From d991566f2b1b6803ad214fe6bf531d5870ab43fd Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sat, 19 May 2018 19:43:02 -0700
Subject: Support min/max version in LibreSSL

Their implementations of the accessors don't behave expected with no
bounds, so we ignore those bits of the tests.
---
 openssl-sys/src/lib.rs           | 27 +++++++-----
 openssl-sys/src/libressl/mod.rs  | 32 +++++++++------
 openssl-sys/src/libressl/v251.rs | 89 ++++++++++++++++++++++++++++++++++++++++
 openssl-sys/src/libressl/v25x.rs | 89 ----------------------------------------
 4 files changed, 126 insertions(+), 111 deletions(-)
 create mode 100644 openssl-sys/src/libressl/v251.rs
 delete mode 100644 openssl-sys/src/libressl/v25x.rs

(limited to 'openssl-sys/src')

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 61e087d0..e78c24f4 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -236,8 +236,10 @@ pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
 pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
 pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
 
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY
-    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX
+pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+    | EVP_PKEY_OP_VERIFY
+    | EVP_PKEY_OP_VERIFYRECOVER
+    | EVP_PKEY_OP_SIGNCTX
     | EVP_PKEY_OP_VERIFYCTX;
 
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
@@ -1259,21 +1261,23 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x, ossl101)))]
+#[cfg(not(any(libressl261, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(any(libressl, ossl110f, ossl111)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
 #[cfg(any(ossl110f, ossl111))]
-pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-    | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
+pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG
+    | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+    | SSL_OP_LEGACY_SERVER_CONNECT
+    | SSL_OP_TLSEXT_PADDING
     | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
@@ -1289,8 +1293,11 @@ pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
 pub const SSL_OP_NO_SSL_MASK: c_ulong =
     SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
 #[cfg(ossl111)]
-pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
-    | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2
+    | SSL_OP_NO_SSLv3
+    | SSL_OP_NO_TLSv1
+    | SSL_OP_NO_TLSv1_1
+    | SSL_OP_NO_TLSv1_2
     | SSL_OP_NO_TLSv1_3;
 
 pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs
index 366d9502..5ae205bc 100644
--- a/openssl-sys/src/libressl/mod.rs
+++ b/openssl-sys/src/libressl/mod.rs
@@ -1,19 +1,18 @@
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
 use std::mem;
 use std::ptr;
 use std::sync::{Mutex, MutexGuard};
 use std::sync::{Once, ONCE_INIT};
 
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 pub use libressl::v250::*;
-#[cfg(not(libressl250))]
-pub use libressl::v25x::*;
-
-use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
+#[cfg(libressl251)]
+pub use libressl::v251::*;
 
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 mod v250;
-#[cfg(not(libressl250))]
-mod v25x;
+#[cfg(libressl251)]
+mod v251;
 
