diff options
| author | Steven Fackler <[email protected]> | 2017-01-04 21:33:47 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-01-04 22:01:30 -0800 |
| commit | 404e0341d82d5aab58daaa48b864eaf1a281d101 (patch) | |
| tree | c851d1643b7cfa2fdc73012fcebb420735356371 | |
| parent | Add basic session tests (diff) | |
| download | rust-openssl-404e0341d82d5aab58daaa48b864eaf1a281d101.tar.xz rust-openssl-404e0341d82d5aab58daaa48b864eaf1a281d101.zip | |
Provide master key access
| -rw-r--r-- | openssl-sys/src/libressl.rs | 4 | ||||
| -rw-r--r-- | openssl-sys/src/ossl10x.rs | 6 | ||||
| -rw-r--r-- | openssl-sys/src/ossl110.rs | 6 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 28 | ||||
| -rw-r--r-- | openssl/src/ssl/tests/mod.rs | 10 |
5 files changed, 46 insertions, 8 deletions
diff --git a/openssl-sys/src/libressl.rs b/openssl-sys/src/libressl.rs index 83c5aee6..2c747ffe 100644 --- a/openssl-sys/src/libressl.rs +++ b/openssl-sys/src/libressl.rs @@ -361,8 +361,8 @@ pub struct SSL_CTX { #[repr(C)] pub struct SSL_SESSION { ssl_version: c_int, - master_key_length: c_int, - master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize], + pub master_key_length: c_int, + pub master_key: [c_uchar; 48], session_id_length: c_uint, session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], sid_ctx_length: c_uint, diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs index 5b0ca3d5..4d37d2a1 100644 --- a/openssl-sys/src/ossl10x.rs +++ b/openssl-sys/src/ossl10x.rs @@ -420,8 +420,8 @@ pub struct SSL_SESSION { ssl_version: c_int, key_arg_length: c_uint, key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize], - master_key_length: c_uint, - master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize], + pub master_key_length: c_int, + pub master_key: [c_uchar; 48], session_id_length: c_uint, session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize], sid_ctx_length: c_uint, @@ -429,7 +429,7 @@ pub struct SSL_SESSION { #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] krb5_client_princ_len: c_uint, #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))] - krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH], + krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize], #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] psk_identity_hint: *mut c_char, #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs index 9a5d287b..898ad4a2 100644 --- a/openssl-sys/src/ossl110.rs +++ b/openssl-sys/src/ossl110.rs @@ -1,4 +1,4 @@ -use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint}; +use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint, size_t}; pub enum BIGNUM {} pub enum BIO {} @@ -156,6 +156,10 @@ extern { -> c_int; pub fn X509_up_ref(x: *mut X509) -> c_int; pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int; + pub fn SSL_SESSION_get_master_key(session: *const SSL_SESSION, + out: *mut c_uchar, + outlen: size_t) + -> size_t; pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index ce9d65ef..6d49f2b1 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1040,6 +1040,18 @@ impl SslSessionRef { slice::from_raw_parts(p as *const u8, len as usize) } } + + /// Returns the length of the master key. + pub fn master_key_len(&self) -> usize { + unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) } + } + + /// Copies the master key into the provided buffer. + /// + /// Returns the number of bytes written. + pub fn master_key(&self, buf: &mut [u8]) -> usize { + unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) } + } } type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free); @@ -1728,6 +1740,7 @@ mod compat { pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options}; pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref}; + pub use ffi::SSL_SESSION_get_master_key; pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX, @@ -1762,7 +1775,7 @@ mod compat { use std::ptr; use ffi; - use libc::{self, c_long, c_ulong, c_int}; + use libc::{self, c_long, c_ulong, c_int, size_t, c_uchar}; pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong { ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong @@ -1799,6 +1812,19 @@ mod compat { 0 } + pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION, + out: *mut c_uchar, + mut outlen: size_t) -> size_t { + if outlen == 0 { + return (*session).master_key_length as size_t; + } + if outlen > (*session).master_key_length as size_t { + outlen = (*session).master_key_length as size_t; + } + ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen); + outlen + } + pub fn tls_method() -> *const ffi::SSL_METHOD { unsafe { ffi::SSLv23_method() } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 744b2688..14bb2f71 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -1385,7 +1385,15 @@ fn active_session() { let s = TcpStream::connect("google.com:443").unwrap(); let socket = connector.connect("google.com", s).unwrap(); - assert!(socket.ssl().session().is_some()); + let session = socket.ssl().session().unwrap(); + let len = session.master_key_len(); + let mut buf = vec![0; len - 1]; + let copied = session.master_key(&mut buf); + assert_eq!(copied, buf.len()); + let mut buf = vec![0; len + 1]; + let copied = session.master_key(&mut buf); + assert_eq!(copied, len); + } fn _check_kinds() { |