aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.travis.yml6
-rw-r--r--README.md30
-rw-r--r--openssl-sys-extras/Cargo.toml6
-rw-r--r--openssl-sys-extras/src/lib.rs2
-rw-r--r--openssl-sys/Cargo.toml4
-rw-r--r--openssl-sys/src/lib.rs8
-rw-r--r--openssl/Cargo.toml10
-rw-r--r--openssl/src/crypto/hash.rs48
-rw-r--r--openssl/src/crypto/hmac.rs3
-rw-r--r--openssl/src/crypto/mod.rs6
-rw-r--r--openssl/src/crypto/pkey.rs39
-rw-r--r--openssl/src/crypto/rsa.rs207
-rw-r--r--openssl/src/lib.rs2
-rw-r--r--openssl/src/nid.rs56
-rw-r--r--openssl/src/ssl/bio.rs31
-rw-r--r--openssl/src/ssl/mod.rs45
-rw-r--r--openssl/src/ssl/tests/mod.rs40
-rw-r--r--openssl/src/version.rs3
-rw-r--r--openssl/src/x509/mod.rs20
-rw-r--r--openssl/src/x509/tests.rs30
-rw-r--r--openssl/test/cert.pem41
-rw-r--r--openssl/test/key.pem55
-rw-r--r--openssl/test/rsa.pem27
-rw-r--r--openssl/test/rsa.pem.pub9
24 files changed, 497 insertions, 231 deletions
diff --git a/.travis.yml b/.travis.yml
index e73df5f0..8dae13c4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,7 @@ addons:
- gcc-arm-linux-gnueabihf
rust:
- nightly
-- 1.8.0
+- 1.7.0
os:
- osx
- linux
@@ -18,11 +18,13 @@ matrix:
# include:
# - os: linux
# env: TARGET=arm-unknown-linux-gnueabihf TEST_FEATURES=true
- # rust: 1.8.0
+ # rust: 1.7.0
exclude:
- os: osx
env: TEST_FEATURES=true
before_install:
- ./openssl/test/build.sh
script:
+- cargo fetch --manifest-path openssl/Cargo.toml # generate a cargo.lock
+- cargo update --manifest-path openssl/Cargo.toml -p bitflags --precise 0.5.0
- ./openssl/test/run.sh
diff --git a/README.md b/README.md
index e082464b..17005abb 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
[![Build Status](https://travis-ci.org/sfackler/rust-openssl.svg?branch=master)](https://travis-ci.org/sfackler/rust-openssl)
-[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl).
+[Documentation](https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl).
## Building
@@ -44,10 +44,30 @@ export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib
On Windows, consider building with [mingw-w64](http://mingw-w64.org/).
Build script will try to find mingw in `PATH` environment variable to provide
Cargo with location where openssl libs from mingw-w64 package may be found.
-If you followed guide [Building on Windows](https://github.com/rust-lang/rust#building-on-windows)
-from rust repo, then you should have [MSYS2](http://msys2.github.io/) with
-`mingw-w64-openssl` installed as part of `mingw-w64-x86_64-toolchain`
-(or `mingw-w64-i686-toolchain`) package.
+
+mingw-w64 can be easily installed by using [MSYS2](http://msys2.github.io/). Install MSYS2 according to the instructions, and then, from an MSYS2 Shell, install mingw-w64:
+
+32-bit:
+```bash
+pacman -S mingw-w64-i686-gcc
+```
+
+64-bit
+```bash
+pacman -S mingw-w64-x86_64-gcc
+```
+
+and then install the mingw-w64 toolchain.
+
+32-bit:
+```bash
+pacman -S mingw-w64-i686-toolchain
+```
+
+64-bit:
+```bash
+pacman -S mingw-w64-x86_64-toolchain
+```
Alternatively, install OpenSSL from [here][1]. Cargo will not be able to find OpenSSL if it's
installed to the default location. You can either copy the `include/openssl`
diff --git a/openssl-sys-extras/Cargo.toml b/openssl-sys-extras/Cargo.toml
index 14f09247..d9f1ece3 100644
--- a/openssl-sys-extras/Cargo.toml
+++ b/openssl-sys-extras/Cargo.toml
@@ -1,11 +1,11 @@
[package]
name = "openssl-sys-extras"
-version = "0.7.11"
+version = "0.7.12"
authors = ["Steven Fackler <[email protected]>"]
license = "MIT"
description = "Extra FFI bindings to OpenSSL that require a C shim"
repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys_extras"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys_extras"
build = "build.rs"
[features]
@@ -13,7 +13,7 @@ ecdh_auto = []
[dependencies]
libc = "0.2"
-openssl-sys = { version = "0.7.11", path = "../openssl-sys" }
+openssl-sys = { version = "0.7.12", path = "../openssl-sys" }
[build-dependencies]
gcc = "0.3"
diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs
index a2acbd55..dbc19641 100644
--- a/openssl-sys-extras/src/lib.rs
+++ b/openssl-sys-extras/src/lib.rs
@@ -1,5 +1,5 @@
#![allow(non_upper_case_globals, non_snake_case)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
extern crate openssl_sys;
extern crate libc;
diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index 9ad5c456..890e9554 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -1,12 +1,12 @@
[package]
name = "openssl-sys"
-version = "0.7.11"
+version = "0.7.12"
authors = ["Alex Crichton <[email protected]>",
"Steven Fackler <[email protected]>"]
license = "MIT"
description = "FFI bindings to OpenSSL"
repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl_sys"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl_sys"
links = "openssl"
build = "build.rs"
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 85e81951..0a422b7e 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1,6 +1,6 @@
#![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
#![allow(dead_code)]
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
extern crate libc;
@@ -627,6 +627,12 @@ extern "C" {
callback: Option<PasswordCallback>,
user_data: *mut c_void) -> c_int;
pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int;
+ pub fn PEM_write_bio_RSAPrivateKey(bp: *mut BIO, rsa: *mut RSA, cipher: *const EVP_CIPHER,
+ kstr: *mut c_char, klen: c_int,
+ callback: Option<PasswordCallback>,
+ user_data: *mut c_void) -> c_int;
+ pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int;
+ pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int;
pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int;
pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int;
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index b69dc074..2d311d50 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -1,11 +1,11 @@
[package]
name = "openssl"
-version = "0.7.11"
+version = "0.7.12"
authors = ["Steven Fackler <[email protected]>"]
license = "Apache-2.0"
description = "OpenSSL bindings"
repository = "https://github.com/sfackler/rust-openssl"
-documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.11/openssl"
+documentation = "https://sfackler.github.io/rust-openssl/doc/v0.7.12/openssl"
readme = "../README.md"
keywords = ["crypto", "tls", "ssl", "dtls"]
build = "build.rs"
@@ -29,11 +29,11 @@ pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
nightly = []
[dependencies]
-bitflags = ">= 0.5.0, < 0.7.0"
+bitflags = ">= 0.5.0, < 0.8.0"
lazy_static = "0.2"
libc = "0.2"
-openssl-sys = { version = "0.7.11", path = "../openssl-sys" }
-openssl-sys-extras = { version = "0.7.11", path = "../openssl-sys-extras" }
+openssl-sys = { version = "0.7.12", path = "../openssl-sys" }
+openssl-sys-extras = { version = "0.7.12", path = "../openssl-sys-extras" }
[build-dependencies]
gcc = "0.3"
diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs
index 78465851..69d3a350 100644
--- a/openssl/src/crypto/hash.rs
+++ b/openssl/src/crypto/hash.rs
@@ -2,9 +2,11 @@ use libc::c_uint;
use std::iter::repeat;
use std::io::prelude::*;
use std::io;
-
use ffi;
+use crypto::HashTypeInternals;
+use nid::Nid;
+
/// Message digest (hash) type.
#[derive(Copy, Clone)]
pub enum Type {
@@ -17,19 +19,32 @@ pub enum Type {
RIPEMD160,
}
+impl HashTypeInternals for Type {
+ fn as_nid(&self) -> Nid {
+ match *self {
+ Type::MD5 => Nid::MD5,
+ Type::SHA1 => Nid::SHA1,
+ Type::SHA224 => Nid::SHA224,
+ Type::SHA256 => Nid::SHA256,
+ Type::SHA384 => Nid::SHA384,
+ Type::SHA512 => Nid::SHA512,
+ Type::RIPEMD160 => Nid::RIPEMD160,
+ }
+ }
+}
+
impl Type {
/// Returns the length of the message digest.
#[inline]
pub fn md_len(&self) -> usize {
- use self::Type::*;
match *self {
- MD5 => 16,
- SHA1 => 20,
- SHA224 => 28,
- SHA256 => 32,
- SHA384 => 48,
- SHA512 => 64,
- RIPEMD160 => 20,
+ Type::MD5 => 16,
+ Type::SHA1 => 20,
+ Type::SHA224 => 28,
+ Type::SHA256 => 32,
+ Type::SHA384 => 48,
+ Type::SHA512 => 64,
+ Type::RIPEMD160 => 20,
}
}
@@ -37,15 +52,14 @@ impl Type {
#[inline]
pub fn evp_md(&self) -> *const ffi::EVP_MD {
unsafe {
- use self::Type::*;
match *self {
- MD5 => ffi::EVP_md5(),
- SHA1 => ffi::EVP_sha1(),
- SHA224 => ffi::EVP_sha224(),
- SHA256 => ffi::EVP_sha256(),
- SHA384 => ffi::EVP_sha384(),
- SHA512 => ffi::EVP_sha512(),
- RIPEMD160 => ffi::EVP_ripemd160(),
+ Type::MD5 => ffi::EVP_md5(),
+ Type::SHA1 => ffi::EVP_sha1(),
+ Type::SHA224 => ffi::EVP_sha224(),
+ Type::SHA256 => ffi::EVP_sha256(),
+ Type::SHA384 => ffi::EVP_sha384(),
+ Type::SHA512 => ffi::EVP_sha512(),
+ Type::RIPEMD160 => ffi::EVP_ripemd160(),
}
}
}
diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs
index 866087b0..143c7b75 100644
--- a/openssl/src/crypto/hmac.rs
+++ b/openssl/src/crypto/hmac.rs
@@ -387,8 +387,7 @@ mod tests {
let tests: [(Vec<u8>, Vec<u8>); 6] =
[(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()),
(b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()),
- (repeat(0xaa_u8).take(20).collect(),
- repeat(0xdd_u8).take(50).collect()),
+ (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()),
("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
repeat(0xcd_u8).take(50).collect()),
(repeat(0xaa_u8).take(131).collect(),
diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index bb77453f..95b27022 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -14,6 +14,8 @@
// limitations under the License.
//
+use nid::Nid;
+
pub mod hash;
pub mod hmac;
pub mod pkcs5;
@@ -24,3 +26,7 @@ pub mod memcmp;
pub mod rsa;
mod symm_internal;
+
+trait HashTypeInternals {
+ fn as_nid(&self) -> Nid;
+}
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index ba0a16b6..c4111860 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -5,6 +5,8 @@ use std::iter::repeat;
use std::mem;
use std::ptr;
use bio::MemBio;
+
+use crypto::HashTypeInternals;
use crypto::hash;
use crypto::hash::Type as HashType;
use ffi;
@@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
}
}
-fn openssl_hash_nid(hash: HashType) -> c_int {
- match hash {
- HashType::MD5 => 4, // NID_md5,
- HashType::SHA1 => 64, // NID_sha1
- HashType::SHA224 => 675, // NID_sha224
- HashType::SHA256 => 672, // NID_sha256
- HashType::SHA384 => 673, // NID_sha384
- HashType::SHA512 => 674, // NID_sha512
- HashType::RIPEMD160 => 117, // NID_ripemd160
- }
-}
-
pub struct PKey {
evp: *mut ffi::EVP_PKEY,
parts: Parts,
@@ -124,7 +114,7 @@ impl PKey {
/// Reads an RSA private key from PEM, takes ownership of handle
pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
- where R: Read
+ where R: Read
{
let rsa = try!(RSA::private_key_from_pem(reader));
unsafe {
@@ -140,7 +130,7 @@ impl PKey {
/// Reads an RSA public key from PEM, takes ownership of handle
pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
- where R: Read
+ where R: Read
{
let rsa = try!(RSA::public_key_from_pem(reader));
unsafe {
@@ -556,7 +546,7 @@ impl PKey {
let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
let mut len = 0;
- let rv = ffi::RSA_sign(openssl_hash_nid(hash),
+ let rv = ffi::RSA_sign(hash.as_nid() as c_int,
s.as_ptr(),
s.len() as c_uint,
r.as_mut_ptr(),
@@ -579,7 +569,7 @@ impl PKey {
panic!("Could not get RSA key for verification");
}
- let rv = ffi::RSA_verify(openssl_hash_nid(hash),
+ let rv = ffi::RSA_verify(hash.as_nid() as c_int,
h.as_ptr(),
h.len() as c_uint,
s.as_ptr(),
@@ -610,16 +600,15 @@ impl Drop for PKey {
impl Clone for PKey {
fn clone(&self) -> Self {
let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts);
- // copy by encoding to DER and back
+ // copy by encoding to DER and back
match self.parts {
Parts::Public => {
pkey.load_pub(&self.save_pub()[..]);
- },
+ }
Parts::Both => {
pkey.load_priv(&self.save_priv()[..]);
- },
- Parts::Neither => {
- },
+ }
+ Parts::Neither => {}
}
pkey
}
@@ -694,8 +683,8 @@ mod tests {
fn test_private_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem");
let mut file = File::open(&key_path)
- .ok()
- .expect("Failed to open `test/key.pem`");
+ .ok()
+ .expect("Failed to open `test/key.pem`");
super::PKey::private_rsa_key_from_pem(&mut file).unwrap();
}
@@ -704,8 +693,8 @@ mod tests {
fn test_public_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem.pub");
let mut file = File::open(&key_path)
- .ok()
- .expect("Failed to open `test/key.pem.pub`");
+ .ok()
+ .expect("Failed to open `test/key.pem.pub`");
super::PKey::public_rsa_key_from_pem(&mut file).unwrap();
}
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 6fcb5b07..52b8590e 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -2,10 +2,13 @@ use ffi;
use std::fmt;
use ssl::error::{SslError, StreamError};
use std::ptr;
-use std::io::{self, Read};
+use std::io::{self, Read, Write};
+use libc::c_int;
use bn::BigNum;
use bio::MemBio;
+use crypto::HashTypeInternals;
+use crypto::hash;
pub struct RSA(*mut ffi::RSA);
@@ -29,6 +32,29 @@ impl RSA {
}
}
+ pub fn from_private_components(n: BigNum,
+ e: BigNum,
+ d: BigNum,
+ p: BigNum,
+ q: BigNum,
+ dp: BigNum,
+ dq: BigNum,
+ qi: BigNum)
+ -> Result<RSA, SslError> {
+ unsafe {
+ let rsa = try_ssl_null!(ffi::RSA_new());
+ (*rsa).n = n.into_raw();
+ (*rsa).e = e.into_raw();
+ (*rsa).d = d.into_raw();
+ (*rsa).p = p.into_raw();
+ (*rsa).q = q.into_raw();
+ (*rsa).dmp1 = dp.into_raw();
+ (*rsa).dmq1 = dq.into_raw();
+ (*rsa).iqmp = qi.into_raw();
+ Ok(RSA(rsa))
+ }
+ }
+
/// the caller should assert that the rsa pointer is valid.
pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
RSA(rsa)
@@ -36,7 +62,7 @@ impl RSA {
/// Reads an RSA private key from PEM formatted data.
pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
- where R: Read
+ where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
@@ -50,9 +76,34 @@ impl RSA {
}
}
+ /// Writes an RSA private key as unencrypted PEM formatted data
+ pub fn private_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+ where W: Write
+ {
+ let mut mem_bio = try!(MemBio::new());
+
+ let result = unsafe {
+ ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(),
+ self.0,
+ ptr::null(),
+ ptr::null_mut(),
+ 0,
+ None,
+ ptr::null_mut())
+ };
+
+ if result == 1 {
+ try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+ Ok(())
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
/// Reads an RSA public key from PEM formatted data.
pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
- where R: Read
+ where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
@@ -66,51 +117,97 @@ impl RSA {
}
}
+ /// Writes an RSA public key as PEM formatted data
+ pub fn public_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+ where W: Write
+ {
+ let mut mem_bio = try!(MemBio::new());
+
+ let result = unsafe { ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) };
+
+ if result == 1 {
+ try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+ Ok(())
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
+ pub fn size(&self) -> Result<u32, SslError> {
+ if self.has_n() {
+ unsafe { Ok(ffi::RSA_size(self.0) as u32) }
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
+ pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, SslError> {
+ let k_len = try!(self.size());
+ let mut sig = vec![0;k_len as usize];
+ let mut sig_len = k_len;
+
+ unsafe {
+ let result = ffi::RSA_sign(hash.as_nid() as c_int,
+ message.as_ptr(),
+ message.len() as u32,
+ sig.as_mut_ptr(),
+ &mut sig_len,
+ self.0);
+ assert!(sig_len == k_len);
+
+ if result == 1 {
+ Ok(sig)
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+ }
+
+ pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
+ unsafe {
+ let result = ffi::RSA_verify(hash.as_nid() as c_int,
+ message.as_ptr(),
+ message.len() as u32,
+ sig.as_ptr(),
+ sig.len() as u32,
+ self.0);
+
+ Ok(result == 1)
+ }
+ }
+
pub fn as_ptr(&self) -> *mut ffi::RSA {
self.0
}
// The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers
pub fn n(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).n)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).n) }
}
pub fn has_n(&self) -> bool {
- unsafe {
- !(*self.0).n.is_null()
- }
+ unsafe { !(*self.0).n.is_null() }
}
pub fn d(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).d)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).d) }
}
pub fn e(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).e)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).e) }
}
pub fn has_e(&self) -> bool {
- unsafe {
- !(*self.0).e.is_null()
- }
+ unsafe { !(*self.0).e.is_null() }
}
pub fn p(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).p)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).p) }
}
pub fn q(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).q)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).q) }
}
}
@@ -119,3 +216,65 @@ impl fmt::Debug for RSA {
write!(f, "RSA")
}
}
+
+#[cfg(test)]
+mod test {
+ use std::fs::File;
+ use std::io::Write;
+ use super::*;
+ use crypto::hash::*;
+
+ fn signing_input_rs256() -> Vec<u8> {
+ vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57,
+ 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48,
+ 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107,
+ 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121,
+ 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99,
+ 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81]
+ }
+
+ fn signature_rs256() -> Vec<u8> {
+ vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174,
+ 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60,
+ 150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237,
+ 16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
+ 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129,
+ 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111,
+ 36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18,
+ 142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
+ 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163,
+ 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35,
+ 185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195,
+ 212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
+ 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160,
+ 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71]
+ }
+
+ #[test]
+ pub fn test_sign() {
+ let mut buffer = File::open("test/rsa.pem").unwrap();
+ let private_key = RSA::private_key_from_pem(&mut buffer).unwrap();
+
+ let mut sha = Hasher::new(Type::SHA256);
+ sha.write_all(&signing_input_rs256()).unwrap();
+ let digest = sha.finish();
+
+ let result = private_key.sign(Type::SHA256, &digest).unwrap();
+
+ assert_eq!(result, signature_rs256());
+ }
+
+ #[test]
+ pub fn test_verify() {
+ let mut buffer = File::open("test/rsa.pem.pub").unwrap();
+ let public_key = RSA::public_key_from_pem(&mut buffer).unwrap();
+
+ let mut sha = Hasher::new(Type::SHA256);
+ sha.write_all(&signing_input_rs256()).unwrap();
+ let digest = sha.finish();
+
+ let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
+
+ assert!(result);
+ }
+}
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index f3be24b1..474e0b9a 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -1,4 +1,4 @@
-#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.11")]
+#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.7.12")]
#![cfg_attr(feature = "nightly", feature(const_fn))]
#[macro_use]
diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs
index bfcae15a..874d4a6f 100644
--- a/openssl/src/nid.rs
+++ b/openssl/src/nid.rs
@@ -2,7 +2,7 @@
#[derive(Copy, Clone, Hash, PartialEq, Eq)]
#[repr(usize)]
pub enum Nid {
- Undefined,
+ Undefined, // 0
Rsadsi,
Pkcs,
MD2,
@@ -12,7 +12,7 @@ pub enum Nid {
RsaEncryption,
RSA_MD2,
RSA_MD5,
- PBE_MD2_DES,
+ PBE_MD2_DES, // 10
X500,
x509,
CN,
@@ -22,7 +22,7 @@ pub enum Nid {
O,
OU,
RSA,
- Pkcs7,
+ Pkcs7, // 20
Pkcs7_data,
Pkcs7_signedData,
Pkcs7_envelopedData,
@@ -32,7 +32,7 @@ pub enum Nid {
Pkcs3,
DhKeyAgreement,
DES_ECB,
- DES_CFB,
+ DES_CFB, // 30
DES_CBC,
DES_EDE,
DES_EDE3,
@@ -42,7 +42,7 @@ pub enum Nid {
RC2_CBC,
RC2_ECB,
RC2_CFB,
- RC2_OFB,
+ RC2_OFB, // 40
SHA,
RSA_SHA,
DES_EDE_CBC,
@@ -52,7 +52,7 @@ pub enum Nid {
Pkcs9,
Email,
UnstructuredName,
- ContentType,
+ ContentType, // 50
MessageDigest,
SigningTime,
CounterSignature,
@@ -62,7 +62,7 @@ pub enum Nid {
Netscape,
NetscapeCertExtention,
NetscapeDatatype,
- DES_EDE_CFB64,
+ DES_EDE_CFB64, // 60
DES_EDE3_CFB64,
DES_EDE_OFB64,
DES_EDE3_OFB64,
@@ -72,7 +72,7 @@ pub enum Nid {
DSA_OLD,
PBE_SHA1_RC2_64,
PBKDF2,
- DSA_SHA1_OLD,
+ DSA_SHA1_OLD, // 70
NetscapeCertType,
NetscapeBaseUrl,
NetscapeRevocationUrl,
@@ -82,7 +82,7 @@ pub enum Nid {
NetscapeSSLServerName,
NetscapeComment,
NetscapeCertSequence,
- DESX_CBC,
+ DESX_CBC, // 80
ID_CE,
SubjectKeyIdentifier,
KeyUsage,
@@ -92,7 +92,7 @@ pub enum Nid {
BasicConstraints,
CrlNumber,
CertificatePolicies,
- AuthorityKeyIdentifier,
+ AuthorityKeyIdentifier, // 90
BF_CBC,
BF_ECB,
BF_CFB,
@@ -102,7 +102,7 @@ pub enum Nid {
RC4_40,
RC2_40_CBC,
G,
- S,
+ S, // 100
I,
/// uniqueIdentifier
UID,
@@ -113,7 +113,7 @@ pub enum Nid {
D,
CAST5_CBC,
CAST5_ECB,
- CAST5_CFB,
+ CAST5_CFB, // 110
CAST5_OFB,
PbeWithMD5AndCast5CBC,
DSA_SHA1,
@@ -123,7 +123,7 @@ pub enum Nid {
RIPEMD160,
// 118 missing
RSA_RIPEMD160 = 119,
- RC5_CBC,
+ RC5_CBC, // 120
RC5_ECB,
RC5_CFB,
RC5_OFB,
@@ -133,7 +133,7 @@ pub enum Nid {
PKIX,
ID_KP,
ServerAuth,
- ClientAuth,
+ ClientAuth, // 130
CodeSigning,
EmailProtection,
TimeStamping,
@@ -143,7 +143,7 @@ pub enum Nid {
MsSGC,
MsEFS,
NsSGC,
- DeltaCRL,
+ DeltaCRL, // 140
CRLReason,
InvalidityDate,
SXNetID,
@@ -153,7 +153,7 @@ pub enum Nid {
PBE_SHA1_2DES,
PBE_SHA1_RC2_128,
PBE_SHA1_RC2_40,
- KeyBag,
+ KeyBag, // 150
Pkcs8ShroudedKeyBag,
CertBag,
CrlBag,
@@ -163,7 +163,7 @@ pub enum Nid {
LocalKeyID,
X509Certificate,
SdsiCertificate,
- X509Crl,
+ X509Crl, // 160
PBES2,
PBMAC1,
HmacWithSha1,
@@ -171,6 +171,26 @@ pub enum Nid {
ID_QT_UNOTICE,
RC2_64_CBC,
SMIMECaps,
+ PBE_MD2_RC2_64,
+ PBE_MD5_RC2_64,
+ PBE_SHA1_DES,
+ MicrosoftExtensionRequest,
+ ExtensionRequest,
+ Name,
+ DnQualifier,
+ IdPe,
+ IdAd,
+ AuthorityInfoAccess,
+ OCSP,
+ CaIssuers,
+ OCSPSigning, // 180
+
+ // 181 and up are from openssl's obj_mac.h
/// Shown as UID in cert subject
- UserId = 458
+ UserId = 458,
+
+ SHA256 = 672,
+ SHA384,
+ SHA512,
+ SHA224,
}
diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs
index e53545d7..b6f20cf2 100644
--- a/openssl/src/ssl/bio.rs
+++ b/openssl/src/ssl/bio.rs
@@ -23,16 +23,16 @@ pub struct BioMethod(ffi::BIO_METHOD);
impl BioMethod {
pub fn new<S: Read + Write>() -> BioMethod {
BioMethod(ffi::BIO_METHOD {
- type_: BIO_TYPE_NONE,
- name: b"rust\0".as_ptr() as *const _,
- bwrite: Some(bwrite::<S>),
- bread: Some(bread::<S>),
- bputs: Some(bputs::<S>),
- bgets: None,
- ctrl: Some(ctrl::<S>),
- create: Some(create),
- destroy: Some(destroy::<S>),
- callback_ctrl: None,
+ type_: BIO_TYPE_NONE,
+ name: b"rust\0".as_ptr() as *const _,
+ bwrite: Some(bwrite::<S>),
+ bread: Some(bread::<S>),
+ bputs: Some(bputs::<S>),
+ bgets: None,
+ ctrl: Some(ctrl::<S>),
+ create: Some(create),
+ destroy: Some(destroy::<S>),
+ callback_ctrl: None,
})
}
}
@@ -82,12 +82,16 @@ unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
}
#[cfg(feature = "nightly")]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+ where F: FnOnce() -> T
+{
::std::panic::catch_unwind(::std::panic::AssertUnwindSafe(f))
}
#[cfg(not(feature = "nightly"))]
-fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>> where F: FnOnce() -> T {
+fn catch_unwind<F, T>(f: F) -> Result<T, Box<Any + Send>>
+ where F: FnOnce() -> T
+{
Ok(f())
}
@@ -137,7 +141,8 @@ unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int)
fn retriable_error(err: &io::Error) -> bool {
match err.kind() {
- io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true,
+ io::ErrorKind::WouldBlock |
+ io::ErrorKind::NotConnected => true,
_ => false,
}
}
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index aa785142..f207416f 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -850,7 +850,7 @@ pub struct SslCipher<'a> {
ph: PhantomData<&'a ()>,
}
-impl <'a> SslCipher<'a> {
+impl<'a> SslCipher<'a> {
/// Returns the name of cipher.
pub fn name(&self) -> &'static str {
let name = unsafe {
@@ -874,12 +874,18 @@ impl <'a> SslCipher<'a> {
/// Returns the number of bits used for the cipher.
