View | Details | Raw Unified | Return to bug 226955 | Differences between
and this patch

Collapse All | Expand All

(-)lang/rust/Makefile (-1 / +1 lines)
Lines 177-183 post-patch: Link Here
177
		${WRKSRC}/src/stage0.txt
177
		${WRKSRC}/src/stage0.txt
178
# After patching crates, we need to update their corresponding
178
# After patching crates, we need to update their corresponding
179
# `.cargo-checksum.json` to reflect the new checksums verified by Cargo.
179
# `.cargo-checksum.json` to reflect the new checksums verified by Cargo.
180
	@for dir in "${WRKSRC}/src/vendor/libc" "${WRKSRC}/src/vendor/openssl" "${WRKSRC}/src/vendor/openssl-sys"; do \
180
	@for dir in "${WRKSRC}/src/vendor/openssl-sys" "${WRKSRC}/src/vendor/libgit2-sys"; do \
181
		if ! test -d "$$dir"; then \
181
		if ! test -d "$$dir"; then \
182
			continue; \
182
			continue; \
183
		fi; \
183
		fi; \
(-)lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.c (+12 lines)
Added Link Here
1
--- src/vendor/libgit2-sys/libgit2/src/openssl_stream.c.orig	2018-03-25 15:53:19 UTC
2
+++ src/vendor/libgit2-sys/libgit2/src/openssl_stream.c
3
@@ -103,7 +103,8 @@ int git_openssl_stream_global_init(void)
4
 	ssl_opts |= SSL_OP_NO_COMPRESSION;
5
 #endif
6
 
7
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
8
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
9
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
10
 	SSL_load_error_strings();
11
 	OpenSSL_add_ssl_algorithms();
12
 #else
(-)lang/rust/files/patch-src_vendor_libgit2-sys_libgit2_src_openssl__stream.h (+12 lines)
Added Link Here
1
--- src/vendor/libgit2-sys/libgit2/src/openssl_stream.h.orig	2018-03-25 15:53:19 UTC
2
+++ src/vendor/libgit2-sys/libgit2/src/openssl_stream.h
3
@@ -27,7 +27,8 @@ extern int git_openssl_stream_new(git_stream **out, co
4
 
5
 
6
 
7
-# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
8
+# if OPENSSL_VERSION_NUMBER < 0x10100000L || \
9
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
10
 
11
 GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
12
 {
(-)lang/rust/files/patch-src_vendor_openssl-sys_build.rs (+186 lines)
Added Link Here
1
--- src/vendor/openssl-sys/build.rs.orig	2018-03-25 15:53:20 UTC
2
+++ src/vendor/openssl-sys/build.rs
3
@@ -1,7 +1,7 @@
4
+extern crate cc;
5
 extern crate pkg_config;
6
 #[cfg(target_env = "msvc")]
7
 extern crate vcpkg;
8
-extern crate cc;
9
 
10
 use std::collections::HashSet;
11
 use std::env;
12
@@ -89,17 +89,15 @@ fn main() {
13
     let libs_env = env("OPENSSL_LIBS");
14
     let libs = match libs_env.as_ref().and_then(|s| s.to_str()) {
15
         Some(ref v) => v.split(":").collect(),
16
-        None => {
17
-            match version {
18
-                Version::Openssl101 |
19
-                Version::Openssl102 if target.contains("windows") => vec!["ssleay32", "libeay32"],
20
-                Version::Openssl110 if target.contains("windows") => vec!["libssl", "libcrypto"],
21
-                _ => vec!["ssl", "crypto"],
22
+        None => match version {
23
+            Version::Openssl101 | Version::Openssl102 if target.contains("windows") => {
24
+                vec!["ssleay32", "libeay32"]
25
             }
26
-        }
27
+            Version::Openssl110 if target.contains("windows") => vec!["libssl", "libcrypto"],
28
+            _ => vec!["ssl", "crypto"],
29
+        },
30
     };
31
 
32
-
33
     let kind = determine_mode(Path::new(&lib_dir), &libs);
34
     for lib in libs.into_iter() {
35
         println!("cargo:rustc-link-lib={}={}", kind, lib);
36
@@ -109,7 +107,7 @@ fn main() {
37
 fn find_openssl_dir(target: &str) -> OsString {
38
     let host = env::var("HOST").unwrap();
39
 
40
-    if host.contains("apple-darwin") && target.contains("apple-darwin") {
41
+    if host == target && target.contains("apple-darwin") {
42
         let homebrew = Path::new("/usr/local/opt/openssl@1.1");
43
         if homebrew.exists() {
44
             return homebrew.to_path_buf().into();
45
@@ -123,6 +121,11 @@ fn find_openssl_dir(target: &str) -> OsString {
46
     try_pkg_config();
47
     try_vcpkg();
48
 
49
+    // FreeBSD ships with OpenSSL but doesn't include a pkg-config file :(
50
+    if host == target && target.contains("freebsd") {
51
+        return OsString::from("/usr");
52
+    }
53
+
54
     let mut msg = format!(
55
         "
56
 
57
@@ -228,9 +231,10 @@ fn try_pkg_config() {
58
         return;
59
     }
60
 
61
-    let lib = match pkg_config::Config::new().print_system_libs(false).find(
62
-        "openssl",
63
-    ) {
64
+    let lib = match pkg_config::Config::new()
65
+        .print_system_libs(false)
66
+        .find("openssl")
67
+    {
68
         Ok(lib) => lib,
69
         Err(e) => {
70
             println!("run pkg_config fail: {:?}", e);
71
@@ -253,7 +257,6 @@ fn try_pkg_config() {
72
 /// should emit all of the cargo metadata that we need.
73
 #[cfg(target_env = "msvc")]
74
 fn try_vcpkg() {
75
-
76
     // vcpkg will not emit any metadata if it can not find libraries
77
     // appropriate for the target triple with the desired linkage.
78
 
