add openssl 3.0 set_dh_auto

zh-jq · zh-jq · commit 5abf943bdc8a · 2024-01-24T11:29:57.000+08:00
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
@@ -374,6 +374,8 @@ pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
 pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
 #[cfg(ossl300)]
 pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
+#[cfg(ossl300)]
+pub const SSL_CTRL_SET_DH_AUTO: c_int = 118;
 #[cfg(ossl110)]
 pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
 #[cfg(any(ossl110, libressl261))]
@@ -388,6 +390,11 @@ pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
 #[cfg(ossl300)]
 pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;
 
+#[cfg(ossl300)]
+pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut()) as c_int
+}
+
 pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
     SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
 }
@@ -396,6 +403,11 @@ pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_lon
     SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
 }
 
+#[cfg(ossl300)]
+pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
+    SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut()) as c_int
+}
+
 pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
     SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
 }
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -938,6 +938,20 @@ impl SslContextBuilder {
         }
     }
 
+    /// Configure OpenSSL to use the default built-in DH parameters.
+    ///
+    /// If “auto” DH parameters are switched on then the parameters will be selected to be
+    /// consistent with the size of the key associated with the server's certificate.
+    /// If there is no certificate (e.g. for PSK ciphersuites), then it it will be consistent
+    /// with the size of the negotiated symmetric cipher key.
+    ///
+    /// Requires OpenSSL 3.0.0.
+    #[corresponds(SSL_CTX_set_dh_auto)]
+    #[cfg(ossl300)]
+    pub fn set_dh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
+        unsafe { cvt(ffi::SSL_CTX_set_dh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
+    }
+
     /// Sets the parameters to be used during ephemeral Diffie-Hellman key exchange.
     #[corresponds(SSL_CTX_set_tmp_dh)]
     pub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack> {
@@ -2708,6 +2722,15 @@ impl SslRef {
         }
     }
 
+    /// Like [`SslContextBuilder::set_dh_auto`].
+    ///
+    /// [`SslContextBuilder::set_dh_auto`]: struct.SslContextBuilder.html#method.set_dh_auto
+    #[corresponds(SSL_set_dh_auto)]
+    #[cfg(ossl300)]
+    pub fn set_dh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
+        unsafe { cvt(ffi::SSL_set_dh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
+    }
+
     /// Like [`SslContextBuilder::set_tmp_dh`].
     ///
     /// [`SslContextBuilder::set_tmp_dh`]: struct.SslContextBuilder.html#method.set_tmp_dh
