Loading openssl-sys/src/lib.rs +6 −0 Original line number Diff line number Diff line Loading @@ -1307,6 +1307,11 @@ pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200; pub const SSL_SESS_CACHE_NO_INTERNAL: c_long = SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE; pub const SSL3_VERSION: c_int = 0x300; pub const TLS1_VERSION: c_int = 0x301; pub const TLS1_1_VERSION: c_int = 0x302; pub const TLS1_2_VERSION: c_int = 0x303; pub const TLSEXT_NAMETYPE_host_name: c_int = 0; pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1; Loading Loading @@ -2374,6 +2379,7 @@ extern "C" { pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; pub fn SSL_version(ssl: *const SSL) -> c_int; pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; pub fn SSL_set_verify( Loading openssl-sys/src/ossl110.rs +11 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,10 @@ pub enum X509_ALGOR {} pub enum X509_VERIFY_PARAM {} pub enum X509_REQ {} #[cfg(ossl111)] pub type SSL_CTX_keylog_cb_func = Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; Loading @@ -44,6 +48,9 @@ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; #[cfg(ossl111)] pub const TLS1_3_VERSION: c_int = 0x304; pub const OPENSSL_VERSION: c_int = 0; pub const OPENSSL_CFLAGS: c_int = 1; pub const OPENSSL_BUILT_ON: c_int = 2; Loading Loading @@ -212,6 +219,10 @@ extern "C" { unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, >, ); pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; #[cfg(ossl111)] pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_get0_signature( Loading openssl/src/ssl/callbacks.rs +18 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,8 @@ use std::ffi::CStr; use std::ptr; use std::slice; use std::mem; #[cfg(all(feature = "v111", ossl111))] use std::str; use foreign_types::ForeignTypeRef; use foreign_types::ForeignType; Loading Loading @@ -343,3 +345,19 @@ where None => ptr::null_mut(), } } #[cfg(all(feature = "v111", ossl111))] pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send, { let ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); let callback = &*(callback as *mut F); let ssl = SslRef::from_ptr(ssl as *mut _); let line = CStr::from_ptr(line).to_bytes(); let line = str::from_utf8_unchecked(line); callback(ssl, line); } openssl/src/ssl/mod.rs +91 −6 Original line number Diff line number Diff line Loading @@ -475,7 +475,7 @@ fn get_new_ssl_idx<T>() -> c_int { } /// An error returned from the SNI callback. #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SniError(c_int); impl SniError { Loading @@ -489,7 +489,7 @@ impl SniError { } /// An SSL/TLS alert. #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SslAlert(c_int); impl SslAlert { Loading @@ -502,7 +502,7 @@ impl SslAlert { /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), Loading @@ -518,6 +518,30 @@ impl AlpnError { pub const NOACK: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_NOACK); } /// An SSL/TLS protocol version. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SslVersion(c_int); impl SslVersion { /// SSLv3 pub const SSL3: SslVersion = SslVersion(ffi::SSL3_VERSION); /// TLSv1.0 pub const TLS1: SslVersion = SslVersion(ffi::TLS1_VERSION); /// TLSv1.1 pub const TLS1_1: SslVersion = SslVersion(ffi::TLS1_1_VERSION); /// TLSv1.2 pub const TLS1_2: SslVersion = SslVersion(ffi::TLS1_2_VERSION); /// TLSv1.3 /// /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. #[cfg(all(feature = "v111", ossl111))] pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION); } /// A standard implementation of protocol selection for Application Layer Protocol Negotiation /// (ALPN). /// Loading Loading @@ -1247,6 +1271,33 @@ impl SslContextBuilder { ffi::SSL_CTX_sess_set_get_cb(self.as_ptr(), Some(callbacks::raw_get_session::<F>)); } /// Sets the TLS key logging callback. /// /// The callback is invoked whenever TLS key material is generated, and is passed a line of NSS /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message /// traffic. The line does not contain a trailing newline. /// /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_CTX_set_keylog_callback`]. /// /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html #[cfg(all(feature = "v111", ossl111))] pub fn set_keylog_callback<F>(&mut self, callback: F) where F: Fn(&SslRef, &str) + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); ffi::SSL_CTX_set_ex_data( self.as_ptr(), get_callback_idx::<F>(), Box::into_raw(callback) as *mut _, ); ffi::SSL_CTX_set_keylog_callback(self.as_ptr(), Some(callbacks::raw_keylog::<F>)); } } /// Sets the session caching mode use for connections made with the context. /// /// Returns the previous session caching mode. Loading Loading @@ -1593,7 +1644,7 @@ impl SslSessionRef { /// Copies the master key into the provided buffer. /// /// Returns the number of bytes written. /// Returns the number of bytes written, or the size of the master key if the buffer is empty. /// /// This corresponds to [`SSL_SESSION_get_master_key`]. /// Loading Loading @@ -2042,6 +2093,40 @@ impl SslRef { } } /// Copies the client_random value sent by the client in the TLS handshake into a buffer. /// /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random /// value. /// /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get_client_random`]. /// /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub fn client_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) } } /// Copies the server_random value sent by the server in the TLS handshake into a buffer. /// /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random /// value. /// /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get_server_random`]. /// /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub fn server_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) } } /// Sets the session to be used. /// /// This should be called before the handshake to attempt to reuse a previously established Loading Loading @@ -2082,7 +2167,7 @@ impl SslRef { /// Returns the server's OCSP response, if present. /// /// This corresponds to [`SSL_get_tlsext_status_oscp_resp`]. /// This corresponds to [`SSL_get_tlsext_status_ocsp_resp`]. /// /// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html pub fn ocsp_status(&self) -> Option<&[u8]> { Loading @@ -2100,7 +2185,7 @@ impl SslRef { /// Sets the OCSP response to be returned to the client. /// /// This corresponds to [`SSL_set_tlsext_status_oscp_resp`]. /// This corresponds to [`SSL_set_tlsext_status_ocsp_resp`]. /// /// [`SSL_set_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { Loading systest/build.rs +1 −0 Original line number Diff line number Diff line Loading @@ -109,6 +109,7 @@ fn main() { cfg.skip_signededness(|s| { s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") || s.starts_with("CRYPTO_") || s == "PasswordCallback" || s.ends_with("_cb_func") }); cfg.field_name(|_s, field| { if field == "type_" { Loading Loading
openssl-sys/src/lib.rs +6 −0 Original line number Diff line number Diff line Loading @@ -1307,6 +1307,11 @@ pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200; pub const SSL_SESS_CACHE_NO_INTERNAL: c_long = SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE; pub const SSL3_VERSION: c_int = 0x300; pub const TLS1_VERSION: c_int = 0x301; pub const TLS1_1_VERSION: c_int = 0x302; pub const TLS1_2_VERSION: c_int = 0x303; pub const TLSEXT_NAMETYPE_host_name: c_int = 0; pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1; Loading Loading @@ -2374,6 +2379,7 @@ extern "C" { pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; pub fn SSL_version(ssl: *const SSL) -> c_int; pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; pub fn SSL_set_verify( Loading
openssl-sys/src/ossl110.rs +11 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,10 @@ pub enum X509_ALGOR {} pub enum X509_VERIFY_PARAM {} pub enum X509_REQ {} #[cfg(ossl111)] pub type SSL_CTX_keylog_cb_func = Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>; pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; Loading @@ -44,6 +48,9 @@ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000; pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000; #[cfg(ossl111)] pub const TLS1_3_VERSION: c_int = 0x304; pub const OPENSSL_VERSION: c_int = 0; pub const OPENSSL_CFLAGS: c_int = 1; pub const OPENSSL_BUILT_ON: c_int = 2; Loading Loading @@ -212,6 +219,10 @@ extern "C" { unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, >, ); pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; #[cfg(ossl111)] pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_get0_signature( Loading
openssl/src/ssl/callbacks.rs +18 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,8 @@ use std::ffi::CStr; use std::ptr; use std::slice; use std::mem; #[cfg(all(feature = "v111", ossl111))] use std::str; use foreign_types::ForeignTypeRef; use foreign_types::ForeignType; Loading Loading @@ -343,3 +345,19 @@ where None => ptr::null_mut(), } } #[cfg(all(feature = "v111", ossl111))] pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send, { let ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); let callback = &*(callback as *mut F); let ssl = SslRef::from_ptr(ssl as *mut _); let line = CStr::from_ptr(line).to_bytes(); let line = str::from_utf8_unchecked(line); callback(ssl, line); }
openssl/src/ssl/mod.rs +91 −6 Original line number Diff line number Diff line Loading @@ -475,7 +475,7 @@ fn get_new_ssl_idx<T>() -> c_int { } /// An error returned from the SNI callback. #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SniError(c_int); impl SniError { Loading @@ -489,7 +489,7 @@ impl SniError { } /// An SSL/TLS alert. #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SslAlert(c_int); impl SslAlert { Loading @@ -502,7 +502,7 @@ impl SslAlert { /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature. #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] #[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct AlpnError(c_int); #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110), Loading @@ -518,6 +518,30 @@ impl AlpnError { pub const NOACK: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_NOACK); } /// An SSL/TLS protocol version. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SslVersion(c_int); impl SslVersion { /// SSLv3 pub const SSL3: SslVersion = SslVersion(ffi::SSL3_VERSION); /// TLSv1.0 pub const TLS1: SslVersion = SslVersion(ffi::TLS1_VERSION); /// TLSv1.1 pub const TLS1_1: SslVersion = SslVersion(ffi::TLS1_1_VERSION); /// TLSv1.2 pub const TLS1_2: SslVersion = SslVersion(ffi::TLS1_2_VERSION); /// TLSv1.3 /// /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. #[cfg(all(feature = "v111", ossl111))] pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION); } /// A standard implementation of protocol selection for Application Layer Protocol Negotiation /// (ALPN). /// Loading Loading @@ -1247,6 +1271,33 @@ impl SslContextBuilder { ffi::SSL_CTX_sess_set_get_cb(self.as_ptr(), Some(callbacks::raw_get_session::<F>)); } /// Sets the TLS key logging callback. /// /// The callback is invoked whenever TLS key material is generated, and is passed a line of NSS /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message /// traffic. The line does not contain a trailing newline. /// /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_CTX_set_keylog_callback`]. /// /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html #[cfg(all(feature = "v111", ossl111))] pub fn set_keylog_callback<F>(&mut self, callback: F) where F: Fn(&SslRef, &str) + 'static + Sync + Send, { unsafe { let callback = Box::new(callback); ffi::SSL_CTX_set_ex_data( self.as_ptr(), get_callback_idx::<F>(), Box::into_raw(callback) as *mut _, ); ffi::SSL_CTX_set_keylog_callback(self.as_ptr(), Some(callbacks::raw_keylog::<F>)); } } /// Sets the session caching mode use for connections made with the context. /// /// Returns the previous session caching mode. Loading Loading @@ -1593,7 +1644,7 @@ impl SslSessionRef { /// Copies the master key into the provided buffer. /// /// Returns the number of bytes written. /// Returns the number of bytes written, or the size of the master key if the buffer is empty. /// /// This corresponds to [`SSL_SESSION_get_master_key`]. /// Loading Loading @@ -2042,6 +2093,40 @@ impl SslRef { } } /// Copies the client_random value sent by the client in the TLS handshake into a buffer. /// /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random /// value. /// /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get_client_random`]. /// /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub fn client_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) } } /// Copies the server_random value sent by the server in the TLS handshake into a buffer. /// /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random /// value. /// /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature. /// /// This corresponds to [`SSL_get_server_random`]. /// /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))] pub fn server_random(&self, buf: &mut [u8]) -> usize { unsafe { ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len()) } } /// Sets the session to be used. /// /// This should be called before the handshake to attempt to reuse a previously established Loading Loading @@ -2082,7 +2167,7 @@ impl SslRef { /// Returns the server's OCSP response, if present. /// /// This corresponds to [`SSL_get_tlsext_status_oscp_resp`]. /// This corresponds to [`SSL_get_tlsext_status_ocsp_resp`]. /// /// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html pub fn ocsp_status(&self) -> Option<&[u8]> { Loading @@ -2100,7 +2185,7 @@ impl SslRef { /// Sets the OCSP response to be returned to the client. /// /// This corresponds to [`SSL_set_tlsext_status_oscp_resp`]. /// This corresponds to [`SSL_set_tlsext_status_ocsp_resp`]. /// /// [`SSL_set_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { Loading
systest/build.rs +1 −0 Original line number Diff line number Diff line Loading @@ -109,6 +109,7 @@ fn main() { cfg.skip_signededness(|s| { s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") || s.starts_with("CRYPTO_") || s == "PasswordCallback" || s.ends_with("_cb_func") }); cfg.field_name(|_s, field| { if field == "type_" { Loading
