summaryrefslogtreecommitdiffstats
path: root/vendor/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/openssl')
-rw-r--r--vendor/openssl/.cargo-checksum.json2
-rw-r--r--vendor/openssl/CHANGELOG.md59
-rw-r--r--vendor/openssl/Cargo.lock156
-rw-r--r--vendor/openssl/Cargo.toml4
-rw-r--r--vendor/openssl/src/asn1.rs77
-rw-r--r--vendor/openssl/src/bn.rs2
-rw-r--r--vendor/openssl/src/cipher.rs1
-rw-r--r--vendor/openssl/src/derive.rs43
-rw-r--r--vendor/openssl/src/dh.rs66
-rw-r--r--vendor/openssl/src/dsa.rs80
-rw-r--r--vendor/openssl/src/ec.rs20
-rw-r--r--vendor/openssl/src/ecdsa.rs2
-rw-r--r--vendor/openssl/src/hash.rs2
-rw-r--r--vendor/openssl/src/lib.rs3
-rw-r--r--vendor/openssl/src/md_ctx.rs2
-rw-r--r--vendor/openssl/src/nid.rs6
-rw-r--r--vendor/openssl/src/pkcs5.rs26
-rw-r--r--vendor/openssl/src/pkey.rs62
-rw-r--r--vendor/openssl/src/pkey_ctx.rs21
-rw-r--r--vendor/openssl/src/rsa.rs2
-rw-r--r--vendor/openssl/src/sign.rs16
-rw-r--r--vendor/openssl/src/ssl/mod.rs69
-rw-r--r--vendor/openssl/src/ssl/test/mod.rs5
-rw-r--r--vendor/openssl/src/symm.rs19
-rw-r--r--vendor/openssl/src/x509/extension.rs35
-rw-r--r--vendor/openssl/src/x509/mod.rs275
-rw-r--r--vendor/openssl/src/x509/tests.rs152
-rw-r--r--vendor/openssl/src/x509/verify.rs4
-rw-r--r--vendor/openssl/test/authority_key_identifier.pem19
-rw-r--r--vendor/openssl/test/entry_extensions.crl10
30 files changed, 1042 insertions, 198 deletions
diff --git a/vendor/openssl/.cargo-checksum.json b/vendor/openssl/.cargo-checksum.json
index 6ce8667ad..0c3478b1c 100644
--- a/vendor/openssl/.cargo-checksum.json
+++ b/vendor/openssl/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"e8ff1310574e2d6460064c821c5c04c568c7da68769e83016b84e08ee81db9d3","Cargo.lock":"8201ed33c7a9a25aba9e20f2d8efa30ebd9a3a32bf21fdc2d6d633fa8d29b7dd","Cargo.toml":"b281ffc8f33b74e0eb3d165c3fdaaf79cb48536ce82d04efd700aea462660061","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"3433091bbfd54f4d66d5891b724e1c859d51e417665e31c285138fc92b28eaa4","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"a428f06147e4b48219a789da0af12371d967d2eefcc55536df4d1547001dda8b","src/asn1.rs":"5fe953b2bea050c0636c89328dd2a997f2fca655319056cdb9a24dd98d9ae48e","src/base64.rs":"8be8ad4fe10055cdd55d0147d569e7669d3ac82927569bb917a76e447dfe90d1","src/bio.rs":"c19b865b79bb7ea3460083046f50757800f6c93fe9ec9f3dbb438980fe127aa4","src/bn.rs":"e6200558beb6b01d69783379e2966ab2d9259488d7a6bcbaf0a3eaa8d18c3266","src/cipher.rs":"f90878e573372f441b017ea4066dabc7edf699eadc2cdffdd8b7ab7fe3c8dd67","src/cipher_ctx.rs":"36e0b6f8cb1002aa0d99b4c290663f93cc6d378c6df990696b7b26949960867e","src/cms.rs":"9698b4cdd6b38a007c912783dad6c549c0a3618660719397feecebdf13c55a97","src/conf.rs":"c374003c606c331fedbe9075abfaf41eba38bfbbbefe9c9f2d2a1d445e4b1606","src/derive.rs":"4745c4ded509c1810d146fa4c641b015ee179d54123e845cf0559e7b84327d0a","src/dh.rs":"113c88c9176869c2df963c08d3a05ed0474859a9048f15cebfba08a3f247c57b","src/dsa.rs":"bfd482063499b29fdc386360b9ec2257ae56b2aa12a4a1c50ae5697230c4b153","src/ec.rs":"7fa2000ed5d7dd3d6abfc5955493da07d1ab66fa75412446367cd9ae49745716","src/ecdsa.rs":"c9ac3e7dae0721aff35344ffcb26412689f6eb663969160825c1c82f8db539a6","src/encrypt.rs":"bc1c824527e5fcb2044d3962b75c3807373f78474a29c0b75af8f8a9be273bf8","src/envelope.rs":"773551074ece307aff215686e6a43471edf0ef6f74c520e4611e70f96e928652","src/error.rs":"ede27beebf1594a9165f16aa8732816f28501a8454d3125b6eb5ce98756e0255","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"671d5f2a5339a985b46b9b81fa6f5dc9ded9dd593d44d9f6d447f58514ab6596","src/lib.rs":"59f7c12cf73ff7e67e1834f38169cd66b03baa76ae6ce9eb11389351cd7b47b2","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"648054f2ee89a22314b942a882878d47121b97b47d9b1146e323b8c6c255a52c","src/md.rs":"32b197d29cb1c5faa9ea72fe148d1f6cdc8178f5bcd062a3338b6dd77174529f","src/md_ctx.rs":"74b1bb4cd8f4abd3b9272c2d685e9bbd4c21b082c200f54875d0a94630feafc6","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"6a155c356bcd29fecbdbab54d5946a6d0b3769ec3cc1f8afbf12c51e633a8693","src/ocsp.rs":"0b15fd57b73478f02813deb27a19f1e9004c5e5811ff71cf894ec2f924b17783","src/pkcs12.rs":"e5de1453b93e08b07fc10d90f85ee5dc29e435a1377b3db015aca8ed74495cfd","src/pkcs5.rs":"c43cfc54778715ba9e2ea1e6315ce7c8d59761cc7bf2d998fb10f9d9dab4fe3e","src/pkcs7.rs":"a2b344ceb37d608ea90d177597aaacac20e85680cf57c5cde4d7b6232a1fc1e4","src/pkey.rs":"22c70144f424c85a277ed04c94886c9987549415e6a5b331392f1373d221c7a4","src/pkey_ctx.rs":"7780fe7af84511c4b517a0719fb456a8dea98c9b7acbe7c9d7151b674f6ee88e","src/provider.rs":"c77886efcc4f962ebc4d8b693a69375aa58186cf1990c692a572723d3e46779b","src/rand.rs":"5025bc51effe6a2bad23787aaa457ae030065f6ec757aaba148a74b775a5a853","src/rsa.rs":"9f520c6af7addb585890ef0f5c834d95ca7b8214aac51ec8038e58d8363f4316","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"32f9f186ae83bc057da5122d76054c7372f3c5e92f318f09bda6dfa894277c9c","src/srtp.rs":"3defe1815cfc790e2407ff935f8ca7b0e8d504242886e8841715279e0d85f721","src/ssl/bio.rs":"f6c20da805b711d69f527e9df8897061f9d6f3ef22d2d0a8f9fd87f96dc3947e","src/ssl/callbacks.rs":"cab679d74b2364e0ab18dc8ccc49d5b1a21c0c69153646dc0f7529d03a17ade5","src/ssl/connector.rs":"32afe0925584b349b3595aaabd0dadbf6ab383b5879c49c68ad2d0fddf0b0e4a","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"17c2ff0e8a8f52f0050d7f13a1ed598be92518ce343497b79177765c85f77de4","src/ssl/test/mod.rs":"5e658bc9a5d702231f6b856ff64c76e0f50aec20d833a70f001785741e96690c","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"29aa6e467153b951cbf56ab62ac806941b4eb0e1dd22f22d4b1ab562cc037d55","src/string.rs":"8276d719b35cd74ee0efbecce9e58e754d50d8cc96111f2febd3c0d8849847a8","src/symm.rs":"8e0e71d977b12e0a0e1f656bf2087b0b1a0017be1b11a0308b70af58da99c7c1","src/util.rs":"e6794bf0643d0c29e96325653f2bb4a00221de55bb5b3c6c96d5dbae3debe238","src/version.rs":"e3acbb0db2095ab616870055c7c7a902fb7b1439520574fd20b7c1164b1178b7","src/x509/extension.rs":"3035a2ca0bf2de072898c529cb7e659502c3dd46c9b1f31d031b3b0b277313d1","src/x509/mod.rs":"f913bca23e28a0bffa69f0f1d90c17d8efe8f4c68aecb33011d15bc4277b9afb","src/x509/store.rs":"410b6dd6774360be20184af6395e9370728b26ccbefcad3e4b6225cba6b6f105","src/x509/tests.rs":"2aead07a4366820898018c261943a8667862c9cefb2d54f997eab57bbd33d54f","src/x509/verify.rs":"a93266a0a5882054a443402b855fceb7d22956a68824c987b9fcd3c786d6ad08","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"7e30d8bc91859781f0a943411186324d580f2bbeb71b452fe91ae344806af3f1"} \ No newline at end of file
+{"files":{"CHANGELOG.md":"6c0a5ed753f6edca157f03b83b825e1aa781c4577a22f5107f9c322db53b201f","Cargo.lock":"9b794fda1cfa95518dc451d1f1f7b152f042e2eb3e7b772222525b7b60ade24e","Cargo.toml":"332ed798d42dec385dc3502e08c884708610bbf4fd4394445e37b2f431465455","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"3433091bbfd54f4d66d5891b724e1c859d51e417665e31c285138fc92b28eaa4","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"a428f06147e4b48219a789da0af12371d967d2eefcc55536df4d1547001dda8b","src/asn1.rs":"ebdb0ba959b1756133c69432d86045b60f3e7b6a8581299d3f5e14f7c99ff439","src/base64.rs":"8be8ad4fe10055cdd55d0147d569e7669d3ac82927569bb917a76e447dfe90d1","src/bio.rs":"c19b865b79bb7ea3460083046f50757800f6c93fe9ec9f3dbb438980fe127aa4","src/bn.rs":"6d84c338369f3968ab6c751bc109dff8855049c07a05663af4f4dc5ddd233411","src/cipher.rs":"961cc845898243b9b4c77c2cac46b4904b25cf30ddc8691512f3334b7ec9e051","src/cipher_ctx.rs":"36e0b6f8cb1002aa0d99b4c290663f93cc6d378c6df990696b7b26949960867e","src/cms.rs":"9698b4cdd6b38a007c912783dad6c549c0a3618660719397feecebdf13c55a97","src/conf.rs":"c374003c606c331fedbe9075abfaf41eba38bfbbbefe9c9f2d2a1d445e4b1606","src/derive.rs":"963694c3cf7b0b70802b5b2b3f93f857ed7b320d5db331b57c2ff11bcb0891ad","src/dh.rs":"d1fd1f6bb0df4dd1d2248d6dbd3d25e0082e6b43cc15b1a17b9f1543fd7e5bac","src/dsa.rs":"10b6aca140fe332cb35c78cb3b0e9f1aa7cf18971059ac93a9a458481de26f85","src/ec.rs":"97ee6443abc2f66d98e361ef88dcf32f2e26eb2edab0e7768b072d05120dfc51","src/ecdsa.rs":"2668e480f237b69a670bcfedda5ab40a7a183ed96e4da1c19bf625dd05639784","src/encrypt.rs":"bc1c824527e5fcb2044d3962b75c3807373f78474a29c0b75af8f8a9be273bf8","src/envelope.rs":"773551074ece307aff215686e6a43471edf0ef6f74c520e4611e70f96e928652","src/error.rs":"ede27beebf1594a9165f16aa8732816f28501a8454d3125b6eb5ce98756e0255","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"700a2707f694da4dec1f6fc6a05ff4c8849d510530ce5a3f30a900dd2cb35b3d","src/lib.rs":"7a39605a9048db31b4064c385c59a997909c428282b465157731d403a18c31e0","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"648054f2ee89a22314b942a882878d47121b97b47d9b1146e323b8c6c255a52c","src/md.rs":"32b197d29cb1c5faa9ea72fe148d1f6cdc8178f5bcd062a3338b6dd77174529f","src/md_ctx.rs":"38df99c5e96a4a0e14672a6a30e06abb0e07fce37b13a7362abd2a78f657504d","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"211c76f40e8cb35527ca28abdda79caed9584dd177bf57407e290f930751163f","src/ocsp.rs":"0b15fd57b73478f02813deb27a19f1e9004c5e5811ff71cf894ec2f924b17783","src/pkcs12.rs":"e5de1453b93e08b07fc10d90f85ee5dc29e435a1377b3db015aca8ed74495cfd","src/pkcs5.rs":"1f034690148a75749fa33d81c17750c7731caa02bd1832dc2b1aade8c61817c4","src/pkcs7.rs":"a2b344ceb37d608ea90d177597aaacac20e85680cf57c5cde4d7b6232a1fc1e4","src/pkey.rs":"1aaad2d0d5c085ac191fbce327f4c2a2da59d8c9ed4903a8003d74f33cb31cbb","src/pkey_ctx.rs":"7465c06f63136c37c14bd5661196b1acec5b035f32b452a77a847ec84487fa5f","src/provider.rs":"c77886efcc4f962ebc4d8b693a69375aa58186cf1990c692a572723d3e46779b","src/rand.rs":"5025bc51effe6a2bad23787aaa457ae030065f6ec757aaba148a74b775a5a853","src/rsa.rs":"48e1d8c0100f87a69123daae20350c61e4ad6a256a535612c297bcb855aeada0","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"37ca2942a9b1ed1cde5a5865e9e2c48f0605f822e7c3d77db47c88d4f7f97c0d","src/srtp.rs":"3defe1815cfc790e2407ff935f8ca7b0e8d504242886e8841715279e0d85f721","src/ssl/bio.rs":"f6c20da805b711d69f527e9df8897061f9d6f3ef22d2d0a8f9fd87f96dc3947e","src/ssl/callbacks.rs":"cab679d74b2364e0ab18dc8ccc49d5b1a21c0c69153646dc0f7529d03a17ade5","src/ssl/connector.rs":"32afe0925584b349b3595aaabd0dadbf6ab383b5879c49c68ad2d0fddf0b0e4a","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"dcc27c7d31c66b81bfaa89d4b03adbb56fa681f4e2f28a5fe1942dce9fa202c9","src/ssl/test/mod.rs":"e7657e5bfe16931c85487e83dffce2de09cb88ed24375aa1e222d51eaaa96865","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"29aa6e467153b951cbf56ab62ac806941b4eb0e1dd22f22d4b1ab562cc037d55","src/string.rs":"8276d719b35cd74ee0efbecce9e58e754d50d8cc96111f2febd3c0d8849847a8","src/symm.rs":"46414873fe6654dd0710b177bec8f94d7faf02a4f8a4d5fa52a6002918944bf9","src/util.rs":"e6794bf0643d0c29e96325653f2bb4a00221de55bb5b3c6c96d5dbae3debe238","src/version.rs":"e3acbb0db2095ab616870055c7c7a902fb7b1439520574fd20b7c1164b1178b7","src/x509/extension.rs":"26a265248eb0e54c3b106708f8fce7d5fb5b91b7195f17a97e1b8b1d3b6fa119","src/x509/mod.rs":"381444c1ce36f693482b2bebe0c70ebcd8afceb6a7013e14ae34928382909029","src/x509/store.rs":"410b6dd6774360be20184af6395e9370728b26ccbefcad3e4b6225cba6b6f105","src/x509/tests.rs":"5c86a636076065884b02d20c8b83352078b0d85513d1eab5080809756ffc6e13","src/x509/verify.rs":"37566473e5cb60582c28a970cafe2a48109b15d23801d0301ca7771704b353f7","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/authority_key_identifier.pem":"4644b83bbcd36a6e1917d1f7bd3b8ff913bf86cc74917c07dd78b6731b4d5bec","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/entry_extensions.crl":"fc41a73344f72c40a6c1733adc745f1e21c93821a497ba093680f8d9725b9e93","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d"} \ No newline at end of file
diff --git a/vendor/openssl/CHANGELOG.md b/vendor/openssl/CHANGELOG.md
index 3730cf5ce..a0622eccc 100644
--- a/vendor/openssl/CHANGELOG.md
+++ b/vendor/openssl/CHANGELOG.md
@@ -2,6 +2,58 @@
## [Unreleased]
+## [v0.10.55] - 2023-06-20
+
+### Fixed
+
+* Fixed compilation with the latest version of BoringSSL.
+* Fixed compilation when OpenSSL is compiled with `OPENSSL_NO_OCB`.
+* Fixed a segfault in `X509VerifyParamRef::set_host` when called with an empty string.
+
+### Added
+
+* Added `Deriver::set_peer_ex`.
+* Added `EcGroupRef::asn1_flag`.
+* Exposed `EcPointRef::affine_coordinates` on BoringSSL and LibreSSL.
+* Added `Nid::SM2` and `Id::SM2`
+
+## [v0.10.54] - 2023-05-31
+
+### Fixed
+
+* `PKey::private_key_to_pkcs8_passphrase` no longer panics if a `passphrase` contains a NUL byte.
+
+## [v0.10.53] - 2023-05-30
+
+### Added
+
+* Added `Dsa::from_pqg`, `Dsa::generate_key`, and `Dsa::generate_params`.
+* Added `SslRef::bytes_to_cipher_list`.
+* Added `SubjectAlternativeName::other_name2`
+
+## [v0.10.52] - 2023-04-24
+
+### Added
+
+* Added `DhRef::check_key`.
+* Added `Id::POLY1305`.
+* Added `X509Ref::subject_key_id`, `X509Ref::authority_key_id`, `X509Ref::authority_issuer`, and `X509Ref::authority_serial`.
+
+
+## [v0.10.51] - 2023-04-20
+
+### Added
+
+* Added `X509RevokedRef::issuer_name` and `X509RevokedRef::reason_code`.
+* Added `Dh::set_key` and `Dh::set_public_key`
+* Added `Asn1OctetString` and `Asn1OctetStringRef1`
+* Added `X509Extension::new_from_der`
+
+### Deprecated
+
+* Deprecated `X509Extension::new` and `X509Extension::new_nid` in favor of `X509Extension::new_from_der` and the `extensions` module.
+* Deprecated `X509Extension::add_alias`, it is not required with `new_from_der` or the `extensions` module.
+
## [v0.10.50] - 2023-04-09
### Added
@@ -724,7 +776,12 @@
Look at the [release tags] for information about older releases.
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...master
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...master
+[v0.10.55]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55
+[v0.10.54]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54
+[v0.10.53]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53
+[v0.10.52]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52
+[v0.10.51]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51
[v0.10.50]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.49...openssl-v0.10.50
[v0.10.49]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.48...openssl-v0.10.49
[v0.10.48]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
diff --git a/vendor/openssl/Cargo.lock b/vendor/openssl/Cargo.lock
index d0653a9af..a8d503586 100644
--- a/vendor/openssl/Cargo.lock
+++ b/vendor/openssl/Cargo.lock
@@ -20,15 +20,15 @@ dependencies = [
"regex",
"rustc-hash",
"shlex",
- "syn 1.0.109",
+ "syn 1.0.99",
"which",
]
[[package]]
name = "bitflags"
-version = "1.3.2"
+version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
[[package]]
name = "bssl-sys"
@@ -37,10 +37,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "312d12393c060384f2e6ed14c7b4be37b3dd90249857485613c1a91b9a1abb5c"
[[package]]
+name = "byteorder"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "652805b7e73fada9d85e9a6682a4abd490cb52d96aeecc12e33a0de34dfd0d23"
+
+[[package]]
name = "cc"
-version = "1.0.79"
+version = "1.0.61"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+checksum = "ed67cbde08356238e75fc4656be4749481eeffb09e19f320a25237d5221c985d"
[[package]]
name = "cexpr"
@@ -59,9 +65,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clang-sys"
-version = "1.6.0"
+version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77ed9a53e5d4d9c573ae844bfac6872b159cb1d1585a83b29e7a64b7eef7332a"
+checksum = "9da1484c6a890e374ca5086062d4847e0a2c1e5eba9afa5d48c09e8eb39b2519"
dependencies = [
"glob",
"libc",
@@ -70,105 +76,108 @@ dependencies = [
[[package]]
name = "either"
-version = "1.8.1"
+version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
+checksum = "cd56b59865bce947ac5958779cfa508f6c3b9497cc762b7e24a12d11ccde2c4f"
[[package]]
name = "foreign-types"
-version = "0.3.2"
+version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+checksum = "a21b40436003b2a1e22483c5ed6c3d25e755b6b3120f601cc22aa57e25dc9065"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
-version = "0.1.1"
+version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+checksum = "baa1839fc3c5487b5e129ea4f774e3fd84e6c4607127315521bc014a722ebc9e"
[[package]]
name = "glob"
-version = "0.3.1"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
+checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
[[package]]
name = "hex"
-version = "0.3.2"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
+checksum = "b66c2649564633dd569707d91459ac1d2deefd9fa2a1def6fffc55b4bfee0b1f"
[[package]]
name = "lazy_static"
-version = "1.4.0"
+version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+checksum = "c8f31047daa365f19be14b47c29df4f7c3b581832407daabe6ae77397619237d"
[[package]]
name = "lazycell"
-version = "1.3.0"
+version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+checksum = "d33a48d0365c96081958cc663eef834975cb1e8d8bea3378513fc72bdbf11e50"
[[package]]
name = "libc"
-version = "0.2.140"
+version = "0.2.65"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
+checksum = "1a31a0627fdf1f6a39ec0dd577e101440b7db22672c0901fe00a9a6fbb5c24e8"
[[package]]
name = "libloading"
-version = "0.7.4"
+version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
+checksum = "2c979a19ffb457f0273965c333053f3d586bf759bf7b683fbebc37f9a9ebedc4"
dependencies = [
- "cfg-if",
"winapi",
]
[[package]]
name = "log"
-version = "0.4.17"
+version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
dependencies = [
"cfg-if",
]
[[package]]
name = "memchr"
-version = "2.5.0"
+version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+checksum = "e01e64d9017d18e7fc09d8e4fe0e28ff6931019e979fb8019319db7ca827f8a6"
+dependencies = [
+ "libc",
+]
[[package]]
name = "minimal-lexical"
-version = "0.2.1"
+version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+checksum = "6595bb28ed34f43c3fe088e48f6cfb2e033cab45f25a5384d5fdf564fbc8c4b2"
[[package]]
name = "nom"
-version = "7.1.3"
+version = "7.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+checksum = "7ffd9d26838a953b4af82cbeb9f1592c6798916983959be223a7124e992742c1"
dependencies = [
"memchr",
"minimal-lexical",
+ "version_check",
]
[[package]]
name = "once_cell"
-version = "1.17.1"
+version = "1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0"
[[package]]
name = "openssl"
-version = "0.10.50"
+version = "0.10.55"
dependencies = [
"bitflags",
"cfg-if",
@@ -188,23 +197,23 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.12",
+ "syn 2.0.0",
]
[[package]]
name = "openssl-src"
-version = "111.25.1+1.1.1t"
+version = "111.0.0+1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ef9a9cc6ea7d9d5e7c4a913dc4b48d0e359eddf01af1dfec96ba7064b4aba10"
+checksum = "f79e1dea06f0854a0cd6bc68cf6fcd9ced9c81675018f7b3fe5b1d0d003d48ca"
dependencies = [
"cc",
]
[[package]]
name = "openssl-sys"
-version = "0.9.85"
+version = "0.9.89"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d3d193fb1488ad46ffe3aaabc912cc931d02ee8518fe2959aea8ef52718b0c0"
+checksum = "4026ef4fae4cd0c85aee4846e497cea7855659077108067c0d37c0d628f3e40a"
dependencies = [
"bindgen",
"bssl-sys",
@@ -223,9 +232,9 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
[[package]]
name = "pkg-config"
-version = "0.3.26"
+version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
+checksum = "3a8b4c6b8165cd1a1cd4b9b120978131389f64bdaf456435caa41e630edba903"
[[package]]
name = "proc-macro2"
@@ -247,36 +256,39 @@ dependencies = [
[[package]]
name = "regex"
-version = "1.7.1"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
+checksum = "a250501c60d8ee37c3c8cd93d95344a4653ce4999136cc9b3eb4c98770a4aea3"
dependencies = [
"regex-syntax",
]
[[package]]
name = "regex-syntax"
-version = "0.6.28"
+version = "0.6.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
+checksum = "00efb87459ba4f6fb2169d20f68565555688e1250ee6825cdf6254f8b48fafb2"
[[package]]
name = "rustc-hash"
-version = "1.1.0"
+version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+checksum = "7540fc8b0c49f096ee9c961cda096467dce8084bec6bdca2fc83895fd9b28cb8"
+dependencies = [
+ "byteorder",
+]
[[package]]
name = "shlex"
-version = "1.1.0"
+version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
+checksum = "42a568c8f2cd051a4d283bd6eb0343ac214c1b0f1ac19f93e1175b2dee38c73d"
[[package]]
name = "syn"
-version = "1.0.109"
+version = "1.0.99"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13"
dependencies = [
"proc-macro2",
"quote",
@@ -285,9 +297,9 @@ dependencies = [
[[package]]
name = "syn"
-version = "2.0.12"
+version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79d9531f94112cfc3e4c8f5f02cb2b58f72c97b7efd85f70203cc6d8efda5927"
+checksum = "4cff13bb1732bccfe3b246f3fdb09edfd51c01d6f5299b7ccd9457c2e4e37774"
dependencies = [
"proc-macro2",
"quote",
@@ -296,32 +308,38 @@ dependencies = [
[[package]]
name = "unicode-ident"
-version = "1.0.8"
+version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+checksum = "d22af068fba1eb5edcb4aea19d382b2a3deb4c8f9d475c589b6ada9e0fd493ee"
[[package]]
name = "vcpkg"
-version = "0.2.15"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3fc439f2794e98976c88a2a2dafce96b930fe8010b0a256b3c2199a773933168"
+
+[[package]]
+name = "version_check"
+version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+checksum = "45d3d553fd9413fffe7147a20171d640eda0ad4c070acd7d0c885a21bcd2e8b7"
[[package]]
name = "which"
-version = "4.4.0"
+version = "4.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269"
+checksum = "ea187a8ef279bc014ec368c27a920da2024d2a711109bfbe3440585d5cf27ad9"
dependencies = [
"either",
+ "lazy_static",
"libc",
- "once_cell",
]
[[package]]
name = "winapi"
-version = "0.3.9"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+checksum = "b3ad91d846a4a5342c1fb7008d26124ee6cf94a3953751618577295373b32117"
dependencies = [
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
@@ -329,12 +347,12 @@ dependencies = [
[[package]]
name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+checksum = "a16a8e2ebfc883e2b1771c6482b1fb3c6831eab289ba391619a2d93a7356220f"
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+checksum = "8ca29cb03c8ceaf20f8224a18a530938305e9872b1478ea24ff44b4f503a1d1d"
diff --git a/vendor/openssl/Cargo.toml b/vendor/openssl/Cargo.toml
index c9a6a9563..774249f91 100644
--- a/vendor/openssl/Cargo.toml
+++ b/vendor/openssl/Cargo.toml
@@ -12,7 +12,7 @@
[package]
edition = "2018"
name = "openssl"
-version = "0.10.50"
+version = "0.10.55"
authors = ["Steven Fackler <sfackler@gmail.com>"]
description = "OpenSSL bindings"
readme = "README.md"
@@ -36,7 +36,7 @@ version = "1.0"
version = "1.0"
[dependencies.ffi]
-version = "0.9.85"
+version = "0.9.89"
package = "openssl-sys"
[dependencies.foreign-types]
diff --git a/vendor/openssl/src/asn1.rs b/vendor/openssl/src/asn1.rs
index 8823f95b5..801310d41 100644
--- a/vendor/openssl/src/asn1.rs
+++ b/vendor/openssl/src/asn1.rs
@@ -28,6 +28,7 @@ use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_char, c_int, c_long, time_t};
use std::cmp::Ordering;
+use std::convert::TryInto;
use std::ffi::CString;
use std::fmt;
use std::ptr;
@@ -612,8 +613,49 @@ impl Asn1BitStringRef {
}
foreign_type_and_impl_send_sync! {
+ type CType = ffi::ASN1_OCTET_STRING;
+ fn drop = ffi::ASN1_OCTET_STRING_free;
+ /// ASN.1 OCTET STRING type
+ pub struct Asn1OctetString;
+ /// A reference to an [`Asn1OctetString`].
