From 1a909c8e5ef265473d965bbf5293b252bef25fbf Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 13 May 2018 08:50:00 -0700 Subject: Some sys cleanup --- openssl-sys/src/lib.rs | 118 +---- openssl-sys/src/openssl/mod.rs | 83 ++++ openssl-sys/src/openssl/v10x.rs | 984 ++++++++++++++++++++++++++++++++++++++++ openssl-sys/src/openssl/v110.rs | 381 ++++++++++++++++ openssl-sys/src/openssl/v111.rs | 85 ++++ openssl-sys/src/ossl10x.rs | 984 ---------------------------------------- openssl-sys/src/ossl110.rs | 379 ---------------- openssl-sys/src/ossl111.rs | 84 ---- 8 files changed, 1537 insertions(+), 1561 deletions(-) create mode 100644 openssl-sys/src/openssl/mod.rs create mode 100644 openssl-sys/src/openssl/v10x.rs create mode 100644 openssl-sys/src/openssl/v110.rs create mode 100644 openssl-sys/src/openssl/v111.rs delete mode 100644 openssl-sys/src/ossl10x.rs delete mode 100644 openssl-sys/src/ossl110.rs delete mode 100644 openssl-sys/src/ossl111.rs (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9b49e21b..61e087d0 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -8,20 +8,10 @@ use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, FILE use std::mem; use std::ptr; -#[cfg(any(ossl101, ossl102))] -mod ossl10x; -#[cfg(any(ossl101, ossl102))] -pub use ossl10x::*; - -#[cfg(ossl110)] -mod ossl110; -#[cfg(ossl110)] -pub use ossl110::*; - -#[cfg(ossl111)] -mod ossl111; -#[cfg(ossl111)] -pub use ossl111::*; +#[cfg(not(libressl))] +mod openssl; +#[cfg(not(libressl))] +pub use openssl::*; #[cfg(libressl)] mod libressl; @@ -1249,20 +1239,12 @@ pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65; pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70; pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71; pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82; -#[cfg(not(any(ossl101, libressl)))] -pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1; pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; pub const SSL_MODE_AUTO_RETRY: c_long = 0x4; pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8; pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10; -#[cfg(not(libressl))] -pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; -#[cfg(not(libressl))] -pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; -#[cfg(not(libressl))] -pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; pub const SSL_ERROR_NONE: c_int = 0; pub const SSL_ERROR_SSL: c_int = 1; @@ -1287,8 +1269,6 @@ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; #[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; -#[cfg(not(libressl))] -pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; #[cfg(not(any(libressl, ossl110f, ossl111)))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; #[cfg(any(ossl110f, ossl111))] @@ -1298,27 +1278,13 @@ pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; -#[cfg(not(libressl))] -pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; -#[cfg(not(libressl))] -pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; -#[cfg(not(libressl))] -pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; -#[cfg(not(libressl))] -pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; -#[cfg(ossl111)] -pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; -#[cfg(not(any(ossl101, libressl)))] -pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; -#[cfg(not(any(ossl101, libressl)))] -pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; #[cfg(not(any(ossl101, libressl, ossl111)))] pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; @@ -1366,8 +1332,6 @@ pub const X509_FILETYPE_DEFAULT: c_int = 3; pub const X509_FILETYPE_PEM: c_int = 1; pub const X509_V_OK: c_int = 0; -#[cfg(not(libressl))] -pub const X509_V_ERR_UNSPECIFIED: c_int = 1; pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: c_int = 2; pub const X509_V_ERR_UNABLE_TO_GET_CRL: c_int = 3; pub const X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: c_int = 4; @@ -1465,51 +1429,6 @@ pub const GEN_RID: c_int = 8; pub const DTLS1_COOKIE_LENGTH: c_uint = 256; -#[cfg(not(libressl))] -pub const CMS_TEXT: c_uint = 0x1; -#[cfg(not(libressl))] -pub const CMS_NOCERTS: c_uint = 0x2; -#[cfg(not(libressl))] -pub const CMS_NO_CONTENT_VERIFY: c_uint = 0x4; -#[cfg(not(libressl))] -pub const CMS_NO_ATTR_VERIFY: c_uint = 0x8; -#[cfg(not(libressl))] -pub const CMS_NOSIGS: c_uint = 0x4 | 0x8; -#[cfg(not(libressl))] -pub const CMS_NOINTERN: c_uint = 0x10; -#[cfg(not(libressl))] -pub const CMS_NO_SIGNER_CERT_VERIFY: c_uint = 0x20; -#[cfg(not(libressl))] -pub const CMS_NOVERIFY: c_uint = 0x20; -#[cfg(not(libressl))] -pub const CMS_DETACHED: c_uint = 0x40; -#[cfg(not(libressl))] -pub const CMS_BINARY: c_uint = 0x80; -#[cfg(not(libressl))] -pub const CMS_NOATTR: c_uint = 0x100; -#[cfg(not(libressl))] -pub const CMS_NOSMIMECAP: c_uint = 0x200; -#[cfg(not(libressl))] -pub const CMS_NOOLDMIMETYPE: c_uint = 0x400; -#[cfg(not(libressl))] -pub const CMS_CRLFEOL: c_uint = 0x800; -#[cfg(not(libressl))] -pub const CMS_STREAM: c_uint = 0x1000; -#[cfg(not(libressl))] -pub const CMS_NOCRL: c_uint = 0x2000; -#[cfg(not(libressl))] -pub const CMS_PARTIAL: c_uint = 0x4000; -#[cfg(not(libressl))] -pub const CMS_REUSE_DIGEST: c_uint = 0x8000; -#[cfg(not(libressl))] -pub const CMS_USE_KEYID: c_uint = 0x10000; -#[cfg(not(libressl))] -pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; -#[cfg(all(not(libressl), not(ossl101)))] -pub const CMS_KEY_PARAM: c_uint = 0x40000; -#[cfg(all(not(libressl), not(ossl101), not(ossl102)))] -pub const CMS_ASCIICRLF: c_uint = 0x80000; - // macros pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void) @@ -2888,35 +2807,6 @@ extern "C" { pub fn HMAC_Update(ctx: *mut HMAC_CTX, data: *const c_uchar, len: size_t) -> c_int; pub fn HMAC_Final(ctx: *mut HMAC_CTX, md: *mut c_uchar, len: *mut c_uint) -> c_int; - #[cfg(not(libressl))] - pub fn CMS_decrypt( - cms: *mut CMS_ContentInfo, - pkey: *mut EVP_PKEY, - cert: *mut X509, - dcont: *mut BIO, - out: *mut BIO, - flags: c_uint, - ) -> c_int; - #[cfg(not(libressl))] - pub fn SMIME_read_CMS(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut CMS_ContentInfo; - #[cfg(not(libressl))] - pub fn CMS_ContentInfo_free(cms: *mut CMS_ContentInfo); - #[cfg(not(libressl))] - pub fn CMS_sign( - signcert: *mut X509, - pkey: *mut EVP_PKEY, - certs: *mut stack_st_X509, - data: *mut BIO, - flags: c_uint, - ) -> *mut CMS_ContentInfo; - #[cfg(not(libressl))] - pub fn i2d_CMS_ContentInfo(a: *mut CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; - - #[cfg(not(libressl))] - pub fn FIPS_mode_set(onoff: c_int) -> c_int; - #[cfg(not(libressl))] - pub fn FIPS_mode() -> c_int; - // FIXME change to unsafe extern "C" fn pub fn SSL_CTX_set_cookie_generate_cb( s: *mut SSL_CTX, diff --git a/openssl-sys/src/openssl/mod.rs b/openssl-sys/src/openssl/mod.rs new file mode 100644 index 00000000..a1e4a345 --- /dev/null +++ b/openssl-sys/src/openssl/mod.rs @@ -0,0 +1,83 @@ +use libc::{c_int, c_long, c_uchar, c_uint, c_ulong}; + +#[cfg(any(ossl101, ossl102))] +mod v10x; +#[cfg(any(ossl101, ossl102))] +pub use openssl::v10x::*; + +#[cfg(ossl110)] +mod v110; +#[cfg(ossl110)] +pub use openssl::v110::*; + +#[cfg(ossl111)] +mod v111; +#[cfg(ossl111)] +pub use openssl::v111::*; + +#[cfg(not(ossl101))] +pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; + +pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; +pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; +pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; + +pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; + +pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; +pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; +pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; +pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; +#[cfg(not(ossl101))] +pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; +#[cfg(not(ossl101))] +pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; + +pub const X509_V_ERR_UNSPECIFIED: c_int = 1; + +pub const CMS_TEXT: c_uint = 0x1; +pub const CMS_NOCERTS: c_uint = 0x2; +pub const CMS_NO_CONTENT_VERIFY: c_uint = 0x4; +pub const CMS_NO_ATTR_VERIFY: c_uint = 0x8; +pub const CMS_NOSIGS: c_uint = 0x4 | 0x8; +pub const CMS_NOINTERN: c_uint = 0x10; +pub const CMS_NO_SIGNER_CERT_VERIFY: c_uint = 0x20; +pub const CMS_NOVERIFY: c_uint = 0x20; +pub const CMS_DETACHED: c_uint = 0x40; +pub const CMS_BINARY: c_uint = 0x80; +pub const CMS_NOATTR: c_uint = 0x100; +pub const CMS_NOSMIMECAP: c_uint = 0x200; +pub const CMS_NOOLDMIMETYPE: c_uint = 0x400; +pub const CMS_CRLFEOL: c_uint = 0x800; +pub const CMS_STREAM: c_uint = 0x1000; +pub const CMS_NOCRL: c_uint = 0x2000; +pub const CMS_PARTIAL: c_uint = 0x4000; +pub const CMS_REUSE_DIGEST: c_uint = 0x8000; +pub const CMS_USE_KEYID: c_uint = 0x10000; +pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; +#[cfg(not(ossl101))] +pub const CMS_KEY_PARAM: c_uint = 0x40000; + +extern "C" { + pub fn CMS_decrypt( + cms: *mut ::CMS_ContentInfo, + pkey: *mut ::EVP_PKEY, + cert: *mut ::X509, + dcont: *mut ::BIO, + out: *mut ::BIO, + flags: c_uint, + ) -> c_int; + pub fn SMIME_read_CMS(bio: *mut ::BIO, bcont: *mut *mut ::BIO) -> *mut ::CMS_ContentInfo; + pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo); + pub fn CMS_sign( + signcert: *mut ::X509, + pkey: *mut ::EVP_PKEY, + certs: *mut ::stack_st_X509, + data: *mut ::BIO, + flags: c_uint, + ) -> *mut ::CMS_ContentInfo; + pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; + + pub fn FIPS_mode_set(onoff: c_int) -> c_int; + pub fn FIPS_mode() -> c_int; +} diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs new file mode 100644 index 00000000..6a4d4346 --- /dev/null +++ b/openssl-sys/src/openssl/v10x.rs @@ -0,0 +1,984 @@ +use std::io::{self, Write}; +use std::mem; +use std::process; +use std::ptr; +use std::sync::{Mutex, MutexGuard}; +use std::sync::{Once, ONCE_INIT}; + +#[cfg(not(ossl101))] +use libc::time_t; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; + +#[repr(C)] +pub struct stack_st_ASN1_OBJECT { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509 { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509_NAME { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509_ATTRIBUTE { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_X509_EXTENSION { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_GENERAL_NAME { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_void { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_SSL_CIPHER { + pub stack: _STACK, +} + +#[repr(C)] +pub struct stack_st_OPENSSL_STRING { + pub stack: _STACK, +} + +#[repr(C)] +pub struct _STACK { + pub num: c_int, + pub data: *mut *mut c_char, + pub sorted: c_int, + pub num_alloc: c_int, + pub comp: Option c_int>, +} + +#[repr(C)] +pub struct BIO_METHOD { + pub type_: c_int, + pub name: *const c_char, + pub bwrite: Option c_int>, + pub bread: Option