From 1e9667ea89cf1f52c65b4b70d1ef0dfd2770332e Mon Sep 17 00:00:00 2001
From: Erik Johnston <erikj@jki.re>
Date: Wed, 17 Feb 2016 22:04:49 +0000
Subject: [PATCH] Add support for SSL_CIPHER

---
 openssl-sys/src/lib.rs | 10 ++++++++
 openssl/src/ssl/mod.rs | 52 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index eb2717f3..5b57606f 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void;
 pub type EVP_MD = c_void;
 pub type EVP_PKEY_CTX = c_void;
 pub type SSL = c_void;
+pub type SSL_CIPHER = c_void;
 pub type SSL_CTX = c_void;
 pub type SSL_METHOD = c_void;
 pub type X509 = c_void;
@@ -649,6 +650,15 @@ extern "C" {
 
     pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
 
+    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
+
+    pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
+    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
+    pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
+    pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
+    pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int;
+    pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int;
+
     pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
     pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
     pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int,
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8e6d061d..f5605b60 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -769,6 +769,46 @@ impl SslContext {
     }
 }
 
+pub struct SslCipher {
+    cipher: *const ffi::SSL_CIPHER,
+}
+
+impl SslCipher {
+    pub fn name(&self) -> &'static str {
+        let name = unsafe {
+            let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
+            CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(name.to_bytes()).unwrap()
+    }
+
+    pub fn version(&self) -> &'static str {
+        let version = unsafe {
+            let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
+            CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(version.to_bytes()).unwrap()
+    }
+
+    pub fn bits(&self) -> (i32, i32) {
+        unsafe {
+            let mut algo_bits : c_int = 0;
+            let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits);
+            (actual_bits, algo_bits)
+        }
+    }
+
+    pub fn description(&self) -> String {
+        unsafe {
+            let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0);
+            String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap()
+        }
+    }
+}
+
+
 pub struct Ssl {
     ssl: *mut ffi::SSL,
 }
@@ -836,6 +876,18 @@ impl Ssl {
         }
     }
 
+    pub fn get_current_cipher(&self) -> Option<SslCipher> {
+        unsafe {
+            let ptr = ffi::SSL_get_current_cipher(self.ssl);
+
+            if ptr.is_null() {
+                None
+            } else {
+                Some(SslCipher{ cipher: ptr })
+            }
+        }
+    }
+
     pub fn state_string(&self) -> &'static str {
         let state = unsafe {
             let ptr = ffi::SSL_state_string(self.ssl);