From d5d414b16fe13d65938acd6c601445e1b3e02b55 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Thu, 17 May 2018 03:23:30 -0700 Subject: [PATCH] Expose max TLS1.3 early data accessors --- openssl-sys/src/openssl/v111.rs | 7 ++++ openssl/src/ssl/mod.rs | 70 +++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index 8574efc8..e284ff98 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -82,4 +82,11 @@ extern "C" { cookie_len: size_t ) -> c_int> ); + + pub fn SSL_CTX_set_max_early_data(ctx: *mut ::SSL_CTX, max_early_data: u32) -> c_int; + pub fn SSL_CTX_get_max_early_data(ctx: *const ::SSL_CTX) -> u32; + pub fn SSL_set_max_early_data(ctx: *mut ::SSL, max_early_data: u32) -> c_int; + pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; + pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; + pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8dc605ed..33ffa737 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1489,6 +1489,24 @@ impl SslContextBuilder { } } + /// Sets the maximum amount of early data that will be accepted on incoming connections. + /// + /// Defaults to 0. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_CTX_set_max_early_data`]. + /// + /// [`SSL_CTX_set_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_max_early_data.html + #[cfg(ossl111)] + pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { + if unsafe { ffi::SSL_CTX_set_max_early_data(self.as_ptr(), bytes) } == 1 { + Ok(()) + } else { + Err(ErrorStack::get()) + } + } + /// Consumes the builder, returning a new `SslContext`. pub fn build(self) -> SslContext { self.0 @@ -1643,6 +1661,18 @@ impl SslContextRef { } } } + + /// Gets the maximum amount of early data that will be accepted on incoming connections. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_CTX_get_max_early_data`]. + /// + /// [`SSL_CTX_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_early_data.html + #[cfg(ossl111)] + pub fn max_early_data(&self) -> u32 { + unsafe { ffi::SSL_CTX_get_max_early_data(self.as_ptr()) } + } } /// Information about the state of a cipher. @@ -1873,6 +1903,18 @@ impl SslSessionRef { unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) } } + /// Gets the maximum amount of early data that can be sent on this session. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_SESSION_get_max_early_data`]. + /// + /// [`SSL_SESSION_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_max_early_data.html + #[cfg(ossl111)] + pub fn max_early_data(&self) -> u32 { + unsafe { ffi::SSL_SESSION_get_max_early_data(self.as_ptr()) } + } + to_der! { /// Serializes the session into a DER-encoded structure. /// @@ -2594,6 +2636,34 @@ impl SslRef { } } } + + /// Sets the maximum amount of early data that will be accepted on this connection. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_set_max_early_data`]. + /// + /// [`SSL_set_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_set_max_early_data.html + #[cfg(ossl111)] + pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { + if unsafe { ffi::SSL_set_max_early_data(self.as_ptr(), bytes) } == 1 { + Ok(()) + } else { + Err(ErrorStack::get()) + } + } + + /// Gets the maximum amount of early data that can be sent on this connection. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_get_max_early_data`]. + /// + /// [`SSL_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_max_early_data.html + #[cfg(ossl111)] + pub fn max_early_data(&self) -> u32 { + unsafe { ffi::SSL_get_max_early_data(self.as_ptr()) } + } } /// An SSL stream midway through the handshake process.