Loading openssl/Cargo.toml +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ unstable_boringssl = ["ffi/unstable_boringssl"] default = [] [dependencies] bitflags = "1.0" bitflags = "2.2.1" cfg-if = "1.0" foreign-types = "0.3.1" libc = "0.2" Loading openssl/src/cms.rs +2 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct CMSOptions : c_uint { const TEXT = ffi::CMS_TEXT; const CMS_NOCERTS = ffi::CMS_NOCERTS; Loading openssl/src/ocsp.rs +2 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; Loading openssl/src/pkcs7.rs +8 −6 Original line number Diff line number Diff line Loading @@ -28,6 +28,8 @@ foreign_type_and_impl_send_sync! { } bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct Pkcs7Flags: c_int { const TEXT = ffi::PKCS7_TEXT; const NOCERTS = ffi::PKCS7_NOCERTS; Loading Loading @@ -111,7 +113,7 @@ impl Pkcs7 { certs.as_ptr(), input_bio.as_ptr(), cipher.as_ptr(), flags.bits, flags.bits(), )) .map(Pkcs7) } Loading Loading @@ -141,7 +143,7 @@ impl Pkcs7 { pkey.as_ptr(), certs.as_ptr(), input_bio.as_ptr(), flags.bits, flags.bits(), )) .map(Pkcs7) } Loading @@ -159,7 +161,7 @@ impl Pkcs7Ref { output.as_ptr(), self.as_ptr(), input_bio.as_ptr(), flags.bits, flags.bits(), )) .map(|_| output.get_buf().to_owned()) } Loading Loading @@ -205,7 +207,7 @@ impl Pkcs7Ref { pkey.as_ptr(), cert.as_ptr(), output.as_ptr(), flags.bits, flags.bits(), )) .map(|_| output.get_buf().to_owned()) } Loading Loading @@ -241,7 +243,7 @@ impl Pkcs7Ref { store.as_ptr(), indata_bio_ptr, out_bio.as_ptr(), flags.bits, flags.bits(), )) .map(|_| ())? } Loading @@ -265,7 +267,7 @@ impl Pkcs7Ref { let ptr = cvt_p(ffi::PKCS7_get0_signers( self.as_ptr(), certs.as_ptr(), flags.bits, flags.bits(), ))?; // The returned stack is owned by the caller, but the certs inside are not! Our stack interface can't deal Loading openssl/src/ssl/mod.rs +26 −10 Original line number Diff line number Diff line Loading @@ -143,6 +143,8 @@ cfg_if! { bitflags! { /// Options controlling the behavior of an `SslContext`. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslOptions: SslOptionsRepr { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr; Loading Loading @@ -281,6 +283,8 @@ bitflags! { bitflags! { /// Options controlling the behavior of an `SslContext`. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslMode: SslBitType { /// Enables "short writes". /// Loading Loading @@ -378,6 +382,8 @@ unsafe impl Send for SslMethod {} bitflags! { /// Options controlling the behavior of certificate verification. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslVerifyMode: i32 { /// Verifies that the peer's certificate is trusted. /// Loading Loading @@ -410,6 +416,8 @@ type SslTimeTy = c_long; bitflags! { /// Options controlling the behavior of session caching. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslSessionCacheMode: SslBitType { /// No session caching for the client or server takes place. const OFF = ffi::SSL_SESS_CACHE_OFF; Loading Loading @@ -447,6 +455,8 @@ bitflags! { #[cfg(ossl111)] bitflags! { /// Which messages and under which conditions an extension should be added or expected. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct ExtensionContext: c_uint { /// This extension is only allowed in TLS const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY; Loading Loading @@ -735,7 +745,7 @@ impl SslContextBuilder { #[corresponds(SSL_CTX_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, None); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, None); } } Loading @@ -752,7 +762,7 @@ impl SslContextBuilder { { unsafe { self.set_ex_data(SslContext::cached_ex_index::<F>(), verify); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>)); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, Some(raw_verify::<F>)); } } Loading Loading @@ -839,7 +849,7 @@ impl SslContextBuilder { pub fn set_mode(&mut self, mode: SslMode) -> SslMode { unsafe { let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits() as MtuTy) as SslBitType; SslMode { bits } SslMode::from_bits_retain(bits) } } Loading Loading @@ -1111,14 +1121,14 @@ impl SslContextBuilder { pub fn set_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Returns the options used by the context. #[corresponds(SSL_CTX_get_options)] pub fn options(&self) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Clears the options used by the context, returning the old set. Loading @@ -1126,7 +1136,7 @@ impl SslContextBuilder { pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Sets the minimum supported protocol version. Loading Loading @@ -1475,7 +1485,7 @@ impl SslContextBuilder { pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode { unsafe { let bits = ffi::SSL_CTX_set_session_cache_mode(self.as_ptr(), mode.bits()); SslSessionCacheMode { bits } SslSessionCacheMode::from_bits_retain(bits) } } Loading Loading @@ -2350,7 +2360,7 @@ impl SslRef { /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify #[corresponds(SSL_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) } unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits() as c_int, None) } } /// Returns the verify mode that was set using `set_verify`. Loading @@ -2371,7 +2381,11 @@ impl SslRef { unsafe { // this needs to be in an Arc since the callback can register a new callback! self.set_ex_data(Ssl::cached_ex_index(), Arc::new(verify)); ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>)); ffi::SSL_set_verify( self.as_ptr(), mode.bits() as c_int, Some(ssl_raw_verify::<F>), ); } } Loading Loading @@ -3718,7 +3732,7 @@ impl<S: Read + Write> SslStream<S> { pub fn get_shutdown(&mut self) -> ShutdownState { unsafe { let bits = ffi::SSL_get_shutdown(self.ssl.as_ptr()); ShutdownState { bits } ShutdownState::from_bits_retain(bits) } } Loading Loading @@ -4051,6 +4065,8 @@ pub enum ShutdownResult { bitflags! { /// The shutdown state of a session. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct ShutdownState: c_int { /// A close notify message has been sent to the peer. const SENT = ffi::SSL_SENT_SHUTDOWN; Loading Loading
openssl/Cargo.toml +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ unstable_boringssl = ["ffi/unstable_boringssl"] default = [] [dependencies] bitflags = "1.0" bitflags = "2.2.1" cfg-if = "1.0" foreign-types = "0.3.1" libc = "0.2" Loading
openssl/src/cms.rs +2 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct CMSOptions : c_uint { const TEXT = ffi::CMS_TEXT; const CMS_NOCERTS = ffi::CMS_NOCERTS; Loading
openssl/src/ocsp.rs +2 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; Loading
openssl/src/pkcs7.rs +8 −6 Original line number Diff line number Diff line Loading @@ -28,6 +28,8 @@ foreign_type_and_impl_send_sync! { } bitflags! { #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct Pkcs7Flags: c_int { const TEXT = ffi::PKCS7_TEXT; const NOCERTS = ffi::PKCS7_NOCERTS; Loading Loading @@ -111,7 +113,7 @@ impl Pkcs7 { certs.as_ptr(), input_bio.as_ptr(), cipher.as_ptr(), flags.bits, flags.bits(), )) .map(Pkcs7) } Loading Loading @@ -141,7 +143,7 @@ impl Pkcs7 { pkey.as_ptr(), certs.as_ptr(), input_bio.as_ptr(), flags.bits, flags.bits(), )) .map(Pkcs7) } Loading @@ -159,7 +161,7 @@ impl Pkcs7Ref { output.as_ptr(), self.as_ptr(), input_bio.as_ptr(), flags.bits, flags.bits(), )) .map(|_| output.get_buf().to_owned()) } Loading Loading @@ -205,7 +207,7 @@ impl Pkcs7Ref { pkey.as_ptr(), cert.as_ptr(), output.as_ptr(), flags.bits, flags.bits(), )) .map(|_| output.get_buf().to_owned()) } Loading Loading @@ -241,7 +243,7 @@ impl Pkcs7Ref { store.as_ptr(), indata_bio_ptr, out_bio.as_ptr(), flags.bits, flags.bits(), )) .map(|_| ())? } Loading @@ -265,7 +267,7 @@ impl Pkcs7Ref { let ptr = cvt_p(ffi::PKCS7_get0_signers( self.as_ptr(), certs.as_ptr(), flags.bits, flags.bits(), ))?; // The returned stack is owned by the caller, but the certs inside are not! Our stack interface can't deal Loading
openssl/src/ssl/mod.rs +26 −10 Original line number Diff line number Diff line Loading @@ -143,6 +143,8 @@ cfg_if! { bitflags! { /// Options controlling the behavior of an `SslContext`. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslOptions: SslOptionsRepr { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr; Loading Loading @@ -281,6 +283,8 @@ bitflags! { bitflags! { /// Options controlling the behavior of an `SslContext`. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslMode: SslBitType { /// Enables "short writes". /// Loading Loading @@ -378,6 +382,8 @@ unsafe impl Send for SslMethod {} bitflags! { /// Options controlling the behavior of certificate verification. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslVerifyMode: i32 { /// Verifies that the peer's certificate is trusted. /// Loading Loading @@ -410,6 +416,8 @@ type SslTimeTy = c_long; bitflags! { /// Options controlling the behavior of session caching. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct SslSessionCacheMode: SslBitType { /// No session caching for the client or server takes place. const OFF = ffi::SSL_SESS_CACHE_OFF; Loading Loading @@ -447,6 +455,8 @@ bitflags! { #[cfg(ossl111)] bitflags! { /// Which messages and under which conditions an extension should be added or expected. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct ExtensionContext: c_uint { /// This extension is only allowed in TLS const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY; Loading Loading @@ -735,7 +745,7 @@ impl SslContextBuilder { #[corresponds(SSL_CTX_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, None); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, None); } } Loading @@ -752,7 +762,7 @@ impl SslContextBuilder { { unsafe { self.set_ex_data(SslContext::cached_ex_index::<F>(), verify); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>)); ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, Some(raw_verify::<F>)); } } Loading Loading @@ -839,7 +849,7 @@ impl SslContextBuilder { pub fn set_mode(&mut self, mode: SslMode) -> SslMode { unsafe { let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits() as MtuTy) as SslBitType; SslMode { bits } SslMode::from_bits_retain(bits) } } Loading Loading @@ -1111,14 +1121,14 @@ impl SslContextBuilder { pub fn set_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Returns the options used by the context. #[corresponds(SSL_CTX_get_options)] pub fn options(&self) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Clears the options used by the context, returning the old set. Loading @@ -1126,7 +1136,7 @@ impl SslContextBuilder { pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; SslOptions { bits } SslOptions::from_bits_retain(bits) } /// Sets the minimum supported protocol version. Loading Loading @@ -1475,7 +1485,7 @@ impl SslContextBuilder { pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode { unsafe { let bits = ffi::SSL_CTX_set_session_cache_mode(self.as_ptr(), mode.bits()); SslSessionCacheMode { bits } SslSessionCacheMode::from_bits_retain(bits) } } Loading Loading @@ -2350,7 +2360,7 @@ impl SslRef { /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify #[corresponds(SSL_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) } unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits() as c_int, None) } } /// Returns the verify mode that was set using `set_verify`. Loading @@ -2371,7 +2381,11 @@ impl SslRef { unsafe { // this needs to be in an Arc since the callback can register a new callback! self.set_ex_data(Ssl::cached_ex_index(), Arc::new(verify)); ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>)); ffi::SSL_set_verify( self.as_ptr(), mode.bits() as c_int, Some(ssl_raw_verify::<F>), ); } } Loading Loading @@ -3718,7 +3732,7 @@ impl<S: Read + Write> SslStream<S> { pub fn get_shutdown(&mut self) -> ShutdownState { unsafe { let bits = ffi::SSL_get_shutdown(self.ssl.as_ptr()); ShutdownState { bits } ShutdownState::from_bits_retain(bits) } } Loading Loading @@ -4051,6 +4065,8 @@ pub enum ShutdownResult { bitflags! { /// The shutdown state of a session. #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] #[repr(transparent)] pub struct ShutdownState: c_int { /// A close notify message has been sent to the peer. const SENT = ffi::SSL_SENT_SHUTDOWN; Loading
