diff --git a/README.md b/README.md index a6a5e8b6..aeb1d42c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) -[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.6.6/openssl). +[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.6.7/openssl). ## Building diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index b13fc80a..045e15eb 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "openssl-sys" -version = "0.6.6" +version = "0.6.7" authors = ["Alex Crichton ", "Steven Fackler "] license = "MIT" description = "FFI bindings to OpenSSL" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.6/openssl_sys" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.7/openssl_sys" links = "openssl" build = "build.rs" diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index 5f934888..aa47f2de 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -62,6 +62,7 @@ fn main() { let mut include_dirs = vec![]; if let Some(include_dir) = include_dir { + println!("cargo:include={}", include_dir); include_dirs.push(PathBuf::from(&include_dir)); } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 3bc9e59a..bc177959 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.7")] extern crate libc; @@ -417,6 +417,9 @@ extern "C" { #[cfg(feature = "aes_ctr")] pub fn EVP_aes_128_ctr() -> *const EVP_CIPHER; // fn EVP_aes_128_gcm() -> EVP_CIPHER; + pub fn EVP_aes_128_cfb1() -> *const EVP_CIPHER; + pub fn EVP_aes_128_cfb128() -> *const EVP_CIPHER; + pub fn EVP_aes_128_cfb8() -> *const EVP_CIPHER; pub fn EVP_aes_256_cbc() -> *const EVP_CIPHER; pub fn EVP_aes_256_ecb() -> *const EVP_CIPHER; #[cfg(feature = "aes_xts")] @@ -424,6 +427,9 @@ extern "C" { #[cfg(feature = "aes_ctr")] pub fn EVP_aes_256_ctr() -> *const EVP_CIPHER; // fn EVP_aes_256_gcm() -> EVP_CIPHER; + pub fn EVP_aes_256_cfb1() -> *const EVP_CIPHER; + pub fn EVP_aes_256_cfb128() -> *const EVP_CIPHER; + pub fn EVP_aes_256_cfb8() -> *const EVP_CIPHER; pub fn EVP_rc4() -> *const EVP_CIPHER; pub fn EVP_BytesToKey(typ: *const EVP_CIPHER, md: *const EVP_MD, @@ -487,6 +493,8 @@ extern "C" { user_data: *mut c_void) -> *mut X509_REQ; pub fn PEM_read_bio_PrivateKey(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: Option, user_data: *mut c_void) -> *mut X509; + pub fn PEM_read_bio_PUBKEY(bio: *mut BIO, out: *mut *mut EVP_PKEY, callback: Option, + user_data: *mut c_void) -> *mut X509; pub fn PEM_write_bio_PrivateKey(bio: *mut BIO, pkey: *mut EVP_PKEY, cipher: *const EVP_CIPHER, kstr: *mut c_char, klen: c_int, @@ -573,6 +581,7 @@ extern "C" { pub fn SSL_CTX_get_ex_data(ctx: *mut SSL_CTX, idx: c_int) -> *mut c_void; pub fn SSL_CTX_use_certificate_file(ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int) -> c_int; + pub fn SSL_CTX_use_certificate_chain_file(ctx: *mut SSL_CTX, cert_chain_file: *const c_char, file_type: c_int) -> c_int; pub fn SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int; pub fn SSL_CTX_use_PrivateKey_file(ctx: *mut SSL_CTX, key_file: *const c_char, file_type: c_int) -> c_int; diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c index f0f55b27..8ebe23ac 100644 --- a/openssl-sys/src/openssl_shim.c +++ b/openssl-sys/src/openssl_shim.c @@ -29,7 +29,7 @@ void rust_openssl_set_id_callback() { #endif -#if OPENSSL_VERSION_NUMBER < 0x1000000L +#if OPENSSL_VERSION_NUMBER < 0x10000000L // Copied from openssl crypto/hmac/hmac.c int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) { @@ -111,7 +111,7 @@ long SSL_CTX_set_tmp_dh_shim(SSL_CTX *ctx, DH *dh) { return SSL_CTX_set_tmp_dh(ctx, dh); } -#if OPENSSL_VERSION_NUMBER >= 0x1000200L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) { return SSL_CTX_set_ecdh_auto(ctx, onoff); } diff --git a/openssl-sys/src/probe.rs b/openssl-sys/src/probe.rs index 6a67e478..e3711b54 100644 --- a/openssl-sys/src/probe.rs +++ b/openssl-sys/src/probe.rs @@ -57,10 +57,14 @@ pub fn probe() -> ProbeResult { for certs_dir in find_certs_dirs().iter() { // cert.pem looks to be an openssl 1.0.1 thing, while // certs/ca-certificates.crt appears to be a 0.9.8 thing - try(&mut result.cert_file, certs_dir.join("cert.pem")); - try(&mut result.cert_file, certs_dir.join("certs/ca-certificates.crt")); - try(&mut result.cert_file, certs_dir.join("certs/ca-root-nss.crt")); - + for cert in [ + "cert.pem", + "certs.pem", + "certs/ca-certificates.crt", + "certs/ca-root-nss.crt" + ].iter() { + try(&mut result.cert_file, certs_dir.join(cert)); + } try(&mut result.cert_dir, certs_dir.join("certs")); } result diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index ac0a5cc7..6607ef94 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl" -version = "0.6.6" +version = "0.6.7" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.6/openssl" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.6.7/openssl" readme = "../README.md" keywords = ["crypto", "tls", "ssl", "dtls"] @@ -24,7 +24,7 @@ ecdh_auto = ["openssl-sys/ecdh_auto"] [dependencies.openssl-sys] path = "../openssl-sys" -version = "0.6.6" +version = "0.6.7" [dependencies] bitflags = ">= 0.2, < 0.4" diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 5a528b1b..695bd8a6 