+ pub struct Asn1OctetStringRef;
+}
+
+impl Asn1OctetString {
+ /// Creates an Asn1OctetString from bytes
+ pub fn new_from_bytes(value: &[u8]) -> Result<Self, ErrorStack> {
+ ffi::init();
+ unsafe {
+ let s = cvt_p(ffi::ASN1_OCTET_STRING_new())?;
+ ffi::ASN1_OCTET_STRING_set(s, value.as_ptr(), value.len().try_into().unwrap());
+ Ok(Self::from_ptr(s))
+ }
+ }
+}
+
+impl Asn1OctetStringRef {
+ /// Returns the octet string as an array of bytes.
+ #[corresponds(ASN1_STRING_get0_data)]
+ pub fn as_slice(&self) -> &[u8] {
+ unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr().cast()), self.len()) }
+ }
+
+ /// Returns the number of bytes in the octet string.
+ #[corresponds(ASN1_STRING_length)]
+ pub fn len(&self) -> usize {
+ unsafe { ffi::ASN1_STRING_length(self.as_ptr().cast()) as usize }
+ }
+
+ /// Determines if the string is empty.
+ pub fn is_empty(&self) -> bool {
+ self.len() == 0
+ }
+}
+
+foreign_type_and_impl_send_sync! {
type CType = ffi::ASN1_OBJECT;
fn drop = ffi::ASN1_OBJECT_free;
+ fn clone = ffi::OBJ_dup;
/// Object Identifier
///
@@ -696,7 +738,7 @@ impl fmt::Debug for Asn1ObjectRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::ASN1_STRING_get0_data;
} else {
#[allow(bad_style)]
@@ -706,6 +748,32 @@ cfg_if! {
}
}
+foreign_type_and_impl_send_sync! {
+ type CType = ffi::ASN1_ENUMERATED;
+ fn drop = ffi::ASN1_ENUMERATED_free;
+
+ /// An ASN.1 enumerated.
+ pub struct Asn1Enumerated;
+ /// A reference to an [`Asn1Enumerated`].
+ pub struct Asn1EnumeratedRef;
+}
+
+impl Asn1EnumeratedRef {
+ /// Get the value, if it fits in the required bounds.
+ #[corresponds(ASN1_ENUMERATED_get_int64)]
+ #[cfg(ossl110)]
+ pub fn get_i64(&self) -> Result<i64, ErrorStack> {
+ let mut crl_reason = 0;
+ unsafe {
+ cvt(ffi::ASN1_ENUMERATED_get_int64(
+ &mut crl_reason,
+ self.as_ptr(),
+ ))?;
+ }
+ Ok(crl_reason)
+ }
+}
+
#[cfg(test)]
mod tests {
use super::*;
@@ -833,4 +901,11 @@ mod tests {
&[0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01],
);
}
+
+ #[test]
+ fn asn1_octet_string() {
+ let octet_string = Asn1OctetString::new_from_bytes(b"hello world").unwrap();
+ assert_eq!(octet_string.as_slice(), b"hello world");
+ assert_eq!(octet_string.len(), 11);
+ }
}
diff --git a/vendor/openssl/src/bn.rs b/vendor/openssl/src/bn.rs
index 0328730a2..5cfe4b375 100644
--- a/vendor/openssl/src/bn.rs
+++ b/vendor/openssl/src/bn.rs
@@ -814,7 +814,7 @@ impl BigNumRef {
/// assert_eq!(&bn_vec, &[0, 0, 0x45, 0x43]);
/// ```
#[corresponds(BN_bn2binpad)]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, libressl340, boringssl))]
pub fn to_vec_padded(&self, pad_to: i32) -> Result<Vec<u8>, ErrorStack> {
let mut v = Vec::with_capacity(pad_to as usize);
unsafe {
diff --git a/vendor/openssl/src/cipher.rs b/vendor/openssl/src/cipher.rs
index aeedf459a..87f7660cd 100644
--- a/vendor/openssl/src/cipher.rs
+++ b/vendor/openssl/src/cipher.rs
@@ -324,6 +324,7 @@ impl Cipher {
unsafe { CipherRef::from_ptr(ffi::EVP_des_ede3_cfb64() as *mut _) }
}
+ #[cfg(not(osslconf = "OPENSSL_NO_RC4"))]
pub fn rc4() -> &'static CipherRef {
unsafe { CipherRef::from_ptr(ffi::EVP_rc4() as *mut _) }
}
diff --git a/vendor/openssl/src/derive.rs b/vendor/openssl/src/derive.rs
index 5d422f697..424c5f92d 100644
--- a/vendor/openssl/src/derive.rs
+++ b/vendor/openssl/src/derive.rs
@@ -56,6 +56,7 @@ use std::ptr;
use crate::error::ErrorStack;
use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
use crate::{cvt, cvt_p};
+use openssl_macros::corresponds;
/// A type used to derive a shared secret between two keys.
pub struct Deriver<'a>(*mut ffi::EVP_PKEY_CTX, PhantomData<&'a ()>);
@@ -82,10 +83,7 @@ impl<'a> Deriver<'a> {
}
/// Sets the peer key used for secret derivation.
- ///
- /// This corresponds to [`EVP_PKEY_derive_set_peer`]:
- ///
- /// [`EVP_PKEY_derive_set_peer`]: https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_derive_init.html
+ #[corresponds(EVP_PKEY_derive_set_peer)]
pub fn set_peer<T>(&mut self, key: &'a PKeyRef<T>) -> Result<(), ErrorStack>
where
T: HasPublic,
@@ -93,6 +91,29 @@ impl<'a> Deriver<'a> {
unsafe { cvt(ffi::EVP_PKEY_derive_set_peer(self.0, key.as_ptr())).map(|_| ()) }
}
+ /// Sets the peer key used for secret derivation along with optionally validating the peer public key.
+ ///
+ /// Requires OpenSSL 3.0.0 or newer.
+ #[corresponds(EVP_PKEY_derive_set_peer_ex)]
+ #[cfg(ossl300)]
+ pub fn set_peer_ex<T>(
+ &mut self,
+ key: &'a PKeyRef<T>,
+ validate_peer: bool,
+ ) -> Result<(), ErrorStack>
+ where
+ T: HasPublic,
+ {
+ unsafe {
+ cvt(ffi::EVP_PKEY_derive_set_peer_ex(
+ self.0,
+ key.as_ptr(),
+ validate_peer as i32,
+ ))
+ .map(|_| ())
+ }
+ }
+
/// Returns the size of the shared secret.
///
/// It can be used to size the buffer passed to [`Deriver::derive`].
@@ -179,4 +200,18 @@ mod test {
let shared = deriver.derive_to_vec().unwrap();
assert!(!shared.is_empty());
}
+
+ #[test]
+ #[cfg(ossl300)]
+ fn test_ec_key_derive_ex() {
+ let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
+ let ec_key = EcKey::generate(&group).unwrap();
+ let ec_key2 = EcKey::generate(&group).unwrap();
+ let pkey = PKey::from_ec_key(ec_key).unwrap();
+ let pkey2 = PKey::from_ec_key(ec_key2).unwrap();
+ let mut deriver = Deriver::new(&pkey).unwrap();
+ deriver.set_peer_ex(&pkey2, true).unwrap();
+ let shared = deriver.derive_to_vec().unwrap();
+ assert!(!shared.is_empty());
+ }
}
diff --git a/vendor/openssl/src/dh.rs b/vendor/openssl/src/dh.rs
index e781543e2..7445e3408 100644
--- a/vendor/openssl/src/dh.rs
+++ b/vendor/openssl/src/dh.rs
@@ -7,7 +7,7 @@ use std::ptr;
use crate::bn::{BigNum, BigNumRef};
use crate::error::ErrorStack;
-use crate::pkey::{HasParams, HasPrivate, HasPublic, Params, Private};
+use crate::pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public};
use crate::{cvt, cvt_p};
use openssl_macros::corresponds;
@@ -39,6 +39,16 @@ where
params_to_der,
ffi::i2d_DHparams
}
+
+ /// Validates DH parameters for correctness
+ #[corresponds(DH_check_key)]
+ pub fn check_key(&self) -> Result<bool, ErrorStack> {
+ unsafe {
+ let mut codes = 0;
+ cvt(ffi::DH_check(self.as_ptr(), &mut codes))?;
+ Ok(codes == 0)
+ }
+ }
}
impl Dh<Params> {
@@ -66,6 +76,16 @@ impl Dh<Params> {
}
}
+ /// Sets the public key on the DH object.
+ pub fn set_public_key(self, pub_key: BigNum) -> Result<Dh<Public>, ErrorStack> {
+ unsafe {
+ let dh_ptr = self.0;
+ cvt(DH_set0_key(dh_ptr, pub_key.as_ptr(), ptr::null_mut()))?;
+ mem::forget((self, pub_key));
+ Ok(Dh::from_ptr(dh_ptr))
+ }
+ }
+
/// Sets the private key on the DH object and recomputes the public key.
pub fn set_private_key(self, priv_key: BigNum) -> Result<Dh<Private>, ErrorStack> {
unsafe {
@@ -79,6 +99,16 @@ impl Dh<Params> {
}
}
+ /// Sets the public and private keys on the DH object.
+ pub fn set_key(self, pub_key: BigNum, priv_key: BigNum) -> Result<Dh<Private>, ErrorStack> {
+ unsafe {
+ let dh_ptr = self.0;
+ cvt(DH_set0_key(dh_ptr, pub_key.as_ptr(), priv_key.as_ptr()))?;
+ mem::forget((self, pub_key, priv_key));
+ Ok(Dh::from_ptr(dh_ptr))
+ }
+ }
+
/// Generates DH params based on the given `prime_len` and a fixed `generator` value.
#[corresponds(DH_generate_parameters_ex)]
pub fn generate_params(prime_len: u32, generator: u32) -> Result<Dh<Params>, ErrorStack> {
@@ -368,6 +398,30 @@ mod tests {
}
#[test]
+ #[cfg(ossl102)]
+ fn test_set_keys() {
+ let dh1 = Dh::get_2048_256().unwrap();
+ let key1 = dh1.generate_key().unwrap();
+
+ let dh2 = Dh::get_2048_256().unwrap();
+ let key2 = dh2
+ .set_public_key(key1.public_key().to_owned().unwrap())
+ .unwrap();
+
+ assert_eq!(key1.public_key(), key2.public_key());
+
+ let dh3 = Dh::get_2048_256().unwrap();
+ let key3 = dh3
+ .set_key(
+ key1.public_key().to_owned().unwrap(),
+ key1.private_key().to_owned().unwrap(),
+ )
+ .unwrap();
+ assert_eq!(key1.public_key(), key3.public_key());
+ assert_eq!(key1.private_key(), key3.private_key());
+ }
+
+ #[test]
fn test_dh_from_pem() {
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
let params = include_bytes!("../test/dhparams.pem");
@@ -413,4 +467,14 @@ mod tests {
assert_eq!(shared_a, shared_b);
}
+
+ #[test]
+ fn test_dh_check_key() {
+ let dh1 = Dh::generate_params(512, 2).unwrap();
+ let p = BigNum::from_hex_str("04").unwrap();
+ let g = BigNum::from_hex_str("02").unwrap();
+ let dh2 = Dh::from_pqg(p, None, g).unwrap();
+ assert!(dh1.check_key().unwrap());
+ assert!(!dh2.check_key().unwrap());
+ }
}
diff --git a/vendor/openssl/src/dsa.rs b/vendor/openssl/src/dsa.rs
index c550f6548..1a63e8ad8 100644
--- a/vendor/openssl/src/dsa.rs
+++ b/vendor/openssl/src/dsa.rs
@@ -7,6 +7,7 @@
use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
+#[cfg(not(boringssl))]
use libc::c_int;
use std::fmt;
use std::mem;
@@ -14,7 +15,7 @@ use std::ptr;
use crate::bn::{BigNum, BigNumRef};
use crate::error::ErrorStack;
-use crate::pkey::{HasParams, HasPrivate, HasPublic, Private, Public};
+use crate::pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public};
use crate::util::ForeignTypeRefExt;
use crate::{cvt, cvt_p};
use openssl_macros::corresponds;
@@ -127,6 +128,13 @@ where
ffi::PEM_write_bio_DSAPrivateKey
}
+ to_der! {
+ /// Serializes the private_key to a DER-encoded `DSAPrivateKey` structure.
