From e04dbfa3ee47741d7f74987803e0a8405550f5f3 Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Sun, 25 Feb 2018 19:36:47 -0800 Subject: [PATCH] Expose cookie generate/verify callback setters --- openssl/src/ssl/callbacks.rs | 50 ++++++++++++++++++++++++++++++++++++ openssl/src/ssl/mod.rs | 45 ++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs index c06d32a0..424bdc1a 100644 --- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -361,3 +361,53 @@ where callback(ssl, line); } + +pub extern "C" fn raw_cookie_generate( + ssl: *mut ffi::SSL, + cookie: *mut c_uchar, + cookie_len: *mut c_uint +) -> c_int +where + F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &*(callback as *mut F); + // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for + // compatibility. See comments in dtls1.h. + let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1); + match callback(ssl, slice) { + Ok(len) => { + *cookie_len = len as c_uint; + 1 + } + Err(_) => 0, + } + } +} + +#[cfg(ossl110)] +type CookiePtr = *const c_uchar; + +#[cfg(not(ossl110))] +type CookiePtr = *mut c_uchar; + +pub extern "C" fn raw_cookie_verify( + ssl: *mut ffi::SSL, + cookie: CookiePtr, + cookie_len: c_uint +) -> c_int +where + F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &*(callback as *mut F); + let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize); + callback(ssl, slice) as c_int + } +} diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index fb7db988..91b97818 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1311,6 +1311,51 @@ impl SslContextBuilder { } } + /// Sets the callback for generating an application cookie for stateless handshakes. + /// + /// The callback will be called with the SSL context and a slice into which the cookie + /// should be written. The callback should return the number of bytes written. + /// + /// This corresponds to `SSL_CTX_set_cookie_generate_cb`. + pub fn set_cookie_generate_cb(&mut self, callback: F) + where + F: Fn(&mut SslRef, &mut [u8]) -> Result + 'static + Sync + Send + { + unsafe { + let callback = Box::new(callback); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + mem::transmute(callback), + ); + ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::)) + } + } + + /// Sets the callback for verifying an application cookie for stateless handshakes. + /// + /// The callback will be called with the SSL context and the cookie supplied by the + /// client. It should return true if and only if the cookie is valid. + /// + /// Note that the OpenSSL implementation independently verifies the integrity of + /// application cookies using an HMAC before invoking the supplied callback. + /// + /// This corresponds to `SSL_CTX_set_cookie_verify_cb`. + pub fn set_cookie_verify_cb(&mut self, callback: F) + where + F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send + { + unsafe { + let callback = Box::new(callback); + ffi::SSL_CTX_set_ex_data( + self.as_ptr(), + get_callback_idx::(), + mem::transmute(callback), + ); + ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::)) + } + } + /// Sets the extra data at the specified index. /// /// This can be used to provide data to callbacks registered with the context. Use the