min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #476 from sfackler/error-handling 

Overhaul error handling plus random APIs
This commit is contained in:
Steven Fackler 2016-10-17 09:14:33 -07:00 committed by GitHub
parent fdb4131064 a938a001a7
commit f6bf022cf2
21 changed files with 1429 additions and 1663 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openssl/src/asn1/mod.rs → openssl/src/asn1.rs
View File

@ -2,9 +2,10 @@ use libc::c_long;
use std::{ptr, fmt}; use std::{ptr, fmt};
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ops::Deref; use std::ops::Deref;
use bio::MemBio;
use ffi; use ffi;
use {cvt, cvt_p};
use bio::MemBio;
use error::ErrorStack; use error::ErrorStack;
/// Corresponds to the ASN.1 structure Time defined in RFC5280 /// Corresponds to the ASN.1 structure Time defined in RFC5280
@ -20,7 +21,7 @@ impl Asn1Time {
ffi::init(); ffi::init();
unsafe { unsafe {
let handle = try_ssl_null!(ffi::X509_gmtime_adj(ptr::null_mut(), period)); let handle = try!(cvt_p(ffi::X509_gmtime_adj(ptr::null_mut(), period)));
Ok(Asn1Time::from_ptr(handle)) Ok(Asn1Time::from_ptr(handle))
} }
} }
@ -58,7 +59,7 @@ impl<'a> fmt::Display for Asn1TimeRef<'a> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
let as_str = unsafe { let as_str = unsafe {
try_ssl!(ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0)); try!(cvt(ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0)));
String::from_utf8_unchecked(mem_bio.get_buf().to_owned()) String::from_utf8_unchecked(mem_bio.get_buf().to_owned())
}; };
write!(f, "{}", as_str) write!(f, "{}", as_str)

5
openssl/src/bio.rs
View File

@ -4,6 +4,7 @@ use std::slice;
use libc::c_int; use libc::c_int;
use ffi; use ffi;
use cvt_p;
use error::ErrorStack; use error::ErrorStack;
pub struct MemBioSlice<'a>(*mut ffi::BIO, PhantomData<&'a [u8]>); pub struct MemBioSlice<'a>(*mut ffi::BIO, PhantomData<&'a [u8]>);
@ -22,7 +23,7 @@ impl<'a> MemBioSlice<'a> {
assert!(buf.len() <= c_int::max_value() as usize); assert!(buf.len() <= c_int::max_value() as usize);
let bio = unsafe { let bio = unsafe {
try_ssl_null!(BIO_new_mem_buf(buf.as_ptr() as *const _, buf.len() as c_int)) try!(cvt_p(BIO_new_mem_buf(buf.as_ptr() as *const _, buf.len() as c_int)))
}; };
Ok(MemBioSlice(bio, PhantomData)) Ok(MemBioSlice(bio, PhantomData))
@ -48,7 +49,7 @@ impl MemBio {
ffi::init(); ffi::init();
let bio = unsafe { let bio = unsafe {
try_ssl_null!(ffi::BIO_new(ffi::BIO_s_mem())) try!(cvt_p(ffi::BIO_new(ffi::BIO_s_mem())))
}; };
Ok(MemBio(bio)) Ok(MemBio(bio))
} }

908
openssl/src/bn.rs Normal file
View File

@ -0,0 +1,908 @@
use ffi;
use libc::{c_int, c_void};
use std::cmp::Ordering;
use std::ffi::{CStr, CString};
use std::{fmt, ptr};
use std::marker::PhantomData;
use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref, DerefMut};
use {cvt, cvt_p, cvt_n};
use error::ErrorStack;
/// Specifies the desired properties of a randomly generated `BigNum`.
#[derive(Copy, Clone)]
#[repr(C)]
pub enum RNGProperty {
/// The most significant bit of the number is allowed to be 0.
MsbMaybeZero = -1,
/// The MSB should be set to 1.
MsbOne = 0,
/// The two most significant bits of the number will be set to 1, so that the product of two
/// such random numbers will always have `2 * bits` length.
TwoMsbOne = 1,
}
/// A context object for `BigNum` operations.
pub struct BnCtx(*mut ffi::BN_CTX);
impl Drop for BnCtx {
fn drop(&mut self) {
unsafe {
ffi::BN_CTX_free(self.0);
}
}
}
impl BnCtx {
/// Returns a new `BnCtx`.
pub fn new() -> Result<BnCtx, ErrorStack> {
unsafe {
cvt_p(ffi::BN_CTX_new()).map(BnCtx)
}
}
/// Places the result of `a * b` in `r`.
pub fn mul(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
b: &BigNumRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mul(r.0, a.0, b.0, self.0)).map(|_| ())
}
}
/// Places the result of `a / b` in `dv` and `a mod b` in `rem`.
pub fn div(&mut self,
dv: Option<&mut BigNumRef>,
rem: Option<&mut BigNumRef>,
a: &BigNumRef,
b: &BigNumRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_div(dv.map(|b| b.0).unwrap_or(ptr::null_mut()),
rem.map(|b| b.0).unwrap_or(ptr::null_mut()),
a.0,
b.0,
self.0))
.map(|_| ())
}
}
/// Places the result of `a²` in `r`.
pub fn sqr(&mut self, r: &mut BigNumRef, a: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_sqr(r.as_ptr(), a.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `a mod m` in `r`.
pub fn nnmod(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
m: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_nnmod(r.as_ptr(), a.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `(a + b) mod m` in `r`.
pub fn mod_add(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
b: &BigNumRef,
m: &BigNumRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mod_add(r.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `(a - b) mod m` in `r`.
pub fn mod_sub(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
b: &BigNumRef,
m: &BigNumRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mod_sub(r.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `(a * b) mod m` in `r`.
pub fn mod_mul(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
b: &BigNumRef,
m: &BigNumRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mod_mul(r.as_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `a² mod m` in `r`.
pub fn mod_sqr(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
m: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mod_sqr(r.as_ptr(), a.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `a^p` in `r`.
pub fn exp(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
p: &BigNumRef) -> Result<(), ErrorStack> {
unsafe{
cvt(ffi::BN_exp(r.as_ptr(), a.as_ptr(), p.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the result of `a^p mod m` in `r`.
pub fn mod_exp(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
p: &BigNumRef,
m: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mod_exp(r.as_ptr(), a.as_ptr(), p.as_ptr(), m.as_ptr(), self.0)).map(|_| ())
}
}
/// Places the inverse of `a` modulo `n` in `r`.
pub fn mod_inverse(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
n: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt_p(ffi::BN_mod_inverse(r.0, a.0, n.0, self.0)).map(|_| ())
}
}
/// Places the greatest common denominator of `a` and `b` in `r`.
pub fn gcd(&mut self,
r: &mut BigNumRef,
a: &BigNumRef,
b: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_gcd(r.0, a.0, b.0, self.0)).map(|_| ())
}
}
/// Checks whether `p` is prime.
///
/// Performs a Miller-Rabin probabilistic primality test with `checks` iterations.
///
/// Returns `true` if `p` is prime with an error probability of less than `0.25 ^ checks`.
pub fn is_prime(&mut self, p: &BigNumRef, checks: i32) -> Result<bool, ErrorStack> {
unsafe {
cvt_n(ffi::BN_is_prime_ex(p.0, checks.into(), self.0, ptr::null_mut())).map(|r| r != 0)
}
}
/// Checks whether `p` is prime with optional trial division.
///
/// If `do_trial_division` is `true`, first performs trial division by a number of small primes.
/// Then, like `is_prime`, performs a Miller-Rabin probabilistic primality test with `checks`
/// iterations.
///
/// # Return Value
///
/// Returns `true` if `p` is prime with an error probability of less than `0.25 ^ checks`.
pub fn is_prime_fasttest(&mut self,
p: &BigNumRef,
checks: i32,
do_trial_division: bool) -> Result<bool, ErrorStack> {
unsafe {
cvt_n(ffi::BN_is_prime_fasttest_ex(p.0,
checks.into(),
self.0,
do_trial_division as c_int,
ptr::null_mut()))
.map(|r| r != 0)
}
}
/// Generates a cryptographically strong pseudo-random `BigNum`, placing it in `r`.
///
/// # Parameters
///
/// * `bits`: Length of the number in bits.
/// * `prop`: The desired properties of the number.
/// * `odd`: If `true`, the generated number will be odd.
pub fn rand(r: &mut BigNumRef,
bits: i32,
prop: RNGProperty,
odd: bool)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_rand(r.0, bits.into(), prop as c_int, odd as c_int)).map(|_| ())
}
}
/// The cryptographically weak counterpart to `checked_new_random`.
pub fn pseudo_rand(r: &mut BigNumRef,
bits: i32,
prop: RNGProperty,
odd: bool)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_pseudo_rand(r.0, bits.into(), prop as c_int, odd as c_int)).map(|_| ())
}
}
}
/// A borrowed, signed, arbitrary-precision integer.
#[derive(Copy, Clone)]
pub struct BigNumRef<'a>(*mut ffi::BIGNUM, PhantomData<&'a ()>);
impl<'a> BigNumRef<'a> {
pub unsafe fn from_ptr(handle: *mut ffi::BIGNUM) -> BigNumRef<'a> {
BigNumRef(handle, PhantomData)
}
/// Adds a `u32` to `self`.
pub fn add_word(&mut self, w: u32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_add_word(self.0, w as ffi::BN_ULONG)).map(|_| ())
}
}
/// Subtracts a `u32` from `self`.
pub fn sub_word(&mut self, w: u32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_sub_word(self.0, w as ffi::BN_ULONG)).map(|_| ())
}
}
/// Multiplies a `u32` by `self`.
pub fn mul_word(&mut self, w: u32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mul_word(self.0, w as ffi::BN_ULONG)).map(|_| ())
}
}
/// Divides `self` by a `u32`, returning the remainder.
pub fn div_word(&mut self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_div_word(self.0, w.into());
if r == ffi::BN_ULONG::max_value() {
Err(ErrorStack::get())
} else {
Ok(r.into())
}
}
}
/// Returns the result of `self` modulo `w`.
pub fn mod_word(&self, w: u32) -> Result<u64, ErrorStack> {
unsafe {
let r = ffi::BN_mod_word(self.0, w.into());
if r == ffi::BN_ULONG::max_value() {
Err(ErrorStack::get())
} else {
Ok(r.into())
}
}
}
/// Places a cryptographically-secure pseudo-random number nonnegative
/// number less than `self` in `rnd`.
pub fn rand_in_range(&self, rnd: &mut BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_rand_range(self.0, rnd.0)).map(|_| ())
}
}
/// The cryptographically weak counterpart to `rand_in_range`.
pub fn pseudo_rand_in_range(&self, rnd: &mut BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_pseudo_rand_range(self.0, rnd.0)).map(|_| ())
}
}
/// Sets bit `n`. Equivalent to `self |= (1 << n)`.
///
/// When setting a bit outside of `self`, it is expanded.
pub fn set_bit(&mut self, n: i32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_set_bit(self.0, n.into())).map(|_| ())
}
}
/// Clears bit `n`, setting it to 0. Equivalent to `self &= ~(1 << n)`.
///
/// When clearing a bit outside of `self`, an error is returned.
pub fn clear_bit(&mut self, n: i32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_clear_bit(self.0, n.into())).map(|_| ())
}
}
/// Returns `true` if the `n`th bit of `self` is set to 1, `false` otherwise.
pub fn is_bit_set(&self, n: i32) -> bool {
unsafe {
ffi::BN_is_bit_set(self.0, n.into()) == 1
}
}
/// Truncates `self` to the lowest `n` bits.
///
/// An error occurs if `self` is already shorter than `n` bits.
pub fn mask_bits(&mut self, n: i32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_mask_bits(self.0, n.into())).map(|_| ())
}
}
/// Places `self << 1` in `r`.
pub fn lshift1(&self, r: &mut BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_lshift1(r.0, self.0)).map(|_| ())
}
}
/// Places `self >> 1` in `r`.
pub fn rshift1(&self, r: &mut BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_rshift1(r.0, self.0)).map(|_| ())
}
}
/// Places `self + b` in `r`.
pub fn add(&self, r: &mut BigNumRef, b: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_add(r.0, self.0, b.0)).map(|_| ())
}
}
/// Places `self - b` in `r`.
pub fn sub(&self, r: &mut BigNumRef, b: &BigNumRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_sub(r.0, self.0, b.0)).map(|_| ())
}
}
/// Places `self << n` in `r`.
pub fn lshift(&self, r: &mut BigNumRef, b: i32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_lshift(r.0, self.0, b.into())).map(|_| ())
}
}
/// Places `self >> n` in `r`.
pub fn rshift(&self, r: &mut BigNumRef, n: i32) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_rshift(r.0, self.0, n.into())).map(|_| ())
}
}
pub fn to_owned(&self) -> Result<BigNum, ErrorStack> {
unsafe {
cvt_p(ffi::BN_dup(self.0)).map(|b| BigNum::from_ptr(b))
}
}
/// Sets the sign of `self`.
pub fn set_negative(&mut self, negative: bool) {
unsafe {
ffi::BN_set_negative(self.0, negative as c_int)
}
}
/// Compare the absolute values of `self` and `oth`.
///
/// ```
/// # use openssl::bn::BigNum;
/// # use std::cmp::Ordering;
/// let s = -BigNum::from_u32(8).unwrap();
/// let o = BigNum::from_u32(8).unwrap();
///
/// assert_eq!(s.ucmp(&o), Ordering::Equal);
/// ```
pub fn ucmp(&self, oth: &BigNumRef) -> Ordering {
unsafe {
let res = ffi::BN_ucmp(self.as_ptr(), oth.as_ptr());
if res < 0 {
Ordering::Less
} else if res > 0 {
Ordering::Greater
} else {
Ordering::Equal
}
}
}
pub fn is_negative(&self) -> bool {
self._is_negative()
}
#[cfg(ossl10x)]
fn _is_negative(&self) -> bool {
unsafe { (*self.as_ptr()).neg == 1 }
}
#[cfg(ossl110)]
fn _is_negative(&self) -> bool {
unsafe { ffi::BN_is_negative(self.as_ptr()) == 1 }
}
/// Returns the number of significant bits in `self`.
pub fn num_bits(&self) -> i32 {
unsafe { ffi::BN_num_bits(self.as_ptr()) as i32 }
}
/// Returns the size of `self` in bytes.
pub fn num_bytes(&self) -> i32 {
(self.num_bits() + 7) / 8
}
pub fn as_ptr(&self) -> *mut ffi::BIGNUM {
self.0
}
/// Returns a big-endian byte vector representation of the absolute value of `self`.
///
/// `self` can be recreated by using `new_from_slice`.
///
/// ```
/// # use openssl::bn::BigNum;
/// let s = -BigNum::from_u32(4543).unwrap();
/// let r = BigNum::from_u32(4543).unwrap();
///
/// let s_vec = s.to_vec();
/// assert_eq!(BigNum::from_slice(&s_vec).unwrap(), r);
/// ```
pub fn to_vec(&self) -> Vec<u8> {
let size = self.num_bytes() as usize;
let mut v = Vec::with_capacity(size);
unsafe {
ffi::BN_bn2bin(self.as_ptr(), v.as_mut_ptr());
v.set_len(size);
}
v
}
/// Returns a decimal string representation of `self`.
///
/// ```
/// # use openssl::bn::BigNum;
/// let s = -BigNum::from_u32(12345).unwrap();
///
/// assert_eq!(s.to_dec_str().unwrap(), "-12345");
/// ```
pub fn to_dec_str(&self) -> Result<String, ErrorStack> {
unsafe {
let buf = try!(cvt_p(ffi::BN_bn2dec(self.as_ptr())));
let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec())
.unwrap();
CRYPTO_free!(buf as *mut c_void);
Ok(str)
}
}
/// Returns a hexadecimal string representation of `self`.
///
/// ```
/// # use openssl::bn::BigNum;
/// let s = -BigNum::from_u32(0x99ff).unwrap();
///
/// assert_eq!(s.to_hex_str().unwrap(), "-99FF");
/// ```
pub fn to_hex_str(&self) -> Result<String, ErrorStack> {
unsafe {
let buf = try!(cvt_p(ffi::BN_bn2hex(self.as_ptr())));
let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec())
.unwrap();
CRYPTO_free!(buf as *mut c_void);
Ok(str)
}
}
}
/// An owned, signed, arbitrary-precision integer.
///
/// `BigNum` provides wrappers around OpenSSL's checked arithmetic functions.
/// Additionally, it implements the standard operators (`std::ops`), which
/// perform unchecked arithmetic, unwrapping the returned `Result` of the
/// checked operations.
pub struct BigNum(BigNumRef<'static>);
impl BigNum {
/// Creates a new `BigNum` with the value 0.
pub fn new() -> Result<BigNum, ErrorStack> {
unsafe {
ffi::init();
let v = try!(cvt_p(ffi::BN_new()));
Ok(BigNum::from_ptr(v))
}
}
/// Creates a new `BigNum` with the given value.
pub fn from_u32(n: u32) -> Result<BigNum, ErrorStack> {
BigNum::new().and_then(|v| unsafe {
cvt(ffi::BN_set_word(v.as_ptr(), n as ffi::BN_ULONG)).map(|_| v)
})
}
/// Creates a `BigNum` from a decimal string.
pub fn from_dec_str(s: &str) -> Result<BigNum, ErrorStack> {
unsafe {
let c_str = CString::new(s.as_bytes()).unwrap();
let mut bn = ptr::null_mut();
try!(cvt(ffi::BN_dec2bn(&mut bn, c_str.as_ptr() as *const _)));
Ok(BigNum::from_ptr(bn))
}
}
/// Creates a `BigNum` from a hexadecimal string.
pub fn from_hex_str(s: &str) -> Result<BigNum, ErrorStack> {
unsafe {
let c_str = CString::new(s.as_bytes()).unwrap();
let mut bn = ptr::null_mut();
try!(cvt(ffi::BN_hex2bn(&mut bn, c_str.as_ptr() as *const _)));
Ok(BigNum::from_ptr(bn))
}
}
pub unsafe fn from_ptr(handle: *mut ffi::BIGNUM) -> BigNum {
BigNum(BigNumRef::from_ptr(handle))
}
/// Creates a new `BigNum` from an unsigned, big-endian encoded number of arbitrary length.
///
/// ```
/// # use openssl::bn::BigNum;
/// let bignum = BigNum::from_slice(&[0x12, 0x00, 0x34]).unwrap();
///
/// assert_eq!(bignum, BigNum::from_u32(0x120034).unwrap());
/// ```
pub fn from_slice(n: &[u8]) -> Result<BigNum, ErrorStack> {
unsafe {
assert!(n.len() <= c_int::max_value() as usize);
cvt_p(ffi::BN_bin2bn(n.as_ptr(), n.len() as c_int, ptr::null_mut()))
.map(|p| BigNum::from_ptr(p))
}
}
/// Generates a prime number, placing it in `r`.
///
/// # Parameters
///
/// * `bits`: The length of the prime in bits (lower bound).
/// * `safe`: If true, returns a "safe" prime `p` so that `(p-1)/2` is also prime.
/// * `add`/`rem`: If `add` is set to `Some(add)`, `p % add == rem` will hold, where `p` is the
/// generated prime and `rem` is `1` if not specified (`None`).
pub fn generate_prime(r: &mut BigNumRef,
bits: i32,
safe: bool,
add: Option<&BigNumRef>,
rem: Option<&BigNumRef>)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::BN_generate_prime_ex(r.0,
bits as c_int,
safe as c_int,
add.map(|n| n.0).unwrap_or(ptr::null_mut()),
rem.map(|n| n.0).unwrap_or(ptr::null_mut()),
ptr::null_mut()))
.map(|_| ())
}
}
}
impl Drop for BigNum {
fn drop(&mut self) {
unsafe { ffi::BN_clear_free(self.as_ptr()); }
}
}
impl Deref for BigNum {
type Target = BigNumRef<'static>;
fn deref(&self) -> &BigNumRef<'static> {
&self.0
}
}
impl DerefMut for BigNum {
fn deref_mut(&mut self) -> &mut BigNumRef<'static> {
&mut self.0
}
}
impl AsRef<BigNumRef<'static>> for BigNum {
fn as_ref(&self) -> &BigNumRef<'static> {
self.deref()
}
}
impl<'a> fmt::Debug for BigNumRef<'a> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self.to_dec_str() {
Ok(s) => f.write_str(&s),
Err(e) => Err(e.into()),
}
}
}
impl fmt::Debug for BigNum {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self.to_dec_str() {
Ok(s) => f.write_str(&s),
Err(e) => Err(e.into()),
}
}
}
impl<'a> fmt::Display for BigNumRef<'a> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self.to_dec_str() {
Ok(s) => f.write_str(&s),
Err(e) => Err(e.into()),
}
}
}
impl fmt::Display for BigNum {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self.to_dec_str() {
Ok(s) => f.write_str(&s),
Err(e) => Err(e.into()),
}
}
}
impl<'a, 'b> PartialEq<BigNumRef<'b>> for BigNumRef<'a> {
fn eq(&self, oth: &BigNumRef) -> bool {
self.cmp(oth) == Ordering::Equal
}
}
impl<'a> PartialEq<BigNum> for BigNumRef<'a> {
fn eq(&self, oth: &BigNum) -> bool {
self.eq(oth.deref())
}
}
impl<'a> Eq for BigNumRef<'a> {}
impl PartialEq for BigNum {
fn eq(&self, oth: &BigNum) -> bool {
self.deref().eq(oth)
}
}
impl<'a> PartialEq<BigNumRef<'a>> for BigNum {
fn eq(&self, oth: &BigNumRef) -> bool {
self.deref().eq(oth)
}
}
impl Eq for BigNum {}
impl<'a, 'b> PartialOrd<BigNumRef<'b>> for BigNumRef<'a> {
fn partial_cmp(&self, oth: &BigNumRef) -> Option<Ordering> {
Some(self.cmp(oth))
}
}
impl<'a> PartialOrd<BigNum> for BigNumRef<'a> {
fn partial_cmp(&self, oth: &BigNum) -> Option<Ordering> {
Some(self.cmp(oth.deref()))
}
}
impl<'a> Ord for BigNumRef<'a> {
fn cmp(&self, oth: &BigNumRef) -> Ordering {
unsafe { ffi::BN_cmp(self.as_ptr(), oth.as_ptr()).cmp(&0) }
}
}
impl PartialOrd for BigNum {
fn partial_cmp(&self, oth: &BigNum) -> Option<Ordering> {
self.deref().partial_cmp(oth.deref())
}
}
impl<'a> PartialOrd<BigNumRef<'a>> for BigNum {
fn partial_cmp(&self, oth: &BigNumRef) -> Option<Ordering> {
self.deref().partial_cmp(oth)
}
}
impl Ord for BigNum {
fn cmp(&self, oth: &BigNum) -> Ordering {
self.deref().cmp(oth.deref())
}
}
macro_rules! delegate {
($t:ident, $m:ident) => {
impl<'a, 'b> $t<&'b BigNum> for &'a BigNumRef<'a> {
type Output = BigNum;
fn $m(self, oth: &BigNum) -> BigNum {
$t::$m(self, oth.deref())
}
}
impl<'a, 'b> $t<&'b BigNumRef<'b>> for &'a BigNum {
type Output = BigNum;
fn $m(self, oth: &BigNumRef) -> BigNum {
$t::$m(self.deref(), oth)
}
}
impl<'a, 'b> $t<&'b BigNum> for &'a BigNum {
type Output = BigNum;
fn $m(self, oth: &BigNum) -> BigNum {
$t::$m(self.deref(), oth.deref())
}
}
}
}
impl<'a, 'b> Add<&'b BigNumRef<'b>> for &'a BigNumRef<'a> {
type Output = BigNum;
fn add(self, oth: &BigNumRef) -> BigNum {
let mut r = BigNum::new().unwrap();
self.add(&mut r, oth).unwrap();
r
}
}
delegate!(Add, add);
impl<'a, 'b> Sub<&'b BigNumRef<'b>> for &'a BigNumRef<'a> {
type Output = BigNum;
fn sub(self, oth: &BigNumRef) -> BigNum {
let mut r = BigNum::new().unwrap();
self.sub(&mut r, oth).unwrap();
r
}
}
delegate!(Sub, sub);
impl<'a, 'b> Mul<&'b BigNumRef<'b>> for &'a BigNumRef<'a> {
type Output = BigNum;
fn mul(self, oth: &BigNumRef) -> BigNum {
let mut ctx = BnCtx::new().unwrap();
let mut r = BigNum::new().unwrap();
ctx.mul(&mut r, self, oth).unwrap();
r
}
}
delegate!(Mul, mul);
impl<'a, 'b> Div<&'b BigNumRef<'b>> for &'a BigNumRef<'a> {
type Output = BigNum;
fn div(self, oth: &'b BigNumRef<'b>) -> BigNum {
let mut ctx = BnCtx::new().unwrap();
let mut dv = BigNum::new().unwrap();
ctx.div(Some(&mut dv), None, self, oth).unwrap();
dv
}
}
delegate!(Div, div);
impl<'a, 'b> Rem<&'b BigNumRef<'b>> for &'a BigNumRef<'a> {
type Output = BigNum;
fn rem(self, oth: &'b BigNumRef<'b>) -> BigNum {
let mut ctx = BnCtx::new().unwrap();
let mut rem = BigNum::new().unwrap();
ctx.div(None, Some(&mut rem), self, oth).unwrap();
rem
}
}
delegate!(Rem, rem);
impl<'a> Shl<i32> for &'a BigNumRef<'a> {
type Output = BigNum;
fn shl(self, n: i32) -> BigNum {
let mut r = BigNum::new().unwrap();
self.lshift(&mut r, n).unwrap();
r
}
}
impl<'a> Shl<i32> for &'a BigNum {
type Output = BigNum;
fn shl(self, n: i32) -> BigNum {
self.deref().shl(n)
}
}
impl<'a> Shr<i32> for &'a BigNumRef<'a> {
type Output = BigNum;
fn shr(self, n: i32) -> BigNum {
let mut r = BigNum::new().unwrap();
self.rshift(&mut r, n).unwrap();
r
}
}
impl<'a> Shr<i32> for &'a BigNum {
type Output = BigNum;
fn shr(self, n: i32) -> BigNum {
self.deref().shl(n)
}
}
impl<'a> Neg for &'a BigNumRef<'a> {
type Output = BigNum;
fn neg(self) -> BigNum {
self.to_owned().unwrap().neg()
}
}
impl<'a> Neg for &'a BigNum {
type Output = BigNum;
fn neg(self) -> BigNum {
self.deref().neg()
}
}
impl Neg for BigNum {
type Output = BigNum;
fn neg(mut self) -> BigNum {
let negative = self.is_negative();
self.set_negative(!negative);
self
}
}
#[cfg(test)]
mod tests {
use bn::{BnCtx, BigNum};
#[test]
fn test_to_from_slice() {
let v0 = BigNum::from_u32(10203004).unwrap();
let vec = v0.to_vec();
let v1 = BigNum::from_slice(&vec).unwrap();
assert!(v0 == v1);
}
#[test]
fn test_negation() {
let a = BigNum::from_u32(909829283).unwrap();
assert!(!a.is_negative());
assert!((-a).is_negative());
}
#[test]
fn test_prime_numbers() {
let a = BigNum::from_u32(19029017).unwrap();
let mut p = BigNum::new().unwrap();
BigNum::generate_prime(&mut p, 128, true, None, Some(&a)).unwrap();
let mut ctx = BnCtx::new().unwrap();
assert!(ctx.is_prime(&p, 100).unwrap());
assert!(ctx.is_prime_fasttest(&p, 100, true).unwrap());
}
}

