diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 6d8096f73a2ae14ea803d20baa098effca771628..63a95a289ccc47457ae31caef12f401b4c0176e6 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -121,9 +121,9 @@ cfg_if! { } extern "C" { - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode() -> c_int; - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/dtls1.rs b/openssl-sys/src/dtls1.rs index 08b7a489c455fca0e40b44f091f4f86bd2c9cec7..9ef5e77f78559af95b2c8213ba0e9fc871afa6b7 100644 --- a/openssl-sys/src/dtls1.rs +++ b/openssl-sys/src/dtls1.rs @@ -1,3 +1,9 @@ use libc::*; -pub const DTLS1_COOKIE_LENGTH: c_uint = 256; +cfg_if! { + if #[cfg(ossl300)] { + pub const DTLS1_COOKIE_LENGTH: c_uint = 255; + } else { + pub const DTLS1_COOKIE_LENGTH: c_uint = 256; + } +} diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index d6bd2ed435eb140187d31dca7cb0723d4073bf6a..f81d9ea1b551fdebf67835bef9c0562e3f6b1955 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -3,25 +3,68 @@ use libc::*; pub const ERR_TXT_MALLOCED: c_int = 0x01; pub const ERR_TXT_STRING: c_int = 0x02; +pub const ERR_LIB_SYS: c_int = 2; pub const ERR_LIB_PEM: c_int = 9; -const_fn! { - pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { - ((l as c_ulong & 0x0FF) << 24) | - ((f as c_ulong & 0xFFF) << 12) | - ((r as c_ulong & 0xFFF)) - } +cfg_if! { + if #[cfg(ossl300)] { + pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1; + pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong; - pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { - ((l >> 24) & 0x0FF) as c_int - } + pub const ERR_LIB_OFFSET: c_ulong = 23; + pub const ERR_LIB_MASK: c_ulong = 0xff; + pub const ERR_RFLAGS_OFFSET: c_ulong = 19; + pub const ERR_RFLAGS_MASK: c_ulong = 0xf; + pub const ERR_REASON_MASK: c_ulong = 0x7FFFFF; - pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { - ((l >> 12) & 0xFFF) as c_int - } + pub const ERR_RFLAG_FATAL: c_ulong = 0x1 << ERR_RFLAGS_OFFSET; + + const_fn! { + pub const fn ERR_SYSTEM_ERROR(errcode: c_ulong) -> bool { + errcode & ERR_SYSTEM_FLAG != 0 + } + + pub const fn ERR_GET_LIB(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + (((errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_GET_FUNC(_errcode: c_ulong) -> c_int { + 0 + } - pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { - (l & 0xFFF) as c_int + pub const fn ERR_GET_REASON(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + ((errcode & ERR_REASON_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_PACK(lib: c_int, _func: c_int, reason: c_int) -> c_ulong { + ((lib as c_ulong & ERR_LIB_MASK) << ERR_LIB_OFFSET) | + ((reason as c_ulong & ERR_REASON_MASK)) + } + } + } else { + const_fn! { + pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { + ((l as c_ulong & 0x0FF) << 24) | + ((f as c_ulong & 0xFFF) << 12) | + ((r as c_ulong & 0xFFF)) + } + + pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { + ((l >> 24) & 0x0FF) as c_int + } + + pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { + ((l >> 12) & 0xFFF) as c_int + } + + pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { + (l & 0xFFF) as c_int + } + } } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index c399a05a975925263a7b985e555c93812bcd369a..7d8e10c0d5ad23b2fd48853712e238299c8fc769 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -1000,7 +1000,10 @@ extern "C" { len: c_long, ) -> *mut SSL_SESSION; + #[cfg(not(ossl300))] pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; + #[cfg(ossl300)] + pub fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index b4e647c0768b489da2b8500f36c16ec3259cd78f..85d1d14f92785d607b7b39e946237397a23da0ce 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -154,7 +154,7 @@ pub mod ecdsa; pub mod envelope; pub mod error; pub mod ex_data; -#[cfg(not(libressl))] +#[cfg(not(any(libressl, ossl300)))] pub mod fips; pub mod hash; pub mod memcmp; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 2561aaed888f5c1a638606d9dbd7875232b8bfcb..e42a300c140c46f413946e2d63b333f67cd6cf43 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -2619,7 +2619,7 @@ impl SslRef { /// [`SSL_get_peer_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_peer_certificate.html pub fn peer_certificate(&self) -> Option { unsafe { - let ptr = ffi::SSL_get_peer_certificate(self.as_ptr()); + let ptr = SSL_get1_peer_certificate(self.as_ptr()); if ptr.is_null() { None } else { @@ -3954,6 +3954,13 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl300)] { + use ffi::SSL_get1_peer_certificate; + } else { + use ffi::SSL_get_peer_certificate as SSL_get1_peer_certificate; + } +} cfg_if! { if #[cfg(any(ossl110, libressl291))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method}; diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 4ec47f4fd5a901783c79863e7930cd1fda9f1537..05e76db8175d9e567c473d61e15268b6165f1a1c 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -647,6 +647,7 @@ impl X509 { ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); + println!("{}", ffi::ERR_GET_LIB(err)); if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE {