Provide master key access
This commit is contained in:
Steven Fackler
parent
a2c118bf82
commit
404e0341d8
|
|
@ -361,8 +361,8 @@ pub struct SSL_CTX {
|
||||||
#[repr(C)]
|
#[repr(C)]
|
||||||
pub struct SSL_SESSION {
|
pub struct SSL_SESSION {
|
||||||
ssl_version: c_int,
|
ssl_version: c_int,
|
||||||
master_key_length: c_int,
|
pub master_key_length: c_int,
|
||||||
master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
|
pub master_key: [c_uchar; 48],
|
||||||
session_id_length: c_uint,
|
session_id_length: c_uint,
|
||||||
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
||||||
sid_ctx_length: c_uint,
|
sid_ctx_length: c_uint,
|
||||||
|
|
|
||||||
|
|
@ -420,8 +420,8 @@ pub struct SSL_SESSION {
|
||||||
ssl_version: c_int,
|
ssl_version: c_int,
|
||||||
key_arg_length: c_uint,
|
key_arg_length: c_uint,
|
||||||
key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
|
key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
|
||||||
master_key_length: c_uint,
|
pub master_key_length: c_int,
|
||||||
master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
|
pub master_key: [c_uchar; 48],
|
||||||
session_id_length: c_uint,
|
session_id_length: c_uint,
|
||||||
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
||||||
sid_ctx_length: c_uint,
|
sid_ctx_length: c_uint,
|
||||||
|
|
@ -429,7 +429,7 @@ pub struct SSL_SESSION {
|
||||||
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
||||||
krb5_client_princ_len: c_uint,
|
krb5_client_princ_len: c_uint,
|
||||||
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
||||||
krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH],
|
krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
|
||||||
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
||||||
psk_identity_hint: *mut c_char,
|
psk_identity_hint: *mut c_char,
|
||||||
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint};
|
use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint, size_t};
|
||||||
|
|
||||||
pub enum BIGNUM {}
|
pub enum BIGNUM {}
|
||||||
pub enum BIO {}
|
pub enum BIO {}
|
||||||
|
|
@ -156,6 +156,10 @@ extern {
|
||||||
-> c_int;
|
-> c_int;
|
||||||
pub fn X509_up_ref(x: *mut X509) -> c_int;
|
pub fn X509_up_ref(x: *mut X509) -> c_int;
|
||||||
pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
|
pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
|
||||||
|
pub fn SSL_SESSION_get_master_key(session: *const SSL_SESSION,
|
||||||
|
out: *mut c_uchar,
|
||||||
|
outlen: size_t)
|
||||||
|
-> size_t;
|
||||||
pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION;
|
pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION;
|
||||||
pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;
|
pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;
|
||||||
pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX;
|
pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX;
|
||||||
|
|
|
||||||
|
|
@ -1040,6 +1040,18 @@ impl SslSessionRef {
|
||||||
slice::from_raw_parts(p as *const u8, len as usize)
|
slice::from_raw_parts(p as *const u8, len as usize)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Returns the length of the master key.
|
||||||
|
pub fn master_key_len(&self) -> usize {
|
||||||
|
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Copies the master key into the provided buffer.
|
||||||
|
///
|
||||||
|
/// Returns the number of bytes written.
|
||||||
|
pub fn master_key(&self, buf: &mut [u8]) -> usize {
|
||||||
|
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
|
type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
|
||||||
|
|
@ -1728,6 +1740,7 @@ mod compat {
|
||||||
|
|
||||||
pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options};
|
pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options};
|
||||||
pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref};
|
pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref};
|
||||||
|
pub use ffi::SSL_SESSION_get_master_key;
|
||||||
|
|
||||||
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
|
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
|
||||||
ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX,
|
ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX,
|
||||||
|
|
@ -1762,7 +1775,7 @@ mod compat {
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
|
|
||||||
use ffi;
|
use ffi;
|
||||||
use libc::{self, c_long, c_ulong, c_int};
|
use libc::{self, c_long, c_ulong, c_int, size_t, c_uchar};
|
||||||
|
|
||||||
pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
|
pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
|
||||||
ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
|
ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
|
||||||
|
|
@ -1799,6 +1812,19 @@ mod compat {
|
||||||
0
|
0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION,
|
||||||
|
out: *mut c_uchar,
|
||||||
|
mut outlen: size_t) -> size_t {
|
||||||
|
if outlen == 0 {
|
||||||
|
return (*session).master_key_length as size_t;
|
||||||
|
}
|
||||||
|
if outlen > (*session).master_key_length as size_t {
|
||||||
|
outlen = (*session).master_key_length as size_t;
|
||||||
|
}
|
||||||
|
ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen);
|
||||||
|
outlen
|
||||||
|
}
|
||||||
|
|
||||||
pub fn tls_method() -> *const ffi::SSL_METHOD {
|
pub fn tls_method() -> *const ffi::SSL_METHOD {
|
||||||
unsafe { ffi::SSLv23_method() }
|
unsafe { ffi::SSLv23_method() }
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1385,7 +1385,15 @@ fn active_session() {
|
||||||
|
|
||||||
let s = TcpStream::connect("google.com:443").unwrap();
|
let s = TcpStream::connect("google.com:443").unwrap();
|
||||||
let socket = connector.connect("google.com", s).unwrap();
|
let socket = connector.connect("google.com", s).unwrap();
|
||||||
assert!(socket.ssl().session().is_some());
|
let session = socket.ssl().session().unwrap();
|
||||||
|
let len = session.master_key_len();
|
||||||
|
let mut buf = vec![0; len - 1];
|
||||||
|
let copied = session.master_key(&mut buf);
|
||||||
|
assert_eq!(copied, buf.len());
|
||||||
|
let mut buf = vec![0; len + 1];
|
||||||
|
let copied = session.master_key(&mut buf);
|
||||||
|
assert_eq!(copied, len);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn _check_kinds() {
|
fn _check_kinds() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue