1 // Copyright (c) 2023 Huawei Device Co., Ltd. 2 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // you may not use this file except in compliance with the License. 4 // You may obtain a copy of the License at 5 // 6 // http://www.apache.org/licenses/LICENSE-2.0 7 // 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; 15 16 use super::bio::BIO; 17 use super::x509::{C_X509, STACK_X509, X509_STORE, X509_STORE_CTX, X509_VERIFY_PARAM}; 18 19 /// This is the global context structure which is created by a server or client 20 /// once per program life-time and which holds mainly default values for the 21 /// `SSL` structures which are later created for the connections. 22 pub(crate) enum SSL_CTX {} 23 24 // for `SSL_CTX` 25 extern "C" { 26 /// Creates a new `SSL_CTX` object, which holds various configuration and 27 /// data relevant to SSL/TLS or DTLS session establishment. \ 28 /// Returns `Null` if failed. SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX29 pub(crate) fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; 30 31 /// Frees an allocated `SSL_CTX` object SSL_CTX_free(ctx: *mut SSL_CTX)32 pub(crate) fn SSL_CTX_free(ctx: *mut SSL_CTX); 33 34 /// Increments the reference count for an existing `SSL_CTX` structure. 35 /// Returns 1 for success and 0 for failure SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int36 pub(crate) fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; 37 38 /// Internal handling functions for SSL_CTX objects. 39 #[cfg(feature = "__c_openssl")] SSL_CTX_ctrl( ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void, ) -> c_long40 pub(crate) fn SSL_CTX_ctrl( 41 ctx: *mut SSL_CTX, 42 cmd: c_int, 43 larg: c_long, 44 parg: *mut c_void, 45 ) -> c_long; 46 47 /// Set default locations for trusted CA certificates. SSL_CTX_load_verify_locations( ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char, ) -> c_int48 pub(crate) fn SSL_CTX_load_verify_locations( 49 ctx: *mut SSL_CTX, 50 CAfile: *const c_char, 51 CApath: *const c_char, 52 ) -> c_int; 53 54 /// Sets the list of available ciphers (TLSv1.2 and below) for ctx using the 55 /// control string str.\ 56 /// This function does not impact TLSv1.3 ciphersuites. SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int57 pub(crate) fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; 58 59 /// Loads the first certificate stored in file into ctx. 60 /// The formatting type of the certificate must be specified from the known 61 /// types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_certificate_file( ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int, ) -> c_int62 pub(crate) fn SSL_CTX_use_certificate_file( 63 ctx: *mut SSL_CTX, 64 cert_file: *const c_char, 65 file_type: c_int, 66 ) -> c_int; 67 68 /// Loads a certificate chain from file into ctx. The certificates must be 69 /// in PEM format and must be sorted starting with the subject's 70 /// certificate (actual client or server certificate), followed by 71 /// intermediate CA certificates if applicable, and ending at the 72 /// highest level (root) CA. SSL_CTX_use_certificate_chain_file( ctx: *mut SSL_CTX, cert_chain_file: *const c_char, ) -> c_int73 pub(crate) fn SSL_CTX_use_certificate_chain_file( 74 ctx: *mut SSL_CTX, 75 cert_chain_file: *const c_char, 76 ) -> c_int; 77 78 /// Client sets the list of protocols available to be negotiated. SSL_CTX_set_alpn_protos( ctx: *mut SSL_CTX, data: *const c_uchar, len: c_uint, ) -> c_int79 pub(crate) fn SSL_CTX_set_alpn_protos( 80 ctx: *mut SSL_CTX, 81 data: *const c_uchar, 82 len: c_uint, 83 ) -> c_int; 84 85 /// returns the selected protocol. It is not NUL-terminated. 86 #[cfg(feature = "http2")] SSL_get0_alpn_selected( ssl: *const SSL, data: *mut *const c_uchar, len: *mut c_uint, )87 pub(crate) fn SSL_get0_alpn_selected( 88 ssl: *const SSL, 89 data: *mut *const c_uchar, 90 len: *mut c_uint, 91 ); 92 93 /// Sets/replaces the certificate verification storage of ctx to/with store. 94 /// If another X509_STORE object is currently set in ctx, it will be 95 /// X509_STORE_free()ed. SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE)96 pub(crate) fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); 97 98 /// Returns a pointer to the current certificate verification storage. SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE99 pub(crate) fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; 100 101 /// Specifies that the default locations from which CA certificates are 102 /// loaded should be used. There is one default directory, one default 103 /// file and one default store. The default CA certificates directory is 104 /// called certs in the default OpenSSL directory, and this is also the 105 /// default store. Alternatively the SSL_CERT_DIR environment variable 106 /// can be defined to override this location. The default CA 107 /// certificates file is called cert.pem in the default OpenSSL 108 /// directory. Alternatively the SSL_CERT_FILE environment variable can 109 /// be defined to override this location. SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int110 pub(crate) fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; 111 112 /// Sets the verification flags for ctx to be mode and specifies the 113 /// verify_callback function to be used. 114 /// If no callback function shall be specified, the NULL pointer can be use 115 /// for verify_callback. SSL_CTX_set_verify( ctx: *mut SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, )116 pub(crate) fn