From 43c951f743e68fac5f45119eda7c994882a1d489 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 30 Sep 2016 00:43:05 -0700 Subject: Add support for OpenSSL 1.1.0 This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `*-sys` crate. * Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452 --- openssl/src/crypto/pkcs12.rs | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) (limited to 'openssl/src/crypto/pkcs12.rs') diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs index 89bcbd5c..5f03a3d5 100644 --- a/openssl/src/crypto/pkcs12.rs +++ b/openssl/src/crypto/pkcs12.rs @@ -44,13 +44,14 @@ impl Pkcs12 { let pkey = PKey::from_ptr(pkey); let cert = X509::from_ptr(cert); + let chain = chain as *mut _; let mut chain_out = vec![]; - for i in 0..(*chain).stack.num { - let x509 = *(*chain).stack.data.offset(i as isize) as *mut _; - chain_out.push(X509::from_ptr(x509)); + for i in 0..compat::OPENSSL_sk_num(chain) { + let x509 = compat::OPENSSL_sk_value(chain, i); + chain_out.push(X509::from_ptr(x509 as *mut _)); } - ffi::sk_free(&mut (*chain).stack); + compat::OPENSSL_sk_free(chain as *mut _); Ok(ParsedPkcs12 { pkey: pkey, @@ -69,6 +70,31 @@ pub struct ParsedPkcs12 { _p: (), } +#[cfg(ossl110)] +mod compat { + pub use ffi::OPENSSL_sk_free; + pub use ffi::OPENSSL_sk_num; + pub use ffi::OPENSSL_sk_value; +} + +#[cfg(ossl10x)] +#[allow(bad_style)] +mod compat { + use libc::{c_int, c_void}; + use ffi; + + pub use ffi::sk_free as OPENSSL_sk_free; + + pub unsafe fn OPENSSL_sk_num(stack: *mut ffi::_STACK) -> c_int { + (*stack).num + } + + pub unsafe fn OPENSSL_sk_value(stack: *const ffi::_STACK, idx: c_int) + -> *mut c_void { + *(*stack).data.offset(idx as isize) as *mut c_void + } +} + #[cfg(test)] mod test { use crypto::hash::Type::SHA1; -- cgit v1.2.3 From c171be551ac8d22c91cbf550e21215ae2c8b6abc Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 15 Oct 2016 15:23:29 -0700 Subject: De-enumify message digests --- openssl/src/crypto/pkcs12.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'openssl/src/crypto/pkcs12.rs') diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs index 5f03a3d5..b028f29d 100644 --- a/openssl/src/crypto/pkcs12.rs +++ b/openssl/src/crypto/pkcs12.rs @@ -97,7 +97,7 @@ mod compat { #[cfg(test)] mod test { - use crypto::hash::Type::SHA1; + use crypto::hash::MessageDigest; use serialize::hex::ToHex; use super::*; @@ -108,11 +108,11 @@ mod test { let pkcs12 = Pkcs12::from_der(der).unwrap(); let parsed = pkcs12.parse("mypass").unwrap(); - assert_eq!(parsed.cert.fingerprint(SHA1).unwrap().to_hex(), + assert_eq!(parsed.cert.fingerprint(MessageDigest::sha1()).unwrap().to_hex(), "59172d9313e84459bcff27f967e79e6e9217e584"); assert_eq!(parsed.chain.len(), 1); - assert_eq!(parsed.chain[0].fingerprint(SHA1).unwrap().to_hex(), + assert_eq!(parsed.chain[0].fingerprint(MessageDigest::sha1()).unwrap().to_hex(), "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"); } } -- cgit v1.2.3 From 19440c298143aa311578ead17c8949312f4b94af Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 16 Oct 2016 19:06:02 -0700 Subject: More error cleanup Also allocation free RSA --- openssl/src/crypto/pkcs12.