diff options
| author | Steven Fackler <[email protected]> | 2017-07-15 15:04:24 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-07-15 16:50:36 -0700 |
| commit | e3c7a2785cb0d033d240cb565c2c5d2fc1c57abd (patch) | |
| tree | 87c0719a16dc09926307afd9a08d8968297a1a49 /openssl/src | |
| parent | Merge pull request #657 from sfackler/rsa-pkcs1 (diff) | |
| download | rust-openssl-e3c7a2785cb0d033d240cb565c2c5d2fc1c57abd.tar.xz rust-openssl-e3c7a2785cb0d033d240cb565c2c5d2fc1c57abd.zip | |
Move callbacks to a submodule
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/ssl/callbacks.rs | 337 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 302 |
2 files changed, 341 insertions, 298 deletions
diff --git a/openssl/src/ssl/callbacks.rs b/openssl/src/ssl/callbacks.rs new file mode 100644 index 00000000..c0bb4933 --- /dev/null +++ b/openssl/src/ssl/callbacks.rs @@ -0,0 +1,337 @@ +use ffi; +use libc::{c_int, c_uint, c_char, c_uchar, c_void}; +use std::any::Any; +use std::ffi::CStr; +use std::ptr; +use std::slice; +use std::mem; +use foreign_types::ForeignTypeRef; + +use error::ErrorStack; +use dh::Dh; +use ssl::{get_callback_idx, get_ssl_callback_idx, SslRef, SniError, NPN_PROTOS_IDX}; +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +use ssl::ALPN_PROTOS_IDX; +use x509::X509StoreContextRef; + +pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int +where + F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send, +{ + unsafe { + let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); + let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); + let verify: &F = &*(verify as *mut F); + + let ctx = X509StoreContextRef::from_ptr(x509_ctx); + + verify(preverify_ok != 0, ctx) as c_int + } +} + +#[cfg(not(osslconf = "OPENSSL_NO_PSK"))] +pub extern "C" fn raw_psk<F>( + ssl: *mut ffi::SSL, + hint: *const c_char, + identity: *mut c_char, + max_identity_len: c_uint, + psk: *mut c_uchar, + max_psk_len: c_uint, +) -> c_uint +where + F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + + Any + + 'static + + Sync + + Send, +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); + let ssl = SslRef::from_ptr_mut(ssl); + let callback = &*(callback as *mut F); + let hint = if hint != ptr::null() { + Some(CStr::from_ptr(hint).to_bytes()) + } else { + None + }; + // Give the callback mutable slices into which it can write the identity and psk. + let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize); + let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize); + match callback(ssl, hint, identity_sl, psk_sl) { + Ok(psk_len) => psk_len as u32, + _ => 0, + } + } +} + +pub extern "C" fn ssl_raw_verify<F>( + preverify_ok: c_int, + x509_ctx: *mut ffi::X509_STORE_CTX, +) -> c_int +where + F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send, +{ + unsafe { + let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); + let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); + let verify = ffi::SSL_get_ex_data(ssl as *const _, get_ssl_callback_idx::<F>()); + let verify: &F = &*(verify as *mut F); + + let ctx = X509StoreContextRef::from_ptr(x509_ctx); + + verify(preverify_ok != 0, ctx) as c_int + } +} + +pub extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c_int +where + F: Fn(&mut SslRef) -> Result<(), SniError> + Any + 'static + Sync + Send, +{ + unsafe { + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); + let callback: &F = &*(callback as *mut F); + let ssl = SslRef::from_ptr_mut(ssl); + + match callback(ssl) { + Ok(()) => ffi::SSL_TLSEXT_ERR_OK, + Err(SniError::Fatal(e)) => { + *al = e; + ffi::SSL_TLSEXT_ERR_ALERT_FATAL + } + Err(SniError::Warning(e)) => { + *al = e; + ffi::SSL_TLSEXT_ERR_ALERT_WARNING + } + Err(SniError::NoAck) => ffi::SSL_TLSEXT_ERR_NOACK, + } + } +} + +pub unsafe fn select_proto_using( + ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + ex_data: c_int, +) -> c_int { + + // First, get the list of protocols (that the client should support) saved in the context + // extra data. + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); + let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); + let protocols: &Vec<u8> = &*(protocols as *mut Vec<u8>); + // Prepare the client list parameters to be passed to the OpenSSL function... + let client = protocols.as_ptr(); + let client_len = protocols.len() as c_uint; + // Finally, let OpenSSL find a protocol to be used, by matching the given server and + // client lists. + if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != + ffi::OPENSSL_NPN_NEGOTIATED + { + ffi::SSL_TLSEXT_ERR_NOACK + } else { + ffi::SSL_TLSEXT_ERR_OK + } +} + +/// The function is given as the callback to `SSL_CTX_set_next_proto_select_cb`. +/// +/// It chooses the protocol that the client wishes to use, out of the given list of protocols +/// supported by the server. It achieves this by delegating to the `SSL_select_next_proto` +/// function. The list of protocols supported by the client is found in the extra data of the +/// OpenSSL context. +pub extern "C" fn raw_next_proto_select_cb( + ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void, +) -> c_int { + unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } +} + +#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] +pub extern "C" fn raw_alpn_select_cb( + ssl: *mut ffi::SSL, + out: *mut *const c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void, +) -> c_int { + unsafe { select_proto_using(ssl, out as *mut _, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) } +} + +pub unsafe extern "C" fn raw_tmp_dh<F>( + ssl: *mut ffi::SSL, + is_export: c_int, + keylength: c_int, +) -> *mut ffi::DH +where + F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send, +{ + let ctx = ffi::SSL_get_SSL_CTX(ssl); + let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); + let callback = &*(callback as *mut F); + + let ssl = SslRef::from_ptr_mut(ssl); + match callback(ssl, is_export != 0, keylength as u32) { + Ok(dh) => { + let ptr = dh.as_ptr(); + mem::forget(dh); + ptr + } + Err(_) => { + // FIXME reset error stack + ptr::null_mut() + } + } +} + +#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +pub unsafe extern "C" fn raw_tmp_ecdh<F>( + ssl: *mut ffi::SSL, + is_export: c_int, + keylength: c_int, +) -> *mut ffi::EC_KEY +where + F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send, +{ + let ctx = ffi::SSL_get_SSL_CTX(ssl); + let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); + let callback = &*(callback as *mut F); + + let ssl = SslRef::from_ptr_mut(ssl); + match callback(ssl, is_export != 0, keylength as u32) { + Ok(ec_key) => { + let ptr = ec_key.as_ptr(); + mem::forget(ec_key); + ptr + } + Err(_) => { + // FIXME reset error stack + ptr::null_mut() + } + } +} + +pub unsafe extern "C" fn raw_tmp_dh_ssl<F>( + ssl: *mut ffi::SSL, + is_export: c_int, + keylength: c_int, +) -> *mut ffi::DH +where + F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send, +{ + let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); + let callback = &*(callback as *mut F); + + let ssl = SslRef::from_ptr_mut(ssl); + match callback(ssl, is_export != 0, keylength as u32) { + Ok(dh) => { + let ptr = dh.as_ptr(); + mem::forget(dh); + ptr + } + Err(_) => { + // FIXME reset error stack + ptr::null_mut() + } + } +} + +#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] +pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>( + ssl: *mut ffi::SSL, + is_export: c_int, + keylength: c_int, +) -> *mut ffi::EC_KEY +where + F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send, +{ + let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); + let callback = &*(callback as *mut F); + + let ssl = SslRef::from_ptr_mut(ssl); + match callback(ssl, is_export != 0, keylength as u32) { + Ok(ec_key) => { + let ptr = ec_key.as_ptr(); + mem::forget(ec_key); + ptr + } + Err(_) => { + // FIXME reset error stack + ptr::null_mut() + } + } +} + +pub unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int +where + F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send, +{ + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); + let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); + let callback = &*(callback as *mut F); + + let ssl = SslRef::from_ptr_mut(ssl); + let ret = callback(ssl); + + if ssl.is_server() { + match ret { + Ok(true) => ffi::SSL_TLSEXT_ERR_OK, + Ok(false) => ffi::SSL_TLSEXT_ERR_NOACK, + Err(_) => { + // FIXME reset error stack + ffi::SSL_TLSEXT_ERR_ALERT_FATAL + } + } + } else { + match ret { + Ok(true) => 1, + Ok(false) => 0, + Err(_) => { + // FIXME reset error stack + -1 + } + } + } +} + +/// The function is given as the callback to `SSL_CTX_set_next_protos_advertised_cb`. +/// +/// It causes the parameter `out` to point at a `*const c_uchar` instance that +/// represents the list of protocols that the server should advertise as those +/// that it supports. +/// The list of supported protocols is found in the extra data of the OpenSSL +/// context. +pub extern "C" fn raw_next_protos_advertise_cb( + ssl: *mut ffi::SSL, + out: *mut *const c_uchar, + outlen: *mut c_uint, + _arg: *mut c_void, +) -> c_int { + unsafe { + // First, get the list of (supported) protocols saved in the context extra data. + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); + let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, *NPN_PROTOS_IDX); + if protocols.is_null() { + *out = b"".as_ptr(); + *outlen = 0; + } else { + // If the pointer is valid, put the pointer to the actual byte array into the + // output parameter `out`, as well as its length into `outlen`. + let protocols: &Vec<u8> = &*(protocols as *mut Vec<u8>); + *out = protocols.as_ptr(); + *outlen = protocols.len() as c_uint; + } + } + + ffi::SSL_TLSEXT_ERR_OK +} diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8dd2b455..2c0a4b63 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -73,7 +73,7 @@ use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_int, c_void, c_long, c_ulong}; -use libc::{c_char, c_uchar, c_uint}; +use libc::{c_uchar, c_uint}; use std::any::Any; use std::any::TypeId; use std::borrow::Borrow; @@ -110,12 +110,14 @@ use util::Opaque; use stack::{Stack, StackRef}; mod error; +mod callbacks; mod connector; mod bio; #[cfg(test)] mod tests; -use self::bio::BioMethod; +use ssl::bio::BioMethod; +use ssl::callbacks::*; pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder, SslAcceptor, ConnectConfiguration}; @@ -301,302 +303,6 @@ fn get_new_ssl_idx<T>() -> c_int { } } -extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send -{ - unsafe { - let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); - let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); - let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); - let verify: &F = &*(verify as *mut F); - - let ctx = X509StoreContextRef::from_ptr(x509_ctx); - - verify(preverify_ok != 0, ctx) as c_int - } -} - -#[cfg(not(osslconf = "OPENSSL_NO_PSK"))] -extern "C" fn raw_psk<F>(ssl: *mut ffi::SSL, - hint: *const c_char, - identity: *mut c_char, - max_identity_len: c_uint, - psk: *mut c_uchar, - max_psk_len: c_uint) -> c_uint - where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + Any + 'static + Sync + Send -{ - unsafe { - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); - let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); - let ssl = SslRef::from_ptr_mut(ssl); - let callback = &*(callback as *mut F); - let hint = if hint != ptr::null() { - Some(CStr::from_ptr(hint).to_bytes()) - } else { - None - }; - // Give the callback mutable slices into which it can write the identity and psk. - let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, - max_identity_len as usize); - let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize); - match callback(ssl, hint, identity_sl, psk_sl) { - Ok(psk_len) => psk_len as u32, - _ => 0, - } - } -} - -extern "C" fn ssl_raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send -{ - unsafe { - let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); - let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); - let verify = ffi::SSL_get_ex_data(ssl as *const _, get_ssl_callback_idx::<F>()); - let verify: &F = &*(verify as *mut F); - - let ctx = X509StoreContextRef::from_ptr(x509_ctx); - - verify(preverify_ok != 0, ctx) as c_int - } -} - -extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, _arg: *mut c_void) -> c_int - where F: Fn(&mut SslRef) -> Result<(), SniError> + Any + 'static + Sync + Send -{ - unsafe { - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); - let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); - let callback: &F = &*(callback as *mut F); - let ssl = SslRef::from_ptr_mut(ssl); - - match callback(ssl) { - Ok(()) => ffi::SSL_TLSEXT_ERR_OK, - Err(SniError::Fatal(e)) => { - *al = e; - ffi::SSL_TLSEXT_ERR_ALERT_FATAL - } - Err(SniError::Warning(e)) => { - *al = e; - ffi::SSL_TLSEXT_ERR_ALERT_WARNING - } - Err(SniError::NoAck) => ffi::SSL_TLSEXT_ERR_NOACK, - } - } -} - -unsafe fn select_proto_using(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, - outlen: *mut c_uchar, - inbuf: *const c_uchar, - inlen: c_uint, - ex_data: c_int) - -> c_int { - - // First, get the list of protocols (that the client should support) saved in the context - // extra data. - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); - let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); - let protocols: &Vec<u8> = &*(protocols as *mut Vec<u8>); - // Prepare the client list parameters to be passed to the OpenSSL function... - let client = protocols.as_ptr(); - let client_len = protocols.len() as c_uint; - // Finally, let OpenSSL find a protocol to be used, by matching the given server and - // client lists. - if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != - ffi::OPENSSL_NPN_NEGOTIATED { - ffi::SSL_TLSEXT_ERR_NOACK - } else { - ffi::SSL_TLSEXT_ERR_OK - } -} - -/// The function is given as the callback to `SSL_CTX_set_next_proto_select_cb`. -/// -/// It chooses the protocol that the client wishes to use, out of the given list of protocols -/// supported by the server. It achieves this by delegating to the `SSL_select_next_proto` -/// function. The list of protocols supported by the client is found in the extra data of the -/// OpenSSL context. -extern "C" fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, - outlen: *mut c_uchar, - inbuf: *const c_uchar, - inlen: c_uint, - _arg: *mut c_void) - -> c_int { - unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } -} - -#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] -extern "C" fn raw_alpn_select_cb(ssl: *mut ffi::SSL, - out: *mut *const c_uchar, - outlen: *mut c_uchar, - inbuf: *const c_uchar, - inlen: c_uint, - _arg: *mut c_void) - -> c_int { - unsafe { select_proto_using(ssl, out as *mut _, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) } -} - -unsafe extern "C" fn raw_tmp_dh<F>(ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int) - -> *mut ffi::DH - where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send -{ - let ctx = ffi::SSL_get_SSL_CTX(ssl); - let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); - let callback = &*(callback as *mut F); - - let ssl = SslRef::from_ptr_mut(ssl); - match callback(ssl, is_export != 0, keylength as u32) { - Ok(dh) => { - let ptr = dh.as_ptr(); - mem::forget(dh); - ptr - } - Err(_) => { - // FIXME reset error stack - ptr::null_mut() - } - } -} - -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] -unsafe extern "C" fn raw_tmp_ecdh<F>(ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int) - -> *mut ffi::EC_KEY - where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send -{ - let ctx = ffi::SSL_get_SSL_CTX(ssl); - let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>()); - let callback = &*(callback as *mut F); - - let ssl = SslRef::from_ptr_mut(ssl); - match callback(ssl, is_export != 0, keylength as u32) { - Ok(ec_key) => { - let ptr = ec_key.as_ptr(); - mem::forget(ec_key); - ptr - } - Err(_) => { - // FIXME reset error stack - ptr::null_mut() - } - } -} - -unsafe extern "C" fn raw_tmp_dh_ssl<F>(ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int) - -> *mut ffi::DH - where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send -{ - let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); - let callback = &*(callback as *mut F); - - let ssl = SslRef::from_ptr_mut(ssl); - match callback(ssl, is_export != 0, keylength as u32) { - Ok(dh) => { - let ptr = dh.as_ptr(); - mem::forget(dh); - ptr - } - Err(_) => { - // FIXME reset error stack - ptr::null_mut() - } - } -} - -#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))] -unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(ssl: *mut ffi::SSL, - is_export: c_int, - keylength: c_int) - -> *mut ffi::EC_KEY - where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey, ErrorStack> + Any + 'static + Sync + Send -{ - let callback = ffi::SSL_get_ex_data(ssl, get_ssl_callback_idx::<F>()); - let callback = &*(callback as *mut F); - - let ssl = SslRef::from_ptr_mut(ssl); - match callback(ssl, is_export != 0, keylength as u32) { - Ok(ec_key) => { - let ptr = ec_key.as_ptr(); - mem::forget(ec_key); - ptr - } - Err(_) => { - // FIXME reset error stack - ptr::null_mut() - } - } -} - -unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int - where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send -{ - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _); - let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>()); - let callback = &*(callback as *mut F); - - let ssl = SslRef::from_ptr_mut(ssl); - let ret = callback(ssl); - - if ssl.is_server() { - match ret { - Ok(true) => ffi::SSL_TLSEXT_ERR_OK, - Ok(false) => ffi::SSL_TLSEXT_ERR_NOACK, - Err(_) => { - // FIXME reset error stack - ffi::SSL_TLSEXT_ERR_ALERT_FATAL - } - } - } else { - match ret { - Ok(true) => 1, - Ok(false) => 0, - Err(_) => { - // FIXME reset error stack - -1 - } - } - } -} - -/// The function is given as the callback to `SSL_CTX_set_next_protos_advertised_cb`. -/// -/// It causes the parameter `out` to point at a `*const c_uchar` instance that -/// represents the list of protocols that the server should advertise as those -/// that it supports. -/// The list of supported protocols is found in the extra data of the OpenSSL -/// context. -extern "C" fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, - out: *mut *const c_uchar, - outlen: *mut c_uint, - _arg: *mut c_void) - -> c_int { - unsafe { - // First, get the list of (supported) protocols saved in the context extra data. - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); - let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, *NPN_PROTOS_IDX); - if protocols.is_null() { - *out = b"".as_ptr(); - *outlen = 0; - } else { - // If the pointer is valid, put the pointer to the actual byte array into the - // output parameter `out`, as well as its length into `outlen`. - let protocols: &Vec<u8> = &*(protocols as *mut Vec<u8>); - *out = protocols.as_ptr(); - *outlen = protocols.len() as c_uint; - } - } - - ffi::SSL_TLSEXT_ERR_OK -} - /// Convert a set of byte slices into a series of byte strings encoded for SSL. Encoding is a byte /// containing the length followed by the string. fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec<u8> { |