Loading openssl/examples/mk_certs.rs +5 −5 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ extern crate openssl; use openssl::asn1::Asn1Time; use openssl::bn::{BigNum, MSB_MAYBE_ZERO}; use openssl::bn::{BigNum, MsbOption}; use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkey::{PKey, PKeyRef}; Loading @@ -30,7 +30,7 @@ fn mk_ca_cert() -> Result<(X509, PKey), ErrorStack> { cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; serial.rand(159, MSB_MAYBE_ZERO, false)?; serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; Loading Loading @@ -88,7 +88,7 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; serial.rand(159, MSB_MAYBE_ZERO, false)?; serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; Loading @@ -109,8 +109,8 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P .key_encipherment() .build()?)?; let subject_key_identifier = SubjectKeyIdentifier::new() .build(&cert_builder.x509v3_context(Some(ca_cert), None))?; let subject_key_identifier = SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?; cert_builder.append_extension(subject_key_identifier)?; let auth_key_identifier = AuthorityKeyIdentifier::new() Loading openssl/src/bn.rs +19 −17 Original line number Diff line number Diff line Loading @@ -30,16 +30,16 @@ use libc::c_int; use std::cmp::Ordering; use std::ffi::CString; use std::{fmt, ptr}; use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref}; use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; use {cvt, cvt_p, cvt_n}; use {cvt, cvt_n, cvt_p}; use asn1::Asn1Integer; use error::ErrorStack; use string::OpensslString; #[cfg(ossl10x)] use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, use ffi::{get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536, get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048, get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072, Loading @@ -48,24 +48,26 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192}; #[cfg(ossl110)] use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, use ffi::{BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192}; /// Options for the most significant bits of a randomly generated `BigNum`. pub struct MsbOption(c_int); impl MsbOption { /// The most significant bit of the number may be 0. pub const MSB_MAYBE_ZERO: MsbOption = MsbOption(-1); pub const MAYBE_ZERO: MsbOption = MsbOption(-1); /// The most significant bit of the number must be 1. pub const MSB_ONE: MsbOption = MsbOption(0); pub const ONE: MsbOption = MsbOption(0); /// The most significant two bits of the number must be 1. /// /// The number of bits in the product of two such numbers will always be exactly twice the number /// of bits in the original numbers. pub const TWO_MSB_ONE: MsbOption = MsbOption(1); /// The number of bits in the product of two such numbers will always be exactly twice the /// number of bits in the original numbers. pub const TWO_ONES: MsbOption = MsbOption(1); } foreign_type_and_impl_send_sync! { type CType = ffi::BN_CTX; Loading Loading @@ -396,14 +398,14 @@ impl BigNumRef { /// # Examples /// /// ``` /// use openssl::bn::{BigNum,MSB_MAYBE_ZERO}; /// use openssl::bn::{BigNum, MsbOption}; /// use openssl::error::ErrorStack; /// /// fn generate_random() -> Result< BigNum, ErrorStack > { /// let mut big = BigNum::new()?; /// /// // Generates a 128-bit odd random number /// big.rand(128, MSB_MAYBE_ZERO, true); /// big.rand(128, MsbOption::MAYBE_ZERO, true); /// Ok((big)) /// } /// ``` Loading Loading @@ -1345,7 +1347,7 @@ impl Neg for BigNum { #[cfg(test)] mod tests { use bn::{BigNumContext, BigNum}; use bn::{BigNum, BigNumContext}; #[test] fn test_to_from_slice() { Loading openssl/src/ec.rs +44 −41 Original line number Diff line number Diff line Loading @@ -42,18 +42,39 @@ use bn::{BigNumContextRef, BigNumRef}; use error::ErrorStack; use nid::Nid; /// Compressed conversion from point value (Default) pub const POINT_CONVERSION_COMPRESSED: PointConversionForm = /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of /// compressed, uncompressed, or hybrid conversions. The default is compressed, except /// for binary curves. /// /// Further documentation is available in the [X9.62] standard. /// /// [X9.62]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); impl PointConversionForm { /// Compressed conversion from point value. pub const COMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED); /// Uncompressed conversion from point value (Binary curve default) pub const POINT_CONVERSION_UNCOMPRESSED: PointConversionForm = /// Uncompressed conversion from point value. pub const UNCOMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED); /// Performs both compressed and uncompressed conversions pub const POINT_CONVERSION_HYBRID: PointConversionForm = /// Performs both compressed and uncompressed conversions. pub const HYBRID: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID); } /// Named Curve or Explicit /// /// This type acts as a boolean as to whether the `EcGroup` is named or explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); impl Asn1Flag { /// Curve defined using polynomial parameters /// /// Most applications use a named EC_GROUP curve, however, support Loading @@ -78,25 +99,7 @@ pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); /// /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of /// compressed, uncompressed, or hybrid conversions. The default is compressed, except /// for binary curves. /// /// Further documentation is available in the [X9.62] standard. /// /// [X9.62]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); /// Named Curve or Explicit /// /// This type acts as a boolean as to whether the EC_Group is named or /// explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); } foreign_type_and_impl_send_sync! { type CType = ffi::EC_GROUP; Loading Loading @@ -767,7 +770,7 @@ mod test { let point = key.public_key().unwrap(); let mut ctx = BigNumContext::new().unwrap(); let bytes = point .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); let point2 = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap(); assert!(point.eq(&group, &point2, &mut ctx).unwrap()); Loading Loading @@ -796,7 +799,7 @@ mod test { let mut ctx = BigNumContext::new().unwrap(); let bytes = key.public_key() .unwrap() .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); drop(key); Loading openssl/src/ocsp.rs +41 −42 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ use x509::store::X509StoreRef; use x509::{X509, X509Ref}; bitflags! { pub struct Flag: c_ulong { pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; const NO_CHAIN = ffi::OCSP_NOCHAIN; Loading @@ -28,42 +28,6 @@ bitflags! { } } pub const RESPONSE_STATUS_SUCCESSFUL: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); pub const RESPONSE_STATUS_MALFORMED_REQUEST: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); pub const RESPONSE_STATUS_INTERNAL_ERROR: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); pub const RESPONSE_STATUS_TRY_LATER: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); pub const RESPONSE_STATUS_SIG_REQUIRED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); pub const RESPONSE_STATUS_UNAUTHORIZED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); pub const CERT_STATUS_GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); pub const CERT_STATUS_REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); pub const CERT_STATUS_UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); pub const REVOKED_STATUS_NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); pub const REVOKED_STATUS_UNSPECIFIED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); pub const REVOKED_STATUS_KEY_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); pub const REVOKED_STATUS_CA_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); pub const REVOKED_STATUS_AFFILIATION_CHANGED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); pub const REVOKED_STATUS_SUPERSEDED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); pub const REVOKED_STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); pub const REVOKED_STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); pub const REVOKED_STATUS_REMOVE_FROM_CRL: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); #[derive(Copy, Clone, Debug, PartialEq, Eq)] pub struct OcspResponseStatus(c_int); Loading @@ -75,6 +39,19 @@ impl OcspResponseStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const SUCCESSFUL: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); pub const MALFORMED_REQUEST: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); pub const INTERNAL_ERROR: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); pub const TRY_LATER: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); pub const SIG_REQUIRED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); pub const UNAUTHORIZED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] Loading @@ -88,6 +65,10 @@ impl OcspCertStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] Loading @@ -101,9 +82,27 @@ impl OcspRevokedStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); pub const UNSPECIFIED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); pub