diff --git a/.circleci/config.yml b/.circleci/config.yml index 353c27cd..82c12dab 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -91,7 +91,7 @@ macos_job: &MACOS_JOB openssl_111: &OPENSSL_111 LIBRARY: openssl - VERSION: 1.1.1-pre2 + VERSION: 1.1.1-pre3 openssl_110: &OPENSSL_110 LIBRARY: openssl VERSION: 1.1.0g diff --git a/openssl-sys/src/ossl111.rs b/openssl-sys/src/ossl111.rs index 23599d32..6d6f8d4f 100644 --- a/openssl-sys/src/ossl111.rs +++ b/openssl-sys/src/ossl111.rs @@ -25,7 +25,7 @@ pub type SSL_custom_ext_parse_cb_ex = chainidx: size_t, al: *mut c_int, parse_arg: *mut c_void) -> c_int>; -pub const SSL_COOKIE_LENGTH: c_int = 255; +pub const SSL_COOKIE_LENGTH: c_int = 4096; pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000; @@ -65,4 +65,20 @@ extern "C" { parse_arg: *mut c_void) -> c_int; pub fn SSL_stateless(s: *mut ::SSL) -> c_int; pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD; + pub fn SSL_CTX_set_stateless_cookie_generate_cb( + s: *mut ::SSL_CTX, + cb: Option c_int> + ); + pub fn SSL_CTX_set_stateless_cookie_verify_cb( + s: *mut ::SSL_CTX, + cb: Option c_int> + ); } diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index 5b95ed02..bff71022 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -366,6 +366,55 @@ where callback(ssl, line); } +#[cfg(ossl111)] +pub extern "C" fn raw_stateless_cookie_generate( + ssl: *mut ffi::SSL, + cookie: *mut c_uchar, + cookie_len: *mut size_t, +) -> c_int +where + F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &*(callback as *mut F); + let slice = + slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize); + match callback(ssl, slice) { + Ok(len) => { + *cookie_len = len as size_t; + 1 + } + Err(e) => { + e.put(); + 0 + } + } + } +} + +#[cfg(ossl111)] +pub extern "C" fn raw_stateless_cookie_verify( + ssl: *mut ffi::SSL, + cookie: *const c_uchar, + cookie_len: size_t, +) -> c_int +where + F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &*(callback as *mut F); + let slice = + slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize); + callback(ssl, slice) as c_int + } +} + pub extern "C" fn raw_cookie_generate( ssl: *mut ffi::SSL, cookie: *mut c_uchar, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index f3c4ed3a..024e4ca5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1437,8 +1437,9 @@ impl SslContextBuilder { /// The callback will be called with the SSL context and a slice into which the cookie /// should be written. The callback should return the number of bytes written. /// - /// This corresponds to `SSL_CTX_set_cookie_generate_cb`. - pub fn set_cookie_generate_cb(&mut self, callback: F) + /// This corresponds to `SSL_CTX_set_stateless_cookie_generate_cb`. + #[cfg(ossl111)] + pub fn set_stateless_cookie_generate_cb(&mut self, callback: F) where F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, { @@ -1447,9 +1448,9 @@ impl SslContextBuilder { ffi::SSL_CTX_set_ex_data( self.as_ptr(), get_callback_idx::(), - mem::transmute(callback), + Box::into_raw(callback) as *mut _, ); - ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::)) + ffi::SSL_CTX_set_stateless_cookie_generate_cb(self.as_ptr(), Some(raw_stateless_cookie_generate::)) } } @@ -1461,6 +1462,49 @@ impl SslContextBuilder { /// Note that the OpenSSL implementation independently verifies the integrity of /// application cookies using an HMAC before invoking the supplied callback. /// + /// This corresponds to `SSL_CTX_set_stateless_cookie_verify_cb`. + #[cfg(ossl111)] + pub fn set_stateless_cookie_verify_cb(&mut self, callback: F) + where + F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, + { + unsafe { + let callback = Box::new(callback); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + Box::into_raw(callback) as *mut _, + ); + ffi::SSL_CTX_set_stateless_cookie_verify_cb(self.as_ptr(), Some(raw_stateless_cookie_verify::)) + } + } + + /// Sets the callback for generating a DTLSv1 cookie + /// + /// The callback will be called with the SSL context and a slice into which the cookie + /// should be written. The callback should return the number of bytes written. + /// + /// This corresponds to `SSL_CTX_set_cookie_generate_cb`. + pub fn set_cookie_generate_cb(&mut self, callback: F) + where + F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send, + { + unsafe { + let callback = Box::new(callback); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + Box::into_raw(callback) as *mut _, + ); + ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::)) + } + } + + /// Sets the callback for verifying a DTLSv1 cookie + /// + /// The callback will be called with the SSL context and the cookie supplied by the + /// client. It should return true if and only if the cookie is valid. + /// /// This corresponds to `SSL_CTX_set_cookie_verify_cb`. pub fn set_cookie_verify_cb(&mut self, callback: F) where @@ -1471,7 +1515,7 @@ impl SslContextBuilder { ffi::SSL_CTX_set_ex_data( self.as_ptr(), get_callback_idx::(), - mem::transmute(callback), + Box::into_raw(callback) as *mut _, ); ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::)) }