diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5da4e6c91..c2d096d22 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -147,6 +147,9 @@ jobs: library: - name: openssl version: vendored + - name: openssl + version: 3.0.0-beta1 + dl-path: / - name: openssl version: 1.1.1k dl-path: / diff --git a/openssl-errors/Cargo.toml b/openssl-errors/Cargo.toml index 45181ddca..d0714fd5a 100644 --- a/openssl-errors/Cargo.toml +++ b/openssl-errors/Cargo.toml @@ -10,6 +10,7 @@ readme = "README.md" categories = ["api-bindings"] [dependencies] +cfg-if = "0.1" libc = "0.2" openssl-sys = { version = "0.9.42", path = "../openssl-sys" } diff --git a/openssl-errors/build.rs b/openssl-errors/build.rs new file mode 100644 index 000000000..5ecd7bae7 --- /dev/null +++ b/openssl-errors/build.rs @@ -0,0 +1,13 @@ +#![allow(clippy::inconsistent_digit_grouping, clippy::unusual_byte_groupings)] + +use std::env; + +fn main() { + if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { + let version = u64::from_str_radix(&version, 16).unwrap(); + + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=ossl300"); + } + } +} diff --git a/openssl-errors/src/lib.rs b/openssl-errors/src/lib.rs index bb8d05bfd..e478975f5 100644 --- a/openssl-errors/src/lib.rs +++ b/openssl-errors/src/lib.rs @@ -47,6 +47,7 @@ #![warn(missing_docs)] #![doc(html_root_url = "https://docs.rs/openssl-errors/0.1")] +use cfg_if::cfg_if; use libc::{c_char, c_int}; use std::borrow::Cow; use std::marker::PhantomData; @@ -70,19 +71,37 @@ pub trait Library { fn id() -> c_int; } +cfg_if! { + if #[cfg(ossl300)] { + type FunctionInner = *const c_char; + } else { + type FunctionInner = c_int; + } +} + /// A function declaration, parameterized by its error library. -pub struct Function(c_int, PhantomData); +pub struct Function(FunctionInner, PhantomData); + +// manual impls necessary for the 3.0.0 case +unsafe impl Sync for Function where T: Sync {} +unsafe impl Send for Function where T: Send {} impl Function { - /// Creates a function from its raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + /// + /// # Safety + /// + /// The inner value must be valid for the lifetime of the process. + #[doc(hidden)] #[inline] - pub const fn from_raw(raw: c_int) -> Function { + pub const unsafe fn __from_raw(raw: FunctionInner) -> Function { Function(raw, PhantomData) } - /// Returns the function's raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn as_raw(&self) -> c_int { + pub const fn __as_raw(&self) -> FunctionInner { self.0 } } @@ -91,15 +110,17 @@ impl Function { pub struct Reason(c_int, PhantomData); impl Reason { - /// Creates a reason from its raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn from_raw(raw: c_int) -> Reason { + pub const fn __from_raw(raw: c_int) -> Reason { Reason(raw, PhantomData) } - /// Returns the reason's raw identifier. + /// This is not considered a part of the crate's public API, and is subject to change at any time. + #[doc(hidden)] #[inline] - pub const fn as_raw(&self) -> c_int { + pub const fn __as_raw(&self) -> c_int { self.0 } } @@ -119,13 +140,37 @@ pub unsafe fn __put_error( ) where T: Library, { - openssl_sys::ERR_put_error( - T::id(), - func.as_raw(), - reason.as_raw(), - file.as_ptr() as *const c_char, - line as c_int, - ); + put_error_inner(T::id(), func.0, reason.0, file, line, message) +} + +unsafe fn put_error_inner( + library: c_int, + func: FunctionInner, + reason: c_int, + file: &'static str, + line: u32, + message: Option>, +) { + cfg_if! { + if #[cfg(ossl300)] { + openssl_sys::ERR_new(); + openssl_sys::ERR_set_debug( + file.as_ptr() as *const c_char, + line as c_int, + func, + ); + openssl_sys::ERR_set_error(library, reason, ptr::null()); + } else { + openssl_sys::ERR_put_error( + library, + func, + reason, + file.as_ptr() as *const c_char, + line as c_int, + ); + } + } + let data = match message { Some(Cow::Borrowed(s)) => Some((s.as_ptr() as *const c_char as *mut c_char, 0)), Some(Cow::Owned(s)) => { @@ -223,31 +268,11 @@ macro_rules! openssl_errors { fn id() -> $crate::export::c_int { static INIT: $crate::export::Once = $crate::export::Once::new(); static mut LIB_NUM: $crate::export::c_int = 0; - static mut STRINGS: [ - $crate::export::ERR_STRING_DATA; - 2 + $crate::openssl_errors!(@count $($func_name;)* $($reason_name;)*) - ] = [ - $crate::export::ERR_STRING_DATA { - error: 0, - string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - $( - $crate::export::ERR_STRING_DATA { - error: $crate::export::ERR_PACK(0, $lib_name::$func_name.as_raw(), 0), - string: concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - )* - $( - $crate::export::ERR_STRING_DATA { - error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.as_raw()), - string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, - }, - )* - $crate::export::ERR_STRING_DATA { - error: 0, - string: $crate::export::null(), - } - ]; + $crate::__openssl_errors_helper! { + @strings $lib_name($lib_str) + functions { $($func_name($func_str);)* } + reasons { $($reason_name($reason_str);)* } + } unsafe { INIT.call_once(|| { @@ -263,19 +288,21 @@ macro_rules! openssl_errors { } impl $lib_name { - $crate::openssl_errors!(@func_consts $lib_name; 1; $($(#[$func_attr])* $func_name;)*); + $crate::openssl_errors!(@func_consts $lib_name; 1; $($(#[$func_attr])* $func_name($func_str);)*); $crate::openssl_errors!(@reason_consts $lib_name; 1; $($(#[$reason_attr])* $reason_name;)*); } )*}; - (@func_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident; $($tt:tt)*) => { + (@func_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident($str:expr); $($tt:tt)*) => { $(#[$attr])* - pub const $name: $crate::Function<$lib_name> = $crate::Function::from_raw($n); + pub const $name: $crate::Function<$lib_name> = unsafe { + $crate::Function::__from_raw($crate::__openssl_errors_helper!(@func_value $n, $str)) + }; $crate::openssl_errors!(@func_consts $lib_name; $n + 1; $($tt)*); }; (@func_consts $lib_name:ident; $n:expr;) => {}; (@reason_consts $lib_name:ident; $n:expr; $(#[$attr:meta])* $name:ident; $($tt:tt)*) => { $(#[$attr])* - pub const $name: $crate::Reason<$lib_name> = $crate::Reason::from_raw($n); + pub const $name: $crate::Reason<$lib_name> = $crate::Reason::__from_raw($n); $crate::openssl_errors!(@reason_consts $lib_name; $n + 1; $($tt)*); }; (@reason_consts $lib_name:ident; $n:expr;) => {}; @@ -284,3 +311,77 @@ macro_rules! openssl_errors { }; (@count) => { 0 }; } + +cfg_if! { + if #[cfg(ossl300)] { + #[doc(hidden)] + #[macro_export] + macro_rules! __openssl_errors_helper { + ( + @strings $lib_name:ident($lib_str:expr) + functions { $($func_name:ident($func_str:expr);)* } + reasons { $($reason_name:ident($reason_str:expr);)* } + ) => { + static mut STRINGS: [ + $crate::export::ERR_STRING_DATA; + 2 + $crate::openssl_errors!(@count $($reason_name;)*) + ] = [ + $crate::export::ERR_STRING_DATA { + error: 0, + string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.__as_raw()), + string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $crate::export::ERR_STRING_DATA { + error: 0, + string: $crate::export::null(), + } + ]; + }; + (@func_value $n:expr, $func_str:expr) => { + concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char + }; + } + } else { + #[doc(hidden)] + #[macro_export] + macro_rules! __openssl_errors_helper { + ( + @strings $lib_name:ident($lib_str:expr) + functions { $($func_name:ident($func_str:expr);)* } + reasons { $($reason_name:ident($reason_str:expr);)* } + ) => { + static mut STRINGS: [ + $crate::export::ERR_STRING_DATA; + 2 + $crate::openssl_errors!(@count $($func_name;)* $($reason_name;)*) + ] = [ + $crate::export::ERR_STRING_DATA { + error: 0, + string: concat!($lib_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, $lib_name::$func_name.__as_raw(), 0), + string: concat!($func_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $( + $crate::export::ERR_STRING_DATA { + error: $crate::export::ERR_PACK(0, 0, $lib_name::$reason_name.__as_raw()), + string: concat!($reason_str, "\0").as_ptr() as *const $crate::export::c_char, + }, + )* + $crate::export::ERR_STRING_DATA { + error: 0, + string: $crate::export::null(), + } + ]; + }; + (@func_value $n:expr, $func_str:expr) => {$n}; + } + } +} diff --git a/openssl-errors/tests/test.rs b/openssl-errors/tests/test.rs index cb44cf92e..089887249 100644 --- a/openssl-errors/tests/test.rs +++ b/openssl-errors/tests/test.rs @@ -1,3 +1,4 @@ +use cfg_if::cfg_if; use openssl::error::Error; openssl_errors::openssl_errors! { @@ -27,8 +28,15 @@ fn basic() { error.file().replace(r"\", "/"), "openssl-errors/tests/test.rs" ); - assert_eq!(error.line(), 19); - assert_eq!(error.data(), None); + assert_eq!(error.line(), 20); + cfg_if! { + if #[cfg(ossl300)] { + // https://github.com/openssl/openssl/issues/12530 + assert!(error.data() == None || error.data() == Some("")); + } else { + assert_eq!(error.data(), None); + } + } } #[test] @@ -44,7 +52,7 @@ fn static_data() { error.file().replace(r"\", "/"), "openssl-errors/tests/test.rs" ); - assert_eq!(error.line(), 36); + assert_eq!(error.line(), 44); assert_eq!(error.data(), Some("foobar")); } @@ -61,6 +69,6 @@ fn dynamic_data() { error.file().replace(r"\", "/"), "openssl-errors/tests/test.rs" ); - assert_eq!(error.line(), 53); + assert_eq!(error.line(), 61); assert_eq!