From 8f0c47bc6d0119c7a60e43709c7d6c5156e85e77 Mon Sep 17 00:00:00 2001
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Fri, 23 Feb 2024 15:41:31 +0000
Subject: [PATCH] Stub out a wedge of functions

Some of these certainly will be implemented later, others almost
certainly will not.
---
 rustls-libssl/admin/format |   2 +
 rustls-libssl/build.rs     |  23 +++++
 rustls-libssl/src/entry.rs | 183 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 207 insertions(+), 1 deletion(-)

diff --git a/rustls-libssl/admin/format b/rustls-libssl/admin/format
index aecb4e6..177280c 100755
--- a/rustls-libssl/admin/format
+++ b/rustls-libssl/admin/format
@@ -10,7 +10,9 @@
 # `entry!` with `mod entry`, and then restore it back afterwards.
 
 sed -i -e 's/^entry! {/mod entry {/g' src/entry.rs
+sed -i -e 's/^entry_stub! {/mod entry_stub {/g' src/entry.rs
 cargo fmt "$@"
 rc=$?
 sed -i -e 's/^mod entry {/entry! {/g' src/entry.rs
+sed -i -e 's/^mod entry_stub {/entry_stub! {/g' src/entry.rs
 exit $rc
diff --git a/rustls-libssl/build.rs b/rustls-libssl/build.rs
index 569aa82..3889cf6 100644
--- a/rustls-libssl/build.rs
+++ b/rustls-libssl/build.rs
@@ -57,6 +57,8 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_clear_options",
     "SSL_connect",
     "SSL_ctrl",
+    "SSL_CTX_add_client_CA",
+    "SSL_CTX_check_private_key",
     "SSL_CTX_clear_options",
     "SSL_CTX_ctrl",
     "SSL_CTX_free",
@@ -66,21 +68,39 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_CTX_load_verify_dir",
     "SSL_CTX_load_verify_file",
     "SSL_CTX_new",
+    "SSL_CTX_sess_set_new_cb",
     "SSL_CTX_set_alpn_protos",
+    "SSL_CTX_set_cipher_list",
+    "SSL_CTX_set_ciphersuites",
+    "SSL_CTX_set_default_passwd_cb",
+    "SSL_CTX_set_default_passwd_cb_userdata",
     "SSL_CTX_set_ex_data",
+    "SSL_CTX_set_keylog_callback",
+    "SSL_CTX_set_msg_callback",
+    "SSL_CTX_set_next_proto_select_cb",
     "SSL_CTX_set_options",
+    "SSL_CTX_set_post_handshake_auth",
+    "SSL_CTX_set_srp_password",
+    "SSL_CTX_set_srp_username",
     "SSL_CTX_set_verify",
     "SSL_CTX_up_ref",
+    "SSL_CTX_use_certificate",
+    "SSL_CTX_use_certificate_chain_file",
+    "SSL_CTX_use_certificate_file",
+    "SSL_CTX_use_PrivateKey",
+    "SSL_CTX_use_PrivateKey_file",
     "SSL_free",
     "SSL_get0_alpn_selected",
     "SSL_get0_peer_certificate",
     "SSL_get0_verified_chain",
     "SSL_get1_peer_certificate",
+    "SSL_get_certificate",
     "SSL_get_current_cipher",
     "SSL_get_error",
     "SSL_get_ex_data",
     "SSL_get_options",
     "SSL_get_peer_cert_chain",
+    "SSL_get_privatekey",
     "SSL_get_shutdown",
     "SSL_get_verify_result",
     "SSL_get_version",
@@ -89,6 +109,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_new",
     "SSL_pending",
     "SSL_read",
+    "SSL_SESSION_free",
     "SSL_set0_rbio",
     "SSL_set0_wbio",
     "SSL_set1_host",
@@ -99,6 +120,8 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_set_ex_data",
     "SSL_set_fd",
     "SSL_set_options",
+    "SSL_set_post_handshake_auth",
+    "SSL_set_session",
     "SSL_set_shutdown",
     "SSL_shutdown",
     "SSL_up_ref",
diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs
index b8f6c70..3b035dd 100644
--- a/rustls-libssl/src/entry.rs
+++ b/rustls-libssl/src/entry.rs
@@ -9,7 +9,8 @@ use std::sync::Mutex;
 use std::{fs, io, path::PathBuf};
 
 use openssl_sys::{
-    stack_st_X509, OPENSSL_malloc, X509, X509_STORE, X509_STORE_CTX, X509_V_ERR_UNSPECIFIED,
+    stack_st_X509, OPENSSL_malloc, EVP_PKEY, X509, X509_STORE, X509_STORE_CTX,
+    X509_V_ERR_UNSPECIFIED,
 };
 
 use crate::bio::{Bio, BIO, BIO_METHOD};
@@ -910,6 +911,186 @@ num_enum! {
     }
 }
 
+// --- unimplemented stubs below here ---
+
+macro_rules! entry_stub {
+    (pub fn $name:ident($($args:tt)*);) => {
+        #[no_mangle]
+        pub extern "C" fn $name($($args)*) {
+            ffi_panic_boundary! {
+                Error::not_supported(stringify!($name)).raise().into()
+            }
+        }
+    };
+    (pub fn $name:ident($($args:tt)*) -> $ret:ty;) => {
+        #[no_mangle]
+        pub extern "C" fn $name($($args)*) -> $ret {
+            ffi_panic_boundary! {
+                Error::not_supported(stringify!($name)).raise().into()
+            }
+        }
+    };
+}
+
+// things we support and should be able to implement to
+// some extent:
+
+entry_stub! {
+    pub fn _SSL_get_certificate(_ssl: *const SSL) -> *mut X509;
+}
+
+entry_stub! {
+    pub fn _SSL_get_privatekey(_ssl: *const SSL) -> *mut EVP_PKEY;
+}
+
+entry_stub! {
+    pub fn _SSL_set_session(_ssl: *mut SSL, _session: *mut SSL_SESSION) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_set_keylog_callback(_ctx: *mut SSL_CTX, _cb: SSL_CTX_keylog_cb_func);
+}
+
+pub type SSL_CTX_keylog_cb_func =
+    Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
+
+entry_stub! {
+    pub fn _SSL_CTX_add_client_CA(_ctx: *mut SSL_CTX, _x: *mut X509) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_check_private_key(_ctx: *const SSL_CTX) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_sess_set_new_cb(_ctx: *mut SSL_CTX, _new_session_cb: SSL_CTX_new_session_cb);
+}
+
+pub type SSL_CTX_new_session_cb =
+    Option<unsafe extern "C" fn(_ssl: *mut SSL, _sess: *mut SSL_SESSION) -> c_int>;
+
+entry_stub! {
+    pub fn _SSL_CTX_set_cipher_list(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_set_ciphersuites(_ctx: *mut SSL_CTX, _s: *const c_char) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_use_PrivateKey(_ctx: *mut SSL_CTX, _pkey: *mut EVP_PKEY) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_use_PrivateKey_file(
+        _ctx: *mut SSL_CTX,
+        _file: *const c_char,
+        _type: c_int,
+    ) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_use_certificate(_ctx: *mut SSL_CTX, _x: *mut X509) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_use_certificate_chain_file(_ctx: *mut SSL_CTX, _file: *const c_char) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_use_certificate_file(
+        _ctx: *mut SSL_CTX,
+        _file: *const c_char,
+        _type_: c_int,
+    ) -> c_int;
+}
+
+pub struct SSL_SESSION;
+
+entry_stub! {
+    pub fn _SSL_SESSION_free(_sess: *mut SSL_SESSION);
+}
+
+// no individual message logging
+
+entry_stub! {
+    pub fn _SSL_CTX_set_msg_callback(_ctx: *mut SSL_CTX, _cb: SSL_CTX_msg_cb_func);
+}
+
+pub type SSL_CTX_msg_cb_func = Option<
+    unsafe extern "C" fn(
+        write_p: c_int,
+        version: c_int,
+        content_type: c_int,
+        buf: *const c_void,
+        len: usize,
+        ssl: *mut SSL,
+        arg: *mut c_void,
+    ),
+>;
+
+// no NPN (obsolete precursor to ALPN)
+
+entry_stub! {
+    pub fn _SSL_CTX_set_next_proto_select_cb(
+        _ctx: *mut SSL_CTX,
+        _cb: SSL_CTX_npn_select_cb_func,
+        _arg: *mut c_void,
+    );
+}
+
+pub type SSL_CTX_npn_select_cb_func = Option<
+    unsafe extern "C" fn(
+        s: *mut SSL,
+        out: *mut *mut c_uchar,
+        outlen: *mut c_uchar,
+        in_: *const c_uchar,
+        inlen: c_uint,
+        arg: *mut c_void,
+    ) -> c_int,
+>;
+
+// no password-protected key loading
+
+entry_stub! {
+    pub fn _SSL_CTX_set_default_passwd_cb(_ctx: *mut SSL_CTX, _cb: pem_password_cb);
+}
+
+pub type pem_password_cb = Option<
+    unsafe extern "C" fn(
+        buf: *mut c_char,
+        size: c_int,
+        rwflag: c_int,
+        userdata: *mut c_void,
+    ) -> c_int,
+>;
+
+entry_stub! {
+    pub fn _SSL_CTX_set_default_passwd_cb_userdata(_ctx: *mut SSL_CTX, _u: *mut c_void);
+}
+
+// no SRP
+
+entry_stub! {
+    pub fn _SSL_CTX_set_srp_password(_ctx: *mut SSL_CTX, _password: *mut c_char) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_CTX_set_srp_username(_ctx: *mut SSL_CTX, _name: *mut c_char) -> c_int;
+}
+
+// no post-handshake auth
+
+entry_stub! {
+    pub fn _SSL_CTX_set_post_handshake_auth(_ctx: *mut SSL_CTX, _val: c_int);
+}
+
+entry_stub! {
+    pub fn _SSL_set_post_handshake_auth(_s: *mut SSL, _val: c_int);
+}
+
+// ---------------------
+
 #[cfg(test)]
 mod tests {
     use super::*;