192f3ab15Sopenharmony_ci//! Bindings to OpenSSL
292f3ab15Sopenharmony_ci//!
392f3ab15Sopenharmony_ci//! This crate provides a safe interface to the popular OpenSSL cryptography library. OpenSSL versions 1.0.1 through
492f3ab15Sopenharmony_ci//! 3.x.x and LibreSSL versions 2.5 through 3.7.x are supported.
592f3ab15Sopenharmony_ci//!
692f3ab15Sopenharmony_ci//! # Building
792f3ab15Sopenharmony_ci//!
892f3ab15Sopenharmony_ci//! Both OpenSSL libraries and headers are required to build this crate. There are multiple options available to locate
992f3ab15Sopenharmony_ci//! OpenSSL.
1092f3ab15Sopenharmony_ci//!
1192f3ab15Sopenharmony_ci//! ## Vendored
1292f3ab15Sopenharmony_ci//!
1392f3ab15Sopenharmony_ci//! If the `vendored` Cargo feature is enabled, the `openssl-src` crate will be used to compile and statically link to
1492f3ab15Sopenharmony_ci//! a copy of OpenSSL. The build process requires a C compiler, perl (and perl-core), and make. The OpenSSL version will generally track
1592f3ab15Sopenharmony_ci//! the newest OpenSSL release, and changes to the version are *not* considered breaking changes.
1692f3ab15Sopenharmony_ci//!
1792f3ab15Sopenharmony_ci//! ```toml
1892f3ab15Sopenharmony_ci//! [dependencies]
1992f3ab15Sopenharmony_ci//! openssl = { version = "0.10", features = ["vendored"] }
2092f3ab15Sopenharmony_ci//! ```
2192f3ab15Sopenharmony_ci//!
2292f3ab15Sopenharmony_ci//! The vendored copy will not be configured to automatically find the system's root certificates, but the
2392f3ab15Sopenharmony_ci//! `openssl-probe` crate can be used to do that instead.
2492f3ab15Sopenharmony_ci//!
2592f3ab15Sopenharmony_ci//! ## Automatic
2692f3ab15Sopenharmony_ci//!
2792f3ab15Sopenharmony_ci//! The `openssl-sys` crate will automatically detect OpenSSL installations via Homebrew on macOS and vcpkg on Windows.
2892f3ab15Sopenharmony_ci//! Additionally, it will use `pkg-config` on Unix-like systems to find the system installation.
2992f3ab15Sopenharmony_ci//!
3092f3ab15Sopenharmony_ci//! ```not_rust
3192f3ab15Sopenharmony_ci//! # macOS (Homebrew)
3292f3ab15Sopenharmony_ci//! $ brew install openssl@3
3392f3ab15Sopenharmony_ci//!
3492f3ab15Sopenharmony_ci//! # macOS (MacPorts)
3592f3ab15Sopenharmony_ci//! $ sudo port install openssl
3692f3ab15Sopenharmony_ci//!
3792f3ab15Sopenharmony_ci//! # macOS (pkgsrc)
3892f3ab15Sopenharmony_ci//! $ sudo pkgin install openssl
3992f3ab15Sopenharmony_ci//!
4092f3ab15Sopenharmony_ci//! # Arch Linux
4192f3ab15Sopenharmony_ci//! $ sudo pacman -S pkg-config openssl
4292f3ab15Sopenharmony_ci//!
4392f3ab15Sopenharmony_ci//! # Debian and Ubuntu
4492f3ab15Sopenharmony_ci//! $ sudo apt-get install pkg-config libssl-dev
4592f3ab15Sopenharmony_ci//!
4692f3ab15Sopenharmony_ci//! # Fedora
4792f3ab15Sopenharmony_ci//! $ sudo dnf install pkg-config openssl-devel
4892f3ab15Sopenharmony_ci//!
4992f3ab15Sopenharmony_ci//! # Alpine Linux
5092f3ab15Sopenharmony_ci//! $ apk add pkgconfig openssl-dev
5192f3ab15Sopenharmony_ci//! ```
5292f3ab15Sopenharmony_ci//!
5392f3ab15Sopenharmony_ci//! ## Manual
5492f3ab15Sopenharmony_ci//!
5592f3ab15Sopenharmony_ci//! A set of environment variables can be used to point `openssl-sys` towards an OpenSSL installation. They will
5692f3ab15Sopenharmony_ci//! override the automatic detection logic.
5792f3ab15Sopenharmony_ci//!
5892f3ab15Sopenharmony_ci//! * `OPENSSL_DIR` - If specified, the directory of an OpenSSL installation. The directory should contain `lib` and
5992f3ab15Sopenharmony_ci//!     `include` subdirectories containing the libraries and headers respectively.
6092f3ab15Sopenharmony_ci//! * `OPENSSL_LIB_DIR` and `OPENSSL_INCLUDE_DIR` - If specified, the directories containing the OpenSSL libraries and
6192f3ab15Sopenharmony_ci//!     headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
6292f3ab15Sopenharmony_ci//! * `OPENSSL_STATIC` - If set, the crate will statically link to OpenSSL rather than dynamically link.
6392f3ab15Sopenharmony_ci//! * `OPENSSL_LIBS` - If set, a `:`-separated list of library names to link to (e.g. `ssl:crypto`). This can be used
6492f3ab15Sopenharmony_ci//!     if nonstandard library names were used for whatever reason.
6592f3ab15Sopenharmony_ci//! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled.
6692f3ab15Sopenharmony_ci//!
6792f3ab15Sopenharmony_ci//! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g.
6892f3ab15Sopenharmony_ci//!     `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling.
6992f3ab15Sopenharmony_ci//!
7092f3ab15Sopenharmony_ci//! # Feature Detection
7192f3ab15Sopenharmony_ci//!
7292f3ab15Sopenharmony_ci//! APIs have been added to and removed from the various supported OpenSSL versions, and this library exposes the
7392f3ab15Sopenharmony_ci//! functionality available in the version being linked against. This means that methods, constants, and even modules
7492f3ab15Sopenharmony_ci//! will be present when building against one version of OpenSSL but not when building against another! APIs will
7592f3ab15Sopenharmony_ci//! document any version-specific availability restrictions.
7692f3ab15Sopenharmony_ci//!
7792f3ab15Sopenharmony_ci//! A build script can be used to detect the OpenSSL or LibreSSL version at compile time if needed. The `openssl-sys`
7892f3ab15Sopenharmony_ci//! crate propagates the version via the `DEP_OPENSSL_VERSION_NUMBER` and `DEP_OPENSSL_LIBRESSL_VERSION_NUMBER`
7992f3ab15Sopenharmony_ci//! environment variables to build scripts. The version format is a hex-encoding of the OpenSSL release version:
8092f3ab15Sopenharmony_ci//! `0xMNNFFPPS`. For example, version 1.0.2g's encoding is `0x1_00_02_07_0`.
8192f3ab15Sopenharmony_ci//!
8292f3ab15Sopenharmony_ci//! For example, let's say we want to adjust the TLSv1.3 cipher suites used by a client, but also want to compile
8392f3ab15Sopenharmony_ci//! against OpenSSL versions that don't support TLSv1.3:
8492f3ab15Sopenharmony_ci//!
8592f3ab15Sopenharmony_ci//! Cargo.toml:
8692f3ab15Sopenharmony_ci//!
8792f3ab15Sopenharmony_ci//! ```toml
8892f3ab15Sopenharmony_ci//! [dependencies]
8992f3ab15Sopenharmony_ci//! openssl-sys = "0.9"
9092f3ab15Sopenharmony_ci//! openssl = "0.10"
9192f3ab15Sopenharmony_ci//! ```
9292f3ab15Sopenharmony_ci//!
9392f3ab15Sopenharmony_ci//! build.rs:
9492f3ab15Sopenharmony_ci//!
9592f3ab15Sopenharmony_ci//! ```
9692f3ab15Sopenharmony_ci//! use std::env;
9792f3ab15Sopenharmony_ci//!
9892f3ab15Sopenharmony_ci//! fn main() {
9992f3ab15Sopenharmony_ci//!     if let Ok(v) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
10092f3ab15Sopenharmony_ci//!         let version = u64::from_str_radix(&v, 16).unwrap();
10192f3ab15Sopenharmony_ci//!
10292f3ab15Sopenharmony_ci//!         if version >= 0x1_01_01_00_0 {
10392f3ab15Sopenharmony_ci//!             println!("cargo:rustc-cfg=openssl111");
10492f3ab15Sopenharmony_ci//!         }
10592f3ab15Sopenharmony_ci//!     }
10692f3ab15Sopenharmony_ci//! }
10792f3ab15Sopenharmony_ci//! ```
10892f3ab15Sopenharmony_ci//!
10992f3ab15Sopenharmony_ci//! lib.rs:
11092f3ab15Sopenharmony_ci//!
11192f3ab15Sopenharmony_ci//! ```
11292f3ab15Sopenharmony_ci//! use openssl::ssl::{SslConnector, SslMethod};
11392f3ab15Sopenharmony_ci//!
11492f3ab15Sopenharmony_ci//! let mut ctx = SslConnector::builder(SslMethod::tls()).unwrap();
11592f3ab15Sopenharmony_ci//!
11692f3ab15Sopenharmony_ci//! // set_ciphersuites was added in OpenSSL 1.1.1, so we can only call it when linking against that version
11792f3ab15Sopenharmony_ci//! #[cfg(openssl111)]
11892f3ab15Sopenharmony_ci//! ctx.set_ciphersuites("TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256").unwrap();
11992f3ab15Sopenharmony_ci//! ```
12092f3ab15Sopenharmony_ci#![doc(html_root_url = "https://docs.rs/openssl/0.10")]
12192f3ab15Sopenharmony_ci#![warn(rust_2018_idioms)]
12292f3ab15Sopenharmony_ci#![allow(clippy::uninlined_format_args, clippy::needless_doctest_main)]
12392f3ab15Sopenharmony_ci
12492f3ab15Sopenharmony_ci#[doc(inline)]
12592f3ab15Sopenharmony_cipub use ffi::init;
12692f3ab15Sopenharmony_ci
12792f3ab15Sopenharmony_ciuse libc::c_int;
12892f3ab15Sopenharmony_ci
12992f3ab15Sopenharmony_ciextern crate openssl_sys as ffi;
13092f3ab15Sopenharmony_ciuse crate::error::ErrorStack;
13192f3ab15Sopenharmony_ci
13292f3ab15Sopenharmony_ci#[macro_use]
13392f3ab15Sopenharmony_cimod macros;
13492f3ab15Sopenharmony_ci
13592f3ab15Sopenharmony_cimod bio;
13692f3ab15Sopenharmony_ci#[macro_use]
13792f3ab15Sopenharmony_cimod util;
13892f3ab15Sopenharmony_cipub mod aes;
13992f3ab15Sopenharmony_cipub mod asn1;
14092f3ab15Sopenharmony_cipub mod base64;
14192f3ab15Sopenharmony_cipub mod bn;
14292f3ab15Sopenharmony_cipub mod cipher;
14392f3ab15Sopenharmony_cipub mod cipher_ctx;
14492f3ab15Sopenharmony_ci#[cfg(all(not(boringssl), not(libressl), not(osslconf = "OPENSSL_NO_CMS")))]
14592f3ab15Sopenharmony_cipub mod cms;
14692f3ab15Sopenharmony_cipub mod conf;
14792f3ab15Sopenharmony_cipub mod derive;
14892f3ab15Sopenharmony_cipub mod dh;
14992f3ab15Sopenharmony_cipub mod dsa;
15092f3ab15Sopenharmony_cipub mod ec;
15192f3ab15Sopenharmony_cipub mod ecdsa;
15292f3ab15Sopenharmony_cipub mod encrypt;
15392f3ab15Sopenharmony_ci#[cfg(not(boringssl))]
15492f3ab15Sopenharmony_cipub mod envelope;
15592f3ab15Sopenharmony_cipub mod error;
15692f3ab15Sopenharmony_cipub mod ex_data;
15792f3ab15Sopenharmony_ci#[cfg(not(any(libressl, ossl300)))]
15892f3ab15Sopenharmony_cipub mod fips;
15992f3ab15Sopenharmony_cipub mod hash;
16092f3ab15Sopenharmony_ci#[cfg(ossl300)]
16192f3ab15Sopenharmony_cipub mod lib_ctx;
16292f3ab15Sopenharmony_cipub mod md;
16392f3ab15Sopenharmony_cipub mod md_ctx;
16492f3ab15Sopenharmony_cipub mod memcmp;
16592f3ab15Sopenharmony_cipub mod nid;
16692f3ab15Sopenharmony_ci#[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_OCSP")))]
16792f3ab15Sopenharmony_cipub mod ocsp;
16892f3ab15Sopenharmony_cipub mod pkcs12;
16992f3ab15Sopenharmony_cipub mod pkcs5;
17092f3ab15Sopenharmony_ci#[cfg(not(boringssl))]
17192f3ab15Sopenharmony_cipub mod pkcs7;
17292f3ab15Sopenharmony_cipub mod pkey;
17392f3ab15Sopenharmony_cipub mod pkey_ctx;
17492f3ab15Sopenharmony_ci#[cfg(ossl300)]
17592f3ab15Sopenharmony_cipub mod provider;
17692f3ab15Sopenharmony_cipub mod rand;
17792f3ab15Sopenharmony_cipub mod rsa;
17892f3ab15Sopenharmony_cipub mod sha;
17992f3ab15Sopenharmony_cipub mod sign;
18092f3ab15Sopenharmony_cipub mod srtp;
18192f3ab15Sopenharmony_cipub mod ssl;
18292f3ab15Sopenharmony_cipub mod stack;
18392f3ab15Sopenharmony_cipub mod string;
18492f3ab15Sopenharmony_cipub mod symm;
18592f3ab15Sopenharmony_cipub mod version;
18692f3ab15Sopenharmony_cipub mod x509;
18792f3ab15Sopenharmony_ci
18892f3ab15Sopenharmony_ci#[cfg(boringssl)]
18992f3ab15Sopenharmony_citype LenType = libc::size_t;
19092f3ab15Sopenharmony_ci#[cfg(not(boringssl))]
19192f3ab15Sopenharmony_citype LenType = libc::c_int;
19292f3ab15Sopenharmony_ci
19392f3ab15Sopenharmony_ci#[cfg(boringssl)]
19492f3ab15Sopenharmony_citype SLenType = libc::ssize_t;
19592f3ab15Sopenharmony_ci#[cfg(not(boringssl))]
19692f3ab15Sopenharmony_citype SLenType = libc::c_int;
19792f3ab15Sopenharmony_ci
19892f3ab15Sopenharmony_ci#[inline]
19992f3ab15Sopenharmony_cifn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
20092f3ab15Sopenharmony_ci    if r.is_null() {
20192f3ab15Sopenharmony_ci        Err(ErrorStack::get())
20292f3ab15Sopenharmony_ci    } else {
20392f3ab15Sopenharmony_ci        Ok(r)
20492f3ab15Sopenharmony_ci    }
20592f3ab15Sopenharmony_ci}
20692f3ab15Sopenharmony_ci
20792f3ab15Sopenharmony_ci#[inline]
20892f3ab15Sopenharmony_cifn cvt(r: c_int) -> Result<c_int, ErrorStack> {
20992f3ab15Sopenharmony_ci    if r <= 0 {
21092f3ab15Sopenharmony_ci        Err(ErrorStack::get())
21192f3ab15Sopenharmony_ci    } else {
21292f3ab15Sopenharmony_ci        Ok(r)
21392f3ab15Sopenharmony_ci    }
21492f3ab15Sopenharmony_ci}
21592f3ab15Sopenharmony_ci
21692f3ab15Sopenharmony_ci#[inline]
21792f3ab15Sopenharmony_cifn cvt_n(r: c_int) -> Result<c_int, ErrorStack> {
21892f3ab15Sopenharmony_ci    if r < 0 {
21992f3ab15Sopenharmony_ci        Err(ErrorStack::get())
22092f3ab15Sopenharmony_ci    } else {
22192f3ab15Sopenharmony_ci        Ok(r)
22292f3ab15Sopenharmony_ci    }
22392f3ab15Sopenharmony_ci}
224