summaryrefslogtreecommitdiffstats
path: root/vendor/openssl/src/ssl
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-30 03:57:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-30 03:57:31 +0000
commitdc0db358abe19481e475e10c32149b53370f1a1c (patch)
treeab8ce99c4b255ce46f99ef402c27916055b899ee /vendor/openssl/src/ssl
parentReleasing progress-linux version 1.71.1+dfsg1-2~progress7.99u1. (diff)
downloadrustc-dc0db358abe19481e475e10c32149b53370f1a1c.tar.xz
rustc-dc0db358abe19481e475e10c32149b53370f1a1c.zip
Merging upstream version 1.72.1+dfsg1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/openssl/src/ssl')
-rw-r--r--vendor/openssl/src/ssl/mod.rs69
-rw-r--r--vendor/openssl/src/ssl/test/mod.rs5
2 files changed, 70 insertions, 4 deletions
diff --git a/vendor/openssl/src/ssl/mod.rs b/vendor/openssl/src/ssl/mod.rs
index 6ef356d36..27e817f30 100644
--- a/vendor/openssl/src/ssl/mod.rs
+++ b/vendor/openssl/src/ssl/mod.rs
@@ -72,7 +72,7 @@ use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};
use crate::ssl::bio::BioMethod;
use crate::ssl::callbacks::*;
use crate::ssl::error::InnerError;
-use crate::stack::{Stack, StackRef};
+use crate::stack::{Stack, StackRef, Stackable};
use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, libressl261))]
@@ -599,7 +599,7 @@ impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(any(ossl110))]
+ #[cfg(ossl110)]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
/// Do not select a protocol, but continue the handshake.
@@ -644,6 +644,17 @@ impl SslVersion {
/// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
#[cfg(any(ossl111, libressl340))]
pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
+
+ /// DTLSv1.0
+ ///
+ /// DTLS 1.0 corresponds to TLS 1.1.
+ pub const DTLS1: SslVersion = SslVersion(ffi::DTLS1_VERSION);
+
+ /// DTLSv1.2
+ ///
+ /// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1.
+ #[cfg(any(ossl102, libressl332))]
+ pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION);
}
cfg_if! {
@@ -1929,6 +1940,10 @@ impl ForeignType for SslCipher {
}
}
+impl Stackable for SslCipher {
+ type StackType = ffi::stack_st_SSL_CIPHER;
+}
+
impl Deref for SslCipher {
type Target = SslCipherRef;
@@ -2045,6 +2060,19 @@ impl SslCipherRef {
}
}
+impl fmt::Debug for SslCipherRef {
+ fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
+ write!(fmt, "{}", self.name())
+ }
+}
+
+/// A stack of selected ciphers, and a stack of selected signalling cipher suites
+#[derive(Debug)]
+pub struct CipherLists {
+ pub suites: Stack<SslCipher>,
+ pub signalling_suites: Stack<SslCipher>,
+}
+
foreign_type_and_impl_send_sync! {
type CType = ffi::SSL_SESSION;
fn drop = ffi::SSL_SESSION_free;
@@ -2385,7 +2413,7 @@ impl SslRef {
///
/// Requires OpenSSL 1.0.1 or 1.0.2.
#[corresponds(SSL_set_tmp_ecdh_callback)]
- #[cfg(any(all(ossl101, not(ossl110))))]
+ #[cfg(all(ossl101, not(ossl110)))]
#[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
@@ -3072,6 +3100,41 @@ impl SslRef {
}
}
+ /// Decodes a slice of wire-format cipher suite specification bytes. Unsupported cipher suites
+ /// are ignored.
+ ///
+ /// Requires OpenSSL 1.1.1 or newer.
+ #[corresponds(SSL_bytes_to_cipher_list)]
+ #[cfg(ossl111)]
+ pub fn bytes_to_cipher_list(
+ &self,
+ bytes: &[u8],
+ isv2format: bool,
+ ) -> Result<CipherLists, ErrorStack> {
+ unsafe {
+ let ptr = bytes.as_ptr();
+ let len = bytes.len();
+ let mut sk = ptr::null_mut();
+ let mut scsvs = ptr::null_mut();
+ let res = ffi::SSL_bytes_to_cipher_list(
+ self.as_ptr(),
+ ptr,
+ len,
+ isv2format as c_int,
+ &mut sk,
+ &mut scsvs,
+ );
+ if res == 1 {
+ Ok(CipherLists {
+ suites: Stack::from_ptr(sk),
+ signalling_suites: Stack::from_ptr(scsvs),
+ })
+ } else {
+ Err(ErrorStack::get())
+ }
+ }
+ }
+
/// Returns the compression methods field of the client's hello message.
///
/// This can only be used inside of the client hello callback. Otherwise, `None` is returned.
diff --git a/vendor/openssl/src/ssl/test/mod.rs b/vendor/openssl/src/ssl/test/mod.rs
index a34309a7d..7707af238 100644
--- a/vendor/openssl/src/ssl/test/mod.rs
+++ b/vendor/openssl/src/ssl/test/mod.rs
@@ -467,7 +467,7 @@ fn test_alpn_server_advertise_multiple() {
}
#[test]
-#[cfg(any(ossl110))]
+#[cfg(ossl110)]
fn test_alpn_server_select_none_fatal() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
@@ -1458,6 +1458,9 @@ fn client_hello() {
assert!(ssl.client_hello_session_id().is_some());
assert!(ssl.client_hello_ciphers().is_some());
assert!(ssl.client_hello_compression_methods().is_some());
+ assert!(ssl
+ .bytes_to_cipher_list(ssl.client_hello_ciphers().unwrap(), ssl.client_hello_isv2())
+ .is_ok());
CALLED_BACK.store(true, Ordering::SeqCst);
Ok(ClientHelloResponse::SUCCESS)