From d5d414b16fe13d65938acd6c601445e1b3e02b55 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 03:23:30 -0700 Subject: Expose max TLS1.3 early data accessors --- openssl-sys/src/openssl/v111.rs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index 8574efc8..e284ff98 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -82,4 +82,11 @@ extern "C" { cookie_len: size_t ) -> c_int> ); + + pub fn SSL_CTX_set_max_early_data(ctx: *mut ::SSL_CTX, max_early_data: u32) -> c_int; + pub fn SSL_CTX_get_max_early_data(ctx: *const ::SSL_CTX) -> u32; + pub fn SSL_set_max_early_data(ctx: *mut ::SSL, max_early_data: u32) -> c_int; + pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; + pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; + pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; } -- cgit v1.2.3 From 69c75a178bbc70dd10d0d69ac8bf9e842cf4ff1f Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 13:16:41 -0700 Subject: Expose early keying material export --- openssl-sys/src/openssl/v111.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index e284ff98..4a3f9560 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -89,4 +89,14 @@ extern "C" { pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; + + pub fn SSL_export_keying_material_early( + s: *mut ::SSL, + out: *mut c_uchar, + olen: size_t, + label: *const c_char, + llen: size_t, + context: *const c_uchar, + contextlen: size_t, + ) -> c_int; } -- cgit v1.2.3 From d991566f2b1b6803ad214fe6bf531d5870ab43fd Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 19 May 2018 19:43:02 -0700 Subject: Support min/max version in LibreSSL Their implementations of the accessors don't behave expected with no bounds, so we ignore those bits of the tests. --- openssl-sys/src/lib.rs | 27 +++++++----- openssl-sys/src/libressl/mod.rs | 32 +++++++++------ openssl-sys/src/libressl/v251.rs | 89 ++++++++++++++++++++++++++++++++++++++++ openssl-sys/src/libressl/v25x.rs | 89 ---------------------------------------- 4 files changed, 126 insertions(+), 111 deletions(-) create mode 100644 openssl-sys/src/libressl/v251.rs delete mode 100644 openssl-sys/src/libressl/v25x.rs (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 61e087d0..e78c24f4 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -236,8 +236,10 @@ pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; -pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY - | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX +pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN + | EVP_PKEY_OP_VERIFY + | EVP_PKEY_OP_VERIFYRECOVER + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX; pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT; @@ -1259,21 +1261,23 @@ pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x, ossl101)))] +#[cfg(not(any(libressl261, ossl101)))] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; #[cfg(not(any(libressl, ossl110f, ossl111)))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; #[cfg(any(ossl110f, ossl111))] -pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING +pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_LEGACY_SERVER_CONNECT + | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; @@ -1289,8 +1293,11 @@ pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; #[cfg(ossl111)] -pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 - | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 +pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 + | SSL_OP_NO_SSLv3 + | SSL_OP_NO_TLSv1 + | SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3; pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM; diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index 366d9502..5ae205bc 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -1,19 +1,18 @@ +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; use std::mem; use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; -#[cfg(libressl250)] +#[cfg(not(libressl251))] pub use libressl::v250::*; -#[cfg(not(libressl250))] -pub use libressl::v25x::*; - -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; +#[cfg(libressl251)] +pub use libressl::v251::*; -#[cfg(libressl250)] +#[cfg(not(libressl251))] mod v250; -#[cfg(not(libressl250))] -mod v25x; +#[cfg(libressl251)] +mod v251; #[repr(C)] pub struct stack_st_ASN1_OBJECT { @@ -337,9 +336,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_ALL: c_ulong = 0x4; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_ALL: c_ulong = 0x80000014; pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; @@ -352,9 +351,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; -#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))] +#[cfg(libressl261)] pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; -#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))] +#[cfg(not(libressl261))] pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; @@ -540,6 +539,15 @@ extern "C" { unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, >, ); + #[cfg(libressl261)] + pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + #[cfg(libressl261)] + pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int; + #[cfg(libressl270)] + pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int; + #[cfg(libressl270)] + pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int; + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; diff --git a/openssl-sys/src/libressl/v251.rs b/openssl-sys/src/libressl/v251.rs new file mode 100644 index 00000000..541b61db --- /dev/null +++ b/openssl-sys/src/libressl/v251.rs @@ -0,0 +1,89 @@ +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, time_t}; + +use super::*; + +#[repr(C)] +pub struct SSL { + version: c_int, + method: *const ::SSL_METHOD, + rbio: *mut ::BIO, + wbio: *mut ::BIO, + bbio: *mut ::BIO, + pub server: c_int, + s3: *mut c_void, + d1: *mut c_void, + param: *mut c_void, + cipher_list: *mut stack_st_SSL_CIPHER, + cert: *mut c_void, + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], + session: *mut ::SSL_SESSION, + verify_mode: c_int, + error: c_int, + error_code: c_int, + ctx: *mut ::SSL_CTX, + verify_result: c_long, + references: c_int, + client_version: c_int, + max_send_fragment: c_uint, + tlsext_hostname: *mut c_char, + tlsext_status_type: c_int, + initial_ctx: *mut ::SSL_CTX, + enc_read_ctx: *mut ::EVP_CIPHER_CTX, + read_hash: *mut EVP_MD_CTX, + internal: *mut c_void, +} + +#[repr(C)] +pub struct SSL_CTX { + method: *const ::SSL_METHOD, + cipher_list: *mut stack_st_SSL_CIPHER, + cert_store: *mut c_void, + session_timeout: c_long, + pub references: c_int, + extra_certs: *mut stack_st_X509, + verify_mode: c_int, + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], + param: *mut ::X509_VERIFY_PARAM, + default_passwd_callback: *mut c_void, + default_passwd_callback_userdata: *mut c_void, + internal: *mut c_void, +} + +#[repr(C)] +pub struct SSL_SESSION { + ssl_version: c_int, + pub master_key_length: c_int, + pub master_key: [c_uchar; 48], + session_id_length: c_uint, + session_id: [c_uchar; ::SSL_MAX_SSL_SESSION_ID_LENGTH as usize], + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], + peer: *mut ::X509, + verify_result: c_long, + timeout: c_long, + time: time_t, + pub references: c_int, + cipher: *const ::SSL_CIPHER, + cipher_id: c_long, + ciphers: *mut stack_st_SSL_CIPHER, + tlsext_hostname: *mut c_char, + tlsext_tick: *mut c_uchar, + tlsext_ticklen: size_t, + tlsext_tick_lifetime_int: c_long, + internal: *mut c_void, +} + +#[repr(C)] +pub struct X509_VERIFY_PARAM { + pub name: *mut c_char, + pub check_time: time_t, + pub inh_flags: c_ulong, + pub flags: c_ulong, + pub purpose: c_int, + pub trust: c_int, + pub depth: c_int, + pub policies: *mut stack_st_ASN1_OBJECT, + id: *mut c_void, +} diff --git a/openssl-sys/src/libressl/v25x.rs b/openssl-sys/src/libressl/v25x.rs deleted file mode 100644 index 7e7023ec..00000000 --- a/openssl-sys/src/libressl/v25x.rs +++ /dev/null @@ -1,89 +0,0 @@ -use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t}; - -use super::*; - -#[repr(C)] -pub struct SSL { - version: c_int, - method: *const ::SSL_METHOD, - rbio: *mut ::BIO, - wbio: *mut ::BIO, - bbio: *mut ::BIO, - pub server: c_int, - s3: *mut c_void, - d1: *mut c_void, - param: *mut c_void, - cipher_list: *mut stack_st_SSL_CIPHER, - cert: *mut c_void, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], - session: *mut ::SSL_SESSION, - verify_mode: c_int, - error: c_int, - error_code: c_int, - ctx: *mut ::SSL_CTX, - verify_result: c_long, - references: c_int, - client_version: c_int, - max_send_fragment: c_uint, - tlsext_hostname: *mut c_char, - tlsext_status_type: c_int, - initial_ctx: *mut ::SSL_CTX, - enc_read_ctx: *mut ::EVP_CIPHER_CTX, - read_hash: *mut EVP_MD_CTX, - internal: *mut c_void, -} - -#[repr(C)] -pub struct SSL_CTX { - method: *const ::SSL_METHOD, - cipher_list: *mut stack_st_SSL_CIPHER, - cert_store: *mut c_void, - session_timeout: c_long, - pub references: c_int, - extra_certs: *mut stack_st_X509, - verify_mode: c_int, - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], - param: *mut ::X509_VERIFY_PARAM, - default_passwd_callback: *mut c_void, - default_passwd_callback_userdata: *mut c_void, - internal: *mut c_void, -} - -#[repr(C)] -pub struct SSL_SESSION { - ssl_version: c_int, - pub master_key_length: c_int, - pub master_key: [c_uchar; 48], - session_id_length: c_uint, - session_id: [c_uchar; ::SSL_MAX_SSL_SESSION_ID_LENGTH as usize], - sid_ctx_length: c_uint, - sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize], - peer: *mut ::X509, - verify_result: c_long, - timeout: c_long, - time: time_t, - pub references: c_int, - cipher: *const ::SSL_CIPHER, - cipher_id: c_long, - ciphers: *mut stack_st_SSL_CIPHER, - tlsext_hostname: *mut c_char, - tlsext_tick: *mut c_uchar, - tlsext_ticklen: size_t, - tlsext_tick_lifetime_int: c_long, - internal: *mut c_void, -} - -#[repr(C)] -pub struct X509_VERIFY_PARAM { - pub name: *mut c_char, - pub check_time: time_t, - pub inh_flags: c_ulong, - pub flags: c_ulong, - pub purpose: c_int, - pub trust: c_int, - pub depth: c_int, - policies: *mut stack_st_ASN1_OBJECT, - id: *mut c_void, -} -- cgit v1.2.3 From 862d78416118cf8854feab92cd0ddb826e83199a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 19 May 2018 21:09:04 -0700 Subject: Clean up openssl-sys cfgs --- openssl-sys/src/lib.rs | 82 ++++++++++++++++++++--------------------- openssl-sys/src/openssl/mod.rs | 12 +++--- openssl-sys/src/openssl/v10x.rs | 15 +++----- 3 files changed, 53 insertions(+), 56 deletions(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index e78c24f4..dca9d31f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1261,7 +1261,7 @@ pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; -#[cfg(not(any(libressl261, ossl101)))] +#[cfg(any(ossl102, all(libressl, not(libressl261))))] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; #[cfg(libressl261)] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; @@ -1271,9 +1271,9 @@ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; #[cfg(libressl261)] pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; -#[cfg(not(any(libressl, ossl110f, ossl111)))] +#[cfg(not(any(libressl, ossl110f)))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; -#[cfg(any(ossl110f, ossl111))] +#[cfg(ossl110f)] pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT @@ -1289,7 +1289,7 @@ pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; -#[cfg(not(any(ossl101, libressl, ossl111)))] +#[cfg(all(ossl102, not(ossl111)))] pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; #[cfg(ossl111)] @@ -1393,35 +1393,35 @@ pub const X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: c_int = 52; pub const X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: c_int = 53; pub const X509_V_ERR_CRL_PATH_VALIDATION_ERROR: c_int = 54; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_VERSION: c_int = 56; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_ALGORITHM: c_int = 57; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_CURVE: c_int = 58; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: c_int = 59; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: c_int = 60; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: c_int = 61; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_HOSTNAME_MISMATCH: c_int = 62; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; pub const GEN_OTHERNAME: c_int = 0; @@ -1526,7 +1526,7 @@ pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) - SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void) } -#[cfg(not(any(ossl101, libressl)))] +#[cfg(ossl102)] pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void) } @@ -1641,9 +1641,9 @@ extern "C" { pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; - #[cfg(any(ossl101, libressl))] + #[cfg(not(ossl102))] pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; pub fn BIO_set_flags(b: *mut BIO, flags: c_int); pub fn BIO_clear_flags(b: *mut BIO, flags: c_int); @@ -1774,11 +1774,11 @@ extern "C" { pub fn DH_new() -> *mut DH; pub fn DH_free(dh: *mut DH); - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn DH_get_1024_160() -> *mut DH; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn DH_get_2048_224() -> *mut DH; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn DH_get_2048_256() -> *mut DH; pub fn EC_KEY_new() -> *mut EC_KEY; @@ -2036,13 +2036,13 @@ extern "C" { e: *mut ENGINE, pkey: *mut EVP_PKEY, ) -> c_int; - #[cfg(any(ossl101, libressl))] + #[cfg(not(ossl102))] pub fn EVP_DigestVerifyFinal( ctx: *mut EVP_MD_CTX, sigret: *mut c_uchar, siglen: size_t, ) -> c_int; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn EVP_DigestVerifyFinal( ctx: *mut EVP_MD_CTX, sigret: *const c_uchar, @@ -2446,14 +2446,14 @@ extern "C" { pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char; pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long; pub fn SSL_shutdown(ssl: *mut SSL) -> c_int; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; - #[cfg(any(ossl101, libressl))] + #[cfg(not(ossl102))] pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; pub fn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME; pub fn SSL_set_tmp_dh_callback( @@ -2546,9 +2546,9 @@ extern "C" { remove_session_cb: Option, ); - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY; pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; @@ -2599,9 +2599,9 @@ extern "C" { ); pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION; pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; - #[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))] + #[cfg(all(ossl102, not(ossl110f)))] pub fn SSL_is_server(s: *mut SSL) -> c_int; - #[cfg(any(ossl110f, ossl111))] + #[cfg(ossl110f)] pub fn SSL_is_server(s: *const SSL) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); @@ -2614,14 +2614,14 @@ extern "C" { ) -> *mut SSL_SESSION; pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; // FIXME should take an Option - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn SSL_CTX_set_alpn_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( @@ -2634,7 +2634,7 @@ extern "C" { ) -> c_int, arg: *mut c_void, ); - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; @@ -2726,17 +2726,17 @@ extern "C" { pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t, ) -> c_int; - #[cfg(not(any(ossl101, libressl)))] + #[cfg(ossl102)] pub fn X509_VERIFY_PARAM_set1_ip( param: *mut X509_VERIFY_PARAM, ip: *const c_uchar, diff --git a/openssl-sys/src/openssl/mod.rs b/openssl-sys/src/openssl/mod.rs index a1e4a345..b65b6129 100644 --- a/openssl-sys/src/openssl/mod.rs +++ b/openssl-sys/src/openssl/mod.rs @@ -1,8 +1,8 @@ use libc::{c_int, c_long, c_uchar, c_uint, c_ulong}; -#[cfg(any(ossl101, ossl102))] +#[cfg(not(ossl110))] mod v10x; -#[cfg(any(ossl101, ossl102))] +#[cfg(not(ossl110))] pub use openssl::v10x::*; #[cfg(ossl110)] @@ -15,7 +15,7 @@ mod v111; #[cfg(ossl111)] pub use openssl::v111::*; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; @@ -28,9 +28,9 @@ pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; pub const X509_V_ERR_UNSPECIFIED: c_int = 1; @@ -55,7 +55,7 @@ pub const CMS_PARTIAL: c_uint = 0x4000; pub const CMS_REUSE_DIGEST: c_uint = 0x8000; pub const CMS_USE_KEYID: c_uint = 0x10000; pub const CMS_DEBUG_DECRYPT: c_uint = 0x20000; -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub const CMS_KEY_PARAM: c_uint = 0x40000; extern "C" { diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs index 6a4d4346..8ee9c58f 100644 --- a/openssl-sys/src/openssl/v10x.rs +++ b/openssl-sys/src/openssl/v10x.rs @@ -5,7 +5,7 @@ use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; -#[cfg(not(ossl101))] +#[cfg(ossl102)] use libc::time_t; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; @@ -573,9 +573,6 @@ pub struct SSL_CTX { #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] srtp_profiles: *mut c_void, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - srtp_profiles: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] @@ -669,7 +666,7 @@ pub struct SRP_CTX { } #[repr(C)] -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub struct X509_VERIFY_PARAM { pub name: *mut c_char, pub check_time: time_t, @@ -682,7 +679,7 @@ pub struct X509_VERIFY_PARAM { pub id: *mut X509_VERIFY_PARAM_ID, } -#[cfg(not(ossl101))] +#[cfg(ossl102)] pub enum X509_VERIFY_PARAM_ID {} pub enum PKCS12 {} @@ -925,15 +922,15 @@ extern "C" { loc: c_int, set: c_int, ) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_get0_signature( psig: *mut *mut ::ASN1_BIT_STRING, palg: *mut *mut ::X509_ALGOR, x: *const ::X509, ); - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_get_signature_nid(x: *const X509) -> c_int; - #[cfg(not(ossl101))] + #[cfg(ossl102)] pub fn X509_ALGOR_get0( paobj: *mut *mut ::ASN1_OBJECT, pptype: *mut c_int, -- cgit v1.2.3 From 9df403043b75e407305f7003636dbe1c55f7d245 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 20 May 2018 09:23:21 -0700 Subject: Expose X509_VERIFY_PARAM on libressl --- openssl-sys/src/lib.