From c23a457e72abe608715ac76f076f47dc42af07a5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 30 May 2024 20:31:44 +0200 Subject: Merging upstream version 1.74.1+dfsg1. Signed-off-by: Daniel Baumann --- vendor/openssl/.cargo-checksum.json | 2 +- vendor/openssl/CHANGELOG.md | 25 ++++- vendor/openssl/Cargo.lock | 16 ++- vendor/openssl/Cargo.toml | 6 +- vendor/openssl/src/bn.rs | 60 +++++++++++ vendor/openssl/src/cipher.rs | 57 +++++++++- vendor/openssl/src/cipher_ctx.rs | 188 +++++++++++++++++++++++++++++++++ vendor/openssl/src/cms.rs | 2 + vendor/openssl/src/ec.rs | 63 +++++++++++ vendor/openssl/src/encrypt.rs | 6 +- vendor/openssl/src/lib.rs | 2 +- vendor/openssl/src/ocsp.rs | 2 + vendor/openssl/src/pkcs7.rs | 14 +-- vendor/openssl/src/pkey_ctx.rs | 205 ++++++++++++++++++++++++++++++++++-- vendor/openssl/src/sign.rs | 2 +- vendor/openssl/src/ssl/callbacks.rs | 9 ++ vendor/openssl/src/ssl/mod.rs | 37 +++++-- vendor/openssl/src/symm.rs | 4 +- vendor/openssl/src/x509/mod.rs | 2 + vendor/openssl/src/x509/verify.rs | 33 +++++- 20 files changed, 687 insertions(+), 48 deletions(-) (limited to 'vendor/openssl') diff --git a/vendor/openssl/.cargo-checksum.json b/vendor/openssl/.cargo-checksum.json index 0c3478b1c..88d548184 100644 --- a/vendor/openssl/.cargo-checksum.json +++ b/vendor/openssl/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"6c0a5ed753f6edca157f03b83b825e1aa781c4577a22f5107f9c322db53b201f","Cargo.lock":"9b794fda1cfa95518dc451d1f1f7b152f042e2eb3e7b772222525b7b60ade24e","Cargo.toml":"332ed798d42dec385dc3502e08c884708610bbf4fd4394445e37b2f431465455","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"3433091bbfd54f4d66d5891b724e1c859d51e417665e31c285138fc92b28eaa4","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"a428f06147e4b48219a789da0af12371d967d2eefcc55536df4d1547001dda8b","src/asn1.rs":"ebdb0ba959b1756133c69432d86045b60f3e7b6a8581299d3f5e14f7c99ff439","src/base64.rs":"8be8ad4fe10055cdd55d0147d569e7669d3ac82927569bb917a76e447dfe90d1","src/bio.rs":"c19b865b79bb7ea3460083046f50757800f6c93fe9ec9f3dbb438980fe127aa4","src/bn.rs":"6d84c338369f3968ab6c751bc109dff8855049c07a05663af4f4dc5ddd233411","src/cipher.rs":"961cc845898243b9b4c77c2cac46b4904b25cf30ddc8691512f3334b7ec9e051","src/cipher_ctx.rs":"36e0b6f8cb1002aa0d99b4c290663f93cc6d378c6df990696b7b26949960867e","src/cms.rs":"9698b4cdd6b38a007c912783dad6c549c0a3618660719397feecebdf13c55a97","src/conf.rs":"c374003c606c331fedbe9075abfaf41eba38bfbbbefe9c9f2d2a1d445e4b1606","src/derive.rs":"963694c3cf7b0b70802b5b2b3f93f857ed7b320d5db331b57c2ff11bcb0891ad","src/dh.rs":"d1fd1f6bb0df4dd1d2248d6dbd3d25e0082e6b43cc15b1a17b9f1543fd7e5bac","src/dsa.rs":"10b6aca140fe332cb35c78cb3b0e9f1aa7cf18971059ac93a9a458481de26f85","src/ec.rs":"97ee6443abc2f66d98e361ef88dcf32f2e26eb2edab0e7768b072d05120dfc51","src/ecdsa.rs":"2668e480f237b69a670bcfedda5ab40a7a183ed96e4da1c19bf625dd05639784","src/encrypt.rs":"bc1c824527e5fcb2044d3962b75c3807373f78474a29c0b75af8f8a9be273bf8","src/envelope.rs":"773551074ece307aff215686e6a43471edf0ef6f74c520e4611e70f96e928652","src/error.rs":"ede27beebf1594a9165f16aa8732816f28501a8454d3125b6eb5ce98756e0255","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"700a2707f694da4dec1f6fc6a05ff4c8849d510530ce5a3f30a900dd2cb35b3d","src/lib.rs":"7a39605a9048db31b4064c385c59a997909c428282b465157731d403a18c31e0","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"648054f2ee89a22314b942a882878d47121b97b47d9b1146e323b8c6c255a52c","src/md.rs":"32b197d29cb1c5faa9ea72fe148d1f6cdc8178f5bcd062a3338b6dd77174529f","src/md_ctx.rs":"38df99c5e96a4a0e14672a6a30e06abb0e07fce37b13a7362abd2a78f657504d","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"211c76f40e8cb35527ca28abdda79caed9584dd177bf57407e290f930751163f","src/ocsp.rs":"0b15fd57b73478f02813deb27a19f1e9004c5e5811ff71cf894ec2f924b17783","src/pkcs12.rs":"e5de1453b93e08b07fc10d90f85ee5dc29e435a1377b3db015aca8ed74495cfd","src/pkcs5.rs":"1f034690148a75749fa33d81c17750c7731caa02bd1832dc2b1aade8c61817c4","src/pkcs7.rs":"a2b344ceb37d608ea90d177597aaacac20e85680cf57c5cde4d7b6232a1fc1e4","src/pkey.rs":"1aaad2d0d5c085ac191fbce327f4c2a2da59d8c9ed4903a8003d74f33cb31cbb","src/pkey_ctx.rs":"7465c06f63136c37c14bd5661196b1acec5b035f32b452a77a847ec84487fa5f","src/provider.rs":"c77886efcc4f962ebc4d8b693a69375aa58186cf1990c692a572723d3e46779b","src/rand.rs":"5025bc51effe6a2bad23787aaa457ae030065f6ec757aaba148a74b775a5a853","src/rsa.rs":"48e1d8c0100f87a69123daae20350c61e4ad6a256a535612c297bcb855aeada0","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"37ca2942a9b1ed1cde5a5865e9e2c48f0605f822e7c3d77db47c88d4f7f97c0d","src/srtp.rs":"3defe1815cfc790e2407ff935f8ca7b0e8d504242886e8841715279e0d85f721","src/ssl/bio.rs":"f6c20da805b711d69f527e9df8897061f9d6f3ef22d2d0a8f9fd87f96dc3947e","src/ssl/callbacks.rs":"cab679d74b2364e0ab18dc8ccc49d5b1a21c0c69153646dc0f7529d03a17ade5","src/ssl/connector.rs":"32afe0925584b349b3595aaabd0dadbf6ab383b5879c49c68ad2d0fddf0b0e4a","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"dcc27c7d31c66b81bfaa89d4b03adbb56fa681f4e2f28a5fe1942dce9fa202c9","src/ssl/test/mod.rs":"e7657e5bfe16931c85487e83dffce2de09cb88ed24375aa1e222d51eaaa96865","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"29aa6e467153b951cbf56ab62ac806941b4eb0e1dd22f22d4b1ab562cc037d55","src/string.rs":"8276d719b35cd74ee0efbecce9e58e754d50d8cc96111f2febd3c0d8849847a8","src/symm.rs":"46414873fe6654dd0710b177bec8f94d7faf02a4f8a4d5fa52a6002918944bf9","src/util.rs":"e6794bf0643d0c29e96325653f2bb4a00221de55bb5b3c6c96d5dbae3debe238","src/version.rs":"e3acbb0db2095ab616870055c7c7a902fb7b1439520574fd20b7c1164b1178b7","src/x509/extension.rs":"26a265248eb0e54c3b106708f8fce7d5fb5b91b7195f17a97e1b8b1d3b6fa119","src/x509/mod.rs":"381444c1ce36f693482b2bebe0c70ebcd8afceb6a7013e14ae34928382909029","src/x509/store.rs":"410b6dd6774360be20184af6395e9370728b26ccbefcad3e4b6225cba6b6f105","src/x509/tests.rs":"5c86a636076065884b02d20c8b83352078b0d85513d1eab5080809756ffc6e13","src/x509/verify.rs":"37566473e5cb60582c28a970cafe2a48109b15d23801d0301ca7771704b353f7","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/authority_key_identifier.pem":"4644b83bbcd36a6e1917d1f7bd3b8ff913bf86cc74917c07dd78b6731b4d5bec","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/entry_extensions.crl":"fc41a73344f72c40a6c1733adc745f1e21c93821a497ba093680f8d9725b9e93","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d"} \ No newline at end of file +{"files":{"CHANGELOG.md":"9db487d2ef97c8183833d4cc6f378654398f12bf69af2c1f0d9660ecb0299f1d","Cargo.lock":"eba97fa83751c77bdf4fddf2f70f858222f4239d2d59429d46147c7bdc4d0931","Cargo.toml":"d91b30dee1d1e55ffc1db25bf85eef3141403481f502265bbf6a585ebbac41f8","LICENSE":"f3d4287b4a21c5176fea2f9bd4ae800696004e2fb8e05cbc818be513f188a941","README.md":"c5ddde25c2756a1115daaa671fb4297cdc83bf23009c8356ba65b5311d0dd30d","build.rs":"3433091bbfd54f4d66d5891b724e1c859d51e417665e31c285138fc92b28eaa4","examples/mk_certs.rs":"012569fc734c314c5d3c1c9dc8ae64a32db4cfa917e8fbc363c1eef118600d0a","src/aes.rs":"a428f06147e4b48219a789da0af12371d967d2eefcc55536df4d1547001dda8b","src/asn1.rs":"ebdb0ba959b1756133c69432d86045b60f3e7b6a8581299d3f5e14f7c99ff439","src/base64.rs":"8be8ad4fe10055cdd55d0147d569e7669d3ac82927569bb917a76e447dfe90d1","src/bio.rs":"c19b865b79bb7ea3460083046f50757800f6c93fe9ec9f3dbb438980fe127aa4","src/bn.rs":"18eb1140f45e4421900cc7fa81f61a3cf3ef1b210f7dda531566ae3e03ab75a9","src/cipher.rs":"3d8e5750c088cde1e00387e99593f52c8c289d2762d2126cc636ef431a611511","src/cipher_ctx.rs":"3bf3cd9b17556c8053753ce6ba9fde5fef770ca70b35996e6c4875b43a3fae8a","src/cms.rs":"19e14cdf5ccdf9199df34a7d8f26374d4ce9277248f79b45cbd850a15ca104f6","src/conf.rs":"c374003c606c331fedbe9075abfaf41eba38bfbbbefe9c9f2d2a1d445e4b1606","src/derive.rs":"963694c3cf7b0b70802b5b2b3f93f857ed7b320d5db331b57c2ff11bcb0891ad","src/dh.rs":"d1fd1f6bb0df4dd1d2248d6dbd3d25e0082e6b43cc15b1a17b9f1543fd7e5bac","src/dsa.rs":"10b6aca140fe332cb35c78cb3b0e9f1aa7cf18971059ac93a9a458481de26f85","src/ec.rs":"889bc320e224fe3b23717ce0e120f4fee1e2ea6202ca9ec459d4c36eecd6c3c9","src/ecdsa.rs":"2668e480f237b69a670bcfedda5ab40a7a183ed96e4da1c19bf625dd05639784","src/encrypt.rs":"d1c6de4f5998f06d33de66005a1926eab895f0ecff01396b46dc697dc1593b26","src/envelope.rs":"773551074ece307aff215686e6a43471edf0ef6f74c520e4611e70f96e928652","src/error.rs":"ede27beebf1594a9165f16aa8732816f28501a8454d3125b6eb5ce98756e0255","src/ex_data.rs":"0a58a3a274a4ef2251dadb64cbcd44b43710d252201b137ecfb91cf14373c04f","src/fips.rs":"761cd7cdfbc16af88fbfefd38e54cb77b4ba8e2f49221607e145bc541f089d7e","src/hash.rs":"700a2707f694da4dec1f6fc6a05ff4c8849d510530ce5a3f30a900dd2cb35b3d","src/lib.rs":"e8740bb6d417d057992cabb20afdf629917b4a19b2bfb1b3fe908bf2aa48cffd","src/lib_ctx.rs":"ec6431adad53f3a9621b011506678104bd4f62bdea38ef9d1b731334507ab068","src/macros.rs":"648054f2ee89a22314b942a882878d47121b97b47d9b1146e323b8c6c255a52c","src/md.rs":"32b197d29cb1c5faa9ea72fe148d1f6cdc8178f5bcd062a3338b6dd77174529f","src/md_ctx.rs":"38df99c5e96a4a0e14672a6a30e06abb0e07fce37b13a7362abd2a78f657504d","src/memcmp.rs":"f48e0e29f372db2d0eb2239290abec8819300eb3e01e3bb1030783d6f6a8b2c9","src/nid.rs":"211c76f40e8cb35527ca28abdda79caed9584dd177bf57407e290f930751163f","src/ocsp.rs":"bfb378fa87945eee583521e350f427406888bbb8a804a90aeb06bdbf1b656ddf","src/pkcs12.rs":"e5de1453b93e08b07fc10d90f85ee5dc29e435a1377b3db015aca8ed74495cfd","src/pkcs5.rs":"1f034690148a75749fa33d81c17750c7731caa02bd1832dc2b1aade8c61817c4","src/pkcs7.rs":"16e2312f8f5b83433ca29b48ee4b4ce7756fc5bfd5af681f95348281c974cf2f","src/pkey.rs":"1aaad2d0d5c085ac191fbce327f4c2a2da59d8c9ed4903a8003d74f33cb31cbb","src/pkey_ctx.rs":"e9f3ee90bddd57f9f9177410bd1dd4149f41ba78f2ecbac41ddb7c97898df04b","src/provider.rs":"c77886efcc4f962ebc4d8b693a69375aa58186cf1990c692a572723d3e46779b","src/rand.rs":"5025bc51effe6a2bad23787aaa457ae030065f6ec757aaba148a74b775a5a853","src/rsa.rs":"48e1d8c0100f87a69123daae20350c61e4ad6a256a535612c297bcb855aeada0","src/sha.rs":"c34f2f9df5fb52b578022568e195e011d0967f9f5ff57b559d7d2a235951a5b9","src/sign.rs":"e8c61453371f463a2eb846677441e553a48a40ccc5d739e703523de53eb9659c","src/srtp.rs":"3defe1815cfc790e2407ff935f8ca7b0e8d504242886e8841715279e0d85f721","src/ssl/bio.rs":"f6c20da805b711d69f527e9df8897061f9d6f3ef22d2d0a8f9fd87f96dc3947e","src/ssl/callbacks.rs":"07bacf44efc4977a7ad327bb026786585c78ebd991a0983c15669429f8d5d99b","src/ssl/connector.rs":"32afe0925584b349b3595aaabd0dadbf6ab383b5879c49c68ad2d0fddf0b0e4a","src/ssl/error.rs":"f39ac3e1037a35ae5cccbf5cf5976044614a6368c9ffe3f1b96bead63c0c4231","src/ssl/mod.rs":"7057bd58312397c45c8611d495b295a9e8a02dad5e6b9f48c78ba01ae2aa2a0a","src/ssl/test/mod.rs":"e7657e5bfe16931c85487e83dffce2de09cb88ed24375aa1e222d51eaaa96865","src/ssl/test/server.rs":"4276ba970a0fac5c9cae21d7df7af36389c377472f3546ce597678ffc6ad5b38","src/stack.rs":"29aa6e467153b951cbf56ab62ac806941b4eb0e1dd22f22d4b1ab562cc037d55","src/string.rs":"8276d719b35cd74ee0efbecce9e58e754d50d8cc96111f2febd3c0d8849847a8","src/symm.rs":"2c51849c2fd6b35ce1fe9d25750365b55da6ce51d767f00e8f6621cf184a9059","src/util.rs":"e6794bf0643d0c29e96325653f2bb4a00221de55bb5b3c6c96d5dbae3debe238","src/version.rs":"e3acbb0db2095ab616870055c7c7a902fb7b1439520574fd20b7c1164b1178b7","src/x509/extension.rs":"26a265248eb0e54c3b106708f8fce7d5fb5b91b7195f17a97e1b8b1d3b6fa119","src/x509/mod.rs":"a3a738683eb8106a5c3d2bc7dc14fb304be0807b91bd03c4c0e7642fdd26dd2f","src/x509/store.rs":"410b6dd6774360be20184af6395e9370728b26ccbefcad3e4b6225cba6b6f105","src/x509/tests.rs":"5c86a636076065884b02d20c8b83352078b0d85513d1eab5080809756ffc6e13","src/x509/verify.rs":"d7ec7421d0b9fe33755a031154487348beecccc87ef5fd8221dacce79278f48b","test/aia_test_cert.pem":"9eaf52b5d0023f3be7911938d937ed16fc75d43d14dbe41557a800b0a82f4b1b","test/alt_name_cert.pem":"f3cc0a1d21657164918dffab0dac8f1c499fc1cf5717805420a0134b3aee128c","test/authority_key_identifier.pem":"4644b83bbcd36a6e1917d1f7bd3b8ff913bf86cc74917c07dd78b6731b4d5bec","test/ca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/cert.pem":"53c8b338be254490c71a6b13da90dc5a59ba596587c548be5673657e04824afb","test/certs.pem":"106d5d22c86e26c3db619b9525567f22333d22de82e4d2850ed379150c638008","test/certv3.pem":"c230b76b6efb973816d0e3096ae95cdcf4941ec928c01c31b6537d01743fcd8a","test/certv3_extfile":"610fdc10edac2da398a582895e53d288d3e47a9d4f3868c2c7f7662c212b60bd","test/cms.p12":"d33fc5edd6b9caa672e7570b869135235bb2583580a273f6e88c6a6c68fd5a8a","test/cms_pubkey.der":"03682a732e1fd861f5fa687915a8e6f5c935d10273b0f6f73f3db52a8d71fc6d","test/crl-ca.crt":"911360ccdf700fd7d6091bd78c4138da0e9f027ca211f7ed80b394e570eb897c","test/csr.pem":"24423008144c43cf33f56ebcc245931b2d61bcd4eee17b476d7adb6f7416e24d","test/dhparams.pem":"14d9461949d9ae8ca50a393b008ee2168254f14342b0e17b56c0a62d2905b963","test/dsa.pem":"826d513234205fd3dee0bbbf844f0b6fea501145bdf05ea3b14e14df98cbe090","test/dsa.pem.pub":"721677bebf9ab28b8650f98a0cd27658de0c1acd867a4b6e985fe1df95a8bd37","test/dsaparam.pem":"94a1284bdd7d7566151cfde0c7f245e84f7b99ba840f202e3f27ea0160f82988","test/entry_extensions.crl":"fc41a73344f72c40a6c1733adc745f1e21c93821a497ba093680f8d9725b9e93","test/identity.p12":"aceeb3e5516471bd5af9a44bbeffc9559c4f228f67c677d29f36a4b368e2779f","test/intermediate-ca.key":"a5f3d331af87c1305843e235841e494a0669a95d3824a6c766d09371f62c3bab","test/intermediate-ca.pem":"5ff8055325d0cbb60586f4e20bd2df7718e4d94f5261f2ee05ba52a8fb9223f0","test/key.der":"e8842cd6674b5c77a83e0283cd876a91de404561dfc86d79ce525f6e55b28197","test/key.der.pub":"e559d56bb6ec57ad743dbf972bbcaf263a9fa7d320433baa71b04f849d987060","test/key.pem":"12d9105a92bf39b615ccb4820c5c1e38c61905483cd30be13f9ab99b98af64ed","test/key.pem.pub":"f5d030df843ddbaba5bf316ae18f1434de5a63a955be66442429dd4f16f161ef","test/keystore-empty-chain.p12":"bbea280f6fe10556d7470df7072ef0e4ee3997e2c0b3666197f423430c0e6b61","test/leaf.pem":"4f2c3fd02f73b3f49a1e05cf0622669ed014ba019876d89d3f21c788457c1e01","test/nid_test_cert.pem":"7047e8d317e284c6b698eee4a0f1a629d50cd4615ad7da85fe90a2ffb6c21611","test/nid_uid_test_cert.pem":"a735211f3b40edbde7084337138fb0aea06aea6c78369c52015253e4b7a17d83","test/pkcs1.pem.pub":"4d446864b63c4178ec2c7dc8df9b7121d9271851c1f4701231fccb8b07c94918","test/pkcs8-nocrypt.der":"5590d03cc0d037c6c27d78fafc937f48defb226e9a52cde84d54df68086d0575","test/pkcs8.der":"8719fc002d59313fb97e46e068ae40db4d9acc0e2debd308ac9eb46329bea487","test/root-ca.key":"b37cf88614980c38e43c4329cdf7162bae48cc8af1fafd54db2fe0d17e458e1d","test/root-ca.pem":"59b9200c35e818bf21be4aaa97ba87bb6a18fd780527a9f9c51cc74212c631a0","test/rsa-encrypted.pem":"ea41b0f1816056672de6abbab43d0e8089da047c329ceed14aace5a5bde713f1","test/rsa.pem":"f866a5506ea9a37ed2f73f62f503e1aff32f7e4145be62b023535f4da1c24416","test/rsa.pem.pub":"2c5eeea39708e90396f9f09d920f2af8b7e9f84ace963c1319072224dd3d302b","test/subca.crt":"70bcf52acc79191409801e72371db3a0cd8a27c0fc24eacb3fb8f8ab3e558f67","test/test.crl":"ac8443257214f9e82543871c3df48694ea39f2b16bd6c4ef5998a161edbb8fba"},"package":"bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c"} \ No newline at end of file diff --git a/vendor/openssl/CHANGELOG.md b/vendor/openssl/CHANGELOG.md index a0622eccc..f5409b122 100644 --- a/vendor/openssl/CHANGELOG.md +++ b/vendor/openssl/CHANGELOG.md @@ -2,6 +2,27 @@ ## [Unreleased] +## [v0.10.57] - 2023-08-27 + +### Added +* Added `X509VerifyParam::set_email` +* `Cipher::chacha20_poly1305` is now available on LibreSSL +* Added `CipherCtx::copy` + +### Changed +* Updated `bitflags` dependecy to the 2.x series + +## [v0.10.56] - 2023-08-06 + +## Added + +* Added `BigNumRef::mod_sqrt`. +* Added `PkeyCtxRef::set_signature_md` and `PkeyCtxRef::set_rsa_pss_saltlen`. +* Added `PkeyCtxRef::verify_recover_init` and `PkeyCtxRef::verify_recover`. +* Added `BigNumRef::is_even` and `BigNumRef::is_odd`. +* Added `EcPointRef::to_hex_str` and `EcPoint::from_hex_str`. +* Added support for AES key wrap and wrap pad. + ## [v0.10.55] - 2023-06-20 ### Fixed @@ -776,7 +797,9 @@ Look at the [release tags] for information about older releases. -[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...master +[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...master +[v0.10.57]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.56...openssl-v0.10.57 +[v0.10.56]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.55...openssl-v0.10.56 [v0.10.55]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55 [v0.10.54]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54 [v0.10.53]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53 diff --git a/vendor/openssl/Cargo.lock b/vendor/openssl/Cargo.lock index a8d503586..4fc38c2cc 100644 --- a/vendor/openssl/Cargo.lock +++ b/vendor/openssl/Cargo.lock @@ -8,7 +8,7 @@ version = "0.64.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4243e6031260db77ede97ad86c27e501d646a27ab57b59a574f725d98ab1fb4" dependencies = [ - "bitflags", + "bitflags 1.2.1", "cexpr", "clang-sys", "lazy_static", @@ -30,6 +30,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" +[[package]] +name = "bitflags" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" + [[package]] name = "bssl-sys" version = "0.1.0" @@ -177,9 +183,9 @@ checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0" [[package]] name = "openssl" -version = "0.10.55" +version = "0.10.57" dependencies = [ - "bitflags", + "bitflags 2.4.0", "cfg-if", "foreign-types", "hex", @@ -211,9 +217,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.89" +version = "0.9.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4026ef4fae4cd0c85aee4846e497cea7855659077108067c0d37c0d628f3e40a" +checksum = "db7e971c2c2bba161b2d2fdf37080177eff520b3bc044787c7f1f5f9e78d869b" dependencies = [ "bindgen", "bssl-sys", diff --git a/vendor/openssl/Cargo.toml b/vendor/openssl/Cargo.toml index 774249f91..6271106df 100644 --- a/vendor/openssl/Cargo.toml +++ b/vendor/openssl/Cargo.toml @@ -12,7 +12,7 @@ [package] edition = "2018" name = "openssl" -version = "0.10.55" +version = "0.10.57" authors = ["Steven Fackler "] description = "OpenSSL bindings" readme = "README.md" @@ -30,13 +30,13 @@ license = "Apache-2.0" repository = "https://github.com/sfackler/rust-openssl" [dependencies.bitflags] -version = "1.0" +version = "2.2.1" [dependencies.cfg-if] version = "1.0" [dependencies.ffi] -version = "0.9.89" +version = "0.9.92" package = "openssl-sys" [dependencies.foreign-types] diff --git a/vendor/openssl/src/bn.rs b/vendor/openssl/src/bn.rs index 5cfe4b375..c75fac1d7 100644 --- a/vendor/openssl/src/bn.rs +++ b/vendor/openssl/src/bn.rs @@ -335,6 +335,20 @@ impl BigNumRef { unsafe { BN_is_negative(self.as_ptr()) == 1 } } + /// Returns `true` is `self` is even. + #[corresponds(BN_is_even)] + #[cfg(any(ossl110, boringssl, libressl350))] + pub fn is_even(&self) -> bool { + !self.is_odd() + } + + /// Returns `true` is `self` is odd. + #[corresponds(BN_is_odd)] + #[cfg(any(ossl110, boringssl, libressl350))] + pub fn is_odd(&self) -> bool { + unsafe { ffi::BN_is_odd(self.as_ptr()) == 1 } + } + /// Returns the number of significant bits in `self`. #[corresponds(BN_num_bits)] #[allow(clippy::unnecessary_cast)] @@ -639,6 +653,26 @@ impl BigNumRef { } } + /// Places into `self` the modular square root of `a` such that `self^2 = a (mod p)` + #[corresponds(BN_mod_sqrt)] + #[cfg(ossl110)] + pub fn mod_sqrt( + &mut self, + a: &BigNumRef, + p: &BigNumRef, + ctx: &mut BigNumContextRef, + ) -> Result<(), ErrorStack> { + unsafe { + cvt_p(ffi::BN_mod_sqrt( + self.as_ptr(), + a.as_ptr(), + p.as_ptr(), + ctx.as_ptr(), + )) + .map(|_| ()) + } + } + /// Places the result of `a^p` in `self`. #[corresponds(BN_exp)] pub fn exp( @@ -1455,4 +1489,30 @@ mod tests { b.set_const_time(); assert!(b.is_const_time()) } + + #[cfg(ossl110)] + #[test] + fn test_mod_sqrt() { + let mut ctx = BigNumContext::new().unwrap(); + + let s = BigNum::from_hex_str("47A8DD7626B9908C80ACD7E0D3344D69").unwrap(); + let p = BigNum::from_hex_str("81EF47265B58BCE5").unwrap(); + let mut out = BigNum::new().unwrap(); + + out.mod_sqrt(&s, &p, &mut ctx).unwrap(); + assert_eq!(out, BigNum::from_hex_str("7C6D179E19B97BDD").unwrap()); + } + + #[test] + #[cfg(any(ossl110, boringssl, libressl350))] + fn test_odd_even() { + let a = BigNum::from_u32(17).unwrap(); + let b = BigNum::from_u32(18).unwrap(); + + assert!(a.is_odd()); + assert!(!b.is_odd()); + + assert!(!a.is_even()); + assert!