min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move to associated consts

This commit is contained in:
Steven Fackler 2017-12-25 19:56:27 -07:00
parent bbae793eb3
commit 3eab162dc2
10 changed files with 167 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openssl/examples/mk_certs.rs
View File

@ -4,7 +4,7 @@
extern crate openssl;
use openssl::asn1::Asn1Time;
use openssl::bn::{BigNum, MSB_MAYBE_ZERO};
use openssl::bn::{BigNum, MsbOption};
use openssl::error::ErrorStack;
use openssl::hash::MessageDigest;
use openssl::pkey::{PKey, PKeyRef};
@ -30,7 +30,7 @@ fn mk_ca_cert() -> Result<(X509, PKey), ErrorStack> {
cert_builder.set_version(2)?;
let serial_number = {
let mut serial = BigNum::new()?;
serial.rand(159, MSB_MAYBE_ZERO, false)?;
serial.rand(159, MsbOption::MAYBE_ZERO, false)?;
serial.to_asn1_integer()?
};
cert_builder.set_serial_number(&serial_number)?;
@ -88,7 +88,7 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P
cert_builder.set_version(2)?;
let serial_number = {
let mut serial = BigNum::new()?;
serial.rand(159, MSB_MAYBE_ZERO, false)?;
serial.rand(159, MsbOption::MAYBE_ZERO, false)?;
serial.to_asn1_integer()?
};
cert_builder.set_serial_number(&serial_number)?;
@ -109,8 +109,8 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P
.key_encipherment()
.build()?)?;
let subject_key_identifier = SubjectKeyIdentifier::new()
.build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
let subject_key_identifier =
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
cert_builder.append_extension(subject_key_identifier)?;
let auth_key_identifier = AuthorityKeyIdentifier::new()

36
openssl/src/bn.rs
View File

@ -30,16 +30,16 @@ use libc::c_int;
use std::cmp::Ordering;
use std::ffi::CString;
use std::{fmt, ptr};
use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref};
use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub};
use {cvt, cvt_p, cvt_n};
use {cvt, cvt_n, cvt_p};
use asn1::Asn1Integer;
use error::ErrorStack;
use string::OpensslString;
#[cfg(ossl10x)]
use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
use ffi::{get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
@ -48,24 +48,26 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192};
#[cfg(ossl110)]
use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536,
use ffi::{BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192};
/// Options for the most significant bits of a randomly generated `BigNum`.
pub struct MsbOption(c_int);
/// The most significant bit of the number may be 0.
pub const MSB_MAYBE_ZERO: MsbOption = MsbOption(-1);
impl MsbOption {
/// The most significant bit of the number may be 0.
pub const MAYBE_ZERO: MsbOption = MsbOption(-1);
/// The most significant bit of the number must be 1.
pub const MSB_ONE: MsbOption = MsbOption(0);
/// The most significant bit of the number must be 1.
pub const ONE: MsbOption = MsbOption(0);
/// The most significant two bits of the number must be 1.
///
/// The number of bits in the product of two such numbers will always be exactly twice the number
/// of bits in the original numbers.
pub const TWO_MSB_ONE: MsbOption = MsbOption(1);
/// The most significant two bits of the number must be 1.
///
/// The number of bits in the product of two such numbers will always be exactly twice the
/// number of bits in the original numbers.
pub const TWO_ONES: MsbOption = MsbOption(1);
}
foreign_type_and_impl_send_sync! {
type CType = ffi::BN_CTX;
@ -396,14 +398,14 @@ impl BigNumRef {
/// # Examples
///
/// ```
/// use openssl::bn::{BigNum,MSB_MAYBE_ZERO};
/// use openssl::bn::{BigNum, MsbOption};
/// use openssl::error::ErrorStack;
///
/// fn generate_random() -> Result< BigNum, ErrorStack > {
/// let mut big = BigNum::new()?;
///
/// // Generates a 128-bit odd random number
/// big.rand(128, MSB_MAYBE_ZERO, true);
/// big.rand(128, MsbOption::MAYBE_ZERO, true);
/// Ok((big))
/// }
/// ```
@ -1345,7 +1347,7 @@ impl Neg for BigNum {
#[cfg(test)]
mod tests {
use bn::{BigNumContext, BigNum};
use bn::{BigNum, BigNumContext};
#[test]
fn test_to_from_slice() {

85
openssl/src/ec.rs
View File

@ -42,43 +42,6 @@ use bn::{BigNumContextRef, BigNumRef};
use error::ErrorStack;
use nid::Nid;
/// Compressed conversion from point value (Default)
pub const POINT_CONVERSION_COMPRESSED: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED);
/// Uncompressed conversion from point value (Binary curve default)
pub const POINT_CONVERSION_UNCOMPRESSED: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED);
/// Performs both compressed and uncompressed conversions
pub const POINT_CONVERSION_HYBRID: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID);
/// Curve defined using polynomial parameters
///
/// Most applications use a named EC_GROUP curve, however, support
/// is included to explicitly define the curve used to calculate keys
/// This information would need to be known by both endpoint to make communication
/// effective.
///
/// OPENSSL_EC_EXPLICIT_CURVE, but that was only added in 1.1.
/// Man page documents that 0 can be used in older versions.
///
/// OpenSSL documentation at [`EC_GROUP`]
///
/// [`EC_GROUP`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_seed_len.html
pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0);
/// Standard Curves
///
/// Curves that make up the typical encryption use cases. The collection of curves
/// are well known but extensible.
///
/// OpenSSL documentation at [`EC_GROUP`]
///
/// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html
pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE);
/// Compressed or Uncompressed conversion
///
/// Conversion from the binary value of the point on the curve is performed in one of
@ -91,13 +54,53 @@ pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE);
#[derive(Copy, Clone)]
pub struct PointConversionForm(ffi::point_conversion_form_t);
impl PointConversionForm {
/// Compressed conversion from point value.
pub const COMPRESSED: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED);
/// Uncompressed conversion from point value.
pub const UNCOMPRESSED: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED);
/// Performs both compressed and uncompressed conversions.
pub const HYBRID: PointConversionForm =
PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID);
}
/// Named Curve or Explicit
///
/// This type acts as a boolean as to whether the EC_Group is named or
/// explicit.
/// This type acts as a boolean as to whether the `EcGroup` is named or explicit.
#[derive(Copy, Clone)]
pub struct Asn1Flag(c_int);
impl Asn1Flag {
/// Curve defined using polynomial parameters
///
/// Most applications use a named EC_GROUP curve, however, support
/// is included to explicitly define the curve used to calculate keys
/// This information would need to be known by both endpoint to make communication
/// effective.
///
/// OPENSSL_EC_EXPLICIT_CURVE, but that was only added in 1.1.
/// Man page documents that 0 can be used in older versions.
///
/// OpenSSL documentation at [`EC_GROUP`]
///
/// [`EC_GROUP`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_seed_len.html
pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0);
/// Standard Curves
///
/// Curves that make up the typical encryption use cases. The collection of curves
/// are well known but extensible.
///
/// OpenSSL documentation at [`EC_GROUP`]
///
/// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html
pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE);
}
foreign_type_and_impl_send_sync! {
type CType = ffi::EC_GROUP;
fn drop = ffi::EC_GROUP_free;
@ -767,7 +770,7 @@ mod test {
let point = key.public_key().unwrap();
let mut ctx = BigNumContext::new().unwrap();
let bytes = point
.to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx)
.to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx)
.unwrap();
let point2 = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap();
assert!(point.eq(&group, &point2, &mut ctx).unwrap());
@ -796,7 +799,7 @@ mod test {
let mut ctx = BigNumContext::new().unwrap();
let bytes = key.public_key()
.unwrap()
.to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx)
.to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx)
.unwrap();
drop(key);