+ #[corresponds(i2d_DSAPrivateKey)]
+ private_key_to_der,
+ ffi::i2d_DSAPrivateKey
+ }
+
/// Returns a reference to the private key component of `self`.
#[corresponds(DSA_get0_key)]
pub fn priv_key(&self) -> &BigNumRef {
@@ -183,17 +191,21 @@ type BitType = libc::c_uint;
#[cfg(not(boringssl))]
type BitType = c_int;
-impl Dsa<Private> {
- /// Generate a DSA key pair.
- ///
- /// Calls [`DSA_generate_parameters_ex`] to populate the `p`, `g`, and `q` values.
- /// These values are used to generate the key pair with [`DSA_generate_key`].
- ///
- /// The `bits` parameter corresponds to the length of the prime `p`.
- ///
- /// [`DSA_generate_parameters_ex`]: https://www.openssl.org/docs/manmaster/crypto/DSA_generate_parameters_ex.html
- /// [`DSA_generate_key`]: https://www.openssl.org/docs/manmaster/crypto/DSA_generate_key.html
- pub fn generate(bits: u32) -> Result<Dsa<Private>, ErrorStack> {
+impl Dsa<Params> {
+ /// Creates a DSA params based upon the given parameters.
+ #[corresponds(DSA_set0_pqg)]
+ pub fn from_pqg(p: BigNum, q: BigNum, g: BigNum) -> Result<Dsa<Params>, ErrorStack> {
+ unsafe {
+ let dsa = Dsa::from_ptr(cvt_p(ffi::DSA_new())?);
+ cvt(DSA_set0_pqg(dsa.0, p.as_ptr(), q.as_ptr(), g.as_ptr()))?;
+ mem::forget((p, q, g));
+ Ok(dsa)
+ }
+ }
+
+ /// Generates DSA params based on the given number of bits.
+ #[corresponds(DSA_generate_parameters_ex)]
+ pub fn generate_params(bits: u32) -> Result<Dsa<Params>, ErrorStack> {
ffi::init();
unsafe {
let dsa = Dsa::from_ptr(cvt_p(ffi::DSA_new())?);
@@ -206,11 +218,31 @@ impl Dsa<Private> {
ptr::null_mut(),
ptr::null_mut(),
))?;
- cvt(ffi::DSA_generate_key(dsa.0))?;
Ok(dsa)
}
}
+ /// Generates a private key based on the DSA params.
+ #[corresponds(DSA_generate_key)]
+ pub fn generate_key(self) -> Result<Dsa<Private>, ErrorStack> {
+ unsafe {
+ let dsa_ptr = self.0;
+ cvt(ffi::DSA_generate_key(dsa_ptr))?;
+ mem::forget(self);
+ Ok(Dsa::from_ptr(dsa_ptr))
+ }
+ }
+}
+
+impl Dsa<Private> {
+ /// Generate a DSA key pair.
+ ///
+ /// The `bits` parameter corresponds to the length of the prime `p`.
+ pub fn generate(bits: u32) -> Result<Dsa<Private>, ErrorStack> {
+ let params = Dsa::generate_params(bits)?;
+ params.generate_key()
+ }
+
/// Create a DSA key pair with the given parameters
///
/// `p`, `q` and `g` are the common parameters.
@@ -283,7 +315,7 @@ impl<T> fmt::Debug for Dsa<T> {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::{DSA_get0_key, DSA_get0_pqg, DSA_set0_key, DSA_set0_pqg};
} else {
#[allow(bad_style)]
@@ -462,7 +494,7 @@ impl DsaSigRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::{DSA_SIG_set0, DSA_SIG_get0};
} else {
#[allow(bad_style)]
@@ -557,6 +589,24 @@ mod test {
}
#[test]
+ fn test_params() {
+ let params = Dsa::generate_params(1024).unwrap();
+ let p = params.p().to_owned().unwrap();
+ let q = params.q().to_owned().unwrap();
+ let g = params.g().to_owned().unwrap();
+ let key = params.generate_key().unwrap();
+ let params2 = Dsa::from_pqg(
+ key.p().to_owned().unwrap(),
+ key.q().to_owned().unwrap(),
+ key.g().to_owned().unwrap(),
+ )
+ .unwrap();
+ assert_eq!(p, *params2.p());
+ assert_eq!(q, *params2.q());
+ assert_eq!(g, *params2.g());
+ }
+
+ #[test]
#[cfg(not(boringssl))]
fn test_signature() {
const TEST_DATA: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
diff --git a/vendor/openssl/src/ec.rs b/vendor/openssl/src/ec.rs
index 248ced3e4..b648aec33 100644
--- a/vendor/openssl/src/ec.rs
+++ b/vendor/openssl/src/ec.rs
@@ -57,7 +57,7 @@ impl PointConversionForm {
/// Named Curve or Explicit
///
/// This type acts as a boolean as to whether the `EcGroup` is named or explicit.
-#[derive(Copy, Clone)]
+#[derive(Copy, Clone, Debug, PartialEq)]
pub struct Asn1Flag(c_int);
impl Asn1Flag {
@@ -294,6 +294,12 @@ impl EcGroupRef {
}
}
+ /// Gets the flag determining if the group corresponds to a named curve.
+ #[corresponds(EC_GROUP_get_asn1_flag)]
+ pub fn asn1_flag(&self) -> Asn1Flag {
+ unsafe { Asn1Flag(ffi::EC_GROUP_get_asn1_flag(self.as_ptr())) }
+ }
+
/// Returns the name of the curve, if a name is associated.
#[corresponds(EC_GROUP_get_curve_name)]
pub fn curve_name(&self) -> Option<Nid> {
@@ -485,7 +491,7 @@ impl EcPointRef {
/// Places affine coordinates of a curve over a prime field in the provided
/// `x` and `y` `BigNum`s.
#[corresponds(EC_POINT_get_affine_coordinates)]
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, boringssl, libressl350))]
pub fn affine_coordinates(
&self,
group: &EcGroupRef,
@@ -1191,7 +1197,7 @@ mod test {
assert!(ec_key.check_key().is_ok());
}
- #[cfg(ossl111)]
+ #[cfg(any(ossl111, boringssl, libressl350))]
#[test]
fn get_affine_coordinates() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
@@ -1265,4 +1271,12 @@ mod test {
let group2 = EcGroup::from_curve_name(Nid::X9_62_PRIME239V3).unwrap();
assert!(!g.is_on_curve(&group2, &mut ctx).unwrap());
}
+
+ #[test]
+ #[cfg(any(boringssl, ossl111, libressl350))]
+ fn asn1_flag() {
+ let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
+ let flag = group.asn1_flag();
+ assert_eq!(flag, Asn1Flag::NAMED_CURVE);
+ }
}
diff --git a/vendor/openssl/src/ecdsa.rs b/vendor/openssl/src/ecdsa.rs
index 0a960e7b9..f3b27b395 100644
--- a/vendor/openssl/src/ecdsa.rs
+++ b/vendor/openssl/src/ecdsa.rs
@@ -110,7 +110,7 @@ impl EcdsaSigRef {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::{ECDSA_SIG_set0, ECDSA_SIG_get0};
} else {
#[allow(bad_style)]
diff --git a/vendor/openssl/src/hash.rs b/vendor/openssl/src/hash.rs
index 37442fb27..52d73deed 100644
--- a/vendor/openssl/src/hash.rs
+++ b/vendor/openssl/src/hash.rs
@@ -43,7 +43,7 @@ use crate::nid::Nid;
use crate::{cvt, cvt_p};
cfg_if! {
- if #[cfg(ossl110)] {
+ if #[cfg(any(ossl110, boringssl))] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
} else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
diff --git a/vendor/openssl/src/lib.rs b/vendor/openssl/src/lib.rs
index 5678298a0..c2c390cc1 100644
--- a/vendor/openssl/src/lib.rs
+++ b/vendor/openssl/src/lib.rs
@@ -1,7 +1,7 @@
//! Bindings to OpenSSL
//!
//! This crate provides a safe interface to the popular OpenSSL cryptography library. OpenSSL versions 1.0.1 through
-//! 3.x.x and LibreSSL versions 2.5 through 3.4.1 are supported.
+//! 3.x.x and LibreSSL versions 2.5 through 3.7.x are supported.
//!
//! # Building
//!
@@ -165,7 +165,6 @@ pub mod nid;
#[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_OCSP")))]
pub mod ocsp;
pub mod pkcs12;
-#[cfg(not(boringssl))]
pub mod pkcs5;
#[cfg(not(boringssl))]
pub mod pkcs7;
diff --git a/vendor/openssl/src/md_ctx.rs b/vendor/openssl/src/md_ctx.rs
index c4d3f06b9..156f3c2fc 100644
--- a/vendor/openssl/src/md_ctx.rs
+++ b/vendor/openssl/src/md_ctx.rs
@@ -93,7 +93,7 @@ use std::convert::TryFrom;
use std::ptr;
cfg_if! {
- if #[cfg(ossl110)] {
+ if #[cfg(any(ossl110, boringssl))] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
} else {
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
diff --git a/vendor/openssl/src/nid.rs b/vendor/openssl/src/nid.rs
index 1ab96f370..91fcdeca9 100644
--- a/vendor/openssl/src/nid.rs
+++ b/vendor/openssl/src/nid.rs
@@ -51,13 +51,13 @@ pub struct Nid(c_int);
#[allow(non_snake_case)]
impl Nid {
/// Create a `Nid` from an integer representation.
- pub fn from_raw(raw: c_int) -> Nid {
+ pub const fn from_raw(raw: c_int) -> Nid {
Nid(raw)
}
/// Return the integer representation of a `Nid`.
#[allow(clippy::trivially_copy_pass_by_ref)]
- pub fn as_raw(&self) -> c_int {
+ pub const fn as_raw(&self) -> c_int {
self.0
}
@@ -1074,6 +1074,8 @@ impl Nid {
pub const AES_128_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_128_cbc_hmac_sha1);
pub const AES_192_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_192_cbc_hmac_sha1);
pub const AES_256_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_256_cbc_hmac_sha1);
+ #[cfg(ossl111)]
+ pub const SM2: Nid = Nid(ffi::NID_sm2);
#[cfg(any(ossl111, libressl291))]
pub const SM3: Nid = Nid(ffi::NID_sm3);
#[cfg(ossl111)]
diff --git a/vendor/openssl/src/pkcs5.rs b/vendor/openssl/src/pkcs5.rs
index c15ce4776..cd704e825 100644
--- a/vendor/openssl/src/pkcs5.rs
+++ b/vendor/openssl/src/pkcs5.rs
@@ -1,9 +1,13 @@
+#[cfg(not(boringssl))]
use libc::c_int;
+use std::convert::TryInto;
+#[cfg(not(boringssl))]
use std::ptr;
use crate::cvt;
use crate::error::ErrorStack;
use crate::hash::MessageDigest;
+#[cfg(not(boringssl))]
use crate::symm::Cipher;
use openssl_macros::corresponds;
@@ -25,6 +29,7 @@ pub struct KeyIvPair {
/// `pbkdf2_hmac` or another more modern key derivation algorithm.
#[corresponds(EVP_BytesToKey)]
#[allow(clippy::useless_conversion)]
+#[cfg(not(boringssl))]
pub fn bytes_to_key(
cipher: Cipher,
digest: MessageDigest,
@@ -91,19 +96,15 @@ pub fn pbkdf2_hmac(
key: &mut [u8],
) -> Result<(), ErrorStack> {
unsafe {
- assert!(pass.len() <= c_int::max_value() as usize);
- assert!(salt.len() <= c_int::max_value() as usize);
- assert!(key.len() <= c_int::max_value() as usize);
-
ffi::init();
cvt(ffi::PKCS5_PBKDF2_HMAC(
pass.as_ptr() as *const _,
- pass.len() as c_int,
+ pass.len().try_into().unwrap(),
salt.as_ptr(),
- salt.len() as c_int,
- iter as c_int,
+ salt.len().try_into().unwrap(),
+ iter.try_into().unwrap(),
hash.as_ptr(),
- key.len() as c_int,
+ key.len().try_into().unwrap(),
key.as_mut_ptr(),
))
.map(|_| ())
@@ -114,7 +115,8 @@ pub fn pbkdf2_hmac(
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PBE_scrypt)]
-#[cfg(any(ossl110))]
+#[cfg(any(ossl110, boringssl))]
+#[allow(clippy::useless_conversion)]
pub fn scrypt(
pass: &[u8],
salt: &[u8],
@@ -134,7 +136,7 @@ pub fn scrypt(
n,
r,
p,
- maxmem,
+ maxmem.try_into().unwrap(),
key.as_mut_ptr() as *mut _,
key.len(),
))
@@ -145,6 +147,7 @@ pub fn scrypt(
#[cfg(test)]
mod tests {
use crate::hash::MessageDigest;
+ #[cfg(not(boringssl))]
use crate::symm::Cipher;
// Test vectors from
@@ -246,6 +249,7 @@ mod tests {
}
#[test]
+ #[cfg(not(boringssl))]
fn bytes_to_key() {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];
@@ -282,7 +286,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110))]
+ #[cfg(any(ossl110, boringssl))]
fn scrypt() {
let pass = "pleaseletmein";
let salt = "SodiumChloride";
diff --git a/vendor/openssl/src/pkey.rs b/vendor/openssl/src/pkey.rs
index bec4bfdaf..453aeed72 100644
--- a/vendor/openssl/src/pkey.rs
+++ b/vendor/openssl/src/pkey.rs
@@ -57,7 +57,7 @@ use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_int, c_long};
use openssl_macros::corresponds;
-use std::convert::TryFrom;
+use std::convert::{TryFrom, TryInto};
use std::ffi::CString;
use std::fmt;
use std::mem;
@@ -85,8 +85,10 @@ impl Id {
pub const DSA: Id = Id(ffi::EVP_PKEY_DSA);
pub const DH: Id = Id(ffi::EVP_PKEY_DH);
pub const EC: Id = Id(ffi::EVP_PKEY_EC);
+ #[cfg(ossl111)]
+ pub const SM2: Id = Id(ffi::EVP_PKEY_SM2);
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);
#[cfg(any(ossl111, boringssl, libressl370))]
@@ -97,6 +99,8 @@ impl Id {
pub const X25519: Id = Id(ffi::EVP_PKEY_X25519);
#[cfg(ossl111)]
pub const X448: Id = Id(ffi::EVP_PKEY_X448);
+ #[cfg(ossl111)]
+ pub const POLY1305: Id = Id(ffi::EVP_PKEY_POLY1305);
/// Creates a `Id` from an integer representation.
pub fn from_raw(value: c_int) -> Id {
@@ -244,7 +248,11 @@ where
where
U: HasPublic,
{
- unsafe { ffi::EVP_PKEY_cmp(self.as_ptr(), other.as_ptr()) == 1 }
+ let res = unsafe { ffi::EVP_PKEY_cmp(self.as_ptr(), other.as_ptr()) == 1 };
+ // Clear the stack. OpenSSL will put an error on the stack when the
+ // keys are different types in some situations.
+ let _ = ErrorStack::get();
+ res
}
/// Raw byte representation of a public key.
@@ -344,10 +352,6 @@ where
/// Serializes a private key into a DER-formatted PKCS#8, using the supplied password to
/// encrypt the key.
- ///
- /// # Panics
- ///
- /// Panics if `passphrase` contains an embedded null.
#[corresponds(i2d_PKCS8PrivateKey_bio)]
pub fn private_key_to_pkcs8_passphrase(
&self,
@@ -356,14 +360,12 @@ where
) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let bio = MemBio::new()?;
- let len = passphrase.len();
- let passphrase = CString::new(passphrase).unwrap();
cvt(ffi::i2d_PKCS8PrivateKey_bio(
bio.as_ptr(),
self.as_ptr(),
cipher.as_ptr(),
passphrase.as_ptr() as *const _ as *mut _,
- len as ::libc::c_int,
+ passphrase.len().try_into().unwrap(),
None,
ptr::null_mut(),
))?;
@@ -406,11 +408,7 @@ impl<T> PKey<T> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
- cvt(ffi::EVP_PKEY_assign(
- pkey.0,
- ffi::EVP_PKEY_RSA,
- rsa.as_ptr() as *mut _,
- ))?;
+ cvt(ffi::EVP_PKEY_assign_RSA(pkey.0, rsa.as_ptr()))?;
mem::forget(rsa);
Ok(pkey)
}
@@ -422,11 +420,7 @@ impl<T> PKey<T> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
- cvt(ffi::EVP_PKEY_assign(
- pkey.0,
- ffi::EVP_PKEY_DSA,
- dsa.as_ptr() as *mut _,
- ))?;
+ cvt(ffi::EVP_PKEY_assign_DSA(pkey.0, dsa.as_ptr()))?;
mem::forget(dsa);
Ok(pkey)
}
@@ -434,15 +428,12 @@ impl<T> PKey<T> {
/// Creates a new `PKey` containing a Diffie-Hellman key.
#[corresponds(EVP_PKEY_assign_DH)]
+ #[cfg(not(boringssl))]
pub fn from_dh(dh: Dh<T>) -> Result<PKey<T>, ErrorStack> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
- cvt(ffi::EVP_PKEY_assign(
- pkey.0,
- ffi::EVP_PKEY_DH,
- dh.as_ptr() as *mut _,
- ))?;
+ cvt(ffi::EVP_PKEY_assign_DH(pkey.0, dh.as_ptr()))?;
mem::forget(dh);
Ok(pkey)
}
@@ -454,11 +445,7 @@ impl<T> PKey<T> {
unsafe {
let evp = cvt_p(ffi::EVP_PKEY_new())?;
let pkey = PKey::from_ptr(evp);
- cvt(ffi::EVP_PKEY_assign(
- pkey.0,
- ffi::EVP_PKEY_EC,
- ec_key.as_ptr() as *mut _,
- ))?;
+ cvt(ffi::EVP_PKEY_assign_EC_KEY(pkey.0, ec_key.as_ptr()))?;
mem::forget(ec_key);
Ok(pkey)
}
@@ -861,6 +848,7 @@ impl<T> TryFrom<PKey<T>> for Dsa<T> {
}
}
+#[cfg(not(boringssl))]
impl<T> TryFrom<Dh<T>> for PKey<T> {
type Error = ErrorStack;
@@ -885,6 +873,7 @@ mod tests {
use crate::dh::Dh;
use crate::dsa::Dsa;
use crate::ec::EcKey;
+ use crate::error::Error;
use crate::nid::Nid;
use crate::rsa::Rsa;
use crate::symm::Cipher;
@@ -1168,4 +1157,17 @@ mod tests {
let key = PKey::ec_gen("prime256v1").unwrap();
assert!(key.ec_key().is_ok());
}
+
+ #[test]
+ fn test_public_eq() {
+ let rsa = Rsa::generate(2048).unwrap();
+ let pkey1 = PKey::from_rsa(rsa).unwrap();
+
+ let group = crate::ec::EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
+ let ec_key = EcKey::generate(&group).unwrap();
+ let pkey2 = PKey::from_ec_key(ec_key).unwrap();
+
+ assert!(!pkey1.public_eq(&pkey2));
+ assert!(Error::get().is_none());
+ }
}
diff --git a/vendor/openssl/src/pkey_ctx.rs b/vendor/openssl/src/pkey_ctx.rs
index 42289b9f4..aba8a66a3 100644
--- a/vendor/openssl/src/pkey_ctx.rs
+++ b/vendor/openssl/src/pkey_ctx.rs
@@ -485,7 +485,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set_hkdf_md)]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
#[inline]
pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack> {
unsafe {
@@ -527,10 +527,13 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_key)]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
#[inline]
pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> {
+ #[cfg(not(boringssl))]
let len = c_int::try_from(key.len()).unwrap();
+ #[cfg(boringssl)]
+ let len = key.len();
unsafe {
cvt(ffi::EVP_PKEY_CTX_set1_hkdf_key(
@@ -549,10 +552,13 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_salt)]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
#[inline]
pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack> {
+ #[cfg(not(boringssl))]
let len = c_int::try_from(salt.len()).unwrap();
+ #[cfg(boringssl)]
+ let len = salt.len();
unsafe {
cvt(ffi::EVP_PKEY_CTX_set1_hkdf_salt(
@@ -571,10 +577,13 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_add1_hkdf_info)]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
#[inline]
pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack> {
+ #[cfg(not(boringssl))]
let len = c_int::try_from(info.len()).unwrap();
+ #[cfg(boringssl)]
+ let len = info.len();
unsafe {
cvt(ffi::EVP_PKEY_CTX_add1_hkdf_info(
@@ -632,7 +641,7 @@ mod test {
#[cfg(not(boringssl))]
use crate::cipher::Cipher;
use crate::ec::{EcGroup, EcKey};
- #[cfg(any(ossl102, libressl310))]
+ #[cfg(any(ossl102, libressl310, boringssl))]
use crate::md::Md;
use crate::nid::Nid;
use crate::pkey::PKey;
@@ -717,7 +726,7 @@ mod test {
}
#[test]
- #[cfg(ossl110)]
+ #[cfg(any(ossl110, boringssl))]
fn hkdf() {
let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
ctx.derive_init().unwrap();
diff --git a/vendor/openssl/src/rsa.rs b/vendor/openssl/src/rsa.rs
index 68cf64b03..f155b12df 100644
--- a/vendor/openssl/src/rsa.rs
+++ b/vendor/openssl/src/rsa.rs
@@ -581,7 +581,7 @@ impl<T> fmt::Debug for Rsa<T> {
}
cfg_if! {
- if #[cfg(any(ossl110, libressl273))] {
+ if #[cfg(any(ossl110, libressl273, boringssl))] {
use ffi::{
RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_set0_key, RSA_set0_factors,
RSA_set0_crt_params,
diff --git a/vendor/openssl/src/sign.rs b/vendor/openssl/src/sign.rs
index 406bb42e8..a32f5c914 100644
--- a/vendor/openssl/src/sign.rs
+++ b/vendor/openssl/src/sign.rs
@@ -117,10 +117,10 @@ pub struct Signer<'a> {
_p: PhantomData<&'a ()>,
}
-unsafe impl<'a> Sync for Signer<'a> {}
-unsafe impl<'a> Send for Signer<'a> {}
+unsafe impl Sync for Signer<'_> {}
+unsafe impl Send for Signer<'_> {}
-impl<'a> Drop for Signer<'a> {
+impl Drop for Signer<'_> {
fn drop(&mut self) {
// pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
unsafe {
@@ -130,7 +130,7 @@ impl<'a> Drop for Signer<'a> {
}
#[allow(clippy::len_without_is_empty)]
-impl<'a> Signer<'a> {
+impl Signer<'_> {
/// Creates a new `Signer`.
///
/// This cannot be used with Ed25519 or Ed448 keys. Please refer to
@@ -139,7 +139,7 @@ impl<'a> Signer<'a> {
/// OpenSSL documentation at [`EVP_DigestSignInit`].
///
/// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
- pub fn new<T>(type_: MessageDigest, pkey: &'a PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
+ pub fn new<'a, T>(type_: MessageDigest, pkey: &PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
where
T: HasPrivate,
{
@@ -154,16 +154,16 @@ impl<'a> Signer<'a> {
/// OpenSSL documentation at [`EVP_DigestSignInit`].
///
/// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
- pub fn new_without_digest<T>(pkey: &'a PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
+ pub fn new_without_digest<'a, T>(pkey: &PKeyRef<T>) -> Result<Signer<'a>, ErrorStack>
where
T: HasPrivate,
{
Self::new_intern(None, pkey)
}
- fn new_intern<T>(
+ fn new_intern<'a, T>(
type_: Option<MessageDigest>,
- pkey: &'a PKeyRef<T>,
+ pkey: &PKeyRef<T>,
) -> Result<Signer<'a>, ErrorStack>
where
T: HasPrivate,
diff --git a/vendor/openssl/src/ssl/mod.rs b/vendor/openssl/src/ssl/mod.rs
index 6ef356d36..27e817f30 100644
--- a/vendor/openssl/src/ssl/mod.rs
+++ b/vendor/openssl/src/ssl/mod.rs
@@ -72,7 +72,7 @@ use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};
use crate::ssl::bio::BioMethod;
use crate::ssl::callbacks::*;
use crate::ssl::error::InnerError;
-use crate::stack::{Stack, StackRef};
+use crate::stack::{Stack, StackRef, Stackable};
use crate::util::{ForeignTypeExt, ForeignTypeRefExt};
use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
#[cfg(any(ossl102, libressl261))]
@@ -599,7 +599,7 @@ impl AlpnError {
/// Terminate the handshake with a fatal alert.
///
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(any(ossl110))]
+ #[cfg(ossl110)]
pub const ALERT_FATAL: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_ALERT_FATAL);
/// Do not select a protocol, but continue the handshake.
@@ -644,6 +644,17 @@ impl SslVersion {
/// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
#[cfg(any(ossl111, libressl340))]
pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
+
+ /// DTLSv1.0
+ ///
+ /// DTLS 1.0 corresponds to TLS 1.1.
+ pub const DTLS1: SslVersion = SslVersion(ffi::DTLS1_VERSION);
+
+ /// DTLSv1.2
+ ///
+ /// DTLS 1.2 corresponds to TLS 1.2 to harmonize versions. There was never a DTLS 1.1.
+ #[cfg(any(ossl102, libressl332))]
+ pub const DTLS1_2: SslVersion = SslVersion(ffi::DTLS1_2_VERSION);
}
cfg_if! {
@@ -1929,6 +1940,10 @@ impl ForeignType for SslCipher {
}
}
+impl Stackable for SslCipher {
+ type StackType = ffi::stack_st_SSL_CIPHER;
+}
+
impl Deref for SslCipher {
type Target = SslCipherRef;
@@ -2045,6 +2060,19 @@ impl SslCipherRef {
}
}
+impl fmt::Debug for SslCipherRef {
+ fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
+ write!(fmt, "{}", self.name())
+ }
+}
+
+/// A stack of selected ciphers, and a stack of selected signalling cipher suites
+#[derive(Debug)]
+pub struct CipherLists {
+ pub suites: Stack<SslCipher>,
+ pub signalling_suites: Stack<SslCipher>,
+}
+
foreign_type_and_impl_send_sync! {
type CType = ffi::SSL_SESSION;
fn drop = ffi::SSL_SESSION_free;
@@ -2385,7 +2413,7 @@ impl SslRef {
///
/// Requires OpenSSL 1.0.1 or 1.0.2.
#[corresponds(SSL_set_tmp_ecdh_callback)]
- #[cfg(any(all(ossl101, not(ossl110))))]
+ #[cfg(all(ossl101, not(ossl110)))]
#[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")]
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
where
@@ -3072,6 +3100,41 @@ impl SslRef {
}
}
+ /// Decodes a slice of wire-format cipher suite specification bytes. Unsupported cipher suites
+ /// are ignored.
+ ///
+ /// Requires OpenSSL 1.1.1 or newer.
+ #[corresponds(SSL_bytes_to_cipher_list)]
+ #[cfg(ossl111)]
+ pub fn bytes_to_cipher_list(
+ &self,
+ bytes: &[u8],
+ isv2format: bool,
+ ) -> Result<CipherLists, ErrorStack> {
+ unsafe {
+ let ptr = bytes.as_ptr();
+ let len = bytes.len();
+ let mut sk = ptr::null_mut();
+ let mut scsvs = ptr::null_mut();
+ let res = ffi::SSL_bytes_to_cipher_list(
+ self.as_ptr(),
+ ptr,
+ len,
+ isv2format as c_int,
+ &mut sk,
+ &mut scsvs,
+ );
+ if res == 1 {
+ Ok(CipherLists {
+ suites: Stack::from_ptr(sk),
+ signalling_suites: Stack::from_ptr(scsvs),
+ })
+ } else {
+ Err(ErrorStack::get())
+ }
+ }
+ }
+
/// Returns the compression methods field of the client's hello message.
///
/// This can only be used inside of the client hello callback. Otherwise, `None` is returned.
diff --git a/vendor/openssl/src/ssl/test/mod.rs b/vendor/openssl/src/ssl/test/mod.rs
index a34309a7d..7707af238 100644
--- a/vendor/openssl/src/ssl/test/mod.rs
+++ b/vendor/openssl/src/ssl/test/mod.rs
@@ -467,7 +467,7 @@ fn test_alpn_server_advertise_multiple() {
}
#[test]
-#[cfg(any(ossl110))]
+#[cfg(ossl110)]
fn test_alpn_server_select_none_fatal() {
let mut server = Server::builder();
server.ctx().set_alpn_select_callback(|_, client| {
@@ -1458,6 +1458,9 @@ fn client_hello() {
assert!(ssl.client_hello_session_id().is_some());
assert!(ssl.client_hello_ciphers().is_some());
assert!(ssl.client_hello_compression_methods().is_some());
+ assert!(ssl
+ .bytes_to_cipher_list(ssl.client_hello_ciphers().unwrap(), ssl.client_hello_isv2())
+ .is_ok());
CALLED_BACK.store(true, Ordering::SeqCst);
Ok(ClientHelloResponse::SUCCESS)
diff --git a/vendor/openssl/src/symm.rs b/vendor/openssl/src/symm.rs
index 911a7ab2e..c1dbdfee7 100644
--- a/vendor/openssl/src/symm.rs
+++ b/vendor/openssl/src/symm.rs
@@ -142,7 +142,7 @@ impl Cipher {
}
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
pub fn aes_128_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_128_ocb()) }
}
@@ -187,7 +187,7 @@ impl Cipher {
}
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
pub fn aes_192_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_192_ocb()) }
}
@@ -237,7 +237,7 @@ impl Cipher {
}
/// Requires OpenSSL 1.1.0 or newer.
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
pub fn aes_256_ocb() -> Cipher {
unsafe { Cipher(ffi::EVP_aes_256_ocb()) }
}
@@ -283,6 +283,7 @@ impl Cipher {
unsafe { Cipher(ffi::EVP_des_ede3_cfb64()) }
}
+ #[cfg(not(osslconf = "OPENSSL_NO_RC4"))]
pub fn rc4() -> Cipher {
unsafe { Cipher(ffi::EVP_rc4()) }
}
@@ -401,14 +402,14 @@ impl Cipher {
}
/// Determines whether the cipher is using OCB mode
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
fn is_ocb(self) -> bool {
self == Cipher::aes_128_ocb()
|| self == Cipher::aes_192_ocb()
|| self == Cipher::aes_256_ocb()
}
- #[cfg(not(ossl110))]
+ #[cfg(any(not(ossl110), osslconf = "OPENSSL_NO_OCB"))]
const fn is_ocb(self) -> bool {
false
}
@@ -1421,7 +1422,7 @@ mod tests {
}
#[test]
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
fn test_aes_128_ocb() {
let key = "000102030405060708090a0b0c0d0e0f";
let aad = "0001020304050607";
@@ -1457,7 +1458,7 @@ mod tests {
}
#[test]
- #[cfg(ossl110)]
+ #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_OCB")))]
fn test_aes_128_ocb_fail() {
let key = "000102030405060708090a0b0c0d0e0f";
let aad = "0001020304050607";
@@ -1477,7 +1478,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110))]
+ #[cfg(ossl110)]
fn test_chacha20() {
let key = "0000000000000000000000000000000000000000000000000000000000000000";
let iv = "00000000000000000000000000000000";
@@ -1492,7 +1493,7 @@ mod tests {
}
#[test]
- #[cfg(any(ossl110))]
+ #[cfg(ossl110)]
fn test_chacha20_poly1305() {
let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f";
let iv = "070000004041424344454647";
diff --git a/vendor/openssl/src/x509/extension.rs b/vendor/openssl/src/x509/extension.rs
index f04d22796..11e015153 100644
--- a/vendor/openssl/src/x509/extension.rs
+++ b/vendor/openssl/src/x509/extension.rs
@@ -67,6 +67,9 @@ impl BasicConstraints {
}
/// Return the `BasicConstraints` extension as an `X509Extension`.
+ // Temporarily silence the deprecation warning - this should be ported to
+ // `X509Extension::new_internal`.
+ #[allow(deprecated)]
pub fn build(&self) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
if self.critical {
@@ -183,6 +186,9 @@ impl KeyUsage {
}
/// Return the `KeyUsage` extension as an `X509Extension`.
+ // Temporarily silence the deprecation warning - this should be ported to
+ // `X509Extension::new_internal`.
+ #[allow(deprecated)]
pub fn build(&self) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
@@ -346,6 +352,9 @@ impl SubjectKeyIdentifier {
}
/// Return a `SubjectKeyIdentifier` extension as an `X509Extension`.
+ // Temporarily silence the deprecation warning - this should be ported to
+ // `X509Extension::new_internal`.
+ #[allow(deprecated)]
pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
@@ -398,6 +407,9 @@ impl AuthorityKeyIdentifier {
}
/// Return a `AuthorityKeyIdentifier` extension as an `X509Extension`.
+ // Temporarily silence the deprecation warning - this should be ported to
+ // `X509Extension::new_internal`.
+ #[allow(deprecated)]
pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
@@ -422,6 +434,7 @@ enum RustGeneralName {
Uri(String),
Ip(String),
Rid(String),
+ OtherName(Asn1Object, Vec<u8>),
}
/// An extension that allows additional identities to be bound to the subject
@@ -494,12 +507,21 @@ impl SubjectAlternativeName {
/// Sets the `otherName` flag.
///
- /// Not currently actually supported, always panics.
- #[deprecated = "other_name is deprecated and always panics. Please file a bug if you have a use case for this."]
+ /// Not currently actually supported, always panics. Please use other_name2
+ #[deprecated = "other_name is deprecated and always panics. Please use other_name2."]
pub fn other_name(&mut self, _other_name: &str) -> &mut SubjectAlternativeName {
- unimplemented!(
- "This has not yet been adapted for the new internals. File a bug if you need this."
- );
+ unimplemented!("This has not yet been adapted for the new internals. Use other_name2.");
+ }
+
+ /// Sets the `otherName` flag.
+ ///
+ /// `content` must be a valid der encoded ASN1_TYPE
+ ///
+ /// If you want to add just a ia5string use `other_name_ia5string`
+ pub fn other_name2(&mut self, oid: Asn1Object, content: &[u8]) -> &mut SubjectAlternativeName {
+ self.items
+ .push(RustGeneralName::OtherName(oid, content.into()));
+ self
}
/// Return a `SubjectAlternativeName` extension as an `X509Extension`.
@@ -514,6 +536,9 @@ impl SubjectAlternativeName {
GeneralName::new_ip(s.parse().map_err(|_| ErrorStack::get())?)?
}
RustGeneralName::Rid(s) => GeneralName::new_rid(Asn1Object::from_str(s)?)?,
+ RustGeneralName::OtherName(oid, content) => {
+ GeneralName::new_other_name(oid.clone(), content)?
+ }
};
stack.push(gn)?;
}
diff --git a/vendor/openssl/src/x509/mod.rs b/vendor/openssl/src/x509/mod.rs
index eab1ea675..4325b132e 100644
--- a/vendor/openssl/src/x509/mod.rs
+++ b/vendor/openssl/src/x509/mod.rs
@@ -24,8 +24,8 @@ use std::slice;
use std::str;
use crate::asn1::{
- Asn1BitStringRef, Asn1IntegerRef, Asn1Object, Asn1ObjectRef, Asn1StringRef, Asn1TimeRef,
- Asn1Type,
+ Asn1BitStringRef, Asn1Enumerated, Asn1IntegerRef, Asn1Object, Asn1ObjectRef,
+ Asn1OctetStringRef, Asn1StringRef, Asn1TimeRef, Asn1Type,
};
use crate::bio::MemBioSlice;
use crate::conf::ConfRef;
@@ -50,6 +50,16 @@ pub mod store;
#[cfg(test)]
mod tests;
+/// A type of X509 extension.
+///
+/// # Safety
+/// The value of NID and Output must match those in OpenSSL so that
+/// `Output::from_ptr_opt(*_get_ext_d2i(*, NID, ...))` is valid.
+pub unsafe trait ExtensionType {
+ const NID: Nid;
+ type Output: ForeignType;
+}
+
foreign_type_and_impl_send_sync! {
type CType = ffi::X509_STORE_CTX;
fn drop = ffi::X509_STORE_CTX_free;
@@ -391,7 +401,10 @@ impl X509Ref {
/// Returns the hash of the certificates subject
#[corresponds(X509_subject_name_hash)]
pub fn subject_name_hash(&self) -> u32 {
- unsafe { ffi::X509_subject_name_hash(self.as_ptr()) as u32 }
+ #[allow(clippy::unnecessary_cast)]
+ unsafe {
+ ffi::X509_subject_name_hash(self.as_ptr()) as u32
+ }
}
/// Returns this certificate's issuer name.
@@ -406,7 +419,10 @@ impl X509Ref {
/// Returns the hash of the certificates issuer
#[corresponds(X509_issuer_name_hash)]
pub fn issuer_name_hash(&self) -> u32 {
- unsafe { ffi::X509_issuer_name_hash(self.as_ptr()) as u32 }
+ #[allow(clippy::unnecessary_cast)]
+ unsafe {
+ ffi::X509_issuer_name_hash(self.as_ptr()) as u32
+ }
}
/// Returns this certificate's subject alternative name entries, if they exist.
@@ -467,6 +483,54 @@ impl X509Ref {
}
}
+ /// Retrieves the path length extension from a certificate, if it exists.
+ #[corresponds(X509_get_pathlen)]
+ #[cfg(ossl110)]
+ pub fn pathlen(&self) -> Option<u32> {
+ let v = unsafe { ffi::X509_get_pathlen(self.as_ptr()) };
+ u32::try_from(v).ok()
+ }
+
+ /// Returns this certificate's subject key id, if it exists.
+ #[corresponds(X509_get0_subject_key_id)]
+ #[cfg(ossl110)]
+ pub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef> {
+ unsafe {
+ let data = ffi::X509_get0_subject_key_id(self.as_ptr());
+ Asn1OctetStringRef::from_const_ptr_opt(data)
+ }
+ }
+
+ /// Returns this certificate's authority key id, if it exists.
+ #[corresponds(X509_get0_authority_key_id)]
+ #[cfg(ossl110)]
+ pub fn authority_key_id(&self) -> Option<&Asn1OctetStringRef> {
+ unsafe {
+ let data = ffi::X509_get0_authority_key_id(self.as_ptr());
+ Asn1OctetStringRef::from_const_ptr_opt(data)
+ }
+ }
+
+ /// Returns this certificate's authority issuer name entries, if they exist.
+ #[corresponds(X509_get0_authority_issuer)]
+ #[cfg(ossl111d)]
+ pub fn authority_issuer(&self) -> Option<&StackRef<GeneralName>> {
+ unsafe {
+ let stack = ffi::X509_get0_authority_issuer(self.as_ptr());
+ StackRef::from_const_ptr_opt(stack)
+ }
+ }
+
+ /// Returns this certificate's authority serial number, if it exists.
+ #[corresponds(X509_get0_authority_serial)]
+ #[cfg(ossl111d)]
+ pub fn authority_serial(&self) -> Option<&Asn1IntegerRef> {
+ unsafe {
+ let r = ffi::X509_get0_authority_serial(self.as_ptr());
+ Asn1IntegerRef::from_const_ptr_opt(r)
+ }
+ }
+
#[corresponds(X509_get_pubkey)]
pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack> {
unsafe {
@@ -562,6 +626,7 @@ impl X509Ref {
/// Note that `0` return value stands for version 1, `1` for version 2 and so on.
#[corresponds(X509_get_version)]
#[cfg(ossl110)]
+ #[allow(clippy::unnecessary_cast)]
pub fn version(&self) -> i32 {
unsafe { ffi::X509_get_version(self.as_ptr()) as i32 }
}
@@ -825,6 +890,13 @@ impl X509Extension {
/// mini-language that can read arbitrary files.
///
/// See the extension module for builder types which will construct certain common extensions.
+ ///
+ /// This function is deprecated, `X509Extension::new_from_der` or the
+ /// types in `x509::extension` should be used in its place.
+ #[deprecated(
+ note = "Use x509::extension types or new_from_der instead",
+ since = "0.10.51"
+ )]
pub fn new(
conf: Option<&ConfRef>,
context: Option<&X509v3Context<'_>>,
@@ -870,6 +942,13 @@ impl X509Extension {
/// mini-language that can read arbitrary files.
///
/// See the extension module for builder types which will construct certain common extensions.
+ ///
+ /// This function is deprecated, `X509Extension::new_from_der` or the
+ /// types in `x509::extension` should be used in its place.
+ #[deprecated(
+ note = "Use x509::extension types or new_from_der instead",
+ since = "0.10.51"
+ )]
pub fn new_nid(
conf: Option<&ConfRef>,
context: Option<&X509v3Context<'_>>,
@@ -904,6 +983,31 @@ impl X509Extension {
}
}
+ /// Constructs a new X509 extension value from its OID, whether it's
+ /// critical, and its DER contents.
+ ///
+ /// The extent structure of the DER value will vary based on the
+ /// extension type, and can generally be found in the RFC defining the
+ /// extension.
+ ///
+ /// For common extension types, there are Rust APIs provided in
+ /// `openssl::x509::extensions` which are more ergonomic.
+ pub fn new_from_der(
+ oid: &Asn1ObjectRef,
+ critical: bool,
+ der_contents: &Asn1OctetStringRef,
+ ) -> Result<X509Extension, ErrorStack> {
+ unsafe {
+ cvt_p(ffi::X509_EXTENSION_create_by_OBJ(
+ ptr::null_mut(),
+ oid.as_ptr(),
+ critical as _,
+ der_contents.as_ptr(),
+ ))
+ .map(X509Extension)
+ }
+ }
+
pub(crate) unsafe fn new_internal(
nid: Nid,
critical: bool,
@@ -919,6 +1023,10 @@ impl X509Extension {
///
/// This method modifies global state without locking and therefore is not thread safe
#[corresponds(X509V3_EXT_add_alias)]
+ #[deprecated(
+ note = "Use x509::extension types or new_from_der and then this is not necessary",
+ since = "0.10.51"
+ )]
pub unsafe fn add_alias(to: Nid, from: Nid) -> Result<(), ErrorStack> {
ffi::init();
cvt(ffi::X509V3_EXT_add_alias(to.as_raw(), from.as_raw())).map(|_| ())
@@ -969,13 +1077,13 @@ impl X509NameBuilder {
pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).unwrap();
- assert!(value.len() <= c_int::max_value() as usize);
+ assert!(value.len() <= crate::SLenType::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
self.0.as_ptr(),
field.as_ptr() as *mut _,
ffi::MBSTRING_UTF8,
value.as_ptr(),
- value.len() as c_int,
+ value.len() as crate::SLenType,
-1,
0,
))
@@ -996,13 +1104,13 @@ impl X509NameBuilder {
) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).unwrap();
- assert!(value.len() <= c_int::max_value() as usize);
+ assert!(value.len() <= crate::SLenType::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
self.0.as_ptr(),
field.as_ptr() as *mut _,
ty.as_raw(),
value.as_ptr(),
- value.len() as c_int,
+ value.len() as crate::SLenType,
-1,
0,
))
@@ -1017,13 +1125,13 @@ impl X509NameBuilder {
/// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
unsafe {
- assert!(value.len() <= c_int::max_value() as usize);
+ assert!(value.len() <= crate::SLenType::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
self.0.as_ptr(),
field.as_raw(),
ffi::MBSTRING_UTF8,
value.as_ptr() as *mut _,
- value.len() as c_int,
+ value.len() as crate::SLenType,
-1,
0,
))
@@ -1043,13 +1151,13 @@ impl X509NameBuilder {
ty: Asn1Type,
) -> Result<(), ErrorStack> {
unsafe {
- assert!(value.len() <= c_int::max_value() as usize);
+ assert!(value.len() <= crate::SLenType::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
self.0.as_ptr(),
field.as_raw(),
ty.as_raw(),
value.as_ptr() as *mut _,
- value.len() as c_int,
+ value.len() as crate::SLenType,
-1,
0,
))
@@ -1442,6 +1550,7 @@ impl X509ReqRef {
/// This corresponds to [`X509_REQ_get_version`]
///
/// [`X509_REQ_get_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_version.html
+ #[allow(clippy::unnecessary_cast)]
pub fn version(&self) -> i32 {
unsafe { X509_REQ_get_version(self.as_ptr()) as i32 }
}
@@ -1495,13 +1604,41 @@ impl X509ReqRef {
}
}
+/// The reason that a certificate was revoked.
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
+pub struct CrlReason(c_int);
+
+#[allow(missing_docs)] // no need to document the constants
+impl CrlReason {
+ pub const UNSPECIFIED: CrlReason = CrlReason(ffi::CRL_REASON_UNSPECIFIED);
+ pub const KEY_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_KEY_COMPROMISE);
+ pub const CA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_CA_COMPROMISE);
+ pub const AFFILIATION_CHANGED: CrlReason = CrlReason(ffi::CRL_REASON_AFFILIATION_CHANGED);
+ pub const SUPERSEDED: CrlReason = CrlReason(ffi::CRL_REASON_SUPERSEDED);
+ pub const CESSATION_OF_OPERATION: CrlReason = CrlReason(ffi::CRL_REASON_CESSATION_OF_OPERATION);
+ pub const CERTIFICATE_HOLD: CrlReason = CrlReason(ffi::CRL_REASON_CERTIFICATE_HOLD);
+ pub const REMOVE_FROM_CRL: CrlReason = CrlReason(ffi::CRL_REASON_REMOVE_FROM_CRL);
+ pub const PRIVILEGE_WITHDRAWN: CrlReason = CrlReason(ffi::CRL_REASON_PRIVILEGE_WITHDRAWN);
+ pub const AA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_AA_COMPROMISE);
+
+ /// Constructs an `CrlReason` from a raw OpenSSL value.
+ pub const fn from_raw(value: c_int) -> Self {
+ CrlReason(value)
+ }
+
+ /// Returns the raw OpenSSL value represented by this type.
+ pub const fn as_raw(&self) -> c_int {
+ self.0
+ }
+}
+
foreign_type_and_impl_send_sync! {
type CType = ffi::X509_REVOKED;
fn drop = ffi::X509_REVOKED_free;
- /// An `X509` certificate request.
+ /// An `X509` certificate revocation status.
pub struct X509Revoked;
- /// Reference to `X509Crl`.
+ /// Reference to `X509Revoked`.
pub struct X509RevokedRef;
}
@@ -1527,6 +1664,13 @@ impl X509RevokedRef {
ffi::i2d_X509_REVOKED
}
+ /// Copies the entry to a new `X509Revoked`.
+ #[corresponds(X509_NAME_dup)]
+ #[cfg(any(boringssl, ossl110, libressl270))]
+ pub fn to_owned(&self) -> Result<X509Revoked, ErrorStack> {
+ unsafe { cvt_p(ffi::X509_REVOKED_dup(self.as_ptr())).map(|n| X509Revoked::from_ptr(n)) }
+ }
+
/// Get the date that the certificate was revoked
#[corresponds(X509_REVOKED_get0_revocationDate)]
pub fn revocation_date(&self) -> &Asn1TimeRef {
@@ -1546,13 +1690,67 @@ impl X509RevokedRef {
Asn1IntegerRef::from_ptr(r as *mut _)
}
}
+
+ /// Get the criticality and value of an extension.
+ ///
+ /// This returns None if the extension is not present or occurs multiple times.
+ #[corresponds(X509_REVOKED_get_ext_d2i)]
+ pub fn extension<T: ExtensionType>(&self) -> Result<Option<(bool, T::Output)>, ErrorStack> {
+ let mut critical = -1;
+ let out = unsafe {
+ // SAFETY: self.as_ptr() is a valid pointer to an X509_REVOKED.
+ let ext = ffi::X509_REVOKED_get_ext_d2i(
+ self.as_ptr(),
+ T::NID.as_raw(),
+ &mut critical as *mut _,
+ ptr::null_mut(),
+ );
+ // SAFETY: Extensions's contract promises that the type returned by
+ // OpenSSL here is T::Output.
+ T::Output::from_ptr_opt(ext as *mut _)
+ };
+ match (critical, out) {
+ (0, Some(out)) => Ok(Some((false, out))),
+ (1, Some(out)) => Ok(Some((true, out))),
+ // -1 means the extension wasn't found, -2 means multiple were found.
+ (-1 | -2, _) => Ok(None),
+ // A critical value of 0 or 1 suggests success, but a null pointer
+ // was returned so something went wrong.
+ (0 | 1, None) => Err(ErrorStack::get()),
+ (c_int::MIN..=-2 | 2.., _) => panic!("OpenSSL should only return -2, -1, 0, or 1 for an extension's criticality but it returned {}", critical),
+ }
+ }
+}
+
+/// The CRL entry extension identifying the reason for revocation see [`CrlReason`],
+/// this is as defined in RFC 5280 Section 5.3.1.
+pub enum ReasonCode {}
+
+// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC
+// and in OpenSSL.
+unsafe impl ExtensionType for ReasonCode {
+ const NID: Nid = Nid::from_raw(ffi::NID_crl_reason);
+
+ type Output = Asn1Enumerated;
+}
+
+/// The CRL entry extension identifying the issuer of a certificate used in
+/// indirect CRLs, as defined in RFC 5280 Section 5.3.3.
+pub enum CertificateIssuer {}
+
+// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC
+// and in OpenSSL.
+unsafe impl ExtensionType for CertificateIssuer {
+ const NID: Nid = Nid::from_raw(ffi::NID_certificate_issuer);
+
+ type Output = Stack<GeneralName>;
}
foreign_type_and_impl_send_sync! {
type CType = ffi::X509_CRL;
fn drop = ffi::X509_CRL_free;
- /// An `X509` certificate request.
+ /// An `X509` certificate revocation list.
pub struct X509Crl;
/// Reference to `X509Crl`.
pub struct X509CrlRef;
@@ -1856,6 +2054,37 @@ impl GeneralName {
Ok(GeneralName::from_ptr(gn))
}
}
+
+ pub(crate) fn new_other_name(
+ oid: Asn1Object,
+ value: &Vec<u8>,
+ ) -> Result<GeneralName, ErrorStack> {
+ unsafe {
+ ffi::init();
+
+ let typ = cvt_p(ffi::d2i_ASN1_TYPE(
+ ptr::null_mut(),
+ &mut value.as_ptr().cast(),
+ value.len().try_into().unwrap(),
+ ))?;
+
+ let gn = cvt_p(ffi::GENERAL_NAME_new())?;
+ (*gn).type_ = ffi::GEN_OTHERNAME;
+
+ if let Err(e) = cvt(ffi::GENERAL_NAME_set0_othername(
+ gn,
+ oid.as_ptr().cast(),
+ typ,
+ )) {
+ ffi::GENERAL_NAME_free(gn);
+ return Err(e);
+ }
+
+ mem::forget(oid);
+
+ Ok(GeneralName::from_ptr(gn))
+ }
+ }
}
impl GeneralNameRef {
@@ -1886,6 +2115,22 @@ impl GeneralNameRef {
self.ia5_string(ffi::GEN_EMAIL)
}
+ /// Returns the contents of this `GeneralName` if it is a `directoryName`.
+ pub fn directory_name(&self) -> Option<&X509NameRef> {
+ unsafe {
+ if (*self.as_ptr()).type_ != ffi::GEN_DIRNAME {
+ return None;
+ }
+
+ #[cfg(boringssl)]
+ let d = (*self.as_ptr()).d.ptr;
+ #[cfg(not(boringssl))]
+ let d = (*self.as_ptr()).d;
+
+ Some(X509NameRef::from_const_ptr(d as *const _))
+ }
+ }
+
/// Returns the contents of this `GeneralName` if it is a `dNSName`.
pub fn dnsname(&self) -> Option<&str> {
self.ia5_string(ffi::GEN_DNS)
diff --git a/vendor/openssl/src/x509/tests.rs b/vendor/openssl/src/x509/tests.rs
index 365960441..da3ce2fed 100644
--- a/vendor/openssl/src/x509/tests.rs
+++ b/vendor/openssl/src/x509/tests.rs
@@ -1,6 +1,6 @@
use std::cmp::Ordering;
-use crate::asn1::Asn1Time;
+use crate::asn1::{Asn1Object, Asn1OctetString, Asn1Time};
use crate::bn::{BigNum, MsbOption};
use crate::hash::MessageDigest;
use crate::nid::Nid;
@@ -18,19 +18,24 @@ use crate::x509::store::X509Lookup;
use crate::x509::store::X509StoreBuilder;
#[cfg(any(ossl102, libressl261))]
use crate::x509::verify::{X509VerifyFlags, X509VerifyParam};
-#[cfg(ossl110)]
-use crate::x509::X509Builder;
#[cfg(ossl102)]
use crate::x509::X509PurposeId;
#[cfg(any(ossl102, libressl261))]
use crate::x509::X509PurposeRef;
+#[cfg(ossl110)]
+use crate::x509::{CrlReason, X509Builder};
use crate::x509::{
CrlStatus, X509Crl, X509Extension, X509Name, X509Req, X509StoreContext, X509VerifyResult, X509,
};
+
+#[cfg(ossl110)]
+use foreign_types::ForeignType;
use hex::{self, FromHex};
#[cfg(any(ossl102, libressl261))]
use libc::time_t;
+use super::{CertificateIssuer, ReasonCode};
+
fn pkey() -> PKey<Private> {
let rsa = Rsa::generate(2048).unwrap();
PKey::from_rsa(rsa).unwrap()
@@ -167,6 +172,70 @@ fn test_subject_alt_name() {
}
#[test]
+#[cfg(ossl110)]
+fn test_retrieve_pathlen() {
+ let cert = include_bytes!("../../test/root-ca.pem");
+ let cert = X509::from_pem(cert).unwrap();
+ assert_eq!(cert.pathlen(), None);
+
+ let cert = include_bytes!("../../test/intermediate-ca.pem");
+ let cert = X509::from_pem(cert).unwrap();
+ assert_eq!(cert.pathlen(), Some(0));
+
+ let cert = include_bytes!("../../test/alt_name_cert.pem");
+ let cert = X509::from_pem(cert).unwrap();
+ assert_eq!(cert.pathlen(), None);
+}
+
+#[test]
+#[cfg(ossl110)]
+fn test_subject_key_id() {
+ let cert = include_bytes!("../../test/certv3.pem");
+ let cert = X509::from_pem(cert).unwrap();
+
+ let subject_key_id = cert.subject_key_id().unwrap();
+ assert_eq!(
+ subject_key_id.as_slice(),
+ &b"\xB6\x73\x2F\x61\xA5\x4B\xA1\xEF\x48\x2C\x15\xB1\x9F\xF3\xDC\x34\x2F\xBC\xAC\x30"[..]
+ );
+}
+
+#[test]
+#[cfg(ossl110)]
+fn test_authority_key_id() {
+ let cert = include_bytes!("../../test/certv3.pem");
+ let cert = X509::from_pem(cert).unwrap();
+
+ let authority_key_id = cert.authority_key_id().unwrap();
+ assert_eq!(
+ authority_key_id.as_slice(),
+ &b"\x6C\xD3\xA5\x03\xAB\x0D\x5F\x2C\xC9\x8D\x8A\x9C\x88\xA7\x88\x77\xB8\x37\xFD\x9A"[..]
+ );
+}
+
+#[test]
+#[cfg(ossl111d)]
+fn test_authority_issuer_and_serial() {
+ let cert = include_bytes!("../../test/authority_key_identifier.pem");
+ let cert = X509::from_pem(cert).unwrap();
+
+ let authority_issuer = cert.authority_issuer().unwrap();
+ assert_eq!(1, authority_issuer.len());
+ let dn = authority_issuer[0].directory_name().unwrap();
+ let mut o = dn.entries_by_nid(Nid::ORGANIZATIONNAME);
+ let o = o.next().unwrap().data().as_utf8().unwrap();
+ assert_eq!(o.as_bytes(), b"PyCA");
+ let mut cn = dn.entries_by_nid(Nid::COMMONNAME);
+ let cn = cn.next().unwrap().data().as_utf8().unwrap();
+ assert_eq!(cn.as_bytes(), b"cryptography.io");
+
+ let authority_serial = cert.authority_serial().unwrap();
+ let serial = authority_serial.to_bn().unwrap();
+ let expected = BigNum::from_u32(3).unwrap();
+ assert_eq!(serial, expected);
+}
+
+#[test]
fn test_subject_alt_name_iter() {
let cert = include_bytes!("../../test/alt_name_cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -288,6 +357,8 @@ fn x509_builder() {
}
#[test]
+// This tests `X509Extension::new`, even though its deprecated.
+#[allow(deprecated)]
fn x509_extension_new() {
assert!(X509Extension::new(None, None, "crlDistributionPoints", "section").is_err());
assert!(X509Extension::new(None, None, "proxyCertInfo", "").is_err());
@@ -296,6 +367,20 @@ fn x509_extension_new() {
}
#[test]
+fn x509_extension_new_from_der() {
+ let ext = X509Extension::new_from_der(
+ &Asn1Object::from_str("2.5.29.19").unwrap(),
+ true,
+ &Asn1OctetString::new_from_bytes(b"\x30\x03\x01\x01\xff").unwrap(),
+ )
+ .unwrap();
+ assert_eq!(
+ ext.to_der().unwrap(),
+ b"0\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff"
+ );
+}
+
+#[test]
fn x509_extension_to_der() {
let builder = X509::builder().unwrap();
@@ -612,6 +697,42 @@ fn test_load_crl() {
}
#[test]
+fn test_crl_entry_extensions() {
+ let crl = include_bytes!("../../test/entry_extensions.crl");
+ let crl = X509Crl::from_pem(crl).unwrap();
+
+ let revoked_certs = crl.get_revoked().unwrap();
+ let entry = &revoked_certs[0];
+
+ let (critical, issuer) = entry
+ .extension::<CertificateIssuer>()
+ .unwrap()
+ .expect("Certificate issuer extension should be present");
+ assert!(critical, "Certificate issuer extension is critical");
+ assert_eq!(issuer.len(), 1, "Certificate issuer should have one entry");
+ let issuer = issuer[0]
+ .directory_name()
+ .expect("Issuer should be a directory name");
+ assert_eq!(
+ format!("{:?}", issuer),
+ r#"[countryName = "GB", commonName = "Test CA"]"#
+ );
+
+ // reason_code can't be inspected without ossl110
+ #[allow(unused_variables)]
+ let (critical, reason_code) = entry
+ .extension::<ReasonCode>()
+ .unwrap()
+ .expect("Reason code extension should be present");
+ assert!(!critical, "Reason code extension is not critical");
+ #[cfg(ossl110)]
+ assert_eq!(
+ CrlReason::KEY_COMPROMISE,
+ CrlReason::from_raw(reason_code.get_i64().unwrap() as ffi::c_int)
+ );
+}
+
+#[test]
fn test_save_subject_der() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();
@@ -987,6 +1108,31 @@ fn ipv6_as_subject_alternative_name_is_formatted_in_debug() {
]);
}
+#[cfg(ossl110)]
+#[test]
+fn other_name_as_subject_alternative_name() {
+ let oid = Asn1Object::from_str("1.3.6.1.5.5.7.8.11").unwrap();
+ // this is the hex representation of "test" encoded as a ia5string
+ let content = [0x16, 0x04, 0x74, 0x65, 0x73, 0x74];
+
+ let mut builder = X509Builder::new().unwrap();
+ let san = SubjectAlternativeName::new()
+ .other_name2(oid, &content)
+ .build(&builder.x509v3_context(None, None))
+ .unwrap();
+ builder.append_extension(san).unwrap();
+ let cert = builder.build();
+ let general_name = cert
+ .subject_alt_names()
+ .into_iter()
+ .flatten()
+ .next()
+ .unwrap();
+ unsafe {
+ assert_eq!((*general_name.as_ptr()).type_, 0);
+ }
+}
+
#[test]
fn test_dist_point() {
let cert = include_bytes!("../../test/certv3.pem");
diff --git a/vendor/openssl/src/x509/verify.rs b/vendor/openssl/src/x509/verify.rs
index b0e22ef46..e8481c551 100644
--- a/vendor/openssl/src/x509/verify.rs
+++ b/vendor/openssl/src/x509/verify.rs
@@ -120,9 +120,11 @@ impl X509VerifyParamRef {
#[corresponds(X509_VERIFY_PARAM_set1_host)]
pub fn set_host(&mut self, host: &str) -> Result<(), ErrorStack> {
unsafe {
+ // len == 0 means "run strlen" :(
+ let raw_host = if host.is_empty() { "\0" } else { host };
cvt(ffi::X509_VERIFY_PARAM_set1_host(
self.as_ptr(),
- host.as_ptr() as *const _,
+ raw_host.as_ptr() as *const _,
host.len(),
))
.map(|_| ())
diff --git a/vendor/openssl/test/authority_key_identifier.pem b/vendor/openssl/test/authority_key_identifier.pem
new file mode 100644
index 000000000..cbe9169fc
--- /dev/null
+++ b/vendor/openssl/test/authority_key_identifier.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADApMQ0wCwYDVQQKDARQeUNB
+MRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcNMTUwNTAzMDk0OTU2WhcNMTYw
+NTAyMDk0OTU2WjApMQ0wCwYDVQQKDARQeUNBMRgwFgYDVQQDDA9jcnlwdG9ncmFw
+aHkuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCadi1UZioxdnP
+ajqlRZHeKsSxvXXhgrWvlt91P3gV0dBThRFhJsLOhjNLz6PO6KeRbjz9GhTA2hdk
+xtIpXrjvTv9dEJ1/k0xebsHWgFC43aTlgekw0U4cMwMe5NGeeg1tfzbJwldIN+cK
+vabc08ADlkmM6DMnUArkzA2yii0DErRFMSIGrkDr6E9puord3h6Mh8Jfnc3TDAq8
+Qo1DI2XM7oFSWNfecQ9KbIC5wzzT+7Shoyz7QmCk/XhRzt8Xcfc3yAXIwazvLf8b
+YP1auaSG11a5E+w6onj91h8UHKKOXu+rdq5YYPZ+qUYpxA7ZJ/VAGadMulYbXaO8
+Syi39HTpAgMBAAGjVTBTMFEGA1UdIwRKMEiAFDlFPso9Yh3qhkn2WqtAt6RwmPHs
+oS2kKzApMQ0wCwYDVQQKDARQeUNBMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW+C
+AQMwDQYJKoZIhvcNAQEFBQADggEBAFbZYy6aZJUK/f7nJx2Rs/ht6hMbM32/RoXZ
+JGbYapNVqVu/vymcfc/se3FHS5OVmPsnRlo/FIKDn/r5DGl73Sn/FvDJiLJZFucT
+msyYuHZ+ZRYWzWmN2fcB3cfxj0s3qps6f5OoCOqoINOSe4HRGlw4X9keZSD+3xAt
+vHNwQdlPC7zWbPdrzLT+FqR0e/O81vFJJS6drHJWqPcR3NQVtZw+UF7A/HKwbfeL
+Nu2zj6165hzOi9HUxa2/mPr/eLUUV1sTzXp2+TFjt3rVCjW1XnpMLdwNBHzjpyAB
+dTOX3iw0+BPy3s2jtnCW1PLpc74kvSTaBwhg74sq39EXfIKax00=
+-----END CERTIFICATE-----
diff --git a/vendor/openssl/test/entry_extensions.crl b/vendor/openssl/test/entry_extensions.crl
new file mode 100644
index 000000000..9654171cf
--- /dev/null
+++ b/vendor/openssl/test/entry_extensions.crl
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwETEPMA0GA1UEAwwGQ1JMIENBFw0yMzAz
+MjgwOTQ5MThaFw0yMzA0MDQwOTUwMDdaMIGAMH4CFE+Y95/1pOqa6c9fUEJ8c04k
+xu2PFw0yMzAzMjgwOTQ3MzNaMFcwLwYDVR0dAQH/BCUwI6QhMB8xCzAJBgNVBAYT
+AkdCMRAwDgYDVQQDDAdUZXN0IENBMAoGA1UdFQQDCgEBMBgGA1UdGAQRGA8yMDIz
+MDMyODA5NDQ0MFqgPTA7MB8GA1UdIwQYMBaAFNX1GZ0RWuC+4gz1wuy5H32T2W+R
+MAoGA1UdFAQDAgEUMAwGA1UdHAQFMAOEAf8wCgYIKoZIzj0EAwIDSAAwRQIgbl7x
+W+WVAb+zlvKcJLmHVuC+gbqR4jqwGIHHgQl2J8kCIQCo/sAF5sDqy/cL+fbzBeUe
+YoY2h6lIkj9ENwU8ZCt03w==
+-----END X509 CRL-----