Merge pull request #1906 from qwandor/bitflags

Update to bitflags 2.2.1.
sfackler · Aug 26, 2023 · b60f3b8 · b60f3b8
2 parents 528c3d7 + e483e78
commit b60f3b8
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 21 deletions.
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
@@ -23,7 +23,7 @@ unstable_boringssl = ["ffi/unstable_boringssl"]
 default = []
 
 [dependencies]
-bitflags = "1.0"
+bitflags = "2.2.1"
 cfg-if = "1.0"
 foreign-types = "0.3.1"
 libc = "0.2"

diff --git a/openssl/src/cms.rs b/openssl/src/cms.rs
@@ -20,6 +20,8 @@ use crate::{cvt, cvt_p};
 use openssl_macros::corresponds;
 
 bitflags! {
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct CMSOptions : c_uint {
         const TEXT = ffi::CMS_TEXT;
         const CMS_NOCERTS = ffi::CMS_NOCERTS;

diff --git a/openssl/src/ocsp.rs b/openssl/src/ocsp.rs
@@ -15,6 +15,8 @@ use crate::{cvt, cvt_p};
 use openssl_macros::corresponds;
 
 bitflags! {
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct OcspFlag: c_ulong {
         const NO_CERTS = ffi::OCSP_NOCERTS;
         const NO_INTERN = ffi::OCSP_NOINTERN;

diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs
@@ -28,6 +28,8 @@ foreign_type_and_impl_send_sync! {
 }
 
 bitflags! {
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct Pkcs7Flags: c_int {
         const TEXT = ffi::PKCS7_TEXT;
         const NOCERTS = ffi::PKCS7_NOCERTS;
@@ -111,7 +113,7 @@ impl Pkcs7 {
                 certs.as_ptr(),
                 input_bio.as_ptr(),
                 cipher.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(Pkcs7)
         }
@@ -141,7 +143,7 @@ impl Pkcs7 {
                 pkey.as_ptr(),
                 certs.as_ptr(),
                 input_bio.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(Pkcs7)
         }
@@ -159,7 +161,7 @@ impl Pkcs7Ref {
                 output.as_ptr(),
                 self.as_ptr(),
                 input_bio.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(|_| output.get_buf().to_owned())
         }
@@ -205,7 +207,7 @@ impl Pkcs7Ref {
                 pkey.as_ptr(),
                 cert.as_ptr(),
                 output.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(|_| output.get_buf().to_owned())
         }
@@ -241,7 +243,7 @@ impl Pkcs7Ref {
                 store.as_ptr(),
                 indata_bio_ptr,
                 out_bio.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(|_| ())?
         }
@@ -265,7 +267,7 @@ impl Pkcs7Ref {
             let ptr = cvt_p(ffi::PKCS7_get0_signers(
                 self.as_ptr(),
                 certs.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))?;
 
             // The returned stack is owned by the caller, but the certs inside are not! Our stack interface can't deal

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
@@ -143,6 +143,8 @@ cfg_if! {
 
 bitflags! {
     /// Options controlling the behavior of an `SslContext`.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct SslOptions: SslOptionsRepr {
         /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.
         const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr;
@@ -281,6 +283,8 @@ bitflags! {
 
 bitflags! {
     /// Options controlling the behavior of an `SslContext`.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct SslMode: SslBitType {
         /// Enables "short writes".
         ///
@@ -378,6 +382,8 @@ unsafe impl Send for SslMethod {}
 
 bitflags! {
     /// Options controlling the behavior of certificate verification.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct SslVerifyMode: i32 {
         /// Verifies that the peer's certificate is trusted.
         ///
@@ -410,6 +416,8 @@ type SslTimeTy = c_long;
 
 bitflags! {
     /// Options controlling the behavior of session caching.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct SslSessionCacheMode: SslBitType {
         /// No session caching for the client or server takes place.
         const OFF = ffi::SSL_SESS_CACHE_OFF;
@@ -447,6 +455,8 @@ bitflags! {
 #[cfg(ossl111)]
 bitflags! {
     /// Which messages and under which conditions an extension should be added or expected.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct ExtensionContext: c_uint {
         /// This extension is only allowed in TLS
         const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY;
@@ -735,7 +745,7 @@ impl SslContextBuilder {
     #[corresponds(SSL_CTX_set_verify)]
     pub fn set_verify(&mut self, mode: SslVerifyMode) {
         unsafe {
-            ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, None);
+            ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, None);
         }
     }
 
@@ -752,7 +762,7 @@ impl SslContextBuilder {
     {
         unsafe {
             self.set_ex_data(SslContext::cached_ex_index::<F>(), verify);
-            ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::<F>));
+            ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, Some(raw_verify::<F>));
         }
     }
 