83
openssl/src/ocsp.rs
View File

@ -13,7 +13,7 @@ use x509::store::X509StoreRef;
use x509::{X509, X509Ref};
bitflags! {
pub struct Flag: c_ulong {
pub struct OcspFlag: c_ulong {
const NO_CERTS = ffi::OCSP_NOCERTS;
const NO_INTERN = ffi::OCSP_NOINTERN;
const NO_CHAIN = ffi::OCSP_NOCHAIN;
@ -28,42 +28,6 @@ bitflags! {
}
}
pub const RESPONSE_STATUS_SUCCESSFUL: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL);
pub const RESPONSE_STATUS_MALFORMED_REQUEST: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST);
pub const RESPONSE_STATUS_INTERNAL_ERROR: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR);
pub const RESPONSE_STATUS_TRY_LATER: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER);
pub const RESPONSE_STATUS_SIG_REQUIRED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED);
pub const RESPONSE_STATUS_UNAUTHORIZED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED);
pub const CERT_STATUS_GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD);
pub const CERT_STATUS_REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED);
pub const CERT_STATUS_UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN);
pub const REVOKED_STATUS_NO_STATUS: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS);
pub const REVOKED_STATUS_UNSPECIFIED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED);
pub const REVOKED_STATUS_KEY_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE);
pub const REVOKED_STATUS_CA_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE);
pub const REVOKED_STATUS_AFFILIATION_CHANGED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED);
pub const REVOKED_STATUS_SUPERSEDED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED);
pub const REVOKED_STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION);
pub const REVOKED_STATUS_CERTIFICATE_HOLD: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD);
pub const REVOKED_STATUS_REMOVE_FROM_CRL: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL);
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub struct OcspResponseStatus(c_int);
@ -75,6 +39,19 @@ impl OcspResponseStatus {
pub fn as_raw(&self) -> c_int {
self.0
}
pub const SUCCESSFUL: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL);
pub const MALFORMED_REQUEST: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST);
pub const INTERNAL_ERROR: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR);
pub const TRY_LATER: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER);
pub const SIG_REQUIRED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED);
pub const UNAUTHORIZED: OcspResponseStatus =
OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED);
}
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
@ -88,6 +65,10 @@ impl OcspCertStatus {
pub fn as_raw(&self) -> c_int {
self.0
}
pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD);
pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED);
pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN);
}
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
@ -101,9 +82,27 @@ impl OcspRevokedStatus {
pub fn as_raw(&self) -> c_int {
self.0
}
pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS);
pub const UNSPECIFIED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED);
pub const KEY_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE);
pub const CA_COMPROMISE: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE);
pub const AFFILIATION_CHANGED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED);
pub const STATUS_SUPERSEDED: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED);
pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION);
pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD);
pub const REMOVE_FROM_CRL: OcspRevokedStatus =
OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL);
}
pub struct Status<'a> {
pub struct OcspStatus<'a> {
/// The overall status of the response.
pub status: OcspCertStatus,
/// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation.
@ -116,7 +115,7 @@ pub struct Status<'a> {
pub next_update: &'a Asn1GeneralizedTimeRef,
}
impl<'a> Status<'a> {
impl<'a> OcspStatus<'a> {
/// Checks validity of the `this_update` and `next_update` fields.
///
/// The `nsec` parameter specifies an amount of slack time that will be used when comparing
@ -153,7 +152,7 @@ impl OcspBasicResponseRef {
&self,
certs: &StackRef<X509>,
store: &X509StoreRef,
flags: Flag,
flags: OcspFlag,
) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::OCSP_basic_verify(
@ -166,7 +165,7 @@ impl OcspBasicResponseRef {
}
/// Looks up the status for the specified certificate ID.
pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<Status<'a>> {
pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<OcspStatus<'a>> {
unsafe {
let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN;
let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS;
@ -189,7 +188,7 @@ impl OcspBasicResponseRef {
} else {
Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time))
};
Some(Status {
Some(OcspStatus {
status: OcspCertStatus(status),
reason: OcspRevokedStatus(status),
revocation_time: revocation_time,

31
openssl/src/rsa.rs
View File

@ -2,14 +2,14 @@ use ffi;
use std::fmt;
use std::ptr;
use std::mem;
use libc::{c_int, c_void, c_char};
use libc::{c_char, c_int, c_void};
use foreign_types::ForeignTypeRef;
use {cvt, cvt_p, cvt_n};
use {cvt, cvt_n, cvt_p};
use bn::{BigNum, BigNumRef};
use bio::MemBioSlice;
use error::ErrorStack;
use util::{CallbackState, invoke_passwd_cb_old};
use util::{invoke_passwd_cb_old, CallbackState};
/// Type of encryption padding to use.
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
@ -23,11 +23,11 @@ impl Padding {
pub fn as_raw(&self) -> c_int {
self.0
}
}
pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING);
pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING);
pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING);
pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING);
pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING);
pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING);
}
foreign_type_and_impl_send_sync! {
type CType = ffi::RSA;
@ -286,9 +286,7 @@ impl Rsa {
) -> Result<Rsa, ErrorStack> {
unsafe {
let rsa = Rsa(cvt_p(ffi::RSA_new())?);
cvt(
compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()),
)?;
cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))?;
mem::forget((n, e, d));
cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))?;
mem::forget((p, q));
@ -490,7 +488,7 @@ mod test {
let mut result = vec![0; public_key.size()];
let original_data = b"This is test";
let len = public_key
.public_encrypt(original_data, &mut result, PKCS1_PADDING)
.public_encrypt(original_data, &mut result, Padding::PKCS1)
.unwrap();
assert_eq!(len, 256);
@ -498,7 +496,7 @@ mod test {
let private_key = Rsa::private_key_from_pem(pkey).unwrap();
let mut dec_result = vec![0; private_key.size()];
let len = private_key
.private_decrypt(&result, &mut dec_result, PKCS1_PADDING)
.private_decrypt(&result, &mut dec_result, Padding::PKCS1)
.unwrap();
assert_eq!(&dec_result[..len], original_data);
@ -513,9 +511,10 @@ mod test {
let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
let mut emesg = vec![0; k0.size()];
k0.private_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap();
k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1)
.unwrap();
let mut dmesg = vec![0; k1.size()];
let len = k1.public_decrypt(&emesg, &mut dmesg, PKCS1_PADDING)
let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
.unwrap();
assert_eq!(msg, &dmesg[..len]);
}
@ -529,9 +528,9 @@ mod test {
let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
let mut emesg = vec![0; k0.size()];
k0.public_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap();
k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap();
let mut dmesg = vec![0; k1.size()];
let len = k1.private_decrypt(&emesg, &mut dmesg, PKCS1_PADDING)
let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
.unwrap();
assert_eq!(msg, &dmesg[..len]);
}

8
openssl/src/sign.rs
View File

@ -354,7 +354,7 @@ mod test {
use sign::{Signer, Verifier};
use ec::{EcGroup, EcKey};
use nid::Nid;
use rsa::{PKCS1_PADDING, Rsa};
use rsa::{Padding, Rsa};
use dsa::Dsa;
use pkey::PKey;
@ -378,10 +378,10 @@ mod test {
let pkey = PKey::from_rsa(private_key).unwrap();
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), Padding::PKCS1);
signer
.pkey_ctx_mut()
.set_rsa_padding(PKCS1_PADDING)
.set_rsa_padding(Padding::PKCS1)
.unwrap();
signer.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
let result = signer.sign_to_vec().unwrap();
@ -398,7 +398,7 @@ mod test {
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
assert_eq!(
verifier.pkey_ctx_mut().rsa_padding().unwrap(),
PKCS1_PADDING
Padding::PKCS1
);
verifier.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
assert!(verifier.verify(&Vec::from_hex(SIGNATURE).unwrap()).unwrap());

6
openssl/src/ssl/mod.rs
View File

@ -338,10 +338,10 @@ impl StatusType {
pub fn as_raw(&self) -> c_int {
self.0
}
}
/// An OSCP status.
pub const STATUS_TYPE_OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp);
/// An OSCP status.
pub const OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp);
}
lazy_static! {
static ref INDEXES: Mutex<HashMap<TypeId, c_int>> = Mutex::new(HashMap::new());

52
openssl/src/ssl/tests/mod.rs
View File

@ -16,11 +16,11 @@ use tempdir::TempDir;
use dh::Dh;
use hash::MessageDigest;
use ocsp::{OcspResponse, RESPONSE_STATUS_UNAUTHORIZED};
use ocsp::{OcspResponse, OcspResponseStatus};
use ssl;
use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptorBuilder, SslConnectorBuilder,
SslContext, SslMethod, SslStream, SslVerifyMode, STATUS_TYPE_OCSP};
use x509::{X509, X509Name, X509StoreContext, X509_FILETYPE_PEM};
SslContext, SslMethod, SslStream, SslVerifyMode, StatusType};
use x509::{X509, X509FileType, X509Name, X509StoreContext};
#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
use pkey::PKey;
@ -349,9 +349,9 @@ fn test_write_hits_stream() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_verify(SslVerifyMode::PEER);
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
let stream = listener.accept().unwrap().0;
let mut stream = Ssl::new(&ctx.build()).unwrap().accept(stream).unwrap();
@ -620,10 +620,10 @@ fn test_npn_server_advertise_multiple() {
ctx.set_verify(SslVerifyMode::PEER);
ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.is_ok()
);
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.build()
};
@ -663,10 +663,10 @@ fn test_alpn_server_advertise_multiple() {
ctx.set_verify(SslVerifyMode::PEER);
ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.is_ok()
);
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.build()
};
@ -706,10 +706,10 @@ fn test_alpn_server_select_none() {
ctx.set_verify(SslVerifyMode::PEER);
ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap();
assert!(
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.is_ok()
);
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.build()
};
@ -1162,9 +1162,9 @@ fn shutdown() {
thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
let ssl = Ssl::new(&ctx.build()).unwrap();
let mut stream = ssl.accept(stream).unwrap();
@ -1220,9 +1220,9 @@ fn tmp_dh_callback() {
thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.set_tmp_dh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
@ -1257,9 +1257,9 @@ fn tmp_ecdh_callback() {
thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.set_tmp_ecdh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
@ -1288,9 +1288,9 @@ fn tmp_dh_callback_ssl() {
thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tmp_dh_callback(|_, _, _| {
@ -1325,9 +1325,9 @@ fn tmp_ecdh_callback_ssl() {
thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_tmp_ecdh_callback(|_, _, _| {
@ -1380,13 +1380,13 @@ fn status_callbacks() {
let guard = thread::spawn(move || {
let stream = listener.accept().unwrap().0;
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM)
ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM)
.unwrap();
ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM)
ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM)
.unwrap();
ctx.set_status_callback(|ssl| {
CALLED_BACK_SERVER.store(true, Ordering::SeqCst);
let response = OcspResponse::create(RESPONSE_STATUS_UNAUTHORIZED, None).unwrap();
let response = OcspResponse::create(OcspResponseStatus::UNAUTHORIZED, None).unwrap();
let response = response.to_der().unwrap();
ssl.set_ocsp_status(&response).unwrap();
Ok(true)
@ -1400,11 +1400,11 @@ fn status_callbacks() {
ctx.set_status_callback(|ssl| {
CALLED_BACK_CLIENT.store(true, Ordering::SeqCst);
let response = OcspResponse::from_der(ssl.ocsp_status().unwrap()).unwrap();
assert_eq!(response.status(), RESPONSE_STATUS_UNAUTHORIZED);
assert_eq!(response.status(), OcspResponseStatus::UNAUTHORIZED);
Ok(true)
}).unwrap();
let mut ssl = Ssl::new(&ctx.build()).unwrap();
ssl.set_status_type(STATUS_TYPE_OCSP).unwrap();
ssl.set_status_type(StatusType::OCSP).unwrap();
ssl.connect(stream).unwrap();
assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst));

