diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml new file mode 100644 index 0000000000000000000000000000000000000000..031b21244ec635675b4ed1a58048206f7adb4549 --- /dev/null +++ b/openssl-sys-extras/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "openssl-sys-extras" +version = "0.6.7" +authors = ["Steven Fackler "] +links = "openssl_shim" +build = "build.rs" + +[features] +ecdh_auto = [] + +[dependencies] +libc = "0.2" +openssl-sys = { version = "0.6.7", path = "../openssl-sys" } + +[build-dependencies] +gcc = "0.3" diff --git a/openssl-sys-extras/build.rs b/openssl-sys-extras/build.rs new file mode 100644 index 0000000000000000000000000000000000000000..e3c695b11e0ec8cac137f61b309fa052f71b0160 --- /dev/null +++ b/openssl-sys-extras/build.rs @@ -0,0 +1,77 @@ +extern crate gcc; + +use std::env; +use std::path::PathBuf; +use std::fs::File; +use std::io::Write as IoWrite; +use std::fmt::Write; + +fn main() { + let options_shim_file = generate_options_shim(); + let mut config = gcc::Config::new(); + + if let Some(paths) = env::var_os("DEP_OPENSSL_INCLUDE") { + for path in env::split_paths(&paths) { + config.include(PathBuf::from(path)); + } + } + + config.file("src/openssl_shim.c") + .file(options_shim_file) + .compile("libopenssl_shim.a"); +} + +macro_rules! import_options { + ( $( $name:ident $val:expr )* ) => { + &[ $( (stringify!($name),$val), )* ] + }; +} + +fn generate_options_shim() -> PathBuf { + let options: &[(&'static str,u64)]=include!("src/ssl_options.rs"); + let mut shim = String::new(); + writeln!(shim,"#include ").unwrap(); + writeln!(shim,"#include ").unwrap(); + + for &(name,value) in options { + writeln!(shim,"#define RUST_{} UINT64_C({})",name,value).unwrap(); + writeln!(shim,"#ifndef {}",name).unwrap(); + writeln!(shim,"# define {} 0",name).unwrap(); + writeln!(shim,"#endif").unwrap(); + } + + writeln!(shim,"#define COPY_MASK ( \\").unwrap(); + + let mut it=options.iter().peekable(); + while let Some(&(name,_))=it.next() { + let eol=match it.peek() { + Some(_) => " | \\", + None => " )" + }; + writeln!(shim," ((RUST_{0}==(uint64_t)(uint32_t){0})?RUST_{0}:UINT64_C(0)){1}",name,eol).unwrap(); + } + + writeln!(shim,"long rust_openssl_ssl_ctx_options_rust_to_c(uint64_t rustval) {{").unwrap(); + writeln!(shim," long cval=rustval©_MASK;").unwrap(); + for &(name,_) in options { + writeln!(shim," if (rustval&RUST_{0}) cval|={0};",name).unwrap(); + } + writeln!(shim," return cval;").unwrap(); + writeln!(shim,"}}").unwrap(); + + writeln!(shim,"uint64_t rust_openssl_ssl_ctx_options_c_to_rust(long cval) {{").unwrap(); + writeln!(shim," uint64_t rustval=cval©_MASK;").unwrap(); + for &(name,_) in options { + writeln!(shim," if (cval&{0}) rustval|=RUST_{0};",name).unwrap(); + } + writeln!(shim," return rustval;").unwrap(); + writeln!(shim,"}}").unwrap(); + + let out_dir = env::var("OUT_DIR").unwrap(); + let dest_file = PathBuf::from(&out_dir).join("ssl_ctx_options_shim.c"); + let mut f = File::create(&dest_file).unwrap(); + + f.write_all(shim.as_bytes()).unwrap(); + + dest_file +} diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs new file mode 100644 index 0000000000000000000000000000000000000000..c602c51420dba8c86da796563e6fb6cc87562f5f --- /dev/null +++ b/openssl-sys-extras/src/lib.rs @@ -0,0 +1,64 @@ +#![allow(non_upper_case_globals, non_snake_case)] + +extern crate openssl_sys; +extern crate libc; + +use libc::{c_int, c_uint, c_long, c_char}; +use openssl_sys::{HMAC_CTX, EVP_MD, ENGINE, SSL_CTX, BIO, X509, stack_st_X509_EXTENSION, SSL, DH}; + +macro_rules! import_options { + ( $( $name:ident $val:expr )* ) => { + $( pub const $name: u64 = $val; )* + }; +} + +include!