min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Overhaul openssl cfgs 

Also expose hostname verification on libressl
This commit is contained in:
Steven Fackler 2018-05-20 11:27:45 -07:00
parent 9df403043b
commit a6fcef01c0
25 changed files with 953 additions and 902 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openssl-sys/src/lib.rs
View File

@ -1413,15 +1413,15 @@ pub const X509_V_ERR_EMAIL_MISMATCH: c_int = 63;
#[cfg(ossl102)] #[cfg(ossl102)]
pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64; pub const X509_V_ERR_IP_ADDRESS_MISMATCH: c_int = 64;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2; pub const X509_CHECK_FLAG_NO_WILDCARDS: c_uint = 0x2;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4; pub const X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS: c_uint = 0x4;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8; pub const X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS: c_uint = 0x8;
#[cfg(ossl102)] #[cfg(any(ossl102, libressl261))]
pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10;
pub const GEN_OTHERNAME: c_int = 0; pub const GEN_OTHERNAME: c_int = 0;

22
openssl-sys/src/libressl/mod.rs
View File

@ -447,6 +447,28 @@ pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int {
::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
} }
pub unsafe fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong {
::SSL_CTX_ctrl(ctx as *mut _, ::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
}
pub unsafe fn SSL_CTX_set_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong {
::SSL_CTX_ctrl(
ctx as *mut _,
::SSL_CTRL_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
pub unsafe fn SSL_CTX_clear_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong {
::SSL_CTX_ctrl(
ctx as *mut _,
::SSL_CTRL_CLEAR_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
extern "C" { extern "C" {
pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO;
pub fn BIO_s_file() -> *mut BIO_METHOD; pub fn BIO_s_file() -> *mut BIO_METHOD;

22
openssl-sys/src/openssl/v10x.rs
View File

@ -807,6 +807,28 @@ pub unsafe fn SSL_session_reused(ssl: *mut ::SSL) -> c_int {
::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int ::SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
} }
pub unsafe fn SSL_CTX_get_options(ctx: *const ::SSL_CTX) -> c_ulong {
::SSL_CTX_ctrl(ctx as *mut _, ::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
}
pub unsafe fn SSL_CTX_set_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong {
::SSL_CTX_ctrl(
ctx as *mut _,
::SSL_CTRL_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
pub unsafe fn SSL_CTX_clear_options(ctx: *const ::SSL_CTX, op: c_ulong) -> c_ulong {
::SSL_CTX_ctrl(
ctx as *mut _,
::SSL_CTRL_CLEAR_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
extern "C" { extern "C" {
pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO;
pub fn BIO_s_file() -> *mut BIO_METHOD; pub fn BIO_s_file() -> *mut BIO_METHOD;

2
openssl/Cargo.toml
View File

@ -18,9 +18,11 @@ v111 = []
[dependencies] [dependencies]
bitflags = "1.0" bitflags = "1.0"
cfg-if = "0.1"
foreign-types = "0.3.1" foreign-types = "0.3.1"
lazy_static = "1" lazy_static = "1"
libc = "0.2" libc = "0.2"
openssl-sys = { version = "0.9.30", path = "../openssl-sys" } openssl-sys = { version = "0.9.30", path = "../openssl-sys" }
[dev-dependencies] [dev-dependencies]

31
openssl/build.rs
View File

@ -1,25 +1,6 @@
use std::env; use std::env;
fn main() { fn main() {
match env::var("DEP_OPENSSL_VERSION") {
Ok(ref v) if v == "101" => {
println!("cargo:rustc-cfg=ossl101");
println!("cargo:rustc-cfg=ossl10x");
}
Ok(ref v) if v == "102" => {
println!("cargo:rustc-cfg=ossl102");
println!("cargo:rustc-cfg=ossl10x");
}
Ok(ref v) if v == "110" => {
println!("cargo:rustc-cfg=ossl110");
}
Ok(ref v) if v == "111" => {
println!("cargo:rustc-cfg=ossl110");
println!("cargo:rustc-cfg=ossl111");
}
_ => panic!("Unable to detect OpenSSL version"),
}
if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") { if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
println!("cargo:rustc-cfg=libressl"); println!("cargo:rustc-cfg=libressl");
} }
@ -37,9 +18,21 @@ fn main() {
if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") { if let Ok(version) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
let version = u64::from_str_radix(&version, 16).unwrap(); let version = u64::from_str_radix(&version, 16).unwrap();
if version >= 0x1_00_01_00_0 {
println!("cargo:rustc-cfg=ossl101");
}
if version >= 0x1_00_02_00_0 {
println!("cargo:rustc-cfg=ossl102");
}
if version >= 0x1_01_00_00_0 {
println!("cargo:rustc-cfg=ossl110");
}
if version >= 0x1_01_00_07_0 { if version >= 0x1_01_00_07_0 {
println!("cargo:rustc-cfg=ossl110g"); println!("cargo:rustc-cfg=ossl110g");
} }
if version >= 0x1_01_01_00_0 {
println!("cargo:rustc-cfg=ossl111");
}
} }
if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") { if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") {

22
openssl/src/asn1.rs
View File

@ -32,12 +32,12 @@ use std::ptr;
use std::slice; use std::slice;
use std::str; use std::str;
use {cvt, cvt_p};
use bio::MemBio; use bio::MemBio;
use bn::BigNum; use bn::BigNum;
use error::ErrorStack; use error::ErrorStack;
use nid::Nid; use nid::Nid;
use string::OpensslString; use string::OpensslString;
use {cvt, cvt_p};
foreign_type_and_impl_send_sync! { foreign_type_and_impl_send_sync! {
type CType = ffi::ASN1_GENERALIZEDTIME; type CType = ffi::ASN1_GENERALIZEDTIME;
@ -162,7 +162,7 @@ impl Asn1StringRef {
/// ///
/// [`as_utf8`]: struct.Asn1String.html#method.as_utf8 /// [`as_utf8`]: struct.Asn1String.html#method.as_utf8
pub fn as_slice(&self) -> &[u8] { pub fn as_slice(&self) -> &[u8] {
unsafe { slice::from_raw_parts(ASN1_STRING_data(self.as_ptr()), self.len()) } unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }
} }
/// Return the length of the Asn1String (number of bytes) /// Return the length of the Asn1String (number of bytes)
@ -241,11 +241,11 @@ foreign_type_and_impl_send_sync! {
impl Asn1BitStringRef { impl Asn1BitStringRef {
/// Returns the Asn1BitString as a slice /// Returns the Asn1BitString as a slice
pub fn as_slice(&self) -> &[u8] { pub fn as_slice(&self) -> &[u8] {
unsafe { slice::from_raw_parts(ASN1_STRING_data(self.as_ptr() as *mut _), self.len()) } unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
} }
/// Length of Asn1BitString in number of bytes. /// Length of Asn1BitString in number of bytes.
pub fn len(&self) -> usize { pub fn len(&self) -> usize {
unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *mut _) as usize } unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *const _) as usize }
} }
} }
@ -296,11 +296,13 @@ impl fmt::Display for Asn1ObjectRef {
} }
} }
#[cfg(any(ossl101, ossl102))] cfg_if! {
use ffi::ASN1_STRING_data; if #[cfg(ossl110)] {
use ffi::ASN1_STRING_get0_data;
#[cfg(ossl110)] } else {
#[allow(bad_style)] #[allow(bad_style)]
unsafe fn ASN1_STRING_data(s: *mut ffi::ASN1_STRING) -> *mut ::libc::c_uchar { unsafe fn ASN1_STRING_get0_data(s: *mut ffi::ASN1_STRING) -> *const ::libc::c_uchar {
ffi::ASN1_STRING_get0_data(s) as *mut _ ffi::ASN1_STRING_data(s)
}
}
} }

12
openssl/src/bio.rs
View File

@ -1,8 +1,8 @@
use ffi;
use libc::c_int;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ptr; use std::ptr;
use std::slice; use std::slice;
use libc::c_int;
use ffi;
use cvt_p; use cvt_p;
use error::ErrorStack; use error::ErrorStack;
@ -68,11 +68,13 @@ impl MemBio {
} }
} }
#[cfg(not(ossl101))] cfg_if! {
if #[cfg(ossl102)] {
use ffi::BIO_new_mem_buf; use ffi::BIO_new_mem_buf;
} else {
#[cfg(ossl101)]
#[allow(bad_style)] #[allow(bad_style)]
unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO { unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO {
ffi::BIO_new_mem_buf(buf as *mut _, len) ffi::BIO_new_mem_buf(buf as *mut _, len)
} }
}
}

43
openssl/src/bn.rs
View File

@ -30,28 +30,39 @@ use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int; use libc::c_int;
use std::cmp::Ordering; use std::cmp::Ordering;
use std::ffi::CString; use std::ffi::CString;
use std::{fmt, ptr};
use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub};
use std::{fmt, ptr};
use {cvt, cvt_n, cvt_p};
use asn1::Asn1Integer; use asn1::Asn1Integer;
use error::ErrorStack; use error::ErrorStack;
use string::OpensslString; use string::OpensslString;
use {cvt, cvt_n, cvt_p};
#[cfg(ossl10x)] cfg_if! {
use ffi::{get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, if #[cfg(ossl110)] {
use ffi::{
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative,
};
} else {
use ffi::{
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536, get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048, get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072, get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
get_rfc3526_prime_4096 as BN_get_rfc3526_prime_4096, get_rfc3526_prime_4096 as BN_get_rfc3526_prime_4096,
get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144, get_rfc3526_prime_6144 as BN_get_rfc3526_prime_6144,
get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192}; get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192,
};
#[cfg(ossl110)] #[allow(bad_style)]
use ffi::{BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536, unsafe fn BN_is_negative(bn: *const ffi::BIGNUM) -> c_int {
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, (*bn).neg
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192}; }
}
}
/// Options for the most significant bits of a randomly generated `BigNum`. /// Options for the most significant bits of a randomly generated `BigNum`.
pub struct MsbOption(c_int); pub struct MsbOption(c_int);
@ -361,17 +372,7 @@ impl BigNumRef {
/// Returns `true` if `self` is negative. /// Returns `true` if `self` is negative.
pub fn is_negative(&self) -> bool { pub fn is_negative(&self) -> bool {
self._is_negative() unsafe { BN_is_negative(self.as_ptr()) == 1 }
}
#[cfg(ossl10x)]
fn _is_negative(&self) -> bool {
unsafe { (*self.as_ptr()).neg == 1 }
}
#[cfg(ossl110)]
fn _is_negative(&self) -> bool {
unsafe { ffi::BN_is_negative(self.as_ptr()) == 1 }
} }
/// Returns the number of significant bits in `self`. /// Returns the number of significant bits in `self`.
@ -1218,7 +1219,7 @@ macro_rules! delegate {
$t::$m(self.deref(), oth.deref()) $t::$m(self.deref(), oth.deref())
} }
} }
} };
} }
impl<'a, 'b> Add<&'b BigNumRef> for &'a BigNumRef { impl<'a, 'b> Add<&'b BigNumRef> for &'a BigNumRef {

30
openssl/src/dh.rs
View File

@ -4,9 +4,9 @@ use foreign_types::{ForeignType, ForeignTypeRef};
use std::mem; use std::mem;
use std::ptr; use std::ptr;
use {cvt, cvt_p};
use bn::BigNum; use bn::BigNum;
use pkey::{HasParams, Params}; use pkey::{HasParams, Params};
use {cvt, cvt_p};
generic_foreign_type_and_impl_send_sync! { generic_foreign_type_and_impl_send_sync! {
type CType = ffi::DH; type CType = ffi::DH;
@ -48,12 +48,7 @@ impl Dh<Params> {
pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<Dh<Params>, ErrorStack> { pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<Dh<Params>, ErrorStack> {
unsafe { unsafe {
let dh = Dh::from_ptr(cvt_p(ffi::DH_new())?); let dh = Dh::from_ptr(cvt_p(ffi::DH_new())?);
cvt(compat::DH_set0_pqg( cvt(DH_set0_pqg(dh.0, p.as_ptr(), q.as_ptr(), g.as_ptr()))?;
dh.0,
p.as_ptr(),
q.as_ptr(),
g.as_ptr(),
))?;
mem::forget((p, g, q)); mem::forget((p, g, q));
Ok(dh) Ok(dh)
} }
@ -111,34 +106,29 @@ impl Dh<Params> {
} }
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
pub use ffi::DH_set0_pqg; use ffi::DH_set0_pqg;
} } else {
#[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
mod compat { unsafe fn DH_set0_pqg(
use ffi;
use libc::c_int;
pub unsafe fn DH_set0_pqg(
dh: *mut ffi::DH, dh: *mut ffi::DH,
p: *mut ffi::BIGNUM, p: *mut ffi::BIGNUM,
q: *mut ffi::BIGNUM, q: *mut ffi::BIGNUM,
g: *mut ffi::BIGNUM, g: *mut ffi::BIGNUM,
) -> c_int { ) -> ::libc::c_int {
(*dh).p = p; (*dh).p = p;
(*dh).q = q; (*dh).q = q;
(*dh).g = g; (*dh).g = g;
1 1
} }
} }
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use dh::Dh;
use bn::BigNum; use bn::BigNum;
use dh::Dh;
use ssl::{SslContext, SslMethod}; use ssl::{SslContext, SslMethod};
#[test] #[test]

46
openssl/src/dsa.rs
View File

@ -11,10 +11,10 @@ use libc::c_int;
use std::fmt; use std::fmt;
use std::ptr; use std::ptr;
use {cvt, cvt_p};
use bn::BigNumRef; use bn::BigNumRef;
use error::ErrorStack; use error::ErrorStack;
use pkey::{HasParams, HasPublic, Private, Public}; use pkey::{HasParams, HasPublic, Private, Public};
use {cvt, cvt_p};
generic_foreign_type_and_impl_send_sync! { generic_foreign_type_and_impl_send_sync! {
type CType = ffi::DSA; type CType = ffi::DSA;
@ -101,7 +101,8 @@ where
/// Returns the DSA prime parameter of `self`. /// Returns the DSA prime parameter of `self`.
pub fn p(&self) -> &BigNumRef { pub fn p(&self) -> &BigNumRef {
unsafe { unsafe {
let p = compat::pqg(self.as_ptr())[0]; let mut p = ptr::null();
DSA_get0_pqg(self.as_ptr(), &mut p, ptr::null_mut(), ptr::null_mut());
BigNumRef::from_ptr(p as *mut _) BigNumRef::from_ptr(p as *mut _)
} }
} }
@ -109,7 +110,8 @@ where
/// Returns the DSA sub-prime parameter of `self`. /// Returns the DSA sub-prime parameter of `self`.
pub fn q(&self) -> &BigNumRef { pub fn q(&self) -> &BigNumRef {
unsafe { unsafe {
let q = compat::pqg(self.as_ptr())[1]; let mut q = ptr::null();
DSA_get0_pqg(self.as_ptr(), ptr::null_mut(), &mut q, ptr::null_mut());
BigNumRef::from_ptr(q as *mut _) BigNumRef::from_ptr(q as *mut _)
} }
} }
@ -117,7 +119,8 @@ where
/// Returns the DSA base parameter of `self`. /// Returns the DSA base parameter of `self`.
pub fn g(&self) -> &BigNumRef { pub fn g(&self) -> &BigNumRef {
unsafe { unsafe {
let g = compat::pqg(self.as_ptr())[2]; let mut g = ptr::null();
DSA_get0_pqg(self.as_ptr(), ptr::null_mut(), ptr::null_mut(), &mut g);
BigNumRef::from_ptr(g as *mut _) BigNumRef::from_ptr(g as *mut _)
} }
} }
@ -184,24 +187,27 @@ impl<T> fmt::Debug for Dsa<T> {
} }
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
use std::ptr; use ffi::DSA_get0_pqg;
use ffi::{self, BIGNUM, DSA}; } else {
#[allow(bad_style)]
pub unsafe fn pqg(d: *const DSA) -> [*const BIGNUM; 3] { unsafe fn DSA_get0_pqg(
let (mut p, mut q, mut g) = (ptr::null(), ptr::null(), ptr::null()); d: *mut ffi::DSA,
ffi::DSA_get0_pqg(d, &mut p, &mut q, &mut g); p: *mut *const ffi::BIGNUM,
[p, q, g] q: *mut *const ffi::BIGNUM,
g: *mut *const ffi::BIGNUM)
{
if !p.is_null() {
*p = (*d).p;
}
if !q.is_null() {
*q = (*d).q;
}
if !g.is_null() {
*g = (*d).g;
} }
} }
#[cfg(ossl10x)]
mod compat {
use ffi::{BIGNUM, DSA};
pub unsafe fn pqg(d: *const DSA) -> [*const BIGNUM; 3] {
[(*d).p, (*d).q, (*d).g]
} }
} }

72
openssl/src/ecdsa.rs
View File

@ -3,12 +3,13 @@ use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int; use libc::c_int;
use std::mem; use std::mem;
use std::ptr;
use bn::{BigNum, BigNumRef}; use bn::{BigNum, BigNumRef};
use {cvt, cvt_n, cvt_p};
use ec::EcKeyRef; use ec::EcKeyRef;
use error::ErrorStack; use error::ErrorStack;
use pkey::{Private, Public}; use pkey::{Private, Public};
use {cvt_n, cvt_p};
foreign_type_and_impl_send_sync! { foreign_type_and_impl_send_sync! {
type CType = ffi::ECDSA_SIG; type CType = ffi::ECDSA_SIG;
@ -53,7 +54,7 @@ impl EcdsaSig {
pub fn from_private_components(r: BigNum, s: BigNum) -> Result<EcdsaSig, ErrorStack> { pub fn from_private_components(r: BigNum, s: BigNum) -> Result<EcdsaSig, ErrorStack> {
unsafe { unsafe {
let sig = cvt_p(ffi::ECDSA_SIG_new())?; let sig = cvt_p(ffi::ECDSA_SIG_new())?;
cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?; ECDSA_SIG_set0(sig, r.as_ptr(), s.as_ptr());
mem::forget((r, s)); mem::forget((r, s));
Ok(EcdsaSig::from_ptr(sig as *mut _)) Ok(EcdsaSig::from_ptr(sig as *mut _))
} }
@ -83,8 +84,9 @@ impl EcdsaSig {
/// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
pub fn r(&self) -> &BigNumRef { pub fn r(&self) -> &BigNumRef {
unsafe { unsafe {
let xs = compat::get_numbers(self.as_ptr()); let mut r = ptr::null();
BigNumRef::from_ptr(xs[0] as *mut _) ECDSA_SIG_get0(self.as_ptr(), &mut r, ptr::null_mut());
BigNumRef::from_ptr(r as *mut _)
} }
} }
@ -95,53 +97,50 @@ impl EcdsaSig {
/// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
pub fn s(&self) -> &BigNumRef { pub fn s(&self) -> &BigNumRef {
unsafe { unsafe {
let xs = compat::get_numbers(self.as_ptr()); let mut s = ptr::null();
BigNumRef::from_ptr(xs[1] as *mut _) ECDSA_SIG_get0(self.as_ptr(), ptr::null_mut(), &mut s);
BigNumRef::from_ptr(s as *mut _)
} }
} }
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
use std::ptr; use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0};
} else {
use libc::c_int; #[allow(bad_style)]
use ffi::{self, BIGNUM, ECDSA_SIG}; unsafe fn ECDSA_SIG_set0(
sig: *mut ffi::ECDSA_SIG,
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int { r: *mut ffi::BIGNUM,
ffi::ECDSA_SIG_set0(sig, r, s) s: *mut ffi::BIGNUM,
} ) -> c_int {
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
let (mut r, mut s) = (ptr::null(), ptr::null());
ffi::ECDSA_SIG_get0(sig, &mut r, &mut s);
[r, s]
}
}
#[cfg(ossl10x)]
mod compat {
use libc::c_int;
use ffi::{BIGNUM, ECDSA_SIG};
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
(*sig).r = r; (*sig).r = r;
(*sig).s = s; (*sig).s = s;
1 1
} }
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] { #[allow(bad_style)]
[(*sig).r, (*sig).s] unsafe fn ECDSA_SIG_get0(
sig: *const ffi::ECDSA_SIG,
pr: *mut *const ffi::BIGNUM,
ps: *mut *const ffi::BIGNUM)
{
if !pr.is_null() {
(*pr) = (*sig).r;
}
if !ps.is_null() {
(*ps) = (*sig).s;
}
}
} }
} }
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use nid::Nid; use super::*;
use ec::EcGroup; use ec::EcGroup;
use ec::EcKey; use ec::EcKey;
use super::*; use nid::Nid;
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1; static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1;
@ -171,7 +170,8 @@ mod test {
assert!(verification); assert!(verification);
// Signature will not be verified using the incorrect data but the correct public key // Signature will not be verified using the incorrect data but the correct public key
let verification2 = res.verify(String::from("hello2").as_bytes(), &public_key) let verification2 = res
.verify(String::from("hello2").as_bytes(), &public_key)
.unwrap(); .unwrap();
assert!(verification2 == false); assert!(verification2 == false);

27
openssl/src/hash.rs
View File

@ -1,22 +1,27 @@
use std::io::prelude::*;
use std::io;
use std::ops::{Deref, DerefMut};
use std::fmt;
use ffi; use ffi;
use std::fmt;
use std::io;
use std::io::prelude::*;
use std::ops::{Deref, DerefMut};
#[cfg(ossl110)] cfg_if! {
if #[cfg(ossl110)] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new}; use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
#[cfg(any(ossl101, ossl102))] } else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
}
}
use {cvt, cvt_p};
use error::ErrorStack; use error::ErrorStack;
use {cvt, cvt_p};
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
pub struct MessageDigest(*const ffi::EVP_MD); pub struct MessageDigest(*const ffi::EVP_MD);
impl MessageDigest { impl MessageDigest {
pub unsafe fn from_ptr(x: *const ffi::EVP_MD) -> Self { MessageDigest(x) } pub unsafe fn from_ptr(x: *const ffi::EVP_MD) -> Self {
MessageDigest(x)
}
pub fn md5() -> MessageDigest { pub fn md5() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_md5()) } unsafe { MessageDigest(ffi::EVP_md5()) }
@ -382,12 +387,10 @@ mod tests {
#[test] #[test]
fn test_sha256() { fn test_sha256() {
let tests = [ let tests = [(
(
"616263", "616263",
"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
), )];
];
for test in tests.iter() { for test in tests.iter() {
hash_test(MessageDigest::sha256(), test); hash_test(MessageDigest::sha256(), test);

4
openssl/src/lib.rs
View File

@ -3,6 +3,8 @@
#[macro_use] #[macro_use]
extern crate bitflags; extern crate bitflags;
#[macro_use] #[macro_use]
extern crate cfg_if;
#[macro_use]
extern crate foreign_types; extern crate foreign_types;
#[macro_use] #[macro_use]
extern crate lazy_static; extern crate lazy_static;
@ -53,8 +55,8 @@ pub mod pkcs5;
pub mod pkey; pub mod pkey;
pub mod rand; pub mod rand;
pub mod rsa; pub mod rsa;
pub mod sign;
pub mod sha; pub mod sha;
pub mod sign;
pub mod ssl; pub mod ssl;
pub mod stack; pub mod stack;
pub mod string; pub mod string;

189
openssl/src/rsa.rs
View File

@ -189,7 +189,8 @@ where
/// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn d(&self) -> &BigNumRef { pub fn d(&self) -> &BigNumRef {
unsafe { unsafe {
let d = compat::key(self.as_ptr())[2]; let mut d = ptr::null();
RSA_get0_key(self.as_ptr(), ptr::null_mut(), ptr::null_mut(), &mut d);
BigNumRef::from_ptr(d as *mut _) BigNumRef::from_ptr(d as *mut _)
} }
} }
@ -201,7 +202,8 @@ where
/// [`RSA_get0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn p(&self) -> Option<&BigNumRef> { pub fn p(&self) -> Option<&BigNumRef> {
unsafe { unsafe {
let p = compat::factors(self.as_ptr())[0]; let mut p = ptr::null();
RSA_get0_factors(self.as_ptr(), &mut p, ptr::null_mut());
if p.is_null() { if p.is_null() {
None None
} else { } else {
@ -217,7 +219,8 @@ where
/// [`RSA_get0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn q(&self) -> Option<&BigNumRef> { pub fn q(&self) -> Option<&BigNumRef> {
unsafe { unsafe {
let q = compat::factors(self.as_ptr())[1]; let mut q = ptr::null();
RSA_get0_factors(self.as_ptr(), ptr::null_mut(), &mut q);
if q.is_null() { if q.is_null() {
None None
} else { } else {
@ -233,7 +236,8 @@ where
/// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn dmp1(&self) -> Option<&BigNumRef> { pub fn dmp1(&self) -> Option<&BigNumRef> {
unsafe { unsafe {
let dp = compat::crt_params(self.as_ptr())[0]; let mut dp = ptr::null();
RSA_get0_crt_params(self.as_ptr(), &mut dp, ptr::null_mut(), ptr::null_mut());
if dp.is_null() { if dp.is_null() {
None None
} else { } else {
@ -249,7 +253,8 @@ where
/// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn dmq1(&self) -> Option<&BigNumRef> { pub fn dmq1(&self) -> Option<&BigNumRef> {
unsafe { unsafe {
let dq = compat::crt_params(self.as_ptr())[1]; let mut dq = ptr::null();
RSA_get0_crt_params(self.as_ptr(), ptr::null_mut(), &mut dq, ptr::null_mut());
if dq.is_null() { if dq.is_null() {
None None
} else { } else {
@ -265,7 +270,8 @@ where
/// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn iqmp(&self) -> Option<&BigNumRef> { pub fn iqmp(&self) -> Option<&BigNumRef> {
unsafe { unsafe {
let qi = compat::crt_params(self.as_ptr())[2]; let mut qi = ptr::null();
RSA_get0_crt_params(self.as_ptr(), ptr::null_mut(), ptr::null_mut(), &mut qi);
if qi.is_null() { if qi.is_null() {
None None
} else { } else {
@ -391,7 +397,8 @@ where
/// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn n(&self) -> &BigNumRef { pub fn n(&self) -> &BigNumRef {
unsafe { unsafe {
let n = compat::key(self.as_ptr())[0]; let mut n = ptr::null();
RSA_get0_key(self.as_ptr(), &mut n, ptr::null_mut(), ptr::null_mut());
BigNumRef::from_ptr(n as *mut _) BigNumRef::from_ptr(n as *mut _)
} }
} }
@ -403,7 +410,8 @@ where
/// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html /// [`RSA_get0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
pub fn e(&self) -> &BigNumRef { pub fn e(&self) -> &BigNumRef {
unsafe { unsafe {
let e = compat::key(self.as_ptr())[1]; let mut e = ptr::null();
RSA_get0_key(self.as_ptr(), ptr::null_mut(), &mut e, ptr::null_mut());
BigNumRef::from_ptr(e as *mut _) BigNumRef::from_ptr(e as *mut _)
} }
} }
@ -421,15 +429,10 @@ impl Rsa<Public> {
/// [`RSA_set0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_key.html /// [`RSA_set0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_key.html
pub fn from_public_components(n: BigNum, e: BigNum) -> Result<Rsa<Public>, ErrorStack> { pub fn from_public_components(n: BigNum, e: BigNum) -> Result<Rsa<Public>, ErrorStack> {
unsafe { unsafe {
let rsa = Rsa::from_ptr(cvt_p(ffi::RSA_new())?); let rsa = cvt_p(ffi::RSA_new())?;
cvt(compat::set_key( RSA_set0_key(rsa, n.as_ptr(), e.as_ptr(), ptr::null_mut());
rsa.0,
n.as_ptr(),
e.as_ptr(),
ptr::null_mut(),
))?;
mem::forget((n, e)); mem::forget((n, e));
Ok(rsa) Ok(Rsa::from_ptr(rsa))
} }
} }
@ -498,10 +501,12 @@ impl RsaPrivateKeyBuilder {
/// [`RSA_set0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_key.html /// [`RSA_set0_key`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_key.html
pub fn new(n: BigNum, e: BigNum, d: BigNum) -> Result<RsaPrivateKeyBuilder, ErrorStack> { pub fn new(n: BigNum, e: BigNum, d: BigNum) -> Result<RsaPrivateKeyBuilder, ErrorStack> {
unsafe { unsafe {
let rsa = Rsa::from_ptr(cvt_p(ffi::RSA_new())?); let rsa = cvt_p(ffi::RSA_new())?;
cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))?; RSA_set0_key(rsa, n.as_ptr(), e.as_ptr(), d.as_ptr());
mem::forget((n, e, d)); mem::forget((n, e, d));
Ok(RsaPrivateKeyBuilder { rsa }) Ok(RsaPrivateKeyBuilder {
rsa: Rsa::from_ptr(rsa),
})
} }
} }
@ -512,9 +517,10 @@ impl RsaPrivateKeyBuilder {
/// This correspond to [`RSA_set0_factors`]. /// This correspond to [`RSA_set0_factors`].
/// ///
/// [`RSA_set0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_factors.html /// [`RSA_set0_factors`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_factors.html
// FIXME should be infallible
pub fn set_factors(self, p: BigNum, q: BigNum) -> Result<RsaPrivateKeyBuilder, ErrorStack> { pub fn set_factors(self, p: BigNum, q: BigNum) -> Result<RsaPrivateKeyBuilder, ErrorStack> {
unsafe { unsafe {
cvt(compat::set_factors(self.rsa.0, p.as_ptr(), q.as_ptr()))?; RSA_set0_factors(self.rsa.as_ptr(), p.as_ptr(), q.as_ptr());
mem::forget((p, q)); mem::forget((p, q));
} }
Ok(self) Ok(self)
@ -528,6 +534,7 @@ impl RsaPrivateKeyBuilder {
/// This correspond to [`RSA_set0_crt_params`]. /// This correspond to [`RSA_set0_crt_params`].
/// ///
/// [`RSA_set0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_crt_params.html /// [`RSA_set0_crt_params`]: https://www.openssl.org/docs/man1.1.0/crypto/RSA_set0_crt_params.html
// FIXME should be infallible
pub fn set_crt_params( pub fn set_crt_params(
self, self,
dmp1: BigNum, dmp1: BigNum,
@ -535,12 +542,12 @@ impl RsaPrivateKeyBuilder {
iqmp: BigNum, iqmp: BigNum,
) -> Result<RsaPrivateKeyBuilder, ErrorStack> { ) -> Result<RsaPrivateKeyBuilder, ErrorStack> {
unsafe { unsafe {
cvt(compat::set_crt_params( RSA_set0_crt_params(
self.rsa.0, self.rsa.as_ptr(),
dmp1.as_ptr(), dmp1.as_ptr(),
dmq1.as_ptr(), dmq1.as_ptr(),
iqmp.as_ptr(), iqmp.as_ptr(),
))?; );
mem::forget((dmp1, dmq1, iqmp)); mem::forget((dmp1, dmq1, iqmp));
} }
Ok(self) Ok(self)
@ -637,89 +644,99 @@ impl<T> fmt::Debug for Rsa<T> {
} }
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
use std::ptr; use ffi::{
RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors,
use ffi::{self, BIGNUM, RSA}; RSA_set0_crt_params,
use libc::c_int; };
} else {
pub unsafe fn key(r: *const RSA) -> [*const BIGNUM; 3] { #[allow(bad_style)]
let (mut n, mut e, mut d) = (ptr::null(), ptr::null(), ptr::null()); unsafe fn RSA_get0_key(
ffi::RSA_get0_key(r, &mut n, &mut e, &mut d); r: *const ffi::RSA,
[n, e, d] n: *mut *const ffi::BIGNUM,
e: *mut *const ffi::BIGNUM,
d: *mut *const ffi::BIGNUM,
) {
if !n.is_null() {
*n = (*r).n;
}
if !e.is_null() {
*e = (*r).e;
}
if !d.is_null() {
*d = (*r).d;
}
} }
pub unsafe fn factors(r: *const RSA) -> [*const BIGNUM; 2] { #[allow(bad_style)]
let (mut p, mut q) = (ptr::null(), ptr::null()); unsafe fn RSA_get0_factors(
ffi::RSA_get0_factors(r, &mut p, &mut q); r: *const ffi::RSA,
[p, q] p: *mut *const ffi::BIGNUM,
q: *mut *const ffi::BIGNUM,
) {
if !p.is_null() {
*p = (*r).p;
}
if !q.is_null() {
*q = (*r).q;
}
} }
pub unsafe fn crt_params(r: *const RSA) -> [*const BIGNUM; 3] { #[allow(bad_style)]
let (mut dp, mut dq, mut qi) = (ptr::null(), ptr::null(), ptr::null()); unsafe fn RSA_get0_crt_params(
ffi::RSA_get0_crt_params(r, &mut dp, &mut dq, &mut qi); r: *const ffi::RSA,
[dp, dq, qi] dmp1: *mut *const ffi::BIGNUM,
dmq1: *mut *const ffi::BIGNUM,
iqmp: *mut *const ffi::BIGNUM,
) {
if !dmp1.is_null() {
*dmp1 = (*r).dmp1;
}
if !dmq1.is_null() {
*dmq1 = (*r).dmq1;
}
if !iqmp.is_null() {
*iqmp = (*r).iqmp;
}
} }
pub unsafe fn set_key(r: *mut RSA, n: *mut BIGNUM, e: *mut BIGNUM, d: *mut BIGNUM) -> c_int { #[allow(bad_style)]
ffi::RSA_set0_key(r, n, e, d) unsafe fn RSA_set0_key(
} r: *mut ffi::RSA,
n: *mut ffi::BIGNUM,
pub unsafe fn set_factors(r: *mut RSA, p: *mut BIGNUM, q: *mut BIGNUM) -> c_int { e: *mut ffi::BIGNUM,
ffi::RSA_set0_factors(r, p, q) d: *mut ffi::BIGNUM,
}
pub unsafe fn set_crt_params(
r: *mut RSA,
dmp1: *mut BIGNUM,
dmq1: *mut BIGNUM,
iqmp: *mut BIGNUM,
) -> c_int { ) -> c_int {
ffi::RSA_set0_crt_params(r, dmp1, dmq1, iqmp)
}
}
#[cfg(ossl10x)]
mod compat {
use ffi::{BIGNUM, RSA};
use libc::c_int;
pub unsafe fn key(r: *const RSA) -> [*const BIGNUM; 3] {
[(*r).n, (*r).e, (*r).d]
}
pub unsafe fn factors(r: *const RSA) -> [*const BIGNUM; 2] {
[(*r).p, (*r).q]
}
pub unsafe fn crt_params(r: *const RSA) -> [*const BIGNUM; 3] {
[(*r).dmp1, (*r).dmq1, (*r).iqmp]
}
pub unsafe fn set_key(r: *mut RSA, n: *mut BIGNUM, e: *mut BIGNUM, d: *mut BIGNUM) -> c_int {
(*r).n = n; (*r).n = n;
(*r).e = e; (*r).e = e;
(*r).d = d; (*r).d = d;
1 // TODO: is this right? should it be 0? what's success? 1
} }
pub unsafe fn set_factors(r: *mut RSA, p: *mut BIGNUM, q: *mut BIGNUM) -> c_int { #[allow(bad_style)]
unsafe fn RSA_set0_factors(
r: *mut ffi::RSA,
p: *mut ffi::BIGNUM,
q: *mut ffi::BIGNUM,
) -> c_int {
(*r).p = p; (*r).p = p;
(*r).q = q; (*r).q = q;
1 // TODO: is this right? should it be 0? what's success? 1
} }
pub unsafe fn set_crt_params( #[allow(bad_style)]
r: *mut RSA, unsafe fn RSA_set0_crt_params(
dmp1: *mut BIGNUM, r: *mut ffi::RSA,
dmq1: *mut BIGNUM, dmp1: *mut ffi::BIGNUM,
iqmp: *mut BIGNUM, dmq1: *mut ffi::BIGNUM,
iqmp: *mut ffi::BIGNUM,
) -> c_int { ) -> c_int {
(*r).dmp1 = dmp1; (*r).dmp1 = dmp1;
(*r).dmq1 = dmq1; (*r).dmq1 = dmq1;
(*r).iqmp = iqmp; (*r).iqmp = iqmp;
1 // TODO: is this right? should it be 0? what's success? 1
}
} }
} }

23
openssl/src/sign.rs
View File

@ -63,21 +63,24 @@
//! ``` //! ```
use ffi; use ffi;
use foreign_types::ForeignTypeRef; use foreign_types::ForeignTypeRef;
use libc::c_int;
use std::io::{self, Write}; use std::io::{self, Write};
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ptr; use std::ptr;
use libc::c_int;
use {cvt, cvt_p}; use error::ErrorStack;
use hash::MessageDigest; use hash::MessageDigest;
use pkey::{HasPrivate, HasPublic, PKeyRef}; use pkey::{HasPrivate, HasPublic, PKeyRef};
use error::ErrorStack;
use rsa::Padding; use rsa::Padding;
use {cvt, cvt_p};
#[cfg(ossl110)] cfg_if! {
if #[cfg(ossl110)] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new}; use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
#[cfg(any(ossl101, ossl102))] } else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
}
}
/// Salt lengths that must be used with `set_rsa_pss_saltlen`. /// Salt lengths that must be used with `set_rsa_pss_saltlen`.
pub struct RsaPssSaltlen(c_int); pub struct RsaPssSaltlen(c_int);
@ -459,7 +462,7 @@ impl<'a> Verifier<'a> {
pub fn verify(&self, signature: &[u8]) -> Result<bool, ErrorStack> { pub fn verify(&self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe { unsafe {
let r = let r =
EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len()); EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *mut _, signature.len());
match r { match r {
1 => Ok(true), 1 => Ok(true),
0 => { 0 => {
@ -501,12 +504,12 @@ mod test {
use hex::{self, FromHex}; use hex::{self, FromHex};
use std::iter; use std::iter;
use hash::MessageDigest;
use sign::{RsaPssSaltlen, Signer, Verifier};
use ec::{EcGroup, EcKey}; use ec::{EcGroup, EcKey};
use hash::MessageDigest;
use nid::Nid; use nid::Nid;
use rsa::{Padding, Rsa};
use pkey::PKey; use pkey::PKey;
use rsa::{Padding, Rsa};
use sign::{RsaPssSaltlen, Signer, Verifier};
const INPUT: &'static str = const INPUT: &'static str =
"65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\ "65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\
@ -673,7 +676,7 @@ mod test {
signer.update(data as &[u8]).unwrap(); signer.update(data as &[u8]).unwrap();
let expected = vec![ let expected = vec![
136, 101, 61, 167, 61, 30, 248, 234, 124, 166, 196, 157, 203, 52, 171, 19 136, 101, 61, 167, 61, 30, 248, 234, 124, 166, 196, 157, 203, 52, 171, 19,
]; ];
assert_eq!(signer.sign_to_vec().unwrap(), expected); assert_eq!(signer.sign_to_vec().unwrap(), expected);
} }

114
openssl/src/ssl/bio.rs
View File

@ -1,11 +1,13 @@
use ffi::{
self, BIO_clear_retry_flags, BIO_new, BIO_set_retry_read, BIO_set_retry_write, BIO,
BIO_CTRL_FLUSH,
};
use libc::{c_char, c_int, c_long, c_void, strlen}; use libc::{c_char, c_int, c_long, c_void, strlen};
use ffi::{BIO, BIO_CTRL_FLUSH, BIO_new, BIO_clear_retry_flags, BIO_set_retry_read,
BIO_set_retry_write};
use std::any::Any; use std::any::Any;
use std::io; use std::io;
use std::io::prelude::*; use std::io::prelude::*;
use std::mem; use std::mem;
use std::panic::{AssertUnwindSafe, catch_unwind}; use std::panic::{catch_unwind, AssertUnwindSafe};
use std::ptr; use std::ptr;
use std::slice; use std::slice;
@ -19,11 +21,11 @@ pub struct StreamState<S> {
} }
/// Safe wrapper for BIO_METHOD /// Safe wrapper for BIO_METHOD
pub struct BioMethod(compat::BIO_METHOD); pub struct BioMethod(BIO_METHOD);
impl BioMethod { impl BioMethod {
fn new<S: Read + Write>() -> BioMethod { fn new<S: Read + Write>() -> BioMethod {
BioMethod(compat::BIO_METHOD::new::<S>()) BioMethod(BIO_METHOD::new::<S>())
} }
} }
@ -41,8 +43,8 @@ pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, BioMethod), ErrorSta
unsafe { unsafe {
let bio = cvt_p(BIO_new(method.0.get()))?; let bio = cvt_p(BIO_new(method.0.get()))?;
compat::BIO_set_data(bio, Box::into_raw(state) as *mut _); BIO_set_data(bio, Box::into_raw(state) as *mut _);
compat::BIO_set_init(bio, 1); BIO_set_init(bio, 1);
return Ok((bio, method)); return Ok((bio, method));
} }
@ -59,7 +61,7 @@ pub unsafe fn take_panic<S>(bio: *mut BIO) -> Option<Box<Any + Send>> {
} }
pub unsafe fn get_ref<'a, S: 'a>(bio: *mut BIO) -> &'a S { pub unsafe fn get_ref<'a, S: 'a>(bio: *mut BIO) -> &'a S {
let state: &'a StreamState<S> = mem::transmute(compat::BIO_get_data(bio)); let state: &'a StreamState<S> = mem::transmute(BIO_get_data(bio));
&state.stream &state.stream
} }
@ -68,7 +70,7 @@ pub unsafe fn get_mut<'a, S: 'a>(bio: *mut BIO) -> &'a mut S {
} }
unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> { unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
&mut *(compat::BIO_get_data(bio) as *mut _) &mut *(BIO_get_data(bio) as *mut _)
} }
unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int { unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int {
@ -117,8 +119,7 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
fn retriable_error(err: &io::Error) -> bool { fn retriable_error(err: &io::Error) -> bool {
match err.kind() { match err.kind() {
io::ErrorKind::WouldBlock | io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true,
io::ErrorKind::NotConnected => true,
_ => false, _ => false,
} }
} }
@ -153,10 +154,10 @@ unsafe extern "C" fn ctrl<S: Write>(
} }
unsafe extern "C" fn create(bio: *mut BIO) -> c_int { unsafe extern "C" fn create(bio: *mut BIO) -> c_int {
compat::BIO_set_init(bio, 0); BIO_set_init(bio, 0);
compat::BIO_set_num(bio, 0); BIO_set_num(bio, 0);
compat::BIO_set_data(bio, ptr::null_mut()); BIO_set_data(bio, ptr::null_mut());
compat::BIO_set_flags(bio, 0); BIO_set_flags(bio, 0);
1 1
} }
@ -165,44 +166,41 @@ unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int {
return 0; return 0;
} }
let data = compat::BIO_get_data(bio); let data = BIO_get_data(bio);
assert!(!data.is_null()); assert!(!data.is_null());
Box::<StreamState<S>>::from_raw(data as *mut _); Box::<StreamState<S>>::from_raw(data as *mut _);
compat::BIO_set_data(bio, ptr::null_mut()); BIO_set_data(bio, ptr::null_mut());
compat::BIO_set_init(bio, 0); BIO_set_init(bio, 0);
1 1
} }
#[cfg(ossl110)] cfg_if! {
if #[cfg(ossl110)] {
use ffi::{BIO_get_data, BIO_set_data, BIO_set_flags, BIO_set_init};
#[allow(bad_style)] #[allow(bad_style)]
mod compat { unsafe fn BIO_set_num(_bio: *mut ffi::BIO, _num: c_int) {}
use std::io::{Read, Write};
use libc::c_int; #[allow(bad_style)]
use ffi; struct BIO_METHOD(*mut ffi::BIO_METHOD);
pub use ffi::{BIO_set_init, BIO_set_flags, BIO_set_data, BIO_get_data};
pub unsafe fn BIO_set_num(_bio: *mut ffi::BIO, _num: c_int) {}
pub struct BIO_METHOD(*mut ffi::BIO_METHOD);
impl BIO_METHOD { impl BIO_METHOD {
pub fn new<S: Read + Write>() -> BIO_METHOD { fn new<S: Read + Write>() -> BIO_METHOD {
unsafe { unsafe {
let ptr = ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr() as *const _); let ptr = ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr() as *const _);
assert!(!ptr.is_null()); assert!(!ptr.is_null());
let ret = BIO_METHOD(ptr); let ret = BIO_METHOD(ptr);
assert!(ffi::BIO_meth_set_write(ptr, super::bwrite::<S>) != 0); assert!(ffi::BIO_meth_set_write(ptr, bwrite::<S>) != 0);
assert!(ffi::BIO_meth_set_read(ptr, super::bread::<S>) != 0); assert!(ffi::BIO_meth_set_read(ptr, bread::<S>) != 0);
assert!(ffi::BIO_meth_set_puts(ptr, super::bputs::<S>) != 0); assert!(ffi::BIO_meth_set_puts(ptr, bputs::<S>) != 0);
assert!(ffi::BIO_meth_set_ctrl(ptr, super::ctrl::<S>) != 0); assert!(ffi::BIO_meth_set_ctrl(ptr, ctrl::<S>) != 0);
assert!(ffi::BIO_meth_set_create(ptr, super::create) != 0); assert!(ffi::BIO_meth_set_create(ptr, create) != 0);
assert!(ffi::BIO_meth_set_destroy(ptr, super::destroy::<S>) != 0); assert!(ffi::BIO_meth_set_destroy(ptr, destroy::<S>) != 0);
return ret; return ret;
} }
} }
pub fn get(&self) -> *mut ffi::BIO_METHOD { fn get(&self) -> *mut ffi::BIO_METHOD {
self.0 self.0
} }
} }
@ -214,37 +212,29 @@ mod compat {
} }
} }
} }
} } else {
#[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
mod compat { struct BIO_METHOD(*mut ffi::BIO_METHOD);
use std::io::{Read, Write};
use ffi;
use libc::{c_int, c_void};
pub struct BIO_METHOD(*mut ffi::BIO_METHOD);
impl BIO_METHOD { impl BIO_METHOD {
pub fn new<S: Read + Write>() -> BIO_METHOD { fn new<S: Read + Write>() -> BIO_METHOD {
let ptr = Box::new(ffi::BIO_METHOD { let ptr = Box::new(ffi::BIO_METHOD {
type_: ffi::BIO_TYPE_NONE, type_: ffi::BIO_TYPE_NONE,
name: b"rust\0".as_ptr() as *const _, name: b"rust\0".as_ptr() as *const _,
bwrite: Some(super::bwrite::<S>), bwrite: Some(bwrite::<S>),
bread: Some(super::bread::<S>), bread: Some(bread::<S>),
bputs: Some(super::bputs::<S>), bputs: Some(bputs::<S>),
bgets: None, bgets: None,
ctrl: Some(super::ctrl::<S>), ctrl: Some(ctrl::<S>),
create: Some(super::create), create: Some(create),
destroy: Some(super::destroy::<S>), destroy: Some(destroy::<S>),
callback_ctrl: None, callback_ctrl: None,
}); });
BIO_METHOD(Box::into_raw(ptr)) BIO_METHOD(Box::into_raw(ptr))
} }
pub fn get(&self) -> *mut ffi::BIO_METHOD { fn get(&self) -> *mut ffi::BIO_METHOD {
self.0 self.0
} }
} }
@ -257,23 +247,29 @@ mod compat {
} }
} }
pub unsafe fn BIO_set_init(bio: *mut ffi::BIO, init: c_int) { #[allow(bad_style)]
unsafe fn BIO_set_init(bio: *mut ffi::BIO, init: c_int) {
(*bio).init = init; (*bio).init = init;
} }
pub unsafe fn BIO_set_flags(bio: *mut ffi::BIO, flags: c_int) { #[allow(bad_style)]
unsafe fn BIO_set_flags(bio: *mut ffi::BIO, flags: c_int) {
(*bio).flags = flags; (*bio).flags = flags;
} }
pub unsafe fn BIO_get_data(bio: *mut ffi::BIO) -> *mut c_void { #[allow(bad_style)]
unsafe fn BIO_get_data(bio: *mut ffi::BIO) -> *mut c_void {
(*bio).ptr (*bio).ptr
} }
pub unsafe fn BIO_set_data(bio: *mut ffi::BIO, data: *mut c_void) { #[allow(bad_style)]
unsafe fn BIO_set_data(bio: *mut ffi::BIO, data: *mut c_void) {
(*bio).ptr = data; (*bio).ptr = data;
} }
pub unsafe fn BIO_set_num(bio: *mut ffi::BIO, num: c_int) { #[allow(bad_style)]
unsafe fn BIO_set_num(bio: *mut ffi::BIO, num: c_int) {
(*bio).num = num; (*bio).num = num;
} }
} }
}

68
openssl/src/ssl/callbacks.rs
View File

@ -13,11 +13,11 @@ use std::str;
use std::sync::Arc; use std::sync::Arc;
use dh::Dh; use dh::Dh;
#[cfg(any(ossl101, ossl102))] #[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey; use ec::EcKey;
use error::ErrorStack; use error::ErrorStack;
use pkey::Params; use pkey::Params;
#[cfg(any(ossl102, ossl110))] #[cfg(ossl102)]
use ssl::AlpnError; use ssl::AlpnError;
#[cfg(ossl111)] #[cfg(ossl111)]
use ssl::ExtensionContext; use ssl::ExtensionContext;
@ -37,7 +37,8 @@ where
// raw pointer shenanigans to break the borrow of ctx // raw pointer shenanigans to break the borrow of ctx
// the callback can't mess with its own ex_data slot so this is safe // the callback can't mess with its own ex_data slot so this is safe
let verify = ctx.ex_data(ssl_idx) let verify = ctx
.ex_data(ssl_idx)
.expect("BUG: store context missing ssl") .expect("BUG: store context missing ssl")
.ssl_context() .ssl_context()
.ex_data(verify_idx) .ex_data(verify_idx)
@ -66,7 +67,8 @@ where
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback_idx = SslContext::cached_ex_index::<F>(); let callback_idx = SslContext::cached_ex_index::<F>();
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(callback_idx) .ex_data(callback_idx)
.expect("BUG: psk callback missing") as *const F; .expect("BUG: psk callback missing") as *const F;
let hint = if hint != ptr::null() { let hint = if hint != ptr::null() {
@ -96,7 +98,8 @@ where
let ssl_idx = X509StoreContext::ssl_idx().expect("BUG: store context ssl index missing"); let ssl_idx = X509StoreContext::ssl_idx().expect("BUG: store context ssl index missing");
let callback_idx = Ssl::cached_ex_index::<Arc<F>>(); let callback_idx = Ssl::cached_ex_index::<Arc<F>>();
let callback = ctx.ex_data(ssl_idx) let callback = ctx
.ex_data(ssl_idx)
.expect("BUG: store context missing ssl") .expect("BUG: store context missing ssl")
.ex_data(callback_idx) .ex_data(callback_idx)
.expect("BUG: ssl verify callback missing") .expect("BUG: ssl verify callback missing")
@ -112,7 +115,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: sni callback missing") as *const F; .expect("BUG: sni callback missing") as *const F;
let mut alert = SslAlert(*al); let mut alert = SslAlert(*al);
@ -140,7 +144,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: alpn callback missing") as *const F; .expect("BUG: alpn callback missing") as *const F;
let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize); let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize);
@ -165,7 +170,8 @@ where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: tmp dh callback missing") as *const F; .expect("BUG: tmp dh callback missing") as *const F;
@ -182,7 +188,7 @@ where
} }
} }
#[cfg(any(ossl101, ossl102))] #[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh<F>( pub unsafe extern "C" fn raw_tmp_ecdh<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
is_export: c_int, is_export: c_int,
@ -192,7 +198,8 @@ where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: tmp ecdh callback missing") as *const F; .expect("BUG: tmp ecdh callback missing") as *const F;
@ -218,7 +225,8 @@ where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ex_data(Ssl::cached_ex_index::<Arc<F>>()) let callback = ssl
.ex_data(Ssl::cached_ex_index::<Arc<F>>())
.expect("BUG: ssl tmp dh callback missing") .expect("BUG: ssl tmp dh callback missing")
.clone(); .clone();
@ -235,7 +243,7 @@ where
} }
} }
#[cfg(any(ossl101, ossl102))] #[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>( pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
is_export: c_int, is_export: c_int,
@ -245,7 +253,8 @@ where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ex_data(Ssl::cached_ex_index::<Arc<F>>()) let callback = ssl
.ex_data(Ssl::cached_ex_index::<Arc<F>>())
.expect("BUG: ssl tmp ecdh callback missing") .expect("BUG: ssl tmp ecdh callback missing")
.clone(); .clone();
@ -267,7 +276,8 @@ where
F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: ocsp callback missing") as *const F; .expect("BUG: ocsp callback missing") as *const F;
let ret = (*callback)(ssl); let ret = (*callback)(ssl);
@ -301,7 +311,8 @@ where
F: Fn(&mut SslRef, SslSession) + 'static + Sync + Send, F: Fn(&mut SslRef, SslSession) + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: new session callback missing") as *const F; .expect("BUG: new session callback missing") as *const F;
let session = SslSession::from_ptr(session); let session = SslSession::from_ptr(session);
@ -319,7 +330,8 @@ pub unsafe extern "C" fn raw_remove_session<F>(
F: Fn(&SslContextRef, &SslSessionRef) + 'static + Sync + Send, F: Fn(&SslContextRef, &SslSessionRef) + 'static + Sync + Send,
{ {
let ctx = SslContextRef::from_ptr(ctx); let ctx = SslContextRef::from_ptr(ctx);
let callback = ctx.ex_data(SslContext::cached_ex_index::<F>()) let callback = ctx
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: remove session callback missing"); .expect("BUG: remove session callback missing");
let session = SslSessionRef::from_ptr(session); let session = SslSessionRef::from_ptr(session);
@ -341,7 +353,8 @@ where
F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send, F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: get session callback missing") as *const F; .expect("BUG: get session callback missing") as *const F;
let data = slice::from_raw_parts(data as *const u8, len as usize); let data = slice::from_raw_parts(data as *const u8, len as usize);
@ -363,7 +376,8 @@ where
F: Fn(&SslRef, &str) + 'static + Sync + Send, F: Fn(&SslRef, &str) + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr(ssl as *mut _); let ssl = SslRef::from_ptr(ssl as *mut _);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: get session callback missing"); .expect("BUG: get session callback missing");
let line = CStr::from_ptr(line).to_bytes(); let line = CStr::from_ptr(line).to_bytes();
@ -382,7 +396,8 @@ where
F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: stateless cookie generate callback missing") as *const F; .expect("BUG: stateless cookie generate callback missing") as *const F;
let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize); let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize);
@ -408,7 +423,8 @@ where
F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send,
{ {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: stateless cookie verify callback missing") as *const F; .expect("BUG: stateless cookie verify callback missing") as *const F;
let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize); let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize);
@ -425,7 +441,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: cookie generate callback missing") as *const F; .expect("BUG: cookie generate callback missing") as *const F;
// We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for
@ -461,7 +478,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: cookie verify callback missing") as *const F; .expect("BUG: cookie verify callback missing") as *const F;
let slice = let slice =
@ -494,7 +512,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: custom ext add callback missing") as *const F; .expect("BUG: custom ext add callback missing") as *const F;
let ectx = ExtensionContext::from_bits_truncate(context); let ectx = ExtensionContext::from_bits_truncate(context);
@ -570,7 +589,8 @@ where
{ {
unsafe { unsafe {
let ssl = SslRef::from_ptr_mut(ssl); let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl.ssl_context() let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>()) .ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: custom ext parse callback missing") as *const F; .expect("BUG: custom ext parse callback missing") as *const F;
let ectx = ExtensionContext::from_bits_truncate(context); let ectx = ExtensionContext::from_bits_truncate(context);

66
openssl/src/ssl/connector.rs
View File

@ -3,16 +3,22 @@ use std::ops::{Deref, DerefMut};
use dh::Dh; use dh::Dh;
use error::ErrorStack; use error::ErrorStack;
use ssl::{HandshakeError, Ssl, SslContext, SslContextBuilder, SslMethod, SslMode, SslOptions, use ssl::{
SslRef, SslStream, SslVerifyMode}; HandshakeError, Ssl, SslContext, SslContextBuilder, SslMethod, SslMode, SslOptions, SslRef,
SslStream, SslVerifyMode,
};
use version; use version;
fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
let mut ctx = SslContextBuilder::new(method)?; let mut ctx = SslContextBuilder::new(method)?;
let mut opts = SslOptions::ALL | SslOptions::NO_COMPRESSION | SslOptions::NO_SSLV2 let mut opts = SslOptions::ALL
| SslOptions::NO_SSLV3 | SslOptions::SINGLE_DH_USE | SslOptions::NO_COMPRESSION
| SslOptions::SINGLE_ECDH_USE | SslOptions::CIPHER_SERVER_PREFERENCE; | SslOptions::NO_SSLV2
| SslOptions::NO_SSLV3
| SslOptions::SINGLE_DH_USE
| SslOptions::SINGLE_ECDH_USE
| SslOptions::CIPHER_SERVER_PREFERENCE;
opts &= !SslOptions::DONT_INSERT_EMPTY_FRAGMENTS; opts &= !SslOptions::DONT_INSERT_EMPTY_FRAGMENTS;
ctx.set_options(opts); ctx.set_options(opts);
@ -23,7 +29,7 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
// This is quite a useful optimization for saving memory, but historically // This is quite a useful optimization for saving memory, but historically
// caused CVEs in OpenSSL pre-1.0.1h, according to // caused CVEs in OpenSSL pre-1.0.1h, according to
// https://bugs.python.org/issue25672 // https://bugs.python.org/issue25672
if version::number() >= 0x1000108f { if version::number() >= 0x1_00_01_08_0 {
mode |= SslMode::RELEASE_BUFFERS; mode |= SslMode::RELEASE_BUFFERS;
} }
@ -277,7 +283,16 @@ impl DerefMut for SslAcceptorBuilder {
} }
} }
#[cfg(ossl101)] cfg_if! {
if #[cfg(ossl110)] {
fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
Ok(())
}
} else if #[cfg(any(ossl102, libressl))] {
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
ctx.set_ecdh_auto(true)
}
} else {
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
use ec::EcKey; use ec::EcKey;
use nid::Nid; use nid::Nid;
@ -285,29 +300,16 @@ fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
let curve = EcKey::from_curve_name(Nid::X9_62_PRIME256V1)?; let curve = EcKey::from_curve_name(Nid::X9_62_PRIME256V1)?;
ctx.set_tmp_ecdh(&curve) ctx.set_tmp_ecdh(&curve)
} }
}
#[cfg(ossl102)]
fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> {
ctx.set_ecdh_auto(true)
} }
#[cfg(ossl110)] cfg_if! {
fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> { if #[cfg(any(ossl102, libressl261))] {
Ok(())
}
#[cfg(any(ossl102, ossl110))]
fn setup_verify(ctx: &mut SslContextBuilder) { fn setup_verify(ctx: &mut SslContextBuilder) {
ctx.set_verify(SslVerifyMode::PEER); ctx.set_verify(SslVerifyMode::PEER);
} }
#[cfg(ossl101)] fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> {
fn setup_verify(ctx: &mut SslContextBuilder) {
ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback);
}
#[cfg(any(ossl102, ossl110))]
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
use x509::verify::X509CheckFlags; use x509::verify::X509CheckFlags;
let param = ssl.param_mut(); let param = ssl.param_mut();
@ -317,25 +319,29 @@ fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack>
Err(_) => param.set_host(domain), Err(_) => param.set_host(domain),
} }
} }
} else {
fn setup_verify(ctx: &mut SslContextBuilder) {
ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback);
}
#[cfg(ossl101)]
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
let domain = domain.to_string(); let domain = domain.to_string();
ssl.set_ex_data(*verify::HOSTNAME_IDX, domain); ssl.set_ex_data(*verify::HOSTNAME_IDX, domain);
Ok(()) Ok(())
} }
#[cfg(ossl101)]
mod verify { mod verify {
use std::net::IpAddr; use std::net::IpAddr;
use std::str; use std::str;
use ex_data::Index; use ex_data::Index;
use nid::Nid; use nid::Nid;
use x509::{GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef,
X509VerifyResult};
use stack::Stack;
use ssl::Ssl; use ssl::Ssl;
use stack::Stack;
use x509::{
GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef,
X509VerifyResult,
};
lazy_static! { lazy_static! {
pub static ref HOSTNAME_IDX: Index<Ssl, String> = Ssl::new_ex_index().unwrap(); pub static ref HOSTNAME_IDX: Index<Ssl, String> = Ssl::new_ex_index().unwrap();
@ -500,3 +506,5 @@ mod verify {
} }
} }
} }
}
}

