diff --git a/.circleci/config.yml b/.circleci/config.yml index a9b0b9dfc7..77f52a011d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -177,13 +177,11 @@ jobs: type: string default: 1.33.0 macos: - xcode: "9.0" + xcode: "12.2.0" environment: RUST_BACKTRACE: 1 steps: - checkout - - run: sudo mkdir /opt - - run: sudo chown -R $USER /usr/local/ /opt - run: curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain << parameters.image >> - run: sudo ln -s ~/.cargo/bin/* /usr/local/bin - run: cargo generate-lockfile @@ -212,7 +210,7 @@ openssl_300: &openssl_300 version: 3.0.0-alpha6 openssl_111: &openssl_111 library: openssl - version: 1.1.1g + version: 1.1.1h openssl_110: &openssl_110 library: openssl version: 1.1.0l diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 9654f3026d..50153936ea 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -276,6 +276,7 @@ due to this version mismatch. // parses a string that looks like "0x100020cfL" #[allow(deprecated)] // trim_right_matches is now trim_end_matches +#[allow(clippy::match_like_matches_macro)] // matches macro requires rust 1.42.0 fn parse_version(version: &str) -> u64 { // cut off the 0x prefix assert!(version.starts_with("0x")); diff --git a/openssl-sys/src/asn1.rs b/openssl-sys/src/asn1.rs index a42c1c5415..d6d16b7f5d 100644 --- a/openssl-sys/src/asn1.rs +++ b/openssl-sys/src/asn1.rs @@ -61,14 +61,8 @@ extern "C" { pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ASN1_STRING) -> c_int; - } - } else { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int; } } diff --git a/openssl-sys/src/bio.rs b/openssl-sys/src/bio.rs index bf9006a89a..d738a8af0b 100644 --- a/openssl-sys/src/bio.rs +++ b/openssl-sys/src/bio.rs @@ -60,17 +60,10 @@ pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void) } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn BIO_s_file() -> *const BIO_METHOD; - pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; - } - } else { - extern "C" { - pub fn BIO_s_file() -> *mut BIO_METHOD; - pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; - } +const_ptr_api! { + extern "C" { + pub fn BIO_s_file() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; + pub fn BIO_new(type_: #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD) -> *mut BIO; } } extern "C" { @@ -88,26 +81,10 @@ extern "C" { pub fn BIO_free_all(b: *mut BIO); } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn BIO_s_mem() -> *const BIO_METHOD; - } - } else { - extern "C" { - pub fn BIO_s_mem() -> *mut BIO_METHOD; - } - } -} -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; - } - } else { - extern "C" { - pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO; - } +const_ptr_api! { + extern "C" { + pub fn BIO_s_mem() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; + pub fn BIO_new_mem_buf(buf: #[const_ptr_if(any(ossl102, libressl280))] c_void, len: c_int) -> *mut BIO; } } diff --git a/openssl-sys/src/err.rs b/openssl-sys/src/err.rs index c3f7a320dd..5df732635b 100644 --- a/openssl-sys/src/err.rs +++ b/openssl-sys/src/err.rs @@ -13,8 +13,8 @@ cfg_if! { pub const ERR_LIB_OFFSET: c_ulong = 23; pub const ERR_LIB_MASK: c_ulong = 0xff; - pub const ERR_RFLAGS_OFFSET: c_ulong = 19; - pub const ERR_RFLAGS_MASK: c_ulong = 0xf; + pub const ERR_RFLAGS_OFFSET: c_ulong = 18; + pub const ERR_RFLAGS_MASK: c_ulong = 0x1f; pub const ERR_REASON_MASK: c_ulong = 0x7FFFFF; pub const ERR_RFLAG_FATAL: c_ulong = 0x1 << ERR_RFLAGS_OFFSET; diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 96e4b03a44..d0da6c753a 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -11,8 +11,12 @@ pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey; #[cfg(ossl111)] +pub const EVP_PKEY_X25519: c_int = NID_X25519; +#[cfg(ossl111)] pub const EVP_PKEY_ED25519: c_int = NID_ED25519; #[cfg(ossl111)] +pub const EVP_PKEY_X448: c_int = NID_X448; +#[cfg(ossl111)] pub const EVP_PKEY_ED448: c_int = NID_ED448; pub const EVP_PKEY_HMAC: c_int = NID_hmac; pub const EVP_PKEY_CMAC: c_int = NID_cmac; @@ -170,15 +174,9 @@ extern "C" { outl: *mut c_int, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl111b, libressl280))] { - extern "C" { - pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int; - } - } else { - extern "C" { - pub fn EVP_PKEY_size(pkey: *mut EVP_PKEY) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; } } cfg_if! { @@ -202,23 +200,13 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *const c_uchar, - siglen: size_t, - ) -> c_int; - } - } else { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *mut c_uchar, - siglen: size_t, - ) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_DigestVerifyFinal( + ctx: *mut EVP_MD_CTX, + sigret: #[const_ptr_if(any(ossl102, libressl280))] c_uchar, + siglen: size_t, + ) -> c_int; } } @@ -313,15 +301,9 @@ extern "C" { pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn EVP_PKEY_bits(key: *const EVP_PKEY) -> c_int; - } - } else { - extern "C" { - pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; } } extern "C" { @@ -464,15 +446,9 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *const PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKCS82PKEY(p8: #[const_ptr_if(any(ossl110, libressl280))] PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; } } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 55964be23c..8bcc02f047 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -9,6 +9,7 @@ unused_imports )] #![doc(html_root_url = "https://docs.rs/openssl-sys/0.9")] +#![recursion_limit = "128"] // configure fixed limit across all rust versions extern crate libc; diff --git a/openssl-sys/src/macros.rs b/openssl-sys/src/macros.rs index 84320b7265..7b4a875f88 100644 --- a/openssl-sys/src/macros.rs +++ b/openssl-sys/src/macros.rs @@ -85,3 +85,212 @@ macro_rules! const_fn { )* } } + +// openssl changes `*mut` to `*const` in certain parameters in certain versions; +// in C this is ABI and (mostly) API compatible. +// +// We need to handle this explicitly, and this macro helps annotate which +// parameter got converted in which version. +// +// Input is: +// extern "C" { +// #[attributes...] +// pub fn name(args) -> rettype; // `-> rettype` optional +// // more functions... +// } +// +// This macro replaces `#[const_ptr_if(...)]