Change signature for set_select_certificate_callback

To handle lifetimes better and allow returning a &mut SslRef from the client hello struct passed to the closure from SslContextBuilder::set_select_certificate_callback, we make the ClientHello struct itself own a reference to the FFI client hello struct.
2023-07-28 11:30:19 +02:00 · 2023-07-28 11:30:19 +02:00 · 61bfbb5bd6
parent 1c790f7277
commit 61bfbb5bd6
2 changed files with 14 additions and 10 deletions
--- a/boring/src/ssl/callbacks.rs
+++ b/boring/src/ssl/callbacks.rs
@ -223,14 +223,13 @@ pub(super) unsafe extern "C" fn raw_select_cert<F>(
    client_hello: *const ffi::SSL_CLIENT_HELLO,
 ) -> ffi::ssl_select_cert_result_t
 where
-    F: Fn(&ClientHello) -> Result<(), SelectCertError> + Sync + Send + 'static,
+    F: Fn(ClientHello<'_>) -> Result<(), SelectCertError> + Sync + Send + 'static,
 {
    // SAFETY: boring provides valid inputs.
-    let client_hello = unsafe { &*(client_hello as *const ClientHello) };
+    let client_hello = ClientHello(unsafe { &*client_hello });

-    let callback = client_hello
-        .ssl()
-        .ssl_context()
+    let ssl_context = client_hello.ssl().ssl_context().to_owned();
+    let callback = ssl_context
        .ex_data(SslContext::cached_ex_index::<F>())
        .expect("BUG: select cert callback missing");

--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -1370,6 +1370,7 @@ impl SslContextBuilder {
            );
        }
    }
+
    /// Sets a callback that is called before most ClientHello processing and before the decision whether
    /// to resume a session is made. The callback may inspect the ClientHello and configure the
    /// connection.
@ -1379,7 +1380,7 @@ impl SslContextBuilder {
    /// [`SSL_CTX_set_select_certificate_cb`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_select_certificate_cb.html
    pub fn set_select_certificate_callback<F>(&mut self, callback: F)
    where
-        F: Fn(&ClientHello) -> Result<(), SelectCertError> + Sync + Send + 'static,
+        F: Fn(ClientHello<'_>) -> Result<(), SelectCertError> + Sync + Send + 'static,
    {
        unsafe {
            self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
@ -1959,9 +1960,9 @@ pub struct CipherBits {
 }

 #[repr(transparent)]
-pub struct ClientHello(ffi::SSL_CLIENT_HELLO);
+pub struct ClientHello<'ssl>(&'ssl ffi::SSL_CLIENT_HELLO);

-impl ClientHello {
+impl ClientHello<'_> {
    /// Returns the data of a given extension, if present.
    ///
    /// This corresponds to [`SSL_early_callback_ctx_extension_get`].
@ -1972,7 +1973,7 @@ impl ClientHello {
            let mut ptr = ptr::null();
            let mut len = 0;
            let result =
-                ffi::SSL_early_callback_ctx_extension_get(&self.0, ext_type.0, &mut ptr, &mut len);
+                ffi::SSL_early_callback_ctx_extension_get(self.0, ext_type.0, &mut ptr, &mut len);
            if result == 0 {
                return None;
            }
@ -1980,7 +1981,11 @@ impl ClientHello {
        }
    }

-    fn ssl(&self) -> &SslRef {
+    pub fn ssl_mut(&mut self) -> &mut SslRef {
+        unsafe { SslRef::from_ptr_mut(self.0.ssl) }
+    }
+
+    pub fn ssl(&self) -> &SslRef {
        unsafe { SslRef::from_ptr(self.0.ssl) }
    }