Clean up features

exclude = ["test/*"]

[features]

# Added in OpenSSL 1.0.2

rfc5114 = []

aes_xts = []

aes_ctr = []

alpn = []

ecdh_auto = []

openssl-102 = []

openssl-110 = ["openssl-102"]

[dependencies]

pub enum Type {

    AES_128_ECB,

    AES_128_CBC,

    /// Requires the `aes_xts` feature

    #[cfg(feature = "aes_xts")]

    AES_128_XTS,

    #[cfg(feature = "aes_ctr")]

    AES_128_CTR,

    // AES_128_GCM,

    AES_128_CFB1,

    AES_128_CFB128,

    AES_128_CFB8,

    AES_256_ECB,

    AES_256_CBC,

    /// Requires the `aes_xts` feature

    #[cfg(feature = "aes_xts")]

    AES_256_XTS,

    #[cfg(feature = "aes_ctr")]

    AES_256_CTR,

    // AES_256_GCM,

    AES_256_CFB1,

    AES_256_CFB128,

    AES_256_CFB8,

    DES_CBC,

    DES_ECB,

    RC4_128,

}

            match *self {

                Type::AES_128_ECB => ffi::EVP_aes_128_ecb(),

                Type::AES_128_CBC => ffi::EVP_aes_128_cbc(),

                #[cfg(feature = "aes_xts")]

                Type::AES_128_XTS => ffi::EVP_aes_128_xts(),

                #[cfg(feature = "aes_ctr")]

                Type::AES_128_CTR => ffi::EVP_aes_128_ctr(),

                // AES_128_GCM => (EVP_aes_128_gcm(), 16, 16),

                Type::AES_128_CFB1 => ffi::EVP_aes_128_cfb1(),

                Type::AES_128_CFB128 => ffi::EVP_aes_128_cfb128(),

                Type::AES_128_CFB8 => ffi::EVP_aes_128_cfb8(),

                Type::AES_256_ECB => ffi::EVP_aes_256_ecb(),

                Type::AES_256_CBC => ffi::EVP_aes_256_cbc(),

                #[cfg(feature = "aes_xts")]

                Type::AES_256_XTS => ffi::EVP_aes_256_xts(),

                #[cfg(feature = "aes_ctr")]

                Type::AES_256_CTR => ffi::EVP_aes_256_ctr(),

                // AES_256_GCM => (EVP_aes_256_gcm(), 32, 16),

                Type::AES_256_CFB1 => ffi::EVP_aes_256_cfb1(),

                Type::AES_256_CFB128 => ffi::EVP_aes_256_cfb128(),

                Type::AES_256_CFB8 => ffi::EVP_aes_256_cfb8(),

                Type::DES_CBC => ffi::EVP_des_cbc(),

                Type::DES_ECB => ffi::EVP_des_ecb(),

                Type::RC4_128 => ffi::EVP_rc4(),

            }

        }

    }

    #[test]

    #[cfg(feature = "aes_xts")]

    fn test_aes256_xts() {

        // Test case 174 from

        // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip

    }

    #[test]

    #[cfg(feature = "aes_ctr")]

    fn test_aes128_ctr() {

        let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\

        cipher_test(super::Type::AES_128_CTR, pt, ct, key, iv);

    }

    // #[test]

    // fn test_aes128_gcm() {

    // Test case 3 in GCM spec

    // let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255";

    // let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4";

    // let key = ~"feffe9928665731c6d6a8f9467308308";

    // let iv = ~"cafebabefacedbaddecaf888";

    //

    // cipher_test(super::AES_128_GCM, pt, ct, key, iv);

    // }

    #[test]

    fn test_aes128_cfb1() {

        // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

        Ok(DH(dh))

    }

    #[cfg(all(feature = "rfc5114", not(ossl101)))]

    #[cfg(feature = "openssl-102")]

    pub fn get_1024_160() -> Result<DH, ErrorStack> {

        let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() });

        Ok(DH(dh))

    }

    #[cfg(all(feature = "rfc5114", not(ossl101)))]

    #[cfg(feature = "openssl-102")]

    pub fn get_2048_224() -> Result<DH, ErrorStack> {

        let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() });

        Ok(DH(dh))

    }

    #[cfg(all(feature = "rfc5114", not(ossl101)))]

    #[cfg(feature = "openssl-102")]

    pub fn get_2048_256() -> Result<DH, ErrorStack> {

        let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() });

        Ok(DH(dh))

    use ssl::SslMethod::Tls;

    #[test]

    #[cfg(all(feature = "rfc5114", not(ossl101)))]

    #[cfg(feature = "openssl-102")]

    fn test_dh_rfc5114() {

        let mut ctx = SslContext::new(Tls).unwrap();

        let dh1 = DH::get_1024_160().unwrap();

lazy_static! {

    static ref NPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();

}

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

lazy_static! {

    static ref ALPN_PROTOS_IDX: c_int = get_new_idx::<Vec<u8>>();

}

    unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) }

}

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL,

                             out: *mut *const c_uchar,

                             outlen: *mut c_uchar,

    /// compatible clients, and automatically select an appropriate elliptic

    /// curve.

