From d081c2b596e013b5e392ff9b9f84f2d6890beabb Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 22 Jul 2020 14:02:32 -0600 Subject: [PATCH] Update to 3.0.0-alpha5 --- openssl-sys/src/crypto.rs | 4 +-- openssl-sys/src/dtls1.rs | 8 ++++- openssl-sys/src/err.rs | 71 +++++++++++++++++++++++++++++++-------- openssl-sys/src/ssl.rs | 3 ++ openssl/src/lib.rs | 2 +- openssl/src/ssl/mod.rs | 9 ++++- openssl/src/x509/mod.rs | 1 + 7 files changed, 79 insertions(+), 19 deletions(-) diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 6d8096f7..63a95a28 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -121,9 +121,9 @@ cfg_if! { } extern "C" { - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode() -> c_int; - #[cfg(ossl101)] + #[cfg(all(ossl101, not(ossl300)))] pub fn FIPS_mode_set(onoff: c_int) -> c_int; pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: size_t) -> c_int; diff --git a/openssl-sys/src/dtls1.rs b/openssl-sys/src/dtls1.rs index 08b7a489..9ef5e77f 100644 --- a/openssl-sys/src/dtls1.rs +++ b/openssl-sys/src/dtls1.rs @@ -1,3 +1,9 @@ use libc::*; -pub const DTLS1_COOKIE_LENGTH: c_uint = 256; +cfg_if! { + if #[cfg(ossl300)] { + pub const DTLS1_COOKIE_LENGTH: c_uint = 255; + } else { + pub const DTLS1_COOKIE_LENGTH: c_uint = 256; + } +} diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index d6bd2ed4..f81d9ea1 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -3,25 +3,68 @@ use libc::*; pub const ERR_TXT_MALLOCED: c_int = 0x01; pub const ERR_TXT_STRING: c_int = 0x02; +pub const ERR_LIB_SYS: c_int = 2; pub const ERR_LIB_PEM: c_int = 9; -const_fn! { - pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { - ((l as c_ulong & 0x0FF) << 24) | - ((f as c_ulong & 0xFFF) << 12) | - ((r as c_ulong & 0xFFF)) - } +cfg_if! { + if #[cfg(ossl300)] { + pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1; + pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong; - pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { - ((l >> 24) & 0x0FF) as c_int - } + pub const ERR_LIB_OFFSET: c_ulong = 23; + pub const ERR_LIB_MASK: c_ulong = 0xff; + pub const ERR_RFLAGS_OFFSET: c_ulong = 19; + pub const ERR_RFLAGS_MASK: c_ulong = 0xf; + pub const ERR_REASON_MASK: c_ulong = 0x7FFFFF; - pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { - ((l >> 12) & 0xFFF) as c_int - } + pub const ERR_RFLAG_FATAL: c_ulong = 0x1 << ERR_RFLAGS_OFFSET; + + const_fn! { + pub const fn ERR_SYSTEM_ERROR(errcode: c_ulong) -> bool { + errcode & ERR_SYSTEM_FLAG != 0 + } + + pub const fn ERR_GET_LIB(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + (((errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_GET_FUNC(_errcode: c_ulong) -> c_int { + 0 + } - pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { - (l & 0xFFF) as c_int + pub const fn ERR_GET_REASON(errcode: c_ulong) -> c_int { + // hacks since `if` isn't yet stable in const functions :( + ((ERR_LIB_SYS as c_ulong * (ERR_SYSTEM_ERROR(errcode) as c_ulong)) | + ((errcode & ERR_REASON_MASK)) * (!ERR_SYSTEM_ERROR(errcode) as c_ulong)) as c_int + } + + pub const fn ERR_PACK(lib: c_int, _func: c_int, reason: c_int) -> c_ulong { + ((lib as c_ulong & ERR_LIB_MASK) << ERR_LIB_OFFSET) | + ((reason as c_ulong & ERR_REASON_MASK)) + } + } + } else { + const_fn! { + pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong { + ((l as c_ulong & 0x0FF) << 24) | + ((f as c_ulong & 0xFFF) << 12) | + ((r as c_ulong & 0xFFF)) + } + + pub const fn ERR_GET_LIB(l: c_ulong) -> c_int { + ((l >> 24) & 0x0FF) as c_int + } + + pub const fn ERR_GET_FUNC(l: c_ulong) -> c_int { + ((l >> 12) & 0xFFF) as c_int + } + + pub const fn ERR_GET_REASON(l: c_ulong) -> c_int { + (l & 0xFFF) as c_int + } + } } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index c399a05a..7d8e10c0 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -1000,7 +1000,10 @@ extern "C" { len: c_long, ) -> *mut SSL_SESSION; + #[cfg(not(ossl300))] pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; + #[cfg(ossl300)] + pub fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index b4e647c0..85d1d14f 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -154,7 +154,7 @@ pub mod ecdsa; pub mod envelope; pub mod error; pub mod ex_data; -#[cfg(not(libressl))] +#[cfg(not(any(libressl, ossl300)))] pub mod fips; pub mod hash; pub mod memcmp; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 2561aaed..e42a300c 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -2619,7 +2619,7 @@ impl SslRef { /// [`SSL_get_peer_certificate`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_peer_certificate.html pub fn peer_certificate(&self) -> Option { unsafe { - let ptr = ffi::SSL_get_peer_certificate(self.as_ptr()); + let ptr = SSL_get1_peer_certificate(self.as_ptr()); if ptr.is_null() { None } else { @@ -3954,6 +3954,13 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl300)] { + use ffi::SSL_get1_peer_certificate; + } else { + use ffi::SSL_get_peer_certificate as SSL_get1_peer_certificate; + } +} cfg_if! { if #[cfg(any(ossl110, libressl291))] { use ffi::{TLS_method, DTLS_method, TLS_client_method, TLS_server_method}; diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 4ec47f4f..05e76db8 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -647,6 +647,7 @@ impl X509 { ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); + println!("{}", ffi::ERR_GET_LIB(err)); if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE { -- GitLab