min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove rust_SSL_clone

This commit is contained in:
Steven Fackler 2016-08-09 21:23:54 -07:00
parent 15e8997052
commit 2f46c793e5
3 changed files with 95 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssl/src/c_helpers.c
View File

@ -1,9 +1,5 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
void rust_SSL_clone(SSL *ssl) {
CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL);
}
void rust_SSL_CTX_clone(SSL_CTX *ctx) { void rust_SSL_CTX_clone(SSL_CTX *ctx) {
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
} }

153
openssl/src/ssl/mod.rs
View File

@ -1,18 +1,19 @@
use libc::{c_int, c_void, c_long}; use libc::{c_int, c_void, c_long};
use std::any::Any;
use std::any::TypeId; use std::any::TypeId;
use std::cmp;
use std::collections::HashMap; use std::collections::HashMap;
use std::error as stderror;
use std::ffi::{CStr, CString}; use std::ffi::{CStr, CString};
use std::fmt; use std::fmt;
use std::io; use std::io;
use std::io::prelude::*; use std::io::prelude::*;
use std::error as stderror;
use std::mem; use std::mem;
use std::str; use std::ops::{Deref, DerefMut};
use std::path::Path; use std::path::Path;
use std::ptr; use std::ptr;
use std::str;
use std::sync::{Mutex, Arc}; use std::sync::{Mutex, Arc};
use std::cmp;
use std::any::Any;
#[cfg(any(feature = "npn", feature = "alpn"))] #[cfg(any(feature = "npn", feature = "alpn"))]
use libc::{c_uchar, c_uint}; use libc::{c_uchar, c_uint};
#[cfg(any(feature = "npn", feature = "alpn"))] #[cfg(any(feature = "npn", feature = "alpn"))]
@ -37,7 +38,6 @@ use self::bio::BioMethod;
pub use ssl::error::Error; pub use ssl::error::Error;
extern "C" { extern "C" {
fn rust_SSL_clone(ssl: *mut ffi::SSL);
fn rust_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX); fn rust_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
} }
@ -259,14 +259,13 @@ extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_ST
} }
extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c_int extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c_int
where F: Fn(&mut Ssl) -> Result<(), SniError> + Any + 'static + Sync + Send where F: Fn(&mut SslSlice) -> Result<(), SniError> + Any + 'static + Sync + Send
{ {
unsafe { unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>()); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<F>());
let callback: &F = mem::transmute(callback); let callback: &F = mem::transmute(callback);
rust_SSL_clone(ssl); let mut ssl = SslSlice::from_ptr(ssl);
let mut ssl = Ssl { ssl: ssl };
match callback(&mut ssl) { match callback(&mut ssl) {
Ok(()) => ffi::SSL_TLSEXT_ERR_OK, Ok(()) => ffi::SSL_TLSEXT_ERR_OK,
@ -485,7 +484,7 @@ impl SslContext {
/// Obtain the server name with `servername` then set the corresponding context /// Obtain the server name with `servername` then set the corresponding context
/// with `set_ssl_context` /// with `set_ssl_context`
pub fn set_servername_callback<F>(&mut self, callback: F) pub fn set_servername_callback<F>(&mut self, callback: F)
where F: Fn(&mut Ssl) -> Result<(), SniError> + Any + 'static + Sync + Send where F: Fn(&mut SslSlice) -> Result<(), SniError> + Any + 'static + Sync + Send
{ {
unsafe { unsafe {
let callback = Box::new(callback); let callback = Box::new(callback);
@ -769,70 +768,63 @@ impl<'a> SslCipher<'a> {
} }
} }
pub struct SslSlice<'a>(*mut ffi::SSL, PhantomData<&'a ()>);
pub struct Ssl { unsafe impl<'a> Send for SslSlice<'a> {}
ssl: *mut ffi::SSL, unsafe impl<'a> Sync for SslSlice<'a> {}
}
unsafe impl Send for Ssl {} impl<'a> fmt::Debug for SslSlice<'a> {
unsafe impl Sync for Ssl {}
impl fmt::Debug for Ssl {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
fmt.debug_struct("Ssl") fmt.debug_struct("SslSlice")
.field("state", &self.state_string_long()) .field("state", &self.state_string_long())
.finish() .finish()
} }
} }
impl Drop for Ssl { impl<'a> SslSlice<'a> {