    ///

    /// This method requires OpenSSL >= 1.0.2 or LibreSSL and the `ecdh_auto`

    /// feature.

    #[cfg(all(feature = "ecdh_auto", not(ossl101)))]

    /// This feature is always enabled on OpenSSL 1.1.0, and calling this

    /// method does nothing.

    ///

    /// This method requires the `openssl-102` feature.

    #[cfg(feature = "openssl-102")]

    pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {

        self._set_ecdh_auto(onoff)

    }

    #[cfg(all(feature = "ecdh_auto", ossl102))]

    #[cfg(all(feature = "openssl-102", ossl102))]

    fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {

        wrap_ssl_result(unsafe {

            ffi::SSL_CTX_ctrl(self.as_ptr(),

        })

    }

    #[cfg(all(feature = "ecdh_auto", ossl110))]

    #[cfg(all(feature = "openssl-102", ossl110))]

    fn _set_ecdh_auto(&mut self, _onoff: bool) -> Result<(), ErrorStack> {

        Ok(())

    }

    ///

    /// Note that ordering of the protocols controls the priority with which they are chosen.

    ///

    /// This method needs the `alpn` feature.

    #[cfg(all(feature = "alpn", not(ossl101)))]

    /// This method needs the `openssl-102` feature.

    #[cfg(feature = "openssl-102")]

    pub fn set_alpn_protocols(&mut self, protocols: &[&[u8]]) {

        let protocols: Box<Vec<u8>> = Box::new(ssl_encode_byte_strings(protocols));

        unsafe {

    /// to interpret it.

    ///

    /// This method needs the `alpn` feature.

    #[cfg(all(feature = "alpn", not(ossl101)))]

    #[cfg(feature = "openssl-102")]

    pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {

        unsafe {

            let mut data: *const c_uchar = ptr::null();

        Server::new_tcp(&["-www"])

    }

    #[cfg(all(any(feature = "alpn", feature = "npn"), not(ossl101)))]

    fn new_alpn() -> (Server, TcpStream) {

        Server::new_tcp(&["-www",

                          "-nextprotoneg",

/// Tests that connecting with the client using ALPN, but the server not does not

/// break the existing connection behavior.

#[test]

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

fn test_connect_with_unilateral_alpn() {

    let (_s, stream) = Server::new();

    let mut ctx = SslContext::new(Tls).unwrap();

/// Tests that connecting with the client using NPN, but the server not does not

/// break the existing connection behavior.

#[test]

#[cfg(all(feature = "npn", not(ossl101)))]

fn test_connect_with_unilateral_npn() {

    let (_s, stream) = Server::new();

    let mut ctx = SslContext::new(Tls).unwrap();

/// Tests that when both the client as well as the server use ALPN and their

/// lists of supported protocols have an overlap, the correct protocol is chosen.

#[test]

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

fn test_connect_with_alpn_successful_multiple_matching() {

    let (_s, stream) = Server::new_alpn();

    let mut ctx = SslContext::new(Tls).unwrap();

/// Tests that when both the client as well as the server use NPN and their

/// lists of supported protocols have an overlap, the correct protocol is chosen.

#[test]

#[cfg(all(feature = "npn", not(ossl101)))]

fn test_connect_with_npn_successful_multiple_matching() {

    let (_s, stream) = Server::new_alpn();

    let mut ctx = SslContext::new(Tls).unwrap();

/// lists of supported protocols have an overlap -- with only ONE protocol

/// being valid for both.

#[test]

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

fn test_connect_with_alpn_successful_single_match() {

    let (_s, stream) = Server::new_alpn();

    let mut ctx = SslContext::new(Tls).unwrap();

/// lists of supported protocols have an overlap -- with only ONE protocol

/// being valid for both.

#[test]

#[cfg(all(feature = "npn", not(ossl101)))]

fn test_connect_with_npn_successful_single_match() {

    let (_s, stream) = Server::new_alpn();

    let mut ctx = SslContext::new(Tls).unwrap();

/// Tests that when the `SslStream` is created as a server stream, the protocols

/// are correctly advertised to the client.

#[test]

#[cfg(all(feature = "npn", not(ossl101)))]

fn test_npn_server_advertise_multiple() {

    let listener = TcpListener::bind("127.0.0.1:0").unwrap();

    let localhost = listener.local_addr().unwrap();

/// Tests that when the `SslStream` is created as a server stream, the protocols

/// are correctly advertised to the client.

#[test]

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

fn test_alpn_server_advertise_multiple() {

    let listener = TcpListener::bind("127.0.0.1:0").unwrap();

    let localhost = listener.local_addr().unwrap();

/// Test that Servers supporting ALPN don't report a protocol when none of their protocols match

/// the client's reported protocol.

#[test]

#[cfg(all(feature = "alpn", not(ossl101)))]

#[cfg(feature = "openssl-102")]

// TODO: not sure why this test is failing on OpenSSL 1.1.0, may be related to

//       something about SSLv3 though?

#[cfg_attr(ossl110, ignore)]