1 // Copyright (c) 2023 Huawei Device Co., Ltd. 2 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // you may not use this file except in compliance with the License. 4 // You may obtain a copy of the License at 5 // 6 // http://www.apache.org/licenses/LICENSE-2.0 7 // 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; 15 16 use super::bio::BIO; 17 use super::x509::{C_X509, X509_STORE, X509_STORE_CTX, X509_VERIFY_PARAM}; 18 19 /// This is the global context structure which is created by a server or client 20 /// once per program life-time and which holds mainly default values for the 21 /// `SSL` structures which are later created for the connections. 22 pub(crate) enum SSL_CTX {} 23 24 // for `SSL_CTX` 25 extern "C" { 26 /// Creates a new `SSL_CTX` object, which holds various configuration and 27 /// data relevant to SSL/TLS or DTLS session establishment. \ 28 /// Returns `Null` if failed. SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX29 pub(crate) fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; 30 31 /// Frees an allocated `SSL_CTX` object SSL_CTX_free(ctx: *mut SSL_CTX)32 pub(crate) fn SSL_CTX_free(ctx: *mut SSL_CTX); 33 34 /// Increments the reference count for an existing `SSL_CTX` structure. 35 /// Returns 1 for success and 0 for failure SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int36 pub(crate) fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; 37 38 /// Internal handling functions for SSL_CTX objects. SSL_CTX_ctrl( ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void, ) -> c_long39 pub(crate) fn SSL_CTX_ctrl( 40 ctx: *mut SSL_CTX, 41 cmd: c_int, 42 larg: c_long, 43 parg: *mut c_void, 44 ) -> c_long; 45 46 /// Set default locations for trusted CA certificates. SSL_CTX_load_verify_locations( ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char, ) -> c_int47 pub(crate) fn SSL_CTX_load_verify_locations( 48 ctx: *mut SSL_CTX, 49 CAfile: *const c_char, 50 CApath: *const c_char, 51 ) -> c_int; 52 53 /// Sets the list of available ciphers (TLSv1.2 and below) for ctx using the 54 /// control string str.\ 55 /// This function does not impact TLSv1.3 ciphersuites. SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int56 pub(crate) fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; 57 58 /// Uses to configure the available TLSv1.3 ciphersuites for ctx. SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int59 pub(crate) fn SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int; 60 61 /// Loads the first certificate stored in file into ctx. 62 /// The formatting type of the certificate must be specified from the known 63 /// types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_certificate_file( ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int, ) -> c_int64 pub(crate) fn SSL_CTX_use_certificate_file( 65 ctx: *mut SSL_CTX, 66 cert_file: *const c_char, 67 file_type: c_int, 68 ) -> c_int; 69 70 /// Loads a certificate chain from file into ctx. The certificates must be 71 /// in PEM format and must be sorted starting with the subject's 72 /// certificate (actual client or server certificate), followed by 73 /// intermediate CA certificates if applicable, and ending at the 74 /// highest level (root) CA. SSL_CTX_use_certificate_chain_file( ctx: *mut SSL_CTX, cert_chain_file: *const c_char, ) -> c_int75 pub(crate) fn SSL_CTX_use_certificate_chain_file( 76 ctx: *mut SSL_CTX, 77 cert_chain_file: *const c_char, 78 ) -> c_int; 79 80 /// Client sets the list of protocols available to be negotiated. SSL_CTX_set_alpn_protos( ctx: *mut SSL_CTX, data: *const c_uchar, len: c_uint, ) -> c_int81 pub(crate) fn SSL_CTX_set_alpn_protos( 82 ctx: *mut SSL_CTX, 83 data: *const c_uchar, 84 len: c_uint, 85 ) -> c_int; 86 87 /// returns the selected protocol. It is not NUL-terminated. SSL_get0_alpn_selected( ssl: *const SSL, data: *mut *const c_uchar, len: *mut c_uint, )88 pub(crate) fn SSL_get0_alpn_selected( 89 ssl: *const SSL, 90 data: *mut *const c_uchar, 91 len: *mut c_uint, 92 ); 93 94 /// Sets/replaces the certificate verification storage of ctx to/with store. 95 /// If another X509_STORE object is currently set in ctx, it will be 96 /// X509_STORE_free()ed. SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE)97 pub(crate) fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE); 98 99 /// Returns a pointer to the current certificate verification storage. SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE100 pub(crate) fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE; 101 102 /// Specifies that the default locations from which CA certificates are 103 /// loaded should be used. There is one default directory, one default 104 /// file and one default store. The default CA certificates directory is 105 /// called certs in the default OpenSSL directory, and this is also the 106 /// default store. Alternatively