c_int>, + pub bputs: Option c_int>, + pub bgets: Option c_int>, + pub ctrl: Option c_long>, + pub create: Option c_int>, + pub destroy: Option c_int>, + pub callback_ctrl: Option c_long>, +} + +#[repr(C)] +pub struct RSA { + pub pad: c_int, + pub version: c_long, + pub meth: *const ::RSA_METHOD, + + pub engine: *mut ::ENGINE, + pub n: *mut ::BIGNUM, + pub e: *mut ::BIGNUM, + pub d: *mut ::BIGNUM, + pub p: *mut ::BIGNUM, + pub q: *mut ::BIGNUM, + pub dmp1: *mut ::BIGNUM, + pub dmq1: *mut ::BIGNUM, + pub iqmp: *mut ::BIGNUM, + + pub ex_data: ::CRYPTO_EX_DATA, + pub references: c_int, + pub flags: c_int, + + pub _method_mod_n: *mut ::BN_MONT_CTX, + pub _method_mod_p: *mut ::BN_MONT_CTX, + pub _method_mod_q: *mut ::BN_MONT_CTX, + + pub bignum_data: *mut c_char, + pub blinding: *mut ::BN_BLINDING, + pub mt_blinding: *mut ::BN_BLINDING, +} + +#[repr(C)] +pub struct DSA { + pub pad: c_int, + pub version: c_long, + pub write_params: c_int, + + pub p: *mut ::BIGNUM, + pub q: *mut ::BIGNUM, + pub g: *mut ::BIGNUM, + pub pub_key: *mut ::BIGNUM, + pub priv_key: *mut ::BIGNUM, + pub kinv: *mut ::BIGNUM, + pub r: *mut ::BIGNUM, + + pub flags: c_int, + pub method_mont_p: *mut ::BN_MONT_CTX, + pub references: c_int, + pub ex_data: ::CRYPTO_EX_DATA, + pub meth: *const ::DSA_METHOD, + pub engine: *mut ::ENGINE, +} + +#[repr(C)] +pub struct ECDSA_SIG { + pub r: *mut BIGNUM, + pub s: *mut BIGNUM, +} + +#[repr(C)] +pub struct EVP_PKEY { + pub type_: c_int, + pub save_type: c_int, + pub references: c_int, + pub ameth: *const ::EVP_PKEY_ASN1_METHOD, + pub engine: *mut ::ENGINE, + pub pkey: *mut c_void, + pub save_parameters: c_int, + pub attributes: *mut stack_st_X509_ATTRIBUTE, +} + +#[repr(C)] +pub struct BIO { + pub method: *mut ::BIO_METHOD, + pub callback: Option< + unsafe extern "C" fn(*mut ::BIO, c_int, *const c_char, c_int, c_long, c_long) -> c_long, + >, + pub cb_arg: *mut c_char, + pub init: c_int, + pub shutdown: c_int, + pub flags: c_int, + pub retry_reason: c_int, + pub num: c_int, + pub ptr: *mut c_void, + pub next_bio: *mut ::BIO, + pub prev_bio: *mut ::BIO, + pub references: c_int, + pub num_read: c_ulong, + pub num_write: c_ulong, + pub ex_data: ::CRYPTO_EX_DATA, +} + +#[repr(C)] +pub struct CRYPTO_EX_DATA { + pub sk: *mut ::stack_st_void, + pub dummy: c_int, +} + +#[repr(C)] +pub struct EVP_MD_CTX { + digest: *mut ::EVP_MD, + engine: *mut ::ENGINE, + flags: c_ulong, + md_data: *mut c_void, + pctx: *mut ::EVP_PKEY_CTX, + update: *mut c_void, +} + +#[repr(C)] +pub struct EVP_CIPHER { + pub nid: c_int, + pub block_size: c_int, + pub key_len: c_int, + pub iv_len: c_int, + pub flags: c_ulong, + pub init: Option< + unsafe extern "C" fn(*mut ::EVP_CIPHER_CTX, *const c_uchar, *const c_uchar, c_int) -> c_int, + >, + pub do_cipher: Option< + unsafe extern "C" fn(*mut ::EVP_CIPHER_CTX, *mut c_uchar, *const c_uchar, size_t) -> c_int, + >, + pub cleanup: Option c_int>, + pub ctx_size: c_int, + pub set_asn1_parameters: + Option c_int>, + pub get_asn1_parameters: + Option c_int>, + pub ctrl: + Option c_int>, + pub app_data: *mut c_void, +} + +#[repr(C)] +pub struct HMAC_CTX { + md: *mut ::EVP_MD, + md_ctx: ::EVP_MD_CTX, + i_ctx: ::EVP_MD_CTX, + o_ctx: ::EVP_MD_CTX, + key_length: c_uint, + key: [c_uchar; 128], +} + +#[repr(C)] +pub struct BIGNUM { + pub d: *mut ::BN_ULONG, + pub top: c_int, + pub dmax: c_int, + pub neg: c_int, + pub flags: c_int, +} + +#[repr(C)] +pub struct DH { + pub pad: c_int, + pub version: c_int, + pub p: *mut ::BIGNUM, + pub g: *mut ::BIGNUM, + pub length: c_long, + pub pub_key: *mut ::BIGNUM, + pub priv_key: *mut ::BIGNUM, + pub flags: c_int, + pub method_mont_p: *mut ::BN_MONT_CTX, + pub q: *mut ::BIGNUM, + pub j: *mut ::BIGNUM, + pub seed: *mut c_uchar, + pub seedlen: c_int, + pub counter: *mut ::BIGNUM, + pub references: c_int, + pub ex_data: ::CRYPTO_EX_DATA, + pub meth: *const ::DH_METHOD, + pub engine: *mut ::ENGINE, +} + +#[repr(C)] +pub struct X509 { + pub cert_info: *mut X509_CINF, + pub sig_alg: *mut ::X509_ALGOR, + pub signature: *mut ::ASN1_BIT_STRING, + pub valid: c_int, + pub references: c_int, + pub name: *mut c_char, + pub ex_data: ::CRYPTO_EX_DATA, + pub ex_pathlen: c_long, + pub ex_pcpathlen: c_long, + pub ex_flags: c_ulong, + pub ex_kusage: c_ulong, + pub ex_xkusage: c_ulong, + pub ex_nscert: c_ulong, + skid: *mut c_void, + akid: *mut c_void, + policy_cache: *mut c_void, + crldp: *mut c_void, + altname: *mut c_void, + nc: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] + rfc3779_addr: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] + rfc3779_asid: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] + sha1_hash: [c_uchar; 20], + aux: *mut c_void, +} + +#[repr(C)] +pub struct X509_CINF { + version: *mut c_void, + serialNumber: *mut c_void, + signature: *mut c_void, + issuer: *mut c_void, + pub validity: *mut X509_VAL, + subject: *mut c_void, + key: *mut c_void, + issuerUID: *mut c_void, + subjectUID: *mut c_void, + pub extensions: *mut stack_st_X509_EXTENSION, + enc: ASN1_ENCODING, +} + +#[repr(C)] +pub struct X509_ALGOR { + pub algorithm: *mut ::ASN1_OBJECT, + parameter: *mut c_void, +} + +#[repr(C)] +pub struct ASN1_ENCODING { + pub enc: *mut c_uchar, + pub len: c_long, + pub modified: c_int, +} + +#[repr(C)] +pub struct X509_VAL { + pub notBefore: *mut ::ASN1_TIME, + pub notAfter: *mut ::ASN1_TIME, +} + +#[repr(C)] +pub struct X509_REQ_INFO { + pub enc: ASN1_ENCODING, + pub version: *mut ::ASN1_INTEGER, + pub subject: *mut ::X509_NAME, + pubkey: *mut c_void, + pub attributes: *mut stack_st_X509_ATTRIBUTE, +} + +#[repr(C)] +pub struct X509_REQ { + pub req_info: *mut X509_REQ_INFO, + sig_alg: *mut c_void, + signature: *mut c_void, + references: c_int, +} + +#[repr(C)] +pub struct SSL { + version: c_int, + type_: c_int, + method: *const ::SSL_METHOD, + rbio: *mut c_void, + wbio: *mut c_void, + bbio: *mut c_void, + rwstate: c_int, + in_handshake: c_int, + handshake_func: Option c_int>, + pub server: c_int, + new_session: c_int, + quiet_session: c_int, + shutdown: c_int, + state: c_int, + rstate: c_int, + init_buf: *mut c_void, + init_msg: *mut c_void, + init_num: c_int, + init_off: c_int, + packet: *mut c_uchar, + packet_length: c_uint, + s2: *mut c_void, + s3: *mut c_void, + d1: *mut c_void, + read_ahead: c_int, + msg_callback: Option< + unsafe extern "C" fn(c_int, c_int, c_int, *const c_void, size_t, *mut SSL, *mut c_void), + >, + msg_callback_arg: *mut c_void, + hit: c_int, + param: *mut c_void, + cipher_list: *mut stack_st_SSL_CIPHER, + cipher_list_by_id: *mut stack_st_SSL_CIPHER, + mac_flags: c_int, + enc_read_ctx: *mut ::EVP_CIPHER_CTX, + read_hash: *mut ::EVP_MD_CTX, + expand: *mut c_void, + enc_write_ctx: *mut ::EVP_CIPHER_CTX, + write_hash: *mut ::EVP_MD_CTX, + compress: *mut c_void, + cert: *mut c_void, + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], + session: *mut ::SSL_SESSION, + generate_session_id: ::GEN_SESSION_CB, + verify_mode: c_int, + verify_callback: Option c_int>, + info_callback: Option, + error: c_int, + error_code: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] + kssl_ctx: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_client_callback: Option< + unsafe extern "C" fn(*mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint) + -> c_uint, + >, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_server_callback: + Option c_uint>, + ctx: *mut ::SSL_CTX, + debug: c_int, + verify_result: c_long, + ex_data: ::CRYPTO_EX_DATA, + client_CA: *mut stack_st_X509_NAME, + references: c_int, + options: c_ulong, + mode: c_ulong, + max_cert_list: c_long, + first_packet: c_int, + client_version: c_int, + max_send_fragment: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_debug_cb: + Option, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_debug_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_hostname: *mut c_char, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + servername_done: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_type: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_expected: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ocsp_ids: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ocsp_exts: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ocsp_resp: *mut c_uchar, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ocsp_resplen: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ticket_expected: c_int, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist: *mut c_uchar, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input_len: size_t, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_session_ticket: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tls_session_ticket_ext_cb_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tls_session_secret_cb: ::tls_session_secret_cb_fn, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tls_session_secret_cb_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + initial_ctx: *mut ::SSL_CTX, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_negotiated: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_negotiated_len: c_uchar, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + srtp_profiles: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + srtp_profile: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_heartbeat: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_hb_pending: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_hb_seq: c_uint, + renegotiate: c_int, + #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] + srp_ctx: ::SRP_CTX, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list_len: c_uint, +} + +#[repr(C)] +pub struct SSL_CTX { + method: *mut c_void, + cipher_list: *mut c_void, + cipher_list_by_id: *mut c_void, + cert_store: *mut c_void, + sessions: *mut c_void, + session_cache_size: c_ulong, + session_cache_head: *mut c_void, + session_cache_tail: *mut c_void, + session_cache_mode: c_int, + session_timeout: c_long, + new_session_cb: *mut c_void, + remove_session_cb: *mut c_void, + get_session_cb: *mut c_void, + stats: [c_int; 11], + pub references: c_int, + app_verify_callback: *mut c_void, + app_verify_arg: *mut c_void, + default_passwd_callback: *mut c_void, + default_passwd_callback_userdata: *mut c_void, + client_cert_cb: *mut c_void, + app_gen_cookie_cb: *mut c_void, + app_verify_cookie_cb: *mut c_void, + ex_dat: ::CRYPTO_EX_DATA, + rsa_md5: *mut c_void, + md5: *mut c_void, + sha1: *mut c_void, + extra_certs: *mut c_void, + comp_methods: *mut c_void, + info_callback: *mut c_void, + client_CA: *mut c_void, + options: c_ulong, + mode: c_ulong, + max_cert_list: c_long, + cert: *mut c_void, + read_ahead: c_int, + msg_callback: *mut c_void, + msg_callback_arg: *mut c_void, + verify_mode: c_int, + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; 32], + default_verify_callback: *mut c_void, + generate_session_id: *mut c_void, + param: *mut c_void, + quiet_shutdown: c_int, + max_send_fragment: c_uint, + + #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] + client_cert_engine: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_servername_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsect_servername_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_key_name: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_hmac_key: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_aes_key: [c_uchar; 16], + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ticket_key_cb: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_cb: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_status_arg: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_opaque_prf_input_callback_arg: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_identity_hint: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_client_callback: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_server_callback: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + freelist_max_len: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + wbuf_freelist: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] + rbuf_freelist: *mut c_void, + + #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] + srp_ctx: SRP_CTX, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_protos_advertised_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_protos_advertised_cb_arg: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_select_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_select_cb_arg: *mut c_void, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] + srtp_profiles: *mut c_void, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + srtp_profiles: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_select_cb: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_select_cb_arg: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list: *mut c_void, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] + alpn_client_proto_list_len: c_uint, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ecpointformatlist: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ellipticcurvelist: *mut c_uchar, +} + +#[repr(C)] +pub struct SSL_SESSION { + ssl_version: c_int, + key_arg_length: c_uint, + key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize], + pub master_key_length: c_int, + pub master_key: [c_uchar; 48], + session_id_length: c_uint, + session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], + #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] + krb5_client_princ_len: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] + krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize], + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_identity_hint: *mut c_char, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_identity: *mut c_char, + not_resumable: c_int, + sess_cert: *mut c_void, + peer: *mut X509, + verify_result: c_long, + pub references: c_int, + timeout: c_long, + time: c_long, + compress_meth: c_uint, + cipher: *const c_void, + cipher_id: c_ulong, + ciphers: *mut c_void, + ex_data: ::CRYPTO_EX_DATA, + prev: *mut c_void, + next: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_hostname: *mut c_char, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist: *mut c_uchar, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick: *mut c_uchar, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_ticklen: size_t, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_tick_lifetime_hint: c_long, + #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] + srp_username: *mut c_char, +} + +#[repr(C)] +pub struct SRP_CTX { + SRP_cb_arg: *mut c_void, + TLS_ext_srp_username_callback: *mut c_void, + SRP_verify_param_callback: *mut c_void, + SRP_give_srp_client_pwd_callback: *mut c_void, + login: *mut c_void, + N: *mut c_void, + g: *mut c_void, + s: *mut c_void, + B: *mut c_void, + A: *mut c_void, + a: *mut c_void, + b: *mut c_void, + v: *mut c_void, + info: *mut c_void, + stringth: c_int, + srp_Mask: c_ulong, +} + +#[repr(C)] +#[cfg(not(ossl101))] +pub struct X509_VERIFY_PARAM { + pub name: *mut c_char, + pub check_time: time_t, + pub inh_flags: c_ulong, + pub flags: c_ulong, + pub purpose: c_int, + pub trust: c_int, + pub depth: c_int, + pub policies: *mut stack_st_ASN1_OBJECT, + pub id: *mut X509_VERIFY_PARAM_ID, +} + +#[cfg(not(ossl101))] +pub enum X509_VERIFY_PARAM_ID {} +pub enum PKCS12 {} + +pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; +pub const SSL_CTRL_OPTIONS: c_int = 32; +pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; +#[cfg(ossl102)] +pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; + +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; +pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; +pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; +pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; +pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; + +pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32; +pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32; +pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8; +pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48; +pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256; + +pub const SSLEAY_VERSION: c_int = 0; +pub const SSLEAY_CFLAGS: c_int = 2; +pub const SSLEAY_BUILT_ON: c_int = 3; +pub const SSLEAY_PLATFORM: c_int = 4; +pub const SSLEAY_DIR: c_int = 5; + +pub const CRYPTO_LOCK_X509: c_int = 3; +pub const CRYPTO_LOCK_SSL_CTX: c_int = 12; +pub const CRYPTO_LOCK_SSL_SESSION: c_int = 14; + +#[cfg(ossl102h)] +pub const X509_V_ERR_INVALID_CALL: c_int = 65; +#[cfg(ossl102h)] +pub const X509_V_ERR_STORE_LOOKUP: c_int = 66; +#[cfg(ossl102h)] +pub const X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: c_int = 67; + +static mut MUTEXES: *mut Vec> = 0 as *mut Vec>; +static mut GUARDS: *mut Vec>> = + 0 as *mut Vec>>; + +unsafe extern "C" fn locking_function(mode: c_int, n: c_int, _file: *const c_char, _line: c_int) { + let mutex = &(*MUTEXES)[n as usize]; + + if mode & ::CRYPTO_LOCK != 0 { + (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); + } else { + if let None = (*GUARDS)[n as usize].take() { + let _ = writeln!( + io::stderr(), + "BUG: rust-openssl lock {} already unlocked, aborting", + n + ); + process::abort(); + } + } +} + +pub fn init() { + static INIT: Once = ONCE_INIT; + + INIT.call_once(|| unsafe { + SSL_library_init(); + SSL_load_error_strings(); + OPENSSL_add_all_algorithms_noconf(); + + let num_locks = ::CRYPTO_num_locks(); + let mut mutexes = Box::new(Vec::new()); + for _ in 0..num_locks { + mutexes.push(Mutex::new(())); + } + MUTEXES = mem::transmute(mutexes); + let guards: Box>>> = + Box::new((0..num_locks).map(|_| None).collect()); + GUARDS = mem::transmute(guards); + + CRYPTO_set_locking_callback(locking_function); + set_id_callback(); + }) +} + +#[cfg(unix)] +fn set_id_callback() { + unsafe extern "C" fn thread_id() -> c_ulong { + ::libc::pthread_self() as c_ulong + } + + unsafe { + CRYPTO_set_id_callback(thread_id); + } +} + +#[cfg(not(unix))] +fn set_id_callback() {} + +// macros + +#[cfg(ossl102)] +pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int { + ::SSL_CTX_ctrl( + ctx, + SSL_CTRL_SET_ECDH_AUTO, + onoff as c_long, + ptr::null_mut(), + ) as c_int +} + +#[cfg(ossl102)] +pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int { + ::SSL_ctrl( + ssl, + SSL_CTRL_SET_ECDH_AUTO, + onoff as c_long, + ptr::null_mut(), + ) as c_int +} + +pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int { + ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int +} + +extern "C" { + pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> *mut BIO_METHOD; + pub fn BIO_s_mem() -> *mut BIO_METHOD; + + pub fn get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; + + pub fn CRYPTO_malloc(num: c_int, file: *const c_char, line: c_int) -> *mut c_void; + pub fn CRYPTO_free(buf: *mut c_void); + pub fn CRYPTO_num_locks() -> c_int; + pub fn CRYPTO_set_locking_callback( + func: unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int), + ); + pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); + + pub fn ERR_load_crypto_strings(); + + pub fn RSA_generate_key( + modsz: c_int, + e: c_ulong, + cb: Option, + cbarg: *mut c_void, + ) -> *mut RSA; + + pub fn OCSP_cert_to_id( + dgst: *const ::EVP_MD, + subject: *mut ::X509, + issuer: *mut ::X509, + ) -> *mut ::OCSP_CERTID; + + pub fn PKCS12_create( + pass: *mut c_char, + friendly_name: *mut c_char, + pkey: *mut EVP_PKEY, + cert: *mut X509, + ca: *mut stack_st_X509, + nid_key: c_int, + nid_cert: c_int, + iter: c_int, + mac_iter: c_int, + keytype: c_int, + ) -> *mut PKCS12; + + pub fn SSL_library_init() -> c_int; + pub fn SSL_load_error_strings(); + pub fn OPENSSL_add_all_algorithms_noconf(); + pub fn HMAC_CTX_init(ctx: *mut ::HMAC_CTX); + pub fn HMAC_CTX_cleanup(ctx: *mut ::HMAC_CTX); + #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))] + pub fn SSLv3_method() -> *const ::SSL_METHOD; + pub fn TLSv1_method() -> *const ::SSL_METHOD; + pub fn SSLv23_method() -> *const ::SSL_METHOD; + pub fn TLSv1_1_method() -> *const ::SSL_METHOD; + pub fn TLSv1_2_method() -> *const ::SSL_METHOD; + pub fn DTLSv1_method() -> *const ::SSL_METHOD; + #[cfg(ossl102)] + pub fn DTLSv1_2_method() -> *const ::SSL_METHOD; + pub fn SSL_get_ex_new_index( + argl: c_long, + argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>, + ) -> c_int; + pub fn SSL_set_tmp_ecdh_callback( + ssl: *mut ::SSL, + ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) + -> *mut ::EC_KEY, + ); + pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *mut c_char; + pub fn SSL_CTX_get_ex_new_index( + argl: c_long, + argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>, + ) -> c_int; + // FIXME should take an option + pub fn SSL_CTX_set_tmp_ecdh_callback( + ctx: *mut ::SSL_CTX, + ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) + -> *mut ::EC_KEY, + ); + pub fn SSL_CTX_sess_set_get_cb( + ctx: *mut ::SSL_CTX, + get_session_cb: Option< + unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, + >, + ); + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_get_ext_d2i( + x: *mut ::X509, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509_NAME_add_entry_by_NID( + x: *mut ::X509_NAME, + field: c_int, + ty: c_int, + bytes: *mut c_uchar, + len: c_int, + loc: c_int, + set: c_int, + ) -> c_int; + #[cfg(not(ossl101))] + pub fn X509_get0_signature( + psig: *mut *mut ::ASN1_BIT_STRING, + palg: *mut *mut ::X509_ALGOR, + x: *const ::X509, + ); + #[cfg(not(ossl101))] + pub fn X509_get_signature_nid(x: *const X509) -> c_int; + #[cfg(not(ossl101))] + pub fn X509_ALGOR_get0( + paobj: *mut *mut ::ASN1_OBJECT, + pptype: *mut c_int, + ppval: *mut *mut c_void, + alg: *mut ::X509_ALGOR, + ); + pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; + pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; + pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; + pub fn X509V3_EXT_nconf_nid( + conf: *mut ::CONF, + ctx: *mut ::X509V3_CTX, + ext_nid: c_int, + value: *mut c_char, + ) -> *mut ::X509_EXTENSION; + pub fn X509V3_EXT_nconf( + conf: *mut ::CONF, + ctx: *mut ::X509V3_CTX, + name: *mut c_char, + value: *mut c_char, + ) -> *mut ::X509_EXTENSION; + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ::ASN1_STRING) -> c_int; + pub fn ASN1_STRING_data(x: *mut ::ASN1_STRING) -> *mut c_uchar; + pub fn CRYPTO_add_lock( + pointer: *mut c_int, + amount: c_int, + type_: c_int, + file: *const c_char, + line: c_int, + ) -> c_int; + pub fn EVP_MD_CTX_create() -> *mut EVP_MD_CTX; + pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX); + pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; + + pub fn sk_new_null() -> *mut _STACK; + pub fn sk_num(st: *const _STACK) -> c_int; + pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void; + pub fn sk_free(st: *mut _STACK); + pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int; + pub fn sk_pop_free(st: *mut _STACK, free: Option); + pub fn sk_pop(st: *mut _STACK) -> *mut c_void; + + pub fn SSLeay() -> c_ulong; + pub fn SSLeay_version(key: c_int) -> *const c_char; + + #[cfg(ossl102)] + pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; +} diff --git a/openssl-sys/src/openssl/v110.rs b/openssl-sys/src/openssl/v110.rs new file mode 100644 index 00000000..4f1aa1c1 --- /dev/null +++ b/openssl-sys/src/openssl/v110.rs @@ -0,0 +1,381 @@ +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; +use std::ptr; +use std::sync::{Once, ONCE_INIT}; + +pub enum BIGNUM {} +pub enum BIO {} +pub enum BIO_METHOD {} +pub enum CRYPTO_EX_DATA {} +pub enum DH {} +pub enum DSA {} +pub enum ECDSA_SIG {} +pub enum EVP_CIPHER {} +pub enum EVP_MD_CTX {} +pub enum EVP_PKEY {} +pub enum HMAC_CTX {} +pub enum OPENSSL_STACK {} +pub enum PKCS12 {} +pub enum RSA {} +pub enum SSL {} +pub enum SSL_CTX {} +pub enum SSL_SESSION {} +pub enum stack_st_ASN1_OBJECT {} +pub enum stack_st_GENERAL_NAME {} +pub enum stack_st_OPENSSL_STRING {} +pub enum stack_st_void {} +pub enum stack_st_X509 {} +pub enum stack_st_X509_NAME {} +pub enum stack_st_X509_ATTRIBUTE {} +pub enum stack_st_X509_EXTENSION {} +pub enum stack_st_SSL_CIPHER {} +pub enum OPENSSL_INIT_SETTINGS {} +pub enum X509 {} +pub enum X509_ALGOR {} +pub enum X509_VERIFY_PARAM {} +pub enum X509_REQ {} + +pub const CMS_ASCIICRLF: c_uint = 0x80000; + +pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; +pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; +#[cfg(ossl110g)] +pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; +#[cfg(ossl110g)] +pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; + +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; +pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; +pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; +pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; +pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; + +pub const OPENSSL_VERSION: c_int = 0; +pub const OPENSSL_CFLAGS: c_int = 1; +pub const OPENSSL_BUILT_ON: c_int = 2; +pub const OPENSSL_PLATFORM: c_int = 3; +pub const OPENSSL_DIR: c_int = 4; + +pub const CRYPTO_EX_INDEX_SSL: c_int = 0; +pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1; + +pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000; + +pub const X509_V_ERR_DANE_NO_MATCH: c_int = 65; +pub const X509_V_ERR_EE_KEY_TOO_SMALL: c_int = 66; +pub const X509_V_ERR_CA_KEY_TOO_SMALL: c_int = 67; +pub const X509_V_ERR_CA_MD_TOO_WEAK: c_int = 68; +pub const X509_V_ERR_INVALID_CALL: c_int = 69; +pub const X509_V_ERR_STORE_LOOKUP: c_int = 70; +pub const X509_V_ERR_NO_VALID_SCTS: c_int = 71; + +pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; + +pub fn init() { + // explicitly initialize to work around https://github.com/openssl/openssl/issues/3505 + static INIT: Once = ONCE_INIT; + + INIT.call_once(|| unsafe { + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, ptr::null_mut()); + }) +} + +pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { + ::SSL_CTX_ctrl( + ctx, + SSL_CTRL_SET_MIN_PROTO_VERSION, + version as c_long, + ptr::null_mut(), + ) as c_int +} + +pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { + ::SSL_CTX_ctrl( + ctx, + SSL_CTRL_SET_MAX_PROTO_VERSION, + version as c_long, + ptr::null_mut(), + ) as c_int +} + +#[cfg(ossl110g)] +pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int { + ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int +} + +#[cfg(ossl110g)] +pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int { + ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int +} + +pub unsafe fn SSL_set_min_proto_version(s: *mut ::SSL, version: c_int) -> c_int { + ::SSL_ctrl( + s, + SSL_CTRL_SET_MIN_PROTO_VERSION, + version as c_long, + ptr::null_mut(), + ) as c_int +} + +pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int { + ::SSL_ctrl( + s, + SSL_CTRL_SET_MAX_PROTO_VERSION, + version as c_long, + ptr::null_mut(), + ) as c_int +} + +#[cfg(ossl110g)] +pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int { + ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int +} + +#[cfg(ossl110g)] +pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int { + ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int +} + +extern "C" { + pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> *const BIO_METHOD; + pub fn BIO_s_mem() -> *const BIO_METHOD; + + pub fn BN_get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn BN_get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; + + pub fn CRYPTO_malloc(num: size_t, file: *const c_char, line: c_int) -> *mut c_void; + pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int); + + pub fn EVP_chacha20() -> *const ::EVP_CIPHER; + pub fn EVP_chacha20_poly1305() -> *const ::EVP_CIPHER; + + pub fn HMAC_CTX_new() -> *mut HMAC_CTX; + pub fn HMAC_CTX_free(ctx: *mut HMAC_CTX); + + pub fn OCSP_cert_to_id( + dgst: *const ::EVP_MD, + subject: *const ::X509, + issuer: *const ::X509, + ) -> *mut ::OCSP_CERTID; + + pub fn TLS_method() -> *const ::SSL_METHOD; + pub fn DTLS_method() -> *const ::SSL_METHOD; + pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *const c_char; + pub fn X509_get_subject_name(x: *const ::X509) -> *mut ::X509_NAME; + pub fn X509_get_issuer_name(x: *const ::X509) -> *mut ::X509_NAME; + pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; + pub fn X509_get_ext_d2i( + x: *const ::X509, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509_NAME_add_entry_by_NID( + x: *mut ::X509_NAME, + field: c_int, + ty: c_int, + bytes: *const c_uchar, + len: c_int, + loc: c_int, + set: c_int, + ) -> c_int; + pub fn X509_get_signature_nid(x: *const X509) -> c_int; + pub fn X509_ALGOR_get0( + paobj: *mut *const ::ASN1_OBJECT, + pptype: *mut c_int, + ppval: *mut *const c_void, + alg: *const ::X509_ALGOR, + ); + pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; + pub fn X509_NAME_ENTRY_get_data(ne: *const ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; + pub fn X509V3_EXT_nconf_nid( + conf: *mut ::CONF, + ctx: *mut ::X509V3_CTX, + ext_nid: c_int, + value: *const c_char, + ) -> *mut ::X509_EXTENSION; + pub fn X509V3_EXT_nconf( + conf: *mut ::CONF, + ctx: *mut ::X509V3_CTX, + name: *const c_char, + value: *const c_char, + ) -> *mut ::X509_EXTENSION; + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ::ASN1_STRING) -> c_int; + pub fn BN_is_negative(b: *const ::BIGNUM) -> c_int; + pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_PBE_scrypt( + pass: *const c_char, + passlen: size_t, + salt: *const c_uchar, + saltlen: size_t, + N: u64, + r: u64, + p: u64, + maxmem: u64, + key: *mut c_uchar, + keylen: size_t, + ) -> c_int; + pub fn DSA_get0_pqg( + d: *const ::DSA, + p: *mut *const ::BIGNUM, + q: *mut *const ::BIGNUM, + q: *mut *const ::BIGNUM, + ); + pub fn DSA_get0_key( + d: *const ::DSA, + pub_key: *mut *const ::BIGNUM, + priv_key: *mut *const ::BIGNUM, + ); + pub fn RSA_get0_key( + r: *const ::RSA, + n: *mut *const ::BIGNUM, + e: *mut *const ::BIGNUM, + d: *mut *const ::BIGNUM, + ); + pub fn RSA_get0_factors(r: *const ::RSA, p: *mut *const ::BIGNUM, q: *mut *const ::BIGNUM); + pub fn RSA_get0_crt_params( + r: *const ::RSA, + dmp1: *mut *const ::BIGNUM, + dmq1: *mut *const ::BIGNUM, + iqmp: *mut *const ::BIGNUM, + ); + pub fn RSA_set0_key( + r: *mut ::RSA, + n: *mut ::BIGNUM, + e: *mut ::BIGNUM, + d: *mut ::BIGNUM, + ) -> c_int; + pub fn RSA_set0_factors(r: *mut ::RSA, p: *mut ::BIGNUM, q: *mut ::BIGNUM) -> c_int; + pub fn RSA_set0_crt_params( + r: *mut ::RSA, + dmp1: *mut ::BIGNUM, + dmq1: *mut ::BIGNUM, + iqmp: *mut ::BIGNUM, + ) -> c_int; + pub fn ASN1_STRING_get0_data(x: *const ::ASN1_STRING) -> *const c_uchar; + pub fn OPENSSL_sk_num(stack: *const ::OPENSSL_STACK) -> c_int; + pub fn OPENSSL_sk_value(stack: *const ::OPENSSL_STACK, idx: c_int) -> *mut c_void; + pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong; + pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; + pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; + pub fn SSL_CTX_sess_set_get_cb( + ctx: *mut ::SSL_CTX, + get_session_cb: Option< + unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, + >, + ); + pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; + pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; + pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn X509_get0_signature( + psig: *mut *const ::ASN1_BIT_STRING, + palg: *mut *const ::X509_ALGOR, + x: *const ::X509, + ); + pub fn DH_set0_pqg( + dh: *mut ::DH, + p: *mut ::BIGNUM, + q: *mut ::BIGNUM, + g: *mut ::BIGNUM, + ) -> c_int; + pub fn BIO_set_init(a: *mut ::BIO, init: c_int); + pub fn BIO_set_data(a: *mut ::BIO, data: *mut c_void); + pub fn BIO_get_data(a: *mut ::BIO) -> *mut c_void; + pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut ::BIO_METHOD; + pub fn BIO_meth_free(biom: *mut ::BIO_METHOD); + // FIXME should wrap in Option + pub fn BIO_meth_set_write( + biom: *mut ::BIO_METHOD, + write: unsafe extern "C" fn(*mut ::BIO, *const c_char, c_int) -> c_int, + ) -> c_int; + pub fn BIO_meth_set_read( + biom: *mut ::BIO_METHOD, + read: unsafe extern "C" fn(*mut ::BIO, *mut c_char, c_int) -> c_int, + ) -> c_int; + pub fn BIO_meth_set_puts( + biom: *mut ::BIO_METHOD, + read: unsafe extern "C" fn(*mut ::BIO, *const c_char) -> c_int, + ) -> c_int; + pub fn BIO_meth_set_ctrl( + biom: *mut ::BIO_METHOD, + read: unsafe extern "C" fn(*mut ::BIO, c_int, c_long, *mut c_void) -> c_long, + ) -> c_int; + pub fn BIO_meth_set_create( + biom: *mut ::BIO_METHOD, + create: unsafe extern "C" fn(*mut ::BIO) -> c_int, + ) -> c_int; + pub fn BIO_meth_set_destroy( + biom: *mut ::BIO_METHOD, + destroy: unsafe extern "C" fn(*mut ::BIO) -> c_int, + ) -> c_int; + pub fn CRYPTO_get_ex_new_index( + class_index: c_int, + argl: c_long, + argp: *mut c_void, + new_func: Option<::CRYPTO_EX_new>, + dup_func: Option<::CRYPTO_EX_dup>, + free_func: Option<::CRYPTO_EX_free>, + ) -> c_int; + pub fn X509_up_ref(x: *mut X509) -> c_int; + pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; + pub fn SSL_session_reused(ssl: *mut SSL) -> c_int; + pub fn SSL_SESSION_get_master_key( + session: *const SSL_SESSION, + out: *mut c_uchar, + outlen: size_t, + ) -> size_t; + pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; + pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; + pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; + pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX; + pub fn EVP_MD_CTX_free(ctx: *mut EVP_MD_CTX); + pub fn EVP_PKEY_bits(key: *const EVP_PKEY) -> c_int; + + pub fn OpenSSL_version_num() -> c_ulong; + pub fn OpenSSL_version(key: c_int) -> *const c_char; + pub fn OPENSSL_init_ssl(opts: u64, settings: *const OPENSSL_INIT_SETTINGS) -> c_int; + pub fn OPENSSL_sk_new_null() -> *mut ::OPENSSL_STACK; + pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK); + pub fn OPENSSL_sk_pop_free( + st: *mut ::OPENSSL_STACK, + free: Option, + ); + pub fn OPENSSL_sk_push(st: *mut ::OPENSSL_STACK, data: *const c_void) -> c_int; + pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void; + + pub fn PKCS12_create( + pass: *const c_char, + friendly_name: *const c_char, + pkey: *mut EVP_PKEY, + cert: *mut X509, + ca: *mut stack_st_X509, + nid_key: c_int, + nid_cert: c_int, + iter: c_int, + mac_iter: c_int, + keytype: c_int, + ) -> *mut PKCS12; + pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; + pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; + pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; + pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); + pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; + + pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int; + pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int; +} diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs new file mode 100644 index 00000000..8574efc8 --- /dev/null +++ b/openssl-sys/src/openssl/v111.rs @@ -0,0 +1,85 @@ +use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void}; + +pub type SSL_CTX_keylog_cb_func = + Option; + +pub type SSL_custom_ext_add_cb_ex = + Option c_int>; + +pub type SSL_custom_ext_free_cb_ex = + Option; + +pub type SSL_custom_ext_parse_cb_ex = + Option c_int>; + +pub const SSL_COOKIE_LENGTH: c_int = 4096; + +pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; +pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; + +pub const TLS1_3_VERSION: c_int = 0x304; + +pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; +/* This extension is only allowed in DTLS */ +pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002; +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004; +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008; +/* Extension is only defined for TLS1.2 and below */ +pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010; +/* Extension is only defined for TLS1.3 and above */ +pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020; +/* Ignore this extension during parsing if we are resuming */ +pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040; +pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080; +/* Really means TLS1.2 or below */ +pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100; +pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200; +pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400; +pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800; +pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; +pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; +pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; + + +extern "C" { + pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); + pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint, + add_cb: SSL_custom_ext_add_cb_ex, + free_cb: SSL_custom_ext_free_cb_ex, + add_arg: *mut c_void, + parse_cb: SSL_custom_ext_parse_cb_ex, + parse_arg: *mut c_void) -> c_int; + pub fn SSL_stateless(s: *mut ::SSL) -> c_int; + pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD; + pub fn SSL_CTX_set_stateless_cookie_generate_cb( + s: *mut ::SSL_CTX, + cb: Option c_int> + ); + pub fn SSL_CTX_set_stateless_cookie_verify_cb( + s: *mut ::SSL_CTX, + cb: Option c_int> + ); +} diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs deleted file mode 100644 index 6a4d4346..00000000 --- a/openssl-sys/src/ossl10x.rs +++ /dev/null @@ -1,984 +0,0 @@ -use std::io::{self, Write}; -use std::mem; -use std::process; -use std::ptr; -use std::sync::{Mutex, MutexGuard}; -use std::sync::{Once, ONCE_INIT}; - -#[cfg(not(ossl101))] -use libc::time_t; -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; - -#[repr(C)] -pub struct stack_st_ASN1_OBJECT { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_X509 { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_X509_NAME { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_X509_ATTRIBUTE { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_X509_EXTENSION { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_GENERAL_NAME { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_void { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_SSL_CIPHER { - pub stack: _STACK, -} - -#[repr(C)] -pub struct stack_st_OPENSSL_STRING { - pub stack: _STACK, -} - -#[repr(C)] -pub struct _STACK { - pub num: c_int, - pub data: *mut *mut c_char, - pub sorted: c_int, - pub num_alloc: c_int, - pub comp: Option c_int>, -} - -#[repr(C)] -pub struct BIO_METHOD { - pub type_: c_int, - pub name: *const c_char, - pub bwrite: Option c_int>, - pub bread: Option c_int>, - pub bputs: Option c_int>, - pub bgets: Option c_int>, - pub ctrl: Option c_long>, - pub create: Option c_int>, - pub destroy: Option c_int>, - pub callback_ctrl: Option c_long>, -} - -#[repr(C)] -pub struct RSA { - pub pad: c_int, - pub version: c_long, - pub meth: *const ::RSA_METHOD, - - pub engine: *mut ::ENGINE, - pub n: *mut ::BIGNUM, - pub e: *mut ::BIGNUM, - pub d: *mut ::BIGNUM, - pub p: *mut ::BIGNUM, - pub q: *mut ::BIGNUM, - pub dmp1: *mut ::BIGNUM, - pub dmq1: *mut ::BIGNUM, - pub iqmp: *mut ::BIGNUM, - - pub ex_data: ::CRYPTO_EX_DATA, - pub references: c_int, - pub flags: c_int, - - pub _method_mod_n: *mut ::BN_MONT_CTX, - pub _method_mod_p: *mut ::BN_MONT_CTX, - pub _method_mod_q: *mut ::BN_MONT_CTX, - - pub bignum_data: *mut c_char, - pub blinding: *mut ::BN_BLINDING, - pub mt_blinding: *mut ::BN_BLINDING, -} - -#[repr(C)] -pub struct DSA { - pub pad: c_int, - pub version: c_long, - pub write_params: c_int, - - pub p: *mut ::BIGNUM, - pub q: *mut ::BIGNUM, - pub g: *mut ::BIGNUM, - pub pub_key: *mut ::BIGNUM, - pub priv_key: *mut ::BIGNUM, - pub kinv: *mut ::BIGNUM, - pub r: *mut ::BIGNUM, - - pub flags: c_int, - pub method_mont_p: *mut ::BN_MONT_CTX, - pub references: c_int, - pub ex_data: ::CRYPTO_EX_DATA, - pub meth: *const ::DSA_METHOD, - pub engine: *mut ::ENGINE, -} - -#[repr(C)] -pub struct ECDSA_SIG { - pub r: *mut BIGNUM, - pub s: *mut BIGNUM, -} - -#[repr(C)] -pub struct EVP_PKEY { - pub type_: c_int, - pub save_type: c_int, - pub references: c_int, - pub ameth: *const ::EVP_PKEY_ASN1_METHOD, - pub engine: *mut ::ENGINE, - pub pkey: *mut c_void, - pub save_parameters: c_int, - pub attributes: *mut stack_st_X509_ATTRIBUTE, -} - -#[repr(C)] -pub struct BIO { - pub method: *mut ::BIO_METHOD, - pub callback: Option< - unsafe extern "C" fn(*mut ::BIO, c_int, *const c_char, c_int, c_long, c_long) -> c_long, - >, - pub cb_arg: *mut c_char, - pub init: c_int, - pub shutdown: c_int, - pub flags: c_int, - pub retry_reason: c_int, - pub num: c_int, - pub ptr: *mut c_void, - pub next_bio: *mut ::BIO, - pub prev_bio: *mut ::BIO, - pub references: c_int, - pub num_read: c_ulong, - pub num_write: c_ulong, - pub ex_data: ::CRYPTO_EX_DATA, -} - -#[repr(C)] -pub struct CRYPTO_EX_DATA { - pub sk: *mut ::stack_st_void, - pub dummy: c_int, -} - -#[repr(C)] -pub struct EVP_MD_CTX { - digest: *mut ::EVP_MD, - engine: *mut ::ENGINE, - flags: c_ulong, - md_data: *mut c_void, - pctx: *mut ::EVP_PKEY_CTX, - update: *mut c_void, -} - -#[repr(C)] -pub struct EVP_CIPHER { - pub nid: c_int, - pub block_size: c_int, - pub key_len: c_int, - pub iv_len: c_int, - pub flags: c_ulong, - pub init: Option< - unsafe extern "C" fn(*mut ::EVP_CIPHER_CTX, *const c_uchar, *const c_uchar, c_int) -> c_int, - >, - pub do_cipher: Option< - unsafe extern "C" fn(*mut ::EVP_CIPHER_CTX, *mut c_uchar, *const c_uchar, size_t) -> c_int, - >, - pub cleanup: Option c_int>, - pub ctx_size: c_int, - pub set_asn1_parameters: - Option c_int>, - pub get_asn1_parameters: - Option c_int>, - pub ctrl: - Option c_int>, - pub app_data: *mut c_void, -} - -#[repr(C)] -pub struct HMAC_CTX { - md: *mut ::EVP_MD, - md_ctx: ::EVP_MD_CTX, - i_ctx: ::EVP_MD_CTX, - o_ctx: ::EVP_MD_CTX, - key_length: c_uint, - key: [c_uchar; 128], -} - -#[repr(C)] -pub struct BIGNUM { - pub d: *mut ::BN_ULONG, - pub top: c_int, - pub dmax: c_int, - pub neg: c_int, - pub flags: c_int, -} - -#[repr(C)] -pub struct DH { - pub pad: c_int, - pub version: c_int, - pub p: *mut ::BIGNUM, - pub g: *mut ::BIGNUM, - pub length: c_long, - pub pub_key: *mut ::BIGNUM, - pub priv_key: *mut ::BIGNUM, - pub flags: c_int, - pub method_mont_p: *mut ::BN_MONT_CTX, - pub q: *mut ::BIGNUM, - pub j: *mut ::BIGNUM, - pub seed: *mut c_uchar, - pub seedlen: c_int, - pub counter: *mut ::BIGNUM, - pub references: c_int, - pub ex_data: ::CRYPTO_EX_DATA, - pub meth: *const ::DH_METHOD, - pub engine: *mut ::ENGINE, -} - -#[repr(C)] -pub struct X509 { - pub cert_info: *mut X509_CINF, - pub sig_alg: *mut ::X509_ALGOR, - pub signature: *mut ::ASN1_BIT_STRING, - pub valid: c_int, - pub references: c_int, - pub name: *mut c_char, - pub ex_data: ::CRYPTO_EX_DATA, - pub ex_pathlen: c_long, - pub ex_pcpathlen: c_long, - pub ex_flags: c_ulong, - pub ex_kusage: c_ulong, - pub ex_xkusage: c_ulong, - pub ex_nscert: c_ulong, - skid: *mut c_void, - akid: *mut c_void, - policy_cache: *mut c_void, - crldp: *mut c_void, - altname: *mut c_void, - nc: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] - rfc3779_addr: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] - rfc3779_asid: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] - sha1_hash: [c_uchar; 20], - aux: *mut c_void, -} - -#[repr(C)] -pub struct X509_CINF { - version: *mut c_void, - serialNumber: *mut c_void, - signature: *mut c_void, - issuer: *mut c_void, - pub validity: *mut X509_VAL, - subject: *mut c_void, - key: *mut c_void, - issuerUID: *mut c_void, - subjectUID: *mut c_void, - pub extensions: *mut stack_st_X509_EXTENSION, - enc: ASN1_ENCODING, -} - -#[repr(C)] -pub struct X509_ALGOR { - pub algorithm: *mut ::ASN1_OBJECT, - parameter: *mut c_void, -} - -#[repr(C)] -pub struct ASN1_ENCODING { - pub enc: *mut c_uchar, - pub len: c_long, - pub modified: c_int, -} - -#[repr(C)] -pub struct X509_VAL { - pub notBefore: *mut ::ASN1_TIME, - pub notAfter: *mut ::ASN1_TIME, -} - -#[repr(C)] -pub struct X509_REQ_INFO { - pub enc: ASN1_ENCODING, - pub version: *mut ::ASN1_INTEGER, - pub subject: *mut ::X509_NAME, - pubkey: *mut c_void, - pub attributes: *mut stack_st_X509_ATTRIBUTE, -} - -#[repr(C)] -pub struct X509_REQ { - pub req_info: *mut X509_REQ_INFO, - sig_alg: *mut c_void, - signature: *mut c_void, - references: c_int, -} - -#[repr(C)] -pub struct SSL { - version: c_int, - type_: c_int, - method: *const ::SSL_METHOD, - rbio: *mut c_void, - wbio: *mut c_void, - bbio: *mut c_void, - rwstate: c_int, - in_handshake: c_int, - handshake_func: Option c_int>, - pub server: c_int, - new_session: c_int, - quiet_session: c_int, - shutdown: c_int, - state: c_int, - rstate: c_int, - init_buf: *mut c_void, - init_msg: *mut c_void, - init_num: c_int, - init_off: c_int, - packet: *mut c_uchar, - packet_length: c_uint, - s2: *mut c_void, - s3: *mut c_void, - d1: *mut c_void, - read_ahead: c_int, - msg_callback: Option< - unsafe extern "C" fn(c_int, c_int, c_int, *const c_void, size_t, *mut SSL, *mut c_void), - >, - msg_callback_arg: *mut c_void, - hit: c_int, - param: *mut c_void, - cipher_list: *mut stack_st_SSL_CIPHER, - cipher_list_by_id: *mut stack_st_SSL_CIPHER, - mac_flags: c_int, - enc_read_ctx: *mut ::EVP_CIPHER_CTX, - read_hash: *mut ::EVP_MD_CTX, - expand: *mut c_void, - enc_write_ctx: *mut ::EVP_CIPHER_CTX, - write_hash: *mut ::EVP_MD_CTX, - compress: *mut c_void, - cert: *mut c_void, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], - session: *mut ::SSL_SESSION, - generate_session_id: ::GEN_SESSION_CB, - verify_mode: c_int, - verify_callback: Option c_int>, - info_callback: Option, - error: c_int, - error_code: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] - kssl_ctx: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_client_callback: Option< - unsafe extern "C" fn(*mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint) - -> c_uint, - >, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_server_callback: - Option c_uint>, - ctx: *mut ::SSL_CTX, - debug: c_int, - verify_result: c_long, - ex_data: ::CRYPTO_EX_DATA, - client_CA: *mut stack_st_X509_NAME, - references: c_int, - options: c_ulong, - mode: c_ulong, - max_cert_list: c_long, - first_packet: c_int, - client_version: c_int, - max_send_fragment: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_debug_cb: - Option, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_debug_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_hostname: *mut c_char, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - servername_done: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_status_type: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_status_expected: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ocsp_ids: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ocsp_exts: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ocsp_resp: *mut c_uchar, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ocsp_resplen: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ticket_expected: c_int, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ellipticcurvelist: *mut c_uchar, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_opaque_prf_input: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_opaque_prf_input_len: size_t, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_session_ticket: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tls_session_ticket_ext_cb_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tls_session_secret_cb: ::tls_session_secret_cb_fn, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tls_session_secret_cb_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - initial_ctx: *mut ::SSL_CTX, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_proto_negotiated: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_proto_negotiated_len: c_uchar, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - srtp_profiles: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - srtp_profile: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_heartbeat: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_hb_pending: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_hb_seq: c_uint, - renegotiate: c_int, - #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] - srp_ctx: ::SRP_CTX, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list_len: c_uint, -} - -#[repr(C)] -pub struct SSL_CTX { - method: *mut c_void, - cipher_list: *mut c_void, - cipher_list_by_id: *mut c_void, - cert_store: *mut c_void, - sessions: *mut c_void, - session_cache_size: c_ulong, - session_cache_head: *mut c_void, - session_cache_tail: *mut c_void, - session_cache_mode: c_int, - session_timeout: c_long, - new_session_cb: *mut c_void, - remove_session_cb: *mut c_void, - get_session_cb: *mut c_void, - stats: [c_int; 11], - pub references: c_int, - app_verify_callback: *mut c_void, - app_verify_arg: *mut c_void, - default_passwd_callback: *mut c_void, - default_passwd_callback_userdata: *mut c_void, - client_cert_cb: *mut c_void, - app_gen_cookie_cb: *mut c_void, - app_verify_cookie_cb: *mut c_void, - ex_dat: ::CRYPTO_EX_DATA, - rsa_md5: *mut c_void, - md5: *mut c_void, - sha1: *mut c_void, - extra_certs: *mut c_void, - comp_methods: *mut c_void, - info_callback: *mut c_void, - client_CA: *mut c_void, - options: c_ulong, - mode: c_ulong, - max_cert_list: c_long, - cert: *mut c_void, - read_ahead: c_int, - msg_callback: *mut c_void, - msg_callback_arg: *mut c_void, - verify_mode: c_int, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; 32], - default_verify_callback: *mut c_void, - generate_session_id: *mut c_void, - param: *mut c_void, - quiet_shutdown: c_int, - max_send_fragment: c_uint, - - #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] - client_cert_engine: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_servername_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsect_servername_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_tick_key_name: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_tick_hmac_key: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_tick_aes_key: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ticket_key_cb: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_status_cb: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_status_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_opaque_prf_input_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_opaque_prf_input_callback_arg: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_identity_hint: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_client_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_server_callback: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - freelist_max_len: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - wbuf_freelist: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - rbuf_freelist: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] - srp_ctx: SRP_CTX, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_protos_advertised_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_protos_advertised_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_proto_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] - next_proto_select_cb_arg: *mut c_void, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] - srtp_profiles: *mut c_void, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - srtp_profiles: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list_len: c_uint, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ellipticcurvelist: *mut c_uchar, -} - -#[repr(C)] -pub struct SSL_SESSION { - ssl_version: c_int, - key_arg_length: c_uint, - key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize], - pub master_key_length: c_int, - pub master_key: [c_uchar; 48], - session_id_length: c_uint, - session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], - #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] - krb5_client_princ_len: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] - krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize], - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_identity_hint: *mut c_char, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_identity: *mut c_char, - not_resumable: c_int, - sess_cert: *mut c_void, - peer: *mut X509, - verify_result: c_long, - pub references: c_int, - timeout: c_long, - time: c_long, - compress_meth: c_uint, - cipher: *const c_void, - cipher_id: c_ulong, - ciphers: *mut c_void, - ex_data: ::CRYPTO_EX_DATA, - prev: *mut c_void, - next: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_hostname: *mut c_char, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] - tlsext_ellipticcurvelist: *mut c_uchar, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_tick: *mut c_uchar, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_ticklen: size_t, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] - tlsext_tick_lifetime_hint: c_long, - #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] - srp_username: *mut c_char, -} - -#[repr(C)] -pub struct SRP_CTX { - SRP_cb_arg: *mut c_void, - TLS_ext_srp_username_callback: *mut c_void, - SRP_verify_param_callback: *mut c_void, - SRP_give_srp_client_pwd_callback: *mut c_void, - login: *mut c_void, - N: *mut c_void, - g: *mut c_void, - s: *mut c_void, - B: *mut c_void, - A: *mut c_void, - a: *mut c_void, - b: *mut c_void, - v: *mut c_void, - info: *mut c_void, - stringth: c_int, - srp_Mask: c_ulong, -} - -#[repr(C)] -#[cfg(not(ossl101))] -pub struct X509_VERIFY_PARAM { - pub name: *mut c_char, - pub check_time: time_t, - pub inh_flags: c_ulong, - pub flags: c_ulong, - pub purpose: c_int, - pub trust: c_int, - pub depth: c_int, - pub policies: *mut stack_st_ASN1_OBJECT, - pub id: *mut X509_VERIFY_PARAM_ID, -} - -#[cfg(not(ossl101))] -pub enum X509_VERIFY_PARAM_ID {} -pub enum PKCS12 {} - -pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; -pub const SSL_CTRL_OPTIONS: c_int = 32; -pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; -#[cfg(ossl102)] -pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; - -pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; -pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; -pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; -pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; -pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; -pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; -pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; -pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; -pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; -pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; - -pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32; -pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32; -pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8; -pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48; -pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256; - -pub const SSLEAY_VERSION: c_int = 0; -pub const SSLEAY_CFLAGS: c_int = 2; -pub const SSLEAY_BUILT_ON: c_int = 3; -pub const SSLEAY_PLATFORM: c_int = 4; -pub const SSLEAY_DIR: c_int = 5; - -pub const CRYPTO_LOCK_X509: c_int = 3; -pub const CRYPTO_LOCK_SSL_CTX: c_int = 12; -pub const CRYPTO_LOCK_SSL_SESSION: c_int = 14; - -#[cfg(ossl102h)] -pub const X509_V_ERR_INVALID_CALL: c_int = 65; -#[cfg(ossl102h)] -pub const X509_V_ERR_STORE_LOOKUP: c_int = 66; -#[cfg(ossl102h)] -pub const X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: c_int = 67; - -static mut MUTEXES: *mut Vec> = 0 as *mut Vec>; -static mut GUARDS: *mut Vec>> = - 0 as *mut Vec>>; - -unsafe extern "C" fn locking_function(mode: c_int, n: c_int, _file: *const c_char, _line: c_int) { - let mutex = &(*MUTEXES)[n as usize]; - - if mode & ::CRYPTO_LOCK != 0 { - (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); - } else { - if let None = (*GUARDS)[n as usize].take() { - let _ = writeln!