Merge branch 'release-v0.7.7' into release

2016-03-17 09:04:26 -07:00 · 2016-03-17 09:04:26 -07:00 · a2ac6767e2
parent 7540471ce0 a569df29f4
commit a2ac6767e2
14 changed files with 208 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 [![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
-[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl).
+[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl).
 ## Building
@ -31,6 +31,14 @@ rust-openssl to a separate installation. OSX releases starting at 10.11, "El
 Capitan", no longer include OpenSSL headers which will prevent the `openssl`
 crate from compiling.
 For OSX 10.11 you can use brew to install OpenSSL and then set the environment variables
 as described below.
 ```bash
 brew install openssl
 export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include
 export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib
 ```
 ### Windows
 On Windows, consider building with [mingw-w64](http://mingw-w64.org/).
--- a/appveyor.yml
+++ b/appveyor.yml
@ -5,11 +5,11 @@ environment:
  matrix:
  - TARGET: i686-pc-windows-gnu
    BITS: 32
-  - TARGET: x86_64-pc-windows-msvc
+#  - TARGET: x86_64-pc-windows-msvc
-    BITS: 64
+#    BITS: 64
 install:
-  - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe"
+  - ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2g.exe"
-  - Win%BITS%OpenSSL-1_0_2f.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL"
+  - Win%BITS%OpenSSL-1_0_2g.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL"
  - ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe"
  - rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust"
  - SET PATH=%PATH%;C:\Program Files (x86)\Rust\bin
--- a/openssl-sys-extras/Cargo.toml
+++ b/openssl-sys-extras/Cargo.toml
@ -1,11 +1,11 @@
 [package]
 name = "openssl-sys-extras"
-version = "0.7.6"
+version = "0.7.7"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "MIT"
 description = "Extra FFI bindings to OpenSSL that require a C shim"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys_extras"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys_extras"
 build = "build.rs"
 [features]
@ -13,7 +13,7 @@ ecdh_auto = []
 [dependencies]
 libc = "0.2"
-openssl-sys = { version = "0.7.6", path = "../openssl-sys" }
+openssl-sys = { version = "0.7.7", path = "../openssl-sys" }
 [build-dependencies]
 gcc = "0.3"
--- a/openssl-sys-extras/src/lib.rs
+++ b/openssl-sys-extras/src/lib.rs
@ -1,5 +1,5 @@
 #![allow(non_upper_case_globals, non_snake_case)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
 extern crate openssl_sys;
 extern crate libc;
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@ -1,12 +1,12 @@
 [package]
 name = "openssl-sys"
-version = "0.7.6"
+version = "0.7.7"
 authors = ["Alex Crichton <alex@alexcrichton.com>",
           "Steven Fackler <sfackler@gmail.com>"]
 license = "MIT"
 description = "FFI bindings to OpenSSL"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys"
 links = "openssl"
 build = "build.rs"
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -1,6 +1,6 @@
 #![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
 #![allow(dead_code)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
 extern crate libc;
@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void;
 pub type EVP_MD = c_void;
 pub type EVP_PKEY_CTX = c_void;
 pub type SSL = c_void;
 pub type SSL_CIPHER = c_void;
 pub type SSL_CTX = c_void;
 pub type SSL_METHOD = c_void;
 pub type X509 = c_void;
@ -588,6 +589,7 @@ extern "C" {
    pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int;
    pub fn RSA_new() -> *mut RSA;
    pub fn RSA_free(rsa: *mut RSA);
    pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA;
    pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int;
@ -642,6 +644,7 @@ extern "C" {
    pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
    pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509;
    pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
    pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char;
    pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char;
    pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char;
@ -649,6 +652,13 @@ extern "C" {
    pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
    pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
    pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
    pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
    pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
    pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
    pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int,
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@ -1,11 +1,11 @@
 [package]
 name = "openssl"
-version = "0.7.6"
+version = "0.7.7"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "Apache-2.0"
 description = "OpenSSL bindings"
 repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl"
 readme = "../README.md"
 keywords = ["crypto", "tls", "ssl", "dtls"]
 build = "build.rs"
@ -29,11 +29,11 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
 nightly = []
 [dependencies]
-bitflags = ">= 0.2, < 0.4"
+bitflags = "0.4"
 lazy_static = "0.1"
 libc = "0.2"
-openssl-sys = { version = "0.7.6", path = "../openssl-sys" }
+openssl-sys = { version = "0.7.7", path = "../openssl-sys" }
-openssl-sys-extras = { version = "0.7.6", path = "../openssl-sys-extras" }
+openssl-sys-extras = { version = "0.7.7", path = "../openssl-sys-extras" }
 [build-dependencies]
 gcc = "0.3"
--- a/openssl/src/bn/mod.rs
+++ b/openssl/src/bn/mod.rs
@ -1,7 +1,7 @@
 use libc::{c_int, c_ulong, c_void};
 use std::ffi::{CStr, CString};
 use std::cmp::Ordering;
-use std::{fmt, ptr};
+use std::{fmt, ptr, mem};
 use ffi;
 use ssl::error::SslError;
@ -473,6 +473,11 @@ impl BigNum {
        n
    }
    pub fn into_raw(self) -> *mut ffi::BIGNUM {
        let mut me = self;
        mem::replace(&mut me.0, ptr::null_mut())
    }
    pub fn to_vec(&self) -> Vec<u8> {
        let size = self.num_bytes() as usize;
        let mut v = Vec::with_capacity(size);
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@ -205,6 +205,28 @@ impl PKey {
        }
    }
    /// assign RSA key to this pkey
    pub fn set_rsa(&mut self, rsa: &RSA) {
        unsafe {
            // this needs to be a reference as the set1_RSA ups the reference count
            let rsa_ptr = rsa.as_ptr();
            if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 {
                if rsa.has_e() && rsa.has_n() {
                    self.parts = Parts::Public;
                }
            }
        }
    }
    /// get a reference to the interal RSA key for direct access to the key components
    pub fn get_rsa(&self) -> RSA {
        unsafe {
            let evp_pkey: *mut ffi::EVP_PKEY = self.evp;
            // this is safe as the ffi increments a reference counter to the internal key
            RSA::from_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey))
        }
    }
    /**
     * Returns a DER serialized form of the public key, suitable for load_pub().
     */
@ -604,6 +626,7 @@ mod tests {
    use std::path::Path;
    use std::fs::File;
    use crypto::hash::Type::{MD5, SHA1};
    use crypto::rsa::RSA;
    #[test]
    fn test_gen_pub() {
@ -790,6 +813,28 @@ mod tests {
        assert!(pub_key.windows(10).any(|s| s == b"PUBLIC KEY"));
    }
    #[test]
    fn test_public_key_from_raw() {
        let mut k0 = super::PKey::new();
        let mut k1 = super::PKey::new();
        let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
        k0.gen(512);
        let sig = k0.sign(&msg);
        let r0 = k0.get_rsa();
        let r1 = RSA::from_public_components(r0.n().expect("n"), r0.e().expect("e")).expect("r1");
        k1.set_rsa(&r1);
        assert!(k1.can(super::Role::Encrypt));
        assert!(!k1.can(super::Role::Decrypt));
        assert!(k1.can(super::Role::Verify));
        assert!(!k1.can(super::Role::Sign));
        let rv = k1.verify(&msg, &sig);
        assert!(rv == true);
    }
    #[test]
    #[should_panic(expected = "Could not get RSA key for encryption")]
    fn test_nokey_encrypt() {
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@ -18,6 +18,22 @@ impl Drop for RSA {
 }
 impl RSA {
    /// only useful for associating the key material directly with the key, it's safer to use
    /// the supplied load and save methods for DER formatted keys.
    pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, SslError> {
        unsafe {
            let rsa = try_ssl_null!(ffi::RSA_new());
            (*rsa).n = n.into_raw();
            (*rsa).e = e.into_raw();
            Ok(RSA(rsa))
        }
    }
    /// the caller should assert that the rsa pointer is valid.
    pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
        RSA(rsa)
    }
    /// Reads an RSA private key from PEM formatted data.
    pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
    where R: Read
@ -61,6 +77,12 @@ impl RSA {
        }
    }
    pub fn has_n(&self) -> bool {
        unsafe {
            !(*self.0).n.is_null()
        }
    }
    pub fn d(&self) -> Result<BigNum, SslError> {
        unsafe {
            BigNum::new_from_ffi((*self.0).d)
@ -73,6 +95,12 @@ impl RSA {
        }
    }
    pub fn has_e(&self) -> bool {
        unsafe {
            !(*self.0).e.is_null()
        }
    }
    pub fn p(&self) -> Result<BigNum, SslError> {
        unsafe {
            BigNum::new_from_ffi((*self.0).p)
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@ -1,4 +1,4 @@
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
 #![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))]
 #[macro_use]
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -569,7 +569,8 @@ impl SslContext {
    pub fn set_servername_callback(&mut self, callback: Option<ServerNameCallback>) {
        unsafe {
            ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback));
-            let f: extern "C" fn() = mem::transmute(raw_sni);
+            let f: extern "C" fn(_, _, _) -> _ = raw_sni;
            let f: extern "C" fn() = mem::transmute(f);
            ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f));
        }
    }
@ -586,7 +587,8 @@ impl SslContext {
            ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback)));
            ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data));
-            let f: extern "C" fn() = mem::transmute(raw_sni_with_data::<T>);
+            let f: extern "C" fn(_, _, _) -> _ = raw_sni_with_data::<T>;
            let f: extern "C" fn() = mem::transmute(f);
            ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f));
        }
    }
@ -769,6 +771,71 @@ impl SslContext {
    }
 }
 pub struct CipherBits {
    /// The number of secret bits used for the cipher.
    pub secret: i32,
    /// The number of bits processed by the chosen algorithm, if not None.
    pub algorithm: Option<i32>,
 }
 pub struct SslCipher<'a> {
    cipher: *const ffi::SSL_CIPHER,
    ph: PhantomData<&'a ()>,
 }
 impl <'a> SslCipher<'a> {
    /// Returns the name of cipher.
    pub fn name(&self) -> &'static str {
        let name = unsafe {
            let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
            CStr::from_ptr(ptr as *const _)
        };
        str::from_utf8(name.to_bytes()).unwrap()
    }
    /// Returns the SSL/TLS protocol version that first defined the cipher.
    pub fn version(&self) -> &'static str {
        let version = unsafe {
            let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
            CStr::from_ptr(ptr as *const _)
        };
        str::from_utf8(version.to_bytes()).unwrap()
    }
    /// Returns the number of bits used for the cipher.
    pub fn bits(&self) -> CipherBits {
        unsafe {
            let algo_bits : *mut c_int = ptr::null_mut();
            let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
            if !algo_bits.is_null() {
                CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
            } else {
                CipherBits { secret: secret_bits, algorithm: None }
            }
        }
    }
    /// Returns a textual description of the cipher used
    pub fn description(&self) -> Option<String> {
        unsafe {
            // SSL_CIPHER_description requires a buffer of at least 128 bytes.
            let mut buf = [0i8; 128];
            let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128);
            if !desc_ptr.is_null() {
                String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok()
            } else {
                None
            }
        }
    }
 }
 pub struct Ssl {
    ssl: *mut ffi::SSL,
 }
@ -836,6 +903,18 @@ impl Ssl {
        }
    }
    pub fn get_current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> {
        unsafe {
            let ptr = ffi::SSL_get_current_cipher(self.ssl);
            if ptr.is_null() {
                None
            } else {
                Some(SslCipher{ cipher: ptr, ph: PhantomData })
            }
        }
    }
    pub fn state_string(&self) -> &'static str {
        let state = unsafe {
            let ptr = ffi::SSL_state_string(self.ssl);
@ -881,6 +960,16 @@ impl Ssl {
        }
    }
    /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
    pub fn version(&self) -> &'static str {
        let version = unsafe {
             let ptr = ffi::SSL_get_version(self.ssl);
             CStr::from_ptr(ptr as *const _)
        };
        str::from_utf8(version.to_bytes()).unwrap()
    }
    /// Returns the protocol selected by performing Next Protocol Negotiation, if any.
    ///
    /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
--- a/openssl/test/build.sh
+++ b/openssl/test/build.sh
@ -15,7 +15,7 @@ fi
 mkdir /tmp/openssl
 cd /tmp/openssl
-curl https://openssl.org/source/openssl-1.0.2f.tar.gz | tar --strip-components=1 -xzf -
+curl https://openssl.org/source/openssl-1.0.2g.tar.gz | tar --strip-components=1 -xzf -
 ./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER
 make
 make install
--- a/openssl/test/run.sh
+++ b/openssl/test/run.sh
@ -4,7 +4,7 @@ set -e
 MAIN_TARGETS=https://static.rust-lang.org/dist
 if [ "$TEST_FEATURES" == "true" ]; then
-    FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
+    FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
 fi
 if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then