min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #978 from sfackler/srtp-cleanup 

SRTP cleanup
This commit is contained in:
Steven Fackler 2018-08-19 20:02:00 -07:00 committed by GitHub
parent b07ebe44ed ef7721092d
commit b1d01fbc0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 122 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssl-sys/src/lib.rs
View File

@ -197,9 +197,6 @@ pub struct SRTP_PROTECTION_PROFILE {
pub id: c_ulong, pub id: c_ulong,
} }
/// fake free method, since SRTP_PROTECTION_PROFILE is static
pub unsafe fn SRTP_PROTECTION_PROFILE_free(_profile: *mut SRTP_PROTECTION_PROFILE) {}
pub type SHA_LONG = c_uint; pub type SHA_LONG = c_uint;
pub type SHA_LONG64 = u64; pub type SHA_LONG64 = u64;
@ -2899,4 +2896,9 @@ extern "C" {
pub fn SSL_set_connect_state(s: *mut SSL); pub fn SSL_set_connect_state(s: *mut SSL);
pub fn SSL_set_accept_state(s: *mut SSL); pub fn SSL_set_accept_state(s: *mut SSL);
pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int;
pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int;
pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE;
pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE;
} }

7
openssl-sys/src/libressl/mod.rs
View File

@ -10,7 +10,6 @@ pub use libressl::v250::*;
pub use libressl::v251::*; pub use libressl::v251::*;
#[cfg(libressl273)] #[cfg(libressl273)]
pub use libressl::v273::*; pub use libressl::v273::*;
use SRTP_PROTECTION_PROFILE;
#[cfg(not(libressl251))] #[cfg(not(libressl251))]
mod v250; mod v250;
@ -68,7 +67,6 @@ pub struct stack_st_SRTP_PROTECTION_PROFILE {
pub stack: _STACK, pub stack: _STACK,
} }
#[repr(C)] #[repr(C)]
pub struct _STACK { pub struct _STACK {
pub num: c_int, pub num: c_int,
@ -639,9 +637,4 @@ extern "C" {
pub fn SSLeay() -> c_ulong; pub fn SSLeay() -> c_ulong;
pub fn SSLeay_version(key: c_int) -> *const c_char; pub fn SSLeay_version(key: c_int) -> *const c_char;
pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int;
pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int;
pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE;
pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE;
} }

101
openssl-sys/src/openssl/v10x.rs
View File

@ -4,7 +4,6 @@ use std::process;
use std::ptr; use std::ptr;
use std::sync::{Mutex, MutexGuard}; use std::sync::{Mutex, MutexGuard};
use std::sync::{Once, ONCE_INIT}; use std::sync::{Once, ONCE_INIT};
use SRTP_PROTECTION_PROFILE;
#[cfg(ossl102)] #[cfg(ossl102)]
use libc::time_t; use libc::time_t;
@ -55,7 +54,6 @@ pub struct stack_st_OPENSSL_STRING {
pub stack: _STACK, pub stack: _STACK,
} }
#[repr(C)] #[repr(C)]
pub struct stack_st_SRTP_PROTECTION_PROFILE { pub struct stack_st_SRTP_PROTECTION_PROFILE {
pub stack: _STACK, pub stack: _STACK,
@ -433,13 +431,25 @@ pub struct SSL {
tlsext_ocsp_resplen: c_int, tlsext_ocsp_resplen: c_int,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_ticket_expected: c_int, tlsext_ticket_expected: c_int,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ecpointformatlist_length: size_t, tlsext_ecpointformatlist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ecpointformatlist: *mut c_uchar, tlsext_ecpointformatlist: *mut c_uchar,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ellipticcurvelist: *mut c_uchar, tlsext_ellipticcurvelist: *mut c_uchar,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_opaque_prf_input: *mut c_void, tlsext_opaque_prf_input: *mut c_void,
@ -457,9 +467,15 @@ pub struct SSL {
tls_session_secret_cb_arg: *mut c_void, tls_session_secret_cb_arg: *mut c_void,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
initial_ctx: *mut ::SSL_CTX, initial_ctx: *mut ::SSL_CTX,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_proto_negotiated: *mut c_uchar, next_proto_negotiated: *mut c_uchar,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_proto_negotiated_len: c_uchar, next_proto_negotiated_len: c_uchar,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
srtp_profiles: *mut c_void, srtp_profiles: *mut c_void,
@ -569,13 +585,25 @@ pub struct SSL_CTX {
#[cfg(not(osslconf = "OPENSSL_NO_SRP"))] #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
srp_ctx: SRP_CTX, srp_ctx: SRP_CTX,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_protos_advertised_cb: *mut c_void, next_protos_advertised_cb: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_protos_advertised_cb_arg: *mut c_void, next_protos_advertised_cb_arg: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_proto_select_cb: *mut c_void, next_proto_select_cb: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_NEXTPROTONEG")
))]
next_proto_select_cb_arg: *mut c_void, next_proto_select_cb_arg: *mut c_void,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))]
@ -589,13 +617,29 @@ pub struct SSL_CTX {
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
alpn_client_proto_list_len: c_uint, alpn_client_proto_list_len: c_uint,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"),
ossl102
))]
tlsext_ecpointformatlist_length: size_t, tlsext_ecpointformatlist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"),
ossl102
))]
tlsext_ecpointformatlist: *mut c_uchar, tlsext_ecpointformatlist: *mut c_uchar,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"),
ossl102
))]
tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC"),
ossl102
))]
tlsext_ellipticcurvelist: *mut c_uchar, tlsext_ellipticcurvelist: *mut c_uchar,
} }
@ -634,13 +678,25 @@ pub struct SSL_SESSION {
next: *mut c_void, next: *mut c_void,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_hostname: *mut c_char, tlsext_hostname: *mut c_char,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ecpointformatlist_length: size_t, tlsext_ecpointformatlist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ecpointformatlist: *mut c_uchar, tlsext_ecpointformatlist: *mut c_uchar,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ellipticcurvelist_length: size_t, tlsext_ellipticcurvelist_length: size_t,
#[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC")))] #[cfg(all(
not(osslconf = "OPENSSL_NO_TLSEXT"),
not(osslconf = "OPENSSL_NO_EC")
))]
tlsext_ellipticcurvelist: *mut c_uchar, tlsext_ellipticcurvelist: *mut c_uchar,
#[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
tlsext_tick: *mut c_uchar, tlsext_tick: *mut c_uchar,
@ -1009,9 +1065,4 @@ extern "C" {
#[cfg(ossl102)] #[cfg(ossl102)]
pub fn SSL_extension_supported(ext_type: c_uint) -> c_int; pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int;
pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int;
pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE;
pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE;
} }

13
openssl-sys/src/openssl/v110.rs
View File

@ -1,7 +1,6 @@
use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t}; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
use std::ptr; use std::ptr;
use std::sync::{Once, ONCE_INIT}; use std::sync::{Once, ONCE_INIT};
use SRTP_PROTECTION_PROFILE;
pub enum BIGNUM {} pub enum BIGNUM {}
pub enum BIO {} pub enum BIO {}
@ -142,7 +141,6 @@ pub unsafe fn SSL_get_max_proto_version(s: *mut ::SSL) -> c_int {
::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int ::SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
} }
extern "C" { extern "C" {
pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO;
pub fn BIO_s_file() -> *const BIO_METHOD; pub fn BIO_s_file() -> *const BIO_METHOD;
@ -251,11 +249,7 @@ extern "C" {
pub_key: *mut *const ::BIGNUM, pub_key: *mut *const ::BIGNUM,
priv_key: *mut *const ::BIGNUM, priv_key: *mut *const ::BIGNUM,
); );
pub fn DSA_set0_key( pub fn DSA_set0_key(d: *mut ::DSA, pub_key: *mut ::BIGNUM, priv_key: *mut ::BIGNUM) -> c_int;
d: *mut ::DSA,
pub_key: *mut ::BIGNUM,
priv_key: *mut ::BIGNUM,
) -> c_int;
pub fn RSA_get0_key( pub fn RSA_get0_key(
r: *const ::RSA, r: *const ::RSA,
n: *mut *const ::BIGNUM, n: *mut *const ::BIGNUM,
@ -395,9 +389,4 @@ extern "C" {
pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int; pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int;
pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int; pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int;
pub fn SSL_set_tlsext_use_srtp(ssl: *mut ::SSL, profiles: *const c_char) -> c_int;
pub fn SSL_CTX_set_tlsext_use_srtp(ctx: *mut ::SSL_CTX, profiles: *const c_char) -> c_int;
pub fn SSL_get_srtp_profiles(ssl: *mut ::SSL) -> *mut stack_st_SRTP_PROTECTION_PROFILE;
pub fn SSL_get_selected_srtp_profile(ssl: *mut ::SSL) -> *mut SRTP_PROTECTION_PROFILE;
} }