79
@@ -264,8 +267,10 @@ fn try_vcpkg() {
80
         .probe("openssl");
81
 
82
     if let Err(e) = lib {
83
-        println!("note: vcpkg did not find openssl as libcrypto and libssl : {:?}",
84
-                 e);
85
+        println!(
86
+            "note: vcpkg did not find openssl as libcrypto and libssl : {:?}",
87
+            e
88
+        );
89
         lib = vcpkg::Config::new()
90
             .emit_includes(true)
91
             .lib_name("libeay32")
92
@@ -273,8 +278,10 @@ fn try_vcpkg() {
93
             .probe("openssl");
94
     }
95
     if let Err(e) = lib {
96
-        println!("note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}",
97
-                 e);
98
+        println!(
99
+            "note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}",
100
+            e
101
+        );
102
         return;
103
     }
104
 
105
@@ -316,8 +323,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Versi
106
 #include <openssl/opensslv.h>
107
 #include <openssl/opensslconf.h>
108
 
109
-#if LIBRESSL_VERSION_NUMBER >= 0x20700000
110
+#if LIBRESSL_VERSION_NUMBER >= 0x20800000
111
 RUST_LIBRESSL_NEW
112
+#elif LIBRESSL_VERSION_NUMBER >= 0x20700000
113
+RUST_LIBRESSL_27X
114
 #elif LIBRESSL_VERSION_NUMBER >= 0x20603000
115
 RUST_LIBRESSL_26X
116
 #elif LIBRESSL_VERSION_NUMBER >= 0x20602000
117
@@ -336,8 +345,10 @@ RUST_LIBRESSL_251
118
 RUST_LIBRESSL_250
119
 #elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000
120
 RUST_LIBRESSL_OLD
121
-#elif OPENSSL_VERSION_NUMBER >= 0x10101000
122
+#elif OPENSSL_VERSION_NUMBER >= 0x10102000
123
 RUST_OPENSSL_NEW
124
+#elif OPENSSL_VERSION_NUMBER >= 0x10101000
125
+RUST_OPENSSL_111
126
 #elif OPENSSL_VERSION_NUMBER >= 0x10100060
127
 RUST_OPENSSL_110F
128
 #elif OPENSSL_VERSION_NUMBER >= 0x10100000
129
@@ -464,6 +475,18 @@ See rust-openssl README for more information:
130
         println!("cargo:libressl_version=26x");
131
         println!("cargo:version=101");
132
         Version::Libressl
133
+    } else if expanded.contains("RUST_LIBRESSL_27X") {
134
+        println!("cargo:rustc-cfg=libressl");
135
+        println!("cargo:rustc-cfg=libressl27");
136
+        println!("cargo:libressl=true");
137
+        println!("cargo:libressl_version=27x");
138
+        println!("cargo:version=101");
139
+        Version::Libressl
140
+    } else if expanded.contains("RUST_OPENSSL_111") {
141
+        println!("cargo:rustc-cfg=ossl111");
142
+        println!("cargo:rustc-cfg=ossl110");
143
+        println!("cargo:version=111");
144
+        Version::Openssl110
145
     } else if expanded.contains("RUST_OPENSSL_110F") {
146
         println!("cargo:rustc-cfg=ossl110");
147
         println!("cargo:rustc-cfg=ossl110f");
148
@@ -486,9 +509,9 @@ See rust-openssl README for more information:
149
         panic!(
150
             "
151
 
152
-This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, or LibreSSL
153
-2.5 and 2.6.0, but a different version of OpenSSL was found. The build is now
154
-aborting due to this version mismatch.
155
+This crate is only compatible with OpenSSL 1.0.1 through 1.1.1, or LibreSSL 2.5
156
+through 2.7, but a different version of OpenSSL was found. The build is now aborting
157
+due to this version mismatch.
158
 
159
 "
160
         );
161
@@ -516,12 +539,11 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'s
162
         .map(|e| e.file_name())
163
         .filter_map(|e| e.into_string().ok())
164
         .collect::<HashSet<_>>();
165
-    let can_static = libs.iter().all(|l| {
166
-        files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l))
167
-    });
168
+    let can_static = libs.iter()
169
+        .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l)));
170
     let can_dylib = libs.iter().all(|l| {
171
-        files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l)) ||
172
-            files.contains(&format!("lib{}.dylib", l))
173
+        files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l))
174
+            || files.contains(&format!("lib{}.dylib", l))
175
     });
176
     match (can_static, can_dylib) {
177
         (true, false) => return "static",
178
@@ -529,7 +551,7 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'s
179
         (false, false) => {
180
             panic!(
181
                 "OpenSSL libdir at `{}` does not contain the required files \
182
-                    to either statically or dynamically link OpenSSL",
183
+                 to either statically or dynamically link OpenSSL",
184
                 libdir.display()
185
             );
186
         }
(-)lang/rust/files/patch-src_vendor_openssl-sys_src_lib.rs (+422 lines)
Added Link Here
1
--- src/vendor/openssl-sys/src/lib.rs.orig	2018-03-25 15:53:20 UTC
2
+++ src/vendor/openssl-sys/src/lib.rs
3
@@ -18,6 +18,11 @@ mod ossl110;
4
 #[cfg(ossl110)]
5
 pub use ossl110::*;
6
 
7
+#[cfg(ossl111)]
8
+mod ossl111;
9
+#[cfg(ossl111)]
10
+pub use ossl111::*;
11
+
12
 #[cfg(libressl)]
13
 mod libressl;
14
 #[cfg(libressl)]
15
@@ -216,6 +221,7 @@ pub const PEM_R_NO_START_LINE: c_int = 108;
16
 pub const EVP_MAX_MD_SIZE: c_uint = 64;
17
 pub const EVP_PKEY_RSA: c_int = NID_rsaEncryption;
18
 pub const EVP_PKEY_HMAC: c_int = NID_hmac;
19
+pub const EVP_PKEY_CMAC: c_int = NID_cmac;
20
 pub const EVP_PKEY_DSA: c_int = NID_dsa;
21
 pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement;
22
 pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey;
23
@@ -223,9 +229,29 @@ pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKe
24
 pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000;
25
 
26
 pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1;
27
+pub const EVP_PKEY_CTRL_RSA_PSS_SALTLEN: c_int = EVP_PKEY_ALG_CTRL + 2;
28
 
29
+pub const EVP_PKEY_CTRL_RSA_MGF1_MD: c_int = EVP_PKEY_ALG_CTRL + 5;
30
 pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6;
31
 
