diff options
| author | Steven Fackler <[email protected]> | 2016-10-14 11:39:43 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2016-10-14 11:39:43 -0700 |
| commit | 98e71596fb48ce7cdabd46e581f32a9a54398cce (patch) | |
| tree | 7d600055248d58edfccd4ed5577c32c86bac3ff2 /openssl/src/crypto | |
| parent | Rename NoPadding to None (diff) | |
| parent | Ignore DTLS tests on Windows/ARM for now (diff) | |
| download | rust-openssl-98e71596fb48ce7cdabd46e581f32a9a54398cce.tar.xz rust-openssl-98e71596fb48ce7cdabd46e581f32a9a54398cce.zip | |
Merge pull request #464 from alexcrichton/systest
Add support for OpenSSL 1.1.0
Diffstat (limited to 'openssl/src/crypto')
| -rw-r--r-- | openssl/src/crypto/dsa.rs | 56 | ||||
| -rw-r--r-- | openssl/src/crypto/hash.rs | 22 | ||||
| -rw-r--r-- | openssl/src/crypto/hmac.rs | 130 | ||||
| -rw-r--r-- | openssl/src/crypto/mod.rs | 1 | ||||
| -rw-r--r-- | openssl/src/crypto/pkcs12.rs | 34 | ||||
| -rw-r--r-- | openssl/src/crypto/pkcs5.rs | 7 | ||||
| -rw-r--r-- | openssl/src/crypto/rsa.rs | 159 | ||||
| -rw-r--r-- | openssl/src/crypto/symm.rs | 63 |
8 files changed, 323 insertions, 149 deletions
diff --git a/openssl/src/crypto/dsa.rs b/openssl/src/crypto/dsa.rs index 97ba7a97..bb4fe474 100644 --- a/openssl/src/crypto/dsa.rs +++ b/openssl/src/crypto/dsa.rs @@ -19,8 +19,13 @@ impl DSAParams { unsafe { // Wrap it so that if we panic we'll call the dtor let dsa = DSAParams(try_ssl_null!(ffi::DSA_new())); - try_ssl!(ffi::DSA_generate_parameters_ex(dsa.0, size as c_int, ptr::null(), 0, - ptr::null_mut(), ptr::null_mut(), ptr::null())); + try_ssl!(ffi::DSA_generate_parameters_ex(dsa.0, + size as c_int, + ptr::null(), + 0, + ptr::null_mut(), + ptr::null_mut(), + ptr::null_mut())); Ok(dsa) } } @@ -190,43 +195,74 @@ impl DSA { pub fn p<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let p = (*self.0).p; + let p = compat::pqg(self.0)[0]; if p.is_null() { None } else { - Some(BigNumRef::from_ptr((*self.0).p)) + Some(BigNumRef::from_ptr(p as *mut _)) } } } pub fn q<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let q = (*self.0).q; + let q = compat::pqg(self.0)[1]; if q.is_null() { None } else { - Some(BigNumRef::from_ptr((*self.0).q)) + Some(BigNumRef::from_ptr(q as *mut _)) } } } pub fn g<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let g = (*self.0).g; + let g = compat::pqg(self.0)[2]; if g.is_null() { None } else { - Some(BigNumRef::from_ptr((*self.0).g)) + Some(BigNumRef::from_ptr(g as *mut _)) } } } pub fn has_public_key(&self) -> bool { - unsafe { !(*self.0).pub_key.is_null() } + unsafe { !compat::keys(self.0)[0].is_null() } } pub fn has_private_key(&self) -> bool { - unsafe { !(*self.0).priv_key.is_null() } + unsafe { !compat::keys(self.0)[1].is_null() } + } +} + +#[cfg(ossl110)] +mod compat { + use std::ptr; + use ffi::{self, BIGNUM, DSA}; + + pub unsafe fn pqg(d: *const DSA) -> [*const BIGNUM; 3] { + let (mut p, mut q, mut g) = (ptr::null(), ptr::null(), ptr::null()); + ffi::DSA_get0_pqg(d, &mut p, &mut q, &mut g); + [p, q, g] + } + + pub unsafe fn keys(d: *const DSA) -> [*const BIGNUM; 2] { + let (mut pub_key, mut priv_key) = (ptr::null(), ptr::null()); + ffi::DSA_get0_key(d, &mut pub_key, &mut priv_key); + [pub_key, priv_key] + } +} + +#[cfg(ossl10x)] +mod compat { + use ffi::{BIGNUM, DSA}; + + pub unsafe fn pqg(d: *const DSA) -> [*const BIGNUM; 3] { + [(*d).p, (*d).q, (*d).g] + } + + pub unsafe fn keys(d: *const DSA) -> [*const BIGNUM; 2] { + [(*d).pub_key, (*d).priv_key] } } diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs index 207a55f5..d87c43c5 100644 --- a/openssl/src/crypto/hash.rs +++ b/openssl/src/crypto/hash.rs @@ -1,8 +1,6 @@ -use libc::c_uint; use std::io::prelude::*; use std::io; use std::ptr; -use std::cmp; use ffi; use HashTypeInternals; @@ -102,7 +100,7 @@ impl Hasher { pub fn new(ty: Type) -> Result<Hasher, ErrorStack> { ffi::init(); - let ctx = unsafe { try_ssl_null!(ffi::EVP_MD_CTX_create()) }; + let ctx = unsafe { try_ssl_null!(ffi::EVP_MD_CTX_new()) }; let md = ty.evp_md(); let mut h = Hasher { @@ -123,22 +121,20 @@ impl Hasher { } Finalized => (), } - unsafe { try_ssl!(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *const _)); } + unsafe { try_ssl!(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _)); } self.state = Reset; Ok(()) } /// Feeds data into the hasher. - pub fn update(&mut self, mut data: &[u8]) -> Result<(), ErrorStack> { + pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> { if self.state == Finalized { try!(self.init()); } - while !data.is_empty() { - let len = cmp::min(data.len(), c_uint::max_value() as usize); - unsafe { - try_ssl!(ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), len as c_uint)); - } - data = &data[len..]; + unsafe { + try_ssl!(ffi::EVP_DigestUpdate(self.ctx, + data.as_ptr() as *mut _, + data.len())); } self.state = Updated; Ok(()) @@ -176,7 +172,7 @@ impl Write for Hasher { impl Clone for Hasher { fn clone(&self) -> Hasher { let ctx = unsafe { - let ctx = ffi::EVP_MD_CTX_create(); + let ctx = ffi::EVP_MD_CTX_new(); assert!(!ctx.is_null()); let r = ffi::EVP_MD_CTX_copy_ex(ctx, self.ctx); assert_eq!(r, 1); @@ -197,7 +193,7 @@ impl Drop for Hasher { if self.state != Finalized { drop(self.finish()); } - ffi::EVP_MD_CTX_destroy(self.ctx); + ffi::EVP_MD_CTX_free(self.ctx); } } } diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs index 1847d6b1..8f44ed7f 100644 --- a/openssl/src/crypto/hmac.rs +++ b/openssl/src/crypto/hmac.rs @@ -13,16 +13,14 @@ // limitations under the License. // -use libc::{c_int, c_uint}; +use libc::{c_int}; use std::io; use std::io::prelude::*; -use std::cmp; use ffi; use HashTypeInternals; use crypto::hash::Type; use error::ErrorStack; -use c_helpers; #[derive(PartialEq, Copy, Clone)] enum State { @@ -66,7 +64,7 @@ use self::State::*; /// assert_eq!(res, spec); /// ``` pub struct HMAC { - ctx: ffi::HMAC_CTX, + ctx: compat::HMAC_CTX, state: State, } @@ -75,11 +73,7 @@ impl HMAC { pub fn new(ty: Type, key: &[u8]) -> Result<HMAC, ErrorStack> { ffi::init(); - let ctx = unsafe { - let mut ctx = ::std::mem::uninitialized(); - ffi::HMAC_CTX_init(&mut ctx); - ctx - }; + let ctx = compat::HMAC_CTX::new(); let md = ty.evp_md(); let mut h = HMAC { @@ -92,11 +86,11 @@ impl HMAC { fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) -> Result<(), ErrorStack> { unsafe { - try_ssl!(c_helpers::rust_0_8_HMAC_Init_ex(&mut self.ctx, - key.as_ptr() as *const _, - key.len() as c_int, - md, - 0 as *mut _)); + try_ssl!(ffi::HMAC_Init_ex(self.ctx.get(), + key.as_ptr() as *const _, + key.len() as c_int, + md, + 0 as *mut _)); } self.state = Reset; Ok(()) @@ -113,26 +107,24 @@ impl HMAC { // If the key and/or md is not supplied it's reused from the last time // avoiding redundant initializations unsafe { - try_ssl!(c_helpers::rust_0_8_HMAC_Init_ex(&mut self.ctx, - 0 as *const _, - 0, - 0 as *const _, - 0 as *mut _)); + try_ssl!(ffi::HMAC_Init_ex(self.ctx.get(), + 0 as *const _, + 0, + 0 as *const _, + 0 as *mut _)); } self.state = Reset; Ok(()) } - pub fn update(&mut self, mut data: &[u8]) -> Result<(), ErrorStack> { + pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> { if self.state == Finalized { try!(self.init()); } - while !data.is_empty() { - let len = cmp::min(data.len(), c_uint::max_value() as usize); - unsafe { - try_ssl!(c_helpers::rust_0_8_HMAC_Update(&mut self.ctx, data.as_ptr(), len as c_uint)); - } - data = &data[len..]; + unsafe { + try_ssl!(ffi::HMAC_Update(self.ctx.get(), + data.as_ptr(), + data.len())); } self.state = Updated; Ok(()) @@ -147,7 +139,9 @@ impl HMAC { unsafe { let mut len = ffi::EVP_MAX_MD_SIZE; let mut res = vec![0; len as usize]; - try_ssl!(c_helpers::rust_0_8_HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len)); + try_ssl!(ffi::HMAC_Final(self.ctx.get(), + res.as_mut_ptr(), + &mut len)); res.truncate(len as usize); self.state = Finalized; Ok(res) @@ -167,14 +161,11 @@ impl Write for HMAC { } } -#[cfg(feature = "hmac_clone")] impl Clone for HMAC { - /// Requires the `hmac_clone` feature. fn clone(&self) -> HMAC { - let mut ctx: ffi::HMAC_CTX; + let ctx = compat::HMAC_CTX::new(); unsafe { - ctx = ::std::mem::uninitialized(); - let r = ffi::HMAC_CTX_copy(&mut ctx, &self.ctx); + let r = ffi::HMAC_CTX_copy(ctx.get(), self.ctx.get()); assert_eq!(r, 1); } HMAC { @@ -186,11 +177,8 @@ impl Clone for HMAC { impl Drop for HMAC { fn drop(&mut self) { - unsafe { - if self.state != Finalized { - drop(self.finish()); - } - ffi::HMAC_CTX_cleanup(&mut self.ctx); + if self.state != Finalized { + drop(self.finish()); } } } @@ -202,6 +190,73 @@ pub fn hmac(t: Type, key: &[u8], data: &[u8]) -> Result<Vec<u8>, ErrorStack> { h.finish() } +#[cfg(ossl110)] +#[allow(bad_style)] +mod compat { + use ffi; + + pub struct HMAC_CTX { + ctx: *mut ffi::HMAC_CTX, + } + + impl HMAC_CTX { + pub fn new() -> HMAC_CTX { + unsafe { + let ctx = ffi::HMAC_CTX_new(); + assert!(!ctx.is_null()); + HMAC_CTX { ctx: ctx } + } + } + + pub fn get(&self) -> *mut ffi::HMAC_CTX { + self.ctx + } + } + + impl Drop for HMAC_CTX { + fn drop(&mut self) { + unsafe { + ffi::HMAC_CTX_free(self.ctx); + } + } + } +} + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use std::mem; + use std::cell::UnsafeCell; + + use ffi; + + pub struct HMAC_CTX { + ctx: UnsafeCell<ffi::HMAC_CTX>, + } + + impl HMAC_CTX { + pub fn new() -> HMAC_CTX { + unsafe { + let mut ctx = mem::zeroed(); + ffi::HMAC_CTX_init(&mut ctx); + HMAC_CTX { ctx: UnsafeCell::new(ctx) } + } + } + + pub fn get(&self) -> *mut ffi::HMAC_CTX { + self.ctx.get() + } + } + + impl Drop for HMAC_CTX { + fn drop(&mut self) { + unsafe { + ffi::HMAC_CTX_cleanup(self.get()); + } + } + } +} + #[cfg(test)] mod tests { use std::iter::repeat; @@ -289,7 +344,6 @@ mod tests { } #[test] - #[cfg(feature = "hmac_clone")] fn