Skip to content

Commit

Permalink
Merge pull request #1906 from qwandor/bitflags
Browse files Browse the repository at this point in the history
Update to bitflags 2.2.1.
  • Loading branch information
sfackler authored Aug 26, 2023
2 parents 528c3d7 + e483e78 commit b60f3b8
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 21 deletions.
2 changes: 1 addition & 1 deletion openssl/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ unstable_boringssl = ["ffi/unstable_boringssl"]
default = []

[dependencies]
bitflags = "1.0"
bitflags = "2.2.1"
cfg-if = "1.0"
foreign-types = "0.3.1"
libc = "0.2"
Expand Down
2 changes: 2 additions & 0 deletions openssl/src/cms.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ use crate::{cvt, cvt_p};
use openssl_macros::corresponds;

bitflags! {
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct CMSOptions : c_uint {
const TEXT = ffi::CMS_TEXT;
const CMS_NOCERTS = ffi::CMS_NOCERTS;
Expand Down
2 changes: 2 additions & 0 deletions openssl/src/ocsp.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ use crate::{cvt, cvt_p};
use openssl_macros::corresponds;

bitflags! {
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct OcspFlag: c_ulong {
const NO_CERTS = ffi::OCSP_NOCERTS;
const NO_INTERN = ffi::OCSP_NOINTERN;
Expand Down
14 changes: 8 additions & 6 deletions openssl/src/pkcs7.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ foreign_type_and_impl_send_sync! {
}

bitflags! {
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct Pkcs7Flags: c_int {
const TEXT = ffi::PKCS7_TEXT;
const NOCERTS = ffi::PKCS7_NOCERTS;
Expand Down Expand Up @@ -111,7 +113,7 @@ impl Pkcs7 {
certs.as_ptr(),
input_bio.as_ptr(),
cipher.as_ptr(),
flags.bits,
flags.bits(),
))
.map(Pkcs7)
}
Expand Down Expand Up @@ -141,7 +143,7 @@ impl Pkcs7 {
pkey.as_ptr(),
certs.as_ptr(),
input_bio.as_ptr(),
flags.bits,
flags.bits(),
))
.map(Pkcs7)
}
Expand All @@ -159,7 +161,7 @@ impl Pkcs7Ref {
output.as_ptr(),
self.as_ptr(),
input_bio.as_ptr(),
flags.bits,
flags.bits(),
))
.map(|_| output.get_buf().to_owned())
}
Expand Down Expand Up @@ -205,7 +207,7 @@ impl Pkcs7Ref {
pkey.as_ptr(),
cert.as_ptr(),
output.as_ptr(),
flags.bits,
flags.bits(),
))
.map(|_| output.get_buf().to_owned())
}
Expand Down Expand Up @@ -241,7 +243,7 @@ impl Pkcs7Ref {
store.as_ptr(),
indata_bio_ptr,
out_bio.as_ptr(),
flags.bits,
flags.bits(),
))
.map(|_| ())?
}
Expand All @@ -265,7 +267,7 @@ impl Pkcs7Ref {
let ptr = cvt_p(ffi::PKCS7_get0_signers(
self.as_ptr(),
certs.as_ptr(),
flags.bits,
flags.bits(),
))?;

// The returned stack is owned by the caller, but the certs inside are not! Our stack interface can't deal
Expand Down
36 changes: 26 additions & 10 deletions openssl/src/ssl/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,8 @@ cfg_if! {

bitflags! {
/// Options controlling the behavior of an `SslContext`.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct SslOptions: SslOptionsRepr {
/// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.
const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr;
Expand Down Expand Up @@ -281,6 +283,8 @@ bitflags! {

bitflags! {
/// Options controlling the behavior of an `SslContext`.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct SslMode: SslBitType {
/// Enables "short writes".
///
Expand Down Expand Up @@ -378,6 +382,8 @@ unsafe impl Send for SslMethod {}

bitflags! {
/// Options controlling the behavior of certificate verification.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct SslVerifyMode: i32 {
/// Verifies that the peer's certificate is trusted.
///
Expand Down Expand Up @@ -410,6 +416,8 @@ type SslTimeTy = c_long;

bitflags! {
/// Options controlling the behavior of session caching.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct SslSessionCacheMode: SslBitType {
/// No session caching for the client or server takes place.
const OFF = ffi::SSL_SESS_CACHE_OFF;
Expand Down Expand Up @@ -447,6 +455,8 @@ bitflags! {
#[cfg(ossl111)]
bitflags! {
/// Which messages and under which conditions an extension should be added or expected.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct ExtensionContext: c_uint {
/// This extension is only allowed in TLS
const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY;
Expand Down Expand Up @@ -735,7 +745,7 @@ impl SslContextBuilder {
#[corresponds(SSL_CTX_set_verify)]
pub fn set_verify(&mut self, mode: SslVerifyMode) {
unsafe {
ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, None);
ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, None);
}
}

Expand All @@ -752,7 +762,7 @@ impl SslContextBuilder {
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), verify);
ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>));
ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, Some(raw_verify::<F>));
}
}

Expand Down Expand Up @@ -839,7 +849,7 @@ impl SslContextBuilder {
pub fn set_mode(&mut self, mode: SslMode) -> SslMode {
unsafe {
let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits() as MtuTy) as SslBitType;
SslMode { bits }
SslMode::from_bits_retain(bits)
}
}

Expand Down Expand Up @@ -1111,22 +1121,22 @@ impl SslContextBuilder {
pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
let bits =
unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) } as SslOptionsRepr;
SslOptions { bits }
SslOptions::from_bits_retain(bits)
}

/// Returns the options used by the context.
#[corresponds(SSL_CTX_get_options)]
pub fn options(&self) -> SslOptions {
let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) } as SslOptionsRepr;
SslOptions { bits }
SslOptions::from_bits_retain(bits)
}

/// Clears the options used by the context, returning the old set.
#[corresponds(SSL_CTX_clear_options)]
pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
let bits =
unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) } as SslOptionsRepr;
SslOptions { bits }
SslOptions::from_bits_retain(bits)
}

/// Sets the minimum supported protocol version.
Expand Down Expand Up @@ -1475,7 +1485,7 @@ impl SslContextBuilder {
pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode {
unsafe {
let bits = ffi::SSL_CTX_set_session_cache_mode(self.as_ptr(), mode.bits());
SslSessionCacheMode { bits }
SslSessionCacheMode::from_bits_retain(bits)
}
}

Expand Down Expand Up @@ -2350,7 +2360,7 @@ impl SslRef {
/// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify
#[corresponds(SSL_set_verify)]
pub fn set_verify(&mut self, mode: SslVerifyMode) {
unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) }
unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits() as c_int, None) }
}

/// Returns the verify mode that was set using `set_verify`.
Expand All @@ -2371,7 +2381,11 @@ impl SslRef {
unsafe {
// this needs to be in an Arc since the callback can register a new callback!
self.set_ex_data(Ssl::cached_ex_index(), Arc::new(verify));
ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>));
ffi::SSL_set_verify(
self.as_ptr(),
mode.bits() as c_int,
Some(ssl_raw_verify::<F>),
);
}
}

Expand Down Expand Up @@ -3718,7 +3732,7 @@ impl<S: Read + Write> SslStream<S> {
pub fn get_shutdown(&mut self) -> ShutdownState {
unsafe {
let bits = ffi::SSL_get_shutdown(self.ssl.as_ptr());
ShutdownState { bits }
ShutdownState::from_bits_retain(bits)
}
}

Expand Down Expand Up @@ -4051,6 +4065,8 @@ pub enum ShutdownResult {

bitflags! {
/// The shutdown state of a session.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct ShutdownState: c_int {
/// A close notify message has been sent to the peer.
const SENT = ffi::SSL_SENT_SHUTDOWN;
Expand Down
18 changes: 14 additions & 4 deletions openssl/src/x509/verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ use openssl_macros::corresponds;

bitflags! {
/// Flags used to check an `X509` certificate.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct X509CheckFlags: c_uint {
const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;
const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS;
Expand All @@ -28,6 +30,8 @@ bitflags! {

bitflags! {
/// Flags used to verify an `X509` certificate chain.
#[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[repr(transparent)]
pub struct X509VerifyFlags: c_ulong {
const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK;
const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME;
Expand Down Expand Up @@ -87,14 +91,20 @@ impl X509VerifyParamRef {
#[corresponds(X509_VERIFY_PARAM_set_hostflags)]
pub fn set_hostflags(&mut self, hostflags: X509CheckFlags) {
unsafe {
ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits);
ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits());
}
}

/// Set verification flags.
#[corresponds(X509_VERIFY_PARAM_set_flags)]
pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits)).map(|_| ()) }
unsafe {
cvt(ffi::X509_VERIFY_PARAM_set_flags(
self.as_ptr(),
flags.bits(),
))
.map(|_| ())
}
}

/// Clear verification flags.
Expand All @@ -103,7 +113,7 @@ impl X509VerifyParamRef {
unsafe {
cvt(ffi::X509_VERIFY_PARAM_clear_flags(
self.as_ptr(),
flags.bits,
flags.bits(),
))
.map(|_| ())
}
Expand All @@ -113,7 +123,7 @@ impl X509VerifyParamRef {
#[corresponds(X509_VERIFY_PARAM_get_flags)]
pub fn flags(&mut self) -> X509VerifyFlags {
let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) };
X509VerifyFlags { bits }
X509VerifyFlags::from_bits_retain(bits)
}

/// Set the expected DNS hostname.
Expand Down

0 comments on commit b60f3b8

Please sign in to comment.