1037
openssl/src/bn/mod.rs
View File

File diff suppressed because it is too large Load Diff

41
openssl/src/crypto/dsa.rs
View File

@ -4,26 +4,25 @@ use error::ErrorStack;
use std::ptr; use std::ptr;
use libc::{c_int, c_char, c_void}; use libc::{c_int, c_char, c_void};
use {cvt, cvt_p};
use bn::BigNumRef; use bn::BigNumRef;
use bio::{MemBio, MemBioSlice}; use bio::{MemBio, MemBioSlice};
use crypto::util::{CallbackState, invoke_passwd_cb}; use crypto::util::{CallbackState, invoke_passwd_cb};
/// Builder for upfront DSA parameter generation /// Builder for upfront DSA parameter generation
pub struct DSAParams(*mut ffi::DSA); pub struct DSAParams(*mut ffi::DSA);
impl DSAParams { impl DSAParams {
pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> { pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {
unsafe { unsafe {
// Wrap it so that if we panic we'll call the dtor let dsa = DSAParams(try!(cvt_p(ffi::DSA_new())));
let dsa = DSAParams(try_ssl_null!(ffi::DSA_new())); try!(cvt(ffi::DSA_generate_parameters_ex(dsa.0,
try_ssl!(ffi::DSA_generate_parameters_ex(dsa.0,
size as c_int, size as c_int,
ptr::null(), ptr::null(),
0, 0,
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut())); ptr::null_mut())));
Ok(dsa) Ok(dsa)
} }
} }
@ -31,7 +30,7 @@ impl DSAParams {
/// Generate a key pair from the initialized parameters /// Generate a key pair from the initialized parameters
pub fn generate(self) -> Result<DSA, ErrorStack> { pub fn generate(self) -> Result<DSA, ErrorStack> {
unsafe { unsafe {
try_ssl!(ffi::DSA_generate_key(self.0)); try!(cvt(ffi::DSA_generate_key(self.0)));
let dsa = DSA(self.0); let dsa = DSA(self.0);
::std::mem::forget(self); ::std::mem::forget(self);
Ok(dsa) Ok(dsa)
@ -75,13 +74,11 @@ impl DSA {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(), let dsa = try!(cvt_p(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
let dsa = DSA(dsa); Ok(DSA(dsa))
assert!(dsa.has_private_key());
Ok(dsa)
} }
} }
@ -99,13 +96,11 @@ impl DSA {
unsafe { unsafe {
let cb_ptr = &mut cb as *mut _ as *mut c_void; let cb_ptr = &mut cb as *mut _ as *mut c_void;
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(), let dsa = try!(cvt_p(ffi::PEM_read_bio_DSAPrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
Some(invoke_passwd_cb::<F>), Some(invoke_passwd_cb::<F>),
cb_ptr)); cb_ptr)));
let dsa = DSA(dsa); Ok(DSA(dsa))
assert!(dsa.has_private_key());
Ok(dsa)
} }
} }
@ -116,9 +111,9 @@ impl DSA {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { unsafe {
try_ssl!(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.0, try!(cvt(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.0,
ptr::null(), ptr::null_mut(), 0, ptr::null(), ptr::null_mut(), 0,
None, ptr::null_mut())) None, ptr::null_mut())))
}; };
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
@ -131,10 +126,10 @@ impl DSA {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let dsa = try_ssl_null!(ffi::PEM_read_bio_DSA_PUBKEY(mem_bio.as_ptr(), let dsa = try!(cvt_p(ffi::PEM_read_bio_DSA_PUBKEY(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(DSA(dsa)) Ok(DSA(dsa))
} }
} }
@ -142,7 +137,9 @@ impl DSA {
/// Writes an DSA public key as PEM formatted data /// Writes an DSA public key as PEM formatted data
pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { try_ssl!(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.0)) }; unsafe {
try!(cvt(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.0)));
}
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
} }
@ -239,11 +236,9 @@ impl fmt::Debug for DSA {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use std::io::Write;
use libc::c_char; use libc::c_char;
use super::*; use super::*;
use crypto::hash::*;
#[test] #[test]
pub fn test_generate() { pub fn test_generate() {

12
openssl/src/crypto/hash.rs
View File

@ -1,6 +1,5 @@
use std::io::prelude::*; use std::io::prelude::*;
use std::io; use std::io;
use std::ptr;
use ffi; use ffi;
#[cfg(ossl110)] #[cfg(ossl110)]
@ -8,6 +7,7 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
#[cfg(any(ossl101, ossl102))] #[cfg(any(ossl101, ossl102))]
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
use {cvt, cvt_p};
use error::ErrorStack; use error::ErrorStack;
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
@ -116,7 +116,7 @@ impl Hasher {
pub fn new(ty: MessageDigest) -> Result<Hasher, ErrorStack> { pub fn new(ty: MessageDigest) -> Result<Hasher, ErrorStack> {
ffi::init(); ffi::init();
let ctx = unsafe { try_ssl_null!(EVP_MD_CTX_new()) }; let ctx = unsafe { try!(cvt_p(EVP_MD_CTX_new())) };
let mut h = Hasher { let mut h = Hasher {
ctx: ctx, ctx: ctx,
@ -136,7 +136,7 @@ impl Hasher {
} }
Finalized => (), Finalized => (),
} }
unsafe { try_ssl!(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _)); } unsafe { try!(cvt(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _))); }
self.state = Reset; self.state = Reset;
Ok(()) Ok(())
} }
@ -147,9 +147,9 @@ impl Hasher {
try!(self.init()); try!(self.init());
} }
unsafe { unsafe {
try_ssl!(ffi::EVP_DigestUpdate(self.ctx, try!(cvt(ffi::EVP_DigestUpdate(self.ctx,
data.as_ptr() as *mut _, data.as_ptr() as *mut _,
data.len())); data.len())));
} }
self.state = Updated; self.state = Updated;
Ok(()) Ok(())
@ -164,7 +164,7 @@ impl Hasher {
unsafe { unsafe {
let mut len = ffi::EVP_MAX_MD_SIZE; let mut len = ffi::EVP_MAX_MD_SIZE;
let mut res = vec![0; len as usize]; let mut res = vec![0; len as usize];
try_ssl!(ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len)); try!(cvt(ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len)));
res.truncate(len as usize); res.truncate(len as usize);
self.state = Finalized; self.state = Finalized;
Ok(res) Ok(res)

5
openssl/src/crypto/pkcs12.rs
View File

@ -6,6 +6,7 @@ use std::cmp;
use std::ptr; use std::ptr;
use std::ffi::CString; use std::ffi::CString;
use {cvt, cvt_p};
use crypto::pkey::PKey; use crypto::pkey::PKey;
use error::ErrorStack; use error::ErrorStack;
use x509::X509; use x509::X509;
@ -26,7 +27,7 @@ impl Pkcs12 {
ffi::init(); ffi::init();
let mut ptr = der.as_ptr() as *const c_uchar; let mut ptr = der.as_ptr() as *const c_uchar;
let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long; let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long;
let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)); let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)));
Ok(Pkcs12(p12)) Ok(Pkcs12(p12))
} }
} }
@ -40,7 +41,7 @@ impl Pkcs12 {
let mut cert = ptr::null_mut(); let mut cert = ptr::null_mut();
let mut chain = ptr::null_mut(); let mut chain = ptr::null_mut();
try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)); try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)));
let pkey = PKey::from_ptr(pkey); let pkey = PKey::from_ptr(pkey);
let cert = X509::from_ptr(cert); let cert = X509::from_ptr(cert);

