min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'release-v0.7.7' into release

This commit is contained in:
Steven Fackler 2016-03-17 09:04:26 -07:00
parent 7540471ce0 a569df29f4
commit a2ac6767e2
14 changed files with 208 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -2,7 +2,7 @@
[![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl).
[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl).
## Building
@ -31,6 +31,14 @@ rust-openssl to a separate installation. OSX releases starting at 10.11, "El
Capitan", no longer include OpenSSL headers which will prevent the `openssl`
crate from compiling.
For OSX 10.11 you can use brew to install OpenSSL and then set the environment variables
as described below.
```bash
brew install openssl
export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include
export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib
```
### Windows
On Windows, consider building with [mingw-w64](http://mingw-w64.org/).

8
appveyor.yml
View File

@ -5,11 +5,11 @@ environment:
matrix:
- TARGET: i686-pc-windows-gnu
BITS: 32
- TARGET: x86_64-pc-windows-msvc
BITS: 64
# - TARGET: x86_64-pc-windows-msvc
# BITS: 64
install:
- ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2f.exe"
- Win%BITS%OpenSSL-1_0_2f.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL"
- ps: Start-FileDownload "http://slproweb.com/download/Win${env:BITS}OpenSSL-1_0_2g.exe"
- Win%BITS%OpenSSL-1_0_2g.exe /SILENT /VERYSILENT /SP- /DIR="C:\OpenSSL"
- ps: Start-FileDownload "https://static.rust-lang.org/dist/rust-1.5.0-${env:TARGET}.exe"
- rust-1.5.0-%TARGET%.exe /VERYSILENT /NORESTART /DIR="C:\Program Files (x86)\Rust"
- SET PATH=%PATH%;C:\Program Files (x86)\Rust\bin

6
openssl-sys-extras/Cargo.toml
View File

@ -1,11 +1,11 @@
[package]
name = "openssl-sys-extras"
version = "0.7.6"
version = "0.7.7"
authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "MIT"
description = "Extra FFI bindings to OpenSSL that require a C shim"
repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys_extras"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys_extras"
build = "build.rs"
[features]
@ -13,7 +13,7 @@ ecdh_auto = []
[dependencies]
libc = "0.2"
openssl-sys = { version = "0.7.6", path = "../openssl-sys" }
openssl-sys = { version = "0.7.7", path = "../openssl-sys" }
[build-dependencies]
gcc = "0.3"

2
openssl-sys-extras/src/lib.rs
View File

@ -1,5 +1,5 @@
#![allow(non_upper_case_globals, non_snake_case)]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
extern crate openssl_sys;
extern crate libc;

4
openssl-sys/Cargo.toml
View File

@ -1,12 +1,12 @@
[package]
name = "openssl-sys"
version = "0.7.6"
version = "0.7.7"
authors = ["Alex Crichton <alex@alexcrichton.com>",
"Steven Fackler <sfackler@gmail.com>"]
license = "MIT"
description = "FFI bindings to OpenSSL"
repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl_sys"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl_sys"
links = "openssl"
build = "build.rs"

12
openssl-sys/src/lib.rs
View File

@ -1,6 +1,6 @@
#![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
#![allow(dead_code)]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
extern crate libc;
@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void;
pub type EVP_MD = c_void;
pub type EVP_PKEY_CTX = c_void;
pub type SSL = c_void;
pub type SSL_CIPHER = c_void;
pub type SSL_CTX = c_void;
pub type SSL_METHOD = c_void;
pub type X509 = c_void;
@ -588,6 +589,7 @@ extern "C" {
pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int;
pub fn RSA_new() -> *mut RSA;
pub fn RSA_free(rsa: *mut RSA);
pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA;
pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int;
@ -642,6 +644,7 @@ extern "C" {
pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509;
pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char;
pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char;
pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char;
@ -649,6 +652,13 @@ extern "C" {
pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int,