( - io::stderr(), - "BUG: rust-openssl lock {} already unlocked, aborting", - n - ); - process::abort(); - } - } -} - -pub fn init() { - static INIT: Once = ONCE_INIT; - - INIT.call_once(|| unsafe { - SSL_library_init(); - SSL_load_error_strings(); - OPENSSL_add_all_algorithms_noconf(); - - let num_locks = ::CRYPTO_num_locks(); - let mut mutexes = Box::new(Vec::new()); - for _ in 0..num_locks { - mutexes.push(Mutex::new(())); - } - MUTEXES = mem::transmute(mutexes); - let guards: Box>>> = - Box::new((0..num_locks).map(|_| None).collect()); - GUARDS = mem::transmute(guards); - - CRYPTO_set_locking_callback(locking_function); - set_id_callback(); - }) -} - -#[cfg(unix)] -fn set_id_callback() { - unsafe extern "C" fn thread_id() -> c_ulong { - ::libc::pthread_self() as c_ulong - } - - unsafe { - CRYPTO_set_id_callback(thread_id); - } -} - -#[cfg(not(unix))] -fn set_id_callback() {} - -// macros - -#[cfg(ossl102)] -pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int { - ::SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_ECDH_AUTO, - onoff as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(ossl102)] -pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int { - ::SSL_ctrl( - ssl, - SSL_CTRL_SET_ECDH_AUTO, - onoff as c_long, - ptr::null_mut(), - ) as c_int -} - -pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int { - ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int -} - -extern "C" { - pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; - pub fn BIO_s_file() -> *mut BIO_METHOD; - pub fn BIO_s_mem() -> *mut BIO_METHOD; - - pub fn get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; - - pub fn CRYPTO_malloc(num: c_int, file: *const c_char, line: c_int) -> *mut c_void; - pub fn CRYPTO_free(buf: *mut c_void); - pub fn CRYPTO_num_locks() -> c_int; - pub fn CRYPTO_set_locking_callback( - func: unsafe extern "C" fn(mode: c_int, n: c_int, file: *const c_char, line: c_int), - ); - pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); - - pub fn ERR_load_crypto_strings(); - - pub fn RSA_generate_key( - modsz: c_int, - e: c_ulong, - cb: Option, - cbarg: *mut c_void, - ) -> *mut RSA; - - pub fn OCSP_cert_to_id( - dgst: *const ::EVP_MD, - subject: *mut ::X509, - issuer: *mut ::X509, - ) -> *mut ::OCSP_CERTID; - - pub fn PKCS12_create( - pass: *mut c_char, - friendly_name: *mut c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - - pub fn SSL_library_init() -> c_int; - pub fn SSL_load_error_strings(); - pub fn OPENSSL_add_all_algorithms_noconf(); - pub fn HMAC_CTX_init(ctx: *mut ::HMAC_CTX); - pub fn HMAC_CTX_cleanup(ctx: *mut ::HMAC_CTX); - #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))] - pub fn SSLv3_method() -> *const ::SSL_METHOD; - pub fn TLSv1_method() -> *const ::SSL_METHOD; - pub fn SSLv23_method() -> *const ::SSL_METHOD; - pub fn TLSv1_1_method() -> *const ::SSL_METHOD; - pub fn TLSv1_2_method() -> *const ::SSL_METHOD; - pub fn DTLSv1_method() -> *const ::SSL_METHOD; - #[cfg(ossl102)] - pub fn DTLSv1_2_method() -> *const ::SSL_METHOD; - pub fn SSL_get_ex_new_index( - argl: c_long, - argp: *mut c_void, - new_func: Option<::CRYPTO_EX_new>, - dup_func: Option<::CRYPTO_EX_dup>, - free_func: Option<::CRYPTO_EX_free>, - ) -> c_int; - pub fn SSL_set_tmp_ecdh_callback( - ssl: *mut ::SSL, - ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) - -> *mut ::EC_KEY, - ); - pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *mut c_char; - pub fn SSL_CTX_get_ex_new_index( - argl: c_long, - argp: *mut c_void, - new_func: Option<::CRYPTO_EX_new>, - dup_func: Option<::CRYPTO_EX_dup>, - free_func: Option<::CRYPTO_EX_free>, - ) -> c_int; - // FIXME should take an option - pub fn SSL_CTX_set_tmp_ecdh_callback( - ctx: *mut ::SSL_CTX, - ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) - -> *mut ::EC_KEY, - ); - pub fn SSL_CTX_sess_set_get_cb( - ctx: *mut ::SSL_CTX, - get_session_cb: Option< - unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, - >, - ); - pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; - pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; - pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; - pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; - pub fn X509_get_ext_d2i( - x: *mut ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - pub fn X509_NAME_add_entry_by_NID( - x: *mut ::X509_NAME, - field: c_int, - ty: c_int, - bytes: *mut c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - #[cfg(not(ossl101))] - pub fn X509_get0_signature( - psig: *mut *mut ::ASN1_BIT_STRING, - palg: *mut *mut ::X509_ALGOR, - x: *const ::X509, - ); - #[cfg(not(ossl101))] - pub fn X509_get_signature_nid(x: *const X509) -> c_int; - #[cfg(not(ossl101))] - pub fn X509_ALGOR_get0( - paobj: *mut *mut ::ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *mut c_void, - alg: *mut ::X509_ALGOR, - ); - pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; - pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; - pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; - pub fn X509V3_EXT_nconf_nid( - conf: *mut ::CONF, - ctx: *mut ::X509V3_CTX, - ext_nid: c_int, - value: *mut c_char, - ) -> *mut ::X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut ::CONF, - ctx: *mut ::X509V3_CTX, - name: *mut c_char, - value: *mut c_char, - ) -> *mut ::X509_EXTENSION; - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ::ASN1_STRING) -> c_int; - pub fn ASN1_STRING_data(x: *mut ::ASN1_STRING) -> *mut c_uchar; - pub fn CRYPTO_add_lock( - pointer: *mut c_int, - amount: c_int, - type_: c_int, - file: *const c_char, - line: c_int, - ) -> c_int; - pub fn EVP_MD_CTX_create() -> *mut EVP_MD_CTX; - pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX); - pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; - - pub fn sk_new_null() -> *mut _STACK; - pub fn sk_num(st: *const _STACK) -> c_int; - pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void; - pub fn sk_free(st: *mut _STACK); - pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int; - pub fn sk_pop_free(st: *mut _STACK, free: Option); - pub fn sk_pop(st: *mut _STACK) -> *mut c_void; - - pub fn SSLeay() -> c_ulong; - pub fn SSLeay_version(key: c_int) -> *const c_char; - - #[cfg(ossl102)] - pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; -} diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs deleted file mode 100644 index d1d7a34b..00000000 --- a/openssl-sys/src/ossl110.rs +++ /dev/null @@ -1,379 +0,0 @@ -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; -use std::ptr; -use std::sync::{Once, ONCE_INIT}; - -pub enum BIGNUM {} -pub enum BIO {} -pub enum BIO_METHOD {} -pub enum CRYPTO_EX_DATA {} -pub enum DH {} -pub enum DSA {} -pub enum ECDSA_SIG {} -pub enum EVP_CIPHER {} -pub enum EVP_MD_CTX {} -pub enum EVP_PKEY {} -pub enum HMAC_CTX {} -pub enum OPENSSL_STACK {} -pub enum PKCS12 {} -pub enum RSA {} -pub enum SSL {} -pub enum SSL_CTX {} -pub enum SSL_SESSION {} -pub enum stack_st_ASN1_OBJECT {} -pub enum stack_st_GENERAL_NAME {} -pub enum stack_st_OPENSSL_STRING {} -pub enum stack_st_void {} -pub enum stack_st_X509 {} -pub enum stack_st_X509_NAME {} -pub enum stack_st_X509_ATTRIBUTE {} -pub enum stack_st_X509_EXTENSION {} -pub enum stack_st_SSL_CIPHER {} -pub enum OPENSSL_INIT_SETTINGS {} -pub enum X509 {} -pub enum X509_ALGOR {} -pub enum X509_VERIFY_PARAM {} -pub enum X509_REQ {} - -pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; -pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; -#[cfg(ossl110g)] -pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; -#[cfg(ossl110g)] -pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; - -pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; -pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; -pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; -pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; -pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; -pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; -pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; -pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; -pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; -pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; - -pub const OPENSSL_VERSION: c_int = 0; -pub const OPENSSL_CFLAGS: c_int = 1; -pub const OPENSSL_BUILT_ON: c_int = 2; -pub const OPENSSL_PLATFORM: c_int = 3; -pub const OPENSSL_DIR: c_int = 4; - -pub const CRYPTO_EX_INDEX_SSL: c_int = 0; -pub const CRYPTO_EX_INDEX_SSL_CTX: c_int = 1; - -pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000; - -pub const X509_V_ERR_DANE_NO_MATCH: c_int = 65; -pub const X509_V_ERR_EE_KEY_TOO_SMALL: c_int = 66; -pub const X509_V_ERR_CA_KEY_TOO_SMALL: c_int = 67; -pub const X509_V_ERR_CA_MD_TOO_WEAK: c_int = 68; -pub const X509_V_ERR_INVALID_CALL: c_int = 69; -pub const X509_V_ERR_STORE_LOOKUP: c_int = 70; -pub const X509_V_ERR_NO_VALID_SCTS: c_int = 71; - -pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; - -pub fn init() { - // explicitly initialize to work around https://github.com/openssl/openssl/issues/3505 - static INIT: Once = ONCE_INIT; - - INIT.call_once(|| unsafe { - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, ptr::null_mut()); - }) -} - -pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { - ::SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_MIN_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { - ::SSL_CTX_ctrl( - ctx, - SSL_CTRL_SET_MAX_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int { - ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int { - ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} - -pub