Merge pull request #835 from Ralith/stateless

#[cfg(ossl110)]

pub use ossl110::*;

#[cfg(ossl111)]

mod ossl111;

#[cfg(ossl111)]

pub use ossl111::*;

#[cfg(libressl)]

mod libressl;

#[cfg(libressl)]

pub const GEN_IPADD: c_int = 7;

pub const GEN_RID: c_int = 8;

pub const DTLS1_COOKIE_LENGTH: c_uint = 256;

// macros

pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long {

    BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void)

    pub fn FIPS_mode_set(onoff: c_int) -> c_int;

    #[cfg(not(libressl))]

    pub fn FIPS_mode() -> c_int;

    pub fn SSL_CTX_set_cookie_generate_cb(

        s: *mut SSL_CTX,

        cb: Option<extern "C" fn(

            ssl: *mut SSL,

            cookie: *mut c_uchar,

            cookie_len: *mut c_uint

        ) -> c_int>

    );

    #[cfg(ossl110)]

    pub fn SSL_CTX_set_cookie_verify_cb(

        s: *mut SSL_CTX,

        cb: Option<extern "C" fn(

            ssl: *mut SSL,

            cookie: *const c_uchar,

            cookie_len: c_uint

        ) -> c_int>

    );

    #[cfg(not(ossl110))]

    pub fn SSL_CTX_set_cookie_verify_cb(

        s: *mut SSL_CTX,

        cb: Option<extern "C" fn(

            ssl: *mut SSL,

            cookie: *mut c_uchar,

            cookie_len: c_uint

        ) -> c_int>

    );

}

use libc::{c_int, c_ulong};

use ossl110::*;

pub const SSL_COOKIE_LENGTH: c_int = 255;

pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000;

extern "C" {

    pub fn SSL_stateless(s: *mut SSL) -> c_int;

}

    callback(ssl, line);

}

pub extern "C" fn raw_cookie_generate<F>(

    ssl: *mut ffi::SSL,

    cookie: *mut c_uchar,

    cookie_len: *mut c_uint

) -> c_int

where

    F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for

        // compatibility. See comments in dtls1.h.

        let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);

        match callback(ssl, slice) {

            Ok(len) => {

                *cookie_len = len as c_uint;

                1

            }

            Err(_) => 0,

        }

    }

}

#[cfg(ossl110)]

type CookiePtr = *const c_uchar;

#[cfg(not(ossl110))]

type CookiePtr = *mut c_uchar;

pub extern "C" fn raw_cookie_verify<F>(

    ssl: *mut ffi::SSL,

    cookie: CookiePtr,

    cookie_len: c_uint

) -> c_int

where

    F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send

{

    unsafe {

        let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);

        let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());

        let ssl = SslRef::from_ptr_mut(ssl);

        let callback = &*(callback as *mut F);

        let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);

        callback(ssl, slice) as c_int

    }

}

        }

    }

    /// Sets the callback for generating an application cookie for stateless handshakes.

    ///

    /// The callback will be called with the SSL context and a slice into which the cookie

    /// should be written. The callback should return the number of bytes written.

    ///

    /// This corresponds to `SSL_CTX_set_cookie_generate_cb`.

    pub fn set_cookie_generate_cb<F>(&mut self, callback: F)

    where

        F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send

    {

        unsafe {

            let callback = Box::new(callback);

            ffi::SSL_CTX_set_ex_data(

                self.as_ptr(),

                get_callback_idx::<F>(),

                mem::transmute(callback),

            );

            ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>))

        }

    }

    /// Sets the callback for verifying an application cookie for stateless handshakes.

    ///

    /// The callback will be called with the SSL context and the cookie supplied by the

    /// client. It should return true if and only if the cookie is valid.

    ///

    /// Note that the OpenSSL implementation independently verifies the integrity of

    /// application cookies using an HMAC before invoking the supplied callback.

    ///

    /// This corresponds to `SSL_CTX_set_cookie_verify_cb`.

    pub fn set_cookie_verify_cb<F>(&mut self, callback: F)

    where

        F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send

    {

        unsafe {

            let callback = Box::new(callback);

            ffi::SSL_CTX_set_ex_data(

                self.as_ptr(),

                get_callback_idx::<F>(),

                mem::transmute(callback),

            );

            ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::<F>))

        }

    }

    /// Sets the extra data at the specified index.

    ///

    /// This can be used to provide data to callbacks registered with the context. Use the