Loading .github/workflows/ci.yml +1 −0 Original line number Diff line number Diff line Loading @@ -78,6 +78,7 @@ jobs: runs-on: windows-latest env: VCPKGRS_DYNAMIC: 1 CARGO_LOG: cargo::core::compiler::fingerprint=trace steps: - uses: actions/checkout@v2 - uses: sfackler/actions/rustup@master Loading openssl-sys/src/x509_vfy.rs +1 −0 Original line number Diff line number Diff line Loading @@ -189,6 +189,7 @@ extern "C" { ) -> *mut X509_LOOKUP; pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; pub fn X509_STORE_set_flags(store: *mut X509_STORE, flags: c_ulong) -> c_int; } const_ptr_api! { Loading openssl/src/pkey.rs +116 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_int, c_long}; use std::convert::TryFrom; use std::ffi::CString; use std::fmt; use std::mem; Loading Loading @@ -671,8 +672,74 @@ cfg_if! { } } impl<T> TryFrom<EcKey<T>> for PKey<T> { type Error = ErrorStack; fn try_from(ec_key: EcKey<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_ec_key(ec_key) } } impl<T> TryFrom<PKey<T>> for EcKey<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<EcKey<T>, ErrorStack> { pkey.ec_key() } } impl<T> TryFrom<Rsa<T>> for PKey<T> { type Error = ErrorStack; fn try_from(rsa: Rsa<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_rsa(rsa) } } impl<T> TryFrom<PKey<T>> for Rsa<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Rsa<T>, ErrorStack> { pkey.rsa() } } impl<T> TryFrom<Dsa<T>> for PKey<T> { type Error = ErrorStack; fn try_from(dsa: Dsa<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_dsa(dsa) } } impl<T> TryFrom<PKey<T>> for Dsa<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Dsa<T>, ErrorStack> { pkey.dsa() } } impl<T> TryFrom<Dh<T>> for PKey<T> { type Error = ErrorStack; fn try_from(dh: Dh<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_dh(dh) } } impl<T> TryFrom<PKey<T>> for Dh<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Dh<T>, ErrorStack> { pkey.dh() } } #[cfg(test)] mod tests { use std::convert::TryInto; use crate::dh::Dh; use crate::dsa::Dsa; use crate::ec::EcKey; Loading Loading @@ -792,4 +859,53 @@ mod tests { assert_eq!(pkey.id(), Id::EC); assert!(pkey.rsa().is_err()); } #[test] fn test_rsa_conversion() { let rsa = Rsa::generate(2048).unwrap(); let pkey: PKey<Private> = rsa.clone().try_into().unwrap(); let rsa_: Rsa<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(rsa.p(), rsa_.p()); assert_eq!(rsa.q(), rsa_.q()); } #[test] fn test_dsa_conversion() { let dsa = Dsa::generate(2048).unwrap(); let pkey: PKey<Private> = dsa.clone().try_into().unwrap(); let dsa_: Dsa<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(dsa.priv_key(), dsa_.priv_key()); } #[test] fn test_ec_key_conversion() { let group = crate::ec::EcGroup::from_curve_name(crate::nid::Nid::X9_62_PRIME256V1).unwrap(); let ec_key = EcKey::generate(&group).unwrap(); let pkey: PKey<Private> = ec_key.clone().try_into().unwrap(); let ec_key_: EcKey<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(ec_key.private_key(), ec_key_.private_key()); } #[test] fn test_dh_conversion() { let dh_params = include_bytes!("../test/dhparams.pem"); let dh_params = Dh::params_from_pem(dh_params).unwrap(); let dh = dh_params.generate_key().unwrap(); // Clone is missing for Dh, save the parameters let p = dh.prime_p().to_owned().unwrap(); let q = dh.prime_q().map(|q| q.to_owned().unwrap()); let g = dh.generator().to_owned().unwrap(); let pkey: PKey<Private> = dh.try_into().unwrap(); let dh_: Dh<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(&p, dh_.prime_p()); assert_eq!(q, dh_.prime_q().map(|q| q.to_owned().unwrap())); assert_eq!