min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into x509_req_version_subject

This commit is contained in:
Steven Fackler 2017-02-11 09:11:25 -08:00 committed by GitHub
parent 8ae424235e ad07b19ed3
commit 1c25336520
8 changed files with 177 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -57,6 +57,12 @@ Homebrew:
brew install openssl brew install openssl
``` ```
> Occasionally an update of XCode or MacOS will cause the linker to fail after compilation, to rectify this you may want to try and run:
```bash
xcode-select --install
```
If Homebrew is installed to the default location of `/usr/local`, OpenSSL will be If Homebrew is installed to the default location of `/usr/local`, OpenSSL will be
automatically detected. automatically detected.

9
openssl-sys/src/lib.rs
View File

@ -26,8 +26,10 @@ pub use libressl::*;
pub enum ASN1_INTEGER {} pub enum ASN1_INTEGER {}
pub enum ASN1_GENERALIZEDTIME {} pub enum ASN1_GENERALIZEDTIME {}
pub enum ASN1_STRING {} pub enum ASN1_STRING {}
pub enum ASN1_BIT_STRING {}
pub enum ASN1_TIME {} pub enum ASN1_TIME {}
pub enum ASN1_TYPE {} pub enum ASN1_TYPE {}
pub enum ASN1_OBJECT {}
pub enum BN_CTX {} pub enum BN_CTX {}
pub enum BN_GENCB {} pub enum BN_GENCB {}
pub enum CONF {} pub enum CONF {}
@ -1408,6 +1410,8 @@ extern {
pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING; pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
pub fn ASN1_TIME_free(tm: *mut ASN1_TIME); pub fn ASN1_TIME_free(tm: *mut ASN1_TIME);
pub fn ASN1_TIME_print(b: *mut BIO, tm: *const ASN1_TIME) -> c_int; pub fn ASN1_TIME_print(b: *mut BIO, tm: *const ASN1_TIME) -> c_int;
pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);
pub fn ASN1_OBJECT_free(x: *mut ASN1_OBJECT);
pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long; pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
pub fn BIO_free_all(b: *mut BIO); pub fn BIO_free_all(b: *mut BIO);
@ -1652,6 +1656,9 @@ extern {
pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int;
pub fn OBJ_obj2nid(o: *const ASN1_OBJECT) -> c_int;
pub fn OBJ_obj2txt(buf: *mut c_char, buf_len: c_int, a: *const ASN1_OBJECT, no_name: c_int) -> c_int;
pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP; pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP;
pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP); pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP);
pub fn OCSP_basic_verify(bs: *mut OCSP_BASICRESP, certs: *mut stack_st_X509, st: *mut X509_STORE, flags: c_ulong) -> c_int; pub fn OCSP_basic_verify(bs: *mut OCSP_BASICRESP, certs: *mut stack_st_X509, st: *mut X509_STORE, flags: c_ulong) -> c_int;
@ -1925,6 +1932,8 @@ extern {
pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING;
pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int; pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int;
pub fn X509_ALGOR_free(x: *mut X509_ALGOR);
pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION);
pub fn X509_NAME_free(x: *mut X509_NAME); pub fn X509_NAME_free(x: *mut X509_NAME);

10
openssl-sys/src/libressl.rs
View File

@ -247,8 +247,8 @@ pub struct DH {
#[repr(C)] #[repr(C)]
pub struct X509 { pub struct X509 {
pub cert_info: *mut X509_CINF, pub cert_info: *mut X509_CINF,
sig_alg: *mut c_void, pub sig_alg: *mut ::X509_ALGOR,
signature: *mut c_void, pub signature: *mut ::ASN1_BIT_STRING,
pub valid: c_int, pub valid: c_int,
pub references: c_int, pub references: c_int,
pub name: *mut c_char, pub name: *mut c_char,
@ -285,6 +285,12 @@ pub struct X509_CINF {
enc: ASN1_ENCODING, enc: ASN1_ENCODING,
} }
#[repr(C)]
pub struct X509_ALGOR {
pub algorithm: *mut ::ASN1_OBJECT,
parameter: *mut c_void,
}
#[repr(C)] #[repr(C)]
pub struct ASN1_ENCODING { pub struct ASN1_ENCODING {
pub enc: *mut c_uchar, pub enc: *mut c_uchar,

16
openssl-sys/src/ossl10x.rs
View File

@ -250,8 +250,8 @@ pub struct DH {
#[repr(C)] #[repr(C)]
pub struct X509 { pub struct X509 {
pub cert_info: *mut X509_CINF, pub cert_info: *mut X509_CINF,
sig_alg: *mut c_void, pub sig_alg: *mut ::X509_ALGOR,
signature: *mut c_void, pub signature: *mut ::ASN1_BIT_STRING,
pub valid: c_int, pub valid: c_int,
