min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to OpenSSL 1.1.1-pre3

This commit is contained in:
Benjamin Saunders 2018-03-26 18:49:03 -07:00
parent 812d7a613f
commit bbb1cb61f6
4 changed files with 116 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.circleci/config.yml
View File

@ -91,7 +91,7 @@ macos_job: &MACOS_JOB
openssl_111: &OPENSSL_111
LIBRARY: openssl
VERSION: 1.1.1-pre2
VERSION: 1.1.1-pre3
openssl_110: &OPENSSL_110
LIBRARY: openssl
VERSION: 1.1.0g

18
openssl-sys/src/ossl111.rs
View File

@ -25,7 +25,7 @@ pub type SSL_custom_ext_parse_cb_ex =
chainidx: size_t, al: *mut c_int,
parse_arg: *mut c_void) -> c_int>;
pub const SSL_COOKIE_LENGTH: c_int = 255;
pub const SSL_COOKIE_LENGTH: c_int = 4096;
pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000;
@ -65,4 +65,20 @@ extern "C" {
parse_arg: *mut c_void) -> c_int;
pub fn SSL_stateless(s: *mut ::SSL) -> c_int;
pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD;
pub fn SSL_CTX_set_stateless_cookie_generate_cb(
s: *mut ::SSL_CTX,
cb: Option<unsafe extern "C" fn(
ssl: *mut ::SSL,
cookie: *mut c_uchar,
cookie_len: *mut size_t
) -> c_int>
);
pub fn SSL_CTX_set_stateless_cookie_verify_cb(
s: *mut ::SSL_CTX,
cb: Option<unsafe extern "C" fn(
ssl: *mut ::SSL,
cookie: *const c_uchar,
cookie_len: size_t
) -> c_int>
);
}

49
openssl/src/ssl/callbacks.rs
View File

@ -366,6 +366,55 @@ where
callback(ssl, line);
}
#[cfg(ossl111)]
pub extern "C" fn raw_stateless_cookie_generate<F>(
ssl: *mut ffi::SSL,
cookie: *mut c_uchar,
cookie_len: *mut size_t,
) -> c_int
where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{
unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
let ssl = SslRef::from_ptr_mut(ssl);
let callback = &*(callback as *mut F);
let slice =
slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
match callback(ssl, slice) {
Ok(len) => {
*cookie_len = len as size_t;
1
}
Err(e) => {
e.put();
0
}
}
}
}
#[cfg(ossl111)]
pub extern "C" fn raw_stateless_cookie_verify<F>(
ssl: *mut ffi::SSL,
cookie: *const c_uchar,
cookie_len: size_t,
) -> c_int
where
F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
{
unsafe {
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
let ssl = SslRef::from_ptr_mut(ssl);
let callback = &*(callback as *mut F);
let slice =
slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
callback(ssl, slice) as c_int
}
}
pub extern "C" fn raw_cookie_generate<F>(
ssl: *mut ffi::SSL,
cookie: *mut c_uchar,

54
openssl/src/ssl/mod.rs
View File

@ -1437,8 +1437,9 @@ impl SslContextBuilder {
/// The callback will be called with the SSL context and a slice into which the cookie
/// should be written. The callback should return the number of bytes written.
///
/// This corresponds to `SSL_CTX_set_cookie_generate_cb`.
pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
/// This corresponds to `SSL_CTX_set_stateless_cookie_generate_cb`.
#[cfg(ossl111)]
pub fn set_stateless_cookie_generate_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{
@ -1447,9 +1448,9 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_ex_data(
self.as_ptr(),
get_callback_idx::<F>(),
mem::transmute(callback),
Box::into_raw(callback) as *mut _,
);
ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>))
ffi::SSL_CTX_set_stateless_cookie_generate_cb(self.as_ptr(), Some(raw_stateless_cookie_generate::<F>))
}
}
@ -1461,6 +1462,49 @@ impl SslContextBuilder {
/// Note that the OpenSSL implementation independently verifies the integrity of
/// application cookies using an HMAC before invoking the supplied callback.
///
/// This corresponds to `SSL_CTX_set_stateless_cookie_verify_cb`.
#[cfg(ossl111)]
pub fn set_stateless_cookie_verify_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
{
unsafe {
let callback = Box::new(callback);
ffi::SSL_CTX_set_ex_data(
self.as_ptr(),
get_callback_idx::<F>(),
Box::into_raw(callback) as *mut _,
);
ffi::SSL_CTX_set_stateless_cookie_verify_cb(self.as_ptr(), Some(raw_stateless_cookie_verify::<F>))
}
}
/// Sets the callback for generating a DTLSv1 cookie
///
/// The callback will be called with the SSL context and a slice into which the cookie
/// should be written. The callback should return the number of bytes written.
///
/// This corresponds to `SSL_CTX_set_cookie_generate_cb`.
pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{
unsafe {
let callback = Box::new(callback);
ffi::SSL_CTX_set_ex_data(
self.as_ptr(),
get_callback_idx::<F>(),
Box::into_raw(callback) as *mut _,
);
ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>))
}
}
/// Sets the callback for verifying a DTLSv1 cookie
///
/// The callback will be called with the SSL context and the cookie supplied by the
/// client. It should return true if and only if the cookie is valid.
///
/// This corresponds to `SSL_CTX_set_cookie_verify_cb`.
pub fn set_cookie_verify_cb<F>(&mut self, callback: F)
where
@ -1471,7 +1515,7 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_ex_data(
self.as_ptr(),
get_callback_idx::<F>(),
mem::transmute(callback),
Box::into_raw(callback) as *mut _,
);
ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::<F>))
}