pub fn bits(&self) -> CipherBits {
unsafe {
- let algo_bits : *mut c_int = ptr::null_mut();
+ let algo_bits: *mut c_int = ptr::null_mut();
let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
if !algo_bits.is_null() {
- CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
+ CipherBits {
+ secret: secret_bits,
+ algorithm: Some(*algo_bits),
+ }
} else {
- CipherBits { secret: secret_bits, algorithm: None }
+ CipherBits {
+ secret: secret_bits,
+ algorithm: None,
+ }
}
}
}
@@ -987,7 +993,9 @@ impl Ssl {
{
unsafe {
let verify = Box::new(verify);
- ffi::SSL_set_ex_data(self.ssl, get_ssl_verify_data_idx::<F>(), mem::transmute(verify));
+ ffi::SSL_set_ex_data(self.ssl,
+ get_ssl_verify_data_idx::<F>(),
+ mem::transmute(verify));
ffi::SSL_set_verify(self.ssl, mode.bits as c_int, Some(ssl_raw_verify::<F>));
}
}
@@ -999,7 +1007,10 @@ impl Ssl {
if ptr.is_null() {
None
} else {
- Some(SslCipher{ cipher: ptr, ph: PhantomData })
+ Some(SslCipher {
+ cipher: ptr,
+ ph: PhantomData,
+ })
}
}
}
@@ -1052,8 +1063,8 @@ impl Ssl {
/// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
pub fn version(&self) -> &'static str {
let version = unsafe {
- let ptr = ffi::SSL_get_version(self.ssl);
- CStr::from_ptr(ptr as *const _)
+ let ptr = ffi::SSL_get_version(self.ssl);
+ CStr::from_ptr(ptr as *const _)
};
str::from_utf8(version.to_bytes()).unwrap()
@@ -1224,7 +1235,8 @@ impl<S: Clone + Read + Write> Clone for SslStream<S> {
}
}
-impl<S> fmt::Debug for SslStream<S> where S: fmt::Debug
+impl<S> fmt::Debug for SslStream<S>
+ where S: fmt::Debug
{
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
fmt.debug_struct("SslStream")
@@ -1385,7 +1397,8 @@ impl<S> SslStream<S> {
}
}
LibSslError::ErrorZeroReturn => Some(SslError::SslSessionClosed),
- LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => None,
+ LibSslError::ErrorWantWrite |
+ LibSslError::ErrorWantRead => None,
err => {
Some(SslError::StreamError(io::Error::new(io::ErrorKind::Other,
format!("unexpected error {:?}", err))))
@@ -1401,8 +1414,7 @@ impl<S> SslStream<S> {
}
#[cfg(not(feature = "nightly"))]
- fn check_panic(&mut self) {
- }
+ fn check_panic(&mut self) {}
fn get_bio_error(&mut self) -> io::Error {
let error = unsafe { bio::take_error::<S>(self.ssl.get_raw_rbio()) };
@@ -1513,7 +1525,8 @@ pub enum MaybeSslStream<S>
Normal(S),
}
-impl<S> Read for MaybeSslStream<S> where S: Read + Write
+impl<S> Read for MaybeSslStream<S>
+ where S: Read + Write
{
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
match *self {
@@ -1523,7 +1536,8 @@ impl<S> Read for MaybeSslStream<S> where S: Read + Write
}
}
-impl<S> Write for MaybeSslStream<S> where S: Read + Write
+impl<S> Write for MaybeSslStream<S>
+ where S: Read + Write
{
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
match *self {
@@ -1540,7 +1554,8 @@ impl<S> Write for MaybeSslStream<S> where S: Read + Write
}
}
-impl<S> MaybeSslStream<S> where S: Read + Write
+impl<S> MaybeSslStream<S>
+ where S: Read + Write
{
/// Returns a reference to the underlying stream.
pub fn get_ref(&self) -> &S {
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index c3e7a363..5339f27e 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -196,7 +196,7 @@ macro_rules! run_test(
use ssl::SslMethod;
use ssl::{SslContext, Ssl, SslStream, VerifyCallback};
use ssl::SSL_VERIFY_PEER;
- use crypto::hash::Type::SHA256;
+ use crypto::hash::Type::SHA1;
use x509::X509StoreContext;
use serialize::hex::FromHex;
use super::Server;
@@ -236,7 +236,7 @@ run_test!(verify_untrusted, |method, stream| {
match SslStream::connect_generic(&ctx, stream) {
Ok(_) => panic!("expected failure"),
- Err(err) => println!("error {:?}", err)
+ Err(err) => println!("error {:?}", err),
}
});
@@ -246,11 +246,11 @@ run_test!(verify_trusted, |method, stream| {
match ctx.set_CA_file(&Path::new("test/cert.pem")) {
Ok(_) => {}
- Err(err) => panic!("Unexpected error {:?}", err)
+ Err(err) => panic!("Unexpected error {:?}", err),
}
match SslStream::connect_generic(&ctx, stream) {
Ok(_) => (),
- Err(err) => panic!("Expected success, got {:?}", err)
+ Err(err) => panic!("Expected success, got {:?}", err),
}
});
@@ -264,7 +264,7 @@ run_test!(verify_untrusted_callback_override_ok, |method, stream| {
match SslStream::connect_generic(&ctx, stream) {
Ok(_) => (),
- Err(err) => panic!("Expected success, got {:?}", err)
+ Err(err) => panic!("Expected success, got {:?}", err),
}
});
@@ -289,11 +289,11 @@ run_test!(verify_trusted_callback_override_ok, |method, stream| {
match ctx.set_CA_file(&Path::new("test/cert.pem")) {
Ok(_) => {}
- Err(err) => panic!("Unexpected error {:?}", err)
+ Err(err) => panic!("Unexpected error {:?}", err),
}
match SslStream::connect_generic(&ctx, stream) {
Ok(_) => (),
- Err(err) => panic!("Expected success, got {:?}", err)
+ Err(err) => panic!("Expected success, got {:?}", err),
}
});
@@ -307,7 +307,7 @@ run_test!(verify_trusted_callback_override_bad, |method, stream| {
match ctx.set_CA_file(&Path::new("test/cert.pem")) {
Ok(_) => {}
- Err(err) => panic!("Unexpected error {:?}", err)
+ Err(err) => panic!("Unexpected error {:?}", err),
}
assert!(SslStream::connect_generic(&ctx, stream).is_err());
});
@@ -335,7 +335,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
match ctx.set_CA_file(&Path::new("test/cert.pem")) {
Ok(_) => {}
- Err(err) => panic!("Unexpected error {:?}", err)
+ Err(err) => panic!("Unexpected error {:?}", err),
}
assert!(SslStream::connect_generic(&ctx, stream).is_ok());
});
@@ -353,13 +353,12 @@ run_test!(verify_trusted_get_error_err, |method, stream| {
});
run_test!(verify_callback_data, |method, stream| {
- fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext,
- node_id: &Vec<u8>) -> bool {
+ fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, node_id: &Vec<u8>) -> bool {
let cert = x509_ctx.get_current_cert();
match cert {
None => false,
Some(cert) => {
- let fingerprint = cert.fingerprint(SHA256).unwrap();
+ let fingerprint = cert.fingerprint(SHA1).unwrap();
&fingerprint == node_id
}
}
@@ -370,14 +369,14 @@ run_test!(verify_callback_data, |method, stream| {
// in DER format.
// Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256
// Please update if "test/cert.pem" will ever change
- let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+ let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
let node_id = node_hash_str.from_hex().unwrap();
ctx.set_verify_with_data(SSL_VERIFY_PEER, callback, node_id);
ctx.set_verify_depth(1);
match SslStream::connect_generic(&ctx, stream) {
Ok(_) => (),
- Err(err) => panic!("Expected success, got {:?}", err)
+ Err(err) => panic!("Expected success, got {:?}", err),
}
});
@@ -390,14 +389,14 @@ run_test!(ssl_verify_callback, |method, stream| {
let ctx = SslContext::new(method).unwrap();
let mut ssl = ctx.into_ssl().unwrap();
- let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+ let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
let node_id = node_hash_str.from_hex().unwrap();
ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
CHECKED.store(1, Ordering::SeqCst);
match x509.get_current_cert() {
None => false,
Some(cert) => {
- let fingerprint = cert.fingerprint(SHA256).unwrap();
+ let fingerprint = cert.fingerprint(SHA1).unwrap();
fingerprint == node_id
}
}
@@ -405,7 +404,7 @@ run_test!(ssl_verify_callback, |method, stream| {
match SslStream::connect_generic(ssl, stream) {
Ok(_) => (),
- Err(err) => panic!("Expected success, got {:?}", err)
+ Err(err) => panic!("Expected success, got {:?}", err),
}
assert_eq!(CHECKED.load(Ordering::SeqCst), 1);
@@ -499,11 +498,10 @@ fn test_write_direct() {
}
run_test!(get_peer_certificate, |method, stream| {
- let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(),
- stream).unwrap();
+ let stream = SslStream::connect_generic(&SslContext::new(method).unwrap(), stream).unwrap();
let cert = stream.ssl().peer_certificate().unwrap();
- let fingerprint = cert.fingerprint(SHA256).unwrap();
- let node_hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+ let fingerprint = cert.fingerprint(SHA1).unwrap();
+ let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
let node_id = node_hash_str.from_hex().unwrap();
assert_eq!(node_id, fingerprint)
});
diff --git a/openssl/src/version.rs b/openssl/src/version.rs
index 323cf1e2..0e9f61d8 100644
--- a/openssl/src/version.rs
+++ b/openssl/src/version.rs
@@ -1,4 +1,3 @@
-//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
@@ -86,4 +85,4 @@ fn test_versions() {
assert!(c_flags().starts_with("compiler:"));
assert!(built_on().starts_with("built on:"));
assert!(dir().starts_with("OPENSSLDIR:"));
-} \ No newline at end of file
+}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 0a242a15..3150cc6e 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -379,7 +379,9 @@ impl X509Generator {
ffi::X509_set_issuer_name(x509.handle, name);
for (exttype, ext) in self.extensions.iter() {
- try!(X509Generator::add_extension_internal(x509.handle, &exttype, &ext.to_string()));
+ try!(X509Generator::add_extension_internal(x509.handle,
+ &exttype,
+ &ext.to_string()));
}
let hash_fn = self.hash_type.evp_md();
@@ -539,9 +541,9 @@ extern "C" {
impl<'ctx> Clone for X509<'ctx> {
fn clone(&self) -> X509<'ctx> {
unsafe { rust_X509_clone(self.handle) }
- /* FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx
- * is probably also uneeded. We can remove both to condense the x509 api quite a bit
- */
+ // FIXME: given that we now have refcounting control, 'owned' should be uneeded, the 'ctx
+ // is probably also uneeded. We can remove both to condense the x509 api quite a bit
+ //
X509::new(self.handle, true)
}
}
@@ -671,7 +673,7 @@ impl Extensions {
pub fn add(&mut self, ext: Extension) {
let ext_type = ext.get_type();
- if let Some(index) = self.indexes.get(&ext_type) {
+ if let Some(index) = self.indexes.get(&ext_type) {
self.extensions[*index] = ext;
return;
}
@@ -693,7 +695,7 @@ impl Extensions {
/// extension in the collection.
struct ExtensionsIter<'a> {
current: usize,
- extensions: &'a Vec<Extension>
+ extensions: &'a Vec<Extension>,
}
impl<'a> Iterator for ExtensionsIter<'a> {
@@ -798,9 +800,7 @@ pub struct GeneralNames<'a> {
impl<'a> GeneralNames<'a> {
/// Returns the number of `GeneralName`s in this structure.
pub fn len(&self) -> usize {
- unsafe {
- (*self.stack).stack.num as usize
- }
+ unsafe { (*self.stack).stack.num as usize }
}
/// Returns the specified `GeneralName`.
@@ -823,7 +823,7 @@ impl<'a> GeneralNames<'a> {
pub fn iter(&self) -> GeneralNamesIter {
GeneralNamesIter {
names: self,
- idx: 0
+ idx: 0,
}
}
}
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 0032d108..f547a982 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -3,7 +3,7 @@ use std::io;
use std::path::Path;
use std::fs::File;
-use crypto::hash::Type::SHA256;
+use crypto::hash::Type::SHA1;
use crypto::pkey::PKey;
use x509::{X509, X509Generator};
use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr};
@@ -17,7 +17,7 @@ fn get_generator() -> X509Generator {
.set_bitlength(2048)
.set_valid_period(365 * 2)
.add_name("CN".to_string(), "test_me".to_string())
- .set_sign_hash(SHA256)
+ .set_sign_hash(SHA1)
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
.add_extension(ExtKeyUsage(vec![ClientAuth,
ServerAuth,
@@ -56,9 +56,10 @@ fn test_cert_gen_extension_ordering() {
#[test]
fn test_cert_gen_extension_bad_ordering() {
let result = get_generator()
- .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned()))
- .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned()))
- .generate();
+ .add_extension(OtherNid(Nid::AuthorityKeyIdentifier,
+ "keyid:always".to_owned()))
