diff options
| author | Steven Fackler <[email protected]> | 2018-08-19 18:50:11 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2018-08-19 18:50:11 -0700 |
| commit | ef7721092dbf1e8b8572a0d9f081b2e7eed36960 (patch) | |
| tree | f2ba96394bb573c5f9559ad66942159b7b109f8f /openssl | |
| parent | Merge pull request #975 from eun-ice/master (diff) | |
| download | rust-openssl-ef7721092dbf1e8b8572a0d9f081b2e7eed36960.tar.xz rust-openssl-ef7721092dbf1e8b8572a0d9f081b2e7eed36960.zip | |
SRTP cleanup
Diffstat (limited to 'openssl')
| -rw-r--r-- | openssl/src/srtp.rs | 13 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 29 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 42 |
3 files changed, 40 insertions, 44 deletions
diff --git a/openssl/src/srtp.rs b/openssl/src/srtp.rs index 136ddbd2..03b722ac 100644 --- a/openssl/src/srtp.rs +++ b/openssl/src/srtp.rs @@ -5,10 +5,13 @@ use stack::Stackable; use std::ffi::CStr; use std::str; +/// fake free method, since SRTP_PROTECTION_PROFILE is static +unsafe fn free(_profile: *mut ffi::SRTP_PROTECTION_PROFILE) {} + #[allow(unused_unsafe)] foreign_type_and_impl_send_sync! { type CType = ffi::SRTP_PROTECTION_PROFILE; - fn drop = ffi::SRTP_PROTECTION_PROFILE_free; + fn drop = free; pub struct SrtpProtectionProfile; /// Reference to `SrtpProtectionProfile`. @@ -19,18 +22,18 @@ impl Stackable for SrtpProtectionProfile { type StackType = ffi::stack_st_SRTP_PROTECTION_PROFILE; } - impl SrtpProtectionProfileRef { pub fn id(&self) -> SrtpProfileId { SrtpProfileId::from_raw(unsafe { (*self.as_ptr()).id }) } pub fn name(&self) -> &'static str { - unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) }.to_str().expect("should be UTF-8") + unsafe { CStr::from_ptr((*self.as_ptr()).name as *const _) } + .to_str() + .expect("should be UTF-8") } } - -/// type of SRTP profile to use. +/// An identifier of an SRTP protection profile. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct SrtpProfileId(c_ulong); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c6305dcd..99cf620d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -98,7 +98,7 @@ use x509::store::X509Store; use x509::store::{X509StoreBuilderRef, X509StoreRef}; #[cfg(any(ossl102, libressl261))] use x509::verify::X509VerifyParamRef; -use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; +use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509}; use {cvt, cvt_n, cvt_p, init}; pub use ssl::connector::{ @@ -652,6 +652,7 @@ impl SslContextBuilder { /// This corresponds to [`SSL_CTX_set_tlsext_servername_callback`]. /// /// [`SSL_CTX_set_tlsext_servername_callback`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_servername_callback.html + // FIXME tlsext prefix? pub fn set_servername_callback<F>(&mut self, callback: F) where F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send, @@ -1166,10 +1167,7 @@ impl SslContextBuilder { unsafe { let cstr = CString::new(protocols).unwrap(); - let r = ffi::SSL_CTX_set_tlsext_use_srtp( - self.as_ptr(), - cstr.as_ptr(), - ); + let r = ffi::SSL_CTX_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr()); // fun fact, set_tlsext_use_srtp has a reversed return code D: if r == 0 { Ok(()) @@ -2478,7 +2476,6 @@ impl SslRef { } } - /// Enables the DTLS extension "use_srtp" as defined in RFC5764. /// /// This corresponds to [`SSL_set_tlsext_use_srtp`]. @@ -2488,10 +2485,7 @@ impl SslRef { unsafe { let cstr = CString::new(protocols).unwrap(); - let r = ffi::SSL_set_tlsext_use_srtp( - self.as_ptr(), - cstr.as_ptr(), - ); + let r = ffi::SSL_set_tlsext_use_srtp(self.as_ptr(), cstr.as_ptr()); // fun fact, set_tlsext_use_srtp has a reversed return code D: if r == 0 { Ok(()) @@ -2508,7 +2502,7 @@ impl SslRef { /// This corresponds to [`SSL_get_srtp_profiles`]. /// /// [`SSL_get_srtp_profiles`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html - pub fn get_srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> { + pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> { unsafe { let chain = ffi::SSL_get_srtp_profiles(self.as_ptr()); @@ -2519,6 +2513,7 @@ impl SslRef { } } } + /// Gets the SRTP profile selected by handshake. /// /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. @@ -2538,18 +2533,6 @@ impl SslRef { } } - /// Derives keying material for SRTP usage. - /// - /// DTLS extension "use_srtp" as defined in RFC5764 has to be enabled. - /// - /// This corresponds to [`SSL_export_keying_material`] with a label of "EXTRACTOR-dtls_srtp". - /// - /// [`SSL_export_keying_material`]: https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material.html - /// [`SSL_CTX_set_tlsext_use_srtp`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_use_srtp.html - pub fn export_srtp_keying_material(&self, out: &mut [u8]) -> Result<(), ErrorStack> { - self.export_keying_material(out, "EXTRACTOR-dtls_srtp", None) - } - /// Returns the number of bytes remaining in the currently processed TLS record. /// /// If this is greater than 0, the next call to `read` will not call down to the underlying diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index ad800e08..1c44c0b1 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -18,10 +18,10 @@ use dh::Dh; use hash::MessageDigest; use ocsp::{OcspResponse, OcspResponseStatus}; use pkey::PKey; +use srtp::SrtpProfileId; use ssl; #[cfg(any(ossl110, ossl111, libressl261))] use ssl::SslVersion; -use srtp::SrtpProfileId; use ssl::{ Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, ShutdownState, Ssl, SslAcceptor, SslConnector, SslContext, SslFiletype, SslMethod, SslSessionCacheMode, SslStream, @@ -29,7 +29,7 @@ use ssl::{ }; #[cfg(any(ossl102, ossl110))] use x509::verify::X509CheckFlags; -use x509::{X509, X509Name, X509StoreContext, X509VerifyResult}; +use x509::{X509Name, X509StoreContext, X509VerifyResult, X509}; use std::net::UdpSocket; @@ -555,11 +555,11 @@ fn test_connect_with_srtp_ctx() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); - let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); - ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) .unwrap(); ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) @@ -570,7 +570,7 @@ fn test_connect_with_srtp_ctx() { let mut buf = [0; 60]; stream .ssl() - .export_srtp_keying_material(&mut buf) + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) .unwrap(); stream.write_all(&[0]).unwrap(); @@ -580,7 +580,8 @@ fn test_connect_with_srtp_ctx() { let stream = TcpStream::connect(addr).unwrap(); let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); - ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.connect(stream).unwrap(); @@ -590,7 +591,10 @@ fn test_connect_with_srtp_ctx() { assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); } - stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); + stream + .ssl() + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) + .expect("extract"); stream.read_exact(&mut [0]).unwrap(); @@ -607,7 +611,6 @@ fn test_connect_with_srtp_ssl() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); - let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); @@ -616,22 +619,25 @@ fn test_connect_with_srtp_ssl() { ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let mut profilenames = String::new(); - for profile in ssl.get_srtp_profiles().unwrap() { - if profilenames.len()>0 { + for profile in ssl.srtp_profiles().unwrap() { + if profilenames.len() > 0 { profilenames.push(':'); } profilenames += profile.name(); - } - assert_eq!("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", profilenames); + assert_eq!( + "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", + profilenames + ); let mut stream = ssl.accept(stream).unwrap(); let mut buf = [0; 60]; stream .ssl() - .export_srtp_keying_material(&mut buf) + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) .unwrap(); stream.write_all(&[0]).unwrap(); @@ -642,7 +648,8 @@ fn test_connect_with_srtp_ssl() { let stream = TcpStream::connect(addr).unwrap(); let ctx = SslContext::builder(SslMethod::dtls()).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32").unwrap(); + ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") + .unwrap(); let mut stream = ssl.connect(stream).unwrap(); let mut buf = [1; 60]; @@ -651,7 +658,10 @@ fn test_connect_with_srtp_ssl() { assert_eq!("SRTP_AES128_CM_SHA1_80", srtp_profile.name()); assert_eq!(SrtpProfileId::SRTP_AES128_CM_SHA1_80, srtp_profile.id()); } - stream.ssl().export_srtp_keying_material(&mut buf).expect("extract"); + stream + .ssl() + .export_keying_material(&mut buf, "EXTRACTOR-dtls_srtp", None) + .expect("extract"); stream.read_exact(&mut [0]).unwrap(); |