` in types with `*const` or `*mut` +// (depending on the inner cfg flags) +// +// Walks through all argument and return types, but only finds inner types of +// `*const` and `*mut`; doesn't walk arrays or generics. +// +// NOTE: can't abstract `pub` as `$fn_vis:vis`, as ctest macro handling doesn't +// support it (old syntax crate). But we really only need `pub` anyway. +// +// NOTE: ctest seams to simply ignore macros it can't expand (whatever the +// reason) +macro_rules! const_ptr_api { + // ---------------------------------------------------------------- + // (partialarg): partial argument, waiting for "final" argument type + // MAGIC PART 1: hande conditional const ptr in argument type + ( (partialarg) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + $args_packed:tt + [ $($part_arg:tt)* ] + [ #[const_ptr_if( $($cfg:tt)* )] $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) { #[cfg($($cfg)*)] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_arg)* *const ] [ $($arg_rem)* ] $ret_packed ); + const_ptr_api!( (partialarg) { #[cfg(not($($cfg)*))] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_arg)* *mut ] [ $($arg_rem)* ] $ret_packed ); + }; + // continue partial argument with `*mut` pointer (might need special const handling in inner type) + ( (partialarg) + $def_packed:tt + $args_packed:tt + [ $($part_arg:tt)* ] + [ *mut $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $($part_arg)* *mut ] [ $($arg_rem)* ] $ret_packed ); + }; + // continue partial argument with `*const` pointer (might need special const handling in inner type) + ( (partialarg) + $def_packed:tt + $args_packed:tt + [ $($part_arg:tt)* ] + [ *const $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $($part_arg)* *const ] [ $($arg_rem)* ] $ret_packed ); + }; + // finish partial argument with trailing comma + ( (partialarg) + $def_packed:tt + { $($args_tt:tt)* } + [ $($part_arg:tt)* ] + [ $arg_ty:ty, $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (parseargs) $def_packed { $($args_tt)* { $($part_arg)* $arg_ty } } [ $($arg_rem)* ] $ret_packed ); + }; + // finish final partial argument (no trailing comma) + ( (partialarg) + $def_packed:tt + { $($args_tt:tt)* } + [ $($part_arg:tt)* ] + [ $arg_ty:ty ] + $ret_packed:tt + ) => { + const_ptr_api!( (parseargs) $def_packed { $($args_tt)* { $($part_arg)* $arg_ty } } [ ] $ret_packed ); + }; + + // ---------------------------------------------------------------- + // (parseargs): parsing arguments + // start next argument + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ $arg_name:ident : $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $arg_name: ] [ $($arg_rem)* ] $ret_packed ); + }; + // end of arguments, there is a return type; start parsing it + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ ] + [ -> $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [] [ $($rem)* ] ); + }; + // end of arguments, no return type + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ ] + [ ] + ) => { + const_ptr_api!( (generate) $def_packed $args_packed { () } ); + }; + + // ---------------------------------------------------------------- + // (partialret): have partial return type, waiting for final return type + // MAGIC PART 2: hande conditional const ptr in return type + ( (partialret) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + $args_packed:tt + [ $($part_ret:tt)* ] + [ #[const_ptr_if( $($cfg:tt)* )] $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) { #[cfg($($cfg)*)] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_ret)* *const ] [ $($rem)* ] ); + const_ptr_api!( (partialret) { #[cfg(not($($cfg)*))] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_ret)* *mut ] [ $($rem)* ] ); + }; + // `* mut` part in return type; continue parsing to find inner conditional const ptr + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ *mut $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [ $($part_ret)* *mut ] [ $($rem)* ] ); + }; + // `* const` part in return type; continue parsing to find inner conditional const ptr + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ *const $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [ $($part_ret)* *const ] [ $($rem)* ] ); + }; + // final part of return type + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ $ret_ty:ty ] + ) => { + const_ptr_api!( (generate) $def_packed $args_packed { $($part_ret)* $ret_ty } ); + }; + + // ---------------------------------------------------------------- + // generate + ( (generate) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + { $({ $arg_name:ident: $($arg_ty:tt)* })* } + { $ret_ty:ty } + ) => { + extern "C" { + $(#[$fn_attr])* + pub fn $fn_name( $( + $arg_name: $($arg_ty)* + ),* ) -> $ret_ty; + } + }; + + // ---------------------------------------------------------------- + // (fn): gather tokens for return type until ";" + // found end; start parsing current function, and parse remaining functions + ( (fn) + $def_packed:tt + $arg_tts_packed:tt + $ret_packed:tt + [ ; $($rem:tt)* ] + ) => { + const_ptr_api!( (parseargs) $def_packed {} $arg_tts_packed $ret_packed ); + const_ptr_api!( (extern) [ $($rem)* ] ); + }; + // not ";" - all other tokens are part of the return type. + // don't expand return type yet; otherwise we'd have to remember in which branch `rem` needs + // to be used to parse further functions. + ( (fn) + $def_packed:tt + $arg_tts_packed:tt + [ $($ret_tt:tt)* ] + [ $tt:tt $($rem:tt)* ] + ) => { + const_ptr_api!( (fn) $def_packed $arg_tts_packed [ $($ret_tt)* $tt ] [ $($rem)* ] ); + }; + + // ---------------------------------------------------------------- + // (extern): in extern block, find next function + // try to split into functions as fast as possible to reduce recursion depth + ( (extern) [ + $(#[$fn_attr:meta])* + pub fn $fn_name:ident( $($arg_rem:tt)* ) $($rem:tt)* + ] ) => { + const_ptr_api!( (fn) + { $(#[$fn_attr])* pub fn $fn_name } [ $($arg_rem)* ] [] [ $($rem)* ] + ); + }; + // end of extern block + ( (extern) [] ) => {}; + + // ---------------------------------------------------------------- + // macro start; find extern block + ( extern "C" { $($rem:tt)* } ) => { + const_ptr_api!( (extern) [ $($rem)* ] ); + }; +} diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs index e348f34193..d78416da3a 100644 --- a/openssl-sys/src/obj_mac.rs +++ b/openssl-sys/src/obj_mac.rs @@ -913,6 +913,10 @@ pub const NID_aes_128_cbc_hmac_sha1: c_int = 916; pub const NID_aes_192_cbc_hmac_sha1: c_int = 917; pub const NID_aes_256_cbc_hmac_sha1: c_int = 918; #[cfg(ossl111)] +pub const NID_X25519: c_int = 1034; +#[cfg(ossl111)] +pub const NID_X448: c_int = 1035; +#[cfg(ossl111)] pub const NID_ED25519: c_int = 1087; #[cfg(ossl111)] pub const NID_ED448: c_int = 1088; diff --git a/openssl-sys/src/object.rs b/openssl-sys/src/object.rs index a28454a4ce..09db4d9a0f 100644 --- a/openssl-sys/src/object.rs +++ b/openssl-sys/src/object.rs @@ -16,4 +16,5 @@ extern "C" { pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int) -> c_int; pub fn OBJ_sn2nid(sn: *const libc::c_char) -> libc::c_int; + pub fn OBJ_txt2obj(s: *const libc::c_char, no_name: libc::c_int) -> *mut ASN1_OBJECT; } diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs index ee98eb55db..eff28b8f87 100644 --- a/openssl-sys/src/ocsp.rs +++ b/openssl-sys/src/ocsp.rs @@ -44,23 +44,13 @@ pub const V_OCSP_CERTSTATUS_UNKNOWN: c_int = 2; pub enum OCSP_BASICRESP {} -cfg_if! { - if #[cfg(any(ossl110, libressl281))] { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *const X509, - issuer: *const X509, - ) -> *mut OCSP_CERTID; - } - } else { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *mut X509, - issuer: *mut X509, - ) -> *mut ::OCSP_CERTID; - } +const_ptr_api! { + extern "C" { + pub fn OCSP_cert_to_id( + dgst: *const EVP_MD, + subject: #[const_ptr_if(any(ossl110, libressl281))] X509, + issuer: #[const_ptr_if(any(ossl110, libressl281))] X509, + ) -> *mut OCSP_CERTID; } } diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 449ecd910b..b67b029e95 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -341,8 +341,6 @@ cfg_if! { } } } -pub enum X509_CRL {} -stack!(stack_st_X509_CRL); pub enum X509_NAME {} diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index ca617c2034..9337b312ca 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -20,117 +20,61 @@ extern "C" { ) -> *mut X509; } -cfg_if! { - if #[cfg(ossl300)] { - extern "C" { - pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *const X509) -> c_int; - pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *const X509_REQ) -> c_int; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: *const RSA, - cipher: *const EVP_CIPHER, - kstr: *const c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *const RSA) -> c_int; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *const DSA, - cipher: *const EVP_CIPHER, - kstr: *const c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: *const EC_KEY, - cipher: *const EVP_CIPHER, - kstr: *const c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; - pub fn PEM_write_bio_PrivateKey( - bio: *mut BIO, - pkey: *const EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *const c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *const EVP_PKEY) -> c_int; - pub fn PEM_write_bio_PKCS8PrivateKey( - bio: *mut BIO, - pkey: *const EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *const c_char, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *const PKCS7) -> c_int; - pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: *const EC_KEY) -> c_int; - } - } else { - extern "C" { - pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; - pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: *mut RSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *mut DSA, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: *mut EC_KEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *mut DSA) -> c_int; - pub fn PEM_write_bio_PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; - pub fn PEM_write_bio_PKCS8PrivateKey( - bio: *mut BIO, - pkey: *mut EVP_PKEY, - cipher: *const EVP_CIPHER, - kstr: *mut c_char, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; - pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: *mut EC_KEY) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn PEM_write_bio_X509(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509) -> c_int; + pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: #[const_ptr_if(ossl300)] RSA, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: #[const_ptr_if(ossl300)] DSA, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: #[const_ptr_if(ossl300)] EC_KEY, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: *const DSA) -> c_int; + pub fn PEM_write_bio_PrivateKey( + bio: *mut BIO, + pkey: #[const_ptr_if(ossl300)] EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *const c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; + pub fn PEM_write_bio_PKCS8PrivateKey( + bio: *mut BIO, + pkey: #[const_ptr_if(ossl300)] EVP_PKEY, + cipher: *const EVP_CIPHER, + kstr: *const c_char, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: #[const_ptr_if(ossl300)] PKCS7) -> c_int; + pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; + pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_CRL) -> c_int; } } diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index e0067a5c97..ba3e793394 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -29,37 +29,20 @@ extern "C" { ca: *mut *mut stack_st_X509, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn PKCS12_create( - pass: *const c_char, - friendly_name: *const c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } - } else { - extern "C" { - pub fn PKCS12_create( - pass: *mut c_char, - friendly_name: *mut c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } +const_ptr_api! { + extern "C" { + pub fn PKCS12_create( + pass: #[const_ptr_if(any(ossl110, libressl280))] c_char, + friendly_name: #[const_ptr_if(any(ossl110, libressl280))] c_char, + pkey: *mut EVP_PKEY, + cert: *mut X509, + ca: *mut stack_st_X509, + nid_key: c_int, + nid_cert: c_int, + iter: c_int, + mac_iter: c_int, + keytype: c_int, + ) -> *mut PKCS12; } } diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index 454a04dfcf..853dc761b3 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -28,6 +28,16 @@ pub const PKCS7_REUSE_DIGEST: c_int = 0x8000; #[cfg(not(any(ossl101, ossl102, libressl)))] pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; +extern "C" { + pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7; +} + +const_ptr_api! { + extern "C" { + pub fn i2d_PKCS7(a: #[const_ptr_if(ossl300)] PKCS7, buf: *mut *mut u8) -> c_int; + } +} + extern "C" { pub fn PKCS7_encrypt( certs: *mut stack_st_X509, diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 2d2617da11..06a2d26902 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -478,6 +478,7 @@ extern "C" { ); } cfg_if! { + // const change in passed function pointer signature if #[cfg(any(ossl110, libressl280))] { extern "C" { pub fn SSL_CTX_sess_set_get_cb( @@ -509,6 +510,7 @@ extern "C" { } cfg_if! { + // const change in passed function pointer signature if #[cfg(any(ossl110, libressl280))] { extern "C" { pub fn SSL_CTX_set_cookie_verify_cb( @@ -681,15 +683,10 @@ extern "C" { pub fn SSL_get_verify_mode(s: *const SSL) -> c_int; } -cfg_if! { - if #[cfg(ossl111)] { - extern "C" { - pub fn SSL_is_init_finished(s: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_is_init_finished(s: *mut SSL) -> c_int; - } +const_ptr_api! { + extern "C" { + #[cfg(ossl110)] + pub fn SSL_is_init_finished(s: #[const_ptr_if(ossl111)] SSL) -> c_int; } } @@ -852,12 +849,10 @@ cfg_if! { cfg_if! { if #[cfg(ossl110g)] { - #[cfg(ossl110g)] pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int { SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int } - #[cfg(ossl110g)] pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int { SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int } @@ -911,15 +906,9 @@ extern "C" { pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; - } - } else { - extern "C" { - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *mut c_char; - } +const_ptr_api! { + extern "C" { + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl280))] c_char; } } extern "C" { @@ -1175,15 +1164,9 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(ossl111b)] { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *const SSL) -> *const SSL_METHOD; - } - } else { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; - } +const_ptr_api! { + extern "C" { + pub fn SSL_get_ssl_method(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const SSL_METHOD; } } @@ -1202,15 +1185,9 @@ extern "C" { pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY; - } +const_ptr_api! { + extern "C" { + pub fn SSL_get_privatekey(ssl: #[const_ptr_if(any(ossl102, libressl280))] SSL) -> *mut EVP_PKEY; } } @@ -1354,14 +1331,11 @@ cfg_if! { extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void; } - } else if #[cfg(osslconf = "OPENSSL_NO_COMP")] { - } else if #[cfg(ossl111b)] { - extern "C" { - pub fn SSL_get_current_compression(ssl: *const SSL) -> *const COMP_METHOD; - } - } else { - extern "C" { - pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; + } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] { + const_ptr_api! { + extern "C" { + pub fn SSL_get_current_compression(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const COMP_METHOD; + } } } } @@ -1385,13 +1359,11 @@ extern "C" { } cfg_if! { - if #[cfg(ossl111c)] { - extern "C" { - pub fn SSL_session_reused(ssl: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_session_reused(ssl: *mut SSL) -> c_int; + if #[cfg(ossl110)] { + const_ptr_api! { + extern "C" { + pub fn SSL_session_reused(ssl: #[const_ptr_if(ossl111c)] SSL) -> c_int; + } } } else { pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int { @@ -1399,15 +1371,10 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl110f, libressl273))] { - extern "C" { - pub fn SSL_is_server(s: *const SSL) -> c_int; - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn SSL_is_server(s: *mut SSL) -> c_int; - } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl273))] + pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl273))] SSL) -> c_int; } } diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 4b290a4099..0e63121825 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -37,6 +37,69 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL {} + } else { + #[repr(C)] + pub struct X509_CRL { + pub crl: *mut X509_CRL_INFO, + sig_alg: *mut X509_ALGOR, + signature: *mut c_void, + references: c_int, + flags: c_int, + akid: *mut c_void, + idp: *mut c_void, + idp_flags: c_int, + idp_reasons: c_int, + crl_number: *mut ASN1_INTEGER, + base_crl_number: *mut ASN1_INTEGER, + sha1_hash: [c_uchar; 20], + issuers: *mut c_void, + meth: *const c_void, + meth_data: *mut c_void, + } + } +} + +stack!(stack_st_X509_CRL); + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL_INFO {} + } else { + #[repr(C)] + pub struct X509_CRL_INFO { + version: *mut ASN1_INTEGER, + sig_alg: *mut X509_ALGOR, + pub issuer: *mut X509_NAME, + pub lastUpdate: *mut ASN1_TIME, + pub nextUpdate: *mut ASN1_TIME, + pub revoked: *mut stack_st_X509_REVOKED, + extensions: *mut stack_st_X509_EXTENSION, + enc: ASN1_ENCODING, + } + } +} + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_REVOKED {} + } else { + #[repr(C)] + pub struct X509_REVOKED { + pub serialNumber: *mut ASN1_INTEGER, + pub revocationDate: *mut ASN1_TIME, + pub extensions: *mut stack_st_X509_EXTENSION, + issuer: *mut stack_st_GENERAL_NAME, + reason: c_int, + sequence: c_int, + } + } +} + +stack!(stack_st_X509_REVOKED); + cfg_if! { if #[cfg(ossl110)] { pub enum X509_REQ {} @@ -170,25 +233,15 @@ extern "C" { ) -> *mut EC_KEY; } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *const ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *const c_void, - alg: *const X509_ALGOR, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *mut ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *mut c_void, - alg: *mut X509_ALGOR, - ); - } +const_ptr_api! { + extern "C" { + #[cfg(ossl102)] + pub fn X509_ALGOR_get0( + paobj: *mut #[const_ptr_if(ossl110)] ASN1_OBJECT, + pptype: *mut c_int, + ppval: *mut #[const_ptr_if(ossl110)] c_void, + alg: #[const_ptr_if(ossl110)] X509_ALGOR, + ); } } @@ -199,6 +252,44 @@ extern "C" { pub fn X509_ALGOR_free(x: *mut X509_ALGOR); + pub fn X509_REVOKED_new() -> *mut X509_REVOKED; + pub fn X509_REVOKED_free(x: *mut X509_REVOKED); +} +const_ptr_api! { + extern "C" { + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_dup(rev: #[const_ptr_if(ossl300)] X509_REVOKED) -> *mut X509_REVOKED; + } +} + +extern "C" { + pub fn d2i_X509_REVOKED( + a: *mut *mut X509_REVOKED, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_REVOKED; +} +const_ptr_api! { + extern "C" { + pub fn i2d_X509_REVOKED(x: #[const_ptr_if(ossl300)] X509_REVOKED, buf: *mut *mut u8) -> c_int; + } +} +extern "C" { + pub fn X509_CRL_new() -> *mut X509_CRL; + pub fn X509_CRL_free(x: *mut X509_CRL); + pub fn d2i_X509_CRL( + a: *mut *mut X509_CRL, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_CRL; +} +const_ptr_api! { + extern "C" { + pub fn i2d_X509_CRL(x: #[const_ptr_if(ossl300)] X509_CRL, buf: *mut *mut u8) -> c_int; + } +} + +extern "C" { pub fn X509_REQ_new() -> *mut X509_REQ; pub fn X509_REQ_free(x: *mut X509_REQ); pub fn d2i_X509_REQ( @@ -219,23 +310,14 @@ cfg_if! { } } -cfg_if! { - if #[cfg(any(ossl110, libressl273))] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *const ASN1_BIT_STRING, - palg: *mut *const X509_ALGOR, - x: *const X509, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *mut ASN1_BIT_STRING, - palg: *mut *mut X509_ALGOR, - x: *const X509, - ); - } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl273))] + pub fn X509_get0_signature( + psig: *mut #[const_ptr_if(any(ossl110, libressl273))] ASN1_BIT_STRING, + palg: *mut #[const_ptr_if(any(ossl110, libressl273))] X509_ALGOR, + x: *const X509, + ); } } extern "C" { @@ -286,15 +368,9 @@ cfg_if! { extern "C" { pub fn X509_subject_name_hash(x: *mut ::X509) -> c_ulong; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_get_issuer_name(x: *const ::X509) -> *mut ::X509_NAME; - } - } else { - extern "C" { - pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; - } +const_ptr_api! { + extern "C" { + pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } cfg_if! { @@ -308,15 +384,9 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_get_subject_name(x: *const ::X509) -> *mut ::X509_NAME; - } - } else { - extern "C" { - pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; - } +const_ptr_api! { + extern "C" { + pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } cfg_if! { @@ -365,64 +435,98 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION; + + pub fn X509_REVOKED_set_serialNumber(r: *mut X509_REVOKED, serial: *mut ASN1_INTEGER) -> c_int; + pub fn X509_REVOKED_set_revocationDate(r: *mut X509_REVOKED, tm: *mut ASN1_TIME) -> c_int; + + pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; + pub fn X509_CRL_digest( + x: *const X509_CRL, + digest: *const EVP_MD, + md: *mut c_uchar, + len: *mut c_uint, + ) -> c_int; + pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_CRL_get0_by_cert( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + cert: *mut X509, + ) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_CRL_get0_by_serial( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + serial: #[const_ptr_if(ossl300)] ASN1_INTEGER, + ) -> c_int; + } +} + +extern "C" { + #[cfg(any(ossl110, libressl281))] + pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; + #[cfg(any(ossl110, libressl281))] + pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(any(ossl110, libressl281))] + pub fn X509_CRL_get0_lastUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(any(ossl110, libressl281))] + pub fn X509_CRL_get_issuer(x: *const X509_CRL) -> *mut X509_NAME; + #[cfg(ossl110)] pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; -} -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_NAME_entry_count(n: *const X509_NAME) -> c_int; - } - } else { - extern "C" { - pub fn X509_NAME_entry_count(n: *mut X509_NAME) -> c_int; - } + pub fn X509_CRL_set_version(crl: *mut X509_CRL, version: c_long) -> c_int; +} +const_ptr_api! { + extern "C" { + pub fn X509_CRL_set_issuer_name(crl: *mut X509_CRL, name: #[const_ptr_if(ossl300)] X509_NAME) -> c_int; } } +extern "C" { + pub fn X509_CRL_sort(crl: *mut X509_CRL) -> c_int; + #[cfg(any(ossl110, libressl270))] + pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; + pub fn X509_CRL_add0_revoked(crl: *mut X509_CRL, rev: *mut X509_REVOKED) -> c_int; +} cfg_if! { - if #[cfg(any(ossl300, libressl280))] { + if #[cfg(any(ossl110, libressl270))] { extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; + pub fn X509_CRL_set1_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set1_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; } } else { + // libressl270 kept them, ossl110 "#define"s them to the variants above extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int; + pub fn X509_CRL_set_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; } } } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_NAME_get_entry(n: *const X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; - pub fn X509_NAME_add_entry_by_NID( - x: *mut X509_NAME, - field: c_int, - ty: c_int, - bytes: *const c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - pub fn X509_NAME_ENTRY_get_object(ne: *const X509_NAME_ENTRY) -> *mut ASN1_OBJECT; - pub fn X509_NAME_ENTRY_get_data(ne: *const X509_NAME_ENTRY) -> *mut ASN1_STRING; - } - } else { - extern "C" { - pub fn X509_NAME_get_entry(n: *mut X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; - pub fn X509_NAME_add_entry_by_NID( - x: *mut X509_NAME, - field: c_int, - ty: c_int, - bytes: *mut c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - pub fn X509_NAME_ENTRY_get_object(ne: *mut X509_NAME_ENTRY) -> *mut ASN1_OBJECT; - pub fn X509_NAME_ENTRY_get_data(ne: *mut X509_NAME_ENTRY) -> *mut ASN1_STRING; - } + +const_ptr_api! { + extern "C" { + pub fn X509_NAME_entry_count(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME) -> c_int; + pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(any(ossl300, libressl280))] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; + pub fn X509_NAME_get_entry(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; + pub fn X509_NAME_add_entry_by_NID( + x: *mut X509_NAME, + field: c_int, + ty: c_int, + bytes: #[const_ptr_if(any(ossl110, libressl280))] c_uchar, + len: c_int, + loc: c_int, + set: c_int, + ) -> c_int; + pub fn X509_NAME_ENTRY_get_object(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_OBJECT; + pub fn X509_NAME_ENTRY_get_data(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_STRING; } } extern "C" { @@ -435,28 +539,121 @@ extern "C" { loc: c_int, set: c_int, ) -> c_int; +} +// "raw" X509_EXTENSION related functions +extern "C" { + // in X509 + pub fn X509_delete_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; -} -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_get_ext_d2i( - x: *const ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - } - } else { - extern "C" { - pub fn X509_get_ext_d2i( - x: *mut ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - } + pub fn X509_add1_ext_i2d( + x: *mut X509, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_CRL + pub fn X509_CRL_delete_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_add_ext(x: *mut X509_CRL, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; + pub fn X509_CRL_add1_ext_i2d( + x: *mut X509_CRL, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_REVOKED + pub fn X509_REVOKED_delete_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_add_ext( + x: *mut X509_REVOKED, + ext: *mut X509_EXTENSION, + loc: c_int, + ) -> c_int; + pub fn X509_REVOKED_add1_ext_i2d( + x: *mut X509_REVOKED, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // X509_EXTENSION stack + // - these getters always used *const STACK + pub fn X509v3_get_ext_count(x: *const stack_st_X509_EXTENSION) -> c_int; + pub fn X509v3_get_ext_by_NID( + x: *const stack_st_X509_EXTENSION, + nid: c_int, + lastpos: c_int, + ) -> c_int; + pub fn X509v3_get_ext_by_critical( + x: *const stack_st_X509_EXTENSION, + crit: c_int, + lastpos: c_int, + ) -> c_int; + pub fn X509v3_get_ext(x: *const stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509v3_delete_ext(x: *mut stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509v3_add_ext( + x: *mut *mut stack_st_X509_EXTENSION, + ex: *mut X509_EXTENSION, + loc: c_int, + ) -> *mut stack_st_X509_EXTENSION; + // - X509V3_add1_i2d in x509v3.rs + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_NID( + ex: *mut *mut X509_EXTENSION, + nid: c_int, + crit: c_int, + data: *mut ASN1_OCTET_STRING, + ) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; + pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; + pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; + pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING; +} +const_ptr_api! { + extern "C" { + // in X509 + pub fn X509_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509) -> c_int; + pub fn X509_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION stack + pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: #[const_ptr_if(any(ossl110, libressl280))] X509_EXTENSION) -> c_int; } } diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 3df7358112..6b29b77265 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -30,7 +30,13 @@ pub const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: c_int = 20; pub const X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: c_int = 21; pub const X509_V_ERR_CERT_CHAIN_TOO_LONG: c_int = 22; pub const X509_V_ERR_CERT_REVOKED: c_int = 23; -pub const X509_V_ERR_INVALID_CA: c_int = 24; +cfg_if! { + if #[cfg(ossl300)] { + pub const X509_V_ERR_NO_ISSUER_PUBLIC_KEY: c_int = 24; + } else { + pub const X509_V_ERR_INVALID_CA: c_int = 24; + } +} pub const X509_V_ERR_PATH_LENGTH_EXCEEDED: c_int = 25; pub const X509_V_ERR_INVALID_PURPOSE: c_int = 26; pub const X509_V_ERR_CERT_UNTRUSTED: c_int = 27; diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index dc936c4ce9..8ab6a53155 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -27,6 +27,17 @@ extern "C" { pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME); } +#[repr(C)] +pub struct AUTHORITY_KEYID { + pub keyid: *mut ASN1_OCTET_STRING, + pub issuer: *mut stack_st_GENERAL_NAME, + pub serial: *mut ASN1_INTEGER, +} + +extern "C" { + pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID); +} + #[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; #[cfg(any(ossl102, libressl261))] @@ -40,37 +51,20 @@ pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; #[cfg(ossl110)] pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509V3_EXT_nconf_nid( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - ext_nid: c_int, - value: *const c_char, - ) -> *mut X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - name: *const c_char, - value: *const c_char, - ) -> *mut X509_EXTENSION; - } - } else { - extern "C" { - pub fn X509V3_EXT_nconf_nid( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - ext_nid: c_int, - value: *mut c_char, - ) -> *mut X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - name: *mut c_char, - value: *mut c_char, - ) -> *mut X509_EXTENSION; - } +const_ptr_api! { + extern "C" { + pub fn X509V3_EXT_nconf_nid( + conf: *mut CONF, + ctx: *mut X509V3_CTX, + ext_nid: c_int, + value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + ) -> *mut X509_EXTENSION; + pub fn X509V3_EXT_nconf( + conf: *mut CONF, + ctx: *mut X509V3_CTX, + name: #[const_ptr_if(any(ossl110, libressl280))] c_char, + value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + ) -> *mut X509_EXTENSION; } } @@ -91,3 +85,102 @@ extern "C" { pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; } + +const_ptr_api! { + extern "C" { + pub fn X509V3_get_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: #[const_ptr_if(any(ossl110, libressl280))] c_char, exts: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + } +} + +// X509V3_add1_i2d (and *_add1_ext_i2d) +pub const X509V3_ADD_DEFAULT: c_ulong = 0; +pub const X509V3_ADD_APPEND: c_ulong = 1; +pub const X509V3_ADD_REPLACE: c_ulong = 2; +pub const X509V3_ADD_REPLACE_EXISTING: c_ulong = 3; +pub const X509V3_ADD_KEEP_EXISTING: c_ulong = 4; +pub const X509V3_ADD_DELETE: c_ulong = 5; +pub const X509V3_ADD_SILENT: c_ulong = 0x10; + +// X509_get_extension_flags +pub const EXFLAG_BCONS: u32 = 0x1; +pub const EXFLAG_KUSAGE: u32 = 0x2; +pub const EXFLAG_XKUSAGE: u32 = 0x4; +pub const EXFLAG_NSCERT: u32 = 0x8; +pub const EXFLAG_CA: u32 = 0x10; +pub const EXFLAG_SI: u32 = 0x20; +pub const EXFLAG_V1: u32 = 0x40; +pub const EXFLAG_INVALID: u32 = 0x80; +pub const EXFLAG_SET: u32 = 0x100; +pub const EXFLAG_CRITICAL: u32 = 0x200; +pub const EXFLAG_PROXY: u32 = 0x400; +pub const EXFLAG_INVALID_POLICY: u32 = 0x800; +pub const EXFLAG_FRESHEST: u32 = 0x1000; +// before ossl102 / libressl260 EXFLAG_SS was 0x20 (the same as EXFLAG_SI); probably not useful semantic +#[cfg(any(ossl102, libressl261))] +pub const EXFLAG_SS: u32 = 0x2000; +/* +cfg_if! { + // probably gonna be in openssl-3.0.0-alpha7 + if #[cfg(any(ossl300))] { + pub const EXFLAG_BCONS_CRITICAL: u32 = 0x10000; + pub const EXFLAG_AKID_CRITICAL: u32 = 0x20000; + pub const EXFLAG_SKID_CRITICAL: u32 = 0x40000; + pub const EXFLAG_SAN_CRITICAL: u32 = 0x80000; + } +} +*/ + +// X509_get_key_usage +pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; +pub const X509v3_KU_NON_REPUDIATION: u32 = 0x0040; +pub const X509v3_KU_KEY_ENCIPHERMENT: u32 = 0x0020; +pub const X509v3_KU_DATA_ENCIPHERMENT: u32 = 0x0010; +pub const X509v3_KU_KEY_AGREEMENT: u32 = 0x0008; +pub const X509v3_KU_KEY_CERT_SIGN: u32 = 0x0004; +pub const X509v3_KU_CRL_SIGN: u32 = 0x0002; +pub const X509v3_KU_ENCIPHER_ONLY: u32 = 0x0001; +pub const X509v3_KU_DECIPHER_ONLY: u32 = 0x8000; +pub const X509v3_KU_UNDEF: u32 = 0xffff; + +// X509_get_extended_key_usage +pub const XKU_SSL_SERVER: u32 = 0x1; +pub const XKU_SSL_CLIENT: u32 = 0x2; +pub const XKU_SMIME: u32 = 0x4; +pub const XKU_CODE_SIGN: u32 = 0x8; +pub const XKU_SGC: u32 = 0x10; +pub const XKU_OCSP_SIGN: u32 = 0x20; +pub const XKU_TIMESTAMP: u32 = 0x40; +pub const XKU_DVCS: u32 = 0x80; +#[cfg(ossl110)] +pub const XKU_ANYEKU: u32 = 0x100; + +extern "C" { + pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; + pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; + pub fn X509V3_add1_i2d( + x: *mut *mut stack_st_X509_EXTENSION, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + pub fn X509V3_EXT_print( + out: *mut BIO, + ext: *mut X509_EXTENSION, + flag: c_ulong, + indent: c_int, + ) -> c_int; + + #[cfg(ossl110)] + pub fn X509_get_extension_flags(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_key_usage(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_extended_key_usage(x: *mut X509) -> u32; +} diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 89c6f809f3..a54833d5a7 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -20,7 +20,7 @@ vendored = ['openssl-sys/vendored'] [dependencies] bitflags = "1.0" -cfg-if = "0.1" +cfg-if = "1.0" foreign-types = "0.3.1" lazy_static = "1" libc = "0.2" diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 4140cd5ec6..2de7e952a8 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -537,6 +537,24 @@ foreign_type_and_impl_send_sync! { pub struct Asn1ObjectRef; } +impl Asn1Object { + /// Constructs an ASN.1 Object Identifier from a string representation of + /// the OID. + /// + /// This corresponds to [`OBJ_txt2obj`]. + /// + /// [`OBJ_txt2obj`]: https://www.openssl.org/docs/man1.1.0/man3/OBJ_txt2obj.html + #[allow(clippy::should_implement_trait)] + pub fn from_str(txt: &str) -> Result { + unsafe { + ffi::init(); + let txt = CString::new(txt).unwrap(); + let obj: *mut ffi::ASN1_OBJECT = cvt_p(ffi::OBJ_txt2obj(txt.as_ptr() as *const _, 0))?; + Ok(Asn1Object::from_ptr(obj)) + } + } +} + impl Asn1ObjectRef { /// Returns the NID associated with this OID. pub fn nid(&self) -> Nid { @@ -584,6 +602,7 @@ mod tests { use super::*; use bn::BigNum; + use nid::Nid; /// Tests conversion between BigNum and Asn1Integer. #[test] @@ -660,4 +679,17 @@ mod tests { assert!(b_ref <= a_ref); assert!(c_ref < a_ref); } + + #[test] + fn object_from_str() { + let object = Asn1Object::from_str("2.16.840.1.101.3.4.2.1").unwrap(); + assert_eq!(object.nid(), Nid::SHA256); + } + + #[test] + fn object_from_str_with_invalid_input() { + Asn1Object::from_str("NOT AN OID") + .map(|object| object.to_string()) + .expect_err("parsing invalid OID should fail"); + } } diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 49c26dc3a5..23d4015ddd 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -633,9 +633,9 @@ where { /// Returns the public key. /// - /// OpenSSL documentation at [`EC_KEY_get0_pubic_key`] + /// OpenSSL documentation at [`EC_KEY_get0_public_key`] /// - /// [`EC_KEY_get0_pubic_key`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_get0_public_key.html + /// [`EC_KEY_get0_public_key`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_get0_public_key.html pub fn public_key(&self) -> &EcPointRef { unsafe { let ptr = ffi::EC_KEY_get0_public_key(self.as_ptr()); diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index a4d93cf958..7820739c0c 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -61,6 +61,17 @@ impl Pkcs7 { ffi::PEM_read_bio_PKCS7 } + from_der! { + /// Deserializes a DER-encoded PKCS#7 signature + /// + /// This corresponds to [`d2i_PKCS7`]. + /// + /// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html + from_der, + Pkcs7, + ffi::d2i_PKCS7 + } + /// Parses a message in S/MIME format. /// /// Returns the loaded signature, along with the cleartext message (if @@ -181,6 +192,16 @@ impl Pkcs7Ref { ffi::PEM_write_bio_PKCS7 } + to_der! { + /// Serializes the data into a DER-encoded PKCS#7 structure. + /// + /// This corresponds to [`i2d_PKCS7`]. + /// + /// [`i2d_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/i2d_PKCS7.html + to_der, + ffi::i2d_PKCS7 + } + /// Decrypts data using the provided private key. /// /// `pkey` is the recipient's private key, and `cert` is the recipient's diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index c8be33ca92..ff0746ff18 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -88,6 +88,10 @@ impl Id { pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519); #[cfg(ossl111)] pub const ED448: Id = Id(ffi::EVP_PKEY_ED448); + #[cfg(ossl111)] + pub const X25519: Id = Id(ffi::EVP_PKEY_X25519); + #[cfg(ossl111)] + pub const X448: Id = Id(ffi::EVP_PKEY_X448); /// Creates a `Id` from an integer representation. pub fn from_raw(value: c_int) -> Id { @@ -494,6 +498,18 @@ impl PKey { } } + /// Generates a new private Ed25519 key + #[cfg(ossl111)] + pub fn generate_x25519() -> Result, ErrorStack> { + PKey::generate_eddsa(ffi::EVP_PKEY_X25519) + } + + /// Generates a new private Ed448 key + #[cfg(ossl111)] + pub fn generate_x448() -> Result, ErrorStack> { + PKey::generate_eddsa(ffi::EVP_PKEY_X448) + } + /// Generates a new private Ed25519 key #[cfg(ossl111)] pub fn generate_ed25519() -> Result, ErrorStack> { diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index cabe057b5c..2277d043ee 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -128,6 +128,7 @@ unsafe extern "C" fn bread(bio: *mut BIO, buf: *mut c_char, len: c_int) } } +#[allow(clippy::match_like_matches_macro)] // matches macro requires rust 1.42.0 fn retriable_error(err: &io::Error) -> bool { match err.kind() { io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true,