min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup SNI stuff

This commit is contained in:
Steven Fackler 2015-12-15 19:39:24 -08:00
parent 3a0e64dca5
commit 6d559bf1da
4 changed files with 10 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssl-sys-extras/src/lib.rs
View File

@ -77,6 +77,4 @@ extern {
pub fn SSL_CTX_set_tlsext_servername_callback(ssl: *mut SSL_CTX, callback: Option<extern fn()>); pub fn SSL_CTX_set_tlsext_servername_callback(ssl: *mut SSL_CTX, callback: Option<extern fn()>);
#[link_name = "SSL_CTX_set_tlsext_servername_arg_shim"] #[link_name = "SSL_CTX_set_tlsext_servername_arg_shim"]
pub fn SSL_CTX_set_tlsext_servername_arg(ssl: *mut SSL_CTX, arg: *const c_void); pub fn SSL_CTX_set_tlsext_servername_arg(ssl: *mut SSL_CTX, arg: *const c_void);
#[link_name = "SSL_CTX_increment_refcount_shim"]
pub fn SSL_CTX_increment_refcount(ssl: *mut SSL_CTX) -> c_long;
} }

5
openssl-sys-extras/src/openssl_shim.c
View File

@ -139,11 +139,6 @@ long SSL_CTX_set_tlsext_servername_arg_shim(SSL_CTX *ctx, void* arg) {
return SSL_CTX_set_tlsext_servername_arg(ctx, arg); return SSL_CTX_set_tlsext_servername_arg(ctx, arg);
} }
long SSL_CTX_increment_refcount_shim(SSL_CTX *ctx) {
int i = CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
return i;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) { int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) {
return SSL_CTX_set_ecdh_auto(ctx, onoff); return SSL_CTX_set_ecdh_auto(ctx, onoff);

4
openssl/src/c_helpers.c
View File

@ -3,3 +3,7 @@
void rust_SSL_clone(SSL *ssl) { void rust_SSL_clone(SSL *ssl) {
CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL); CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL);
} }
void rust_SSL_CTX_clone(SSL_CTX *ctx) {
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
}

19
openssl/src/ssl/mod.rs
View File

@ -41,6 +41,7 @@ pub use ssl::error::Error;
extern "C" { extern "C" {
fn rust_SSL_clone(ssl: *mut ffi::SSL); fn rust_SSL_clone(ssl: *mut ffi::SSL);
fn rust_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
} }
static mut VERIFY_IDX: c_int = -1; static mut VERIFY_IDX: c_int = -1;
@ -297,20 +298,15 @@ extern fn raw_verify_with_data<T>(preverify_ok: c_int,
let verify: Option<VerifyCallbackData<T>> = mem::transmute(verify); let verify: Option<VerifyCallbackData<T>> = mem::transmute(verify);
let data = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<T>()); let data = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<T>());
let data: Box<T> = mem::transmute(data); let data: &T = mem::transmute(data);
let ctx = X509StoreContext::new(x509_ctx); let ctx = X509StoreContext::new(x509_ctx);
let res = match verify { let res = match verify {
None => preverify_ok, None => preverify_ok,
Some(verify) => verify(preverify_ok != 0, &ctx, &*data) as c_int Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int
}; };
// Since data might be required on the next verification
// it is time to forget about it and avoid dropping
// data will be freed once OpenSSL considers it is time
// to free all context data
mem::forget(data);
res res
} }
} }
@ -321,6 +317,7 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void)
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
let callback: Option<ServerNameCallback> = mem::transmute(callback); let callback: Option<ServerNameCallback> = mem::transmute(callback);
rust_SSL_clone(ssl);
let mut s = Ssl { ssl: ssl }; let mut s = Ssl { ssl: ssl };
let res = match callback { let res = match callback {
@ -328,8 +325,6 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void)
Some(callback) => callback(&mut s, ad) Some(callback) => callback(&mut s, ad)
}; };
// Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
mem::forget(s);
res res
} }
} }
@ -341,6 +336,7 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
let callback: Option<ServerNameCallbackData<T>> = mem::transmute(callback); let callback: Option<ServerNameCallbackData<T>> = mem::transmute(callback);
rust_SSL_clone(ssl);
let mut s = Ssl { ssl: ssl }; let mut s = Ssl { ssl: ssl };
let data: &T = mem::transmute(arg); let data: &T = mem::transmute(arg);
@ -350,9 +346,6 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v
Some(callback) => callback(&mut s, ad, &*data) Some(callback) => callback(&mut s, ad, &*data)
}; };
// Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
mem::forget(s);
// Since data might be required on the next verification // Since data might be required on the next verification
// it is time to forget about it and avoid dropping // it is time to forget about it and avoid dropping
// data will be freed once OpenSSL considers it is time // data will be freed once OpenSSL considers it is time
@ -984,7 +977,7 @@ impl Ssl {
pub fn get_ssl_context(&self) -> SslContext { pub fn get_ssl_context(&self) -> SslContext {
unsafe { unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl); let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl);
ffi_extras::SSL_CTX_increment_refcount(ssl_ctx); rust_SSL_CTX_clone(ssl_ctx);
SslContext { ctx: ssl_ctx } SslContext { ctx: ssl_ctx }
} }
} }