Commit 38f4705b authored by Benjamin Saunders's avatar Benjamin Saunders
Browse files

FFI for OpenSSL 1.1.1 custom extension support

parent 5760ded1

openssl-sys/src/lib.rs

+6 −0
Original line number Diff line number Diff line
@@ -1203,6 +1203,12 @@ pub const RSA_X931_PADDING: c_int = 5; 


pub const SHA_LBLOCK: c_int = 16;



pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47;

pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;



pub const TLS1_AD_DECODE_ERROR: c_int = 50;

pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;



pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112;

pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;

openssl-sys/src/ossl10x.rs

+3 −0
Original line number Diff line number Diff line
@@ -969,4 +969,7 @@ extern "C" { 


    pub fn SSLeay() -> c_ulong;

    pub fn SSLeay_version(key: c_int) -> *const c_char;



    #[cfg(ossl102)]

    pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;

}

openssl-sys/src/ossl110.rs

+1 −0
Original line number Diff line number Diff line
@@ -363,4 +363,5 @@ extern "C" { 
    ) -> *mut PKCS12;

    pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long;

    pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME;

    pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;

}

openssl-sys/src/ossl111.rs

+53 −1
Original line number Diff line number Diff line 
use libc::{c_char, c_int, c_ulong};

use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void};



pub type SSL_CTX_keylog_cb_func =

    Option<unsafe extern "C" fn(ssl: *const ::SSL, line: *const c_char)>;



pub type SSL_custom_ext_add_cb_ex =

    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,

                                context: c_uint,

                                out: *mut *const c_uchar,

                                outlen: *mut size_t, x: *mut ::X509,

                                chainidx: size_t, al: *mut c_int,

                                add_arg: *mut c_void) -> c_int>;



pub type SSL_custom_ext_free_cb_ex =

    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,

                                context: c_uint,

                                out: *mut *const c_uchar,

                                add_arg: *mut c_void)>;



pub type SSL_custom_ext_parse_cb_ex =

    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,

                                context: c_uint,

                                input: *const c_uchar,

                                inlen: size_t, x: *mut ::X509,

                                chainidx: size_t, al: *mut c_int,

                                parse_arg: *mut c_void) -> c_int>;



pub const SSL_COOKIE_LENGTH: c_int = 255;



pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000;



pub const TLS1_3_VERSION: c_int = 0x304;



pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;

/* This extension is only allowed in DTLS */

pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;

/* Some extensions may be allowed in DTLS but we don't implement them for it */

pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;

/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */

pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;

/* Extension is only defined for TLS1.2 and below */

pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;

/* Extension is only defined for TLS1.3 and above */

pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;

/* Ignore this extension during parsing if we are resuming */

pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;

pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;

/* Really means TLS1.2 or below */

pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;

pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;

pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;

pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;

pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;

pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;

pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;





extern "C" {

    pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func);

    pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint,

                                  add_cb: SSL_custom_ext_add_cb_ex,

                                  free_cb: SSL_custom_ext_free_cb_ex,

                                  add_arg: *mut c_void,

                                  parse_cb: SSL_custom_ext_parse_cb_ex,

                                  parse_arg: *mut c_void) -> c_int;

    pub fn SSL_stateless(s: *mut ::SSL) -> c_int;

}

systest/build.rs

+1 −1
Original line number Diff line number Diff line
@@ -109,7 +109,7 @@ fn main() { 
    cfg.skip_signededness(|s| {

        s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn")

            || s.starts_with("CRYPTO_") || s == "PasswordCallback"

            || s.ends_with("_cb_func")

            || s.ends_with("_cb_func") || s.ends_with("_cb_ex")

    });

    cfg.field_name(|_s, field| {

        if field == "type_" {