diff --git a/MATRIX.md b/MATRIX.md index cfdc1db..0c4f81a 100644 --- a/MATRIX.md +++ b/MATRIX.md @@ -44,7 +44,7 @@ | `SSL_CIPHER_standard_name` | | | :white_check_mark: | | `SSL_COMP_add_compression_method` | | | | | `SSL_COMP_get0_name` | | | | -| `SSL_COMP_get_compression_methods` | | | | +| `SSL_COMP_get_compression_methods` | | | :exclamation: [^stub] | | `SSL_COMP_get_id` | | | | | `SSL_COMP_get_name` | | | | | `SSL_COMP_set0_compression_methods` | | | | @@ -126,7 +126,7 @@ | `SSL_CTX_set0_CA_list` | | | | | `SSL_CTX_set0_ctlog_store` [^ct] | | | | | `SSL_CTX_set0_security_ex_data` | | | | -| `SSL_CTX_set0_tmp_dh_pkey` | | | | +| `SSL_CTX_set0_tmp_dh_pkey` | | | :exclamation: [^stub] | | `SSL_CTX_set1_cert_store` | | | | | `SSL_CTX_set1_param` | | | | | `SSL_CTX_set_allow_early_data_cb` | | | | @@ -141,9 +141,9 @@ | `SSL_CTX_set_cipher_list` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_ciphersuites` | :white_check_mark: | | :exclamation: [^stub] | | `SSL_CTX_set_client_CA_list` | | :white_check_mark: | :exclamation: [^stub] | -| `SSL_CTX_set_client_cert_cb` | | | | +| `SSL_CTX_set_client_cert_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_client_cert_engine` [^engine] | | | | -| `SSL_CTX_set_client_hello_cb` | | | | +| `SSL_CTX_set_client_hello_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_cookie_generate_cb` | | | | | `SSL_CTX_set_cookie_verify_cb` | | | | | `SSL_CTX_set_ct_validation_callback` [^ct] | | | | @@ -181,19 +181,19 @@ | `SSL_CTX_set_security_level` | | | | | `SSL_CTX_set_session_id_context` | | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_session_ticket_cb` | | | | -| `SSL_CTX_set_srp_cb_arg` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_CTX_set_srp_cb_arg` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_CTX_set_srp_client_pwd_callback` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_srp_password` [^deprecatedin_3_0] [^srp] | :white_check_mark: | | :exclamation: [^stub] | | `SSL_CTX_set_srp_strength` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_srp_username` [^deprecatedin_3_0] [^srp] | :white_check_mark: | | :exclamation: [^stub] | -| `SSL_CTX_set_srp_username_callback` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_CTX_set_srp_username_callback` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_CTX_set_srp_verify_param_callback` [^deprecatedin_3_0] [^srp] | | | | | `SSL_CTX_set_ssl_version` [^deprecatedin_3_0] | | | | | `SSL_CTX_set_stateless_cookie_generate_cb` | | | | | `SSL_CTX_set_stateless_cookie_verify_cb` | | | | | `SSL_CTX_set_timeout` | | :white_check_mark: | :white_check_mark: | | `SSL_CTX_set_tlsext_max_fragment_length` | | | | -| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | | | | +| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | | | :exclamation: [^stub] | | `SSL_CTX_set_tlsext_use_srtp` [^srtp] | | | | | `SSL_CTX_set_tmp_dh_callback` [^deprecatedin_3_0] [^dh] | | | | | `SSL_CTX_set_trust` | | | | @@ -224,7 +224,7 @@ | `SSL_SESSION_get0_peer` | | | | | `SSL_SESSION_get0_ticket` | | | | | `SSL_SESSION_get0_ticket_appdata` | | | | -| `SSL_SESSION_get_compress_id` | | | | +| `SSL_SESSION_get_compress_id` | | | :exclamation: [^stub] | | `SSL_SESSION_get_ex_data` | | | | | `SSL_SESSION_get_id` | | :white_check_mark: | :white_check_mark: | | `SSL_SESSION_get_master_key` | | | | @@ -260,7 +260,7 @@ | `SSL_add1_to_CA_list` | | | | | `SSL_add_client_CA` | | | | | `SSL_add_dir_cert_subjects_to_stack` | | | | -| `SSL_add_file_cert_subjects_to_stack` | | | | +| `SSL_add_file_cert_subjects_to_stack` | | | :exclamation: [^stub] | | `SSL_add_ssl_module` | | | | | `SSL_add_store_cert_subjects_to_stack` | | | | | `SSL_alert_desc_string` | | | :white_check_mark: | @@ -277,7 +277,7 @@ | `SSL_clear_options` | | :white_check_mark: | :white_check_mark: | | `SSL_client_hello_get0_ciphers` | | | | | `SSL_client_hello_get0_compression_methods` | | | | -| `SSL_client_hello_get0_ext` | | | | +| `SSL_client_hello_get0_ext` | | | :exclamation: [^stub] | | `SSL_client_hello_get0_legacy_version` | | | | | `SSL_client_hello_get0_random` | | | | | `SSL_client_hello_get0_session_id` | | | | @@ -324,8 +324,8 @@ | `SSL_get_certificate` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_changed_async_fds` | | | | | `SSL_get_cipher_list` | | | | -| `SSL_get_ciphers` | | | | -| `SSL_get_client_CA_list` | | | | +| `SSL_get_ciphers` | | | :exclamation: [^stub] | +| `SSL_get_client_CA_list` | | | :exclamation: [^stub] | | `SSL_get_client_ciphers` | | | | | `SSL_get_client_random` | | | | | `SSL_get_current_cipher` | :white_check_mark: | :white_check_mark: | :white_check_mark: | @@ -339,14 +339,14 @@ | `SSL_get_ex_data` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_ex_data_X509_STORE_CTX_idx` | | :white_check_mark: | :exclamation: [^stub] | | `SSL_get_fd` | | | | -| `SSL_get_finished` | | | | +| `SSL_get_finished` | | | :exclamation: [^stub] | | `SSL_get_info_callback` | | | | | `SSL_get_key_update_type` | | | | | `SSL_get_max_early_data` | | | | | `SSL_get_num_tickets` | | | :white_check_mark: | | `SSL_get_options` | | :white_check_mark: | :white_check_mark: | | `SSL_get_peer_cert_chain` | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| `SSL_get_peer_finished` | | | | +| `SSL_get_peer_finished` | | | :exclamation: [^stub] | | `SSL_get_peer_signature_type_nid` | :white_check_mark: | | :white_check_mark: | | `SSL_get_pending_cipher` | | | | | `SSL_get_privatekey` | :white_check_mark: | | :white_check_mark: | @@ -365,15 +365,15 @@ | `SSL_get_servername` | | :white_check_mark: | :white_check_mark: | | `SSL_get_servername_type` | | | :white_check_mark: | | `SSL_get_session` | | :white_check_mark: | :white_check_mark: | -| `SSL_get_shared_ciphers` | | | | +| `SSL_get_shared_ciphers` | | | :exclamation: [^stub] | | `SSL_get_shared_sigalgs` | | | | | `SSL_get_shutdown` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_get_sigalgs` | | | | | `SSL_get_signature_type_nid` | | | | | `SSL_get_srp_N` [^deprecatedin_3_0] [^srp] | | | | | `SSL_get_srp_g` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_get_srp_userinfo` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_get_srp_username` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_get_srp_userinfo` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | +| `SSL_get_srp_username` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_get_srtp_profiles` [^srtp] | | | | | `SSL_get_ssl_method` | | | | | `SSL_get_state` | | | :white_check_mark: | @@ -397,13 +397,13 @@ | `SSL_load_client_CA_file_ex` | | | | | `SSL_new` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_new_session_ticket` | | | | -| `SSL_peek` | | | | +| `SSL_peek` | | | :exclamation: [^stub] | | `SSL_peek_ex` | | | | | `SSL_pending` | :white_check_mark: | | :white_check_mark: | | `SSL_read` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_read_early_data` | | :white_check_mark: | :exclamation: [^stub] | | `SSL_read_ex` | | | | -| `SSL_renegotiate` | | | | +| `SSL_renegotiate` | | | :exclamation: [^stub] | | `SSL_renegotiate_abbreviated` | | | | | `SSL_renegotiate_pending` | | | | | `SSL_rstate_string` | | | | @@ -461,12 +461,12 @@ | `SSL_set_security_callback` | | | | | `SSL_set_security_level` | | | | | `SSL_set_session` | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] | -| `SSL_set_session_id_context` | | | | +| `SSL_set_session_id_context` | | | :exclamation: [^stub] | | `SSL_set_session_secret_cb` | | | | | `SSL_set_session_ticket_ext` | | | | | `SSL_set_session_ticket_ext_cb` | | | | | `SSL_set_shutdown` | | :white_check_mark: | :white_check_mark: | -| `SSL_set_srp_server_param` [^deprecatedin_3_0] [^srp] | | | | +| `SSL_set_srp_server_param` [^deprecatedin_3_0] [^srp] | | | :exclamation: [^stub] | | `SSL_set_srp_server_param_pw` [^deprecatedin_3_0] [^srp] | | | | | `SSL_set_ssl_method` | | | | | `SSL_set_tlsext_max_fragment_length` | | | | @@ -479,8 +479,8 @@ | `SSL_set_wfd` [^sock] | | | | | `SSL_shutdown` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | `SSL_srp_server_param_with_username` [^deprecatedin_3_0] [^srp] | | | | -| `SSL_state_string` | | | | -| `SSL_state_string_long` | | | | +| `SSL_state_string` | | | :exclamation: [^stub] | +| `SSL_state_string_long` | | | :exclamation: [^stub] | | `SSL_stateless` | | | | | `SSL_test_functions` [^unit_test] | | | | | `SSL_trace` [^ssl_trace] | | | | @@ -497,7 +497,7 @@ | `SSL_use_certificate_chain_file` | | | | | `SSL_use_certificate_file` | | | | | `SSL_use_psk_identity_hint` [^psk] | | | | -| `SSL_verify_client_post_handshake` | | | | +| `SSL_verify_client_post_handshake` | | | :exclamation: [^stub] | | `SSL_version` | | :white_check_mark: | :white_check_mark: | | `SSL_waiting_for_async` | | | | | `SSL_want` | | | :white_check_mark: | diff --git a/build.rs b/build.rs index 9b2fc9f..6de4542 100644 --- a/build.rs +++ b/build.rs @@ -47,6 +47,7 @@ const ENTRYPOINTS: &[&str] = &[ "i2d_SSL_SESSION", "OPENSSL_init_ssl", "SSL_accept", + "SSL_add_file_cert_subjects_to_stack", "SSL_alert_desc_string", "SSL_alert_desc_string_long", "SSL_alert_type_string", @@ -61,6 +62,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CIPHER_get_version", "SSL_CIPHER_standard_name", "SSL_clear_options", + "SSL_client_hello_get0_ext", + "SSL_COMP_get_compression_methods", "SSL_CONF_cmd", "SSL_CONF_cmd_value_type", "SSL_CONF_CTX_clear_flags", @@ -101,6 +104,7 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_sess_set_get_cb", "SSL_CTX_sess_set_new_cb", "SSL_CTX_sess_set_remove_cb", + "SSL_CTX_set0_tmp_dh_pkey", "SSL_CTX_set_alpn_protos", "SSL_CTX_set_alpn_select_cb", "SSL_CTX_set_cert_cb", @@ -108,6 +112,8 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_set_cipher_list", "SSL_CTX_set_ciphersuites", "SSL_CTX_set_client_CA_list", + "SSL_CTX_set_client_cert_cb", + "SSL_CTX_set_client_hello_cb", "SSL_CTX_set_default_passwd_cb", "SSL_CTX_set_default_passwd_cb_userdata", "SSL_CTX_set_default_verify_dir", @@ -125,9 +131,12 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_CTX_set_options", "SSL_CTX_set_post_handshake_auth", "SSL_CTX_set_session_id_context", + "SSL_CTX_set_srp_cb_arg", "SSL_CTX_set_srp_password", "SSL_CTX_set_srp_username", + "SSL_CTX_set_srp_username_callback", "SSL_CTX_set_timeout", + "SSL_CTX_set_tlsext_ticket_key_evp_cb", "SSL_CTX_set_verify", "SSL_CTX_set_verify_depth", "SSL_CTX_up_ref", @@ -145,21 +154,28 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_get1_peer_certificate", "SSL_get1_session", "SSL_get_certificate", + "SSL_get_ciphers", + "SSL_get_client_CA_list", "SSL_get_current_cipher", "SSL_get_current_compression", "SSL_get_error", "SSL_get_ex_data", "SSL_get_ex_data_X509_STORE_CTX_idx", + "SSL_get_finished", "SSL_get_num_tickets", "SSL_get_options", "SSL_get_peer_cert_chain", + "SSL_get_peer_finished", "SSL_get_peer_signature_type_nid", "SSL_get_privatekey", "SSL_get_rbio", "SSL_get_servername", "SSL_get_servername_type", "SSL_get_session", + "SSL_get_shared_ciphers", "SSL_get_shutdown", + "SSL_get_srp_userinfo", + "SSL_get_srp_username", "SSL_get_SSL_CTX", "SSL_get_state", "SSL_get_verify_depth", @@ -174,12 +190,15 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_is_server", "SSL_load_client_CA_file", "SSL_new", + "SSL_peek", "SSL_pending", "SSL_read", "SSL_read_early_data", + "SSL_renegotiate", "SSL_select_next_proto", "SSL_sendfile", "SSL_SESSION_free", + "SSL_SESSION_get_compress_id", "SSL_SESSION_get_id", "SSL_SESSION_get_time", "SSL_SESSION_get_timeout", @@ -205,16 +224,21 @@ const ENTRYPOINTS: &[&str] = &[ "SSL_set_post_handshake_auth", "SSL_set_quiet_shutdown", "SSL_set_session", + "SSL_set_session_id_context", "SSL_set_shutdown", + "SSL_set_srp_server_param", "SSL_set_SSL_CTX", "SSL_set_verify", "SSL_set_verify_depth", "SSL_set_verify_result", "SSL_shutdown", + "SSL_state_string", + "SSL_state_string_long", "SSL_up_ref", "SSL_use_certificate", "SSL_use_PrivateKey", "SSL_use_PrivateKey_file", + "SSL_verify_client_post_handshake", "SSL_version", "SSL_want", "SSL_write", diff --git a/src/entry.rs b/src/entry.rs index 81fc432..4a26b39 100644 --- a/src/entry.rs +++ b/src/entry.rs @@ -10,8 +10,9 @@ use std::sync::Arc; use std::{fs, path::PathBuf}; use openssl_sys::{ - stack_st_X509, stack_st_X509_NAME, NID_undef, OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, - EVP_PKEY, OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX, + stack_st_SSL_CIPHER, stack_st_X509, stack_st_X509_NAME, stack_st_void, NID_undef, + OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, BIGNUM, EVP_CIPHER_CTX, EVP_PKEY, HMAC_CTX, + OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX, }; use rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer}; @@ -1997,6 +1998,14 @@ entry_stub! { pub fn _SSL_set_session(_ssl: *mut SSL, _session: *mut SSL_SESSION) -> c_int; } +entry_stub! { + pub fn _SSL_set_session_id_context( + _ssl: *mut SSL, + _sid_ctx: *const c_uchar, + _sid_ctx_len: c_uint, + ) -> c_int; +} + entry_stub! { pub fn _SSL_CTX_remove_session(_ssl: *const SSL, _session: *mut SSL_SESSION) -> c_int; } @@ -2024,6 +2033,67 @@ entry_stub! { ) -> c_int; } +entry_stub! { + pub fn _SSL_CTX_set_tlsext_ticket_key_evp_cb( + _ctx: *mut SSL_CTX, + _fp: SSL_CTX_tlsext_ticket_key_evp_cb_func, + ) -> c_int; +} + +pub type SSL_CTX_tlsext_ticket_key_evp_cb_func = Option< + unsafe extern "C" fn( + _ssl: *mut SSL, + _key_name: *mut c_uchar, + _iv: *mut c_uchar, + _ctx: *mut EVP_CIPHER_CTX, + _hctx: *mut HMAC_CTX, + _enc: c_int, + ) -> c_int, +>; + +entry_stub! { + pub fn _SSL_CTX_set_client_hello_cb( + _ctx: *mut SSL_CTX, + _cb: SSL_client_hello_cb_func, + _arg: *mut c_void, + ); +} + +pub type SSL_client_hello_cb_func = + Option c_int>; + +entry_stub! { + pub fn _SSL_state_string(_ssl: *const SSL) -> *const c_char; +} + +entry_stub! { + pub fn _SSL_state_string_long(_ssl: *const SSL) -> *const c_char; +} + +entry_stub! { + pub fn _SSL_peek(_ssl: *mut SSL, _buf: *mut c_void, _num: c_int) -> c_int; +} + +entry_stub! { + pub fn _SSL_get_shared_ciphers( + _ssl: *const SSL, + _buf: *mut c_char, + _size: c_int, + ) -> *mut c_char; +} + +entry_stub! { + pub fn _SSL_get_ciphers(_ssl: *const SSL) -> *mut stack_st_SSL_CIPHER; +} + +entry_stub! { + pub fn _SSL_CTX_set_client_cert_cb(_ctx: *mut SSL_CTX, _cb: SSL_client_cert_cb_func); +} + +pub type SSL_client_cert_cb_func = Option< + unsafe extern "C" fn(_ssl: *mut SSL, _x509: *mut *mut X509, _pkey: *mut *mut EVP_PKEY) -> c_int, +>; + // The SSL_CTX X509_STORE isn't being meaningfully used yet. entry_stub! { pub fn _SSL_CTX_set_default_verify_store(_ctx: *mut SSL_CTX) -> c_int; @@ -2059,6 +2129,17 @@ entry_stub! { pub fn _SSL_load_client_CA_file(_file: *const c_char) -> *mut stack_st_X509_NAME; } +entry_stub! { + pub fn _SSL_get_client_CA_list(_ssl: *const SSL) -> *mut stack_st_X509_NAME; +} + +entry_stub! { + pub fn _SSL_add_file_cert_subjects_to_stack( + _stack: *mut stack_st_X509_NAME, + _file: *const c_char, + ) -> c_int; +} + // no individual message logging entry_stub! { @@ -2165,6 +2246,45 @@ entry_stub! { pub fn _SSL_CTX_set_srp_username(_ctx: *mut SSL_CTX, _name: *mut c_char) -> c_int; } +entry_stub! { + pub fn _SSL_CTX_set_srp_username_callback( + _ctx: *mut SSL_CTX, + _cb: SSL_srp_username_cb_func, + ) -> c_int; +} + +pub type SSL_srp_username_cb_func = + Option c_int>; + +entry_stub! { + pub fn _SSL_set_srp_server_param( + _s: *mut SSL, + _n: *const BIGNUM, + _g: *const BIGNUM, + _sa: *const BIGNUM, + _v: *const BIGNUM, + _info: *const c_char, + ) -> c_int; +} + +entry_stub! { + pub fn _SSL_CTX_set_srp_cb_arg(_ctx: *mut SSL_CTX, _arg: *mut c_void) -> c_int; +} + +entry_stub! { + pub fn _SSL_get_srp_username(_ssl: *mut SSL) -> *mut c_char; +} + +entry_stub! { + pub fn _SSL_get_srp_userinfo(_ssl: *mut SSL) -> *mut c_char; +} + +// no DH ciphersuites + +entry_stub! { + pub fn _SSL_CTX_set0_tmp_dh_pkey(_ctx: *mut SSL_CTX, _dhpkey: *mut EVP_PKEY) -> c_int; +} + // no post-handshake auth entry_stub! { @@ -2175,6 +2295,16 @@ entry_stub! { pub fn _SSL_set_post_handshake_auth(_s: *mut SSL, _val: c_int); } +entry_stub! { + pub fn _SSL_verify_client_post_handshake(_ssl: *mut SSL) -> c_int; +} + +// no renegotiation + +entry_stub! { + pub fn _SSL_renegotiate(_ssl: *mut SSL) -> c_int; +} + // No kTLS/sendfile support entry_stub! { @@ -2187,6 +2317,17 @@ entry_stub! { ) -> c_long; } +// No access to individual certificate extensions + +entry_stub! { + pub fn _SSL_client_hello_get0_ext( + _ssl: *mut SSL, + _type: c_uint, + _out: *mut *const c_uchar, + _outlen: *mut usize, + ) -> c_int; +} + // No custom extension support // (used by nginx to implement quic) @@ -2245,6 +2386,27 @@ type SSL_custom_ext_free_cb_ex = Option< ), >; +// No low level protocol details. + +entry_stub! { + pub fn _SSL_get_finished(_ssl: *const SSL, _buf: *mut c_void, _count: usize) -> usize; +} + +entry_stub! { + pub fn _SSL_get_peer_finished(_ssl: *const SSL, _buf: *mut c_void, _count: usize) -> usize; +} + +// No TLS 1.2 protocol compression. + +entry_stub! { + pub fn _SSL_SESSION_get_compress_id(_ssl: *mut SSL) -> c_int; +} + +entry_stub! { + // nb: should return stack_st_SSL_COMP, but this isn't defined in openssl-sys + pub fn _SSL_COMP_get_compression_methods() -> *mut stack_st_void; +} + // --------------------- #[cfg(test)]