From 1b580e2e8d593be79aa4142b902cdb46afa044ef Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 11 Oct 2015 08:20:53 -0700 Subject: [PATCH 01/17] Update README with OSX 10.11 instructions These instructions are from one of the open issues on the project. They are working for me, I am not sure if there are some possible side effects from the brew link --force. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index b1f50235..4b513917 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,12 @@ rust-openssl to a separate installation. OSX releases starting at 10.11, "El Capitan", no longer include OpenSSL headers which will prevent the `openssl` crate from compiling. +For OSX 10.11 you can use brew to install OpenSSL. +```bash +brew install openssl +brew link openssl --force +``` + ### Windows On Windows, consider building with [mingw-w64](http://mingw-w64.org/). From bd738fa5d806012252452579432ee3c98c45f95b Mon Sep 17 00:00:00 2001 From: Marius Date: Sun, 11 Oct 2015 16:31:09 -0700 Subject: [PATCH 02/17] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4b513917..87ca998b 100644 --- a/README.md +++ b/README.md @@ -29,10 +29,12 @@ rust-openssl to a separate installation. OSX releases starting at 10.11, "El Capitan", no longer include OpenSSL headers which will prevent the `openssl` crate from compiling. -For OSX 10.11 you can use brew to install OpenSSL. +For OSX 10.11 you can use brew to install OpenSSL and then set the environment variables +as described below. ```bash brew install openssl -brew link openssl --force +export OPENSSL_INCLUDE_DIR=/usr/local/opt/openssl/include +export OPENSSL_LIB_DIR=/usr/local/opt/openssl/lib ``` ### Windows From a7f60f46833ffcdd17e4bb9e16fe0297cf8079e5 Mon Sep 17 00:00:00 2001 From: Marius Seritan Date: Sun, 11 Oct 2015 16:46:26 -0700 Subject: [PATCH 03/17] Update README.md. Use the brew --prefix command instead of hardcoding paths. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 87ca998b..fe07ddbe 100644 --- a/README.md +++ b/README.md @@ -33,8 +33,8 @@ For OSX 10.11 you can use brew to install OpenSSL and then set the environment v as described below. ```bash brew install openssl -export OPENSSL_INCLUDE_DIR=/usr/local/opt/openssl/include -export OPENSSL_LIB_DIR=/usr/local/opt/openssl/lib +export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include +export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib ``` ### Windows From 1e9667ea89cf1f52c65b4b70d1ef0dfd2770332e Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 17 Feb 2016 22:04:49 +0000 Subject: [PATCH 04/17] Add support for SSL_CIPHER --- openssl-sys/src/lib.rs | 10 ++++++++ openssl/src/ssl/mod.rs | 52 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index eb2717f3..5b57606f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void; pub type EVP_MD = c_void; pub type EVP_PKEY_CTX = c_void; pub type SSL = c_void; +pub type SSL_CIPHER = c_void; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; pub type X509 = c_void; @@ -649,6 +650,15 @@ extern "C" { pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; + pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; + + pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; + pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int; + pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int; + pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8e6d061d..f5605b60 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,6 +769,46 @@ impl SslContext { } } +pub struct SslCipher { + cipher: *const ffi::SSL_CIPHER, +} + +impl SslCipher { + pub fn name(&self) -> &'static str { + let name = unsafe { + let ptr = ffi::SSL_CIPHER_get_name(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(name.to_bytes()).unwrap() + } + + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_CIPHER_get_version(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + + pub fn bits(&self) -> (i32, i32) { + unsafe { + let mut algo_bits : c_int = 0; + let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits); + (actual_bits, algo_bits) + } + } + + pub fn description(&self) -> String { + unsafe { + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0); + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap() + } + } +} + + pub struct Ssl { ssl: *mut ffi::SSL, } @@ -836,6 +876,18 @@ impl Ssl { } } + pub fn get_current_cipher(&self) -> Option { + unsafe { + let ptr = ffi::SSL_get_current_cipher(self.ssl); + + if ptr.is_null() { + None + } else { + Some(SslCipher{ cipher: ptr }) + } + } + } + pub fn