min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revive tests

This commit is contained in:
Ivan Nikulin 2020-11-11 00:09:31 +00:00
parent 7908e99fae
commit a9ea9b26e7
22 changed files with 28 additions and 1285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssl-sys/src/pem.rs
View File

@ -168,4 +168,4 @@ extern "C" {
pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int; pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: *mut PKCS7) -> c_int;
} }
pub const PEM_R_NO_START_LINE: c_int = 108; pub const PEM_R_NO_START_LINE: c_int = 110;

12
openssl-sys/src/ssl.rs
View File

@ -285,7 +285,7 @@ pub const SSL_OP_NO_TLSv1: c_uint = 0x04000000;
pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000; pub const SSL_OP_NO_DTLSv1: c_uint = 0x04000000;
#[cfg(ossl102)] #[cfg(ossl102)]
pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000; pub const SSL_OP_NO_DTLSv1_2: c_uint = 0x08000000;
#[cfg(ossl111)]
pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000; pub const SSL_OP_NO_TLSv1_3: c_uint = 0x20000000;
#[cfg(ossl110h)] #[cfg(ossl110h)]
@ -963,16 +963,6 @@ extern "C" {
} }
extern "C" { extern "C" {
// FIXME should take an option
pub fn SSL_CTX_set_tmp_dh_callback(
ctx: *mut SSL_CTX,
dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
);
// FIXME should take an option
pub fn SSL_set_tmp_dh_callback(
ctx: *mut SSL,
dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
);
// FIXME should take an option // FIXME should take an option
#[cfg(not(ossl110))] #[cfg(not(ossl110))]
pub fn SSL_CTX_set_tmp_ecdh_callback( pub fn SSL_CTX_set_tmp_ecdh_callback(

1
openssl-sys/src/tls1.rs
View File

@ -7,7 +7,6 @@ use *;
pub const TLS1_VERSION: u16 = 0x301; pub const TLS1_VERSION: u16 = 0x301;
pub const TLS1_1_VERSION: u16 = 0x302; pub const TLS1_1_VERSION: u16 = 0x302;
pub const TLS1_2_VERSION: u16 = 0x303; pub const TLS1_2_VERSION: u16 = 0x303;
#[cfg(ossl111)]
pub const TLS1_3_VERSION: u16 = 0x304; pub const TLS1_3_VERSION: u16 = 0x304;
pub const TLS1_AD_DECODE_ERROR: c_int = 50; pub const TLS1_AD_DECODE_ERROR: c_int = 50;

47
openssl/src/aes.rs
View File

@ -6,11 +6,9 @@
//! Advanced Encryption Standard (AES) provides symmetric key cipher that //! Advanced Encryption Standard (AES) provides symmetric key cipher that
//! the same key is used to encrypt and decrypt data. This implementation //! the same key is used to encrypt and decrypt data. This implementation
//! uses 128, 192, or 256 bit keys. This module provides functions to //! uses 128, 192, or 256 bit keys. This module provides functions to
//! create a new key with [`new_encrypt`] and perform an encryption/decryption //! create a new key with [`new_encrypt`].
//! using that key with [`aes_ige`].
//! //!
//! [`new_encrypt`]: struct.AesKey.html#method.new_encrypt //! [`new_encrypt`]: struct.AesKey.html#method.new_encrypt
//! [`aes_ige`]: fn.aes_ige.html
//! //!
//! The [`symm`] module should be used in preference to this module in most cases. //! The [`symm`] module should be used in preference to this module in most cases.
//! The IGE block cypher is a non-traditional cipher mode. More traditional AES //! The IGE block cypher is a non-traditional cipher mode. More traditional AES
@ -21,23 +19,7 @@
//! [`Cipher`]: ../symm/struct.Cipher.html //! [`Cipher`]: ../symm/struct.Cipher.html
//! //!
//! # Examples //! # Examples
//! //!
//! ## AES IGE
//! ```rust
//! use openssl::aes::{AesKey, aes_ige};
//! use openssl::symm::Mode;
//!
//! let key = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
//! let plaintext = b"\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56";
//! let mut iv = *b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\
//! \x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
//!
//! let key = AesKey::new_encrypt(key).unwrap();
//! let mut output = [0u8; 16];
//! aes_ige(plaintext, &mut output, &key, &mut iv, Mode::Encrypt);
//! assert_eq!(output, *b"\xa6\xad\x97\x4d\x5c\xea\x1d\x36\xd2\xf3\x67\x98\x09\x07\xed\x32");
//! ```
//!
//! ## Key wrapping //! ## Key wrapping
//! ```rust //! ```rust
//! use openssl::aes::{AesKey, unwrap_key, wrap_key}; //! use openssl::aes::{AesKey, unwrap_key, wrap_key};
@ -199,31 +181,6 @@ mod test {
use hex::FromHex; use hex::FromHex;
use super::*; use super::*;
use symm::Mode;
// From https://www.mgp25.com/AESIGE/
#[test]
fn ige_vector_1() {
let raw_key = "000102030405060708090A0B0C0D0E0F";
let raw_iv = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
let raw_pt = "0000000000000000000000000000000000000000000000000000000000000000";
let raw_ct = "1A8519A6557BE652E9DA8E43DA4EF4453CF456B4CA488AA383C79C98B34797CB";
let key = AesKey::new_encrypt(&Vec::from_hex(raw_key).unwrap()).unwrap();
let mut iv = Vec::from_hex(raw_iv).unwrap();
let pt = Vec::from_hex(raw_pt).unwrap();
let ct = Vec::from_hex(raw_ct).unwrap();
let mut ct_actual = vec![0; ct.len()];
aes_ige(&pt, &mut ct_actual, &key, &mut iv, Mode::Encrypt);
assert_eq!(ct_actual, ct);
let key = AesKey::new_decrypt(&Vec::from_hex(raw_key).unwrap()).unwrap();
let mut iv = Vec::from_hex(raw_iv).unwrap();
let mut pt_actual = vec![0; pt.len()];
aes_ige(&ct, &mut pt_actual, &key, &mut iv, Mode::Decrypt);
assert_eq!(pt_actual, pt);
}
// from the RFC https://tools.ietf.org/html/rfc3394#section-2.2.3 // from the RFC https://tools.ietf.org/html/rfc3394#section-2.2.3
#[test] #[test]

2
openssl/src/bn.rs
View File

@ -881,7 +881,7 @@ impl BigNumRef {
/// # use openssl::bn::BigNum; /// # use openssl::bn::BigNum;
/// let s = -BigNum::from_u32(0x99ff).unwrap(); /// let s = -BigNum::from_u32(0x99ff).unwrap();
/// ///
/// assert_eq!(&**s.to_hex_str().unwrap(), "-99FF"); /// assert_eq!(&**s.to_hex_str().unwrap(), "-99ff");
/// ``` /// ```
pub fn to_hex_str(&self) -> Result<OpensslString, ErrorStack> { pub fn to_hex_str(&self) -> Result<OpensslString, ErrorStack> {
unsafe { unsafe {