163
openssl/src/crypto/pkcs5.rs
View File

@ -2,6 +2,7 @@ use libc::c_int;
use std::ptr; use std::ptr;
use ffi; use ffi;
use cvt;
use crypto::hash::MessageDigest; use crypto::hash::MessageDigest;
use crypto::symm::Cipher; use crypto::symm::Cipher;
use error::ErrorStack; use error::ErrorStack;
@ -9,26 +10,27 @@ use error::ErrorStack;
#[derive(Clone, Eq, PartialEq, Hash, Debug)] #[derive(Clone, Eq, PartialEq, Hash, Debug)]
pub struct KeyIvPair { pub struct KeyIvPair {
pub key: Vec<u8>, pub key: Vec<u8>,
pub iv: Vec<u8>, pub iv: Option<Vec<u8>>,
} }
/// Derives a key and an IV from various parameters. /// Derives a key and an IV from various parameters.
/// ///
/// If specified `salt` must be 8 bytes in length. /// If specified, `salt` must be 8 bytes in length.
/// ///
/// If the total key and IV length is less than 16 bytes and MD5 is used then /// If the total key and IV length is less than 16 bytes and MD5 is used then
/// the algorithm is compatible with the key derivation algorithm from PKCS#5 /// the algorithm is compatible with the key derivation algorithm from PKCS#5
/// v1.5 or PBKDF1 from PKCS#5 v2.0. /// v1.5 or PBKDF1 from PKCS#5 v2.0.
/// ///
/// New applications should not use this and instead use `pbkdf2_hmac_sha1` or /// New applications should not use this and instead use
/// another more modern key derivation algorithm. /// `pkcs5_pbkdf2_hmac_sha1` or another more modern key derivation algorithm.
pub fn evp_bytes_to_key_pbkdf1_compatible(cipher: Cipher, pub fn bytes_to_key(cipher: Cipher,
digest: MessageDigest, digest: MessageDigest,
data: &[u8], data: &[u8],
salt: Option<&[u8]>, salt: Option<&[u8]>,
count: u32) count: i32)
-> Result<KeyIvPair, ErrorStack> { -> Result<KeyIvPair, ErrorStack> {
unsafe { unsafe {
assert!(data.len() <= c_int::max_value() as usize);
let salt_ptr = match salt { let salt_ptr = match salt {
Some(salt) => { Some(salt) => {
assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize);
@ -39,78 +41,58 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(cipher: Cipher,
ffi::init(); ffi::init();
let mut iv = cipher.iv_len().map(|l| vec![0; l]);
let cipher = cipher.as_ptr(); let cipher = cipher.as_ptr();
let digest = digest.as_ptr(); let digest = digest.as_ptr();
let len = ffi::EVP_BytesToKey(cipher, let len = try!(cvt(ffi::EVP_BytesToKey(cipher,
digest, digest,
salt_ptr, salt_ptr,
data.as_ptr(), ptr::null(),
data.len() as c_int, data.len() as c_int,
count as c_int, count.into(),
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut()); ptr::null_mut())));
if len == 0 {
return Err(ErrorStack::get());
}
let mut key = vec![0; len as usize]; let mut key = vec![0; len as usize];
let mut iv = vec![0; len as usize]; let iv_ptr = iv.as_mut().map(|v| v.as_mut_ptr()).unwrap_or(ptr::null_mut());
try_ssl!(ffi::EVP_BytesToKey(cipher, try!(cvt(ffi::EVP_BytesToKey(cipher,
digest, digest,
salt_ptr, salt_ptr,
data.as_ptr(), data.as_ptr(),
data.len() as c_int, data.len() as c_int,
count as c_int, count as c_int,
key.as_mut_ptr(), key.as_mut_ptr(),
iv.as_mut_ptr())); iv_ptr)));
Ok(KeyIvPair { key: key, iv: iv }) Ok(KeyIvPair { key: key, iv: iv })
} }
} }
/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm.
pub fn pbkdf2_hmac_sha1(pass: &[u8],
salt: &[u8],
iter: usize,
keylen: usize)
-> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut out = vec![0; keylen];
ffi::init();
try_ssl!(ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr() as *const _,
pass.len() as c_int,
salt.as_ptr(),
salt.len() as c_int,
iter as c_int,
keylen as c_int,
out.as_mut_ptr()));
Ok(out)
}
}
/// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function. /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function.
pub fn pbkdf2_hmac(pass: &[u8], pub fn pbkdf2_hmac(pass: &[u8],
salt: &[u8], salt: &[u8],
iter: usize, iter: usize,
hash: MessageDigest, hash: MessageDigest,
keylen: usize) key: &mut [u8])
-> Result<Vec<u8>, ErrorStack> { -> Result<(), ErrorStack> {
unsafe { unsafe {
let mut out = vec![0; keylen]; assert!(pass.len() <= c_int::max_value() as usize);
assert!(salt.len() <= c_int::max_value() as usize);
assert!(key.len() <= c_int::max_value() as usize);
ffi::init(); ffi::init();
try_ssl!(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr() as *const _, cvt(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr() as *const _,
pass.len() as c_int, pass.len() as c_int,
salt.as_ptr(), salt.as_ptr(),
salt.len() as c_int, salt.len() as c_int,
iter as c_int, iter as c_int,
hash.as_ptr(), hash.as_ptr(),
keylen as c_int, key.len() as c_int,
out.as_mut_ptr())); key.as_mut_ptr()))
Ok(out) .map(|_| ())
} }
} }
@ -120,96 +102,67 @@ mod tests {
use crypto::symm::Cipher; use crypto::symm::Cipher;
// Test vectors from // Test vectors from
// http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
#[test] #[test]
fn test_pbkdf2_hmac_sha1() { fn pbkdf2_hmac_sha256() {
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 1, 20).unwrap(), let mut buf = [0; 16];
vec![0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8,
0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8,
0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8]);
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 2, 20).unwrap(), super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), &mut buf).unwrap();
vec![0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8, assert_eq!(buf,
0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8, &[0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8]); 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8][..]);
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 4096, 20).unwrap(), super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), &mut buf).unwrap();
vec![0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8, assert_eq!(buf,
0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8, &[0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8,
0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8]); 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8][..]);
assert_eq!(super::pbkdf2_hmac_sha1(b"password", b"salt", 16777216, 20).unwrap(),
vec![0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8,
0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8,
0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8]);
assert_eq!(super::pbkdf2_hmac_sha1(b"passwordPASSWORDpassword",
b"saltSALTsaltSALTsaltSALTsaltSALTsalt",
4096,
25).unwrap(),
vec![0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, 0x9b_u8,
0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8,
0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8,
0x38_u8]);
assert_eq!(super::pbkdf2_hmac_sha1(b"pass\x00word", b"sa\x00lt", 4096, 16).unwrap(),
vec![0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8,
0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8]);
} }
// Test vectors from // Test vectors from
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
#[test] #[test]
fn test_pbkdf2_hmac_sha256() { fn pbkdf2_hmac_sha512() {
assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), 16).unwrap(), let mut buf = [0; 64];
vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]);
assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), 16).unwrap(), super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), &mut buf).unwrap();
vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, assert_eq!(&buf[..],
0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]); &[0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
}
// Test vectors from
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
#[test]
fn test_pbkdf2_hmac_sha512() {
assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), 64).unwrap(),
vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8,
0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8,
0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8,
0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8,
0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8,
0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8,
0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]); 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8][..]);
assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), 64).unwrap(), super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), &mut buf).unwrap();
vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, assert_eq!(&buf[..],
&[0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8,
0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8,
0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8,
0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8,
0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8,
0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8, 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8,
0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8, 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8,
0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8]); 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8][..]);
assert_eq!(super::pbkdf2_hmac(b"passwordPASSWORDpassword", super::pbkdf2_hmac(b"passwordPASSWORDpassword",
b"salt\0\0\0", b"salt\0\0\0",
50, 50,
MessageDigest::sha512(), MessageDigest::sha512(),
64).unwrap(), &mut buf).unwrap();
vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, assert_eq!(&buf[..],
&[0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8,
0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8,
0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, 0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8,
0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8,
0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8,
0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8, 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8,
0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8, 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8,
0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8]); 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8][..]);
} }
#[test] #[test]
fn test_evp_bytes_to_key_pbkdf1_compatible() { fn bytes_to_key() {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8,
@ -224,18 +177,16 @@ mod tests {
98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8, 98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8,
224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8]; 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8];
let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8,
69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8];
0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8,
0_u8, 0_u8, 0_u8];
assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(Cipher::aes_256_cbc(), assert_eq!(super::bytes_to_key(Cipher::aes_256_cbc(),
MessageDigest::sha1(), MessageDigest::sha1(),
&data, &data,
Some(&salt), Some(&salt),
1).unwrap(), 1).unwrap(),
super::KeyIvPair { super::KeyIvPair {
key: expected_key, key: expected_key,
iv: expected_iv, iv: Some(expected_iv),
}); });
} }
} }

39
openssl/src/crypto/pkey.rs
View File

@ -3,6 +3,7 @@ use std::ptr;
use std::mem; use std::mem;
use ffi; use ffi;
use {cvt, cvt_p};
use bio::{MemBio, MemBioSlice}; use bio::{MemBio, MemBioSlice};
use crypto::dsa::DSA; use crypto::dsa::DSA;
use crypto::rsa::RSA; use crypto::rsa::RSA;
@ -19,9 +20,9 @@ impl PKey {
/// Create a new `PKey` containing an RSA key. /// Create a new `PKey` containing an RSA key.
pub fn from_rsa(rsa: RSA) -> Result<PKey, ErrorStack> { pub fn from_rsa(rsa: RSA) -> Result<PKey, ErrorStack> {
unsafe { unsafe {
let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new()));
let pkey = PKey(evp); let pkey = PKey(evp);
try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _)));
mem::forget(rsa); mem::forget(rsa);
Ok(pkey) Ok(pkey)
} }
@ -30,9 +31,9 @@ impl PKey {
/// Create a new `PKey` containing a DSA key. /// Create a new `PKey` containing a DSA key.
pub fn from_dsa(dsa: DSA) -> Result<PKey, ErrorStack> { pub fn from_dsa(dsa: DSA) -> Result<PKey, ErrorStack> {
unsafe { unsafe {
let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new()));
let pkey = PKey(evp); let pkey = PKey(evp);
try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _)));
mem::forget(dsa); mem::forget(dsa);
Ok(pkey) Ok(pkey)
} }
@ -42,10 +43,10 @@ impl PKey {
pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> { pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> {
unsafe { unsafe {
assert!(key.len() <= c_int::max_value() as usize); assert!(key.len() <= c_int::max_value() as usize);
let key = try_ssl_null!(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC, let key = try!(cvt_p(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC,
ptr::null_mut(), ptr::null_mut(),
key.as_ptr() as *const _, key.as_ptr() as *const _,
key.len() as c_int)); key.len() as c_int)));
Ok(PKey(key)) Ok(PKey(key))
} }
} }
@ -59,10 +60,10 @@ impl PKey {
ffi::init(); ffi::init();
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(PKey::from_ptr(evp)) Ok(PKey::from_ptr(evp))
} }
} }
@ -79,10 +80,10 @@ impl PKey {
let mut cb = CallbackState::new(pass_cb); let mut cb = CallbackState::new(pass_cb);
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
Some(invoke_passwd_cb::<F>), Some(invoke_passwd_cb::<F>),
&mut cb as *mut _ as *mut c_void)); &mut cb as *mut _ as *mut c_void)));
Ok(PKey::from_ptr(evp)) Ok(PKey::from_ptr(evp))
} }
} }
@ -92,10 +93,10 @@ impl PKey {
ffi::init(); ffi::init();
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(PKey::from_ptr(evp)) Ok(PKey::from_ptr(evp))
} }
} }
@ -105,15 +106,15 @@ impl PKey {
unsafe { unsafe {
// this needs to be a reference as the set1_RSA ups the reference count // this needs to be a reference as the set1_RSA ups the reference count
let rsa_ptr = rsa.as_ptr(); let rsa_ptr = rsa.as_ptr();
try_ssl!(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr)); try!(cvt(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr)));
Ok(()) Ok(())
} }
} }
/// Get a reference to the interal RSA key for direct access to the key components /// Get a reference to the interal RSA key for direct access to the key components
pub fn get_rsa(&self) -> Result<RSA, ErrorStack> { pub fn rsa(&self) -> Result<RSA, ErrorStack> {
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::EVP_PKEY_get1_RSA(self.0)); let rsa = try!(cvt_p(ffi::EVP_PKEY_get1_RSA(self.0)));
// this is safe as the ffi increments a reference counter to the internal key // this is safe as the ffi increments a reference counter to the internal key
Ok(RSA::from_ptr(rsa)) Ok(RSA::from_ptr(rsa))
} }
@ -124,13 +125,13 @@ impl PKey {
pub fn private_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { pub fn private_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { unsafe {
try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(),
self.0, self.0,
ptr::null(), ptr::null(),
ptr::null_mut(), ptr::null_mut(),
-1, -1,
None, None,
ptr::null_mut())); ptr::null_mut())));
} }
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
@ -139,7 +140,9 @@ impl PKey {
/// Stores public key as a PEM /// Stores public key as a PEM
pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)) } unsafe {
try!(cvt(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)));
}
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
} }

5
openssl/src/crypto/rand.rs
View File

@ -1,13 +1,14 @@
use libc::c_int; use libc::c_int;
use ffi; use ffi;
use cvt;
use error::ErrorStack; use error::ErrorStack;
pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
ffi::init(); ffi::init();
assert!(buf.len() <= c_int::max_value() as usize); assert!(buf.len() <= c_int::max_value() as usize);
try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1); cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ())
Ok(())
} }
} }

211
openssl/src/crypto/rsa.rs
View File

@ -4,6 +4,7 @@ use std::ptr;
use std::mem; use std::mem;
use libc::{c_int, c_void, c_char}; use libc::{c_int, c_void, c_char};
use {cvt, cvt_p, cvt_n};
use bn::{BigNum, BigNumRef}; use bn::{BigNum, BigNumRef};
use bio::{MemBio, MemBioSlice}; use bio::{MemBio, MemBioSlice};
use error::ErrorStack; use error::ErrorStack;
@ -42,11 +43,11 @@ impl RSA {
/// the supplied load and save methods for DER formatted keys. /// the supplied load and save methods for DER formatted keys.
pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> { pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> {
unsafe { unsafe {
let rsa = RSA(try_ssl_null!(ffi::RSA_new())); let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
try_ssl!(compat::set_key(rsa.0, try!(cvt(compat::set_key(rsa.0,
n.as_ptr(), n.as_ptr(),
e.as_ptr(), e.as_ptr(),
ptr::null_mut())); ptr::null_mut())));
mem::forget((n, e)); mem::forget((n, e));
Ok(rsa) Ok(rsa)
} }
@ -62,13 +63,13 @@ impl RSA {
qi: BigNum) qi: BigNum)
-> Result<RSA, ErrorStack> { -> Result<RSA, ErrorStack> {
unsafe { unsafe {
let rsa = RSA(try_ssl_null!(ffi::RSA_new())); let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
try_ssl!(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())); try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())));
mem::forget((n, e, d)); mem::forget((n, e, d));
try_ssl!(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())); try!(cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())));
mem::forget((p, q)); mem::forget((p, q));
try_ssl!(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), try!(cvt(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(),
qi.as_ptr())); qi.as_ptr())));
mem::forget((dp, dq, qi)); mem::forget((dp, dq, qi));
Ok(rsa) Ok(rsa)
} }
@ -83,12 +84,9 @@ impl RSA {
/// The public exponent will be 65537. /// The public exponent will be 65537.
pub fn generate(bits: u32) -> Result<RSA, ErrorStack> { pub fn generate(bits: u32) -> Result<RSA, ErrorStack> {
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::RSA_new()); let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
let rsa = RSA(rsa); let e = try!(BigNum::from_u32(ffi::RSA_F4 as u32));
let e = try!(BigNum::new_from(ffi::RSA_F4 as u32)); try!(cvt(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut())));
try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut()));
Ok(rsa) Ok(rsa)
} }
} }
@ -97,10 +95,10 @@ impl RSA {
pub fn private_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { pub fn private_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
@ -114,11 +112,10 @@ impl RSA {
unsafe { unsafe {
let cb_ptr = &mut cb as *mut _ as *mut c_void; let cb_ptr = &mut cb as *mut _ as *mut c_void;
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
Some(invoke_passwd_cb::<F>), Some(invoke_passwd_cb::<F>),
cb_ptr)); cb_ptr)));
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
@ -127,10 +124,10 @@ impl RSA {
pub fn public_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { pub fn public_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
@ -140,13 +137,13 @@ impl RSA {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { unsafe {
try_ssl!(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(),
self.0, self.0,
ptr::null(), ptr::null(),
ptr::null_mut(), ptr::null_mut(),
0, 0,
None, None,
ptr::null_mut())); ptr::null_mut())));
} }
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
} }
@ -156,93 +153,113 @@ impl RSA {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { unsafe {
try_ssl!(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0)) try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0)));
}; }
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
} }
pub fn size(&self) -> Option<u32> { pub fn size(&self) -> usize {
if self.n().is_some() { unsafe {
unsafe { Some(ffi::RSA_size(self.0) as u32) } assert!(self.n().is_some());
} else {
None ffi::RSA_size(self.0) as usize
} }
} }
/** /// Decrypts data using the private key, returning the number of decrypted bytes.
* Decrypts data with the private key, using provided padding, returning the decrypted data. ///
*/ /// # Panics
pub fn private_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { ///
/// Panics if `self` has no private components, or if `to` is smaller
/// than `self.size()`.
pub fn private_decrypt(&self,
from: &[u8],
to: &mut [u8],
padding: Padding)
-> Result<usize, ErrorStack> {
assert!(self.d().is_some(), "private components missing"); assert!(self.d().is_some(), "private components missing");
let k_len = self.size().expect("RSA missing an n"); assert!(from.len() <= i32::max_value() as usize);
let mut to: Vec<u8> = vec![0; k_len as usize]; assert!(to.len() >= self.size());
unsafe { unsafe {
let enc_len = try_ssl_returns_size!(ffi::RSA_private_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int,
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.0, self.0,
padding.0)); padding.0)));
to.truncate(enc_len as usize); Ok(len as usize)
Ok(to)
} }
} }
/** /// Encrypts data using the private key, returning the number of encrypted bytes.
* Encrypts data with the private key, using provided padding, returning the encrypted data. ///
*/ /// # Panics
pub fn private_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { ///
/// Panics if `self` has no private components, or if `to` is smaller
/// than `self.size()`.
pub fn private_encrypt(&self,
from: &[u8],
to: &mut [u8],
padding: Padding)
-> Result<usize, ErrorStack> {
assert!(self.d().is_some(), "private components missing"); assert!(self.d().is_some(), "private components missing");
let k_len = self.size().expect("RSA missing an n"); assert!(from.len() <= i32::max_value() as usize);
let mut to:Vec<u8> = vec![0; k_len as usize]; assert!(to.len() >= self.size());
unsafe { unsafe {
let enc_len = try_ssl_returns_size!(ffi::RSA_private_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int,
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.0, self.0,
padding.0)); padding.0)));
assert!(enc_len as u32 == k_len); Ok(len as usize)
Ok(to)
} }
} }
/** /// Decrypts data using the public key, returning the number of decrypted bytes.
* Decrypts data with the public key, using provided padding, returning the decrypted data. ///
*/ /// # Panics
pub fn public_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { ///
let k_len = self.size().expect("RSA missing an n"); /// Panics if `to` is smaller than `self.size()`.
let mut to: Vec<u8> = vec![0; k_len as usize]; pub fn public_decrypt(&self,
from: &[u8],
to: &mut [u8],
padding: Padding)
-> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(to.len() >= self.size());
unsafe { unsafe {
let enc_len = try_ssl_returns_size!(ffi::RSA_public_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int,
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.0, self.0,
padding.0)); padding.0)));
to.truncate(enc_len as usize); Ok(len as usize)
Ok(to)
} }
} }
/** /// Encrypts data using the private key, returning the number of encrypted bytes.
* Encrypts data with the public key, using provided padding, returning the encrypted data. ///
*/ /// # Panics
pub fn public_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { ///
let k_len = self.size().expect("RSA missing an n"); /// Panics if `to` is smaller than `self.size()`.
let mut to:Vec<u8> = vec![0; k_len as usize]; pub fn public_encrypt(&self,
from: &[u8],
to: &mut [u8],
padding: Padding)
-> Result<usize, ErrorStack> {
assert!(from.len() <= i32::max_value() as usize);
assert!(to.len() >= self.size());
unsafe { unsafe {
let enc_len = try_ssl_returns_size!(ffi::RSA_public_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int,
from.as_ptr(), from.as_ptr(),
to.as_mut_ptr(), to.as_mut_ptr(),
self.0, self.0,
padding.0)); padding.0)));
assert!(enc_len as u32 == k_len); Ok(len as usize)
Ok(to)
} }
} }
@ -424,16 +441,17 @@ mod test {
let key = include_bytes!("../../test/rsa.pem.pub"); let key = include_bytes!("../../test/rsa.pem.pub");
let public_key = RSA::public_key_from_pem(key).unwrap(); let public_key = RSA::public_key_from_pem(key).unwrap();
let original_data: Vec<u8> = "This is test".to_string().into_bytes(); let mut result = vec![0; public_key.size()];
let result = public_key.public_encrypt(&original_data, Padding::pkcs1()).unwrap(); let original_data = b"This is test";
let len = public_key.public_encrypt(original_data, &mut result, Padding::pkcs1()).unwrap();
assert_eq!(result.len(), 256); assert_eq!(len, 256);
let pkey = include_bytes!("../../test/rsa.pem"); let pkey = include_bytes!("../../test/rsa.pem");
let private_key = RSA::private_key_from_pem(pkey).unwrap(); let private_key = RSA::private_key_from_pem(pkey).unwrap();
let dec_result = private_key.private_decrypt(&result, Padding::pkcs1()).unwrap(); let mut dec_result = vec![0; private_key.size()];
let len = private_key.private_decrypt(&result, &mut dec_result, Padding::pkcs1()).unwrap();
assert_eq!(dec_result, original_data); assert_eq!(&dec_result[..len], original_data);
} }
#[test] #[test]
@ -442,37 +460,28 @@ mod test {
let k0pkey = k0.public_key_to_pem().unwrap(); let k0pkey = k0.public_key_to_pem().unwrap();
let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
let emsg = k0.private_encrypt(&msg, Padding::pkcs1()).unwrap(); let mut emesg = vec![0; k0.size()];
let dmsg = k1.public_decrypt(&emsg, Padding::pkcs1()).unwrap(); k0.private_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap();
assert!(msg == dmsg); let mut dmesg = vec![0; k1.size()];
let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap();
assert_eq!(msg, &dmesg[..len]);
} }
#[test] #[test]
fn test_public_encrypt() { fn test_public_encrypt() {
let k0 = super::RSA::generate(512).unwrap(); let k0 = super::RSA::generate(512).unwrap();
let k0pkey = k0.public_key_to_pem().unwrap(); let k0pkey = k0.private_key_to_pem().unwrap();
let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let k1 = super::RSA::private_key_from_pem(&k0pkey).unwrap();
let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
let emsg = k1.public_encrypt(&msg, Padding::pkcs1_oaep()).unwrap(); let mut emesg = vec![0; k0.size()];
let dmsg = k0.private_decrypt(&emsg, Padding::pkcs1_oaep()).unwrap(); k0.public_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap();
assert!(msg == dmsg); let mut dmesg = vec![0; k1.size()];
} let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap();
assert_eq!(msg, &dmesg[..len]);
#[test]
fn test_public_encrypt_pkcs() {
let k0 = super::RSA::generate(512).unwrap();
let k0pkey = k0.public_key_to_pem().unwrap();
let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
let emsg = k1.public_encrypt(&msg, super::Padding::pkcs1()).unwrap();
let dmsg = k0.private_decrypt(&emsg, super::Padding::pkcs1()).unwrap();
assert!(msg == dmsg);
} }
} }

17
openssl/src/crypto/sign.rs
View File

@ -59,6 +59,7 @@ use std::io::{self, Write};
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ptr; use std::ptr;
use {cvt, cvt_p};
use crypto::hash::MessageDigest; use crypto::hash::MessageDigest;
use crypto::pkey::PKey; use crypto::pkey::PKey;
use error::ErrorStack; use error::ErrorStack;
@ -83,7 +84,7 @@ impl<'a> Signer<'a> {
unsafe { unsafe {
ffi::init(); ffi::init();
let ctx = try_ssl_null!(EVP_MD_CTX_new()); let ctx = try!(cvt_p(EVP_MD_CTX_new()));
let r = ffi::EVP_DigestSignInit(ctx, let r = ffi::EVP_DigestSignInit(ctx,
ptr::null_mut(), ptr::null_mut(),
type_.as_ptr(), type_.as_ptr(),
@ -93,25 +94,22 @@ impl<'a> Signer<'a> {
EVP_MD_CTX_free(ctx); EVP_MD_CTX_free(ctx);
return Err(ErrorStack::get()); return Err(ErrorStack::get());
} }
Ok(Signer(ctx, PhantomData)) Ok(Signer(ctx, PhantomData))
} }
} }
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
try_ssl_if!(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len()) != 1); cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ())
Ok(())
} }
} }
pub fn finish(&self) -> Result<Vec<u8>, ErrorStack> { pub fn finish(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe { unsafe {
let mut len = 0; let mut len = 0;
try_ssl_if!(ffi::EVP_DigestSignFinal(self.0, ptr::null_mut(), &mut len) != 1); try!(cvt(ffi::EVP_DigestSignFinal(self.0, ptr::null_mut(), &mut len)));
let mut buf = vec![0; len]; let mut buf = vec![0; len];
try_ssl_if!(ffi::EVP_DigestSignFinal(self.0, buf.as_mut_ptr() as *mut _, &mut len) try!(cvt(ffi::EVP_DigestSignFinal(self.0, buf.as_mut_ptr() as *mut _, &mut len)));
!= 1);
// The advertised length is not always equal to the real length for things like DSA // The advertised length is not always equal to the real length for things like DSA
buf.truncate(len); buf.truncate(len);
Ok(buf) Ok(buf)
@ -145,7 +143,7 @@ impl<'a> Verifier<'a> {
unsafe { unsafe {
ffi::init(); ffi::init();
let ctx = try_ssl_null!(EVP_MD_CTX_new()); let ctx = try!(cvt_p(EVP_MD_CTX_new()));
let r = ffi::EVP_DigestVerifyInit(ctx, let r = ffi::EVP_DigestVerifyInit(ctx,
ptr::null_mut(), ptr::null_mut(),
type_.as_ptr(), type_.as_ptr(),
@ -162,8 +160,7 @@ impl<'a> Verifier<'a> {
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe { unsafe {
try_ssl_if!(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len()) != 1); cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ())
Ok(())
} }
} }

19
openssl/src/crypto/symm.rs
View File

@ -3,6 +3,7 @@ use std::ptr;
use libc::c_int; use libc::c_int;
use ffi; use ffi;
use {cvt, cvt_p};
use error::ErrorStack; use error::ErrorStack;
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
@ -170,7 +171,7 @@ impl Crypter {
ffi::init(); ffi::init();
unsafe { unsafe {
let ctx = try_ssl_null!(ffi::EVP_CIPHER_CTX_new()); let ctx = try!(cvt_p(ffi::EVP_CIPHER_CTX_new()));
let crypter = Crypter { let crypter = Crypter {
ctx: ctx, ctx: ctx,
block_size: t.block_size(), block_size: t.block_size(),
@ -181,15 +182,15 @@ impl Crypter {
Mode::Decrypt => 0, Mode::Decrypt => 0,
}; };
try_ssl!(ffi::EVP_CipherInit_ex(crypter.ctx, try!(cvt(ffi::EVP_CipherInit_ex(crypter.ctx,
t.as_ptr(), t.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut(), ptr::null_mut(),
ptr::null_mut(), ptr::null_mut(),
mode)); mode)));
assert!(key.len() <= c_int::max_value() as usize); assert!(key.len() <= c_int::max_value() as usize);
try_ssl!(ffi::EVP_CIPHER_CTX_set_key_length(crypter.ctx, key.len() as c_int)); try!(cvt(ffi::EVP_CIPHER_CTX_set_key_length(crypter.ctx, key.len() as c_int)));
let key = key.as_ptr() as *mut _; let key = key.as_ptr() as *mut _;
let iv = match (iv, t.iv_len()) { let iv = match (iv, t.iv_len()) {
@ -200,12 +201,12 @@ impl Crypter {
(Some(_), None) | (None, None) => ptr::null_mut(), (Some(_), None) | (None, None) => ptr::null_mut(),
(None, Some(_)) => panic!("an IV is required for this cipher"), (None, Some(_)) => panic!("an IV is required for this cipher"),
}; };
try_ssl!(ffi::EVP_CipherInit_ex(crypter.ctx, try!(cvt(ffi::EVP_CipherInit_ex(crypter.ctx,
ptr::null(), ptr::null(),
ptr::null_mut(), ptr::null_mut(),
key, key,
iv, iv,
mode)); mode)));
Ok(crypter) Ok(crypter)
} }
@ -237,11 +238,11 @@ impl Crypter {
let mut outl = output.len() as c_int; let mut outl = output.len() as c_int;
let inl = input.len() as c_int; let inl = input.len() as c_int;
try_ssl!(ffi::EVP_CipherUpdate(self.ctx, try!(cvt(ffi::EVP_CipherUpdate(self.ctx,
output.as_mut_ptr(), output.as_mut_ptr(),
&mut outl, &mut outl,
input.as_ptr(), input.as_ptr(),
inl)); inl)));
Ok(outl as usize) Ok(outl as usize)
} }
@ -262,7 +263,7 @@ impl Crypter {
assert!(output.len() >= self.block_size); assert!(output.len() >= self.block_size);
let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int; let mut outl = cmp::min(output.len(), c_int::max_value() as usize) as c_int;
try_ssl!(ffi::EVP_CipherFinal(self.ctx, output.as_mut_ptr(), &mut outl)); try!(cvt(ffi::EVP_CipherFinal(self.ctx, output.as_mut_ptr(), &mut outl)));
Ok(outl as usize) Ok(outl as usize)
} }

39
openssl/src/dh/mod.rs → openssl/src/dh.rs
View File

@ -3,6 +3,7 @@ use error::ErrorStack;
use bio::MemBioSlice; use bio::MemBioSlice;
use std::ptr; use std::ptr;
use {cvt, cvt_p};
use bn::BigNum; use bn::BigNum;
use std::mem; use std::mem;
@ -11,11 +12,11 @@ pub struct DH(*mut ffi::DH);
impl DH { impl DH {
pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<DH, ErrorStack> { pub fn from_params(p: BigNum, g: BigNum, q: BigNum) -> Result<DH, ErrorStack> {
unsafe { unsafe {
let dh = DH(try_ssl_null!(ffi::DH_new())); let dh = DH(try!(cvt_p(ffi::DH_new())));
try_ssl!(compat::DH_set0_pqg(dh.0, try!(cvt(compat::DH_set0_pqg(dh.0,
p.as_ptr(), p.as_ptr(),
q.as_ptr(), q.as_ptr(),
g.as_ptr())); g.as_ptr())));
mem::forget((p, g, q)); mem::forget((p, g, q));
Ok(dh) Ok(dh)
} }
@ -23,34 +24,38 @@ impl DH {
pub fn from_pem(buf: &[u8]) -> Result<DH, ErrorStack> { pub fn from_pem(buf: &[u8]) -> Result<DH, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
let dh = unsafe { unsafe {
ffi::PEM_read_bio_DHparams(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()) cvt_p(ffi::PEM_read_bio_DHparams(mem_bio.as_ptr(),
}; ptr::null_mut(),
try_ssl_null!(dh); None,
Ok(DH(dh)) ptr::null_mut()))
.map(DH)
}
} }
#[cfg(feature = "openssl-102")] #[cfg(feature = "openssl-102")]
pub fn get_1024_160() -> Result<DH, ErrorStack> { pub fn get_1024_160() -> Result<DH, ErrorStack> {
let dh = try_ssl_null!(unsafe { ffi::DH_get_1024_160() }); unsafe {
Ok(DH(dh)) cvt_p(ffi::DH_get_1024_160()).map(DH)
}
} }
#[cfg(feature = "openssl-102")] #[cfg(feature = "openssl-102")]
pub fn get_2048_224() -> Result<DH, ErrorStack> { pub fn get_2048_224() -> Result<DH, ErrorStack> {
let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_224() }); unsafe {
Ok(DH(dh)) cvt_p(ffi::DH_get_2048_224()).map(DH)
}
} }
#[cfg(feature = "openssl-102")] #[cfg(feature = "openssl-102")]
pub fn get_2048_256() -> Result<DH, ErrorStack> { pub fn get_2048_256() -> Result<DH, ErrorStack> {
let dh = try_ssl_null!(unsafe { ffi::DH_get_2048_256() }); unsafe {
Ok(DH(dh)) cvt_p(ffi::DH_get_2048_256()).map(DH)
}
} }
pub unsafe fn as_ptr(&self) -> *mut ffi::DH { pub unsafe fn as_ptr(&self) -> *mut ffi::DH {
let DH(n) = *self; self.0
n
} }
} }
@ -135,7 +140,7 @@ mod tests {
#[test] #[test]
fn test_dh_from_pem() { fn test_dh_from_pem() {
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
let params = include_bytes!("../../test/dhparams.pem"); let params = include_bytes!("../test/dhparams.pem");
let dh = DH::from_pem(params).ok().expect("Failed to load PEM"); let dh = DH::from_pem(params).ok().expect("Failed to load PEM");
ctx.set_tmp_dh(&dh).unwrap(); ctx.set_tmp_dh(&dh).unwrap();
} }

28
openssl/src/lib.rs
View File

@ -16,6 +16,10 @@ extern crate tempdir;
#[doc(inline)] #[doc(inline)]
pub use ffi::init; pub use ffi::init;
use libc::c_int;
use error::ErrorStack;
mod macros; mod macros;
pub mod asn1; pub mod asn1;
@ -28,3 +32,27 @@ pub mod nid;
pub mod ssl; pub mod ssl;
pub mod version; pub mod version;
pub mod x509; pub mod x509;
pub fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
if r.is_null() {
Err(ErrorStack::get())
} else {
Ok(r)
}
}
pub fn cvt(r: c_int) -> Result<c_int, ErrorStack> {
if r <= 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}
pub fn cvt_n(r: c_int) -> Result<c_int, ErrorStack> {
if r < 0 {
Err(ErrorStack::get())
} else {
Ok(r)
}
}

81
openssl/src/macros.rs
View File

@ -1,86 +1,5 @@
#![macro_use] #![macro_use]
macro_rules! try_ssl_stream {
($e:expr) => (
match $e {
Ok(ok) => ok,
Err(err) => return Err(StreamError(err))
}
)
}
/// Shortcut return with SSL error if something went wrong
macro_rules! try_ssl_if {
($e:expr) => (
if $e {
return Err(::error::ErrorStack::get().into())
}
)
}
/// Shortcut return with SSL error if last error result is 0
/// (default)
macro_rules! try_ssl{
($e:expr) => (try_ssl_if!($e == 0))
}
/// Shortcut return with SSL if got a null result
macro_rules! try_ssl_null{
($e:expr) => ({
let t = $e;
try_ssl_if!(t == ptr::null_mut());
t
})
}
/// Shortcut return with SSL error if last error result is -1
/// (default for size)
macro_rules! try_ssl_returns_size{
($e:expr) => (
if $e == -1 {
return Err(::error::ErrorStack::get().into())
} else {
$e
}
)
}
/// Lifts current SSL error code into Result<(), Error>
/// if expression is true
/// Lifting is actually a shortcut of the following form:
///
/// ```ignore
/// let _ = try!(something)
/// Ok(())
/// ```
macro_rules! lift_ssl_if{
($e:expr) => ( {
if $e {
Err(::error::ErrorStack::get().into())
} else {
Ok(())
}
})
}
/// Lifts current SSL error code into Result<(), Error>
/// if SSL returned 0 (default error indication)
macro_rules! lift_ssl {
($e:expr) => (lift_ssl_if!($e == 0))
}
/// Lifts current SSL error code into Result<(), Error>
/// if SSL returned -1 (default size error indication)
macro_rules! lift_ssl_returns_size {
($e:expr) => ( {
if $e == -1 {
Err(::error::ErrorStack::get().into())
} else {
Ok($e)
}
})
}
#[cfg(ossl10x)] #[cfg(ossl10x)]
macro_rules! CRYPTO_free { macro_rules! CRYPTO_free {
($e:expr) => (::ffi::CRYPTO_free($e)) ($e:expr) => (::ffi::CRYPTO_free($e))

3
openssl/src/ssl/bio.rs
View File

@ -9,6 +9,7 @@ use std::ptr;
use std::slice; use std::slice;
use std::sync::Arc; use std::sync::Arc;
use cvt_p;
use error::ErrorStack; use error::ErrorStack;
pub struct StreamState<S> { pub struct StreamState<S> {
@ -38,7 +39,7 @@ pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, Arc<BioMethod>), Err
}); });
unsafe { unsafe {
let bio = try_ssl_null!(BIO_new(method.0.get())); let bio = try!(cvt_p(BIO_new(method.0.get())));
compat::BIO_set_data(bio, Box::into_raw(state) as *mut _); compat::BIO_set_data(bio, Box::into_raw(state) as *mut _);
compat::BIO_set_init(bio, 1); compat::BIO_set_init(bio, 1);