test_clone() { let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [(repeat(0xaa_u8).take(80).collect(), diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index b8b109a2..389b7cc9 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -15,7 +15,6 @@ // pub mod hash; -#[cfg(feature = "hmac")] pub mod hmac; pub mod pkcs5; pub mod pkcs12; diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs index 89bcbd5c..5f03a3d5 100644 --- a/openssl/src/crypto/pkcs12.rs +++ b/openssl/src/crypto/pkcs12.rs @@ -44,13 +44,14 @@ impl Pkcs12 { let pkey = PKey::from_ptr(pkey); let cert = X509::from_ptr(cert); + let chain = chain as *mut _; let mut chain_out = vec![]; - for i in 0..(*chain).stack.num { - let x509 = *(*chain).stack.data.offset(i as isize) as *mut _; - chain_out.push(X509::from_ptr(x509)); + for i in 0..compat::OPENSSL_sk_num(chain) { + let x509 = compat::OPENSSL_sk_value(chain, i); + chain_out.push(X509::from_ptr(x509 as *mut _)); } - ffi::sk_free(&mut (*chain).stack); + compat::OPENSSL_sk_free(chain as *mut _); Ok(ParsedPkcs12 { pkey: pkey, @@ -69,6 +70,31 @@ pub struct ParsedPkcs12 { _p: (), } +#[cfg(ossl110)] +mod compat { + pub use ffi::OPENSSL_sk_free; + pub use ffi::OPENSSL_sk_num; + pub use ffi::OPENSSL_sk_value; +} + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use libc::{c_int, c_void}; + use ffi; + + pub use ffi::sk_free as OPENSSL_sk_free; + + pub unsafe fn OPENSSL_sk_num(stack: *mut ffi::_STACK) -> c_int { + (*stack).num + } + + pub unsafe fn OPENSSL_sk_value(stack: *const ffi::_STACK, idx: c_int) + -> *mut c_void { + *(*stack).data.offset(idx as isize) as *mut c_void + } +} + #[cfg(test)] mod test { use crypto::hash::Type::SHA1; diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs index ef84fbe1..adcbc9db 100644 --- a/openssl/src/crypto/pkcs5.rs +++ b/openssl/src/crypto/pkcs5.rs @@ -82,7 +82,7 @@ pub fn pbkdf2_hmac_sha1(pass: &[u8], ffi::init(); - try_ssl!(ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr(), + try_ssl!(ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr() as *const _, pass.len() as c_int, salt.as_ptr(), salt.len() as c_int, @@ -94,7 +94,6 @@ pub fn pbkdf2_hmac_sha1(pass: &[u8], } /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function. -#[cfg(feature = "pkcs5_pbkdf2_hmac")] pub fn pbkdf2_hmac(pass: &[u8], salt: &[u8], iter: usize, @@ -104,7 +103,7 @@ pub fn pbkdf2_hmac(pass: &[u8], unsafe { let mut out = vec![0; keylen]; ffi::init(); - try_ssl!(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr(), + try_ssl!(ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr() as *const _, pass.len() as c_int, salt.as_ptr(), salt.len() as c_int, @@ -162,7 +161,6 @@ mod tests { // Test vectors from // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] - #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha256() { assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, hash::Type::SHA256, 16).unwrap(), vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, @@ -176,7 +174,6 @@ mod tests { // Test vectors from // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] - #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha512() { assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, hash::Type::SHA512, 64).unwrap(), vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 8a3f9188..f91f39fb 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -2,7 +2,7 @@ use ffi; use std::fmt; use std::ptr; use std::mem; -use libc::{c_int, c_void, c_char, c_ulong}; +use libc::{c_int, c_void, c_char}; use bn::{BigNum, BigNumRef}; use bio::{MemBio, MemBioSlice}; @@ -44,12 +44,13 @@ impl RSA { /// the supplied load and save methods for DER formatted keys. pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> { unsafe { - let rsa = try_ssl_null!