diff --git a/README.md b/README.md index 6836ba80..e51cbc4a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) -[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl). +[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl). ## Building @@ -31,6 +31,14 @@ rust-openssl to a separate installation. OSX releases starting at 10.11, "El Capitan", no longer include OpenSSL headers which will prevent the `openssl` crate from compiling. +For OSX 10.11 you can use brew to install OpenSSL and then set the environment variables +as described below. +```bash +brew install openssl +export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include +export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib +``` + ### Windows On Windows, consider building with [mingw-w64](http://mingw-w64.org/). diff --git a/appveyor.yml b/appveyor.yml index d0c304d9..fff3cff7 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -5,11 +5,11 @@ environment: matrix: - TARGET: i686-pc-windows-gnu BITS: 32 - - TARGET: x86_64-pc-windows-msvc - BITS: 64 +# - TARGET: x86_64-pc-windows-msvc +# BITS: 64 install: - - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe" - - Win%BITS%OpenSSL-1_0_2f.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" + - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2g.exe" + - Win%BITS%OpenSSL-1_0_2g.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe" - rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust" - SET PATH=%PATH%;C:\Program Files (x86)\Rust\bin diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml index 0607d3bb..79bfa097 100644 --- a/openssl-sys-extras/Cargo.toml +++ b/openssl-sys-extras/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl-sys-extras" -version = "0.7.6" +version = "0.7.7" authors = ["Steven Fackler "] license = "MIT" description = "Extra FFI bindings to OpenSSL that require a C shim" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys_extras" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys_extras" build = "build.rs" [features] @@ -13,7 +13,7 @@ ecdh_auto = [] [dependencies] libc = "0.2" -openssl-sys = { version = "0.7.6", path = "../openssl-sys" } +openssl-sys = { version = "0.7.7", path = "../openssl-sys" } [build-dependencies] gcc = "0.3" diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs index 9647929a..58760fb6 100644 --- a/openssl-sys-extras/src/lib.rs +++ b/openssl-sys-extras/src/lib.rs @@ -1,5 +1,5 @@ #![allow(non_upper_case_globals, non_snake_case)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] extern crate openssl_sys; extern crate libc; diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index c8410104..2a9ae1fb 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "openssl-sys" -version = "0.7.6" +version = "0.7.7" authors = ["Alex Crichton ", "Steven Fackler "] license = "MIT" description = "FFI bindings to OpenSSL" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys" links = "openssl" build = "build.rs" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index eb2717f3..8017a1ed 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] extern crate libc; @@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void; pub type EVP_MD = c_void; pub type EVP_PKEY_CTX = c_void; pub type SSL = c_void; +pub type SSL_CIPHER = c_void; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; pub type X509 = c_void; @@ -588,6 +589,7 @@ extern "C" { pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int; + pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA; pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int; @@ -642,6 +644,7 @@ extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; @@ -649,6 +652,13 @@ extern "C" { pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; + pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; + + pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; + pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index cd85d062..39adb0e3 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl" -version = "0.7.6" +version = "0.7.7" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl" readme = "../README.md" keywords = ["crypto", "tls", "ssl", "dtls"] build = "build.rs" @@ -29,11 +29,11 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"] nightly = [] [dependencies] -bitflags = ">= 0.2, < 0.4" +bitflags = "0.4" lazy_static = "0.1" libc = "0.2" -openssl-sys = { version = "0.7.6", path = "../openssl-sys" } -openssl-sys-extras = { version = "0.7.6", path = "../openssl-sys-extras" } +openssl-sys = { version = "0.7.7", path = "../openssl-sys" } +openssl-sys-extras = { version = "0.7.7", path = "../openssl-sys-extras" } [build-dependencies] gcc = "0.3" diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs index 00a0a0ca..d548e9ef 100644 --- a/openssl/src/bn/mod.rs +++ b/openssl/src/bn/mod.rs @@ -1,7 +1,7 @@ use libc::{c_int, c_ulong, c_void}; use std::ffi::{CStr, CString}; use std::cmp::Ordering; -use std::{fmt, ptr}; +use std::{fmt, ptr, mem}; use ffi; use ssl::error::SslError; @@ -473,6 +473,11 @@ impl BigNum { n } + pub fn into_raw(self) -> *mut ffi::BIGNUM { + let mut me = self; + mem::replace(&mut me.0, ptr::null_mut()) + } + pub fn to_vec(&self) -> Vec { let size = self.num_bytes() as usize; let mut v = Vec::with_capacity(size); diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index e556730d..cafd50ad 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -205,6 +205,28 @@ impl PKey { } } + /// assign RSA key to this pkey + pub fn set_rsa(&mut self, rsa: &RSA) { + unsafe { + // this needs to be a reference as the set1_RSA ups the reference count + let rsa_ptr = rsa.as_ptr(); + if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 { + if rsa.has_e() && rsa.has_n() { + self.parts = Parts::Public; + } + } + } + } + + /// get a reference to the interal RSA key for direct access to the key components + pub fn get_rsa(&self) -> RSA { + unsafe { + let evp_pkey: *mut ffi::EVP_PKEY = self.evp; + // this is safe as the ffi increments a reference counter to the internal key + RSA::from_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey)) + } + } + /** * Returns a DER serialized form of the public key, suitable for load_pub(). */ @@ -604,6 +626,7 @@ mod tests { use std::path::Path; use std::fs::File; use crypto::hash::Type::{MD5, SHA1}; + use crypto::rsa::RSA; #[test] fn test_gen_pub() { @@ -790,6 +813,28 @@ mod tests { assert!