32
+pub const EVP_PKEY_CTRL_SET_MAC_KEY: c_int = 6;
33
+pub const EVP_PKEY_CTRL_CIPHER: c_int = 12;
34
+
35
+pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2;
36
+pub const EVP_PKEY_OP_SIGN: c_int = 1 << 3;
37
+pub const EVP_PKEY_OP_VERIFY: c_int = 1 << 4;
38
+pub const EVP_PKEY_OP_VERIFYRECOVER: c_int = 1 << 5;
39
+pub const EVP_PKEY_OP_SIGNCTX: c_int = 1 << 6;
40
+pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
41
+pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
42
+pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
43
+
44
+pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY
45
+    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX
46
+    | EVP_PKEY_OP_VERIFYCTX;
47
+
48
+pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
49
+
50
 pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9;
51
 pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10;
52
 pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11;
53
@@ -1195,9 +1221,16 @@ pub const RSA_SSLV23_PADDING: c_int = 2;
54
 pub const RSA_NO_PADDING: c_int = 3;
55
 pub const RSA_PKCS1_OAEP_PADDING: c_int = 4;
56
 pub const RSA_X931_PADDING: c_int = 5;
57
+pub const RSA_PKCS1_PSS_PADDING: c_int = 6;
58
 
59
 pub const SHA_LBLOCK: c_int = 16;
60
 
61
+pub const SSL3_AD_ILLEGAL_PARAMETER: c_int = 47;
62
+pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
63
+
64
+pub const TLS1_AD_DECODE_ERROR: c_int = 50;
65
+pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
66
+
67
 pub const TLS1_AD_UNRECOGNIZED_NAME: c_int = 112;
68
 pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
69
 
70
@@ -1206,6 +1239,7 @@ pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
71
 pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
72
 pub const SSL_CTRL_MODE: c_int = 33;
73
 pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
74
+pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
75
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
76
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
77
 pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
78
@@ -1243,21 +1277,21 @@ pub const SSL_VERIFY_NONE: c_int = 0;
79
 pub const SSL_VERIFY_PEER: c_int = 1;
80
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
81
 
82
-#[cfg(not(any(libressl261, libressl262, libressl26x, ossl101)))]
83
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27, ossl101)))]
84
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
85
-#[cfg(any(libressl261, libressl262, libressl26x))]
86
+#[cfg(any(libressl261, libressl262, libressl26x, libressl27))]
87
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
88
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
89
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
90
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))]
91
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
92
-#[cfg(any(libressl261, libressl262, libressl26x))]
93
+#[cfg(any(libressl261, libressl262, libressl26x, libressl27))]
94
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
95
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
96
 #[cfg(not(libressl))]
97
 pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
98
-#[cfg(not(any(libressl, ossl110f)))]
99
+#[cfg(not(any(libressl, ossl110f, ossl111)))]
100
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
101
-#[cfg(ossl110f)]
102
+#[cfg(any(ossl110f, ossl111))]
103
 pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
104
     | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
105
     | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
106
@@ -1276,20 +1310,41 @@ pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x0080000
107
 #[cfg(not(libressl))]
108
 pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000;
109
 pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000;
110
-pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
111
 pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000;
112
+pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
113
+#[cfg(ossl111)]
114
+pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000;
115
 
116
 #[cfg(not(any(ossl101, libressl)))]
117
 pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000;
118
 #[cfg(not(any(ossl101, libressl)))]
119
 pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
120
-#[cfg(not(any(ossl101, libressl)))]
121
+#[cfg(not(any(ossl101, libressl, ossl111)))]
122
 pub const SSL_OP_NO_SSL_MASK: c_ulong =
123
     SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
124
+#[cfg(ossl111)]
125
+pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
126
+    | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
127
+    | SSL_OP_NO_TLSv1_3;
128
 
129
 pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
130
 pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
131
 
132
+pub const SSL_SESS_CACHE_OFF: c_long = 0;
133
+pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
134
+pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
135
+pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
136
+pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
137
+pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
138
+pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
139
+pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
140
+    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
141
+
142
+pub const SSL3_VERSION: c_int = 0x300;
143
+pub const TLS1_VERSION: c_int = 0x301;
144
+pub const TLS1_1_VERSION: c_int = 0x302;
145
+pub const TLS1_2_VERSION: c_int = 0x303;
146
+
147
 pub const TLSEXT_NAMETYPE_host_name: c_int = 0;
148
 
149
 pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1;
150
@@ -1408,6 +1463,8 @@ pub const GEN_URI: c_int = 6;
151
 pub const GEN_IPADD: c_int = 7;
152
 pub const GEN_RID: c_int = 8;
153
 
154
+pub const DTLS1_COOKIE_LENGTH: c_uint = 256;
155
+
156
 // macros
157
 pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long {
158
     BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void)
159
@@ -1448,6 +1505,28 @@ pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut E
160
     )
161
 }
162
 
163
+pub unsafe fn EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx: *mut EVP_PKEY_CTX, len: c_int) -> c_int {
164
+    EVP_PKEY_CTX_ctrl(
165
+        ctx,
166
+        EVP_PKEY_RSA,
167
+        EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY,
168
+        EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
169
+        len,
170
+        ptr::null_mut(),
171
+    )
172
+}
173
+
174
+pub unsafe fn EVP_PKEY_CTX_set_rsa_mgf1_md(ctx: *mut EVP_PKEY_CTX, md: *mut EVP_MD) -> c_int {
175
+    EVP_PKEY_CTX_ctrl(
176
+        ctx,
177
+        EVP_PKEY_RSA,
178
+        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
179
+        EVP_PKEY_CTRL_RSA_MGF1_MD,
180
+        0,
181
+        md as *mut c_void,
182
+    )
183
+}
184
+
185
 pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
186
     SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
187
 }
188
@@ -1524,6 +1603,10 @@ pub unsafe fn SSL_CTX_get_extra_chain_certs(
189
     SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
190
 }
191
 
192
+pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
193
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
194
+}
195
+
196
 pub unsafe fn SSL_get_tlsext_status_ocsp_resp(ssl: *mut SSL, resp: *mut *mut c_uchar) -> c_long {
197
     SSL_ctrl(
198
         ssl,
199
@@ -1572,6 +1655,7 @@ extern "C" {
200
 
