min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a fixme

This commit is contained in:
Steven Fackler 2017-05-29 18:04:32 -07:00
parent cba475b9ae
commit c89af1d5f8
1 changed files with 106 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
openssl/src/ssl/mod.rs
View File

@ -121,6 +121,7 @@ pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder,
pub use ssl::error::{Error, HandshakeError}; pub use ssl::error::{Error, HandshakeError};
// FIXME drop SSL_ prefix // FIXME drop SSL_ prefix
// FIXME remvove flags not used in OpenSSL 1.1
bitflags! { bitflags! {
pub struct SslOption: c_ulong { pub struct SslOption: c_ulong {
const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG; const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG;
@ -246,11 +247,19 @@ lazy_static! {
// Registers a destructor for the data which will be called // Registers a destructor for the data which will be called
// when context is freed // when context is freed
fn get_callback_idx<T: Any + 'static>() -> c_int { fn get_callback_idx<T: Any + 'static>() -> c_int {
*INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_idx::<T>()) *INDEXES
.lock()
.unwrap()
.entry(TypeId::of::<T>())
.or_insert_with(|| get_new_idx::<T>())
} }
fn get_ssl_callback_idx<T: Any + 'static>() -> c_int { fn get_ssl_callback_idx<T: Any + 'static>() -> c_int {
*SSL_INDEXES.lock().unwrap().entry(TypeId::of::<T>()).or_insert_with(|| get_new_ssl_idx::<T>()) *SSL_INDEXES
.lock()
.unwrap()
.entry(TypeId::of::<T>())
.or_insert_with(|| get_new_ssl_idx::<T>())
} }
lazy_static! { lazy_static! {
@ -399,60 +408,60 @@ extern "C" fn raw_alpn_select_cb(ssl: *mut ffi::SSL,
unsafe { select_proto_using(ssl, out as *mut _, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) } unsafe { select_proto_using(ssl, out as *mut _, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) }
} }
unsafe extern fn raw_tmp_dh<F>(ssl: *mut ffi::SSL, unsafe extern "C" fn raw_tmp_dh<F>(ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int)
-> *mut ffi::DH
where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send
{
let ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());
let callback = &*(callback as *mut F);
let ssl = SslRef::from_ptr_mut(ssl);
match callback(ssl, is_export != 0, keylength as u32) {
Ok(dh) => {
let ptr = dh.as_ptr();
mem::forget(dh);
ptr
}
Err(_) => {
// FIXME reset error stack
ptr::null_mut()
}
}
}
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
unsafe extern fn raw_tmp_ecdh<F>(ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int)
-> *mut ffi::EC_KEY
where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send
{
let ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());
let callback = &*(callback as *mut F);
let ssl = SslRef::from_ptr_mut(ssl);
match callback(ssl, is_export != 0, keylength as u32) {
Ok(ec_key) => {
let ptr = ec_key.as_ptr();
mem::forget(ec_key);
ptr
}
Err(_) => {
// FIXME reset error stack
ptr::null_mut()
}
}
}
unsafe extern fn raw_tmp_dh_ssl<F>(ssl: *mut ffi::SSL,
is_export: c_int, is_export: c_int,
keylength: c_int) keylength: c_int)
-> *mut ffi::DH -> *mut ffi::DH
where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send
{
let ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());
let callback = &*(callback as *mut F);
let ssl = SslRef::from_ptr_mut(ssl);
match callback(ssl, is_export != 0, keylength as u32) {
Ok(dh) => {
let ptr = dh.as_ptr();
mem::forget(dh);
ptr
}
Err(_) => {
// FIXME reset error stack
ptr::null_mut()
}
}
}
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
unsafe extern "C" fn raw_tmp_ecdh<F>(ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int)
-> *mut ffi::EC_KEY
where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send
{
let ctx = ffi::SSL_get_SSL_CTX(ssl);
let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());
let callback = &*(callback as *mut F);
let ssl = SslRef::from_ptr_mut(ssl);
match callback(ssl, is_export != 0, keylength as u32) {
Ok(ec_key) => {
let ptr = ec_key.as_ptr();
mem::forget(ec_key);
ptr
}
Err(_) => {
// FIXME reset error stack
ptr::null_mut()
}
}
}
unsafe extern "C" fn raw_tmp_dh_ssl<F>(ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int)
-> *mut ffi::DH
where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send
{ {
let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>());
let callback = &*(callback as *mut F); let callback = &*(callback as *mut F);
@ -472,10 +481,10 @@ unsafe extern fn raw_tmp_dh_ssl<F>(ssl: *mut ffi::SSL,
} }
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
unsafe extern fn raw_tmp_ecdh_ssl<F>(ssl: *mut ffi::SSL, unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(ssl: *mut ffi::SSL,
is_export: c_int, is_export: c_int,
keylength: c_int) keylength: c_int)
-> *mut ffi::EC_KEY -> *mut ffi::EC_KEY
where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send
{ {
let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>());
@ -495,7 +504,7 @@ unsafe extern fn raw_tmp_ecdh_ssl<F>(ssl: *mut ffi::SSL,
} }
} }
unsafe extern fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int
where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send
{ {
let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
@ -695,7 +704,7 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_ex_data(self.as_ptr(), ffi::SSL_CTX_set_ex_data(self.as_ptr(),
get_callback_idx::<F>(), get_callback_idx::<F>(),
Box::into_raw(callback) as *mut c_void); Box::into_raw(callback) as *mut c_void);
let f: unsafe extern fn (_, _, _) -> _ = raw_tmp_dh::<F>; let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_dh::<F>;
ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), f); ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), f);
} }
} }
@ -714,7 +723,7 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_ex_data(self.as_ptr(), ffi::SSL_CTX_set_ex_data(self.as_ptr(),
get_callback_idx::<F>(), get_callback_idx::<F>(),
Box::into_raw(callback) as *mut c_void); Box::into_raw(callback) as *mut c_void);
let f: unsafe extern fn(_, _, _) -> _ = raw_tmp_ecdh::<F>; let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_ecdh::<F>;
ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), f); ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), f);
} }
} }
@ -735,7 +744,7 @@ impl SslContextBuilder {
cvt(ffi::SSL_CTX_load_verify_locations(self.as_ptr(), cvt(ffi::SSL_CTX_load_verify_locations(self.as_ptr(),
file.as_ptr() as *const _, file.as_ptr() as *const _,
ptr::null())) ptr::null()))
.map(|_| ()) .map(|_| ())
} }
} }
@ -763,7 +772,7 @@ impl SslContextBuilder {
cvt(ffi::SSL_CTX_set_session_id_context(self.as_ptr(), cvt(ffi::SSL_CTX_set_session_id_context(self.as_ptr(),
sid_ctx.as_ptr(), sid_ctx.as_ptr(),
sid_ctx.len() as c_uint)) sid_ctx.len() as c_uint))
.map(|_| ()) .map(|_| ())
} }
} }
@ -777,7 +786,7 @@ impl SslContextBuilder {
cvt(ffi::SSL_CTX_use_certificate_file(self.as_ptr(), cvt(ffi::SSL_CTX_use_certificate_file(self.as_ptr(),
file.as_ptr() as *const _, file.as_ptr() as *const _,
file_type.as_raw())) file_type.as_raw()))
.map(|_| ()) .map(|_| ())
} }
} }
@ -823,7 +832,7 @@ impl SslContextBuilder {
cvt(ffi::SSL_CTX_use_PrivateKey_file(self.as_ptr(), cvt(ffi::SSL_CTX_use_PrivateKey_file(self.as_ptr(),
file.as_ptr() as *const _, file.as_ptr() as *const _,
file_type.as_raw())) file_type.as_raw()))
.map(|_| ()) .map(|_| ())
} }
} }
@ -972,7 +981,7 @@ impl SslContextBuilder {
ffi::SSL_CTX_set_ex_data(self.as_ptr(), ffi::SSL_CTX_set_ex_data(self.as_ptr(),
get_callback_idx::<F>(), get_callback_idx::<F>(),
Box::into_raw(callback) as *mut c_void); Box::into_raw(callback) as *mut c_void);
let f: unsafe extern fn (_, _) -> _ = raw_tlsext_status::<F>; let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::<F>;
cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ()) cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ())
} }
} }
@ -1050,9 +1059,7 @@ impl SslContextRef {
/// Returns the certificate store used for verification. /// Returns the certificate store used for verification.
pub fn cert_store(&self) -> &X509StoreRef { pub fn cert_store(&self) -> &X509StoreRef {
unsafe { unsafe { X509StoreRef::from_ptr(ffi::SSL_CTX_get_cert_store(self.as_ptr())) }
X509StoreRef::from_ptr(ffi::SSL_CTX_get_cert_store(self.as_ptr()))
}
} }
pub fn extra_chain_certs(&self) -> &StackRef<X509> { pub fn extra_chain_certs(&self) -> &StackRef<X509> {
@ -1287,7 +1294,7 @@ impl SslRef {
ffi::SSL_set_ex_data(self.as_ptr(), ffi::SSL_set_ex_data(self.as_ptr(),
get_ssl_callback_idx::<F>(), get_ssl_callback_idx::<F>(),
Box::into_raw(callback) as *mut c_void); Box::into_raw(callback) as *mut c_void);
let f: unsafe extern fn (_, _, _) -> _ = raw_tmp_dh_ssl::<F>; let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_dh_ssl::<F>;
ffi::SSL_set_tmp_dh_callback(self.as_ptr(), f); ffi::SSL_set_tmp_dh_callback(self.as_ptr(), f);
} }
} }
@ -1306,7 +1313,7 @@ impl SslRef {
ffi::SSL_set_ex_data(self.as_ptr(), ffi::SSL_set_ex_data(self.as_ptr(),
get_ssl_callback_idx::<F>(), get_ssl_callback_idx::<F>(),
Box::into_raw(callback) as *mut c_void); Box::into_raw(callback) as *mut c_void);
let f: unsafe extern fn(_, _, _) -> _ = raw_tmp_ecdh_ssl::<F>; let f: unsafe extern "C" fn(_, _, _) -> _ = raw_tmp_ecdh_ssl::<F>;
ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), f); ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), f);
} }
} }
@ -1547,9 +1554,7 @@ impl SslRef {
/// Determines if the session provided to `set_session` was successfully reused. /// Determines if the session provided to `set_session` was successfully reused.
pub fn session_reused(&self) -> bool { pub fn session_reused(&self) -> bool {
unsafe { unsafe { ffi::SSL_session_reused(self.as_ptr()) != 0 }
ffi::SSL_session_reused(self.as_ptr()) != 0
}
} }
/// Sets the status response a client wishes the server to reply with. /// Sets the status response a client wishes the server to reply with.
@ -1583,16 +1588,15 @@ impl SslRef {
ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len()); ptr::copy_nonoverlapping(response.as_ptr(), p as *mut u8, response.len());
cvt(ffi::SSL_set_tlsext_status_ocsp_resp(self.as_ptr(), cvt(ffi::SSL_set_tlsext_status_ocsp_resp(self.as_ptr(),
p as *mut c_uchar, p as *mut c_uchar,
response.len() as c_long) as c_int) response.len() as c_long) as
.map(|_| ()) c_int)
.map(|_| ())
} }
} }
/// Determines if this `Ssl` is configured for server-side or client-side use. /// Determines if this `Ssl` is configured for server-side or client-side use.