(error.data(), Some("hello world")); } diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs index e556b4bb7..18b3e3deb 100644 --- a/openssl-sys/build/cfgs.rs +++ b/openssl-sys/build/cfgs.rs @@ -37,6 +37,9 @@ pub fn get(openssl_version: Option, libressl_version: Option) -> Vec<& } else { let openssl_version = openssl_version.unwrap(); + if openssl_version >= 0x3_00_00_00_0 { + cfgs.push("ossl300"); + } if openssl_version >= 0x1_00_01_00_0 { cfgs.push("ossl101"); } diff --git a/openssl-sys/build/expando.c b/openssl-sys/build/expando.c index dd3dace0f..0f5cff413 100644 --- a/openssl-sys/build/expando.c +++ b/openssl-sys/build/expando.c @@ -4,8 +4,13 @@ #define VERSION2(n, v) RUST_VERSION_##n##_##v #define VERSION(n, v) VERSION2(n, v) +#define NEW_VERSION2(a, b, c) RUST_VERSION_NEW_OPENSSL_##a##_##b##_##c +#define NEW_VERSION(a, b, c) NEW_VERSION2(a, b, c) + #ifdef LIBRESSL_VERSION_NUMBER VERSION(LIBRESSL, LIBRESSL_VERSION_NUMBER) +#elif defined OPENSSL_VERSION_MAJOR +NEW_VERSION(OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH) #else VERSION(OPENSSL, OPENSSL_VERSION_NUMBER) #endif @@ -85,3 +90,7 @@ RUST_CONF_OPENSSL_NO_STDIO #ifdef OPENSSL_NO_SM3 RUST_CONF_OPENSSL_NO_SM3 #endif + +#ifdef OPENSSL_NO_DEPRECATED_3_0 +RUST_CONF_OPENSSL_NO_DEPRECATED_3_0 +#endif diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 681472221..88752d995 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -179,11 +179,15 @@ See rust-openssl README for more information: let line = line.trim(); let openssl_prefix = "RUST_VERSION_OPENSSL_"; + let new_openssl_prefix = "RUST_VERSION_NEW_OPENSSL_"; let libressl_prefix = "RUST_VERSION_LIBRESSL_"; let conf_prefix = "RUST_CONF_"; if line.starts_with(openssl_prefix) { let version = &line[openssl_prefix.len()..]; openssl_version = Some(parse_version(version)); + } else if line.starts_with(new_openssl_prefix) { + let version = &line[new_openssl_prefix.len()..]; + openssl_version = Some(parse_new_version(version)); } else if line.starts_with(libressl_prefix) { let version = &line[libressl_prefix.len()..]; libressl_version = Some(parse_version(version)); @@ -244,8 +248,10 @@ See rust-openssl README for more information: let openssl_version = openssl_version.unwrap(); println!("cargo:version_number={:x}", openssl_version); - if openssl_version >= 0x1_01_02_00_0 { + if openssl_version >= 0x4_00_00_00_0 { version_error() + } else if openssl_version >= 0x3_00_00_00_0 { + Version::Openssl11x } else if openssl_version >= 0x1_01_01_00_0 { println!("cargo:version=111"); Version::Openssl11x @@ -297,6 +303,17 @@ fn parse_version(version: &str) -> u64 { u64::from_str_radix(version, 16).unwrap() } +// parses a string that looks like 3_0_0 +fn parse_new_version(version: &str) -> u64 { + println!("version: {}", version); + let mut it = version.split('_'); + let major = it.next().unwrap().parse::().unwrap(); + let minor = it.next().unwrap().parse::().unwrap(); + let patch = it.next().unwrap().parse::().unwrap(); + + (major << 28) | (minor << 20) | (patch << 4) +} + /// Given a libdir for OpenSSL (where artifacts are located) as well as the name /// of the libraries we're linking to, figure out whether we should link them /// statically or dynamically. diff --git a/openssl-sys/src/cms.rs b/openssl-sys/src/cms.rs index ad5d7160a..59596307f 100644 --- a/openssl-sys/src/cms.rs +++ b/openssl-sys/src/cms.rs @@ -6,9 +6,16 @@ pub enum CMS_ContentInfo {} extern "C" { #[cfg(ossl101)] pub fn CMS_ContentInfo_free(cms: *mut ::CMS_ContentInfo); - #[cfg(ossl101)] - pub fn i2d_CMS_ContentInfo(a: *mut ::CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; +} +const_ptr_api! { + extern "C" { + #[cfg(ossl101)] + pub fn i2d_CMS_ContentInfo(a: #[const_ptr_if(ossl300)] CMS_ContentInfo, pp: *mut *mut c_uchar) -> c_int; + } +} + +extern "C" { #[cfg(ossl101)] pub fn d2i_CMS_ContentInfo( a: *mut *mut ::CMS_ContentInfo, diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 6d8096f73..63a95a289 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -121,9 +121,9 @@ cfg_if! { } extern "C" { - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode() -> c_int; - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/dtls1.rs b/openssl-sys/src/dtls1.rs index 08b7a489c..9ef5e77f7 100644 --- a/openssl-sys/src/dtls1.rs +++ b/openssl-sys/src/dtls1.rs @@ -1,3 +1,9 @@ use libc::*; -pub const DTLS1_COOKIE_LENGTH: c_uint = 256; +cfg_if! { + if #[cfg(ossl300)] { + pub const DTLS1_COOKIE_LENGTH: c_uint = 255; + } else { + pub const DTLS1_COOKIE_LENGTH: c_uint = 256; + } +} diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index dc02b8f1a..5df732635 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -3,25 +3,68 @@ use libc::*; pub const ERR_TXT_MALLOCED: c_int = 0x01; pub const ERR_TXT_STRING: c_int = 0x02; +pub const ERR_LIB_SYS: c_int = 2; pub const ERR_LIB_PEM: c_int = 9; -const_fn! { - pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { - ((l as c_ulong & 0x0FF) << 24) | - ((f as c_ulong & 0xFFF) << 12) | - (r as c_ulong & 0xFFF) - } +cfg_if! { + if #[cfg(ossl300)] { + pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1; + pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong; - pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { - ((l >> 24) & 0x0FF) as c_int - } + pub const ERR_LIB_OFFSET: c_ulong = 23; + pub const ERR_LIB_MASK: c_ulong = 0xff; + pub const ERR_RFLAGS_OFFSET: c_ulong = 18; + pub const ERR_RFLAGS_MASK: c_ulong = 0x1f; + pub const ERR_REASON_MASK: c_ulong = 0x7FFFFF; - pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { - ((l >> 12) & 0xFFF) as c_int - } + pub const ERR_RFLAG_FATAL: c_ulong = 0x1 << ERR_RFLAGS_OFFSET; + + const_fn! { + pub const fn ERR_SYSTEM_ERROR(errcode: c_ulong) -> bool { + errcode & ERR_SYSTEM_FLAG != 0 + } + + pub const fn ERR_GET_LIB(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + (((errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_GET_FUNC(_errcode: c_ulong) -> c_int { + 0 + } + + pub const fn ERR_GET_REASON(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + ((errcode & ERR_REASON_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_PACK(lib: c_int, _func: c_int, reason: c_int) -> c_ulong { + ((lib as c_ulong & ERR_LIB_MASK) << ERR_LIB_OFFSET) | + ((reason as c_ulong & ERR_REASON_MASK)) + } + } + } else { + const_fn! { + pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { + ((l as c_ulong & 0x0FF) << 24) | + ((f as c_ulong & 0xFFF) << 12) | + (r as c_ulong & 0xFFF) + } + + pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { + ((l >> 24) & 0x0FF) as c_int + } - pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { - (l & 0xFFF) as c_int + pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { + ((l >> 12) & 0xFFF) as c_int + } + + pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { + (l & 0xFFF) as c_int + } + } } } @@ -31,11 +74,32 @@ pub struct ERR_STRING_DATA { pub string: *const c_char, } +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn ERR_new(); + pub fn ERR_set_debug(file: *const c_char, line: c_int, func: *const c_char); + pub fn ERR_set_error(lib: c_int, reason: c_int, fmt: *const c_char, ...); + } + } else { + extern "C" { + pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); + } + } +} + extern "C" { - pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); pub fn ERR_get_error() -> c_ulong; + #[cfg(ossl300)] + pub fn ERR_get_error_all( + file: *mut *const c_char, + line: *mut c_int, + func: *mut *const c_char, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong; pub fn ERR_get_error_line_data( file: *mut *const c_char, line: *mut c_int, diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index b00dc413e..5034a2b03 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -29,15 +29,60 @@ pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD { EVP_get_digestbyname(OBJ_nid2sn(type_)) } -extern "C" { - pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; - pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_MD_get_size(md: *const EVP_MD) -> c_int; + pub fn EVP_MD_get_type(md: *const EVP_MD) -> c_int; + + pub fn EVP_CIPHER_get_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_get_nid(cipher: *const EVP_CIPHER) -> c_int; + } + + #[inline] + pub unsafe fn EVP_MD_size(md: *const EVP_MD) -> c_int { + EVP_MD_get_size(md) + } + + #[inline] + pub unsafe fn EVP_MD_type(md: *const EVP_MD) -> c_int { + EVP_MD_get_type(md) + } + + #[inline] + pub unsafe fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_key_length(cipher) + } + + #[inline] + pub unsafe fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_block_size(cipher) + } - pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; - pub fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int; + #[inline] + pub unsafe fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_iv_length(cipher) + } + + #[inline] + pub unsafe fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int { + EVP_CIPHER_get_nid(cipher) + } + } else { + extern "C" { + pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; + pub fn EVP_MD_type(md: *const EVP_MD) -> c_int; + + pub fn EVP_CIPHER_key_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_block_size(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_iv_length(cipher: *const EVP_CIPHER) -> c_int; + pub fn EVP_CIPHER_nid(cipher: *const EVP_CIPHER) -> c_int; + } + } } +extern "C" {} cfg_if! { if #[cfg(ossl110)] { @@ -58,6 +103,16 @@ extern "C" { -> c_int; pub fn EVP_DigestUpdate(ctx: *mut EVP_MD_CTX, data: *const c_void, n: size_t) -> c_int; pub fn EVP_DigestFinal_ex(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; + #[cfg(ossl300)] + pub