From 38bc97bd3e0f332423531bbe137ac7cfaf00cac8 Mon Sep 17 00:00:00 2001 From: pingzing Date: Sun, 13 Mar 2016 19:36:58 +0200 Subject: [PATCH 01/12] Clarify windows build instructions --- README.md | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5741e2c1..90926ada 100644 --- a/README.md +++ b/README.md @@ -44,10 +44,30 @@ export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib On Windows, consider building with [mingw-w64](http://mingw-w64.org/). Build script will try to find mingw in `PATH` environment variable to provide Cargo with location where openssl libs from mingw-w64 package may be found. -If you followed guide [Building on Windows](https://github.com/rust-lang/rust#building-on-windows) -from rust repo, then you should have [MSYS2](http://msys2.github.io/) with -`mingw-w64-openssl` installed as part of `mingw-w64-x86_64-toolchain` -(or `mingw-w64-i686-toolchain`) package. + +mingw-w64 can be easily installed by using [MSYS2](http://msys2.github.io/). Install MSYS2 according to the instructions, and then, from an MSYS2 Shell, install mingw-w64: + +32-bit: +```bash +pacman -S mingw-w64-i686-gcc +``` + +64-bit +```bash +pacman -S mingw-w64-x86_64-gcc +``` + +and then install the mingw-w64 toolchain. + +32-bit: +```bash +pacman -S mingw-w64-x86_64-toolchain +``` + +64-bit: +```bash +pacman -S mingw-w64-i686-toolchain +``` Alternatively, install OpenSSL from [here][1]. Cargo will not be able to find OpenSSL if it's installed to the default location. You can either copy the `include/openssl` From f615626d08314714e505dd18eb5935c085abbadd Mon Sep 17 00:00:00 2001 From: pingzing Date: Mon, 14 Mar 2016 02:12:32 +0200 Subject: [PATCH 02/12] Fix order of 32- and 64-bit for mingw toolchain --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 90926ada..bdc8fc2c 100644 --- a/README.md +++ b/README.md @@ -61,12 +61,12 @@ and then install the mingw-w64 toolchain. 32-bit: ```bash -pacman -S mingw-w64-x86_64-toolchain +pacman -S mingw-w64-i686-toolchain ``` 64-bit: ```bash -pacman -S mingw-w64-i686-toolchain +pacman -S mingw-w64-x86_64-toolchain ``` Alternatively, install OpenSSL from [here][1]. Cargo will not be able to find OpenSSL if it's From 6bbb21779b2665d91ddb8457894945913c189085 Mon Sep 17 00:00:00 2001 From: Chris Dawes Date: Tue, 3 May 2016 19:45:30 +0100 Subject: [PATCH 03/12] add constructor for private keys from bignums --- openssl/src/crypto/rsa.rs | 52 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 6fcb5b07..974f9ad9 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -28,6 +28,21 @@ impl RSA { Ok(RSA(rsa)) } } + + pub fn from_private_components(n: BigNum, e: BigNum, d: BigNum, p: BigNum, q: BigNum, dp: BigNum, dq: BigNum, qi: BigNum) -> Result { + unsafe { + let rsa = try_ssl_null!(ffi::RSA_new()); + (*rsa).n = n.into_raw(); + (*rsa).e = e.into_raw(); + (*rsa).d = d.into_raw(); + (*rsa).p = p.into_raw(); + (*rsa).q = q.into_raw(); + (*rsa).dmp1 = dp.into_raw(); + (*rsa).dmq1 = dq.into_raw(); + (*rsa).iqmp = qi.into_raw(); + Ok(RSA(rsa)) + } + } /// the caller should assert that the rsa pointer is valid. pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { @@ -65,6 +80,43 @@ impl RSA { Ok(RSA(rsa)) } } + + pub fn size(&self) -> Result { + if self.has_n() { + unsafe { + Ok(ffi::RSA_size(self.0) as u32) + } + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + + pub fn sign(&self, hash_id: i32, message: &[u8]) -> Result, SslError> { + // RSA_sign(t: c_int, m: *const u8, mlen: c_uint, sig: *mut u8, siglen: *mut c_uint, k: *mut RSA) -> c_int + + let k_len = try!(self.size()); + let mut sig = vec![0;k_len as usize]; + let mut sig_len = k_len; + + unsafe { + let result = ffi::RSA_sign(hash_id, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + assert!(sig_len == k_len); + + if result == 1 { + Ok(sig) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + } + + pub fn verify(&self, hash_id: i32, message: &[u8], sig: &[u8]) -> Result { + unsafe { + let result = ffi::RSA_verify(hash_id, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); + + Ok(result == 1) + } + } pub fn as_ptr(&self) -> *mut ffi::RSA { self.0 From 6f410a25b2179b11183a56ca0d476a744bff91cd Mon Sep 17 00:00:00 2001 From: Chris Dawes Date: Tue, 3 May 2016 22:17:07 +0100 Subject: [PATCH 04/12] take enum instead of ints from openssl header file --- openssl/src/crypto/rsa.rs | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 974f9ad9..ada5f1c1 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -7,6 +7,24 @@ use std::io::{self, Read}; use bn::BigNum; use bio::MemBio; +#[derive(Copy, Clone, Debug)] +pub enum PKCSHashType { + SHA256, + SHA384, + SHA512 +} + +/// https://github.com/openssl/openssl/blob/master/include/openssl/obj_mac.h#L2790 +impl Into for PKCSHashType { + fn into(self) -> i32 { + match self { + PKCSHashType::SHA256 => 672, + PKCSHashType::SHA384 => 673, + PKCSHashType::SHA512 => 674 + } + } +} + pub struct RSA(*mut ffi::RSA); impl Drop for RSA { @@ -91,15 +109,13 @@ impl RSA { } } - pub fn sign(&self, hash_id: i32, message: &[u8]) -> Result, SslError> { - // RSA_sign(t: c_int, m: *const u8, mlen: c_uint, sig: *mut u8, siglen: *mut c_uint, k: *mut RSA) -> c_int - + pub fn sign(&self, hash_id: PKCSHashType, message: &[u8]) -> Result, SslError> { let k_len = try!(self.size()); let mut sig = vec![0;k_len as usize]; let mut sig_len = k_len; unsafe { - let result = ffi::RSA_sign(hash_id, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + let result = ffi::RSA_sign(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); assert!(sig_len == k_len); if result == 1 { @@ -110,9 +126,9 @@ impl RSA { } } - pub fn verify(&self, hash_id: i32, message: &[u8], sig: &[u8]) -> Result { + pub fn verify(&self, hash_id: PKCSHashType, message: &[u8], sig: &[u8]) -> Result { unsafe { - let result = ffi::RSA_verify(hash_id, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); + let result = ffi::RSA_verify(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); Ok(result == 1) } From a5ede6a85101f294333ce7f102cb98d718b53638 Mon Sep 17 00:00:00 2001 From: Chris Dawes Date: Wed, 4 May 2016 09:00:05 +0100 Subject: [PATCH 05/12] add missing NIDs and use Nid as input to signing --- openssl/src/crypto/rsa.rs | 27 ++++-------------- openssl/src/nid.rs | 58 +++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 40 deletions(-) diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index ada5f1c1..f9d1dece 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -6,24 +6,7 @@ use std::io::{self, Read}; use bn::BigNum; use bio::MemBio; - -#[derive(Copy, Clone, Debug)] -pub enum PKCSHashType { - SHA256, - SHA384, - SHA512 -} - -/// https://github.com/openssl/openssl/blob/master/include/openssl/obj_mac.h#L2790 -impl Into for PKCSHashType { - fn into(self) -> i32 { - match self { - PKCSHashType::SHA256 => 672, - PKCSHashType::SHA384 => 673, - PKCSHashType::SHA512 => 674 - } - } -} +use nid::Nid; pub struct RSA(*mut ffi::RSA); @@ -109,13 +92,13 @@ impl RSA { } } - pub fn sign(&self, hash_id: PKCSHashType, message: &[u8]) -> Result, SslError> { + pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result, SslError> { let k_len = try!(self.size()); let mut sig = vec![0;k_len as usize]; let mut sig_len = k_len; unsafe { - let result = ffi::RSA_sign(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); assert!