From ef7721092dbf1e8b8572a0d9f081b2e7eed36960 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 19 Aug 2018 18:50:11 -0700 Subject: [PATCH] SRTP cleanup --- openssl-sys/src/lib.rs | 8 ++- openssl-sys/src/libressl/mod.rs | 7 --- openssl-sys/src/openssl/v10x.rs | 101 ++++++++++++++++++++++++-------- openssl-sys/src/openssl/v110.rs | 13 +--- openssl/src/srtp.rs | 13 ++-- openssl/src/ssl/mod.rs | 29 ++------- openssl/src/ssl/test.rs | 42 ++++++++----- 7 files changed, 122 insertions(+), 91 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index eeb664d5..2433e624 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -197,9 +197,6 @@ pub struct SRTP_PROTECTION_PROFILE { pub id: c_ulong, } -/// fake free method, since SRTP_PROTECTION_PROFILE is static -pub unsafe fn SRTP_PROTECTION_PROFILE_free(_profile: *mut SRTP_PROTECTION_PROFILE) {} - pub type SHA_LONG = c_uint; pub type SHA_LONG64 = u64; @@ -2899,4 +2896,9 @@ extern "C" { pub fn SSL_set_connect_state(s: *mut SSL); pub fn SSL_set_accept_state(s: *mut SSL); + + pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int; + pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int; + pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; + pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE; } diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index 6de87eba..8a77e55d 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -10,7 +10,6 @@ pub use libressl::v250::*; pub use libressl::v251::*; #[cfg(libressl273)] pub use libressl::v273::*; -use SRTP_PROTECTION_PROFILE; #[cfg(not(libressl251))] mod v250; @@ -68,7 +67,6 @@ pub struct stack_st_SRTP_PROTECTION_PROFILE { pub stack: _STACK, } - #[repr(C)] pub struct _STACK { pub num: c_int, @@ -639,9 +637,4 @@ extern "C" { pub fn SSLeay() -> c_ulong; pub fn SSLeay_version(key: c_int) -> *const c_char; - - pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int; - pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int; - pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; - pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE; } diff --git a/openssl-sys/src/openssl/v10x.rs b/openssl-sys/src/openssl/v10x.rs index 6816f748..df127d30 100644 --- a/openssl-sys/src/openssl/v10x.rs +++ b/openssl-sys/src/openssl/v10x.rs @@ -4,7 +4,6 @@ use std::process; use std::ptr; use std::sync::{Mutex, MutexGuard}; use std::sync::{Once, ONCE_INIT}; -use SRTP_PROTECTION_PROFILE; #[cfg(ossl102)] use libc::time_t; @@ -55,7 +54,6 @@ pub struct stack_st_OPENSSL_STRING { pub stack: _STACK, } - #[repr(C)] pub struct stack_st_SRTP_PROTECTION_PROFILE { pub stack: _STACK, @@ -433,13 +431,25 @@ pub struct SSL { tlsext_ocsp_resplen: c_int, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_expected: c_int, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ellipticcurvelist: *mut c_uchar, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input: *mut c_void, @@ -457,9 +467,15 @@ pub struct SSL { tls_session_secret_cb_arg: *mut c_void, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] initial_ctx: *mut ::SSL_CTX, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_proto_negotiated: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_proto_negotiated_len: c_uchar, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] srtp_profiles: *mut c_void, @@ -569,13 +585,25 @@ pub struct SSL_CTX { #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] srp_ctx: SRP_CTX, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_protos_advertised_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_protos_advertised_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_proto_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_NEXTPROTONEG") + ))] next_proto_select_cb_arg: *mut c_void, #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] @@ -589,13 +617,29 @@ pub struct SSL_CTX { #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] alpn_client_proto_list_len: c_uint, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC"), + ossl102 + ))] tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC"), + ossl102 + ))] tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC"), + ossl102 + ))] tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC"), + ossl102 + ))] tlsext_ellipticcurvelist: *mut c_uchar, } @@ -634,13 +678,25 @@ pub struct SSL_SESSION { next: *mut c_void, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_hostname: *mut c_char, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] + #[cfg(all( + not(osslconf = "OPENSSL_NO_TLSEXT"), + not(osslconf = "OPENSSL_NO_EC") + ))] tlsext_ellipticcurvelist: *mut c_uchar, #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick: *mut c_uchar, @@ -1009,9 +1065,4 @@ extern "C" { #[cfg(ossl102)] pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; - - pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int; - pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int; - pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; - pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE; } diff --git a/openssl-sys/src/openssl/v110.rs b/openssl-sys/src/openssl/v110.rs index b3bca4a2..c86a863a 100644 --- a/openssl-sys/src/openssl/v110.rs +++ b/openssl-sys/src/openssl/v110.rs @@ -1,7 +1,6 @@ use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; use std::ptr; use std::sync::{Once, ONCE_INIT}; -use SRTP_PROTECTION_PROFILE; pub enum BIGNUM {} pub enum BIO {} @@ -142,7 +141,6 @@ pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int { ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int } - extern "C" { pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; pub fn BIO_s_file() -> *const BIO_METHOD; @@ -251,11 +249,7 @@ extern "C" { pub_key: *mut *const ::BIGNUM, priv_key: *mut *const ::BIGNUM, ); - pub fn DSA_set0_key( - d: *mut ::DSA, - pub_key: *mut ::BIGNUM, - priv_key: *mut ::BIGNUM, - ) -> c_int; + pub fn DSA_set0_key(d: *mut ::DSA, pub_key: *mut ::BIGNUM, priv_key: *mut ::BIGNUM) -> c_int; pub fn RSA_get0_key( r: *const ::RSA, n: *mut *const ::BIGNUM, @@ -395,9 +389,4 @@ extern "C" { pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int; pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int; - - pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int; - pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int; - pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE; - pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE; } diff --git a/openssl/src/srtp.rs b/openssl/src/srtp.rs index 136ddbd2..03b722ac 100644 --- a/openssl/src/srtp.rs +++ b/openssl/src/srtp.rs @@ -5,10 +5,13 @@ use stack::Stackable; use std::ffi::CStr; use std::str; +/// fake free method, since SRTP_PROTECTION_PROFILE is static +unsafe fn free(_profile: *mut ffi::SRTP_PROTECTION_PROFILE) {} + #[allow(unused_unsafe)] foreign_type_and_impl_send_sync! { type CType = ffi::SRTP_PROTECTION_PROFILE; - fn drop = ffi::SRTP_PROTECTION_PROFILE_free; + fn drop = free; pub struct SrtpProtectionProfile; /// Reference to `SrtpProtectionProfile`. @@ -19,18 +22,18 @@ impl Stackable for SrtpProtectionProfile { type StackType = ffi::stack_st_SRTP_PROTECTION_PROFILE; } - impl SrtpProtectionProfileRef { pub fn id(&self) -> SrtpProfileId { SrtpProfileId::from_raw(unsafe { (*self.as_ptr()).id }) } pub fn name(&self) -> &'static str { - unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) }.to_str().expect("should be UTF-8") + unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) } + .to_str() + .expect("should be UTF-8") } } - -/// type of SRTP profile to use. +/// An identifier of an SRTP protection profile. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SrtpProfileId(c_ulong); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c6305dcd..99cf620d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -98,7 +98,7 @@ use x509::store::X509Store; use x509::store::{X509StoreBuilderRef, X509StoreRef}; #[cfg(any(ossl102, libressl261))] use x509::verify::X509VerifyParamRef; -use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; +use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use {cvt, cvt_n, cvt_p, init}; pub use ssl::connector::{ @@ -652,6 +652,7 @@ impl SslContextBuilder { /// This corresponds to [`SSL_CTX_set_tlsext_servername_callback`]. /// /// [`SSL_CTX_set_tlsext_servername_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_servername_callback.html + // FIXME tlsext prefix? pub fn set_servername_callback(&mut self, callback: F) where F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send, @@ -1166,10 +1167,7 @@ impl SslContextBuilder { unsafe { let cstr = CString::new(protocols).unwrap(); - let r = ffi::SSL_CTX_set_tlsext_use_srtp( - self.as_ptr(), - cstr.as_ptr(), - ); + let r = ffi::SSL_CTX_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr()); // fun fact, set_tlsext_use_srtp has a reversed return code D: if r == 0 { Ok(()) @@ -2478,7 +2476,6 @@ impl SslRef { } } - /// Enables the DTLS extension "use_srtp" as defined in RFC5764. /// /// This corresponds to [`SSL_set_tlsext_use_srtp`]. @@ -2488,10 +2485,7 @@ impl SslRef { unsafe { let cstr = CString::new(protocols).unwrap(); - let r = ffi::SSL_set_tlsext_use_srtp( - self.as_ptr(), - cstr.as_ptr(), - ); + let r = ffi::SSL_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr()); // fun