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index dca9d31f..8d0790ea 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2446,7 +2446,7 @@ extern "C" { pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char; pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long; pub fn SSL_shutdown(ssl: *mut SSL) -> c_int; @@ -2726,17 +2726,17 @@ extern "C" { pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t, ) -> c_int; - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_ip( param: *mut X509_VERIFY_PARAM, ip: *const c_uchar, -- cgit v1.2.3 From a6fcef01c0aa71359f583342c813b8db5835178d Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 20 May 2018 11:27:45 -0700 Subject: Overhaul openssl cfgs Also expose hostname verification on libressl --- openssl-sys/src/lib.rs | 10 +++++----- openssl-sys/src/libressl/mod.rs | 22 ++++++++++++++++++++++ openssl-sys/src/openssl/v10x.rs | 22 ++++++++++++++++++++++ 3 files changed, 49 insertions(+), 5 deletions(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 8d0790ea..0f6a4483 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1413,15 +1413,15 @@ pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63; #[cfg(ossl102)] pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; -#[cfg(ossl102)] +#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; -#[cfg(ossl102)] +#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; -#[cfg(ossl102)] +#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; -#[cfg(ossl102)] +#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; -#[cfg(ossl102)] +#[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; pub const GEN_OTHERNAME: c_int = 0; diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index 5ae205bc..0080fc7d 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -447,6 +447,28 @@ pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int { ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int } +pub unsafe fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong { + ::SSL_CTX_ctrl(ctx as *mut _, ::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong +} + +pub unsafe fn SSL_CTX_set_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + +pub unsafe fn SSL_CTX_clear_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_CLEAR_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + extern "C" { pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; pub fn BIO_s_file() -> *mut BIO_METHOD; diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs index 8ee9c58f..c22bb7fc 100644 --- a/openssl-sys/src/openssl/v10x.rs +++ b/openssl-sys/src/openssl/v10x.rs @@ -807,6 +807,28 @@ pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int { ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int } +pub unsafe fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong { + ::SSL_CTX_ctrl(ctx as *mut _, ::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong +} + +pub unsafe fn SSL_CTX_set_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + +pub unsafe fn SSL_CTX_clear_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong { + ::SSL_CTX_ctrl( + ctx as *mut _, + ::SSL_CTRL_CLEAR_OPTIONS, + op as c_long, + ptr::null_mut(), + ) as c_ulong +} + extern "C" { pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; pub fn BIO_s_file() -> *mut BIO_METHOD; -- cgit v1.2.3 From 4c1fdf1d81e20ee2130e883bb9065af0d1d4de2a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 20 May 2018 12:52:49 -0700 Subject: Support ALPN on libressl Closes #690 --- openssl-sys/src/lib.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 0f6a4483..04a50855 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2614,14 +2614,14 @@ extern "C" { ) -> *mut SSL_SESSION; pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int; - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int; // FIXME should take an Option - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn SSL_CTX_set_alpn_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( @@ -2634,7 +2634,7 @@ extern "C" { ) -> c_int, arg: *mut c_void, ); - #[cfg(ossl102)] + #[cfg(any(ossl102, libressl261))] pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint); pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; -- cgit v1.2.3 From 2e478fdcf47bcb69a098bd6c3ab6227b53d45a24 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 15:17:40 -0700 Subject: Expose early I/O --- openssl-sys/src/lib.rs | 3 +++ openssl-sys/src/openssl/v111.rs | 6 ++++++ 2 files changed, 9 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 61e087d0..a48f6a85 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2832,4 +2832,7 @@ extern "C" { pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER; + + pub fn SSL_set_connect_state(s: *mut SSL); + pub fn SSL_set_accept_state(s: *mut SSL); } diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index 4a3f9560..36682663 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -55,6 +55,9 @@ pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; +pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0; +pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1; +pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2; extern "C" { pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); @@ -99,4 +102,7 @@ extern "C" { context: *const c_uchar, contextlen: size_t, ) -> c_int; + + pub fn SSL_write_early_data(s: *mut ::SSL, buf: *const c_void, num: size_t, written: *mut size_t) -> c_int; + pub fn SSL_read_early_data(s: *mut ::SSL, buf: *mut c_void, num: size_t, readbytes: *mut size_t) -> c_int; } -- cgit v1.2.3 From c0876cc8c65cf61d99006ce5e502a9a2d1acd70b Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 24 May 2018 20:00:28 -0700 Subject: Add bindings to SSL_get_finished and SSL_get_peer_finished These are used for the tls-unique SCRAM channel binding mode. --- openssl-sys/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index bc8f44e1..fda47fd0 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2603,6 +2603,8 @@ extern "C" { pub fn SSL_is_server(s: *mut SSL) -> c_int; #[cfg(ossl110f)] pub fn SSL_is_server(s: *const SSL) -> c_int; + pub fn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t; + pub fn SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar; -- cgit v1.2.3 From 772e1c003f57cdbc6258580cb2059999aa51b4f2 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 24 May 2018 21:06:11 -0700 Subject: Add some digest support --- openssl-sys/src/lib.rs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index fda47fd0..e7bd046e 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1453,6 +1453,10 @@ pub unsafe fn BIO_set_retry_write(b: *mut BIO) { BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY) } +pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD { + EVP_get_digestbyname(OBJ_nid2sn(type_)) +} + // EVP_PKEY_CTX_ctrl macros pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { EVP_PKEY_CTX_ctrl( @@ -2103,6 +2107,8 @@ extern "C" { no_name: c_int, ) -> c_int; pub fn OBJ_nid2sn(nid: c_int) -> *const c_char; + pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int) + -> c_int; pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP; pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); @@ -2840,6 +2846,7 @@ extern "C" { ); pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; + pub fn EVP_get_digestbyname(name: *const c_char) -> *const EVP_MD; pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER; pub fn SSL_set_connect_state(s: *mut SSL); -- cgit v1.2.3 From b8de619fbe20dd08849c5364a222d5bc117d9072 Mon Sep 17 00:00:00 2001 From: Marco Huenseler Date: Thu, 24 May 2018 12:01:47 +0200 Subject: Get Nid string representations --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index e7bd046e..f2a77cab 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2106,6 +2106,7 @@ extern "C" { a: *const ASN1_OBJECT, no_name: c_int, ) -> c_int; + pub fn OBJ_nid2ln(nid: c_int) -> *const c_char; pub fn OBJ_nid2sn(nid: c_int) -> *const c_char; pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int) -> c_int; -- cgit v1.2.3 From 3456add537d03aef8a5becc9cbaa77910a1ecb3f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 29 May 2018 21:53:22 -0700 Subject: Add SslRef::verified_chain --- openssl-sys/src/openssl/v110.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/openssl/v110.rs b/openssl-sys/src/openssl/v110.rs index 4f1aa1c1..47d2bee4 100644 --- a/openssl-sys/src/openssl/v110.rs +++ b/openssl-sys/src/openssl/v110.rs @@ -280,6 +280,7 @@ extern "C" { ); pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; + pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509; pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_get0_signature( -- cgit v1.2.3 From fb1b9b414084aac35611bc2149bde0ae1175090a Mon Sep 17 00:00:00 2001 From: Axel Rasmussen Date: Wed, 30 May 2018 18:30:51 -0700 Subject: Add an openssl-sys binding for RSA_padding_check_PKCS1_type_2. This padding check implementation is useful for certain types of RSA decryption, notably the type performed by Yubico's PIV library. --- openssl-sys/src/lib.rs | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'openssl-sys/src') diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index f2a77cab..aaeb9713 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2365,6 +2365,14 @@ extern "C" { k: *mut RSA, ) -> c_int; + pub fn RSA_padding_check_PKCS1_type_2( + to: *mut c_uchar, + tlen: c_int, + f: *const c_uchar, + fl: c_int, + rsa_len: c_int, + ) -> c_int; + pub fn DSA_new() -> *mut DSA; pub fn DSA_free(dsa: *mut DSA); pub fn DSA_size(dsa: *const DSA) -> c_int; -- cgit v1.2.3