("ssl_options.rs"); + +pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) +} + +pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl)) +} + +pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 { + rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) +} + +extern { + fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long; + fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64; + + // Pre-1.0 versions of these didn't return anything, so the shims bridge that gap + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Init_ex_shim")] + pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int; + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Final_shim")] + pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int; + #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Update_shim")] + pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int; + + // These functions are defined in OpenSSL as macros, so we shim them + #[link_name = "BIO_eof_shim"] + pub fn BIO_eof(b: *mut BIO) -> c_int; + #[link_name = "BIO_set_nbio_shim"] + pub fn BIO_set_nbio(b: *mut BIO, enabled: c_long) -> c_long; + #[link_name = "BIO_set_mem_eof_return_shim"] + pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int); + pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; + pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long; + pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; + #[link_name = "SSL_CTX_add_extra_chain_cert_shim"] + pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; + #[link_name = "SSL_CTX_set_read_ahead_shim"] + pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long; + #[cfg(feature = "ecdh_auto")] + #[link_name = "SSL_CTX_set_ecdh_auto_shim"] + pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int; + #[link_name = "SSL_set_tlsext_host_name_shim"] + pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long; + #[link_name = "SSL_CTX_set_tmp_dh_shim"] + pub fn SSL_CTX_set_tmp_dh(s: *mut SSL, dh: *const DH) -> c_long; + #[link_name = "X509_get_extensions_shim"] + pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION; +} diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys-extras/src/openssl_shim.c similarity index 100% rename from openssl-sys/src/openssl_shim.c rename to openssl-sys-extras/src/openssl_shim.c diff --git a/openssl-sys/src/ssl_options.rs b/openssl-sys-extras/src/ssl_options.rs similarity index 100% rename from openssl-sys/src/ssl_options.rs rename to openssl-sys-extras/src/ssl_options.rs diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 365144c147c1fd24da3351cacf01591ed140b6b9..6630b1ce5a06870204c411f809ae84077da1e101 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -23,7 +23,6 @@ aes_ctr = [] npn = [] alpn = [] rfc5114 = [] -ecdh_auto = [] [dependencies] libc = "0.2" diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index aa47f2def336b5e84f288f064856519f075897d1..bd9611c0170d0b828e0f25e062b7d2afd0e20b42 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -2,10 +2,6 @@ extern crate pkg_config; extern crate gcc; use std::env; -use std::fmt::Write as FmtWrite; -use std::path::PathBuf; -use std::fs::File; -use std::io::Write; fn main() { let target = env::var("TARGET").unwrap(); @@ -20,7 +16,8 @@ fn main() { // rustc doesn't seem to work with pkg-config's output in mingw64 if !target.contains("windows") { if let Ok(info) = pkg_config::find_library("openssl") { - build_openssl_shim(&info.include_paths); + let paths = env::join_paths(info.include_paths).unwrap(); + println!("cargo:include={}", paths.to_str().unwrap()); return; } } @@ -59,82 +56,9 @@ fn main() { println!("cargo:rustc-link-lib={}={}", mode, lib); } - let mut include_dirs = vec![]; - if let Some(include_dir) = include_dir { println!("cargo:include={}", include_dir); - include_dirs.push(PathBuf::from(&include_dir)); - } - - build_openssl_shim(&include_dirs); -} - -macro_rules! import_options { - ( $( $name:ident $val:expr )* ) => { - &[ $( (stringify!($name),$val), )* ] - }; -} - -fn generate_options_shim() -> PathBuf { - let options: &[(&'static str,u64)]=include!("src/ssl_options.rs"); - let mut shim = String::new(); - writeln!(shim,"#include ").unwrap(); - writeln!(shim,"#include ").unwrap(); - - for &(name,value) in options { - writeln!(shim,"#define RUST_{} UINT64_C({})",name,value).unwrap(); - writeln!(shim,"#ifndef {}",name).unwrap(); - writeln!(shim,"# define {} 0",name).unwrap(); - writeln!(shim,"#endif").unwrap(); - } - - writeln!(shim,"#define COPY_MASK ( \\").unwrap(); - - let mut it=options.iter().peekable(); - while let Some(&(name,_))=it.next() { - let eol=match it.peek() { - Some(_) => " | \\", - None => " )" - }; - writeln!