state_string(&self) -> &'static str { let state = unsafe { let ptr = ffi::SSL_state_string(self.ssl); From ef95223d2679d68b36df77393bd334d4da02077f Mon Sep 17 00:00:00 2001 From: Benjamin Fry Date: Wed, 17 Feb 2016 23:18:42 -0800 Subject: [PATCH 05/17] adding functionality to directly get and set RSA key material --- openssl-sys/src/lib.rs | 1 + openssl/src/bn/mod.rs | 5 +++++ openssl/src/crypto/pkey.rs | 24 ++++++++++++++++++++++++ openssl/src/crypto/rsa.rs | 37 ++++++++++++++++++++++++++++++++++++- 4 files changed, 66 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index ff221935..d03fed31 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -588,6 +588,7 @@ extern "C" { pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int; + pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA; pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int; diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs index 00a0a0ca..70a10154 100644 --- a/openssl/src/bn/mod.rs +++ b/openssl/src/bn/mod.rs @@ -473,6 +473,11 @@ impl BigNum { n } + pub unsafe fn into_raw(self) -> *mut ffi::BIGNUM { + let mut me = self; + ptr::replace(&mut me.0, ptr::null_mut()) + } + pub fn to_vec(&self) -> Vec { let size = self.num_bytes() as usize; let mut v = Vec::with_capacity(size); diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index e556730d..dc613bc7 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -205,6 +205,30 @@ impl PKey { } } + /// pass ownership of the RSA key to this + pub fn set_rsa(&mut self, rsa: RSA) { + unsafe { + // TODO: should we do something like panic if null? this will fail silently right now + let rsa_ptr = rsa.as_ptr(); + if !rsa_ptr.is_null() { + if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 { + if rsa.has_e() && rsa.has_n() { + self.parts = Parts::Public; + } + } + } + } + } + + /// get a reference to the interal RSA key for direct access to the key components + pub fn get_rsa(&self) -> RSA { + unsafe { + let evp_pkey: *mut ffi::EVP_PKEY = self.evp; + // this is safe as the ffi increments a reference counter to the internal key + RSA(ffi::EVP_PKEY_get1_RSA(evp_pkey)) + } + } + /** * Returns a DER serialized form of the public key, suitable for load_pub(). */ diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index ee0d9ec4..034f8828 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -7,7 +7,7 @@ use std::io::{self, Read}; use bn::BigNum; use bio::MemBio; -pub struct RSA(*mut ffi::RSA); +pub struct RSA(pub *mut ffi::RSA); impl Drop for RSA { fn drop(&mut self) { @@ -18,6 +18,15 @@ impl Drop for RSA { } impl RSA { + /// only useful for associating the key material directly with the key, it's safer to use + /// the supplied load and save methods for DER formatted keys. + pub fn new() -> Result { + unsafe { + let rsa = try_ssl_null!(ffi::RSA_new()); + Ok(RSA(rsa)) + } + } + /// Reads an RSA private key from PEM formatted data. pub fn private_key_from_pem(reader: &mut R) -> Result where R: Read @@ -61,6 +70,19 @@ impl RSA { } } + /// set the key modulus + pub fn set_n(&mut self, n: BigNum) { + unsafe { + (*self.0).n = n.into_raw(); + } + } + + pub fn has_n(&self) -> bool { + unsafe { + !(*self.0).n.is_null() + } + } + pub fn d(&self) -> Result { unsafe { BigNum::new_from_ffi((*self.0).d) @@ -73,6 +95,19 @@ impl RSA { } } + /// set the exponent + pub fn set_e(&mut self, e: BigNum) { + unsafe { + (*self.0).e = e.into_raw(); + } + } + + pub fn has_e(&self) -> bool { + unsafe { + !(*self.0).e.is_null() + } + } + pub fn p(&self) -> Result { unsafe { BigNum::new_from_ffi((*self.0).p) From 6ebe581308af861b440557be5baba2edb354f7b8 Mon Sep 17 00:00:00 2001 From: Benjamin Fry Date: Tue, 23 Feb 2016 20:49:21 -0800 Subject: [PATCH 06/17] review fixes, keep raw RSA initiallization private --- openssl/src/crypto/pkey.rs | 11 ++++------- openssl/src/crypto/rsa.rs | 6 +++++- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index dc613bc7..df4ac709 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -208,13 +208,10 @@ impl PKey { /// pass ownership of the RSA key to this pub fn set_rsa(&mut self, rsa: RSA) { unsafe { - // TODO: should we do something like panic if null? this will fail silently right now let rsa_ptr = rsa.as_ptr(); - if !rsa_ptr.is_null() { - if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 { - if rsa.has_e() && rsa.has_n() { - self.parts = Parts::Public; - } + if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 { + if rsa.has_e() && rsa.has_n() { + self.parts = Parts::Public; } } } @@ -225,7 +222,7 @@ impl PKey { unsafe { let evp_pkey: *mut ffi::EVP_PKEY = self.evp; // this is safe as the ffi increments a reference counter to the internal key - RSA(ffi::EVP_PKEY_get1_RSA(evp_pkey)) + RSA::with_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey)) } } diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 034f8828..80eec7da 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -7,7 +7,7 @@ use std::io::{self, Read}; use bn::BigNum; use bio::MemBio; -pub struct RSA(pub *mut ffi::RSA); +pub struct RSA(*mut ffi::RSA); impl Drop for RSA { fn drop(&mut self) { @@ -27,6 +27,10 @@ impl RSA { } } + pub fn with_raw(rsa: *mut ffi::RSA) -> RSA { + RSA(rsa) + } + /// Reads an RSA private key from PEM formatted data. pub fn private_key_from_pem(reader: &mut R) -> Result where R: Read From b37bbba78f3df1783d95c858083cbd5a6f649697 Mon Sep 17 00:00:00 2001 From: Kalita Alexey Date: Sun, 28 Feb 2016 08:28:25 +0400 Subject: [PATCH 07/17] Bump bitflags to 0.4 --- openssl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index cd85d062..10d8ea4b 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -29,7 +29,7 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"] nightly = [] [dependencies] -bitflags = ">= 0.2, < 0.4" +bitflags = "0.4" lazy_static = "0.1" libc = "0.2" openssl-sys = { version = "0.7.6", path = "../openssl-sys" } From 3fb2c48c9834acafe8a1dfe33a5500430f332ebc Mon Sep 17 00:00:00 2001 From: Benjamin Fry Date: Sun, 28 Feb 2016 22:05:19 -0800 Subject: [PATCH 08/17] added public key material to the constructor --- openssl/src/bn/mod.rs | 6 +++--- openssl/src/crypto/pkey.rs | 30 +++++++++++++++++++++++++++--- openssl/src/crypto/rsa.rs | 20 ++++---------------- 3 files changed, 34 insertions(+), 22 deletions(-) diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs index 70a10154..d548e9ef 100644 --- a/openssl/src/bn/mod.rs +++ b/openssl/src/bn/mod.rs @@ -1,7 +1,7 @@ use libc::{c_int, c_ulong, c_void}; use std::ffi::{CStr, CString}; use std::cmp::Ordering; -use std::{fmt, ptr}; +use std::{fmt, ptr, mem}; use ffi; use ssl::error::SslError; @@ -473,9 +473,9 @@ impl BigNum { n } - pub unsafe fn into_raw(self) -> *mut ffi::BIGNUM { + pub fn into_raw(self) -> *mut ffi::BIGNUM { let mut me = self; - ptr::replace(&mut me.0, ptr::null_mut()) + mem::replace(&mut me.0, ptr::null_mut()) } pub fn to_vec(&self) -> Vec { diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index df4ac709..cafd50ad 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -205,9 +205,10 @@ impl PKey { } } - /// pass ownership of the RSA key to this - pub fn set_rsa(&mut self, rsa: RSA) { + /// assign RSA key to this pkey + pub fn set_rsa(&mut self, rsa: &RSA) { unsafe { + // this needs to be a reference as the set1_RSA ups the reference count let rsa_ptr = rsa.as_ptr(); if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 { if rsa.has_e() && rsa.has_n() { @@ -222,7 +223,7 @@ impl PKey { unsafe { let evp_pkey: *mut ffi::EVP_PKEY = self.evp; // this is safe as the ffi increments a reference counter to the internal key - RSA::with_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey)) + RSA::from_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey)) } } @@ -625,6 +626,7 @@ mod tests { use std::path::Path; use std::fs::File; use crypto::hash::Type::{MD5, SHA1}; + use crypto::rsa::RSA; #[test] fn test_gen_pub() { @@ -811,6 +813,28 @@ mod tests { assert!(pub_key.windows(10).any(|s| s == b"PUBLIC KEY")); } + #[test] + fn test_public_key_from_raw() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; + + k0.gen(512); + let sig = k0.sign(&msg); + + let r0 = k0.get_rsa(); + let r1 = RSA::from_public_components(r0.n().expect("n"), r0.e().expect("e")).expect("r1"); + k1.set_rsa(&r1); + + assert!(k1.can(super::Role::Encrypt)); + assert!(!k1.can(super::Role::Decrypt)); + assert!(k1.can(super::Role::Verify)); + assert!(!k1.can(super::Role::Sign)); + + let rv = k1.verify(&msg, &sig); + assert!(rv == true); + } + #[test] #[should_panic(expected = "Could not get RSA key for encryption")] fn test_nokey_encrypt() { diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 80eec7da..3cd3ce75 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -20,14 +20,16 @@ impl Drop for RSA { impl RSA { /// only useful for associating the key material directly with the key, it's safer to use /// the supplied load and save methods for DER formatted keys. - pub fn new() -> Result { + pub fn from_public_components(n: BigNum, e: BigNum) -> Result { unsafe { let rsa = try_ssl_null!