min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #934 from sfackler/digest-algo 

Add some digest support
This commit is contained in:
Steven Fackler 2018-05-24 21:32:13 -07:00 committed by GitHub
parent 58da8757f1 a774c0c5f2
commit 4f3d72d98c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 110 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openssl-sys/src/lib.rs
View File

@ -1453,6 +1453,10 @@ pub unsafe fn BIO_set_retry_write(b: *mut BIO) {
BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY)
}
pub unsafe fn EVP_get_digestbynid(type_: c_int) -> *const EVP_MD {
EVP_get_digestbyname(OBJ_nid2sn(type_))
}
// EVP_PKEY_CTX_ctrl macros
pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int {
EVP_PKEY_CTX_ctrl(
@ -2103,6 +2107,8 @@ extern "C" {
no_name: c_int,
) -> c_int;
pub fn OBJ_nid2sn(nid: c_int) -> *const c_char;
pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int)
-> c_int;
pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP;
pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP);
@ -2840,6 +2846,7 @@ extern "C" {
);
pub fn EVP_MD_size(md: *const EVP_MD) -> c_int;
pub fn EVP_get_digestbyname(name: *const c_char) -> *const EVP_MD;
pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER;
pub fn SSL_set_connect_state(s: *mut SSL);

35
openssl/src/hash.rs
View File

@ -4,6 +4,10 @@ use std::io;
use std::io::prelude::*;
use std::ops::{Deref, DerefMut};
use error::ErrorStack;
use nid::Nid;
use {cvt, cvt_p};
cfg_if! {
if #[cfg(ossl110)] {
use ffi::{EVP_MD_CTX_free, EVP_MD_CTX_new};
@ -12,9 +16,6 @@ cfg_if! {
}
}
use error::ErrorStack;
use {cvt, cvt_p};
#[derive(Copy, Clone)]
pub struct MessageDigest(*const ffi::EVP_MD);
@ -23,6 +24,22 @@ impl MessageDigest {
MessageDigest(x)
}
/// Returns the `MessageDigest` corresponding to an `Nid`.
///
/// This corresponds to [`EVP_get_digestbynid`].
///
/// [`EVP_get_digestbynid`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html
pub fn from_nid(type_: Nid) -> Option<MessageDigest> {
unsafe {
let ptr = ffi::EVP_get_digestbynid(type_.as_raw());
if ptr.is_null() {
None
} else {
Some(MessageDigest(ptr))
}
}
}
pub fn md5() -> MessageDigest {
unsafe { MessageDigest(ffi::EVP_md5()) }
}
@ -234,8 +251,8 @@ impl Drop for Hasher {
/// store the digest data.
#[derive(Copy)]
pub struct DigestBytes {
buf: [u8; ffi::EVP_MAX_MD_SIZE as usize],
len: usize,
pub(crate) buf: [u8; ffi::EVP_MAX_MD_SIZE as usize],
pub(crate) len: usize,
}
impl Clone for DigestBytes {
@ -405,4 +422,12 @@ mod tests {
hash_test(MessageDigest::ripemd160(), test);
}
}
#[test]
fn from_nid() {
assert_eq!(
MessageDigest::from_nid(Nid::SHA256).unwrap().as_ptr(),
MessageDigest::sha256().as_ptr()
);
}
}

28
openssl/src/nid.rs
View File

@ -1,6 +1,7 @@
//! A collection of numerical identifiers for OpenSSL objects.
use ffi;
use libc::c_int;
use std::ptr;
/// A numerical identifier for an OpenSSL object.
///
@ -42,6 +43,20 @@ impl Nid {
self.0
}
/// Returns the `Nid` of the digest algorithm associated with a signature ID.
///
/// This corresponds to `OBJ_find_sigid_algs`.
pub fn digest_algorithm(&self) -> Option<Nid> {
unsafe {
let mut digest = 0;
if ffi::OBJ_find_sigid_algs(self.0, &mut digest, ptr::null_mut()) == 1 {
Some(Nid(digest))
} else {
None
}
}
}
pub const UNDEF: Nid = Nid(ffi::NID_undef);
pub const ITU_T: Nid = Nid(ffi::NID_itu_t);
pub const CCITT: Nid = Nid(ffi::NID_ccitt);
@ -991,3 +1006,16 @@ impl Nid {
pub const AES_192_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_192_cbc_hmac_sha1);
pub const AES_256_CBC_HMAC_SHA1: Nid = Nid(ffi::NID_aes_256_cbc_hmac_sha1);
}
#[cfg(test)]
mod test {
use super::Nid;
#[test]
fn signature_digest() {
assert_eq!(
Nid::SHA256WITHRSAENCRYPTION.digest_algorithm(),
Some(Nid::SHA256)
);
}
}