13
openssl/src/srtp.rs
View File

@ -5,10 +5,13 @@ use stack::Stackable;
use std::ffi::CStr; use std::ffi::CStr;
use std::str; use std::str;
/// fake free method, since SRTP_PROTECTION_PROFILE is static
unsafe fn free(_profile: *mut ffi::SRTP_PROTECTION_PROFILE) {}
#[allow(unused_unsafe)] #[allow(unused_unsafe)]
foreign_type_and_impl_send_sync! { foreign_type_and_impl_send_sync! {
type CType = ffi::SRTP_PROTECTION_PROFILE; type CType = ffi::SRTP_PROTECTION_PROFILE;
fn drop = ffi::SRTP_PROTECTION_PROFILE_free; fn drop = free;
pub struct SrtpProtectionProfile; pub struct SrtpProtectionProfile;
/// Reference to `SrtpProtectionProfile`. /// Reference to `SrtpProtectionProfile`.
@ -19,18 +22,18 @@ impl Stackable for SrtpProtectionProfile {
type StackType = ffi::stack_st_SRTP_PROTECTION_PROFILE; type StackType = ffi::stack_st_SRTP_PROTECTION_PROFILE;
} }
impl SrtpProtectionProfileRef { impl SrtpProtectionProfileRef {
pub fn id(&self) -> SrtpProfileId { pub fn id(&self) -> SrtpProfileId {
SrtpProfileId::from_raw(unsafe { (*self.as_ptr()).id }) SrtpProfileId::from_raw(unsafe { (*self.as_ptr()).id })
} }
pub fn name(&self) -> &'static str { pub fn name(&self) -> &'static str {
unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) }.to_str().expect("should be UTF-8") unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) }
.to_str()
.expect("should be UTF-8")
} }
} }
/// An identifier of an SRTP protection profile.
/// type of SRTP profile to use.
#[derive(Debug, Copy, Clone, PartialEq, Eq)] #[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct SrtpProfileId(c_ulong); pub struct SrtpProfileId(c_ulong);

29
openssl/src/ssl/mod.rs
View File

@ -98,7 +98,7 @@ use x509::store::X509Store;
use x509::store::{X509StoreBuilderRef, X509StoreRef}; use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, libressl261))]
use x509::verify::X509VerifyParamRef; use x509::verify::X509VerifyParamRef;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};
use {cvt, cvt_n, cvt_p, init}; use {cvt, cvt_n, cvt_p, init};
pub use ssl::connector::{ pub use ssl::connector::{
@ -652,6 +652,7 @@ impl SslContextBuilder {
/// This corresponds to [`SSL_CTX_set_tlsext_servername_callback`]. /// This corresponds to [`SSL_CTX_set_tlsext_servername_callback`].
/// ///
/// [`SSL_CTX_set_tlsext_servername_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_servername_callback.html /// [`SSL_CTX_set_tlsext_servername_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_servername_callback.html
// FIXME tlsext prefix?
pub fn set_servername_callback<F>(&mut self, callback: F) pub fn set_servername_callback<F>(&mut self, callback: F)
where where
F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send, F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,
@ -1166,10 +1167,7 @@ impl SslContextBuilder {
unsafe { unsafe {
let cstr = CString::new(protocols).unwrap(); let cstr = CString::new(protocols).unwrap();
let r = ffi::SSL_CTX_set_tlsext_use_srtp( let r = ffi::SSL_CTX_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr());
self.as_ptr(),
cstr.as_ptr(),
);
// fun fact, set_tlsext_use_srtp has a reversed return code D: // fun fact, set_tlsext_use_srtp has a reversed return code D:
if r == 0 { if r == 0 {
Ok(()) Ok(())
@ -2478,7 +2476,6 @@ impl SslRef {
} }
} }
/// Enables the DTLS extension "use_srtp" as defined in RFC5764. /// Enables the DTLS extension "use_srtp" as defined in RFC5764.
/// ///
/// This corresponds to [`SSL_set_tlsext_use_srtp`]. /// This corresponds to [`SSL_set_tlsext_use_srtp`].
@ -2488,10 +2485,7 @@ impl SslRef {
unsafe { unsafe {
let cstr = CString::new(protocols).unwrap(); let cstr = CString::new(protocols).unwrap();
let r = ffi::SSL_set_tlsext_use_srtp( let r = ffi::SSL_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr());
self.as_ptr(),
cstr.as_ptr(),
);
// fun fact, set_tlsext_use_srtp has a reversed return code D: // fun fact, set_tlsext_use_srtp has a reversed return code D:
if r == 0 { if r == 0 {
Ok(()) Ok(())
@ -2508,7 +2502,7 @@ impl SslRef {
/// This corresponds to [`SSL_get_srtp_profiles`]. /// This corresponds to [`SSL_get_srtp_profiles`].
/// ///
/// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html /// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
pub fn get_srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> { pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> {
unsafe { unsafe {
let chain = ffi::SSL_get_srtp_profiles(self.as_ptr()); let chain = ffi::SSL_get_srtp_profiles(self.as_ptr());
@ -2519,6 +2513,7 @@ impl SslRef {
} }
} }
} }
/// Gets the SRTP profile selected by handshake. /// Gets the SRTP profile selected by handshake.
/// ///
/// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
@ -2538,18 +2533,6 @@ impl SslRef {
} }
} }
/// Derives keying material for SRTP usage.
///
/// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
///
/// This corresponds to [`SSL_export_keying_material`] with a label of "EXTRACTOR-dtls_srtp".
///
/// [`SSL_export_keying_material`]: https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material.html
/// [`SSL_CTX_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html
pub fn export_srtp_keying_material(&self, out: &mut [u8]) -> Result<(), ErrorStack> {
self.export_keying_material(out, "EXTRACTOR-dtls_srtp", None)
}
/// Returns the number of bytes remaining in the currently processed TLS record. /// Returns the number of bytes remaining in the currently processed TLS record.
/// ///
/// If this is greater than 0, the next call to `read` will not call down to the underlying /// If this is greater than 0, the next call to `read` will not call down to the underlying

