min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix multi-version compat

This commit is contained in:
Benjamin Fry 2017-01-23 22:12:11 -08:00
parent 540387d5ee
commit 591022a7fa
5 changed files with 63 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openssl-sys/src/lib.rs
View File

@ -55,7 +55,6 @@ pub enum X509_REQ {}
pub enum X509_STORE {} pub enum X509_STORE {}
pub enum X509_STORE_CTX {} pub enum X509_STORE_CTX {}
pub enum bio_st {} pub enum bio_st {}
pub enum PKCS12 {}
pub enum DH_METHOD {} pub enum DH_METHOD {}
pub enum RSA_METHOD {} pub enum RSA_METHOD {}
pub enum BN_MONT_CTX {} pub enum BN_MONT_CTX {}
@ -1975,16 +1974,6 @@ extern {
pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int; pub fn i2d_PKCS12_bio(b: *mut BIO, a: *mut PKCS12) -> c_int;
pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int; pub fn i2d_PKCS12(a: *mut PKCS12, buf: *mut *mut u8) -> c_int;
pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12; pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12;
pub fn PKCS12_create(pass: *const c_char,
friendly_name: *const c_char,
pkey: *mut EVP_PKEY,
cert: *mut X509,
ca: *mut stack_st_X509,
nid_key: c_int,
nid_cert: c_int,
iter: c_int,
mac_iter: c_int,
keytype: c_int) -> *mut PKCS12;
pub fn PKCS12_parse(p12: *mut PKCS12, pub fn PKCS12_parse(p12: *mut PKCS12,
pass: *const c_char, pass: *const c_char,
pkey: *mut *mut EVP_PKEY, pkey: *mut *mut EVP_PKEY,

12
openssl-sys/src/libressl.rs
View File

@ -508,6 +508,7 @@ pub struct X509_VERIFY_PARAM {
} }
pub enum X509_VERIFY_PARAM_ID {} pub enum X509_VERIFY_PARAM_ID {}
pub enum PKCS12 {}
pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_OPTIONS: c_int = 32;
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
@ -637,6 +638,17 @@ extern {
pub fn OCSP_cert_to_id(dgst: *const ::EVP_MD, subject: *mut ::X509, issuer: *mut ::X509) -> *mut ::OCSP_CERTID; pub fn OCSP_cert_to_id(dgst: *const ::EVP_MD, subject: *mut ::X509, issuer: *mut ::X509) -> *mut ::OCSP_CERTID;
pub fn PKCS12_create(pass: *mut c_char,
friendly_name: *mut c_char,
pkey: *mut EVP_PKEY,
cert: *mut X509,
ca: *mut stack_st_X509,
nid_key: c_int,
nid_cert: c_int,
iter: c_int,
mac_iter: c_int,
keytype: c_int) -> *mut PKCS12;
pub fn SSL_library_init() -> c_int; pub fn SSL_library_init() -> c_int;
pub fn SSL_load_error_strings(); pub fn SSL_load_error_strings();
pub fn OPENSSL_add_all_algorithms_noconf(); pub fn OPENSSL_add_all_algorithms_noconf();

12
openssl-sys/src/ossl10x.rs
View File

@ -653,6 +653,7 @@ pub struct X509_VERIFY_PARAM {
#[cfg(not(ossl101))] #[cfg(not(ossl101))]
pub enum X509_VERIFY_PARAM_ID {} pub enum X509_VERIFY_PARAM_ID {}
pub enum PKCS12 {}
pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_OPTIONS: c_int = 32;
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
@ -782,6 +783,17 @@ extern {
pub fn OCSP_cert_to_id(dgst: *const ::EVP_MD, subject: *mut ::X509, issuer: *mut ::X509) -> *mut ::OCSP_CERTID; pub fn OCSP_cert_to_id(dgst: *const ::EVP_MD, subject: *mut ::X509, issuer: *mut ::X509) -> *mut ::OCSP_CERTID;
pub fn PKCS12_create(pass: *mut c_char,
friendly_name: *mut c_char,
pkey: *mut EVP_PKEY,
cert: *mut X509,
ca: *mut stack_st_X509,
nid_key: c_int,
nid_cert: c_int,
iter: c_int,
mac_iter: c_int,
keytype: c_int) -> *mut PKCS12;
pub fn SSL_library_init() -> c_int; pub fn SSL_library_init() -> c_int;
pub fn SSL_load_error_strings(); pub fn SSL_load_error_strings();
pub fn OPENSSL_add_all_algorithms_noconf(); pub fn OPENSSL_add_all_algorithms_noconf();

12
openssl-sys/src/ossl110.rs
View File

@ -11,6 +11,7 @@ pub enum EVP_MD_CTX {}
pub enum EVP_PKEY {} pub enum EVP_PKEY {}
pub enum HMAC_CTX {} pub enum HMAC_CTX {}
pub enum OPENSSL_STACK {} pub enum OPENSSL_STACK {}
pub enum PKCS12 {}
pub enum RSA {} pub enum RSA {}
pub enum SSL {} pub enum SSL {}
pub enum SSL_CTX {} pub enum SSL_CTX {}
@ -179,4 +180,15 @@ extern {
pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK); pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK);
pub fn OPENSSL_sk_pop_free(st: *mut ::OPENSSL_STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); pub fn OPENSSL_sk_pop_free(st: *mut ::OPENSSL_STACK, free: Option<unsafe extern "C" fn (*mut c_void)>);
pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void; pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void;
pub fn PKCS12_create(pass: *const c_char,
friendly_name: *const c_char,
pkey: *mut EVP_PKEY,
cert: *mut X509,
ca: *mut stack_st_X509,
nid_key: c_int,
nid_cert: c_int,
iter: c_int,
mac_iter: c_int,
keytype: c_int) -> *mut PKCS12;
} }

62
openssl/src/pkcs12.rs
View File

@ -10,7 +10,7 @@ use pkey::{PKey, PKeyRef};
use error::ErrorStack; use error::ErrorStack;
use x509::X509; use x509::X509;
use types::{OpenSslType, OpenSslTypeRef}; use types::{OpenSslType, OpenSslTypeRef};
use stack::{Stack, StackRef}; use stack::Stack;
use nid; use nid;
type_!(Pkcs12, Pkcs12Ref, ffi::PKCS12, ffi::PKCS12_free); type_!(Pkcs12, Pkcs12Ref, ffi::PKCS12, ffi::PKCS12_free);
@ -58,25 +58,10 @@ impl Pkcs12 {
/// * `nid_cert` - `nid::PBE_WITHSHA1AND40BITRC2_CBC` /// * `nid_cert` - `nid::PBE_WITHSHA1AND40BITRC2_CBC`
/// * `iter` - `2048` /// * `iter` - `2048`
/// * `mac_iter` - `2048` /// * `mac_iter` - `2048`
/// pub fn builder() -> Pkcs12Builder {
/// # Arguments
///
/// * `password` - the password used to encrypt the key and certificate
/// * `friendly_name` - user defined name for the certificate
/// * `pkey` - key to store
/// * `cert` - certificate to store
pub fn builder<'a, 'b, 'c, 'd>(password: &'a str,
friendly_name: &'b str,
pkey: &'c PKeyRef,
cert: &'d X509) -> Pkcs12Builder<'a, 'b, 'c, 'd> {
ffi::init(); ffi::init();
Pkcs12Builder { Pkcs12Builder {
password: password,
friendly_name: friendly_name,
pkey: pkey,
cert: cert,
chain: None,
nid_key: nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC, nid_key: nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC,
nid_cert: nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC, nid_cert: nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC,
iter: ffi::PKCS12_DEFAULT_ITER as usize, // 2048 iter: ffi::PKCS12_DEFAULT_ITER as usize, // 2048
@ -91,20 +76,15 @@ pub struct ParsedPkcs12 {
pub chain: Stack<X509>, pub chain: Stack<X509>,
} }
pub struct Pkcs12Builder<'a, 'b, 'c, 'd> { // TODO: add ca chain
password: &'a str, pub struct Pkcs12Builder {
friendly_name: &'b str,
pkey: &'c PKeyRef,
cert: &'d X509,
chain: Option<StackRef<X509>>,
nid_key: nid::Nid, nid_key: nid::Nid,
nid_cert: nid::Nid, nid_cert: nid::Nid,
iter: usize, iter: usize,
mac_iter: usize, mac_iter: usize,
} }
// TODO: add chain option impl Pkcs12Builder {
impl<'a, 'b, 'c, 'd> Pkcs12Builder<'a, 'b, 'c, 'd> {
/// The encryption algorithm that should be used for the key /// The encryption algorithm that should be used for the key
pub fn nid_key(&mut self, nid: nid::Nid) { pub fn nid_key(&mut self, nid: nid::Nid) {
self.nid_key = nid; self.nid_key = nid;
@ -128,13 +108,25 @@ impl<'a, 'b, 'c, 'd> Pkcs12Builder<'a, 'b, 'c, 'd> {
self.mac_iter = mac_iter; self.mac_iter = mac_iter;
} }
pub fn build(self) -> Result<Pkcs12, ErrorStack> { /// Builds the pkcs12 object
///
/// # Arguments
///
/// * `password` - the password used to encrypt the key and certificate
/// * `friendly_name` - user defined name for the certificate
/// * `pkey` - key to store
/// * `cert` - certificate to store
pub fn build(self,
password: &str,
friendly_name: &str,
pkey: &PKeyRef,
cert: &X509) -> Result<Pkcs12, ErrorStack> {
unsafe { unsafe {
let pass = CString::new(self.password).unwrap(); let pass = CString::new(password).unwrap();
let friendly_name = CString::new(self.friendly_name).unwrap(); let friendly_name = CString::new(friendly_name).unwrap();
let pkey = self.pkey.as_ptr(); let pkey = pkey.as_ptr();
let cert = self.cert.as_ptr(); let cert = cert.as_ptr();
let ca = self.chain.map(|ca| ca.as_ptr()).unwrap_or(ptr::null_mut()); let ca = ptr::null_mut(); // TODO: should allow for a chain to be set in the builder
let nid_key = self.nid_key.as_raw(); let nid_key = self.nid_key.as_raw();
let nid_cert = self.nid_cert.as_raw(); let nid_cert = self.nid_cert.as_raw();
@ -143,8 +135,8 @@ impl<'a, 'b, 'c, 'd> Pkcs12Builder<'a, 'b, 'c, 'd> {
// https://www.openssl.org/docs/man1.0.2/crypto/PKCS12_create.html // https://www.openssl.org/docs/man1.0.2/crypto/PKCS12_create.html
let keytype = 0; let keytype = 0;
let pkcs12_ptr = ffi::PKCS12_create(pass.as_ptr(), let pkcs12_ptr = ffi::PKCS12_create(pass.as_ptr() as *const _ as *mut _,
friendly_name.as_ptr(), friendly_name.as_ptr() as *const _ as *mut _,
pkey, pkey,
cert, cert,
ca, ca,
@ -203,8 +195,8 @@ mod test {
let cert = gen.sign(&pkey).unwrap(); let cert = gen.sign(&pkey).unwrap();
let pkcs12_builder = Pkcs12::builder("mypass", subject_name, &pkey, &cert); let pkcs12_builder = Pkcs12::builder();
let pkcs12 = pkcs12_builder.build().unwrap(); let pkcs12 = pkcs12_builder.build("mypass", subject_name, &pkey, &cert).unwrap();
let der = pkcs12.to_der().unwrap(); let der = pkcs12.to_der().unwrap();
let pkcs12 = Pkcs12::from_der(&der).unwrap(); let pkcs12 = Pkcs12::from_der(&der).unwrap();