 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 27 Jun 2015 15:23:19 -0700 Subject: Import shim'd HMAC stuff with the original name --- openssl-sys/src/lib.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index ce8e6e37..20185e5a 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -415,10 +415,20 @@ extern "C" { pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int; // Pre-1.0 versions of these didn't return anything, so the shims bridge that gap + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Init_ex_shim")] + pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int; + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Final_shim")] + pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int; + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Update_shim")] + pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int; + + /// Deprecated - use the non "_shim" version #[cfg_attr(target_os = "nacl", link_name = "HMAC_Init_ex")] pub fn HMAC_Init_ex_shim(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int; + /// Deprecated - use the non "_shim" version #[cfg_attr(target_os = "nacl", link_name = "HMAC_Final")] pub fn HMAC_Final_shim(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int; + /// Deprecated - use the non "_shim" version #[cfg_attr(target_os = "nacl", link_name = "HMAC_Update")] pub fn HMAC_Update_shim(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int; -- cgit v1.2.3 From 9d0acfe6155e1f432a80d0bfa99efbbdf0b07100 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 27 Jun 2015 19:37:45 -0700 Subject: Fix set_hostname It was previously failing to null terminate the hostname string (was anyone actually using this?). Also move the macro expansion to the C shim. --- openssl-sys/src/lib.rs | 2 ++ openssl-sys/src/openssl_shim.c | 4 ++++ 2 files changed, 6 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 20185e5a..5204c3bf 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -606,6 +606,8 @@ extern "C" { pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; #[link_name = "SSL_CTX_set_read_ahead_shim"] pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long; + #[link_name = "SSL_set_tlsext_host_name_shim"] + pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long; } pub mod probe; diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c index 9b4a9fa2..7b4f9c74 100644 --- a/openssl-sys/src/openssl_shim.c +++ b/openssl-sys/src/openssl_shim.c @@ -78,3 +78,7 @@ long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) { long SSL_CTX_set_read_ahead_shim(SSL_CTX *ctx, long m) { return SSL_CTX_set_read_ahead(ctx, m); } + +long SSL_set_tlsext_host_name_shim(SSL *s, char *name) { + return SSL_set_tlsext_host_name(s, name); +} -- cgit v1.2.3 From 0cff370f1d4e46145bc9047508a7e63402b10adc Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 27 Jun 2015 21:40:00 -0700 Subject: Reduce SslStream constructor duplication --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5204c3bf..b347b949 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -271,6 +271,7 @@ extern "C" { pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; pub fn BIO_free_all(b: *mut BIO); pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; + pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; pub fn BIO_s_mem() -> *const BIO_METHOD; -- cgit v1.2.3 From 01e01e3747dd0dbd46486c4f9406c29488a28c19 Mon Sep 17 00:00:00 2001 From: Cody P Schafer Date: Wed, 24 Jun 2015 17:17:43 -0400 Subject: ssl: support ALPN Heavily based on the existing NPN wrapping code. Naming of public functions is identical to the NPN ones with `s/npn/alpn/` applied to prevent devs from needing to remember 2 names (and to let my copy the npn tests and perform the subistution to generate the apln tests). It might make sense to (at some point) use macros or a trait to cut down the duplication. --- openssl-sys/src/lib.rs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b347b949..9f2041a4 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -547,13 +547,31 @@ extern "C" { inlen: c_uint, arg: *mut c_void) -> c_int, arg: *mut c_void); - #[cfg(feature = "npn")] + #[cfg(any(feature = "alpn", feature = "npn"))] pub fn SSL_select_next_proto(out: *mut *mut c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, client: *const c_uchar, client_len: c_uint) -> c_int; #[cfg(feature = "npn")] pub fn SSL_get0_next_proto_negotiated(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); + #[cfg(feature = "alpn")] + pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; + + #[cfg(feature = "alpn")] + pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; + + #[cfg(feature = "alpn")] + pub fn SSL_CTX_set_alpn_select_cb(ssl: *mut SSL_CTX, + cb: extern "C" fn(ssl: *mut SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + arg: *mut c_void) -> c_int, + arg: *mut c_void); + #[cfg(feature = "alpn")] + pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); + pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; pub fn X509_digest(x: *mut X509, digest: *const EVP_MD, buf: *mut c_char, len: *mut c_uint) -> c_int; pub fn X509_free(x: *mut X509); -- cgit v1.2.3 From cc497b47686d1dd03f96e2c2a99f214b9bc97eb9 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 6 Jul 2015 11:09:03 -0700 Subject: Release v0.6.4 --- openssl-sys/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9f2041a4..eb7750f7 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.3")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.4")] extern crate libc; -- cgit v1.2.3