diff options
| author | Steven Fackler <[email protected]> | 2018-05-19 20:41:09 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2018-05-19 20:41:09 -0700 |
| commit | b397bc45af106896cb955225acedfe452c7cabd6 (patch) | |
| tree | d1d6e42fef37739dde443d8e5a66851a59af1c74 /openssl/src | |
| parent | Merge pull request #921 from eonil/master (diff) | |
| parent | Support min/max version in LibreSSL (diff) | |
| download | rust-openssl-b397bc45af106896cb955225acedfe452c7cabd6.tar.xz rust-openssl-b397bc45af106896cb955225acedfe452c7cabd6.zip | |
Merge pull request #922 from sfackler/libressl-min-max-version
Support min/max version in LibreSSL
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/ec.rs | 16 | ||||
| -rw-r--r-- | openssl/src/rsa.rs | 11 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 26 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 8 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 13 |
5 files changed, 42 insertions, 32 deletions
diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index c4800c73..573d0c00 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -33,14 +33,14 @@ //! ``` use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use std::ptr; use libc::c_int; +use std::ptr; -use {cvt, cvt_n, cvt_p, init}; use bn::{BigNumContextRef, BigNumRef}; use error::ErrorStack; use nid::Nid; use pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public}; +use {cvt, cvt_n, cvt_p, init}; /// Compressed or Uncompressed conversion /// @@ -803,10 +803,10 @@ impl<T> Clone for EcKey<T> { #[cfg(test)] mod test { + use super::*; use bn::{BigNum, BigNumContext}; - use nid::Nid; use data_encoding::BASE64URL_NOPAD; - use super::*; + use nid::Nid; #[test] fn key_new_by_curve_name() { @@ -823,7 +823,7 @@ mod test { fn dup() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); - key.clone(); + drop(key.clone()); } #[test] @@ -862,7 +862,8 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let mut ctx = BigNumContext::new().unwrap(); - let bytes = key.public_key() + let bytes = key + .public_key() .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); @@ -877,7 +878,8 @@ mod test { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); - let dup_key = EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap(); + let dup_key = + EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap(); let res = dup_key.check_key().unwrap(); assert!(res == ()); diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 0ad55b96..718ae59d 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -751,7 +751,8 @@ mod test { #[test] fn test_to_password() { let key = Rsa::generate(2048).unwrap(); - let pem = key.private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar") + let pem = key + .private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar") .unwrap(); Rsa::private_key_from_pem_passphrase(&pem, b"foobar").unwrap(); assert!(Rsa::private_key_from_pem_passphrase(&pem, b"fizzbuzz").is_err()); @@ -791,7 +792,8 @@ mod test { k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1) .unwrap(); let mut dmesg = vec![0; k1.size() as usize]; - let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) + let len = k1 + .public_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } @@ -807,7 +809,8 @@ mod test { let mut emesg = vec![0; k0.size() as usize]; k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap(); let mut dmesg = vec![0; k1.size() as usize]; - let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) + let len = k1 + .private_decrypt(&emesg, &mut dmesg, Padding::PKCS1) .unwrap(); assert_eq!(msg, &dmesg[..len]); } @@ -883,6 +886,6 @@ mod test { #[test] fn clone() { let key = Rsa::generate(2048).unwrap(); - key.clone(); + drop(key.clone()); } } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8dc605ed..adec060c 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -1023,15 +1023,15 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or newer. + /// Requires OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer. /// /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110))] + #[cfg(any(ossl110, libressl261))] pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_min_proto_version( self.as_ptr(), - version.map_or(0, |v| v.0), + version.map_or(0, |v| v.0 as _), )).map(|_| ()) } } @@ -1043,15 +1043,15 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_set_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0 or newer. + /// Requires OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer. /// /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110))] + #[cfg(any(ossl110, libressl261))] pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_CTX_set_max_proto_version( self.as_ptr(), - version.map_or(0, |v| v.0), + version.map_or(0, |v| v.0 as _), )).map(|_| ()) } } @@ -1063,10 +1063,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_min_proto_version`]. /// - /// Requires OpenSSL 1.1.0g or newer. + /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. /// /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110g))] + #[cfg(any(ossl110g, libressl270))] pub fn min_proto_version(&mut self) -> Option<SslVersion> { unsafe { let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr()); @@ -1085,10 +1085,10 @@ impl SslContextBuilder { /// /// This corresponds to [`SSL_CTX_get_max_proto_version`]. /// - /// Requires OpenSSL 1.1.0g or newer. + /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer. /// /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html - #[cfg(any(ossl110g))] + #[cfg(any(ossl110g, libressl270))] pub fn max_proto_version(&mut self) -> Option<SslVersion> { unsafe { let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr()); @@ -2837,7 +2837,8 @@ impl<S: Read + Write> Read for SslStream<S> { } Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(e) => { - return Err(e.into_io_error() + return Err(e + .into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e))) } } @@ -2852,7 +2853,8 @@ impl<S: Read + Write> Write for SslStream<S> { Ok(n) => return Ok(n), Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {} Err(e) => { - return Err(e.into_io_error() + return Err(e + .into_io_error() .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e))) } } diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index 2e906728..b90199f0 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -19,7 +19,7 @@ use hash::MessageDigest; use ocsp::{OcspResponse, OcspResponseStatus}; use pkey::PKey; use ssl; -#[cfg(any(ossl110, ossl111))] +#[cfg(any(ossl110, ossl111, libressl261))] use ssl::SslVersion; use ssl::{ Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, SslConnector, @@ -1315,7 +1315,7 @@ fn keying_export() { } #[test] -#[cfg(any(ossl110))] +#[cfg(any(ossl110, libressl261))] fn no_version_overlap() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = listener.local_addr().unwrap(); @@ -1330,7 +1330,7 @@ fn no_version_overlap() { ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap(); #[cfg(ossl110g)] assert_eq!(ctx.min_proto_version(), None); - #[cfg(ossl110g)] + #[cfg(any(ossl110g, libressl270))] assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1)); let ssl = Ssl::new(&ctx.build()).unwrap(); ssl.accept(stream).unwrap_err(); @@ -1339,7 +1339,7 @@ fn no_version_overlap() { let stream = TcpStream::connect(addr).unwrap(); let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap(); - #[cfg(ossl110g)] + #[cfg(any(ossl110g, libressl270))] assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2)); #[cfg(ossl110g)] assert_eq!(ctx.max_proto_version(), None); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 7ef4d160..a3c66e0c 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -7,10 +7,12 @@ use nid::Nid; use pkey::{PKey, Private}; use rsa::Rsa; use stack::Stack; -use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult}; -use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, - SubjectAlternativeName, SubjectKeyIdentifier}; +use x509::extension::{ + AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName, + SubjectKeyIdentifier, +}; use x509::store::X509StoreBuilder; +use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult}; fn pkey() -> PKey<Private> { let rsa = Rsa::generate(2048).unwrap(); @@ -197,7 +199,8 @@ fn x509_builder() { assert!(pkey.public_eq(&x509.public_key().unwrap())); - let cn = x509.subject_name() + let cn = x509 + .subject_name() .entries_by_nid(Nid::COMMONNAME) .next() .unwrap(); @@ -291,7 +294,7 @@ fn signature() { fn clone_x509() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); - cert.clone(); + drop(cert.clone()); } #[test] |