8
openssl/src/conf.rs
View File

@ -33,14 +33,6 @@ foreign_type_and_impl_send_sync! {
impl Conf { impl Conf {
/// Create a configuration parser. /// Create a configuration parser.
///
/// # Examples
///
/// ```
/// use openssl::conf::{Conf, ConfMethod};
///
/// let conf = Conf::new(ConfMethod::default());
/// ```
pub fn new(method: ConfMethod) -> Result<Conf, ErrorStack> { pub fn new(method: ConfMethod) -> Result<Conf, ErrorStack> {
unsafe { cvt_p(ffi::NCONF_new(method.as_ptr())).map(Conf) } unsafe { cvt_p(ffi::NCONF_new(method.as_ptr())).map(Conf) }
} }

10
openssl/src/dh.rs
View File

@ -105,16 +105,6 @@ mod tests {
use dh::Dh; use dh::Dh;
use ssl::{SslContext, SslMethod}; use ssl::{SslContext, SslMethod};
#[test]
#[cfg(ossl102)]
fn test_dh_rfc5114() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
let dh2 = Dh::get_2048_224().unwrap();
ctx.set_tmp_dh(&dh2).unwrap();
let dh3 = Dh::get_2048_256().unwrap();
ctx.set_tmp_dh(&dh3).unwrap();
}
#[test] #[test]
fn test_dh() { fn test_dh() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();

43
openssl/src/dsa.rs
View File

@ -359,9 +359,6 @@ cfg_if! {
mod test { mod test {
use super::*; use super::*;
use bn::BigNumContext; use bn::BigNumContext;
use hash::MessageDigest;
use pkey::PKey;
use sign::{Signer, Verifier};
#[test] #[test]
pub fn test_generate() { pub fn test_generate() {
@ -411,46 +408,6 @@ mod test {
assert_eq!(dsa.g(), &BigNum::from_u32(60).unwrap()); assert_eq!(dsa.g(), &BigNum::from_u32(60).unwrap());
} }
#[test]
fn test_signature() {
const TEST_DATA: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
let dsa_ref = Dsa::generate(1024).unwrap();
let p = dsa_ref.p();
let q = dsa_ref.q();
let g = dsa_ref.g();
let pub_key = dsa_ref.pub_key();
let priv_key = dsa_ref.priv_key();
let priv_key = Dsa::from_private_components(
BigNumRef::to_owned(p).unwrap(),
BigNumRef::to_owned(q).unwrap(),
BigNumRef::to_owned(g).unwrap(),
BigNumRef::to_owned(priv_key).unwrap(),
BigNumRef::to_owned(pub_key).unwrap(),
)
.unwrap();
let priv_key = PKey::from_dsa(priv_key).unwrap();
let pub_key = Dsa::from_public_components(
BigNumRef::to_owned(p).unwrap(),
BigNumRef::to_owned(q).unwrap(),
BigNumRef::to_owned(g).unwrap(),
BigNumRef::to_owned(pub_key).unwrap(),
)
.unwrap();
let pub_key = PKey::from_dsa(pub_key).unwrap();
let mut signer = Signer::new(MessageDigest::sha256(), &priv_key).unwrap();
signer.update(TEST_DATA).unwrap();
let signature = signer.sign_to_vec().unwrap();
let mut verifier = Verifier::new(MessageDigest::sha256(), &pub_key).unwrap();
verifier.update(TEST_DATA).unwrap();
assert!(verifier.verify(&signature[..]).unwrap());
}
#[test] #[test]
#[allow(clippy::redundant_clone)] #[allow(clippy::redundant_clone)]
fn clone() { fn clone() {

81
openssl/src/ecdsa.rs
View File

@ -170,83 +170,4 @@ cfg_if! {
} }
} }
} }
} }
#[cfg(test)]
mod test {
use super::*;
use ec::EcGroup;
use ec::EcKey;
use nid::Nid;
use pkey::{Private, Public};
fn get_public_key(group: &EcGroup, x: &EcKey<Private>) -> Result<EcKey<Public>, ErrorStack> {
let public_key_point = x.public_key();
Ok(EcKey::from_public_key(group, public_key_point)?)
}
#[test]
#[cfg_attr(osslconf = "OPENSSL_NO_EC2M", ignore)]
fn sign_and_verify() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME192V1).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let private_key2 = EcKey::generate(&group).unwrap();
let public_key2 = get_public_key(&group, &private_key2).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap();
// Signature can be verified using the correct data & correct public key
let verification = res.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification);
// Signature will not be verified using the incorrect data but the correct public key
let verification2 = res
.verify(String::from("hello2").as_bytes(), &public_key)
.unwrap();
assert!(!verification2);
// Signature will not be verified using the correct data but the incorrect public key
let verification3 = res.verify(data.as_bytes(), &public_key2).unwrap();
assert!(!verification3);
}
#[test]
#[cfg_attr(osslconf = "OPENSSL_NO_EC2M", ignore)]
fn check_private_components() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME192V1).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap();
let verification = res.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification);
let r = res.r().to_owned().unwrap();
let s = res.s().to_owned().unwrap();
let res2 = EcdsaSig::from_private_components(r, s).unwrap();
let verification2 = res2.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification2);
}
#[test]
#[cfg_attr(osslconf = "OPENSSL_NO_EC2M", ignore)]
fn serialize_deserialize() {
let group = EcGroup::from_curve_name(Nid::SECP256K1).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap();
let der = res.to_der().unwrap();
let sig = EcdsaSig::from_der(&der).unwrap();
let verification = sig.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification);
}
}

9
openssl/src/hash.rs
View File

@ -589,15 +589,6 @@ mod tests {
} }
} }
#[test]
fn test_ripemd160() {
let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")];
for test in tests.iter() {
hash_test(MessageDigest::ripemd160(), test);
}
}
#[test] #[test]
fn from_nid() { fn from_nid() {
assert_eq!( assert_eq!(

9
openssl/src/lib.rs
View File

@ -158,7 +158,6 @@ pub mod memcmp;
pub mod nid; pub mod nid;
pub mod pkcs12; pub mod pkcs12;
pub mod pkcs5; pub mod pkcs5;
pub mod pkcs7;
pub mod pkey; pub mod pkey;
pub mod rand; pub mod rand;
pub mod rsa; pub mod rsa;
@ -188,6 +187,14 @@ fn cvt_0(r: size_t) -> Result<size_t, ErrorStack> {
} }
} }
fn cvt_0i(r: c_int) -> Result<c_int, ErrorStack> {
if r == 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}
fn cvt(r: c_int) -> Result<c_int, ErrorStack> { fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
if r <= 0 { if r <= 0 {
Err(ErrorStack::get()) Err(ErrorStack::get())

6
openssl/src/pkcs12.rs
View File

@ -11,7 +11,7 @@ use nid::Nid;
use pkey::{HasPrivate, PKey, PKeyRef, Private}; use pkey::{HasPrivate, PKey, PKeyRef, Private};
use stack::Stack; use stack::Stack;
use x509::{X509Ref, X509}; use x509::{X509Ref, X509};
use {cvt, cvt_p}; use {cvt_0i, cvt_p};
pub const PKCS12_DEFAULT_ITER: c_int = 2048; pub const PKCS12_DEFAULT_ITER: c_int = 2048;
@ -43,7 +43,7 @@ impl Pkcs12Ref {
let mut cert = ptr::null_mut(); let mut cert = ptr::null_mut();
let mut chain = ptr::null_mut(); let mut chain = ptr::null_mut();
cvt(ffi::PKCS12_parse( cvt_0i(ffi::PKCS12_parse(
self.as_ptr(), self.as_ptr(),
pass.as_ptr(), pass.as_ptr(),
&mut pkey, &mut pkey,
@ -239,7 +239,7 @@ mod test {
let der = include_bytes!("../test/keystore-empty-chain.p12"); let der = include_bytes!("../test/keystore-empty-chain.p12");
let pkcs12 = Pkcs12::from_der(der).unwrap(); let pkcs12 = Pkcs12::from_der(der).unwrap();
let parsed = pkcs12.parse("cassandra").unwrap(); let parsed = pkcs12.parse("cassandra").unwrap();
assert!(parsed.chain.is_none()); assert_eq!(parsed.chain.unwrap().len(), 0);
} }
#[test] #[test]

249
openssl/src/pkcs7.rs
View File

@ -1,249 +0,0 @@
use bio::MemBioSlice;
use error::ErrorStack;
use ffi;
use foreign_types::ForeignTypeRef;
use libc::c_int;
use pkey::{HasPrivate, PKeyRef};
use stack::StackRef;
use std::ptr;
use x509::{X509Ref, X509};
use {cvt, cvt_p};
foreign_type_and_impl_send_sync! {
type CType = ffi::PKCS7;
fn drop = ffi::PKCS7_free;
/// A PKCS#7 structure.
///
/// Contains signed and/or encrypted data.
pub struct Pkcs7;
/// Reference to `Pkcs7`
pub struct Pkcs7Ref;
}
bitflags! {
pub struct Pkcs7Flags: c_int {
const TEXT = ffi::PKCS7_TEXT;
const NOCERTS = ffi::PKCS7_NOCERTS;
const NOSIGS = ffi::PKCS7_NOSIGS;
const NOCHAIN = ffi::PKCS7_NOCHAIN;
const NOINTERN = ffi::PKCS7_NOINTERN;
const NOVERIFY = ffi::PKCS7_NOVERIFY;
const DETACHED = ffi::PKCS7_DETACHED;
const BINARY = ffi::PKCS7_BINARY;
const NOATTR = ffi::PKCS7_NOATTR;
const NOSMIMECAP = ffi::PKCS7_NOSMIMECAP;
const STREAM = ffi::PKCS7_STREAM;
#[cfg(not(any(ossl101, ossl102, libressl)))]
const NO_DUAL_CONTENT = ffi::PKCS7_NO_DUAL_CONTENT;
}
}
impl Pkcs7 {
from_pem! {
/// Deserializes a PEM-encoded PKCS#7 signature
///
/// The input should have a header of `-----BEGIN PKCS7-----`.
///
/// This corresponds to [`PEM_read_bio_PKCS7`].
///
/// [`PEM_read_bio_PKCS7`]: https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_PKCS7.html
from_pem,
Pkcs7,
ffi::PEM_read_bio_PKCS7
}
from_der! {
/// Deserializes a DER-encoded PKCS#7 signature
///
/// This corresponds to [`d2i_PKCS7`].
///
/// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html
from_der,
Pkcs7,
ffi::d2i_PKCS7,
::libc::size_t
}
/// Creates and returns a PKCS#7 `signedData` structure.
///
/// `signcert` is the certificate to sign with, `pkey` is the corresponding
/// private key. `certs` is an optional additional set of certificates to
/// include in the PKCS#7 structure (for example any intermediate CAs in the
/// chain).
///
/// This corresponds to [`PKCS7_sign`].
///
/// [`PKCS7_sign`]: https://www.openssl.org/docs/man1.0.2/crypto/PKCS7_sign.html
pub fn sign<PT>(
signcert: &X509Ref,
pkey: &PKeyRef<PT>,
certs: &StackRef<X509>,
input: &[u8],
flags: Pkcs7Flags,
) -> Result<Pkcs7, ErrorStack>
where
PT: HasPrivate,
{
let input_bio = MemBioSlice::new(input)?;
unsafe {
cvt_p(ffi::PKCS7_sign(
signcert.as_ptr(),
pkey.as_ptr(),
certs.as_ptr(),
input_bio.as_ptr(),
flags.bits,
))
.map(Pkcs7)
}
}
}
impl Pkcs7Ref {
to_pem! {
/// Serializes the data into a PEM-encoded PKCS#7 structure.
///
/// The output will have a header of `-----BEGIN PKCS7-----`.
///
/// This corresponds to [`PEM_write_bio_PKCS7`].
///
/// [`PEM_write_bio_PKCS7`]: https://www.openssl.org/docs/man1.0.2/crypto/PEM_write_bio_PKCS7.html
to_pem,
ffi::PEM_write_bio_PKCS7
}
to_der! {
/// Serializes the data into a DER-encoded PKCS#7 structure.
///
/// This corresponds to [`i2d_PKCS7`].
///
/// [`i2d_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/i2d_PKCS7.html
to_der,
ffi::i2d_PKCS7
}
}
#[cfg(test)]
mod tests {
use pkcs7::{Pkcs7, Pkcs7Flags};
use pkey::PKey;
use stack::Stack;
use symm::Cipher;
use x509::store::X509StoreBuilder;
use x509::X509;
#[test]
fn encrypt_decrypt_test() {
let cert = include_bytes!("../test/certs.pem");
let cert = X509::from_pem(cert).unwrap();
let mut certs = Stack::new().unwrap();
certs.push(cert.clone()).unwrap();
let message: String = String::from("foo");
let cypher = Cipher::des_ede3_cbc();
let flags = Pkcs7Flags::STREAM;
let pkey = include_bytes!("../test/key.pem");
let pkey = PKey::private_key_from_pem(pkey).unwrap();
let pkcs7 =
Pkcs7::encrypt(&certs, message.as_bytes(), cypher, flags).expect("should succeed");
let encrypted = pkcs7
.to_smime(message.as_bytes(), flags)
.expect("should succeed");
let (pkcs7_decoded, _) = Pkcs7::from_smime(encrypted.as_slice()).expect("should succeed");
let decoded = pkcs7_decoded
.decrypt(&pkey, &cert, Pkcs7Flags::empty())
.expect("should succeed");
assert_eq!(decoded, message.into_bytes());
}
#[test]
fn sign_verify_test_detached() {
let cert = include_bytes!("../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
let certs = Stack::new().unwrap();
let message = "foo";
let flags = Pkcs7Flags::STREAM | Pkcs7Flags::DETACHED;
let pkey = include_bytes!("../test/key.pem");
let pkey = PKey::private_key_from_pem(pkey).unwrap();
let mut store_builder = X509StoreBuilder::new().expect("should succeed");
let root_ca = include_bytes!("../test/root-ca.pem");
let root_ca = X509::from_pem(root_ca).unwrap();
store_builder.add_cert(root_ca).expect("should succeed");
let store = store_builder.build();
let pkcs7 =
Pkcs7::sign(&cert, &pkey, &certs, message.as_bytes(), flags).expect("should succeed");
let signed = pkcs7
.to_smime(message.as_bytes(), flags)
.expect("should succeed");
println!("{:?}", String::from_utf8(signed.clone()).unwrap());
let (pkcs7_decoded, content) =
Pkcs7::from_smime(signed.as_slice()).expect("should succeed");
let mut output = Vec::new();
pkcs7_decoded
.verify(
&certs,
&store,
Some(message.as_bytes()),
Some(&mut output),
flags,
)
.expect("should succeed");
assert_eq!(output, message.as_bytes());
assert_eq!(content.expect("should be non-empty"), message.as_bytes());
}
#[test]
fn sign_verify_test_normal() {
let cert = include_bytes!("../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
let certs = Stack::new().unwrap();
let message = "foo";
let flags = Pkcs7Flags::STREAM;
let pkey = include_bytes!("../test/key.pem");
let pkey = PKey::private_key_from_pem(pkey).unwrap();
let mut store_builder = X509StoreBuilder::new().expect("should succeed");
let root_ca = include_bytes!("../test/root-ca.pem");
let root_ca = X509::from_pem(root_ca).unwrap();
store_builder.add_cert(root_ca).expect("should succeed");
let store = store_builder.build();
let pkcs7 =
Pkcs7::sign(&cert, &pkey, &certs, message.as_bytes(), flags).expect("should succeed");
let signed = pkcs7
.to_smime(message.as_bytes(), flags)
.expect("should succeed");
let (pkcs7_decoded, content) =
Pkcs7::from_smime(signed.as_slice()).expect("should succeed");
let mut output = Vec::new();
pkcs7_decoded
.verify(&certs, &store, None, Some(&mut output), flags)
.expect("should succeed");
assert_eq!(output, message.as_bytes());
assert!(content.is_none());
}
#[test]
fn invalid_from_smime() {
let input = String::from("Invalid SMIME Message");
let result = Pkcs7::from_smime(input.as_bytes());
assert_eq!(result.is_err(), true)
}
}

59
openssl/src/pkey.rs
View File

@ -332,44 +332,6 @@ impl<T> PKey<T> {
} }
} }
/// Creates a new `PKey` containing a DSA key.
///
/// This corresponds to [`EVP_PKEY_assign_DSA`].
///
/// [`EVP_PKEY_assign_DSA`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_assign_DSA.html
pub fn from_dsa(dsa: Dsa<T>) -> Result<PKey<T>, ErrorStack> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
cvt(ffi::EVP_PKEY_assign(
pkey.0,
ffi::EVP_PKEY_DSA,
dsa.as_ptr() as *mut _,
))?;
mem::forget(dsa);
Ok(pkey)
}
}
/// Creates a new `PKey` containing a Diffie-Hellman key.
///
/// This corresponds to [`EVP_PKEY_assign_DH`].
///
/// [`EVP_PKEY_assign_DH`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_assign_DH.html
pub fn from_dh(dh: Dh<T>) -> Result<PKey<T>, ErrorStack> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
cvt(ffi::EVP_PKEY_assign(
pkey.0,
ffi::EVP_PKEY_DH,
dh.as_ptr() as *mut _,
))?;
mem::forget(dh);
Ok(pkey)
}
}
/// Creates a new `PKey` containing an elliptic curve key. /// Creates a new `PKey` containing an elliptic curve key.
/// ///
/// This corresponds to [`EVP_PKEY_assign_EC_KEY`]. /// This corresponds to [`EVP_PKEY_assign_EC_KEY`].
@ -573,8 +535,6 @@ cfg_if! {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use dh::Dh;
use dsa::Dsa;
use ec::EcKey; use ec::EcKey;
use nid::Nid; use nid::Nid;
use rsa::Rsa; use rsa::Rsa;
@ -665,25 +625,6 @@ mod tests {
assert!(pkey.dsa().is_err()); assert!(pkey.dsa().is_err());
} }
#[test]
fn test_dsa_accessor() {
let dsa = Dsa::generate(2048).unwrap();
let pkey = PKey::from_dsa(dsa).unwrap();
pkey.dsa().unwrap();
assert_eq!(pkey.id(), Id::DSA);
assert!(pkey.rsa().is_err());
}
#[test]
fn test_dh_accessor() {
let dh = include_bytes!("../test/dhparams.pem");
let dh = Dh::params_from_pem(dh).unwrap();
let pkey = PKey::from_dh(dh).unwrap();
pkey.dh().unwrap();
assert_eq!(pkey.id(), Id::DH);
assert!(pkey.rsa().is_err());
}
#[test] #[test]
fn test_ec_key_accessor() { fn test_ec_key_accessor() {
let ec_key = EcKey::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let ec_key = EcKey::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();

148
openssl/src/sign.rs
View File

@ -34,33 +34,6 @@
//! verifier.update(data2).unwrap(); //! verifier.update(data2).unwrap();
//! assert!(verifier.verify(&signature).unwrap()); //! assert!(verifier.verify(&signature).unwrap());
//! ``` //! ```
//!
//! Compute an HMAC:
//!
//! ```rust
//! use openssl::hash::MessageDigest;
//! use openssl::memcmp;
//! use openssl::pkey::PKey;
//! use openssl::sign::Signer;
//!
//! // Create a PKey
//! let key = PKey::hmac(b"my secret").unwrap();
//!
//! let data = b"hello, world!";
//! let data2 = b"hola, mundo!";
//!
//! // Compute the HMAC
//! let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
//! signer.update(data).unwrap();
//! signer.update(data2).unwrap();
//! let hmac = signer.sign_to_vec().unwrap();
//!
//! // `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
//! //
//! // Do not simply check for equality with `==`!
//! # let target = hmac.clone();
//! assert!(memcmp::eq(&hmac, &target));
//! ```
use ffi; use ffi;
use foreign_types::ForeignTypeRef; use foreign_types::ForeignTypeRef;
use libc::c_int; use libc::c_int;
@ -637,14 +610,13 @@ unsafe fn EVP_DigestVerifyFinal(
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use hex::{self, FromHex}; use hex::{self, FromHex};
use std::iter;
use ec::{EcGroup, EcKey}; use ec::{EcGroup, EcKey};
use hash::MessageDigest; use hash::MessageDigest;
use nid::Nid; use nid::Nid;
use pkey::PKey; use pkey::PKey;
use rsa::{Padding, Rsa}; use rsa::{Padding, Rsa};
use sign::{RsaPssSaltlen, Signer, Verifier}; use sign::{Signer, Verifier};
const INPUT: &str = const INPUT: &str =
"65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\ "65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\
@ -698,124 +670,6 @@ mod test {
assert!(!verifier.verify(&Vec::from_hex(SIGNATURE).unwrap()).unwrap()); assert!(!verifier.verify(&Vec::from_hex(SIGNATURE).unwrap()).unwrap());
} }
fn test_hmac(ty: MessageDigest, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) {
for &(ref key, ref data, ref res) in tests.iter() {
let pkey = PKey::hmac(key).unwrap();
let mut signer = Signer::new(ty, &pkey).unwrap();
signer.update(data).unwrap();
assert_eq!(signer.sign_to_vec().unwrap(), *res);
}
}
#[test]
fn hmac_md5() {
// test vectors from RFC 2202
let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [
(
iter::repeat(0x0b_u8).take(16).collect(),
b"Hi There".to_vec(),
Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(),
),
(
b"Jefe".to_vec(),
b"what do ya want for nothing?".to_vec(),
Vec::from_hex("750c783e6ab0b503eaa86e310a5db738").unwrap(),
),
(
iter::repeat(0xaa_u8).take(16).collect(),
iter::repeat(0xdd_u8).take(50).collect(),
Vec::from_hex("56be34521d144c88dbb8c733f0e8b3f6").unwrap(),
),
(
Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
iter::repeat(0xcd_u8).take(50).collect(),
Vec::from_hex("697eaf0aca3a3aea3a75164746ffaa79").unwrap(),
),
(
iter::repeat(0x0c_u8).take(16).collect(),
b"Test With Truncation".to_vec(),
Vec::from_hex("56461ef2342edc00f9bab995690efd4c").unwrap(),
),
(
iter::repeat(0xaa_u8).take(80).collect(),
b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
Vec::from_hex("6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd").unwrap(),
),
(
iter::repeat(0xaa_u8).take(80).collect(),
b"Test Using Larger Than Block-Size Key \
and Larger Than One Block-Size Data"
.to_vec(),
Vec::from_hex("6f630fad67cda0ee1fb1f562db3aa53e").unwrap(),
),
];
test_hmac(MessageDigest::md5(), &tests);
}
#[test]
fn hmac_sha1() {
// test vectors from RFC 2202
let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [
(
iter::repeat(0x0b_u8).take(20).collect(),
b"Hi There".to_vec(),
Vec::from_hex("b617318655057264e28bc0b6fb378c8ef146be00").unwrap(),
),
(
b"Jefe".to_vec(),
b"what do ya want for nothing?".to_vec(),
Vec::from_hex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79").unwrap(),
),
(
iter::repeat(0xaa_u8).take(20).collect(),
iter::repeat(0xdd_u8).take(50).collect(),
Vec::from_hex("125d7342b9ac11cd91a39af48aa17b4f63f175d3").unwrap(),
),
(
Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
iter::repeat(0xcd_u8).take(50).collect(),
Vec::from_hex("4c9007f4026250c6bc8414f9bf50c86c2d7235da").unwrap(),
),
(
iter::repeat(0x0c_u8).take(20).collect(),
b"Test With Truncation".to_vec(),
Vec::from_hex("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04").unwrap(),
),
(
iter::repeat(0xaa_u8).take(80).collect(),
b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
Vec::from_hex("aa4ae5e15272d00e95705637ce8a3b55ed402112").unwrap(),
),
(
iter::repeat(0xaa_u8).take(80).collect(),
b"Test Using Larger Than Block-Size Key \
and Larger Than One Block-Size Data"
.to_vec(),
Vec::from_hex("e8e99d0f45237d786d6bbaa7965c7808bbff1a91").unwrap(),
),
];
test_hmac(MessageDigest::sha1(), &tests);
}
#[test]
#[cfg(ossl110)]
fn test_cmac() {
let cipher = ::symm::Cipher::aes_128_cbc();
let key = Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap();
let pkey = PKey::cmac(&cipher, &key).unwrap();
let mut signer = Signer::new_without_digest(&pkey).unwrap();
let data = b"Hi There";
signer.update(data as &[u8]).unwrap();
let expected = vec![
136, 101, 61, 167, 61, 30, 248, 234, 124, 166, 196, 157, 203, 52, 171, 19,
];
assert_eq!(signer.sign_to_vec().unwrap(), expected);
}
#[test] #[test]
fn ec() { fn ec() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();