201
     pub fn ASN1_INTEGER_get(dest: *const ASN1_INTEGER) -> c_long;
202
     pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
203
+    pub fn ASN1_INTEGER_to_BN(ai: *const ASN1_INTEGER, bn: *mut BIGNUM) -> *mut BIGNUM;
204
     pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME);
205
     pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
206
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
207
@@ -1843,6 +1927,20 @@ extern "C" {
208
         ctx: *mut BN_CTX,
209
     ) -> c_int;
210
 
211
+    pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
212
+    pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
213
+    pub fn ECDSA_do_verify(
214
+        dgst: *const c_uchar,
215
+        dgst_len: c_int,
216
+        sig: *const ECDSA_SIG,
217
+        eckey: *mut EC_KEY,
218
+    ) -> c_int;
219
+    pub fn ECDSA_do_sign(
220
+        dgst: *const c_uchar,
221
+        dgst_len: c_int,
222
+        eckey: *mut EC_KEY,
223
+    ) -> *mut ECDSA_SIG;
224
+
225
     pub fn ERR_peek_last_error() -> c_ulong;
226
     pub fn ERR_get_error() -> c_ulong;
227
     pub fn ERR_get_error_line_data(
228
@@ -1855,6 +1953,8 @@ extern "C" {
229
     pub fn ERR_func_error_string(err: c_ulong) -> *const c_char;
230
     pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char;
231
     pub fn ERR_clear_error();
232
+    pub fn ERR_put_error(lib: c_int, func: c_int, reason: c_int, file: *const c_char, line: c_int);
233
+    pub fn ERR_set_error_data(data: *mut c_char, flags: c_int);
234
 
235
     pub fn EVP_md5() -> *const EVP_MD;
236
     pub fn EVP_ripemd160() -> *const EVP_MD;
237
@@ -1869,6 +1969,7 @@ extern "C" {
238
     pub fn EVP_aes_128_xts() -> *const EVP_CIPHER;
239
     pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER;
240
     pub fn EVP_aes_128_gcm() -> *const EVP_CIPHER;
241
+    pub fn EVP_aes_128_ccm() -> *const EVP_CIPHER;
242
     pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER;
243
     pub fn EVP_aes_128_cfb128() -> *const EVP_CIPHER;
244
     pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER;
245
@@ -1877,6 +1978,7 @@ extern "C" {
246
     pub fn EVP_aes_256_xts() -> *const EVP_CIPHER;
247
     pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER;
248
     pub fn EVP_aes_256_gcm() -> *const EVP_CIPHER;
249
+    pub fn EVP_aes_256_ccm() -> *const EVP_CIPHER;
250
     pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER;
251
     pub fn EVP_aes_256_cfb128() -> *const EVP_CIPHER;
252
     pub fn EVP_aes_256_cfb8() -> *const EVP_CIPHER;
253
@@ -1888,6 +1990,8 @@ extern "C" {
254
 
255
     pub fn EVP_des_cbc() -> *const EVP_CIPHER;
256
     pub fn EVP_des_ecb() -> *const EVP_CIPHER;
257
+    pub fn EVP_des_ede3() -> *const EVP_CIPHER;
258
+    pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER;
259
 
260
     pub fn EVP_BytesToKey(
261
         typ: *const EVP_CIPHER,
262
@@ -1986,6 +2090,7 @@ extern "C" {
263
     pub fn EVP_PKEY_get1_DH(k: *mut EVP_PKEY) -> *mut DH;
264
     pub fn EVP_PKEY_get1_EC_KEY(k: *mut EVP_PKEY) -> *mut EC_KEY;
265
     pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int;
266
+    pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int;
267
     pub fn EVP_PKEY_new_mac_key(
268
         type_: c_int,
269
         e: *mut ENGINE,
270
@@ -2003,6 +2108,7 @@ extern "C" {
271
     ) -> *mut EVP_PKEY;
272
 
273
     pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
274
+    pub fn EVP_PKEY_CTX_new_id(id: c_int, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
275
     pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
276
     pub fn EVP_PKEY_CTX_ctrl(
277
         ctx: *mut EVP_PKEY_CTX,
278
@@ -2013,6 +2119,9 @@ extern "C" {
279
         p2: *mut c_void,
280
     ) -> c_int;
281
 
282
+    pub fn EVP_PKEY_keygen_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
283
+    pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
284
+
285
     pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int;
286
 
287
     pub fn OBJ_obj2nid(o: *const ASN1_OBJECT) -> c_int;
288
@@ -2022,6 +2131,7 @@ extern "C" {
289
         a: *const ASN1_OBJECT,
290
         no_name: c_int,
291
     ) -> c_int;
292
+    pub fn OBJ_nid2sn(nid: c_int) -> *const c_char;
293
 
294
     pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP;
295
     pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP);
296
@@ -2110,6 +2220,14 @@ extern "C" {
297
         callback: Option<PasswordCallback>,
298
         user_data: *mut c_void,
299
     ) -> *mut RSA;
300
+
301
+    pub fn PEM_read_bio_RSAPublicKey(
302
+        bio: *mut BIO,
303
+        rsa: *mut *mut RSA,
304
+        callback: Option<PasswordCallback>,
305
+        user_data: *mut c_void,
306
+    ) -> *mut RSA;
307
+
308
     pub fn PEM_read_bio_RSA_PUBKEY(
309
         bio: *mut BIO,
310
         rsa: *mut *mut RSA,
311
@@ -2344,6 +2462,7 @@ extern "C" {
312
     pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
313
     pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
314
     pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
315
+    pub fn SSL_version(ssl: *const SSL) -> c_int;
316
     pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
317
     pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char;
318
     pub fn SSL_set_verify(
319
@@ -2369,6 +2488,16 @@ extern "C" {
320
         ctx: *mut SSL,
321
         dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
322
     );
323
+    pub fn SSL_export_keying_material(
324
+        s: *mut SSL,
325
+        out: *mut c_uchar,
326
+        olen: size_t,
327
+        label: *const c_char,
328
+        llen: size_t,
329
+        context: *const c_uchar,
330
+        contextlen: size_t,
331
+        use_context: c_int,
332
+    ) -> c_int;
333
 
