diff --git lang/rust/Makefile lang/rust/Makefile index a12fa4fac7f0..46b5eefd429a 100644 --- lang/rust/Makefile +++ lang/rust/Makefile @@ -177,7 +177,7 @@ post-patch: ${WRKSRC}/src/stage0.txt # After patching crates, we need to update their corresponding # `.cargo-checksum.json` to reflect the new checksums verified by Cargo. - @for dir in "${WRKSRC}/src/vendor/libc" "${WRKSRC}/src/vendor/openssl" "${WRKSRC}/src/vendor/openssl-sys"; do \ + @for dir in "${WRKSRC}/src/vendor/openssl-sys" "${WRKSRC}/src/vendor/libgit2-sys"; do \ if ! test -d "$$dir"; then \ continue; \ fi; \ diff --git lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.c lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.c new file mode 100644 index 000000000000..87a1b7cbd767 --- /dev/null +++ lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.c @@ -0,0 +1,12 @@ +--- src/vendor/libgit2-sys/libgit2/src/openssl_stream.c.orig 2018-03-25 15:53:19 UTC ++++ src/vendor/libgit2-sys/libgit2/src/openssl_stream.c +@@ -103,7 +103,8 @@ int git_openssl_stream_global_init(void) + ssl_opts |= SSL_OP_NO_COMPRESSION; + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + #else diff --git lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.h lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.h new file mode 100644 index 000000000000..533f47c73c66 --- /dev/null +++ lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.h @@ -0,0 +1,12 @@ +--- src/vendor/libgit2-sys/libgit2/src/openssl_stream.h.orig 2018-03-25 15:53:19 UTC ++++ src/vendor/libgit2-sys/libgit2/src/openssl_stream.h +@@ -27,7 +27,8 @@ extern int git_openssl_stream_new(git_stream **out, co + + + +-# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++# if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + + GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name) + { diff --git lang/rust/files/patch-src_vendor_openssl-sys_build.rs lang/rust/files/patch-src_vendor_openssl-sys_build.rs new file mode 100644 index 000000000000..a9898fba8534 --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_build.rs @@ -0,0 +1,186 @@ +--- src/vendor/openssl-sys/build.rs.orig 2018-03-25 15:53:20 UTC ++++ src/vendor/openssl-sys/build.rs +@@ -1,7 +1,7 @@ ++extern crate cc; + extern crate pkg_config; + #[cfg(target_env = "msvc")] + extern crate vcpkg; +-extern crate cc; + + use std::collections::HashSet; + use std::env; +@@ -89,17 +89,15 @@ fn main() { + let libs_env = env("OPENSSL_LIBS"); + let libs = match libs_env.as_ref().and_then(|s| s.to_str()) { + Some(ref v) => v.split(":").collect(), +- None => { +- match version { +- Version::Openssl101 | +- Version::Openssl102 if target.contains("windows") => vec!["ssleay32", "libeay32"], +- Version::Openssl110 if target.contains("windows") => vec!["libssl", "libcrypto"], +- _ => vec!["ssl", "crypto"], ++ None => match version { ++ Version::Openssl101 | Version::Openssl102 if target.contains("windows") => { ++ vec!["ssleay32", "libeay32"] + } +- } ++ Version::Openssl110 if target.contains("windows") => vec!["libssl", "libcrypto"], ++ _ => vec!["ssl", "crypto"], ++ }, + }; + +- + let kind = determine_mode(Path::new(&lib_dir), &libs); + for lib in libs.into_iter() { + println!("cargo:rustc-link-lib={}={}", kind, lib); +@@ -109,7 +107,7 @@ fn main() { + fn find_openssl_dir(target: &str) -> OsString { + let host = env::var("HOST").unwrap(); + +- if host.contains("apple-darwin") && target.contains("apple-darwin") { ++ if host == target && target.contains("apple-darwin") { + let homebrew = Path::new("/usr/local/opt/openssl@1.1"); + if homebrew.exists() { + return homebrew.to_path_buf().into(); +@@ -123,6 +121,11 @@ fn find_openssl_dir(target: &str) -> OsString { + try_pkg_config(); + try_vcpkg(); + ++ // FreeBSD ships with OpenSSL but doesn't include a pkg-config file :( ++ if host == target && target.contains("freebsd") { ++ return OsString::from("/usr"); ++ } ++ + let mut msg = format!( + " + +@@ -228,9 +231,10 @@ fn try_pkg_config() { + return; + } + +- let lib = match pkg_config::Config::new().print_system_libs(false).find( +- "openssl", +- ) { ++ let lib = match pkg_config::Config::new() ++ .print_system_libs(false) ++ .find("openssl") ++ { + Ok(lib) => lib, + Err(e) => { + println!("run pkg_config fail: {:?}", e); +@@ -253,7 +257,6 @@ fn try_pkg_config() { + /// should emit all of the cargo metadata that we need. + #[cfg(target_env = "msvc")] + fn try_vcpkg() { +- + // vcpkg will not emit any metadata if it can not find libraries + // appropriate for the target triple with the desired linkage. + +@@ -264,8 +267,10 @@ fn try_vcpkg() { + .probe("openssl"); + + if let Err(e) = lib { +- println!("note: vcpkg did not find openssl as libcrypto and libssl : {:?}", +- e); ++ println!( ++ "note: vcpkg did not find openssl as libcrypto and libssl : {:?}", ++ e ++ ); + lib = vcpkg::Config::new() + .emit_includes(true) + .lib_name("libeay32") +@@ -273,8 +278,10 @@ fn try_vcpkg() { + .probe("openssl"); + } + if let Err(e) = lib { +- println!("note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}", +- e); ++ println!( ++ "note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}", ++ e ++ ); + return; + } + +@@ -316,8 +323,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Versi + #include + #include + +-#if LIBRESSL_VERSION_NUMBER >= 0x20700000 ++#if LIBRESSL_VERSION_NUMBER >= 0x20800000 + RUST_LIBRESSL_NEW ++#elif LIBRESSL_VERSION_NUMBER >= 0x20700000 ++RUST_LIBRESSL_27X + #elif LIBRESSL_VERSION_NUMBER >= 0x20603000 + RUST_LIBRESSL_26X + #elif LIBRESSL_VERSION_NUMBER >= 0x20602000 +@@ -336,8 +345,10 @@ RUST_LIBRESSL_251 + RUST_LIBRESSL_250 + #elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000 + RUST_LIBRESSL_OLD +-#elif OPENSSL_VERSION_NUMBER >= 0x10101000 ++#elif OPENSSL_VERSION_NUMBER >= 0x10102000 + RUST_OPENSSL_NEW ++#elif OPENSSL_VERSION_NUMBER >= 0x10101000 ++RUST_OPENSSL_111 + #elif OPENSSL_VERSION_NUMBER >= 0x10100060 + RUST_OPENSSL_110F + #elif OPENSSL_VERSION_NUMBER >= 0x10100000 +@@ -464,6 +475,18 @@ See rust-openssl README for more information: + println!("cargo:libressl_version=26x"); + println!("cargo:version=101"); + Version::Libressl ++ } else if expanded.contains("RUST_LIBRESSL_27X") { ++ println!("cargo:rustc-cfg=libressl"); ++ println!("cargo:rustc-cfg=libressl27"); ++ println!("cargo:libressl=true"); ++ println!("cargo:libressl_version=27x"); ++ println!("cargo:version=101"); ++ Version::Libressl ++ } else if expanded.contains("RUST_OPENSSL_111") { ++ println!("cargo:rustc-cfg=ossl111"); ++ println!("cargo:rustc-cfg=ossl110"); ++ println!("cargo:version=111"); ++ Version::Openssl110 + } else if expanded.contains("RUST_OPENSSL_110F") { + println!("cargo:rustc-cfg=ossl110"); + println!("cargo:rustc-cfg=ossl110f"); +@@ -486,9 +509,9 @@ See rust-openssl README for more information: + panic!( + " + +-This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, or LibreSSL +-2.5 and 2.6.0, but a different version of OpenSSL was found. The build is now +-aborting due to this version mismatch. ++This crate is only compatible with OpenSSL 1.0.1 through 1.1.1, or LibreSSL 2.5 ++through 2.7, but a different version of OpenSSL was found. The build is now aborting ++due to this version mismatch. + + " + ); +@@ -516,12 +539,11 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'s + .map(|e| e.file_name()) + .filter_map(|e| e.into_string().ok()) + .collect::>(); +- let can_static = libs.iter().all(|l| { +- files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l)) +- }); ++ let can_static = libs.iter() ++ .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l))); + let can_dylib = libs.iter().all(|l| { +- files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l)) || +- files.contains(&format!("lib{}.dylib", l)) ++ files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l)) ++ || files.contains(&format!("lib{}.dylib", l)) + }); + match (can_static, can_dylib) { + (true, false) => return "static", +@@ -529,7 +551,7 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'s + (false, false) => { + panic!( + "OpenSSL libdir at `{}` does not contain the required files \ +- to either statically or dynamically link OpenSSL", ++ to either statically or dynamically link OpenSSL", + libdir.display() + ); + } diff --git lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs new file mode 100644 index 000000000000..eb8a3b8a4dc5 --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs @@ -0,0 +1,422 @@ +--- src/vendor/openssl-sys/src/lib.rs.orig 2018-03-25 15:53:20 UTC ++++ src/vendor/openssl-sys/src/lib.rs +@@ -18,6 +18,11 @@ mod ossl110; + #[cfg(ossl110)] + pub use ossl110::*; + ++#[cfg(ossl111)] ++mod ossl111; ++#[cfg(ossl111)] ++pub use ossl111::*; ++ + #[cfg(libressl)] + mod libressl; + #[cfg(libressl)] +@@ -216,6 +221,7 @@ pub const PEM_R_NO_START_LINE: c_int = 108; + pub const EVP_MAX_MD_SIZE: c_uint = 64; + pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption; + pub const EVP_PKEY_HMAC: c_int = NID_hmac; ++pub const EVP_PKEY_CMAC: c_int = NID_cmac; + pub const EVP_PKEY_DSA: c_int = NID_dsa; + pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; + pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey; +@@ -223,9 +229,29 @@ pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKe + pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000; + + pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; ++pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2; + ++pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5; + pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; + ++pub const EVP_PKEY_CTRL_SET_MAC_KEY: c_int = 6; ++pub const EVP_PKEY_CTRL_CIPHER: c_int = 12; ++ ++pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2; ++pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3; ++pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4; ++pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5; ++pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6; ++pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7; ++pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8; ++pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9; ++ ++pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY ++ | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX ++ | EVP_PKEY_OP_VERIFYCTX; ++ ++pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT; ++ + pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; + pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; + pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11; +@@ -1195,9 +1221,16 @@ pub const RSA_SSLV23_PADDING: c_int = 2; + pub const RSA_NO_PADDING: c_int = 3; + pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; + pub const RSA_X931_PADDING: c_int = 5; ++pub const RSA_PKCS1_PSS_PADDING: c_int = 6; + + pub const SHA_LBLOCK: c_int = 16; + ++pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47; ++pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER; ++ ++pub const TLS1_AD_DECODE_ERROR: c_int = 50; ++pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR; ++ + pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112; + pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME; + +@@ -1206,6 +1239,7 @@ pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; + pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; + pub const SSL_CTRL_MODE: c_int = 33; + pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41; ++pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44; + pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53; + pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54; + pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55; +@@ -1243,21 +1277,21 @@ pub const SSL_VERIFY_NONE: c_int = 0; + pub const SSL_VERIFY_PEER: c_int = 1; + pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; + +-#[cfg(not(any(libressl261, libressl262, libressl26x, ossl101)))] ++#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27, ossl101)))] + pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; +-#[cfg(any(libressl261, libressl262, libressl26x))] ++#[cfg(any(libressl261, libressl262, libressl26x, libressl27))] + pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0; + pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +-#[cfg(not(any(libressl261, libressl262, libressl26x)))] ++#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))] + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000; +-#[cfg(any(libressl261, libressl262, libressl26x))] ++#[cfg(any(libressl261, libressl262, libressl26x, libressl27))] + pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0; + pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; + #[cfg(not(libressl))] + pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; +-#[cfg(not(any(libressl, ossl110f)))] ++#[cfg(not(any(libressl, ossl110f, ossl111)))] + pub const SSL_OP_ALL: c_ulong = 0x80000BFF; +-#[cfg(ossl110f)] ++#[cfg(any(ossl110f, ossl111))] + pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING + | SSL_OP_SAFARI_ECDHE_ECDSA_BUG; +@@ -1276,20 +1310,41 @@ pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x0080000 + #[cfg(not(libressl))] + pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; + pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; +-pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; + pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; ++pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; ++#[cfg(ossl111)] ++pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000; + + #[cfg(not(any(ossl101, libressl)))] + pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; + #[cfg(not(any(ossl101, libressl)))] + pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; +-#[cfg(not(any(ossl101, libressl)))] ++#[cfg(not(any(ossl101, libressl, ossl111)))] + pub const SSL_OP_NO_SSL_MASK: c_ulong = + SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; ++#[cfg(ossl111)] ++pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 ++ | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 ++ | SSL_OP_NO_TLSv1_3; + + pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM; + pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1; + ++pub const SSL_SESS_CACHE_OFF: c_long = 0; ++pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1; ++pub const SSL_SESS_CACHE_SERVER: c_long = 0x2; ++pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER; ++pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80; ++pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100; ++pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200; ++pub const SSL_SESS_CACHE_NO_INTERNAL: c_long = ++ SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE; ++ ++pub const SSL3_VERSION: c_int = 0x300; ++pub const TLS1_VERSION: c_int = 0x301; ++pub const TLS1_1_VERSION: c_int = 0x302; ++pub const TLS1_2_VERSION: c_int = 0x303; ++ + pub const TLSEXT_NAMETYPE_host_name: c_int = 0; + + pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1; +@@ -1408,6 +1463,8 @@ pub const GEN_URI: c_int = 6; + pub const GEN_IPADD: c_int = 7; + pub const GEN_RID: c_int = 8; + ++pub const DTLS1_COOKIE_LENGTH: c_uint = 256; ++ + // macros + pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { + BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void) +@@ -1448,6 +1505,28 @@ pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut E + ) + } + ++pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int { ++ EVP_PKEY_CTX_ctrl( ++ ctx, ++ EVP_PKEY_RSA, ++ EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY, ++ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, ++ len, ++ ptr::null_mut(), ++ ) ++} ++ ++pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int { ++ EVP_PKEY_CTX_ctrl( ++ ctx, ++ EVP_PKEY_RSA, ++ EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, ++ EVP_PKEY_CTRL_RSA_MGF1_MD, ++ 0, ++ md as *mut c_void, ++ ) ++} ++ + pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { + SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut()) + } +@@ -1524,6 +1603,10 @@ pub unsafe fn SSL_CTX_get_extra_chain_certs( + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void) + } + ++pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long { ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut()) ++} ++ + pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long { + SSL_ctrl( + ssl, +@@ -1572,6 +1655,7 @@ extern "C" { + + pub fn ASN1_INTEGER_get(dest: *const ASN1_INTEGER) -> c_long; + pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int; ++ pub fn ASN1_INTEGER_to_BN(ai: *const ASN1_INTEGER, bn: *mut BIGNUM) -> *mut BIGNUM; + pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME); + pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int; + pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; +@@ -1843,6 +1927,20 @@ extern "C" { + ctx: *mut BN_CTX, + ) -> c_int; + ++ pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; ++ pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); ++ pub fn ECDSA_do_verify( ++ dgst: *const c_uchar, ++ dgst_len: c_int, ++ sig: *const ECDSA_SIG, ++ eckey: *mut EC_KEY, ++ ) -> c_int; ++ pub fn ECDSA_do_sign( ++ dgst: *const c_uchar, ++ dgst_len: c_int, ++ eckey: *mut EC_KEY, ++ ) -> *mut ECDSA_SIG; ++ + pub fn ERR_peek_last_error() -> c_ulong; + pub fn ERR_get_error() -> c_ulong; + pub fn ERR_get_error_line_data( +@@ -1855,6 +1953,8 @@ extern "C" { + pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; + pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; + pub fn ERR_clear_error(); ++ pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int); ++ pub fn ERR_set_error_data(data: *mut c_char, flags: c_int); + + pub fn EVP_md5() -> *const EVP_MD; + pub fn EVP_ripemd160() -> *const EVP_MD; +@@ -1869,6 +1969,7 @@ extern "C" { + pub fn EVP_aes_128_xts() -> *const EVP_CIPHER; + pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; + pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER; ++ pub fn EVP_aes_128_ccm() -> *const EVP_CIPHER; + pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER; + pub fn EVP_aes_128_cfb128() -> *const EVP_CIPHER; + pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER; +@@ -1877,6 +1978,7 @@ extern "C" { + pub fn EVP_aes_256_xts() -> *const EVP_CIPHER; + pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; + pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER; ++ pub fn EVP_aes_256_ccm() -> *const EVP_CIPHER; + pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER; + pub fn EVP_aes_256_cfb128() -> *const EVP_CIPHER; + pub fn EVP_aes_256_cfb8() -> *const EVP_CIPHER; +@@ -1888,6 +1990,8 @@ extern "C" { + + pub fn EVP_des_cbc() -> *const EVP_CIPHER; + pub fn EVP_des_ecb() -> *const EVP_CIPHER; ++ pub fn EVP_des_ede3() -> *const EVP_CIPHER; ++ pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER; + + pub fn EVP_BytesToKey( + typ: *const EVP_CIPHER, +@@ -1986,6 +2090,7 @@ extern "C" { + pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH; + pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY; + pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; ++ pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; + pub fn EVP_PKEY_new_mac_key( + type_: c_int, + e: *mut ENGINE, +@@ -2003,6 +2108,7 @@ extern "C" { + ) -> *mut EVP_PKEY; + + pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; ++ pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX; + pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX); + pub fn EVP_PKEY_CTX_ctrl( + ctx: *mut EVP_PKEY_CTX, +@@ -2013,6 +2119,9 @@ extern "C" { + p2: *mut c_void, + ) -> c_int; + ++ pub fn EVP_PKEY_keygen_init(ctx: *mut EVP_PKEY_CTX) -> c_int; ++ pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int; ++ + pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; + + pub fn OBJ_obj2nid(o: *const ASN1_OBJECT) -> c_int; +@@ -2022,6 +2131,7 @@ extern "C" { + a: *const ASN1_OBJECT, + no_name: c_int, + ) -> c_int; ++ pub fn OBJ_nid2sn(nid: c_int) -> *const c_char; + + pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP; + pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); +@@ -2110,6 +2220,14 @@ extern "C" { + callback: Option, + user_data: *mut c_void, + ) -> *mut RSA; ++ ++ pub fn PEM_read_bio_RSAPublicKey( ++ bio: *mut BIO, ++ rsa: *mut *mut RSA, ++ callback: Option, ++ user_data: *mut c_void, ++ ) -> *mut RSA; ++ + pub fn PEM_read_bio_RSA_PUBKEY( + bio: *mut BIO, + rsa: *mut *mut RSA, +@@ -2344,6 +2462,7 @@ extern "C" { + pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509; + pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; ++ pub fn SSL_version(ssl: *const SSL) -> c_int; + pub fn SSL_state_string(ssl: *const SSL) -> *const c_char; + pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; + pub fn SSL_set_verify( +@@ -2369,6 +2488,16 @@ extern "C" { + ctx: *mut SSL, + dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, + ); ++ pub fn SSL_export_keying_material( ++ s: *mut SSL, ++ out: *mut c_uchar, ++ olen: size_t, ++ label: *const c_char, ++ llen: size_t, ++ context: *const c_uchar, ++ contextlen: size_t, ++ use_context: c_int, ++ ) -> c_int; + + #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))] + pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; +@@ -2436,6 +2565,14 @@ extern "C" { + ctx: *mut SSL_CTX, + dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, + ); ++ pub fn SSL_CTX_sess_set_new_cb( ++ ctx: *mut SSL_CTX, ++ new_session_cb: Option c_int>, ++ ); ++ pub fn SSL_CTX_sess_set_remove_cb( ++ ctx: *mut SSL_CTX, ++ remove_session_cb: Option, ++ ); + + #[cfg(not(any(ossl101, libressl)))] + pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; +@@ -2474,6 +2611,7 @@ extern "C" { + -> c_uint, + >, + ); ++ + pub fn SSL_select_next_proto( + out: *mut *mut c_uchar, + outlen: *mut c_uchar, +@@ -2489,9 +2627,9 @@ extern "C" { + ); + pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION; + pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; +- #[cfg(not(any(ossl101, libressl, ossl110f)))] ++ #[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))] + pub fn SSL_is_server(s: *mut SSL) -> c_int; +- #[cfg(ossl110f)] ++ #[cfg(any(ossl110f, ossl111))] + pub fn SSL_is_server(s: *const SSL) -> c_int; + + pub fn SSL_SESSION_free(s: *mut SSL_SESSION); +@@ -2540,6 +2678,7 @@ extern "C" { + pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; + pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY; + pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ; ++ pub fn X509_verify_cert(ctx: *mut X509_STORE_CTX) -> c_int; + pub fn X509_verify_cert_error_string(n: c_long) -> *const c_char; + pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; + pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int; +@@ -2573,6 +2712,14 @@ extern "C" { + pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int; + pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; + ++ pub fn X509_STORE_CTX_new() -> *mut X509_STORE_CTX; ++ pub fn X509_STORE_CTX_cleanup(ctx: *mut X509_STORE_CTX); ++ pub fn X509_STORE_CTX_init( ++ ctx: *mut X509_STORE_CTX, ++ store: *mut X509_STORE, ++ x509: *mut X509, ++ chain: *mut stack_st_X509, ++ ) -> c_int; + pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX); + pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509; + pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; +@@ -2704,4 +2851,28 @@ extern "C" { + pub fn FIPS_mode_set(onoff: c_int) -> c_int; + #[cfg(not(libressl))] + pub fn FIPS_mode() -> c_int; ++ ++ pub fn SSL_CTX_set_cookie_generate_cb( ++ s: *mut SSL_CTX, ++ cb: Option< ++ extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int, ++ >, ++ ); ++ ++ #[cfg(ossl110)] ++ pub fn SSL_CTX_set_cookie_verify_cb( ++ s: *mut SSL_CTX, ++ cb: Option< ++ extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int, ++ >, ++ ); ++ ++ #[cfg(not(ossl110))] ++ pub fn SSL_CTX_set_cookie_verify_cb( ++ s: *mut SSL_CTX, ++ cb: Option c_int>, ++ ); ++ ++ pub fn EVP_MD_size(md: *const EVP_MD) -> c_int; ++ pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER; + } diff --git lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs new file mode 100644 index 000000000000..06be4b115866 --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs @@ -0,0 +1,62 @@ +--- src/vendor/openssl-sys/src/libressl/mod.rs.orig 2018-03-25 15:53:20 UTC ++++ src/vendor/openssl-sys/src/libressl/mod.rs +@@ -134,6 +134,12 @@ pub struct DSA { + } + + #[repr(C)] ++pub struct ECDSA_SIG { ++ pub r: *mut ::BIGNUM, ++ pub s: *mut ::BIGNUM, ++} ++ ++#[repr(C)] + pub struct EVP_PKEY { + pub type_: c_int, + pub save_type: c_int, +@@ -267,7 +273,8 @@ pub struct X509 { + crldp: *mut c_void, + altname: *mut c_void, + nc: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] sha1_hash: [c_uchar; 20], ++ #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] ++ sha1_hash: [c_uchar; 20], + aux: *mut c_void, + } + +@@ -330,9 +337,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32; + pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; + pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; + +-#[cfg(any(libressl261, libressl262, libressl26x))] ++#[cfg(any(libressl261, libressl262, libressl26x, libressl27))] + pub const SSL_OP_ALL: c_ulong = 0x4; +-#[cfg(not(any(libressl261, libressl262, libressl26x)))] ++#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))] + pub const SSL_OP_ALL: c_ulong = 0x80000014; + pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; + pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; +@@ -345,9 +352,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = + pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; + pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; + pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; +-#[cfg(any(libressl261, libressl262, libressl26x))] ++#[cfg(any(libressl261, libressl262, libressl26x, libressl27))] + pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0; +-#[cfg(not(any(libressl261, libressl262, libressl26x)))] ++#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))] + pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; + pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; + pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; +@@ -526,6 +533,12 @@ extern "C" { + ctx: *mut ::SSL_CTX, + ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) + -> *mut ::EC_KEY, ++ ); ++ pub fn SSL_CTX_sess_set_get_cb( ++ ctx: *mut ::SSL_CTX, ++ get_session_cb: Option< ++ unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, ++ >, + ); + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; diff --git lang/rust/files/patch-src_vendor_openssl-sys_src_ossl10x.rs lang/rust/files/patch-src_vendor_openssl-sys_src_ossl10x.rs new file mode 100644 index 000000000000..198860b120a8 --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_src_ossl10x.rs @@ -0,0 +1,296 @@ +--- src/vendor/openssl-sys/src/ossl10x.rs.orig 2018-03-25 15:53:20 UTC ++++ src/vendor/openssl-sys/src/ossl10x.rs +@@ -129,6 +129,12 @@ pub struct DSA { + } + + #[repr(C)] ++pub struct ECDSA_SIG { ++ pub r: *mut BIGNUM, ++ pub s: *mut BIGNUM ++} ++ ++#[repr(C)] + pub struct EVP_PKEY { + pub type_: c_int, + pub save_type: c_int, +@@ -263,9 +269,12 @@ pub struct X509 { + crldp: *mut c_void, + altname: *mut c_void, + nc: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] rfc3779_addr: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] rfc3779_asid: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] sha1_hash: [c_uchar; 20], ++ #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] ++ rfc3779_addr: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] ++ rfc3779_asid: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] ++ sha1_hash: [c_uchar; 20], + aux: *mut c_void, + } + +@@ -372,7 +381,8 @@ pub struct SSL { + info_callback: Option, + error: c_int, + error_code: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] kssl_ctx: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] ++ kssl_ctx: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] + psk_client_callback: Option< + unsafe extern "C" fn(*mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint) +@@ -396,16 +406,26 @@ pub struct SSL { + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_debug_cb: + Option, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_debug_arg: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hostname: *mut c_char, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] servername_done: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_type: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_expected: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_ids: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_exts: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_resp: *mut c_uchar, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_resplen: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_expected: c_int, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_debug_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_hostname: *mut c_char, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ servername_done: c_int, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_status_type: c_int, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_status_expected: c_int, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ocsp_ids: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ocsp_exts: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ocsp_resp: *mut c_uchar, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ocsp_resplen: c_int, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ticket_expected: c_int, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] +@@ -414,28 +434,43 @@ pub struct SSL { + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist: *mut c_uchar, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_len: size_t, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_session_ticket: *mut c_void, + #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_opaque_prf_input: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_opaque_prf_input_len: size_t, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_session_ticket: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] + tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_ticket_ext_cb_arg: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_secret_cb: ::tls_session_secret_cb_fn, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_secret_cb_arg: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] initial_ctx: *mut ::SSL_CTX, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tls_session_ticket_ext_cb_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tls_session_secret_cb: ::tls_session_secret_cb_fn, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tls_session_secret_cb_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ initial_ctx: *mut ::SSL_CTX, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_negotiated: *mut c_uchar, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_negotiated_len: c_uchar, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profiles: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profile: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_heartbeat: c_uint, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hb_pending: c_uint, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hb_seq: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ srtp_profiles: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ srtp_profile: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_heartbeat: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_hb_pending: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_hb_seq: c_uint, + renegotiate: c_int, +- #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: ::SRP_CTX, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list: *mut c_uchar, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list_len: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] ++ srp_ctx: ::SRP_CTX, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_client_proto_list: *mut c_uchar, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_client_proto_list_len: c_uint, + } + + #[repr(C)] +@@ -486,28 +521,46 @@ pub struct SSL_CTX { + quiet_shutdown: c_int, + max_send_fragment: c_uint, + +- #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] client_cert_engine: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] ++ client_cert_engine: *mut c_void, + +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_servername_callback: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsect_servername_arg: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_key_name: [c_uchar; 16], +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_hmac_key: [c_uchar; 16], +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_aes_key: [c_uchar; 16], +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_key_cb: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_cb: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_arg: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_servername_callback: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsect_servername_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_tick_key_name: [c_uchar; 16], ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_tick_hmac_key: [c_uchar; 16], ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_tick_aes_key: [c_uchar; 16], ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ticket_key_cb: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_status_cb: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_status_arg: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_opaque_prf_input_callback: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_opaque_prf_input_callback_arg: *mut c_void, + +- #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity_hint: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_client_callback: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_server_callback: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] ++ psk_identity_hint: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] ++ psk_client_callback: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] ++ psk_server_callback: *mut