min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OpenSSL 1.1.1 support

This commit is contained in:
Steven Fackler 2018-02-13 22:28:01 -08:00
parent 41598534b6
commit 2765775535
14 changed files with 203 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.circleci/config.yml
View File

@ -90,6 +90,9 @@ macos_job: &MACOS_JOB
cargo test --manifest-path=openssl/Cargo.toml --all-features cargo test --manifest-path=openssl/Cargo.toml --all-features
- *SAVE_DEPS - *SAVE_DEPS
openssl_111: &OPENSSL_111
LIBRARY: openssl
VERSION: 1.1.1-pre1
openssl_110: &OPENSSL_110 openssl_110: &OPENSSL_110
LIBRARY: openssl LIBRARY: openssl
VERSION: 1.1.0g VERSION: 1.1.0g
@ -125,6 +128,10 @@ base: &BASE
version: 2 version: 2
jobs: jobs:
x86_64-openssl-1.1.1:
<<: *JOB
environment:
<<: [*OPENSSL_111, *X86_64, *BASE]
x86_64-openssl-1.1.0: x86_64-openssl-1.1.0:
<<: *JOB <<: *JOB
environment: environment:
@ -137,6 +144,10 @@ jobs:
<<: *JOB <<: *JOB
environment: environment:
<<: [*OPENSSL_101, *X86_64, *BASE] <<: [*OPENSSL_101, *X86_64, *BASE]
i686-openssl-1.1.1:
<<: *JOB
environment:
<<: [*OPENSSL_111, *I686, *BASE]
i686-openssl-1.1.0: i686-openssl-1.1.0:
<<: *JOB <<: *JOB
environment: environment:
@ -145,10 +156,10 @@ jobs:
<<: *JOB <<: *JOB
environment: environment:
<<: [*OPENSSL_102, *I686, *BASE] <<: [*OPENSSL_102, *I686, *BASE]
i686-openssl-1.0.1: armhf-openssl-1.1.1:
<<: *JOB <<: *JOB
environment: environment:
<<: [*OPENSSL_101, *I686, *BASE] <<: [*OPENSSL_111, *ARMHF, *BASE]
armhf-openssl-1.1.0: armhf-openssl-1.1.0:
<<: *JOB <<: *JOB
environment: environment:
@ -157,10 +168,6 @@ jobs:
<<: *JOB <<: *JOB
environment: environment:
<<: [*OPENSSL_102, *ARMHF, *BASE] <<: [*OPENSSL_102, *ARMHF, *BASE]
armhf-openssl-1.0.1:
<<: *JOB
environment:
<<: [*OPENSSL_101, *ARMHF, *BASE]
x86_64-libressl-2.5.0: x86_64-libressl-2.5.0:
<<: *JOB <<: *JOB
environment: environment:
@ -175,15 +182,16 @@ workflows:
version: 2 version: 2
tests: tests:
jobs: jobs:
- x86_64-openssl-1.1.1
- x86_64-openssl-1.1.0 - x86_64-openssl-1.1.0
- x86_64-openssl-1.0.2 - x86_64-openssl-1.0.2
- x86_64-openssl-1.0.1 - x86_64-openssl-1.0.1
- i686-openssl-1.1.1
- i686-openssl-1.1.0 - i686-openssl-1.1.0
- i686-openssl-1.0.2 - i686-openssl-1.0.2
- i686-openssl-1.0.1 - armhf-openssl-1.1.1
- armhf-openssl-1.1.0 - armhf-openssl-1.1.0
- armhf-openssl-1.0.2 - armhf-openssl-1.0.2
- armhf-openssl-1.0.1
- x86_64-libressl-2.5.0 - x86_64-libressl-2.5.0
- x86_64-libressl-2.6.3 - x86_64-libressl-2.6.3
- macos - macos

15
openssl-sys/build.rs
View File

@ -343,8 +343,10 @@ RUST_LIBRESSL_251
RUST_LIBRESSL_250 RUST_LIBRESSL_250
#elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000 #elif defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20500000
RUST_LIBRESSL_OLD RUST_LIBRESSL_OLD
#elif OPENSSL_VERSION_NUMBER >= 0x10101000 #elif OPENSSL_VERSION_NUMBER >= 0x10102000
RUST_OPENSSL_NEW RUST_OPENSSL_NEW
#elif OPENSSL_VERSION_NUMBER >= 0x10101000
RUST_OPENSSL_111
#elif OPENSSL_VERSION_NUMBER >= 0x10100060 #elif OPENSSL_VERSION_NUMBER >= 0x10100060
RUST_OPENSSL_110F RUST_OPENSSL_110F
#elif OPENSSL_VERSION_NUMBER >= 0x10100000 #elif OPENSSL_VERSION_NUMBER >= 0x10100000
@ -471,6 +473,11 @@ See rust-openssl README for more information:
println!("cargo:libressl_version=26x"); println!("cargo:libressl_version=26x");
println!("cargo:version=101"); println!("cargo:version=101");
Version::Libressl Version::Libressl
} else if expanded.contains("RUST_OPENSSL_111") {
println!("cargo:rustc-cfg=ossl111");
println!("cargo:rustc-cfg=ossl110");
println!("cargo:version=111");
Version::Openssl110
} else if expanded.contains("RUST_OPENSSL_110F") { } else if expanded.contains("RUST_OPENSSL_110F") {
println!("cargo:rustc-cfg=ossl110"); println!("cargo:rustc-cfg=ossl110");
println!("cargo:rustc-cfg=ossl110f"); println!("cargo:rustc-cfg=ossl110f");
@ -493,9 +500,9 @@ See rust-openssl README for more information:
panic!( panic!(
" "
This crate is only compatible with OpenSSL 1.0.1, 1.0.2, and 1.1.0, or LibreSSL This crate is only compatible with OpenSSL 1.0.1 through 1.1.1, or LibreSSL 2.5
2.5 and 2.6.0, but a different version of OpenSSL was found. The build is now and 2.6, but a different version of OpenSSL was found. The build is now aborting
aborting due to this version mismatch. due to this version mismatch.
" "
); );