(sig_len == k_len); if result == 1 { @@ -126,9 +109,9 @@ impl RSA { } } - pub fn verify(&self, hash_id: PKCSHashType, message: &[u8], sig: &[u8]) -> Result { + pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result { unsafe { - let result = ffi::RSA_verify(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); + let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); Ok(result == 1) } diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index bfcae15a..21ef18e0 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -2,7 +2,7 @@ #[derive(Copy, Clone, Hash, PartialEq, Eq)] #[repr(usize)] pub enum Nid { - Undefined, + Undefined, // 0 Rsadsi, Pkcs, MD2, @@ -12,7 +12,7 @@ pub enum Nid { RsaEncryption, RSA_MD2, RSA_MD5, - PBE_MD2_DES, + PBE_MD2_DES, // 10 X500, x509, CN, @@ -22,7 +22,7 @@ pub enum Nid { O, OU, RSA, - Pkcs7, + Pkcs7, // 20 Pkcs7_data, Pkcs7_signedData, Pkcs7_envelopedData, @@ -32,7 +32,7 @@ pub enum Nid { Pkcs3, DhKeyAgreement, DES_ECB, - DES_CFB, + DES_CFB, // 30 DES_CBC, DES_EDE, DES_EDE3, @@ -42,7 +42,7 @@ pub enum Nid { RC2_CBC, RC2_ECB, RC2_CFB, - RC2_OFB, + RC2_OFB, // 40 SHA, RSA_SHA, DES_EDE_CBC, @@ -52,7 +52,7 @@ pub enum Nid { Pkcs9, Email, UnstructuredName, - ContentType, + ContentType, // 50 MessageDigest, SigningTime, CounterSignature, @@ -62,7 +62,7 @@ pub enum Nid { Netscape, NetscapeCertExtention, NetscapeDatatype, - DES_EDE_CFB64, + DES_EDE_CFB64, // 60 DES_EDE3_CFB64, DES_EDE_OFB64, DES_EDE3_OFB64, @@ -72,7 +72,7 @@ pub enum Nid { DSA_OLD, PBE_SHA1_RC2_64, PBKDF2, - DSA_SHA1_OLD, + DSA_SHA1_OLD, // 70 NetscapeCertType, NetscapeBaseUrl, NetscapeRevocationUrl, @@ -82,7 +82,7 @@ pub enum Nid { NetscapeSSLServerName, NetscapeComment, NetscapeCertSequence, - DESX_CBC, + DESX_CBC, // 80 ID_CE, SubjectKeyIdentifier, KeyUsage, @@ -92,7 +92,7 @@ pub enum Nid { BasicConstraints, CrlNumber, CertificatePolicies, - AuthorityKeyIdentifier, + AuthorityKeyIdentifier, // 90 BF_CBC, BF_ECB, BF_CFB, @@ -102,7 +102,7 @@ pub enum Nid { RC4_40, RC2_40_CBC, G, - S, + S, // 100 I, /// uniqueIdentifier UID, @@ -113,7 +113,7 @@ pub enum Nid { D, CAST5_CBC, CAST5_ECB, - CAST5_CFB, + CAST5_CFB, // 110 CAST5_OFB, PbeWithMD5AndCast5CBC, DSA_SHA1, @@ -123,7 +123,7 @@ pub enum Nid { RIPEMD160, // 118 missing RSA_RIPEMD160 = 119, - RC5_CBC, + RC5_CBC, // 120 RC5_ECB, RC5_CFB, RC5_OFB, @@ -133,7 +133,7 @@ pub enum Nid { PKIX, ID_KP, ServerAuth, - ClientAuth, + ClientAuth, // 130 CodeSigning, EmailProtection, TimeStamping, @@ -143,7 +143,7 @@ pub enum Nid { MsSGC, MsEFS, NsSGC, - DeltaCRL, + DeltaCRL, // 140 CRLReason, InvalidityDate, SXNetID, @@ -153,7 +153,7 @@ pub enum Nid { PBE_SHA1_2DES, PBE_SHA1_RC2_128, PBE_SHA1_RC2_40, - KeyBag, + KeyBag, // 150 Pkcs8ShroudedKeyBag, CertBag, CrlBag, @@ -163,7 +163,7 @@ pub enum Nid { LocalKeyID, X509Certificate, SdsiCertificate, - X509Crl, + X509Crl, // 160 PBES2, PBMAC1, HmacWithSha1, @@ -171,6 +171,28 @@ pub enum Nid { ID_QT_UNOTICE, RC2_64_CBC, SMIMECaps, + PBE_MD2_RC2_64, + PBE_MD5_RC2_64, + PBE_SHA1_DES, + MicrosoftExtensionRequest, + ExtensionRequest, + Name, + DnQualifier, + IdPe, + IdAd, + AuthorityInfoAccess, + OCSP, + CaIssuers, + OCSPSigning, // 180 + + // 181 and up are from openssl's obj_mac.h + + /// Shown as UID in cert subject - UserId = 458 + UserId = 458, + + + SHA256 = 672, + SHA384, + SHA512, } From f82a1c4f75208c414a24deb2a6d90e0fc3981637 Mon Sep 17 00:00:00 2001 From: Chris Dawes Date: Thu, 5 May 2016 23:41:55 +0100 Subject: [PATCH 06/12] add rsa signature tests --- openssl-sys/src/lib.rs | 6 +++ openssl/src/crypto/rsa.rs | 109 +++++++++++++++++++++++++++++++++++++- openssl/test/rsa.pem | 27 ++++++++++ openssl/test/rsa.pem.pub | 9 ++++ 4 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 openssl/test/rsa.pem create mode 100644 openssl/test/rsa.pem.pub diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 3d7c59c3..0a762944 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -627,6 +627,12 @@ extern "C" { callback: Option, user_data: *mut c_void) -> c_int; pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey(bp: *mut BIO, rsa: *mut RSA, cipher: *const EVP_CIPHER, + kstr: *mut c_char, klen: c_int, + callback: Option, + user_data: *mut c_void) -> c_int; + pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index f9d1dece..021d450b 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -2,7 +2,7 @@ use ffi; use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; -use std::io::{self, Read}; +use std::io::{self, Read, Write}; use bn::BigNum; use bio::MemBio; @@ -65,6 +65,25 @@ impl RSA { Ok(RSA(rsa)) } } + + /// Writes an RSA private key as unencrypted PEM formatted data + pub fn private_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { + ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut()) + }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } /// Reads an RSA public key from PEM formatted data. pub fn public_key_from_pem(reader: &mut R) -> Result @@ -82,6 +101,25 @@ impl RSA { } } + /// Writes an RSA public key as PEM formatted data + pub fn public_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { + ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) + }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + pub fn size(&self) -> Result { if self.has_n() { unsafe { @@ -170,3 +208,72 @@ impl fmt::Debug for RSA { write!(f, "RSA") } } + +#[cfg(test)] +mod test { + use nid; + use std::fs::File; + use std::io::Write; + use super::*; + use crypto::hash::*; + + fn signing_input_rs256() -> Vec { + vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, + 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, + 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, + 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, + 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, + 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, + 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, + 99, 110, 86, 108, 102, 81] + } + + fn signature_rs256() -> Vec { + vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, + 243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, + 131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81, + 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69, + 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, + 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, + 16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, + 190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244, + 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1, + 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, + 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, + 177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, + 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157, + 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69, + 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, + 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, + 193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, + 251, 71] + } + + #[test] + pub fn test_sign() { + let mut buffer = File::open("test/rsa.pem").unwrap(); + let private_key = RSA::private_key_from_pem(&mut buffer).unwrap(); + + let mut sha = Hasher::new(Type::SHA256); + sha.write_all(&signing_input_rs256()).unwrap(); + let digest = sha.finish(); + + let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap(); + + assert_eq!(result, signature_rs256()); + } + + #[test] + pub fn test_verify() { + let mut buffer = File::open("test/rsa.pem.pub").unwrap(); + let public_key = RSA::public_key_from_pem(&mut buffer).unwrap(); + + let mut sha = Hasher::new(Type::SHA256); + sha.write_all(&signing_input_rs256()).unwrap(); + let digest = sha.finish(); + + let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap(); + + assert!