pub references: c_int, pub references: c_int,
pub name: *mut c_char, pub name: *mut c_char,
@ -292,6 +292,12 @@ pub struct X509_CINF {
enc: ASN1_ENCODING, enc: ASN1_ENCODING,
} }
#[repr(C)]
pub struct X509_ALGOR {
pub algorithm: *mut ::ASN1_OBJECT,
parameter: *mut c_void,
}
#[repr(C)] #[repr(C)]
pub struct ASN1_ENCODING { pub struct ASN1_ENCODING {
pub enc: *mut c_uchar, pub enc: *mut c_uchar,
@ -850,6 +856,12 @@ extern {
pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void;
#[cfg(not(ossl101))]
pub fn X509_get0_signature(psig: *mut *mut ::ASN1_BIT_STRING, palg: *mut *mut ::X509_ALGOR, x: *const ::X509);
#[cfg(not(ossl101))]
pub fn X509_get_signature_nid(x: *const X509) -> c_int;
#[cfg(not(ossl101))]
pub fn X509_ALGOR_get0(paobj: *mut *mut ::ASN1_OBJECT, pptype: *mut c_int, ppval: *mut *mut c_void, alg: *mut ::X509_ALGOR);
pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY;
pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING;
pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;

4
openssl-sys/src/ossl110.rs
View File

@ -26,6 +26,7 @@ pub enum stack_st_X509_ATTRIBUTE {}
pub enum stack_st_X509_EXTENSION {} pub enum stack_st_X509_EXTENSION {}
pub enum stack_st_SSL_CIPHER {} pub enum stack_st_SSL_CIPHER {}
pub enum X509 {} pub enum X509 {}
pub enum X509_ALGOR {}
pub enum X509_VERIFY_PARAM {} pub enum X509_VERIFY_PARAM {}
pub enum X509_REQ {} pub enum X509_REQ {}
@ -85,6 +86,8 @@ extern {
pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_get_ext_d2i(x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_get_ext_d2i(x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void;
pub fn X509_get_signature_nid(x: *const X509) -> c_int;
pub fn X509_ALGOR_get0(paobj: *mut *const ::ASN1_OBJECT, pptype: *mut c_int, ppval: *mut *const c_void, alg: *const ::X509_ALGOR);
pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY;
pub fn X509_NAME_ENTRY_get_data(ne: *const ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; pub fn X509_NAME_ENTRY_get_data(ne: *const ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING;
pub fn X509V3_EXT_nconf_nid(conf: *mut ::CONF, ctx: *mut ::X509V3_CTX, ext_nid: c_int, value: *const c_char) -> *mut ::X509_EXTENSION; pub fn X509V3_EXT_nconf_nid(conf: *mut ::CONF, ctx: *mut ::X509V3_CTX, ext_nid: c_int, value: *const c_char) -> *mut ::X509_EXTENSION;
@ -128,6 +131,7 @@ extern {
pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong; pub fn SSL_CTX_clear_options(ctx: *mut ::SSL_CTX, op: c_ulong) -> c_ulong;
pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notAfter(x: *const ::X509) -> *mut ::ASN1_TIME;
pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME; pub fn X509_getm_notBefore(x: *const ::X509) -> *mut ::ASN1_TIME;
pub fn X509_get0_signature(psig: *mut *const ::ASN1_BIT_STRING, palg: *mut *const ::X509_ALGOR, x: *const ::X509);
pub fn DH_set0_pqg(dh: *mut ::DH, pub fn DH_set0_pqg(dh: *mut ::DH,
p: *mut ::BIGNUM, p: *mut ::BIGNUM,
q: *mut ::BIGNUM, q: *mut ::BIGNUM,

52
openssl/src/asn1.rs
View File

@ -1,6 +1,6 @@
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_long, c_char}; use libc::{c_long, c_char, c_int};
use std::fmt; use std::fmt;
use std::ptr; use std::ptr;
use std::slice; use std::slice;
@ -9,6 +9,7 @@ use std::str;
use {cvt, cvt_p}; use {cvt, cvt_p};
use bio::MemBio; use bio::MemBio;
use error::ErrorStack; use error::ErrorStack;
use nid::Nid;
use string::OpensslString; use string::OpensslString;
foreign_type! { foreign_type! {
@ -116,6 +117,55 @@ impl Asn1IntegerRef {
} }
} }
foreign_type! {
type CType = ffi::ASN1_BIT_STRING;
fn drop = ffi::ASN1_BIT_STRING_free;
pub struct Asn1BitString;
pub struct Asn1BitStringRef;
}
impl Asn1BitStringRef {
pub fn as_slice(&self) -> &[u8] {
unsafe { slice::from_raw_parts(ASN1_STRING_data(self.as_ptr() as *mut _), self.len()) }
}
pub fn len(&self) -> usize {
unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *mut _) as usize }
}
}
foreign_type! {
type CType = ffi::ASN1_OBJECT;
fn drop = ffi::ASN1_OBJECT_free;
pub struct Asn1Object;
pub struct Asn1ObjectRef;
}
impl Asn1ObjectRef {
/// Returns the NID associated with this OID.