18
openssl-sys/src/lib.rs
View File

@ -1255,9 +1255,9 @@ pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004; pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
#[cfg(not(libressl))] #[cfg(not(libressl))]
pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040; pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
#[cfg(not(any(libressl, ossl110f)))] #[cfg(not(any(libressl, ossl110f, ossl111)))]
pub const SSL_OP_ALL: c_ulong = 0x80000BFF; pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
#[cfg(ossl110f)] #[cfg(any(ossl110f, ossl111))]
pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
| SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
| SSL_OP_SAFARI_ECDHE_ECDSA_BUG; | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
@ -1276,16 +1276,22 @@ pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000;
#[cfg(not(libressl))] #[cfg(not(libressl))]
pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000;
pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000;
pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
#[cfg(ossl111)]
pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000;
#[cfg(not(any(ossl101, libressl)))] #[cfg(not(any(ossl101, libressl)))]
pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000;
#[cfg(not(any(ossl101, libressl)))] #[cfg(not(any(ossl101, libressl)))]
pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
#[cfg(not(any(ossl101, libressl)))] #[cfg(not(any(ossl101, libressl, ossl111)))]
pub const SSL_OP_NO_SSL_MASK: c_ulong = pub const SSL_OP_NO_SSL_MASK: c_ulong =
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
#[cfg(ossl111)]
pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
| SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
| SSL_OP_NO_TLSv1_3;
pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM; pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1; pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
@ -2498,9 +2504,9 @@ extern "C" {
); );
pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION; pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int; pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
#[cfg(not(any(ossl101, libressl, ossl110f)))] #[cfg(not(any(ossl101, libressl, ossl110f, ossl111)))]
pub fn SSL_is_server(s: *mut SSL) -> c_int; pub fn SSL_is_server(s: *mut SSL) -> c_int;
#[cfg(ossl110f)] #[cfg(any(ossl110f, ossl111))]
pub fn SSL_is_server(s: *const SSL) -> c_int; pub fn SSL_is_server(s: *const SSL) -> c_int;
pub fn SSL_SESSION_free(s: *mut SSL_SESSION); pub fn SSL_SESSION_free(s: *mut SSL_SESSION);

1
openssl/Cargo.toml
View File

@ -17,6 +17,7 @@ all-features = true
v101 = [] v101 = []
v102 = [] v102 = []
v110 = [] v110 = []
v111 = ["v110"]
[dependencies] [dependencies]
bitflags = "1.0" bitflags = "1.0"

4
openssl/build.rs
View File

@ -13,6 +13,10 @@ fn main() {
Ok(ref v) if v == "110" => { Ok(ref v) if v == "110" => {
println!("cargo:rustc-cfg=ossl110"); println!("cargo:rustc-cfg=ossl110");
} }
Ok(ref v) if v == "111" => {
println!("cargo:rustc-cfg=ossl110");
println!("cargo:rustc-cfg=ossl111");
}
_ => panic!("Unable to detect OpenSSL version"), _ => panic!("Unable to detect OpenSSL version"),
} }

6
openssl/src/dh.rs
View File

@ -83,7 +83,7 @@ impl Dh<Params> {
ffi::d2i_DHparams ffi::d2i_DHparams
} }
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> { pub fn get_1024_160() -> Result<Dh<Params>, ErrorStack> {
unsafe { unsafe {
@ -92,7 +92,7 @@ impl Dh<Params> {
} }
} }
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> { pub fn get_2048_224() -> Result<Dh<Params>, ErrorStack> {
unsafe { unsafe {
@ -101,7 +101,7 @@ impl Dh<Params> {
} }
} }
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> { pub fn get_2048_256() -> Result<Dh<Params>, ErrorStack> {
unsafe { unsafe {