56
openssl/src/ssl/callbacks.rs
View File

@ -15,11 +15,9 @@ use std::slice;
use std::str; use std::str;
use std::sync::Arc; use std::sync::Arc;
use dh::Dh;
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey; use ec::EcKey;
use error::ErrorStack; use error::ErrorStack;
use pkey::Params;
#[cfg(any(ossl102, libressl261))] #[cfg(any(ossl102, libressl261))]
use ssl::AlpnError; use ssl::AlpnError;
#[cfg(ossl111)] #[cfg(ossl111)]
@ -205,33 +203,6 @@ where
} }
} }
pub unsafe extern "C" fn raw_tmp_dh<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int,
) -> *mut ffi::DH
where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{
let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl
.ssl_context()
.ex_data(SslContext::cached_ex_index::<F>())
.expect("BUG: tmp dh callback missing") as *const F;
match (*callback)(ssl, is_export != 0, keylength as u32) {
Ok(dh) => {
let ptr = dh.as_ptr();
mem::forget(dh);
ptr
}
Err(e) => {
e.put();
ptr::null_mut()
}
}
}
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh<F>( pub unsafe extern "C" fn raw_tmp_ecdh<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,
@ -260,33 +231,6 @@ where
} }
} }
pub unsafe extern "C" fn raw_tmp_dh_ssl<F>(
ssl: *mut ffi::SSL,
is_export: c_int,
keylength: c_int,
) -> *mut ffi::DH
where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{
let ssl = SslRef::from_ptr_mut(ssl);
let callback = ssl
.ex_data(Ssl::cached_ex_index::<Arc<F>>())
.expect("BUG: ssl tmp dh callback missing")
.clone();
match callback(ssl, is_export != 0, keylength as u32) {
Ok(dh) => {
let ptr = dh.as_ptr();
mem::forget(dh);
ptr
}
Err(e) => {
e.put();
ptr::null_mut()
}
}
}
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>( pub unsafe extern "C" fn raw_tmp_ecdh_ssl<F>(
ssl: *mut ffi::SSL, ssl: *mut ffi::SSL,

40
openssl/src/ssl/mod.rs
View File

@ -78,7 +78,7 @@ use std::slice;
use std::str; use std::str;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use dh::{Dh, DhRef}; use dh::DhRef;
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
use ec::EcKey; use ec::EcKey;
use ec::EcKeyRef; use ec::EcKeyRef;
@ -197,7 +197,6 @@ bitflags! {
/// Disables the use of TLSv1.3. /// Disables the use of TLSv1.3.
/// ///
/// Requires OpenSSL 1.1.1 or newer. /// Requires OpenSSL 1.1.1 or newer.
#[cfg(ossl111)]
const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3; const NO_TLSV1_3 = ffi::SSL_OP_NO_TLSv1_3;
/// Disables the use of DTLSv1.0 /// Disables the use of DTLSv1.0
@ -796,26 +795,6 @@ impl SslContextBuilder {
unsafe { cvt(ffi::SSL_CTX_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_CTX_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as c_int).map(|_| ()) }
} }
/// Sets the callback which will generate parameters to be used during ephemeral Diffie-Hellman
/// key exchange.
///
/// The callback is provided with a reference to the `Ssl` for the session, as well as a boolean
/// indicating if the selected cipher is export-grade, and the key length. The export and key
/// length options are archaic and should be ignored in almost all cases.
///
/// This corresponds to [`SSL_CTX_set_tmp_dh_callback`].
///
/// [`SSL_CTX_set_tmp_dh_callback`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_tmp_dh.html
pub fn set_tmp_dh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
ffi::SSL_CTX_set_tmp_dh_callback(self.as_ptr(), raw_tmp_dh::<F>);
}
}
/// Sets the parameters to be used during ephemeral elliptic curve Diffie-Hellman key exchange. /// Sets the parameters to be used during ephemeral elliptic curve Diffie-Hellman key exchange.
/// ///
/// This corresponds to `SSL_CTX_set_tmp_ecdh`. /// This corresponds to `SSL_CTX_set_tmp_ecdh`.
@ -2414,23 +2393,6 @@ impl SslRef {
unsafe { cvt(ffi::SSL_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as c_int).map(|_| ()) } unsafe { cvt(ffi::SSL_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as c_int).map(|_| ()) }
} }
/// Like [`SslContextBuilder::set_tmp_dh_callback`].
///
/// This corresponds to [`SSL_set_tmp_dh_callback`].
///
/// [`SslContextBuilder::set_tmp_dh_callback`]: struct.SslContextBuilder.html#method.set_tmp_dh_callback
/// [`SSL_set_tmp_dh_callback`]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_set_tmp_dh.html
pub fn set_tmp_dh_callback<F>(&mut self, callback: F)
where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
{
unsafe {
// this needs to be in an Arc since the callback can register a new callback!
self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback));
ffi::SSL_set_tmp_dh_callback(self.as_ptr(), raw_tmp_dh_ssl::<F>);
}
}
/// Like [`SslContextBuilder::set_tmp_ecdh`]. /// Like [`SslContextBuilder::set_tmp_ecdh`].
/// ///
/// This corresponds to `SSL_set_tmp_ecdh`. /// This corresponds to `SSL_set_tmp_ecdh`.