pub fn is_server(&self) -> bool { pub fn is_server(&self) -> bool {
unsafe { unsafe { compat::SSL_is_server(self.as_ptr()) != 0 }
compat::SSL_is_server(self.as_ptr()) != 0
}
} }
} }
@ -1631,15 +1635,15 @@ impl Ssl {
e @ Error::WantWrite(_) | e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => { e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream { Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream, stream: stream,
error: e, error: e,
})) }))
} }
err => { err => {
Err(HandshakeError::Failure(MidHandshakeSslStream { Err(HandshakeError::Failure(MidHandshakeSslStream {
stream: stream, stream: stream,
error: err, error: err,
})) }))
} }
} }
} }
@ -1663,15 +1667,15 @@ impl Ssl {
e @ Error::WantWrite(_) | e @ Error::WantWrite(_) |
e @ Error::WantRead(_) => { e @ Error::WantRead(_) => {
Err(HandshakeError::Interrupted(MidHandshakeSslStream { Err(HandshakeError::Interrupted(MidHandshakeSslStream {
stream: stream, stream: stream,
error: e, error: e,
})) }))
} }
err => { err => {
Err(HandshakeError::Failure(MidHandshakeSslStream { Err(HandshakeError::Failure(MidHandshakeSslStream {
stream: stream, stream: stream,
error: err, error: err,
})) }))
} }
} }
} }
@ -1775,7 +1779,7 @@ impl<S: Read + Write> SslStream<S> {
// To avoid that confusion short-circuit that logic and return quickly // To avoid that confusion short-circuit that logic and return quickly
// if `buf` has a length of zero. // if `buf` has a length of zero.
if buf.len() == 0 { if buf.len() == 0 {
return Ok(0) return Ok(0);
} }
let ret = self.ssl.read(buf); let ret = self.ssl.read(buf);
@ -1797,7 +1801,7 @@ impl<S: Read + Write> SslStream<S> {
pub fn ssl_write(&mut self, buf: &[u8]) -> Result<usize, Error> { pub fn ssl_write(&mut self, buf: &[u8]) -> Result<usize, Error> {
// See above for why we short-circuit on zero-length buffers // See above for why we short-circuit on zero-length buffers
if buf.len() == 0 { if buf.len() == 0 {
return Ok(0) return Ok(0);
} }
let ret = self.ssl.write(buf); let ret = self.ssl.write(buf);
@ -1859,7 +1863,7 @@ impl<S> SslStream<S> {
} }
}; };
Error::WantWrite(err) Error::WantWrite(err)
}, }
ffi::SSL_ERROR_WANT_READ => { ffi::SSL_ERROR_WANT_READ => {
let err = match self.get_bio_error() { let err = match self.get_bio_error() {
Some(err) => err, Some(err) => err,
@ -1869,7 +1873,7 @@ impl<S> SslStream<S> {
} }
}; };
Error::WantRead(err) Error::WantRead(err)
}, }
err => { err => {
Error::Stream(io::Error::new(io::ErrorKind::InvalidData, Error::Stream(io::Error::new(io::ErrorKind::InvalidData,
format!("unexpected error {}", err))) format!("unexpected error {}", err)))
@ -1929,14 +1933,13 @@ impl<S: Read + Write> Read for SslStream<S> {
impl<S: Read + Write> Write for SslStream<S> { impl<S: Read + Write> Write for SslStream<S> {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> { fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.ssl_write(buf).map_err(|e| { self.ssl_write(buf)
match e { .map_err(|e| match e {
Error::Stream(e) => e, Error::Stream(e) => e,
Error::WantRead(e) => e, Error::WantRead(e) => e,
Error::WantWrite(e) => e, Error::WantWrite(e) => e,
e => io::Error::new(io::ErrorKind::Other, e), e => io::Error::new(io::ErrorKind::Other, e),
} })
})
} }
fn flush(&mut self) -> io::Result<()> { fn flush(&mut self) -> io::Result<()> {
@ -2036,7 +2039,8 @@ mod compat {
pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION, pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION,
out: *mut c_uchar, out: *mut c_uchar,
mut outlen: size_t) -> size_t { mut outlen: size_t)
-> size_t {
if outlen == 0 { if outlen == 0 {
return (*session).master_key_length as size_t; return (*session).master_key_length as size_t;
} }