334
     #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))]
335
     pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
336
@@ -2436,6 +2565,14 @@ extern "C" {
337
         ctx: *mut SSL_CTX,
338
         dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
339
     );
340
+    pub fn SSL_CTX_sess_set_new_cb(
341
+        ctx: *mut SSL_CTX,
342
+        new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>,
343
+    );
344
+    pub fn SSL_CTX_sess_set_remove_cb(
345
+        ctx: *mut SSL_CTX,
346
+        remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>,
347
+    );
348
 
349
     #[cfg(not(any(ossl101, libressl)))]
350
     pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
351
@@ -2474,6 +2611,7 @@ extern "C" {
352
                 -> c_uint,
353
         >,
354
     );
355
+
356
     pub fn SSL_select_next_proto(
357
         out: *mut *mut c_uchar,
358
         outlen: *mut c_uchar,
359
@@ -2489,9 +2627,9 @@ extern "C" {
360
     );
361
     pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
362
     pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
363
-    #[cfg(not(any(ossl101, libressl, ossl110f)))]
364
+    #[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))]
365
     pub fn SSL_is_server(s: *mut SSL) -> c_int;
366
-    #[cfg(ossl110f)]
367
+    #[cfg(any(ossl110f, ossl111))]
368
     pub fn SSL_is_server(s: *const SSL) -> c_int;
369
 
370
     pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
371
@@ -2540,6 +2678,7 @@ extern "C" {
372
     pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
373
     pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY;
374
     pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ;
375
+    pub fn X509_verify_cert(ctx: *mut X509_STORE_CTX) -> c_int;
376
     pub fn X509_verify_cert_error_string(n: c_long) -> *const c_char;
377
     pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING;
378
     pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int;
379
@@ -2573,6 +2712,14 @@ extern "C" {
380
     pub fn X509_STORE_add_cert(store: *mut X509_STORE, x: *mut X509) -> c_int;
381
     pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int;
382
 
383
+    pub fn X509_STORE_CTX_new() -> *mut X509_STORE_CTX;
384
+    pub fn X509_STORE_CTX_cleanup(ctx: *mut X509_STORE_CTX);
385
+    pub fn X509_STORE_CTX_init(
386
+        ctx: *mut X509_STORE_CTX,
387
+        store: *mut X509_STORE,
388
+        x509: *mut X509,
389
+        chain: *mut stack_st_X509,
390
+    ) -> c_int;
391
     pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX);
392
     pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509;
393
     pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int;
394
@@ -2704,4 +2851,28 @@ extern "C" {
395
     pub fn FIPS_mode_set(onoff: c_int) -> c_int;
396
     #[cfg(not(libressl))]
397
     pub fn FIPS_mode() -> c_int;
398
+
399
+    pub fn SSL_CTX_set_cookie_generate_cb(
400
+        s: *mut SSL_CTX,
401
+        cb: Option<
402
+            extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
403
+        >,
404
+    );
405
+
406
+    #[cfg(ossl110)]
407
+    pub fn SSL_CTX_set_cookie_verify_cb(
408
+        s: *mut SSL_CTX,
409
+        cb: Option<
410
+            extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int,
411
+        >,
412
+    );
413
+
414
+    #[cfg(not(ossl110))]
415
+    pub fn SSL_CTX_set_cookie_verify_cb(
416
+        s: *mut SSL_CTX,
417
+        cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: c_uint) -> c_int>,
418
+    );
419
+
420
+    pub fn EVP_MD_size(md: *const EVP_MD) -> c_int;
421
+    pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER;
422
 }
(-)lang/rust/files/patch-src_vendor_openssl-sys_src_libressl_mod.rs (+62 lines)
Added Link Here
1
--- src/vendor/openssl-sys/src/libressl/mod.rs.orig	2018-03-25 15:53:20 UTC
2
+++ src/vendor/openssl-sys/src/libressl/mod.rs
3
@@ -134,6 +134,12 @@ pub struct DSA {
4
 }
5
 
6
 #[repr(C)]
7
+pub struct ECDSA_SIG {
8
+    pub r: *mut ::BIGNUM,
9
+    pub s: *mut ::BIGNUM,
10
+}
11
+
12
+#[repr(C)]
13
 pub struct EVP_PKEY {
14
     pub type_: c_int,
15
     pub save_type: c_int,
16
@@ -267,7 +273,8 @@ pub struct X509 {
17
     crldp: *mut c_void,
18
     altname: *mut c_void,
19
     nc: *mut c_void,
20
-    #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] sha1_hash: [c_uchar; 20],
21
+    #[cfg(not(osslconf = "OPENSSL_NO_SHA"))]
22
+    sha1_hash: [c_uchar; 20],
23
     aux: *mut c_void,
24
 }
25
 
26
@@ -330,9 +337,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
27
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
28
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
29
 
30
-#[cfg(any(libressl261, libressl262, libressl26x))]
31
+#[cfg(any(libressl261, libressl262, libressl26x, libressl27))]
32
 pub const SSL_OP_ALL: c_ulong = 0x4;
33
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
34
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))]
35
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
36
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
37
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
38
@@ -345,9 +352,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong =
39
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
40
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
41
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
42
-#[cfg(any(libressl261, libressl262, libressl26x))]
43
+#[cfg(any(libressl261, libressl262, libressl26x, libressl27))]
44
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
45
-#[cfg(not(any(libressl261, libressl262, libressl26x)))]
46
+#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27)))]
47
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
48
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
49
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
50
@@ -526,6 +533,12 @@ extern "C" {
51
         ctx: *mut ::SSL_CTX,
52
         ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int)
53
             -> *mut ::EC_KEY,
54
+    );
55
+    pub fn SSL_CTX_sess_set_get_cb(
56
+        ctx: *mut ::SSL_CTX,
57
+        get_session_cb: Option<
58
+            unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
59
+        >,
60
     );
61
     pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;
62
     pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME;
(-)lang/rust/files/patch-src_vendor_openssl-sys_src_ossl10x.rs (+296 lines)
Added Link Here
1
--- src/vendor/openssl-sys/src/ossl10x.rs.orig	2018-03-25 15:53:20 UTC
2
+++ src/vendor/openssl-sys/src/ossl10x.rs
3
@@ -129,6 +129,12 @@ pub struct DSA {
4
 }
5
 
