min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into doc-bn

This commit is contained in:
Andy Gauge 2017-09-29 09:40:30 -07:00
parent b44d37acaf 1766c1d327
commit 9a63044175
5 changed files with 115 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -88,6 +88,13 @@ installation via an environment variable:
set OPENSSL_DIR=C:\OpenSSL-Win64 set OPENSSL_DIR=C:\OpenSSL-Win64
``` ```
During the installation process if you select "Copy OpenSSL DLLs to: The OpenSSL binaries (/bin)
directory", you will need to add them to the `PATH` environment variable:
```
set PATH=%PATH%;C:\OpenSSL-Win64\bin
```
Now you will need to [install root certificates.](#acquiring-root-certificates) Now you will need to [install root certificates.](#acquiring-root-certificates)
#### Installing OpenSSL 1.0.2 using vcpkg #### Installing OpenSSL 1.0.2 using vcpkg

1
openssl/src/ec_key.rs
View File

@ -1,3 +1,4 @@
#![doc(hidden)]
#![deprecated(since = "0.9.2", note = "renamed to `ec`")] #![deprecated(since = "0.9.2", note = "renamed to `ec`")]
pub use ec::{EcKey, EcKeyRef}; pub use ec::{EcKey, EcKeyRef};

51
openssl/src/memcmp.rs
View File

@ -1,3 +1,34 @@
//! Utilities to safely compare cryptographic values.
//!
//! Extra care must be taken when comparing values in
//! cryptographic code. If done incorrectly, it can lead
//! to a [timing attack](https://en.wikipedia.org/wiki/Timing_attack).
//! By analyzing the time taken to execute parts of a cryptographic
//! algorithm, and attacker can attempt to compromise the
//! cryptosystem.
//!
//! The utilities in this module are designed to be resistant
//! to this type of attack.
//!
//! # Examples
//!
//! To perform a constant-time comparision of two arrays of the same length but different
//! values:
//!
//! ```
//! use openssl::memcmp::eq;
//!
//! // We want to compare `a` to `b` and `c`, without giving
//! // away through timing analysis that `c` is more similar to `a`
//! // than `b`.
//! let a = [0, 0, 0];
//! let b = [1, 1, 1];
//! let c = [0, 0, 1];
//!
//! // These statements will execute in the same amount of time.
//! assert!(!eq(&a, &b));
//! assert!(!eq(&a, &c));
//! ```
use libc::size_t; use libc::size_t;
use ffi; use ffi;
@ -10,6 +41,26 @@ use ffi;
/// ///
/// This function will panic the current task if `a` and `b` do not have the same /// This function will panic the current task if `a` and `b` do not have the same
/// length. /// length.
///
/// # Examples
///
/// To perform a constant-time comparision of two arrays of the same length but different
/// values:
///
/// ```
/// use openssl::memcmp::eq;
///
/// // We want to compare `a` to `b` and `c`, without giving
/// // away through timing analysis that `c` is more similar to `a`
/// // than `b`.
/// let a = [0, 0, 0];
/// let b = [1, 1, 1];
/// let c = [0, 0, 1];
///
/// // These statements will execute in the same amount of time.
/// assert!(!eq(&a, &b));
/// assert!(!eq(&a, &c));
/// ```
pub fn eq(a: &[u8], b: &[u8]) -> bool { pub fn eq(a: &[u8], b: &[u8]) -> bool {
assert!(a.len() == b.len()); assert!(a.len() == b.len());
let ret = unsafe { let ret = unsafe {

28
openssl/src/nid.rs
View File

@ -1,15 +1,43 @@
//! A collection of numerical identifiers for OpenSSL objects.
use ffi; use ffi;
use libc::c_int; use libc::c_int;
/// A numerical identifier for an OpenSSL object.
///
/// Objects in OpenSSL can have a short name, a long name, and
/// a numerical identifier (NID). For convenience, objects
/// are usually represented in source code using these numeric
/// identifiers.
///
/// Users should generally not need to create new `Nid`s.
///
/// # Examples
///
/// To view the integer representation of a `Nid`:
///
/// ```
/// use openssl::nid;
///
/// assert!(nid::AES_256_GCM.as_raw() == 901);
/// ```
///
/// # External Documentation
///
/// The following documentation provides context about `Nid`s and their usage
/// in OpenSSL.
///
/// - [Obj_nid2obj](https://www.openssl.org/docs/man1.1.0/crypto/OBJ_create.html)
#[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)] #[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)]
pub struct Nid(c_int); pub struct Nid(c_int);
#[allow(non_snake_case)] #[allow(non_snake_case)]
impl Nid { impl Nid {
/// Create a `Nid` from an integer representation.
pub fn from_raw(raw: c_int) -> Nid { pub fn from_raw(raw: c_int) -> Nid {
Nid(raw) Nid(raw)
} }
/// Return the integer representation of a `Nid`.
pub fn as_raw(&self) -> c_int { pub fn as_raw(&self) -> c_int {
self.0 self.0
} }

28
openssl/src/rand.rs
View File

@ -1,9 +1,37 @@
//! Utilities for secure random number generation.
//!
//! # Examples
//!
//! To generate a buffer with cryptographically strong bytes:
//!
//! ```
//! use openssl::rand::rand_bytes;
//!
//! let mut buf = [0; 256];
//! rand_bytes(&mut buf).unwrap();
//! ```
use libc::c_int; use libc::c_int;
use ffi; use ffi;
use cvt; use cvt;
use error::ErrorStack; use error::ErrorStack;
/// Fill buffer with cryptographically strong pseudo-random bytes.
///
/// # Examples
///
/// To generate a buffer with cryptographically strong bytes:
///
/// ```
/// use openssl::rand::rand_bytes;
///
/// let mut buf = [0; 256];
/// rand_bytes(&mut buf).unwrap();
/// ```
///
/// # External OpenSSL Documentation
///
/// [RAND_bytes](https://www.openssl.org/docs/man1.1.0/crypto/RAND_bytes.html)
pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
ffi::init(); ffi::init();