1 use cfg_if::cfg_if;
2 use foreign_types::ForeignType;
3 use foreign_types::ForeignTypeRef;
4 #[cfg(any(ossl111, not(osslconf = "OPENSSL_NO_PSK")))]
5 use libc::c_char;
6 #[cfg(ossl111)]
7 use libc::size_t;
8 use libc::{c_int, c_uchar, c_uint, c_void};
9 #[cfg(any(ossl111, not(osslconf = "OPENSSL_NO_PSK")))]
10 use std::ffi::CStr;
11 use std::mem;
12 use std::ptr;
13 use std::slice;
14 #[cfg(ossl111)]
15 use std::str;
16 use std::sync::Arc;
17
18 use crate::dh::Dh;
19 #[cfg(all(ossl101, not(ossl110)))]
20 use crate::ec::EcKey;
21 use crate::error::ErrorStack;
22 use crate::pkey::Params;
23 #[cfg(any(ossl102, libressl261))]
24 use crate::ssl::AlpnError;
25 use crate::ssl::{
26 try_get_session_ctx_index, SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef,
27 SslSession, SslSessionRef,
28 };
29 #[cfg(ossl111)]
30 use crate::ssl::{ClientHelloResponse, ExtensionContext};
31 #[cfg(ossl111)]
32 use crate::util::ForeignTypeRefExt;
33 #[cfg(ossl111)]
34 use crate::x509::X509Ref;
35 use crate::x509::{X509StoreContext, X509StoreContextRef};
36
raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int where F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,37 pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
38 where
39 F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
40 {
41 unsafe {
42 let ctx = X509StoreContextRef::from_ptr_mut(x509_ctx);
43 let ssl_idx = X509StoreContext::ssl_idx().expect("BUG: store context ssl index missing");
44 let verify_idx = SslContext::cached_ex_index::<F>();
45
46 // raw pointer shenanigans to break the borrow of ctx
47 // the callback can't mess with its own ex_data slot so this is safe
48 let verify = ctx
49 .ex_data(ssl_idx)
50 .expect("BUG: store context missing ssl")
51 .ssl_context()
52 .ex_data(verify_idx)
53 .expect("BUG: verify callback missing") as *const F;
54
55 (*verify)(preverify_ok != 0, ctx) as c_int
56 }
57 }
58
59 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
raw_client_psk<F>( ssl: *mut ffi::SSL, hint: *const c_char, identity: *mut c_char, max_identity_len: c_uint, psk: *mut c_uchar, max_psk_len: c_uint, ) -> c_uint where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,60 pub extern "C" fn raw_client_psk<F>(
61 ssl: *mut ffi::SSL,
62 hint: *const c_char,
63 identity: *mut c_char,
64 max_identity_len: c_uint,
65 psk: *mut c_uchar,
66 max_psk_len: c_uint,
67 ) -> c_uint
68 where
69 F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack>
70 + 'static
71 + Sync
72 + Send,
73 {
74 unsafe {
75 let ssl = SslRef::from_ptr_mut(ssl);
76 let callback_idx = SslContext::cached_ex_index::<F>();
77
78 let callback = ssl
79 .ssl_context()
80 .ex_data(callback_idx)
81 .expect("BUG: psk callback missing") as *const F;
82 let hint = if !hint.is_null() {
83 Some(CStr::from_ptr(hint).to_bytes())
84 } else {
85 None
86 };
87 // Give the callback mutable slices into which it can write the identity and psk.
88 let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize);
89 let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
90 match (*callback)(ssl, hint, identity_sl, psk_sl) {
91 Ok(psk_len) => psk_len as u32,
92 Err(e) => {
93 e.put();
94 0
95 }
96 }
97 }
98 }
99
100 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
raw_server_psk<F>( ssl: *mut ffi::SSL, identity: *const c_char, psk: *mut c_uchar, max_psk_len: c_uint, ) -> c_uint where F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,101 pub extern "C" fn raw_server_psk<F>(
102 ssl: *mut ffi::SSL,
103 identity: *const c_char,
104 psk: *mut c_uchar,
105 max_psk_len: c_uint,
106 ) -> c_uint
107 where
108 F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8]) -> Result<usize, ErrorStack>
109 + 'static
110 + Sync
111 + Send,
112 {
113 unsafe {
114 let ssl = SslRef::from_ptr_mut(ssl);
115 let callback_idx = SslContext::cached_ex_index::<F>();
116
117 let callback = ssl
118 .ssl_context()
119 .ex_data(callback_idx)
120 .expect("BUG: psk callback missing") as *const F;
121 let identity = if identity.is_null() {
122 None
123 } else {
124 Some(CStr::from_ptr(identity).to_bytes())
125 };
126 // Give the callback mutable slices into which it can write the psk.