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -96,6 +96,22 @@ impl PKey { } } + /// Reads public key from PEM, takes ownership of handle + pub fn public_key_from_pem(reader: &mut R) -> Result where R: Read { + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.get_handle(), + ptr::null_mut(), + None, ptr::null_mut())); + Ok(PKey { + evp: evp, + parts: Parts::Public, + }) + } + } + fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); @@ -466,6 +482,16 @@ mod tests { super::PKey::private_key_from_pem(&mut file).unwrap(); } + #[test] + fn test_public_key_from_pem() { + let key_path = Path::new("test/key.pem.pub"); + let mut file = File::open(&key_path) + .ok() + .expect("Failed to open `test/key.pem.pub`"); + + super::PKey::public_key_from_pem(&mut file).unwrap(); + } + #[test] fn test_encrypt() { let mut k0 = super::PKey::new(); diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index 226b2cbf..db8aa54e 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -22,6 +22,9 @@ pub enum Type { #[cfg(feature = "aes_ctr")] AES_128_CTR, //AES_128_GCM, + AES_128_CFB1, + AES_128_CFB128, + AES_128_CFB8, AES_256_ECB, AES_256_CBC, @@ -31,6 +34,9 @@ pub enum Type { #[cfg(feature = "aes_ctr")] AES_256_CTR, //AES_256_GCM, + AES_256_CFB1, + AES_256_CFB128, + AES_256_CFB8, RC4_128, } @@ -292,4 +298,71 @@ mod tests { cipher_test(super::AES_128_GCM, pt, ct, key, iv); }*/ + + #[test] + fn test_aes128_cfb1() { + // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + let pt = "6bc1"; + let ct = "68b3"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB1, pt, ct, key, iv); + } + + #[test] + fn test_aes128_cfb128() { + + let pt = "6bc1bee22e409f96e93d7e117393172a"; + let ct = "3b3fd92eb72dad20333449f8e83cfb4a"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB128, pt, ct, key, iv); + } + + #[test] + fn test_aes128_cfb8() { + + let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; + let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB8, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb1() { + + let pt = "6bc1"; + let ct = "9029"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB1, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb128() { + + let pt = "6bc1bee22e409f96e93d7e117393172a"; + let ct = "dc7e84bfda79164b7ecd8486985d3860"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB128, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb8() { + + let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; + let ct = "dc1f1a8520a64db55fcc8ac554844e889700"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB8, pt, ct, key, iv); + } } diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index c42efb79..fcb3ee71 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -11,6 +11,9 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { #[cfg(feature = "aes_ctr")] symm::Type::AES_128_CTR => (ffi::EVP_aes_128_ctr(), 16, 0), //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), + symm::Type::AES_128_CFB1 => (ffi::EVP_aes_128_cfb1(), 16, 16), + symm::Type::AES_128_CFB128 => (ffi::EVP_aes_128_cfb128(), 16, 16), + symm::Type::AES_128_CFB8 => (ffi::EVP_aes_128_cfb8(), 16, 16), symm::Type::AES_256_ECB => (ffi::EVP_aes_256_ecb(), 32, 16), symm::Type::AES_256_CBC => (ffi::EVP_aes_256_cbc(), 32, 16), @@ -19,8 +22,11 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { #[cfg(feature = "aes_ctr")] symm::Type::AES_256_CTR => (ffi::EVP_aes_256_ctr(), 32, 0), //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), + symm::Type::AES_256_CFB1 => (ffi::EVP_aes_256_cfb1(), 32, 16), + symm::Type::AES_256_CFB128 => (ffi::EVP_aes_256_cfb128(), 32, 16), + symm::Type::AES_256_CFB8 => (ffi::EVP_aes_256_cfb8(), 32, 16), symm::Type::RC4_128 => (ffi::EVP_rc4(), 16, 0), } } -} \ No newline at end of file +} diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 5a3b215f..c7af3113 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.7")] #[macro_use] extern crate bitflags; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 360f3f3e..e76529a5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -520,6 +520,16 @@ impl SslContext { }) } + /// Specifies the file that contains certificate chain + pub fn set_certificate_chain_file>(&mut self, file: P, file_type: X509FileType) + -> Result<(),SslError> { + let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_use_certificate_chain_file(self.ctx, file.as_ptr(), file_type as c_int) + }) + } + /// Specifies the certificate pub fn set_certificate(&mut self, cert: &X509) -> Result<(),SslError> { wrap_ssl_result( diff --git a/openssl/test/key.pem.pub b/openssl/test/key.pem.pub new file mode 100644 index 00000000..2a822569 --- /dev/null +++ b/openssl/test/key.pem.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1bXMptaIgOL9PVL8a7W +KG/C8+IbxP018eMBQZT0SnPQmXp0Q8Aai/F+AEDE7b5sO5U7WdxU4GRYw0wqkQNF +si78KNfoj2ZMlx6NRfl4UKuzrpGTPgQxuKDYedngPpWcbmW4P3zEL2Y7b18n9NJr +atRUzH1Zh/ReRO525Xadu58aviPw1Mzgse7cKyzb03Gll9noLnYNIIpO8jL+QyrD +8qNmfacmR20U0a6XDTtmsmk7AitGETICbTT0KRf+oAP0yIHoonllPpNLUEPZQjrp +ClS/S/wKdj7gaq9TaMbHULhFMjbCV8cuPu//rUAuWp3riaznZGOVQyn3Dp2CB3ad +yQIDAQAB +-----END PUBLIC KEY-----