Merge pull request #2257 from bdbai/quic

Add some OpenSSL 3 QUIC raw bindings

openssl-sys/build/cfgs.rs

@@ -71,6 +71,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
     } else {
         let openssl_version = openssl_version.unwrap();
 
+        if openssl_version >= 0x3_03_00_00_0 {
+            cfgs.push("ossl330");
+        }
         if openssl_version >= 0x3_02_00_00_0 {
             cfgs.push("ossl320");
         }

openssl-sys/build/main.rs

@@ -119,6 +119,7 @@ fn main() {
     println!("cargo:rustc-check-cfg=cfg(ossl300)");
     println!("cargo:rustc-check-cfg=cfg(ossl310)");
     println!("cargo:rustc-check-cfg=cfg(ossl320)");
+    println!("cargo:rustc-check-cfg=cfg(ossl330)");
 
     check_ssl_kind();
 

openssl-sys/build/run_bindgen.rs

@@ -56,6 +56,10 @@ const INCLUDES: &str = "
 #include <openssl/provider.h>
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x30200000
+#include <openssl/quic.h>
+#endif
+
 #if defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
 #include <openssl/poly1305.h>
 #endif
@@ -70,8 +74,9 @@ pub fn run(include_dirs: &[PathBuf]) {
         .rust_target(RustTarget::Stable_1_47)
         .ctypes_prefix("::libc")
         .raw_line("use libc::*;")
+        .raw_line("#[cfg(windows)] use std::os::windows::raw::HANDLE;")
         .raw_line("type evp_pkey_st = EVP_PKEY;")
-        .allowlist_file(".*/openssl/[^/]+\\.h")
+        .allowlist_file(".*[/\\\\]openssl/[^/\\\\]+\\.h")
         .allowlist_recursively(false)
         // libc is missing pthread_once_t on macOS
         .blocklist_type("CRYPTO_ONCE")
@@ -85,6 +90,8 @@ pub fn run(include_dirs: &[PathBuf]) {
         .blocklist_type("OSSL_FUNC_core_vset_error_fn")
         .blocklist_type("OSSL_FUNC_BIO_vprintf_fn")
         .blocklist_type("OSSL_FUNC_BIO_vsnprintf_fn")
+        // struct hostent * does not exist on Windows
+        .blocklist_function("BIO_gethostbyname")
         // Maintain compatibility for existing enum definitions
         .rustified_enum("point_conversion_form_t")
         // Maintain compatibility for pre-union definitions

openssl-sys/src/bio.rs

@@ -70,3 +70,47 @@ extern "C" {
         destroy: unsafe extern "C" fn(*mut BIO) -> c_int,
     ) -> c_int;
 }
+
+cfg_if! {
+    if #[cfg(ossl320)] {
+        use std::ptr;
+
+        pub const BIO_CTRL_DGRAM_GET_MTU: c_int = 41;
+        pub const BIO_CTRL_DGRAM_SET_MTU: c_int = 42;
+        pub const BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP: c_int = 82;
+        pub const BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE: c_int = 83;
+        pub const BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE: c_int = 84;
+        pub const BIO_CTRL_DGRAM_GET_CAPS: c_int = 86;
+        pub const BIO_CTRL_DGRAM_SET_CAPS: c_int = 87;
+        pub const BIO_CTRL_DGRAM_GET_NO_TRUNC: c_int = 88;
+        pub const BIO_CTRL_DGRAM_SET_NO_TRUNC: c_int = 89;
+
+        pub unsafe fn BIO_dgram_get_no_trunc(bio: *mut BIO) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, ptr::null_mut()) as c_int
+        }
+        pub unsafe fn BIO_dgram_set_no_trunc(bio: *mut BIO, enable: c_int) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_NO_TRUNC, enable as c_long, ptr::null_mut()) as c_int
+        }
+        pub unsafe fn BIO_dgram_get_cap(bio: *mut BIO) -> u32 {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_CAPS, 0, ptr::null_mut()) as u32
+        }
+        pub unsafe fn BIO_dgram_set_cap(bio: *mut BIO, cap: u32) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CAPS, cap as c_long, ptr::null_mut()) as c_int
+        }
+        pub unsafe fn BIO_dgram_get_local_addr_cap(bio: *mut BIO) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, ptr::null_mut()) as c_int
+        }
+        pub unsafe fn BIO_dgram_get_local_addr_enable(bio: *mut BIO, enable: *mut c_int) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, enable as *mut c_void) as c_int
+        }
+        pub unsafe fn BIO_dgram_set_local_addr_enable(bio: *mut BIO, enable: c_int) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, enable as c_long, ptr::null_mut()) as c_int
+        }
+        pub unsafe fn BIO_dgram_get_mtu(bio: *mut BIO) -> c_uint {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_MTU, 0, ptr::null_mut()) as c_uint
+        }
+        pub unsafe fn BIO_dgram_set_mtu(bio: *mut BIO, mtu: c_uint) -> c_int {
+            BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_MTU, mtu as c_long, ptr::null_mut()) as c_int
+        }
+    }
+}

openssl-sys/src/err.rs

@@ -9,8 +9,8 @@ pub const ERR_LIB_ASN1: c_int = 13;
 
 cfg_if! {
     if #[cfg(ossl300)] {
-        pub const ERR_SYSTEM_FLAG: c_ulong = c_int::max_value() as c_ulong + 1;
-        pub const ERR_SYSTEM_MASK: c_ulong = c_int::max_value() as c_ulong;
+        pub const ERR_SYSTEM_FLAG: c_ulong = c_int::MAX as c_ulong + 1;
+        pub const ERR_SYSTEM_MASK: c_ulong = c_int::MAX as c_ulong;
 
         pub const ERR_LIB_OFFSET: c_ulong = 23;
         pub const ERR_LIB_MASK: c_ulong = 0xff;

openssl-sys/src/handwritten/bio.rs

@@ -106,3 +106,60 @@ extern "C" {
         destroy: Option<unsafe extern "C" fn(*mut BIO) -> c_int>,
     ) -> c_int;
 }
+
+#[cfg(ossl320)]
+extern "C" {
+    pub fn BIO_meth_set_sendmmsg(
+        biom: *mut BIO_METHOD,
+        f: Option<
+            unsafe extern "C" fn(
+                arg1: *mut BIO,
+                arg2: *mut BIO_MSG,
+                arg3: usize,
+                arg4: usize,
+                arg5: u64,
+                arg6: *mut usize,
+            ) -> c_int,
+        >,
+    ) -> c_int;
+    pub fn BIO_meth_set_recvmmsg(
+        biom: *mut BIO_METHOD,
+        f: Option<
+            unsafe extern "C" fn(
+                arg1: *mut BIO,
+                arg2: *mut BIO_MSG,
+                arg3: usize,
+                arg4: usize,
+                arg5: u64,
+                arg6: *mut usize,
+            ) -> c_int,
+        >,
+    ) -> c_int;
+    pub fn BIO_new_bio_dgram_pair(
+        bio1: *mut *mut BIO,
+        writebuf1: usize,
+        bio2: *mut *mut BIO,
+        writebuf2: usize,
+    ) -> c_int;
+    pub fn BIO_s_dgram_pair() -> *const BIO_METHOD;
+    pub fn BIO_s_datagram() -> *const BIO_METHOD;
+    pub fn BIO_get_rpoll_descriptor(b: *mut BIO, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
+    pub fn BIO_get_wpoll_descriptor(b: *mut BIO, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
+    pub fn BIO_sendmmsg(
+        b: *mut BIO,
+        msg: *mut BIO_MSG,
+        stride: usize,
+        num_msg: usize,
+        flags: u64,
+        msgs_processed: *mut usize,
+    ) -> c_int;
+    pub fn BIO_recvmmsg(
+        b: *mut BIO,
+        msg: *mut BIO_MSG,
+        stride: usize,
+        num_msg: usize,
+        flags: u64,
+        msgs_processed: *mut usize,
+    ) -> c_int;
+    pub fn BIO_err_is_non_fatal(errcode: c_uint) -> c_int;
+}

openssl-sys/src/handwritten/ssl.rs

@@ -951,3 +951,59 @@ extern "C" {
     #[cfg(any(ossl110, libressl360))]
     pub fn SSL_get_security_level(s: *const SSL) -> c_int;
 }
+
+#[cfg(ossl320)]
+extern "C" {
+    pub fn OSSL_QUIC_client_method() -> *const SSL_METHOD;
+    pub fn OSSL_QUIC_client_thread_method() -> *const SSL_METHOD;
+    pub fn SSL_get_event_timeout(s: *mut SSL, tv: *mut timeval, is_infinite: *mut c_int) -> c_int;
+    pub fn SSL_handle_events(s: *mut SSL) -> c_int;
+    pub fn SSL_get_blocking_mode(s: *mut SSL) -> c_int;
+    pub fn SSL_set_blocking_mode(s: *mut SSL, blocking: c_int) -> c_int;
+    pub fn SSL_get_rpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
+    pub fn SSL_get_wpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
+    pub fn SSL_net_read_desired(s: *mut SSL) -> c_int;
+    pub fn SSL_net_write_desired(s: *mut SSL) -> c_int;
+    pub fn SSL_set1_initial_peer_addr(s: *mut SSL, peer_addr: *const BIO_ADDR) -> c_int;
+    pub fn SSL_shutdown_ex(
+        ssl: *mut SSL,
+        flags: u64,
+        args: *const SSL_SHUTDOWN_EX_ARGS,
+        args_len: usize,
+    ) -> c_int;
+    pub fn SSL_stream_conclude(ssl: *mut SSL, flags: u64) -> c_int;
+    pub fn SSL_stream_reset(
+        ssl: *mut SSL,
+        args: *const SSL_STREAM_RESET_ARGS,
+        args_len: usize,
+    ) -> c_int;
+    pub fn SSL_get_stream_read_state(ssl: *mut SSL) -> c_int;
+    pub fn SSL_get_stream_write_state(ssl: *mut SSL) -> c_int;
+    pub fn SSL_get_conn_close_info(
+        ssl: *mut SSL,
+        info: *mut SSL_CONN_CLOSE_INFO,
+        info_len: usize,
+    ) -> c_int;
+    pub fn SSL_get0_connection(s: *mut SSL) -> *mut SSL;
+    pub fn SSL_is_connection(s: *mut SSL) -> c_int;
+    pub fn SSL_get_stream_type(s: *mut SSL) -> c_int;
+    pub fn SSL_get_stream_id(s: *mut SSL) -> u64;
+    pub fn SSL_new_stream(s: *mut SSL, flags: u64) -> *mut SSL;
+    pub fn SSL_accept_stream(s: *mut SSL, flags: u64) -> *mut SSL;
+    pub fn SSL_set_incoming_stream_policy(s: *mut SSL, policy: c_int, aec: u64) -> c_int;
+    pub fn SSL_get_accept_stream_queue_len(s: *mut SSL) -> usize;
+    pub fn SSL_set_default_stream_mode(s: *mut SSL, mode: u32) -> c_int;
+}
+
+#[cfg(ossl330)]
+extern "C" {
+    pub fn SSL_write_ex2(
+        s: *mut SSL,
+        buf: *const c_void,
+        num: usize,
+        flags: u64,
+        written: *mut usize,
+    ) -> c_int;
+    pub fn SSL_get_value_uint(s: *mut SSL, class_: u32, id: u32, v: *mut u64) -> c_int;
+    pub fn SSL_set_value_uint(s: *mut SSL, class_: u32, id: u32, v: u64) -> c_int;
+}

openssl-sys/src/handwritten/types.rs

@@ -52,6 +52,20 @@ cfg_if! {
         }
     }
 }
+cfg_if! {
+    if #[cfg(ossl320)] {
+        pub enum BIO_ADDR {}
+        pub enum BIO_POLL_DESCRIPTOR {}
+        #[repr(C)]
+        pub struct BIO_MSG {
+            pub data: *mut c_void,
+            pub data_len: usize,
+            pub peer: *mut BIO_ADDR,
+            pub local: *mut BIO_ADDR,
+            pub flags: u64,
+        }
+    }
+}
 cfg_if! {
     if #[cfg(any(ossl110, libressl350))] {
         pub enum BIGNUM {}
@@ -1032,6 +1046,27 @@ cfg_if! {
         }
     }
 }
+cfg_if! {
+    if #[cfg(ossl320)] {
+        #[repr(C)]
+        pub struct SSL_CONN_CLOSE_INFO {
+            pub error_code: u64,
+            pub frame_type: u64,
+            pub reason: *const ::libc::c_char,
+            pub reason_len: usize,
+            pub flags: u32,
+        }
+        #[repr(C)]
+        pub struct SSL_SHUTDOWN_EX_ARGS {
+            pub quic_error_code: u64,
+            pub quic_reason: *const c_char,
+        }
+        #[repr(C)]
+        pub struct SSL_STREAM_RESET_ARGS {
+            pub quic_error_code: u64,
+        }
+    }
+}
 
 pub enum COMP_CTX {}
 

openssl-sys/src/ssl.rs

@@ -644,3 +644,73 @@ pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
 pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
 #[cfg(ossl111b)]
 pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
+
+cfg_if! {
+    if #[cfg(ossl330)] {
+        pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0;
+        pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1;
+        pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2;
+        pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3;
+
+        pub const SSL_VALUE_NONE: c_uint = 0;
+        pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1;
+        pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2;
+        pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3;
+        pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4;
+        pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5;
+        pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6;
+        pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7;
+        pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8;
+        pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9;
+
+        pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0;
+        pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1;
+        pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2;
+
+        pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
+            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
+        }
+        pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
+            SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
+        }
+        pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
+            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
+        }
+        pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
+            SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
+        }
+        pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
+            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
+        }
+        pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
+            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
+        }
+        pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
+        }
+        pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
+        }
+        pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
+        }
+        pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
+        }
+        pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
+        }
+        pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
+            SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
+        }
+        pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
+        }
+        pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
+        }
+        pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
+            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
+        }
+    }
+}

openssl-sys/src/tls1.rs

@@ -74,7 +74,16 @@ pub unsafe fn SSL_CTX_set_tlsext_servername_callback__fixed_rust(
     ctx: *mut SSL_CTX,
     cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_int, *mut c_void) -> c_int>,
 ) -> c_long {
-    SSL_CTX_callback_ctrl__fixed_rust(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, mem::transmute(cb))
+    SSL_CTX_callback_ctrl__fixed_rust(
+        ctx,
+        SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,
+        mem::transmute::<
+            std::option::Option<
+                unsafe extern "C" fn(*mut SSL, *mut c_int, *mut libc::c_void) -> i32,
+            >,
+            std::option::Option<unsafe extern "C" fn()>,
+        >(cb),
+    )
 }
 
 pub const SSL_TLSEXT_ERR_OK: c_int = 0;
@@ -90,7 +99,14 @@ pub unsafe fn SSL_CTX_set_tlsext_status_cb(
     ctx: *mut SSL_CTX,
     cb: Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> c_int>,
 ) -> c_long {
-    SSL_CTX_callback_ctrl__fixed_rust(ctx, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, mem::transmute(cb))
+    SSL_CTX_callback_ctrl__fixed_rust(
+        ctx,
+        SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,
+        mem::transmute::<
+            std::option::Option<unsafe extern "C" fn(*mut SSL, *mut c_void) -> i32>,
+            std::option::Option<unsafe extern "C" fn()>,
+        >(cb),
+    )
 }
 
 pub unsafe fn SSL_CTX_set_tlsext_status_arg(ctx: *mut SSL_CTX, arg: *mut c_void) -> c_long {