Update to OpenSSL 1.1.1-pre3 (bbb1cb61) · Commits · Public Repositories / Rust Openssl

.circleci/config.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -91,7 +91,7 @@ macos_job: &MACOS_JOB

		openssl_111: &OPENSSL_111
		LIBRARY: openssl
		VERSION: 1.1.1-pre2
		VERSION: 1.1.1-pre3
		openssl_110: &OPENSSL_110
		LIBRARY: openssl
		VERSION: 1.1.0g

openssl-sys/src/ossl111.rs

+17 −1

Original line number	Diff line number	Diff line
		@@ -25,7 +25,7 @@ pub type SSL_custom_ext_parse_cb_ex =
		chainidx: size_t, al: *mut c_int,
		parse_arg: *mut c_void) -> c_int>;

		pub const SSL_COOKIE_LENGTH: c_int = 255;
		pub const SSL_COOKIE_LENGTH: c_int = 4096;

		pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: c_ulong = 0x00100000;

		@@ -65,4 +65,20 @@ extern "C" {
		parse_arg: *mut c_void) -> c_int;
		pub fn SSL_stateless(s: *mut ::SSL) -> c_int;
		pub fn SSL_CIPHER_get_handshake_digest(cipher: const ::SSL_CIPHER) -> const ::EVP_MD;
		pub fn SSL_CTX_set_stateless_cookie_generate_cb(
		s: *mut ::SSL_CTX,
		cb: Option<unsafe extern "C" fn(
		ssl: *mut ::SSL,
		cookie: *mut c_uchar,
		cookie_len: *mut size_t
		) -> c_int>
		);
		pub fn SSL_CTX_set_stateless_cookie_verify_cb(
		s: *mut ::SSL_CTX,
		cb: Option<unsafe extern "C" fn(
		ssl: *mut ::SSL,
		cookie: *const c_uchar,
		cookie_len: size_t
		) -> c_int>
		);
		}

openssl/src/ssl/callbacks.rs

+49 −0

Original line number	Diff line number	Diff line
		@@ -366,6 +366,55 @@ where
		callback(ssl, line);
		}

		#[cfg(ossl111)]
		pub extern "C" fn raw_stateless_cookie_generate<F>(
		ssl: *mut ffi::SSL,
		cookie: *mut c_uchar,
		cookie_len: *mut size_t,
		) -> c_int
		where
		F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
		{
		unsafe {
		let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
		let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
		let ssl = SslRef::from_ptr_mut(ssl);
		let callback = &(callback as mut F);
		let slice =
		slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
		match callback(ssl, slice) {
		Ok(len) => {
		*cookie_len = len as size_t;
		1
		}
		Err(e) => {
		e.put();
		0
		}
		}
		}
		}

		#[cfg(ossl111)]
		pub extern "C" fn raw_stateless_cookie_verify<F>(
		ssl: *mut ffi::SSL,
		cookie: *const c_uchar,
		cookie_len: size_t,
		) -> c_int
		where
		F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
		{
		unsafe {
		let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl as *const _);
		let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_callback_idx::<F>());
		let ssl = SslRef::from_ptr_mut(ssl);
		let callback = &(callback as mut F);
		let slice =
		slice::from_raw_parts(cookie as const c_uchar as const u8, cookie_len as usize);
		callback(ssl, slice) as c_int
		}
		}

		pub extern "C" fn raw_cookie_generate<F>(
		ssl: *mut ffi::SSL,
		cookie: *mut c_uchar,

openssl/src/ssl/mod.rs

+49 −5

Original line number	Diff line number	Diff line
		@@ -1437,8 +1437,9 @@ impl SslContextBuilder {
		/// The callback will be called with the SSL context and a slice into which the cookie
		/// should be written. The callback should return the number of bytes written.
		///
		/// This corresponds to `SSL_CTX_set_cookie_generate_cb`.
		pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
		/// This corresponds to `SSL_CTX_set_stateless_cookie_generate_cb`.
		#[cfg(ossl111)]
		pub fn set_stateless_cookie_generate_cb<F>(&mut self, callback: F)
		where
		F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
		{
		@@ -1447,9 +1448,9 @@ impl SslContextBuilder {
		ffi::SSL_CTX_set_ex_data(
		self.as_ptr(),
		get_callback_idx::<F>(),
		mem::transmute(callback),
		Box::into_raw(callback) as *mut _,
		);
		ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>))
		ffi::SSL_CTX_set_stateless_cookie_generate_cb(self.as_ptr(), Some(raw_stateless_cookie_generate::<F>))
		}
		}

		@@ -1461,6 +1462,49 @@ impl SslContextBuilder {
		/// Note that the OpenSSL implementation independently verifies the integrity of
		/// application cookies using an HMAC before invoking the supplied callback.
		///
		/// This corresponds to `SSL_CTX_set_stateless_cookie_verify_cb`.
		#[cfg(ossl111)]
		pub fn set_stateless_cookie_verify_cb<F>(&mut self, callback: F)
		where
		F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
		{
		unsafe {
		let callback = Box::new(callback);
		ffi::SSL_CTX_set_ex_data(
		self.as_ptr(),
		get_callback_idx::<F>(),
		Box::into_raw(callback) as *mut _,
		);
		ffi::SSL_CTX_set_stateless_cookie_verify_cb(self.as_ptr(), Some(raw_stateless_cookie_verify::<F>))
		}
		}

		/// Sets the callback for generating a DTLSv1 cookie
		///
		/// The callback will be called with the SSL context and a slice into which the cookie
		/// should be written. The callback should return the number of bytes written.
		///
		/// This corresponds to `SSL_CTX_set_cookie_generate_cb`.
		pub fn set_cookie_generate_cb<F>(&mut self, callback: F)
		where
		F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
		{
		unsafe {
		let callback = Box::new(callback);
		ffi::SSL_CTX_set_ex_data(
		self.as_ptr(),
		get_callback_idx::<F>(),
		Box::into_raw(callback) as *mut _,
		);
		ffi::SSL_CTX_set_cookie_generate_cb(self.as_ptr(), Some(raw_cookie_generate::<F>))
		}
		}

		/// Sets the callback for verifying a DTLSv1 cookie
		///
		/// The callback will be called with the SSL context and the cookie supplied by the
		/// client. It should return true if and only if the cookie is valid.
		///
		/// This corresponds to `SSL_CTX_set_cookie_verify_cb`.
		pub fn set_cookie_verify_cb<F>(&mut self, callback: F)
		where
		@@ -1471,7 +1515,7 @@ impl SslContextBuilder {
		ffi::SSL_CTX_set_ex_data(
		self.as_ptr(),
		get_callback_idx::<F>(),
		mem::transmute(callback),
		Box::into_raw(callback) as *mut _,
		);
		ffi::SSL_CTX_set_cookie_verify_cb(self.as_ptr(), Some(raw_cookie_verify::<F>))
		}