Merge pull request #995 from sfackler/client-hello

    }

}

cfg_if! {

    if #[cfg(ossl101)] {

        pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000;

pub const SSL_ERROR_WANT_WRITE: c_int = 3;

pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;

pub const SSL_ERROR_ZERO_RETURN: c_int = 6;

#[cfg(ossl111)]

pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;

pub const SSL_VERIFY_NONE: c_int = 0;

pub const SSL_VERIFY_PEER: c_int = 1;

pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;

    #[cfg(any(ossl102, libressl261))]

    pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;

}

#[cfg(ossl111)]

pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;

#[cfg(ossl111)]

pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;

#[cfg(ossl111)]

pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;

#[cfg(ossl111)]

pub type SSL_client_hello_cb_fn =

    Option<unsafe extern "C" fn(s: *mut SSL, al: *mut c_int, arg: *mut c_void) -> c_int>;

extern "C" {

    #[cfg(ossl111)]

    pub fn SSL_CTX_set_client_hello_cb(

        c: *mut SSL_CTX,

        cb: SSL_client_hello_cb_fn,

        arg: *mut c_void,

    );

    #[cfg(ossl111)]

    pub fn SSL_client_hello_isv2(s: *mut SSL) -> c_int;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_legacy_version(s: *mut SSL) -> c_uint;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_random(s: *mut SSL, out: *mut *const c_uchar) -> size_t;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_session_id(s: *mut SSL, out: *mut *const c_uchar) -> size_t;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_ciphers(s: *mut SSL, out: *mut *const c_uchar) -> size_t;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_compression_methods(

        s: *mut SSL,

        out: *mut *const c_uchar,

    ) -> size_t;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get1_extensions_present(

        s: *mut SSL,

        out: *mut *mut c_int,

        outlen: *mut size_t,

    ) -> c_int;

    #[cfg(ossl111)]

    pub fn SSL_client_hello_get0_ext(

        s: *mut SSL,

        type_: c_uint,

        out: *mut *const c_uchar,

        outlen: *mut size_t,

    ) -> c_int;

    pub fn SSL_free(ssl: *mut SSL);

    pub fn SSL_accept(ssl: *mut SSL) -> c_int;

#[cfg(any(ossl102, libressl261))]

use ssl::AlpnError;

#[cfg(ossl111)]

use ssl::ExtensionContext;

use ssl::{ExtensionContext, ClientHelloResponse};

use ssl::{SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef};

#[cfg(ossl111)]

use x509::X509Ref;

        }

    }

}

#[cfg(ossl111)]

pub unsafe extern "C" fn raw_client_hello<F>(

    ssl: *mut ffi::SSL,

    al: *mut c_int,

    arg: *mut c_void,

) -> c_int

where

    F: Fn(&mut SslRef, &mut SslAlert) -> Result<ClientHelloResponse, ErrorStack>

        + 'static

        + Sync

        + Send,

{

    let ssl = SslRef::from_ptr_mut(ssl);

    let callback = arg as *const F;

    let mut alert = SslAlert(*al);

    let r = (*callback)(ssl, &mut alert);

    *al = alert.0;

    match r {

        Ok(c) => c.0,

        Err(e) => {

            e.put();

            ffi::SSL_CLIENT_HELLO_ERROR

        }

    }

}

    /// An error occurred in the SSL library.

    pub const SSL: ErrorCode = ErrorCode(ffi::SSL_ERROR_SSL);

    /// The client hello callback indicated that it needed to be retried.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    #[cfg(ossl111)]

    pub const WANT_CLIENT_HELLO_CB: ErrorCode = ErrorCode(ffi::SSL_ERROR_WANT_CLIENT_HELLO_CB);

}

#[derive(Debug)]

}

/// An error or intermediate state after a TLS handshake attempt.

// FIXME overhaul

#[derive(Debug)]

pub enum HandshakeError<S> {

    /// Setup failed.

    pub const NOACK: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_NOACK);

}

/// The result of a client hello callback.

///

/// Requires OpenSSL 1.1.1 or newer.

#[cfg(ossl111)]

#[derive(Debug, Copy, Clone, PartialEq, Eq)]

pub struct ClientHelloResponse(c_int);

#[cfg(ossl111)]

impl ClientHelloResponse {

    /// Continue the handshake.

    pub const SUCCESS: ClientHelloResponse = ClientHelloResponse(ffi::SSL_CLIENT_HELLO_SUCCESS);

    /// Return from the handshake with an `ErrorCode::WANT_CLIENT_HELLO_CB` error.

    pub const RETRY: ClientHelloResponse = ClientHelloResponse(ffi::SSL_CLIENT_HELLO_RETRY);

}

/// An SSL/TLS protocol version.

#[derive(Debug, Copy, Clone, PartialEq, Eq)]

pub struct SslVersion(c_int);

        }

    }

    /// Sets a callback which will be invoked just after the client's hello message is received.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_CTX_set_client_hello_cb`].

    ///

    /// [`SSL_CTX_set_client_hello_cb`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn set_client_hello_callback<F>(&mut self, callback: F)

    where

        F: Fn(&mut SslRef, &mut SslAlert) -> Result<ClientHelloResponse, ErrorStack>

            + 'static

            + Sync

            + Send,

    {

        unsafe {

            let ptr = self.set_ex_data_inner(SslContext::cached_ex_index::<F>(), callback);

            ffi::SSL_CTX_set_client_hello_cb(

                self.as_ptr(),

                Some(callbacks::raw_client_hello::<F>),

                ptr,

            );

        }

    }

    /// Consumes the builder, returning a new `SslContext`.

    pub fn build(self) -> SslContext {

        self.0

            ffi::SSL_get_peer_finished(self.as_ptr(), buf.as_mut_ptr() as *mut c_void, buf.len())

        }

    }

    /// Determines if the client's hello message is in the SSLv2 format.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `false` is returned.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_isv2`].

    /// 

    /// [`SSL_client_hello_isv2`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_isv2(&self) -> bool {

        unsafe {

            ffi::SSL_client_hello_isv2(self.as_ptr()) != 0

        }

    }

    /// Returns the legacy version field of the client's hello message.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `None` is returned.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_get0_legacy_version`].

    /// 

    /// [`SSL_client_hello_get0_legacy_version`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_legacy_version(&self) -> Option<SslVersion> {

        unsafe {

            let version = ffi::SSL_client_hello_get0_legacy_version(self.as_ptr());

            if version == 0 {

                None

            } else {

                Some(SslVersion(version as c_int))

            }

        }

    }

    /// Returns the random field of the client's hello message.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `None` is returend.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_get0_random`].

    /// 

    /// [`SSL_client_hello_get0_random`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_random(&self) -> Option<&[u8]> {

        unsafe {

            let mut ptr = ptr::null();

            let len = ffi::SSL_client_hello_get0_random(self.as_ptr(), &mut ptr);

            if len == 0 {

                None

            } else {

                Some(slice::from_raw_parts(ptr, len))

            }

        }

    }

    /// Returns the session ID field of the client's hello message.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `None` is returend.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_get0_session_id`].

    /// 

    /// [`SSL_client_hello_get0_session_id`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_session_id(&self) -> Option<&[u8]> {

        unsafe {

            let mut ptr = ptr::null();

            let len = ffi::SSL_client_hello_get0_session_id(self.as_ptr(), &mut ptr);

            if len == 0 {

                None

            } else {

                Some(slice::from_raw_parts(ptr, len))

            }

        }

    }

    /// Returns the ciphers field of the client's hello message.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `None` is returend.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_get0_ciphers`].

    /// 

    /// [`SSL_client_hello_get0_ciphers`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_ciphers(&self) -> Option<&[u8]> {

        unsafe {

            let mut ptr = ptr::null();

            let len = ffi::SSL_client_hello_get0_ciphers(self.as_ptr(), &mut ptr);

            if len == 0 {

                None

            } else {

                Some(slice::from_raw_parts(ptr, len))

            }

        }

    }

    /// Returns the compression methods field of the client's hello message.

    /// 

    /// This can only be used inside of the client hello callback. Otherwise, `None` is returend.

    /// 

    /// Requires OpenSSL 1.1.1 or newer.

    /// 

    /// This corresponds to [`SSL_client_hello_get0_compression_methods`].

    /// 

    /// [`SSL_client_hello_get0_compression_methods`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

    #[cfg(ossl111)]

    pub fn client_hello_compression_methods(&self) -> Option<&[u8]> {

        unsafe {

            let mut ptr = ptr::null();

            let len = ffi::SSL_client_hello_get0_compression_methods(self.as_ptr(), &mut ptr);

            if len == 0 {

                None

            } else {

                Some(slice::from_raw_parts(ptr, len))

            }

        }

    }

}

/// An SSL stream midway through the handshake process.

    guard.join().unwrap();

}

#[test]

#[cfg(ossl111)]

fn client_hello() {

    use ssl::ClientHelloResponse;

    static CALLED_BACK: AtomicBool = ATOMIC_BOOL_INIT;

    let listener = TcpListener::bind("127.0.0.1:0").unwrap();

    let addr = listener.local_addr().unwrap();

    let guard = thread::spawn(move || {

        let stream = listener.accept().unwrap().0;

        let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();

        ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)

            .unwrap();

        ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)

            .unwrap();

        ctx.set_client_hello_callback(|ssl, _| {

            assert!(!ssl.client_hello_isv2());

            assert_eq!(ssl.client_hello_legacy_version(), Some(SslVersion::TLS1_2));

            assert!(ssl.client_hello_random().is_some());

            assert!(ssl.client_hello_session_id().is_some());

            assert!(ssl.client_hello_ciphers().is_some());

            assert!(ssl.client_hello_compression_methods().is_some());

            CALLED_BACK.store(true, Ordering::SeqCst);

            Ok(ClientHelloResponse::SUCCESS)

        });

        let ssl = Ssl::new(&ctx.build()).unwrap();

        let mut stream = ssl.accept(stream).unwrap();

        stream.write_all(&mut [0]).unwrap();

    });

    let stream = TcpStream::connect(addr).unwrap();

    let ctx = SslContext::builder(SslMethod::tls()).unwrap();

    let ssl = Ssl::new(&ctx.build()).unwrap();

    let mut stream = ssl.connect(stream).unwrap();

    stream.read_exact(&mut [0]).unwrap();

    assert!(CALLED_BACK.load(Ordering::SeqCst));

    guard.join().unwrap();

}