125
openssl/src/ssl/mod.rs
View File

@ -78,7 +78,7 @@ use std::str;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use dh::{Dh, DhRef}; use dh::{Dh, DhRef};
#[cfg(any(ossl101, ossl102))] #[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey; use ec::EcKey;
use ec::EcKeyRef; use ec::EcKeyRef;
use error::ErrorStack; use error::ErrorStack;
@ -91,10 +91,10 @@ use ssl::bio::BioMethod;
use ssl::callbacks::*; use ssl::callbacks::*;
use ssl::error::InnerError; use ssl::error::InnerError;
use stack::{Stack, StackRef}; use stack::{Stack, StackRef};
#[cfg(any(ossl102, ossl110))] #[cfg(ossl102)]
use x509::store::X509Store; use x509::store::X509Store;
use x509::store::{X509StoreBuilderRef, X509StoreRef}; use x509::store::{X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
use x509::verify::X509VerifyParamRef; use x509::verify::X509VerifyParamRef;
use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult}; use x509::{X509, X509Name, X509Ref, X509StoreContextRef, X509VerifyResult};
use {cvt, cvt_n, cvt_p, init}; use {cvt, cvt_n, cvt_p, init};
@ -284,7 +284,7 @@ impl SslMethod {
/// This corresponds to `TLS_method` on OpenSSL 1.1.0 and `SSLv23_method` /// This corresponds to `TLS_method` on OpenSSL 1.1.0 and `SSLv23_method`
/// on OpenSSL 1.0.x. /// on OpenSSL 1.0.x.
pub fn tls() -> SslMethod { pub fn tls() -> SslMethod {
SslMethod(compat::tls_method()) unsafe { SslMethod(TLS_method()) }
} }
/// Support all versions of the DTLS protocol. /// Support all versions of the DTLS protocol.
@ -292,7 +292,7 @@ impl SslMethod {
/// This corresponds to `DTLS_method` on OpenSSL 1.1.0 and `DTLSv1_method` /// This corresponds to `DTLS_method` on OpenSSL 1.1.0 and `DTLSv1_method`
/// on OpenSSL 1.0.x. /// on OpenSSL 1.0.x.
pub fn dtls() -> SslMethod { pub fn dtls() -> SslMethod {
SslMethod(compat::dtls_method()) unsafe { SslMethod(DTLS_method()) }
} }
/// Constructs an `SslMethod` from a pointer to the underlying OpenSSL value. /// Constructs an `SslMethod` from a pointer to the underlying OpenSSL value.
@ -767,7 +767,7 @@ impl SslContextBuilder {
/// Requires OpenSSL 1.0.1 or 1.0.2. /// Requires OpenSSL 1.0.1 or 1.0.2.
/// ///
/// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`. /// This corresponds to `SSL_CTX_set_tmp_ecdh_callback`.
#[cfg(any(ossl101, ossl102))] #[cfg(all(ossl101, not(ossl110)))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F) pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@ -976,7 +976,7 @@ impl SslContextBuilder {
/// This corresponds to [`SSL_CTX_set_ecdh_auto`]. /// This corresponds to [`SSL_CTX_set_ecdh_auto`].
/// ///
/// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html /// [`SSL_CTX_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_ecdh_auto.html
#[cfg(any(ossl102, libressl))] #[cfg(any(libressl, all(ossl102, not(ossl110))))]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } unsafe { cvt(ffi::SSL_CTX_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
} }
@ -992,7 +992,7 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_set_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn set_options(&mut self, option: SslOptions) -> SslOptions { pub fn set_options(&mut self, option: SslOptions) -> SslOptions {
let bits = unsafe { compat::SSL_CTX_set_options(self.as_ptr(), option.bits()) }; let bits = unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) };
SslOptions { bits } SslOptions { bits }
} }
@ -1002,7 +1002,7 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_get_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn options(&self) -> SslOptions { pub fn options(&self) -> SslOptions {
let bits = unsafe { compat::SSL_CTX_get_options(self.as_ptr()) }; let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) };
SslOptions { bits } SslOptions { bits }
} }
@ -1012,7 +1012,7 @@ impl SslContextBuilder {
/// ///
/// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html /// [`SSL_CTX_clear_options`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { pub fn clear_options(&mut self, option: SslOptions) -> SslOptions {
let bits = unsafe { compat::SSL_CTX_clear_options(self.as_ptr(), option.bits()) }; let bits = unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) };
SslOptions { bits } SslOptions { bits }
} }
@ -1514,7 +1514,7 @@ foreign_type_and_impl_send_sync! {
impl Clone for SslContext { impl Clone for SslContext {
fn clone(&self) -> Self { fn clone(&self) -> Self {
unsafe { unsafe {
compat::SSL_CTX_up_ref(self.as_ptr()); SSL_CTX_up_ref(self.as_ptr());
SslContext::from_ptr(self.as_ptr()) SslContext::from_ptr(self.as_ptr())
} }
} }
@ -1547,7 +1547,7 @@ impl SslContext {
{ {
unsafe { unsafe {
ffi::init(); ffi::init();
let idx = cvt_n(compat::get_new_idx(free_data_box::<T>))?; let idx = cvt_n(get_new_idx(free_data_box::<T>))?;
Ok(Index::from_raw(idx)) Ok(Index::from_raw(idx))
} }
} }
@ -1833,7 +1833,7 @@ impl ToOwned for SslSessionRef {
fn to_owned(&self) -> SslSession { fn to_owned(&self) -> SslSession {
unsafe { unsafe {
compat::SSL_SESSION_up_ref(self.as_ptr()); SSL_SESSION_up_ref(self.as_ptr());
SslSession(self.as_ptr()) SslSession(self.as_ptr())
} }
} }
@ -1859,7 +1859,7 @@ impl SslSessionRef {
/// ///
/// [`SSL_SESSION_get_master_key`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_SESSION_get_master_key.html /// [`SSL_SESSION_get_master_key`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_SESSION_get_master_key.html
pub fn master_key_len(&self) -> usize { pub fn master_key_len(&self) -> usize {
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) } unsafe { SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
} }
/// Copies the master key into the provided buffer. /// Copies the master key into the provided buffer.
@ -1870,7 +1870,7 @@ impl SslSessionRef {
/// ///
/// [`SSL_SESSION_get_master_key`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_SESSION_get_master_key.html /// [`SSL_SESSION_get_master_key`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_SESSION_get_master_key.html
pub fn master_key(&self, buf: &mut [u8]) -> usize { pub fn master_key(&self, buf: &mut [u8]) -> usize {
unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) } unsafe { SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
} }
to_der! { to_der! {
@ -1926,7 +1926,7 @@ impl Ssl {
{ {
unsafe { unsafe {
ffi::init(); ffi::init();
let idx = cvt_n(compat::get_new_ssl_idx(free_data_box::<T>))?; let idx = cvt_n(get_new_ssl_idx(free_data_box::<T>))?;
Ok(Index::from_raw(idx)) Ok(Index::from_raw(idx))
} }
} }
@ -2091,7 +2091,7 @@ impl SslRef {
/// This corresponds to `SSL_set_tmp_ecdh_callback`. /// This corresponds to `SSL_set_tmp_ecdh_callback`.
/// ///
/// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback /// [`SslContextBuilder::set_tmp_ecdh_callback`]: struct.SslContextBuilder.html#method.set_tmp_ecdh_callback
#[cfg(any(ossl101, ossl102))] #[cfg(any(all(ossl101, not(ossl110))))]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F) pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
@ -2111,7 +2111,7 @@ impl SslRef {
/// ///
/// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh /// [`SslContextBuilder::set_tmp_ecdh`]: struct.SslContextBuilder.html#method.set_tmp_ecdh
/// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html /// [`SSL_set_ecdh_auto`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_ecdh_auto.html
#[cfg(ossl102)] #[cfg(all(ossl102, not(ossl110)))]
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) } unsafe { cvt(ffi::SSL_set_ecdh_auto(self.as_ptr(), onoff as c_int)).map(|_| ()) }
} }
@ -2363,7 +2363,7 @@ impl SslRef {
/// This corresponds to [`SSL_get0_param`]. /// This corresponds to [`SSL_get0_param`].
/// ///
/// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html /// [`SSL_get0_param`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_get0_param.html
#[cfg(any(ossl102, ossl110))] #[cfg(any(ossl102, libressl261))]
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) } unsafe { X509VerifyParamRef::from_ptr_mut(ffi::SSL_get0_param(self.as_ptr())) }
} }
@ -2541,7 +2541,7 @@ impl SslRef {
/// ///
/// [`SSL_is_server`]: https://www.openssl.org/docs/manmaster/man3/SSL_is_server.html /// [`SSL_is_server`]: https://www.openssl.org/docs/manmaster/man3/SSL_is_server.html
pub fn is_server(&self) -> bool { pub fn is_server(&self) -> bool {
unsafe { compat::SSL_is_server(self.as_ptr()) != 0 } unsafe { SSL_is_server(self.as_ptr()) != 0 }
} }
/// Sets the extra data at the specified index. /// Sets the extra data at the specified index.
@ -2987,16 +2987,11 @@ pub enum ShutdownResult {
Received, Received,
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
use std::ptr; use ffi::{
SSL_CTX_up_ref,
use ffi; SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server, TLS_method, DTLS_method,
use libc::c_int;
pub use ffi::{
SSL_CTX_clear_options, SSL_CTX_get_options, SSL_CTX_set_options, SSL_CTX_up_ref,
SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server,
}; };
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
@ -3020,45 +3015,8 @@ mod compat {
Some(f), Some(f),
) )
} }
} else {
pub fn tls_method() -> *const ffi::SSL_METHOD { use ffi::{SSLv23_method as TLS_method, DTLSv1_method as DTLS_method};
unsafe { ffi::TLS_method() }
}
pub fn dtls_method() -> *const ffi::SSL_METHOD {
unsafe { ffi::DTLS_method() }
}
}
#[cfg(ossl10x)]
#[allow(bad_style)]
mod compat {
use std::ptr;
use ffi;
use libc::{self, c_int, c_long, c_uchar, c_ulong, size_t};
pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
}
pub unsafe fn SSL_CTX_set_options(ctx: *const ffi::SSL_CTX, op: c_ulong) -> c_ulong {
ffi::SSL_CTX_ctrl(
ctx as *mut _,
ffi::SSL_CTRL_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
pub unsafe fn SSL_CTX_clear_options(ctx: *const ffi::SSL_CTX, op: c_ulong) -> c_ulong {
ffi::SSL_CTX_ctrl(
ctx as *mut _,
ffi::SSL_CTRL_CLEAR_OPTIONS,
op as c_long,
ptr::null_mut(),
) as c_ulong
}
pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int { pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) ffi::SSL_CTX_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f))
@ -3068,52 +3026,49 @@ mod compat {
ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f)) ffi::SSL_get_ex_new_index(0, ptr::null_mut(), None, None, Some(f))
} }
pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> libc::c_int { #[allow(bad_style)]
pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> c_int {
ffi::CRYPTO_add_lock( ffi::CRYPTO_add_lock(
&mut (*ssl).references, &mut (*ssl).references,
1, 1,
ffi::CRYPTO_LOCK_SSL_CTX, ffi::CRYPTO_LOCK_SSL_CTX,
"mod.rs\0".as_ptr() as *const _, "mod.rs\0".as_ptr() as *const _,
line!() as libc::c_int, line!() as c_int,
); );
0 0
} }
#[allow(bad_style)]
pub unsafe fn SSL_SESSION_get_master_key( pub unsafe fn SSL_SESSION_get_master_key(
session: *const ffi::SSL_SESSION, session: *const ffi::SSL_SESSION,
out: *mut c_uchar, out: *mut c_uchar,
mut outlen: size_t, mut outlen: usize,
) -> size_t { ) -> usize {
if outlen == 0 { if outlen == 0 {
return (*session).master_key_length as size_t; return (*session).master_key_length as usize;
} }
if outlen > (*session).master_key_length as size_t { if outlen > (*session).master_key_length as usize {
outlen = (*session).master_key_length as size_t; outlen = (*session).master_key_length as usize;
} }
ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen); ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen);
outlen outlen
} }
pub fn tls_method() -> *const ffi::SSL_METHOD { #[allow(bad_style)]
unsafe { ffi::SSLv23_method() }
}
pub fn dtls_method() -> *const ffi::SSL_METHOD {
unsafe { ffi::DTLSv1_method() }
}
pub unsafe fn SSL_is_server(s: *mut ffi::SSL) -> c_int { pub unsafe fn SSL_is_server(s: *mut ffi::SSL) -> c_int {
(*s).server (*s).server
} }
#[allow(bad_style)]
pub unsafe fn SSL_SESSION_up_ref(ses: *mut ffi::SSL_SESSION) -> c_int { pub unsafe fn SSL_SESSION_up_ref(ses: *mut ffi::SSL_SESSION) -> c_int {
ffi::CRYPTO_add_lock( ffi::CRYPTO_add_lock(
&mut (*ses).references, &mut (*ses).references,
1, 1,
ffi::CRYPTO_LOCK_SSL_CTX, ffi::CRYPTO_LOCK_SSL_CTX,
"mod.rs\0".as_ptr() as *const _, "mod.rs\0".as_ptr() as *const _,
line!() as libc::c_int, line!() as c_int,
); );
0 0
} }
} }
}