+ .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned()))
+ .generate();
assert!(result.is_err());
}
@@ -83,13 +84,9 @@ fn test_cert_loading() {
.expect("Failed to open `test/cert.pem`");
let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM");
- let fingerprint = cert.fingerprint(SHA256).unwrap();
+ let fingerprint = cert.fingerprint(SHA1).unwrap();
- // Hash was generated as SHA256 hash of certificate "test/cert.pem"
- // in DER format.
- // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256
- // Please update if "test/cert.pem" will ever change
- let hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
+ let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
let hash_vec = hash_str.from_hex().unwrap();
assert_eq!(fingerprint, hash_vec);
@@ -109,7 +106,7 @@ fn test_subject_read_cn() {
None => panic!("Failed to read CN from cert"),
};
- assert_eq!(&cn as &str, "test_cert")
+ assert_eq!(&cn as &str, "foobar.com")
}
#[test]
@@ -166,7 +163,8 @@ fn test_subject_alt_name() {
let subject_alt_names = cert.subject_alt_names().unwrap();
assert_eq!(3, subject_alt_names.len());
assert_eq!(Some("foobar.com"), subject_alt_names.get(0).dnsname());
- assert_eq!(subject_alt_names.get(1).ipaddress(), Some(&[127, 0, 0, 1][..]));
+ assert_eq!(subject_alt_names.get(1).ipaddress(),
+ Some(&[127, 0, 0, 1][..]));
assert_eq!(subject_alt_names.get(2).ipaddress(),
Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]));
}
@@ -178,8 +176,10 @@ fn test_subject_alt_name_iter() {
let subject_alt_names = cert.subject_alt_names().unwrap();
let mut subject_alt_names_iter = subject_alt_names.iter();
- assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), Some("foobar.com"));
- assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), Some(&[127, 0, 0, 1][..]));
+ assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(),
+ Some("foobar.com"));
+ assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(),
+ Some(&[127, 0, 0, 1][..]));
assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(),
Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]));
assert!(subject_alt_names_iter.next().is_none());
diff --git a/openssl/test/cert.pem b/openssl/test/cert.pem
index 0ca22e3d..b8c5ce01 100644
--- a/openssl/test/cert.pem
+++ b/openssl/test/cert.pem
@@ -1,24 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIJALuA8gDKi5EzMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydDAeFw0xNTA1MTExNzI0
-MThaFw0xNjA1MTAxNzI0MThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
-LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
-BAMUCXRlc3RfY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYg
-8apqh+nHYBL/KS9SLtDmhTR2s+H3mk7avXACahMEt/Eapsft5YOJ8JAkPbkoyd91
-QtxbrDF1M3rtTfWwHrf4jCeZ6kt2CSvYyJCPP/7JbWPdMDsYFBtoBOEVMdjOLr4R
-8tAar2t1Gu63Mu7LWeYvyFKqJpDkP30/k+OED79l7rOQg6eVN+Qjr1wx3VSBhovs
-UShGnSRw5YWiKnvvUnHwq2eXkwXFOdkhRNsTpWgV+EZsOdunczGbEG4qa+iwJjod
-/b8O9R1rIr12mwgT2U3GHNpJU0I+Qu2063nONndhMfES3md6QCIlKMVYDSU/Wli5
-sLxTxykXWv548Ib8Yv8CAwEAAaOBvjCBuzAdBgNVHQ4EFgQUGec/TF+Ok3BoEAqX
-yvEi9+Emy9QwgYsGA1UdIwSBgzCBgIAUGec/TF+Ok3BoEAqXyvEi9+Emy9ShXaRb
-MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
-bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMUCXRlc3RfY2VydIIJALuA
-8gDKi5EzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALwDb82BBTfz
-X+7rENv+f76X+DkHjt6QzCr9f1PYpbIle5/XaxCp+Rkz1BGZTmPRPURpAzweznlG
-kY5KydZ1+XdxPHh2zReBS00KxMElmlMKWp7nOnIKohzcQxTFp4VZ7smb9ymXYdYQ
-nRqaLIM1AKsj+0ulqsSbKggIuUZBvfrAdC3J6//3CXSdvQLJGzYPtTLUddQLN9pv
-GXrdNmvK3BjP+kokAjTt+DMMbIIZZitUVjKXqB7WS/Mqss1P2mdagJmOaD2mL3pY
-HDCCpquJ1SKN3g33hOA0pMRxGskyJI8x71mnej0StbUV9GdX0wN5ziSb/ccF2GYi
-Q+MS7OxsTEY=
+MIIDhzCCAm+gAwIBAgIJAKyxk8nkmAtWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTYwNTE2MDUw
+NTAwWhcNMjYwNTE0MDUwNTAwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApmb29iYXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qPQljESzF6NQhf4jkYfQeDYbSRf/LUfT5RvebDb8lrkEP/I33r/vMxK6ZcXy5LdK
+SanKImRvIPTVNJFOqOU/v9UIGXJQgKGWktCasZqKNmJP9ULI9eqZzAXNdLkg5Olf
+WiUl9bysDjVTUsIhwNTIV/ou1n+/ytJ4qvpO4TpIZXhZFoGbVKuNYF4dVXzroJGu
+1JLWJ5PZqwWwDI5mpaGTZ9qTDAEMVYOE4Yi5t877lqr1wEls1GXOyAHdRmzeALQ7
+obNudnqhPROIkx5OxdeMAEtSVqr+uuoUXhh65mSRsdMUEzPbzw9RzebdlNyk34Tv
+5k5QFFlcoPbQrTs26CoLNQIDAQABo1AwTjAdBgNVHQ4EFgQUtnMvYaVLoe9ILBWx
+n/PcNC+8rDAwHwYDVR0jBBgwFoAUtnMvYaVLoe9ILBWxn/PcNC+8rDAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAALVDDD2f25h5ytSkoUqQilybeRDg
+bPhTEEC83NWg2snV1yGtwO3zZ+hvX+J/RqOn33ER/RnQCZTB9FGPj566IbLwLSAE
+y83GDsbsFEWCL8yN4Q3dQVub7D3HZ5PBtGpBxC7brvJD7OnR3n75QOFC+OaGKUCo
+16XulVsB3IQsXdzL4GwoUqWGWaUyf5MkzFruBma16QetK5J10R42skeXssjvqupv
+qUQZxzGOzIGuLTBvJrtFxtoTCu+oZV942wGmuyvLwqRfzIODLNcGLS6lGJudXJPT
+Vapaj6maldL3qe1X4bxvtglnpdlrOJ65E3YEC1gcD1KUvfO5vItKrP1FbA==
-----END CERTIFICATE-----
diff --git a/openssl/test/key.pem b/openssl/test/key.pem
index 8ee80a8c..d381795d 100644
--- a/openssl/test/key.pem
+++ b/openssl/test/key.pem
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA1iDxqmqH6cdgEv8pL1Iu0OaFNHaz4feaTtq9cAJqEwS38Rqm
-x+3lg4nwkCQ9uSjJ33VC3FusMXUzeu1N9bAet/iMJ5nqS3YJK9jIkI8//sltY90w
-OxgUG2gE4RUx2M4uvhHy0Bqva3Ua7rcy7stZ5i/IUqomkOQ/fT+T44QPv2Xus5CD
-p5U35COvXDHdVIGGi+xRKEadJHDlhaIqe+9ScfCrZ5eTBcU52SFE2xOlaBX4Rmw5
-26dzMZsQbipr6LAmOh39vw71HWsivXabCBPZTcYc2klTQj5C7bTrec42d2Ex8RLe
-Z3pAIiUoxVgNJT9aWLmwvFPHKRda/njwhvxi/wIDAQABAoIBAQC918dqx7hoVBOh
-xAfHpJ1NKJPAx90D4no0n0qFHB7fbbeHU5G6f/iUfp+BrB/tIXSZYWU96SjpUHer
-7OjJgrQ5d2sLUTKgZK4M6c4oHFkok30gpOI2AksRYU+yHxBqn6JhcZhNWNtd8h1G