(shim," ((RUST_{0}==(uint64_t)(uint32_t){0})?RUST_{0}:UINT64_C(0)){1}",name,eol).unwrap(); } - - writeln!(shim,"long rust_openssl_ssl_ctx_options_rust_to_c(uint64_t rustval) {{").unwrap(); - writeln!(shim," long cval=rustval©_MASK;").unwrap(); - for &(name,_) in options { - writeln!(shim," if (rustval&RUST_{0}) cval|={0};",name).unwrap(); - } - writeln!(shim," return cval;").unwrap(); - writeln!(shim,"}}").unwrap(); - - writeln!(shim,"uint64_t rust_openssl_ssl_ctx_options_c_to_rust(long cval) {{").unwrap(); - writeln!(shim," uint64_t rustval=cval©_MASK;").unwrap(); - for &(name,_) in options { - writeln!(shim," if (cval&{0}) rustval|=RUST_{0};",name).unwrap(); - } - writeln!(shim," return rustval;").unwrap(); - writeln!(shim,"}}").unwrap(); - - let out_dir = env::var("OUT_DIR").unwrap(); - let dest_file = PathBuf::from(&out_dir).join("ssl_ctx_options_shim.c"); - let mut f = File::create(&dest_file).unwrap(); - - f.write_all(shim.as_bytes()).unwrap(); - - dest_file -} - -fn build_openssl_shim(include_paths: &[PathBuf]) { - let options_shim_file = generate_options_shim(); - let mut config = gcc::Config::new(); - - for path in include_paths { - config.include(path); - } - - config.file("src/openssl_shim.c") - .file(options_shim_file) - .compile("libopenssl_shim.a"); } fn get_mingw_in_path() -> Option> { diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 2aa36a89d84788db6d56b4431c8a511100ca5e26..e0964d8423986cfcba58221a1bb9abb0482e7819 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -159,14 +159,6 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1; pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2; pub const SSL_TLSEXT_ERR_NOACK: c_int = 3; -macro_rules! import_options { - ( $( $name:ident $val:expr )* ) => { - $( pub const $name: u64 = $val; )* - }; -} - -include!("ssl_options.rs"); - #[cfg(any(feature = "npn", feature = "alpn"))] pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0; #[cfg(any(feature = "npn", feature = "alpn"))] @@ -238,16 +230,14 @@ pub const X509_V_OK: c_int = 0; static mut MUTEXES: *mut Vec> = 0 as *mut Vec>; static mut GUARDS: *mut Vec>> = 0 as *mut Vec>>; -extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char, +unsafe extern fn locking_function(mode: c_int, n: c_int, _file: *const c_char, _line: c_int) { - unsafe { - let mutex = &(*MUTEXES)[n as usize]; + let mutex = &(*MUTEXES)[n as usize]; - if mode & CRYPTO_LOCK != 0 { - (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); - } else { - &(*GUARDS)[n as usize].take(); - } + if mode & CRYPTO_LOCK != 0 { + (*GUARDS)[n as usize] = Some(mutex.lock().unwrap()); + } else { + &(*GUARDS)[n as usize].take(); } } @@ -270,29 +260,27 @@ pub fn init() { GUARDS = mem::transmute(guards); CRYPTO_set_locking_callback(locking_function); - rust_openssl_set_id_callback(); + set_id_callback(); } }) } -pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 { - rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) -} +#[cfg(unix)] +fn set_id_callback() { + unsafe extern "C" fn thread_id() -> c_ulong { + libc::pthread_self() as c_ulong + } -pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 { - rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl)) + unsafe { + CRYPTO_set_id_callback(thread_id); + } } -pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 { - rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op))) -} +#[cfg(not(unix))] +fn set_id_callback() {} // True functions extern "C" { - fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long; - fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64; - fn rust_openssl_set_id_callback(); - pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int; pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; pub fn ASN1_TIME_free(tm: *mut ASN1_TIME); @@ -375,10 +363,11 @@ extern "C" { pub fn BN_bn2hex(a: *mut BIGNUM) -> *const c_char; pub fn CRYPTO_num_locks() -> c_int; - pub fn CRYPTO_set_locking_callback(func: extern "C" fn(mode: c_int, - n: c_int, - file: *const c_char, - line: c_int)); + pub fn CRYPTO_set_locking_callback(func: unsafe extern "C" fn(mode: c_int, + n: c_int, + file: *const c_char, + line: c_int)); + pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); pub fn CRYPTO_free(buf: *mut c_void); pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; @@ -467,24 +456,6 @@ extern "C" { pub fn HMAC_CTX_cleanup(ctx: *mut HMAC_CTX); pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *const HMAC_CTX) -> c_int; - // Pre-1.0 versions of these didn't return anything, so the shims bridge that gap - #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Init_ex_shim")] - pub fn HMAC_Init_ex(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int; - #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Final_shim")] - pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int; - #[cfg_attr(not(target_os = "nacl"), link_name = "HMAC_Update_shim")] - pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int; - - /// Deprecated - use the non "_shim" version - #[cfg_attr(target_os = "nacl", link_name = "HMAC_Init_ex")] - pub fn HMAC_Init_ex_shim(ctx: *mut HMAC_CTX, key: *const u8, keylen: c_int, md: *const EVP_MD, imple: *const ENGINE) -> c_int; - /// Deprecated - use the non "_shim" version - #[cfg_attr(target_os = "nacl", link_name = "HMAC_Final")] - pub fn HMAC_Final_shim(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint) -> c_int; - /// Deprecated - use the non "_shim" version - #[cfg_attr(target_os = "nacl", link_name = "HMAC_Update")] - pub fn HMAC_Update_shim(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int; - pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: Option, user_data: *mut c_void) -> *mut DH; pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: Option, @@ -678,30 +649,6 @@ extern "C" { pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int; pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA; - - // These functions are defined in OpenSSL as macros, so we shim them - #[link_name = "BIO_eof_shim"] - pub fn BIO_eof(b: *mut BIO) -> c_int; - #[link_name = "BIO_set_nbio_shim"] - pub fn BIO_set_nbio(b: *mut BIO, enabled: c_long) -> c_long; - #[link_name = "BIO_set_mem_eof_return_shim"] - pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int); - pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; - pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long; - pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; - #[link_name = "SSL_CTX_add_extra_chain_cert_shim"] - pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; - #[link_name = "SSL_CTX_set_read_ahead_shim"] - pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long; - #[cfg(feature = "ecdh_auto")] - #[link_name = "SSL_CTX_set_ecdh_auto_shim"] - pub fn SSL_CTX_set_ecdh_auto(ssl: *mut SSL_CTX, onoff: c_int) -> c_int; - #[link_name = "SSL_set_tlsext_host_name_shim"] - pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long; - #[link_name = "SSL_CTX_set_tmp_dh_shim"] - pub fn SSL_CTX_set_tmp_dh(s: *mut SSL, dh: *const DH) -> c_long; - #[link_name = "X509_get_extensions_shim"] - pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION; } pub mod probe; diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 2b6c6556b332aa3d1aecc33869cb1e72a7437684..2469fe401fc978d16f238343c8e260915d1c91eb 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -21,16 +21,14 @@ aes_ctr = ["openssl-sys/aes_ctr"] npn = ["openssl-sys/npn"] alpn = ["openssl-sys/alpn"] rfc5114 = ["openssl-sys/rfc5114"] -ecdh_auto = ["openssl-sys/ecdh_auto"] - -[dependencies.openssl-sys] -path = "../openssl-sys" -version = "0.6.7" +ecdh_auto = ["openssl-sys-extras/ecdh_auto"] [dependencies] bitflags = ">= 0.2, < 0.4" lazy_static = "0.1" libc = "0.2" +openssl-sys = { version = "0.6.7", path = "../openssl-sys" } +openssl-sys-extras = { version = "0.6.7", path = "../openssl-sys-extras" } [dev-dependencies] rustc-serialize = "0.3" diff --git a/openssl/src/bio/mod.rs b/openssl/src/bio/mod.rs index 7eea16d8c5ad27d4a5b5e24dd668bbfe26c07c49..a0c4b533aab75ad2a48d14a903bfe718126c09cb 100644 --- a/openssl/src/bio/mod.rs +++ b/openssl/src/bio/mod.rs @@ -5,6 +5,7 @@ use std::ptr; use std::cmp; use ffi; +use ffi_extras; use ssl::error::{SslError}; pub struct MemBio { @@ -60,7 +61,7 @@ impl MemBio { /// Sets the BIO's EOF state. pub fn set_eof(&self, eof: bool) { let v = if eof { 0 } else { -1 }; - unsafe { ffi::BIO_set_mem_eof_return(self.bio, v); } + unsafe { ffi_extras::BIO_set_mem_eof_return(self.bio, v); } } } @@ -72,7 +73,7 @@ impl Read for MemBio { }; if ret <= 0 { - let is_eof = unsafe { ffi::BIO_eof(self.bio) }; + let is_eof = unsafe { ffi_extras::BIO_eof(self.bio) }; if is_eof != 0 { Ok(0) } else { diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs index 5c9f757699ccdc3da6447428d1ee36c7a75d4d92..474cbc8a457a95d1f922686335bc58eed7e2cbba 100644 --- a/openssl/src/crypto/hmac.rs +++ b/openssl/src/crypto/hmac.rs @@ -21,6 +21,7 @@ use std::io::prelude::*; use crypto::hash::Type; use ffi; +use ffi_extras; #[derive(PartialEq, Copy, Clone)] enum State { @@ -88,9 +89,10 @@ impl HMAC { #[inline] fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) { unsafe { - let r = ffi::HMAC_Init_ex(&mut self.ctx, - key.as_ptr(), key.len() as c_int, - md, 0 as *const _); + let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, + key.as_ptr(), + key.len() as c_int, + md, 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -106,9 +108,9 @@ impl HMAC { // If the key and/or md is not supplied it's reused from the last time // avoiding redundant initializations unsafe { - let r = ffi::HMAC_Init_ex(&mut self.ctx, - 0 as *const _, 0, - 0 as *const _, 0 as *const _); + let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, + 0 as *const _, 0, + 0 as *const _, 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -120,7 +122,7 @@ impl HMAC { self.init(); } unsafe { - let r = ffi::HMAC_Update(&mut self.ctx, data.as_ptr(), data.len() as c_uint); + let r = ffi_extras::HMAC_Update(&mut self.ctx, data.as_ptr(), data.len() as c_uint); assert_eq!(r, 1); } self.state = Updated; @@ -135,7 +137,7 @@ impl HMAC { let mut res: Vec = repeat(0).take(md_len).collect(); unsafe { let mut len = 0; - let r = ffi::HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len); + let r = ffi_extras::HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len); self.state = Finalized; assert_eq!(len as usize, md_len); assert_eq!(r, 1); @@ -181,7 +183,7 @@ impl Drop for HMAC { if self.state != Finalized { let mut buf: Vec = repeat(0).take(self.type_.md_len()).collect(); let mut len = 0; - ffi::HMAC_Final(&mut self.ctx, buf.as_mut_ptr(), &mut len); + ffi_extras::HMAC_Final(&mut self.ctx, buf.as_mut_ptr(), &mut len); } ffi::HMAC_CTX_cleanup(&mut self.ctx); } diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index c7af31132d160041f1281f9d5f358e7f8eb3c9ca..2fedd28f0d7ae307d0097ac2ecb4964e20473f00 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -6,6 +6,7 @@ extern crate libc; #[macro_use] extern crate lazy_static; extern crate openssl_sys as ffi; +extern crate openssl_sys_extras as ffi_extras; #[cfg(test)] extern crate rustc_serialize as serialize; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 735255e4c67b83f6c059cc9c2145304f084df980..23364ef117114aed75c8e979add927838eaefeda 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -21,6 +21,7 @@ use std::slice; use bio::{MemBio}; use ffi; +use ffi_extras; use dh::DH; use ssl::error::{NonblockingSslError, SslError, SslSessionClosed, StreamError, OpenSslErrors}; use x509::{X509StoreContext, X509FileType, X509}; @@ -51,43 +52,43 @@ pub fn init() { bitflags! { flags SslContextOptions: u64 { - const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG, - const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi::SSL_OP_NETSCAPE_CHALLENGE_BUG, - const SSL_OP_LEGACY_SERVER_CONNECT = ffi::SSL_OP_LEGACY_SERVER_CONNECT, - const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ffi::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, - const SSL_OP_TLSEXT_PADDING = ffi::SSL_OP_TLSEXT_PADDING, - const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER, - const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ffi::SSL_OP_SAFARI_ECDHE_ECDSA_BUG, - const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi::SSL_OP_SSLEAY_080_CLIENT_DH_BUG, - const SSL_OP_TLS_D5_BUG = ffi::SSL_OP_TLS_D5_BUG, - const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi::SSL_OP_TLS_BLOCK_PADDING_BUG, - const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, - const SSL_OP_NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU, - const SSL_OP_COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE, - const SSL_OP_NO_TICKET = ffi::SSL_OP_NO_TICKET, - const SSL_OP_CISCO_ANYCONNECT = ffi::SSL_OP_CISCO_ANYCONNECT, - const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, - const SSL_OP_NO_COMPRESSION = ffi::SSL_OP_NO_COMPRESSION, - const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ffi::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, - const SSL_OP_SINGLE_ECDH_USE = ffi::SSL_OP_SINGLE_ECDH_USE, - const SSL_OP_SINGLE_DH_USE = ffi::SSL_OP_SINGLE_DH_USE, - const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi::SSL_OP_CIPHER_SERVER_PREFERENCE, - const SSL_OP_TLS_ROLLBACK_BUG = ffi::SSL_OP_TLS_ROLLBACK_BUG, - const SSL_OP_NO_SSLV2 = ffi::SSL_OP_NO_SSLv2, - const SSL_OP_NO_SSLV3 = ffi::SSL_OP_NO_SSLv3, - const SSL_OP_NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1, - const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1, - const SSL_OP_NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2, - const SSL_OP_NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2, - const SSL_OP_NO_TLSV1_1 = ffi::SSL_OP_NO_TLSv1_1, - const SSL_OP_NETSCAPE_CA_DN_BUG = ffi::SSL_OP_NETSCAPE_CA_DN_BUG, - const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ffi::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG, - const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ffi::SSL_OP_CRYPTOPRO_TLSEXT_BUG, - const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ffi::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG, - const SSL_OP_MSIE_SSLV2_RSA_PADDING = ffi::SSL_OP_MSIE_SSLV2_RSA_PADDING, - const SSL_OP_PKCS1_CHECK_1 = ffi::SSL_OP_PKCS1_CHECK_1, - const SSL_OP_PKCS1_CHECK_2 = ffi::SSL_OP_PKCS1_CHECK_2, - const SSL_OP_EPHEMERAL_RSA = ffi::SSL_OP_EPHEMERAL_RSA, + const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi_extras::SSL_OP_MICROSOFT_SESS_ID_BUG, + const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi_extras::SSL_OP_NETSCAPE_CHALLENGE_BUG, + const SSL_OP_LEGACY_SERVER_CONNECT = ffi_extras::SSL_OP_LEGACY_SERVER_CONNECT, + const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, + const SSL_OP_TLSEXT_PADDING = ffi_extras::SSL_OP_TLSEXT_PADDING, + const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi_extras::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER, + const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = ffi_extras::SSL_OP_SAFARI_ECDHE_ECDSA_BUG, + const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi_extras::SSL_OP_SSLEAY_080_CLIENT_DH_BUG, + const SSL_OP_TLS_D5_BUG = ffi_extras::SSL_OP_TLS_D5_BUG, + const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi_extras::SSL_OP_TLS_BLOCK_PADDING_BUG, + const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi_extras::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, + const SSL_OP_NO_QUERY_MTU = ffi_extras::SSL_OP_NO_QUERY_MTU, + const SSL_OP_COOKIE_EXCHANGE = ffi_extras::SSL_OP_COOKIE_EXCHANGE, + const SSL_OP_NO_TICKET = ffi_extras::SSL_OP_NO_TICKET, + const SSL_OP_CISCO_ANYCONNECT = ffi_extras::SSL_OP_CISCO_ANYCONNECT, + const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = ffi_extras::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, + const SSL_OP_NO_COMPRESSION = ffi_extras::SSL_OP_NO_COMPRESSION, + const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = ffi_extras::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, + const SSL_OP_SINGLE_ECDH_USE = ffi_extras::SSL_OP_SINGLE_ECDH_USE, + const SSL_OP_SINGLE_DH_USE = ffi_extras::SSL_OP_SINGLE_DH_USE, + const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi_extras::SSL_OP_CIPHER_SERVER_PREFERENCE, + const SSL_OP_TLS_ROLLBACK_BUG = ffi_extras::SSL_OP_TLS_ROLLBACK_BUG, + const SSL_OP_NO_SSLV2 = ffi_extras::SSL_OP_NO_SSLv2, + const SSL_OP_NO_SSLV3 = ffi_extras::SSL_OP_NO_SSLv3, + const SSL_OP_NO_DTLSV1 = ffi_extras::SSL_OP_NO_DTLSv1, + const SSL_OP_NO_TLSV1 = ffi_extras::SSL_OP_NO_TLSv1, + const SSL_OP_NO_DTLSV1_2 = ffi_extras::SSL_OP_NO_DTLSv1_2, + const SSL_OP_NO_TLSV1_2 = ffi_extras::SSL_OP_NO_TLSv1_2, + const SSL_OP_NO_TLSV1_1 = ffi_extras::SSL_OP_NO_TLSv1_1, + const SSL_OP_NETSCAPE_CA_DN_BUG = ffi_extras::SSL_OP_NETSCAPE_CA_DN_BUG, + const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = ffi_extras::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG, + const SSL_OP_CRYPTOPRO_TLSEXT_BUG = ffi_extras::SSL_OP_CRYPTOPRO_TLSEXT_BUG, + const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = ffi_extras::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG, + const SSL_OP_MSIE_SSLV2_RSA_PADDING = ffi_extras::SSL_OP_MSIE_SSLV2_RSA_PADDING, + const SSL_OP_PKCS1_CHECK_1 = ffi_extras::SSL_OP_PKCS1_CHECK_1, + const SSL_OP_PKCS1_CHECK_2 = ffi_extras::SSL_OP_PKCS1_CHECK_2, + const SSL_OP_EPHEMERAL_RSA = ffi_extras::SSL_OP_EPHEMERAL_RSA, const SSL_OP_ALL = SSL_OP_MICROSOFT_SESS_ID_BUG.bits|SSL_OP_NETSCAPE_CHALLENGE_BUG.bits |SSL_OP_LEGACY_SERVER_CONNECT.bits|SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.bits |SSL_OP_TLSEXT_PADDING.bits|SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.bits @@ -493,13 +494,13 @@ impl SslContext { pub fn set_read_ahead(&self, m: u32) { unsafe { - ffi::SSL_CTX_set_read_ahead(self.ctx, m as c_long); + ffi_extras::SSL_CTX_set_read_ahead(self.ctx, m as c_long); } } pub fn set_tmp_dh(&self, dh: DH) -> Result<(),SslError> { wrap_ssl_result(unsafe { - ffi::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 + ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } @@ -546,7 +547,7 @@ impl SslContext { pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(),SslError> { wrap_ssl_result( unsafe { - ffi::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int + ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int }) } @@ -592,21 +593,21 @@ impl SslContext { pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(),SslError> { wrap_ssl_result( unsafe { - ffi::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) + ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) }) } pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); let ret = unsafe { - ffi::SSL_CTX_set_options(self.ctx, raw_bits) + ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } pub fn get_options(&mut self) -> SslContextOptions { let ret = unsafe { - ffi::SSL_CTX_get_options(self.ctx) + ffi_extras::SSL_CTX_get_options(self.ctx) }; SslContextOptions::from_bits(ret).unwrap() } @@ -614,7 +615,7 @@ impl SslContext { pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); let ret = unsafe { - ffi::SSL_CTX_clear_options(self.ctx, raw_bits) + ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } @@ -785,7 +786,7 @@ impl Ssl { /// Sets the host name to be used with SNI (Server Name Indication). pub fn set_hostname(&self, hostname: &str) -> Result<(), SslError> { let cstr = CString::new(hostname).unwrap(); - let ret = unsafe { ffi::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr()) }; + let ret = unsafe { ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr()) }; // For this case, 0 indicates failure. if ret == 0 { @@ -1435,7 +1436,7 @@ impl NonblockingSslStream { fn new_base(ssl: Ssl, stream: S, sock: c_int) -> Result, SslError> { unsafe { let bio = try_ssl_null!(ffi::BIO_new_socket(sock, 0)); - ffi::BIO_set_nbio(bio, 1); + ffi_extras::BIO_set_nbio(bio, 1); ffi::SSL_set_bio(ssl.ssl, bio, bio); } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 91daa66a2bab48cc84c0acc57e58931ff5870681..8148749a59f6ed8691b36e1222b7eb0541169744 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -18,6 +18,7 @@ use crypto::hash::Type as HashType; use crypto::pkey::{PKey,Parts}; use crypto::rand::rand_bytes; use ffi; +use ffi_extras; use ssl::error::{SslError, StreamError}; use nid; @@ -400,7 +401,7 @@ impl X509Generator { let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null()); try_ssl_null!(req); - let exts = ffi::X509_get_extensions(cert.handle); + let exts = ffi_extras::X509_get_extensions(cert.handle); if exts != ptr::null_mut() { try_ssl!(ffi::X509_REQ_add_extensions(req,exts)); }