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'openssl/src/crypto/pkcs12.rs') diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs index b028f29d..846b7baf 100644 --- a/openssl/src/crypto/pkcs12.rs +++ b/openssl/src/crypto/pkcs12.rs @@ -6,6 +6,7 @@ use std::cmp; use std::ptr; use std::ffi::CString; +use {cvt, cvt_p}; use crypto::pkey::PKey; use error::ErrorStack; use x509::X509; @@ -26,7 +27,7 @@ impl Pkcs12 { ffi::init(); let mut ptr = der.as_ptr() as *const c_uchar; let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long; - let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)); + let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length))); Ok(Pkcs12(p12)) } } @@ -40,7 +41,7 @@ impl Pkcs12 { let mut cert = ptr::null_mut(); let mut chain = ptr::null_mut(); - try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)); + try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain))); let pkey = PKey::from_ptr(pkey); let cert = X509::from_ptr(cert); -- cgit v1.2.3 From 98b7f2f9352e4d92b44245d0737f9a45adb4ae2b Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 22 Oct 2016 09:16:38 -0700 Subject: Flatten crypto module --- openssl/src/crypto/pkcs12.rs | 119 ------------------------------------------- 1 file changed, 119 deletions(-) delete mode 100644 openssl/src/crypto/pkcs12.rs (limited to 'openssl/src/crypto/pkcs12.rs') diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs deleted file mode 100644 index 846b7baf..00000000 --- a/openssl/src/crypto/pkcs12.rs +++ /dev/null @@ -1,119 +0,0 @@ -//! PKCS #12 archives. - -use ffi; -use libc::{c_long, c_uchar}; -use std::cmp; -use std::ptr; -use std::ffi::CString; - -use {cvt, cvt_p}; -use crypto::pkey::PKey; -use error::ErrorStack; -use x509::X509; - -/// A PKCS #12 archive. -pub struct Pkcs12(*mut ffi::PKCS12); - -impl Drop for Pkcs12 { - fn drop(&mut self) { - unsafe { ffi::PKCS12_free(self.0); } - } -} - -impl Pkcs12 { - /// Deserializes a `Pkcs12` structure from DER-encoded data. - pub fn from_der(der: &[u8]) -> Result { - unsafe { - ffi::init(); - let mut ptr = der.as_ptr() as *const c_uchar; - let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long; - let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length))); - Ok(Pkcs12(p12)) - } - } - - /// Extracts the contents of the `Pkcs12`. - pub fn parse(&self, pass: &str) -> Result { - unsafe { - let pass = CString::new(pass).unwrap(); - - let mut pkey = ptr::null_mut(); - let mut cert = ptr::null_mut(); - let mut chain = ptr::null_mut(); - - try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain))); - - let pkey = PKey::from_ptr(pkey); - let cert = X509::from_ptr(cert); - let chain = chain as *mut _; - - let mut chain_out = vec![]; - for i in 0..compat::OPENSSL_sk_num(chain) { - let x509 = compat::OPENSSL_sk_value(chain, i); - chain_out.push(X509::from_ptr(x509 as *mut _)); - } - compat::OPENSSL_sk_free(chain as *mut _); - - Ok(ParsedPkcs12 { - pkey: pkey, - cert: cert, - chain: chain_out, - _p: (), - }) - } - } -} - -pub struct ParsedPkcs12 { - pub pkey: PKey, - pub cert: X509, - pub chain: Vec, - _p: (), -} - -#[cfg(ossl110)] -mod compat { - pub use ffi::OPENSSL_sk_free; - pub use ffi::OPENSSL_sk_num; - pub use ffi::OPENSSL_sk_value; -} - -#[cfg(ossl10x)] -#[allow(bad_style)] -mod compat { - use libc::{c_int, c_void}; - use ffi; - - pub use ffi::sk_free as OPENSSL_sk_free; - - pub unsafe fn OPENSSL_sk_num(stack: *mut ffi::_STACK) -> c_int { - (*stack).num - } - - pub unsafe fn OPENSSL_sk_value(stack: *const ffi::_STACK, idx: c_int) - -> *mut c_void { - *(*stack).data.offset(idx as isize) as *mut c_void - } -} - -#[cfg(test)] -mod test { - use crypto::hash::MessageDigest; - use serialize::hex::ToHex; - - use super::*; - - #[test] - fn parse() { - let der = include_bytes!("../../test/identity.p12"); - let pkcs12 = Pkcs12::from_der(der).unwrap(); - let parsed = pkcs12.parse("mypass").unwrap(); - - assert_eq!(parsed.cert.fingerprint(MessageDigest::sha1()).unwrap().to_hex(), - "59172d9313e84459bcff27f967e79e6e9217e584"); - - assert_eq!(parsed.chain.len(), 1); - assert_eq!(parsed.chain[0].fingerprint(MessageDigest::sha1()).unwrap().to_hex(), - "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"); - } -} -- cgit v1.2.3