From 1e9667ea89cf1f52c65b4b70d1ef0dfd2770332e Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 17 Feb 2016 22:04:49 +0000 Subject: [PATCH 1/3] Add support for SSL_CIPHER --- openssl-sys/src/lib.rs | 10 ++++++++ openssl/src/ssl/mod.rs | 52 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index eb2717f3..5b57606f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void; pub type EVP_MD = c_void; pub type EVP_PKEY_CTX = c_void; pub type SSL = c_void; +pub type SSL_CIPHER = c_void; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; pub type X509 = c_void; @@ -649,6 +650,15 @@ extern "C" { pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; + pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; + + pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; + pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; + pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int; + pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int; + pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int, diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8e6d061d..f5605b60 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,6 +769,46 @@ impl SslContext { } } +pub struct SslCipher { + cipher: *const ffi::SSL_CIPHER, +} + +impl SslCipher { + pub fn name(&self) -> &'static str { + let name = unsafe { + let ptr = ffi::SSL_CIPHER_get_name(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(name.to_bytes()).unwrap() + } + + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_CIPHER_get_version(self.cipher); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + + pub fn bits(&self) -> (i32, i32) { + unsafe { + let mut algo_bits : c_int = 0; + let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits); + (actual_bits, algo_bits) + } + } + + pub fn description(&self) -> String { + unsafe { + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0); + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap() + } + } +} + + pub struct Ssl { ssl: *mut ffi::SSL, } @@ -836,6 +876,18 @@ impl Ssl { } } + pub fn get_current_cipher(&self) -> Option { + unsafe { + let ptr = ffi::SSL_get_current_cipher(self.ssl); + + if ptr.is_null() { + None + } else { + Some(SslCipher{ cipher: ptr }) + } + } + } + pub fn state_string(&self) -> &'static str { let state = unsafe { let ptr = ffi::SSL_state_string(self.ssl); From 04cbf049c06fbc9b244bdbe22f244c0bc6e9c8b0 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 18 Feb 2016 20:47:42 +0000 Subject: [PATCH 2/3] Add SSL_get_version --- openssl-sys/src/lib.rs | 3 +-- openssl/src/ssl/mod.rs | 53 +++++++++++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 5b57606f..eaa2188f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -643,6 +643,7 @@ extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; + pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char; pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char; @@ -656,8 +657,6 @@ extern "C" { pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int; pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char; - pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int; - pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int; pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX; pub fn SSL_CTX_free(ctx: *mut SSL_CTX); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index f5605b60..039a0514 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,11 +769,13 @@ impl SslContext { } } -pub struct SslCipher { +pub struct SslCipher<'a> { cipher: *const ffi::SSL_CIPHER, + ph: PhantomData<&'a ()>, } -impl SslCipher { +impl <'a> SslCipher<'a> { + /// Returns the name of cipher. pub fn name(&self) -> &'static str { let name = unsafe { let ptr = ffi::SSL_CIPHER_get_name(self.cipher); @@ -783,6 +785,7 @@ impl SslCipher { str::from_utf8(name.to_bytes()).unwrap() } + /// Returns the SSL/TLS protocol version that first defined the cipher. pub fn version(&self) -> &'static str { let version = unsafe { let ptr = ffi::SSL_CIPHER_get_version(self.cipher); @@ -792,18 +795,36 @@ impl SslCipher { str::from_utf8(version.to_bytes()).unwrap() } - pub fn bits(&self) -> (i32, i32) { + /// Returns the number of secret bits used for the cipher. + /// + /// The first element is the number of secret bits used for the cipher. + /// + /// The second element, if not None, is the number of bits processed by + /// the chosen algorithm, + pub fn bits(&self) -> (i32, Option) { unsafe { - let mut algo_bits : c_int = 0; - let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits); - (actual_bits, algo_bits) + let algo_bits : *mut c_int = ptr::null_mut(); + let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + if !algo_bits.is_null() { + (actual_bits, Some(*algo_bits)) + } else { + (actual_bits, None) + } } } - pub fn description(&self) -> String { + /// Returns a textual description of the cipher used + pub fn description(&self) -> Option { unsafe { - let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0); - String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap() + // SSL_CIPHER_description requires a buffer of at least 128 bytes. + let mut buf = [0i8; 128]; + let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128); + + if !desc_ptr.is_null() { + String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok() + } else { + None + } } } } @@ -876,14 +897,14 @@ impl Ssl { } } - pub fn get_current_cipher(&self) -> Option { + pub fn get_current_cipher<'a>(&'a self) -> Option> { unsafe { let ptr = ffi::SSL_get_current_cipher(self.ssl); if ptr.is_null() { None } else { - Some(SslCipher{ cipher: ptr }) + Some(SslCipher{ cipher: ptr, ph: PhantomData }) } } } @@ -933,6 +954,16 @@ impl Ssl { } } + /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc. + pub fn version(&self) -> &'static str { + let version = unsafe { + let ptr = ffi::SSL_get_version(self.ssl); + CStr::from_ptr(ptr as *const _) + }; + + str::from_utf8(version.to_bytes()).unwrap() + } + /// Returns the protocol selected by performing Next Protocol Negotiation, if any. /// /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client From 80ac6e54ac031658642b82b6730160a74dc16e59 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Mon, 29 Feb 2016 21:23:34 +0000 Subject: [PATCH 3/3] Make SSLCipher.bits() return a struct. --- openssl/src/ssl/mod.rs | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 039a0514..b4c73479 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -769,6 +769,15 @@ impl SslContext { } } + +pub struct CipherBits { + /// The number of secret bits used for the cipher. + pub secret: i32, + /// The number of bits processed by the chosen algorithm, if not None. + pub algorithm: Option, +} + + pub struct SslCipher<'a> { cipher: *const ffi::SSL_CIPHER, ph: PhantomData<&'a ()>, @@ -795,20 +804,15 @@ impl <'a> SslCipher<'a> { str::from_utf8(version.to_bytes()).unwrap() } - /// Returns the number of secret bits used for the cipher. - /// - /// The first element is the number of secret bits used for the cipher. - /// - /// The second element, if not None, is the number of bits processed by - /// the chosen algorithm, - pub fn bits(&self) -> (i32, Option) { + /// Returns the number of bits used for the cipher. + pub fn bits(&self) -> CipherBits { unsafe { let algo_bits : *mut c_int = ptr::null_mut(); - let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); + let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits); if !algo_bits.is_null() { - (actual_bits, Some(*algo_bits)) + CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) } } else { - (actual_bits, None) + CipherBits { secret: secret_bits, algorithm: None } } } }