6
 #[repr(C)]
7
+pub struct ECDSA_SIG {
8
+    pub r: *mut BIGNUM,
9
+    pub s: *mut BIGNUM
10
+}
11
+
12
+#[repr(C)]
13
 pub struct EVP_PKEY {
14
     pub type_: c_int,
15
     pub save_type: c_int,
16
@@ -263,9 +269,12 @@ pub struct X509 {
17
     crldp: *mut c_void,
18
     altname: *mut c_void,
19
     nc: *mut c_void,
20
-    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] rfc3779_addr: *mut c_void,
21
-    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] rfc3779_asid: *mut c_void,
22
-    #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] sha1_hash: [c_uchar; 20],
23
+    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))]
24
+    rfc3779_addr: *mut c_void,
25
+    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))]
26
+    rfc3779_asid: *mut c_void,
27
+    #[cfg(not(osslconf = "OPENSSL_NO_SHA"))]
28
+    sha1_hash: [c_uchar; 20],
29
     aux: *mut c_void,
30
 }
31
 
32
@@ -372,7 +381,8 @@ pub struct SSL {
33
     info_callback: Option<unsafe extern "C" fn(*mut SSL, c_int, c_int)>,
34
     error: c_int,
35
     error_code: c_int,
36
-    #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] kssl_ctx: *mut c_void,
37
+    #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
38
+    kssl_ctx: *mut c_void,
39
     #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
40
     psk_client_callback: Option<
41
         unsafe extern "C" fn(*mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint)
42
@@ -396,16 +406,26 @@ pub struct SSL {
43
     #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
44
     tlsext_debug_cb:
45
         Option<unsafe extern "C" fn(*mut SSL, c_int, c_int, *mut c_uchar, c_int, *mut c_void)>,
46
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_debug_arg: *mut c_void,
47
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hostname: *mut c_char,
48
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] servername_done: c_int,
49
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_type: c_int,
50
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_expected: c_int,
51
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_ids: *mut c_void,
52
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_exts: *mut c_void,
53
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_resp: *mut c_uchar,
54
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ocsp_resplen: c_int,
55
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_expected: c_int,
56
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
57
+    tlsext_debug_arg: *mut c_void,
58
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
59
+    tlsext_hostname: *mut c_char,
60
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
61
+    servername_done: c_int,
62
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
63
+    tlsext_status_type: c_int,
64
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
65
+    tlsext_status_expected: c_int,
66
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
67
+    tlsext_ocsp_ids: *mut c_void,
68
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
69
+    tlsext_ocsp_exts: *mut c_void,
70
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
71
+    tlsext_ocsp_resp: *mut c_uchar,
72
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
73
+    tlsext_ocsp_resplen: c_int,
74
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
75
+    tlsext_ticket_expected: c_int,
76
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
77
     tlsext_ecpointformatlist_length: size_t,
78
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
79
@@ -414,28 +434,43 @@ pub struct SSL {
80
     tlsext_ellipticcurvelist_length: size_t,
81
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
82
     tlsext_ellipticcurvelist: *mut c_uchar,
83
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input: *mut c_void,
84
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_len: size_t,
85
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_session_ticket: *mut c_void,
86
     #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
87
+    tlsext_opaque_prf_input: *mut c_void,
88
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
89
+    tlsext_opaque_prf_input_len: size_t,
90
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
91
+    tlsext_session_ticket: *mut c_void,
92
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
93
     tlsext_session_ticket_ext_cb: ::tls_session_ticket_ext_cb_fn,
94
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_ticket_ext_cb_arg: *mut c_void,
95
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_secret_cb: ::tls_session_secret_cb_fn,
96
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tls_session_secret_cb_arg: *mut c_void,
97
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] initial_ctx: *mut ::SSL_CTX,
98
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
99
+    tls_session_ticket_ext_cb_arg: *mut c_void,
100
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
101
+    tls_session_secret_cb: ::tls_session_secret_cb_fn,
102
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
103
+    tls_session_secret_cb_arg: *mut c_void,
104
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
105
+    initial_ctx: *mut ::SSL_CTX,
106
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
107
     next_proto_negotiated: *mut c_uchar,
108
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
109
     next_proto_negotiated_len: c_uchar,
110
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profiles: *mut c_void,
111
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profile: *mut c_void,
112
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_heartbeat: c_uint,
113
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hb_pending: c_uint,
114
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hb_seq: c_uint,
115
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
116
+    srtp_profiles: *mut c_void,
117
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
118
+    srtp_profile: *mut c_void,
119
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
120
+    tlsext_heartbeat: c_uint,
121
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
122
+    tlsext_hb_pending: c_uint,
123
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
124
+    tlsext_hb_seq: c_uint,
125
     renegotiate: c_int,
126
-    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: ::SRP_CTX,
127
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list: *mut c_uchar,
128
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list_len: c_uint,
129
+    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
130
+    srp_ctx: ::SRP_CTX,
131
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
132
+    alpn_client_proto_list: *mut c_uchar,
133
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
134
+    alpn_client_proto_list_len: c_uint,
135
 }
136
 
137
 #[repr(C)]
138
@@ -486,28 +521,46 @@ pub struct SSL_CTX {
139
     quiet_shutdown: c_int,
140
     max_send_fragment: c_uint,
141
 
142
-    #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] client_cert_engine: *mut c_void,
143
+    #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))]
144
+    client_cert_engine: *mut c_void,
145
 
146
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_servername_callback: *mut c_void,
147
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsect_servername_arg: *mut c_void,
148
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_key_name: [c_uchar; 16],
149
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_hmac_key: [c_uchar; 16],
150
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_aes_key: [c_uchar; 16],
151
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_key_cb: *mut c_void,
152
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_cb: *mut c_void,
153
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_arg: *mut c_void,
154
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback: *mut c_void,
155
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback_arg: *mut c_void,
156
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
157
+    tlsext_servername_callback: *mut c_void,
158
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
159
+    tlsect_servername_arg: *mut c_void,
160
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
161
+    tlsext_tick_key_name: [c_uchar; 16],
162
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
163
+    tlsext_tick_hmac_key: [c_uchar; 16],
164
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
165
+    tlsext_tick_aes_key: [c_uchar; 16],
166
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
167
+    tlsext_ticket_key_cb: *mut c_void,
168
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
169
+    tlsext_status_cb: *mut c_void,
170
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
171
+    tlsext_status_arg: *mut c_void,
172
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
173
+    tlsext_opaque_prf_input_callback: *mut c_void,
174
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
175
+    tlsext_opaque_prf_input_callback_arg: *mut c_void,
176
 