fn EVP_Q_digest( + libctx: *mut OSSL_LIB_CTX, + name: *const c_char, + propq: *const c_char, + data: *const c_void, + count: size_t, + md: *mut c_uchar, + size: *mut c_uint, + ) -> c_int; pub fn EVP_DigestInit(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD) -> c_int; pub fn EVP_DigestFinal(ctx: *mut EVP_MD_CTX, res: *mut u8, n: *mut u32) -> c_int; #[cfg(ossl111)] @@ -175,9 +230,22 @@ extern "C" { outl: *mut c_int, ) -> c_int; } -const_ptr_api! { - extern "C" { - pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_get_size(pkey: *const EVP_PKEY) -> c_int; + } + + #[inline] + pub unsafe fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_size(pkey) + } + } else { + const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; + } + } } } cfg_if! { @@ -301,12 +369,33 @@ extern "C" { pub fn EVP_get_digestbyname(name: *const c_char) -> *const EVP_MD; pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER; - - pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; } -const_ptr_api! { - extern "C" { - pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_get_id(pkey: *const EVP_PKEY) -> c_int; + pub fn EVP_PKEY_get_bits(key: *const EVP_PKEY) -> c_int; + } + + #[inline] + pub unsafe fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_id(pkey) + } + + #[inline] + pub unsafe fn EVP_PKEY_bits(pkey: *const EVP_PKEY) -> c_int { + EVP_PKEY_get_bits(pkey) + } + } else { + extern "C" { + pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; + } + const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; + } + } } } extern "C" { @@ -369,13 +458,25 @@ extern "C" { } pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; -pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; -pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; -pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; -pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; -pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; -pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; -pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; +cfg_if! { + if #[cfg(ossl300)] { + pub const EVP_PKEY_OP_SIGN: c_int = 1 << 4; + pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 5; + pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 6; + pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 7; + pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 8; + pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 9; + pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 10; + } else { + pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; + pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; + pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; + pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; + pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; + pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; + pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; + } +} pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9596a59b5..fd92209c2 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -46,6 +46,7 @@ pub use ssl::*; pub use ssl3::*; pub use stack::*; pub use tls1::*; +pub use types::*; pub use x509::*; pub use x509_vfy::*; pub use x509v3::*; @@ -83,6 +84,7 @@ mod ssl; mod ssl3; mod stack; mod tls1; +mod types; mod x509; mod x509_vfy; mod x509v3; diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs index ff7092378..4a9f7752c 100644 --- a/openssl-sys/src/ocsp.rs +++ b/openssl-sys/src/ocsp.rs @@ -82,7 +82,15 @@ extern "C" { pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); pub fn OCSP_RESPONSE_new() -> *mut OCSP_RESPONSE; pub fn OCSP_RESPONSE_free(r: *mut OCSP_RESPONSE); - pub fn i2d_OCSP_RESPONSE(a: *mut OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; +} + +const_ptr_api! { + extern "C" { + pub fn i2d_OCSP_RESPONSE(a: #[const_ptr_if(ossl300)] OCSP_RESPONSE, pp: *mut *mut c_uchar) -> c_int; + } +} + +extern "C" { pub fn d2i_OCSP_RESPONSE( a: *mut *mut OCSP_RESPONSE, pp: *mut *const c_uchar, @@ -92,7 +100,15 @@ extern "C" { pub fn OCSP_CERTID_free(id: *mut OCSP_CERTID); pub fn OCSP_REQUEST_new() -> *mut OCSP_REQUEST; pub fn OCSP_REQUEST_free(r: *mut OCSP_REQUEST); - pub fn i2d_OCSP_REQUEST(a: *mut OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; +} + +const_ptr_api! { + extern "C" { + pub fn i2d_OCSP_REQUEST(a: #[const_ptr_if(ossl300)] OCSP_REQUEST, pp: *mut *mut c_uchar) -> c_int; + } +} + +extern "C" { pub fn d2i_OCSP_REQUEST( a: *mut *mut OCSP_REQUEST, pp: *mut *const c_uchar, diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 2ad6ee65c..fd9a0544e 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -439,6 +439,8 @@ pub struct X509V3_CTX { crl: *mut c_void, db_meth: *mut c_void, db: *mut c_void, + #[cfg(ossl300)] + issuer_pkey: *mut c_void, // I like the last comment line, it is copied from OpenSSL sources: // Maybe more here } diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 3cdc89826..561930a1f 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -18,36 +18,79 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509; - pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; - pub fn PEM_read_bio_X509_CRL( - bio: *mut BIO, - out: *mut *mut X509_CRL, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut X509_CRL; - pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: *mut X509_CRL) -> c_int; +} + +const_ptr_api! { + extern "C" { + pub fn PEM_write_bio_X509(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509) -> c_int; + pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: #[const_ptr_if(ossl300)] RSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: #[const_ptr_if(ossl300)] DSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: #[const_ptr_if(ossl300)] EC_KEY, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; + pub fn PEM_write_bio_PrivateKey( + bio: *mut BIO, + pkey: #[const_ptr_if(ossl300)] EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + pub fn PEM_write_bio_PKCS8PrivateKey( + bio: *mut BIO, + pkey: #[const_ptr_if(ossl300)] EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_char, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: #[const_ptr_if(ossl300)] PKCS7) -> c_int; + pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; + pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_CRL) -> c_int; + } +} + +extern "C" { pub fn PEM_read_bio_X509_REQ( bio: *mut BIO, out: *mut *mut X509_REQ, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509_REQ; - pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; pub fn PEM_read_bio_RSAPrivateKey( bio: *mut BIO, rsa: *mut *mut RSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut RSA; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: *mut RSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_RSAPublicKey( bio: *mut BIO, rsa: *mut *mut RSA, @@ -61,51 +104,30 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut RSA; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; pub fn PEM_read_bio_DSAPrivateKey( bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut DSA; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *mut DSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_DSA_PUBKEY( bp: *mut BIO, dsa: *mut *mut DSA, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut DSA; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *mut DSA) -> c_int; pub fn PEM_read_bio_ECPrivateKey( bio: *mut BIO, key: *mut *mut EC_KEY, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EC_KEY; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: *mut EC_KEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_EC_PUBKEY( bp: *mut BIO, ec: *mut *mut EC_KEY, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EC_KEY; - pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: *mut EC_KEY) -> c_int; pub fn PEM_read_bio_DHparams( bio: *mut BIO, out: *mut *mut DH, @@ -119,32 +141,13 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EVP_PKEY; - pub fn PEM_write_bio_PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn PEM_read_bio_PUBKEY( bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: pem_password_cb, user_data: *mut c_void, ) -> *mut EVP_PKEY; - pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn PEM_write_bio_PKCS8PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_char, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; pub fn d2i_PKCS8PrivateKey_bio( bp: *mut BIO, x: *mut *mut EVP_PKEY, @@ -165,8 +168,6 @@ extern "C" { u: *mut c_void, ) -> *mut PKCS7; - pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; - #[cfg(ossl101)] pub fn PEM_read_bio_CMS( bio: *mut BIO, diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index 1db74ebb4..583c5fc6b 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -6,7 +6,13 @@ pub enum PKCS12 {} extern "C" { pub fn PKCS12_free(p12: *mut PKCS12); - pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn i2d_PKCS12(a: #[const_ptr_if(ossl300)] PKCS12, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; pub fn PKCS12_parse( @@ -31,9 +37,7 @@ const_ptr_api! { mac_iter: c_int, keytype: c_int, ) -> *mut PKCS12; - } -} -extern "C" { - pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; + pub fn i2d_PKCS12_bio(b: *mut BIO, a: #[const_ptr_if(ossl300)] PKCS12) -> c_int; + } } diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index 53e7e8ab5..d8d0fdfcc 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -30,9 +30,15 @@ pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; extern "C" { pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7; +} - pub fn i2d_PKCS7(a: *mut PKCS7, buf: *mut *mut u8) -> c_int; +const_ptr_api! { + extern "C" { + pub fn i2d_PKCS7(a: #[const_ptr_if(ossl300)] PKCS7, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { pub fn PKCS7_encrypt( certs: *mut stack_st_X509, b: *mut BIO, diff --git a/openssl-sys/src/rsa.rs b/openssl-sys/src/rsa.rs index 960498088..85359cd66 100644 --- a/openssl-sys/src/rsa.rs +++ b/openssl-sys/src/rsa.rs @@ -5,48 +5,59 @@ use *; pub const RSA_F4: c_long = 0x10001; -pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_RSA_PADDING, - pad, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - -1, - EVP_PKEY_CTRL_GET_RSA_PADDING, - 0, - ppad as *mut c_void, - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, - len, - ptr::null_mut(), - ) -} - -pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { - EVP_PKEY_CTX_ctrl( - ctx, - EVP_PKEY_RSA, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, - 0, - md as *mut c_void, - ) +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: c_int) -> c_int; + pub fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad_mode: *mut c_int) -> c_int; + + pub fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int; + pub fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int; + } + } else { + pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + -1, + EVP_PKEY_CTRL_RSA_PADDING, + pad, + ptr::null_mut(), + ) + } + pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + -1, + EVP_PKEY_CTRL_GET_RSA_PADDING, + 0, + ppad as *mut c_void, + ) + } + + pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, + len, + ptr::null_mut(), + ) + } + + pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { + EVP_PKEY_CTX_ctrl( + ctx, + EVP_PKEY_RSA, + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_MGF1_MD, + 0, + md as *mut c_void, + ) + } + } } #[cfg(any(ossl102, libressl310))] @@ -90,6 +101,7 @@ pub const EVP_PKEY_CTRL_RSA_OAEP_MD: c_int = EVP_PKEY_ALG_CTRL + 9; pub const EVP_PKEY_CTRL_RSA_OAEP_LABEL: c_int = EVP_PKEY_ALG_CTRL + 10; pub const RSA_PKCS1_PADDING: c_int = 1; +#[cfg(not(ossl300))] pub const RSA_SSLV23_PADDING: c_int = 2; pub const RSA_NO_PADDING: c_int = 3; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; diff --git a/openssl-sys/src/sha.rs b/openssl-sys/src/sha.rs index e8d1403f7..faa57d47f 100644 --- a/openssl-sys/src/sha.rs +++ b/openssl-sys/src/sha.rs @@ -1,73 +1,189 @@ use libc::*; +use std::ptr; +use *; -pub type SHA_LONG = c_uint; +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + pub type SHA_LONG = c_uint; -pub const SHA_LBLOCK: c_int = 16; + pub const SHA_LBLOCK: c_int = 16; -#[repr(C)] -#[derive(Clone)] -pub struct SHA_CTX { - pub h0: SHA_LONG, - pub h1: SHA_LONG, - pub h2: SHA_LONG, - pub h3: SHA_LONG, - pub h4: SHA_LONG, - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], - pub num: c_uint, + #[repr(C)] + #[derive(Clone)] + pub struct SHA_CTX { + pub h0: SHA_LONG, + pub h1: SHA_LONG, + pub h2: SHA_LONG, + pub h3: SHA_LONG, + pub h4: SHA_LONG, + pub Nl: SHA_LONG, + pub Nh: SHA_LONG, + pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub num: c_uint, + } + + extern "C" { + pub fn SHA1_Init(c: *mut SHA_CTX) -> c_int; + pub fn SHA1_Update(c: *mut SHA_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA1_Final(md: *mut c_uchar, c: *mut SHA_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA1_Init(c: *mut SHA_CTX) -> c_int; - pub fn SHA1_Update(c: *mut SHA_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA1_Final(md: *mut c_uchar, c: *mut SHA_CTX) -> c_int; - pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + // Ideally we'd macro define these, but that crashes ctest :( + pub unsafe fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA1\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + } else { + extern "C" { + pub fn SHA1(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } -#[repr(C)] -#[derive(Clone)] -pub struct SHA256_CTX { - pub h: [SHA_LONG; 8], - pub Nl: SHA_LONG, - pub Nh: SHA_LONG, - pub data: [SHA_LONG; SHA_LBLOCK as usize], - pub num: c_uint, - pub md_len: c_uint, +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + #[repr(C)] + #[derive(Clone)] + pub struct SHA256_CTX { + pub h: [SHA_LONG; 8], + pub Nl: SHA_LONG, + pub Nh: SHA_LONG, + pub data: [SHA_LONG; SHA_LBLOCK as usize], + pub num: c_uint, + pub md_len: c_uint, + } + + extern "C" { + pub fn SHA224_Init(c: *mut SHA256_CTX) -> c_int; + pub fn SHA224_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA224_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; + pub fn SHA256_Init(c: *mut SHA256_CTX) -> c_int; + pub fn SHA256_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA256_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA224_Init(c: *mut SHA256_CTX) -> c_int; - pub fn SHA224_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA224_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; - pub fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; - pub fn SHA256_Init(c: *mut SHA256_CTX) -> c_int; - pub fn SHA256_Update(c: *mut SHA256_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA256_Final(md: *mut c_uchar, c: *mut SHA256_CTX) -> c_int; - pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + pub unsafe fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA224\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + + pub unsafe fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA256\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + } else { + extern "C" { + pub fn SHA224(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + pub fn SHA256(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } -pub type SHA_LONG64 = u64; +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + pub type SHA_LONG64 = u64; -#[repr(C)] -#[derive(Clone)] -pub struct SHA512_CTX { - pub h: [SHA_LONG64; 8], - pub Nl: SHA_LONG64, - pub Nh: SHA_LONG64, - // this is a union but we don't want to require 1.19 - u: [SHA_LONG64; SHA_LBLOCK as usize], - pub num: c_uint, - pub md_len: c_uint, + #[repr(C)] + #[derive(Clone)] + pub struct SHA512_CTX { + pub h: [SHA_LONG64; 8], + pub Nl: SHA_LONG64, + pub Nh: SHA_LONG64, + // this is a union but we don't want to require 1.19 + u: [SHA_LONG64; SHA_LBLOCK as usize], + pub num: c_uint, + pub md_len: c_uint, + } + + extern "C" { + pub fn SHA384_Init(c: *mut SHA512_CTX) -> c_int; + pub fn SHA384_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA384_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; + pub fn SHA512_Init(c: *mut SHA512_CTX) -> c_int; + pub fn SHA512_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; + pub fn SHA512_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; + } + } } -extern "C" { - pub fn SHA384_Init(c: *mut SHA512_CTX) -> c_int; - pub fn SHA384_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA384_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; - pub fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; - pub fn SHA512_Init(c: *mut SHA512_CTX) -> c_int; - pub fn SHA512_Update(c: *mut SHA512_CTX, data: *const c_void, len: size_t) -> c_int; - pub fn SHA512_Final(md: *mut c_uchar, c: *mut SHA512_CTX) -> c_int; - pub fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; +cfg_if! { + if #[cfg(ossl300)] { + pub unsafe fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA384\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + + pub unsafe fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar { + if EVP_Q_digest( + ptr::null_mut(), + "SHA512\0".as_ptr() as *const c_char, + ptr::null(), + d as *const c_void, + n, + md, + ptr::null_mut(), + ) != 0 { + md + } else { + ptr::null_mut() + } + } + } else { + extern "C" { + pub fn SHA384(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + pub fn SHA512(d: *const c_uchar, n: size_t, md: *mut c_uchar) -> *mut c_uchar; + } + } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index f60b129bc..7ccdabb28 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -253,154 +253,171 @@ pub type SSL_custom_ext_parse_cb_ex = Option< ) -> c_int, >; -pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; +cfg_if! { + if #[cfg(ossl300)] { + macro_rules! ssl_op_type { + () => {u64}; + } + } else { + macro_rules! ssl_op_type { + () => {c_ulong}; + } + } +} + +pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004; cfg_if! { if #[cfg(libressl261)] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; + pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0; } else if #[cfg(any(ossl102, libressl))] { - pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x10; + pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10; } } #[cfg(ossl101)] -pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; +pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040; -pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800; -pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; -pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; -pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; +pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000; +pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000; +pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000; cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; + pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000; } else { - pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; + pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0; } } -pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; +pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000; cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; + pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000; } else { - pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; - pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x0; + pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0; + pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0; } } #[cfg(ossl111)] -pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; +pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000; -pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; +pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000; cfg_if! { if #[cfg(libressl280)] { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0; + pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0; } else { - pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; + pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000; } } cfg_if! { if #[cfg(ossl101)] { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; + pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000; } else { - pub const SSL_OP_NO_SSLv3: c_ulong = 0x0; + pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0; } } -pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; -pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; +pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000; +pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000; -pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; +pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000; cfg_if! { if #[cfg(ossl102)] { - pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; - pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; + pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000; + pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000; } else if #[cfg(libressl332)] { - pub const SSL_OP_NO_DTLSv1: c_ulong = 0x40000000; - pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x80000000; + pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000; + pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000; } } #[cfg(ossl111)] -pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; +pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000; #[cfg(ossl110h)] -pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000; +pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000; cfg_if! { if #[cfg(ossl111)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 + pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3; } else if #[cfg(ossl102)] { - pub const SSL_OP_NO_SSL_MASK: c_ulong = + pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; } } cfg_if! { if #[cfg(libressl261)] { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0; } else { - pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000; } } cfg_if! { - if #[cfg(ossl110f)] { - pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG + if #[cfg(ossl300)] { + pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_TLSEXT_PADDING + | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; + } else if #[cfg(ossl110f)] { + pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; } else if #[cfg(libressl261)] { - pub const SSL_OP_ALL: c_ulong = 0x4; + pub const SSL_OP_ALL: ssl_op_type!() = 0x4; } else if #[cfg(libressl)] { - pub const SSL_OP_ALL: c_ulong = 0x80000014; + pub const SSL_OP_ALL: ssl_op_type!() = 0x80000014; } else { - pub const SSL_OP_ALL: c_ulong = 0x80000BFF; + pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF; } } cfg_if! { if #[cfg(ossl110)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000000; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000000; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00000000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x00000000; } else if #[cfg(ossl101)] { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000001; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000002; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000008; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000020; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000080; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000100; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000200; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x01000000; } else { - pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x0; - pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x0; - pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; - pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; - pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0; + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0; #[cfg(libressl261)] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0; #[cfg(not(libressl261))] - pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; - pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; - pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; + pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000; + pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0; } } @@ -424,7 +441,13 @@ pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { pub const SSL_COOKIE_LENGTH: c_int = 4096; cfg_if! { - if #[cfg(ossl110)] { + if #[cfg(ossl300)] { + extern "C" { + pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> u64; + pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: u64) -> u64; + pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: u64) -> u64; + } + } else if #[cfg(ossl110)] { extern "C" { pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong; pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong; @@ -977,7 +1000,13 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int; pub fn SSL_SESSION_free(s: *mut SSL_SESSION); - pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn i2d_SSL_SESSION(s: #[const_ptr_if(ossl300)] SSL_SESSION, pp: *mut *mut c_uchar) -> c_int; + } +} +extern "C" { pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; pub fn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int; pub fn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int; @@ -987,7 +1016,10 @@ extern "C" { len: c_long, ) -> *mut SSL_SESSION; + #[cfg(not(ossl300))] pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; + #[cfg(ossl300)] + pub fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; diff --git a/openssl-sys/src/types.rs b/openssl-sys/src/types.rs new file mode 100644 index 000000000..7598fb428 --- /dev/null +++ b/openssl-sys/src/types.rs @@ -0,0 +1,2 @@ +#[cfg(ossl300)] +pub enum OSSL_LIB_CTX {} diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 509900678..62a9fd865 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -183,32 +183,38 @@ extern "C" { ) -> c_int; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; +} - pub fn i2d_X509_bio(b: *mut BIO, x: *mut X509) -> c_int; - pub fn i2d_X509_REQ_bio(b: *mut BIO, x: *mut X509_REQ) -> c_int; - pub fn i2d_PrivateKey_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn i2d_PUBKEY_bio(b: *mut BIO, x: *mut EVP_PKEY) -> c_int; - - pub fn i2d_PUBKEY(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; +const_ptr_api! { + extern "C" { + pub fn i2d_X509_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] X509) -> c_int; + pub fn i2d_X509_REQ_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; + pub fn i2d_PrivateKey_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + pub fn i2d_PUBKEY_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + + pub fn i2d_PUBKEY(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_RSA_PUBKEY(k: #[const_ptr_if(ossl300)] RSA, buf: *mut *mut u8) -> c_int; + pub fn i2d_DSA_PUBKEY(a: #[const_ptr_if(ossl300)] DSA, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_ECPrivateKey(ec_key: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; + pub fn i2d_EC_PUBKEY(a: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; + } +} +extern "C" { pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; - pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *mut *mut u8) -> c_int; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; - pub fn i2d_DSA_PUBKEY(a: *mut DSA, pp: *mut *mut c_uchar) -> c_int; pub fn d2i_EC_PUBKEY( a: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EC_KEY; - pub fn i2d_EC_PUBKEY(a: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: *mut EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn d2i_ECPrivateKey( k: *mut *mut EC_KEY, pp: *mut *const c_uchar, length: c_long, ) -> *mut EC_KEY; - pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; } const_ptr_api! { @@ -232,14 +238,27 @@ extern "C" { pub fn X509_REVOKED_new() -> *mut X509_REVOKED; pub fn X509_REVOKED_free(x: *mut X509_REVOKED); - #[cfg(any(ossl110, libressl270))] - pub fn X509_REVOKED_dup(rev: *mut X509_REVOKED) -> *mut X509_REVOKED; +} +const_ptr_api! { + extern "C" { + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_dup(rev: #[const_ptr_if(ossl300)] X509_REVOKED) -> *mut X509_REVOKED; + } +} + +extern "C" { pub fn d2i_X509_REVOKED( a: *mut *mut X509_REVOKED, pp: *mut *const c_uchar, length: c_long, ) -> *mut X509_REVOKED; - pub fn i2d_X509_REVOKED(x: *mut X509_REVOKED, buf: *mut *mut u8) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn i2d_X509_REVOKED(x: #[const_ptr_if(ossl300)] X509_REVOKED, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { pub fn X509_CRL_new() -> *mut X509_CRL; pub fn X509_CRL_free(x: *mut X509_CRL); pub fn d2i_X509_CRL( @@ -247,8 +266,14 @@ extern "C" { pp: *mut *const c_uchar, length: c_long, ) -> *mut X509_CRL; - pub fn i2d_X509_CRL(x: *mut X509_CRL, buf: *mut *mut u8) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn i2d_X509_CRL(x: #[const_ptr_if(ossl300)] X509_CRL, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { pub fn X509_REQ_new() -> *mut X509_REQ; pub fn X509_REQ_free(x: *mut X509_REQ); pub fn d2i_X509_REQ( @@ -256,11 +281,11 @@ extern "C" { pp: *mut *const c_uchar, length: c_long, ) -> *mut X509_REQ; - pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; } - const_ptr_api! { extern "C" { + pub fn i2d_X509_REQ(x: #[const_ptr_if(ossl300)] X509_REQ, buf: *mut *mut u8) -> c_int; + #[cfg(any(ossl102, libressl273))] pub fn X509_get0_signature( psig: *mut #[const_ptr_if(any(ossl110, libressl273))] ASN1_BIT_STRING, @@ -282,7 +307,13 @@ extern "C" { pub fn X509_new() -> *mut X509; pub fn X509_free(x: *mut X509); - pub fn i2d_X509(x: *mut X509, buf: *mut *mut u8) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn i2d_X509(x: #[const_ptr_if(ossl300)] X509, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { pub fn d2i_X509(a: *mut *mut X509, pp: *mut *const c_uchar, length: c_long) -> *mut X509; pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY; @@ -292,20 +323,19 @@ extern "C" { pub fn X509_get_version(x: *const X509) -> c_long; pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int; pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER; - pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; - - pub fn X509_subject_name_hash(x: *mut ::X509) -> c_ulong; } const_ptr_api! { extern "C" { - pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; + pub fn X509_set_issuer_name(x: *mut X509, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; } } extern "C" { - pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int; + pub fn X509_subject_name_hash(x: *mut ::X509) -> c_ulong; } const_ptr_api! { extern "C" { + pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; + pub fn X509_set_subject_name(x: *mut X509, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } @@ -328,12 +358,24 @@ extern "C" { pub fn X509_REQ_set_version(req: *mut X509_REQ, version: c_long) -> c_int; #[cfg(ossl110)] pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut X509_NAME; - pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; + } +} +extern "C" { pub fn X509_REQ_set_pubkey(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_get_pubkey(req: *mut X509_REQ) -> *mut EVP_PKEY; pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; - pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) - -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: #[const_ptr_if(ossl300)] stack_st_X509_EXTENSION) + -> c_int; + } +} +extern "C" { pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; #[cfg(any(ossl110, libressl273))] @@ -366,12 +408,18 @@ extern "C" { ret: *mut *mut X509_REVOKED, cert: *mut X509, ) -> c_int; - pub fn X509_CRL_get0_by_serial( - x: *mut X509_CRL, - ret: *mut *mut X509_REVOKED, - serial: *mut ASN1_INTEGER, - ) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_CRL_get0_by_serial( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + serial: #[const_ptr_if(ossl300)] ASN1_INTEGER, + ) -> c_int; + } +} +extern "C" { #[cfg(any(ossl110, libressl281))] pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; #[cfg(any(ossl110, libressl281))] @@ -385,7 +433,13 @@ extern "C" { pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; pub fn X509_CRL_set_version(crl: *mut X509_CRL, version: c_long) -> c_int; - pub fn X509_CRL_set_issuer_name(crl: *mut X509_CRL, name: *mut X509_NAME) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_CRL_set_issuer_name(crl: *mut X509_CRL, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; + } +} +extern "C" { pub fn X509_CRL_sort(crl: *mut X509_CRL) -> c_int; #[cfg(any(ossl110, libressl270))] @@ -410,11 +464,7 @@ cfg_if! { const_ptr_api! { extern "C" { pub fn X509_NAME_entry_count(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME) -> c_int; - pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(libressl280)] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - } -} -const_ptr_api! { - extern "C" { + pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(any(ossl300, libressl280))] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; pub fn X509_NAME_get_entry(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; pub fn X509_NAME_add_entry_by_NID( x: *mut X509_NAME, @@ -561,9 +611,14 @@ extern "C" { pub fn X509_verify_cert(ctx: *mut X509_STORE_CTX) -> c_int; } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl110, libressl270))] + pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT; + } +} #[cfg(any(ossl110, libressl270))] extern "C" { - pub fn X509_STORE_get0_objects(ctx: *mut X509_STORE) -> *mut stack_st_X509_OBJECT; pub fn X509_OBJECT_get0_X509(x: *const X509_OBJECT) -> *mut X509; } diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index b76d0f02a..341d72018 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -30,7 +30,13 @@ pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: c_int = 20; pub const X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: c_int = 21; pub const X509_V_ERR_CERT_CHAIN_TOO_LONG: c_int = 22; pub const X509_V_ERR_CERT_REVOKED: c_int = 23; -pub const X509_V_ERR_INVALID_CA: c_int = 24; +cfg_if! { + if #[cfg(ossl300)] { + pub const X509_V_ERR_NO_ISSUER_PUBLIC_KEY: c_int = 24; + } else { + pub const X509_V_ERR_INVALID_CA: c_int = 24; + } +} pub const X509_V_ERR_PATH_LENGTH_EXCEEDED: c_int = 25; pub const X509_V_ERR_INVALID_PURPOSE: c_int = 26; pub const X509_V_ERR_CERT_UNTRUSTED: c_int = 27; @@ -184,17 +190,25 @@ extern "C" { pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; pub fn X509_STORE_set_flags(store: *mut X509_STORE, flags: c_ulong) -> c_int; +} - pub fn X509_STORE_CTX_get_ex_data(ctx: *mut X509_STORE_CTX, idx: c_int) -> *mut c_void; - pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; +const_ptr_api! { + extern "C" { + pub fn X509_STORE_CTX_get_ex_data(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX, idx: c_int) -> *mut c_void; + pub fn X509_STORE_CTX_get_error(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_error_depth(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> c_int; + pub fn X509_STORE_CTX_get_current_cert(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> *mut X509; + } +} +extern "C" { pub fn X509_STORE_CTX_set_error(ctx: *mut X509_STORE_CTX, error: c_int); - pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int; - pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509; } cfg_if! { if #[cfg(ossl110)] { - extern "C" { - pub fn X509_STORE_CTX_get0_chain(ctx: *mut X509_STORE_CTX) -> *mut stack_st_X509; + const_ptr_api! { + extern "C" { + pub fn X509_STORE_CTX_get0_chain(ctx: #[const_ptr_if(ossl300)] X509_STORE_CTX) -> *mut stack_st_X509; + } } } else { extern "C" { @@ -211,9 +225,15 @@ extern "C" { pub fn X509_VERIFY_PARAM_set_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_clear_flags(param: *mut X509_VERIFY_PARAM, flags: c_ulong) -> c_int; - #[cfg(any(ossl102, libressl261))] - pub fn X509_VERIFY_PARAM_get_flags(param: *mut X509_VERIFY_PARAM) -> c_ulong; +} +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl261))] + pub fn X509_VERIFY_PARAM_get_flags(param: #[const_ptr_if(ossl300)] X509_VERIFY_PARAM) -> c_ulong; + } +} +extern "C" { #[cfg(any(ossl102, libressl261))] pub fn X509_VERIFY_PARAM_set1_host( param: *mut X509_VERIFY_PARAM, diff --git a/openssl/build.rs b/openssl/build.rs index 03983bdb6..688c96240 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -35,6 +35,9 @@ fn main() { if version >= 0x1_01_01_00_0 { println!("cargo:rustc-cfg=ossl111"); } + if version >= 0x3_00_00_00_0 { + println!("cargo:rustc-cfg=ossl300"); + } } if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs index dbb7e717f..c228c16d9 100644 --- a/openssl/src/cms.rs +++ b/openssl/src/cms.rs @@ -258,6 +258,7 @@ mod test { use crate::x509::X509; #[test] + #[cfg_attr(ossl300, ignore)] // 3.0.0 can't load RC2-40-CBC fn cms_encrypt_decrypt() { // load cert with public key only let pub_cert_bytes = include_bytes!("../test/cms_pubkey.der"); diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs index 72c2eae97..87c4d8c11 100644 --- a/openssl/src/dh.rs +++ b/openssl/src/dh.rs @@ -387,41 +387,12 @@ mod tests { } #[test] + #[cfg(ossl102)] fn test_dh_stored_restored() { - let prime_p = BigNum::from_hex_str( - "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF\ - 4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B47\ - 58C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B6\ - 3ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5\ - 140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710\ - C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", - ).unwrap(); - let prime_q = BigNum::from_hex_str( - "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED\ - 4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A\ - 57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5\ - 045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E\ - 052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67E\ - B6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", - ).unwrap(); - let generator = BigNum::from_hex_str( - "8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", - ) - .unwrap(); - let dh1 = Dh::from_params( - prime_p.to_owned().unwrap(), - generator.to_owned().unwrap(), - prime_q.to_owned().unwrap(), - ) - .unwrap(); + let dh1 = Dh::get_2048_256().unwrap(); let key1 = dh1.generate_key().unwrap(); - let dh2 = Dh::from_params( - prime_p.to_owned().unwrap(), - generator.to_owned().unwrap(), - prime_q.to_owned().unwrap(), - ) - .unwrap(); + let dh2 = Dh::get_2048_256().unwrap(); let key2 = dh2 .set_private_key(key1.private_key().to_owned().unwrap()) .unwrap(); diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 1c0624128..8f202b4f4 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -1163,13 +1163,13 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); - assert_eq!