fact, set_tlsext_use_srtp has a reversed return code D: if r == 0 { Ok(()) @@ -2508,7 +2502,7 @@ impl SslRef { /// This corresponds to [`SSL_get_srtp_profiles`]. /// /// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html - pub fn get_srtp_profiles(&self) -> Option<&StackRef> { + pub fn srtp_profiles(&self) -> Option<&StackRef> { unsafe { let chain = ffi::SSL_get_srtp_profiles(self.as_ptr()); @@ -2519,6 +2513,7 @@ impl SslRef { } } } + /// Gets the SRTP profile selected by handshake. /// /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. @@ -2538,18 +2533,6 @@ impl SslRef { } } - /// Derives keying material for SRTP usage. - /// - /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. - /// - /// This corresponds to [`SSL_export_keying_material`] with a label of "EXTRACTOR-dtls_srtp". - /// - /// [`SSL_export_keying_material`]: https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material.html - /// [`SSL_CTX_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html - pub fn export_srtp_keying_material(&self, out: &mut [u8]) -> Result<(), ErrorStack> { - self.export_keying_material(out, "EXTRACTOR-dtls_srtp", None) - } - /// Returns the number of bytes remaining in the currently processed TLS record. /// /// If this is greater than 0, the next call to `read` will not call down to the underlying diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index ad800e08..1c44c0b1 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -18,10 +18,10 @@ use dh::Dh; use hash::MessageDigest; use ocsp::{OcspResponse, OcspResponseStatus}; use pkey::PKey; +use srtp::SrtpProfileId; use ssl; #[cfg(any(ossl110, ossl111, libressl261))] use ssl::SslVersion; -use srtp::SrtpProfileId; use ssl::{ Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor, SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, @@ -29,7 +29,7 @@ use ssl::{ }; #[cfg(any(ossl102, ossl110))] use x509::verify::X509CheckFlags; -use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; +use x509::{X509Name, X509StoreContext, X509VerifyResult, X509}; use std::net::UdpSocket; @@ -555,11 +555,11 @@ fn test_connect_with_srtp_ctx() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); - let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); - ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) .unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) @@ -570,7 +570,7 @@ fn test_connect_with_srtp_ctx() { let mut buf = [0; 60]; stream .ssl() - .export_srtp_keying_material(&mut buf) + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) .unwrap(); stream.write_all(&[0]).unwrap(); @@ -580,7 +580,8 @@ fn test_connect_with_srtp_ctx() { let stream = TcpStream::connect(addr).unwrap(); let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); - ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.connect(stream).unwrap(); @@ -590,7 +591,10 @@ fn test_connect_with_srtp_ctx() { assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); } - stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); + stream + .ssl() + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) + .expect("extract"); stream.read_exact(&mut [0]).unwrap(); @@ -607,7 +611,6 @@ fn test_connect_with_srtp_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); - let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); @@ -616,22 +619,25 @@ fn test_connect_with_srtp_ssl() { ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let mut profilenames = String::new(); - for profile in ssl.get_srtp_profiles().unwrap() { - if profilenames.len()>0 { + for profile in ssl.srtp_profiles().unwrap() { + if profilenames.len() > 0 { profilenames.push(':'); } profilenames += profile.name(); - } - assert_eq!("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", profilenames); + assert_eq!( + "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", + profilenames + ); let mut stream = ssl.accept(stream).unwrap(); let mut buf = [0; 60]; stream .ssl() - .export_srtp_keying_material(&mut buf) + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) .unwrap(); stream.write_all(&[0]).unwrap(); @@ -642,7 +648,8 @@ fn test_connect_with_srtp_ssl() { let stream = TcpStream::connect(addr).unwrap(); let ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let mut stream = ssl.connect(stream).unwrap(); let mut buf = [1; 60]; @@ -651,7 +658,10 @@ fn test_connect_with_srtp_ssl() { assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); } - stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); + stream + .ssl() + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) + .expect("extract"); stream.read_exact(&mut [0]).unwrap();