fn drop(&mut self) { pub unsafe fn from_ptr(ssl: *mut ffi::SSL) -> SslSlice<'a> {
unsafe { ffi::SSL_free(self.ssl) } SslSlice(ssl, PhantomData)
}
} }
impl Ssl { pub fn as_ptr(&self) -> *mut ffi::SSL {
pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> { self.0
let ssl = try_ssl_null!(unsafe { ffi::SSL_new(ctx.ctx) });
let ssl = Ssl { ssl: ssl };
Ok(ssl)
} }
fn get_raw_rbio(&self) -> *mut ffi::BIO { fn get_raw_rbio(&self) -> *mut ffi::BIO {
unsafe { ffi::SSL_get_rbio(self.ssl) } unsafe { ffi::SSL_get_rbio(self.as_ptr()) }
} }
fn connect(&self) -> c_int { fn connect(&mut self) -> c_int {
unsafe { ffi::SSL_connect(self.ssl) } unsafe { ffi::SSL_connect(self.as_ptr()) }
} }
fn accept(&self) -> c_int { fn accept(&mut self) -> c_int {
unsafe { ffi::SSL_accept(self.ssl) } unsafe { ffi::SSL_accept(self.as_ptr()) }
} }
fn handshake(&self) -> c_int { fn handshake(&mut self) -> c_int {
unsafe { ffi::SSL_do_handshake(self.ssl) } unsafe { ffi::SSL_do_handshake(self.as_ptr()) }
} }
fn read(&self, buf: &mut [u8]) -> c_int { fn read(&mut self, buf: &mut [u8]) -> c_int {
let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int;
unsafe { ffi::SSL_read(self.ssl, buf.as_ptr() as *mut c_void, len) } unsafe { ffi::SSL_read(self.as_ptr(), buf.as_ptr() as *mut c_void, len) }
} }
fn write(&self, buf: &[u8]) -> c_int { fn write(&mut self, buf: &[u8]) -> c_int {
let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int;
unsafe { ffi::SSL_write(self.ssl, buf.as_ptr() as *const c_void, len) } unsafe { ffi::SSL_write(self.as_ptr(), buf.as_ptr() as *const c_void, len) }
} }
fn get_error(&self, ret: c_int) -> c_int { fn get_error(&self, ret: c_int) -> c_int {
unsafe { ffi::SSL_get_error(self.ssl, ret) } unsafe { ffi::SSL_get_error(self.as_ptr(), ret) }
} }
/// Sets the verification mode to be used during the handshake process. /// Sets the verification mode to be used during the handshake process.
/// ///
/// Use `set_verify_callback` to additionally add a callback. /// Use `set_verify_callback` to additionally add a callback.
pub fn set_verify(&mut self, mode: SslVerifyMode) { pub fn set_verify(&mut self, mode: SslVerifyMode) {
unsafe { ffi::SSL_set_verify(self.ssl, mode.bits as c_int, None) } unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) }
} }
/// Sets the certificate verification callback to be used during the /// Sets the certificate verification callback to be used during the
@ -847,16 +839,16 @@ impl Ssl {
{ {
unsafe { unsafe {
let verify = Box::new(verify); let verify = Box::new(verify);
ffi::SSL_set_ex_data(self.ssl, ffi::SSL_set_ex_data(self.as_ptr(),
get_ssl_verify_data_idx::<F>(), get_ssl_verify_data_idx::<F>(),
mem::transmute(verify)); mem::transmute(verify));
ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::<F>)); ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::<F>));
} }
} }
pub fn current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> { pub fn current_cipher(&self) -> Option<SslCipher<'a>> {
unsafe { unsafe {
let ptr = ffi::SSL_get_current_cipher(self.ssl); let ptr = ffi::SSL_get_current_cipher(self.as_ptr());
if ptr.is_null() { if ptr.is_null() {
None None
@ -871,7 +863,7 @@ impl Ssl {
pub fn state_string(&self) -> &'static str { pub fn state_string(&self) -> &'static str {
let state = unsafe { let state = unsafe {
let ptr = ffi::SSL_state_string(self.ssl); let ptr = ffi::SSL_state_string(self.as_ptr());
CStr::from_ptr(ptr as *const _) CStr::from_ptr(ptr as *const _)
}; };
@ -880,7 +872,7 @@ impl Ssl {
pub fn state_string_long(&self) -> &'static str { pub fn state_string_long(&self) -> &'static str {
let state = unsafe { let state = unsafe {
let ptr = ffi::SSL_state_string_long(self.ssl); let ptr = ffi::SSL_state_string_long(self.as_ptr());
CStr::from_ptr(ptr as *const _) CStr::from_ptr(ptr as *const _)
}; };
@ -888,10 +880,10 @@ impl Ssl {
} }
/// Sets the host name to be used with SNI (Server Name Indication). /// Sets the host name to be used with SNI (Server Name Indication).
