From b46574b63587dab26eb46aa8f45b2dc830053988 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 23:00:48 -0700 Subject: Add arbitrary X509 extensions by OID string --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9f2041a4..950ca42f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -603,6 +603,7 @@ extern "C" { pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; pub fn X509V3_EXT_conf_nid(conf: *mut c_void, ctx: *mut X509V3_CTX, ext_nid: c_int, value: *mut c_char) -> *mut X509_EXTENSION; + pub fn X509V3_EXT_conf(conf: *mut c_void, ctx: *mut X509V3_CTX, name: *mut c_char, value: *mut c_char) -> *mut X509_EXTENSION; pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int); pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *const *mut u8) -> c_int; -- cgit v1.2.3 From aeefa364b7fd386584d90040592ae9b4b3dc42b4 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 1 Jul 2015 21:49:11 -0700 Subject: Decouple C SSL Option bit flags from Rust version The OpenSSL "SSL_OP_*" flags are in constant flux between different OpenSSL versions. To avoid having to change the Rust definitions, we implement our own numbering system in Rust, and use an automatically-generated C shim to convert the bitflags at runtime. --- openssl-sys/src/lib.rs | 32 +++++++++++++++++++++++------ openssl-sys/src/ssl_options.rs | 46 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 openssl-sys/src/ssl_options.rs (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9f2041a4..08b2199d 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -155,6 +155,14 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1; pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2; pub const SSL_TLSEXT_ERR_NOACK: c_int = 3; +macro_rules! import_options { + ( $( $name:ident $val:expr )* ) => { + $( pub const $name: u64 = $val; )* + }; +} + +include!("ssl_options.rs"); + #[cfg(feature = "npn")] pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0; #[cfg(feature = "npn")] @@ -262,8 +270,23 @@ pub fn init() { } } +pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) +} + +pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl)) +} + +pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) +} + // True functions extern "C" { + fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long; + fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64; + pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int; pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; pub fn ASN1_TIME_free(tm: *mut ASN1_TIME); @@ -615,12 +638,9 @@ extern "C" { pub fn BIO_eof(b: *mut BIO) -> c_int; #[link_name = "BIO_set_mem_eof_return_shim"] pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int); - #[link_name = "SSL_CTX_set_options_shim"] - pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, options: c_long) -> c_long; - #[link_name = "SSL_CTX_get_options_shim"] - pub fn SSL_CTX_get_options(ctx: *mut SSL_CTX) -> c_long; - #[link_name = "SSL_CTX_clear_options_shim"] - pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, options: c_long) -> c_long; + pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; + pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long; + pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; #[link_name = "SSL_CTX_add_extra_chain_cert_shim"] pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; #[link_name = "SSL_CTX_set_read_ahead_shim"] diff --git a/openssl-sys/src/ssl_options.rs b/openssl-sys/src/ssl_options.rs new file mode 100644 index 00000000..a1c778ac --- /dev/null +++ b/openssl-sys/src/ssl_options.rs @@ -0,0 +1,46 @@ +import_options!{ +// The following values are directly from recent OpenSSL +SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001 +SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002 +SSL_OP_LEGACY_SERVER_CONNECT 0x00000004 +SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008 +SSL_OP_TLSEXT_PADDING 0x00000010 +SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020 +SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040 +SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080 +SSL_OP_TLS_D5_BUG 0x00000100 +SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200 +// unused: 0x00000400 +SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800 +SSL_OP_NO_QUERY_MTU 0x00001000 +SSL_OP_COOKIE_EXCHANGE 0x00002000 +SSL_OP_NO_TICKET 0x00004000 +SSL_OP_CISCO_ANYCONNECT 0x00008000 +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000 +SSL_OP_NO_COMPRESSION 0x00020000 +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000 +SSL_OP_SINGLE_ECDH_USE 0x00080000 +SSL_OP_SINGLE_DH_USE 0x00100000 +// unused: 0x00200000 +SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000 +SSL_OP_TLS_ROLLBACK_BUG 0x00800000 +SSL_OP_NO_SSLv2 0x01000000 +SSL_OP_NO_SSLv3 0x02000000 +SSL_OP_NO_DTLSv1 0x04000000 +SSL_OP_NO_TLSv1 0x04000000 +SSL_OP_NO_DTLSv1_2 0x08000000 +SSL_OP_NO_TLSv1_2 0x08000000 +SSL_OP_NO_TLSv1_1 0x10000000 +SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000 +SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000 +SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000 + +// The following values were in 32-bit range in old OpenSSL +SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x100000000 +SSL_OP_MSIE_SSLV2_RSA_PADDING 0x200000000 +SSL_OP_PKCS1_CHECK_1 0x400000000 +SSL_OP_PKCS1_CHECK_2 0x800000000 + +// The following values were redefined to 0 for security reasons +SSL_OP_EPHEMERAL_RSA 0x0 +} -- cgit v1.2.3 From 90dd54b541cb632ca450e68c88c9f36068a559d5 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 8 Jul 2015 13:37:35 -0700 Subject: Implement certificate extensions for certificate requests --- openssl-sys/src/lib.rs | 6 ++++++ openssl-sys/src/openssl_shim.c | 4 ++++ 2 files changed, 10 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5317ff20..f9a60941 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -37,6 +37,7 @@ pub type X509_NAME = c_void; pub type X509_NAME_ENTRY = c_void; pub type X509_REQ = c_void; pub type X509_STORE_CTX = c_void; +pub type stack_st_X509_EXTENSION = c_void; #[repr(C)] pub struct EVP_MD_CTX { @@ -629,6 +630,9 @@ extern "C" { pub fn X509V3_EXT_conf(conf: *mut c_void, ctx: *mut X509V3_CTX, name: *mut c_char, value: *mut c_char) -> *mut X509_EXTENSION; pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int); + pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int; + pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; + pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *const *mut u8) -> c_int; pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int; @@ -648,6 +652,8 @@ extern "C" { pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long; #[link_name = "SSL_set_tlsext_host_name_shim"] pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long; + #[link_name = "X509_get_extensions_shim"] + pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION; } pub mod probe; diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c index 7b4f9c74..f0622d2d 100644 --- a/openssl-sys/src/openssl_shim.c +++ b/openssl-sys/src/openssl_shim.c @@ -82,3 +82,7 @@ long SSL_CTX_set_read_ahead_shim(SSL_CTX *ctx, long m) { long SSL_set_tlsext_host_name_shim(SSL *s, char *name) { return SSL_set_tlsext_host_name(s, name); } + +STACK_OF(X509_EXTENSION) *X509_get_extensions_shim(X509 *x) { + return x->cert_info ? x->cert_info->extensions : NULL; +} -- cgit v1.2.3 From b478c29151b7818dcf5b789408e76c379df1c9b1 Mon Sep 17 00:00:00 2001 From: Allen Welkie Date: Wed, 15 Jul 2015 20:45:18 -0400 Subject: Added AES CTR-mode under feature flag. --- openssl-sys/src/lib.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5317ff20..556f3c8d 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -397,13 +397,15 @@ extern "C" { pub fn EVP_aes_128_ecb() -> *const EVP_CIPHER; #[cfg(feature = "aes_xts")] pub fn EVP_aes_128_xts() -> *const EVP_CIPHER; - // fn EVP_aes_128_ctr() -> EVP_CIPHER; + #[cfg(feature = "aes_ctr")] + pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; // fn EVP_aes_128_gcm() -> EVP_CIPHER; pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER; #[cfg(feature = "aes_xts")] pub fn EVP_aes_256_xts() -> *const EVP_CIPHER; - // fn EVP_aes_256_ctr() -> EVP_CIPHER; + #[cfg(feature = "aes_ctr")] + pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; // fn EVP_aes_256_gcm() -> EVP_CIPHER; pub fn EVP_rc4() -> *const EVP_CIPHER; -- cgit v1.2.3 From a43011d77c26b0a371565ffe284611091cfd1de3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Sat, 18 Jul 2015 12:48:40 +0200 Subject: Fix probelms with DTLS when no packets are pending. When using DTLS you might run into the situation where no packets are pending, so SSL_read returns len=0. On a TLS connection this means that the connection was closed, but on DTLS it does not (a DTLS connection cannot be closed in the usual sense). This commit fixes a bug introduced by c8d23f3. Conflicts: openssl/src/ssl/mod.rs --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5317ff20..a76b5e95 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -525,6 +525,7 @@ extern "C" { pub fn SSL_get_SSL_CTX(ssl: *mut SSL) -> *mut SSL_CTX; pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; + pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; -- cgit v1.2.3 From ab7bfad225c36bc29c3513fb8c2b5b97743dfe3e Mon Sep 17 00:00:00 2001 From: Andrew Dunham Date: Sun, 19 Jul 2015 00:11:07 -0700 Subject: Add function to write RSA public key as PEM --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5317ff20..7ff600c3 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -468,6 +468,7 @@ extern "C" { kstr: *mut c_char, klen: c_int, callback: Option, user_data: *mut c_void) -> c_int; + pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; -- cgit v1.2.3 From 3fe3d57976664c76212ac9b8abcf876baeb3d1f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Sch=C3=B6lling?= Date: Fri, 14 Aug 2015 20:16:10 +0200 Subject: Add get_state_string() --- openssl-sys/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 55ec30bb..f901a454 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -529,6 +529,8 @@ extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; + pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; -- cgit v1.2.3 From 8067565707d69c67b4815113764d26d820ae2bbf Mon Sep 17 00:00:00 2001 From: Edward Barnard Date: Mon, 3 Aug 2015 18:22:07 +0100 Subject: Expose EVP_BytesToKey This is based on work by pyrho. Closes #88 --- openssl-sys/src/lib.rs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 55ec30bb..e5efbdfa 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -128,6 +128,8 @@ pub const MBSTRING_UTF8: c_int = MBSTRING_FLAG; pub const NID_ext_key_usage: c_int = 126; pub const NID_key_usage: c_int = 83; +pub const PKCS5_SALT_LEN: c_int = 8; + pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; @@ -409,6 +411,10 @@ extern "C" { // fn EVP_aes_256_gcm() -> EVP_CIPHER; pub fn EVP_rc4() -> *const EVP_CIPHER; + pub fn EVP_BytesToKey(typ: *const EVP_CIPHER, md: *const EVP_MD, + salt: *const u8, data: *const u8, datalen: c_int, + count: c_int, key: *mut u8, iv: *mut u8) -> c_int; + pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX; pub fn EVP_CIPHER_CTX_set_padding(ctx: *mut EVP_CIPHER_CTX, padding: c_int) -> c_int; pub fn EVP_CIPHER_CTX_free(ctx: *mut EVP_CIPHER_CTX); -- cgit v1.2.3 From 7b0b70bd13f43a66d1e58e58e8d5707814262ef9 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 31 Aug 2015 19:10:27 -0700 Subject: Release v0.6.5 --- openssl-sys/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b3025be1..0e0ef8a5 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.4")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.5")] extern crate libc; -- cgit v1.2.3