Merge pull request #915 from sfackler/callback-cleanup

    pub fn SSL_SESSION_free(s: *mut SSL_SESSION);

    pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar;

    pub fn d2i_SSL_SESSION(a: *mut *mut SSL_SESSION, pp: *mut *const c_uchar, len: c_long) -> *mut SSL_SESSION;

    pub fn d2i_SSL_SESSION(

        a: *mut *mut SSL_SESSION,

        pp: *mut *const c_uchar,

        len: c_long,

    ) -> *mut SSL_SESSION;

    pub fn i2d_SSL_SESSION(s: *mut SSL_SESSION, pp: *mut *mut c_uchar) -> c_int;

    #[cfg(not(ossl101))]

    #[cfg(not(libressl))]

    pub fn FIPS_mode() -> c_int;

    // FIXME change to unsafe extern "C" fn

    pub fn SSL_CTX_set_cookie_generate_cb(

        s: *mut SSL_CTX,

        cb: Option<

        >,

    );

    // FIXME change to unsafe extern "C" fn

    #[cfg(ossl110)]

    pub fn SSL_CTX_set_cookie_verify_cb(

        s: *mut SSL_CTX,

use ffi;

use libc::{c_char, c_int, c_uchar, c_uint, c_void};

use foreign_types::ForeignType;

use foreign_types::ForeignTypeRef;

#[cfg(ossl111)]

use libc::size_t;

use libc::{c_char, c_int, c_uchar, c_uint, c_void};

use std::ffi::CStr;

use std::mem;

use std::ptr;

use std::slice;

use std::mem;

#[cfg(ossl111)]

use std::str;

use foreign_types::ForeignTypeRef;

use foreign_types::ForeignType;

use error::ErrorStack;

use dh::Dh;

#[cfg(any(ossl101, ossl102))]

use ec::EcKey;

use error::ErrorStack;

use pkey::Params;

use ssl::{get_callback_idx, get_ssl_callback_idx, SniError, SslAlert, SslContextRef, SslRef,

          SslSession, SslSessionRef};

#[cfg(any(ossl102, ossl110))]

use ssl::AlpnError;

use x509::X509StoreContextRef;

#[cfg(ossl111)]

use ssl::ExtensionContext;

use ssl::{

    get_ssl_callback_idx, SniError, SslAlert, SslContext, SslContextRef, SslRef, SslSession,

    SslSessionRef,

};

#[cfg(ossl111)]

use x509::X509Ref;

use x509::{X509StoreContext, X509StoreContextRef};

pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int

where

    F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,

{

    unsafe {

        let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx();

        let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx);

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let verify = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let verify: &F = &*(verify as *mut F);

        let ctx = X509StoreContextRef::from_ptr_mut(x509_ctx);

        let ssl_idx = X509StoreContext::ssl_idx().expect("BUG: store context ssl index missing");

        let verify_idx = SslContext::cached_ex_index::<F>();

        verify(preverify_ok != 0, ctx) as c_int

        // raw pointer shenanigans to break the borrow of ctx

        // the callback can't mess with its own ex_data slot so this is safe

        let verify = ctx.ex_data(ssl_idx)

            .expect("BUG: store context missing ssl")

            .ssl_context()

            .ex_data(verify_idx)

            .expect("BUG: verify callback missing") as *const F;

        (*verify)(preverify_ok != 0, ctx) as c_int

    }

}

        + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let callback_idx = SslContext::cached_ex_index::<F>();

        let callback = ssl.ssl_context()

            .ex_data(callback_idx)

            .expect("BUG: psk callback missing") as *const F;

        let hint = if hint != ptr::null() {

            Some(CStr::from_ptr(hint).to_bytes())

        } else {

        // Give the callback mutable slices into which it can write the identity and psk.

        let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize);

        let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);

        match callback(ssl, hint, identity_sl, psk_sl) {

        match (*callback)(ssl, hint, identity_sl, psk_sl) {

            Ok(psk_len) => psk_len as u32,

            _ => 0,

        }

    F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let callback: &F = &*(callback as *mut F);

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: sni callback missing") as *const F;

        let mut alert = SslAlert(*al);

        let r = callback(ssl, &mut alert);

        let r = (*callback)(ssl, &mut alert);

        *al = alert.0;

        match r {

            Ok(()) => ffi::SSL_TLSEXT_ERR_OK,

    F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let callback: &F = &*(callback as *mut F);

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: alpn callback missing") as *const F;

        let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize);

        match callback(ssl, protos) {

        match (*callback)(ssl, protos) {

            Ok(proto) => {

                *out = proto.as_ptr() as *const c_uchar;

                *outlen = proto.len() as c_uchar;

where

    F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    match callback(ssl, is_export != 0, keylength as u32) {

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: tmp dh callback missing") as *const F;

    match (*callback)(ssl, is_export != 0, keylength as u32) {

        Ok(dh) => {

            let ptr = dh.as_ptr();

            mem::forget(dh);

where

    F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    match callback(ssl, is_export != 0, keylength as u32) {

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: tmp ecdh callback missing") as *const F;

    match (*callback)(ssl, is_export != 0, keylength as u32) {

        Ok(ec_key) => {

            let ptr = ec_key.as_ptr();

            mem::forget(ec_key);

where

    F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,

{

    let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

    let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    let ret = callback(ssl);