pub fn set_hostname(&self, hostname: &str) -> Result<(), ErrorStack> { pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack> {
let cstr = CString::new(hostname).unwrap(); let cstr = CString::new(hostname).unwrap();
let ret = unsafe { let ret = unsafe {
ffi::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr() as *mut _) ffi::SSL_set_tlsext_host_name(self.as_ptr(), cstr.as_ptr() as *mut _)
}; };
// For this case, 0 indicates failure. // For this case, 0 indicates failure.
@ -905,7 +897,7 @@ impl Ssl {
/// Returns the certificate of the peer, if present. /// Returns the certificate of the peer, if present.
pub fn peer_certificate(&self) -> Option<X509> { pub fn peer_certificate(&self) -> Option<X509> {
unsafe { unsafe {
let ptr = ffi::SSL_get_peer_certificate(self.ssl); let ptr = ffi::SSL_get_peer_certificate(self.as_ptr());
if ptr.is_null() { if ptr.is_null() {
None None
} else { } else {
@ -917,7 +909,7 @@ impl Ssl {
/// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
pub fn version(&self) -> &'static str { pub fn version(&self) -> &'static str {
let version = unsafe { let version = unsafe {
let ptr = ffi::SSL_get_version(self.ssl); let ptr = ffi::SSL_get_version(self.as_ptr());
CStr::from_ptr(ptr as *const _) CStr::from_ptr(ptr as *const _)
}; };
@ -937,7 +929,7 @@ impl Ssl {
let mut len: c_uint = 0; let mut len: c_uint = 0;
// Get the negotiated protocol from the SSL instance. // Get the negotiated protocol from the SSL instance.
// `data` will point at a `c_uchar` array; `len` will contain the length of this array. // `data` will point at a `c_uchar` array; `len` will contain the length of this array.
ffi::SSL_get0_next_proto_negotiated(self.ssl, &mut data, &mut len); ffi::SSL_get0_next_proto_negotiated(self.as_ptr(), &mut data, &mut len);
if data.is_null() { if data.is_null() {
None None
@ -960,7 +952,7 @@ impl Ssl {
let mut len: c_uint = 0; let mut len: c_uint = 0;
// Get the negotiated protocol from the SSL instance. // Get the negotiated protocol from the SSL instance.
// `data` will point at a `c_uchar` array; `len` will contain the length of this array. // `data` will point at a `c_uchar` array; `len` will contain the length of this array.
ffi::SSL_get0_alpn_selected(self.ssl, &mut data, &mut len); ffi::SSL_get0_alpn_selected(self.as_ptr(), &mut data, &mut len);
if data.is_null() { if data.is_null() {
None None
@ -973,7 +965,7 @@ impl Ssl {
/// Returns the number of bytes remaining in the currently processed TLS /// Returns the number of bytes remaining in the currently processed TLS
/// record. /// record.
pub fn pending(&self) -> usize { pub fn pending(&self) -> usize {
unsafe { ffi::SSL_pending(self.ssl) as usize } unsafe { ffi::SSL_pending(self.as_ptr()) as usize }
} }
/// Returns the compression currently in use. /// Returns the compression currently in use.
@ -981,7 +973,7 @@ impl Ssl {
/// The result will be either None, indicating no compression is in use, or /// The result will be either None, indicating no compression is in use, or
/// a string with the compression name. /// a string with the compression name.
pub fn compression(&self) -> Option<String> { pub fn compression(&self) -> Option<String> {
let ptr = unsafe { ffi::SSL_get_current_compression(self.ssl) }; let ptr = unsafe { ffi::SSL_get_current_compression(self.as_ptr()) };
if ptr == ptr::null() { if ptr == ptr::null() {
return None; return None;
} }
@ -996,14 +988,14 @@ impl Ssl {
pub fn ssl_method(&self) -> Option<SslMethod> { pub fn ssl_method(&self) -> Option<SslMethod> {
unsafe { unsafe {
let method = ffi::SSL_get_ssl_method(self.ssl); let method = ffi::SSL_get_ssl_method(self.as_ptr());
SslMethod::from_raw(method) SslMethod::from_raw(method)
} }
} }
/// Returns the server's name for the current connection /// Returns the server's name for the current connection
pub fn servername(&self) -> Option<String> { pub fn servername(&self) -> Option<String> {
let name = unsafe { ffi::SSL_get_servername(self.ssl, ffi::TLSEXT_NAMETYPE_host_name) }; let name = unsafe { ffi::SSL_get_servername(self.as_ptr(), ffi::TLSEXT_NAMETYPE_host_name) };
if name == ptr::null() { if name == ptr::null() {
return None; return None;
} }
@ -1012,9 +1004,9 @@ impl Ssl {
} }
/// Changes the context corresponding to the current connection. /// Changes the context corresponding to the current connection.
pub fn set_ssl_context(&self, ctx: &SslContext) -> Result<(), ErrorStack> { pub fn set_ssl_context(&mut self, ctx: &SslContext) -> Result<(), ErrorStack> {
unsafe { unsafe {
try_ssl_null!(ffi::SSL_set_SSL_CTX(self.ssl, ctx.ctx)); try_ssl_null!(ffi::SSL_set_SSL_CTX(self.as_ptr(), ctx.ctx));
} }
Ok(()) Ok(())
} }
@ -1022,12 +1014,55 @@ impl Ssl {
/// Returns the context corresponding to the current connection /// Returns the context corresponding to the current connection
pub fn ssl_context(&self) -> SslContext { pub fn ssl_context(&self) -> SslContext {
unsafe { unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl); let ssl_ctx = ffi::SSL_get_SSL_CTX(self.as_ptr());
SslContext::new_ref(ssl_ctx) SslContext::new_ref(ssl_ctx)
} }
} }
} }
pub struct Ssl(SslSlice<'static>);
impl fmt::Debug for Ssl {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
fmt.debug_struct("Ssl")
.field("state", &self.state_string_long())
.finish()
}
}
impl Drop for Ssl {
fn drop(&mut self) {
unsafe { ffi::SSL_free(self.as_ptr()) }
}
}
impl Deref for Ssl {
type Target = SslSlice<'static>;
fn deref(&self) -> &SslSlice<'static> {
&self.0
}
}
impl DerefMut for Ssl {
fn deref_mut(&mut self) -> &mut SslSlice<'static> {
&mut self.0
}
}
impl Ssl {
pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> {
unsafe {
let ssl = try_ssl_null!(ffi::SSL_new(ctx.ctx));
Ok(Ssl::from_ptr(ssl))
}
}
pub unsafe fn from_ptr(ssl: *mut ffi::SSL) -> Ssl {
Ssl(SslSlice::from_ptr(ssl))
}
}
/// A stream wrapper which handles SSL encryption for an underlying stream. /// A stream wrapper which handles SSL encryption for an underlying stream.
pub struct SslStream<S> { pub struct SslStream<S> {
ssl: Ssl, ssl: Ssl,
@ -1052,7 +1087,7 @@ impl<S: Read + Write> SslStream<S> {
fn new_base(ssl: Ssl, stream: S) -> Self { fn new_base(ssl: Ssl, stream: S) -> Self {
unsafe { unsafe {
let (bio, method) = bio::new(stream).unwrap(); let (bio, method) = bio::new(stream).unwrap();
ffi::SSL_set_bio(ssl.ssl, bio, bio); ffi::SSL_set_bio(ssl.as_ptr(), bio, bio);
SslStream { SslStream {
ssl: ssl, ssl: ssl,

2
openssl/src/ssl/tests/mod.rs
View File

@ -1052,7 +1052,7 @@ fn flush_panic() {
#[test] #[test]
fn refcount_ssl_context() { fn refcount_ssl_context() {
let ssl = { let mut ssl = {
let ctx = SslContext::new(SslMethod::Sslv23).unwrap(); let ctx = SslContext::new(SslMethod::Sslv23).unwrap();
ssl::Ssl::new(&ctx).unwrap() ssl::Ssl::new(&ctx).unwrap()
}; };