Add support for reading extended key usage

- Add support for getting authority key id (sfackler#373)
- Add new test for reading X.509 extensions from a well-known cert
- Fix documentation for X509::authority_keyid
- Add support for key usage and subject keyid extensions
- Attempt to fix build errors on older versions of OpenSSL
- Rewrite X509::key_usage() to hopefully work on older versions of OpenSSL/LibreSSL
- Fix copy/paste error resulting in build failure on older OpenSSL/LibreSSL versions
- Import std::cmp and use mem::size_of instead of FQDN
- Add methods to X509 for enumerating generic extensions
- Fix issues raised during PR review

Author: landaire

openssl-sys/src/x509.rs

@@ -321,6 +321,10 @@ extern "C" {
     ) -> c_int;
 
     pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int;
+
+    pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_STRING;
+
+    pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT;
 }
 cfg_if! {
     if #[cfg(any(ossl110, libressl280))] {
@@ -331,6 +335,14 @@ cfg_if! {
                 crit: *mut c_int,
                 idx: *mut c_int,
             ) -> *mut c_void;
+
+            pub fn X509_get_ext_by_NID(ext: *const X509, nid: c_int, last_pos: c_int) -> c_int;
+
+            pub fn X509_get_ext(ext: *const X509, loc: c_int) -> *mut X509_EXTENSION;
+
+            pub fn X509_EXTENSION_get_critical(ext: *const X509_EXTENSION) -> c_int;
+
+            pub fn X509_get_ext_count(ext: *const X509) -> c_int;
         }
     } else {
         extern "C" {
@@ -340,6 +352,14 @@ cfg_if! {
                 crit: *mut c_int,
                 idx: *mut c_int,
             ) -> *mut c_void;
+
+            pub fn X509_EXTENSION_get_critical(ext: *mut X509_EXTENSION) -> c_int;
+
+            pub fn X509_get_ext_by_NID(ext: *mut X509, nid: c_int, last_pos: c_int) -> c_int;
+
+            pub fn X509_get_ext(ext: *mut X509, loc: c_int) -> *mut X509_EXTENSION;
+
+            pub fn X509_get_ext_count(ext: *mut X509) -> c_int;
         }
     }
 }

openssl-sys/src/x509v3.rs

@@ -27,6 +27,17 @@ extern "C" {
     pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME);
 }
 
+#[repr(C)]
+pub struct AUTHORITY_KEYID {
+    pub keyid: *mut ASN1_STRING,
+    pub issuer: *mut stack_st_GENERAL_NAME,
+    pub serial: *mut ASN1_INTEGER,
+}
+
+extern "C" {
+    pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID);
+}
+
 #[cfg(any(ossl102, libressl261))]
 pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1;
 #[cfg(any(ossl102, libressl261))]

openssl/src/asn1.rs

@@ -37,6 +37,7 @@ use bio::MemBio;
 use bn::{BigNum, BigNumRef};
 use error::ErrorStack;
 use nid::Nid;
+use stack::Stackable;
 use string::OpensslString;
 use {cvt, cvt_p};
 
@@ -342,18 +343,36 @@ impl fmt::Display for Asn1ObjectRef {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         unsafe {
             let mut buf = [0; 80];
+            // NOTE: `len` may be greater than the size of the buffer we provided, which would
+            // indicate that the result is truncated. See docs here:
+            // https://www.openssl.org/docs/man1.0.2/man3/OBJ_obj2txt.html
             let len = ffi::OBJ_obj2txt(
                 buf.as_mut_ptr() as *mut _,
                 buf.len() as c_int,
                 self.as_ptr(),
                 0,
             );
-            let s = str::from_utf8(&buf[..len as usize]).map_err(|_| fmt::Error)?;
+
+            if len < 0 {
+                return Err(fmt::Error {});
+            }
+
+            let len = if len as usize > buf.len() {
+                buf.len()
+            } else {
+                len as usize
+            };
+
+            let s = str::from_utf8(&buf[..len]).map_err(|_| fmt::Error)?;
             fmt.write_str(s)
         }
     }
 }
 
+impl Stackable for Asn1Object {
+    type StackType = ffi::stack_st_ASN1_OBJECT;
+}
+
 cfg_if! {
     if #[cfg(any(ossl110, libressl273))] {
         use ffi::ASN1_STRING_get0_data;