the SSL_CERT_DIR environment variable 107 /// can be defined to override this location. The default CA 108 /// certificates file is called cert.pem in the default OpenSSL 109 /// directory. Alternatively the SSL_CERT_FILE environment variable can 110 /// be defined to override this location. SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int111 pub(crate) fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int; 112 113 /// Sets the verification flags for ctx to be mode and specifies the 114 /// verify_callback function to be used. 115 /// If no callback function shall be specified, the NULL pointer can be use 116 /// for verify_callback. SSL_CTX_set_verify( ctx: *mut SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, )117 pub(crate) fn SSL_CTX_set_verify( 118 ctx: *mut SSL_CTX, 119 mode: c_int, 120 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, 121 ); 122 SSL_CTX_set_cert_verify_callback( ctx: *mut SSL_CTX, callback: extern "C" fn(*mut X509_STORE_CTX, *mut c_void) -> c_int, arg: *mut c_void, )123 pub(crate) fn SSL_CTX_set_cert_verify_callback( 124 ctx: *mut SSL_CTX, 125 callback: extern "C" fn(*mut X509_STORE_CTX, *mut c_void) -> c_int, 126 arg: *mut c_void, 127 ); 128 129 } 130 131 /// This is the main SSL/TLS structure which is created by a server or client 132 /// per established connection. This actually is the core structure in the SSL 133 /// API. At run-time the application usually deals with this structure which has 134 /// links to mostly all other structures. 135 pub(crate) enum SSL {} 136 137 // for `SSL` 138 extern "C" { 139 /// Creates a new `SSL` structure which is needed to hold the data for a 140 /// TLS/SSL connection. \ 141 /// Returns `Null` if failed. SSL_new(ctx: *mut SSL_CTX) -> *mut SSL142 pub(crate) fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; 143 SSL_free(ssl: *mut SSL)144 pub(crate) fn SSL_free(ssl: *mut SSL); 145 146 /// Obtains result code for TLS/SSL I/O operation.\ 147 /// SSL_get_error() must be used in the same thread that performed the 148 /// TLS/SSL I/O operation, and no other OpenSSL function calls should 149 /// appear in between. SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int150 pub(crate) fn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int; 151 152 /// Returns an abbreviated string indicating the current state of the SSL 153 /// object ssl. SSL_state_string_long(ssl: *const SSL) -> *const c_char154 pub(crate) fn SSL_state_string_long(ssl: *const SSL) -> *const c_char; 155 156 /// Returns the result of the verification of the X509 certificate presented 157 /// by the peer, if any. SSL_get_verify_result(ssl: *const SSL) -> c_long158 pub(crate) fn SSL_get_verify_result(ssl: *const SSL) -> c_long; 159 160 #[cfg(feature = "c_openssl_3_0")] SSL_get1_peer_certificate(ssl: *const SSL) -> *mut C_X509161 pub(crate) fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut C_X509; 162 163 #[cfg(feature = "c_openssl_1_1")] SSL_get_peer_certificate(ssl: *const SSL) -> *mut C_X509164 pub(crate) fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut C_X509; 165 SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO)166 pub(crate) fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO); 167 SSL_get_rbio(ssl: *const SSL) -> *mut BIO168 pub(crate) fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO; 169 SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int170 pub(crate) fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int; 171 SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int172 pub(crate) fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int; 173 SSL_connect(ssl: *mut SSL) -> c_int174 pub(crate) fn SSL_connect(ssl: *mut SSL) -> c_int; 175 SSL_shutdown(ssl: *mut SSL) -> c_int176 pub(crate) fn SSL_shutdown(ssl: *mut SSL) -> c_int; 177 SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long178 pub(crate) fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; 179 180 /// Retrieve an internal pointer to the verification parameters for ssl 181 /// respectively. The returned pointer must not be freed by the calling 182 /// application. SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM183 pub(crate) fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; 184 } 185 186 /// This is a dispatch structure describing the internal ssl library 187 /// methods/functions which implement the various protocol versions (SSLv3 188 /// TLSv1, ...). It's needed to create an `SSL_CTX`. 189 pub(crate) enum SSL_METHOD {} 190 191 // for `SSL_METHOD` 192 extern "C" { 193 /// Is the general-purpose version-flexible SSL/TLS methods. The actual 194 /// protocol version used will be negotiated to the highest version 195 /// mutually supported by the client and the server. TLS_client_method() -> *const SSL_METHOD196 pub(crate) fn TLS_client_method() -> *const SSL_METHOD; 197 } 198