(ffi::RSA_new()); - (*rsa).n = n.as_ptr(); - (*rsa).e = e.as_ptr(); - mem::forget(n); - mem::forget(e); - Ok(RSA(rsa)) + let rsa = RSA(try_ssl_null!(ffi::RSA_new())); + try_ssl!(compat::set_key(rsa.0, + n.as_ptr(), + e.as_ptr(), + ptr::null_mut())); + mem::forget((n, e)); + Ok(rsa) } } @@ -63,24 +64,15 @@ impl RSA { qi: BigNum) -> Result<RSA, ErrorStack> { unsafe { - let rsa = try_ssl_null!(ffi::RSA_new()); - (*rsa).n = n.as_ptr(); - (*rsa).e = e.as_ptr(); - (*rsa).d = d.as_ptr(); - (*rsa).p = p.as_ptr(); - (*rsa).q = q.as_ptr(); - (*rsa).dmp1 = dp.as_ptr(); - (*rsa).dmq1 = dq.as_ptr(); - (*rsa).iqmp = qi.as_ptr(); - mem::forget(n); - mem::forget(e); - mem::forget(d); - mem::forget(p); - mem::forget(q); - mem::forget(dp); - mem::forget(dq); - mem::forget(qi); - Ok(RSA(rsa)) + let rsa = RSA(try_ssl_null!(ffi::RSA_new())); + try_ssl!(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())); + mem::forget((n, e, d)); + try_ssl!(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())); + mem::forget((p, q)); + try_ssl!(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), + qi.as_ptr())); + mem::forget((dp, dq, qi)); + Ok(rsa) } } @@ -95,7 +87,7 @@ impl RSA { unsafe { let rsa = try_ssl_null!(ffi::RSA_new()); let rsa = RSA(rsa); - let e = try!(BigNum::new_from(ffi::RSA_F4 as c_ulong)); + let e = try!(BigNum::new_from(ffi::RSA_F4 as u32)); try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut())); @@ -292,55 +284,55 @@ impl RSA { pub fn n<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let n = (*self.0).n; + let n = compat::key(self.0)[0]; if n.is_null() { None } else { - Some(BigNumRef::from_ptr(n)) + Some(BigNumRef::from_ptr(n as *mut _)) } } } pub fn d<'a>(&self) -> Option<BigNumRef<'a>> { unsafe { - let d = (*self.0).d; + let d = compat::key(self.0)[2]; if d.is_null() { None } else { - Some(BigNumRef::from_ptr(d)) + Some(BigNumRef::from_ptr(d as *mut _)) } } } pub fn e<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let e = (*self.0).e; + let e = compat::key(self.0)[1]; if e.is_null() { None } else { - Some(BigNumRef::from_ptr(e)) + Some(BigNumRef::from_ptr(e as *mut _)) } } } pub fn p<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let p = (*self.0).p; + let p = compat::factors(self.0)[0]; if p.is_null() { None } else { - Some(BigNumRef::from_ptr(p)) + Some(BigNumRef::from_ptr(p as *mut _)) } } } pub fn q<'a>(&'a self) -> Option<BigNumRef<'a>> { unsafe { - let q = (*self.0).q; + let q = compat::factors(self.0)[1]; if q.is_null() { None } else { - Some(BigNumRef::from_ptr(q)) + Some(BigNumRef::from_ptr(q as *mut _)) } } } @@ -352,6 +344,89 @@ impl fmt::Debug for RSA { } } +#[cfg(ossl110)] +mod compat { + use std::ptr; + + use ffi::{self, BIGNUM, RSA}; + use libc::c_int; + + pub unsafe fn key(r: *const RSA) -> [*const BIGNUM; 3] { + let (mut n, mut e, mut d) = (ptr::null(), ptr::null(), ptr::null()); + ffi::RSA_get0_key(r, &mut n, &mut e, &mut d); + [n, e, d] + } + + pub unsafe fn factors(r: *const RSA) -> [*const BIGNUM; 2] { + let (mut p, mut q) = (ptr::null(), ptr::null()); + ffi::RSA_get0_factors(r, &mut p, &mut q); + [p, q] + } + + pub unsafe fn set_key(r: *mut RSA, + n: *mut BIGNUM, + e: *mut BIGNUM, + d: *mut BIGNUM) -> c_int { + ffi::RSA_set0_key(r, n, e, d) + } + + pub unsafe fn set_factors(r: *mut RSA, + p: *mut BIGNUM, + q: *mut BIGNUM) -> c_int { + ffi::RSA_set0_factors(r, p, q) + } + + pub unsafe fn set_crt_params(r: *mut RSA, + dmp1: *mut BIGNUM, + dmq1: *mut BIGNUM, + iqmp: *mut BIGNUM) -> c_int { + ffi::RSA_set0_crt_params(r, dmp1, dmq1, iqmp) + } +} + +#[cfg(ossl10x)] +mod compat { + use libc::c_int; + use ffi::{BIGNUM, RSA}; + + pub unsafe fn key(r: *const RSA) -> [*const BIGNUM; 3] { + [(*r).n, (*r).e, (*r).d] + } + + pub unsafe fn factors(r: *const RSA) -> [*const BIGNUM; 2] { + [(*r).p, (*r).q] + } + + pub unsafe fn set_key(r: *mut RSA, + n: *mut BIGNUM, + e: *mut BIGNUM, + d: *mut BIGNUM) -> c_int { + (*r).n = n; + (*r).e = e; + (*r).d = d; + 1 // TODO: is this right? should it be 0? what's success? + } + + pub unsafe fn set_factors(r: *mut RSA, + p: *mut BIGNUM, + q: *mut BIGNUM) -> c_int { + (*r).p = p; + (*r).q = q; + 1 // TODO: is this right? should it be 0? what's success? + } + + pub unsafe fn set_crt_params(r: *mut RSA, + dmp1: *mut BIGNUM, + dmq1: *mut BIGNUM, + iqmp: *mut BIGNUM) -> c_int { + (*r).dmp1 = dmp1; + (*r).dmq1 = dmq1; + (*r).iqmp = iqmp; + 1 // TODO: is this right? should it be 0? what's success? + } +} + + #[cfg(test)] mod test { use std::io::Write; @@ -449,9 +524,9 @@ mod test { #[test] fn test_private_encrypt() { - let mut k0 = super::RSA::generate(512).unwrap(); + let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); - let mut k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); + let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); @@ -462,9 +537,9 @@ mod test { #[test] fn test_public_encrypt() { - let mut k0 = super::RSA::generate(512).unwrap(); + let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); - let mut k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); + let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); @@ -475,9 +550,9 @@ mod test { #[test] fn test_public_encrypt_pkcs() { - let mut k0 = super::RSA::generate(512).unwrap(); + let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); - let mut k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); + let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index 93764e4d..37754387 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -16,31 +16,20 @@ pub enum Mode { pub enum Type { AES_128_ECB, AES_128_CBC, - /// Requires the `aes_xts` feature - #[cfg(feature = "aes_xts")] AES_128_XTS, - #[cfg(feature = "aes_ctr")] AES_128_CTR, - // AES_128_GCM, AES_128_CFB1, AES_128_CFB128, AES_128_CFB8, - AES_256_ECB, AES_256_CBC, - /// Requires the `aes_xts` feature - #[cfg(feature = "aes_xts")] AES_256_XTS, - #[cfg(feature = "aes_ctr")] AES_256_CTR, - // AES_256_GCM, AES_256_CFB1, AES_256_CFB128, AES_256_CFB8, - DES_CBC, DES_ECB, - RC4_128, } @@ -50,29 +39,20 @@ impl Type { match *self { Type::AES_128_ECB => ffi::EVP_aes_128_ecb(), Type::AES_128_CBC => ffi::EVP_aes_128_cbc(), - #[cfg(feature = "aes_xts")] Type::AES_128_XTS => ffi::EVP_aes_128_xts(), - #[cfg(feature = "aes_ctr")] Type::AES_128_CTR => ffi::EVP_aes_128_ctr(), - // AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), Type::AES_128_CFB1 => ffi::EVP_aes_128_cfb1(), Type::AES_128_CFB128 => ffi::EVP_aes_128_cfb128(), Type::AES_128_CFB8 => ffi::EVP_aes_128_cfb8(), - Type::AES_256_ECB => ffi::EVP_aes_256_ecb(), Type::AES_256_CBC => ffi::EVP_aes_256_cbc(), - #[cfg(feature = "aes_xts")] Type::AES_256_XTS => ffi::EVP_aes_256_xts(), - #[cfg(feature = "aes_ctr")] Type::AES_256_CTR => ffi::EVP_aes_256_ctr(), - // AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), Type::AES_256_CFB1 => ffi::EVP_aes_256_cfb1(), Type::AES_256_CFB128 => ffi::EVP_aes_256_cfb128(), Type::AES_256_CFB8 => ffi::EVP_aes_256_cfb8(), - Type::DES_CBC => ffi::EVP_des_cbc(), Type::DES_ECB => ffi::EVP_des_ecb(), - Type::RC4_128 => ffi::EVP_rc4(), } } @@ -81,7 +61,7 @@ impl Type { /// Returns the length of keys used with this cipher. pub fn key_len(&self) -> usize { unsafe { - ffi::EVP_CIPHER_key_length(self.as_ptr()) as usize + EVP_CIPHER_key_length(self.as_ptr()) as usize } } @@ -89,7 +69,7 @@ impl Type { /// cipher does not use an IV. pub fn iv_len(&self) -> Option<usize> { unsafe { - let len = ffi::EVP_CIPHER_iv_length(self.as_ptr()) as usize; + let len = EVP_CIPHER_iv_length(self.as_ptr()) as usize; if len == 0 { None } else { @@ -105,7 +85,7 @@ impl Type { /// Stream ciphers such as RC4 have a block size of 1. pub fn block_size(&self) -> usize { unsafe { - ffi::EVP_CIPHER_block_size(self.as_ptr()) as usize + EVP_CIPHER_block_size(self.as_ptr()) as usize } } } @@ -272,6 +252,30 @@ fn cipher(t: Type, Ok(out) } +#[cfg(ossl110)] +use ffi::{EVP_CIPHER_iv_length, EVP_CIPHER_block_size, EVP_CIPHER_key_length}; + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use libc::c_int; + use ffi::EVP_CIPHER; + + pub unsafe fn EVP_CIPHER_iv_length(ptr: *const EVP_CIPHER) -> c_int { + (*ptr).iv_len + } + + pub unsafe fn EVP_CIPHER_block_size(ptr: *const EVP_CIPHER) -> c_int { + (*ptr).block_size + } + + pub unsafe fn EVP_CIPHER_key_length(ptr: *const EVP_CIPHER) -> c_int { + (*ptr).key_len + } +} +#[cfg(ossl10x)] +use self::compat::*; + #[cfg(test)] mod tests { use serialize::hex::{FromHex, ToHex}; @@ -372,7 +376,6 @@ mod tests { } #[test] - #[cfg(feature = "aes_xts")] fn test_aes256_xts() { // Test case 174 from // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip @@ -388,7 +391,6 @@ mod tests { } #[test] - #[cfg(feature = "aes_ctr")] fn test_aes128_ctr() { let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ @@ -401,17 +403,6 @@ mod tests { cipher_test(super::Type::AES_128_CTR, pt, ct, key, iv); } - // #[test] - // fn test_aes128_gcm() { - // Test case 3 in GCM spec - // let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; - // let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; - // let key = ~"feffe9928665731c6d6a8f9467308308"; - // let iv = ~"cafebabefacedbaddecaf888"; - // - // cipher_test(super::AES_128_GCM, pt, ct, key, iv); - // } - #[test] fn test_aes128_cfb1() { // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |