diff --git a/rustls-libssl/admin/format b/rustls-libssl/admin/format index aecb4e6..177280c 100755 --- a/rustls-libssl/admin/format +++ b/rustls-libssl/admin/format @@ -10,7 +10,9 @@ # `entry!` with `mod entry`, and then restore it back afterwards. sed -i -e 's/^entry! {/mod entry {/g' src/entry.rs +sed -i -e 's/^entry_stub! {/mod entry_stub {/g' src/entry.rs cargo fmt "$@" rc=$? sed -i -e 's/^mod entry {/entry! {/g' src/entry.rs +sed -i -e 's/^mod entry_stub {/entry_stub! {/g' src/entry.rs exit $rc diff --git a/rustls-libssl/build.rs b/rustls-libssl/build.rs index 569aa82..3889cf6 100644 --- a/rustls-libssl/build.rs +++ b/rustls-libssl/build.rs @@ -57,6 +57,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_clear_options", "SSL_connect", "SSL_ctrl", + "SSL_CTX_add_client_CA", + "SSL_CTX_check_private_key", "SSL_CTX_clear_options", "SSL_CTX_ctrl", "SSL_CTX_free", @@ -66,21 +68,39 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_load_verify_dir", "SSL_CTX_load_verify_file", "SSL_CTX_new", + "SSL_CTX_sess_set_new_cb", "SSL_CTX_set_alpn_protos", + "SSL_CTX_set_cipher_list", + "SSL_CTX_set_ciphersuites", + "SSL_CTX_set_default_passwd_cb", + "SSL_CTX_set_default_passwd_cb_userdata", "SSL_CTX_set_ex_data", + "SSL_CTX_set_keylog_callback", + "SSL_CTX_set_msg_callback", + "SSL_CTX_set_next_proto_select_cb", "SSL_CTX_set_options", + "SSL_CTX_set_post_handshake_auth", + "SSL_CTX_set_srp_password", + "SSL_CTX_set_srp_username", "SSL_CTX_set_verify", "SSL_CTX_up_ref", + "SSL_CTX_use_certificate", + "SSL_CTX_use_certificate_chain_file", + "SSL_CTX_use_certificate_file", + "SSL_CTX_use_PrivateKey", + "SSL_CTX_use_PrivateKey_file", "SSL_free", "SSL_get0_alpn_selected", "SSL_get0_peer_certificate", "SSL_get0_verified_chain", "SSL_get1_peer_certificate", + "SSL_get_certificate", "SSL_get_current_cipher", "SSL_get_error", "SSL_get_ex_data", "SSL_get_options", "SSL_get_peer_cert_chain", + "SSL_get_privatekey", "SSL_get_shutdown", "SSL_get_verify_result", "SSL_get_version", @@ -89,6 +109,7 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_new", "SSL_pending", "SSL_read", + "SSL_SESSION_free", "SSL_set0_rbio", "SSL_set0_wbio", "SSL_set1_host", @@ -99,6 +120,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_set_ex_data", "SSL_set_fd", "SSL_set_options", + "SSL_set_post_handshake_auth", + "SSL_set_session", "SSL_set_shutdown", "SSL_shutdown", "SSL_up_ref", diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs index b8f6c70..3b035dd 100644 --- a/rustls-libssl/src/entry.rs +++ b/rustls-libssl/src/entry.rs @@ -9,7 +9,8 @@ use std::sync::Mutex; use std::{fs, io, path::PathBuf}; use openssl_sys::{ - stack_st_X509, OPENSSL_malloc, X509, X509_STORE, X509_STORE_CTX, X509_V_ERR_UNSPECIFIED, + stack_st_X509, OPENSSL_malloc, EVP_PKEY, X509, X509_STORE, X509_STORE_CTX, + X509_V_ERR_UNSPECIFIED, }; use crate::bio::{Bio, BIO, BIO_METHOD}; @@ -910,6 +911,186 @@ num_enum! { } } +// --- unimplemented stubs below here --- + +macro_rules! entry_stub { + (pub fn $name:ident($($args:tt)*);) => { + #[no_mangle] + pub extern "C" fn $name($($args)*) { + ffi_panic_boundary! { + Error::not_supported(stringify!($name)).raise().into() + } + } + }; + (pub fn $name:ident($($args:tt)*) -> $ret:ty;) => { + #[no_mangle] + pub extern "C" fn $name($($args)*) -> $ret { + ffi_panic_boundary! { + Error::not_supported(stringify!($name)).raise().into() + } + } + }; +} + +// things we support and should be able to implement to +// some extent: + +entry_stub! { + pub fn _SSL_get_certificate(_ssl: *const SSL) -> *mut X509; +} + +entry_stub! { + pub fn _SSL_get_privatekey(_ssl: *const SSL) -> *mut EVP_PKEY; +} + +entry_stub! { + pub fn _SSL_set_session(_ssl: *mut SSL, _session: *mut SSL_SESSION) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_set_keylog_callback(_ctx: *mut SSL_CTX, _cb: SSL_CTX_keylog_cb_func); +} + +pub type SSL_CTX_keylog_cb_func = + Option; + +entry_stub! { + pub fn _SSL_CTX_add_client_CA(_ctx: *mut SSL_CTX, _x: *mut X509) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_check_private_key(_ctx: *const SSL_CTX) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_sess_set_new_cb(_ctx: *mut SSL_CTX, _new_session_cb: SSL_CTX_new_session_cb); +} + +pub type SSL_CTX_new_session_cb = + Option c_int>; + +entry_stub! { + pub fn _SSL_CTX_set_cipher_list(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_set_ciphersuites(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_use_PrivateKey(_ctx: *mut SSL_CTX, _pkey: *mut EVP_PKEY) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_use_PrivateKey_file( + _ctx: *mut SSL_CTX, + _file: *const c_char, + _type: c_int, + ) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_use_certificate(_ctx: *mut SSL_CTX, _x: *mut X509) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_use_certificate_chain_file(_ctx: *mut SSL_CTX, _file: *const c_char) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_use_certificate_file( + _ctx: *mut SSL_CTX, + _file: *const c_char, + _type_: c_int, + ) -> c_int; +} + +pub struct SSL_SESSION; + +entry_stub! { + pub fn _SSL_SESSION_free(_sess: *mut SSL_SESSION); +} + +// no individual message logging + +entry_stub! { + pub fn _SSL_CTX_set_msg_callback(_ctx: *mut SSL_CTX, _cb: SSL_CTX_msg_cb_func); +} + +pub type SSL_CTX_msg_cb_func = Option< + unsafe extern "C" fn( + write_p: c_int, + version: c_int, + content_type: c_int, + buf: *const c_void, + len: usize, + ssl: *mut SSL, + arg: *mut c_void, + ), +>; + +// no NPN (obsolete precursor to ALPN) + +entry_stub! { + pub fn _SSL_CTX_set_next_proto_select_cb( + _ctx: *mut SSL_CTX, + _cb: SSL_CTX_npn_select_cb_func, + _arg: *mut c_void, + ); +} + +pub type SSL_CTX_npn_select_cb_func = Option< + unsafe extern "C" fn( + s: *mut SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + in_: *const c_uchar, + inlen: c_uint, + arg: *mut c_void, + ) -> c_int, +>; + +// no password-protected key loading + +entry_stub! { + pub fn _SSL_CTX_set_default_passwd_cb(_ctx: *mut SSL_CTX, _cb: pem_password_cb); +} + +pub type pem_password_cb = Option< + unsafe extern "C" fn( + buf: *mut c_char, + size: c_int, + rwflag: c_int, + userdata: *mut c_void, + ) -> c_int, +>; + +entry_stub! { + pub fn _SSL_CTX_set_default_passwd_cb_userdata(_ctx: *mut SSL_CTX, _u: *mut c_void); +} + +// no SRP + +entry_stub! { + pub fn _SSL_CTX_set_srp_password(_ctx: *mut SSL_CTX, _password: *mut c_char) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_set_srp_username(_ctx: *mut SSL_CTX, _name: *mut c_char) -> c_int; +} + +// no post-handshake auth + +entry_stub! { + pub fn _SSL_CTX_set_post_handshake_auth(_ctx: *mut SSL_CTX, _val: c_int); +} + +entry_stub! { + pub fn _SSL_set_post_handshake_auth(_s: *mut SSL, _val: c_int); +} + +// --------------------- + #[cfg(test)] mod tests { use super::*;