diff --git a/openssl/examples/mk_certs.rs b/openssl/examples/mk_certs.rs index c64dc007..1dcdef25 100644 --- a/openssl/examples/mk_certs.rs +++ b/openssl/examples/mk_certs.rs @@ -4,7 +4,7 @@ extern crate openssl; use openssl::asn1::Asn1Time; -use openssl::bn::{BigNum, MSB_MAYBE_ZERO}; +use openssl::bn::{BigNum, MsbOption}; use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkey::{PKey, PKeyRef}; @@ -30,7 +30,7 @@ fn mk_ca_cert() -> Result<(X509, PKey), ErrorStack> { cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; - serial.rand(159, MSB_MAYBE_ZERO, false)?; + serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; @@ -88,7 +88,7 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; - serial.rand(159, MSB_MAYBE_ZERO, false)?; + serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; @@ -109,8 +109,8 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P .key_encipherment() .build()?)?; - let subject_key_identifier = SubjectKeyIdentifier::new() - .build(&cert_builder.x509v3_context(Some(ca_cert), None))?; + let subject_key_identifier = + SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?; cert_builder.append_extension(subject_key_identifier)?; let auth_key_identifier = AuthorityKeyIdentifier::new() diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs index 82ec38b6..25dae93d 100644 --- a/openssl/src/bn.rs +++ b/openssl/src/bn.rs @@ -30,16 +30,16 @@ use libc::c_int; use std::cmp::Ordering; use std::ffi::CString; use std::{fmt, ptr}; -use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref}; +use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; -use {cvt, cvt_p, cvt_n}; +use {cvt, cvt_n, cvt_p}; use asn1::Asn1Integer; use error::ErrorStack; use string::OpensslString; #[cfg(ossl10x)] -use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, - get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, +use ffi::{get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, + get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536, get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048, get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072, @@ -48,24 +48,26 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192}; #[cfg(ossl110)] -use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, +use ffi::{BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192}; /// Options for the most significant bits of a randomly generated `BigNum`. pub struct MsbOption(c_int); -/// The most significant bit of the number may be 0. -pub const MSB_MAYBE_ZERO: MsbOption = MsbOption(-1); +impl MsbOption { + /// The most significant bit of the number may be 0. + pub const MAYBE_ZERO: MsbOption = MsbOption(-1); -/// The most significant bit of the number must be 1. -pub const MSB_ONE: MsbOption = MsbOption(0); + /// The most significant bit of the number must be 1. + pub const ONE: MsbOption = MsbOption(0); -/// The most significant two bits of the number must be 1. -/// -/// The number of bits in the product of two such numbers will always be exactly twice the number -/// of bits in the original numbers. -pub const TWO_MSB_ONE: MsbOption = MsbOption(1); + /// The most significant two bits of the number must be 1. + /// + /// The number of bits in the product of two such numbers will always be exactly twice the + /// number of bits in the original numbers. + pub const TWO_ONES: MsbOption = MsbOption(1); +} foreign_type_and_impl_send_sync! { type CType = ffi::BN_CTX; @@ -396,14 +398,14 @@ impl BigNumRef { /// # Examples /// /// ``` - /// use openssl::bn::{BigNum,MSB_MAYBE_ZERO}; + /// use openssl::bn::{BigNum, MsbOption}; /// use openssl::error::ErrorStack; /// /// fn generate_random() -> Result< BigNum, ErrorStack > { /// let mut big = BigNum::new()?; /// /// // Generates a 128-bit odd random number - /// big.rand(128, MSB_MAYBE_ZERO, true); + /// big.rand(128, MsbOption::MAYBE_ZERO, true); /// Ok((big)) /// } /// ``` @@ -1345,7 +1347,7 @@ impl Neg for BigNum { #[cfg(test)] mod tests { - use bn::{BigNumContext, BigNum}; + use bn::{BigNum, BigNumContext}; #[test] fn test_to_from_slice() { diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 37a33cb4..7f1721ce 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -42,43 +42,6 @@ use bn::{BigNumContextRef, BigNumRef}; use error::ErrorStack; use nid::Nid; -/// Compressed conversion from point value (Default) -pub const POINT_CONVERSION_COMPRESSED: PointConversionForm = - PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED); - -/// Uncompressed conversion from point value (Binary curve default) -pub const POINT_CONVERSION_UNCOMPRESSED: PointConversionForm = - PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED); - -/// Performs both compressed and uncompressed conversions -pub const POINT_CONVERSION_HYBRID: PointConversionForm = - PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID); - -/// Curve defined using polynomial parameters -/// -/// Most applications use a named EC_GROUP curve, however, support -/// is included to explicitly define the curve used to calculate keys -/// This information would need to be known by both endpoint to make communication -/// effective. -/// -/// OPENSSL_EC_EXPLICIT_CURVE, but that was only added in 1.1. -/// Man page documents that 0 can be used in older versions. -/// -/// OpenSSL documentation at [`EC_GROUP`] -/// -/// [`EC_GROUP`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_seed_len.html -pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); - -/// Standard Curves -/// -/// Curves that make up the typical encryption use cases. The collection of curves -/// are well known but extensible. -/// -/// OpenSSL documentation at [`EC_GROUP`] -/// -/// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html -pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); - /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of @@ -91,13 +54,53 @@ pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); +impl PointConversionForm { + /// Compressed conversion from point value. + pub const COMPRESSED: PointConversionForm = + PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED); + + /// Uncompressed conversion from point value. + pub const UNCOMPRESSED: PointConversionForm = + PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED); + + /// Performs both compressed and uncompressed conversions. + pub const HYBRID: PointConversionForm = + PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID); +} + /// Named Curve or Explicit /// -/// This type acts as a boolean as to whether the EC_Group is named or -/// explicit. +/// This type acts as a boolean as to whether the `EcGroup` is named or explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); +impl Asn1Flag { + /// Curve defined using polynomial parameters + /// + /// Most applications use a named EC_GROUP curve, however, support + /// is included to explicitly define the curve used to calculate keys + /// This information would need to be known by both endpoint to make communication + /// effective. + /// + /// OPENSSL_EC_EXPLICIT_CURVE, but that was only added in 1.1. + /// Man page documents that 0 can be used in older versions. + /// + /// OpenSSL documentation at [`EC_GROUP`] + /// + /// [`EC_GROUP`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_seed_len.html + pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); + + /// Standard Curves + /// + /// Curves that make up the typical encryption use cases. The collection of curves + /// are well known but extensible. + /// + /// OpenSSL documentation at [`EC_GROUP`] + /// + /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html + pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); +} + foreign_type_and_impl_send_sync! { type CType = ffi::EC_GROUP; fn drop = ffi::EC_GROUP_free; @@ -767,7 +770,7 @@ mod test { let point = key.public_key().unwrap(); let mut ctx = BigNumContext::new().unwrap(); let bytes = point - .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) + .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); let point2 = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap(); assert!(point.eq(&group, &point2, &mut ctx).unwrap()); @@ -796,7 +799,7 @@ mod test { let mut ctx = BigNumContext::new().unwrap(); let bytes = key.public_key() .unwrap() - .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) + .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); drop(key); diff --git a/openssl/src/ocsp.rs b/openssl/src/ocsp.rs index 37a88101..edd51d8f 100644 --- a/openssl/src/ocsp.rs +++ b/openssl/src/ocsp.rs @@ -13,7 +13,7 @@ use x509::store::X509StoreRef; use x509::{X509, X509Ref}; bitflags! { - pub struct Flag: c_ulong { + pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; const NO_CHAIN = ffi::OCSP_NOCHAIN; @@ -28,42 +28,6 @@ bitflags! { } } -pub const RESPONSE_STATUS_SUCCESSFUL: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); -pub const RESPONSE_STATUS_MALFORMED_REQUEST: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); -pub const RESPONSE_STATUS_INTERNAL_ERROR: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); -pub const RESPONSE_STATUS_TRY_LATER: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); -pub const RESPONSE_STATUS_SIG_REQUIRED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); -pub const RESPONSE_STATUS_UNAUTHORIZED: OcspResponseStatus = - OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); - -pub const CERT_STATUS_GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); -pub const CERT_STATUS_REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); -pub const CERT_STATUS_UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); - -pub const REVOKED_STATUS_NO_STATUS: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); -pub const REVOKED_STATUS_UNSPECIFIED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); -pub const REVOKED_STATUS_KEY_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); -pub const REVOKED_STATUS_CA_COMPROMISE: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); -pub const REVOKED_STATUS_AFFILIATION_CHANGED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); -pub const REVOKED_STATUS_SUPERSEDED: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); -pub const REVOKED_STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); -pub const REVOKED_STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); -pub const REVOKED_STATUS_REMOVE_FROM_CRL: OcspRevokedStatus = - OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); - #[derive(Copy, Clone, Debug, PartialEq, Eq)] pub struct OcspResponseStatus(c_int); @@ -75,6 +39,19 @@ impl OcspResponseStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const SUCCESSFUL: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); + pub const MALFORMED_REQUEST: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); + pub const INTERNAL_ERROR: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); + pub const TRY_LATER: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); + pub const SIG_REQUIRED: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); + pub const UNAUTHORIZED: OcspResponseStatus = + OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] @@ -88,6 +65,10 @@ impl OcspCertStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); + pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); + pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] @@ -101,9 +82,27 @@ impl OcspRevokedStatus { pub fn as_raw(&self) -> c_int { self.0 } + + pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); + pub const UNSPECIFIED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); + pub const KEY_COMPROMISE: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); + pub const CA_COMPROMISE: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); + pub const AFFILIATION_CHANGED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); + pub const STATUS_SUPERSEDED: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); + pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); + pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); + pub const REMOVE_FROM_CRL: OcspRevokedStatus = + OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); } -pub struct Status<'a> { +pub struct OcspStatus<'a> { /// The overall status of the response. pub status: OcspCertStatus, /// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation. @@ -116,7 +115,7 @@ pub struct Status<'a> { pub next_update: &'a Asn1GeneralizedTimeRef, } -impl<'a> Status<'a> { +impl<'a> OcspStatus<'a> { /// Checks validity of the `this_update` and `next_update` fields. /// /// The `nsec` parameter specifies an amount of slack time that will be used when comparing @@ -153,7 +152,7 @@ impl OcspBasicResponseRef { &self, certs: &StackRef, store: &X509StoreRef, - flags: Flag, + flags: OcspFlag, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::OCSP_basic_verify( @@ -166,7 +165,7 @@ impl OcspBasicResponseRef { } /// Looks up the status for the specified certificate ID. - pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option> { + pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option> { unsafe { let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN; let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS; @@ -189,7 +188,7 @@ impl OcspBasicResponseRef { } else { Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time)) }; - Some(Status { + Some(OcspStatus { status: OcspCertStatus(status), reason: OcspRevokedStatus(status), revocation_time: revocation_time, diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index b02b9216..83f05247 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -2,14 +2,14 @@ use ffi; use std::fmt; use std::ptr; use std::mem; -use libc::{c_int, c_void, c_char}; +use libc::{c_char, c_int, c_void}; use foreign_types::ForeignTypeRef; -use {cvt, cvt_p, cvt_n}; +use {cvt, cvt_n, cvt_p}; use bn::{BigNum, BigNumRef}; use bio::MemBioSlice; use error::ErrorStack; -use util::{CallbackState, invoke_passwd_cb_old}; +use util::{invoke_passwd_cb_old, CallbackState}; /// Type of encryption padding to use. #[derive(Debug, Copy, Clone, PartialEq, Eq)] @@ -23,11 +23,11 @@ impl Padding { pub fn as_raw(&self) -> c_int { self.0 } -} -pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); -pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING); -pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); + pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING); + pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING); + pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); +} foreign_type_and_impl_send_sync! { type CType = ffi::RSA; @@ -286,9 +286,7 @@ impl Rsa { ) -> Result { unsafe { let rsa = Rsa(cvt_p(ffi::RSA_new())?); - cvt( - compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()), - )?; + cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))?; mem::forget((n, e, d)); cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))?; mem::forget((p, q)); @@ -490,7 +488,7 @@ mod test { let mut result = vec![0; public_key.size()]; let original_data = b"This is test"; let len = public_key - .public_encrypt(original_data, &mut result, PKCS1_PADDING) + .public_encrypt(original_data, &mut result, Padding::PKCS1) .unwrap(); assert_eq!(len, 256); @@ -498,7 +496,7 @@ mod test { let private_key = Rsa::private_key_from_pem(pkey).unwrap(); let mut dec_result = vec![0; private_key.size()]; let len = private_key - .private_decrypt(&result, &mut dec_result, PKCS1_PADDING) + .private_decrypt(&result, &mut dec_result, Padding::PKCS1) .unwrap(); assert_eq!(&dec_result[..len], original_data); @@ -513,9 +511,10 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; - k0.private_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); + k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1) + .unwrap(); let mut dmesg = vec![0; k1.size()]; - let len = k1.public_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) + let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } @@ -529,9 +528,9 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; - k0.public_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); + k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap(); let mut dmesg = vec![0; k1.size()]; - let len = k1.private_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) + let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 3155463a..4a0af9d7 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -354,7 +354,7 @@ mod test { use sign::{Signer, Verifier}; use ec::{EcGroup, EcKey}; use nid::Nid; - use rsa::{PKCS1_PADDING, Rsa}; + use rsa::{Padding, Rsa}; use dsa::Dsa; use pkey::PKey; @@ -378,10 +378,10 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING); + assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), Padding::PKCS1); signer .pkey_ctx_mut() - .set_rsa_padding(PKCS1_PADDING) + .set_rsa_padding(Padding::PKCS1) .unwrap(); signer.update(&Vec::from_hex(INPUT).unwrap()).unwrap(); let result = signer.sign_to_vec().unwrap(); @@ -398,7 +398,7 @@ mod test { let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); assert_eq!( verifier.pkey_ctx_mut().rsa_padding().unwrap(), - PKCS1_PADDING + Padding::PKCS1 ); verifier.update(&Vec::from_hex(INPUT).unwrap()).unwrap(); assert!(verifier.verify(&Vec::from_hex(SIGNATURE).unwrap()).unwrap()); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 9751688e..5f60d564 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -338,10 +338,10 @@ impl StatusType { pub fn as_raw(&self) -> c_int { self.0 } -} -/// An OSCP status. -pub const STATUS_TYPE_OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp); + /// An OSCP status. + pub const OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp); +} lazy_static! { static ref INDEXES: Mutex> = Mutex::new(HashMap::new()); diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index d9578dec..822cac24 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -16,11 +16,11 @@ use tempdir::TempDir; use dh::Dh; use hash::MessageDigest; -use ocsp::{OcspResponse, RESPONSE_STATUS_UNAUTHORIZED}; +use ocsp::{OcspResponse, OcspResponseStatus}; use ssl; use ssl::{Error, HandshakeError, ShutdownResult, Ssl, SslAcceptorBuilder, SslConnectorBuilder, - SslContext, SslMethod, SslStream, SslVerifyMode, STATUS_TYPE_OCSP}; -use x509::{X509, X509Name, X509StoreContext, X509_FILETYPE_PEM}; + SslContext, SslMethod, SslStream, SslVerifyMode, StatusType}; +use x509::{X509, X509FileType, X509Name, X509StoreContext}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] use x509::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; use pkey::PKey; @@ -349,9 +349,9 @@ fn test_write_hits_stream() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_verify(SslVerifyMode::PEER); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); let stream = listener.accept().unwrap().0; let mut stream = Ssl::new(&ctx.build()).unwrap().accept(stream).unwrap(); @@ -620,10 +620,10 @@ fn test_npn_server_advertise_multiple() { ctx.set_verify(SslVerifyMode::PEER); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); assert!( - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .is_ok() ); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.build() }; @@ -663,10 +663,10 @@ fn test_alpn_server_advertise_multiple() { ctx.set_verify(SslVerifyMode::PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); assert!( - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .is_ok() ); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.build() }; @@ -706,10 +706,10 @@ fn test_alpn_server_select_none() { ctx.set_verify(SslVerifyMode::PEER); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]).unwrap(); assert!( - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .is_ok() ); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.build() }; @@ -1162,9 +1162,9 @@ fn shutdown() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.accept(stream).unwrap(); @@ -1220,9 +1220,9 @@ fn tmp_dh_callback() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.set_tmp_dh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); @@ -1257,9 +1257,9 @@ fn tmp_ecdh_callback() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.set_tmp_ecdh_callback(|_, _, _| { CALLED_BACK.store(true, Ordering::SeqCst); @@ -1288,9 +1288,9 @@ fn tmp_dh_callback_ssl() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_tmp_dh_callback(|_, _, _| { @@ -1325,9 +1325,9 @@ fn tmp_ecdh_callback_ssl() { thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_tmp_ecdh_callback(|_, _, _| { @@ -1380,13 +1380,13 @@ fn status_callbacks() { let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), X509_FILETYPE_PEM) + ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), X509_FILETYPE_PEM) + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) .unwrap(); ctx.set_status_callback(|ssl| { CALLED_BACK_SERVER.store(true, Ordering::SeqCst); - let response = OcspResponse::create(RESPONSE_STATUS_UNAUTHORIZED, None).unwrap(); + let response = OcspResponse::create(OcspResponseStatus::UNAUTHORIZED, None).unwrap(); let response = response.to_der().unwrap(); ssl.set_ocsp_status(&response).unwrap(); Ok(true) @@ -1400,11 +1400,11 @@ fn status_callbacks() { ctx.set_status_callback(|ssl| { CALLED_BACK_CLIENT.store(true, Ordering::SeqCst); let response = OcspResponse::from_der(ssl.ocsp_status().unwrap()).unwrap(); - assert_eq!(response.status(), RESPONSE_STATUS_UNAUTHORIZED); + assert_eq!(response.status(), OcspResponseStatus::UNAUTHORIZED); Ok(true) }).unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); - ssl.set_status_type(STATUS_TYPE_OCSP).unwrap(); + ssl.set_status_type(StatusType::OCSP).unwrap(); ssl.connect(stream).unwrap(); assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst)); diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index faf93780..69d17f86 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -16,7 +16,7 @@ use std::str; use {cvt, cvt_n, cvt_p}; use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1Time, Asn1TimeRef}; use bio::MemBioSlice; -use bn::{BigNum, MSB_MAYBE_ZERO}; +use bn::{BigNum, MsbOption}; use conf::ConfRef; use error::ErrorStack; use hash::MessageDigest; @@ -50,11 +50,11 @@ impl X509FileType { pub fn as_raw(&self) -> c_int { self.0 } -} -pub const X509_FILETYPE_PEM: X509FileType = X509FileType(ffi::X509_FILETYPE_PEM); -pub const X509_FILETYPE_ASN1: X509FileType = X509FileType(ffi::X509_FILETYPE_ASN1); -pub const X509_FILETYPE_DEFAULT: X509FileType = X509FileType(ffi::X509_FILETYPE_DEFAULT); + pub const PEM: X509FileType = X509FileType(ffi::X509_FILETYPE_PEM); + pub const ASN1: X509FileType = X509FileType(ffi::X509_FILETYPE_ASN1); + pub const DEFAULT: X509FileType = X509FileType(ffi::X509_FILETYPE_DEFAULT); +} foreign_type_and_impl_send_sync! { type CType = ffi::X509_STORE_CTX; @@ -224,7 +224,7 @@ impl X509Generator { builder.set_version(2)?; let mut serial = BigNum::new()?; - serial.rand(128, MSB_MAYBE_ZERO, false)?; + serial.rand(128, MsbOption::MAYBE_ZERO, false)?; let serial = serial.to_asn1_integer()?; builder.set_serial_number(&serial)?; diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 543cf7f2..1ad0218c 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1,8 +1,8 @@ use hex::{FromHex, ToHex}; use asn1::Asn1Time; -use bn::{BigNum, MSB_MAYBE_ZERO}; -use ec::{EcGroup, EcKey, NAMED_CURVE}; +use bn::{BigNum, MsbOption}; +use ec::{Asn1Flag, EcGroup, EcKey}; use hash::MessageDigest; use nid::Nid; use pkey::PKey; @@ -246,7 +246,7 @@ fn x509_builder() { builder.set_pubkey(&pkey).unwrap(); let mut serial = BigNum::new().unwrap(); - serial.rand(128, MSB_MAYBE_ZERO, false).unwrap(); + serial.rand(128, MsbOption::MAYBE_ZERO, false).unwrap(); builder .set_serial_number(&serial.to_asn1_integer().unwrap()) .unwrap(); @@ -361,7 +361,7 @@ fn issued() { #[test] fn ecdsa_cert() { let mut group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); - group.set_asn1_flag(NAMED_CURVE); + group.set_asn1_flag(Asn1Flag::NAMED_CURVE); let key = EcKey::generate(&group).unwrap(); let key = PKey::from_ec_key(key).unwrap();