Provide master key access
This commit is contained in:
Steven Fackler
parent
a2c118bf82
commit
404e0341d8
|
|
@ -361,8 +361,8 @@ pub struct SSL_CTX {
|
|||
#[repr(C)]
|
||||
pub struct SSL_SESSION {
|
||||
ssl_version: c_int,
|
||||
master_key_length: c_int,
|
||||
master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
|
||||
pub master_key_length: c_int,
|
||||
pub master_key: [c_uchar; 48],
|
||||
session_id_length: c_uint,
|
||||
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
||||
sid_ctx_length: c_uint,
|
||||
|
|
|
|||
|
|
@ -420,8 +420,8 @@ pub struct SSL_SESSION {
|
|||
ssl_version: c_int,
|
||||
key_arg_length: c_uint,
|
||||
key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
|
||||
master_key_length: c_uint,
|
||||
master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
|
||||
pub master_key_length: c_int,
|
||||
pub master_key: [c_uchar; 48],
|
||||
session_id_length: c_uint,
|
||||
session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
|
||||
sid_ctx_length: c_uint,
|
||||
|
|
@ -429,7 +429,7 @@ pub struct SSL_SESSION {
|
|||
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
||||
krb5_client_princ_len: c_uint,
|
||||
#[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
|
||||
krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH],
|
||||
krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
|
||||
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
||||
psk_identity_hint: *mut c_char,
|
||||
#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint};
|
||||
use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint, size_t};
|
||||
|
||||
pub enum BIGNUM {}
|
||||
pub enum BIO {}
|
||||
|
|
@ -156,6 +156,10 @@ extern {
|
|||
-> c_int;
|
||||
pub fn X509_up_ref(x: *mut X509) -> c_int;
|
||||
pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
|
||||
pub fn SSL_SESSION_get_master_key(session: *const SSL_SESSION,
|
||||
out: *mut c_uchar,
|
||||
outlen: size_t)
|
||||
-> size_t;
|
||||
pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION;
|
||||
pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;
|
||||
pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX;
|
||||
|
|
|
|||
|
|
@ -1040,6 +1040,18 @@ impl SslSessionRef {
|
|||
slice::from_raw_parts(p as *const u8, len as usize)
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns the length of the master key.
|
||||
pub fn master_key_len(&self) -> usize {
|
||||
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
|
||||
}
|
||||
|
||||
/// Copies the master key into the provided buffer.
|
||||
///
|
||||
/// Returns the number of bytes written.
|
||||
pub fn master_key(&self, buf: &mut [u8]) -> usize {
|
||||
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
|
||||
}
|
||||
}
|
||||
|
||||
type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
|
||||
|
|
@ -1728,6 +1740,7 @@ mod compat {
|
|||
|
||||
pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options};
|
||||
pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref};
|
||||
pub use ffi::SSL_SESSION_get_master_key;
|
||||
|
||||
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
|
||||
ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX,
|
||||
|
|
@ -1762,7 +1775,7 @@ mod compat {
|
|||
use std::ptr;
|
||||
|
||||
use ffi;
|
||||
use libc::{self, c_long, c_ulong, c_int};
|
||||
use libc::{self, c_long, c_ulong, c_int, size_t, c_uchar};
|
||||
|
||||
pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
|
||||
ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
|
||||
|
|
@ -1799,6 +1812,19 @@ mod compat {
|
|||
0
|
||||
}
|
||||
|
||||
pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION,
|
||||
out: *mut c_uchar,
|
||||
mut outlen: size_t) -> size_t {
|
||||
if outlen == 0 {
|
||||
return (*session).master_key_length as size_t;
|
||||
}
|
||||
if outlen > (*session).master_key_length as size_t {
|
||||
outlen = (*session).master_key_length as size_t;
|
||||
}
|
||||
ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen);
|
||||
outlen
|
||||
}
|
||||
|
||||
pub fn tls_method() -> *const ffi::SSL_METHOD {
|
||||
unsafe { ffi::SSLv23_method() }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1385,7 +1385,15 @@ fn active_session() {
|
|||
|
||||
let s = TcpStream::connect("google.com:443").unwrap();
|
||||
let socket = connector.connect("google.com", s).unwrap();
|
||||
assert!(socket.ssl().session().is_some());
|
||||
let session = socket.ssl().session().unwrap();
|
||||
let len = session.master_key_len();
|
||||
let mut buf = vec![0; len - 1];
|
||||
let copied = session.master_key(&mut buf);
|
||||
assert_eq!(copied, buf.len());
|
||||
let mut buf = vec![0; len + 1];
|
||||
let copied = session.master_key(&mut buf);
|
||||
assert_eq!(copied, len);
|
||||
|
||||
}
|
||||
|
||||
fn _check_kinds() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue