.github/workflows/ci.yml

@@ -153,7 +153,7 @@ jobs:
             - false
           library:
             - name: boringssl
-              version: 93e8d4463d59d671e9c5c6171226341f04b07907
+              version: bcecc7d834fc44ad257b2f23f88e1cf597ab2736
             - name: openssl
               version: vendored
             - name: openssl
@@ -310,7 +310,7 @@ jobs:
         - run: |
             mkdir -p .cargo
             echo '[patch.crates-io]' > .cargo/config.toml
-            echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust" }' >> .cargo/config.toml
+            echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust/bssl-sys" }' >> .cargo/config.toml
           if: matrix.library.name == 'boringssl' && !matrix.bindgen
         - uses: actions/cache@v3
           with:

openssl-sys/CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [v0.9.86] - 2023-04-20
+
+### Fixed
+
+* Fixed BoringSSL support with the latest bindgen release.
+
+### Added
+
+* Added bindings for PKCS#7 functions and more X.509 functions.
+
+
 ## [v0.9.85] - 2023-04-09
 
 ### Added
@@ -424,8 +435,9 @@ Fixed builds against OpenSSL built with `no-cast`.
 * Added `X509_verify` and `X509_REQ_verify`.
 * Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
 
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.85..master
-[v0.9.85]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.85...openssl-sys-v0.9.85
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.86..master
+[v0.9.86]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.85...openssl-sys-v0.9.86
+[v0.9.85]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.84...openssl-sys-v0.9.85
 [v0.9.84]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.83...openssl-sys-v0.9.84
 [v0.9.83]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.82...openssl-sys-v0.9.83
 [v0.9.82]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.81...openssl-sys-v0.9.82

openssl-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "openssl-sys"
-version = "0.9.85"
+version = "0.9.86"
 authors = [
     "Alex Crichton <alex@alexcrichton.com>",
     "Steven Fackler <sfackler@gmail.com>",

openssl-sys/build/run_bindgen.rs

@@ -111,7 +111,6 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .ctypes_prefix("::libc")
         .derive_default(false)
         .enable_function_attribute_detection()
-        .size_t_is_usize(true)
         .default_macro_constant_type(MacroTypeVariation::Signed)
         .rustified_enum("point_conversion_form_t")
         .allowlist_file(".*/openssl/[^/]+\\.h")
@@ -167,7 +166,6 @@ pub fn run_boringssl(include_dirs: &[PathBuf]) {
         .arg("--ctypes-prefix=::libc")
         .arg("--no-derive-default")
         .arg("--enable-function-attribute-detection")
-        .arg("--size_t-is-usize")
         .arg("--default-macro-constant-type=signed")
         .arg("--rustified-enum=point_conversion_form_t")
         .arg("--allowlist-file=.*/openssl/[^/]+\\.h")

openssl-sys/src/handwritten/asn1.rs

@@ -14,19 +14,55 @@ extern "C" {
 
 stack!(stack_st_ASN1_OBJECT);
 
+#[repr(C)]
+pub struct ASN1_TYPE {
+    pub type_: c_int,
+    pub value: ASN1_TYPE_value,
+}
+#[repr(C)]
+pub union ASN1_TYPE_value {
+    pub ptr: *mut c_char,
+    pub boolean: ASN1_BOOLEAN,
+    pub asn1_string: *mut ASN1_STRING,
+    pub object: *mut ASN1_OBJECT,
+    pub integer: *mut ASN1_INTEGER,
+    pub enumerated: *mut ASN1_ENUMERATED,
+    pub bit_string: *mut ASN1_BIT_STRING,
+    pub octet_string: *mut ASN1_OCTET_STRING,
+    pub printablestring: *mut ASN1_PRINTABLESTRING,
+    pub t61string: *mut ASN1_T61STRING,
+    pub ia5string: *mut ASN1_IA5STRING,
+    pub generalstring: *mut ASN1_GENERALSTRING,
+    pub bmpstring: *mut ASN1_BMPSTRING,
+    pub universalstring: *mut ASN1_UNIVERSALSTRING,
+    pub utctime: *mut ASN1_UTCTIME,
+    pub generalizedtime: *mut ASN1_GENERALIZEDTIME,
+    pub visiblestring: *mut ASN1_VISIBLESTRING,
+    pub utf8string: *mut ASN1_UTF8STRING,
+    pub set: *mut ASN1_STRING,
+    pub sequence: *mut ASN1_STRING,
+    pub asn1_value: *mut ASN1_VALUE,
+}
+
 extern "C" {
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
     #[cfg(any(ossl110, libressl273))]
     pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar;
     #[cfg(any(all(ossl101, not(ossl110)), libressl))]
     pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar;
-
-    pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);
-
+    pub fn ASN1_STRING_new() -> *mut ASN1_STRING;
+    pub fn ASN1_OCTET_STRING_new() -> *mut ASN1_OCTET_STRING;
     pub fn ASN1_STRING_free(x: *mut ASN1_STRING);
     pub fn ASN1_STRING_length(x: *const ASN1_STRING) -> c_int;
+    pub fn ASN1_STRING_set(x: *mut ASN1_STRING, data: *const c_void, len_in: c_int) -> c_int;
+    pub fn ASN1_OCTET_STRING_set(
+        x: *mut ASN1_OCTET_STRING,
+        data: *const c_uchar,
+        len_in: c_int,
+    ) -> c_int;
 
-    pub fn ASN1_STRING_set(x: *mut ASN1_STRING, data: *const c_void, len: c_int) -> c_int;
+    pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);
+    pub fn ASN1_OCTET_STRING_free(x: *mut ASN1_OCTET_STRING);
 
     pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME);
     pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
@@ -53,10 +89,18 @@ extern "C" {
     pub fn ASN1_TIME_set_string(s: *mut ASN1_TIME, str: *const c_char) -> c_int;
     #[cfg(ossl111)]
     pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int;
+
+    pub fn ASN1_ENUMERATED_free(a: *mut ASN1_ENUMERATED);
+    #[cfg(ossl110)]
+    pub fn ASN1_ENUMERATED_get_int64(pr: *mut i64, a: *const ASN1_ENUMERATED) -> c_int;
+
+    pub fn ASN1_TYPE_free(x: *mut ASN1_TYPE);
 }
 
 const_ptr_api! {
     extern "C" {
         pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int;
+        pub fn ASN1_STRING_type(x: #[const_ptr_if(any(ossl110, libressl280))]  ASN1_STRING) -> c_int;
+        pub fn ASN1_generate_v3(str: #[const_ptr_if(any(ossl110, libressl280))] c_char, cnf: *mut X509V3_CTX) -> *mut ASN1_TYPE;
     }
 }

openssl-sys/src/handwritten/object.rs

@@ -27,4 +27,5 @@ extern "C" {
     pub fn OBJ_length(obj: *const ASN1_OBJECT) -> libc::size_t;
     #[cfg(ossl111)]
     pub fn OBJ_get0_data(obj: *const ASN1_OBJECT) -> *const c_uchar;
+    pub fn OBJ_cmp(a: *const ASN1_OBJECT, b: *const ASN1_OBJECT) -> c_int;
 }

openssl-sys/src/handwritten/pkcs7.rs

@@ -1,12 +1,149 @@
 use super::super::*;
 use libc::*;
 