42
openssl/src/ssl/test.rs
View File

@ -18,10 +18,10 @@ use dh::Dh;
use hash::MessageDigest; use hash::MessageDigest;
use ocsp::{OcspResponse, OcspResponseStatus}; use ocsp::{OcspResponse, OcspResponseStatus};
use pkey::PKey; use pkey::PKey;
use srtp::SrtpProfileId;
use ssl; use ssl;
#[cfg(any(ossl110, ossl111, libressl261))] #[cfg(any(ossl110, ossl111, libressl261))]
use ssl::SslVersion; use ssl::SslVersion;
use srtp::SrtpProfileId;
use ssl::{ use ssl::{
Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor, Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor,
SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream,
@ -29,7 +29,7 @@ use ssl::{
}; };
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, ossl110))]
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; use x509::{X509Name, X509StoreContext, X509VerifyResult, X509};
use std::net::UdpSocket; use std::net::UdpSocket;
@ -555,11 +555,11 @@ fn test_connect_with_srtp_ctx() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let addr = listener.local_addr().unwrap(); let addr = listener.local_addr().unwrap();
let guard = thread::spawn(move || { let guard = thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
.unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
@ -570,7 +570,7 @@ fn test_connect_with_srtp_ctx() {
let mut buf = [0; 60]; let mut buf = [0; 60];
stream stream
.ssl() .ssl()
.export_srtp_keying_material(&mut buf) .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
.unwrap(); .unwrap();
stream.write_all(&[0]).unwrap(); stream.write_all(&[0]).unwrap();
@ -580,7 +580,8 @@ fn test_connect_with_srtp_ctx() {
let stream = TcpStream::connect(addr).unwrap(); let stream = TcpStream::connect(addr).unwrap();
let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
.unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
let mut stream = ssl.connect(stream).unwrap(); let mut stream = ssl.connect(stream).unwrap();
@ -590,7 +591,10 @@ fn test_connect_with_srtp_ctx() {
assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
} }
stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); stream
.ssl()
.export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
.expect("extract");
stream.read_exact(&mut [0]).unwrap(); stream.read_exact(&mut [0]).unwrap();
@ -607,7 +611,6 @@ fn test_connect_with_srtp_ssl() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let addr = listener.local_addr().unwrap(); let addr = listener.local_addr().unwrap();
let guard = thread::spawn(move || { let guard = thread::spawn(move || {
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
@ -616,22 +619,25 @@ fn test_connect_with_srtp_ssl() {
ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
.unwrap(); .unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
.unwrap();
let mut profilenames = String::new(); let mut profilenames = String::new();
for profile in ssl.get_srtp_profiles().unwrap() { for profile in ssl.srtp_profiles().unwrap() {
if profilenames.len()>0 { if profilenames.len() > 0 {
profilenames.push(':'); profilenames.push(':');
} }
profilenames += profile.name(); profilenames += profile.name();
} }
assert_eq!("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", profilenames); assert_eq!(
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
profilenames
);
let mut stream = ssl.accept(stream).unwrap(); let mut stream = ssl.accept(stream).unwrap();
let mut buf = [0; 60]; let mut buf = [0; 60];
stream stream
.ssl() .ssl()
.export_srtp_keying_material(&mut buf) .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
.unwrap(); .unwrap();
stream.write_all(&[0]).unwrap(); stream.write_all(&[0]).unwrap();
@ -642,7 +648,8 @@ fn test_connect_with_srtp_ssl() {
let stream = TcpStream::connect(addr).unwrap(); let stream = TcpStream::connect(addr).unwrap();
let ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let ctx = SslContext::builder(SslMethod::dtls()).unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
.unwrap();
let mut stream = ssl.connect(stream).unwrap(); let mut stream = ssl.connect(stream).unwrap();
let mut buf = [1; 60]; let mut buf = [1; 60];
@ -651,7 +658,10 @@ fn test_connect_with_srtp_ssl() {
assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name());
assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id());
} }
stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); stream
.ssl()
.export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None)
.expect("extract");
stream.read_exact(&mut [0]).unwrap(); stream.read_exact(&mut [0]).unwrap();