96
openssl/src/ssl/test/mod.rs
View File

@ -19,7 +19,6 @@ use tempdir::TempDir;
use dh::Dh; use dh::Dh;
use error::ErrorStack; use error::ErrorStack;
use hash::MessageDigest; use hash::MessageDigest;
use ocsp::{OcspResponse, OcspResponseStatus};
use pkey::PKey; use pkey::PKey;
use srtp::SrtpProfileId; use srtp::SrtpProfileId;
use ssl; use ssl;
@ -296,7 +295,8 @@ fn state() {
let server = Server::builder().build(); let server = Server::builder().build();
let s = server.client().connect(); let s = server.client().connect();
assert_eq!(s.ssl().state_string(), "SSLOK "); // NOTE: Boring returs a placeholder string for state_string
assert_eq!(s.ssl().state_string(), "!!!!!!");
assert_eq!( assert_eq!(
s.ssl().state_string_long(), s.ssl().state_string_long(),
"SSL negotiation finished successfully" "SSL negotiation finished successfully"
@ -453,16 +453,17 @@ fn test_alpn_server_advertise_multiple() {
#[cfg(any(ossl110))] #[cfg(any(ossl110))]
fn test_alpn_server_select_none_fatal() { fn test_alpn_server_select_none_fatal() {
let mut server = Server::builder(); let mut server = Server::builder();
// NOTE: in Boring all alpn errors are treated as SSL_TLSEXT_ERR_NOACK
server.ctx().set_alpn_select_callback(|_, client| { server.ctx().set_alpn_select_callback(|_, client| {
ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client) ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client)
.ok_or(ssl::AlpnError::ALERT_FATAL) .ok_or(ssl::AlpnError::ALERT_FATAL)
}); });
server.should_error();
let server = server.build(); let server = server.build();
let mut client = server.client(); let mut client = server.client();
client.ctx().set_alpn_protos(b"\x06http/2").unwrap(); client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
client.connect_err(); let s = client.connect();
assert_eq!(None, s.ssl().selected_alpn_protocol());
} }
#[test] #[test]
@ -840,29 +841,6 @@ fn cert_store() {
client.connect(); client.connect();
} }
#[test]
fn tmp_dh_callback() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
let mut server = Server::builder();
server.ctx().set_tmp_dh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
let dh = include_bytes!("../../../test/dhparams.pem");
Dh::params_from_pem(dh)
});
let server = server.build();
let mut client = server.client();
// TLS 1.3 has no DH suites, so make sure we don't pick that version
#[cfg(ossl111)]
client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
client.ctx().set_cipher_list("EDH").unwrap();
client.connect();
assert!(CALLED_BACK.load(Ordering::SeqCst));
}
#[test] #[test]
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback() { fn tmp_ecdh_callback() {
@ -886,31 +864,6 @@ fn tmp_ecdh_callback() {
assert!(CALLED_BACK.load(Ordering::SeqCst)); assert!(CALLED_BACK.load(Ordering::SeqCst));
} }
#[test]
fn tmp_dh_callback_ssl() {
static CALLED_BACK: AtomicBool = AtomicBool::new(false);
let mut server = Server::builder();
server.ssl_cb(|ssl| {
ssl.set_tmp_dh_callback(|_, _, _| {
CALLED_BACK.store(true, Ordering::SeqCst);
let dh = include_bytes!("../../../test/dhparams.pem");
Dh::params_from_pem(dh)
});
});
let server = server.build();
let mut client = server.client();
// TLS 1.3 has no DH suites, so make sure we don't pick that version
#[cfg(ossl111)]
client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
client.ctx().set_cipher_list("EDH").unwrap();
client.connect();
assert!(CALLED_BACK.load(Ordering::SeqCst));
}
#[test] #[test]
#[cfg(all(ossl101, not(ossl110)))] #[cfg(all(ossl101, not(ossl110)))]
fn tmp_ecdh_callback_ssl() { fn tmp_ecdh_callback_ssl() {
@ -959,44 +912,6 @@ fn active_session() {
assert_eq!(copied, len); assert_eq!(copied, len);
} }
#[test]
fn status_callbacks() {
static CALLED_BACK_SERVER: AtomicBool = AtomicBool::new(false);
static CALLED_BACK_CLIENT: AtomicBool = AtomicBool::new(false);
let mut server = Server::builder();
server
.ctx()
.set_status_callback(|ssl| {
CALLED_BACK_SERVER.store(true, Ordering::SeqCst);
let response = OcspResponse::create(OcspResponseStatus::UNAUTHORIZED, None).unwrap();
let response = response.to_der().unwrap();
ssl.set_ocsp_status(&response).unwrap();
Ok(true)
})
.unwrap();
let server = server.build();
let mut client = server.client();
client
.ctx()
.set_status_callback(|ssl| {
CALLED_BACK_CLIENT.store(true, Ordering::SeqCst);
let response = OcspResponse::from_der(ssl.ocsp_status().unwrap()).unwrap();
assert_eq!(response.status(), OcspResponseStatus::UNAUTHORIZED);
Ok(true)
})
.unwrap();
let mut client = client.build().builder();
client.ssl().set_status_type(StatusType::OCSP).unwrap();
client.connect();
assert!(CALLED_BACK_SERVER.load(Ordering::SeqCst));
assert!(CALLED_BACK_CLIENT.load(Ordering::SeqCst));
}
#[test] #[test]
fn new_session_callback() { fn new_session_callback() {
@ -1326,7 +1241,6 @@ fn psk_ciphers() {
let mut client = server.client(); let mut client = server.client();
// This test relies on TLS 1.2 suites // This test relies on TLS 1.2 suites
#[cfg(ossl111)]
client.ctx().set_options(super::SslOptions::NO_TLSV1_3); client.ctx().set_options(super::SslOptions::NO_TLSV1_3);
client.ctx().set_cipher_list(CIPHER).unwrap(); client.ctx().set_cipher_list(CIPHER).unwrap();
client client