(result); + } +} \ No newline at end of file diff --git a/openssl/test/rsa.pem b/openssl/test/rsa.pem new file mode 100644 index 00000000..d8185fed --- /dev/null +++ b/openssl/test/rsa.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd/wWJcyQoTbji9k0 +l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL+yRT+SFd2lZS+pC +gNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb/7OMg0LOL+bSf63kpaSHSX +ndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uD +Zlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxXFvUK+DWNmoudF8NAco9/h9iaGNj8 +q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQIDAQABAoIBABKucaRpzQorw35S +bEUAVx8dYXUdZOlJcHtiWQ+dC6V8ljxAHj/PLyzTveyI5QO/xkObCyjIL303l2cf +UhPu2MFaJdjVzqACXuOrLot/eSFvxjvqVidTtAZExqFRJ9mylUVAoLvhowVWmC1O +n95fZCXxTUtxNEG1Xcc7m0rtzJKs45J+N/V9DP1edYH6USyPSWGp6wuA+KgHRnKK +Vf9GRx80JQY7nVNkL17eHoTWEwga+lwi0FEoW9Y7lDtWXYmKBWhUE+U8PGxlJf8f +40493HDw1WRQ/aSLoS4QTp3rn7gYgeHEvfJdkkf0UMhlknlo53M09EFPdadQ4TlU +bjqKc50CgYEA4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH/5IB3jw3bcxGn6QLvnE +tfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw/Py5PJdTJNPY8cQn7ouZ2KKDcmnPG +BY5t7yLc1QlQ5xHdwW1VhvKn+nXqhJTBgIPgtldC+KDV5z+y2XDwGUcCgYEAuQPE +fgmVtjL0Uyyx88GZFF1fOunH3+7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYs +p1ZSe7zFYHj7C6ul7TjeLQeZD/YwD66t62wDmpe/HlB+TnBA+njbglfIsRLtXlnD +zQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdcCgYAHAp9XcCSrn8wVkMVkKdb7 +DOX4IKjzdahm+ctDAJN4O/y7OW5FKebvUjdAIt2GuoTZ71iTG+7F0F+lP88jtjP4 +U4qe7VHoewl4MKOfXZKTe+YCS1XbNvfgwJ3Ltyl1OH9hWvu2yza7q+d5PCsDzqtm +27kxuvULVeya+TEdAB1ijQKBgQCH/3r6YrVH/uCWGy6bzV1nGNOdjKc9tmkfOJmN +54dxdixdpozCQ6U4OxZrsj3FcOhHBsqAHvX2uuYjagqvo3cOj1TRqNocX40omfCC +Mx3bD1yPPf/6TI2XECva/ggqEY2mYzmIiA5LVVmc5nrybr+lssFKneeyxN2Wq93S +0iJMdQKBgCGHewxzoa1r8ZMD0LETNrToK423K377UCYqXfg5XMclbrjPbEC3YI1Z +NqMtuhdBJqUnBi6tjKMF+34Xf0CUN8ncuXGO2CAYvO8PdyCixHX52ybaDjy1FtCE +6yUXjoKNXKvUm7MWGsAYH6f4IegOetN5NvmUMFStCSkh7ixZLkN1 +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/rsa.pem.pub b/openssl/test/rsa.pem.pub new file mode 100644 index 00000000..093f2ba1 --- /dev/null +++ b/openssl/test/rsa.pem.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgWCuLjybRlzo0tZWJj +NiuSfb4p4fAkd/wWJcyQoTbji9k0l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEz +P1Pt0Bm4d4QlL+yRT+SFd2lZS+pCgNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo +9wGzjb/7OMg0LOL+bSf63kpaSHSXndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTB +EMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxX +FvUK+DWNmoudF8NAco9/h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXp +oQIDAQAB +-----END PUBLIC KEY----- From e9e9e13da616ac0618e2941d0c71067490d21c68 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 8 May 2016 20:09:39 -0700 Subject: [PATCH 07/12] Downgrade bitflags on travis to build on 1.7 --- .travis.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index e73df5f0..8dae13c4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ addons: - gcc-arm-linux-gnueabihf rust: - nightly -- 1.8.0 +- 1.7.0 os: - osx - linux @@ -18,11 +18,13 @@ matrix: # include: # - os: linux # env: TARGET=arm-unknown-linux-gnueabihf TEST_FEATURES=true - # rust: 1.8.0 + # rust: 1.7.0 exclude: - os: osx env: TEST_FEATURES=true before_install: - ./openssl/test/build.sh script: +- cargo fetch --manifest-path openssl/Cargo.toml # generate a cargo.lock +- cargo update --manifest-path openssl/Cargo.toml -p bitflags --precise 0.5.0 - ./openssl/test/run.sh From 2c2c272e6abb390d01c80585ff76fd6ba0a79b45 Mon Sep 17 00:00:00 2001 From: Anthony Ramine Date: Sun, 15 May 2016 12:27:49 +0200 Subject: [PATCH 08/12] Allow bitflags 0.7 --- openssl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index b69dc074..3f5a4388 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -29,7 +29,7 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"] nightly = [] [dependencies] -bitflags = ">= 0.5.0, < 0.7.0" +bitflags = ">= 0.5.0, < 0.8.0" lazy_static = "0.2" libc = "0.2" openssl-sys = { version = "0.7.11", path = "../openssl-sys" } From 62c29b54c1723d19627082df52b451986a130b79 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 15 May 2016 22:11:10 -0700 Subject: [PATCH 09/12] Update cert Now with a 10 year expriation --- openssl/src/ssl/tests/mod.rs | 14 ++++----- openssl/src/x509/tests.rs | 14 ++++----- openssl/test/cert.pem | 41 +++++++++++++-------------- openssl/test/key.pem | 55 ++++++++++++++++++------------------ 4 files changed, 59 insertions(+), 65 deletions(-) diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index c3e7a363..ccdc44e4 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -196,7 +196,7 @@ macro_rules! run_test( use ssl::SslMethod; use ssl::{SslContext, Ssl, SslStream, VerifyCallback}; use ssl::SSL_VERIFY_PEER; - use crypto::hash::Type::SHA256; + use crypto::hash::Type::SHA1; use x509::X509StoreContext; use serialize::hex::FromHex; use super::Server; @@ -359,7 +359,7 @@ run_test!(verify_callback_data, |method, stream| { match cert { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA256).unwrap(); + let fingerprint = cert.fingerprint(SHA1).unwrap(); &fingerprint == node_id } } @@ -370,7 +370,7 @@ run_test!(verify_callback_data, |method, stream| { // in DER format. // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 // Please update if "test/cert.pem" will ever change - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id); ctx.set_verify_depth(1); @@ -390,14 +390,14 @@ run_test!(ssl_verify_callback, |method, stream| { let ctx = SslContext::new(method).unwrap(); let mut ssl = ctx.into_ssl().unwrap(); - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| { CHECKED.store(1, Ordering::SeqCst); match x509.get_current_cert() { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA256).unwrap(); + let fingerprint = cert.fingerprint(SHA1).unwrap(); fingerprint == node_id } } @@ -502,8 +502,8 @@ run_test!(get_peer_certificate, |method, stream| { let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); - let fingerprint = cert.fingerprint(SHA256).unwrap(); - let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let fingerprint = cert.fingerprint(SHA1).unwrap(); + let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let node_id = node_hash_str.from_hex().unwrap(); assert_eq!(node_id, fingerprint) }); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 0032d108..744aba9e 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -3,7 +3,7 @@ use std::io; use std::path::Path; use std::fs::File; -use crypto::hash::Type::SHA256; +use crypto::hash::Type::SHA1; use crypto::pkey::PKey; use x509::{X509, X509Generator}; use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr}; @@ -17,7 +17,7 @@ fn get_generator() -> X509Generator { .set_bitlength(2048) .set_valid_period(365 * 2) .add_name("CN".to_string(), "test_me".to_string()) - .set_sign_hash(SHA256) + .set_sign_hash(SHA1) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, @@ -83,13 +83,9 @@ fn test_cert_loading() { .expect("Failed to open `test/cert.pem`"); let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); - let fingerprint = cert.fingerprint(SHA256).unwrap(); + let fingerprint = cert.fingerprint(SHA1).unwrap(); - // Hash was generated as SHA256 hash of certificate "test/cert.pem" - // in DER format. - // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 - // Please update if "test/cert.pem" will ever change - let hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b"; + let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; let hash_vec = hash_str.from_hex().unwrap(); assert_eq!(fingerprint, hash_vec); @@ -109,7 +105,7 @@ fn test_subject_read_cn() { None => panic!("Failed to read CN from cert"), }; - assert_eq!(&cn as &str, "test_cert") + assert_eq!(&cn as &str, "foobar.com") } #[test] diff --git a/openssl/test/cert.pem b/openssl/test/cert.pem index 0ca22e3d..b8c5ce01 100644 --- a/openssl/test/cert.pem +++ b/openssl/test/cert.pem @@ -1,24 +1,21 @@ -----BEGIN CERTIFICATE----- -MIID9DCCAtygAwIBAgIJALuA8gDKi5EzMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydDAeFw0xNTA1MTExNzI0 -MThaFw0xNjA1MTAxNzI0MThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l -LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV -BAMUCXRlc3RfY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYg -8apqh+nHYBL/KS9SLtDmhTR2s+H3mk7avXACahMEt/Eapsft5YOJ8JAkPbkoyd91 -QtxbrDF1M3rtTfWwHrf4jCeZ6kt2CSvYyJCPP/7JbWPdMDsYFBtoBOEVMdjOLr4R -8tAar2t1Gu63Mu7LWeYvyFKqJpDkP30/k+OED79l7rOQg6eVN+Qjr1wx3VSBhovs -UShGnSRw5YWiKnvvUnHwq2eXkwXFOdkhRNsTpWgV+EZsOdunczGbEG4qa+iwJjod -/b8O9R1rIr12mwgT2U3GHNpJU0I+Qu2063nONndhMfES3md6QCIlKMVYDSU/Wli5 -sLxTxykXWv548Ib8Yv8CAwEAAaOBvjCBuzAdBgNVHQ4EFgQUGec/TF+Ok3BoEAqX -yvEi9+Emy9QwgYsGA1UdIwSBgzCBgIAUGec/TF+Ok3BoEAqXyvEi9+Emy9ShXaRb -MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ -bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydIIJALuA -8gDKi5EzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALwDb82BBTfz -X+7rENv+f76X+DkHjt6QzCr9f1PYpbIle5/XaxCp+Rkz1BGZTmPRPURpAzweznlG -kY5KydZ1+XdxPHh2zReBS00KxMElmlMKWp7nOnIKohzcQxTFp4VZ7smb9ymXYdYQ -nRqaLIM1AKsj+0ulqsSbKggIuUZBvfrAdC3J6//3CXSdvQLJGzYPtTLUddQLN9pv -GXrdNmvK3BjP+kokAjTt+DMMbIIZZitUVjKXqB7WS/Mqss1P2mdagJmOaD2mL3pY -HDCCpquJ1SKN3g33hOA0pMRxGskyJI8x71mnej0StbUV9GdX0wN5ziSb/ccF2GYi -Q+MS7OxsTEY= +MIIDhzCCAm+gAwIBAgIJAKyxk8nkmAtWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTYwNTE2MDUw +NTAwWhcNMjYwNTE0MDUwNTAwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApmb29iYXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qPQljESzF6NQhf4jkYfQeDYbSRf/LUfT5RvebDb8lrkEP/I33r/vMxK6ZcXy5LdK +SanKImRvIPTVNJFOqOU/v9UIGXJQgKGWktCasZqKNmJP9ULI9eqZzAXNdLkg5Olf +WiUl9bysDjVTUsIhwNTIV/ou1n+/ytJ4qvpO4TpIZXhZFoGbVKuNYF4dVXzroJGu +1JLWJ5PZqwWwDI5mpaGTZ9qTDAEMVYOE4Yi5t877lqr1wEls1GXOyAHdRmzeALQ7 +obNudnqhPROIkx5OxdeMAEtSVqr+uuoUXhh65mSRsdMUEzPbzw9RzebdlNyk34Tv +5k5QFFlcoPbQrTs26CoLNQIDAQABo1AwTjAdBgNVHQ4EFgQUtnMvYaVLoe9ILBWx +n/PcNC+8rDAwHwYDVR0jBBgwFoAUtnMvYaVLoe9ILBWxn/PcNC+8rDAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAALVDDD2f25h5ytSkoUqQilybeRDg +bPhTEEC83NWg2snV1yGtwO3zZ+hvX+J/RqOn33ER/RnQCZTB9FGPj566IbLwLSAE +y83GDsbsFEWCL8yN4Q3dQVub7D3HZ5PBtGpBxC7brvJD7OnR3n75QOFC+OaGKUCo +16XulVsB3IQsXdzL4GwoUqWGWaUyf5MkzFruBma16QetK5J10R42skeXssjvqupv +qUQZxzGOzIGuLTBvJrtFxtoTCu+oZV942wGmuyvLwqRfzIODLNcGLS6lGJudXJPT +Vapaj6maldL3qe1X4bxvtglnpdlrOJ65E3YEC1gcD1KUvfO5vItKrP1FbA== -----END CERTIFICATE----- diff --git a/openssl/test/key.pem b/openssl/test/key.pem index 8ee80a8c..d381795d 100644 --- a/openssl/test/key.pem +++ b/openssl/test/key.pem @@ -1,27 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA1iDxqmqH6cdgEv8pL1Iu0OaFNHaz4feaTtq9cAJqEwS38Rqm -x+3lg4nwkCQ9uSjJ33VC3FusMXUzeu1N9bAet/iMJ5nqS3YJK9jIkI8//sltY90w -OxgUG2gE4RUx2M4uvhHy0Bqva3Ua7rcy7stZ5i/IUqomkOQ/fT+T44QPv2Xus5CD -p5U35COvXDHdVIGGi+xRKEadJHDlhaIqe+9ScfCrZ5eTBcU52SFE2xOlaBX4Rmw5 -26dzMZsQbipr6LAmOh39vw71HWsivXabCBPZTcYc2klTQj5C7bTrec42d2Ex8RLe -Z3pAIiUoxVgNJT9aWLmwvFPHKRda/njwhvxi/wIDAQABAoIBAQC918dqx7hoVBOh -xAfHpJ1NKJPAx90D4no0n0qFHB7fbbeHU5G6f/iUfp+BrB/tIXSZYWU96SjpUHer -7OjJgrQ5d2sLUTKgZK4M6c4oHFkok30gpOI2AksRYU+yHxBqn6JhcZhNWNtd8h1G -t7W4cSHrK0H3yFMY8sQ3Tz7W4Cb2ENIN4wBKeQnmk4k9icG5yz0xLI/vPxqujKij -JWMbk2jNllaUvDgsTAg/MFCzlJH98lzRrX/dhG+q6Rt4S18xac71PMGyUaWduyeC -BHGhHW34361zGQYyeG6eWroTQhvwMHjNxvzA/RiTgHBXV5oRvd9BPPoUS53HYQJO -mzNnfZvBAoGBAPF3VVw+RqG/+OyEkuqE20H35/oSB8tPC6QL/WjWUFwIcSfnkX7H -WmdHBfqCAZlAOqOYgO3iWcgbcOhnggP9J6ssooErt6M7s7hPG/WXwSf0DoCUgtQF -9OrcGNBvwtBMqm82hb8u4IpXUApMYF48MkjbaKSmHU3HQe0sIDese+wlAoGBAOME -YJgtl6t3rcaJ2jzHfEsCTCtCBs2vS9ido73xF3QHTafll/sKMp5bA0mgNhSsphhs -mJCfOl2Cr+0oN90zkumFe4bNIbWQOL/q+HeFwebK5/oWlg/NyvFmMm7LmniFPpBD -NJHqV/ehn8Xuw4LheSG1Bg/aRH5NtoKDcG8+4ZdTAoGAFkTHHoavxOMLdeSUGATA -o8jVH/7hsSJNFIf2iuCY8KPmq6Nzi5mfAL9QEdZDh3qg7c12tnmVhhrhws0o9G04 -Z1Tqd7csbGVpIapKDdA9BA5B+CG6HwudlrtNnotwD/3CChehJgyQsLF0tD5u9MHg -cU+qyuR292FU9yaGohvKIfECgYEAjX7c9fz029rsZSLm85sizV3RO+UbeHgaPhmD -RZBPnfIvZMalw8LHagwwMGO7UYeKvw5wyTN1nXMnVBoNN8I9f2/DXnHc4N3TgUtj -MpwcD03I6QfK4G7UX0HjjUs6LIRgSmqZCZmW2rHSc/wtwBXo+ilqbdcNeevWJeLm -4W/ADCECgYEA7RGbA6qzHtjVS4Nc9rE1tcv4a7p0EvnMXZhIkDZtJqPpkpyOZllm -cTuMCGisw0SEIcSoH1pWRDschbIlOlsn1Mhnb/IczqfHZjb4hmX7Cnlc8WP6TBqI -vma9anlEWW7eIOn5jkY3liQpQ7GJPkCjWuRzne26iV/LIsYj48602Z8= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCo9CWMRLMXo1CF +/iORh9B4NhtJF/8tR9PlG95sNvyWuQQ/8jfev+8zErplxfLkt0pJqcoiZG8g9NU0 +kU6o5T+/1QgZclCAoZaS0Jqxmoo2Yk/1Qsj16pnMBc10uSDk6V9aJSX1vKwONVNS +wiHA1MhX+i7Wf7/K0niq+k7hOkhleFkWgZtUq41gXh1VfOugka7UktYnk9mrBbAM +jmaloZNn2pMMAQxVg4ThiLm3zvuWqvXASWzUZc7IAd1GbN4AtDuhs252eqE9E4iT +Hk7F14wAS1JWqv666hReGHrmZJGx0xQTM9vPD1HN5t2U3KTfhO/mTlAUWVyg9tCt +OzboKgs1AgMBAAECggEBAKLj6IOJBKXolczpzb8UkyAjAkGBektcseV07gelJ/fk +3z0LuWPv5p12E/HlXB24vU2x/ikUbbP3eMsawRzDEahQqmNmPEkYAYUAy/Qpi9GN +DYvn3LqDec4jVgeQKS+p9H2DzUpTogp8zR2//yzbuWBg2+F//xh7vU0S0RQCziPM +x7RSBgbhxSfChfEJbS2sDnzfh0jRQmoY95iFv7puet1FJtzdZ4fgCd1RqmC2lFM5 +H0eZtN/Cz19lieVs0b996DErdEBqClVZO00eYbRozCDaBzRU3ybB/dMrGJxhkkXm +wb3kWMtziH9qOYsostuHIFu8eKFLloKxFnq2R4DGxOECgYEA2KUIZISOeGJSBcLJ +JAUK2gvgXPNo4HHWIwOA9xeN3ZJlsnPlffXQNnm6t1st1V2gfMm9I2n0m/F0y2B/ +n/XGSa8bghfPA9l0c2h58lkL3JQJR/paa8ycTz+YZPrznEyN7Qa0RrJXUvZv9lQL +Hc3+FHcSHgMqDV2f2bHAEu9YGi0CgYEAx6VEIPNvrHFgjo/jk1RTuk+m0xEWQsZL +Cs+izQMr2TaeJn8LG+93AvFuYn0J0nT3WuStLPrUg8i4IhSS6lf1tId5ivIZPm4r +YwMyblBJXhnHbk7Uqodjfw/3s6V2HAu++B7hTdyVr9DFuST9uv4m8bkPV8rfX1jE +I2rAPVWvgikCgYB+wNAQP547wQrMZBLbCDg5KwmyWJfb+b6X7czexOEz6humNTjo +YZHYzY/5B1fhpk3ntQD8X1nGg5caBvOk21+QbOtjShrM3cXMYCw5JvBRtitX+Zo9 +yBEMLOE0877ki8XeEDYZxu5gk98d+D4oygUGZEQtWxyXhVepPt5qNa8OYQKBgQDH +RVgZI6KFlqzv3wMh3PutbS9wYQ+9GrtwUQuIYe/0YSW9+vSVr5E0qNKrD28sV39F +hBauXLady0yvB6YUrjMbPFW+sCMuQzyfGWPO4+g3OrfqjFiM1ZIkE0YEU9Tt7XNx +qTDtTI1D7bhNMnTnniI1B6ge0und+3XafAThs5L48QKBgQCTTpfqMt8kU3tcI9sf +0MK03y7kA76d5uw0pZbWFy7KI4qnzWutCzb+FMPWWsoFtLJLPZy//u/ZCUVFVa4d +0Y/ASNQIESVPXFLAltlLo4MSmsg1vCBsbviEEaPeEjvMrgki93pYtd/aOSgkYC1T +mEq154s5rmqh+h+XRIf7Au0SLw== +-----END PRIVATE KEY----- From 2077449bc87b87f96c8ec6248c5c7060d4bc58bf Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 16 May 2016 23:02:02 -0700 Subject: [PATCH 10/12] Clean up RSA signature API --- openssl/src/crypto/hash.rs | 48 ++++++++++++++++++++++++-------------- openssl/src/crypto/mod.rs | 6 +++++ openssl/src/crypto/pkey.rs | 18 ++++---------- openssl/src/crypto/rsa.rs | 19 ++++++++------- openssl/src/nid.rs | 1 + 5 files changed, 52 insertions(+), 40 deletions(-) diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs index 78465851..69d3a350 100644 --- a/openssl/src/crypto/hash.rs +++ b/openssl/src/crypto/hash.rs @@ -2,9 +2,11 @@ use libc::c_uint; use std::iter::repeat; use std::io::prelude::*; use std::io; - use ffi; +use crypto::HashTypeInternals; +use nid::Nid; + /// Message digest (hash) type. #[derive(Copy, Clone)] pub enum Type { @@ -17,19 +19,32 @@ pub enum Type { RIPEMD160, } +impl HashTypeInternals for Type { + fn as_nid(&self) -> Nid { + match *self { + Type::MD5 => Nid::MD5, + Type::SHA1 => Nid::SHA1, + Type::SHA224 => Nid::SHA224, + Type::SHA256 => Nid::SHA256, + Type::SHA384 => Nid::SHA384, + Type::SHA512 => Nid::SHA512, + Type::RIPEMD160 => Nid::RIPEMD160, + } + } +} + impl Type { /// Returns the length of the message digest. #[inline] pub fn md_len(&self) -> usize { - use self::Type::*; match *self { - MD5 => 16, - SHA1 => 20, - SHA224 => 28, - SHA256 => 32, - SHA384 => 48, - SHA512 => 64, - RIPEMD160 => 20, + Type::MD5 => 16, + Type::SHA1 => 20, + Type::SHA224 => 28, + Type::SHA256 => 32, + Type::SHA384 => 48, + Type::SHA512 => 64, + Type::RIPEMD160 => 20, } } @@ -37,15 +52,14 @@ impl Type { #[inline] pub fn evp_md(&self) -> *const ffi::EVP_MD { unsafe { - use self::Type::*; match *self { - MD5 => ffi::EVP_md5(), - SHA1 => ffi::EVP_sha1(), - SHA224 => ffi::EVP_sha224(), - SHA256 => ffi::EVP_sha256(), - SHA384 => ffi::EVP_sha384(), - SHA512 => ffi::EVP_sha512(), - RIPEMD160 => ffi::EVP_ripemd160(), + Type::MD5 => ffi::EVP_md5(), + Type::SHA1 => ffi::EVP_sha1(), + Type::SHA224 => ffi::EVP_sha224(), + Type::SHA256 => ffi::EVP_sha256(), + Type::SHA384 => ffi::EVP_sha384(), + Type::SHA512 => ffi::EVP_sha512(), + Type::RIPEMD160 => ffi::EVP_ripemd160(), } } } diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index bb77453f..95b27022 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -14,6 +14,8 @@ // limitations under the License. // +use nid::Nid; + pub mod hash; pub mod hmac; pub mod pkcs5; @@ -24,3 +26,7 @@ pub mod memcmp; pub mod rsa; mod symm_internal; + +trait HashTypeInternals { + fn as_nid(&self) -> Nid; +} diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index ba0a16b6..a97da55b 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -5,6 +5,8 @@ use std::iter::repeat; use std::mem; use std::ptr; use bio::MemBio; + +use crypto::HashTypeInternals; use crypto::hash; use crypto::hash::Type as HashType; use ffi; @@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int { } } -fn openssl_hash_nid(hash: HashType) -> c_int { - match hash { - HashType::MD5 => 4, // NID_md5, - HashType::SHA1 => 64, // NID_sha1 - HashType::SHA224 => 675, // NID_sha224 - HashType::SHA256 => 672, // NID_sha256 - HashType::SHA384 => 673, // NID_sha384 - HashType::SHA512 => 674, // NID_sha512 - HashType::RIPEMD160 => 117, // NID_ripemd160 - } -} - pub struct PKey { evp: *mut ffi::EVP_PKEY, parts: Parts, @@ -556,7 +546,7 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); let mut len = 0; - let rv = ffi::RSA_sign(openssl_hash_nid(hash), + let rv = ffi::RSA_sign(hash.as_nid() as c_int, s.as_ptr(), s.len() as c_uint, r.as_mut_ptr(), @@ -579,7 +569,7 @@ impl PKey { panic!("Could not get RSA key for verification"); } - let rv = ffi::RSA_verify(openssl_hash_nid(hash), + let rv = ffi::RSA_verify(hash.as_nid() as c_int, h.as_ptr(), h.len() as c_uint, s.as_ptr(), diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 021d450b..33385687 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -3,10 +3,12 @@ use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; use std::io::{self, Read, Write}; +use libc::c_int; use bn::BigNum; use bio::MemBio; -use nid::Nid; +use crypto::HashTypeInternals; +use crypto::hash; pub struct RSA(*mut ffi::RSA); @@ -130,13 +132,13 @@ impl RSA { } } - pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result, SslError> { + pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result, SslError> { let k_len = try!(self.size()); let mut sig = vec![0;k_len as usize]; let mut sig_len = k_len; unsafe { - let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + let result = ffi::RSA_sign(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); assert!(sig_len == k_len); if result == 1 { @@ -147,9 +149,9 @@ impl RSA { } } - pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result { + pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result { unsafe { - let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); + let result = ffi::RSA_verify(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); Ok(result == 1) } @@ -211,7 +213,6 @@ impl fmt::Debug for RSA { #[cfg(test)] mod test { - use nid; use std::fs::File; use std::io::Write; use super::*; @@ -258,7 +259,7 @@ mod test { sha.write_all(&signing_input_rs256()).unwrap(); let digest = sha.finish(); - let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap(); + let result = private_key.sign(Type::SHA256, &digest).unwrap(); assert_eq!(result, signature_rs256()); } @@ -272,8 +273,8 @@ mod test { sha.write_all(&signing_input_rs256()).unwrap(); let digest = sha.finish(); - let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap(); + let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap(); assert!(result); } -} \ No newline at end of file +} diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index 21ef18e0..780b8a00 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -195,4 +195,5 @@ pub enum Nid { SHA256 = 672, SHA384, SHA512, + SHA224, } From 1b0757409d634f67b37d4c35af8fec878c2ecc27 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 16 May 2016 23:03:00 -0700 Subject: [PATCH 11/12] Rustfmt --- openssl/src/crypto/hmac.rs | 3 +- openssl/src/crypto/pkey.rs | 21 ++-- openssl/src/crypto/rsa.rs | 216 +++++++++++++++++------------------ openssl/src/nid.rs | 5 +- openssl/src/ssl/bio.rs | 31 ++--- openssl/src/ssl/mod.rs | 45 +++++--- openssl/src/ssl/tests/mod.rs | 26 ++--- openssl/src/version.rs | 3 +- openssl/src/x509/mod.rs | 20 ++-- openssl/src/x509/tests.rs | 16 ++- 10 files changed, 201 insertions(+), 185 deletions(-) diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs index 866087b0..143c7b75 100644 --- a/openssl/src/crypto/hmac.rs +++ b/openssl/src/crypto/hmac.rs @@ -387,8 +387,7 @@ mod tests { let tests: [(Vec, Vec); 6] = [(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), (b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()), - (repeat(0xaa_u8).take(20).collect(), - repeat(0xdd_u8).take(50).collect()), + (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()), ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), repeat(0xcd_u8).take(50).collect()), (repeat(0xaa_u8).take(131).collect(), diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index a97da55b..c4111860 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -114,7 +114,7 @@ impl PKey { /// Reads an RSA private key from PEM, takes ownership of handle pub fn private_rsa_key_from_pem(reader: &mut R) -> Result - where R: Read + where R: Read { let rsa = try!(RSA::private_key_from_pem(reader)); unsafe { @@ -130,7 +130,7 @@ impl PKey { /// Reads an RSA public key from PEM, takes ownership of handle pub fn public_rsa_key_from_pem(reader: &mut R) -> Result - where R: Read + where R: Read { let rsa = try!(RSA::public_key_from_pem(reader)); unsafe { @@ -600,16 +600,15 @@ impl Drop for PKey { impl Clone for PKey { fn clone(&self) -> Self { let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts); - // copy by encoding to DER and back + // copy by encoding to DER and back match self.parts { Parts::Public => { pkey.load_pub(&self.save_pub()[..]); - }, + } Parts::Both => { pkey.load_priv(&self.save_priv()[..]); - }, - Parts::Neither => { - }, + } + Parts::Neither => {} } pkey } @@ -684,8 +683,8 @@ mod tests { fn test_private_rsa_key_from_pem() { let key_path = Path::new("test/key.pem"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); super::PKey::private_rsa_key_from_pem(&mut file).unwrap(); } @@ -694,8 +693,8 @@ mod tests { fn test_public_rsa_key_from_pem() { let key_path = Path::new("test/key.pem.pub"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem.pub`"); + .ok() + .expect("Failed to open `test/key.pem.pub`"); super::PKey::public_rsa_key_from_pem(&mut file).unwrap(); } diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 33385687..52b8590e 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -31,8 +31,16 @@ impl RSA { Ok(RSA(rsa)) } } - - pub fn from_private_components(n: BigNum, e: BigNum, d: BigNum, p: BigNum, q: BigNum, dp: BigNum, dq: BigNum, qi: BigNum) -> Result { + + pub fn from_private_components(n: BigNum, + e: BigNum, + d: BigNum, + p: BigNum, + q: BigNum, + dp: BigNum, + dq: BigNum, + qi: BigNum) + -> Result { unsafe { let rsa = try_ssl_null!(ffi::RSA_new()); (*rsa).n = n.into_raw(); @@ -54,7 +62,7 @@ impl RSA { /// Reads an RSA private key from PEM formatted data. pub fn private_key_from_pem(reader: &mut R) -> Result - where R: Read + where R: Read { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); @@ -67,29 +75,35 @@ impl RSA { Ok(RSA(rsa)) } } - + /// Writes an RSA private key as unencrypted PEM formatted data pub fn private_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> - where W: Write + where W: Write { - let mut mem_bio = try!(MemBio::new()); - - let result = unsafe { - ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut()) - }; - - if result == 1 { - try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); - - Ok(()) - } else { - Err(SslError::OpenSslErrors(vec![])) - } + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { + ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(), + self.0, + ptr::null(), + ptr::null_mut(), + 0, + None, + ptr::null_mut()) + }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) + } else { + Err(SslError::OpenSslErrors(vec![])) + } } /// Reads an RSA public key from PEM formatted data. pub fn public_key_from_pem(reader: &mut R) -> Result - where R: Read + where R: Read { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); @@ -102,45 +116,46 @@ impl RSA { Ok(RSA(rsa)) } } - + /// Writes an RSA public key as PEM formatted data pub fn public_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> - where W: Write + where W: Write { - let mut mem_bio = try!(MemBio::new()); - - let result = unsafe { - ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) - }; - - if result == 1 { - try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); - - Ok(()) - } else { - Err(SslError::OpenSslErrors(vec![])) - } - } - - pub fn size(&self) -> Result { - if self.has_n() { - unsafe { - Ok(ffi::RSA_size(self.0) as u32) - } + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) } else { Err(SslError::OpenSslErrors(vec![])) } } - + + pub fn size(&self) -> Result { + if self.has_n() { + unsafe { Ok(ffi::RSA_size(self.0) as u32) } + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result, SslError> { let k_len = try!(self.size()); let mut sig = vec![0;k_len as usize]; let mut sig_len = k_len; - + unsafe { - let result = ffi::RSA_sign(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + let result = ffi::RSA_sign(hash.as_nid() as c_int, + message.as_ptr(), + message.len() as u32, + sig.as_mut_ptr(), + &mut sig_len, + self.0); assert!(sig_len == k_len); - + if result == 1 { Ok(sig) } else { @@ -148,14 +163,19 @@ impl RSA { } } } - + pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result { unsafe { - let result = ffi::RSA_verify(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); - + let result = ffi::RSA_verify(hash.as_nid() as c_int, + message.as_ptr(), + message.len() as u32, + sig.as_ptr(), + sig.len() as u32, + self.0); + Ok(result == 1) } - } + } pub fn as_ptr(&self) -> *mut ffi::RSA { self.0 @@ -163,45 +183,31 @@ impl RSA { // The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers pub fn n(&self) -> Result { - unsafe { - BigNum::new_from_ffi((*self.0).n) - } + unsafe { BigNum::new_from_ffi((*self.0).n) } } pub fn has_n(&self) -> bool { - unsafe { - !(*self.0).n.is_null() - } + unsafe { !(*self.0).n.is_null() } } pub fn d(&self) -> Result { - unsafe { - BigNum::new_from_ffi((*self.0).d) - } + unsafe { BigNum::new_from_ffi((*self.0).d) } } pub fn e(&self) -> Result { - unsafe { - BigNum::new_from_ffi((*self.0).e) - } + unsafe { BigNum::new_from_ffi((*self.0).e) } } pub fn has_e(&self) -> bool { - unsafe { - !(*self.0).e.is_null() - } + unsafe { !(*self.0).e.is_null() } } pub fn p(&self) -> Result { - unsafe { - BigNum::new_from_ffi((*self.0).p) - } + unsafe { BigNum::new_from_ffi((*self.0).p) } } pub fn q(&self) -> Result { - unsafe { - BigNum::new_from_ffi((*self.0).q) - } + unsafe { BigNum::new_from_ffi((*self.0).q) } } } @@ -217,64 +223,58 @@ mod test { use std::io::Write; use super::*; use crypto::hash::*; - + fn signing_input_rs256() -> Vec { - vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, - 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, - 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, - 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, - 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, - 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, - 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, - 99, 110, 86, 108, 102, 81] + vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57, + 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48, + 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, + 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121, + 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99, + 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81] } - + fn signature_rs256() -> Vec { - vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, - 243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, - 131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81, - 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69, - 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, - 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, - 16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, - 190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244, - 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1, - 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, - 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, - 177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, - 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157, - 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69, - 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, - 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, - 193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, - 251, 71] - } - + vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174, + 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60, + 150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, + 16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, + 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129, + 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111, + 36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, + 142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, + 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163, + 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35, + 185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, + 212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, + 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160, + 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71] + } + #[test] pub fn test_sign() { let mut buffer = File::open("test/rsa.pem").unwrap(); let private_key = RSA::private_key_from_pem(&mut buffer).unwrap(); - + let mut sha = Hasher::new(Type::SHA256); sha.write_all(&signing_input_rs256()).unwrap(); let digest = sha.finish(); - + let result = private_key.sign(Type::SHA256, &digest).unwrap(); - + assert_eq!