pub fn nid(&self) -> Nid {
unsafe {
Nid::from_raw(ffi::OBJ_obj2nid(self.as_ptr()))
}
}
}
impl fmt::Display for Asn1ObjectRef {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
unsafe {
let mut buf = [0; 80];
let len = ffi::OBJ_obj2txt(buf.as_mut_ptr() as *mut _,
buf.len() as c_int,
self.as_ptr(),
0);
let s = try!(str::from_utf8(&buf[..len as usize]).map_err(|_| fmt::Error));
fmt.write_str(s)
}
}
}
#[cfg(any(ossl101, ossl102))] #[cfg(any(ossl101, ossl102))]
use ffi::ASN1_STRING_data; use ffi::ASN1_STRING_data;

80
openssl/src/x509/mod.rs
View File

@ -13,7 +13,7 @@ use std::slice;
use std::str; use std::str;
use {cvt, cvt_p}; use {cvt, cvt_p};
use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef}; use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef, Asn1BitStringRef, Asn1ObjectRef};
use bio::MemBioSlice; use bio::MemBioSlice;
use hash::MessageDigest; use hash::MessageDigest;
use pkey::{PKey, PKeyRef}; use pkey::{PKey, PKeyRef};
@ -410,8 +410,8 @@ impl X509Ref {
} }
} }
/// Returns certificate Not After validity period. /// Returns the certificate's Not After validity period.
pub fn not_after<'a>(&'a self) -> &'a Asn1TimeRef { pub fn not_after(&self) -> &Asn1TimeRef {
unsafe { unsafe {
let date = compat::X509_get_notAfter(self.as_ptr()); let date = compat::X509_get_notAfter(self.as_ptr());
assert!(!date.is_null()); assert!(!date.is_null());
@ -419,8 +419,8 @@ impl X509Ref {
} }
} }
/// Returns certificate Not Before validity period. /// Returns the certificate's Not Before validity period.
pub fn not_before<'a>(&'a self) -> &'a Asn1TimeRef { pub fn not_before(&self) -> &Asn1TimeRef {
unsafe { unsafe {
let date = compat::X509_get_notBefore(self.as_ptr()); let date = compat::X509_get_notBefore(self.as_ptr());
assert!(!date.is_null()); assert!(!date.is_null());
@ -428,6 +428,26 @@ impl X509Ref {
} }
} }
/// Returns the certificate's signature
pub fn signature(&self) -> &Asn1BitStringRef {
unsafe {
let mut signature = ptr::null();
compat::X509_get0_signature(&mut signature, ptr::null_mut(), self.as_ptr());
assert!(!signature.is_null());
Asn1BitStringRef::from_ptr(signature as *mut _)
}
}
/// Returns the certificate's signature algorithm.
pub fn signature_algorithm(&self) -> &X509AlgorithmRef {
unsafe {
let mut algor = ptr::null();
compat::X509_get0_signature(ptr::null_mut(), &mut algor, self.as_ptr());
assert!(!algor.is_null());
X509AlgorithmRef::from_ptr(algor as *mut _)
}
}
/// Returns the list of OCSP responder URLs specified in the certificate's Authority Information /// Returns the list of OCSP responder URLs specified in the certificate's Authority Information
/// Access field. /// Access field.
pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack> { pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack> {
@ -828,12 +848,23 @@ impl Stackable for GeneralName {
type StackType = ffi::stack_st_GENERAL_NAME; type StackType = ffi::stack_st_GENERAL_NAME;
} }
#[test] foreign_type! {
fn test_negative_serial() { type CType = ffi::X509_ALGOR;
// I guess that's enough to get a random negative number fn drop = ffi::X509_ALGOR_free;
for _ in 0..1000 {
assert!(X509Generator::random_serial().unwrap() > 0, pub struct X509Algorithm;
"All serials should be positive"); pub struct X509AlgorithmRef;
}
impl X509AlgorithmRef {
/// Returns the ASN.1 OID of this algorithm.
pub fn object(&self) -> &Asn1ObjectRef {
unsafe {
let mut oid = ptr::null();
compat::X509_ALGOR_get0(&mut oid, ptr::null_mut(), ptr::null_mut(), self.as_ptr());
assert!(!oid.is_null());
Asn1ObjectRef::from_ptr(oid as *mut _)
}
} }
} }
@ -842,15 +873,16 @@ mod compat {
pub use ffi::X509_getm_notAfter as X509_get_notAfter; pub use ffi::X509_getm_notAfter as X509_get_notAfter;
pub use ffi::X509_getm_notBefore as X509_get_notBefore; pub use ffi::X509_getm_notBefore as X509_get_notBefore;
pub use ffi::X509_up_ref; pub use ffi::X509_up_ref;
pub use ffi::X509_get0_extensions;
pub use ffi::X509_REQ_get_version; pub use ffi::X509_REQ_get_version;
pub use ffi::X509_REQ_get_subject_name; pub use ffi::X509_REQ_get_subject_name;
pub use ffi::X509_get0_signature;
pub use ffi::X509_ALGOR_get0;
} }
#[cfg(ossl10x)] #[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
mod compat { mod compat {
use libc::c_int; use libc::{c_int, c_void};
use ffi; use ffi;
pub unsafe fn X509_get_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME { pub unsafe fn X509_get_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME {
@ -888,4 +920,26 @@ mod compat {
{ {
(*(*x).req_info).subject (*(*x).req_info).subject
} }
pub unsafe fn X509_get0_signature(psig: *mut *const ffi::ASN1_BIT_STRING,
palg: *mut *const ffi::X509_ALGOR,
x: *const ffi::X509) {
if !psig.is_null() {
*psig = (*x).signature;
}
if !palg.is_null() {
*palg = (*x).sig_alg;
}
}
pub unsafe fn X509_ALGOR_get0(paobj: *mut *const ffi::ASN1_OBJECT,
pptype: *mut c_int,
pval: *mut *mut c_void,
alg: *const ffi::X509_ALGOR) {
if !paobj.is_null() {
*paobj = (*alg).algorithm;
}
assert!(pptype.is_null());
assert!(pval.is_null());
}
} }

18
openssl/src/x509/tests.rs
View File

@ -225,3 +225,21 @@ fn ecdsa_cert() {
ctx.set_private_key(&key).unwrap(); ctx.set_private_key(&key).unwrap();
ctx.check_private_key().unwrap(); ctx.check_private_key().unwrap();
} }
#[test]
fn signature() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
let signature = cert.signature();
assert_eq!(signature.as_slice().to_hex(),
"4af607b889790b43470442cfa551cdb8b6d0b0340d2958f76b9e3ef6ad4992230cead6842587f0ecad5\
78e6e11a221521e940187e3d6652de14e84e82f6671f097cc47932e022add3c0cb54a26bf27fa84c107\
4971caa6bee2e42d34a5b066c427f2d452038082b8073993399548088429de034fdd589dcfb0dd33be7\
ebdfdf698a28d628a89568881d658151276bde333600969502c4e62e1d3470a683364dfb241f78d310a\
89c119297df093eb36b7fd7540224f488806780305d1e79ffc938fe2275441726522ab36d88348e6c51\
f13dcc46b5e1cdac23c974fd5ef86aa41e91c9311655090a52333bc79687c748d833595d4c5f987508f\
e121997410d37c");
let algorithm = cert.signature_algorithm();
assert_eq!(algorithm.object().nid(), nid::SHA256WITHRSAENCRYPTION);
assert_eq!(algorithm.object().to_string(), "sha256WithRSAEncryption");
}