c_void, + +- #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] freelist_max_len: c_uint, +- #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] wbuf_freelist: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] rbuf_freelist: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] ++ freelist_max_len: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] ++ wbuf_freelist: *mut c_void, ++ #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] ++ rbuf_freelist: *mut c_void, + +- #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: SRP_CTX, ++ #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] ++ srp_ctx: SRP_CTX, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_protos_advertised_cb: *mut c_void, +@@ -518,13 +571,19 @@ pub struct SSL_CTX { + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + next_proto_select_cb_arg: *mut c_void, + +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] srtp_profiles: *mut c_void, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] ++ srtp_profiles: *mut c_void, + +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] srtp_profiles: *mut c_void, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb_arg: *mut c_void, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list: *mut c_void, +- #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list_len: c_uint, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ srtp_profiles: *mut c_void, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_select_cb: *mut c_void, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_select_cb_arg: *mut c_void, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_client_proto_list: *mut c_void, ++ #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] ++ alpn_client_proto_list_len: c_uint, + + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + tlsext_ecpointformatlist_length: size_t, +@@ -547,11 +606,14 @@ pub struct SSL_SESSION { + session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], + sid_ctx_length: c_uint, + sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize], +- #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] krb5_client_princ_len: c_uint, + #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] ++ krb5_client_princ_len: c_uint, ++ #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] + krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize], +- #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity_hint: *mut c_char, +- #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity: *mut c_char, ++ #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] ++ psk_identity_hint: *mut c_char, ++ #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] ++ psk_identity: *mut c_char, + not_resumable: c_int, + sess_cert: *mut c_void, + peer: *mut X509, +@@ -566,7 +628,8 @@ pub struct SSL_SESSION { + ex_data: ::CRYPTO_EX_DATA, + prev: *mut c_void, + next: *mut c_void, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hostname: *mut c_char, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_hostname: *mut c_char, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ecpointformatlist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] +@@ -575,10 +638,14 @@ pub struct SSL_SESSION { + tlsext_ellipticcurvelist_length: size_t, + #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + tlsext_ellipticcurvelist: *mut c_uchar, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick: *mut c_uchar, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticklen: size_t, +- #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_lifetime_hint: c_long, +- #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_username: *mut c_char, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_tick: *mut c_uchar, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_ticklen: size_t, ++ #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] ++ tlsext_tick_lifetime_hint: c_long, ++ #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] ++ srp_username: *mut c_char, + } + + #[repr(C)] +@@ -830,6 +897,12 @@ extern "C" { + ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int) + -> *mut ::EC_KEY, + ); ++ pub fn SSL_CTX_sess_set_get_cb( ++ ctx: *mut ::SSL_CTX, ++ get_session_cb: Option< ++ unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, ++ >, ++ ); + pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; + pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; +@@ -902,4 +975,7 @@ extern "C" { + + pub fn SSLeay() -> c_ulong; + pub fn SSLeay_version(key: c_int) -> *const c_char; ++ ++ #[cfg(ossl102)] ++ pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; + } diff --git lang/rust/files/patch-src_vendor_openssl-sys_src_ossl110.rs lang/rust/files/patch-src_vendor_openssl-sys_src_ossl110.rs new file mode 100644 index 000000000000..fb88b7d9aa3b --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_src_ossl110.rs @@ -0,0 +1,115 @@ +--- src/vendor/openssl-sys/src/ossl110.rs.orig 2018-03-25 15:53:20 UTC ++++ src/vendor/openssl-sys/src/ossl110.rs +@@ -8,6 +8,7 @@ pub enum BIO_METHOD {} + pub enum CRYPTO_EX_DATA {} + pub enum DH {} + pub enum DSA {} ++pub enum ECDSA_SIG {} + pub enum EVP_CIPHER {} + pub enum EVP_MD_CTX {} + pub enum EVP_PKEY {} +@@ -33,6 +34,11 @@ pub enum X509_ALGOR {} + pub enum X509_VERIFY_PARAM {} + pub enum X509_REQ {} + ++pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123; ++pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; ++pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; ++pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; ++ + pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000; + pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000; + pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000; +@@ -74,6 +80,58 @@ pub fn init() { + }) + } + ++pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { ++ ::SSL_CTX_ctrl( ++ ctx, ++ SSL_CTRL_SET_MIN_PROTO_VERSION, ++ version as c_long, ++ ptr::null_mut(), ++ ) as c_int ++} ++ ++pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int { ++ ::SSL_CTX_ctrl( ++ ctx, ++ SSL_CTRL_SET_MAX_PROTO_VERSION, ++ version as c_long, ++ ptr::null_mut(), ++ ) as c_int ++} ++ ++pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int { ++ ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int ++} ++ ++pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int { ++ ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int ++} ++ ++pub unsafe fn SSL_set_min_proto_version(s: *mut ::SSL, version: c_int) -> c_int { ++ ::SSL_ctrl( ++ s, ++ SSL_CTRL_SET_MIN_PROTO_VERSION, ++ version as c_long, ++ ptr::null_mut(), ++ ) as c_int ++} ++ ++pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int { ++ ::SSL_ctrl( ++ s, ++ SSL_CTRL_SET_MAX_PROTO_VERSION, ++ version as c_long, ++ ptr::null_mut(), ++ ) as c_int ++} ++ ++pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int { ++ ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int ++} ++ ++pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int { ++ ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int ++} ++ + extern "C" { + pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; + pub fn BIO_s_file() -> *const BIO_METHOD; +@@ -206,6 +264,14 @@ extern "C" { + pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong; + pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; + pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; ++ pub fn SSL_CTX_sess_set_get_cb( ++ ctx: *mut ::SSL_CTX, ++ get_session_cb: Option< ++ unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION, ++ >, ++ ); ++ pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; ++ pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t; + pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; + pub fn X509_get0_signature( +@@ -224,6 +290,7 @@ extern "C" { + pub fn BIO_get_data(a: *mut ::BIO) -> *mut c_void; + pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut ::BIO_METHOD; + pub fn BIO_meth_free(biom: *mut ::BIO_METHOD); ++ // FIXME should wrap in Option + pub fn BIO_meth_set_write( + biom: *mut ::BIO_METHOD, + write: unsafe extern "C" fn(*mut ::BIO, *const c_char, c_int) -> c_int, +@@ -297,4 +364,10 @@ extern "C" { + ) -> *mut PKCS12; + pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; + pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; ++ pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; ++ pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); ++ pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; ++ ++ pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int; ++ pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int; + } diff --git lang/rust/files/patch-src_vendor_openssl-sys_src_ossl111.rs lang/rust/files/patch-src_vendor_openssl-sys_src_ossl111.rs new file mode 100644 index 000000000000..61275d346a51 --- /dev/null +++ lang/rust/files/patch-src_vendor_openssl-sys_src_ossl111.rs @@ -0,0 +1,87 @@ +--- src/vendor/openssl-sys/src/ossl111.rs.orig 2018-04-02 18:34:05 UTC ++++ src/vendor/openssl-sys/src/ossl111.rs +@@ -0,0 +1,84 @@ ++use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void}; ++ ++pub type SSL_CTX_keylog_cb_func = ++ Option; ++ ++pub type SSL_custom_ext_add_cb_ex = ++ Option c_int>; ++ ++pub type SSL_custom_ext_free_cb_ex = ++ Option; ++ ++pub type SSL_custom_ext_parse_cb_ex = ++ Option c_int>; ++ ++pub const SSL_COOKIE_LENGTH: c_int = 4096; ++ ++pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; ++ ++pub const TLS1_3_VERSION: c_int = 0x304; ++ ++pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001; ++/* This extension is only allowed in DTLS */ ++pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002; ++/* Some extensions may be allowed in DTLS but we don't implement them for it */ ++pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004; ++/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ ++pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008; ++/* Extension is only defined for TLS1.2 and below */ ++pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010; ++/* Extension is only defined for TLS1.3 and above */ ++pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020; ++/* Ignore this extension during parsing if we are resuming */ ++pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040; ++pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080; ++/* Really means TLS1.2 or below */ ++pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100; ++pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200; ++pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400; ++pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800; ++pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000; ++pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000; ++pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000; ++ ++ ++extern "C" { ++ pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func); ++ pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint, ++ add_cb: SSL_custom_ext_add_cb_ex, ++ free_cb: SSL_custom_ext_free_cb_ex, ++ add_arg: *mut c_void, ++ parse_cb: SSL_custom_ext_parse_cb_ex, ++ parse_arg: *mut c_void) -> c_int; ++ pub fn SSL_stateless(s: *mut ::SSL) -> c_int; ++ pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD; ++ pub fn SSL_CTX_set_stateless_cookie_generate_cb( ++ s: *mut ::SSL_CTX, ++ cb: Option c_int> ++ ); ++ pub fn SSL_CTX_set_stateless_cookie_verify_cb( ++ s: *mut ::SSL_CTX, ++ cb: Option c_int> ++ ); ++}