const KEY_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); pub const CA_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); pub const AFFILIATION_CHANGED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); pub const STATUS_SUPERSEDED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); pub const REMOVE_FROM_CRL: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); } pub struct Status<'a> { pub struct OcspStatus<'a> { /// The overall status of the response. pub status: OcspCertStatus, /// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation. Loading @@ -116,7 +115,7 @@ pub struct Status<'a> { pub next_update: &'a Asn1GeneralizedTimeRef, } impl<'a> Status<'a> { impl<'a> OcspStatus<'a> { /// Checks validity of the `this_update` and `next_update` fields. /// /// The `nsec` parameter specifies an amount of slack time that will be used when comparing Loading Loading @@ -153,7 +152,7 @@ impl OcspBasicResponseRef { &self, certs: &StackRef<X509>, store: &X509StoreRef, flags: Flag, flags: OcspFlag, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::OCSP_basic_verify( Loading @@ -166,7 +165,7 @@ impl OcspBasicResponseRef { } /// Looks up the status for the specified certificate ID. pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<Status<'a>> { pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<OcspStatus<'a>> { unsafe { let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN; let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS; Loading @@ -189,7 +188,7 @@ impl OcspBasicResponseRef { } else { Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time)) }; Some(Status { Some(OcspStatus { status: OcspCertStatus(status), reason: OcspRevokedStatus(status), revocation_time: revocation_time, Loading openssl/src/rsa.rs +15 −16 Original line number Diff line number Diff line Loading @@ -2,14 +2,14 @@ use ffi; use std::fmt; use std::ptr; use std::mem; use libc::{c_int, c_void, c_char}; use libc::{c_char, c_int, c_void}; use foreign_types::ForeignTypeRef; use {cvt, cvt_p, cvt_n}; use {cvt, cvt_n, cvt_p}; use bn::{BigNum, BigNumRef}; use bio::MemBioSlice; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb_old}; use util::{invoke_passwd_cb_old, CallbackState}; /// Type of encryption padding to use. #[derive(Debug, Copy, Clone, PartialEq, Eq)] Loading @@ -23,11 +23,11 @@ impl Padding { pub fn as_raw(&self) -> c_int { self.0 } } pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); } foreign_type_and_impl_send_sync! { type CType = ffi::RSA; Loading Loading @@ -286,9 +286,7 @@ impl Rsa { ) -> Result<Rsa, ErrorStack> { unsafe { let rsa = Rsa(cvt_p(ffi::RSA_new())?); cvt( compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()), )?; cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))?; mem::forget((n, e, d)); cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))?; mem::forget((p, q)); Loading Loading @@ -490,7 +488,7 @@ mod test { let mut result = vec![0; public_key.size()]; let original_data = b"This is test"; let len = public_key .public_encrypt(original_data, &mut result, PKCS1_PADDING) .public_encrypt(original_data, &mut result, Padding::PKCS1) .unwrap(); assert_eq!(len, 256); Loading @@ -498,7 +496,7 @@ mod test { let private_key = Rsa::private_key_from_pem(pkey).unwrap(); let mut dec_result = vec![0; private_key.size()]; let len = private_key .private_decrypt(&result, &mut dec_result, PKCS1_PADDING) .private_decrypt(&result, &mut dec_result, Padding::PKCS1) .unwrap(); assert_eq!(&dec_result[..len], original_data); Loading @@ -513,9 +511,10 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; k0.private_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1) .unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.public_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } Loading @@ -529,9 +528,9 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; k0.public_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.private_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } Loading Loading