(pub_key.windows(10).any(|s| s == b"PUBLIC KEY")); } + #[test] + fn test_public_key_from_raw() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; + + k0.gen(512); + let sig = k0.sign(&msg); + + let r0 = k0.get_rsa(); + let r1 = RSA::from_public_components(r0.n().expect("n"), r0.e().expect("e")).expect("r1"); + k1.set_rsa(&r1); + + assert!(k1.can(super::Role::Encrypt)); + assert!(!k1.can(super::Role::Decrypt)); + assert!(k1.can(super::Role::Verify)); + assert!(!k1.can(super::Role::Sign)); + + let rv = k1.verify(&msg, &sig); + assert!(rv == true); + } + #[test] #[should_panic(expected = "Could not get RSA key for encryption")] fn test_nokey_encrypt() { diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index ee0d9ec4..6fcb5b07 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -18,6 +18,22 @@ impl Drop for RSA { } impl RSA { + /// only useful for associating the key material directly with the key, it's safer to use + /// the supplied load and save methods for DER formatted keys. + pub fn from_public_components(n: BigNum, e: BigNum) -> Result { + unsafe { + let rsa = try_ssl_null!(ffi::RSA_new()); + (*rsa).n = n.into_raw(); + (*rsa).e = e.into_raw(); + Ok(RSA(rsa)) + } + } + + /// the caller should assert that the rsa pointer is valid. + pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { + RSA(rsa) + } + /// Reads an RSA private key from PEM formatted data. pub fn private_key_from_pem(reader: &mut R) -> Result where R: Read @@ -61,6 +77,12 @@ impl RSA { } } + pub fn has_n(&self) -> bool { + unsafe { + !(*self.0).n.is_null() + } + } + pub fn d(&self) -> Result { unsafe { BigNum::new_from_ffi((*self.0).d) @@ -73,6 +95,12 @@ impl RSA { } } + pub fn has_e(&self) -> bool { + unsafe { + !(*self.0).e.is_null() + } + } + pub fn p(&self) -> Result { unsafe { BigNum::new_from_ffi((*self.0).p) diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index f1b6d13a..e89e6590 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] #![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))] #[macro_use] diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8e6d061d..574a324b 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -569,7 +569,8 @@ impl SslContext { pub fn set_servername_callback(&mut self, callback: Option) { unsafe { ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback)); - let f: extern "C" fn() = mem::transmute(raw_sni); + let f: extern "C" fn(_, _, _) -> _ = raw_sni; + let f: extern "C" fn() = mem::transmute(f); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } @@ -586,7 +587,8 @@ impl SslContext { ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback))); ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data)); - let f: extern "C" fn() = mem::transmute(raw_sni_with_data::); + let f: extern "C" fn(_, _, _) -> _ = raw_sni_with_data::; + let f: extern "C" fn() = mem::transmute(f); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } @@ -769,6 +771,71 @@ impl SslContext { } } + +pub struct CipherBits { + /// The number of secret bits used for the cipher. + pub secret: i32, + /// The number of bits processed by the chosen algorithm, if not None. + pub algorithm: Option, +} + + +pub struct SslCipher<'a> { + cipher: *const ffi::SSL_CIPHER, + ph: PhantomData<&'a ()>, +} + +impl <'a> SslCipher<'a> { + /// Returns the name of cipher. + pub fn name(&self) -> &'static str { + let name = unsafe { + let ptr = ffi::SSL_CIPHER_get_name(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(name.to_bytes()).unwrap() + } + + /// Returns the SSL/TLS protocol version that first defined the cipher. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_CIPHER_get_version(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + + /// Returns the number of bits used for the cipher. + pub fn bits(&self) -> CipherBits { + unsafe { + let algo_bits : *mut c_int = ptr::null_mut(); + let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + if !algo_bits.is_null() { + CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } + } else { + CipherBits { secret: secret_bits, algorithm: None } + } + } + } + + /// Returns a textual description of the cipher used + pub fn description(&self) -> Option { + unsafe { + // SSL_CIPHER_description requires a buffer of at least 128 bytes. + let mut buf = [0i8; 128]; + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128); + + if !desc_ptr.is_null() { + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok() + } else { + None + } + } + } +} + + pub struct Ssl { ssl: *mut ffi::SSL, } @@ -836,6 +903,18 @@ impl Ssl { } } + pub fn get_current_cipher<'a>(&'a self) -> Option> { + unsafe { + let ptr = ffi::SSL_get_current_cipher(self.ssl); + + if ptr.is_null() { + None + } else { + Some(SslCipher{ cipher: ptr, ph: PhantomData }) + } + } + } + pub fn state_string(&self) -> &'static str { let state = unsafe { let ptr = ffi::SSL_state_string(self.ssl); @@ -881,6 +960,16 @@ impl Ssl { } } + /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + /// Returns the protocol selected by performing Next Protocol Negotiation, if any. /// /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client diff --git a/openssl/test/build.sh b/openssl/test/build.sh index 794738d5..a4c19c05 100755 --- a/openssl/test/build.sh +++ b/openssl/test/build.sh @@ -15,7 +15,7 @@ fi mkdir /tmp/openssl cd /tmp/openssl -curl https://openssl.org/source/openssl-1.0.2f.tar.gz | tar --strip-components=1 -xzf - +curl https://openssl.org/source/openssl-1.0.2g.tar.gz | tar --strip-components=1 -xzf - ./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER make make install diff --git a/openssl/test/run.sh b/openssl/test/run.sh index 63b2b57c..829f11e9 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -4,7 +4,7 @@ set -e MAIN_TARGETS=https://static.rust-lang.org/dist if [ "$TEST_FEATURES" == "true" ]; then - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" + FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" fi if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then