 #[repr(C)]
 pub struct stack_st_ASN1_OBJECT {
@@ -337,9 +336,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_ALL: c_ulong = 0x4;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -352,9 +351,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
@@ -540,6 +539,15 @@ extern "C" {
             unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
         >,
     );
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+
     pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
diff --git a/openssl-sys/src/libressl/v251.rs b/openssl-sys/src/libressl/v251.rs
new file mode 100644
index 00000000..541b61db
--- /dev/null
+++ b/openssl-sys/src/libressl/v251.rs
@@ -0,0 +1,89 @@
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, time_t};
+
+use super::*;
+
+#[repr(C)]
+pub struct SSL {
+    version: c_int,
+    method: *const ::SSL_METHOD,
+    rbio: *mut ::BIO,
+    wbio: *mut ::BIO,
+    bbio: *mut ::BIO,
+    pub server: c_int,
+    s3: *mut c_void,
+    d1: *mut c_void,
+    param: *mut c_void,
+    cipher_list: *mut stack_st_SSL_CIPHER,
+    cert: *mut c_void,
+    sid_ctx_length: c_uint,
+    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
+    session: *mut ::SSL_SESSION,
+    verify_mode: c_int,
+    error: c_int,
+    error_code: c_int,
+    ctx: *mut ::SSL_CTX,
+    verify_result: c_long,
+    references: c_int,
+    client_version: c_int,
+    max_send_fragment: c_uint,
+    tlsext_hostname: *mut c_char,
+    tlsext_status_type: c_int,
+    initial_ctx: *mut ::SSL_CTX,
+    enc_read_ctx: *mut ::EVP_CIPHER_CTX,
+    read_hash: *mut EVP_MD_CTX,
+    internal: *mut c_void,
+}
+
+#[repr(C)]
+pub struct SSL_CTX {
+    method: *const ::SSL_METHOD,
+    cipher_list: *mut stack_st_SSL_CIPHER,
+    cert_store: *mut c_void,
+    session_timeout: c_long,
+    pub references: c_int,
+    extra_certs: *mut stack_st_X509,
+    verify_mode: c_int,
+    sid_ctx_length: c_uint,
+    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
+    param: *mut ::X509_VERIFY_PARAM,
+    default_passwd_callback: *mut c_void,
+    default_passwd_callback_userdata: *mut c_void,
+    internal: *mut c_void,
+}
+
+#[repr(C)]
+pub struct SSL_SESSION {
+    ssl_version: c_int,
+    pub master_key_length: c_int,
+    pub master_key: [c_uchar; 48],
+    session_id_length: c_uint,
+    session_id: [c_uchar; ::SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
+    sid_ctx_length: c_uint,
+    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
+    peer: *mut ::X509,
+    verify_result: c_long,
+    timeout: c_long,
+    time: time_t,
+    pub references: c_int,
+    cipher: *const ::SSL_CIPHER,
+    cipher_id: c_long,
+    ciphers: *mut stack_st_SSL_CIPHER,
+    tlsext_hostname: *mut c_char,
+    tlsext_tick: *mut c_uchar,
+    tlsext_ticklen: size_t,
+    tlsext_tick_lifetime_int: c_long,
+    internal: *mut c_void,
+}
+
+#[repr(C)]
+pub struct X509_VERIFY_PARAM {
+    pub name: *mut c_char,
+    pub check_time: time_t,
+    pub inh_flags: c_ulong,
+    pub flags: c_ulong,
+    pub purpose: c_int,
+    pub trust: c_int,
+    pub depth: c_int,
+    pub policies: *mut stack_st_ASN1_OBJECT,
+    id: *mut c_void,
+}
diff --git a/openssl-sys/src/libressl/v25x.rs b/openssl-sys/src/libressl/v25x.rs
deleted file mode 100644
index 7e7023ec..00000000
--- a/openssl-sys/src/libressl/v25x.rs
+++ /dev/null
@@ -1,89 +0,0 @@
-use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t};
-
-use super::*;
-
-#[repr(C)]
-pub struct SSL {
-    version: c_int,
-    method: *const ::SSL_METHOD,
-    rbio: *mut ::BIO,
-    wbio: *mut ::BIO,
-    bbio: *mut ::BIO,
-    pub server: c_int,
-    s3: *mut c_void,
-    d1: *mut c_void,
-    param: *mut c_void,
-    cipher_list: *mut stack_st_SSL_CIPHER,
-    cert: *mut c_void,
-    sid_ctx_length: c_uint,
-    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
-    session: *mut ::SSL_SESSION,
-    verify_mode: c_int,
-    error: c_int,
-    error_code: c_int,
-    ctx: *mut ::SSL_CTX,
-    verify_result: c_long,
-    references: c_int,
-    client_version: c_int,
-    max_send_fragment: c_uint,
-    tlsext_hostname: *mut c_char,
-    tlsext_status_type: c_int,
-    initial_ctx: *mut ::SSL_CTX,
-    enc_read_ctx: *mut ::EVP_CIPHER_CTX,
-    read_hash: *mut EVP_MD_CTX,
-    internal: *mut c_void,
-}
-
-#[repr(C)]
-pub struct SSL_CTX {
-    method: *const ::SSL_METHOD,
-    cipher_list: *mut stack_st_SSL_CIPHER,
-    cert_store: *mut c_void,
-    session_timeout: c_long,
-    pub references: c_int,
-    extra_certs: *mut stack_st_X509,
-    verify_mode: c_int,
-    sid_ctx_length: c_uint,
-    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
-    param: *mut ::X509_VERIFY_PARAM,
-    default_passwd_callback: *mut c_void,
-    default_passwd_callback_userdata: *mut c_void,
-    internal: *mut c_void,
-}
-
-#[repr(C)]
-pub struct SSL_SESSION {
-    ssl_version: c_int,
-    pub master_key_length: c_int,
-    pub master_key: [c_uchar; 48],
-    session_id_length: c_uint,
-    session_id: [c_uchar; ::SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
-    sid_ctx_length: c_uint,
-    sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
-    peer: *mut ::X509,
-    verify_result: c_long,
-    timeout: c_long,
-    time: time_t,
-    pub references: c_int,
-    cipher: *const ::SSL_CIPHER,
-    cipher_id: c_long,
-    ciphers: *mut stack_st_SSL_CIPHER,
-    tlsext_hostname: *mut c_char,
-    tlsext_tick: *mut c_uchar,
-    tlsext_ticklen: size_t,
-    tlsext_tick_lifetime_int: c_long,
-    internal: *mut c_void,
-}
-
-#[repr(C)]
-pub struct X509_VERIFY_PARAM {
-    pub name: *mut c_char,
-    pub check_time: time_t,
-    pub inh_flags: c_ulong,
-    pub flags: c_ulong,
-    pub purpose: c_int,
-    pub trust: c_int,
-    pub depth: c_int,
-    policies: *mut stack_st_ASN1_OBJECT,
-    id: *mut c_void,
-}
-- 
cgit v1.2.3