From c171be551ac8d22c91cbf550e21215ae2c8b6abc Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sat, 15 Oct 2016 15:23:29 -0700 Subject: [PATCH] De-enumify message digests --- openssl/src/crypto/hash.rs | 112 +++++++++++++++++++---------------- openssl/src/crypto/pkcs12.rs | 6 +- openssl/src/crypto/pkcs5.rs | 25 ++++---- openssl/src/crypto/sign.rs | 43 +++++++------- openssl/src/lib.rs | 7 --- openssl/src/ssl/tests/mod.rs | 12 ++-- openssl/src/x509/mod.rs | 23 ++++--- openssl/src/x509/tests.rs | 6 +- 8 files changed, 116 insertions(+), 118 deletions(-) diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs index e3bf4997..2fa75807 100644 --- a/openssl/src/crypto/hash.rs +++ b/openssl/src/crypto/hash.rs @@ -8,48 +8,57 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free}; #[cfg(any(ossl101, ossl102))] use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; -use HashTypeInternals; use error::ErrorStack; -use nid::Nid; -/// Message digest (hash) type. #[derive(Copy, Clone)] -pub enum Type { - MD5, - SHA1, - SHA224, - SHA256, - SHA384, - SHA512, - RIPEMD160, -} +pub struct MessageDigest(*const ffi::EVP_MD); -impl HashTypeInternals for Type { - fn as_nid(&self) -> Nid { - match *self { - Type::MD5 => Nid::MD5, - Type::SHA1 => Nid::SHA1, - Type::SHA224 => Nid::SHA224, - Type::SHA256 => Nid::SHA256, - Type::SHA384 => Nid::SHA384, - Type::SHA512 => Nid::SHA512, - Type::RIPEMD160 => Nid::RIPEMD160, +impl MessageDigest { + pub fn md5() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_md5()) } } - fn evp_md(&self) -> *const ffi::EVP_MD { + pub fn sha1() -> MessageDigest { unsafe { - match *self { - Type::MD5 => ffi::EVP_md5(), - Type::SHA1 => ffi::EVP_sha1(), - Type::SHA224 => ffi::EVP_sha224(), - Type::SHA256 => ffi::EVP_sha256(), - Type::SHA384 => ffi::EVP_sha384(), - Type::SHA512 => ffi::EVP_sha512(), - Type::RIPEMD160 => ffi::EVP_ripemd160(), - } + MessageDigest(ffi::EVP_sha1()) } } + + pub fn sha224() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_sha224()) + } + } + + pub fn sha256() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_sha256()) + } + } + + pub fn sha384() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_sha384()) + } + } + + pub fn sha512() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_sha512()) + } + } + + pub fn ripemd160() -> MessageDigest { + unsafe { + MessageDigest(ffi::EVP_ripemd160()) + } + } + + pub fn as_ptr(&self) -> *const ffi::EVP_MD { + self.0 + } } #[derive(PartialEq, Copy, Clone)] @@ -68,20 +77,22 @@ use self::State::*; /// Calculate a hash in one go. /// /// ``` -/// use openssl::crypto::hash::{hash, Type}; +/// use openssl::crypto::hash::{hash, MessageDigest}; +/// /// let data = b"\x42\xF4\x97\xE0"; /// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2"; -/// let res = hash(Type::MD5, data).unwrap(); +/// let res = hash(MessageDigest::md5(), data).unwrap(); /// assert_eq!(res, spec); /// ``` /// /// Use the `Write` trait to supply the input in chunks. /// /// ``` -/// use openssl::crypto::hash::{Hasher, Type}; +/// use openssl::crypto::hash::{Hasher, MessageDigest}; +/// /// let data = [b"\x42\xF4", b"\x97\xE0"]; /// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2"; -/// let mut h = Hasher::new(Type::MD5).unwrap(); +/// let mut h = Hasher::new(MessageDigest::md5()).unwrap(); /// h.update(data[0]).unwrap(); /// h.update(data[1]).unwrap(); /// let res = h.finish().unwrap(); @@ -96,21 +107,20 @@ use self::State::*; pub struct Hasher { ctx: *mut ffi::EVP_MD_CTX, md: *const ffi::EVP_MD, - type_: Type, + type_: MessageDigest, state: State, } impl Hasher { /// Creates a new `Hasher` with the specified hash type. - pub fn new(ty: Type) -> Result { + pub fn new(ty: MessageDigest) -> Result { ffi::init(); let ctx = unsafe { try_ssl_null!(EVP_MD_CTX_new()) }; - let md = ty.evp_md(); let mut h = Hasher { ctx: ctx, - md: md, + md: ty.as_ptr(), type_: ty, state: Finalized, }; @@ -204,7 +214,7 @@ impl Drop for Hasher { } /// Computes the hash of the `data` with the hash `t`. -pub fn hash(t: Type, data: &[u8]) -> Result, ErrorStack> { +pub fn hash(t: MessageDigest, data: &[u8]) -> Result, ErrorStack> { let mut h = try!(Hasher::new(t)); try!(h.update(data)); h.finish() @@ -213,10 +223,10 @@ pub fn hash(t: Type, data: &[u8]) -> Result, ErrorStack> { #[cfg(test)] mod tests { use serialize::hex::{FromHex, ToHex}; - use super::{hash, Hasher, Type}; + use super::{hash, Hasher, MessageDigest}; use std::io::prelude::*; - fn hash_test(hashtype: Type, hashtest: &(&str, &str)) { + fn hash_test(hashtype: MessageDigest, hashtest: &(&str, &str)) { let res = hash(hashtype, &*hashtest.0.from_hex().unwrap()).unwrap(); assert_eq!(res.to_hex(), hashtest.1); } @@ -259,13 +269,13 @@ mod tests { #[test] fn test_md5() { for test in md5_tests.iter() { - hash_test(Type::MD5, test); + hash_test(MessageDigest::md5(), test); } } #[test] fn test_md5_recycle() { - let mut h = Hasher::new(Type::MD5).unwrap(); + let mut h = Hasher::new(MessageDigest::md5()).unwrap(); for test in md5_tests.iter() { hash_recycle_test(&mut h, test); } @@ -273,11 +283,11 @@ mod tests { #[test] fn test_finish_twice() { - let mut h = Hasher::new(Type::MD5).unwrap(); + let mut h = Hasher::new(MessageDigest::md5()).unwrap(); h.write_all(&*md5_tests[6].0.from_hex().unwrap()).unwrap(); h.finish().unwrap(); let res = h.finish().unwrap(); - let null = hash(Type::MD5, &[]).unwrap(); + let null = hash(MessageDigest::md5(), &[]).unwrap(); assert_eq!(res, null); } @@ -287,7 +297,7 @@ mod tests { let inp = md5_tests[i].0.from_hex().unwrap(); assert!(inp.len() > 2); let p = inp.len() / 2; - let h0 = Hasher::new(Type::MD5).unwrap(); + let h0 = Hasher::new(MessageDigest::md5()).unwrap(); println!("Clone a new hasher"); let mut h1 = h0.clone(); @@ -315,7 +325,7 @@ mod tests { let tests = [("616263", "a9993e364706816aba3e25717850c26c9cd0d89d")]; for test in tests.iter() { - hash_test(Type::SHA1, test); + hash_test(MessageDigest::sha1(), test); } } @@ -325,7 +335,7 @@ mod tests { "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")]; for test in tests.iter() { - hash_test(Type::SHA256, test); + hash_test(MessageDigest::sha256(), test); } } @@ -334,7 +344,7 @@ mod tests { let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")]; for test in tests.iter() { - hash_test(Type::RIPEMD160, test); + hash_test(MessageDigest::ripemd160(), test); } } } diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs index 5f03a3d5..b028f29d 100644 --- a/openssl/src/crypto/pkcs12.rs +++ b/openssl/src/crypto/pkcs12.rs @@ -97,7 +97,7 @@ mod compat { #[cfg(test)] mod test { - use crypto::hash::Type::SHA1; + use crypto::hash::MessageDigest; use serialize::hex::ToHex; use super::*; @@ -108,11 +108,11 @@ mod test { let pkcs12 = Pkcs12::from_der(der).unwrap(); let parsed = pkcs12.parse("mypass").unwrap(); - assert_eq!(parsed.cert.fingerprint(SHA1).unwrap().to_hex(), + assert_eq!(parsed.cert.fingerprint(MessageDigest::sha1()).unwrap().to_hex(), "59172d9313e84459bcff27f967e79e6e9217e584"); assert_eq!(parsed.chain.len(), 1); - assert_eq!(parsed.chain[0].fingerprint(SHA1).unwrap().to_hex(), + assert_eq!(parsed.chain[0].fingerprint(MessageDigest::sha1()).unwrap().to_hex(), "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"); } } diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs index adcbc9db..56ce3e26 100644 --- a/openssl/src/crypto/pkcs5.rs +++ b/openssl/src/crypto/pkcs5.rs @@ -2,8 +2,7 @@ use libc::c_int; use std::ptr; use ffi; -use HashTypeInternals; -use crypto::hash; +use crypto::hash::MessageDigest; use crypto::symm; use error::ErrorStack; @@ -24,7 +23,7 @@ pub struct KeyIvPair { /// New applications should not use this and instead use `pbkdf2_hmac_sha1` or /// another more modern key derivation algorithm. pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, - message_digest_type: hash::Type, + message_digest_type: MessageDigest, data: &[u8], salt: Option<&[u8]>, count: u32) @@ -41,7 +40,7 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, ffi::init(); let typ = typ.as_ptr(); - let message_digest_type = message_digest_type.evp_md(); + let message_digest_type = message_digest_type.as_ptr(); let len = ffi::EVP_BytesToKey(typ, message_digest_type, @@ -97,7 +96,7 @@ pub fn pbkdf2_hmac_sha1(pass: &[u8], pub fn pbkdf2_hmac(pass: &[u8], salt: &[u8], iter: usize, - hash: hash::Type, + hash: MessageDigest, keylen: usize) -> Result, ErrorStack> { unsafe { @@ -108,7 +107,7 @@ pub fn pbkdf2_hmac(pass: &[u8], salt.as_ptr(), salt.len() as c_int, iter as c_int, - hash.evp_md(), + hash.as_ptr(), keylen as c_int, out.as_mut_ptr())); Ok(out) @@ -117,7 +116,7 @@ pub fn pbkdf2_hmac(pass: &[u8], #[cfg(test)] mod tests { - use crypto::hash; + use crypto::hash::MessageDigest; use crypto::symm; // Test vectors from @@ -162,11 +161,11 @@ mod tests { // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] fn test_pbkdf2_hmac_sha256() { - assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, hash::Type::SHA256, 16).unwrap(), + assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), 16).unwrap(), vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]); - assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, hash::Type::SHA256, 16).unwrap(), + assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), 16).unwrap(), vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]); } @@ -175,7 +174,7 @@ mod tests { // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] fn test_pbkdf2_hmac_sha512() { - assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, hash::Type::SHA512, 64).unwrap(), + assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), 64).unwrap(), vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, @@ -185,7 +184,7 @@ mod tests { 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]); - assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, hash::Type::SHA512, 64).unwrap(), + assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), 64).unwrap(), vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, @@ -198,7 +197,7 @@ mod tests { assert_eq!(super::pbkdf2_hmac(b"passwordPASSWORDpassword", b"salt\0\0\0", 50, - hash::Type::SHA512, + MessageDigest::sha512(), 64).unwrap(), vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, @@ -230,7 +229,7 @@ mod tests { 0_u8, 0_u8, 0_u8]; assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(symm::Type::AES_256_CBC, - hash::Type::SHA1, + MessageDigest::sha1(), &data, Some(&salt), 1).unwrap(), diff --git a/openssl/src/crypto/sign.rs b/openssl/src/crypto/sign.rs index 24078fdc..fdedd4d5 100644 --- a/openssl/src/crypto/sign.rs +++ b/openssl/src/crypto/sign.rs @@ -13,7 +13,7 @@ //! use openssl::crypto::sign::{Signer, Verifier}; //! use openssl::crypto::rsa::RSA; //! use openssl::crypto::pkey::PKey; -//! use openssl::crypto::hash::Type; +//! use openssl::crypto::hash::MessageDigest; //! //! // Generate a keypair //! let keypair = RSA::generate(2048).unwrap(); @@ -23,13 +23,13 @@ //! let data2 = b"hola, mundo!"; //! //! // Sign the data -//! let mut signer = Signer::new(Type::SHA256, &keypair).unwrap(); +//! let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap(); //! signer.update(data).unwrap(); //! signer.update(data2).unwrap(); //! let signature = signer.finish().unwrap(); //! //! // Verify the data -//! let mut verifier = Verifier::new(Type::SHA256, &keypair).unwrap(); +//! let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap(); //! verifier.update(data).unwrap(); //! verifier.update(data2).unwrap(); //! assert!(verifier.finish(&signature).unwrap()); @@ -40,7 +40,7 @@ //! ```rust //! use openssl::crypto::sign::Signer; //! use openssl::crypto::pkey::PKey; -//! use openssl::crypto::hash::Type; +//! use openssl::crypto::hash::MessageDigest; //! //! // Create a PKey //! let key = PKey::hmac(b"my secret").unwrap(); @@ -49,7 +49,7 @@ //! let data2 = b"hola, mundo!"; //! //! // Compute the HMAC -//! let mut signer = Signer::new(Type::SHA256, &key).unwrap(); +//! let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap(); //! signer.update(data).unwrap(); //! signer.update(data2).unwrap(); //! let hmac = signer.finish().unwrap(); @@ -59,8 +59,7 @@ use std::io::{self, Write}; use std::marker::PhantomData; use std::ptr; -use HashTypeInternals; -use crypto::hash::Type; +use crypto::hash::MessageDigest; use crypto::pkey::PKey; use error::ErrorStack; @@ -80,14 +79,14 @@ impl<'a> Drop for Signer<'a> { } impl<'a> Signer<'a> { - pub fn new(type_: Type, pkey: &'a PKey) -> Result, ErrorStack> { + pub fn new(type_: MessageDigest, pkey: &'a PKey) -> Result, ErrorStack> { unsafe { ffi::init(); let ctx = try_ssl_null!(EVP_MD_CTX_new()); let r = ffi::EVP_DigestSignInit(ctx, ptr::null_mut(), - type_.evp_md(), + type_.as_ptr(), ptr::null_mut(), pkey.as_ptr()); if r != 1 { @@ -142,14 +141,14 @@ impl<'a> Drop for Verifier<'a> { } impl<'a> Verifier<'a> { - pub fn new(type_: Type, pkey: &'a PKey) -> Result, ErrorStack> { + pub fn new(type_: MessageDigest, pkey: &'a PKey) -> Result, ErrorStack> { unsafe { ffi::init(); let ctx = try_ssl_null!(EVP_MD_CTX_new()); let r = ffi::EVP_DigestVerifyInit(ctx, ptr::null_mut(), - type_.evp_md(), + type_.as_ptr(), ptr::null_mut(), pkey.as_ptr()); if r != 1 { @@ -212,7 +211,7 @@ mod test { use serialize::hex::FromHex; use std::iter; - use crypto::hash::Type; + use crypto::hash::MessageDigest; use crypto::sign::{Signer, Verifier}; use crypto::rsa::RSA; use crypto::dsa::DSA; @@ -248,7 +247,7 @@ mod test { let private_key = RSA::private_key_from_pem(key).unwrap(); let pkey = PKey::from_rsa(private_key).unwrap(); - let mut signer = Signer::new(Type::SHA256, &pkey).unwrap(); + let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); signer.update(INPUT).unwrap(); let result = signer.finish().unwrap(); @@ -261,7 +260,7 @@ mod test { let private_key = RSA::private_key_from_pem(key).unwrap(); let pkey = PKey::from_rsa(private_key).unwrap(); - let mut verifier = Verifier::new(Type::SHA256, &pkey).unwrap(); + let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); verifier.update(INPUT).unwrap(); assert!(verifier.finish(SIGNATURE).unwrap()); } @@ -272,7 +271,7 @@ mod test { let private_key = RSA::private_key_from_pem(key).unwrap(); let pkey = PKey::from_rsa(private_key).unwrap(); - let mut verifier = Verifier::new(Type::SHA256, &pkey).unwrap(); + let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); verifier.update(INPUT).unwrap(); verifier.update(b"foobar").unwrap(); assert!(!verifier.finish(SIGNATURE).unwrap()); @@ -292,11 +291,11 @@ mod test { PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap() }; - let mut signer = Signer::new(Type::SHA1, &private_key).unwrap(); + let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap(); signer.update(&input).unwrap(); let sig = signer.finish().unwrap(); - let mut verifier = Verifier::new(Type::SHA1, &public_key).unwrap(); + let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap(); verifier.update(&input).unwrap(); assert!(verifier.finish(&sig).unwrap()); } @@ -315,12 +314,12 @@ mod test { PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap() }; - let mut signer = Signer::new(Type::SHA1, &private_key).unwrap(); + let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap(); signer.update(&input).unwrap(); let mut sig = signer.finish().unwrap(); sig[0] -= 1; - let mut verifier = Verifier::new(Type::SHA1, &public_key).unwrap(); + let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap(); verifier.update(&input).unwrap(); match verifier.finish(&sig) { Ok(true) => panic!("unexpected success"), @@ -328,7 +327,7 @@ mod test { } } - fn test_hmac(ty: Type, tests: &[(Vec, Vec, Vec)]) { + fn test_hmac(ty: MessageDigest, tests: &[(Vec, Vec, Vec)]) { for &(ref key, ref data, ref res) in tests.iter() { let pkey = PKey::hmac(key).unwrap(); let mut signer = Signer::new(ty, &pkey).unwrap(); @@ -365,7 +364,7 @@ mod test { .to_vec(), "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; - test_hmac(Type::MD5, &tests); + test_hmac(MessageDigest::md5(), &tests); } #[test] @@ -396,6 +395,6 @@ mod test { .to_vec(), "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())]; - test_hmac(Type::SHA1, &tests); + test_hmac(MessageDigest::sha1(), &tests); } } diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index aa34753c..62968742 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -16,8 +16,6 @@ extern crate tempdir; #[doc(inline)] pub use ffi::init; -use nid::Nid; - mod macros; pub mod asn1; @@ -30,8 +28,3 @@ pub mod nid; pub mod ssl; pub mod version; pub mod x509; - -trait HashTypeInternals { - fn as_nid(&self) -> Nid; - fn evp_md(&self) -> *const ffi::EVP_MD; -} diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index ce1ba8ca..284f5c78 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -14,7 +14,7 @@ use std::time::Duration; use tempdir::TempDir; -use crypto::hash::Type::SHA256; +use crypto::hash::MessageDigest; use ssl; use ssl::SSL_VERIFY_PEER; use ssl::SslMethod::Tls; @@ -171,7 +171,7 @@ macro_rules! run_test( use ssl::SslMethod; use ssl::{SslContext, Ssl, SslStream}; use ssl::SSL_VERIFY_PEER; - use crypto::hash::Type::{SHA1, SHA256}; + use crypto::hash::MessageDigest; use x509::X509StoreContext; use serialize::hex::FromHex; use super::Server; @@ -314,7 +314,7 @@ run_test!(verify_callback_data, |method, stream| { match cert { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA1).unwrap(); + let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); fingerprint == node_id } } @@ -343,7 +343,7 @@ run_test!(ssl_verify_callback, |method, stream| { match x509.current_cert() { None => false, Some(cert) => { - let fingerprint = cert.fingerprint(SHA1).unwrap(); + let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); fingerprint == node_id } } @@ -440,7 +440,7 @@ fn test_write_direct() { run_test!(get_peer_certificate, |method, stream| { let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap(); let cert = stream.ssl().peer_certificate().unwrap(); - let fingerprint = cert.fingerprint(SHA1).unwrap(); + let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let node_id = node_hash_str.from_hex().unwrap(); assert_eq!(node_id, fingerprint) @@ -797,7 +797,7 @@ mod dtlsv1 { use std::net::TcpStream; use std::thread; - use crypto::hash::Type::SHA256; + use crypto::hash::MessageDigest; use ssl::SslMethod; use ssl::SslMethod::Dtls; use ssl::{SslContext, SslStream}; diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 9fed94e2..c429b486 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -10,13 +10,10 @@ use std::slice; use std::collections::HashMap; use std::marker::PhantomData; -use HashTypeInternals; use asn1::Asn1Time; use asn1::Asn1TimeRef; - use bio::{MemBio, MemBioSlice}; -use crypto::hash; -use crypto::hash::Type as HashType; +use crypto::hash::MessageDigest; use crypto::pkey::PKey; use crypto::rand::rand_bytes; use ffi; @@ -129,7 +126,7 @@ impl X509StoreContext { /// # Example /// /// ``` -/// use openssl::crypto::hash::Type; +/// use openssl::crypto::hash::MessageDigest; /// use openssl::crypto::pkey::PKey; /// use openssl::crypto::rsa::RSA; /// use openssl::x509::X509Generator; @@ -141,7 +138,7 @@ impl X509StoreContext { /// let gen = X509Generator::new() /// .set_valid_period(365*2) /// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned()) -/// .set_sign_hash(Type::SHA256) +/// .set_sign_hash(MessageDigest::sha256()) /// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature])); /// /// let cert = gen.sign(&pkey).unwrap(); @@ -152,7 +149,7 @@ pub struct X509Generator { days: u32, names: Vec<(String, String)>, extensions: Extensions, - hash_type: HashType, + hash_type: MessageDigest, } impl X509Generator { @@ -168,7 +165,7 @@ impl X509Generator { days: 365, names: vec![], extensions: Extensions::new(), - hash_type: HashType::SHA1, + hash_type: MessageDigest::sha1(), } } @@ -239,7 +236,7 @@ impl X509Generator { self } - pub fn set_sign_hash(mut self, hash_type: hash::Type) -> X509Generator { + pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator { self.hash_type = hash_type; self } @@ -358,7 +355,7 @@ impl X509Generator { &ext.to_string())); } - let hash_fn = self.hash_type.evp_md(); + let hash_fn = self.hash_type.as_ptr(); try_ssl!(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn)); Ok(x509) } @@ -380,7 +377,7 @@ impl X509Generator { try_ssl!(ffi::X509_REQ_add_extensions(req, exts as *mut _)); } - let hash_fn = self.hash_type.evp_md(); + let hash_fn = self.hash_type.as_ptr(); try_ssl!(ffi::X509_REQ_sign(req, p_key.as_ptr(), hash_fn)); Ok(X509Req::new(req)) @@ -438,9 +435,9 @@ impl<'a> X509Ref<'a> { } /// Returns certificate fingerprint calculated using provided hash - pub fn fingerprint(&self, hash_type: hash::Type) -> Result, ErrorStack> { + pub fn fingerprint(&self, hash_type: MessageDigest) -> Result, ErrorStack> { unsafe { - let evp = hash_type.evp_md(); + let evp = hash_type.as_ptr(); let mut len = ffi::EVP_MAX_MD_SIZE; let mut buf = vec![0u8; len as usize]; try_ssl!(ffi::X509_digest(self.0, evp, buf.as_mut_ptr() as *mut _, &mut len)); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 07d9e1d4..afb06408 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1,6 +1,6 @@ use serialize::hex::FromHex; -use crypto::hash::Type::SHA1; +use crypto::hash::MessageDigest; use crypto::pkey::PKey; use crypto::rsa::RSA; use x509::{X509, X509Generator}; @@ -14,7 +14,7 @@ fn get_generator() -> X509Generator { X509Generator::new() .set_valid_period(365 * 2) .add_name("CN".to_string(), "test_me".to_string()) - .set_sign_hash(SHA1) + .set_sign_hash(MessageDigest::sha1()) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, @@ -83,7 +83,7 @@ fn test_req_gen() { fn test_cert_loading() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); - let fingerprint = cert.fingerprint(SHA1).unwrap(); + let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let hash_vec = hash_str.from_hex().unwrap();