mirror of https://github.com/ctz/rustls
Track upstream movement of Input.
This commit is contained in:
parent
b79cfc2409
commit
c40b100de6
|
@ -4,6 +4,7 @@ version = "0.1.0"
|
||||||
authors = ["Joseph Birr-Pixton <jpixton@gmail.com>"]
|
authors = ["Joseph Birr-Pixton <jpixton@gmail.com>"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
untrusted = { version = "0.1.0", git = "https://github.com/briansmith/untrusted" }
|
||||||
ring = { version = "0.1.0", git = "https://github.com/briansmith/ring" }
|
ring = { version = "0.1.0", git = "https://github.com/briansmith/ring" }
|
||||||
|
|
||||||
# pointed at my fork for the moment
|
# pointed at my fork for the moment
|
||||||
|
|
|
@ -6,6 +6,7 @@ use msgs::base::{Payload, PayloadU8};
|
||||||
use msgs::codec::{Reader, Codec};
|
use msgs::codec::{Reader, Codec};
|
||||||
|
|
||||||
extern crate ring;
|
extern crate ring;
|
||||||
|
extern crate untrusted;
|
||||||
|
|
||||||
#[allow(non_camel_case_types)]
|
#[allow(non_camel_case_types)]
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -45,7 +46,7 @@ impl KeyExchangeResult {
|
||||||
let secret = ring::agreement::agree_ephemeral(
|
let secret = ring::agreement::agree_ephemeral(
|
||||||
ours,
|
ours,
|
||||||
alg,
|
alg,
|
||||||
ring::input::Input::new(&ecdh_params.public.body).unwrap(),
|
untrusted::Input::new(&ecdh_params.public.body).unwrap(),
|
||||||
(),
|
(),
|
||||||
|v| { let mut r = Vec::new(); r.extend_from_slice(v); Ok(r) }
|
|v| { let mut r = Vec::new(); r.extend_from_slice(v); Ok(r) }
|
||||||
);
|
);
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
extern crate webpki;
|
extern crate webpki;
|
||||||
extern crate ring;
|
extern crate ring;
|
||||||
extern crate time;
|
extern crate time;
|
||||||
|
extern crate untrusted;
|
||||||
use ring::input::Input;
|
|
||||||
|
|
||||||
use msgs::handshake::ASN1Cert;
|
use msgs::handshake::ASN1Cert;
|
||||||
use msgs::handshake::DigitallySignedStruct;
|
use msgs::handshake::DigitallySignedStruct;
|
||||||
|
@ -69,7 +68,7 @@ impl RootCertStore {
|
||||||
/// Add a single DER-encoded certificate to the store.
|
/// Add a single DER-encoded certificate to the store.
|
||||||
pub fn add(&mut self, der: &[u8]) -> Result<(), webpki::Error> {
|
pub fn add(&mut self, der: &[u8]) -> Result<(), webpki::Error> {
|
||||||
let ta = try!(
|
let ta = try!(
|
||||||
webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::new(der).unwrap())
|
webpki::trust_anchor_util::cert_der_as_trust_anchor(untrusted::Input::new(der).unwrap())
|
||||||
);
|
);
|
||||||
|
|
||||||
let ota = OwnedTrustAnchor::from_trust_anchor(&ta);
|
let ota = OwnedTrustAnchor::from_trust_anchor(&ta);
|
||||||
|
@ -121,11 +120,11 @@ pub fn verify_cert(roots: &RootCertStore,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* EE cert must appear first. */
|
/* EE cert must appear first. */
|
||||||
let ee = Input::new(&presented_certs[0].body).unwrap();
|
let ee = untrusted::Input::new(&presented_certs[0].body).unwrap();
|
||||||
|
|
||||||
let chain: Vec<Input> = presented_certs.iter()
|
let chain: Vec<untrusted::Input> = presented_certs.iter()
|
||||||
.skip(1)
|
.skip(1)
|
||||||
.map(|cert| Input::new(&cert.body).unwrap())
|
.map(|cert| untrusted::Input::new(&cert.body).unwrap())
|
||||||
.collect();
|
.collect();
|
||||||
|
|
||||||
let trustroots: Vec<webpki::TrustAnchor> = roots.roots.iter()
|
let trustroots: Vec<webpki::TrustAnchor> = roots.roots.iter()
|
||||||
|
@ -138,7 +137,7 @@ pub fn verify_cert(roots: &RootCertStore,
|
||||||
ee,
|
ee,
|
||||||
time::get_time())
|
time::get_time())
|
||||||
.and_then(|_| webpki::verify_cert_dns_name(ee,
|
.and_then(|_| webpki::verify_cert_dns_name(ee,
|
||||||
Input::new(dns_name.as_bytes()).unwrap()))
|
untrusted::Input::new(dns_name.as_bytes()).unwrap()))
|
||||||
.map_err(|err| HandshakeError::WebPKIError(err))
|
.map_err(|err| HandshakeError::WebPKIError(err))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -181,16 +180,16 @@ pub fn verify_kx(message: &[u8],
|
||||||
let alg = try!(convert_alg(&dss.alg));
|
let alg = try!(convert_alg(&dss.alg));
|
||||||
|
|
||||||
let signed_data = webpki::signed_data::SignedData {
|
let signed_data = webpki::signed_data::SignedData {
|
||||||
data: Input::new(message).unwrap(),
|
data: untrusted::Input::new(message).unwrap(),
|
||||||
algorithm: Input::new(alg).unwrap(),
|
algorithm: untrusted::Input::new(alg).unwrap(),
|
||||||
signature: Input::new(&dss.sig.body).unwrap()
|
signature: untrusted::Input::new(&dss.sig.body).unwrap()
|
||||||
};
|
};
|
||||||
|
|
||||||
let cert = try!(webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::new(&cert.body).unwrap())
|
let cert = try!(webpki::trust_anchor_util::cert_der_as_trust_anchor(untrusted::Input::new(&cert.body).unwrap())
|
||||||
.map_err(|err| HandshakeError::WebPKIError(err)));
|
.map_err(|err| HandshakeError::WebPKIError(err)));
|
||||||
|
|
||||||
webpki::signed_data::verify_signed_data(&SUPPORTED_SIG_ALGS,
|
webpki::signed_data::verify_signed_data(&SUPPORTED_SIG_ALGS,
|
||||||
Input::new(cert.spki).unwrap(),
|
untrusted::Input::new(cert.spki).unwrap(),
|
||||||
&signed_data)
|
&signed_data)
|
||||||
.map_err(|err| HandshakeError::WebPKIError(err))
|
.map_err(|err| HandshakeError::WebPKIError(err))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue