1 // Copyright (c) 2023 Huawei Device Co., Ltd. 2 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // you may not use this file except in compliance with the License. 4 // You may obtain a copy of the License at 5 // 6 // http://www.apache.org/licenses/LICENSE-2.0 7 // 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; 15 16 use super::bio::BIO; 17 use super::x509::{C_X509, X509_STORE, X509_STORE_CTX, X509_VERIFY_PARAM}; 18 19 /// This is the global context structure which is created by a server or client 20 /// once per program life-time and which holds mainly default values for the 21 /// `SSL` structures which are later created for the connections. 22 pub(crate) enum SSL_CTX {} 23 24 // for `SSL_CTX` 25 extern "C" { 26 /// Creates a new `SSL_CTX` object, which holds various configuration and 27 /// data relevant to SSL/TLS or DTLS session establishment. \ 28 /// Returns `Null` if failed. SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX29 pub(crate) fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; 30 31 /// Frees an allocated `SSL_CTX` object SSL_CTX_free(ctx: *mut SSL_CTX)32 pub(crate) fn SSL_CTX_free(ctx: *mut SSL_CTX); 33 34 /// Increments the reference count for an existing `SSL_CTX` structure. 35 /// Returns 1 for success and 0 for failure SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int36 pub(crate) fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; 37 38 /// Internal handling functions for SSL_CTX objects. SSL_CTX_ctrl( ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void, ) -> c_long39 pub(crate) fn SSL_CTX_ctrl( 40 ctx: *mut SSL_CTX, 41 cmd: c_int, 42 larg: c_long, 43 parg: *mut c_void, 44 ) -> c_long; 45 46 /// Set default locations for trusted CA certificates. SSL_CTX_load_verify_locations( ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char, ) -> c_int47 pub(crate) fn SSL_CTX_load_verify_locations( 48 ctx: *mut SSL_CTX, 49 CAfile: *const c_char, 50 CApath: *const c_char, 51 ) -> c_int; 52 53 /// Sets the list of available ciphers (TLSv1.2 and below) for ctx using the 54 /// control string str.\ 55 /// This function does not impact TLSv1.3 ciphersuites. SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int56 pub(crate) fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; 57 58 /// Uses to configure the available TLSv1.3 ciphersuites for ctx. SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int59 pub(crate) fn SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int; 60 61 /// Loads the first certificate stored in file into ctx. 62 /// The formatting type of the certificate must be specified from the known 63 /// types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_certificate_file( ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int, ) -> c_int64 pub(crate) fn SSL_CTX_use_certificate_file( 65 ctx: *mut SSL_CTX, 66 cert_file: *const c_char, 67 file_type: c_int, 68 ) -> c_int; 69 70 /// Loads a certificate chain from file into ctx. The certificates must be 71 /// in PEM format and must be sorted starting with the subject's 72 /// certificate (actual client or server certificate), followed by 73 /// intermediate CA certificates if applicable, and ending at the 74 /// highest level (root) CA. SSL_CTX_use_certificate_chain_file( ctx: *mut SSL_CTX, cert_chain_file: *const c_char, ) -> c_int75 pub(crate) fn SSL_CTX_use_certificate_chain_file( 76 ctx: *mut SSL_CTX, 77 cert_chain_file: *const c_char, 78 ) -> c_int; 79 80 /// Client sets the list of protocols available to be negotiated. SSL_CTX_set_alpn_protos( s: *mut SSL_CTX, data: *const c_uchar, len: c_uint, ) -> c_int81 pub(crate) fn SSL_CTX_set_alpn_protos( 82 s: *mut SSL_CTX, 83 data: *const c_uchar, 84 len: c_uint, 85 ) -> c_int; 86 87 /// Sets/replaces the certificate verification storage of ctx to/with store. 88 /// If another X509_STORE object is currently set in ctx, it will be 89 /// X509_STORE_free()ed. SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE)90 pub(crate) fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); 91 92 /// Returns a pointer to the current certificate verification storage. SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE93 pub(crate) fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; 94 95 /// Specifies that the default locations from which CA certificates are 96 /// loaded should be used. There is one default directory, one default 97 /// file and one default store. The default CA certificates directory is 98 /// called certs in the default OpenSSL directory, and this is also the 99 /// default store. Alternatively the SSL_CERT_DIR environment variable 100 /// can be defined to override this location. The default CA 101 /// certificates file is called cert.pem in the default OpenSSL 102 /// directory. Alternatively the SSL_CERT_FILE environment variable can 103 /// be defined to override this location. SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int104 pub(crate) fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; 105 106 /// Sets the verification flags for ctx to be mode and specifies the 107 /// verify_callback function to be used. 108 /// If no callback function shall be specified, the NULL pointer can be use 109 /// for verify_callback. SSL_CTX_set_verify( ctx: *mut SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, )110 pub(crate) fn SSL_CTX_set_verify( 111 ctx: *mut SSL_CTX, 112 mode: c_int, 113 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, 114 ); 115 116 } 117 118 /// This is the main SSL/TLS structure which is created by a server or client 119 /// per established connection. This actually is the core structure in the SSL 120 /// API. At run-time the application usually deals with this structure which has 121 /// links to mostly all other structures. 122 pub(crate) enum SSL {} 123 124 // for `SSL` 125 extern "C" { 126 /// Creates a new `SSL` structure which is needed to hold the data for a 127 /// TLS/SSL connection. \ 128 /// Returns `Null` if failed. SSL_new(ctx: *mut SSL_CTX) -> *mut SSL129 pub(crate) fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; 130 SSL_free(ssl: *mut SSL)131 pub(crate) fn SSL_free(ssl: *mut SSL); 132 133 /// Obtains result code for TLS/SSL I/O operation.\ 134 /// SSL_get_error() must be used in the same thread that performed the 135 /// TLS/SSL I/O operation, and no other OpenSSL function calls should 136 /// appear in between. SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int137 pub(crate) fn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int; 138 139 /// Returns an abbreviated string indicating the current state of the SSL 140 /// object ssl. SSL_state_string_long(ssl: *const SSL) -> *const c_char141 pub(crate) fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; 142 143 /// Returns the result of the verification of the X509 certificate presented 144 /// by the peer, if any. SSL_get_verify_result(ssl: *const SSL) -> c_long145 pub(crate) fn SSL_get_verify_result(ssl: *const SSL) -> c_long; 146 SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO)147 pub(crate) fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO); 148 SSL_get_rbio(ssl: *const SSL) -> *mut BIO149 pub(crate) fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO; 150 SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int151 pub(crate) fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; 152 SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int153 pub(crate) fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int; 154 SSL_connect(ssl: *mut SSL) -> c_int155 pub(crate) fn SSL_connect(ssl: *mut SSL) -> c_int; 156 SSL_shutdown(ssl: *mut SSL) -> c_int157 pub(crate) fn SSL_shutdown(ssl: *mut SSL) -> c_int; 158 SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long159 pub(crate) fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; 160 161 /// Retrieve an internal pointer to the verification parameters for ssl 162 /// respectively. The returned pointer must not be freed by the calling 163 /// application. SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM164 pub(crate) fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; 165 } 166 167 /// This is a dispatch structure describing the internal ssl library 168 /// methods/functions which implement the various protocol versions (SSLv3 169 /// TLSv1, ...). It's needed to create an `SSL_CTX`. 170 pub(crate) enum SSL_METHOD {} 171 172 // for `SSL_METHOD` 173 extern "C" { 174 /// Is the general-purpose version-flexible SSL/TLS methods. The actual 175 /// protocol version used will be negotiated to the highest version 176 /// mutually supported by the client and the server. TLS_client_method() -> *const SSL_METHOD177 pub(crate) fn TLS_client_method() -> *const SSL_METHOD; 178 } 179