openssl/examples/mk_certs.rs +5 −5 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ extern crate openssl; use openssl::asn1::Asn1Time; use openssl::bn::{BigNum, MSB_MAYBE_ZERO}; use openssl::bn::{BigNum, MsbOption}; use openssl::error::ErrorStack; use openssl::hash::MessageDigest; use openssl::pkey::{PKey, PKeyRef}; Loading @@ -30,7 +30,7 @@ fn mk_ca_cert() -> Result<(X509, PKey), ErrorStack> { cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; serial.rand(159, MSB_MAYBE_ZERO, false)?; serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; Loading Loading @@ -88,7 +88,7 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P cert_builder.set_version(2)?; let serial_number = { let mut serial = BigNum::new()?; serial.rand(159, MSB_MAYBE_ZERO, false)?; serial.rand(159, MsbOption::MAYBE_ZERO, false)?; serial.to_asn1_integer()? }; cert_builder.set_serial_number(&serial_number)?; Loading @@ -109,8 +109,8 @@ fn mk_ca_signed_cert(ca_cert: &X509Ref, ca_privkey: &PKeyRef) -> Result<(X509, P .key_encipherment() .build()?)?; let subject_key_identifier = SubjectKeyIdentifier::new() .build(&cert_builder.x509v3_context(Some(ca_cert), None))?; let subject_key_identifier = SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?; cert_builder.append_extension(subject_key_identifier)?; let auth_key_identifier = AuthorityKeyIdentifier::new() Loading
openssl/src/bn.rs +19 −17 Original line number Diff line number Diff line Loading @@ -30,16 +30,16 @@ use libc::c_int; use std::cmp::Ordering; use std::ffi::CString; use std::{fmt, ptr}; use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref}; use std::ops::{Add, Deref, Div, Mul, Neg, Rem, Shl, Shr, Sub}; use {cvt, cvt_p, cvt_n}; use {cvt, cvt_n, cvt_p}; use asn1::Asn1Integer; use error::ErrorStack; use string::OpensslString; #[cfg(ossl10x)] use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, use ffi::{get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024, get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536, get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048, get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072, Loading @@ -48,24 +48,26 @@ use ffi::{get_rfc2409_prime_768 as BN_get_rfc2409_prime_768, get_rfc3526_prime_8192 as BN_get_rfc3526_prime_8192}; #[cfg(ossl110)] use ffi::{BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, use ffi::{BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192}; /// Options for the most significant bits of a randomly generated `BigNum`. pub struct MsbOption(c_int); impl MsbOption { /// The most significant bit of the number may be 0. pub const MSB_MAYBE_ZERO: MsbOption = MsbOption(-1); pub const MAYBE_ZERO: MsbOption = MsbOption(-1); /// The most significant bit of the number must be 1. pub const MSB_ONE: MsbOption = MsbOption(0); pub const ONE: MsbOption = MsbOption(0); /// The most significant two bits of the number must be 1. /// /// The number of bits in the product of two such numbers will always be exactly twice the number /// of bits in the original numbers. pub const TWO_MSB_ONE: MsbOption = MsbOption(1); /// The number of bits in the product of two such numbers will always be exactly twice the /// number of bits in the original numbers. pub const TWO_ONES: MsbOption = MsbOption(1); } foreign_type_and_impl_send_sync! { type CType = ffi::BN_CTX; Loading Loading @@ -396,14 +398,14 @@ impl BigNumRef { /// # Examples /// /// ``` /// use openssl::bn::{BigNum,MSB_MAYBE_ZERO}; /// use openssl::bn::{BigNum, MsbOption}; /// use openssl::error::ErrorStack; /// /// fn generate_random() -> Result< BigNum, ErrorStack > { /// let mut big = BigNum::new()?; /// /// // Generates a 128-bit odd random number /// big.rand(128, MSB_MAYBE_ZERO, true); /// big.rand(128, MsbOption::MAYBE_ZERO, true); /// Ok((big)) /// } /// ``` Loading Loading @@ -1345,7 +1347,7 @@ impl Neg for BigNum { #[cfg(test)] mod tests { use bn::{BigNumContext, BigNum}; use bn::{BigNum, BigNumContext}; #[test] fn test_to_from_slice() { Loading
openssl/src/ec.rs +44 −41 Original line number Diff line number Diff line Loading @@ -42,18 +42,39 @@ use bn::{BigNumContextRef, BigNumRef}; use error::ErrorStack; use nid::Nid; /// Compressed conversion from point value (Default) pub const POINT_CONVERSION_COMPRESSED: PointConversionForm = /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of /// compressed, uncompressed, or hybrid conversions. The default is compressed, except /// for binary curves. /// /// Further documentation is available in the [X9.62] standard. /// /// [X9.62]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); impl PointConversionForm { /// Compressed conversion from point value. pub const COMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED); /// Uncompressed conversion from point value (Binary curve default) pub const POINT_CONVERSION_UNCOMPRESSED: PointConversionForm = /// Uncompressed conversion from point value. pub const UNCOMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED); /// Performs both compressed and uncompressed conversions pub const POINT_CONVERSION_HYBRID: PointConversionForm = /// Performs both compressed and uncompressed conversions. pub const HYBRID: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID); } /// Named Curve or Explicit /// /// This type acts as a boolean as to whether the `EcGroup` is named or explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); impl Asn1Flag { /// Curve defined using polynomial parameters /// /// Most applications use a named EC_GROUP curve, however, support Loading @@ -78,25 +99,7 @@ pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); /// /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of /// compressed, uncompressed, or hybrid conversions. The default is compressed, except /// for binary curves. /// /// Further documentation is available in the [X9.62] standard. /// /// [X9.62]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); /// Named Curve or Explicit /// /// This type acts as a boolean as to whether the EC_Group is named or /// explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); } foreign_type_and_impl_send_sync! { type CType = ffi::EC_GROUP; Loading Loading @@ -767,7 +770,7 @@ mod test { let point = key.public_key().unwrap(); let mut ctx = BigNumContext::new().unwrap(); let bytes = point .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); let point2 = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap(); assert!(point.eq(&group, &point2, &mut ctx).unwrap()); Loading Loading @@ -796,7 +799,7 @@ mod test { let mut ctx = BigNumContext::new().unwrap(); let bytes = key.public_key() .unwrap() .to_bytes(&group, POINT_CONVERSION_COMPRESSED, &mut ctx) .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); drop(key); Loading
openssl/src/ocsp.rs +41 −42 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ use x509::store::X509StoreRef; use x509::{X509, X509Ref}; bitflags! { pub struct Flag: c_ulong { pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; const NO_CHAIN = ffi::OCSP_NOCHAIN; Loading @@ -28,42 +28,6 @@ bitflags! { } } pub const RESPONSE_STATUS_SUCCESSFUL: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); pub const RESPONSE_STATUS_MALFORMED_REQUEST: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); pub const RESPONSE_STATUS_INTERNAL_ERROR: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); pub const RESPONSE_STATUS_TRY_LATER: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); pub const RESPONSE_STATUS_SIG_REQUIRED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); pub const RESPONSE_STATUS_UNAUTHORIZED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); pub const CERT_STATUS_GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); pub const CERT_STATUS_REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); pub const CERT_STATUS_UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); pub const REVOKED_STATUS_NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); pub const REVOKED_STATUS_UNSPECIFIED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); pub const REVOKED_STATUS_KEY_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); pub const REVOKED_STATUS_CA_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); pub const REVOKED_STATUS_AFFILIATION_CHANGED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); pub const REVOKED_STATUS_SUPERSEDED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); pub const REVOKED_STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); pub const REVOKED_STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); pub const REVOKED_STATUS_REMOVE_FROM_CRL: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); #[derive(Copy, Clone, Debug, PartialEq, Eq)] pub struct OcspResponseStatus(c_int); Loading @@ -75,6 +39,19 @@ impl OcspResponseStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const SUCCESSFUL: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL); pub const MALFORMED_REQUEST: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_MALFORMEDREQUEST); pub const INTERNAL_ERROR: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_INTERNALERROR); pub const TRY_LATER: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_TRYLATER); pub const SIG_REQUIRED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED); pub const UNAUTHORIZED: OcspResponseStatus = OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] Loading @@ -88,6 +65,10 @@ impl OcspCertStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD); pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED); pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN); } #[derive(Copy, Clone, Debug, PartialEq, Eq)] Loading @@ -101,9 +82,27 @@ impl OcspRevokedStatus { pub fn as_raw(&self) -> c_int { self.0 } pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS); pub const UNSPECIFIED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED); pub const KEY_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_KEYCOMPROMISE); pub const CA_COMPROMISE: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CACOMPROMISE); pub const AFFILIATION_CHANGED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_AFFILIATIONCHANGED); pub const STATUS_SUPERSEDED: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_SUPERSEDED); pub const STATUS_CESSATION_OF_OPERATION: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CESSATIONOFOPERATION); pub const STATUS_CERTIFICATE_HOLD: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD); pub const REMOVE_FROM_CRL: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL); } pub struct Status<'a> { pub struct OcspStatus<'a> { /// The overall status of the response. pub status: OcspCertStatus, /// If `status` is `CERT_STATUS_REVOKED`, the reason for the revocation. Loading @@ -116,7 +115,7 @@ pub struct Status<'a> { pub next_update: &'a Asn1GeneralizedTimeRef, } impl<'a> Status<'a> { impl<'a> OcspStatus<'a> { /// Checks validity of the `this_update` and `next_update` fields. /// /// The `nsec` parameter specifies an amount of slack time that will be used when comparing Loading Loading @@ -153,7 +152,7 @@ impl OcspBasicResponseRef { &self, certs: &StackRef<X509>, store: &X509StoreRef, flags: Flag, flags: OcspFlag, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::OCSP_basic_verify( Loading @@ -166,7 +165,7 @@ impl OcspBasicResponseRef { } /// Looks up the status for the specified certificate ID. pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<Status<'a>> { pub fn find_status<'a>(&'a self, id: &OcspCertIdRef) -> Option<OcspStatus<'a>> { unsafe { let mut status = ffi::V_OCSP_CERTSTATUS_UNKNOWN; let mut reason = ffi::OCSP_REVOKED_STATUS_NOSTATUS; Loading @@ -189,7 +188,7 @@ impl OcspBasicResponseRef { } else { Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time)) }; Some(Status { Some(OcspStatus { status: OcspCertStatus(status), reason: OcspRevokedStatus(status), revocation_time: revocation_time, Loading
openssl/src/rsa.rs +15 −16 Original line number Diff line number Diff line Loading @@ -2,14 +2,14 @@ use ffi; use std::fmt; use std::ptr; use std::mem; use libc::{c_int, c_void, c_char}; use libc::{c_char, c_int, c_void}; use foreign_types::ForeignTypeRef; use {cvt, cvt_p, cvt_n}; use {cvt, cvt_n, cvt_p}; use bn::{BigNum, BigNumRef}; use bio::MemBioSlice; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb_old}; use util::{invoke_passwd_cb_old, CallbackState}; /// Type of encryption padding to use. #[derive(Debug, Copy, Clone, PartialEq, Eq)] Loading @@ -23,11 +23,11 @@ impl Padding { pub fn as_raw(&self) -> c_int { self.0 } } pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); } foreign_type_and_impl_send_sync! { type CType = ffi::RSA; Loading Loading @@ -286,9 +286,7 @@ impl Rsa { ) -> Result<Rsa, ErrorStack> { unsafe { let rsa = Rsa(cvt_p(ffi::RSA_new())?); cvt( compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()), )?; cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))?; mem::forget((n, e, d)); cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))?; mem::forget((p, q)); Loading Loading @@ -490,7 +488,7 @@ mod test { let mut result = vec![0; public_key.size()]; let original_data = b"This is test"; let len = public_key .public_encrypt(original_data, &mut result, PKCS1_PADDING) .public_encrypt(original_data, &mut result, Padding::PKCS1) .unwrap(); assert_eq!(len, 256); Loading @@ -498,7 +496,7 @@ mod test { let private_key = Rsa::private_key_from_pem(pkey).unwrap(); let mut dec_result = vec![0; private_key.size()]; let len = private_key .private_decrypt(&result, &mut dec_result, PKCS1_PADDING) .private_decrypt(&result, &mut dec_result, Padding::PKCS1) .unwrap(); assert_eq!(&dec_result[..len], original_data); Loading @@ -513,9 +511,10 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; k0.private_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1) .unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.public_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } Loading @@ -529,9 +528,9 @@ mod test { let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let mut emesg = vec![0; k0.size()]; k0.public_encrypt(&msg, &mut emesg, PKCS1_PADDING).unwrap(); k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.private_decrypt(&emesg, &mut dmesg, PKCS1_PADDING) let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } Loading
