diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index eb2717f3..eaa2188f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void; pub type EVP_MD = c_void; pub type EVP_PKEY_CTX = c_void; pub type SSL = c_void; +pub type SSL_CIPHER = c_void; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; pub type X509 = c_void; @@ -642,6 +643,7 @@ extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; @@ -649,6 +651,13 @@ extern "C" { pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; + pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; + + pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; + pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8e6d061d..b4c73479 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,6 +769,71 @@ impl SslContext { } } + +pub struct CipherBits { + /// The number of secret bits used for the cipher. + pub secret: i32, + /// The number of bits processed by the chosen algorithm, if not None. + pub algorithm: Option, +} + + +pub struct SslCipher<'a> { + cipher: *const ffi::SSL_CIPHER, + ph: PhantomData<&'a ()>, +} + +impl <'a> SslCipher<'a> { + /// Returns the name of cipher. + pub fn name(&self) -> &'static str { + let name = unsafe { + let ptr = ffi::SSL_CIPHER_get_name(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(name.to_bytes()).unwrap() + } + + /// Returns the SSL/TLS protocol version that first defined the cipher. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_CIPHER_get_version(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + + /// Returns the number of bits used for the cipher. + pub fn bits(&self) -> CipherBits { + unsafe { + let algo_bits : *mut c_int = ptr::null_mut(); + let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + if !algo_bits.is_null() { + CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } + } else { + CipherBits { secret: secret_bits, algorithm: None } + } + } + } + + /// Returns a textual description of the cipher used + pub fn description(&self) -> Option { + unsafe { + // SSL_CIPHER_description requires a buffer of at least 128 bytes. + let mut buf = [0i8; 128]; + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128); + + if !desc_ptr.is_null() { + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok() + } else { + None + } + } + } +} + + pub struct Ssl { ssl: *mut ffi::SSL, } @@ -836,6 +901,18 @@ impl Ssl { } } + pub fn get_current_cipher<'a>(&'a self) -> Option> { + unsafe { + let ptr = ffi::SSL_get_current_cipher(self.ssl); + + if ptr.is_null() { + None + } else { + Some(SslCipher{ cipher: ptr, ph: PhantomData }) + } + } + } + pub fn state_string(&self) -> &'static str { let state = unsafe { let ptr = ffi::SSL_state_string(self.ssl); @@ -881,6 +958,16 @@ impl Ssl { } } + /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + /// Returns the protocol selected by performing Next Protocol Negotiation, if any. /// /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client