10
openssl/Cargo.toml
View File

@ -1,11 +1,11 @@
[package]
name = "openssl"
version = "0.7.6"
version = "0.7.7"
authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "Apache-2.0"
description = "OpenSSL bindings"
repository = "https://github.com/sfackler/rust-openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.6/openssl"
documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.7/openssl"
readme = "../README.md"
keywords = ["crypto", "tls", "ssl", "dtls"]
build = "build.rs"
@ -29,11 +29,11 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
nightly = []
[dependencies]
bitflags = ">= 0.2, < 0.4"
bitflags = "0.4"
lazy_static = "0.1"
libc = "0.2"
openssl-sys = { version = "0.7.6", path = "../openssl-sys" }
openssl-sys-extras = { version = "0.7.6", path = "../openssl-sys-extras" }
openssl-sys = { version = "0.7.7", path = "../openssl-sys" }
openssl-sys-extras = { version = "0.7.7", path = "../openssl-sys-extras" }
[build-dependencies]
gcc = "0.3"

7
openssl/src/bn/mod.rs
View File

@ -1,7 +1,7 @@
use libc::{c_int, c_ulong, c_void};
use std::ffi::{CStr, CString};
use std::cmp::Ordering;
use std::{fmt, ptr};
use std::{fmt, ptr, mem};
use ffi;
use ssl::error::SslError;
@ -473,6 +473,11 @@ impl BigNum {
n
}
pub fn into_raw(self) -> *mut ffi::BIGNUM {
let mut me = self;
mem::replace(&mut me.0, ptr::null_mut())
}
pub fn to_vec(&self) -> Vec<u8> {
let size = self.num_bytes() as usize;
let mut v = Vec::with_capacity(size);

45
openssl/src/crypto/pkey.rs
View File

@ -205,6 +205,28 @@ impl PKey {
}
}
/// assign RSA key to this pkey
pub fn set_rsa(&mut self, rsa: &RSA) {
unsafe {
// this needs to be a reference as the set1_RSA ups the reference count
let rsa_ptr = rsa.as_ptr();
if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 {
if rsa.has_e() && rsa.has_n() {
self.parts = Parts::Public;
}
}
}
}
/// get a reference to the interal RSA key for direct access to the key components
pub fn get_rsa(&self) -> RSA {
unsafe {
let evp_pkey: *mut ffi::EVP_PKEY = self.evp;
// this is safe as the ffi increments a reference counter to the internal key
RSA::from_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey))
}
}
/**
* Returns a DER serialized form of the public key, suitable for load_pub().
*/
@ -604,6 +626,7 @@ mod tests {
use std::path::Path;
use std::fs::File;
use crypto::hash::Type::{MD5, SHA1};
use crypto::rsa::RSA;
#[test]
fn test_gen_pub() {
@ -790,6 +813,28 @@ mod tests {
assert!(pub_key.windows(10).any(|s| s == b"PUBLIC KEY"));
}
#[test]
fn test_public_key_from_raw() {
let mut k0 = super::PKey::new();
let mut k1 = super::PKey::new();
let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
k0.gen(512);
let sig = k0.sign(&msg);
let r0 = k0.get_rsa();
let r1 = RSA::from_public_components(r0.n().expect("n"), r0.e().expect("e")).expect("r1");
k1.set_rsa(&r1);
assert!(k1.can(super::Role::Encrypt));
assert!(!k1.can(super::Role::Decrypt));
assert!(k1.can(super::Role::Verify));
assert!(!k1.can(super::Role::Sign));
let rv = k1.verify(&msg, &sig);
assert!(rv == true);
}
#[test]
#[should_panic(expected = "Could not get RSA key for encryption")]
fn test_nokey_encrypt() {

28
openssl/src/crypto/rsa.rs
View File

@ -18,6 +18,22 @@ impl Drop for RSA {
}
impl RSA {
/// only useful for associating the key material directly with the key, it's safer to use
/// the supplied load and save methods for DER formatted keys.
pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, SslError> {
unsafe {
let rsa = try_ssl_null!(ffi::RSA_new());
(*rsa).n = n.into_raw();
(*rsa).e = e.into_raw();
Ok(RSA(rsa))
}
}
/// the caller should assert that the rsa pointer is valid.
pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
RSA(rsa)
}
/// Reads an RSA private key from PEM formatted data.
pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
where R: Read
@ -61,6 +77,12 @@ impl RSA {
}
}
pub fn has_n(&self) -> bool {
unsafe {
!(*self.0).n.is_null()
}
}
pub fn d(&self) -> Result<BigNum, SslError> {
unsafe {
BigNum::new_from_ffi((*self.0).d)
@ -73,6 +95,12 @@ impl RSA {
}
}
pub fn has_e(&self) -> bool {
unsafe {
!(*self.0).e.is_null()
}
}
pub fn p(&self) -> Result<BigNum, SslError> {
unsafe {
BigNum::new_from_ffi((*self.0).p)

2
openssl/src/lib.rs
View File

@ -1,4 +1,4 @@
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.6")]
#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.7")]
#![cfg_attr(feature = "nightly", feature(const_fn, recover, panic_propagate))]
#[macro_use]

93
openssl/src/ssl/mod.rs
View File

@ -569,7 +569,8 @@ impl SslContext {
pub fn set_servername_callback(&mut self, callback: Option<ServerNameCallback>) {
unsafe {
ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback));
let f: extern "C" fn() = mem::transmute(raw_sni);
let f: extern "C" fn(_, _, _) -> _ = raw_sni;
let f: extern "C" fn() = mem::transmute(f);
ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f));
}
}
@ -586,7 +587,8 @@ impl SslContext {
ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback)));
ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data));
let f: extern "C" fn() = mem::transmute(raw_sni_with_data::<T>);
let f: extern "C" fn(_, _, _) -> _ = raw_sni_with_data::<T>;
let f: extern "C" fn() = mem::transmute(f);
ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f));
}
}
@ -769,6 +771,71 @@ impl SslContext {
}
}
pub struct CipherBits {
/// The number of secret bits used for the cipher.
pub secret: i32,
/// The number of bits processed by the chosen algorithm, if not None.
pub algorithm: Option<i32>,
}
pub struct SslCipher<'a> {
cipher: *const ffi::SSL_CIPHER,
ph: PhantomData<&'a ()>,
}
impl <'a> SslCipher<'a> {
/// Returns the name of cipher.
pub fn name(&self) -> &'static str {
let name = unsafe {
let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(name.to_bytes()).unwrap()
}
/// Returns the SSL/TLS protocol version that first defined the cipher.
pub fn version(&self) -> &'static str {
let version = unsafe {
let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(version.to_bytes()).unwrap()
}
/// Returns the number of bits used for the cipher.
pub fn bits(&self) -> CipherBits {
unsafe {
let algo_bits : *mut c_int = ptr::null_mut();
let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
if !algo_bits.is_null() {
CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
} else {
CipherBits { secret: secret_bits, algorithm: None }
}
}
}
/// Returns a textual description of the cipher used
pub fn description(&self) -> Option<String> {
unsafe {
// SSL_CIPHER_description requires a buffer of at least 128 bytes.
let mut buf = [0i8; 128];
let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128);
if !desc_ptr.is_null() {
String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok()
} else {
None
}
}
}
}
pub struct Ssl {
ssl: *mut ffi::SSL,
}
@ -836,6 +903,18 @@ impl Ssl {
}
}
pub fn get_current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> {
unsafe {
let ptr = ffi::SSL_get_current_cipher(self.ssl);
if ptr.is_null() {
None
} else {
Some(SslCipher{ cipher: ptr, ph: PhantomData })
}
}
}
pub fn state_string(&self) -> &'static str {
let state = unsafe {
let ptr = ffi::SSL_state_string(self.ssl);
@ -881,6 +960,16 @@ impl Ssl {
}
}
/// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
pub fn version(&self) -> &'static str {
let version = unsafe {
let ptr = ffi::SSL_get_version(self.ssl);
CStr::from_ptr(ptr as *const _)
};
str::from_utf8(version.to_bytes()).unwrap()
}
/// Returns the protocol selected by performing Next Protocol Negotiation, if any.
///
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client

2
openssl/test/build.sh
View File

@ -15,7 +15,7 @@ fi
mkdir /tmp/openssl
cd /tmp/openssl
curl https://openssl.org/source/openssl-1.0.2f.tar.gz | tar --strip-components=1 -xzf -
curl https://openssl.org/source/openssl-1.0.2g.tar.gz | tar --strip-components=1 -xzf -
./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER
make
make install

2
openssl/test/run.sh
View File

@ -4,7 +4,7 @@ set -e
MAIN_TARGETS=https://static.rust-lang.org/dist
if [ "$TEST_FEATURES" == "true" ]; then
FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
fi
if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then