420
openssl/src/symm.rs
View File

@ -834,37 +834,6 @@ mod tests {
} }
} }
fn cipher_test_nopad(ciphertype: super::Cipher, pt: &str, ct: &str, key: &str, iv: &str) {
let pt = Vec::from_hex(pt).unwrap();
let ct = Vec::from_hex(ct).unwrap();
let key = Vec::from_hex(key).unwrap();
let iv = Vec::from_hex(iv).unwrap();
let computed = {
let mut c = Crypter::new(ciphertype, Mode::Decrypt, &key, Some(&iv)).unwrap();
c.pad(false);
let mut out = vec![0; ct.len() + ciphertype.block_size()];
let count = c.update(&ct, &mut out).unwrap();
let rest = c.finalize(&mut out[count..]).unwrap();
out.truncate(count + rest);
out
};
let expected = pt;
if computed != expected {
println!("Computed: {}", hex::encode(&computed));
println!("Expected: {}", hex::encode(&expected));
if computed.len() != expected.len() {
println!(
"Lengths differ: {} in computed vs {} expected",
computed.len(),
expected.len()
);
}
panic!("test failure");
}
}
#[test] #[test]
fn test_rc4() { fn test_rc4() {
let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000";
@ -875,21 +844,6 @@ mod tests {
cipher_test(super::Cipher::rc4(), pt, ct, key, iv); cipher_test(super::Cipher::rc4(), pt, ct, key, iv);
} }
#[test]
fn test_aes256_xts() {
// Test case 174 from
// http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f\
6503f462611dc542";
let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e8\
4f0b81d8725dbbc7";
let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b\
4180026ad640b74243b3133e7b9fae629403f6733423dae28";
let iv = "db200efb7eaaa737dbdf40babb68953f";
cipher_test(super::Cipher::aes_256_xts(), pt, ct, key, iv);
}
#[test] #[test]
fn test_aes128_ctr() { fn test_aes128_ctr() {
let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\
@ -902,38 +856,6 @@ mod tests {
cipher_test(super::Cipher::aes_128_ctr(), pt, ct, key, iv); cipher_test(super::Cipher::aes_128_ctr(), pt, ct, key, iv);
} }
#[test]
fn test_aes128_cfb1() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
let pt = "6bc1";
let ct = "68b3";
let key = "2b7e151628aed2a6abf7158809cf4f3c";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_128_cfb1(), pt, ct, key, iv);
}
#[test]
fn test_aes128_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "3b3fd92eb72dad20333449f8e83cfb4a";
let key = "2b7e151628aed2a6abf7158809cf4f3c";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_128_cfb128(), pt, ct, key, iv);
}
#[test]
fn test_aes128_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9";
let key = "2b7e151628aed2a6abf7158809cf4f3c";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_128_cfb8(), pt, ct, key, iv);
}
#[test] #[test]
fn test_aes128_ofb() { fn test_aes128_ofb() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@ -958,42 +880,6 @@ mod tests {
cipher_test(super::Cipher::aes_192_ctr(), pt, ct, key, iv); cipher_test(super::Cipher::aes_192_ctr(), pt, ct, key, iv);
} }
#[test]
fn test_aes192_cfb1() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
let pt = "6bc1";
let ct = "9359";
let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_192_cfb1(), pt, ct, key, iv);
}
#[test]
fn test_aes192_cfb128() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
let pt = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710";
let ct = "cdc80d6fddf18cab34c25909c99a417467ce7f7f81173621961a2b70171d3d7a2e1e8a1dd59b88b1c8e60fed1efac4c9c05f9f9ca9834fa042ae8fba584b09ff";
let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_192_cfb128(), pt, ct, key, iv);
}
#[test]
fn test_aes192_cfb8() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "cda2521ef0a905ca44cd057cbf0d47a0678a";
let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_192_cfb8(), pt, ct, key, iv);
}
#[test] #[test]
fn test_aes192_ofb() { fn test_aes192_ofb() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@ -1006,36 +892,6 @@ mod tests {
cipher_test(super::Cipher::aes_192_ofb(), pt, ct, key, iv); cipher_test(super::Cipher::aes_192_ofb(), pt, ct, key, iv);
} }
#[test]
fn test_aes256_cfb1() {
let pt = "6bc1";
let ct = "9029";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_256_cfb1(), pt, ct, key, iv);
}
#[test]
fn test_aes256_cfb128() {
let pt = "6bc1bee22e409f96e93d7e117393172a";
let ct = "dc7e84bfda79164b7ecd8486985d3860";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_256_cfb128(), pt, ct, key, iv);
}
#[test]
fn test_aes256_cfb8() {
let pt = "6bc1bee22e409f96e93d7e117393172aae2d";
let ct = "dc1f1a8520a64db55fcc8ac554844e889700";
let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4";
let iv = "000102030405060708090a0b0c0d0e0f";
cipher_test(super::Cipher::aes_256_cfb8(), pt, ct, key, iv);
}
#[test] #[test]
fn test_aes256_ofb() { fn test_aes256_ofb() {
// Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
@ -1048,48 +904,6 @@ mod tests {
cipher_test(super::Cipher::aes_256_ofb(), pt, ct, key, iv); cipher_test(super::Cipher::aes_256_ofb(), pt, ct, key, iv);
} }
#[test]
fn test_bf_cbc() {
// https://www.schneier.com/code/vectors.txt
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000000000";
let ct = "6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC";
let key = "0123456789ABCDEFF0E1D2C3B4A59687";
let iv = "FEDCBA9876543210";
cipher_test_nopad(super::Cipher::bf_cbc(), pt, ct, key, iv);
}
#[test]
fn test_bf_ecb() {
let pt = "5CD54CA83DEF57DA";
let ct = "B1B8CC0B250F09A0";
let key = "0131D9619DC1376E";
let iv = "0000000000000000";
cipher_test_nopad(super::Cipher::bf_ecb(), pt, ct, key, iv);
}
#[test]
fn test_bf_cfb64() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3";
let key = "0123456789ABCDEFF0E1D2C3B4A59687";
let iv = "FEDCBA9876543210";
cipher_test_nopad(super::Cipher::bf_cfb64(), pt, ct, key, iv);
}
#[test]
fn test_bf_ofb() {
let pt = "37363534333231204E6F77206973207468652074696D6520666F722000";
let ct = "E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA";
let key = "0123456789ABCDEFF0E1D2C3B4A59687";
let iv = "FEDCBA9876543210";
cipher_test_nopad(super::Cipher::bf_ofb(), pt, ct, key, iv);
}
#[test] #[test]
fn test_des_cbc() { fn test_des_cbc() {
let pt = "54686973206973206120746573742e"; let pt = "54686973206973206120746573742e";
@ -1130,16 +944,6 @@ mod tests {
cipher_test(super::Cipher::des_ede3_cbc(), pt, ct, key, iv); cipher_test(super::Cipher::des_ede3_cbc(), pt, ct, key, iv);
} }
#[test]
fn test_des_ede3_cfb64() {
let pt = "2b1773784b5889dc788477367daa98ad";
let ct = "6f2867cfefda048a4046ef7e556c7132";
let key = "7cb66337f3d3c0fe7cb66337f3d3c0fe7cb66337f3d3c0fe";
let iv = "0001020304050607";
cipher_test(super::Cipher::des_ede3_cfb64(), pt, ct, key, iv);
}
#[test] #[test]
fn test_aes128_gcm() { fn test_aes128_gcm() {
let key = "0e00c76561d2bd9b40c3c15427e2b08f"; let key = "0e00c76561d2bd9b40c3c15427e2b08f";
@ -1181,228 +985,4 @@ mod tests {
.unwrap(); .unwrap();
assert_eq!(pt, hex::encode(out)); assert_eq!(pt, hex::encode(out));
} }
#[test]
fn test_aes128_ccm() {
let key = "3ee186594f110fb788a8bf8aa8be5d4a";
let nonce = "44f705d52acf27b7f17196aa9b";
let aad = "2c16724296ff85e079627be3053ea95adf35722c21886baba343bd6c79b5cb57";
let pt = "d71864877f2578db092daba2d6a1f9f4698a9c356c7830a1";
let ct = "b4dd74e7a0cc51aea45dfb401a41d5822c96901a83247ea0";
let tag = "d6965f5aa6e31302a9cc2b36";
let mut actual_tag = [0; 12];
let out = encrypt_aead(
Cipher::aes_128_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(pt).unwrap(),
&mut actual_tag,
)
.unwrap();
assert_eq!(ct, hex::encode(out));
assert_eq!(tag, hex::encode(actual_tag));
let out = decrypt_aead(
Cipher::aes_128_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
)
.unwrap();
assert_eq!(pt, hex::encode(out));
}
#[test]
fn test_aes128_ccm_verify_fail() {
let key = "3ee186594f110fb788a8bf8aa8be5d4a";
let nonce = "44f705d52acf27b7f17196aa9b";
let aad = "2c16724296ff85e079627be3053ea95adf35722c21886baba343bd6c79b5cb57";
let ct = "b4dd74e7a0cc51aea45dfb401a41d5822c96901a83247ea0";
let tag = "00005f5aa6e31302a9cc2b36";
let out = decrypt_aead(
Cipher::aes_128_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
);
assert!(out.is_err());
}
#[test]
fn test_aes256_ccm() {
let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d";
let nonce = "dde2a362ce81b2b6913abc3095";
let aad = "404f5df97ece7431987bc098cce994fc3c063b519ffa47b0365226a0015ef695";
let pt = "7ebef26bf4ecf6f0ebb2eb860edbf900f27b75b4a6340fdb";
let ct = "353022db9c568bd7183a13c40b1ba30fcc768c54264aa2cd";
let tag = "2927a053c9244d3217a7ad05";
let mut actual_tag = [0; 12];
let out = encrypt_aead(
Cipher::aes_256_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(pt).unwrap(),
&mut actual_tag,
)
.unwrap();
assert_eq!(ct, hex::encode(out));
assert_eq!(tag, hex::encode(actual_tag));
let out = decrypt_aead(
Cipher::aes_256_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
)
.unwrap();
assert_eq!(pt, hex::encode(out));
}
#[test]
fn test_aes256_ccm_verify_fail() {
let key = "7f4af6765cad1d511db07e33aaafd57646ec279db629048aa6770af24849aa0d";
let nonce = "dde2a362ce81b2b6913abc3095";
let aad = "404f5df97ece7431987bc098cce994fc3c063b519ffa47b0365226a0015ef695";
let ct = "353022db9c568bd7183a13c40b1ba30fcc768c54264aa2cd";
let tag = "0000a053c9244d3217a7ad05";
let out = decrypt_aead(
Cipher::aes_256_ccm(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(nonce).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
);
assert!(out.is_err());
}
#[test]
#[cfg(ossl110)]
fn test_aes_128_ocb() {
let key = "000102030405060708090a0b0c0d0e0f";
let aad = "0001020304050607";
let tag = "16dc76a46d47e1ead537209e8a96d14e";
let iv = "000102030405060708090a0b";
let pt = "0001020304050607";
let ct = "92b657130a74b85a";
let mut actual_tag = [0; 16];
let out = encrypt_aead(
Cipher::aes_128_ocb(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(iv).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(pt).unwrap(),
&mut actual_tag,
)
.unwrap();
assert_eq!(ct, hex::encode(out));
assert_eq!(tag, hex::encode(actual_tag));
let out = decrypt_aead(
Cipher::aes_128_ocb(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(iv).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
)
.unwrap();
assert_eq!(pt, hex::encode(out));
}
#[test]
#[cfg(ossl110)]
fn test_aes_128_ocb_fail() {
let key = "000102030405060708090a0b0c0d0e0f";
let aad = "0001020304050607";
let tag = "16dc76a46d47e1ead537209e8a96d14e";
let iv = "000000000405060708090a0b";
let ct = "92b657130a74b85a";
let out = decrypt_aead(
Cipher::aes_128_ocb(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(iv).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
);
assert!(out.is_err());
}
#[test]
#[cfg(any(ossl110))]
fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000";
let pt =
"000000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000";
let ct =
"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7\
724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586";
cipher_test(Cipher::chacha20(), pt, ct, key, iv);
}
#[test]
#[cfg(any(ossl110))]
fn test_chacha20_poly1305() {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";
let aad = "50515253c0c1c2c3c4c5c6c7";
let pt =
"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393\
a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f722074\
6865206675747572652c2073756e73637265656e20776f756c642062652069742e";
let ct =
"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca967128\
2fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa\
b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116";
let tag = "1ae10b594f09e26a7e902ecbd0600691";
let mut actual_tag = [0; 16];
let out = encrypt_aead(
Cipher::chacha20_poly1305(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(iv).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(pt).unwrap(),
&mut actual_tag,
)
.unwrap();
assert_eq!(ct, hex::encode(out));
assert_eq!(tag, hex::encode(actual_tag));
let out = decrypt_aead(
Cipher::chacha20_poly1305(),
&Vec::from_hex(key).unwrap(),
Some(&Vec::from_hex(iv).unwrap()),
&Vec::from_hex(aad).unwrap(),
&Vec::from_hex(ct).unwrap(),
&Vec::from_hex(tag).unwrap(),
)
.unwrap();
assert_eq!(pt, hex::encode(out));
}
} }