@@ -839,7 +849,7 @@ impl SslContextBuilder {
     pub fn set_mode(&mut self, mode: SslMode) -> SslMode {
         unsafe {
             let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits() as MtuTy) as SslBitType;
-            SslMode { bits }
+            SslMode::from_bits_retain(bits)
         }
     }
 
@@ -1111,22 +1121,22 @@ impl SslContextBuilder {
     pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
         let bits =
             unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) } as SslOptionsRepr;
-        SslOptions { bits }
+        SslOptions::from_bits_retain(bits)
     }
 
     /// Returns the options used by the context.
     #[corresponds(SSL_CTX_get_options)]
     pub fn options(&self) -> SslOptions {
         let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) } as SslOptionsRepr;
-        SslOptions { bits }
+        SslOptions::from_bits_retain(bits)
     }
 
     /// Clears the options used by the context, returning the old set.
     #[corresponds(SSL_CTX_clear_options)]
     pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
         let bits =
             unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) } as SslOptionsRepr;
-        SslOptions { bits }
+        SslOptions::from_bits_retain(bits)
     }
 
     /// Sets the minimum supported protocol version.
@@ -1475,7 +1485,7 @@ impl SslContextBuilder {
     pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode {
         unsafe {
             let bits = ffi::SSL_CTX_set_session_cache_mode(self.as_ptr(), mode.bits());
-            SslSessionCacheMode { bits }
+            SslSessionCacheMode::from_bits_retain(bits)
         }
     }
 
@@ -2350,7 +2360,7 @@ impl SslRef {
     /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify
     #[corresponds(SSL_set_verify)]
     pub fn set_verify(&mut self, mode: SslVerifyMode) {
-        unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) }
+        unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits() as c_int, None) }
     }
 
     /// Returns the verify mode that was set using `set_verify`.
@@ -2371,7 +2381,11 @@ impl SslRef {
         unsafe {
             // this needs to be in an Arc since the callback can register a new callback!
             self.set_ex_data(Ssl::cached_ex_index(), Arc::new(verify));
-            ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>));
+            ffi::SSL_set_verify(
+                self.as_ptr(),
+                mode.bits() as c_int,
+                Some(ssl_raw_verify::<F>),
+            );
         }
     }
 
@@ -3718,7 +3732,7 @@ impl<S: Read + Write> SslStream<S> {
     pub fn get_shutdown(&mut self) -> ShutdownState {
         unsafe {
             let bits = ffi::SSL_get_shutdown(self.ssl.as_ptr());
-            ShutdownState { bits }
+            ShutdownState::from_bits_retain(bits)
         }
     }
 
@@ -4051,6 +4065,8 @@ pub enum ShutdownResult {
 
 bitflags! {
     /// The shutdown state of a session.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct ShutdownState: c_int {
         /// A close notify message has been sent to the peer.
         const SENT = ffi::SSL_SENT_SHUTDOWN;

diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs
@@ -11,6 +11,8 @@ use openssl_macros::corresponds;
 
 bitflags! {
     /// Flags used to check an `X509` certificate.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct X509CheckFlags: c_uint {
         const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;
         const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS;
@@ -28,6 +30,8 @@ bitflags! {
 
 bitflags! {
     /// Flags used to verify an `X509` certificate chain.
+    #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
+    #[repr(transparent)]
     pub struct X509VerifyFlags: c_ulong {
         const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK;
         const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME;
@@ -87,14 +91,20 @@ impl X509VerifyParamRef {
     #[corresponds(X509_VERIFY_PARAM_set_hostflags)]
     pub fn set_hostflags(&mut self, hostflags: X509CheckFlags) {
         unsafe {
-            ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits);
+            ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits());
         }
     }
 
     /// Set verification flags.
     #[corresponds(X509_VERIFY_PARAM_set_flags)]
     pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> {
-        unsafe { cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits)).map(|_| ()) }
+        unsafe {
+            cvt(ffi::X509_VERIFY_PARAM_set_flags(
+                self.as_ptr(),
+                flags.bits(),
+            ))
+            .map(|_| ())
+        }
     }
 
     /// Clear verification flags.
@@ -103,7 +113,7 @@ impl X509VerifyParamRef {
         unsafe {
             cvt(ffi::X509_VERIFY_PARAM_clear_flags(
                 self.as_ptr(),
-                flags.bits,
+                flags.bits(),
             ))
             .map(|_| ())
         }
@@ -113,7 +123,7 @@ impl X509VerifyParamRef {
     #[corresponds(X509_VERIFY_PARAM_get_flags)]
     pub fn flags(&mut self) -> X509VerifyFlags {
         let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) };
-        X509VerifyFlags { bits }
+        X509VerifyFlags::from_bits_retain(bits)
     }
 
     /// Set the expected DNS hostname.