Start on PKCS #12 support

Author: sfackler

openssl-sys/src/lib.rs

@@ -37,6 +37,13 @@ pub type X509_NAME_ENTRY = c_void;
 pub type X509_REQ = c_void;
 pub type X509_STORE_CTX = c_void;
 pub type bio_st = c_void;
+#[repr(C)]
+pub struct PKCS12(c_void);
+
+#[repr(C)]
+pub struct stack_st_X509 {
+    pub stack: _STACK,
+}
 
 #[repr(C)]
 pub struct stack_st_X509_EXTENSION {
@@ -1070,6 +1077,15 @@ extern "C" {
     pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int;
     pub fn d2i_RSAPrivateKey(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;
 
+    pub fn d2i_PKCS12(a: *mut *mut PKCS12, pp: *mut *const u8, length: c_long) -> *mut PKCS12;
+    pub fn PKCS12_parse(p12: *mut PKCS12,
+                        pass: *const c_char,
+                        pkey: *mut *mut EVP_PKEY,
+                        cert: *mut *mut X509,
+                        ca: *mut *mut stack_st_X509)
+                        -> c_int;
+    pub fn PKCS12_free(p12: *mut PKCS12);
+
     pub fn SSLeay() -> c_long;
     pub fn SSLeay_version(key: c_int) -> *const c_char;
 }

openssl/src/crypto/mod.rs

@@ -18,6 +18,7 @@ pub mod hash;
 #[cfg(feature = "hmac")]
 pub mod hmac;
 pub mod pkcs5;
+pub mod pkcs12;
 pub mod pkey;
 pub mod rand;
 pub mod symm;

openssl/src/crypto/pkcs12.rs

@@ -0,0 +1,39 @@
+//! PKCS #12 archives.
+
+use ffi;
+use libc::{c_long, c_uchar};
+use std::cmp;
+use std::ptr;
+
+use error::ErrorStack;
+
+/// A PKCS #12 archive.
+pub struct Pkcs12(*mut ffi::PKCS12);
+
+impl Drop for Pkcs12 {
+    fn drop(&mut self) {
+        unsafe { ffi::PKCS12_free(self.0); }
+    }
+}
+
+impl Pkcs12 {
+    pub fn from_der(der: &[u8]) -> Result<Pkcs12, ErrorStack> {
+        unsafe {
+            let mut ptr = der.as_ptr() as *const c_uchar;
+            let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long;
+            let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length));
+            Ok(Pkcs12(p12))
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn from_der() {
+        let der = include_bytes!("../../test/identity.p12");
+        Pkcs12::from_der(der).unwrap();
+    }
+}

openssl/src/ssl/tests/mod.rs

@@ -245,7 +245,7 @@ run_test!(verify_trusted, |method, stream| {
     let mut ctx = SslContext::new(method).unwrap();
     ctx.set_verify(SSL_VERIFY_PEER);
 
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
         Ok(_) => {}
         Err(err) => panic!("Unexpected error {:?}", err),
     }
@@ -314,7 +314,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
         true
     });
 
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
         Ok(_) => {}
         Err(err) => panic!("Unexpected error {:?}", err),
     }
@@ -338,7 +338,7 @@ run_test!(verify_callback_data, |method, stream| {
     // in DER format.
     // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
     // Please update if "test/cert.pem" will ever change
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let node_id = node_hash_str.from_hex().unwrap();
     ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| {
         let cert = x509_ctx.current_cert();
@@ -367,7 +367,7 @@ run_test!(ssl_verify_callback, |method, stream| {
     let ctx = SslContext::new(method).unwrap();
     let mut ssl = ctx.into_ssl().unwrap();
 
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let node_id = node_hash_str.from_hex().unwrap();
     ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
         CHECKED.store(1, Ordering::SeqCst);

openssl/src/x509/tests.rs

@@ -86,7 +86,7 @@ fn test_cert_loading() {
     let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
     let fingerprint = cert.fingerprint(SHA1).unwrap();
 
-    let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let hash_vec = hash_str.from_hex().unwrap();
 
     assert_eq!(fingerprint, hash_vec);

openssl/test/cert.pem

@@ -1,21 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIJAKyxk8nkmAtWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCmZvb2Jhci5jb20wHhcNMTYwNTE2MDUw
-NTAwWhcNMjYwNTE0MDUwNTAwWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
-ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
-VQQDDApmb29iYXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qPQljESzF6NQhf4jkYfQeDYbSRf/LUfT5RvebDb8lrkEP/I33r/vMxK6ZcXy5LdK
-SanKImRvIPTVNJFOqOU/v9UIGXJQgKGWktCasZqKNmJP9ULI9eqZzAXNdLkg5Olf
-WiUl9bysDjVTUsIhwNTIV/ou1n+/ytJ4qvpO4TpIZXhZFoGbVKuNYF4dVXzroJGu
-1JLWJ5PZqwWwDI5mpaGTZ9qTDAEMVYOE4Yi5t877lqr1wEls1GXOyAHdRmzeALQ7
-obNudnqhPROIkx5OxdeMAEtSVqr+uuoUXhh65mSRsdMUEzPbzw9RzebdlNyk34Tv
-5k5QFFlcoPbQrTs26CoLNQIDAQABo1AwTjAdBgNVHQ4EFgQUtnMvYaVLoe9ILBWx
-n/PcNC+8rDAwHwYDVR0jBBgwFoAUtnMvYaVLoe9ILBWxn/PcNC+8rDAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAALVDDD2f25h5ytSkoUqQilybeRDg
-bPhTEEC83NWg2snV1yGtwO3zZ+hvX+J/RqOn33ER/RnQCZTB9FGPj566IbLwLSAE
-y83GDsbsFEWCL8yN4Q3dQVub7D3HZ5PBtGpBxC7brvJD7OnR3n75QOFC+OaGKUCo
-16XulVsB3IQsXdzL4GwoUqWGWaUyf5MkzFruBma16QetK5J10R42skeXssjvqupv
-qUQZxzGOzIGuLTBvJrtFxtoTCu+oZV942wGmuyvLwqRfzIODLNcGLS6lGJudXJPT
-Vapaj6maldL3qe1X4bxvtglnpdlrOJ65E3YEC1gcD1KUvfO5vItKrP1FbA==
+MIIDGzCCAgMCCQCHcfe97pgvpTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE2MDgxNDE3MDAwM1oXDTI2MDgxMjE3MDAwM1owWjELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZm9vYmFyLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKj0JYxEsxejUIX+I5GH0Hg2G0kX/y1H0+Ub
+3mw2/Ja5BD/yN96/7zMSumXF8uS3SkmpyiJkbyD01TSRTqjlP7/VCBlyUIChlpLQ
+mrGaijZiT/VCyPXqmcwFzXS5IOTpX1olJfW8rA41U1LCIcDUyFf6LtZ/v8rSeKr6
+TuE6SGV4WRaBm1SrjWBeHVV866CRrtSS1ieT2asFsAyOZqWhk2fakwwBDFWDhOGI
+ubfO+5aq9cBJbNRlzsgB3UZs3gC0O6GzbnZ6oT0TiJMeTsXXjABLUlaq/rrqFF4Y
+euZkkbHTFBMz288PUc3m3ZTcpN+E7+ZOUBRZXKD20K07NugqCzUCAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEASvYHuIl5C0NHBELPpVHNuLbQsDQNKVj3a54+9q1JkiMM
+6taEJYfw7K1Xjm4RoiFSHpQBh+PWZS3hToToL2Zx8JfMR5MuAirdPAy1Sia/J/qE
+wQdJccqmvuLkLTSlsGbEJ/LUUgOAgrgHOZM5lUgIhCneA0/dWJ3PsN0zvn69/faY
+oo1iiolWiIHWWBUSdr3jM2AJaVAsTmLh00cKaDNk37JB940xConBGSl98JPrNrf9
+dUAiT0iIBngDBdHnn/yTj+InVEFyZSKrNtiDSObFHxPcxGteHNrCPJdP1e+GqkHp
+HJMRZVCQpSMzvHlofHSNgzWV1MX5h1CP4SGZdBDTfA==
 -----END CERTIFICATE-----