(ffi::RSA_new()); + (*rsa).n = n.into_raw(); + (*rsa).e = e.into_raw(); Ok(RSA(rsa)) } } - pub fn with_raw(rsa: *mut ffi::RSA) -> RSA { + pub fn from_raw(rsa: *mut ffi::RSA) -> RSA { RSA(rsa) } @@ -74,13 +76,6 @@ impl RSA { } } - /// set the key modulus - pub fn set_n(&mut self, n: BigNum) { - unsafe { - (*self.0).n = n.into_raw(); - } - } - pub fn has_n(&self) -> bool { unsafe { !(*self.0).n.is_null() @@ -99,13 +94,6 @@ impl RSA { } } - /// set the exponent - pub fn set_e(&mut self, e: BigNum) { - unsafe { - (*self.0).e = e.into_raw(); - } - } - pub fn has_e(&self) -> bool { unsafe { !(*self.0).e.is_null() From 04cbf049c06fbc9b244bdbe22f244c0bc6e9c8b0 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 18 Feb 2016 20:47:42 +0000 Subject: [PATCH 09/17] Add SSL_get_version --- openssl-sys/src/lib.rs | 3 +-- openssl/src/ssl/mod.rs | 53 +++++++++++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5b57606f..eaa2188f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -643,6 +643,7 @@ extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; @@ -656,8 +657,6 @@ extern "C" { pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; - pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int; - pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index f5605b60..039a0514 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,11 +769,13 @@ impl SslContext { } } -pub struct SslCipher { +pub struct SslCipher<'a> { cipher: *const ffi::SSL_CIPHER, + ph: PhantomData<&'a ()>, } -impl SslCipher { +impl <'a> SslCipher<'a> { + /// Returns the name of cipher. pub fn name(&self) -> &'static str { let name = unsafe { let ptr = ffi::SSL_CIPHER_get_name(self.cipher); @@ -783,6 +785,7 @@ impl SslCipher { str::from_utf8(name.to_bytes()).unwrap() } + /// Returns the SSL/TLS protocol version that first defined the cipher. pub fn version(&self) -> &'static str { let version = unsafe { let ptr = ffi::SSL_CIPHER_get_version(self.cipher); @@ -792,18 +795,36 @@ impl SslCipher { str::from_utf8(version.to_bytes()).unwrap() } - pub fn bits(&self) -> (i32, i32) { + /// Returns the number of secret bits used for the cipher. + /// + /// The first element is the number of secret bits used for the cipher. + /// + /// The second element, if not None, is the number of bits processed by + /// the chosen algorithm, + pub fn bits(&self) -> (i32, Option) { unsafe { - let mut algo_bits : c_int = 0; - let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits); - (actual_bits, algo_bits) + let algo_bits : *mut c_int = ptr::null_mut(); + let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + if !algo_bits.is_null() { + (actual_bits, Some(*algo_bits)) + } else { + (actual_bits, None) + } } } - pub fn description(&self) -> String { + /// Returns a textual description of the cipher used + pub fn description(&self) -> Option { unsafe { - let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0); - String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap() + // SSL_CIPHER_description requires a buffer of at least 128 bytes. + let mut buf = [0i8; 128]; + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128); + + if !desc_ptr.is_null() { + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok() + } else { + None + } } } } @@ -876,14 +897,14 @@ impl Ssl { } } - pub fn get_current_cipher(&self) -> Option { + pub fn get_current_cipher<'a>(&'a self) -> Option> { unsafe { let ptr = ffi::SSL_get_current_cipher(self.ssl); if ptr.is_null() { None } else { - Some(SslCipher{ cipher: ptr }) + Some(SslCipher{ cipher: ptr, ph: PhantomData }) } } } @@ -933,6 +954,16 @@ impl Ssl { } } + /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + /// Returns the protocol selected by performing Next Protocol Negotiation, if any. /// /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client From 80ac6e54ac031658642b82b6730160a74dc16e59 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Mon, 29 Feb 2016 21:23:34 +0000 Subject: [PATCH 10/17] Make SSLCipher.bits() return a struct. --- openssl/src/ssl/mod.rs | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 039a0514..b4c73479 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,6 +769,15 @@ impl SslContext { } } + +pub struct CipherBits { + /// The number of secret bits used for the cipher. + pub secret: i32, + /// The number of bits processed by the chosen algorithm, if not None. + pub algorithm: Option, +} + + pub struct SslCipher<'a> { cipher: *const ffi::SSL_CIPHER, ph: PhantomData<&'a ()>, @@ -795,20 +804,15 @@ impl <'a> SslCipher<'a> { str::from_utf8(version.to_bytes()).unwrap() } - /// Returns the number of secret bits used for the cipher. - /// - /// The first element is the number of secret bits used for the cipher. - /// - /// The second element, if not None, is the number of bits processed by - /// the chosen algorithm, - pub fn bits(&self) -> (i32, Option) { + /// Returns the number of bits used for the cipher. + pub fn bits(&self) -> CipherBits { unsafe { let algo_bits : *mut c_int = ptr::null_mut(); - let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); if !algo_bits.is_null() { - (actual_bits, Some(*algo_bits)) + CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } } else { - (actual_bits, None) + CipherBits { secret: secret_bits, algorithm: None } } } } From 90ce50730b7d9504e29605220826085d69f368ff Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 1 Mar 2016 10:02:34 -0800 Subject: [PATCH 11/17] Update source URL for new OpenSSL release --- openssl/test/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/test/build.sh b/openssl/test/build.sh index 794738d5..a4c19c05 100755 --- a/openssl/test/build.sh +++ b/openssl/test/build.sh @@ -15,7 +15,7 @@ fi mkdir /tmp/openssl cd /tmp/openssl -curl https://openssl.org/source/openssl-1.0.2f.tar.gz | tar --strip-components=1 -xzf - +curl https://openssl.org/source/openssl-1.0.2g.tar.gz | tar --strip-components=1 -xzf - ./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER make make install From 2fe3e48487843dc55bb70b252aefd02459cd273a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 1 Mar 2016 11:05:41 -0800 Subject: [PATCH 12/17] Stop testing sslv2 feature on Travis OpenSSL removed support for this entirely in the most recent release. --- openssl/test/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/test/run.sh b/openssl/test/run.sh index 63b2b57c..829f11e9 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -4,7 +4,7 @@ set -e MAIN_TARGETS=https://static.rust-lang.org/dist if [ "$TEST_FEATURES" == "true" ]; then - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" + FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" fi if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then From 3e5b65b7fafe9328e843bf3d52d0060ce7ac6aa9 Mon Sep 17 00:00:00 2001 From: Benjamin Fry Date: Sat, 5 Mar 2016 13:43:14 -0800 Subject: [PATCH 13/17] making from_raw() unsafe --- openssl/src/crypto/rsa.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 3cd3ce75..6fcb5b07 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -29,7 +29,8 @@ impl RSA { } } - pub fn from_raw(rsa: *mut ffi::RSA) -> RSA { + /// the caller should assert that the rsa pointer is valid. + pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { RSA(rsa) } From 8a7a766317acad4205bb55a05e3824d1311bfbd6 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 5 Mar 2016 13:59:25 -0800 Subject: [PATCH 14/17] Update appveyor openssl version and disable x86_64 build --- appveyor.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index d0c304d9..76fa6987 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -5,11 +5,11 @@ environment: matrix: - TARGET: i686-pc-windows-gnu BITS: 32 - - TARGET: x86_64-pc-windows-msvc - BITS: 64 +# - TARGET: x86_64-pc-windows-msvc +# BITS: 64 install: - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe" - - Win%BITS%OpenSSL-1_0_2f.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" + - Win%BITS%OpenSSL-1_0_2g.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe" - rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust" - SET PATH=%PATH%;C:\Program Files (x86)\Rust\bin From 6ad56a5b287e35cecf225c42069148c8a0e50b6e Mon Sep 17 00:00:00 2001 From: Andrew Roetker Date: Wed, 9 Mar 2016 17:24:27 -0800 Subject: [PATCH 15/17] (maint) Update download version for OpenSSL in appveyor to latest This commit updates the download version for OpenSSL in appveyor, previous to this commit the version that was installed was mismatched from the download version. --- appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index 76fa6987..fff3cff7 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -8,7 +8,7 @@ environment: # - TARGET: x86_64-pc-windows-msvc # BITS: 64 install: - - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe" + - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2g.exe" - Win%BITS%OpenSSL-1_0_2g.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL" - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe" - rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust" From 3467cf343f049f57edbee69c85e6014f00304c82 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 11 Mar 2016 12:57:56 -0800 Subject: [PATCH 16/17] Fix nightly warnings about zero-sized fn pointers --- openssl/src/ssl/mod.