min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1077 from snapview/X509-verify 

X.509: add verify methods
This commit is contained in:
Steven Fackler 2019-03-11 19:52:34 -07:00 committed by GitHub
parent 9e688cb833 a0e5b31799
commit 487963d17a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssl-sys/src/x509.rs
View File

@ -241,6 +241,7 @@ extern "C" {
pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION)
-> c_int; -> c_int;
pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
pub fn X509_REQ_verify(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]
pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME; pub fn X509_getm_notBefore(x: *const X509) -> *mut ASN1_TIME;
#[cfg(any(ossl110, libressl273))] #[cfg(any(ossl110, libressl273))]

1
openssl-sys/src/x509v3.rs
View File

@ -76,6 +76,7 @@ cfg_if! {
extern "C" { extern "C" {
pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int; pub fn X509_check_issued(issuer: *mut X509, subject: *mut X509) -> c_int;
pub fn X509_verify(req: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
pub fn X509V3_set_nconf(ctx: *mut X509V3_CTX, conf: *mut CONF); pub fn X509V3_set_nconf(ctx: *mut X509V3_CTX, conf: *mut CONF);

31
openssl/src/x509/mod.rs
View File

@ -531,6 +531,23 @@ impl X509Ref {
} }
} }
/// Check if the certificate is signed using the given public key.
///
/// Only the signature is checked: no other checks (such as certificate chain validity)
/// are performed.
///
/// Returns `true` if verification succeeds.
///
/// This corresponds to [`X509_verify"].
///
/// [`X509_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>
where
T: HasPublic,
{
unsafe { cvt_n(ffi::X509_verify(self.as_ptr(), key.as_ptr())).map(|n| n != 0) }
}
/// Returns this certificate's serial number. /// Returns this certificate's serial number.
/// ///
/// This corresponds to [`X509_get_serialNumber`]. /// This corresponds to [`X509_get_serialNumber`].
@ -1128,6 +1145,20 @@ impl X509ReqRef {
} }
} }
/// Check if the certificate request is signed using the given public key.
///
/// Returns `true` if verification succeeds.
///
/// This corresponds to [`X509_REQ_verify"].
///
/// [`X509_REQ_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_verify.html
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>
where
T: HasPublic,
{
unsafe { cvt_n(ffi::X509_REQ_verify(self.as_ptr(), key.as_ptr())).map(|n| n != 0) }
}
/// Returns the extensions of the certificate request. /// Returns the extensions of the certificate request.
/// ///
/// This corresponds to [`X509_REQ_get_extensions"] /// This corresponds to [`X509_REQ_get_extensions"]

2
openssl/src/x509/tests.rs
View File

@ -225,6 +225,7 @@ fn x509_builder() {
let x509 = builder.build(); let x509 = builder.build();
assert!(pkey.public_eq(&x509.public_key().unwrap())); assert!(pkey.public_eq(&x509.public_key().unwrap()));
assert!(x509.verify(&pkey).unwrap());
let cn = x509 let cn = x509
.subject_name() .subject_name()
@ -268,6 +269,7 @@ fn x509_req_builder() {
let req = builder.build(); let req = builder.build();
assert!(req.public_key().unwrap().public_eq(&pkey)); assert!(req.public_key().unwrap().public_eq(&pkey));
assert_eq!(req.extensions().unwrap().len(), extensions.len()); assert_eq!(req.extensions().unwrap().len(), extensions.len());
assert!(req.verify(&pkey).unwrap());
} }
#[test] #[test]