Add some debugging-related bindings

2018-02-17 17:41:57 -08:00 · 2018-02-17 17:41:57 -08:00 · 2daaf3fdea
parent 90d5f85511
commit 2daaf3fdea
4 changed files with 97 additions and 23 deletions
--- a/openssl-sys/src/ossl110.rs
+++ b/openssl-sys/src/ossl110.rs
@ -33,6 +33,10 @@ pub enum X509_ALGOR {}
 pub enum X509_VERIFY_PARAM {}
 pub enum X509_REQ {}

+#[cfg(ossl111)]
+pub type SSL_CTX_keylog_cb_func =
+    Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
+
 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000000;
 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000000;
 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000000;
@ -215,6 +219,10 @@ extern "C" {
            unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
        >,
    );
+    pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
+    pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
+    #[cfg(ossl111)]
+    pub fn SSL_CTX_set_keylog_callback(ctx: *mut ::SSL_CTX, cb: SSL_CTX_keylog_cb_func);
    pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME;
    pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME;
    pub fn X509_get0_signature(
--- a/openssl/src/ssl/callbacks.rs
+++ b/openssl/src/ssl/callbacks.rs
@ -4,6 +4,8 @@ use std::ffi::CStr;
 use std::ptr;
 use std::slice;
 use std::mem;
+#[cfg(all(feature = "v111", ossl111))]
+use std::str;
 use foreign_types::ForeignTypeRef;
 use foreign_types::ForeignType;

@ -343,3 +345,19 @@ where
        None => ptr::null_mut(),
    }
 }
+
+#[cfg(all(feature = "v111", ossl111))]
+pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
+where
+    F: Fn(&SslRef, &str) + 'static + Sync + Send,
+{
+    let ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
+    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());
+    let callback = &*(callback as *mut F);
+
+    let ssl = SslRef::from_ptr(ssl as *mut _);
+    let line = CStr::from_ptr(line).to_bytes();
+    let line = str::from_utf8_unchecked(line);
+
+    callback(ssl, line);
+}
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -475,7 +475,7 @@ fn get_new_ssl_idx<T>() -> c_int {
 }

 /// An error returned from the SNI callback.
-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct SniError(c_int);

 impl SniError {
@ -489,7 +489,7 @@ impl SniError {
 }

 /// An SSL/TLS alert.
-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct SslAlert(c_int);

 impl SslAlert {
@ -502,7 +502,7 @@ impl SslAlert {
 /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
 #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
          all(feature = "v111", ossl111)))]
-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct AlpnError(c_int);

 #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110),
@ -519,7 +519,7 @@ impl AlpnError {
 }

 /// An SSL/TLS protocol version.
-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub struct SslVersion(c_int);

 impl SslVersion {
@ -1271,6 +1271,33 @@ impl SslContextBuilder {
        ffi::SSL_CTX_sess_set_get_cb(self.as_ptr(), Some(callbacks::raw_get_session::<F>));
    }

+    /// Sets the TLS key logging callback.
+    ///
+    /// The callback is invoked whenever TLS key material is generated, and is passed a line of NSS
+    /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
+    /// traffic. The line does not contain a trailing newline.
+    ///
+    /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
+    ///
+    /// This corresponds to [`SSL_CTX_set_keylog_callback`].
+    ///
+    /// [`SSL_CTX_set_keylog_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html
+    #[cfg(all(feature = "v111", ossl111))]
+    pub fn set_keylog_callback<F>(&mut self, callback: F)
+    where
+        F: Fn(&SslRef, &str) + 'static + Sync + Send,
+    {
+        unsafe {
+            let callback = Box::new(callback);
+            ffi::SSL_CTX_set_ex_data(
+                self.as_ptr(),
+                get_callback_idx::<F>(),
+                Box::into_raw(callback) as *mut _,
+            );
+            ffi::SSL_CTX_set_keylog_callback(self.as_ptr(), Some(callbacks::raw_keylog::<F>));
+        }
+    }
+
    /// Sets the session caching mode use for connections made with the context.
    ///
    /// Returns the previous session caching mode.
@ -1617,7 +1644,7 @@ impl SslSessionRef {

    /// Copies the master key into the provided buffer.
    ///
-    /// Returns the number of bytes written.
+    /// Returns the number of bytes written, or the size of the master key if the buffer is empty.
    ///
    /// This corresponds to [`SSL_SESSION_get_master_key`].
    ///
@ -1930,21 +1957,12 @@ impl SslRef {
        }
    }

-    /// Returns the protocol version of the session.
-    ///
-    /// This corresponds to [`SSL_version`].
-    ///
-    /// [`SSL_version`]: https://www.openssl.org/docs/manmaster/man3/SSL_version.html
-    pub fn version2(&self) -> SslVersion {
-        unsafe { SslVersion(ffi::SSL_version(self.as_ptr())) }
-    }
-
    /// Returns a string describing the protocol version of the session.
    ///
    /// This corresponds to [`SSL_get_version`].
    ///
    /// [`SSL_get_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_version.html
-    pub fn version_str(&self) -> &'static str {
+    pub fn version(&self) -> &'static str {
        let version = unsafe {
            let ptr = ffi::SSL_get_version(self.as_ptr());
            CStr::from_ptr(ptr as *const _)
@ -1953,11 +1971,6 @@ impl SslRef {
        str::from_utf8(version.to_bytes()).unwrap()
    }

-    #[deprecated(since = "0.10.4", note = "renamed to version_str")]
-    pub fn version(&self) -> &'static str {
-        self.version_str()
-    }
-
    /// Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).
    ///
    /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
@ -1991,7 +2004,7 @@ impl SslRef {
    /// If this is greater than 0, the next call to `read` will not call down to the underlying
    /// stream.
    ///
-    /// This corresponds to [`SSL_pending`].
+    /// This corresponds to [`SSL_pending]`.
    ///
    /// [`SSL_pending`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_pending.html
    pub fn pending(&self) -> usize {
@ -2080,6 +2093,40 @@ impl SslRef {
        }
    }

+    /// Copies the client_random value sent by the client in the TLS handshake into a buffer.
+    ///
+    /// Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
+    /// value.
+    ///
+    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    ///
+    /// This corresponds to [`SSL_get_client_random`].
+    ///
+    /// [`SSL_get_client_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
+    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    pub fn client_random(&self, buf: &mut [u8]) -> usize {
+        unsafe {
+            ffi::SSL_get_client_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
+        }
+    }
+
+    /// Copies the server_random value sent by the server in the TLS handshake into a buffer.
+    ///
+    /// Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
+    /// value.
+    ///
+    /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
+    ///
+    /// This corresponds to [`SSL_get_server_random`].
+    ///
+    /// [`SSL_get_server_random`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html
+    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    pub fn server_random(&self, buf: &mut [u8]) -> usize {
+        unsafe {
+            ffi::SSL_get_server_random(self.as_ptr(), buf.as_mut_ptr() as *mut c_uchar, buf.len())
+        }
+    }
+
    /// Sets the session to be used.
    ///
    /// This should be called before the handshake to attempt to reuse a previously established
@ -2120,7 +2167,7 @@ impl SslRef {

    /// Returns the server's OCSP response, if present.
    ///
-    /// This corresponds to [`SSL_get_tlsext_status_oscp_resp`].
+    /// This corresponds to [`SSL_get_tlsext_status_ocsp_resp`].
    ///
    /// [`SSL_get_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html
    pub fn ocsp_status(&self) -> Option<&[u8]> {
@ -2138,7 +2185,7 @@ impl SslRef {

    /// Sets the OCSP response to be returned to the client.
    ///
-    /// This corresponds to [`SSL_set_tlsext_status_oscp_resp`].
+    /// This corresponds to [`SSL_set_tlsext_status_ocsp_resp`].
    ///
    /// [`SSL_set_tlsext_status_ocsp_resp`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tlsext_status_type.html
    pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> {
--- a/systest/build.rs
+++ b/systest/build.rs
@ -109,6 +109,7 @@ fn main() {
    cfg.skip_signededness(|s| {
        s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn")
            || s.starts_with("CRYPTO_") || s == "PasswordCallback"
+            || s.ends_with("_cb_func")
    });
    cfg.field_name(|_s, field| {
        if field == "type_" {