(result, signature_rs256()); } - + #[test] - pub fn test_verify() { + pub fn test_verify() { let mut buffer = File::open("test/rsa.pem.pub").unwrap(); let public_key = RSA::public_key_from_pem(&mut buffer).unwrap(); - + let mut sha = Hasher::new(Type::SHA256); sha.write_all(&signing_input_rs256()).unwrap(); let digest = sha.finish(); - + let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap(); - + assert!(result); } } diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index 780b8a00..874d4a6f 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -184,14 +184,11 @@ pub enum Nid { OCSP, CaIssuers, OCSPSigning, // 180 - + // 181 and up are from openssl's obj_mac.h - - /// Shown as UID in cert subject UserId = 458, - SHA256 = 672, SHA384, SHA512, diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index e53545d7..b6f20cf2 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -23,16 +23,16 @@ pub struct BioMethod(ffi::BIO_METHOD); impl BioMethod { pub fn new() -> BioMethod { BioMethod(ffi::BIO_METHOD { - type_: BIO_TYPE_NONE, - name: b"rust\0".as_ptr() as *const _, - bwrite: Some(bwrite::), - bread: Some(bread::), - bputs: Some(bputs::), - bgets: None, - ctrl: Some(ctrl::), - create: Some(create), - destroy: Some(destroy::), - callback_ctrl: None, + type_: BIO_TYPE_NONE, + name: b"rust\0".as_ptr() as *const _, + bwrite: Some(bwrite::), + bread: Some(bread::), + bputs: Some(bputs::), + bgets: None, + ctrl: Some(ctrl::), + create: Some(create), + destroy: Some(destroy::), + callback_ctrl: None, }) } } @@ -82,12 +82,16 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState { } #[cfg(feature = "nightly")] -fn catch_unwind(f: F) -> Result> where F: FnOnce() -> T { +fn catch_unwind(f: F) -> Result> + where F: FnOnce() -> T +{ ::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f)) } #[cfg(not(feature = "nightly"))] -fn catch_unwind(f: F) -> Result> where F: FnOnce() -> T { +fn catch_unwind(f: F) -> Result> + where F: FnOnce() -> T +{ Ok(f()) } @@ -137,7 +141,8 @@ unsafe extern "C" fn bread(bio: *mut BIO, buf: *mut c_char, len: c_int) fn retriable_error(err: &io::Error) -> bool { match err.kind() { - io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true, + io::ErrorKind::WouldBlock | + io::ErrorKind::NotConnected => true, _ => false, } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index aa785142..f207416f 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -850,7 +850,7 @@ pub struct SslCipher<'a> { ph: PhantomData<&'a ()>, } -impl <'a> SslCipher<'a> { +impl<'a> SslCipher<'a> { /// Returns the name of cipher. pub fn name(&self) -> &'static str { let name = unsafe { @@ -874,12 +874,18 @@ impl <'a> SslCipher<'a> { /// Returns the number of bits used for the cipher. pub fn bits(&self) -> CipherBits { unsafe { - let algo_bits : *mut c_int = ptr::null_mut(); + let algo_bits: *mut c_int = ptr::null_mut(); let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); if !algo_bits.is_null() { - CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } + CipherBits { + secret: secret_bits, + algorithm: Some(*algo_bits), + } } else { - CipherBits { secret: secret_bits, algorithm: None } + CipherBits { + secret: secret_bits, + algorithm: None, + } } } } @@ -987,7 +993,9 @@ impl Ssl { { unsafe { let verify = Box::new(verify); - ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::(), mem::transmute(verify)); + ffi::SSL_set_ex_data(self.ssl, + get_ssl_verify_data_idx::(), + mem::transmute(verify)); ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::)); } } @@ -999,7 +1007,10 @@ impl Ssl { if ptr.is_null() { None } else { - Some(SslCipher{ cipher: ptr, ph: PhantomData }) + Some(SslCipher { + cipher: ptr, + ph: PhantomData, + }) } } } @@ -1052,8 +1063,8 @@ impl Ssl { /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. pub fn version(&self) -> &'static str { let version = unsafe { - let ptr = ffi::SSL_get_version(self.ssl); - CStr::from_ptr(ptr as *const _) + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) }; str::from_utf8(version.to_bytes()).unwrap() @@ -1224,7 +1235,8 @@ impl Clone for SslStream { } } -impl fmt::Debug for SslStream where S: fmt::Debug +impl fmt::Debug for SslStream + where S: fmt::Debug { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("SslStream") @@ -1385,7 +1397,8 @@ impl SslStream { } } LibSslError::ErrorZeroReturn => Some(SslError::SslSessionClosed), - LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => None, + LibSslError::ErrorWantWrite | + LibSslError::ErrorWantRead => None, err => { Some(SslError::StreamError(io::Error::new(io::ErrorKind::Other, format!("unexpected error {:?}", err)))) @@ -1401,8 +1414,7 @@ impl SslStream { } #[cfg(not(feature = "nightly"))] - fn check_panic(&mut self) { - } + fn check_panic(&mut self) {} fn get_bio_error(&mut self) -> io::Error { let error = unsafe { bio::take_error::(self.ssl.get_raw_rbio()) }; @@ -1513,7 +1525,8 @@ pub enum MaybeSslStream Normal(S), } -impl Read for MaybeSslStream where S: Read + Write +impl Read for MaybeSslStream + where S: Read + Write { fn read(&mut self, buf: &mut [u8]) -> io::Result { match *self { @@ -1523,7 +1536,8 @@ impl Read for MaybeSslStream where S: Read + Write } } -impl Write for MaybeSslStream where S: Read + Write +impl Write for MaybeSslStream + where S: Read + Write { fn write(&mut self, buf: &[u8]) -> io::Result { match *self { @@ -1540,7 +1554,8 @@ impl Write for MaybeSslStream where S: Read + Write } } -impl MaybeSslStream where S: Read + Write +impl MaybeSslStream + where S: Read + Write { /// Returns a reference to the underlying stream. pub fn get_ref(&self) -> &S { diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index ccdc44e4..5339f27e 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -236,7 +236,7 @@ run_test!(verify_untrusted, |method, stream| { match SslStream::connect_generic(&ctx, stream) { Ok(_) => panic!("expected failure"), - Err(err) => println!("error {:?}", err) + Err(err) => println!("error {:?}", err), } }); @@ -246,11 +246,11 @@ run_test!(verify_trusted, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect_generic(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -264,7 +264,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| { match SslStream::connect_generic(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -289,11 +289,11 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } match SslStream::connect_generic(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -307,7 +307,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect_generic(&ctx, stream).is_err()); }); @@ -335,7 +335,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| { match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } assert!(SslStream::connect_generic(&ctx, stream).is_ok()); }); @@ -353,8 +353,7 @@ run_test!(verify_trusted_get_error_err, |method, stream| { }); run_test!(verify_callback_data, |method, stream| { - fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, - node_id: &Vec) -> bool { + fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, node_id: &Vec) -> bool { let cert = x509_ctx.get_current_cert(); match cert { None => false, @@ -377,7 +376,7 @@ run_test!(verify_callback_data, |method, stream| { match SslStream::connect_generic(&ctx, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } }); @@ -405,7 +404,7 @@ run_test!(ssl_verify_callback, |method, stream| { match SslStream::connect_generic(ssl, stream) { Ok(_) => (), - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), } assert_eq!(CHECKED.load(Ordering::SeqCst), 1); @@ -499,8 +498,7 @@ fn test_write_direct() { } run_test!(get_peer_certificate, |method, stream| { - let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), - stream).unwrap(); + let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); let fingerprint = cert.fingerprint(SHA1).unwrap(); let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; diff --git a/openssl/src/version.rs b/openssl/src/version.rs index 323cf1e2..0e9f61d8 100644 --- a/openssl/src/version.rs +++ b/openssl/src/version.rs @@ -1,4 +1,3 @@ -// // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -86,4 +85,4 @@ fn test_versions() { assert!(c_flags().starts_with("compiler:")); assert!(built_on().starts_with("built on:")); assert!(dir().starts_with("OPENSSLDIR:")); -} \ No newline at end of file +} diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 0a242a15..3150cc6e 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -379,7 +379,9 @@ impl X509Generator { ffi::X509_set_issuer_name(x509.handle, name); for (exttype, ext) in self.extensions.iter() { - try!(X509Generator::add_extension_internal(x509.handle, &exttype, &ext.to_string())); + try!(X509Generator::add_extension_internal(x509.handle, + &exttype, + &ext.to_string())); } let hash_fn = self.hash_type.evp_md(); @@ -539,9 +541,9 @@ extern "C" { impl<'ctx> Clone for X509<'ctx> { fn clone(&self) -> X509<'ctx> { unsafe { rust_X509_clone(self.handle) } - /* FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx - * is probably also uneeded. We can remove both to condense the x509 api quite a bit - */ + // FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx + // is probably also uneeded. We can remove both to condense the x509 api quite a bit + // X509::new(self.handle, true) } } @@ -671,7 +673,7 @@ impl Extensions { pub fn add(&mut self, ext: Extension) { let ext_type = ext.get_type(); - if let Some(index) = self.indexes.get(&ext_type) { + if let Some(index) = self.indexes.get(&ext_type) { self.extensions[*index] = ext; return; } @@ -693,7 +695,7 @@ impl Extensions { /// extension in the collection. struct ExtensionsIter<'a> { current: usize, - extensions: &'a Vec + extensions: &'a Vec, } impl<'a> Iterator for ExtensionsIter<'a> { @@ -798,9 +800,7 @@ pub struct GeneralNames<'a> { impl<'a> GeneralNames<'a> { /// Returns the number of `GeneralName`s in this structure. pub fn len(&self) -> usize { - unsafe { - (*self.stack).stack.num as usize - } + unsafe { (*self.stack).stack.num as usize } } /// Returns the specified `GeneralName`. @@ -823,7 +823,7 @@ impl<'a> GeneralNames<'a> { pub fn iter(&self) -> GeneralNamesIter { GeneralNamesIter { names: self, - idx: 0 + idx: 0, } } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 744aba9e..f547a982 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -56,9 +56,10 @@ fn test_cert_gen_extension_ordering() { #[test] fn test_cert_gen_extension_bad_ordering() { let result = get_generator() - .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned())) - .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) - .generate(); + .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, + "keyid:always".to_owned())) + .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) + .generate(); assert!(result.is_err()); } @@ -162,7 +163,8 @@ fn test_subject_alt_name() { let subject_alt_names = cert.subject_alt_names().unwrap(); assert_eq!(3, subject_alt_names.len()); assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dnsname()); - assert_eq!(subject_alt_names.get(1).ipaddress(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names.get(1).ipaddress(), + Some(&[127, 0, 0, 1][..])); assert_eq!(subject_alt_names.get(2).ipaddress(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); } @@ -174,8 +176,10 @@ fn test_subject_alt_name_iter() { let subject_alt_names = cert.subject_alt_names().unwrap(); let mut subject_alt_names_iter = subject_alt_names.iter(); - assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), Some("foobar.com")); - assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), Some(&[127, 0, 0, 1][..])); + assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), + Some("foobar.com")); + assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), + Some(&[127, 0, 0, 1][..])); assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); assert!(subject_alt_names_iter.next().is_none()); From 95051b060d5701d5c2282d92a7d9d955852e1e30 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 16 May 2016 23:04:03 -0700 Subject: [PATCH 12/12] Release v0.7.12 --- README.md | 2 +- openssl-sys-extras/Cargo.toml | 6 +++--- openssl-sys-extras/src/lib.rs | 2 +- openssl-sys/Cargo.toml | 4 ++-- openssl-sys/src/lib.rs | 2 +- openssl/Cargo.toml | 8 ++++---- openssl/src/lib.rs | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index fd8cc2ee..17005abb 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) -[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl). +[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl). ## Building diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml index 14f09247..d9f1ece3 100644 --- a/openssl-sys-extras/Cargo.toml +++ b/openssl-sys-extras/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl-sys-extras" -version = "0.7.11" +version = "0.7.12" authors = ["Steven Fackler "] license = "MIT" description = "Extra FFI bindings to OpenSSL that require a C shim" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys_extras" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys_extras" build = "build.rs" [features] @@ -13,7 +13,7 @@ ecdh_auto = [] [dependencies] libc = "0.2" -openssl-sys = { version = "0.7.11", path = "../openssl-sys" } +openssl-sys = { version = "0.7.12", path = "../openssl-sys" } [build-dependencies] gcc = "0.3" diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs index a2acbd55..dbc19641 100644 --- a/openssl-sys-extras/src/lib.rs +++ b/openssl-sys-extras/src/lib.rs @@ -1,5 +1,5 @@ #![allow(non_upper_case_globals, non_snake_case)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")] extern crate openssl_sys; extern crate libc; diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 9ad5c456..890e9554 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "openssl-sys" -version = "0.7.11" +version = "0.7.12" authors = ["Alex Crichton ", "Steven Fackler "] license = "MIT" description = "FFI bindings to OpenSSL" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys" links = "openssl" build = "build.rs" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b6f55832..0a422b7e 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")] extern crate libc; diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 3f5a4388..2d311d50 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl" -version = "0.7.11" +version = "0.7.12" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl" readme = "../README.md" keywords = ["crypto", "tls", "ssl", "dtls"] build = "build.rs" @@ -32,8 +32,8 @@ nightly = [] bitflags = ">= 0.5.0, < 0.8.0" lazy_static = "0.2" libc = "0.2" -openssl-sys = { version = "0.7.11", path = "../openssl-sys" } -openssl-sys-extras = { version = "0.7.11", path = "../openssl-sys-extras" } +openssl-sys = { version = "0.7.12", path = "../openssl-sys" } +openssl-sys-extras = { version = "0.7.12", path = "../openssl-sys-extras" } [build-dependencies] gcc = "0.3" diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index f3be24b1..474e0b9a 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")] #![cfg_attr(feature = "nightly", feature(const_fn))] #[macro_use]