-pub enum PKCS7_SIGNED {}
-pub enum PKCS7_ENVELOPE {}
-pub enum PKCS7_SIGN_ENVELOPE {}
-pub enum PKCS7_DIGEST {}
-pub enum PKCS7_ENCRYPT {}
-pub enum PKCS7 {}
+#[cfg(ossl300)]
+#[repr(C)]
+pub struct PKCS7_CTX {
+    libctx: *mut OSSL_LIB_CTX,
+    propq: *mut c_char,
+}
+
+#[repr(C)]
+pub struct PKCS7_SIGNED {
+    pub version: *mut ASN1_INTEGER,        /* version 1 */
+    pub md_algs: *mut stack_st_X509_ALGOR, /* md used */
+    pub cert: *mut stack_st_X509,          /* [ 0 ] */
+    pub crl: *mut stack_st_X509_CRL,       /* [ 1 ] */
+    pub signer_info: *mut stack_st_PKCS7_SIGNER_INFO,
+    pub contents: *mut PKCS7,
+}
+#[repr(C)]
+pub struct PKCS7_ENC_CONTENT {
+    pub content_type: *mut ASN1_OBJECT,
+    pub algorithm: *mut X509_ALGOR,
+    pub enc_data: *mut ASN1_OCTET_STRING, /* [ 0 ] */
+    pub cipher: *const EVP_CIPHER,
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+#[repr(C)]
+pub struct PKCS7_ENVELOPE {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub recipientinfo: *mut stack_st_PKCS7_RECIP_INFO,
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+}
+#[repr(C)]
+pub struct PKCS7_SIGN_ENVELOPE {
+    pub version: *mut ASN1_INTEGER,        /* version 1 */
+    pub md_algs: *mut stack_st_X509_ALGOR, /* md used */
+    pub cert: *mut stack_st_X509,          /* [ 0 ] */
+    pub crl: *mut stack_st_X509_CRL,       /* [ 1 ] */
+    pub signer_info: *mut stack_st_PKCS7_SIGNER_INFO,
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+    pub recipientinfo: *mut stack_st_PKCS7_RECIP_INFO,
+}
+#[repr(C)]
+pub struct PKCS7_DIGEST {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub md: *mut X509_ALGOR,        /* md used */
+    pub contents: *mut PKCS7,
+    pub digest: *mut ASN1_OCTET_STRING,
+}
+#[repr(C)]
+pub struct PKCS7_ENCRYPT {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+}
+
+extern "C" {
+    pub fn PKCS7_SIGNED_free(info: *mut PKCS7_SIGNED);
+    pub fn PKCS7_ENC_CONTENT_free(info: *mut PKCS7_ENC_CONTENT);
+    pub fn PKCS7_ENVELOPE_free(info: *mut PKCS7_ENVELOPE);
+    pub fn PKCS7_SIGN_ENVELOPE_free(info: *mut PKCS7_SIGN_ENVELOPE);
+    pub fn PKCS7_DIGEST_free(info: *mut PKCS7_DIGEST);
+    pub fn PKCS7_SIGNER_INFO_free(info: *mut PKCS7_SIGNER_INFO);
+    pub fn PKCS7_ENCRYPT_free(enc: *mut PKCS7_ENCRYPT);
+    pub fn PKCS7_ISSUER_AND_SERIAL_free(ias: *mut PKCS7_ISSUER_AND_SERIAL);
+    pub fn PKCS7_RECIP_INFO_free(info: *mut PKCS7_RECIP_INFO);
+}
+
+#[repr(C)]
+pub struct PKCS7 {
+    /*
+     * The following is non NULL if it contains ASN1 encoding of this
+     * structure
+     */
+    pub asn1: *mut c_uchar,
+    pub length: c_long,
+    // # define PKCS7_S_HEADER  0
+    // # define PKCS7_S_BODY    1
+    // # define PKCS7_S_TAIL    2
+    pub state: c_int, /* used during processing */
+    pub detached: c_int,
+    pub type_: *mut ASN1_OBJECT,
+    /* content as defined by the type */
+    /*
+     * all encryption/message digests are applied to the 'contents', leaving
+     * out the 'type' field.
+     */
+    pub d: PKCS7_data,
+    #[cfg(ossl300)]
+    pub ctx: PKCS7_CTX,
+}
+
+#[repr(C)]
+pub union PKCS7_data {
+    pub ptr: *mut c_char,
+    /* NID_pkcs7_data */
+    pub data: *mut ASN1_OCTET_STRING,
+    /* NID_pkcs7_signed */
+    pub sign: *mut PKCS7_SIGNED,
+    /* NID_pkcs7_enveloped */
+    pub enveloped: *mut PKCS7_ENVELOPE,
+    /* NID_pkcs7_signedAndEnveloped */
+    pub signed_and_enveloped: *mut PKCS7_SIGN_ENVELOPE,
+    /* NID_pkcs7_digest */
+    pub digest: *mut PKCS7_DIGEST,
+    /* NID_pkcs7_encrypted */
+    pub encrypted: *mut PKCS7_ENCRYPT,
+    /* Anything else */
+    pub other: *mut ASN1_TYPE,
+}
+
+#[repr(C)]
+pub struct PKCS7_ISSUER_AND_SERIAL {
+    pub issuer: *mut X509_NAME,
+    pub serial: *mut ASN1_INTEGER,
+}
+
+#[repr(C)]
+pub struct PKCS7_SIGNER_INFO {
+    pub version: *mut ASN1_INTEGER, /* version 1 */
+    pub issuer_and_serial: *mut PKCS7_ISSUER_AND_SERIAL,
+    pub digest_alg: *mut X509_ALGOR,
+    pub auth_attr: *mut stack_st_X509_ATTRIBUTE, /* [ 0 ] */
+    pub digest_enc_alg: *mut X509_ALGOR,
+    pub enc_digest: *mut ASN1_OCTET_STRING,
+    pub unauth_attr: *mut stack_st_X509_ATTRIBUTE, /* [ 1 ] */
+    pub pkey: *mut EVP_PKEY,                       /* The private key to sign with */
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+
+stack!(stack_st_PKCS7_SIGNER_INFO);
+
+#[repr(C)]
+pub struct PKCS7_RECIP_INFO {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub issuer_and_serial: *mut PKCS7_ISSUER_AND_SERIAL,
+    pub key_enc_algor: *mut X509_ALGOR,
+    pub enc_key: *mut ASN1_OCTET_STRING,
+    pub cert: *mut X509, /* get the pub-key from this */
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+
+stack!(stack_st_PKCS7_RECIP_INFO);
 
 extern "C" {
     pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7;
@@ -15,6 +152,7 @@ extern "C" {
 const_ptr_api! {
     extern "C" {
         pub fn i2d_PKCS7(a: #[const_ptr_if(ossl300)] PKCS7, buf: *mut *mut u8) -> c_int;
+        pub fn i2d_PKCS7_bio(bio: *mut BIO, p7: #[const_ptr_if(ossl300)]  PKCS7) -> c_int;
     }
 }
 
@@ -67,4 +205,53 @@ extern "C" {
     ) -> c_int;
 
     pub fn SMIME_read_PKCS7(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut PKCS7;
+
+    pub fn PKCS7_new() -> *mut PKCS7;
+
+    pub fn PKCS7_set_type(p7: *mut PKCS7, nid_pkcs7: c_int) -> c_int;
+
+    pub fn PKCS7_add_certificate(p7: *mut PKCS7, x509: *mut X509) -> c_int;
+
+    pub fn PKCS7_add_signature(
+        p7: *mut PKCS7,
+        x509: *mut X509,
+        pkey: *mut EVP_PKEY,
+        digest: *const EVP_MD,
+    ) -> *mut PKCS7_SIGNER_INFO;
+
+    pub fn PKCS7_set_signed_attributes(
+        p7si: *mut PKCS7_SIGNER_INFO,
+        attributes: *mut stack_st_X509_ATTRIBUTE,
+    ) -> c_int;
+
+    pub fn PKCS7_add_signed_attribute(
+        p7si: *mut PKCS7_SIGNER_INFO,
+        nid: c_int,
+        attrtype: c_int,
+        data: *mut c_void,
+    ) -> c_int;
+
+    pub fn PKCS7_content_new(p7: *mut PKCS7, nid_pkcs7: c_int) -> c_int;
+
+    pub fn PKCS7_dataInit(p7: *mut PKCS7, bio: *mut BIO) -> *mut BIO;
+
+    pub fn PKCS7_dataFinal(p7: *mut PKCS7, bio: *mut BIO) -> c_int;
+
+    pub fn PKCS7_get_signer_info(p7: *mut PKCS7) -> *mut stack_st_PKCS7_SIGNER_INFO;
+
+    pub fn PKCS7_SIGNER_INFO_get0_algs(
+        si: *mut PKCS7_SIGNER_INFO,
+        pk: *mut *mut EVP_PKEY,
+        pdig: *mut *mut X509_ALGOR,
+        psig: *mut *mut X509_ALGOR,
+    );
+}
+
+const_ptr_api! {
+    extern "C" {
+        pub fn PKCS7_get_signed_attribute(
+            si: #[const_ptr_if(ossl300)] PKCS7_SIGNER_INFO,
+            nid: c_int
+        ) -> *mut ASN1_TYPE;
+    }
 }