27
openssl/src/pkcs12.rs
View File

@ -3,15 +3,15 @@
use ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use libc::c_int;
use std::ptr;
use std::ffi::CString;
use std::ptr;
use {cvt, cvt_p};
use pkey::{HasPrivate, PKey, PKeyRef, Private};
use error::ErrorStack;
use x509::{X509, X509Ref};
use stack::Stack;
use nid::Nid;
use pkey::{HasPrivate, PKey, PKeyRef, Private};
use stack::Stack;
use x509::{X509, X509Ref};
use {cvt, cvt_p};
foreign_type_and_impl_send_sync! {
type CType = ffi::PKCS12;
@ -172,7 +172,8 @@ impl Pkcs12Builder {
let friendly_name = CString::new(friendly_name).unwrap();
let pkey = pkey.as_ptr();
let cert = cert.as_ptr();
let ca = self.ca
let ca = self
.ca
.as_ref()
.map(|ca| ca.as_ptr())
.unwrap_or(ptr::null_mut());
@ -206,11 +207,11 @@ mod test {
use hex;
use asn1::Asn1Time;
use rsa::Rsa;
use pkey::PKey;
use nid::Nid;
use x509::{X509, X509Name};
use pkey::PKey;
use rsa::Rsa;
use x509::extension::KeyUsage;
use x509::{X509, X509Name};
use super::*;
@ -221,14 +222,14 @@ mod test {
let parsed = pkcs12.parse("mypass").unwrap();
assert_eq!(
hex::encode(parsed.cert.fingerprint(MessageDigest::sha1()).unwrap()),
hex::encode(parsed.cert.digest(MessageDigest::sha1()).unwrap()),
"59172d9313e84459bcff27f967e79e6e9217e584"
);
let chain = parsed.chain.unwrap();
assert_eq!(chain.len(), 1);
assert_eq!(
hex::encode(chain[0].fingerprint(MessageDigest::sha1()).unwrap()),
hex::encode(chain[0].digest(MessageDigest::sha1()).unwrap()),
"c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"
);
}
@ -279,8 +280,8 @@ mod test {
let parsed = pkcs12.parse("mypass").unwrap();
assert_eq!(
parsed.cert.fingerprint(MessageDigest::sha1()).unwrap(),
cert.fingerprint(MessageDigest::sha1()).unwrap()
&*parsed.cert.digest(MessageDigest::sha1()).unwrap(),
&*cert.digest(MessageDigest::sha1()).unwrap()
);
assert!(parsed.pkey.public_eq(&pkey));
}

12
openssl/src/ssl/test.rs
View File

@ -295,8 +295,8 @@ run_test!(verify_callback_data, |method, stream| {
match cert {
None => false,
Some(cert) => {
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
fingerprint == node_id
let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
node_id == &*fingerprint
}
}
});
@ -323,8 +323,8 @@ run_test!(ssl_verify_callback, |method, stream| {
match x509.current_cert() {
None => false,
Some(cert) => {
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
fingerprint == node_id
let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
node_id == &*fingerprint
}
}
});
@ -424,10 +424,10 @@ run_test!(get_peer_certificate, |method, stream| {
let ctx = SslContext::builder(method).unwrap();
let stream = Ssl::new(&ctx.build()).unwrap().connect(stream).unwrap();
let cert = stream.ssl().peer_certificate().unwrap();
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
let node_id = Vec::from_hex(node_hash_str).unwrap();
assert_eq!(node_id, fingerprint)
assert_eq!(node_id, &*fingerprint)
});
#[test]

30
openssl/src/x509/mod.rs
View File

@ -25,7 +25,7 @@ use bio::MemBioSlice;
use conf::ConfRef;
use error::ErrorStack;
use ex_data::Index;
use hash::MessageDigest;
use hash::{DigestBytes, MessageDigest};
use nid::Nid;
use pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public};
use ssl::SslRef;
@ -447,23 +447,35 @@ impl X509Ref {
}
}
/// Returns certificate fingerprint calculated using provided hash
pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> {
/// Returns a digest of the DER representation of the certificate.
///
/// This corresponds to [`X509_digest`].
///
/// [`X509_digest`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_digest.html
pub fn digest(&self, hash_type: MessageDigest) -> Result<DigestBytes, ErrorStack> {
unsafe {
let evp = hash_type.as_ptr();
let mut digest = DigestBytes {
buf: [0; ffi::EVP_MAX_MD_SIZE as usize],
len: ffi::EVP_MAX_MD_SIZE as usize,
};
let mut len = ffi::EVP_MAX_MD_SIZE;
let mut buf = vec![0u8; len as usize];
cvt(ffi::X509_digest(
self.as_ptr(),
evp,
buf.as_mut_ptr() as *mut _,
hash_type.as_ptr(),
digest.buf.as_mut_ptr() as *mut _,
&mut len,
))?;
buf.truncate(len as usize);
Ok(buf)
digest.len = len as usize;
Ok(digest)
}
}
#[deprecated(since = "0.10.9", note = "renamed to digest")]
pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> {
self.digest(hash_type).map(|b| b.to_vec())
}
/// Returns the certificate's Not After validity period.
pub fn not_after(&self) -> &Asn1TimeRef {
unsafe {

8
openssl/src/x509/tests.rs
View File

@ -23,12 +23,12 @@ fn pkey() -> PKey<Private> {
fn test_cert_loading() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
let hash_vec = Vec::from_hex(hash_str).unwrap();
assert_eq!(fingerprint, hash_vec);
assert_eq!(hash_vec, &*fingerprint);
}
#[test]
@ -250,11 +250,11 @@ fn test_stack_from_pem() {
assert_eq!(certs.len(), 2);
assert_eq!(
hex::encode(certs[0].fingerprint(MessageDigest::sha1()).unwrap()),
hex::encode(certs[0].digest(MessageDigest::sha1()).unwrap()),
"59172d9313e84459bcff27f967e79e6e9217e584"
);
assert_eq!(
hex::encode(certs[1].fingerprint(MessageDigest::sha1()).unwrap()),
hex::encode(certs[1].digest(MessageDigest::sha1()).unwrap()),
"c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"
);
}