4
openssl/src/ssl/test.rs
View File

@ -1063,7 +1063,7 @@ fn tmp_dh_callback() {
} }
#[test] #[test]
#[cfg(any(all(ossl101, not(libressl)), ossl102))] #[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback() { fn tmp_ecdh_callback() {
use ec::EcKey; use ec::EcKey;
use nid::Nid; use nid::Nid;
@ -1137,7 +1137,7 @@ fn tmp_dh_callback_ssl() {
} }
#[test] #[test]
#[cfg(any(all(ossl101, not(libressl)), ossl102))] #[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback_ssl() { fn tmp_ecdh_callback_ssl() {
use ec::EcKey; use ec::EcKey;
use nid::Nid; use nid::Nid;

29
openssl/src/stack.rs
View File

@ -1,23 +1,30 @@
use foreign_types::{ForeignTypeRef, ForeignType, Opaque}; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef, Opaque};
use libc::c_int; use libc::c_int;
use std::borrow::Borrow; use std::borrow::Borrow;
use std::convert::AsRef; use std::convert::AsRef;
use std::iter; use std::iter;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::mem; use std::mem;
use ffi;
use {cvt, cvt_p};
use error::ErrorStack; use error::ErrorStack;
use std::ops::{Deref, DerefMut, Index, IndexMut}; use std::ops::{Deref, DerefMut, Index, IndexMut};
use {cvt, cvt_p};
#[cfg(ossl10x)] cfg_if! {
use ffi::{sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num, if #[cfg(ossl110)] {
use ffi::{
OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK,
OPENSSL_sk_new_null, OPENSSL_sk_push,
};
} else {
use ffi::{
sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num,
sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK, sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK,
sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push}; sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push,
#[cfg(ossl110)] };
use ffi::{OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK, }
OPENSSL_sk_new_null, OPENSSL_sk_push}; }
/// Trait implemented by types which can be placed in a stack. /// Trait implemented by types which can be placed in a stack.
/// ///
@ -218,9 +225,7 @@ impl<T: Stackable> StackRef<T> {
/// Pushes a value onto the top of the stack. /// Pushes a value onto the top of the stack.
pub fn push(&mut self, data: T) -> Result<(), ErrorStack> { pub fn push(&mut self, data: T) -> Result<(), ErrorStack> {
unsafe { unsafe {
cvt( cvt(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _))?;
OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _),
)?;
mem::forget(data); mem::forget(data);
Ok(()) Ok(())
} }

29
openssl/src/symm.rs
View File

@ -52,14 +52,14 @@
//! println!("Decrypted: '{}'", output_string); //! println!("Decrypted: '{}'", output_string);
//! ``` //! ```
use ffi;
use libc::c_int;
use std::cmp; use std::cmp;
use std::ptr; use std::ptr;
use libc::c_int;
use ffi;
use {cvt, cvt_p};
use error::ErrorStack; use error::ErrorStack;
use nid::Nid; use nid::Nid;
use {cvt, cvt_p};
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
pub enum Mode { pub enum Mode {
@ -718,34 +718,31 @@ pub fn decrypt_aead(
Ok(out) Ok(out)
} }
#[cfg(ossl110)] cfg_if! {
if #[cfg(ossl110)] {
use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length}; use ffi::{EVP_CIPHER_block_size, EVP_CIPHER_iv_length, EVP_CIPHER_key_length};
} else {
#[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
mod compat { pub unsafe fn EVP_CIPHER_iv_length(ptr: *const ffi::EVP_CIPHER) -> c_int {
use libc::c_int;
use ffi::EVP_CIPHER;
pub unsafe fn EVP_CIPHER_iv_length(ptr: *const EVP_CIPHER) -> c_int {
(*ptr).iv_len (*ptr).iv_len
} }
pub unsafe fn EVP_CIPHER_block_size(ptr: *const EVP_CIPHER) -> c_int { #[allow(bad_style)]
pub unsafe fn EVP_CIPHER_block_size(ptr: *const ffi::EVP_CIPHER) -> c_int {
(*ptr).block_size (*ptr).block_size
} }
pub unsafe fn EVP_CIPHER_key_length(ptr: *const EVP_CIPHER) -> c_int { #[allow(bad_style)]
pub unsafe fn EVP_CIPHER_key_length(ptr: *const ffi::EVP_CIPHER) -> c_int {
(*ptr).key_len (*ptr).key_len
} }
} }
#[cfg(ossl10x)] }
use self::compat::*;
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use hex::{self, FromHex};
use super::*; use super::*;
use hex::{self, FromHex};
// Test vectors from FIPS-197: // Test vectors from FIPS-197:
// http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf // http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

21
openssl/src/version.rs
View File

@ -13,15 +13,21 @@
use std::ffi::CStr; use std::ffi::CStr;
#[cfg(ossl10x)] cfg_if! {
use ffi::{SSLEAY_VERSION as OPENSSL_VERSION, SSLEAY_CFLAGS as OPENSSL_CFLAGS, if #[cfg(ossl110)] {
use ffi::{
OPENSSL_VERSION, OPENSSL_CFLAGS, OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR,
OpenSSL_version_num, OpenSSL_version,
};
} else {
use ffi::{
SSLEAY_VERSION as OPENSSL_VERSION, SSLEAY_CFLAGS as OPENSSL_CFLAGS,
SSLEAY_BUILT_ON as OPENSSL_BUILT_ON, SSLEAY_PLATFORM as OPENSSL_PLATFORM, SSLEAY_BUILT_ON as OPENSSL_BUILT_ON, SSLEAY_PLATFORM as OPENSSL_PLATFORM,
SSLEAY_DIR as OPENSSL_DIR, SSLeay as OpenSSL_version_num, SSLEAY_DIR as OPENSSL_DIR, SSLeay as OpenSSL_version_num,
SSLeay_version as OpenSSL_version}; SSLeay_version as OpenSSL_version,
};
#[cfg(ossl110)] }
use ffi::{OPENSSL_VERSION, OPENSSL_CFLAGS, OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR, }
OpenSSL_version_num, OpenSSL_version};
/// OPENSSL_VERSION_NUMBER is a numeric release version identifier: /// OPENSSL_VERSION_NUMBER is a numeric release version identifier:
/// ///
@ -51,7 +57,6 @@ pub fn number() -> i64 {
unsafe { OpenSSL_version_num() as i64 } unsafe { OpenSSL_version_num() as i64 }
} }
/// The text variant of the version number and the release date. For example, "OpenSSL 0.9.5a 1 Apr 2000". /// The text variant of the version number and the release date. For example, "OpenSSL 0.9.5a 1 Apr 2000".
pub fn version() -> &'static str { pub fn version() -> &'static str {
unsafe { unsafe {

96
openssl/src/x509/mod.rs
View File

@ -7,9 +7,9 @@
//! Internet protocols, including SSL/TLS, which is the basis for HTTPS, //! Internet protocols, including SSL/TLS, which is the basis for HTTPS,
//! the secure protocol for browsing the web. //! the secure protocol for browsing the web.
use libc::{c_int, c_long};
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_int, c_long};
use std::error::Error; use std::error::Error;
use std::ffi::{CStr, CString}; use std::ffi::{CStr, CString};
use std::fmt; use std::fmt;
@ -20,7 +20,6 @@ use std::ptr;
use std::slice; use std::slice;
use std::str; use std::str;
use {cvt, cvt_n, cvt_p};
use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1TimeRef}; use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1TimeRef};
use bio::MemBioSlice; use bio::MemBioSlice;
use conf::ConfRef; use conf::ConfRef;
@ -29,18 +28,12 @@ use ex_data::Index;
use hash::MessageDigest; use hash::MessageDigest;
use nid::Nid; use nid::Nid;
use pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public}; use pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public};
use ssl::SslRef;
use stack::{Stack, StackRef, Stackable}; use stack::{Stack, StackRef, Stackable};
use string::OpensslString; use string::OpensslString;
use ssl::SslRef; use {cvt, cvt_n, cvt_p};
#[cfg(ossl10x)] #[cfg(any(ossl102, libressl261))]
use ffi::{ASN1_STRING_data, X509_STORE_CTX_get_chain, X509_set_notAfter, X509_set_notBefore};
#[cfg(ossl110)]
use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data,
X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain,
X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore};
#[cfg(any(ossl102, ossl110))]
pub mod verify; pub mod verify;
pub mod extension; pub mod extension;
@ -215,7 +208,7 @@ impl X509StoreContextRef {
/// [`X509_STORE_CTX_get0_chain`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_STORE_CTX_get0_chain.html /// [`X509_STORE_CTX_get0_chain`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_STORE_CTX_get0_chain.html
pub fn chain(&self) -> Option<&StackRef<X509>> { pub fn chain(&self) -> Option<&StackRef<X509>> {
unsafe { unsafe {
let chain = X509_STORE_CTX_get_chain(self.as_ptr()); let chain = X509_STORE_CTX_get0_chain(self.as_ptr());
if chain.is_null() { if chain.is_null() {
None None
@ -240,12 +233,12 @@ impl X509Builder {
/// Sets the notAfter constraint on the certificate. /// Sets the notAfter constraint on the certificate.
pub fn set_not_after(&mut self, not_after: &Asn1TimeRef) -> Result<(), ErrorStack> { pub fn set_not_after(&mut self, not_after: &Asn1TimeRef) -> Result<(), ErrorStack> {
unsafe { cvt(X509_set_notAfter(self.0.as_ptr(), not_after.as_ptr())).map(|_| ()) } unsafe { cvt(X509_set1_notAfter(self.0.as_ptr(), not_after.as_ptr())).map(|_| ()) }
} }
/// Sets the notBefore constraint on the certificate. /// Sets the notBefore constraint on the certificate.
pub fn set_not_before(&mut self, not_before: &Asn1TimeRef) -> Result<(), ErrorStack> { pub fn set_not_before(&mut self, not_before: &Asn1TimeRef) -> Result<(), ErrorStack> {
unsafe { cvt(X509_set_notBefore(self.0.as_ptr(), not_before.as_ptr())).map(|_| ()) } unsafe { cvt(X509_set1_notBefore(self.0.as_ptr(), not_before.as_ptr())).map(|_| ()) }
} }
/// Sets the version of the certificate. /// Sets the version of the certificate.
@ -474,7 +467,7 @@ impl X509Ref {
/// Returns the certificate's Not After validity period. /// Returns the certificate's Not After validity period.
pub fn not_after(&self) -> &Asn1TimeRef { pub fn not_after(&self) -> &Asn1TimeRef {
unsafe { unsafe {
let date = compat::X509_get_notAfter(self.as_ptr()); let date = X509_getm_notAfter(self.as_ptr());
assert!(!date.is_null()); assert!(!date.is_null());
Asn1TimeRef::from_ptr(date) Asn1TimeRef::from_ptr(date)
} }
@ -483,7 +476,7 @@ impl X509Ref {
/// Returns the certificate's Not Before validity period. /// Returns the certificate's Not Before validity period.
pub fn not_before(&self) -> &Asn1TimeRef { pub fn not_before(&self) -> &Asn1TimeRef {
unsafe { unsafe {
let date = compat::X509_get_notBefore(self.as_ptr()); let date = X509_getm_notBefore(self.as_ptr());
assert!(!date.is_null()); assert!(!date.is_null());
Asn1TimeRef::from_ptr(date) Asn1TimeRef::from_ptr(date)
} }
@ -493,7 +486,7 @@ impl X509Ref {
pub fn signature(&self) -> &Asn1BitStringRef { pub fn signature(&self) -> &Asn1BitStringRef {
unsafe { unsafe {
let mut signature = ptr::null(); let mut signature = ptr::null();
compat::X509_get0_signature(&mut signature, ptr::null_mut(), self.as_ptr()); X509_get0_signature(&mut signature, ptr::null_mut(), self.as_ptr());
assert!(!signature.is_null()); assert!(!signature.is_null());
Asn1BitStringRef::from_ptr(signature as *mut _) Asn1BitStringRef::from_ptr(signature as *mut _)
} }
@ -503,7 +496,7 @@ impl X509Ref {
pub fn signature_algorithm(&self) -> &X509AlgorithmRef { pub fn signature_algorithm(&self) -> &X509AlgorithmRef {
unsafe { unsafe {
let mut algor = ptr::null(); let mut algor = ptr::null();
compat::X509_get0_signature(ptr::null_mut(), &mut algor, self.as_ptr()); X509_get0_signature(ptr::null_mut(), &mut algor, self.as_ptr());
assert!(!algor.is_null()); assert!(!algor.is_null());
X509AlgorithmRef::from_ptr(algor as *mut _) X509AlgorithmRef::from_ptr(algor as *mut _)
} }
@ -564,7 +557,7 @@ impl ToOwned for X509Ref {
fn to_owned(&self) -> X509 { fn to_owned(&self) -> X509 {
unsafe { unsafe {
compat::X509_up_ref(self.as_ptr()); X509_up_ref(self.as_ptr());
X509::from_ptr(self.as_ptr()) X509::from_ptr(self.as_ptr())
} }
} }
@ -1054,7 +1047,7 @@ impl X509ReqRef {
/// ///
/// [`X509_REQ_get_version`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_get_version.html /// [`X509_REQ_get_version`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_get_version.html
pub fn version(&self) -> i32 { pub fn version(&self) -> i32 {
unsafe { compat::X509_REQ_get_version(self.as_ptr()) as i32 } unsafe { X509_REQ_get_version(self.as_ptr()) as i32 }
} }
/// Returns the subject name of the certificate request. /// Returns the subject name of the certificate request.
@ -1064,7 +1057,7 @@ impl X509ReqRef {
/// [`X509_REQ_get_subject_name`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_get_subject_name.html /// [`X509_REQ_get_subject_name`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_get_subject_name.html
pub fn subject_name(&self) -> &X509NameRef { pub fn subject_name(&self) -> &X509NameRef {
unsafe { unsafe {
let name = compat::X509_REQ_get_subject_name(self.as_ptr()); let name = X509_REQ_get_subject_name(self.as_ptr());
assert!(!name.is_null()); assert!(!name.is_null());
X509NameRef::from_ptr(name) X509NameRef::from_ptr(name)
} }
@ -1172,7 +1165,7 @@ impl GeneralNameRef {
return None; return None;
} }
let ptr = ASN1_STRING_data((*self.as_ptr()).d as *mut _); let ptr = ASN1_STRING_get0_data((*self.as_ptr()).d as *mut _);
let len = ffi::ASN1_STRING_length((*self.as_ptr()).d as *mut _); let len = ffi::ASN1_STRING_length((*self.as_ptr()).d as *mut _);
let slice = slice::from_raw_parts(ptr as *const u8, len as usize); let slice = slice::from_raw_parts(ptr as *const u8, len as usize);
@ -1205,7 +1198,7 @@ impl GeneralNameRef {
return None; return None;
} }
let ptr = ASN1_STRING_data((*self.as_ptr()).d as *mut _); let ptr = ASN1_STRING_get0_data((*self.as_ptr()).d as *mut _);
let len = ffi::ASN1_STRING_length((*self.as_ptr()).d as *mut _); let len = ffi::ASN1_STRING_length((*self.as_ptr()).d as *mut _);
Some(slice::from_raw_parts(ptr as *const u8, len as usize)) Some(slice::from_raw_parts(ptr as *const u8, len as usize))
@ -1232,39 +1225,41 @@ impl X509AlgorithmRef {
pub fn object(&self) -> &Asn1ObjectRef { pub fn object(&self) -> &Asn1ObjectRef {
unsafe { unsafe {
let mut oid = ptr::null(); let mut oid = ptr::null();
compat::X509_ALGOR_get0(&mut oid, ptr::null_mut(), ptr::null_mut(), self.as_ptr()); X509_ALGOR_get0(&mut oid, ptr::null_mut(), ptr::null_mut(), self.as_ptr());
assert!(!oid.is_null()); assert!(!oid.is_null());
Asn1ObjectRef::from_ptr(oid as *mut _) Asn1ObjectRef::from_ptr(oid as *mut _)
} }
} }
} }
#[cfg(ossl110)] cfg_if! {
mod compat { if #[cfg(ossl110)] {
pub use ffi::X509_getm_notAfter as X509_get_notAfter; use ffi::{
pub use ffi::X509_getm_notBefore as X509_get_notBefore; X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version,
pub use ffi::X509_up_ref; X509_get0_signature, X509_getm_notAfter, X509_getm_notBefore, X509_up_ref,
pub use ffi::X509_REQ_get_version; ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter,
pub use ffi::X509_REQ_get_subject_name; X509_set1_notBefore,
pub use ffi::X509_get0_signature; };
pub use ffi::X509_ALGOR_get0; } else {
} use ffi::{
ASN1_STRING_data as ASN1_STRING_get0_data,
X509_STORE_CTX_get_chain as X509_STORE_CTX_get0_chain,
X509_set_notAfter as X509_set1_notAfter,
X509_set_notBefore as X509_set1_notBefore,
};
#[cfg(ossl10x)]
#[allow(bad_style)] #[allow(bad_style)]
mod compat { unsafe fn X509_getm_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME {
use libc::{c_int, c_void};
use ffi;
pub unsafe fn X509_get_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME {
(*(*(*x).cert_info).validity).notAfter (*(*(*x).cert_info).validity).notAfter
} }
pub unsafe fn X509_get_notBefore(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME { #[allow(bad_style)]
unsafe fn X509_getm_notBefore(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME {
(*(*(*x).cert_info).validity).notBefore (*(*(*x).cert_info).validity).notBefore
} }
pub unsafe fn X509_up_ref(x: *mut ffi::X509) { #[allow(bad_style)]
unsafe fn X509_up_ref(x: *mut ffi::X509) {
ffi::CRYPTO_add_lock( ffi::CRYPTO_add_lock(
&mut (*x).references, &mut (*x).references,
1, 1,
@ -1274,15 +1269,18 @@ mod compat {
); );
} }
pub unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long { #[allow(bad_style)]
::ffi::ASN1_INTEGER_get((*(*x).req_info).version) unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long {
ffi::ASN1_INTEGER_get((*(*x).req_info).version)
} }
pub unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME { #[allow(bad_style)]
unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME {
(*(*x).req_info).subject (*(*x).req_info).subject
} }
pub unsafe fn X509_get0_signature( #[allow(bad_style)]
unsafe fn X509_get0_signature(
psig: *mut *const ffi::ASN1_BIT_STRING, psig: *mut *const ffi::ASN1_BIT_STRING,
palg: *mut *const ffi::X509_ALGOR, palg: *mut *const ffi::X509_ALGOR,
x: *const ffi::X509, x: *const ffi::X509,
@ -1295,10 +1293,11 @@ mod compat {
} }
} }
pub unsafe fn X509_ALGOR_get0( #[allow(bad_style)]
unsafe fn X509_ALGOR_get0(
paobj: *mut *const ffi::ASN1_OBJECT, paobj: *mut *const ffi::ASN1_OBJECT,
pptype: *mut c_int, pptype: *mut c_int,
pval: *mut *mut c_void, pval: *mut *mut ::libc::c_void,
alg: *const ffi::X509_ALGOR, alg: *const ffi::X509_ALGOR,
) { ) {
if !paobj.is_null() { if !paobj.is_null() {
@ -1308,3 +1307,4 @@ mod compat {
assert!(pval.is_null()); assert!(pval.is_null());
} }
} }
}

2
openssl/src/x509/verify.rs
View File

@ -1,6 +1,6 @@
use libc::c_uint;
use ffi; use ffi;
use foreign_types::ForeignTypeRef; use foreign_types::ForeignTypeRef;
use libc::c_uint;
use std::net::IpAddr; use std::net::IpAddr;
use cvt; use cvt;