364
openssl/src/pkcs5.rs
View File

@ -59,9 +59,9 @@ pub fn bytes_to_key(
))?; ))?;
let mut key = vec![0; len as usize]; let mut key = vec![0; len as usize];
let iv_ptr = iv.as_mut().map(|v| v.as_mut_ptr()).unwrap_or( let iv_ptr = iv.as_mut()
ptr::null_mut(), .map(|v| v.as_mut_ptr())
); .unwrap_or(ptr::null_mut());
cvt(ffi::EVP_BytesToKey( cvt(ffi::EVP_BytesToKey(
cipher, cipher,
@ -107,7 +107,7 @@ pub fn pbkdf2_hmac(
/// Derives a key from a password and salt using the scrypt algorithm. /// Derives a key from a password and salt using the scrypt algorithm.
/// ///
/// Requires the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))] #[cfg(all(feature = "v110", ossl110))]
pub fn scrypt( pub fn scrypt(
pass: &[u8], pass: &[u8],
@ -150,24 +150,9 @@ mod tests {
assert_eq!( assert_eq!(
buf, buf,
&[ &[
0x55_u8, 0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, 0xec_u8,
0xac_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8,
0x04_u8, ][..]
0x6e_u8,
0x56_u8,
0xe3_u8,
0x08_u8,
0x9f_u8,
0xec_u8,
0x16_u8,
0x91_u8,
0xc2_u8,
0x25_u8,
0x44_u8,
0xb6_u8,
0x05_u8,
]
[..]
); );
super::pbkdf2_hmac( super::pbkdf2_hmac(
@ -180,24 +165,9 @@ mod tests {
assert_eq!( assert_eq!(
buf, buf,
&[ &[
0x4d_u8, 0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, 0x83_u8,
0xdc_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8,
0xd8_u8, ][..]
0xf6_u8,
0x0b_u8,
0x98_u8,
0xbe_u8,
0x21_u8,
0x83_u8,
0x0c_u8,
0xee_u8,
0x5e_u8,
0xf2_u8,
0x27_u8,
0x01_u8,
0xf9_u8,
]
[..]
); );
} }
@ -211,72 +181,15 @@ mod tests {
assert_eq!( assert_eq!(
&buf[..], &buf[..],
&[ &[
0x73_u8, 0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, 0x94_u8,
0xde_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8,
0xcf_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xb3_u8, 0x90_u8, 0xed_u8,
0xa5_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8,
0x8a_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8,
0xa2_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8,
0xe8_u8, 0x5e_u8, 0x9f_u8, 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8,
0x4f_u8,
0x94_u8,
0x77_u8,
0x1a_u8,
0x75_u8,
0x73_u8,
0x6b_u8,
0xb8_u8,
0x8b_u8,
0xd3_u8,
0xc7_u8,
0xb3_u8,
0x82_u8,
0x70_u8,
0xcf_u8,
0xb5_u8,
0x0c_u8,
0xb3_u8,
0x90_u8,
0xed_u8,
0x78_u8,
0xb3_u8,
0x05_u8,
0x65_u8,
0x6a_u8,
0xf8_u8,
0x14_u8,
0x8e_u8,
0x52_u8,
0x45_u8,
0x2b_u8,
0x22_u8,
0x16_u8,
0xb2_u8,
0xb8_u8,
0x09_u8,
0x8b_u8,
0x76_u8,
0x1f_u8,
0xc6_u8,
0x33_u8,
0x60_u8,
0x60_u8,
0xa0_u8,
0x9f_u8,
0x76_u8,
0x41_u8,
0x5e_u8,
0x9f_u8,
0x71_u8,
0xea_u8,
0x47_u8,
0xf9_u8,
0xe9_u8,
0x06_u8, 0x06_u8,
0x43_u8, ][..]
0x06_u8,
]
[..]
); );
super::pbkdf2_hmac( super::pbkdf2_hmac(
@ -289,72 +202,15 @@ mod tests {
assert_eq!( assert_eq!(
&buf[..], &buf[..],
&[ &[
0x71_u8, 0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, 0x8b_u8,
0xa0_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8,
0xec_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, 0x0d_u8, 0x63_u8, 0xb8_u8,
0x84_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8,
0x2a_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8,
0xbd_u8, 0x79_u8, 0x09_u8, 0x96_u8, 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8,
0x5c_u8, 0x5a_u8, 0xb5_u8, 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8,
0x67_u8,
0x8b_u8,
0xcf_u8,
0xd1_u8,
0x45_u8,
0xf0_u8,
0x9d_u8,
0x83_u8,
0x52_u8,
0x2f_u8,
0x93_u8,
0x36_u8,
0x15_u8,
0x60_u8,
0x56_u8,
0x3c_u8,
0x4d_u8,
0x0d_u8,
0x63_u8,
0xb8_u8,
0x83_u8,
0x29_u8,
0x87_u8,
0x10_u8,
0x90_u8,
0xe7_u8,
0x66_u8,
0x04_u8,
0xa4_u8,
0x9a_u8,
0xf0_u8,
0x8f_u8,
0xe7_u8,
0xc9_u8,
0xf5_u8,
0x71_u8,
0x56_u8,
0xc8_u8,
0x79_u8,
0x09_u8,
0x96_u8,
0xb2_u8,
0x0f_u8,
0x06_u8,
0xbc_u8,
0x53_u8,
0x5e_u8,
0x5a_u8,
0xb5_u8,
0x44_u8,
0x0d_u8,
0xf7_u8,
0xe8_u8,
0x78_u8,
0x29_u8,
0x6f_u8,
0xa7_u8, 0xa7_u8,
] ][..]
[..]
); );
super::pbkdf2_hmac( super::pbkdf2_hmac(
@ -367,72 +223,15 @@ mod tests {
assert_eq!( assert_eq!(
&buf[..], &buf[..],
&[ &[
0x01_u8, 0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, 0x85_u8,
0x68_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, 0x3b_u8, 0x30_u8,
0x71_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, 0xc8_u8, 0xc9_u8, 0x37_u8,
0xa4_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8,
0xc4_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8,
0xb7_u8, 0x00_u8, 0x56_u8, 0xc6_u8, 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8,
0x5f_u8, 0x4b_u8, 0x1a_u8, 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8,
0x96_u8,
0x85_u8,
0x7f_u8,
0xd2_u8,
0xb9_u8,
0xf8_u8,
0xca_u8,
0x28_u8,
0x02_u8,
0x3b_u8,
0x30_u8,
0xee_u8,
0x2a_u8,
0x39_u8, 0x39_u8,
0xf5_u8, ][..]
0xad_u8,
0xca_u8,
0xc8_u8,
0xc9_u8,
0x37_u8,
0x5f_u8,
0x9b_u8,
0xda_u8,
0x1c_u8,
0xcd_u8,
0x1b_u8,
0x6f_u8,
0x0b_u8,
0x2f_u8,
0xc3_u8,
0xad_u8,
0xda_u8,
0x50_u8,
0x54_u8,
0x12_u8,
0xe7_u8,
0x9d_u8,
0x89_u8,
0x00_u8,
0x56_u8,
0xc6_u8,
0x2e_u8,
0x52_u8,
0x4c_u8,
0x7d_u8,
0x51_u8,
0x15_u8,
0x4b_u8,
0x1a_u8,
0x85_u8,
0x34_u8,
0x57_u8,
0x5b_u8,
0xd0_u8,
0x2d_u8,
0xee_u8,
0x39_u8,
]
[..]
); );
} }
@ -441,93 +240,19 @@ mod tests {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
let data = [ let data = [
143_u8, 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8,
210_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8,
75_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8,
63_u8,
214_u8,
179_u8,
155_u8,
241_u8,
242_u8,
31_u8,
154_u8,
56_u8,
198_u8,
145_u8,
192_u8,
64_u8,
2_u8,
245_u8,
167_u8,
220_u8,
55_u8,
119_u8,
233_u8,
136_u8,
139_u8,
27_u8,
71_u8,
242_u8,
119_u8,
175_u8,
65_u8,
207_u8,
]; ];
let expected_key = vec![ let expected_key = vec![
249_u8, 249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, 58_u8, 87_u8, 234_u8,
115_u8, 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, 98_u8, 245_u8, 246_u8, 238_u8, 177_u8,
114_u8, 229_u8, 161_u8, 183_u8, 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8,
97_u8,
32_u8,
213_u8,
165_u8,
146_u8,
58_u8,
87_u8,
234_u8,
3_u8,
43_u8,
250_u8,
97_u8,
114_u8,
26_u8,
98_u8,
245_u8,
246_u8,
238_u8,
177_u8,
229_u8,
161_u8,
183_u8,
224_u8,
174_u8,
3_u8,
6_u8,
244_u8,
236_u8,
255_u8,
]; ];
let expected_iv = vec![ let expected_iv = vec![
4_u8, 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8,
223_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8,
153_u8,
219_u8,
28_u8,
142_u8,
234_u8,
68_u8,
227_u8,
69_u8,
98_u8,
107_u8,
208_u8,
14_u8,
236_u8,
60_u8,
]; ];
assert_eq!( assert_eq!(
@ -552,8 +277,9 @@ mod tests {
let pass = "pleaseletmein"; let pass = "pleaseletmein";
let salt = "SodiumChloride"; let salt = "SodiumChloride";
let expected = "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\ let expected =
f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887"; "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613\
f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887";
let mut actual = [0; 64]; let mut actual = [0; 64];
super::scrypt( super::scrypt(