openssl/test/identity.p12

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/
+1Kzox+2GZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd
+7SBXieIVeIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQ
+r4XsZuQr7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdW
+pGTNVZ92aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrk
+gRob6eBcklDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABAoIBAGZrnd/dC2kp11uq
+Sg8SHk3GMdPPjTf/lq51sVJAU4fdV2Eso0XCiCzdKDcqR6F+jiu8jHp4YO0riW8N
+b1pkjohGjyOaddIaaVsZ80/OkgDz20Ird9XQ7uoEODvopA12+755BDH5PDwqHVeM
+nKfPiwAK6Jz6CxGO9bq9ZNoBiSyO1uofaB4Cpp8t74XVeAuPiI/Bb6WJ8TW5K5dt
+x0Jihdo46QgZR+z4PnyWIoACkhSoQmtTb9NUrpKceBcxdCrZ/kEmYpnPq/PuSw6g
+6HthjYP/H9Xulz69UR5Ez6z+1pU1rKFmQ46qK7X3zVHg233MlGekMzxdmShEjzCP
+BMGYpQECgYEA5tqTZsUJwx3HDhkaZ/XOtaQqwOnZm9wPwTjGbV1t4+NUJzsl5gjP
+ho+I8ZSGZ6MnNSh+ClpYhUHYBq0rTuAAYL2arcMOuOs1GrMmiZJbXm8zq8M7gYr5
+V99H/7akSx66WV/agPkLIvh/BWxlWgQcoVAIzZibbLUxr7Ye50pCLfECgYEAwDLn
+mFz0mFMvGtaSp8RnTDTFCz9czCeDt0GujCxG1epdvtuxlg/S1QH+mGzA/AHkiu7z
+uzCwGKWozNTdRkqVwYoJTB+AYHseSkuGP+a1zr39w+xBW/vESb2oP95GIwprXcG2
+b/qdeQVzuLQhYoqWI2u8CBwlHFfpQO4Bp2ea+ocCgYEAurIgLSfCqlpFpiAlG9hN
+8NYwgU1d4E+LKj+JMd8yRO+PGh8amjub4X3pST5NqDjpN3Nk42iHWFWUqGmZsbM0
+ewg7tLUgDeqiStKBoxaK8AdMqWc9k5lZ53e6mZISsnHKUQdVBaLjH8gJqdAs8yyK
+HudEB0mYwMSUxz6pJXIHrXECgYEAhJkaCpXm8chB8UQj/baUhZDKeI4IWZjRWHbq
+Ey7g1+hPMMOk6yCTlf1ARqyRH8u2ftuIL5bRhs+Te21IE5yVYOb4rxn0mZuXNC6S
+ujdTKwUMtESkeu9hZnaAQz/4J2ii1hY05WCDj+DhC4bKmY9/MYS8PuQb/kfwVqld
+Xr8tvrUCgYEAmslHocXBUFXyRDkEOx/aKo+t9fPBr95PBZzFUt9ejrTP4PXsLa46
+3/PNOCGdrQxh5qHHcvLwR4bPL++Dj+qMUTJXANrArKPDpE2WqH6pqWIC6yaZvzUk
+17QbpXR6bHcdJV045pWpw40UCStTocVynY1lBfOw8VqxBIBlpVBBzew=
+-----END RSA PRIVATE KEY-----

openssl/test/root-ca.key

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAOIvDiVb18eVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTYwODE0MTY1NjExWhcNMjYwODEyMTY1NjExWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEArVHWFn52Lbl1l59exduZntVSZyDYpzDND+S2LUcO6fRBWhV/1Kzox+2G
+ZptbuMGmfI3iAnb0CFT4uC3kBkQQlXonGATSVyaFTFR+jq/lc0SP+9Bd7SBXieIV
+eIXlY1TvlwIvj3Ntw9zX+scTA4SXxH6M0rKv9gTOub2vCMSHeF16X8DQr4XsZuQr
+7Cp7j1I4aqOJyap5JTl5ijmG8cnu0n+8UcRlBzy99dLWJG0AfI3VRJdWpGTNVZ92
+aFff3RpK3F/WI2gp3qV1ynRAKuvmncGC3LDvYfcc2dgsc1N6Ffq8GIrkgRob6eBc
+klDHp1d023Lwre+VaVDSo1//Y72UFwIDAQABo1AwTjAdBgNVHQ4EFgQUbNOlA6sN
+XyzJjYqciKeId7g3/ZowHwYDVR0jBBgwFoAUbNOlA6sNXyzJjYqciKeId7g3/Zow
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVVaR5QWLZIRR4Dw6TSBn
+BQiLpBSXN6oAxdDw6n4PtwW6CzydaA+creiK6LfwEsiifUfQe9f+T+TBSpdIYtMv
+Z2H2tjlFX8VrjUFvPrvn5c28CuLI0foBgY8XGSkR2YMYzWw2jPEq3Th/KM5Catn3
+AFm3bGKWMtGPR4v+90chEN0jzaAmJYRrVUh9vea27bOCn31Nse6XXQPmSI6Gyncy
+OAPUsvPClF3IjeL1tmBotWqSGn1cYxLo+Lwjk22A9h6vjcNQRyZF2VLVvtwYrNU3
+mwJ6GCLsLHpwW/yjyvn8iEltnJvByM/eeRnfXV6WDObyiZsE/n6DxIRJodQzFqy9
+GA==
+-----END CERTIFICATE-----