Merge pull request #860 from Ralith/custom-extensions

Custom extensions
author: Steven Fackler <[email protected]> 2018-03-11 15:33:42 -0700
committer: GitHub <[email protected]> 2018-03-11 15:33:42 -0700
commit: 0bc7dd90343a44fdac52c03914fd71e5a8c4762e (patch)
tree: 5b4ce5cde1a896abb1b65e9020e689a054777694 /openssl/src/ssl/callbacks.rs
parent: Merge pull request #863 from rohit-lshift/master (diff)
parent: Merge branch 'master' into custom-extensions (diff)
download: rust-openssl-0bc7dd90343a44fdac52c03914fd71e5a8c4762e.tar.xz
rust-openssl-0bc7dd90343a44fdac52c03914fd71e5a8c4762e.zip
1 files changed, 93 insertions, 0 deletions
diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs
index 60d40fc7..0531274c 100644
--- a/openssl/src/ssl/callbacks.rs
+++ b/openssl/src/ssl/callbacks.rs
@@ -1,5 +1,7 @@
 use ffi;
 use libc::{c_char, c_int, c_uchar, c_uint, c_void};
+#[cfg(all(feature = "v111", ossl111))]
+use libc::size_t;
 use std::ffi::CStr;
 use std::ptr;
 use std::slice;
@@ -20,6 +22,10 @@ use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContext
           all(feature = "v111", ossl111)))]
 use ssl::AlpnError;
 use x509::X509StoreContextRef;
+#[cfg(all(feature = "v111", ossl111))]
+use ssl::ExtensionContext;
+#[cfg(all(feature = "v111", ossl111))]
+use x509::X509Ref;
 
 pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
 where
@@ -416,3 +422,90 @@ where
         callback(ssl, slice) as c_int
     }
 }
+
+#[cfg(all(feature = "v111", ossl111))]
+pub struct CustomExtAddState<T>(Option<T>);
+
+#[cfg(all(feature = "v111", ossl111))]
+pub extern "C" fn raw_custom_ext_add<F, T>(ssl: *mut ffi::SSL, _: c_uint,
+                                           context: c_uint,
+                                           out: *mut *const c_uchar,
+                                           outlen: *mut size_t, x: *mut ffi::X509,
+                                           chainidx: size_t, al: *mut c_int,
+                                           _: *mut c_void)
+                                           -> c_int
+    where F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert> + 'static,
+          T: AsRef<[u8]> + 'static,
+{
+    unsafe {
+        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
+        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
+        let callback = &*(callback as *mut F);
+        let ssl = SslRef::from_ptr_mut(ssl);
+        let ectx = ExtensionContext::from_bits_truncate(context);
+        let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) { Some((chainidx, X509Ref::from_ptr(x))) } else { None };
+        match (callback)(ssl, ectx, cert) {
+            Ok(None) => 0,
+            Ok(Some(buf)) => {
+                *outlen = buf.as_ref().len() as size_t;
+                *out = buf.as_ref().as_ptr();
+
+                let idx = get_ssl_callback_idx::<CustomExtAddState<T>>();
+                let ptr = ffi::SSL_get_ex_data(ssl.as_ptr(), idx);
+                if ptr.is_null() {
+                    let x = Box::into_raw(Box::<CustomExtAddState<T>>::new(CustomExtAddState(Some(buf)))) as *mut c_void;
+                    ffi::SSL_set_ex_data(ssl.as_ptr(), idx, x);
+                } else {
+                    *(ptr as *mut _) = CustomExtAddState(Some(buf))
+                }
+                1
+            }
+            Err(alert) => {
+                *al = alert.0;
+                -1
+            }
+        }
+    }
+}
+
+#[cfg(all(feature = "v111", ossl111))]
+pub extern "C" fn raw_custom_ext_free<T>(ssl: *mut ffi::SSL, _: c_uint,
+                                         _: c_uint,
+                                         _: *mut *const c_uchar,
+                                         _: *mut c_void)
+    where T: 'static
+{
+    unsafe {
+        let state = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<CustomExtAddState<T>>());
+        let state = &mut (*(state as *mut CustomExtAddState<T>)).0;
+        state.take();
+    }
+}
+
+#[cfg(all(feature = "v111", ossl111))]
+pub extern "C" fn raw_custom_ext_parse<F>(ssl: *mut ffi::SSL, _: c_uint,
+                                          context: c_uint,
+                                          input: *const c_uchar,
+                                          inlen: size_t, x: *mut ffi::X509,
+                                          chainidx: size_t, al: *mut c_int,
+                                          _: *mut c_void)
+                                        -> c_int
+    where F: FnMut(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert> + 'static
+{
+    unsafe {
+        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
+        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
+        let ssl = SslRef::from_ptr_mut(ssl);
+        let callback = &mut *(callback as *mut F);
+        let ectx = ExtensionContext::from_bits_truncate(context);
+        let slice = slice::from_raw_parts(input as *const u8, inlen as usize);
+        let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) { Some((chainidx, X509Ref::from_ptr(x))) } else { None };
+        match callback(ssl, ectx, slice, cert) {
+            Ok(()) => 1,
+            Err(alert) => {
+                *al = alert.0;
+                0
+            }
+        }
+    }
+}
author	Steven Fackler <[email protected]>	2018-03-11 15:33:42 -0700
committer	GitHub <[email protected]>	2018-03-11 15:33:42 -0700
commit	0bc7dd90343a44fdac52c03914fd71e5a8c4762e (patch)
tree	5b4ce5cde1a896abb1b65e9020e689a054777694 /openssl/src/ssl/callbacks.rs
parent	Merge pull request #863 from rohit-lshift/master (diff)
parent	Merge branch 'master' into custom-extensions (diff)
download	rust-openssl-0bc7dd90343a44fdac52c03914fd71e5a8c4762e.tar.xz rust-openssl-0bc7dd90343a44fdac52c03914fd71e5a8c4762e.zip