13
openssl/src/ssl/connector.rs
View File

@ -206,6 +206,12 @@ impl SslAcceptor {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> {
let mut ctx = ctx(method)?; let mut ctx = ctx(method)?;
#[cfg(ossl111)]
{
ctx.set_options(SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
let dh = Dh::params_from_pem(DHPARAM_PEM.as_bytes())?; let dh = Dh::params_from_pem(DHPARAM_PEM.as_bytes())?;
ctx.set_tmp_dh(&dh)?; ctx.set_tmp_dh(&dh)?;
setup_curves(&mut ctx)?; setup_curves(&mut ctx)?;
@ -232,6 +238,13 @@ impl SslAcceptor {
/// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS
pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> {
let mut ctx = ctx(method)?; let mut ctx = ctx(method)?;
ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1);
#[cfg(ossl111)]
{
ctx.set_options(SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
setup_curves(&mut ctx)?; setup_curves(&mut ctx)?;
ctx.set_cipher_list( ctx.set_cipher_list(
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\

59
openssl/src/ssl/mod.rs
View File

@ -177,14 +177,20 @@ bitflags! {
/// Disables the use of TLSv1.2. /// Disables the use of TLSv1.2.
const NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2; const NO_TLSV1_2 = ffi::SSL_OP_NO_TLSv1_2;
/// Disables the use of TLSv1.3.
///
/// Requires the `v111` feature and OpenSSL 1.1.1.
#[cfg(all(feature = "v111", ossl111))]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
/// Disables the use of DTLSv1.0 /// Disables the use of DTLSv1.0
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1; const NO_DTLSV1 = ffi::SSL_OP_NO_DTLSv1;
/// Disables the use of DTLSv1.2. /// Disables the use of DTLSv1.2.
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2; const NO_DTLSV1_2 = ffi::SSL_OP_NO_DTLSv1_2;
@ -192,7 +198,7 @@ bitflags! {
/// ///
/// This can be used as a mask when whitelisting protocol versions. /// This can be used as a mask when whitelisting protocol versions.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// # Examples /// # Examples
/// ///
@ -453,7 +459,7 @@ impl SslAlert {
/// An error returned from an ALPN selection callback. /// An error returned from an ALPN selection callback.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
#[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone)]
pub struct AlpnError(c_int); pub struct AlpnError(c_int);
@ -462,7 +468,7 @@ pub struct AlpnError(c_int);
impl AlpnError { impl AlpnError {
/// Terminate the handshake with a fatal alert. /// Terminate the handshake with a fatal alert.
/// ///
/// Requires the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))] #[cfg(all(feature = "v110", ossl110))]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL); pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
@ -610,7 +616,7 @@ impl SslContextBuilder {
/// Sets a custom certificate store for verifying peer certificates. /// Sets a custom certificate store for verifying peer certificates.
/// ///
/// Requires the `v102` feature and OpenSSL 1.0.2, or the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// This corresponds to [`SSL_CTX_set0_verify_cert_store`]. /// This corresponds to [`SSL_CTX_set0_verify_cert_store`].
/// ///
@ -619,8 +625,7 @@ impl SslContextBuilder {
pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
unsafe { unsafe {
let ptr = cert_store.as_ptr(); let ptr = cert_store.as_ptr();
cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int)?;
as c_int)?;
mem::forget(cert_store); mem::forget(cert_store);
Ok(()) Ok(())
@ -650,8 +655,8 @@ impl SslContextBuilder {
/// [`SSL_CTX_set_mode`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_mode.html /// [`SSL_CTX_set_mode`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_mode.html
pub fn set_mode(&mut self, mode: SslMode) -> SslMode { pub fn set_mode(&mut self, mode: SslMode) -> SslMode {
unsafe { unsafe {
let mode = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits()); let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits());
SslMode::from_bits(mode).unwrap() SslMode { bits }
} }
} }
@ -694,11 +699,7 @@ impl SslContextBuilder {
/// ///
/// This corresponds to `SSL_CTX_set_tmp_ecdh`. /// This corresponds to `SSL_CTX_set_tmp_ecdh`.
pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack> { pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack> {
unsafe { unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr())
as c_int)
.map(|_| ())
}
} }
/// Sets the callback which will generate parameters to be used during ephemeral elliptic curve /// Sets the callback which will generate parameters to be used during ephemeral elliptic curve
@ -942,8 +943,8 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn set_options(&mut self, option: SslOptions) -> SslOptions { pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) }; let bits = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
SslOptions::from_bits(ret).unwrap() SslOptions { bits }
} }
/// Returns the options used by the context. /// Returns the options used by the context.
@ -952,8 +953,8 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn options(&self) -> SslOptions { pub fn options(&self) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) }; let bits = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) };
SslOptions::from_bits(ret).unwrap() SslOptions { bits }
} }
/// Clears the options used by the context, returning the old set. /// Clears the options used by the context, returning the old set.
@ -962,8 +963,8 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
let ret = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) }; let bits = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) };
SslOptions::from_bits(ret).unwrap() SslOptions { bits }
} }
/// Sets the protocols to sent to the server for Application Layer Protocol Negotiation (ALPN). /// Sets the protocols to sent to the server for Application Layer Protocol Negotiation (ALPN).
@ -975,7 +976,7 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_set_alpn_protos`]. /// This corresponds to [`SSL_CTX_set_alpn_protos`].
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html /// [`SSL_CTX_set_alpn_protos`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
@ -1006,7 +1007,7 @@ impl SslContextBuilder {
/// ///
/// This corresponds to [`SSL_CTX_set_alpn_select_cb`]. /// This corresponds to [`SSL_CTX_set_alpn_select_cb`].
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
/// [`select_next_proto`]: fn.select_next_proto.html /// [`select_next_proto`]: fn.select_next_proto.html
@ -1086,9 +1087,7 @@ impl SslContextBuilder {
Box::into_raw(callback) as *mut c_void, Box::into_raw(callback) as *mut c_void,
); );
let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::<F>; let f: unsafe extern "C" fn(_, _) -> _ = raw_tlsext_status::<F>;
cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) cvt(ffi::SSL_CTX_set_tlsext_status_cb(self.as_ptr(), Some(f)) as c_int).map(|_| ())
as c_int)
.map(|_| ())
} }
} }
@ -1206,7 +1205,7 @@ impl SslContext {
impl SslContextRef { impl SslContextRef {
/// Returns the certificate associated with this `SslContext`, if present. /// Returns the certificate associated with this `SslContext`, if present.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// This corresponds to [`SSL_CTX_get0_certificate`]. /// This corresponds to [`SSL_CTX_get0_certificate`].
/// ///
@ -1225,7 +1224,7 @@ impl SslContextRef {
/// Returns the private key associated with this `SslContext`, if present. /// Returns the private key associated with this `SslContext`, if present.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// This corresponds to [`SSL_CTX_get0_privatekey`]. /// This corresponds to [`SSL_CTX_get0_privatekey`].
/// ///
@ -1782,7 +1781,7 @@ impl SslRef {
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
/// to interpret it. /// to interpret it.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or OpenSSL 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// This corresponds to [`SSL_get0_alpn_selected`]. /// This corresponds to [`SSL_get0_alpn_selected`].
/// ///
@ -1857,7 +1856,7 @@ impl SslRef {
/// Returns a mutable reference to the X509 verification configuration. /// Returns a mutable reference to the X509 verification configuration.
/// ///
/// Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0. /// Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
/// ///
/// This corresponds to [`SSL_get0_param`]. /// This corresponds to [`SSL_get0_param`].
/// ///