SSL_CTX_set_verify( 117 ctx: *mut SSL_CTX, 118 mode: c_int, 119 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, 120 ); 121 SSL_CTX_set_cert_verify_callback( ctx: *mut SSL_CTX, callback: extern "C" fn(*mut X509_STORE_CTX, *mut c_void) -> c_int, arg: *mut c_void, )122 pub(crate) fn SSL_CTX_set_cert_verify_callback( 123 ctx: *mut SSL_CTX, 124 callback: extern "C" fn(*mut X509_STORE_CTX, *mut c_void) -> c_int, 125 arg: *mut c_void, 126 ); 127 128 #[cfg(feature = "c_boringssl")] SSL_CTX_set_min_proto_version( ctx: *mut SSL_CTX, version: libc::c_ushort, ) -> c_int129 pub(crate) fn SSL_CTX_set_min_proto_version( 130 ctx: *mut SSL_CTX, 131 version: libc::c_ushort, 132 ) -> c_int; 133 134 #[cfg(feature = "c_boringssl")] SSL_CTX_set_max_proto_version( ctx: *mut SSL_CTX, version: libc::c_ushort, ) -> c_int135 pub(crate) fn SSL_CTX_set_max_proto_version( 136 ctx: *mut SSL_CTX, 137 version: libc::c_ushort, 138 ) -> c_int; 139 140 #[cfg(feature = "c_boringssl")] SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, parg: *mut c_void) -> c_int141 pub(crate) fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, parg: *mut c_void) -> c_int; 142 } 143 144 /// This is the main SSL/TLS structure which is created by a server or client 145 /// per established connection. This actually is the core structure in the SSL 146 /// API. At run-time the application usually deals with this structure which has 147 /// links to mostly all other structures. 148 pub(crate) enum SSL {} 149 150 // for `SSL` 151 extern "C" { 152 /// Creates a new `SSL` structure which is needed to hold the data for a 153 /// TLS/SSL connection. \ 154 /// Returns `Null` if failed. SSL_new(ctx: *mut SSL_CTX) -> *mut SSL155 pub(crate) fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; 156 SSL_free(ssl: *mut SSL)157 pub(crate) fn SSL_free(ssl: *mut SSL); 158 159 /// Obtains result code for TLS/SSL I/O operation.\ 160 /// SSL_get_error() must be used in the same thread that performed the 161 /// TLS/SSL I/O operation, and no other OpenSSL function calls should 162 /// appear in between. SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int163 pub(crate) fn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int; 164 165 /// Returns an abbreviated string indicating the current state of the SSL 166 /// object ssl. SSL_state_string_long(ssl: *const SSL) -> *const c_char167 pub(crate) fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; 168 169 /// Returns the result of the verification of the X509 certificate presented 170 /// by the peer, if any. SSL_get_verify_result(ssl: *const SSL) -> c_long171 pub(crate) fn SSL_get_verify_result(ssl: *const SSL) -> c_long; 172 173 #[cfg(feature = "c_openssl_3_0")] SSL_get1_peer_certificate(ssl: *const SSL) -> *mut C_X509174 pub(crate) fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut C_X509; 175 // use 1.1 in boringssl 176 177 #[cfg(any(feature = "c_openssl_1_1", feature = "c_boringssl"))] SSL_get_peer_certificate(ssl: *const SSL) -> *mut C_X509178 pub(crate) fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut C_X509; 179 SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut STACK_X509180 pub(crate) fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut STACK_X509; 181 182 /// Increases the reference count of all certificates in chain x and returns 183 /// a copy of the stack X509_chain_up_ref(stack_x509: *mut STACK_X509) -> *mut STACK_X509184 pub(crate) fn X509_chain_up_ref(stack_x509: *mut STACK_X509) -> *mut STACK_X509; 185 SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO)186 pub(crate) fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO); 187 SSL_get_rbio(ssl: *const SSL) -> *mut BIO188 pub(crate) fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO; 189 SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int190 pub(crate) fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; 191 SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int192 pub(crate) fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int; 193 SSL_connect(ssl: *mut SSL) -> c_int194 pub(crate) fn SSL_connect(ssl: *mut SSL) -> c_int; 195 SSL_shutdown(ssl: *mut SSL) -> c_int196 pub(crate) fn SSL_shutdown(ssl: *mut SSL) -> c_int; 197 198 #[cfg(feature = "__c_openssl")] SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long199 pub(crate) fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; 200 201 /// Retrieve an internal pointer to the verification parameters for ssl 202 /// respectively. The returned pointer must not be freed by the calling 203 /// application. SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM204 pub(crate) fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; 205 206 #[cfg(feature = "c_boringssl")] SSL_set_tlsext_host_name(ssl: *mut SSL, name: *mut c_void) -> c_int207 pub(crate) fn SSL_set_tlsext_host_name(ssl: *mut SSL, name: *mut c_void) -> c_int; 208 } 209 210 /// This is a dispatch structure describing the internal ssl library 211 /// methods/functions which implement the various protocol versions (SSLv3 212 /// TLSv1, ...). It's needed to create an `SSL_CTX`. 213 pub(crate) enum SSL_METHOD {} 214 215 // for `SSL_METHOD` 216 extern "C" { 217 /// Is the general-purpose version-flexible SSL/TLS methods. The actual 218 /// protocol version used will be negotiated to the highest version 219 /// mutually supported by the client and the server. TLS_client_method() -> *const SSL_METHOD220 pub(crate) fn TLS_client_method() -> *const SSL_METHOD; 221 } 222