177
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity_hint: *mut c_void,
178
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_client_callback: *mut c_void,
179
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_server_callback: *mut c_void,
180
+    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
181
+    psk_identity_hint: *mut c_void,
182
+    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
183
+    psk_client_callback: *mut c_void,
184
+    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
185
+    psk_server_callback: *mut c_void,
186
 
187
-    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] freelist_max_len: c_uint,
188
-    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] wbuf_freelist: *mut c_void,
189
-    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] rbuf_freelist: *mut c_void,
190
+    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
191
+    freelist_max_len: c_uint,
192
+    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
193
+    wbuf_freelist: *mut c_void,
194
+    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
195
+    rbuf_freelist: *mut c_void,
196
 
197
-    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: SRP_CTX,
198
+    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
199
+    srp_ctx: SRP_CTX,
200
 
201
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
202
     next_protos_advertised_cb: *mut c_void,
203
@@ -518,13 +571,19 @@ pub struct SSL_CTX {
204
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
205
     next_proto_select_cb_arg: *mut c_void,
206
 
207
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] srtp_profiles: *mut c_void,
208
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))]
209
+    srtp_profiles: *mut c_void,
210
 
211
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] srtp_profiles: *mut c_void,
212
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb: *mut c_void,
213
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_select_cb_arg: *mut c_void,
214
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list: *mut c_void,
215
-    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list_len: c_uint,
216
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
217
+    srtp_profiles: *mut c_void,
218
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
219
+    alpn_select_cb: *mut c_void,
220
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
221
+    alpn_select_cb_arg: *mut c_void,
222
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
223
+    alpn_client_proto_list: *mut c_void,
224
+    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
225
+    alpn_client_proto_list_len: c_uint,
226
 
227
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))]
228
     tlsext_ecpointformatlist_length: size_t,
229
@@ -547,11 +606,14 @@ pub struct SSL_SESSION {
230
     session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
231
     sid_ctx_length: c_uint,
232
     sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
233
-    #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] krb5_client_princ_len: c_uint,
234
     #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
235
+    krb5_client_princ_len: c_uint,
236
+    #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
237
     krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
238
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity_hint: *mut c_char,
239
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity: *mut c_char,
240
+    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
241
+    psk_identity_hint: *mut c_char,
242
+    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
243
+    psk_identity: *mut c_char,
244
     not_resumable: c_int,
245
     sess_cert: *mut c_void,
246
     peer: *mut X509,
247
@@ -566,7 +628,8 @@ pub struct SSL_SESSION {
248
     ex_data: ::CRYPTO_EX_DATA,
249
     prev: *mut c_void,
250
     next: *mut c_void,
251
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hostname: *mut c_char,
252
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
253
+    tlsext_hostname: *mut c_char,
254
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
255
     tlsext_ecpointformatlist_length: size_t,
256
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
257
@@ -575,10 +638,14 @@ pub struct SSL_SESSION {
258
     tlsext_ellipticcurvelist_length: size_t,
259
     #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))]
260
     tlsext_ellipticcurvelist: *mut c_uchar,
261
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick: *mut c_uchar,
262
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticklen: size_t,
263
-    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_lifetime_hint: c_long,
264
-    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_username: *mut c_char,
265
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
266
+    tlsext_tick: *mut c_uchar,
267
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
268
+    tlsext_ticklen: size_t,
269
+    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
270
+    tlsext_tick_lifetime_hint: c_long,
271
+    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
272
+    srp_username: *mut c_char,
273
 }
274
 
275
 #[repr(C)]
276
@@ -830,6 +897,12 @@ extern "C" {
277
         ecdh: unsafe extern "C" fn(ssl: *mut ::SSL, is_export: c_int, keylength: c_int)
278
             -> *mut ::EC_KEY,
279
     );
280
+    pub fn SSL_CTX_sess_set_get_cb(
281
+        ctx: *mut ::SSL_CTX,
282
+        get_session_cb: Option<
283
+            unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
284
+        >,
285
+    );
286
     pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;
287
     pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME;
288
     pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
289
@@ -902,4 +975,7 @@ extern "C" {
290
 
291
     pub fn SSLeay() -> c_ulong;
292
     pub fn SSLeay_version(key: c_int) -> *const c_char;
293
+
294
+    #[cfg(ossl102)]
295
+    pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
296
 }
(-)lang/rust/files/patch-src_vendor_openssl-sys_src_ossl110.rs (+115 lines)
Added Link Here
1
--- src/vendor/openssl-sys/src/ossl110.rs.orig	2018-03-25 15:53:20 UTC
2
+++ src/vendor/openssl-sys/src/ossl110.rs
3
@@ -8,6 +8,7 @@ pub enum BIO_METHOD {}
4
 pub enum CRYPTO_EX_DATA {}
5
 pub enum DH {}
6
 pub enum DSA {}
7
+pub enum ECDSA_SIG {}
8
 pub enum EVP_CIPHER {}
9
 pub enum EVP_MD_CTX {}
10
 pub enum EVP_PKEY {}
11
@@ -33,6 +34,11 @@ pub enum X509_ALGOR {}
12
 pub enum X509_VERIFY_PARAM {}
13
 pub enum X509_REQ {}
14
 
15
+pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
16
+pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
17
+pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
18
+pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
19
+
20
 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000;
21
 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000;
22
 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000;
23
@@ -74,6 +80,58 @@ pub fn init() {
24
     })
25
 }
26
 