16
openssl/src/ssl/test.rs
View File

@ -895,7 +895,7 @@ fn connector_no_hostname_can_disable_verify() {
#[test] #[test]
fn connector_client_server_mozilla_intermediate() { fn connector_client_server_mozilla_intermediate() {
let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let listener = TcpListener::bind("127.0.0.1:1234").unwrap();
let port = listener.local_addr().unwrap().port(); let port = listener.local_addr().unwrap().port();
let t = thread::spawn(move || { let t = thread::spawn(move || {
@ -1038,6 +1038,13 @@ fn tmp_dh_callback() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
// TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :(
#[cfg(ossl111)]
{
ctx.set_options(super::SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
ctx.set_cipher_list("EDH").unwrap(); ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap(); ssl.connect(stream).unwrap();
@ -1106,6 +1113,13 @@ fn tmp_dh_callback_ssl() {
let stream = TcpStream::connect(("127.0.0.1", port)).unwrap(); let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
// TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :(
#[cfg(ossl111)]
{
ctx.set_options(super::SslOptions {
bits: ::ffi::SSL_OP_NO_TLSv1_3,
});
}
ctx.set_cipher_list("EDH").unwrap(); ctx.set_cipher_list("EDH").unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap();
ssl.connect(stream).unwrap(); ssl.connect(stream).unwrap();