-t7W4cSHrK0H3yFMY8sQ3Tz7W4Cb2ENIN4wBKeQnmk4k9icG5yz0xLI/vPxqujKij
-JWMbk2jNllaUvDgsTAg/MFCzlJH98lzRrX/dhG+q6Rt4S18xac71PMGyUaWduyeC
-BHGhHW34361zGQYyeG6eWroTQhvwMHjNxvzA/RiTgHBXV5oRvd9BPPoUS53HYQJO
-mzNnfZvBAoGBAPF3VVw+RqG/+OyEkuqE20H35/oSB8tPC6QL/WjWUFwIcSfnkX7H
-WmdHBfqCAZlAOqOYgO3iWcgbcOhnggP9J6ssooErt6M7s7hPG/WXwSf0DoCUgtQF
-9OrcGNBvwtBMqm82hb8u4IpXUApMYF48MkjbaKSmHU3HQe0sIDese+wlAoGBAOME
-YJgtl6t3rcaJ2jzHfEsCTCtCBs2vS9ido73xF3QHTafll/sKMp5bA0mgNhSsphhs
-mJCfOl2Cr+0oN90zkumFe4bNIbWQOL/q+HeFwebK5/oWlg/NyvFmMm7LmniFPpBD
-NJHqV/ehn8Xuw4LheSG1Bg/aRH5NtoKDcG8+4ZdTAoGAFkTHHoavxOMLdeSUGATA
-o8jVH/7hsSJNFIf2iuCY8KPmq6Nzi5mfAL9QEdZDh3qg7c12tnmVhhrhws0o9G04
-Z1Tqd7csbGVpIapKDdA9BA5B+CG6HwudlrtNnotwD/3CChehJgyQsLF0tD5u9MHg
-cU+qyuR292FU9yaGohvKIfECgYEAjX7c9fz029rsZSLm85sizV3RO+UbeHgaPhmD
-RZBPnfIvZMalw8LHagwwMGO7UYeKvw5wyTN1nXMnVBoNN8I9f2/DXnHc4N3TgUtj
-MpwcD03I6QfK4G7UX0HjjUs6LIRgSmqZCZmW2rHSc/wtwBXo+ilqbdcNeevWJeLm
-4W/ADCECgYEA7RGbA6qzHtjVS4Nc9rE1tcv4a7p0EvnMXZhIkDZtJqPpkpyOZllm
-cTuMCGisw0SEIcSoH1pWRDschbIlOlsn1Mhnb/IczqfHZjb4hmX7Cnlc8WP6TBqI
-vma9anlEWW7eIOn5jkY3liQpQ7GJPkCjWuRzne26iV/LIsYj48602Z8=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCo9CWMRLMXo1CF
+/iORh9B4NhtJF/8tR9PlG95sNvyWuQQ/8jfev+8zErplxfLkt0pJqcoiZG8g9NU0
+kU6o5T+/1QgZclCAoZaS0Jqxmoo2Yk/1Qsj16pnMBc10uSDk6V9aJSX1vKwONVNS
+wiHA1MhX+i7Wf7/K0niq+k7hOkhleFkWgZtUq41gXh1VfOugka7UktYnk9mrBbAM
+jmaloZNn2pMMAQxVg4ThiLm3zvuWqvXASWzUZc7IAd1GbN4AtDuhs252eqE9E4iT
+Hk7F14wAS1JWqv666hReGHrmZJGx0xQTM9vPD1HN5t2U3KTfhO/mTlAUWVyg9tCt
+OzboKgs1AgMBAAECggEBAKLj6IOJBKXolczpzb8UkyAjAkGBektcseV07gelJ/fk
+3z0LuWPv5p12E/HlXB24vU2x/ikUbbP3eMsawRzDEahQqmNmPEkYAYUAy/Qpi9GN
+DYvn3LqDec4jVgeQKS+p9H2DzUpTogp8zR2//yzbuWBg2+F//xh7vU0S0RQCziPM
+x7RSBgbhxSfChfEJbS2sDnzfh0jRQmoY95iFv7puet1FJtzdZ4fgCd1RqmC2lFM5
+H0eZtN/Cz19lieVs0b996DErdEBqClVZO00eYbRozCDaBzRU3ybB/dMrGJxhkkXm
+wb3kWMtziH9qOYsostuHIFu8eKFLloKxFnq2R4DGxOECgYEA2KUIZISOeGJSBcLJ
+JAUK2gvgXPNo4HHWIwOA9xeN3ZJlsnPlffXQNnm6t1st1V2gfMm9I2n0m/F0y2B/
+n/XGSa8bghfPA9l0c2h58lkL3JQJR/paa8ycTz+YZPrznEyN7Qa0RrJXUvZv9lQL
+Hc3+FHcSHgMqDV2f2bHAEu9YGi0CgYEAx6VEIPNvrHFgjo/jk1RTuk+m0xEWQsZL
+Cs+izQMr2TaeJn8LG+93AvFuYn0J0nT3WuStLPrUg8i4IhSS6lf1tId5ivIZPm4r
+YwMyblBJXhnHbk7Uqodjfw/3s6V2HAu++B7hTdyVr9DFuST9uv4m8bkPV8rfX1jE
+I2rAPVWvgikCgYB+wNAQP547wQrMZBLbCDg5KwmyWJfb+b6X7czexOEz6humNTjo
+YZHYzY/5B1fhpk3ntQD8X1nGg5caBvOk21+QbOtjShrM3cXMYCw5JvBRtitX+Zo9
+yBEMLOE0877ki8XeEDYZxu5gk98d+D4oygUGZEQtWxyXhVepPt5qNa8OYQKBgQDH
+RVgZI6KFlqzv3wMh3PutbS9wYQ+9GrtwUQuIYe/0YSW9+vSVr5E0qNKrD28sV39F
+hBauXLady0yvB6YUrjMbPFW+sCMuQzyfGWPO4+g3OrfqjFiM1ZIkE0YEU9Tt7XNx
+qTDtTI1D7bhNMnTnniI1B6ge0und+3XafAThs5L48QKBgQCTTpfqMt8kU3tcI9sf
+0MK03y7kA76d5uw0pZbWFy7KI4qnzWutCzb+FMPWWsoFtLJLPZy//u/ZCUVFVa4d
+0Y/ASNQIESVPXFLAltlLo4MSmsg1vCBsbviEEaPeEjvMrgki93pYtd/aOSgkYC1T
+mEq154s5rmqh+h+XRIf7Au0SLw==
+-----END PRIVATE KEY-----
diff --git a/openssl/test/rsa.pem b/openssl/test/rsa.pem
new file mode 100644
index 00000000..d8185fed
--- /dev/null
+++ b/openssl/test/rsa.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd/wWJcyQoTbji9k0
+l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL+yRT+SFd2lZS+pC
+gNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb/7OMg0LOL+bSf63kpaSHSX
+ndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uD
+Zlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxXFvUK+DWNmoudF8NAco9/h9iaGNj8
+q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQIDAQABAoIBABKucaRpzQorw35S
+bEUAVx8dYXUdZOlJcHtiWQ+dC6V8ljxAHj/PLyzTveyI5QO/xkObCyjIL303l2cf
+UhPu2MFaJdjVzqACXuOrLot/eSFvxjvqVidTtAZExqFRJ9mylUVAoLvhowVWmC1O
+n95fZCXxTUtxNEG1Xcc7m0rtzJKs45J+N/V9DP1edYH6USyPSWGp6wuA+KgHRnKK
+Vf9GRx80JQY7nVNkL17eHoTWEwga+lwi0FEoW9Y7lDtWXYmKBWhUE+U8PGxlJf8f
+40493HDw1WRQ/aSLoS4QTp3rn7gYgeHEvfJdkkf0UMhlknlo53M09EFPdadQ4TlU
+bjqKc50CgYEA4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH/5IB3jw3bcxGn6QLvnE
+tfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw/Py5PJdTJNPY8cQn7ouZ2KKDcmnPG
+BY5t7yLc1QlQ5xHdwW1VhvKn+nXqhJTBgIPgtldC+KDV5z+y2XDwGUcCgYEAuQPE
+fgmVtjL0Uyyx88GZFF1fOunH3+7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYs
+p1ZSe7zFYHj7C6ul7TjeLQeZD/YwD66t62wDmpe/HlB+TnBA+njbglfIsRLtXlnD
+zQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdcCgYAHAp9XcCSrn8wVkMVkKdb7
+DOX4IKjzdahm+ctDAJN4O/y7OW5FKebvUjdAIt2GuoTZ71iTG+7F0F+lP88jtjP4
+U4qe7VHoewl4MKOfXZKTe+YCS1XbNvfgwJ3Ltyl1OH9hWvu2yza7q+d5PCsDzqtm
+27kxuvULVeya+TEdAB1ijQKBgQCH/3r6YrVH/uCWGy6bzV1nGNOdjKc9tmkfOJmN
+54dxdixdpozCQ6U4OxZrsj3FcOhHBsqAHvX2uuYjagqvo3cOj1TRqNocX40omfCC
+Mx3bD1yPPf/6TI2XECva/ggqEY2mYzmIiA5LVVmc5nrybr+lssFKneeyxN2Wq93S
+0iJMdQKBgCGHewxzoa1r8ZMD0LETNrToK423K377UCYqXfg5XMclbrjPbEC3YI1Z
+NqMtuhdBJqUnBi6tjKMF+34Xf0CUN8ncuXGO2CAYvO8PdyCixHX52ybaDjy1FtCE
+6yUXjoKNXKvUm7MWGsAYH6f4IegOetN5NvmUMFStCSkh7ixZLkN1
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/test/rsa.pem.pub b/openssl/test/rsa.pem.pub
new file mode 100644
index 00000000..093f2ba1
--- /dev/null
+++ b/openssl/test/rsa.pem.pub
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgWCuLjybRlzo0tZWJj
+NiuSfb4p4fAkd/wWJcyQoTbji9k0l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEz
+P1Pt0Bm4d4QlL+yRT+SFd2lZS+pCgNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo
+9wGzjb/7OMg0LOL+bSf63kpaSHSXndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTB
+EMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxX
+FvUK+DWNmoudF8NAco9/h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXp
+oQIDAQAB
+-----END PUBLIC KEY-----
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 05:44:09 +0000