127 let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
128 match (*callback)(ssl, identity, psk_sl) {
129 Ok(psk_len) => psk_len as u32,
130 Err(e) => {
131 e.put();
132 0
133 }
134 }
135 }
136 }
137
ssl_raw_verify<F>( preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX, ) -> c_int where F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,138 pub extern "C" fn ssl_raw_verify<F>(
139 preverify_ok: c_int,
140 x509_ctx: *mut ffi::X509_STORE_CTX,
141 ) -> c_int
142 where
143 F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
144 {
145 unsafe {
146 let ctx = X509StoreContextRef::from_ptr_mut(x509_ctx);
147 let ssl_idx = X509StoreContext::ssl_idx().expect("BUG: store context ssl index missing");
148 let callback_idx = Ssl::cached_ex_index::<Arc<F>>();
149
150 let callback = ctx
151 .ex_data(ssl_idx)
152 .expect("BUG: store context missing ssl")
153 .ex_data(callback_idx)
154 .expect("BUG: ssl verify callback missing")
155 .clone();
156
157 callback(preverify_ok != 0, ctx) as c_int
158 }
159 }
160
raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, arg: *mut c_void) -> c_int where F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,161 pub extern "C" fn raw_sni<F>(ssl: *mut ffi::SSL, al: *mut c_int, arg: *mut c_void) -> c_int
162 where
163 F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,
164 {
165 unsafe {
166 let ssl = SslRef::from_ptr_mut(ssl);
167 let callback = arg as *const F;
168 let mut alert = SslAlert(*al);
169
170 let r = (*callback)(ssl, &mut alert);
171 *al = alert.0;
172 match r {
173 Ok(()) => ffi::SSL_TLSEXT_ERR_OK,
174 Err(e) => e.0,
175 }
176 }
177 }
178
179 #[cfg(any(ossl102, libressl261))]
raw_alpn_select<F>( ssl: *mut ffi::SSL, out: *mut *const c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, _arg: *mut c_void, ) -> c_int where F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,180 pub extern "C" fn raw_alpn_select<F>(
181 ssl: *mut ffi::SSL,
182 out: *mut *const c_uchar,
183 outlen: *mut c_uchar,
184 inbuf: *const c_uchar,
185 inlen: c_uint,
186 _arg: *mut c_void,
187 ) -> c_int
188 where
189 F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
190 {
191 unsafe {
192 let ssl = SslRef::from_ptr_mut(ssl);
193 let callback = ssl
194 .ssl_context()
195 .ex_data(SslContext::cached_ex_index::<F>())
196 .expect("BUG: alpn callback missing") as *const F;
197 let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize);
198
199 match (*callback)(ssl, protos) {
200 Ok(proto) => {
201 *out = proto.as_ptr() as *const c_uchar;
202 *outlen = proto.len() as c_uchar;
203 ffi::SSL_TLSEXT_ERR_OK
204 }
205 Err(e) => e.0,
206 }
207 }
208 }
209
raw_tmp_dh<F>( ssl: *mut ffi::SSL, is_export: c_int, keylength: c_int, ) -> *mut ffi::DH where F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,210 pub unsafe extern "C" fn raw_tmp_dh<F>(
211 ssl: *mut ffi::SSL,
212 is_export: c_int,
213 keylength: c_int,
214 ) -> *mut ffi::DH
215 where
216 F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
217 {
218 let ssl = SslRef::from_ptr_mut(ssl);
219 let callback = ssl
220 .ssl_context()
221 .ex_data(SslContext::cached_ex_index::<F>())
222 .expect("BUG: tmp dh callback missing") as *const F;
223
224 match (*callback)(ssl, is_export != 0, keylength as u32) {
225 Ok(dh) => {
226 let ptr = dh.as_ptr();
227 mem::forget(dh);
228 ptr
229 }
230 Err(e) => {
231 e.put();
232 ptr::null_mut()
233 }
234 }
235 }
236
237 #[cfg(all(ossl101, not(ossl110)))]
raw_tmp_ecdh<F>( ssl: *mut ffi::SSL, is_export: c_int, keylength: c_int, ) -> *mut ffi::EC_KEY where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,238 pub unsafe extern "C" fn raw_tmp_ecdh<F>(
239 ssl: *mut ffi::SSL,
240 is_export: c_int,
241 keylength: c_int,
242 ) -> *mut ffi::EC_KEY
243 where
244 F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
245 {
246 let ssl = SslRef::from_ptr_mut(ssl);
247 let callback = ssl
248 .ssl_context()
249 .ex_data(SslContext::cached_ex_index::<F>())
250 .expect("BUG: tmp ecdh callback missing") as *const F;
251
252 match (*callback)(ssl, is_export != 0, keylength as u32) {
253 Ok(ec_key) => {
254 let ptr = ec_key.as_ptr();
255 mem::forget(ec_key);
256 ptr
257 }
258 Err(e) => {
259 e.put();
260 ptr::null_mut()
261 }
262 }
263 }
264
raw_tmp_dh_ssl<F>( ssl: *mut ffi::SSL, is_export: c_int, keylength: c_int, ) -> *mut ffi::DH where F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,265 pub unsafe extern "C" fn raw_tmp_dh_ssl<F>(
266 ssl: *mut ffi::SSL,
267 is_export: c_int,
268 keylength: c_int,
269 ) -> *mut ffi::DH
270 where
271 F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
272 {
273 let ssl = SslRef::from_ptr_mut(ssl);
274 let callback = ssl
275 .ex_data(Ssl::cached_ex_index::<Arc<F>>())
276 .expect("BUG: ssl tmp dh callback missing")
277 .clone();
278
279 match callback(ssl, is_export != 0, keylength as u32) {
280 Ok(dh) => {
281 let ptr = dh.as_ptr();
282 mem::forget(dh);
283 ptr
284 }
285 Err(e) => {
286 e.put();
287 ptr::null_mut()
288 }
289 }
290 }
291
292 #[cfg(all(ossl101, not(ossl110)))]
raw_tmp_ecdh_ssl<F>( ssl: *mut ffi::SSL, is_export: c_int, keylength: c_int, ) -> *mut ffi::EC_KEY where F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,293 pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
294 ssl: *mut ffi::SSL,
295 is_export: c_int,
296 keylength: c_int,
297 ) -> *mut ffi::EC_KEY
298 where
299 F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
300 {
301 let ssl = SslRef::from_ptr_mut(ssl);
302 let callback = ssl
303 .ex_data(Ssl::cached_ex_index::<Arc<F>>())
304 .expect("BUG: ssl tmp ecdh callback missing")
305 .clone();
306
307 match callback(ssl, is_export != 0, keylength as u32) {
308 Ok(ec_key) => {
309 let ptr = ec_key.as_ptr();
310 mem::forget(ec_key);
311 ptr
312 }
313 Err(e) => {
314 e.put();
315 ptr::null_mut()
316 }
317 }
318 }
319
raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,320 pub unsafe extern "C" fn raw_tlsext_status<F>(ssl: *mut ffi::SSL, _: *mut c_void) -> c_int
321 where
322 F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,
323 {
324 let ssl = SslRef::from_ptr_mut(ssl);
325 let callback = ssl
326 .ssl_context()
327 .ex_data(SslContext::cached_ex_index::<F>())
328 .expect("BUG: ocsp callback missing") as *const F;
329 let ret = (*callback)(ssl);
330
331 if ssl.is_server() {
332 match ret {
333 Ok(true) => ffi::SSL_TLSEXT_ERR_OK,
334 Ok(false) => ffi::SSL_TLSEXT_ERR_NOACK,
335 Err(e) => {
336 e.put();
337 ffi::SSL_TLSEXT_ERR_ALERT_FATAL
338 }
339 }
340 } else {
341 match ret {
342 Ok(true) => 1,
343 Ok(false) => 0,
344 Err(e) => {
345 e.put();
346 -1
347 }
348 }
349 }
350 }
351
raw_new_session<F>( ssl: *mut ffi::SSL, session: *mut ffi::SSL_SESSION, ) -> c_int where F: Fn(&mut SslRef, SslSession) + 'static + Sync + Send,352 pub unsafe extern "C" fn raw_new_session<F>(
353 ssl: *mut ffi::SSL,
354 session: *mut ffi::SSL_SESSION,
355 ) -> c_int
356 where
357 F: Fn(&mut SslRef, SslSession) + 'static + Sync + Send,
358 {
359 let session_ctx_index =
360 try_get_session_ctx_index().expect("BUG: session context index initialization failed");
361 let ssl = SslRef::from_ptr_mut(ssl);
362 let callback = ssl
363 .ex_data(*session_ctx_index)
364 .expect("BUG: session context missing")
365 .ex_data(SslContext::cached_ex_index::<F>())
366 .expect("BUG: new session callback missing") as *const F;
367 let session = SslSession::from_ptr(session);
368
369 (*callback)(ssl, session);
370
371 // the return code doesn't indicate error vs success, but whether or not we consumed the session
372 1
373 }
374
raw_remove_session<F>( ctx: *mut ffi::SSL_CTX, session: *mut ffi::SSL_SESSION, ) where F: Fn(&SslContextRef, &SslSessionRef) + 'static + Sync + Send,375 pub unsafe extern "C" fn raw_remove_session<F>(
376 ctx: *mut ffi::SSL_CTX,
377 session: *mut ffi::SSL_SESSION,
378 ) where
379 F: Fn(&SslContextRef, &SslSessionRef) + 'static + Sync + Send,
380 {
381 let ctx = SslContextRef::from_ptr(ctx);
382 let callback = ctx
383 .ex_data(SslContext::cached_ex_index::<F>())
384 .expect("BUG: remove session callback missing");
385 let session = SslSessionRef::from_ptr(session);
386
387 callback(ctx, session)
388 }
389
390 cfg_if! {
391 if #[cfg(any(ossl110, libressl280))] {
392 type DataPtr = *const c_uchar;
393 } else {
394 type DataPtr = *mut c_uchar;
395 }
396 }
397
raw_get_session<F>( ssl: *mut ffi::SSL, data: DataPtr, len: c_int, copy: *mut c_int, ) -> *mut ffi::SSL_SESSION where F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send,398 pub unsafe extern "C" fn raw_get_session<F>(
399 ssl: *mut ffi::SSL,
400 data: DataPtr,
401 len: c_int,
402 copy: *mut c_int,
403 ) -> *mut ffi::SSL_SESSION
404 where
405 F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send,
406 {
407 let session_ctx_index =
408 try_get_session_ctx_index().expect("BUG: session context index initialization failed");
409 let ssl = SslRef::from_ptr_mut(ssl);
410 let callback = ssl
411 .ex_data(*session_ctx_index)
412 .expect("BUG: session context missing")
413 .ex_data(SslContext::cached_ex_index::<F>())
414 .expect("BUG: get session callback missing") as *const F;
415 let data = slice::from_raw_parts(data as *const u8, len as usize);
416
417 match (*callback)(ssl, data) {
418 Some(session) => {
419 let p = session.as_ptr();
420 mem::forget(session);
421 *copy = 0;
422 p
423 }
424 None => ptr::null_mut(),
425 }
426 }
427
428 #[cfg(ossl111)]
raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char) where F: Fn(&SslRef, &str) + 'static + Sync + Send,429 pub unsafe extern "C" fn raw_keylog<F>(ssl: *const ffi::SSL, line: *const c_char)
430 where
431 F: Fn(&SslRef, &str) + 'static + Sync + Send,
432 {
433 let ssl = SslRef::from_const_ptr(ssl);
434 let callback = ssl
435 .ssl_context()
436 .ex_data(SslContext::cached_ex_index::<F>())
437 .expect("BUG: get session callback missing");
438 let line = CStr::from_ptr(line).to_bytes();
439 let line = str::from_utf8_unchecked(line);
440
441 callback(ssl, line);
442 }
443
444 #[cfg(ossl111)]
raw_stateless_cookie_generate<F>( ssl: *mut ffi::SSL, cookie: *mut c_uchar, cookie_len: *mut size_t, ) -> c_int where F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,445 pub unsafe extern "C" fn raw_stateless_cookie_generate<F>(
446 ssl: *mut ffi::SSL,
447 cookie: *mut c_uchar,
448 cookie_len: *mut size_t,
449 ) -> c_int
450 where
451 F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
452 {
453 let ssl = SslRef::from_ptr_mut(ssl);
454 let callback = ssl
455 .ssl_context()
456 .ex_data(SslContext::cached_ex_index::<F>())
457 .expect("BUG: stateless cookie generate callback missing") as *const F;
458 let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
459 match (*callback)(ssl, slice) {
460 Ok(len) => {
461 *cookie_len = len as size_t;
462 1
463 }
464 Err(e) => {
465 e.put();
466 0
467 }
468 }
469 }
470
471 #[cfg(ossl111)]
raw_stateless_cookie_verify<F>( ssl: *mut ffi::SSL, cookie: *const c_uchar, cookie_len: size_t, ) -> c_int where F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,472 pub unsafe extern "C" fn raw_stateless_cookie_verify<F>(
473 ssl: *mut ffi::SSL,
474 cookie: *const c_uchar,
475 cookie_len: size_t,
476 ) -> c_int
477 where
478 F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
479 {
480 let ssl = SslRef::from_ptr_mut(ssl);
481 let callback = ssl
482 .ssl_context()
483 .ex_data(SslContext::cached_ex_index::<F>())
484 .expect("BUG: stateless cookie verify callback missing") as *const F;
485 let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
486 (*callback)(ssl, slice) as c_int
487 }
488
raw_cookie_generate<F>( ssl: *mut ffi::SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint, ) -> c_int where F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,489 pub extern "C" fn raw_cookie_generate<F>(
490 ssl: *mut ffi::SSL,
491 cookie: *mut c_uchar,
492 cookie_len: *mut c_uint,
493 ) -> c_int
494 where
495 F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
496 {
497 unsafe {
498 let ssl = SslRef::from_ptr_mut(ssl);
499 let callback = ssl
500 .ssl_context()
501 .ex_data(SslContext::cached_ex_index::<F>())
502 .expect("BUG: cookie generate callback missing") as *const F;
503 // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for
504 // compatibility. See comments in dtls1.h.
505 let slice =
506 slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1);
507 match (*callback)(ssl, slice) {
508 Ok(len) => {
509 *cookie_len = len as c_uint;
510 1
511 }
512 Err(e) => {
513 e.put();
514 0
515 }
516 }
517 }
518 }
519
520 cfg_if! {
521 if #[cfg(any(ossl110, libressl280))] {
522 type CookiePtr = *const c_uchar;
523 } else {
524 type CookiePtr = *mut c_uchar;
525 }
526 }
527
raw_cookie_verify<F>( ssl: *mut ffi::SSL, cookie: CookiePtr, cookie_len: c_uint, ) -> c_int where F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,528 pub extern "C" fn raw_cookie_verify<F>(
529 ssl: *mut ffi::SSL,
530 cookie: CookiePtr,
531 cookie_len: c_uint,
532 ) -> c_int
533 where
534 F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
535 {
536 unsafe {
537 let ssl = SslRef::from_ptr_mut(ssl);
538 let callback = ssl
539 .ssl_context()
540 .ex_data(SslContext::cached_ex_index::<F>())
541 .expect("BUG: cookie verify callback missing") as *const F;
542 let slice =
543 slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
544 (*callback)(ssl, slice) as c_int
545 }
546 }
547
548 #[cfg(ossl111)]
549 pub struct CustomExtAddState<T>(Option<T>);
550
551 #[cfg(ossl111)]
raw_custom_ext_add<F, T>( ssl: *mut ffi::SSL, _: c_uint, context: c_uint, out: *mut *const c_uchar, outlen: *mut size_t, x: *mut ffi::X509, chainidx: size_t, al: *mut c_int, _: *mut c_void, ) -> c_int where F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert> + 'static + Sync + Send, T: AsRef<[u8]> + 'static + Sync + Send,552 pub extern "C" fn raw_custom_ext_add<F, T>(
553 ssl: *mut ffi::SSL,
554 _: c_uint,
555 context: c_uint,
556 out: *mut *const c_uchar,
557 outlen: *mut size_t,
558 x: *mut ffi::X509,
559 chainidx: size_t,
560 al: *mut c_int,
561 _: *mut c_void,
562 ) -> c_int
563 where
564 F: Fn(&mut SslRef, ExtensionContext, Option<(usize, &X509Ref)>) -> Result<Option<T>, SslAlert>
565 + 'static
566 + Sync
567 + Send,
568 T: AsRef<[u8]> + 'static + Sync + Send,
569 {
570 unsafe {
571 let ssl = SslRef::from_ptr_mut(ssl);
572 let callback = ssl
573 .ssl_context()
574 .ex_data(SslContext::cached_ex_index::<F>())
575 .expect("BUG: custom ext add callback missing") as *const F;
576 let ectx = ExtensionContext::from_bits_truncate(context);
577 let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) {
578 Some((chainidx, X509Ref::from_ptr(x)))
579 } else {
580 None
581 };
582 match (*callback)(ssl, ectx, cert) {
583 Ok(None) => 0,
584 Ok(Some(buf)) => {
585 *outlen = buf.as_ref().len();
586 *out = buf.as_ref().as_ptr();
587
588 let idx = Ssl::cached_ex_index::<CustomExtAddState<T>>();
589 let mut buf = Some(buf);
590 let new = match ssl.ex_data_mut(idx) {
591 Some(state) => {
592 state.0 = buf.take();
593 false
594 }
595 None => true,
596 };
597 if new {
598 ssl.set_ex_data(idx, CustomExtAddState(buf));
599 }
600 1
601 }
602 Err(alert) => {
603 *al = alert.0;
604 -1
605 }
606 }
607 }
608 }
609
610 #[cfg(ossl111)]
raw_custom_ext_free<T>( ssl: *mut ffi::SSL, _: c_uint, _: c_uint, _: *mut *const c_uchar, _: *mut c_void, ) where T: 'static + Sync + Send,611 pub extern "C" fn raw_custom_ext_free<T>(
612 ssl: *mut ffi::SSL,
613 _: c_uint,
614 _: c_uint,
615 _: *mut *const c_uchar,
616 _: *mut c_void,
617 ) where
618 T: 'static + Sync + Send,
619 {
620 unsafe {
621 let ssl = SslRef::from_ptr_mut(ssl);
622 let idx = Ssl::cached_ex_index::<CustomExtAddState<T>>();
623 if let Some(state) = ssl.ex_data_mut(idx) {
624 state.0 = None;
625 }
626 }
627 }
628
629 #[cfg(ossl111)]
raw_custom_ext_parse<F>( ssl: *mut ffi::SSL, _: c_uint, context: c_uint, input: *const c_uchar, inlen: size_t, x: *mut ffi::X509, chainidx: size_t, al: *mut c_int, _: *mut c_void, ) -> c_int where F: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert> + 'static + Sync + Send,630 pub extern "C" fn raw_custom_ext_parse<F>(
631 ssl: *mut ffi::SSL,
632 _: c_uint,
633 context: c_uint,
634 input: *const c_uchar,
635 inlen: size_t,
636 x: *mut ffi::X509,
637 chainidx: size_t,
638 al: *mut c_int,
639 _: *mut c_void,
640 ) -> c_int
641 where
642 F: Fn(&mut SslRef, ExtensionContext, &[u8], Option<(usize, &X509Ref)>) -> Result<(), SslAlert>
643 + 'static
644 + Sync
645 + Send,
646 {
647 unsafe {
648 let ssl = SslRef::from_ptr_mut(ssl);
649 let callback = ssl
650 .ssl_context()
651 .ex_data(SslContext::cached_ex_index::<F>())
652 .expect("BUG: custom ext parse callback missing") as *const F;
653 let ectx = ExtensionContext::from_bits_truncate(context);
654 let slice = slice::from_raw_parts(input as *const u8, inlen as usize);
655 let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) {
656 Some((chainidx, X509Ref::from_ptr(x)))
657 } else {
658 None
659 };
660 match (*callback)(ssl, ectx, slice, cert) {
661 Ok(()) => 1,
662 Err(alert) => {
663 *al = alert.0;
664 0
665 }
666 }
667 }
668 }
669
670 #[cfg(ossl111)]
raw_client_hello<F>( ssl: *mut ffi::SSL, al: *mut c_int, arg: *mut c_void, ) -> c_int where F: Fn(&mut SslRef, &mut SslAlert) -> Result<ClientHelloResponse, ErrorStack> + 'static + Sync + Send,671 pub unsafe extern "C" fn raw_client_hello<F>(
672 ssl: *mut ffi::SSL,
673 al: *mut c_int,
674 arg: *mut c_void,
675 ) -> c_int
676 where
677 F: Fn(&mut SslRef, &mut SslAlert) -> Result<ClientHelloResponse, ErrorStack>
678 + 'static
679 + Sync
680 + Send,
681 {
682 let ssl = SslRef::from_ptr_mut(ssl);
683 let callback = arg as *const F;
684 let mut alert = SslAlert(*al);
685
686 let r = (*callback)(ssl, &mut alert);
687 *al = alert.0;
688 match r {
689 Ok(c) => c.0,
690 Err(e) => {
691 e.put();
692 ffi::SSL_CLIENT_HELLO_ERROR
693 }
694 }
695 }
696