unsafe fn SSL_set_min_proto_version(s: *mut ::SSL, version: c_int) -> c_int { - ::SSL_ctrl( - s, - SSL_CTRL_SET_MIN_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int { - ::SSL_ctrl( - s, - SSL_CTRL_SET_MAX_PROTO_VERSION, - version as c_long, - ptr::null_mut(), - ) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int { - ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} - -#[cfg(ossl110g)] -pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int { - ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int -} - -extern "C" { - pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; - pub fn BIO_s_file() -> *const BIO_METHOD; - pub fn BIO_s_mem() -> *const BIO_METHOD; - - pub fn BN_get_rfc2409_prime_768(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc2409_prime_1024(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_1536(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_2048(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_3072(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_4096(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_6144(bn: *mut BIGNUM) -> *mut BIGNUM; - pub fn BN_get_rfc3526_prime_8192(bn: *mut BIGNUM) -> *mut BIGNUM; - - pub fn CRYPTO_malloc(num: size_t, file: *const c_char, line: c_int) -> *mut c_void; - pub fn CRYPTO_free(buf: *mut c_void, file: *const c_char, line: c_int); - - pub fn EVP_chacha20() -> *const ::EVP_CIPHER; - pub fn EVP_chacha20_poly1305() -> *const ::EVP_CIPHER; - - pub fn HMAC_CTX_new() -> *mut HMAC_CTX; - pub fn HMAC_CTX_free(ctx: *mut HMAC_CTX); - - pub fn OCSP_cert_to_id( - dgst: *const ::EVP_MD, - subject: *const ::X509, - issuer: *const ::X509, - ) -> *mut ::OCSP_CERTID; - - pub fn TLS_method() -> *const ::SSL_METHOD; - pub fn DTLS_method() -> *const ::SSL_METHOD; - pub fn SSL_CIPHER_get_version(cipher: *const ::SSL_CIPHER) -> *const c_char; - pub fn X509_get_subject_name(x: *const ::X509) -> *mut ::X509_NAME; - pub fn X509_get_issuer_name(x: *const ::X509) -> *mut ::X509_NAME; - pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; - pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; - pub fn X509_get_ext_d2i( - x: *const ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - pub fn X509_NAME_add_entry_by_NID( - x: *mut ::X509_NAME, - field: c_int, - ty: c_int, - bytes: *const c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - pub fn X509_get_signature_nid(x: *const X509) -> c_int; - pub fn X509_ALGOR_get0( - paobj: *mut *const ::ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *const c_void, - alg: *const ::X509_ALGOR, - ); - pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; - pub fn X509_NAME_ENTRY_get_data(ne: *const ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; - pub fn X509V3_EXT_nconf_nid( - conf: *mut ::CONF, - ctx: *mut ::X509V3_CTX, - ext_nid: c_int, - value: *const c_char, - ) -> *mut ::X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut ::CONF, - ctx: *mut ::X509V3_CTX, - name: *const c_char, - value: *const c_char, - ) -> *mut ::X509_EXTENSION; - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ::ASN1_STRING) -> c_int; - pub fn BN_is_negative(b: *const ::BIGNUM) -> c_int; - pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_PBE_scrypt( - pass: *const c_char, - passlen: size_t, - salt: *const c_uchar, - saltlen: size_t, - N: u64, - r: u64, - p: u64, - maxmem: u64, - key: *mut c_uchar, - keylen: size_t, - ) -> c_int; - pub fn DSA_get0_pqg( - d: *const ::DSA, - p: *mut *const ::BIGNUM, - q: *mut *const ::BIGNUM, - q: *mut *const ::BIGNUM, - ); - pub fn DSA_get0_key( - d: *const ::DSA, - pub_key: *mut *const ::BIGNUM, - priv_key: *mut *const ::BIGNUM, - ); - pub fn RSA_get0_key( - r: *const ::RSA, - n: *mut *const ::BIGNUM, - e: *mut *const ::BIGNUM, - d: *mut *const ::BIGNUM, - ); - pub fn RSA_get0_factors(r: *const ::RSA, p: *mut *const ::BIGNUM, q: *mut *const ::BIGNUM); - pub fn RSA_get0_crt_params( - r: *const ::RSA, - dmp1: *mut *const ::BIGNUM, - dmq1: *mut *const ::BIGNUM, - iqmp: *mut *const ::BIGNUM, - ); - pub fn RSA_set0_key( - r: *mut ::RSA, - n: *mut ::BIGNUM, - e: *mut ::BIGNUM, - d: *mut ::BIGNUM, - ) -> c_int; - pub fn RSA_set0_factors(r: *mut ::RSA, p: *mut ::BIGNUM, q: *mut ::BIGNUM) -> c_int; - pub fn RSA_set0_crt_params( - r: *mut ::RSA, - dmp1: *mut ::BIGNUM, - dmq1: *mut ::BIGNUM, - iqmp: *mut ::BIGNUM, - ) -> c_int; - pub fn ASN1_STRING_get0_data(x: *const ::ASN1_STRING) -> *const c_uchar; - pub fn OPENSSL_sk_num(stack: *const ::OPENSSL_STACK) -> c_int; - pub fn OPENSSL_sk_value(stack: *const ::OPENSSL_STACK, idx: c_int) -> *mut c_void; - pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong; - pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; - pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; - pub fn SSL_CTX_sess_set_get_cb( - ctx: *mut ::SSL_CTX, - get_session_cb: Option< - unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, - >, - ); - pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; - pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; - pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; - pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; - pub fn X509_get0_signature( - psig: *mut *const ::ASN1_BIT_STRING, - palg: *mut *const ::X509_ALGOR, - x: *const ::X509, - ); - pub fn DH_set0_pqg( - dh: *mut ::DH, - p: *mut ::BIGNUM, - q: *mut ::BIGNUM, - g: *mut ::BIGNUM, - ) -> c_int; - pub fn BIO_set_init(a: *mut ::BIO, init: c_int); - pub fn BIO_set_data(a: *mut ::BIO, data: *mut c_void); - pub fn BIO_get_data(a: *mut ::BIO) -> *mut c_void; - pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut ::BIO_METHOD; - pub fn BIO_meth_free(biom: *mut ::BIO_METHOD); - // FIXME should wrap in Option - pub fn BIO_meth_set_write( - biom: *mut ::BIO_METHOD, - write: unsafe extern "C" fn(*mut ::BIO, *const c_char, c_int) -> c_int, - ) -> c_int; - pub fn BIO_meth_set_read( - biom: *mut ::BIO_METHOD, - read: unsafe extern "C" fn(*mut ::BIO, *mut c_char, c_int) -> c_int, - ) -> c_int; - pub fn BIO_meth_set_puts( - biom: *mut ::BIO_METHOD, - read: unsafe extern "C" fn(*mut ::BIO, *const c_char) -> c_int, - ) -> c_int; - pub fn BIO_meth_set_ctrl( - biom: *mut ::BIO_METHOD, - read: unsafe extern "C" fn(*mut ::BIO, c_int, c_long, *mut c_void) -> c_long, - ) -> c_int; - pub fn BIO_meth_set_create( - biom: *mut ::BIO_METHOD, - create: unsafe extern "C" fn(*mut ::BIO) -> c_int, - ) -> c_int; - pub fn BIO_meth_set_destroy( - biom: *mut ::BIO_METHOD, - destroy: unsafe extern "C" fn(*mut ::BIO) -> c_int, - ) -> c_int; - pub fn CRYPTO_get_ex_new_index( - class_index: c_int, - argl: c_long, - argp: *mut c_void, - new_func: Option<::CRYPTO_EX_new>, - dup_func: Option<::CRYPTO_EX_dup>, - free_func: Option<::CRYPTO_EX_free>, - ) -> c_int; - pub fn X509_up_ref(x: *mut X509) -> c_int; - pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; - pub fn SSL_session_reused(ssl: *mut SSL) -> c_int; - pub fn SSL_SESSION_get_master_key( - session: *const SSL_SESSION, - out: *mut c_uchar, - outlen: size_t, - ) -> size_t; - pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; - pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; - pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; - pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX; - pub fn EVP_MD_CTX_free(ctx: *mut EVP_MD_CTX); - pub fn EVP_PKEY_bits(key: *const EVP_PKEY) -> c_int; - - pub fn OpenSSL_version_num() -> c_ulong; - pub fn OpenSSL_version(key: c_int) -> *const c_char; - pub fn OPENSSL_init_ssl(opts: u64, settings: *const OPENSSL_INIT_SETTINGS) -> c_int; - pub fn OPENSSL_sk_new_null() -> *mut ::OPENSSL_STACK; - pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK); - pub fn OPENSSL_sk_pop_free( - st: *mut ::OPENSSL_STACK, - free: Option, - ); - pub fn OPENSSL_sk_push(st: *mut ::OPENSSL_STACK, data: *const c_void) -> c_int; - pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void; - - pub fn PKCS12_create( - pass: *const c_char, - friendly_name: *const c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; - pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; - pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; - pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); - pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; - - pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int; - pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int; -} diff --git a/openssl-sys/src/ossl111.rs b/openssl-sys/src/ossl111.rs deleted file mode 100644 index 6d6f8d4f..00000000 --- a/openssl-sys/src/ossl111.rs +++ /dev/null @@ -1,84 +0,0 @@ -use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void}; - -pub type SSL_CTX_keylog_cb_func = - Option; - -pub type SSL_custom_ext_add_cb_ex = - Option c_int>; - -pub type SSL_custom_ext_free_cb_ex = - Option; - -pub type SSL_custom_ext_parse_cb_ex = - Option c_int>; - -pub const SSL_COOKIE_LENGTH: c_int = 4096; - -pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; - -pub const TLS1_3_VERSION: c_int = 0x304; - -pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; -/* This extension is only allowed in DTLS */ -pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002; -/* Some extensions may be allowed in DTLS but we don't implement them for it */ -pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004; -/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008; -/* Extension is only defined for TLS1.2 and below */ -pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010; -/* Extension is only defined for TLS1.3 and above */ -pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020; -/* Ignore this extension during parsing if we are resuming */ -pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040; -pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080; -/* Really means TLS1.2 or below */ -pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100; -pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200; -pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400; -pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800; -pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; -pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; -pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; - - -extern "C" { - pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); - pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint, - add_cb: SSL_custom_ext_add_cb_ex, - free_cb: SSL_custom_ext_free_cb_ex, - add_arg: *mut c_void, - parse_cb: SSL_custom_ext_parse_cb_ex, - parse_arg: *mut c_void) -> c_int; - pub fn SSL_stateless(s: *mut ::SSL) -> c_int; - pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD; - pub fn SSL_CTX_set_stateless_cookie_generate_cb( - s: *mut ::SSL_CTX, - cb: Option c_int> - ); - pub fn SSL_CTX_set_stateless_cookie_verify_cb( - s: *mut ::SSL_CTX, - cb: Option c_int> - ); -} -- cgit v1.2.3