diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c7b634c..577ef9f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,11 +1,11 @@ version: 2 updates: -- package-ecosystem: cargo - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly + - package-ecosystem: cargo + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01de0fb --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +target/ +/.idea diff --git a/Cargo.lock b/Cargo.lock index c8aea55..197936f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,9 +13,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.7.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5509d663b2c00ee421bda8d6a24d6c42e15970957de1701b8df9f6fbe5707df1" +checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -25,9 +25,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.15.0" +version = "0.21.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d5d317212c2a78d86ba6622e969413c38847b62f48111f8b763af3dac2f9840" +checksum = "b3ddc4a5b231dd6958b140ff3151b6412b3f4321fab354f399eec8f14b06df62" dependencies = [ "bindgen", "cc", @@ -75,11 +75,13 @@ checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "cc" -version = "1.0.86" +version = "1.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f9fa1897e4325be0d68d48df6aa1a71ac2ed4d27723887e7754192705350730" +checksum = "9540e661f81799159abee814118cc139a2004b3a3aa3ea37724a1b66530b90e0" dependencies = [ + "jobserver", "libc", + "shlex", ] [[package]] @@ -216,6 +218,15 @@ dependencies = [ "either", ] +[[package]] +name = "jobserver" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +dependencies = [ + "libc", +] + [[package]] name = "lazy_static" version = "1.4.0" @@ -413,9 +424,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.11" +version = "0.23.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4828ea528154ae444e5a642dbb7d5623354030dc9822b83fd9bb79683c7399d0" +checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8" dependencies = [ "aws-lc-rs", "log", @@ -456,9 +467,9 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.5" +version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ "aws-lc-rs", "ring", diff --git a/Cargo.toml b/Cargo.toml index a1e0c25..cfd5c34 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,6 +13,6 @@ crate-type = ["cdylib"] env_logger = "0.10" log = "0.4" openssl-probe = "0.1" -openssl-sys = "0.9.98" -rustls = "0.23.5" +openssl-sys = "0.9" +rustls = "0.23" rustls-pemfile = "2" diff --git a/MATRIX.md b/MATRIX.md index d63a586..0c4f81a 100644 --- a/MATRIX.md +++ b/MATRIX.md @@ -44,7 +44,7 @@ | `SSL_CIPHER_standard_name` | | | :white_check_mark: | | `SSL_COMP_add_compression_method` | | | | | `SSL_COMP_get0_name` | | | | -| `SSL_COMP_get_compression_methods` | | | | +| `SSL_COMP_get_compression_methods` | | | :exclamation: [^stub] | | `SSL_COMP_get_id` | | | | | `SSL_COMP_get_name` | | | | | `SSL_COMP_set0_compression_methods` | | | | @@ -126,7 +126,7 @@ | `SSL_CTX_set0_CA_list` | | | | | `SSL_CTX_set0_ctlog_store` [^ct] | | | | | `SSL_CTX_set0_security_ex_data` | | | | -| `SSL_CTX_set0_tmp_dh_pkey` | | | | +| `SSL_CTX_set0_tmp_dh_pkey` | | | :exclamation: [^stub] | | `SSL_CTX_set1_cert_store` | | | | | `SSL_CTX_set1_param` | | | | | `SSL_CTX_set_allow_early_data_cb` | | | | @@ -141,9 +141,9 @@ | `SSL_CTX_set_cipher_list` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_ciphersuites` | :white_check_mark: | | :exclamation: [^stub] | | `SSL_CTX_set_client_CA_list` | | :white_check_mark: | :exclamation: [^stub] | -| `SSL_CTX_set_client_cert_cb` | | | | +| `SSL_CTX_set_client_cert_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_client_cert_engine` [^engine] | | | | -| `SSL_CTX_set_client_hello_cb` | | | | +| `SSL_CTX_set_client_hello_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_cookie_generate_cb` | | | | | `SSL_CTX_set_cookie_verify_cb` | | | | | `SSL_CTX_set_ct_validation_callback` [^ct] | | | | @@ -181,19 +181,19 @@ | `SSL_CTX_set_security_level` | | | | | `SSL_CTX_set_session_id_context` | | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_session_ticket_cb` | | | | -| `SSL_CTX_set_srp_cb_arg` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_CTX_set_srp_cb_arg` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_CTX_set_srp_client_pwd_callback` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_srp_password` [^deprecatedin_3_0] [^srp] | :white_check_mark: | | :exclamation: [^stub] | | `SSL_CTX_set_srp_strength` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_srp_username` [^deprecatedin_3_0] [^srp] | :white_check_mark: | | :exclamation: [^stub] | -| `SSL_CTX_set_srp_username_callback` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_CTX_set_srp_username_callback` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_CTX_set_srp_verify_param_callback` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_ssl_version` [^deprecatedin_3_0] | | | | | `SSL_CTX_set_stateless_cookie_generate_cb` | | | | | `SSL_CTX_set_stateless_cookie_verify_cb` | | | | | `SSL_CTX_set_timeout` | | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_tlsext_max_fragment_length` | | | | -| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | | | | +| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_tlsext_use_srtp` [^srtp] | | | | | `SSL_CTX_set_tmp_dh_callback` [^deprecatedin_3_0] [^dh] | | | | | `SSL_CTX_set_trust` | | | | @@ -224,7 +224,7 @@ | `SSL_SESSION_get0_peer` | | | | | `SSL_SESSION_get0_ticket` | | | | | `SSL_SESSION_get0_ticket_appdata` | | | | -| `SSL_SESSION_get_compress_id` | | | | +| `SSL_SESSION_get_compress_id` | | | :exclamation: [^stub] | | `SSL_SESSION_get_ex_data` | | | | | `SSL_SESSION_get_id` | | :white_check_mark: | :white_check_mark: | | `SSL_SESSION_get_master_key` | | | | @@ -260,13 +260,13 @@ | `SSL_add1_to_CA_list` | | | | | `SSL_add_client_CA` | | | | | `SSL_add_dir_cert_subjects_to_stack` | | | | -| `SSL_add_file_cert_subjects_to_stack` | | | | +| `SSL_add_file_cert_subjects_to_stack` | | | :exclamation: [^stub] | | `SSL_add_ssl_module` | | | | | `SSL_add_store_cert_subjects_to_stack` | | | | | `SSL_alert_desc_string` | | | :white_check_mark: | | `SSL_alert_desc_string_long` | :white_check_mark: | | :white_check_mark: | -| `SSL_alert_type_string` | | | | -| `SSL_alert_type_string_long` | | | | +| `SSL_alert_type_string` | | | :white_check_mark: | +| `SSL_alert_type_string_long` | | | :white_check_mark: | | `SSL_alloc_buffers` | | | | | `SSL_bytes_to_cipher_list` | | | | | `SSL_callback_ctrl` | | | | @@ -277,7 +277,7 @@ | `SSL_clear_options` | | :white_check_mark: | :white_check_mark: | | `SSL_client_hello_get0_ciphers` | | | | | `SSL_client_hello_get0_compression_methods` | | | | -| `SSL_client_hello_get0_ext` | | | | +| `SSL_client_hello_get0_ext` | | | :exclamation: [^stub] | | `SSL_client_hello_get0_legacy_version` | | | | | `SSL_client_hello_get0_random` | | | | | `SSL_client_hello_get0_session_id` | | | | @@ -324,8 +324,8 @@ | `SSL_get_certificate` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_changed_async_fds` | | | | | `SSL_get_cipher_list` | | | | -| `SSL_get_ciphers` | | | | -| `SSL_get_client_CA_list` | | | | +| `SSL_get_ciphers` | | | :exclamation: [^stub] | +| `SSL_get_client_CA_list` | | | :exclamation: [^stub] | | `SSL_get_client_ciphers` | | | | | `SSL_get_client_random` | | | | | `SSL_get_current_cipher` | :white_check_mark: | :white_check_mark: | :white_check_mark: | @@ -339,14 +339,14 @@ | `SSL_get_ex_data` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_ex_data_X509_STORE_CTX_idx` | | :white_check_mark: | :exclamation: [^stub] | | `SSL_get_fd` | | | | -| `SSL_get_finished` | | | | +| `SSL_get_finished` | | | :exclamation: [^stub] | | `SSL_get_info_callback` | | | | | `SSL_get_key_update_type` | | | | | `SSL_get_max_early_data` | | | | | `SSL_get_num_tickets` | | | :white_check_mark: | | `SSL_get_options` | | :white_check_mark: | :white_check_mark: | | `SSL_get_peer_cert_chain` | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| `SSL_get_peer_finished` | | | | +| `SSL_get_peer_finished` | | | :exclamation: [^stub] | | `SSL_get_peer_signature_type_nid` | :white_check_mark: | | :white_check_mark: | | `SSL_get_pending_cipher` | | | | | `SSL_get_privatekey` | :white_check_mark: | | :white_check_mark: | @@ -365,15 +365,15 @@ | `SSL_get_servername` | | :white_check_mark: | :white_check_mark: | | `SSL_get_servername_type` | | | :white_check_mark: | | `SSL_get_session` | | :white_check_mark: | :white_check_mark: | -| `SSL_get_shared_ciphers` | | | | +| `SSL_get_shared_ciphers` | | | :exclamation: [^stub] | | `SSL_get_shared_sigalgs` | | | | | `SSL_get_shutdown` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_sigalgs` | | | | | `SSL_get_signature_type_nid` | | | | | `SSL_get_srp_N` [^deprecatedin_3_0] [^srp] | | | | | `SSL_get_srp_g` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_get_srp_userinfo` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_get_srp_username` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_get_srp_userinfo` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | +| `SSL_get_srp_username` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_get_srtp_profiles` [^srtp] | | | | | `SSL_get_ssl_method` | | | | | `SSL_get_state` | | | :white_check_mark: | @@ -397,13 +397,13 @@ | `SSL_load_client_CA_file_ex` | | | | | `SSL_new` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_new_session_ticket` | | | | -| `SSL_peek` | | | | +| `SSL_peek` | | | :exclamation: [^stub] | | `SSL_peek_ex` | | | | | `SSL_pending` | :white_check_mark: | | :white_check_mark: | | `SSL_read` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_read_early_data` | | :white_check_mark: | :exclamation: [^stub] | | `SSL_read_ex` | | | | -| `SSL_renegotiate` | | | | +| `SSL_renegotiate` | | | :exclamation: [^stub] | | `SSL_renegotiate_abbreviated` | | | | | `SSL_renegotiate_pending` | | | | | `SSL_rstate_string` | | | | @@ -427,7 +427,7 @@ | `SSL_set_bio` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_set_block_padding` | | | | | `SSL_set_cert_cb` | | | | -| `SSL_set_cipher_list` | | | | +| `SSL_set_cipher_list` | | | :white_check_mark: | | `SSL_set_ciphersuites` | | | | | `SSL_set_client_CA_list` | | | | | `SSL_set_connect_state` | :white_check_mark: | :white_check_mark: | :white_check_mark: | @@ -461,12 +461,12 @@ | `SSL_set_security_callback` | | | | | `SSL_set_security_level` | | | | | `SSL_set_session` | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] | -| `SSL_set_session_id_context` | | | | +| `SSL_set_session_id_context` | | | :exclamation: [^stub] | | `SSL_set_session_secret_cb` | | | | | `SSL_set_session_ticket_ext` | | | | | `SSL_set_session_ticket_ext_cb` | | | | | `SSL_set_shutdown` | | :white_check_mark: | :white_check_mark: | -| `SSL_set_srp_server_param` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_set_srp_server_param` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_set_srp_server_param_pw` [^deprecatedin_3_0] [^srp] | | | | | `SSL_set_ssl_method` | | | | | `SSL_set_tlsext_max_fragment_length` | | | | @@ -475,12 +475,12 @@ | `SSL_set_trust` | | | | | `SSL_set_verify` | | :white_check_mark: | :white_check_mark: | | `SSL_set_verify_depth` | | :white_check_mark: | :white_check_mark: | -| `SSL_set_verify_result` | | | | +| `SSL_set_verify_result` | | | :white_check_mark: | | `SSL_set_wfd` [^sock] | | | | | `SSL_shutdown` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_srp_server_param_with_username` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_state_string` | | | | -| `SSL_state_string_long` | | | | +| `SSL_state_string` | | | :exclamation: [^stub] | +| `SSL_state_string_long` | | | :exclamation: [^stub] | | `SSL_stateless` | | | | | `SSL_test_functions` [^unit_test] | | | | | `SSL_trace` [^ssl_trace] | | | | @@ -497,7 +497,7 @@ | `SSL_use_certificate_chain_file` | | | | | `SSL_use_certificate_file` | | | | | `SSL_use_psk_identity_hint` [^psk] | | | | -| `SSL_verify_client_post_handshake` | | | | +| `SSL_verify_client_post_handshake` | | | :exclamation: [^stub] | | `SSL_version` | | :white_check_mark: | :white_check_mark: | | `SSL_waiting_for_async` | | | | | `SSL_want` | | | :white_check_mark: | diff --git a/Makefile b/Makefile index 728d7c2..ce2edfc 100644 --- a/Makefile +++ b/Makefile @@ -62,6 +62,7 @@ format: find src tests \ -name '*.[c|h]' | \ xargs clang-format -i + admin/format format-check: find src tests \ diff --git a/build.rs b/build.rs index 54a44b5..6de4542 100644 --- a/build.rs +++ b/build.rs @@ -47,8 +47,11 @@ const ENTRYPOINTS: &[&str] = &[ "i2d_SSL_SESSION", "OPENSSL_init_ssl", "SSL_accept", + "SSL_add_file_cert_subjects_to_stack", "SSL_alert_desc_string", "SSL_alert_desc_string_long", + "SSL_alert_type_string", + "SSL_alert_type_string_long", "SSL_check_private_key", "SSL_CIPHER_description", "SSL_CIPHER_find", @@ -59,6 +62,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CIPHER_get_version", "SSL_CIPHER_standard_name", "SSL_clear_options", + "SSL_client_hello_get0_ext", + "SSL_COMP_get_compression_methods", "SSL_CONF_cmd", "SSL_CONF_cmd_value_type", "SSL_CONF_CTX_clear_flags", @@ -99,6 +104,7 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_sess_set_get_cb", "SSL_CTX_sess_set_new_cb", "SSL_CTX_sess_set_remove_cb", + "SSL_CTX_set0_tmp_dh_pkey", "SSL_CTX_set_alpn_protos", "SSL_CTX_set_alpn_select_cb", "SSL_CTX_set_cert_cb", @@ -106,6 +112,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_set_cipher_list", "SSL_CTX_set_ciphersuites", "SSL_CTX_set_client_CA_list", + "SSL_CTX_set_client_cert_cb", + "SSL_CTX_set_client_hello_cb", "SSL_CTX_set_default_passwd_cb", "SSL_CTX_set_default_passwd_cb_userdata", "SSL_CTX_set_default_verify_dir", @@ -123,9 +131,12 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_set_options", "SSL_CTX_set_post_handshake_auth", "SSL_CTX_set_session_id_context", + "SSL_CTX_set_srp_cb_arg", "SSL_CTX_set_srp_password", "SSL_CTX_set_srp_username", + "SSL_CTX_set_srp_username_callback", "SSL_CTX_set_timeout", + "SSL_CTX_set_tlsext_ticket_key_evp_cb", "SSL_CTX_set_verify", "SSL_CTX_set_verify_depth", "SSL_CTX_up_ref", @@ -143,21 +154,28 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_get1_peer_certificate", "SSL_get1_session", "SSL_get_certificate", + "SSL_get_ciphers", + "SSL_get_client_CA_list", "SSL_get_current_cipher", "SSL_get_current_compression", "SSL_get_error", "SSL_get_ex_data", "SSL_get_ex_data_X509_STORE_CTX_idx", + "SSL_get_finished", "SSL_get_num_tickets", "SSL_get_options", "SSL_get_peer_cert_chain", + "SSL_get_peer_finished", "SSL_get_peer_signature_type_nid", "SSL_get_privatekey", "SSL_get_rbio", "SSL_get_servername", "SSL_get_servername_type", "SSL_get_session", + "SSL_get_shared_ciphers", "SSL_get_shutdown", + "SSL_get_srp_userinfo", + "SSL_get_srp_username", "SSL_get_SSL_CTX", "SSL_get_state", "SSL_get_verify_depth", @@ -172,12 +190,15 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_is_server", "SSL_load_client_CA_file", "SSL_new", + "SSL_peek", "SSL_pending", "SSL_read", "SSL_read_early_data", + "SSL_renegotiate", "SSL_select_next_proto", "SSL_sendfile", "SSL_SESSION_free", + "SSL_SESSION_get_compress_id", "SSL_SESSION_get_id", "SSL_SESSION_get_time", "SSL_SESSION_get_timeout", @@ -192,6 +213,7 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_set_accept_state", "SSL_set_alpn_protos", "SSL_set_bio", + "SSL_set_cipher_list", "SSL_set_connect_state", "SSL_set_ex_data", "SSL_set_fd", @@ -202,15 +224,21 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_set_post_handshake_auth", "SSL_set_quiet_shutdown", "SSL_set_session", + "SSL_set_session_id_context", "SSL_set_shutdown", + "SSL_set_srp_server_param", "SSL_set_SSL_CTX", "SSL_set_verify", "SSL_set_verify_depth", + "SSL_set_verify_result", "SSL_shutdown", + "SSL_state_string", + "SSL_state_string_long", "SSL_up_ref", "SSL_use_certificate", "SSL_use_PrivateKey", "SSL_use_PrivateKey_file", + "SSL_verify_client_post_handshake", "SSL_version", "SSL_want", "SSL_write", diff --git a/src/constants.rs b/src/constants.rs index f316acf..df0dbeb 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -4,6 +4,7 @@ use openssl_sys::{ NID_ED25519, NID_ED448, NID_X25519, NID_X448, }; +use rustls::internal::msgs::enums::AlertLevel; use rustls::{AlertDescription, NamedGroup, SignatureScheme}; pub fn alert_desc_to_long_string(value: c_int) -> &'static CStr { @@ -88,6 +89,22 @@ pub fn alert_desc_to_short_string(value: c_int) -> &'static CStr { } } +pub fn alert_level_to_short_string(value: u8) -> &'static CStr { + match AlertLevel::from(value) { + AlertLevel::Warning => c"W", + AlertLevel::Fatal => c"F", + _ => c"U", + } +} + +pub fn alert_level_to_long_string(value: u8) -> &'static CStr { + match AlertLevel::from(value) { + AlertLevel::Warning => c"warning", + AlertLevel::Fatal => c"fatal", + _ => c"unknown", + } +} + pub fn sig_scheme_to_nid(scheme: SignatureScheme) -> Option { use SignatureScheme::*; match scheme { diff --git a/src/entry.rs b/src/entry.rs index 922bc43..4a26b39 100644 --- a/src/entry.rs +++ b/src/entry.rs @@ -10,8 +10,9 @@ use std::sync::Arc; use std::{fs, path::PathBuf}; use openssl_sys::{ - stack_st_X509, stack_st_X509_NAME, NID_undef, OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, - EVP_PKEY, OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX, + stack_st_SSL_CIPHER, stack_st_X509, stack_st_X509_NAME, stack_st_void, NID_undef, + OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, BIGNUM, EVP_CIPHER_CTX, EVP_PKEY, HMAC_CTX, + OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX, }; use rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer}; @@ -77,6 +78,20 @@ entry! { } } +entry! { + pub fn _SSL_alert_type_string(value: c_int) -> *const c_char { + crate::constants::alert_level_to_short_string(u8::try_from(value).unwrap_or_default()) + .as_ptr() as *const c_char + } +} + +entry! { + pub fn _SSL_alert_type_string_long(value: c_int) -> *const c_char { + crate::constants::alert_level_to_long_string(u8::try_from(value).unwrap_or_default()) + .as_ptr() as *const c_char + } +} + entry! { pub fn _BIO_f_ssl() -> *const BIO_METHOD { &crate::bio::SSL_BIO_METHOD @@ -941,6 +956,15 @@ entry! { } } +entry! { + pub fn _SSL_set_cipher_list(_ssl: *mut SSL, str: *const c_char) -> c_int { + match try_str!(str) { + "HIGH:!aNULL:!MD5" => C_INT_SUCCESS, + _ => Error::not_supported("SSL_set_cipher_list").raise().into(), + } + } +} + entry! { pub fn _SSL_set_connect_state(ssl: *mut SSL) { try_clone_arc!(ssl).get_mut().set_client_mode() @@ -1271,6 +1295,12 @@ entry! { } } +entry! { + pub fn _SSL_set_verify_result(ssl: *mut SSL, v: c_long) { + try_clone_arc!(ssl).get().set_last_verification_result(v) + } +} + entry! { pub fn _SSL_get_certificate(ssl: *const SSL) -> *mut X509 { try_clone_arc!(ssl).get().get_certificate() @@ -1968,6 +1998,14 @@ entry_stub! { pub fn _SSL_set_session(_ssl: *mut SSL, _session: *mut SSL_SESSION) -> c_int; } +entry_stub! { + pub fn _SSL_set_session_id_context( + _ssl: *mut SSL, + _sid_ctx: *const c_uchar, + _sid_ctx_len: c_uint, + ) -> c_int; +} + entry_stub! { pub fn _SSL_CTX_remove_session(_ssl: *const SSL, _session: *mut SSL_SESSION) -> c_int; } @@ -1995,6 +2033,67 @@ entry_stub! { ) -> c_int; } +entry_stub! { + pub fn _SSL_CTX_set_tlsext_ticket_key_evp_cb( + _ctx: *mut SSL_CTX, + _fp: SSL_CTX_tlsext_ticket_key_evp_cb_func, + ) -> c_int; +} + +pub type SSL_CTX_tlsext_ticket_key_evp_cb_func = Option< + unsafe extern "C" fn( + _ssl: *mut SSL, + _key_name: *mut c_uchar, + _iv: *mut c_uchar, + _ctx: *mut EVP_CIPHER_CTX, + _hctx: *mut HMAC_CTX, + _enc: c_int, + ) -> c_int, +>; + +entry_stub! { + pub fn _SSL_CTX_set_client_hello_cb( + _ctx: *mut SSL_CTX, + _cb: SSL_client_hello_cb_func, + _arg: *mut c_void, + ); +} + +pub type SSL_client_hello_cb_func = + Option c_int>; + +entry_stub! { + pub fn _SSL_state_string(_ssl: *const SSL) -> *const c_char; +} + +entry_stub! { + pub fn _SSL_state_string_long(_ssl: *const SSL) -> *const c_char; +} + +entry_stub! { + pub fn _SSL_peek(_ssl: *mut SSL, _buf: *mut c_void, _num: c_int) -> c_int; +} + +entry_stub! { + pub fn _SSL_get_shared_ciphers( + _ssl: *const SSL, + _buf: *mut c_char, + _size: c_int, + ) -> *mut c_char; +} + +entry_stub! { + pub fn _SSL_get_ciphers(_ssl: *const SSL) -> *mut stack_st_SSL_CIPHER; +} + +entry_stub! { + pub fn _SSL_CTX_set_client_cert_cb(_ctx: *mut SSL_CTX, _cb: SSL_client_cert_cb_func); +} + +pub type SSL_client_cert_cb_func = Option< + unsafe extern "C" fn(_ssl: *mut SSL, _x509: *mut *mut X509, _pkey: *mut *mut EVP_PKEY) -> c_int, +>; + // The SSL_CTX X509_STORE isn't being meaningfully used yet. entry_stub! { pub fn _SSL_CTX_set_default_verify_store(_ctx: *mut SSL_CTX) -> c_int; @@ -2030,6 +2129,17 @@ entry_stub! { pub fn _SSL_load_client_CA_file(_file: *const c_char) -> *mut stack_st_X509_NAME; } +entry_stub! { + pub fn _SSL_get_client_CA_list(_ssl: *const SSL) -> *mut stack_st_X509_NAME; +} + +entry_stub! { + pub fn _SSL_add_file_cert_subjects_to_stack( + _stack: *mut stack_st_X509_NAME, + _file: *const c_char, + ) -> c_int; +} + // no individual message logging entry_stub! { @@ -2136,6 +2246,45 @@ entry_stub! { pub fn _SSL_CTX_set_srp_username(_ctx: *mut SSL_CTX, _name: *mut c_char) -> c_int; } +entry_stub! { + pub fn _SSL_CTX_set_srp_username_callback( + _ctx: *mut SSL_CTX, + _cb: SSL_srp_username_cb_func, + ) -> c_int; +} + +pub type SSL_srp_username_cb_func = + Option c_int>; + +entry_stub! { + pub fn _SSL_set_srp_server_param( + _s: *mut SSL, + _n: *const BIGNUM, + _g: *const BIGNUM, + _sa: *const BIGNUM, + _v: *const BIGNUM, + _info: *const c_char, + ) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_set_srp_cb_arg(_ctx: *mut SSL_CTX, _arg: *mut c_void) -> c_int; +} + +entry_stub! { + pub fn _SSL_get_srp_username(_ssl: *mut SSL) -> *mut c_char; +} + +entry_stub! { + pub fn _SSL_get_srp_userinfo(_ssl: *mut SSL) -> *mut c_char; +} + +// no DH ciphersuites + +entry_stub! { + pub fn _SSL_CTX_set0_tmp_dh_pkey(_ctx: *mut SSL_CTX, _dhpkey: *mut EVP_PKEY) -> c_int; +} + // no post-handshake auth entry_stub! { @@ -2146,6 +2295,16 @@ entry_stub! { pub fn _SSL_set_post_handshake_auth(_s: *mut SSL, _val: c_int); } +entry_stub! { + pub fn _SSL_verify_client_post_handshake(_ssl: *mut SSL) -> c_int; +} + +// no renegotiation + +entry_stub! { + pub fn _SSL_renegotiate(_ssl: *mut SSL) -> c_int; +} + // No kTLS/sendfile support entry_stub! { @@ -2158,6 +2317,17 @@ entry_stub! { ) -> c_long; } +// No access to individual certificate extensions + +entry_stub! { + pub fn _SSL_client_hello_get0_ext( + _ssl: *mut SSL, + _type: c_uint, + _out: *mut *const c_uchar, + _outlen: *mut usize, + ) -> c_int; +} + // No custom extension support // (used by nginx to implement quic) @@ -2216,6 +2386,27 @@ type SSL_custom_ext_free_cb_ex = Option< ), >; +// No low level protocol details. + +entry_stub! { + pub fn _SSL_get_finished(_ssl: *const SSL, _buf: *mut c_void, _count: usize) -> usize; +} + +entry_stub! { + pub fn _SSL_get_peer_finished(_ssl: *const SSL, _buf: *mut c_void, _count: usize) -> usize; +} + +// No TLS 1.2 protocol compression. + +entry_stub! { + pub fn _SSL_SESSION_get_compress_id(_ssl: *mut SSL) -> c_int; +} + +entry_stub! { + // nb: should return stack_st_SSL_COMP, but this isn't defined in openssl-sys + pub fn _SSL_COMP_get_compression_methods() -> *mut stack_st_void; +} + // --------------------- #[cfg(test)] diff --git a/src/lib.rs b/src/lib.rs index ff28608..4e8b75c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1395,6 +1395,14 @@ impl Ssl { } } + fn set_last_verification_result(&self, v: i64) { + match &self.conn { + ConnState::Client(_, verifier) => verifier.update_last_result(v), + ConnState::Server(_, verifier, _) => verifier.update_last_result(v), + _ => {} + } + } + fn get_last_verification_sig_scheme(&self) -> Option { match &self.conn { ConnState::Client(_, verifier) => verifier.last_sig_scheme(), diff --git a/src/verifier.rs b/src/verifier.rs index 641d583..770afbf 100644 --- a/src/verifier.rs +++ b/src/verifier.rs @@ -66,6 +66,10 @@ impl ServerVerifier { self.last_result.load(Ordering::Acquire) } + pub fn update_last_result(&self, v: i64) { + self.last_result.store(v, Ordering::Relaxed); + } + pub fn last_sig_scheme(&self) -> Option { self.last_sig_scheme.read().ok().map(|scheme| *scheme)? } @@ -202,6 +206,10 @@ impl ClientVerifier { self.last_result.load(Ordering::Acquire) } + pub fn update_last_result(&self, v: i64) { + self.last_result.store(v, Ordering::Relaxed); + } + pub fn last_sig_scheme(&self) -> Option { self.last_sig_scheme.read().ok().map(|scheme| *scheme)? }