(b.is_even()); + } } diff --git a/vendor/openssl/src/cipher.rs b/vendor/openssl/src/cipher.rs index 87f7660cd..2b8986136 100644 --- a/vendor/openssl/src/cipher.rs +++ b/vendor/openssl/src/cipher.rs @@ -12,6 +12,7 @@ use foreign_types::{ForeignTypeRef, Opaque}; use openssl_macros::corresponds; #[cfg(ossl300)] use std::ffi::CString; +use std::ops::{Deref, DerefMut}; #[cfg(ossl300)] use std::ptr; @@ -41,7 +42,6 @@ cfg_if! { cfg_if! { if #[cfg(ossl300)] { use foreign_types::ForeignType; - use std::ops::{Deref, DerefMut}; type Inner = *mut ffi::EVP_CIPHER; @@ -90,6 +90,22 @@ cfg_if! { } } else { enum Inner {} + + impl Deref for Cipher { + type Target = CipherRef; + + #[inline] + fn deref(&self) -> &Self::Target { + match self.0 {} + } + } + + impl DerefMut for Cipher { + #[inline] + fn deref_mut(&mut self) -> &mut Self::Target { + match self.0 {} + } + } } } @@ -170,7 +186,6 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb8() as *mut _) } } - #[cfg(not(boringssl))] pub fn aes_128_gcm() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_gcm() as *mut _) } } @@ -191,6 +206,18 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ocb() as *mut _) } } + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(ossl102)] + pub fn aes_128_wrap() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_wrap() as *mut _) } + } + + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(ossl110)] + pub fn aes_128_wrap_pad() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_wrap_pad() as *mut _) } + } + pub fn aes_192_ecb() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ecb() as *mut _) } } @@ -236,6 +263,18 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ocb() as *mut _) } } + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(ossl102)] + pub fn aes_192_wrap() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_wrap() as *mut _) } + } + + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(ossl110)] + pub fn aes_192_wrap_pad() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_wrap_pad() as *mut _) } + } + pub fn aes_256_ecb() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ecb() as *mut _) } } @@ -281,6 +320,18 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ocb() as *mut _) } } + /// Requires OpenSSL 1.0.2 or newer. + #[cfg(ossl102)] + pub fn aes_256_wrap() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_wrap() as *mut _) } + } + + /// Requires OpenSSL 1.1.0 or newer. + #[cfg(ossl110)] + pub fn aes_256_wrap_pad() -> &'static CipherRef { + unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_wrap_pad() as *mut _) } + } + #[cfg(not(osslconf = "OPENSSL_NO_BF"))] pub fn bf_cbc() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_bf_cbc() as *mut _) } @@ -384,7 +435,7 @@ impl Cipher { unsafe { CipherRef::from_ptr(ffi::EVP_chacha20() as *mut _) } } - #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_CHACHA")))] + #[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn chacha20_poly1305() -> &'static CipherRef { unsafe { CipherRef::from_ptr(ffi::EVP_chacha20_poly1305() as *mut _) } } diff --git a/vendor/openssl/src/cipher_ctx.rs b/vendor/openssl/src/cipher_ctx.rs index 216c09e5b..f9031d297 100644 --- a/vendor/openssl/src/cipher_ctx.rs +++ b/vendor/openssl/src/cipher_ctx.rs @@ -55,6 +55,8 @@ use crate::error::ErrorStack; #[cfg(not(boringssl))] use crate::pkey::{HasPrivate, HasPublic, PKey, PKeyRef}; use crate::{cvt, cvt_p}; +#[cfg(ossl102)] +use bitflags::bitflags; use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::{c_int, c_uchar}; @@ -80,6 +82,15 @@ foreign_type_and_impl_send_sync! { pub struct CipherCtxRef; } +#[cfg(ossl102)] +bitflags! { + /// Flags for `EVP_CIPHER_CTX`. + pub struct CipherCtxFlags : c_int { + /// The flag used to opt into AES key wrap ciphers. + const FLAG_WRAP_ALLOW = ffi::EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; + } +} + impl CipherCtx { /// Creates a new context. #[corresponds(EVP_CIPHER_CTX_new)] @@ -94,6 +105,14 @@ impl CipherCtx { } impl CipherCtxRef { + #[corresponds(EVP_CIPHER_CTX_copy)] + pub fn copy(&mut self, src: &CipherCtxRef) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_CIPHER_CTX_copy(self.as_ptr(), src.as_ptr()))?; + Ok(()) + } + } + /// Initializes the context for encryption. /// /// Normally this is called once to set all of the cipher, key, and IV. However, this process can be split up @@ -509,6 +528,17 @@ impl CipherCtxRef { Ok(()) } + /// Set ctx flags. + /// + /// This function is currently used to enable AES key wrap feature supported by OpenSSL 1.0.2 or newer. + #[corresponds(EVP_CIPHER_CTX_set_flags)] + #[cfg(ossl102)] + pub fn set_flags(&mut self, flags: CipherCtxFlags) { + unsafe { + ffi::EVP_CIPHER_CTX_set_flags(self.as_ptr(), flags.bits()); + } + } + /// Writes data into the context. /// /// Providing no output buffer will cause the input to be considered additional authenticated data (AAD). @@ -915,4 +945,162 @@ mod test { ctx.cipher_update(&vec![0; block_size + 1], Some(&mut vec![0; block_size - 1])) .unwrap(); } + + #[cfg(ossl102)] + fn cipher_wrap_test(cipher: &CipherRef, pt: &str, ct: &str, key: &str, iv: Option<&str>) { + let pt = hex::decode(pt).unwrap(); + let key = hex::decode(key).unwrap(); + let expected = hex::decode(ct).unwrap(); + let iv = iv.map(|v| hex::decode(v).unwrap()); + let padding = 8 - pt.len() % 8; + let mut computed = vec![0; pt.len() + padding + cipher.block_size() * 2]; + let mut ctx = CipherCtx::new().unwrap(); + + ctx.set_flags(CipherCtxFlags::FLAG_WRAP_ALLOW); + ctx.encrypt_init(Some(cipher), Some(&key), iv.as_deref()) + .unwrap(); + + let count = ctx.cipher_update(&pt, Some(&mut computed)).unwrap(); + let rest = ctx.cipher_final(&mut computed[count..]).unwrap(); + computed.truncate(count + rest); + + if computed != expected { + println!("Computed: {}", hex::encode(&computed)); + println!("Expected: {}", hex::encode(&expected)); + if computed.len() != expected.len() { + println!( + "Lengths differ: {} in computed vs {} expected", + computed.len(), + expected.len() + ); + } + panic!("test failure"); + } + } + + #[test] + #[cfg(ossl102)] + fn test_aes128_wrap() { + let pt = "00112233445566778899aabbccddeeff"; + let ct = "7940ff694448b5bb5139c959a4896832e55d69aa04daa27e"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "0001020304050607"; + + cipher_wrap_test(Cipher::aes_128_wrap(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl102)] + fn test_aes128_wrap_default_iv() { + let pt = "00112233445566778899aabbccddeeff"; + let ct = "38f1215f0212526f8a70b51955b9fbdc9fe3041d9832306e"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + + cipher_wrap_test(Cipher::aes_128_wrap(), pt, ct, key, None); + } + + #[test] + #[cfg(ossl110)] + fn test_aes128_wrap_pad() { + let pt = "00112233445566778899aabbccddee"; + let ct = "f13998f5ab32ef82a1bdbcbe585e1d837385b529572a1e1b"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + let iv = "00010203"; + + cipher_wrap_test(Cipher::aes_128_wrap_pad(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl110)] + fn test_aes128_wrap_pad_default_iv() { + let pt = "00112233445566778899aabbccddee"; + let ct = "3a501085fb8cf66f4186b7df851914d471ed823411598add"; + let key = "2b7e151628aed2a6abf7158809cf4f3c"; + + cipher_wrap_test(Cipher::aes_128_wrap_pad(), pt, ct, key, None); + } + + #[test] + #[cfg(ossl102)] + fn test_aes192_wrap() { + let pt = "9f6dee187d35302116aecbfd059657efd9f7589c4b5e7f5b"; + let ct = "83b89142dfeeb4871e078bfb81134d33e23fedc19b03a1cf689973d3831b6813"; + let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"; + let iv = "0001020304050607"; + + cipher_wrap_test(Cipher::aes_192_wrap(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl102)] + fn test_aes192_wrap_default_iv() { + let pt = "9f6dee187d35302116aecbfd059657efd9f7589c4b5e7f5b"; + let ct = "c02c2cf11505d3e4851030d5534cbf5a1d7eca7ba8839adbf239756daf1b43e6"; + let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"; + + cipher_wrap_test(Cipher::aes_192_wrap(), pt, ct, key, None); + } + + #[test] + #[cfg(ossl110)] + fn test_aes192_wrap_pad() { + let pt = "00112233445566778899aabbccddee"; + let ct = "b4f6bb167ef7caf061a74da82b36ad038ca057ab51e98d3a"; + let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"; + let iv = "00010203"; + + cipher_wrap_test(Cipher::aes_192_wrap_pad(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl110)] + fn test_aes192_wrap_pad_default_iv() { + let pt = "00112233445566778899aabbccddee"; + let ct = "b2c37a28cc602753a7c944a4c2555a2df9c98b2eded5312e"; + let key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"; + + cipher_wrap_test(Cipher::aes_192_wrap_pad(), pt, ct, key, None); + } + + #[test] + #[cfg(ossl102)] + fn test_aes256_wrap() { + let pt = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"; + let ct = "cc05da2a7f56f7dd0c144231f90bce58648fa20a8278f5a6b7d13bba6aa57a33229d4333866b7fd6"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "0001020304050607"; + + cipher_wrap_test(Cipher::aes_256_wrap(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl102)] + fn test_aes256_wrap_default_iv() { + let pt = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"; + let ct = "0b24f068b50e52bc6987868411c36e1b03900866ed12af81eb87cef70a8d1911731c1d7abf789d88"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + + cipher_wrap_test(Cipher::aes_256_wrap(), pt, ct, key, None); + } + + #[test] + #[cfg(ossl110)] + fn test_aes256_wrap_pad() { + let pt = "00112233445566778899aabbccddee"; + let ct = "91594e044ccc06130d60e6c84a996aa4f96a9faff8c5f6e7"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + let iv = "00010203"; + + cipher_wrap_test(Cipher::aes_256_wrap_pad(), pt, ct, key, Some(iv)); + } + + #[test] + #[cfg(ossl110)] + fn test_aes256_wrap_pad_default_iv() { + let pt = "00112233445566778899aabbccddee"; + let ct = "dc3c166a854afd68aea624a4272693554bf2e4fcbae602cd"; + let key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"; + + cipher_wrap_test(Cipher::aes_256_wrap_pad(), pt, ct, key, None); + } } diff --git a/vendor/openssl/src/cms.rs b/vendor/openssl/src/cms.rs index 6b6aa9fd8..d11443b5c 100644 --- a/vendor/openssl/src/cms.rs +++ b/vendor/openssl/src/cms.rs @@ -20,6 +20,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct CMSOptions : c_uint { const TEXT = ffi::CMS_TEXT; const CMS_NOCERTS = ffi::CMS_NOCERTS; diff --git a/vendor/openssl/src/ec.rs b/vendor/openssl/src/ec.rs index b648aec33..d541ddfc2 100644 --- a/vendor/openssl/src/ec.rs +++ b/vendor/openssl/src/ec.rs @@ -15,6 +15,7 @@ //! [`EcGroup`]: struct.EcGroup.html //! [`Nid`]: ../nid/struct.Nid.html //! [Elliptic Curve Cryptography]: https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography +use cfg_if::cfg_if; use foreign_types::{ForeignType, ForeignTypeRef}; use libc::c_int; use std::fmt; @@ -28,6 +29,13 @@ use crate::util::ForeignTypeRefExt; use crate::{cvt, cvt_n, cvt_p, init}; use openssl_macros::corresponds; +cfg_if! { + if #[cfg(not(boringssl))] { + use std::ffi::CString; + use crate::string::OpensslString; + } +} + /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of @@ -463,6 +471,26 @@ impl EcPointRef { } } + /// Serializes the point to a hexadecimal string representation. + #[corresponds(EC_POINT_point2hex)] + #[cfg(not(boringssl))] + pub fn to_hex_str( + &self, + group: &EcGroupRef, + form: PointConversionForm, + ctx: &mut BigNumContextRef, + ) -> Result { + unsafe { + let buf = cvt_p(ffi::EC_POINT_point2hex( + group.as_ptr(), + self.as_ptr(), + form.0, + ctx.as_ptr(), + ))?; + Ok(OpensslString::from_ptr(buf)) + } + } + /// Creates a new point on the specified curve with the same value. #[corresponds(EC_POINT_dup)] pub fn to_owned(&self, group: &EcGroupRef) -> Result { @@ -631,6 +659,27 @@ impl EcPoint { } Ok(point) } + + /// Creates point from a hexadecimal string representation + #[corresponds(EC_POINT_hex2point)] + #[cfg(not(boringssl))] + pub fn from_hex_str( + group: &EcGroupRef, + s: &str, + ctx: &mut BigNumContextRef, + ) -> Result { + let point = EcPoint::new(group)?; + unsafe { + let c_str = CString::new(s.as_bytes()).unwrap(); + cvt_p(ffi::EC_POINT_hex2point( + group.as_ptr(), + c_str.as_ptr() as *const _, + point.as_ptr(), + ctx.as_ptr(), + ))?; + } + Ok(point) + } } generic_foreign_type_and_impl_send_sync! { @@ -1121,6 +1170,20 @@ mod test { assert!(point.eq(&group, &point2, &mut ctx).unwrap()); } + #[test] + #[cfg(not(boringssl))] + fn point_hex_str() { + let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + let key = EcKey::generate(&group).unwrap(); + let point = key.public_key(); + let mut ctx = BigNumContext::new().unwrap(); + let hex = point + .to_hex_str(&group, PointConversionForm::COMPRESSED, &mut ctx) + .unwrap(); + let point2 = EcPoint::from_hex_str(&group, &hex, &mut ctx).unwrap(); + assert!(point.eq(&group, &point2, &mut ctx).unwrap()); + } + #[test] fn point_owned() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); diff --git a/vendor/openssl/src/encrypt.rs b/vendor/openssl/src/encrypt.rs index d3db0fd41..4522146f8 100644 --- a/vendor/openssl/src/encrypt.rs +++ b/vendor/openssl/src/encrypt.rs @@ -40,7 +40,7 @@ //! assert_eq!(&*decrypted, data); //! ``` #[cfg(any(ossl102, libressl310))] -use libc::{c_int, c_void}; +use libc::c_int; use std::{marker::PhantomData, ptr}; use crate::error::ErrorStack; @@ -174,7 +174,7 @@ impl<'a> Encrypter<'a> { cvt(ffi::EVP_PKEY_CTX_set0_rsa_oaep_label( self.pctx, - p as *mut c_void, + p, label.len() as c_int, )) .map(|_| ()) @@ -378,7 +378,7 @@ impl<'a> Decrypter<'a> { cvt(ffi::EVP_PKEY_CTX_set0_rsa_oaep_label( self.pctx, - p as *mut c_void, + p, label.len() as c_int, )) .map(|_| ()) diff --git a/vendor/openssl/src/lib.rs b/vendor/openssl/src/lib.rs index c2c390cc1..fe29d0229 100644 --- a/vendor/openssl/src/lib.rs +++ b/vendor/openssl/src/lib.rs @@ -44,7 +44,7 @@ //! $ sudo apt-get install pkg-config libssl-dev //! //! # Fedora -//! $ sudo dnf install pkg-config openssl-devel +//! $ sudo dnf install pkg-config perl-FindBin openssl-devel //! //! # Alpine Linux //! $ apk add pkgconfig openssl-dev diff --git a/vendor/openssl/src/ocsp.rs b/vendor/openssl/src/ocsp.rs index 7506d34fb..93a5d36b7 100644 --- a/vendor/openssl/src/ocsp.rs +++ b/vendor/openssl/src/ocsp.rs @@ -15,6 +15,8 @@ use crate::{cvt, cvt_p}; use openssl_macros::corresponds; bitflags! { + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct OcspFlag: c_ulong { const NO_CERTS = ffi::OCSP_NOCERTS; const NO_INTERN = ffi::OCSP_NOINTERN; diff --git a/vendor/openssl/src/pkcs7.rs b/vendor/openssl/src/pkcs7.rs index ae4571db8..a272c598b 100644 --- a/vendor/openssl/src/pkcs7.rs +++ b/vendor/openssl/src/pkcs7.rs @@ -28,6 +28,8 @@ foreign_type_and_impl_send_sync! { } bitflags! { + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct Pkcs7Flags: c_int { const TEXT = ffi::PKCS7_TEXT; const NOCERTS = ffi::PKCS7_NOCERTS; @@ -111,7 +113,7 @@ impl Pkcs7 { certs.as_ptr(), input_bio.as_ptr(), cipher.as_ptr(), - flags.bits, + flags.bits(), )) .map(Pkcs7) } @@ -141,7 +143,7 @@ impl Pkcs7 { pkey.as_ptr(), certs.as_ptr(), input_bio.as_ptr(), - flags.bits, + flags.bits(), )) .map(Pkcs7) } @@ -159,7 +161,7 @@ impl Pkcs7Ref { output.as_ptr(), self.as_ptr(), input_bio.as_ptr(), - flags.bits, + flags.bits(), )) .map(|_| output.get_buf().to_owned()) } @@ -205,7 +207,7 @@ impl Pkcs7Ref { pkey.as_ptr(), cert.as_ptr(), output.as_ptr(), - flags.bits, + flags.bits(), )) .map(|_| output.get_buf().to_owned()) } @@ -241,7 +243,7 @@ impl Pkcs7Ref { store.as_ptr(), indata_bio_ptr, out_bio.as_ptr(), - flags.bits, + flags.bits(), )) .map(|_| ())? } @@ -265,7 +267,7 @@ impl Pkcs7Ref { let ptr = cvt_p(ffi::PKCS7_get0_signers( self.as_ptr(), certs.as_ptr(), - flags.bits, + flags.bits(), ))?; // The returned stack is owned by the caller, but the certs inside are not! Our stack interface can't deal diff --git a/vendor/openssl/src/pkey_ctx.rs b/vendor/openssl/src/pkey_ctx.rs index aba8a66a3..4ac32a851 100644 --- a/vendor/openssl/src/pkey_ctx.rs +++ b/vendor/openssl/src/pkey_ctx.rs @@ -70,7 +70,8 @@ use crate::error::ErrorStack; use crate::md::MdRef; use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private}; use crate::rsa::Padding; -use crate::{cvt, cvt_n, cvt_p}; +use crate::sign::RsaPssSaltlen; +use crate::{cvt, cvt_p}; use foreign_types::{ForeignType, ForeignTypeRef}; #[cfg(not(boringssl))] use libc::c_int; @@ -164,6 +165,17 @@ where Ok(()) } + /// Prepares the context for signature recovery using the public key. + #[corresponds(EVP_PKEY_verify_recover_init)] + #[inline] + pub fn verify_recover_init(&mut self) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_verify_recover_init(self.as_ptr()))?; + } + + Ok(()) + } + /// Encrypts data using the public key. /// /// If `to` is set to `None`, an upper bound on the number of bytes required for the output buffer will be @@ -209,16 +221,54 @@ where #[inline] pub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result { unsafe { - let r = cvt_n(ffi::EVP_PKEY_verify( + let r = ffi::EVP_PKEY_verify( self.as_ptr(), sig.as_ptr(), sig.len(), data.as_ptr(), data.len(), - ))?; + ); + // `EVP_PKEY_verify` is not terribly consistent about how it, + // reports errors. It does not clearly distinguish between 0 and + // -1, and may put errors on the stack in both cases. If there's + // errors on the stack, we return `Err()`, else we return + // `Ok(false)`. + if r <= 0 { + let errors = ErrorStack::get(); + if !errors.errors().is_empty() { + return Err(errors); + } + } + Ok(r == 1) } } + + /// Recovers the original data signed by the private key. You almost + /// always want `verify` instead. + /// + /// Returns the number of bytes written to `to`, or the number of bytes + /// that would be written, if `to` is `None. + #[corresponds(EVP_PKEY_verify_recover)] + #[inline] + pub fn verify_recover( + &mut self, + sig: &[u8], + to: Option<&mut [u8]>, + ) -> Result { + let mut written = to.as_ref().map_or(0, |b| b.len()); + unsafe { + cvt(ffi::EVP_PKEY_verify_recover( + self.as_ptr(), + to.map_or(ptr::null_mut(), |b| b.as_mut_ptr()), + &mut written, + sig.as_ptr(), + sig.len(), + ))?; + } + + Ok(written) + } } impl PkeyCtxRef @@ -351,6 +401,22 @@ impl PkeyCtxRef { Ok(()) } + /// Sets which algorithm was used to compute the digest used in a + /// signature. With RSA signatures this causes the signature to be wrapped + /// in a `DigestInfo` structure. This is almost always what you want with + /// RSA signatures. + #[corresponds(EVP_PKEY_CTX_set_signature_md)] + #[inline] + pub fn set_signature_md(&self, md: &MdRef) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_signature_md( + self.as_ptr(), + md.as_ptr(), + ))?; + } + Ok(()) + } + /// Returns the RSA padding mode in use. /// /// This is only useful for RSA keys. @@ -381,6 +447,21 @@ impl PkeyCtxRef { Ok(()) } + /// Sets the RSA PSS salt length. + /// + /// This is only useful for RSA keys. + #[corresponds(EVP_PKEY_CTX_set_rsa_pss_saltlen)] + #[inline] + pub fn set_rsa_pss_saltlen(&mut self, len: RsaPssSaltlen) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen( + self.as_ptr(), + len.as_raw(), + )) + .map(|_| ()) + } + } + /// Sets the RSA MGF1 algorithm. /// /// This is only useful for RSA keys. @@ -401,7 +482,7 @@ impl PkeyCtxRef { /// /// This is only useful for RSA keys. #[corresponds(EVP_PKEY_CTX_set_rsa_oaep_md)] - #[cfg(any(ossl102, libressl310))] + #[cfg(any(ossl102, libressl310, boringssl))] #[inline] pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack> { unsafe { @@ -641,11 +722,12 @@ mod test { #[cfg(not(boringssl))] use crate::cipher::Cipher; use crate::ec::{EcGroup, EcKey}; - #[cfg(any(ossl102, libressl310, boringssl))] + use crate::hash::{hash, MessageDigest}; use crate::md::Md; use crate::nid::Nid; use crate::pkey::PKey; use crate::rsa::Rsa; + use crate::sign::Verifier; #[test] fn rsa() { @@ -671,7 +753,7 @@ mod test { } #[test] - #[cfg(any(ossl102, libressl310))] + #[cfg(any(ossl102, libressl310, boringssl))] fn rsa_oaep() { let key = include_bytes!("../test/rsa.pem"); let rsa = Rsa::private_key_from_pem(key).unwrap(); @@ -698,6 +780,53 @@ mod test { assert_eq!(pt, out); } + #[test] + fn rsa_sign() { + let key = include_bytes!("../test/rsa.pem"); + let rsa = Rsa::private_key_from_pem(key).unwrap(); + let pkey = PKey::from_rsa(rsa).unwrap(); + + let mut ctx = PkeyCtx::new(&pkey).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_rsa_padding(Padding::PKCS1).unwrap(); + ctx.set_signature_md(Md::sha384()).unwrap(); + + let msg = b"hello world"; + let digest = hash(MessageDigest::sha384(), msg).unwrap(); + let mut signature = vec![]; + ctx.sign_to_vec(&digest, &mut signature).unwrap(); + + let mut verifier = Verifier::new(MessageDigest::sha384(), &pkey).unwrap(); + verifier.update(msg).unwrap(); + assert!(matches!(verifier.verify(&signature), Ok(true))); + } + + #[test] + fn rsa_sign_pss() { + let key = include_bytes!("../test/rsa.pem"); + let rsa = Rsa::private_key_from_pem(key).unwrap(); + let pkey = PKey::from_rsa(rsa).unwrap(); + + let mut ctx = PkeyCtx::new(&pkey).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_rsa_padding(Padding::PKCS1_PSS).unwrap(); + ctx.set_signature_md(Md::sha384()).unwrap(); + ctx.set_rsa_pss_saltlen(RsaPssSaltlen::custom(14)).unwrap(); + + let msg = b"hello world"; + let digest = hash(MessageDigest::sha384(), msg).unwrap(); + let mut signature = vec![]; + ctx.sign_to_vec(&digest, &mut signature).unwrap(); + + let mut verifier = Verifier::new(MessageDigest::sha384(), &pkey).unwrap(); + verifier.set_rsa_padding(Padding::PKCS1_PSS).unwrap(); + verifier + .set_rsa_pss_saltlen(RsaPssSaltlen::custom(14)) + .unwrap(); + verifier.update(msg).unwrap(); + assert!(matches!(verifier.verify(&signature), Ok(true))); + } + #[test] fn derive() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); @@ -807,7 +936,67 @@ mod test { let bad_data = b"Some Crypto text"; ctx.verify_init().unwrap(); - let valid = ctx.verify(bad_data, &signature).unwrap(); - assert!(!valid); + let valid = ctx.verify(bad_data, &signature); + assert!(matches!(valid, Ok(false) | Err(_))); + assert!(ErrorStack::get().errors().is_empty()); + } + + #[test] + fn verify_fail_ec() { + let key1 = + EcKey::generate(&EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap()).unwrap(); + let key1 = PKey::from_ec_key(key1).unwrap(); + + let data = b"Some Crypto Text"; + let mut ctx = PkeyCtx::new(&key1).unwrap(); + ctx.verify_init().unwrap(); + assert!(matches!(ctx.verify(data, &[0; 64]), Ok(false) | Err(_))); + assert!