From 3a4f96a73dd422301ee49902bfeeb61572be9bc8 Mon Sep 17 00:00:00 2001 From: Josh Robson Chase Date: Fri, 7 Jun 2019 10:26:17 -0400 Subject: [PATCH 1/7] Add basic bindings to the API CRLs --- openssl-sys/src/ossl_typ.rs | 2 -- openssl-sys/src/pem.rs | 7 ++++ openssl-sys/src/x509.rs | 71 +++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 449ecd91..b67b029e 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -341,8 +341,6 @@ cfg_if! { } } } -pub enum X509_CRL {} -stack!(stack_st_X509_CRL); pub enum X509_NAME {} diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 7e7c6f11..3cdc8982 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -19,6 +19,13 @@ extern "C" { user_data: *mut c_void, ) -> *mut X509; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; + pub fn PEM_read_bio_X509_CRL( + bio: *mut BIO, + out: *mut *mut X509_CRL, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut X509_CRL; + pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: *mut X509_CRL) -> c_int; pub fn PEM_read_bio_X509_REQ( bio: *mut BIO, out: *mut *mut X509_REQ, diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index fc6e4269..3752af18 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -37,6 +37,54 @@ cfg_if! { } } +pub enum X509_REVOKED {} +stack!(stack_st_X509_REVOKED); + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL {} + } else { + #[repr(C)] + pub struct X509_CRL { + pub crl: *mut X509_CRL_INFO, + sig_alg: *mut X509_ALGOR, + signature: *mut c_void, + references: c_int, + flags: c_int, + akid: *mut c_void, + idp: *mut c_void, + idp_flags: c_int, + idp_reasons: c_int, + crl_number: *mut ASN1_INTEGER, + base_crl_number: *mut ASN1_INTEGER, + sha1_hash: [c_uchar; 20], + issuers: *mut c_void, + meth: *const c_void, + meth_data: *mut c_void, + } + } +} + +stack!(stack_st_X509_CRL); + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL_INFO {} + } else { + #[repr(C)] + pub struct X509_CRL_INFO { + version: *mut ASN1_INTEGER, + sig_alg: *mut X509_ALGOR, + pub issuer: *mut X509_NAME, + pub lastUpdate: *mut ASN1_TIME, + pub nextUpdate: *mut ASN1_TIME, + revoked: *mut stack_st_X509_REVOKED, + extensions: *mut stack_st_X509_EXTENSION, + enc: ASN1_ENCODING, + } + } +} + cfg_if! { if #[cfg(ossl110)] { pub enum X509_REQ {} @@ -177,6 +225,15 @@ extern "C" { pub fn X509_ALGOR_free(x: *mut X509_ALGOR); + pub fn X509_CRL_new() -> *mut X509_CRL; + pub fn X509_CRL_free(x: *mut X509_CRL); + pub fn d2i_X509_CRL( + a: *mut *mut X509_CRL, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_CRL; + pub fn i2d_X509_CRL(x: *mut X509_CRL, buf: *mut *mut u8) -> c_int; + pub fn X509_REQ_new() -> *mut X509_REQ; pub fn X509_REQ_free(x: *mut X509_REQ); pub fn d2i_X509_REQ( @@ -290,6 +347,20 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; + pub fn X509_CRL_verify(req: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_CRL_get0_by_serial( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + serial: *mut ASN1_INTEGER, + ) -> c_int; + + #[cfg(ossl110)] + pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(ossl110)] + pub fn X509_CRL_get0_lastUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(ossl110)] + pub fn X509_CRL_get_issuer(x: *const X509_CRL) -> *mut X509_NAME; + #[cfg(ossl110)] pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; } From 6eabcf2ca0f06e3d4c2bf1a7d40f77fc51db6740 Mon Sep 17 00:00:00 2001 From: Josh Robson Chase Date: Mon, 10 Jun 2019 10:14:14 -0400 Subject: [PATCH 2/7] Expose the X509Revoked type directly --- openssl-sys/src/x509.rs | 45 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 3752af18..d9756fed 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -37,9 +37,6 @@ cfg_if! { } } -pub enum X509_REVOKED {} -stack!(stack_st_X509_REVOKED); - cfg_if! { if #[cfg(ossl110)] { pub enum X509_CRL {} @@ -78,13 +75,31 @@ cfg_if! { pub issuer: *mut X509_NAME, pub lastUpdate: *mut ASN1_TIME, pub nextUpdate: *mut ASN1_TIME, - revoked: *mut stack_st_X509_REVOKED, + pub revoked: *mut stack_st_X509_REVOKED, extensions: *mut stack_st_X509_EXTENSION, enc: ASN1_ENCODING, } } } +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_REVOKED {} + } else { + #[repr(C)] + pub struct X509_REVOKED { + pub serialNumber: *mut ASN1_INTEGER, + pub revocationDate: *mut ASN1_TIME, + extensions: *mut stack_st_X509_EXTENSION, + issuer: *mut stack_st_GENERAL_NAME, + reason: c_int, + sequence: c_int, + } + } +} + +stack!(stack_st_X509_REVOKED); + cfg_if! { if #[cfg(ossl110)] { pub enum X509_REQ {} @@ -225,6 +240,14 @@ extern "C" { pub fn X509_ALGOR_free(x: *mut X509_ALGOR); + pub fn X509_REVOKED_new() -> *mut X509_REVOKED; + pub fn X509_REVOKED_free(x: *mut X509_REVOKED); + pub fn d2i_X509_REVOKED( + a: *mut *mut X509_REVOKED, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_REVOKED; + pub fn i2d_X509_REVOKED(x: *mut X509_REVOKED, buf: *mut *mut u8) -> c_int; pub fn X509_CRL_new() -> *mut X509_CRL; pub fn X509_CRL_free(x: *mut X509_CRL); pub fn d2i_X509_CRL( @@ -347,13 +370,25 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; - pub fn X509_CRL_verify(req: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + #[cfg(ossl110)] + pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; + #[cfg(ossl110)] + pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + + pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_CRL_get0_by_cert( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + cert: *mut X509, + ) -> c_int; pub fn X509_CRL_get0_by_serial( x: *mut X509_CRL, ret: *mut *mut X509_REVOKED, serial: *mut ASN1_INTEGER, ) -> c_int; + #[cfg(ossl110)] + pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; #[cfg(ossl110)] pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; #[cfg(ossl110)] From 0d0e3be39f5ecf6e42afae1af5b59f76fcdd7c10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sat, 26 Sep 2020 15:15:48 +0200 Subject: [PATCH 3/7] Add more bindings for X509_CRL --- openssl-sys/src/x509.rs | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index d9756fed..765ccdfd 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -375,6 +375,13 @@ extern "C" { #[cfg(ossl110)] pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; + pub fn X509_CRL_digest( + x: *const X509_CRL, + digest: *const EVP_MD, + md: *mut c_uchar, + len: *mut c_uint, + ) -> c_int; pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_CRL_get0_by_cert( x: *mut X509_CRL, @@ -398,6 +405,27 @@ extern "C" { #[cfg(ossl110)] pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; + + pub fn X509_CRL_set_version(crl: *mut X509_CRL, version: c_long) -> c_int; + pub fn X509_CRL_set_issuer_name(crl: *mut X509_CRL, name: *mut X509_NAME) -> c_int; + pub fn X509_CRL_sort(crl: *mut X509_CRL) -> c_int; + + #[cfg(any(ossl110, libressl270))] + pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; +} +cfg_if! { + if #[cfg(any(ossl110, libressl270))] { + extern "C" { + pub fn X509_CRL_set1_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set1_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + } + } else { + // libressl270 kept them, ossl110 "#define"s them to the variants above + extern "C" { + pub fn X509_CRL_set_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + } + } } cfg_if! { From 0b296921ff23199694c87634a59eba6916b3d3a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sat, 26 Sep 2020 14:46:00 +0200 Subject: [PATCH 4/7] Add a few bindings for X509_REVOKED --- openssl-sys/src/x509.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 765ccdfd..962b7f40 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -370,10 +370,12 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl270))] pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl270))] pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION; pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_CRL_digest( @@ -412,6 +414,7 @@ extern "C" { #[cfg(any(ossl110, libressl270))] pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; + pub fn X509_CRL_add0_revoked(crl: *mut X509_CRL, rev: *mut X509_REVOKED) -> c_int; } cfg_if! { if #[cfg(any(ossl110, libressl270))] { From 4f3a71ba04bfc41d5854985ec642730a0a3bbc76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:07:40 +0200 Subject: [PATCH 5/7] Add bindings to access x509 extensions in various types --- openssl-sys/src/x509.rs | 115 ++++++++++++++++++++++++++++++++++++++ openssl-sys/src/x509v3.rs | 51 +++++++++++++++++ 2 files changed, 166 insertions(+) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 962b7f40..929fecf5 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -497,27 +497,142 @@ extern "C" { loc: c_int, set: c_int, ) -> c_int; +} +// "raw" X509_EXTENSION related functions +extern "C" { + // in X509 + pub fn X509_delete_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; + pub fn X509_add1_ext_i2d( + x: *mut X509, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_CRL + pub fn X509_CRL_delete_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_add_ext(x: *mut X509_CRL, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; + pub fn X509_CRL_add1_ext_i2d( + x: *mut X509_CRL, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_REVOKED + pub fn X509_REVOKED_delete_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_add_ext( + x: *mut X509_REVOKED, + ext: *mut X509_EXTENSION, + loc: c_int, + ) -> c_int; + pub fn X509_REVOKED_add1_ext_i2d( + x: *mut X509_REVOKED, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_NID( + ex: *mut *mut X509_EXTENSION, + nid: c_int, + crit: c_int, + data: *mut ASN1_OCTET_STRING, + ) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; + pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; + pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; + pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_STRING; } cfg_if! { if #[cfg(any(ossl110, libressl280))] { extern "C" { + // in X509 + pub fn X509_get_ext_count(x: *const X509) -> c_int; + pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: *const X509, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: *const X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: *const X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_get_ext_d2i( x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: *const X509_CRL, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: *const ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: *const X509_REVOKED, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: *const X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: *const ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: *const X509_EXTENSION) -> c_int; } } else { extern "C" { + // in X509 + pub fn X509_get_ext_count(x: *mut X509) -> c_int; + pub fn X509_get_ext_by_NID(x: *mut X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: *mut X509, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: *mut X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_get_ext_d2i( x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: *mut X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: *mut X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: *mut X509_CRL, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: *mut X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: *mut ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: *mut X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: *mut X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: *mut X509_REVOKED, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: *mut X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: *mut ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; } } } diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index dc936c4c..8300763e 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -91,3 +91,54 @@ extern "C" { pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; } + +cfg_if! { + if #[cfg(any(ossl110, libressl280))] { + extern "C" { + pub fn X509V3_get_d2i( + x: *const stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: *const c_char, exts: *const stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + } + } else { + extern "C" { + pub fn X509V3_get_d2i( + x: *mut stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: *mut c_char, exts: *mut stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + } + } +} + +// X509V3_add1_i2d (and *_add1_ext_i2d) +pub const X509V3_ADD_DEFAULT: c_ulong = 0; +pub const X509V3_ADD_APPEND: c_ulong = 1; +pub const X509V3_ADD_REPLACE: c_ulong = 2; +pub const X509V3_ADD_REPLACE_EXISTING: c_ulong = 3; +pub const X509V3_ADD_KEEP_EXISTING: c_ulong = 4; +pub const X509V3_ADD_DELETE: c_ulong = 5; +pub const X509V3_ADD_SILENT: c_ulong = 0x10; + +extern "C" { + pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; + pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; + pub fn X509V3_add1_i2d( + x: *mut *mut stack_st_X509_EXTENSION, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + pub fn X509V3_EXT_print( + out: *mut BIO, + ext: *mut X509_EXTENSION, + flag: c_ulong, + indent: c_int, + ) -> c_int; +} From 85d78b29af9cf4ea38d0e61b93f1ef3d83f05f7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:12:43 +0200 Subject: [PATCH 6/7] Add bindings and consts for x509 extensions flags and (extended) key usage --- openssl-sys/src/x509v3.rs | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 8300763e..7b78cce1 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -125,6 +125,59 @@ pub const X509V3_ADD_KEEP_EXISTING: c_ulong = 4; pub const X509V3_ADD_DELETE: c_ulong = 5; pub const X509V3_ADD_SILENT: c_ulong = 0x10; +// X509_get_extension_flags +pub const EXFLAG_BCONS: u32 = 0x1; +pub const EXFLAG_KUSAGE: u32 = 0x2; +pub const EXFLAG_XKUSAGE: u32 = 0x4; +pub const EXFLAG_NSCERT: u32 = 0x8; +pub const EXFLAG_CA: u32 = 0x10; +pub const EXFLAG_SI: u32 = 0x20; +pub const EXFLAG_V1: u32 = 0x40; +pub const EXFLAG_INVALID: u32 = 0x80; +pub const EXFLAG_SET: u32 = 0x100; +pub const EXFLAG_CRITICAL: u32 = 0x200; +pub const EXFLAG_PROXY: u32 = 0x400; +pub const EXFLAG_INVALID_POLICY: u32 = 0x800; +pub const EXFLAG_FRESHEST: u32 = 0x1000; +// before ossl102 / libressl260 EXFLAG_SS was 0x20 (the same as EXFLAG_SI); probably not useful semantic +#[cfg(any(ossl102, libressl261))] +pub const EXFLAG_SS: u32 = 0x2000; +/* +cfg_if! { + // probably gonna be in openssl-3.0.0-alpha7 + if #[cfg(any(ossl300))] { + pub const EXFLAG_BCONS_CRITICAL: u32 = 0x10000; + pub const EXFLAG_AKID_CRITICAL: u32 = 0x20000; + pub const EXFLAG_SKID_CRITICAL: u32 = 0x40000; + pub const EXFLAG_SAN_CRITICAL: u32 = 0x80000; + } +} +*/ + +// X509_get_key_usage +pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; +pub const X509v3_KU_NON_REPUDIATION: u32 = 0x0040; +pub const X509v3_KU_KEY_ENCIPHERMENT: u32 = 0x0020; +pub const X509v3_KU_DATA_ENCIPHERMENT: u32 = 0x0010; +pub const X509v3_KU_KEY_AGREEMENT: u32 = 0x0008; +pub const X509v3_KU_KEY_CERT_SIGN: u32 = 0x0004; +pub const X509v3_KU_CRL_SIGN: u32 = 0x0002; +pub const X509v3_KU_ENCIPHER_ONLY: u32 = 0x0001; +pub const X509v3_KU_DECIPHER_ONLY: u32 = 0x8000; +pub const X509v3_KU_UNDEF: u32 = 0xffff; + +// X509_get_extended_key_usage +pub const XKU_SSL_SERVER: u32 = 0x1; +pub const XKU_SSL_CLIENT: u32 = 0x2; +pub const XKU_SMIME: u32 = 0x4; +pub const XKU_CODE_SIGN: u32 = 0x8; +pub const XKU_SGC: u32 = 0x10; +pub const XKU_OCSP_SIGN: u32 = 0x20; +pub const XKU_TIMESTAMP: u32 = 0x40; +pub const XKU_DVCS: u32 = 0x80; +#[cfg(ossl110)] +pub const XKU_ANYEKU: u32 = 0x100; + extern "C" { pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; @@ -141,4 +194,11 @@ extern "C" { flag: c_ulong, indent: c_int, ) -> c_int; + + #[cfg(ossl110)] + pub fn X509_get_extension_flags(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_key_usage(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_extended_key_usage(x: *mut X509) -> u32; } From 919874a2a5d71bc1e53c8915c9030a0ff9320fd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:08:32 +0200 Subject: [PATCH 7/7] Add AUTHORITY_KEYID struct --- openssl-sys/src/x509v3.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 7b78cce1..09329a89 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -27,6 +27,17 @@ extern "C" { pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME); } +#[repr(C)] +pub struct AUTHORITY_KEYID { + pub keyid: *mut ASN1_STRING, + pub issuer: *mut stack_st_GENERAL_NAME, + pub serial: *mut ASN1_INTEGER, +} + +extern "C" { + pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID); +} + #[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; #[cfg(any(ossl102, libressl261))]