(g.is_infinity(&group), false); + assert!(!g.is_infinity(&group)); let mut order = BigNum::new().unwrap(); group.order(&mut order, &mut ctx).unwrap(); let mut inf = EcPoint::new(&group).unwrap(); inf.mul_generator(&group, &order, &ctx).unwrap(); - assert_eq!(inf.is_infinity(&group), true); + assert!(inf.is_infinity(&group)); } #[test] @@ -1177,9 +1177,9 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); - assert_eq!(g.is_on_curve(&group, &mut ctx).unwrap(), true); + assert!(g.is_on_curve(&group, &mut ctx).unwrap()); let group2 = EcGroup::from_curve_name(Nid::X9_62_PRIME239V3).unwrap(); - assert_eq!(g.is_on_curve(&group2, &mut ctx).unwrap(), false); + assert!(!g.is_on_curve(&group2, &mut ctx).unwrap()); } } diff --git a/openssl/src/error.rs b/openssl/src/error.rs index cec392257..3d2cfac65 100644 --- a/openssl/src/error.rs +++ b/openssl/src/error.rs @@ -15,6 +15,7 @@ //! Err(e) => println!("Parsing Error: {:?}", e), //! } //! ``` +use cfg_if::cfg_if; use libc::{c_char, c_int, c_ulong}; use std::borrow::Cow; use std::error; @@ -93,6 +94,7 @@ pub struct Error { code: c_ulong, file: *const c_char, line: c_int, + func: *const c_char, data: Option>, } @@ -107,9 +109,10 @@ impl Error { let mut file = ptr::null(); let mut line = 0; + let mut func = ptr::null(); let mut data = ptr::null(); let mut flags = 0; - match ffi::ERR_get_error_line_data(&mut file, &mut line, &mut data, &mut flags) { + match ERR_get_error_all(&mut file, &mut line, &mut func, &mut data, &mut flags) { 0 => None, code => { // The memory referenced by data is only valid until that slot is overwritten @@ -130,6 +133,7 @@ impl Error { code, file, line, + func, data, }) } @@ -139,14 +143,9 @@ impl Error { /// Pushes the error back onto the OpenSSL error stack. pub fn put(&self) { + self.put_error(); + unsafe { - ffi::ERR_put_error( - ffi::ERR_GET_LIB(self.code), - ffi::ERR_GET_FUNC(self.code), - ffi::ERR_GET_REASON(self.code), - self.file, - self.line, - ); let data = match self.data { Some(Cow::Borrowed(data)) => Some((data.as_ptr() as *mut c_char, 0)), Some(Cow::Owned(ref data)) => { @@ -171,6 +170,32 @@ impl Error { } } + #[cfg(ossl300)] + fn put_error(&self) { + unsafe { + ffi::ERR_new(); + ffi::ERR_set_debug(self.file, self.line, self.func); + ffi::ERR_set_error( + ffi::ERR_GET_LIB(self.code), + ffi::ERR_GET_REASON(self.code), + ptr::null(), + ); + } + } + + #[cfg(not(ossl300))] + fn put_error(&self) { + unsafe { + ffi::ERR_put_error( + ffi::ERR_GET_LIB(self.code), + ffi::ERR_GET_FUNC(self.code), + ffi::ERR_GET_REASON(self.code), + self.file, + self.line, + ); + } + } + /// Returns the raw OpenSSL error code for this error. pub fn code(&self) -> c_ulong { self.code @@ -191,11 +216,10 @@ impl Error { /// Returns the name of the function reporting the error. pub fn function(&self) -> Option<&'static str> { unsafe { - let cstr = ffi::ERR_func_error_string(self.code); - if cstr.is_null() { + if self.func.is_null() { return None; } - let bytes = CStr::from_ptr(cstr as *const _).to_bytes(); + let bytes = CStr::from_ptr(self.func).to_bytes(); Some(str::from_utf8(bytes).unwrap()) } } @@ -281,3 +305,22 @@ impl fmt::Display for Error { } impl error::Error for Error {} + +cfg_if! { + if #[cfg(ossl300)] { + use ffi::ERR_get_error_all; + } else { + #[allow(bad_style)] + unsafe extern "C" fn ERR_get_error_all( + file: *mut *const c_char, + line: *mut c_int, + func: *mut *const c_char, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong { + let code = ffi::ERR_get_error_line_data(file, line, data, flags); + *func = ffi::ERR_func_error_string(code); + code + } + } +} diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs index 666022c72..b906fce74 100644 --- a/openssl/src/hash.rs +++ b/openssl/src/hash.rs @@ -623,6 +623,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_ripemd160() { let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")]; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 10f2cd337..4727f3ff1 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -146,7 +146,7 @@ pub mod encrypt; pub mod envelope; pub mod error; pub mod ex_data; -#[cfg(not(libressl))] +#[cfg(not(any(libressl, ossl300)))] pub mod fips; pub mod hash; pub mod memcmp; diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index eb552ea0a..f2d4f7753 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -207,6 +207,7 @@ mod test { use super::*; #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn parse() { let der = include_bytes!("../test/identity.p12"); let pkcs12 = Pkcs12::from_der(der).unwrap(); @@ -226,6 +227,7 @@ mod test { } #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn parse_empty_chain() { let der = include_bytes!("../test/keystore-empty-chain.p12"); let pkcs12 = Pkcs12::from_der(der).unwrap(); @@ -234,6 +236,7 @@ mod test { } #[test] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11672 fn create() { let subject_name = "ns.example.com"; let rsa = Rsa::generate(2048).unwrap(); diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index f314ae187..14ad00f23 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -469,6 +469,6 @@ mod tests { let input = String::from("Invalid SMIME Message"); let result = Pkcs7::from_smime(input.as_bytes()); - assert_eq!(result.is_err(), true) + assert!(result.is_err()); } } diff --git a/openssl/src/sha.rs b/openssl/src/sha.rs index 811a5321d..11a229709 100644 --- a/openssl/src/sha.rs +++ b/openssl/src/sha.rs @@ -35,6 +35,7 @@ //! let hash = sha256(b"your data or message"); //! println!("Hash = {}", hex::encode(hash)); //! ``` +use cfg_if::cfg_if; use libc::c_void; use std::mem; @@ -98,233 +99,237 @@ pub fn sha512(data: &[u8]) -> [u8; 64] { } } -/// An object which calculates a SHA1 hash of some data. -/// -/// # Warning -/// -/// SHA1 is known to be insecure - it should not be used unless required for -/// compatibility with existing systems. -#[derive(Clone)] -pub struct Sha1(ffi::SHA_CTX); - -impl Default for Sha1 { - #[inline] - fn default() -> Sha1 { - Sha1::new() - } -} - -impl Sha1 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha1 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA1_Init(&mut ctx); - Sha1(ctx) - } - } - - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA1_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); +cfg_if! { + if #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] { + /// An object which calculates a SHA1 hash of some data. + /// + /// # Warning + /// + /// SHA1 is known to be insecure - it should not be used unless required for + /// compatibility with existing systems. + #[derive(Clone)] + pub struct Sha1(ffi::SHA_CTX); + + impl Default for Sha1 { + #[inline] + fn default() -> Sha1 { + Sha1::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 20] { - unsafe { - let mut hash: [u8; 20] = mem::uninitialized(); - ffi::SHA1_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha1 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha1 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA1_Init(&mut ctx); + Sha1(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA1_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 20] { + unsafe { + let mut hash: [u8; 20] = mem::uninitialized(); + ffi::SHA1_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} - -/// An object which calculates a SHA224 hash of some data. -#[derive(Clone)] -pub struct Sha224(ffi::SHA256_CTX); - -impl Default for Sha224 { - #[inline] - fn default() -> Sha224 { - Sha224::new() - } -} -impl Sha224 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha224 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA224_Init(&mut ctx); - Sha224(ctx) - } - } + /// An object which calculates a SHA224 hash of some data. + #[derive(Clone)] + pub struct Sha224(ffi::SHA256_CTX); - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA224_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha224 { + #[inline] + fn default() -> Sha224 { + Sha224::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 28] { - unsafe { - let mut hash: [u8; 28] = mem::uninitialized(); - ffi::SHA224_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha224 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha224 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA224_Init(&mut ctx); + Sha224(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA224_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 28] { + unsafe { + let mut hash: [u8; 28] = mem::uninitialized(); + ffi::SHA224_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} -/// An object which calculates a SHA256 hash of some data. -#[derive(Clone)] -pub struct Sha256(ffi::SHA256_CTX); + /// An object which calculates a SHA256 hash of some data. + #[derive(Clone)] + pub struct Sha256(ffi::SHA256_CTX); -impl Default for Sha256 { - #[inline] - fn default() -> Sha256 { - Sha256::new() - } -} - -impl