From ffa9d330fda20d8b7ae9289383151a32e8017d12 Mon Sep 17 00:00:00 2001 From: Nathan Lilienthal Date: Thu, 1 Oct 2015 20:33:12 -0400 Subject: Add public key PEM read function. --- openssl/src/crypto/pkey.rs | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 5a528b1b..695bd8a6 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -96,6 +96,22 @@ impl PKey { } } + /// Reads public key from PEM, takes ownership of handle + pub fn public_key_from_pem(reader: &mut R) -> Result where R: Read { + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.get_handle(), + ptr::null_mut(), + None, ptr::null_mut())); + Ok(PKey { + evp: evp, + parts: Parts::Public, + }) + } + } + fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); @@ -466,6 +482,16 @@ mod tests { super::PKey::private_key_from_pem(&mut file).unwrap(); } + #[test] + fn test_public_key_from_pem() { + let key_path = Path::new("test/key.pem.pub"); + let mut file = File::open(&key_path) + .ok() + .expect("Failed to open `test/key.pem.pub`"); + + super::PKey::public_key_from_pem(&mut file).unwrap(); + } + #[test] fn test_encrypt() { let mut k0 = super::PKey::new(); -- cgit v1.2.3 From d7342a09a77088e096535205944ffc4a201b8c5d Mon Sep 17 00:00:00 2001 From: Laurence Tratt Date: Sat, 3 Oct 2015 17:25:38 +0059 Subject: Fix build on LibreSSL. LibreSSL has deprecated SSLv3_method, so this commit makes that a compile-time feature. It also removes a test referencing SSL_OP_CISCO_ANYCONNECT, as the LibreSSL header says it is amongst "Obsolete flags kept for compatibility. No sane code should use them." --- openssl/src/ssl/mod.rs | 3 +++ openssl/src/ssl/tests.rs | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 360f3f3e..a68a2fc3 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -109,6 +109,7 @@ pub enum SslMethod { /// Support the SSLv2, SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols depending on what the /// linked OpenSSL library supports. Sslv23, + #[cfg(feature = "sslv3")] /// Only support the SSLv3 protocol. Sslv3, /// Only support the TLSv1 protocol. @@ -132,6 +133,7 @@ impl SslMethod { match *self { #[cfg(feature = "sslv2")] SslMethod::Sslv2 => ffi::SSLv2_method(), + #[cfg(feature = "sslv3")] SslMethod::Sslv3 => ffi::SSLv3_method(), SslMethod::Tlsv1 => ffi::TLSv1_method(), SslMethod::Sslv23 => ffi::SSLv23_method(), @@ -150,6 +152,7 @@ impl SslMethod { match method { #[cfg(feature = "sslv2")] x if x == ffi::SSLv2_method() => Some(SslMethod::Sslv2), + #[cfg(feature = "sslv3")] x if x == ffi::SSLv3_method() => Some(SslMethod::Sslv3), x if x == ffi::TLSv1_method() => Some(SslMethod::Tlsv1), x if x == ffi::SSLv23_method() => Some(SslMethod::Sslv23), diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index 033a3b86..a8bd4a87 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -416,10 +416,6 @@ run_test!(set_ctx_options, |method, _| { let mut ctx = SslContext::new(method).unwrap(); let opts = ctx.set_options(ssl::SSL_OP_NO_TICKET); assert!(opts.contains(ssl::SSL_OP_NO_TICKET)); - assert!(!opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); - let more_opts = ctx.set_options(ssl::SSL_OP_CISCO_ANYCONNECT); - assert!(more_opts.contains(ssl::SSL_OP_NO_TICKET)); - assert!(more_opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); }); run_test!(clear_ctx_options, |method, _| { -- cgit v1.2.3 From acbcb49414e5b5697b601cc09f5e0f78179fbf06 Mon Sep 17 00:00:00 2001 From: Will Tange Date: Fri, 9 Oct 2015 17:35:20 +0200 Subject: AES CFB{1,8,128} mode support --- openssl/src/crypto/symm.rs | 73 +++++++++++++++++++++++++++++++++++++ openssl/src/crypto/symm_internal.rs | 8 +++- 2 files changed, 80 insertions(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index 226b2cbf..db8aa54e 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -22,6 +22,9 @@ pub enum Type { #[cfg(feature = "aes_ctr")] AES_128_CTR, //AES_128_GCM, + AES_128_CFB1, + AES_128_CFB128, + AES_128_CFB8, AES_256_ECB, AES_256_CBC, @@ -31,6 +34,9 @@ pub enum Type { #[cfg(feature = "aes_ctr")] AES_256_CTR, //AES_256_GCM, + AES_256_CFB1, + AES_256_CFB128, + AES_256_CFB8, RC4_128, } @@ -292,4 +298,71 @@ mod tests { cipher_test(super::AES_128_GCM, pt, ct, key, iv); }*/ + + #[test] + fn test_aes128_cfb1() { + // Lifted from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + let pt = "6bc1"; + let ct = "68b3"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB1, pt, ct, key, iv); + } + + #[test] + fn test_aes128_cfb128() { + + let pt = "6bc1bee22e409f96e93d7e117393172a"; + let ct = "3b3fd92eb72dad20333449f8e83cfb4a"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB128, pt, ct, key, iv); + } + + #[test] + fn test_aes128_cfb8() { + + let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; + let ct = "3b79424c9c0dd436bace9e0ed4586a4f32b9"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_128_CFB8, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb1() { + + let pt = "6bc1"; + let ct = "9029"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB1, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb128() { + + let pt = "6bc1bee22e409f96e93d7e117393172a"; + let ct = "dc7e84bfda79164b7ecd8486985d3860"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB128, pt, ct, key, iv); + } + + #[test] + fn test_aes256_cfb8() { + + let pt = "6bc1bee22e409f96e93d7e117393172aae2d"; + let ct = "dc1f1a8520a64db55fcc8ac554844e889700"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "000102030405060708090a0b0c0d0e0f"; + + cipher_test(super::Type::AES_256_CFB8, pt, ct, key, iv); + } } diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index c42efb79..fcb3ee71 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -11,6 +11,9 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { #[cfg(feature = "aes_ctr")] symm::Type::AES_128_CTR => (ffi::EVP_aes_128_ctr(), 16, 0), //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), + symm::Type::AES_128_CFB1 => (ffi::EVP_aes_128_cfb1(), 16, 16), + symm::Type::AES_128_CFB128 => (ffi::EVP_aes_128_cfb128(), 16, 16), + symm::Type::AES_128_CFB8 => (ffi::EVP_aes_128_cfb8(), 16, 16), symm::Type::AES_256_ECB => (ffi::EVP_aes_256_ecb(), 32, 16), symm::Type::AES_256_CBC => (ffi::EVP_aes_256_cbc(), 32, 16), @@ -19,8 +22,11 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { #[cfg(feature = "aes_ctr")] symm::Type::AES_256_CTR => (ffi::EVP_aes_256_ctr(), 32, 0), //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), + symm::Type::AES_256_CFB1 => (ffi::EVP_aes_256_cfb1(), 32, 16), + symm::Type::AES_256_CFB128 => (ffi::EVP_aes_256_cfb128(), 32, 16), + symm::Type::AES_256_CFB8 => (ffi::EVP_aes_256_cfb8(), 32, 16), symm::Type::RC4_128 => (ffi::EVP_rc4(), 16, 0), } } -} \ No newline at end of file +} -- cgit v1.2.3 From a28253ee7d73250abff2ce3934acca36175f9866 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 12 Oct 2015 20:54:00 +0200 Subject: Add set_certificate_chain_file() SSL_CTX_use_certificate_chain_file() is preferred over SSL_CTX_use_certificate_file(). It allows the use of complete certificate chains instead of loading only the first certificate in a PEM file. --- openssl/src/ssl/mod.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index a68a2fc3..3580c66d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -523,6 +523,16 @@ impl SslContext { }) } + /// Specifies the file that contains certificate chain + pub fn set_certificate_chain_file>(&mut self, file: P, file_type: X509FileType) + -> Result<(),SslError> { + let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); + wrap_ssl_result( + unsafe { + ffi::SSL_CTX_use_certificate_chain_file(self.ctx, file.as_ptr(), file_type as c_int) + }) + } + /// Specifies the certificate pub fn set_certificate(&mut self, cert: &X509) -> Result<(),SslError> { wrap_ssl_result( -- cgit v1.2.3 From ae3d0e36d71bb121c2fc1a75b3bc6d97f0e61480 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 14 Oct 2015 21:51:32 -0400 Subject: Revert "Merge pull request #280 from ltratt/libressl_build" This reverts commit aad933e5077b2c73e1f05d7314e442531a562bcf, reversing changes made to 60ee731408facdc8e3dfc000fdee2f1291fad664. --- openssl/src/ssl/mod.rs | 3 --- openssl/src/ssl/tests.rs | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 3580c66d..e76529a5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -109,7 +109,6 @@ pub enum SslMethod { /// Support the SSLv2, SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols depending on what the /// linked OpenSSL library supports. Sslv23, - #[cfg(feature = "sslv3")] /// Only support the SSLv3 protocol. Sslv3, /// Only support the TLSv1 protocol. @@ -133,7 +132,6 @@ impl SslMethod { match *self { #[cfg(feature = "sslv2")] SslMethod::Sslv2 => ffi::SSLv2_method(), - #[cfg(feature = "sslv3")] SslMethod::Sslv3 => ffi::SSLv3_method(), SslMethod::Tlsv1 => ffi::TLSv1_method(), SslMethod::Sslv23 => ffi::SSLv23_method(), @@ -152,7 +150,6 @@ impl SslMethod { match method { #[cfg(feature = "sslv2")] x if x == ffi::SSLv2_method() => Some(SslMethod::Sslv2), - #[cfg(feature = "sslv3")] x if x == ffi::SSLv3_method() => Some(SslMethod::Sslv3), x if x == ffi::TLSv1_method() => Some(SslMethod::Tlsv1), x if x == ffi::SSLv23_method() => Some(SslMethod::Sslv23), diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs index a8bd4a87..033a3b86 100644 --- a/openssl/src/ssl/tests.rs +++ b/openssl/src/ssl/tests.rs @@ -416,6 +416,10 @@ run_test!(set_ctx_options, |method, _| { let mut ctx = SslContext::new(method).unwrap(); let opts = ctx.set_options(ssl::SSL_OP_NO_TICKET); assert!(opts.contains(ssl::SSL_OP_NO_TICKET)); + assert!(!opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); + let more_opts = ctx.set_options(ssl::SSL_OP_CISCO_ANYCONNECT); + assert!(more_opts.contains(ssl::SSL_OP_NO_TICKET)); + assert!(more_opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT)); }); run_test!(clear_ctx_options, |method, _| { -- cgit v1.2.3 From f318a2c84cd649085891aafe8b0a5cb385d37f67 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 14 Oct 2015 22:25:03 -0400 Subject: Release v0.6.7 --- openssl/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 5a3b215f..c7af3113 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.6")] +#![doc(html_root_url="https://sfackler.github.io/rust-openssl/doc/v0.6.7")] #[macro_use] extern crate bitflags; -- cgit v1.2.3