(&g, dh_.generator()); } } openssl/src/x509/store.rs +12 −0 Original line number Diff line number Diff line Loading @@ -41,6 +41,8 @@ use std::mem; use crate::error::ErrorStack; use crate::stack::StackRef; #[cfg(any(ossl102, libressl261))] use crate::x509::verify::X509VerifyFlags; use crate::x509::{X509Object, X509}; use crate::{cvt, cvt_p}; Loading Loading @@ -102,6 +104,16 @@ impl X509StoreBuilderRef { let lookup = unsafe { ffi::X509_STORE_add_lookup(self.as_ptr(), method.as_ptr()) }; cvt_p(lookup).map(|ptr| unsafe { X509LookupRef::from_ptr_mut(ptr) }) } /// Sets certificate chain validation related flags. /// /// This corresponds to [`X509_STORE_set_flags`]. /// /// [`X509_STORE_set_flags`]: https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_set_flags.html #[cfg(any(ossl102, libressl261))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } } generic_foreign_type_and_impl_send_sync! { Loading openssl/src/x509/tests.rs +29 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ use crate::x509::extension::{ SubjectKeyIdentifier, }; use crate::x509::store::X509StoreBuilder; #[cfg(any(ossl102, libressl261))] use crate::x509::verify::X509VerifyFlags; #[cfg(ossl110)] use crate::x509::X509Builder; use crate::x509::{X509Name, X509Req, X509StoreContext, X509VerifyResult, X509}; Loading Loading @@ -398,6 +400,33 @@ fn test_verify_fails() { .unwrap()); } #[test] #[cfg(any(ossl102, libressl261))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let ca = include_bytes!("../../test/root-ca.pem"); let ca = X509::from_pem(ca).unwrap(); let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); store_bldr.add_cert(ca).unwrap(); store_bldr.set_flags(X509VerifyFlags::CRL_CHECK).unwrap(); let store = store_bldr.build(); let mut context = X509StoreContext::new().unwrap(); assert_eq!( context .init(&store, &cert, &chain, |c| { c.verify_cert()?; Ok(c.error()) }) .unwrap() .error_string(), "unable to get certificate CRL" ) } #[cfg(ossl110)] #[test] fn x509_ref_version() { Loading Loading
.github/workflows/ci.yml +1 −0 Original line number Diff line number Diff line Loading @@ -78,6 +78,7 @@ jobs: runs-on: windows-latest env: VCPKGRS_DYNAMIC: 1 CARGO_LOG: cargo::core::compiler::fingerprint=trace steps: - uses: actions/checkout@v2 - uses: sfackler/actions/rustup@master Loading
openssl-sys/src/x509_vfy.rs +1 −0 Original line number Diff line number Diff line Loading @@ -189,6 +189,7 @@ extern "C" { ) -> *mut X509_LOOKUP; pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int; pub fn X509_STORE_set_flags(store: *mut X509_STORE, flags: c_ulong) -> c_int; } const_ptr_api! { Loading
openssl/src/pkey.rs +116 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,7 @@ use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_int, c_long}; use std::convert::TryFrom; use std::ffi::CString; use std::fmt; use std::mem; Loading Loading @@ -671,8 +672,74 @@ cfg_if! { } } impl<T> TryFrom<EcKey<T>> for PKey<T> { type Error = ErrorStack; fn try_from(ec_key: EcKey<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_ec_key(ec_key) } } impl<T> TryFrom<PKey<T>> for EcKey<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<EcKey<T>, ErrorStack> { pkey.ec_key() } } impl<T> TryFrom<Rsa<T>> for PKey<T> { type Error = ErrorStack; fn try_from(rsa: Rsa<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_rsa(rsa) } } impl<T> TryFrom<PKey<T>> for Rsa<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Rsa<T>, ErrorStack> { pkey.rsa() } } impl<T> TryFrom<Dsa<T>> for PKey<T> { type Error = ErrorStack; fn try_from(dsa: Dsa<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_dsa(dsa) } } impl<T> TryFrom<PKey<T>> for Dsa<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Dsa<T>, ErrorStack> { pkey.dsa() } } impl<T> TryFrom<Dh<T>> for PKey<T> { type Error = ErrorStack; fn try_from(dh: Dh<T>) -> Result<PKey<T>, ErrorStack> { PKey::from_dh(dh) } } impl<T> TryFrom<PKey<T>> for Dh<T> { type Error = ErrorStack; fn try_from(pkey: PKey<T>) -> Result<Dh<T>, ErrorStack> { pkey.dh() } } #[cfg(test)] mod tests { use std::convert::TryInto; use crate::dh::Dh; use crate::dsa::Dsa; use crate::ec::EcKey; Loading Loading @@ -792,4 +859,53 @@ mod tests { assert_eq!(pkey.id(), Id::EC); assert!(pkey.rsa().is_err()); } #[test] fn test_rsa_conversion() { let rsa = Rsa::generate(2048).unwrap(); let pkey: PKey<Private> = rsa.clone().try_into().unwrap(); let rsa_: Rsa<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(rsa.p(), rsa_.p()); assert_eq!(rsa.q(), rsa_.q()); } #[test] fn test_dsa_conversion() { let dsa = Dsa::generate(2048).unwrap(); let pkey: PKey<Private> = dsa.clone().try_into().unwrap(); let dsa_: Dsa<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(dsa.priv_key(), dsa_.priv_key()); } #[test] fn test_ec_key_conversion() { let group = crate::ec::EcGroup::from_curve_name(crate::nid::Nid::X9_62_PRIME256V1).unwrap(); let ec_key = EcKey::generate(&group).unwrap(); let pkey: PKey<Private> = ec_key.clone().try_into().unwrap(); let ec_key_: EcKey<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(ec_key.private_key(), ec_key_.private_key()); } #[test] fn test_dh_conversion() { let dh_params = include_bytes!("../test/dhparams.pem"); let dh_params = Dh::params_from_pem(dh_params).unwrap(); let dh = dh_params.generate_key().unwrap(); // Clone is missing for Dh, save the parameters let p = dh.prime_p().to_owned().unwrap(); let q = dh.prime_q().map(|q| q.to_owned().unwrap()); let g = dh.generator().to_owned().unwrap(); let pkey: PKey<Private> = dh.try_into().unwrap(); let dh_: Dh<Private> = pkey.try_into().unwrap(); // Eq is missing assert_eq!(&p, dh_.prime_p()); assert_eq!(q, dh_.prime_q().map(|q| q.to_owned().unwrap())); assert_eq!(&g, dh_.generator()); } }
openssl/src/x509/store.rs +12 −0 Original line number Diff line number Diff line Loading @@ -41,6 +41,8 @@ use std::mem; use crate::error::ErrorStack; use crate::stack::StackRef; #[cfg(any(ossl102, libressl261))] use crate::x509::verify::X509VerifyFlags; use crate::x509::{X509Object, X509}; use crate::{cvt, cvt_p}; Loading Loading @@ -102,6 +104,16 @@ impl X509StoreBuilderRef { let lookup = unsafe { ffi::X509_STORE_add_lookup(self.as_ptr(), method.as_ptr()) }; cvt_p(lookup).map(|ptr| unsafe { X509LookupRef::from_ptr_mut(ptr) }) } /// Sets certificate chain validation related flags. /// /// This corresponds to [`X509_STORE_set_flags`]. /// /// [`X509_STORE_set_flags`]: https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_set_flags.html #[cfg(any(ossl102, libressl261))] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_STORE_set_flags(self.as_ptr(), flags.bits())).map(|_| ()) } } } generic_foreign_type_and_impl_send_sync! { Loading
openssl/src/x509/tests.rs +29 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ use crate::x509::extension::{ SubjectKeyIdentifier, }; use crate::x509::store::X509StoreBuilder; #[cfg(any(ossl102, libressl261))] use crate::x509::verify::X509VerifyFlags; #[cfg(ossl110)] use crate::x509::X509Builder; use crate::x509::{X509Name, X509Req, X509StoreContext, X509VerifyResult, X509}; Loading Loading @@ -398,6 +400,33 @@ fn test_verify_fails() { .unwrap()); } #[test] #[cfg(any(ossl102, libressl261))] fn test_verify_fails_with_crl_flag_set_and_no_crl() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let ca = include_bytes!("../../test/root-ca.pem"); let ca = X509::from_pem(ca).unwrap(); let chain = Stack::new().unwrap(); let mut store_bldr = X509StoreBuilder::new().unwrap(); store_bldr.add_cert(ca).unwrap(); store_bldr.set_flags(X509VerifyFlags::CRL_CHECK).unwrap(); let store = store_bldr.build(); let mut context = X509StoreContext::new().unwrap(); assert_eq!( context .init(&store, &cert, &chain, |c| { c.verify_cert()?; Ok(c.error()) }) .unwrap() .error_string(), "unable to get certificate CRL" ) } #[cfg(ossl110)] #[test] fn x509_ref_version() { Loading
