min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'release-v0.7.5' into release

This commit is contained in:
Steven Fackler 2016-01-22 15:57:24 -08:00
parent 3fdfe56f25 2ece5b1039
commit 1417ebdd6e
14 changed files with 379 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -2,7 +2,7 @@
[![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.3/openssl). [Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl).
## Building ## Building

6
openssl-sys-extras/Cargo.toml
View File

@ -1,11 +1,11 @@
[package] [package]
name = "openssl-sys-extras" name = "openssl-sys-extras"
version = "0.7.4" version = "0.7.5"
authors = ["Steven Fackler <sfackler@gmail.com>"] authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "MIT" license = "MIT"
description = "Extra FFI bindings to OpenSSL that require a C shim" description = "Extra FFI bindings to OpenSSL that require a C shim"
repository = "https://github.com/sfackler/rust-openssl" repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.4/openssl_sys_extras" documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl_sys_extras"
build = "build.rs" build = "build.rs"
[features] [features]
@ -13,7 +13,7 @@ ecdh_auto = []
[dependencies] [dependencies]
libc = "0.2" libc = "0.2"
openssl-sys = { version = "0.7.4", path = "../openssl-sys" } openssl-sys = { version = "0.7.5", path = "../openssl-sys" }
[build-dependencies] [build-dependencies]
gcc = "0.3" gcc = "0.3"

2
openssl-sys-extras/src/lib.rs
View File

@ -1,5 +1,5 @@
#![allow(non_upper_case_globals, non_snake_case)] #![allow(non_upper_case_globals, non_snake_case)]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.4")] #![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")]
extern crate openssl_sys; extern crate openssl_sys;
extern crate libc; extern crate libc;

4
openssl-sys/Cargo.toml
View File

@ -1,12 +1,12 @@
[package] [package]
name = "openssl-sys" name = "openssl-sys"
version = "0.7.4" version = "0.7.5"
authors = ["Alex Crichton <alex@alexcrichton.com>", authors = ["Alex Crichton <alex@alexcrichton.com>",
"Steven Fackler <sfackler@gmail.com>"] "Steven Fackler <sfackler@gmail.com>"]
license = "MIT" license = "MIT"
description = "FFI bindings to OpenSSL" description = "FFI bindings to OpenSSL"
repository = "https://github.com/sfackler/rust-openssl" repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.4/openssl_sys" documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl_sys"
links = "openssl" links = "openssl"
build = "build.rs" build = "build.rs"

6
openssl-sys/src/lib.rs
View File

@ -1,6 +1,6 @@
#![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
#![allow(dead_code)] #![allow(dead_code)]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.4")] #![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")]
extern crate libc; extern crate libc;
@ -48,7 +48,6 @@ pub type bio_info_cb = Option<unsafe extern "C" fn(*mut BIO,
#[repr(C)] #[repr(C)]
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
#[allow(raw_pointer_derive)]
pub struct BIO_METHOD { pub struct BIO_METHOD {
pub type_: c_int, pub type_: c_int,
pub name: *const c_char, pub name: *const c_char,
@ -527,6 +526,9 @@ extern "C" {
pub fn PEM_read_bio_PUBKEY(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: Option<PasswordCallback>, pub fn PEM_read_bio_PUBKEY(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: Option<PasswordCallback>,
user_data: *mut c_void) -> *mut X509; user_data: *mut c_void) -> *mut X509;
pub fn PEM_read_bio_RSAPrivateKey(bio: *mut BIO, rsa: *mut *mut RSA, callback: Option<PasswordCallback>, user_data: *mut c_void) -> *mut RSA;
pub fn PEM_read_bio_RSA_PUBKEY(bio: *mut BIO, rsa: *mut *mut RSA, callback: Option<PasswordCallback>, user_data: *mut c_void) -> *mut RSA;
pub fn PEM_write_bio_PrivateKey(bio: *mut BIO, pkey: *mut EVP_PKEY, cipher: *const EVP_CIPHER, pub fn PEM_write_bio_PrivateKey(bio: *mut BIO, pkey: *mut EVP_PKEY, cipher: *const EVP_CIPHER,
kstr: *mut c_char, klen: c_int, kstr: *mut c_char, klen: c_int,
callback: Option<PasswordCallback>, callback: Option<PasswordCallback>,

10
openssl/Cargo.toml
View File

@ -1,11 +1,11 @@
[package] [package]
name = "openssl" name = "openssl"
version = "0.7.4" version = "0.7.5"
authors = ["Steven Fackler <sfackler@gmail.com>"] authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "Apache-2.0" license = "Apache-2.0"
description = "OpenSSL bindings" description = "OpenSSL bindings"
repository = "https://github.com/sfackler/rust-openssl" repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.4/openssl" documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.5/openssl"
readme = "../README.md" readme = "../README.md"
keywords = ["crypto", "tls", "ssl", "dtls"] keywords = ["crypto", "tls", "ssl", "dtls"]
build = "build.rs" build = "build.rs"
@ -25,12 +25,14 @@ rfc5114 = ["openssl-sys/rfc5114"]
ecdh_auto = ["openssl-sys-extras/ecdh_auto"] ecdh_auto = ["openssl-sys-extras/ecdh_auto"]
pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"] pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
nightly = []
[dependencies] [dependencies]
bitflags = ">= 0.2, < 0.4" bitflags = ">= 0.2, < 0.4"
lazy_static = "0.1" lazy_static = "0.1"
libc = "0.2" libc = "0.2"
openssl-sys = { version = "0.7.4", path = "../openssl-sys" } openssl-sys = { version = "0.7.5", path = "../openssl-sys" }
openssl-sys-extras = { version = "0.7.4", path = "../openssl-sys-extras" } openssl-sys-extras = { version = "0.7.5", path = "../openssl-sys-extras" }
[build-dependencies] [build-dependencies]
gcc = "0.3" gcc = "0.3"

8
openssl/src/c_helpers.c
View File

@ -7,3 +7,11 @@ void rust_SSL_clone(SSL *ssl) {
void rust_SSL_CTX_clone(SSL_CTX *ctx) { void rust_SSL_CTX_clone(SSL_CTX *ctx) {
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
} }
void rust_EVP_PKEY_clone(EVP_PKEY *pkey) {
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
}
void rust_X509_clone(X509 *x509) {
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
}

85
openssl/src/crypto/pkey.rs
View File

@ -52,11 +52,18 @@ fn openssl_hash_nid(hash: HashType) -> c_int {
} }
} }
extern "C" {
fn rust_EVP_PKEY_clone(pkey: *mut ffi::EVP_PKEY);
}
pub struct PKey { pub struct PKey {
evp: *mut ffi::EVP_PKEY, evp: *mut ffi::EVP_PKEY,
parts: Parts, parts: Parts,
} }
unsafe impl Send for PKey {}
unsafe impl Sync for PKey {}
/// Represents a public key, optionally with a private key attached. /// Represents a public key, optionally with a private key attached.
impl PKey { impl PKey {
pub fn new() -> PKey { pub fn new() -> PKey {
@ -118,6 +125,54 @@ impl PKey {
} }
} }
/// Reads an RSA private key from PEM, takes ownership of handle
pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
ptr::null_mut(),
None,
ptr::null_mut()));
let evp = ffi::EVP_PKEY_new();
if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
return Err(SslError::get());
}
Ok(PKey {
evp: evp,
parts: Parts::Public,
})
}
}
/// Reads an RSA public key from PEM, takes ownership of handle
pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(),
ptr::null_mut(),
None,
ptr::null_mut()));
let evp = ffi::EVP_PKEY_new();
if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
return Err(SslError::get());
}
Ok(PKey {
evp: evp,
parts: Parts::Public,
})
}
}
fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec<u8> { fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec<u8> {
unsafe { unsafe {
let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
@ -549,6 +604,16 @@ impl Drop for PKey {
} }
} }
impl Clone for PKey {
fn clone(&self) -> Self {
unsafe {
rust_EVP_PKEY_clone(self.evp);
}
PKey::from_handle(self.evp, self.parts)
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use std::path::Path; use std::path::Path;
@ -613,6 +678,26 @@ mod tests {
super::PKey::public_key_from_pem(&mut file).unwrap(); super::PKey::public_key_from_pem(&mut file).unwrap();
} }
#[test]
fn test_private_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem");
let mut file = File::open(&key_path)
.ok()
.expect("Failed to open `test/key.pem`");
super::PKey::private_rsa_key_from_pem(&mut file).unwrap();
}
#[test]
fn test_public_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem.pub");
let mut file = File::open(&key_path)
.ok()
.expect("Failed to open `test/key.pem.pub`");
super::PKey::public_rsa_key_from_pem(&mut file).unwrap();
}
#[test] #[test]
fn test_private_encrypt() { fn test_private_encrypt() {
let mut k0 = super::PKey::new(); let mut k0 = super::PKey::new();

3
openssl/src/lib.rs
View File

@ -1,4 +1,5 @@
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.4")] #![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.5")]
#![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))]
#[macro_use] #[macro_use]
extern crate bitflags; extern crate bitflags;

98
openssl/src/ssl/bio.rs
View File

@ -1,11 +1,12 @@
use libc::{c_char, c_int, c_long, c_void, strlen}; use libc::{c_char, c_int, c_long, c_void, strlen};
use ffi::{BIO, BIO_METHOD, BIO_CTRL_FLUSH, BIO_TYPE_NONE, BIO_new}; use ffi::{BIO, BIO_METHOD, BIO_CTRL_FLUSH, BIO_TYPE_NONE, BIO_new};
use ffi_extras::{BIO_clear_retry_flags, BIO_set_retry_read, BIO_set_retry_write}; use ffi_extras::{BIO_clear_retry_flags, BIO_set_retry_read, BIO_set_retry_write};
use std::any::Any;
use std::io; use std::io;
use std::io::prelude::*; use std::io::prelude::*;
use std::mem; use std::mem;
use std::slice;
use std::ptr; use std::ptr;
use std::slice;
use std::sync::Arc; use std::sync::Arc;
use ssl::error::SslError; use ssl::error::SslError;
@ -16,6 +17,7 @@ const NAME: [c_char; 5] = [114, 117, 115, 116, 0];
pub struct StreamState<S> { pub struct StreamState<S> {
pub stream: S, pub stream: S,
pub error: Option<io::Error>, pub error: Option<io::Error>,
pub panic: Option<Box<Any + Send>>,
} }
pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, Arc<BIO_METHOD>), SslError> { pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, Arc<BIO_METHOD>), SslError> {
@ -35,6 +37,7 @@ pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, Arc<BIO_METHOD>), Ss
let state = Box::new(StreamState { let state = Box::new(StreamState {
stream: stream, stream: stream,
error: None, error: None,
panic: None,
}); });
unsafe { unsafe {
@ -51,6 +54,12 @@ pub unsafe fn take_error<S>(bio: *mut BIO) -> Option<io::Error> {
state.error.take() state.error.take()
} }
#[cfg_attr(not(feature = "nightly"), allow(dead_code))]
pub unsafe fn take_panic<S>(bio: *mut BIO) -> Option<Box<Any + Send>> {
let state = state::<S>(bio);
state.panic.take()
}
pub unsafe fn get_ref<'a, S: 'a>(bio: *mut BIO) -> &'a S { pub unsafe fn get_ref<'a, S: 'a>(bio: *mut BIO) -> &'a S {
let state: &'a StreamState<S> = mem::transmute((*bio).ptr); let state: &'a StreamState<S> = mem::transmute((*bio).ptr);
&state.stream &state.stream
@ -64,20 +73,69 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
mem::transmute((*bio).ptr) mem::transmute((*bio).ptr)
} }
#[cfg(feature = "nightly")]
fn recover<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T + ::std::panic::RecoverSafe {
::std::panic::recover(f)
}
#[cfg(not(feature = "nightly"))]
fn recover<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
Ok(f())
}
#[cfg(feature = "nightly")]
use std::panic::AssertRecoverSafe;
#[cfg(not(feature = "nightly"))]
struct AssertRecoverSafe<T>(T);
#[cfg(not(feature = "nightly"))]
impl<T> AssertRecoverSafe<T> {
fn new(t: T) -> Self {
AssertRecoverSafe(t)
}
}
#[cfg(not(feature = "nightly"))]
impl<T> ::std::ops::Deref for AssertRecoverSafe<T> {
type Target = T;
fn deref(&self) -> &T {
&self.0
}
}
#[cfg(not(feature = "nightly"))]
impl<T> ::std::ops::DerefMut for AssertRecoverSafe<T> {
fn deref_mut(&mut self) -> &mut T {
&mut self.0
}
}
unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int { unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int {
BIO_clear_retry_flags(bio); BIO_clear_retry_flags(bio);
let state = state::<S>(bio); let state = state::<S>(bio);
let buf = slice::from_raw_parts(buf as *const _, len as usize); let buf = slice::from_raw_parts(buf as *const _, len as usize);
match state.stream.write(buf) {
Ok(len) => len as c_int, let result = {
Err(err) => { let mut youre_not_my_supervisor = AssertRecoverSafe::new(&mut *state);
recover(move || youre_not_my_supervisor.stream.write(buf))
};
match result {
Ok(Ok(len)) => len as c_int,
Ok(Err(err)) => {
if retriable_error(&err) { if retriable_error(&err) {
BIO_set_retry_write(bio); BIO_set_retry_write(bio);
} }
state.error = Some(err); state.error = Some(err);
-1 -1
} }
Err(err) => {
state.panic = Some(err);
-1
}
} }
} }
@ -86,15 +144,26 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
let state = state::<S>(bio); let state = state::<S>(bio);
let buf = slice::from_raw_parts_mut(buf as *mut _, len as usize); let buf = slice::from_raw_parts_mut(buf as *mut _, len as usize);
match state.stream.read(buf) {
Ok(len) => len as c_int, let result = {
Err(err) => { let mut youre_not_my_supervisor = AssertRecoverSafe::new(&mut *state);
let mut fuuuu = AssertRecoverSafe::new(buf);
recover(move || youre_not_my_supervisor.stream.read(&mut *fuuuu))
};
match result {
Ok(Ok(len)) => len as c_int,
Ok(Err(err)) => {
if retriable_error(&err) { if retriable_error(&err) {
BIO_set_retry_read(bio); BIO_set_retry_read(bio);
} }
state.error = Some(err); state.error = Some(err);
-1 -1
} }
Err(err) => {
state.panic = Some(err);
-1
}
} }
} }
@ -116,12 +185,21 @@ unsafe extern "C" fn ctrl<S: Write>(bio: *mut BIO,
-> c_long { -> c_long {
if cmd == BIO_CTRL_FLUSH { if cmd == BIO_CTRL_FLUSH {
let state = state::<S>(bio); let state = state::<S>(bio);
match state.stream.flush() { let result = {
Ok(()) => 1, let mut youre_not_my_supervisor = AssertRecoverSafe::new(&mut *state);
Err(err) => { recover(move || youre_not_my_supervisor.stream.flush())
};
match result {
Ok(Ok(())) => 1,
Ok(Err(err)) => {
state.error = Some(err); state.error = Some(err);
0 0
} }
Err(err) => {
state.panic = Some(err);
0
}
} }
} else { } else {
0 0

85
openssl/src/ssl/mod.rs
View File

@ -26,8 +26,7 @@ use std::os::windows::io::{AsRawSocket, RawSocket};
use ffi; use ffi;
use ffi_extras; use ffi_extras;
use dh::DH; use dh::DH;
use ssl::error::{NonblockingSslError, SslError, StreamError, OpenSslErrors, OpenSslError, use ssl::error::{NonblockingSslError, SslError, OpenSslError, OpensslError};
OpensslError};
use x509::{X509StoreContext, X509FileType, X509}; use x509::{X509StoreContext, X509FileType, X509};
use crypto::pkey::PKey; use crypto::pkey::PKey;
@ -482,6 +481,8 @@ fn wrap_ssl_result(res: c_int) -> Result<(), SslError> {
} }
/// An SSL context object /// An SSL context object
///
/// Internally ref-counted, use `.clone()` in the same way as Rc and Arc.
pub struct SslContext { pub struct SslContext {
ctx: *mut ffi::SSL_CTX, ctx: *mut ffi::SSL_CTX,
} }
@ -489,6 +490,12 @@ pub struct SslContext {
unsafe impl Send for SslContext {} unsafe impl Send for SslContext {}
unsafe impl Sync for SslContext {} unsafe impl Sync for SslContext {}
impl Clone for SslContext {
fn clone(&self) -> Self {
unsafe { SslContext::new_ref(self.ctx) }
}
}
// TODO: add useful info here // TODO: add useful info here
impl fmt::Debug for SslContext { impl fmt::Debug for SslContext {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
@ -503,6 +510,12 @@ impl Drop for SslContext {
} }
impl SslContext { impl SslContext {
// Create a new SslContext given an existing ref, and incriment ref-count appropriately.
unsafe fn new_ref(ctx: *mut ffi::SSL_CTX) -> SslContext {
rust_SSL_CTX_clone(ctx);
SslContext { ctx: ctx }
}
/// Creates a new SSL context. /// Creates a new SSL context.
pub fn new(method: SslMethod) -> Result<SslContext, SslError> { pub fn new(method: SslMethod) -> Result<SslContext, SslError> {
init(); init();
@ -956,16 +969,27 @@ impl Ssl {
} }
/// change the context corresponding to the current connection /// change the context corresponding to the current connection
///
/// Returns a clone of the SslContext @ctx (ie: the new context). The old context is freed.
pub fn set_ssl_context(&self, ctx: &SslContext) -> SslContext { pub fn set_ssl_context(&self, ctx: &SslContext) -> SslContext {
SslContext { ctx: unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } } // If duplication of @ctx's cert fails, this returns NULL. This _appears_ to only occur on
// allocation failures (meaning panicing is probably appropriate), but it might be nice to
// propogate the error.
assert!(unsafe { ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx) } != ptr::null_mut());
// FIXME: we return this reference here for compatibility, but it isn't actually required.
// This should be removed when a api-incompatabile version is to be released.
//
// ffi:SSL_set_SSL_CTX() returns copy of the ctx pointer passed to it, so it's easier for
// us to do the clone directly.
ctx.clone()
} }
/// obtain the context corresponding to the current connection /// obtain the context corresponding to the current connection
pub fn get_ssl_context(&self) -> SslContext { pub fn get_ssl_context(&self) -> SslContext {
unsafe { unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl); let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl);
rust_SSL_CTX_clone(ssl_ctx); SslContext::new_ref(ssl_ctx)
SslContext { ctx: ssl_ctx }
} }
} }
} }
@ -1070,10 +1094,9 @@ impl<S: Read + Write> SslStream<S> {
if ret > 0 { if ret > 0 {
Ok(stream) Ok(stream)
} else { } else {
match stream.make_error(ret) { match stream.make_old_error(ret) {
// This is fine - nonblocking sockets will finish the handshake in read/write Some(err) => Err(err),
Error::WantRead(..) | Error::WantWrite(..) => Ok(stream), None => Ok(stream),
_ => Err(stream.make_old_error(ret)),
} }
} }
} }
@ -1086,10 +1109,9 @@ impl<S: Read + Write> SslStream<S> {
if ret > 0 { if ret > 0 {
Ok(stream) Ok(stream)
} else { } else {
match stream.make_error(ret) { match stream.make_old_error(ret) {
// This is fine - nonblocking sockets will finish the handshake in read/write Some(err) => Err(err),
Error::WantRead(..) | Error::WantWrite(..) => Ok(stream), None => Ok(stream),
_ => Err(stream.make_old_error(ret)),
} }
} }
} }
@ -1137,6 +1159,8 @@ impl<S: Read + Write> SslStream<S> {
impl<S> SslStream<S> { impl<S> SslStream<S> {
fn make_error(&mut self, ret: c_int) -> Error { fn make_error(&mut self, ret: c_int) -> Error {
self.check_panic();
match self.ssl.get_error(ret) { match self.ssl.get_error(ret) {
LibSslError::ErrorSsl => Error::Ssl(OpenSslError::get_stack()), LibSslError::ErrorSsl => Error::Ssl(OpenSslError::get_stack()),
LibSslError::ErrorSyscall => { LibSslError::ErrorSyscall => {
@ -1162,9 +1186,11 @@ impl<S> SslStream<S> {
} }
} }
fn make_old_error(&mut self, ret: c_int) -> SslError { fn make_old_error(&mut self, ret: c_int) -> Option<SslError> {
self.check_panic();
match self.ssl.get_error(ret) { match self.ssl.get_error(ret) {
LibSslError::ErrorSsl => SslError::get(), LibSslError::ErrorSsl => Some(SslError::get()),
LibSslError::ErrorSyscall => { LibSslError::ErrorSyscall => {
let err = SslError::get(); let err = SslError::get();
let count = match err { let count = match err {
@ -1173,26 +1199,35 @@ impl<S> SslStream<S> {
}; };
if count == 0 { if count == 0 {
if ret == 0 { if ret == 0 {
SslError::StreamError(io::Error::new(io::ErrorKind::ConnectionAborted, Some(SslError::StreamError(io::Error::new(io::ErrorKind::ConnectionAborted,
"unexpected EOF observed")) "unexpected EOF observed")))
} else { } else {
SslError::StreamError(self.get_bio_error()) Some(SslError::StreamError(self.get_bio_error()))
} }
} else { } else {
err Some(err)
} }
} }
LibSslError::ErrorZeroReturn => SslError::SslSessionClosed, LibSslError::ErrorZeroReturn => Some(SslError::SslSessionClosed),
LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => { LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => None,
SslError::StreamError(self.get_bio_error())
}
err => { err => {
SslError::StreamError(io::Error::new(io::ErrorKind::Other, Some(SslError::StreamError(io::Error::new(io::ErrorKind::Other,
format!("unexpected error {:?}", err))) format!("unexpected error {:?}", err))))
} }
} }
} }
#[cfg(feature = "nightly")]
fn check_panic(&mut self) {
if let Some(err) = unsafe { bio::take_panic::<S>(self.ssl.get_raw_rbio()) } {
::std::panic::propagate(err)
}
}
#[cfg(not(feature = "nightly"))]
fn check_panic(&mut self) {
}
fn get_bio_error(&mut self) -> io::Error { fn get_bio_error(&mut self) -> io::Error {
let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) }; let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) };
match error { match error {