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: ocsp callback missing") as *const F;

    let ret = (*callback)(ssl);

    if ssl.is_server() {

        match ret {

where

    F: Fn(&mut SslRef, SslSession) + 'static + Sync + Send,

{

    let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

    let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: new session callback missing") as *const F;

    let session = SslSession::from_ptr(session);

    callback(ssl, session);

    (*callback)(ssl, session);

    // the return code doesn't indicate error vs success, but whether or not we consumed the session

    1

) where

    F: Fn(&SslContextRef, &SslSessionRef) + 'static + Sync + Send,

{

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ctx = SslContextRef::from_ptr(ctx);

    let callback = ctx.ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: remove session callback missing");

    let session = SslSessionRef::from_ptr(session);

    callback(ctx, session)

}

#[cfg(any(ossl110))]

#[cfg(ossl110)]

type DataPtr = *const c_uchar;

#[cfg(not(any(ossl110)))]

#[cfg(not(ossl110))]

type DataPtr = *mut c_uchar;

pub unsafe extern "C" fn raw_get_session<F>(

where

    F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send,

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr_mut(ssl);

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: get session callback missing") as *const F;

    let data = slice::from_raw_parts(data as *const u8, len as usize);

    match callback(ssl, data) {

    match (*callback)(ssl, data) {

        Some(session) => {

            let p = session.as_ptr();

            mem::forget(p);

where

    F: Fn(&SslRef, &str) + 'static + Sync + Send,

{

    let ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

    let callback = ffi::SSL_CTX_get_ex_data(ctx, get_callback_idx::<F>());

    let callback = &*(callback as *mut F);

    let ssl = SslRef::from_ptr(ssl as *mut _);

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: get session callback missing");

    let line = CStr::from_ptr(line).to_bytes();

    let line = str::from_utf8_unchecked(line);

}

#[cfg(ossl111)]

pub extern "C" fn raw_stateless_cookie_generate<F>(

pub unsafe extern "C" fn raw_stateless_cookie_generate<F>(

    ssl: *mut ffi::SSL,

    cookie: *mut c_uchar,

    cookie_len: *mut size_t,

where

    F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

    let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let slice =

            slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);

        match callback(ssl, slice) {

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: stateless cookie generate callback missing") as *const F;

    let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);

    match (*callback)(ssl, slice) {

        Ok(len) => {

            *cookie_len = len as size_t;

            1

        }

    }

}

}

#[cfg(ossl111)]

pub extern "C" fn raw_stateless_cookie_verify<F>(

pub unsafe extern "C" fn raw_stateless_cookie_verify<F>(

    ssl: *mut ffi::SSL,

    cookie: *const c_uchar,

    cookie_len: size_t,

where

    F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

    let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let slice =

            slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);

        callback(ssl, slice) as c_int

    }

    let callback = ssl.ssl_context()

        .ex_data(SslContext::cached_ex_index::<F>())

        .expect("BUG: stateless cookie verify callback missing") as *const F;

    let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);

    (*callback)(ssl, slice) as c_int

}

pub extern "C" fn raw_cookie_generate<F>(

    F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: cookie generate callback missing") as *const F;

        // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for

        // compatibility. See comments in dtls1.h.

        let slice =

            slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);

        match callback(ssl, slice) {

        match (*callback)(ssl, slice) {

            Ok(len) => {

                *cookie_len = len as c_uint;

                1

    F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: cookie verify callback missing") as *const F;

        let slice =

            slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);

        callback(ssl, slice) as c_int

        (*callback)(ssl, slice) as c_int

    }

}

) -> c_int

where

    F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert>

        + 'static,

        + 'static

        + Sync

        + Send,

    T: AsRef<[u8]> + 'static + Sync + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let callback = &*(callback as *mut F);

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: custom ext add callback missing") as *const F;

        let ectx = ExtensionContext::from_bits_truncate(context);

        let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) {

            Some((chainidx, X509Ref::from_ptr(x)))

        } else {

            None

        };

        match (callback)(ssl, ectx, cert) {

        match (*callback)(ssl, ectx, cert) {

            Ok(None) => 0,

            Ok(Some(buf)) => {

                *outlen = buf.as_ref().len() as size_t;

    _: *mut c_void,

) -> c_int

where

    F: FnMut(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert>

        + 'static,

    F: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert>

        + 'static

        + Sync

        + Send,

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &mut *(callback as *mut F);

        let callback = ssl.ssl_context()

            .ex_data(SslContext::cached_ex_index::<F>())

            .expect("BUG: custom ext parse callback missing") as *const F;

        let ectx = ExtensionContext::from_bits_truncate(context);

        let slice = slice::from_raw_parts(input as *const u8, inlen as usize);

        let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) {

        } else {

            None

        };

        match callback(ssl, ectx, slice, cert) {

        match (*callback)(ssl, ectx, slice, cert) {

            Ok(()) => 1,

            Err(alert) => {

                *al = alert.0;

}

#[test]

#[cfg_attr(libressl250, ignore)]

fn default_verify_paths() {

    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();

    ctx.set_default_verify_paths().unwrap();

}

#[test]

#[cfg_attr(libressl250, ignore)]

fn connector_valid_hostname() {

    let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();

}

#[test]

#[cfg_attr(libressl250, ignore)]

fn connector_invalid_no_hostname_verification() {

    let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();

}

#[test]

#[cfg_attr(libressl250, ignore)]

fn active_session() {

    let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();