12
openssl/src/x509/mod.rs
View File

@ -16,7 +16,7 @@ use std::str;
use {cvt, cvt_n, cvt_p};
use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1Time, Asn1TimeRef};
use bio::MemBioSlice;
use bn::{BigNum, MSB_MAYBE_ZERO};
use bn::{BigNum, MsbOption};
use conf::ConfRef;
use error::ErrorStack;
use hash::MessageDigest;
@ -50,11 +50,11 @@ impl X509FileType {
pub fn as_raw(&self) -> c_int {
self.0
}
}
pub const X509_FILETYPE_PEM: X509FileType = X509FileType(ffi::X509_FILETYPE_PEM);
pub const X509_FILETYPE_ASN1: X509FileType = X509FileType(ffi::X509_FILETYPE_ASN1);
pub const X509_FILETYPE_DEFAULT: X509FileType = X509FileType(ffi::X509_FILETYPE_DEFAULT);
pub const PEM: X509FileType = X509FileType(ffi::X509_FILETYPE_PEM);
pub const ASN1: X509FileType = X509FileType(ffi::X509_FILETYPE_ASN1);
pub const DEFAULT: X509FileType = X509FileType(ffi::X509_FILETYPE_DEFAULT);
}
foreign_type_and_impl_send_sync! {
type CType = ffi::X509_STORE_CTX;
@ -224,7 +224,7 @@ impl X509Generator {
builder.set_version(2)?;
let mut serial = BigNum::new()?;
serial.rand(128, MSB_MAYBE_ZERO, false)?;
serial.rand(128, MsbOption::MAYBE_ZERO, false)?;
let serial = serial.to_asn1_integer()?;
builder.set_serial_number(&serial)?;

8
openssl/src/x509/tests.rs
View File

@ -1,8 +1,8 @@
use hex::{FromHex, ToHex};
use asn1::Asn1Time;
use bn::{BigNum, MSB_MAYBE_ZERO};
use ec::{EcGroup, EcKey, NAMED_CURVE};
use bn::{BigNum, MsbOption};
use ec::{Asn1Flag, EcGroup, EcKey};
use hash::MessageDigest;
use nid::Nid;
use pkey::PKey;
@ -246,7 +246,7 @@ fn x509_builder() {
builder.set_pubkey(&pkey).unwrap();
let mut serial = BigNum::new().unwrap();
serial.rand(128, MSB_MAYBE_ZERO, false).unwrap();
serial.rand(128, MsbOption::MAYBE_ZERO, false).unwrap();
builder
.set_serial_number(&serial.to_asn1_integer().unwrap())
.unwrap();
@ -361,7 +361,7 @@ fn issued() {
#[test]
fn ecdsa_cert() {
let mut group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
group.set_asn1_flag(NAMED_CURVE);
group.set_asn1_flag(Asn1Flag::NAMED_CURVE);
let key = EcKey::generate(&group).unwrap();
let key = PKey::from_ec_key(key).unwrap();