Merge pull request #875 from Ralith/hash-extras

Expose cipher digests and digest sizes
2018-03-16 22:00:59 -07:00 · 2018-03-16 22:00:59 -07:00 · cf658e4c5c
parent 66a2ad76b7 09b1fe9a0d
commit cf658e4c5c
6 changed files with 52 additions and 0 deletions
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -2112,6 +2112,7 @@ extern "C" {
        a: *const ASN1_OBJECT,
        no_name: c_int,
    ) -> c_int;
+    pub fn OBJ_nid2sn(nid: c_int) -> *const c_char;

    pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP;
    pub fn OCSP_BASICRESP_free(r: *mut OCSP_BASICRESP);
@ -2855,4 +2856,7 @@ extern "C" {
            cookie_len: c_uint
        ) -> c_int>
    );
+
+    pub fn EVP_MD_size(md: *const EVP_MD) -> c_int;
+    pub fn EVP_get_cipherbyname(name: *const c_char) -> *const EVP_CIPHER;
 }
--- a/openssl-sys/src/ossl110.rs
+++ b/openssl-sys/src/ossl110.rs
@ -367,4 +367,7 @@ extern "C" {
    pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
    pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM);
    pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
+
+    pub fn SSL_CIPHER_get_cipher_nid(c: *const ::SSL_CIPHER) -> c_int;
+    pub fn SSL_CIPHER_get_digest_nid(c: *const ::SSL_CIPHER) -> c_int;
 }
--- a/openssl-sys/src/ossl111.rs
+++ b/openssl-sys/src/ossl111.rs
@ -64,4 +64,5 @@ extern "C" {
                                  parse_cb: SSL_custom_ext_parse_cb_ex,
                                  parse_arg: *mut c_void) -> c_int;
    pub fn SSL_stateless(s: *mut ::SSL) -> c_int;
+    pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD;
 }
--- a/openssl/src/hash.rs
+++ b/openssl/src/hash.rs
@ -16,6 +16,8 @@ use error::ErrorStack;
 pub struct MessageDigest(*const ffi::EVP_MD);

 impl MessageDigest {
+    pub unsafe fn from_ptr(x: *const ffi::EVP_MD) -> Self { MessageDigest(x) }
+
    pub fn md5() -> MessageDigest {
        unsafe { MessageDigest(ffi::EVP_md5()) }
    }
@ -47,6 +49,11 @@ impl MessageDigest {
    pub fn as_ptr(&self) -> *const ffi::EVP_MD {
        self.0
    }
+
+    /// The size of the digest in bytes
+    pub fn size(&self) -> usize {
+        unsafe { ffi::EVP_MD_size(self.0) as usize }
+    }
 }

 unsafe impl Sync for MessageDigest {}
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -96,6 +96,8 @@ use stack::{Stack, StackRef};
 use ssl::bio::BioMethod;
 use ssl::error::InnerError;
 use ssl::callbacks::*;
+use nid::Nid;
+use hash::MessageDigest;

 pub use ssl::connector::{ConnectConfiguration, SslAcceptor, SslAcceptorBuilder, SslConnector,
                         SslConnectorBuilder};
@ -1814,6 +1816,30 @@ impl SslCipherRef {
            String::from_utf8(CStr::from_ptr(ptr as *const _).to_bytes().to_vec()).unwrap()
        }
    }
+
+    /// Returns the handshake digest of the cipher.
+    ///
+    /// Available as of OpenSSL 1.1.1. This corresponds to [`SSL_CIPHER_get_handshake_digest`].
+    ///
+    /// [`SSL_CIPHER_get_handshake_digest`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_handshake_digest.html
+    #[cfg(all(feature = "v111", ossl111))]
+    pub fn handshake_digest(&self) -> Option<MessageDigest> {
+        unsafe {
+            let ptr = ffi::SSL_CIPHER_get_handshake_digest(self.as_ptr());
+            if ptr.is_null() { None } else { Some(MessageDigest::from_ptr(ptr)) }
+        }
+    }
+
+    /// Returns the NID corresponding to the cipher.
+    ///
+    /// Available as of OpenSSL 1.1.0. This corresponds to [`SSL_CIPHER_get_cipher_nid`]
+    ///
+    /// [`SSL_CIPHER_get_cipher_nid`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CIPHER_get_cipher_nid.html
+    #[cfg(any(all(feature = "v110", ossl110), all(feature = "v111", ossl111)))]
+    pub fn cipher_nid(&self) -> Option<Nid> {
+        let n = unsafe { ffi::SSL_CIPHER_get_cipher_nid(self.as_ptr()) };
+        if n == 0 { None } else { Some(Nid::from_raw(n)) }
+    }
 }

 foreign_type! {
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@ -59,6 +59,7 @@ use ffi;

 use {cvt, cvt_p};
 use error::ErrorStack;
+use nid::Nid;

 #[derive(Copy, Clone)]
 pub enum Mode {
@ -75,6 +76,16 @@ pub enum Mode {
 pub struct Cipher(*const ffi::EVP_CIPHER);

 impl Cipher {
+    /// Looks up the cipher for a certain nid.
+    ///
+    /// This corresponds to [`EVP_get_cipherbynid`]
+    ///
+    /// [`EVP_get_cipherbynid`]: https://www.openssl.org/docs/man1.0.2/crypto/EVP_get_cipherbyname.html
+    pub fn from_nid(nid: Nid) -> Option<Cipher> {
+        let ptr = unsafe { ffi::EVP_get_cipherbyname(ffi::OBJ_nid2sn(nid.as_raw())) };
+        if ptr.is_null() { None } else { Some(Cipher(ptr)) }
+    }
+
    pub fn aes_128_ecb() -> Cipher {
        unsafe { Cipher(ffi::EVP_aes_128_ecb()) }
    }