Sha256 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha256 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA256_Init(&mut ctx); - Sha256(ctx) - } - } - - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA256_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha256 { + #[inline] + fn default() -> Sha256 { + Sha256::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 32] { - unsafe { - let mut hash: [u8; 32] = mem::uninitialized(); - ffi::SHA256_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha256 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha256 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA256_Init(&mut ctx); + Sha256(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA256_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 32] { + unsafe { + let mut hash: [u8; 32] = mem::uninitialized(); + ffi::SHA256_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} - -/// An object which calculates a SHA384 hash of some data. -#[derive(Clone)] -pub struct Sha384(ffi::SHA512_CTX); - -impl Default for Sha384 { - #[inline] - fn default() -> Sha384 { - Sha384::new() - } -} -impl Sha384 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha384 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA384_Init(&mut ctx); - Sha384(ctx) - } - } + /// An object which calculates a SHA384 hash of some data. + #[derive(Clone)] + pub struct Sha384(ffi::SHA512_CTX); - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA384_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Default for Sha384 { + #[inline] + fn default() -> Sha384 { + Sha384::new() + } } - } - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 48] { - unsafe { - let mut hash: [u8; 48] = mem::uninitialized(); - ffi::SHA384_Final(hash.as_mut_ptr(), &mut self.0); - hash + impl Sha384 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha384 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA384_Init(&mut ctx); + Sha384(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA384_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 48] { + unsafe { + let mut hash: [u8; 48] = mem::uninitialized(); + ffi::SHA384_Final(hash.as_mut_ptr(), &mut self.0); + hash + } + } } - } -} -/// An object which calculates a SHA512 hash of some data. -#[derive(Clone)] -pub struct Sha512(ffi::SHA512_CTX); + /// An object which calculates a SHA512 hash of some data. + #[derive(Clone)] + pub struct Sha512(ffi::SHA512_CTX); -impl Default for Sha512 { - #[inline] - fn default() -> Sha512 { - Sha512::new() - } -} - -impl Sha512 { - /// Creates a new hasher. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn new() -> Sha512 { - unsafe { - let mut ctx = mem::uninitialized(); - ffi::SHA512_Init(&mut ctx); - Sha512(ctx) + impl Default for Sha512 { + #[inline] + fn default() -> Sha512 { + Sha512::new() + } } - } - /// Feeds some data into the hasher. - /// - /// This can be called multiple times. - #[inline] - pub fn update(&mut self, buf: &[u8]) { - unsafe { - ffi::SHA512_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + impl Sha512 { + /// Creates a new hasher. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn new() -> Sha512 { + unsafe { + let mut ctx = mem::uninitialized(); + ffi::SHA512_Init(&mut ctx); + Sha512(ctx) + } + } + + /// Feeds some data into the hasher. + /// + /// This can be called multiple times. + #[inline] + pub fn update(&mut self, buf: &[u8]) { + unsafe { + ffi::SHA512_Update(&mut self.0, buf.as_ptr() as *const c_void, buf.len()); + } + } + + /// Returns the hash of the data. + #[inline] + #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 + pub fn finish(mut self) -> [u8; 64] { + unsafe { + let mut hash: [u8; 64] = mem::uninitialized(); + ffi::SHA512_Final(hash.as_mut_ptr(), &mut self.0); + hash + } } } - - /// Returns the hash of the data. - #[inline] - #[allow(deprecated)] // https://github.com/rust-lang/rust/issues/63566 - pub fn finish(mut self) -> [u8; 64] { - unsafe { - let mut hash: [u8; 64] = mem::uninitialized(); - ffi::SHA512_Final(hash.as_mut_ptr(), &mut self.0); - hash - } } } @@ -341,6 +346,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_1() { let expected = "a9993e364706816aba3e25717850c26c9cd0d89d"; @@ -351,6 +357,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn cloning_allows_incremental_hashing() { let expected = "a9993e364706816aba3e25717850c26c9cd0d89d"; @@ -373,6 +380,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_224() { let expected = "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"; @@ -391,6 +399,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_256() { let expected = "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"; @@ -411,6 +420,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_384() { let expected = "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e\ @@ -433,6 +443,7 @@ mod test { } #[test] + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] fn struct_512() { let expected = "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274\ diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index ef2b9be14..cc1724c76 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -803,6 +803,7 @@ mod test { #[test] #[cfg(ossl110)] + #[cfg_attr(ossl300, ignore)] // https://github.com/openssl/openssl/issues/11671 fn test_cmac() { let cipher = crate::symm::Cipher::aes_128_cbc(); let key = Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index a0e5a97b9..ed2fe6b51 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -60,7 +60,7 @@ use bitflags::bitflags; use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; -use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void}; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; use once_cell::sync::{Lazy, OnceCell}; use std::any::TypeId; use std::cmp; @@ -134,9 +134,17 @@ pub fn cipher_name(std_name: &str) -> &'static str { } } +cfg_if! { + if #[cfg(ossl300)] { + type SslOptionsRepr = u64; + } else { + type SslOptionsRepr = libc::c_ulong; + } +} + bitflags! { /// Options controlling the behavior of an `SslContext`. - pub struct SslOptions: c_ulong { + pub struct SslOptions: SslOptionsRepr { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; @@ -2681,7 +2689,7 @@ impl SslRef { /// [`SSL_get_peer_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_peer_certificate.html pub fn peer_certificate(&self) -> Option { unsafe { - let ptr = ffi::SSL_get_peer_certificate(self.as_ptr()); + let ptr = SSL_get1_peer_certificate(self.as_ptr()); X509::from_ptr_opt(ptr) } } @@ -4128,6 +4136,13 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl300)] { + use ffi::SSL_get1_peer_certificate; + } else { + use ffi::SSL_get_peer_certificate as SSL_get1_peer_certificate; + } +} cfg_if! { if #[cfg(any(ossl110, libressl291))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method}; diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs index fa0597ad0..0414c9a86 100644 --- a/openssl/src/symm.rs +++ b/openssl/src/symm.rs @@ -1020,6 +1020,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_rc4() { let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4"; @@ -1203,6 +1204,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_cbc() { // https://www.schneier.com/code/vectors.txt @@ -1215,6 +1217,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_ecb() { let pt = "5CD54CA83DEF57DA"; let ct = "B1B8CC0B250F09A0"; @@ -1225,6 +1228,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_cfb64() { let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3"; @@ -1235,6 +1239,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_bf_ofb() { let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"; @@ -1245,6 +1250,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_des_cbc() { let pt = "54686973206973206120746573742e"; let ct = "6f2867cfefda048a4046ef7e556c7132"; @@ -1255,6 +1261,7 @@ mod tests { } #[test] + #[cfg_attr(ossl300, ignore)] fn test_des_ecb() { let pt = "54686973206973206120746573742e"; let ct = "0050ab8aecec758843fe157b4dde938c"; @@ -1296,18 +1303,12 @@ mod tests { #[test] fn test_aes128_gcm() { - let key = "0e00c76561d2bd9b40c3c15427e2b08f"; - let iv = "492cadaccd3ca3fbc9cf9f06eb3325c4e159850b0dbe98199b89b7af528806610b6f63998e1eae80c348e7\ - 4cbb921d8326631631fc6a5d304f39166daf7ea15fa1977f101819adb510b50fe9932e12c5a85aa3fd1e73\ - d8d760af218be829903a77c63359d75edd91b4f6ed5465a72662f5055999e059e7654a8edc921aa0d496"; - let pt = "fef03c2d7fb15bf0d2df18007d99f967c878ad59359034f7bb2c19af120685d78e32f6b8b83b032019956c\ - a9c0195721476b85"; - let aad = "d8f1163d8c840292a2b2dacf4ac7c36aff8733f18fabb4fa5594544125e03d1e6e5d6d0fd61656c8d8f327\ - c92839ae5539bb469c9257f109ebff85aad7bd220fdaa95c022dbd0c7bb2d878ad504122c943045d3c5eba\ - 8f1f56c0"; - let ct = "4f6cf471be7cbd2575cd5a1747aea8fe9dea83e51936beac3e68f66206922060c697ffa7af80ad6bb68f2c\ - f4fc97416ee52abe"; - let tag = "e20b6655"; + let key = "23dc8d23d95b6fd1251741a64f7d4f41"; + let iv = "f416f48ad44d9efa1179e167"; + let pt = "6cb9b71dd0ccd42cdf87e8e396fc581fd8e0d700e360f590593b748e105390de"; + let aad = "45074844c97d515c65bbe37c210a5a4b08c21c588efe5c5f73c4d9c17d34dacddc0bb6a8a53f7bf477b9780c1c2a928660df87016b2873fe876b2b887fb5886bfd63216b7eaecc046372a82c047eb043f0b063226ee52a12c69b"; + let ct = "8ad20486778e87387efb3f2574e509951c0626816722018129e578b2787969d3"; + let tag = "91e1bc09"; // this tag is smaller than you'd normally want, but I pulled this test from the part of // the NIST test vectors that cover 4 byte tags.