159
openssl/src/ssl/mod.rs
View File

@ -19,7 +19,7 @@ use std::slice;
use std::marker::PhantomData; use std::marker::PhantomData;
use ffi; use ffi;
use init; use {init, cvt, cvt_p};
use dh::DH; use dh::DH;
use x509::{X509StoreContext, X509FileType, X509, X509Ref}; use x509::{X509StoreContext, X509FileType, X509, X509Ref};
#[cfg(feature = "openssl-102")] #[cfg(feature = "openssl-102")]
@ -341,16 +341,6 @@ pub enum SniError {
NoAck, NoAck,
} }
// FIXME: macro may be instead of inlining?
#[inline]
fn wrap_ssl_result(res: c_int) -> Result<(), ErrorStack> {
if res == 0 {
Err(ErrorStack::get())
} else {
Ok(())
}
}
/// A borrowed SSL context object. /// A borrowed SSL context object.
pub struct SslContextRef<'a>(*mut ffi::SSL_CTX, PhantomData<&'a ()>); pub struct SslContextRef<'a>(*mut ffi::SSL_CTX, PhantomData<&'a ()>);
@ -414,11 +404,15 @@ impl<'a> SslContextRef<'a> {
} }
fn set_mode(&mut self, mode: c_long) -> Result<(), ErrorStack> { fn set_mode(&mut self, mode: c_long) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_set_mode(self.as_ptr(), mode) as c_int }) unsafe {
cvt(ffi::SSL_CTX_set_mode(self.as_ptr(), mode) as c_int).map(|_| ())
}
} }
pub fn set_tmp_dh(&mut self, dh: &DH) -> Result<(), ErrorStack> { pub fn set_tmp_dh(&mut self, dh: &DH) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as i32 }) unsafe {
cvt(ffi::SSL_CTX_set_tmp_dh(self.as_ptr(), dh.as_ptr()) as i32).map(|_| ())
}
} }
/// Use the default locations of trusted certificates for verification. /// Use the default locations of trusted certificates for verification.
@ -427,16 +421,21 @@ impl<'a> SslContextRef<'a> {
/// environment variables if present, or defaults specified at OpenSSL /// environment variables if present, or defaults specified at OpenSSL
/// build time otherwise. /// build time otherwise.
pub fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack> { pub fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_set_default_verify_paths(self.as_ptr()) }) unsafe{
cvt(ffi::SSL_CTX_set_default_verify_paths(self.as_ptr())).map(|_| ())
}
} }
#[allow(non_snake_case)] #[allow(non_snake_case)]
/// Specifies the file that contains trusted CA certificates. /// Specifies the file that contains trusted CA certificates.
pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> { pub fn set_CA_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_load_verify_locations(self.as_ptr(), file.as_ptr() as *const _, ptr::null()) cvt(ffi::SSL_CTX_load_verify_locations(self.as_ptr(),
}) file.as_ptr() as *const _,
ptr::null()))
.map(|_| ())
}
} }
/// Set the context identifier for sessions /// Set the context identifier for sessions
@ -448,9 +447,13 @@ impl<'a> SslContextRef<'a> {
/// This value should be set when using client certificates, or each request will fail /// This value should be set when using client certificates, or each request will fail
/// handshake and need to be restarted. /// handshake and need to be restarted.
pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack> { pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_set_session_id_context(self.as_ptr(), sid_ctx.as_ptr(), sid_ctx.len() as u32) assert!(sid_ctx.len() <= c_uint::max_value() as usize);
}) cvt(ffi::SSL_CTX_set_session_id_context(self.as_ptr(),
sid_ctx.as_ptr(),
sid_ctx.len() as c_uint))
.map(|_| ())
}
} }
/// Specifies the file that contains certificate /// Specifies the file that contains certificate
@ -458,70 +461,77 @@ impl<'a> SslContextRef<'a> {
file: P, file: P,
file_type: X509FileType) file_type: X509FileType)
-> Result<(), ErrorStack> { -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_use_certificate_file(self.as_ptr(), cvt(ffi::SSL_CTX_use_certificate_file(self.as_ptr(),
file.as_ptr() as *const _, file.as_ptr() as *const _,
file_type as c_int) file_type as c_int))
}) .map(|_| ())
}
} }
/// Specifies the file that contains certificate chain /// Specifies the file that contains certificate chain
pub fn set_certificate_chain_file<P: AsRef<Path>>(&mut self, file: P) pub fn set_certificate_chain_file<P: AsRef<Path>>(&mut self, file: P)
-> Result<(), ErrorStack> { -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_use_certificate_chain_file(self.as_ptr(), cvt(ffi::SSL_CTX_use_certificate_chain_file(self.as_ptr(),
file.as_ptr() as *const _) file.as_ptr() as *const _))
}) .map(|_| ())
}
} }
/// Specifies the certificate /// Specifies the certificate
pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> { pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_use_certificate(self.as_ptr(), cert.as_ptr()) }) unsafe {
cvt(ffi::SSL_CTX_use_certificate(self.as_ptr(), cert.as_ptr())).map(|_| ())
}
} }
/// Adds a certificate to the certificate chain presented together with the /// Adds a certificate to the certificate chain presented together with the
/// certificate specified using set_certificate() /// certificate specified using set_certificate()
pub fn add_extra_chain_cert(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> { pub fn add_extra_chain_cert(&mut self, cert: X509) -> Result<(), ErrorStack> {
// FIXME this should really just take an X509 by value
let der = try!(cert.to_der());
let cert = try!(X509::from_der(&der));
unsafe { unsafe {
try_ssl!(ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr())); try!(cvt(ffi::SSL_CTX_add_extra_chain_cert(self.as_ptr(), cert.as_ptr()) as c_int));
}
mem::forget(cert); mem::forget(cert);
Ok(()) Ok(())
} }
}
/// Specifies the file that contains private key /// Specifies the file that contains private key
pub fn set_private_key_file<P: AsRef<Path>>(&mut self, pub fn set_private_key_file<P: AsRef<Path>>(&mut self,
file: P, file: P,
file_type: X509FileType) file_type: X509FileType)
-> Result<(), ErrorStack> { -> Result<(), ErrorStack> {
let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_use_PrivateKey_file(self.as_ptr(), cvt(ffi::SSL_CTX_use_PrivateKey_file(self.as_ptr(),
file.as_ptr() as *const _, file.as_ptr() as *const _,
file_type as c_int) file_type as c_int))
}) .map(|_| ())
}
} }
/// Specifies the private key /// Specifies the private key
pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> { pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr()) }) unsafe {
cvt(ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr())).map(|_| ())
}
} }
/// Check consistency of private key and certificate /// Check consistency of private key and certificate
pub fn check_private_key(&mut self) -> Result<(), ErrorStack> { pub fn check_private_key(&mut self) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_check_private_key(self.as_ptr()) }) unsafe {
cvt(ffi::SSL_CTX_check_private_key(self.as_ptr())).map(|_| ())
}
} }
pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe {
let cipher_list = CString::new(cipher_list).unwrap(); let cipher_list = CString::new(cipher_list).unwrap();
ffi::SSL_CTX_set_cipher_list(self.as_ptr(), cipher_list.as_ptr() as *const _) unsafe {
}) cvt(ffi::SSL_CTX_set_cipher_list(self.as_ptr(), cipher_list.as_ptr() as *const _))
.map(|_| ())
}
} }
/// If `onoff` is set to `true`, enable ECDHE for key exchange with /// If `onoff` is set to `true`, enable ECDHE for key exchange with
@ -539,12 +549,13 @@ impl<'a> SslContextRef<'a> {
#[cfg(all(feature = "openssl-102", ossl102))] #[cfg(all(feature = "openssl-102", ossl102))]
fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { fn _set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { unsafe {
ffi::SSL_CTX_ctrl(self.as_ptr(), cvt(ffi::SSL_CTX_ctrl(self.as_ptr(),
ffi::SSL_CTRL_SET_ECDH_AUTO, ffi::SSL_CTRL_SET_ECDH_AUTO,
onoff as c_long, onoff as c_long,
ptr::null_mut()) as c_int ptr::null_mut()) as c_int)
}) .map(|_| ())
}
} }
#[cfg(all(feature = "openssl-102", ossl110))] #[cfg(all(feature = "openssl-102", ossl110))]
@ -669,11 +680,10 @@ impl SslContext {
init(); init();
let mut ctx = unsafe { let mut ctx = unsafe {
let ctx = try_ssl_null!(ffi::SSL_CTX_new(method.as_ptr())); let ctx = try!(cvt_p(ffi::SSL_CTX_new(method.as_ptr())));
SslContext::from_ptr(ctx) SslContext::from_ptr(ctx)
}; };
// this is a bit dubious (?)
try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY | ffi::SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
Ok(ctx) Ok(ctx)
@ -692,11 +702,10 @@ impl SslContext {
pub struct CipherBits { pub struct CipherBits {
/// The number of secret bits used for the cipher. /// The number of secret bits used for the cipher.
pub secret: i32, pub secret: i32,
/// The number of bits processed by the chosen algorithm, if not None.
pub algorithm: Option<i32>,
_p: (),
}
/// The number of bits processed by the chosen algorithm.
pub algorithm: i32,
}
pub struct SslCipher<'a> { pub struct SslCipher<'a> {
cipher: *const ffi::SSL_CIPHER, cipher: *const ffi::SSL_CIPHER,
@ -727,20 +736,11 @@ impl<'a> SslCipher<'a> {
/// Returns the number of bits used for the cipher. /// Returns the number of bits used for the cipher.
pub fn bits(&self) -> CipherBits { pub fn bits(&self) -> CipherBits {
unsafe { unsafe {
let algo_bits: *mut c_int = ptr::null_mut(); let mut algo_bits = 0;
let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits);
if !algo_bits.is_null() {
CipherBits { CipherBits {
secret: secret_bits, secret: secret_bits.into(),
algorithm: Some(*algo_bits), algorithm: algo_bits.into(),
_p: (),
}
} else {
CipherBits {
secret: secret_bits,
algorithm: None,
_p: (),
}
} }
} }
} }
@ -875,15 +875,9 @@ impl<'a> SslRef<'a> {
/// Sets the host name to be used with SNI (Server Name Indication). /// Sets the host name to be used with SNI (Server Name Indication).
pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack> { pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack> {
let cstr = CString::new(hostname).unwrap(); let cstr = CString::new(hostname).unwrap();
let ret = unsafe { unsafe {
ffi::SSL_set_tlsext_host_name(self.as_ptr(), cstr.as_ptr() as *mut _) cvt(ffi::SSL_set_tlsext_host_name(self.as_ptr(), cstr.as_ptr() as *mut _) as c_int)
}; .map(|_| ())
// For this case, 0 indicates failure.
if ret == 0 {
Err(ErrorStack::get())
} else {
Ok(())
} }
} }
@ -999,9 +993,8 @@ impl<'a> SslRef<'a> {
/// Changes the context corresponding to the current connection. /// Changes the context corresponding to the current connection.
pub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack> { pub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack> {
unsafe { unsafe {
try_ssl_null!(ffi::SSL_set_SSL_CTX(self.as_ptr(), ctx.as_ptr())); cvt_p(ffi::SSL_set_SSL_CTX(self.as_ptr(), ctx.as_ptr())).map(|_| ())
} }
Ok(())
} }
/// Returns the context corresponding to the current connection /// Returns the context corresponding to the current connection
@ -1056,7 +1049,7 @@ impl DerefMut for Ssl {
impl Ssl { impl Ssl {
pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> { pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> {
unsafe { unsafe {
let ssl = try_ssl_null!(ffi::SSL_new(ctx.as_ptr())); let ssl = try!(cvt_p(ffi::SSL_new(ctx.as_ptr())));
Ok(Ssl::from_ptr(ssl)) Ok(Ssl::from_ptr(ssl))
} }
} }

2
openssl/src/ssl/tests/mod.rs
View File

@ -1061,7 +1061,7 @@ fn add_extra_chain_cert() {
let cert = include_bytes!("../../../test/cert.pem"); let cert = include_bytes!("../../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap(); let cert = X509::from_pem(cert).unwrap();
let mut ctx = SslContext::new(SslMethod::tls()).unwrap(); let mut ctx = SslContext::new(SslMethod::tls()).unwrap();
ctx.add_extra_chain_cert(&cert).unwrap(); ctx.add_extra_chain_cert(cert).unwrap();
} }
#[test] #[test]

93
openssl/src/x509/mod.rs
View File

@ -10,6 +10,7 @@ use std::slice;
use std::collections::HashMap; use std::collections::HashMap;
use std::marker::PhantomData; use std::marker::PhantomData;
use {cvt, cvt_p};
use asn1::Asn1Time; use asn1::Asn1Time;
use asn1::Asn1TimeRef; use asn1::Asn1TimeRef;
use bio::{MemBio, MemBioSlice}; use bio::{MemBio, MemBioSlice};
@ -251,25 +252,25 @@ impl X509Generator {
let value = CString::new(value.as_bytes()).unwrap(); let value = CString::new(value.as_bytes()).unwrap();
let ext = match exttype.get_nid() { let ext = match exttype.get_nid() {
Some(nid) => { Some(nid) => {
ffi::X509V3_EXT_conf_nid(ptr::null_mut(), try!(cvt_p(ffi::X509V3_EXT_conf_nid(ptr::null_mut(),
mem::transmute(&ctx), mem::transmute(&ctx),
nid as c_int, nid as c_int,
value.as_ptr() as *mut c_char) value.as_ptr() as *mut c_char)))
} }
None => { None => {
let name = CString::new(exttype.get_name().unwrap().as_bytes()).unwrap(); let name = CString::new(exttype.get_name().unwrap().as_bytes()).unwrap();
ffi::X509V3_EXT_conf(ptr::null_mut(), try!(cvt_p(ffi::X509V3_EXT_conf(ptr::null_mut(),
mem::transmute(&ctx), mem::transmute(&ctx),
name.as_ptr() as *mut c_char, name.as_ptr() as *mut c_char,
value.as_ptr() as *mut c_char) value.as_ptr() as *mut c_char)))
} }
}; };
let mut success = false; if ffi::X509_add_ext(x509, ext, -1) != 1 {
if ext != ptr::null_mut() {
success = ffi::X509_add_ext(x509, ext, -1) != 0;
ffi::X509_EXTENSION_free(ext); ffi::X509_EXTENSION_free(ext);
Err(ErrorStack::get())
} else {
Ok(())
} }
lift_ssl_if!(!success)
} }
} }
@ -278,17 +279,18 @@ impl X509Generator {
value: &str) value: &str)
-> Result<(), ErrorStack> { -> Result<(), ErrorStack> {
let value_len = value.len() as c_int; let value_len = value.len() as c_int;
lift_ssl!(unsafe { unsafe {
let key = CString::new(key.as_bytes()).unwrap(); let key = CString::new(key.as_bytes()).unwrap();
let value = CString::new(value.as_bytes()).unwrap(); let value = CString::new(value.as_bytes()).unwrap();
ffi::X509_NAME_add_entry_by_txt(name, cvt(ffi::X509_NAME_add_entry_by_txt(name,
key.as_ptr() as *const _, key.as_ptr() as *const _,
ffi::MBSTRING_UTF8, ffi::MBSTRING_UTF8,
value.as_ptr() as *const _, value.as_ptr() as *const _,
value_len, value_len,
-1, -1,
0) 0))
}) .map(|_| ())
}
} }
fn random_serial() -> Result<c_long, ErrorStack> { fn random_serial() -> Result<c_long, ErrorStack> {
@ -308,32 +310,30 @@ impl X509Generator {
} }
/// Sets the certificate public-key, then self-sign and return it /// Sets the certificate public-key, then self-sign and return it
/// Note: That the bit-length of the private key is used (set_bitlength is ignored)
pub fn sign(&self, p_key: &PKey) -> Result<X509, ErrorStack> { pub fn sign(&self, p_key: &PKey) -> Result<X509, ErrorStack> {
ffi::init(); ffi::init();
unsafe { unsafe {
let x509 = try_ssl_null!(ffi::X509_new()); let x509 = X509::from_ptr(try!(cvt_p(ffi::X509_new())));
let x509 = X509::from_ptr(x509);
try_ssl!(ffi::X509_set_version(x509.as_ptr(), 2)); try!(cvt(ffi::X509_set_version(x509.as_ptr(), 2)));
try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.as_ptr()), try!(cvt(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.as_ptr()),
try!(X509Generator::random_serial()))); try!(X509Generator::random_serial()))));
let not_before = try!(Asn1Time::days_from_now(0)); let not_before = try!(Asn1Time::days_from_now(0));
let not_after = try!(Asn1Time::days_from_now(self.days)); let not_after = try!(Asn1Time::days_from_now(self.days));
try_ssl!(X509_set_notBefore(x509.as_ptr(), not_before.as_ptr() as *const _)); try!(cvt(X509_set_notBefore(x509.as_ptr(), not_before.as_ptr() as *const _)));
// If prev line succeded - ownership should go to cert // If prev line succeded - ownership should go to cert
mem::forget(not_before); mem::forget(not_before);
try_ssl!(X509_set_notAfter(x509.as_ptr(), not_after.as_ptr() as *const _)); try!(cvt(X509_set_notAfter(x509.as_ptr(), not_after.as_ptr() as *const _)));
// If prev line succeded - ownership should go to cert // If prev line succeded - ownership should go to cert
mem::forget(not_after); mem::forget(not_after);
try_ssl!(ffi::X509_set_pubkey(x509.as_ptr(), p_key.as_ptr())); try!(cvt(ffi::X509_set_pubkey(x509.as_ptr(), p_key.as_ptr())));
let name = try_ssl_null!(ffi::X509_get_subject_name(x509.as_ptr())); let name = try!(cvt_p(ffi::X509_get_subject_name(x509.as_ptr())));
let default = [("CN", "rust-openssl")]; let default = [("CN", "rust-openssl")];
let default_iter = &mut default.iter().map(|&(k, v)| (k, v)); let default_iter = &mut default.iter().map(|&(k, v)| (k, v));
@ -347,7 +347,7 @@ impl X509Generator {
for (key, val) in iter { for (key, val) in iter {
try!(X509Generator::add_name_internal(name, &key, &val)); try!(X509Generator::add_name_internal(name, &key, &val));
} }
try_ssl!(ffi::X509_set_issuer_name(x509.as_ptr(), name)); try!(cvt(ffi::X509_set_issuer_name(x509.as_ptr(), name)));
for (exttype, ext) in self.extensions.iter() { for (exttype, ext) in self.extensions.iter() {
try!(X509Generator::add_extension_internal(x509.as_ptr(), try!(X509Generator::add_extension_internal(x509.as_ptr(),
@ -356,7 +356,7 @@ impl X509Generator {
} }
let hash_fn = self.hash_type.as_ptr(); let hash_fn = self.hash_type.as_ptr();
try_ssl!(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn)); try!(cvt(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn)));
Ok(x509) Ok(x509)
} }
} }
@ -369,18 +369,20 @@ impl X509Generator {
}; };
unsafe { unsafe {
let req = ffi::X509_to_X509_REQ(cert.as_ptr(), ptr::null_mut(), ptr::null()); let req = try!(cvt_p(ffi::X509_to_X509_REQ(cert.as_ptr(),
try_ssl_null!(req); ptr::null_mut(),
ptr::null())));
let req = X509Req::from_ptr(req);
let exts = compat::X509_get0_extensions(cert.as_ptr()); let exts = compat::X509_get0_extensions(cert.as_ptr());
if exts != ptr::null_mut() { if exts != ptr::null_mut() {
try_ssl!(ffi::X509_REQ_add_extensions(req, exts as *mut _)); try!(cvt(ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _)));
} }
let hash_fn = self.hash_type.as_ptr(); let hash_fn = self.hash_type.as_ptr();
try_ssl!(ffi::X509_REQ_sign(req, p_key.as_ptr(), hash_fn)); try!(cvt(ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn)));
Ok(X509Req::new(req)) Ok(req)
} }
} }
} }
@ -394,12 +396,6 @@ impl<'a> X509Ref<'a> {
X509Ref(x509, PhantomData) X509Ref(x509, PhantomData)
} }
///
#[deprecated(note = "renamed to `X509::from_ptr`", since = "0.8.1")]
pub unsafe fn new(x509: *mut ffi::X509) -> X509Ref<'a> {
X509Ref::from_ptr(x509)
}
pub fn as_ptr(&self) -> *mut ffi::X509 { pub fn as_ptr(&self) -> *mut ffi::X509 {
self.0 self.0
} }
@ -429,7 +425,7 @@ impl<'a> X509Ref<'a> {
pub fn public_key(&self) -> Result<PKey, ErrorStack> { pub fn public_key(&self) -> Result<PKey, ErrorStack> {
unsafe { unsafe {
let pkey = try_ssl_null!(ffi::X509_get_pubkey(self.0)); let pkey = try!(cvt_p(ffi::X509_get_pubkey(self.0)));
Ok(PKey::from_ptr(pkey)) Ok(PKey::from_ptr(pkey))
} }
} }
@ -440,7 +436,7 @@ impl<'a> X509Ref<'a> {
let evp = hash_type.as_ptr(); let evp = hash_type.as_ptr();
let mut len = ffi::EVP_MAX_MD_SIZE; let mut len = ffi::EVP_MAX_MD_SIZE;
let mut buf = vec![0u8; len as usize]; let mut buf = vec![0u8; len as usize];
try_ssl!(ffi::X509_digest(self.0, evp, buf.as_mut_ptr() as *mut _, &mut len)); try!(cvt(ffi::X509_digest(self.0, evp, buf.as_mut_ptr() as *mut _, &mut len)));
buf.truncate(len as usize); buf.truncate(len as usize);
Ok(buf) Ok(buf)
} }
@ -468,7 +464,7 @@ impl<'a> X509Ref<'a> {
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack> { pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
let mem_bio = try!(MemBio::new()); let mem_bio = try!(MemBio::new());
unsafe { unsafe {
try_ssl!(ffi::PEM_write_bio_X509(mem_bio.as_ptr(), self.0)); try!(cvt(ffi::PEM_write_bio_X509(mem_bio.as_ptr(), self.0)));
} }
Ok(mem_bio.get_buf().to_owned()) Ok(mem_bio.get_buf().to_owned())
} }
@ -492,18 +488,12 @@ impl X509 {
X509(X509Ref::from_ptr(x509)) X509(X509Ref::from_ptr(x509))
} }
///
#[deprecated(note = "renamed to `X509::from_ptr`", since = "0.8.1")]
pub unsafe fn new(x509: *mut ffi::X509) -> X509 {
X509::from_ptr(x509)
}
/// Reads a certificate from DER. /// Reads a certificate from DER.
pub fn from_der(buf: &[u8]) -> Result<X509, ErrorStack> { pub fn from_der(buf: &[u8]) -> Result<X509, ErrorStack> {
unsafe { unsafe {
let mut ptr = buf.as_ptr(); let mut ptr = buf.as_ptr();
let len = cmp::min(buf.len(), c_long::max_value() as usize) as c_long; let len = cmp::min(buf.len(), c_long::max_value() as usize) as c_long;
let x509 = try_ssl_null!(ffi::d2i_X509(ptr::null_mut(), &mut ptr, len)); let x509 = try!(cvt_p(ffi::d2i_X509(ptr::null_mut(), &mut ptr, len)));
Ok(X509::from_ptr(x509)) Ok(X509::from_ptr(x509))
} }
} }
@ -512,10 +502,10 @@ impl X509 {
pub fn from_pem(buf: &[u8]) -> Result<X509, ErrorStack> { pub fn from_pem(buf: &[u8]) -> Result<X509, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let handle = try_ssl_null!(ffi::PEM_read_bio_X509(mem_bio.as_ptr(), let handle = try!(cvt_p(ffi::PEM_read_bio_X509(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(X509::from_ptr(handle)) Ok(X509::from_ptr(handle))
} }
} }
@ -582,8 +572,7 @@ impl<'x> X509Name<'x> {
pub struct X509Req(*mut ffi::X509_REQ); pub struct X509Req(*mut ffi::X509_REQ);
impl X509Req { impl X509Req {
/// Creates new from handle pub unsafe fn from_ptr(handle: *mut ffi::X509_REQ) -> X509Req {
pub unsafe fn new(handle: *mut ffi::X509_REQ) -> X509Req {
X509Req(handle) X509Req(handle)
} }
@ -595,11 +584,11 @@ impl X509Req {
pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> { pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
unsafe { unsafe {
let handle = try_ssl_null!(ffi::PEM_read_bio_X509_REQ(mem_bio.as_ptr(), let handle = try!(cvt_p(ffi::PEM_read_bio_X509_REQ(mem_bio.as_ptr(),
ptr::null_mut(), ptr::null_mut(),
None, None,
ptr::null_mut())); ptr::null_mut())));
Ok(X509Req::new(handle)) Ok(X509Req::from_ptr(handle))
} }
} }

8
openssl/src/x509/verify.rs
View File

@ -2,6 +2,7 @@ use std::marker::PhantomData;
use libc::c_uint; use libc::c_uint;
use ffi; use ffi;
use cvt;
use error::ErrorStack; use error::ErrorStack;
bitflags! { bitflags! {
@ -32,11 +33,10 @@ impl<'a> X509VerifyParamRef<'a> {
pub fn set_host(&mut self, host: &str) -> Result<(), ErrorStack> { pub fn set_host(&mut self, host: &str) -> Result<(), ErrorStack> {
unsafe { unsafe {
try_ssl!(ffi::X509_VERIFY_PARAM_set1_host(self.0, cvt(ffi::X509_VERIFY_PARAM_set1_host(self.0,
host.as_ptr() as *const _, host.as_ptr() as *const _,
host.len())) host.len()))
} .map(|_| ())
}
Ok(())
} }
} }