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index b4c73479..574a324b 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -569,7 +569,8 @@ impl SslContext { pub fn set_servername_callback(&mut self, callback: Option) { unsafe { ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback)); - let f: extern "C" fn() = mem::transmute(raw_sni); + let f: extern "C" fn(_, _, _) -> _ = raw_sni; + let f: extern "C" fn() = mem::transmute(f); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } @@ -586,7 +587,8 @@ impl SslContext { ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback))); ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data)); - let f: extern "C" fn() = mem::transmute(raw_sni_with_data::); + let f: extern "C" fn(_, _, _) -> _ = raw_sni_with_data::; + let f: extern "C" fn() = mem::transmute(f); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } From a569df29f460f64797a8cec31e13d8d1418ab517 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 17 Mar 2016 09:04:23 -0700 Subject: [PATCH 17/17] Release v0.7.7 --- README.md | 2 +- openssl-sys-extras/Cargo.toml | 6 +++--- openssl-sys-extras/src/lib.rs | 2 +- openssl-sys/Cargo.toml | 4 ++-- openssl-sys/src/lib.rs | 2 +- openssl/Cargo.toml | 8 ++++---- openssl/src/lib.rs | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 5741e2c1..e51cbc4a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl) -[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl). +[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl). ## Building diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml index 0607d3bb..79bfa097 100644 --- a/openssl-sys-extras/Cargo.toml +++ b/openssl-sys-extras/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl-sys-extras" -version = "0.7.6" +version = "0.7.7" authors = ["Steven Fackler "] license = "MIT" description = "Extra FFI bindings to OpenSSL that require a C shim" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys_extras" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys_extras" build = "build.rs" [features] @@ -13,7 +13,7 @@ ecdh_auto = [] [dependencies] libc = "0.2" -openssl-sys = { version = "0.7.6", path = "../openssl-sys" } +openssl-sys = { version = "0.7.7", path = "../openssl-sys" } [build-dependencies] gcc = "0.3" diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs index 9647929a..58760fb6 100644 --- a/openssl-sys-extras/src/lib.rs +++ b/openssl-sys-extras/src/lib.rs @@ -1,5 +1,5 @@ #![allow(non_upper_case_globals, non_snake_case)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] extern crate openssl_sys; extern crate libc; diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index c8410104..2a9ae1fb 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "openssl-sys" -version = "0.7.6" +version = "0.7.7" authors = ["Alex Crichton ", "Steven Fackler "] license = "MIT" description = "FFI bindings to OpenSSL" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys" links = "openssl" build = "build.rs" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index d638b38a..8017a1ed 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1,6 +1,6 @@ #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)] #![allow(dead_code)] -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] extern crate libc; diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 10d8ea4b..39adb0e3 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "openssl" -version = "0.7.6" +version = "0.7.7" authors = ["Steven Fackler "] license = "Apache-2.0" description = "OpenSSL bindings" repository = "https://github.com/sfackler/rust-openssl" -documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl" +documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl" readme = "../README.md" keywords = ["crypto", "tls", "ssl", "dtls"] build = "build.rs" @@ -32,8 +32,8 @@ nightly = [] bitflags = "0.4" lazy_static = "0.1" libc = "0.2" -openssl-sys = { version = "0.7.6", path = "../openssl-sys" } -openssl-sys-extras = { version = "0.7.6", path = "../openssl-sys-extras" } +openssl-sys = { version = "0.7.7", path = "../openssl-sys" } +openssl-sys-extras = { version = "0.7.7", path = "../openssl-sys-extras" } [build-dependencies] gcc = "0.3" diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index f1b6d13a..e89e6590 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")] #![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))] #[macro_use]