101
openssl/src/ssl/tests/mod.rs
View File

@ -957,3 +957,104 @@ fn broken_try_clone_doesnt_crash() {
let stream1 = SslStream::connect(&context, inner).unwrap(); let stream1 = SslStream::connect(&context, inner).unwrap();
let _stream2 = stream1.try_clone().unwrap(); let _stream2 = stream1.try_clone().unwrap();
} }
#[test]
#[should_panic(expected = "blammo")]
#[cfg(feature = "nightly")]
fn write_panic() {
struct ExplodingStream(TcpStream);
impl Read for ExplodingStream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
self.0.read(buf)
}
}
impl Write for ExplodingStream {
fn write(&mut self, _: &[u8]) -> io::Result<usize> {
panic!("blammo");
}
fn flush(&mut self) -> io::Result<()> {
self.0.flush()
}
}
let (_s, stream) = Server::new();
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::Sslv23).unwrap();
let _ = SslStream::connect(&ctx, stream);
}
#[test]
#[should_panic(expected = "blammo")]
#[cfg(feature = "nightly")]
fn read_panic() {
struct ExplodingStream(TcpStream);
impl Read for ExplodingStream {
fn read(&mut self, _: &mut [u8]) -> io::Result<usize> {
panic!("blammo");
}
}
impl Write for ExplodingStream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.0.write(buf)
}
fn flush(&mut self) -> io::Result<()> {
self.0.flush()
}
}
let (_s, stream) = Server::new();
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::Sslv23).unwrap();
let _ = SslStream::connect(&ctx, stream);
}
#[test]
#[should_panic(expected = "blammo")]
#[cfg(feature = "nightly")]
fn flush_panic() {
struct ExplodingStream(TcpStream);
impl Read for ExplodingStream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
self.0.read(buf)
}
}
impl Write for ExplodingStream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.0.write(buf)
}
fn flush(&mut self) -> io::Result<()> {
panic!("blammo");
}
}
let (_s, stream) = Server::new();
let stream = ExplodingStream(stream);
let ctx = SslContext::new(SslMethod::Sslv23).unwrap();
let mut stream = SslStream::connect(&ctx, stream).unwrap();
let _ = stream.flush();
}
#[test]
fn refcount_ssl_context() {
let ssl = {
let ctx = SslContext::new(SslMethod::Sslv23).unwrap();
ssl::Ssl::new(&ctx).unwrap()
};
{
let new_ctx_a = SslContext::new(SslMethod::Sslv23).unwrap();
let _new_ctx_b = ssl.set_ssl_context(&new_ctx_a);
}
}

14
openssl/src/x509/mod.rs
View File

@ -507,6 +507,20 @@ impl<'ctx> X509<'ctx> {
} }
} }
extern "C" {
fn rust_X509_clone(x509: *mut ffi::X509);
}
impl<'ctx> Clone for X509<'ctx> {
fn clone(&self) -> X509<'ctx> {
unsafe { rust_X509_clone(self.handle) }
/* FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx
* is probably also uneeded. We can remove both to condense the x509 api quite a bit
*/
X509::new(self.handle, true)
}
}
impl<'ctx> Drop for X509<'ctx> { impl<'ctx> Drop for X509<'ctx> {
fn drop(&mut self) { fn drop(&mut self) {
if self.owned { if self.owned {

4
openssl/test/run.sh
View File

@ -7,6 +7,10 @@ if [ "$TEST_FEATURES" == "true" ]; then
FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
fi fi
if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then
FEATURES="$FEATURES nightly"
fi
if [ "$TRAVIS_OS_NAME" != "osx" ]; then if [ "$TRAVIS_OS_NAME" != "osx" ]; then
export OPENSSL_LIB_DIR=$HOME/openssl/lib export OPENSSL_LIB_DIR=$HOME/openssl/lib
export OPENSSL_INCLUDE_DIR=$HOME/openssl/include export OPENSSL_INCLUDE_DIR=$HOME/openssl/include