27
+pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int {
28
+    ::SSL_CTX_ctrl(
29
+        ctx,
30
+        SSL_CTRL_SET_MIN_PROTO_VERSION,
31
+        version as c_long,
32
+        ptr::null_mut(),
33
+    ) as c_int
34
+}
35
+
36
+pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: c_int) -> c_int {
37
+    ::SSL_CTX_ctrl(
38
+        ctx,
39
+        SSL_CTRL_SET_MAX_PROTO_VERSION,
40
+        version as c_long,
41
+        ptr::null_mut(),
42
+    ) as c_int
43
+}
44
+
45
+pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
46
+    ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
47
+}
48
+
49
+pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int {
50
+    ::SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
51
+}
52
+
53
+pub unsafe fn SSL_set_min_proto_version(s: *mut ::SSL, version: c_int) -> c_int {
54
+    ::SSL_ctrl(
55
+        s,
56
+        SSL_CTRL_SET_MIN_PROTO_VERSION,
57
+        version as c_long,
58
+        ptr::null_mut(),
59
+    ) as c_int
60
+}
61
+
62
+pub unsafe fn SSL_set_max_proto_version(s: *mut ::SSL, version: c_int) -> c_int {
63
+    ::SSL_ctrl(
64
+        s,
65
+        SSL_CTRL_SET_MAX_PROTO_VERSION,
66
+        version as c_long,
67
+        ptr::null_mut(),
68
+    ) as c_int
69
+}
70
+
71
+pub unsafe fn SSL_get_min_proto_version(s: *mut ::SSL) -> c_int {
72
+    ::SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
73
+}
74
+
75
+pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int {
76
+    ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
77
+}
78
+
79
 extern "C" {
80
     pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO;
81
     pub fn BIO_s_file() -> *const BIO_METHOD;
82
@@ -206,6 +264,14 @@ extern "C" {
83
     pub fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong;
84
     pub fn SSL_CTX_set_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong;
85
     pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong;
86
+    pub fn SSL_CTX_sess_set_get_cb(
87
+        ctx: *mut ::SSL_CTX,
88
+        get_session_cb: Option<
89
+            unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
90
+        >,
91
+    );
92
+    pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
93
+    pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
94
     pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME;
95
     pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME;
96
     pub fn X509_get0_signature(
97
@@ -224,6 +290,7 @@ extern "C" {
98
     pub fn BIO_get_data(a: *mut ::BIO) -> *mut c_void;
99
     pub fn BIO_meth_new(type_: c_int, name: *const c_char) -> *mut ::BIO_METHOD;
100
     pub fn BIO_meth_free(biom: *mut ::BIO_METHOD);
101
+    // FIXME should wrap in Option
102
     pub fn BIO_meth_set_write(
103
         biom: *mut ::BIO_METHOD,
104
         write: unsafe extern "C" fn(*mut ::BIO, *const c_char, c_int) -> c_int,
105
@@ -297,4 +364,10 @@ extern "C" {
106
     ) -> *mut PKCS12;
107
     pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long;
108
     pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME;
109
+    pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
110
+    pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM);
111
+    pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
112
+
113
+    pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int;
114
+    pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int;
115
 }
(-)lang/rust/files/patch-src_vendor_openssl-sys_src_ossl111.rs (+87 lines)
Added Link Here
1
--- src/vendor/openssl-sys/src/ossl111.rs.orig	2018-04-02 18:34:05 UTC
2
+++ src/vendor/openssl-sys/src/ossl111.rs
3
@@ -0,0 +1,84 @@
4
+use libc::{c_char, c_uchar, c_int, c_uint, c_ulong, size_t, c_void};
5
+
6
+pub type SSL_CTX_keylog_cb_func =
7
+    Option<unsafe extern "C" fn(ssl: *const ::SSL, line: *const c_char)>;
8
+
9
+pub type SSL_custom_ext_add_cb_ex =
10
+    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,
11
+                                context: c_uint,
12
+                                out: *mut *const c_uchar,
13
+                                outlen: *mut size_t, x: *mut ::X509,
14
+                                chainidx: size_t, al: *mut c_int,
15
+                                add_arg: *mut c_void) -> c_int>;
16
+
17
+pub type SSL_custom_ext_free_cb_ex =
18
+    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,
19
+                                context: c_uint,
20
+                                out: *mut *const c_uchar,
21
+                                add_arg: *mut c_void)>;
22
+
23
+pub type SSL_custom_ext_parse_cb_ex =
24
+    Option<unsafe extern "C" fn(ssl: *mut ::SSL, ext_type: c_uint,
25
+                                context: c_uint,
26
+                                input: *const c_uchar,
27
+                                inlen: size_t, x: *mut ::X509,
28
+                                chainidx: size_t, al: *mut c_int,
29
+                                parse_arg: *mut c_void) -> c_int>;
30
+
31
+pub const SSL_COOKIE_LENGTH: c_int = 4096;
32
+
33
+pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000;
34
+
35
+pub const TLS1_3_VERSION: c_int = 0x304;
36
+
37
+pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
38
+/* This extension is only allowed in DTLS */
39
+pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
40
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
41
+pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
42
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
43
+pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
44
+/* Extension is only defined for TLS1.2 and below */
45
+pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
46
+/* Extension is only defined for TLS1.3 and above */
47
+pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
48
+/* Ignore this extension during parsing if we are resuming */
49
+pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
50
+pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
51
+/* Really means TLS1.2 or below */
52
+pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
53
+pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
54
+pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
55
+pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
56
+pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
57
+pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
58
+pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
59
+
60
+
61
+extern "C" {
62
+    pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func);
63
+    pub fn SSL_CTX_add_custom_ext(ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint,
64
+                                  add_cb: SSL_custom_ext_add_cb_ex,
65
+                                  free_cb: SSL_custom_ext_free_cb_ex,
66
+                                  add_arg: *mut c_void,
67
+                                  parse_cb: SSL_custom_ext_parse_cb_ex,
68
+                                  parse_arg: *mut c_void) -> c_int;
69
+    pub fn SSL_stateless(s: *mut ::SSL) -> c_int;
70
+    pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD;
71
+    pub fn SSL_CTX_set_stateless_cookie_generate_cb(
72
+        s: *mut ::SSL_CTX,
73
+        cb: Option<unsafe extern "C" fn(
74
+            ssl: *mut ::SSL,
75
+            cookie: *mut c_uchar,
76
+            cookie_len: *mut size_t
77
+        ) -> c_int>
78
+    );
79
+    pub fn SSL_CTX_set_stateless_cookie_verify_cb(
80
+        s: *mut ::SSL_CTX,
81
+        cb: Option<unsafe extern "C" fn(
82
+            ssl: *mut ::SSL,
83
+            cookie: *const c_uchar,
84
+            cookie_len: size_t
85
+        ) -> c_int>
86
+    );
87
+}

Return to bug 226955