(ErrorStack::get().errors().is_empty()); + } + + #[test] + fn test_verify_recover() { + let key = Rsa::generate(2048).unwrap(); + let key = PKey::from_rsa(key).unwrap(); + + let digest = [ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, 28, 29, 30, 31, + ]; + + let mut ctx = PkeyCtx::new(&key).unwrap(); + ctx.sign_init().unwrap(); + ctx.set_rsa_padding(Padding::PKCS1).unwrap(); + ctx.set_signature_md(Md::sha256()).unwrap(); + let mut signature = vec![]; + ctx.sign_to_vec(&digest, &mut signature).unwrap(); + + // Attempt recovery of just the digest. + let mut ctx = PkeyCtx::new(&key).unwrap(); + ctx.verify_recover_init().unwrap(); + ctx.set_rsa_padding(Padding::PKCS1).unwrap(); + ctx.set_signature_md(Md::sha256()).unwrap(); + let length = ctx.verify_recover(&signature, None).unwrap(); + let mut result_buf = vec![0; length]; + let length = ctx + .verify_recover(&signature, Some(&mut result_buf)) + .unwrap(); + assert_eq!(length, digest.len()); + // result_buf contains the digest + assert_eq!(result_buf[..length], digest); + + // Attempt recovery of teh entire DigestInfo + let mut ctx = PkeyCtx::new(&key).unwrap(); + ctx.verify_recover_init().unwrap(); + ctx.set_rsa_padding(Padding::PKCS1).unwrap(); + let length = ctx.verify_recover(&signature, None).unwrap(); + let mut result_buf = vec![0; length]; + let length = ctx + .verify_recover(&signature, Some(&mut result_buf)) + .unwrap(); + // 32-bytes of SHA256 digest + the ASN.1 DigestInfo structure == 51 bytes + assert_eq!(length, 51); + // The digest is the end of the DigestInfo structure. + assert_eq!(result_buf[length - digest.len()..length], digest); } } diff --git a/vendor/openssl/src/sign.rs b/vendor/openssl/src/sign.rs index a32f5c914..1c770d18b 100644 --- a/vendor/openssl/src/sign.rs +++ b/vendor/openssl/src/sign.rs @@ -93,7 +93,7 @@ pub struct RsaPssSaltlen(c_int); impl RsaPssSaltlen { /// Returns the integer representation of `RsaPssSaltlen`. - fn as_raw(&self) -> c_int { + pub(crate) fn as_raw(&self) -> c_int { self.0 } diff --git a/vendor/openssl/src/ssl/callbacks.rs b/vendor/openssl/src/ssl/callbacks.rs index 091b1fb77..c6414fb51 100644 --- a/vendor/openssl/src/ssl/callbacks.rs +++ b/vendor/openssl/src/ssl/callbacks.rs @@ -86,6 +86,7 @@ where }; // Give the callback mutable slices into which it can write the identity and psk. let identity_sl = slice::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize); + #[allow(clippy::unnecessary_cast)] let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize); match (*callback)(ssl, hint, identity_sl, psk_sl) { Ok(psk_len) => psk_len as u32, @@ -124,6 +125,7 @@ where Some(CStr::from_ptr(identity).to_bytes()) }; // Give the callback mutable slices into which it can write the psk. + #[allow(clippy::unnecessary_cast)] let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize); match (*callback)(ssl, identity, psk_sl) { Ok(psk_len) => psk_len as u32, @@ -194,6 +196,7 @@ where .ssl_context() .ex_data(SslContext::cached_ex_index::()) .expect("BUG: alpn callback missing") as *const F; + #[allow(clippy::unnecessary_cast)] let protos = slice::from_raw_parts(inbuf as *const u8, inlen as usize); match (*callback)(ssl, protos) { @@ -412,6 +415,7 @@ where .expect("BUG: session context missing") .ex_data(SslContext::cached_ex_index::()) .expect("BUG: get session callback missing") as *const F; + #[allow(clippy::unnecessary_cast)] let data = slice::from_raw_parts(data as *const u8, len as usize); match (*callback)(ssl, data) { @@ -455,6 +459,7 @@ where .ssl_context() .ex_data(SslContext::cached_ex_index::()) .expect("BUG: stateless cookie generate callback missing") as *const F; + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::SSL_COOKIE_LENGTH as usize); match (*callback)(ssl, slice) { Ok(len) => { @@ -482,6 +487,7 @@ where .ssl_context() .ex_data(SslContext::cached_ex_index::()) .expect("BUG: stateless cookie verify callback missing") as *const F; + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len); (*callback)(ssl, slice) as c_int } @@ -503,6 +509,7 @@ where .expect("BUG: cookie generate callback missing") as *const F; // We subtract 1 from DTLS1_COOKIE_LENGTH as the ostensible value, 256, is erroneous but retained for // compatibility. See comments in dtls1.h. + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts_mut(cookie as *mut u8, ffi::DTLS1_COOKIE_LENGTH as usize - 1); match (*callback)(ssl, slice) { @@ -542,6 +549,7 @@ where .ssl_context() .ex_data(SslContext::cached_ex_index::()) .expect("BUG: cookie verify callback missing") as *const F; + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts(cookie as *const c_uchar as *const u8, cookie_len as usize); (*callback)(ssl, slice) as c_int @@ -654,6 +662,7 @@ where .ex_data(SslContext::cached_ex_index::()) .expect("BUG: custom ext parse callback missing") as *const F; let ectx = ExtensionContext::from_bits_truncate(context); + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts(input as *const u8, inlen); let cert = if ectx.contains(ExtensionContext::TLS1_3_CERTIFICATE) { Some((chainidx, X509Ref::from_ptr(x))) diff --git a/vendor/openssl/src/ssl/mod.rs b/vendor/openssl/src/ssl/mod.rs index 27e817f30..bdfbfc14f 100644 --- a/vendor/openssl/src/ssl/mod.rs +++ b/vendor/openssl/src/ssl/mod.rs @@ -143,6 +143,8 @@ cfg_if! { bitflags! { /// Options controlling the behavior of an `SslContext`. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct SslOptions: SslOptionsRepr { /// Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers. const DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as SslOptionsRepr; @@ -281,6 +283,8 @@ bitflags! { bitflags! { /// Options controlling the behavior of an `SslContext`. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct SslMode: SslBitType { /// Enables "short writes". /// @@ -378,6 +382,8 @@ unsafe impl Send for SslMethod {} bitflags! { /// Options controlling the behavior of certificate verification. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct SslVerifyMode: i32 { /// Verifies that the peer's certificate is trusted. /// @@ -410,6 +416,8 @@ type SslTimeTy = c_long; bitflags! { /// Options controlling the behavior of session caching. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct SslSessionCacheMode: SslBitType { /// No session caching for the client or server takes place. const OFF = ffi::SSL_SESS_CACHE_OFF; @@ -447,6 +455,8 @@ bitflags! { #[cfg(ossl111)] bitflags! { /// Which messages and under which conditions an extension should be added or expected. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct ExtensionContext: c_uint { /// This extension is only allowed in TLS const TLS_ONLY = ffi::SSL_EXT_TLS_ONLY; @@ -735,7 +745,7 @@ impl SslContextBuilder { #[corresponds(SSL_CTX_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { unsafe { - ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, None); + ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, None); } } @@ -752,7 +762,7 @@ impl SslContextBuilder { { unsafe { self.set_ex_data(SslContext::cached_ex_index::(), verify); - ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits as c_int, Some(raw_verify::)); + ffi::SSL_CTX_set_verify(self.as_ptr(), mode.bits() as c_int, Some(raw_verify::)); } } @@ -839,7 +849,7 @@ impl SslContextBuilder { pub fn set_mode(&mut self, mode: SslMode) -> SslMode { unsafe { let bits = ffi::SSL_CTX_set_mode(self.as_ptr(), mode.bits() as MtuTy) as SslBitType; - SslMode { bits } + SslMode::from_bits_retain(bits) } } @@ -1111,14 +1121,14 @@ impl SslContextBuilder { pub fn set_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_set_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; - SslOptions { bits } + SslOptions::from_bits_retain(bits) } /// Returns the options used by the context. #[corresponds(SSL_CTX_get_options)] pub fn options(&self) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_get_options(self.as_ptr()) } as SslOptionsRepr; - SslOptions { bits } + SslOptions::from_bits_retain(bits) } /// Clears the options used by the context, returning the old set. @@ -1126,7 +1136,7 @@ impl SslContextBuilder { pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { let bits = unsafe { ffi::SSL_CTX_clear_options(self.as_ptr(), option.bits()) } as SslOptionsRepr; - SslOptions { bits } + SslOptions::from_bits_retain(bits) } /// Sets the minimum supported protocol version. @@ -1475,7 +1485,7 @@ impl SslContextBuilder { pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode { unsafe { let bits = ffi::SSL_CTX_set_session_cache_mode(self.as_ptr(), mode.bits()); - SslSessionCacheMode { bits } + SslSessionCacheMode::from_bits_retain(bits) } } @@ -2122,6 +2132,7 @@ impl SslSessionRef { unsafe { let mut len = 0; let p = ffi::SSL_SESSION_get_id(self.as_ptr(), &mut len); + #[allow(clippy::unnecessary_cast)] slice::from_raw_parts(p as *const u8, len as usize) } } @@ -2350,7 +2361,7 @@ impl SslRef { /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify #[corresponds(SSL_set_verify)] pub fn set_verify(&mut self, mode: SslVerifyMode) { - unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) } + unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits() as c_int, None) } } /// Returns the verify mode that was set using `set_verify`. @@ -2371,7 +2382,11 @@ impl SslRef { unsafe { // this needs to be in an Arc since the callback can register a new callback! self.set_ex_data(Ssl::cached_ex_index(), Arc::new(verify)); - ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, Some(ssl_raw_verify::)); + ffi::SSL_set_verify( + self.as_ptr(), + mode.bits() as c_int, + Some(ssl_raw_verify::), + ); } } @@ -3718,7 +3733,7 @@ impl SslStream { pub fn get_shutdown(&mut self) -> ShutdownState { unsafe { let bits = ffi::SSL_get_shutdown(self.ssl.as_ptr()); - ShutdownState { bits } + ShutdownState::from_bits_retain(bits) } } @@ -4051,6 +4066,8 @@ pub enum ShutdownResult { bitflags! { /// The shutdown state of a session. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct ShutdownState: c_int { /// A close notify message has been sent to the peer. const SENT = ffi::SSL_SENT_SHUTDOWN; diff --git a/vendor/openssl/src/symm.rs b/vendor/openssl/src/symm.rs index c1dbdfee7..7ebb70338 100644 --- a/vendor/openssl/src/symm.rs +++ b/vendor/openssl/src/symm.rs @@ -295,7 +295,7 @@ impl Cipher { } /// Requires OpenSSL 1.1.0 or newer. - #[cfg(all(ossl110, not(osslconf = "OPENSSL_NO_CHACHA")))] + #[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))] pub fn chacha20_poly1305() -> Cipher { unsafe { Cipher(ffi::EVP_chacha20_poly1305()) } } @@ -1493,7 +1493,7 @@ mod tests { } #[test] - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl360))] fn test_chacha20_poly1305() { let key = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"; let iv = "070000004041424344454647"; diff --git a/vendor/openssl/src/x509/mod.rs b/vendor/openssl/src/x509/mod.rs index 4325b132e..24605df80 100644 --- a/vendor/openssl/src/x509/mod.rs +++ b/vendor/openssl/src/x509/mod.rs @@ -2102,6 +2102,7 @@ impl GeneralNameRef { let ptr = ASN1_STRING_get0_data(d as *mut _); let len = ffi::ASN1_STRING_length(d as *mut _); + #[allow(clippy::unnecessary_cast)] let slice = slice::from_raw_parts(ptr as *const u8, len as usize); // IA5Strings are stated to be ASCII (specifically IA5). Hopefully // OpenSSL checks that when loading a certificate but if not we'll @@ -2155,6 +2156,7 @@ impl GeneralNameRef { let ptr = ASN1_STRING_get0_data(d as *mut _); let len = ffi::ASN1_STRING_length(d as *mut _); + #[allow(clippy::unnecessary_cast)] Some(slice::from_raw_parts(ptr as *const u8, len as usize)) } } diff --git a/vendor/openssl/src/x509/verify.rs b/vendor/openssl/src/x509/verify.rs index e8481c551..541cd8266 100644 --- a/vendor/openssl/src/x509/verify.rs +++ b/vendor/openssl/src/x509/verify.rs @@ -11,6 +11,8 @@ use openssl_macros::corresponds; bitflags! { /// Flags used to check an `X509` certificate. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct X509CheckFlags: c_uint { const ALWAYS_CHECK_SUBJECT = ffi::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; const NO_WILDCARDS = ffi::X509_CHECK_FLAG_NO_WILDCARDS; @@ -28,6 +30,8 @@ bitflags! { bitflags! { /// Flags used to verify an `X509` certificate chain. + #[derive(Copy, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)] + #[repr(transparent)] pub struct X509VerifyFlags: c_ulong { const CB_ISSUER_CHECK = ffi::X509_V_FLAG_CB_ISSUER_CHECK; const USE_CHECK_TIME = ffi::X509_V_FLAG_USE_CHECK_TIME; @@ -87,14 +91,20 @@ impl X509VerifyParamRef { #[corresponds(X509_VERIFY_PARAM_set_hostflags)] pub fn set_hostflags(&mut self, hostflags: X509CheckFlags) { unsafe { - ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits); + ffi::X509_VERIFY_PARAM_set_hostflags(self.as_ptr(), hostflags.bits()); } } /// Set verification flags. #[corresponds(X509_VERIFY_PARAM_set_flags)] pub fn set_flags(&mut self, flags: X509VerifyFlags) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::X509_VERIFY_PARAM_set_flags(self.as_ptr(), flags.bits)).map(|_| ()) } + unsafe { + cvt(ffi::X509_VERIFY_PARAM_set_flags( + self.as_ptr(), + flags.bits(), + )) + .map(|_| ()) + } } /// Clear verification flags. @@ -103,7 +113,7 @@ impl X509VerifyParamRef { unsafe { cvt(ffi::X509_VERIFY_PARAM_clear_flags( self.as_ptr(), - flags.bits, + flags.bits(), )) .map(|_| ()) } @@ -113,7 +123,7 @@ impl X509VerifyParamRef { #[corresponds(X509_VERIFY_PARAM_get_flags)] pub fn flags(&mut self) -> X509VerifyFlags { let bits = unsafe { ffi::X509_VERIFY_PARAM_get_flags(self.as_ptr()) }; - X509VerifyFlags { bits } + X509VerifyFlags::from_bits_retain(bits) } /// Set the expected DNS hostname. @@ -131,6 +141,21 @@ impl X509VerifyParamRef { } } + /// Set the expected email address. + #[corresponds(X509_VERIFY_PARAM_set1_email)] + pub fn set_email(&mut self, email: &str) -> Result<(), ErrorStack> { + unsafe { + // len == 0 means "run strlen" :( + let raw_email = if email.is_empty() { "\0" } else { email }; + cvt(ffi::X509_VERIFY_PARAM_set1_email( + self.as_ptr(), + raw_email.as_ptr() as *const _, + email.len(), + )) + .map(|_| ()) + } + } + /// Set the expected IPv4 or IPv6 address. #[corresponds(X509_VERIFY_PARAM_set1_ip)] pub fn set_ip(&mut self, ip: IpAddr) -> Result<(), ErrorStack> { -- cgit v1.2.3