11
openssl/src/version.rs
View File

@ -114,17 +114,8 @@ fn test_versions() {
println!("Platform: '{}'", platform()); println!("Platform: '{}'", platform());
println!("Dir: '{}'", dir()); println!("Dir: '{}'", dir());
#[cfg(not(libressl))]
fn expected_name() -> &'static str {
"OpenSSL"
}
#[cfg(libressl)]
fn expected_name() -> &'static str {
"LibreSSL"
}
assert!(number() > 0); assert!(number() > 0);
assert!(version().starts_with(expected_name())); assert!(version().starts_with("BoringSSL"));
assert!(c_flags().starts_with("compiler:")); assert!(c_flags().starts_with("compiler:"));
assert!(built_on().starts_with("built on:")); assert!(built_on().starts_with("built on:"));
assert!(dir().starts_with("OPENSSLDIR:")); assert!(dir().starts_with("OPENSSLDIR:"));

1
openssl/src/x509/mod.rs
View File

@ -655,6 +655,7 @@ impl X509 {
ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut());
if r.is_null() { if r.is_null() {
let err = ffi::ERR_peek_last_error(); let err = ffi::ERR_peek_last_error();
if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM
&& ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE
{ {

3
openssl/src/x509/tests.rs
View File

@ -36,7 +36,8 @@ fn test_debug() {
let cert = include_bytes!("../../test/cert.pem"); let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap(); let cert = X509::from_pem(cert).unwrap();
let debugged = format!("{:#?}", cert); let debugged = format!("{:#?}", cert);
assert!(debugged.contains(r#"serial_number: "8771F7BDEE982FA5""#));
assert!(debugged.contains(r#"serial_number: "8771f7bdee982fa5""#));
assert!(debugged.contains(r#"signature_algorithm: sha256WithRSAEncryption"#)); assert!(debugged.contains(r#"signature_algorithm: sha256WithRSAEncryption"#));
assert!(debugged.contains(r#"countryName = "AU""#)); assert!(debugged.contains(r#"countryName = "AU""#));
assert!(debugged.contains(r#"stateOrProvinceName = "Some-State""#)); assert!(debugged.contains(r#"stateOrProvinceName = "Some-State""#));