191
openssl/src/symm.rs
View File

@ -141,13 +141,13 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_rc4()) } unsafe { Cipher(ffi::EVP_rc4()) }
} }
/// Requires the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(ossl110, feature = "v110"))] #[cfg(all(ossl110, feature = "v110"))]
pub fn chacha20() -> Cipher { pub fn chacha20() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20()) } unsafe { Cipher(ffi::EVP_chacha20()) }
} }
/// Requires the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(ossl110, feature = "v110"))] #[cfg(all(ossl110, feature = "v110"))]
pub fn chacha20_poly1305() -> Cipher { pub fn chacha20_poly1305() -> Cipher {
unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
@ -171,7 +171,11 @@ impl Cipher {
pub fn iv_len(&self) -> Option<usize> { pub fn iv_len(&self) -> Option<usize> {
unsafe { unsafe {
let len = EVP_CIPHER_iv_length(self.0) as usize; let len = EVP_CIPHER_iv_length(self.0) as usize;
if len == 0 { None } else { Some(len) } if len == 0 {
None
} else {
Some(len)
}
} }
} }
@ -594,7 +598,7 @@ pub fn decrypt_aead(
} }
#[cfg(ossl110)] #[cfg(ossl110)]
use ffi::{EVP_CIPHER_iv_length, EVP_CIPHER_block_size, EVP_CIPHER_key_length}; use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length};
#[cfg(ossl10x)] #[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
@ -627,74 +631,17 @@ mod tests {
#[test] #[test]
fn test_aes_256_ecb() { fn test_aes_256_ecb() {
let k0 = [ let k0 = [
0x00u8, 0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, 0x08u8, 0x09u8, 0x0au8,
0x01u8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8,
0x02u8, 0x16u8, 0x17u8, 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8,
0x03u8,
0x04u8,
0x05u8,
0x06u8,
0x07u8,
0x08u8,
0x09u8,
0x0au8,
0x0bu8,
0x0cu8,
0x0du8,
0x0eu8,
0x0fu8,
0x10u8,
0x11u8,
0x12u8,
0x13u8,
0x14u8,
0x15u8,
0x16u8,
0x17u8,
0x18u8,
0x19u8,
0x1au8,
0x1bu8,
0x1cu8,
0x1du8,
0x1eu8,
0x1fu8,
]; ];
let p0 = [ let p0 = [
0x00u8, 0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, 0x88u8, 0x99u8, 0xaau8,
0x11u8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8,
0x22u8,
0x33u8,
0x44u8,
0x55u8,
0x66u8,
0x77u8,
0x88u8,
0x99u8,
0xaau8,
0xbbu8,
0xccu8,
0xddu8,
0xeeu8,
0xffu8,
]; ];
let c0 = [ let c0 = [
0x8eu8, 0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, 0x49u8,
0xa2u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8,
0xb7u8,
0xcau8,
0x51u8,
0x67u8,
0x45u8,
0xbfu8,
0xeau8,
0xfcu8,
0x49u8,
0x90u8,
0x4bu8,
0x49u8,
0x60u8,
0x89u8,
]; ];
let mut c = super::Crypter::new( let mut c = super::Crypter::new(
super::Cipher::aes_256_ecb(), super::Cipher::aes_256_ecb(),
@ -726,74 +673,17 @@ mod tests {
#[test] #[test]
fn test_aes_256_cbc_decrypt() { fn test_aes_256_cbc_decrypt() {
let iv = [ let iv = [
4_u8, 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, 98_u8,
223_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8,
153_u8,
219_u8,
28_u8,
142_u8,
234_u8,
68_u8,
227_u8,
69_u8,
98_u8,
107_u8,
208_u8,
14_u8,
236_u8,
60_u8,
]; ];
let data = [ let data = [
143_u8, 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, 154_u8,
210_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8,
75_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8,
63_u8,
214_u8,
179_u8,
155_u8,
241_u8,
242_u8,
31_u8,
154_u8,
56_u8,
198_u8,
145_u8,
192_u8,
64_u8,
2_u8,
245_u8,
167_u8,
220_u8,
55_u8,
119_u8,
233_u8,
136_u8,
139_u8,
27_u8,
71_u8,
242_u8,
119_u8,
175_u8,
65_u8,
207_u8,
]; ];
let ciphered_data = [ let ciphered_data = [
0x4a_u8, 0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, 0xea_u8,
0x2e_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8,
0xe5_u8,
0x6_u8,
0xbf_u8,
0xcf_u8,
0xf2_u8,
0xd7_u8,
0xea_u8,
0x2d_u8,
0xb1_u8,
0x85_u8,
0x6c_u8,
0x93_u8,
0x65_u8,
0x6f_u8,
]; ];
let mut cr = super::Crypter::new( let mut cr = super::Crypter::new(
super::Cipher::aes_256_cbc(), super::Cipher::aes_256_cbc(),
@ -868,7 +758,6 @@ mod tests {
#[test] #[test]
fn test_rc4() { fn test_rc4() {
let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000";
let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4"; let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4";
let key = "97CD440324DA5FD1F7955C1C13B6B466"; let key = "97CD440324DA5FD1F7955C1C13B6B466";
@ -894,7 +783,6 @@ mod tests {
#[test] #[test]
fn test_aes128_ctr() { fn test_aes128_ctr() {
let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\
E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710";
let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\ let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\
@ -919,7 +807,6 @@ mod tests {
#[test] #[test]
fn test_aes128_cfb128() { fn test_aes128_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a"; let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "3b3fd92eb72dad20333449f8e83cfb4a"; let ct = "3b3fd92eb72dad20333449f8e83cfb4a";
let key = "2b7e151628aed2a6abf7158809cf4f3c"; let key = "2b7e151628aed2a6abf7158809cf4f3c";
@ -930,7 +817,6 @@ mod tests {
#[test] #[test]
fn test_aes128_cfb8() { fn test_aes128_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9"; let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9";
let key = "2b7e151628aed2a6abf7158809cf4f3c"; let key = "2b7e151628aed2a6abf7158809cf4f3c";
@ -941,7 +827,6 @@ mod tests {
#[test] #[test]
fn test_aes256_cfb1() { fn test_aes256_cfb1() {
let pt = "6bc1"; let pt = "6bc1";
let ct = "9029"; let ct = "9029";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -952,7 +837,6 @@ mod tests {
#[test] #[test]
fn test_aes256_cfb128() { fn test_aes256_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a"; let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "dc7e84bfda79164b7ecd8486985d3860"; let ct = "dc7e84bfda79164b7ecd8486985d3860";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -963,7 +847,6 @@ mod tests {
#[test] #[test]
fn test_aes256_cfb8() { fn test_aes256_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "dc1f1a8520a64db55fcc8ac554844e889700"; let ct = "dc1f1a8520a64db55fcc8ac554844e889700";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
@ -986,7 +869,6 @@ mod tests {
#[test] #[test]
fn test_bf_ecb() { fn test_bf_ecb() {
let pt = "5CD54CA83DEF57DA"; let pt = "5CD54CA83DEF57DA";
let ct = "B1B8CC0B250F09A0"; let ct = "B1B8CC0B250F09A0";
let key = "0131D9619DC1376E"; let key = "0131D9619DC1376E";
@ -997,7 +879,6 @@ mod tests {
#[test] #[test]
fn test_bf_cfb64() { fn test_bf_cfb64() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3"; let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3";
let key = "0123456789ABCDEFF0E1D2C3B4A59687"; let key = "0123456789ABCDEFF0E1D2C3B4A59687";
@ -1008,7 +889,6 @@ mod tests {
#[test] #[test]
fn test_bf_ofb() { fn test_bf_ofb() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000"; let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"; let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA";
let key = "0123456789ABCDEFF0E1D2C3B4A59687"; let key = "0123456789ABCDEFF0E1D2C3B4A59687";
@ -1019,7 +899,6 @@ mod tests {
#[test] #[test]
fn test_des_cbc() { fn test_des_cbc() {
let pt = "54686973206973206120746573742e"; let pt = "54686973206973206120746573742e";
let ct = "6f2867cfefda048a4046ef7e556c7132"; let ct = "6f2867cfefda048a4046ef7e556c7132";
let key = "7cb66337f3d3c0fe"; let key = "7cb66337f3d3c0fe";
@ -1030,7 +909,6 @@ mod tests {
#[test] #[test]
fn test_des_ecb() { fn test_des_ecb() {
let pt = "54686973206973206120746573742e"; let pt = "54686973206973206120746573742e";
let ct = "0050ab8aecec758843fe157b4dde938c"; let ct = "0050ab8aecec758843fe157b4dde938c";
let key = "7cb66337f3d3c0fe"; let key = "7cb66337f3d3c0fe";
@ -1041,7 +919,6 @@ mod tests {
#[test] #[test]
fn test_des_ede3() { fn test_des_ede3() {
let pt = "9994f4c69d40ae4f34ff403b5cf39d4c8207ea5d3e19a5fd"; let pt = "9994f4c69d40ae4f34ff403b5cf39d4c8207ea5d3e19a5fd";
let ct = "9e5c4297d60582f81071ac8ab7d0698d4c79de8b94c519858207ea5d3e19a5fd"; let ct = "9e5c4297d60582f81071ac8ab7d0698d4c79de8b94c519858207ea5d3e19a5fd";
let key = "010203040506070801020304050607080102030405060708"; let key = "010203040506070801020304050607080102030405060708";
@ -1095,10 +972,12 @@ mod tests {
fn test_chacha20() { fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000"; let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000"; let iv = "00000000000000000000000000000000";
let pt = "000000000000000000000000000000000000000000000000000000000000000000000000000000000\ let pt =
00000000000000000000000000000000000000000000000"; "000000000000000000000000000000000000000000000000000000000000000000000000000000000\
let ct = "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\ 00000000000000000000000000000000000000000000000";
724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"; let ct =
"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\
724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586";
cipher_test(Cipher::chacha20(), pt, ct, key, iv); cipher_test(Cipher::chacha20(), pt, ct, key, iv);
} }
@ -1109,12 +988,14 @@ mod tests {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"; let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647"; let iv = "070000004041424344454647";
let aad = "50515253c0c1c2c3c4c5c6c7"; let aad = "50515253c0c1c2c3c4c5c6c7";
let pt = "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\ let pt =
a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\ "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\
6865206675747572652c2073756e73637265656e20776f756c642062652069742e"; a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\
let ct = "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\ 6865206675747572652c2073756e73637265656e20776f756c642062652069742e";
2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\ let ct =
b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116"; "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\
2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\
b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116";
let tag = "1ae10b594f09e26a7e902ecbd0600691"; let tag = "1ae10b594f09e26a7e902ecbd0600691";
let mut actual_tag = [0; 16]; let mut actual_tag = [0; 16];

2
openssl/src/verify.rs
View File

@ -15,7 +15,7 @@ bitflags! {
const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; const MULTI_LABEL_WILDCARDS = ffi::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
const SINGLE_LABEL_SUBDOMAINS const SINGLE_LABEL_SUBDOMAINS
= ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; = ffi::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
/// Requires the `v110` feature and OpenSSL 1.1.0. /// Requires OpenSSL 1.1.0 or 1.1.1 and the corresponding Cargo feature.
#[cfg(all(feature = "v110", ossl110))] #[cfg(all(feature = "v110", ossl110))]
const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; const NEVER_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
} }

2
openssl/src/x509/verify.rs
View File

@ -1,5 +1,5 @@
//! X509 certificate verification //! X509 certificate verification
//! //!
//! Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0. //! Requires OpenSSL 1.0.2, 1.1.0, or 1.1.1 and the corresponding Cargo feature.
pub use verify::*; pub use verify::*;

30
systest/build.rs
View File

@ -29,12 +29,10 @@ fn main() {
} else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") { } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
cfg.cfg(&format!("ossl{}", version), None); cfg.cfg(&format!("ossl{}", version), None);
} }
if let (Ok(version), Ok(patch)) = if let (Ok(version), Ok(patch)) = (
( env::var("DEP_OPENSSL_VERSION"),
env::var("DEP_OPENSSL_VERSION"), env::var("DEP_OPENSSL_PATCH"),
env::var("DEP_OPENSSL_PATCH"), ) {
)
{
cfg.cfg(&format!("ossl{}{}", version, patch), None); cfg.cfg(&format!("ossl{}{}", version, patch), None);
} }
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
@ -74,10 +72,12 @@ fn main() {
} else if s == "_STACK" { } else if s == "_STACK" {
format!("struct stack_st") format!("struct stack_st")
// This logic should really be cleaned up // This logic should really be cleaned up
} else if is_struct && s != "point_conversion_form_t" && } else if is_struct && s != "point_conversion_form_t"
s.chars().next().unwrap().is_lowercase() && s.chars().next().unwrap().is_lowercase()
{ {
format!("struct {}", s) format!("struct {}", s)
} else if s.starts_with("stack_st_") {
format!("struct {}", s)
} else { } else {
format!("{}", s) format!("{}", s)
} }
@ -104,13 +104,15 @@ fn main() {
(s == "GENERAL_NAME" && field == "d") // union (s == "GENERAL_NAME" && field == "d") // union
}); });
cfg.skip_signededness(|s| { cfg.skip_signededness(|s| {
s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn") || s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn")
s.starts_with("CRYPTO_") || s == "PasswordCallback" || s.starts_with("CRYPTO_") || s == "PasswordCallback"
}); });
cfg.field_name(|_s, field| if field == "type_" { cfg.field_name(|_s, field| {
format!("type") if field == "type_" {
} else { format!("type")
format!("{}", field) } else {
format!("{}", field)
}
}); });
cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string()); cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string());
cfg.generate("../openssl-sys/src/lib.rs", "all.rs"); cfg.generate("../openssl-sys/src/lib.rs", "all.rs");