From ee94b2a01d924da90788f2e6f47a41e0b3ba2b6c Mon Sep 17 00:00:00 2001 From: Hasan Gondal Date: Sat, 20 Feb 2021 00:25:37 +0000 Subject: [PATCH] Add support for SSL_CTX_set1_curves --- boring/src/ssl/mod.rs | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index b3506d03..8f7d35eb 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -526,6 +526,25 @@ impl SslSignatureAlgorithm { pub const ED25519: SslSignatureAlgorithm = SslSignatureAlgorithm(ffi::SSL_SIGN_ED25519 as _); } +/// A TLS Curve. +#[repr(transparent)] +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +pub struct SslCurve(c_int); + +impl SslCurve { + pub const SECP224R1: SslCurve = SslCurve(ffi::NID_secp224r1); + + pub const SECP256R1: SslCurve = SslCurve(ffi::NID_X9_62_prime256v1); + + pub const SECP384R1: SslCurve = SslCurve(ffi::NID_secp384r1); + + pub const SECP521R1: SslCurve = SslCurve(ffi::NID_secp521r1); + + pub const X25519: SslCurve = SslCurve(ffi::NID_X25519); + + pub const CECPQ2: SslCurve = SslCurve(ffi::NID_CECPQ2); +} + /// A standard implementation of protocol selection for Application Layer Protocol Negotiation /// (ALPN). /// @@ -1434,6 +1453,22 @@ impl SslContextBuilder { unsafe { ffi::SSL_CTX_enable_ocsp_stapling(self.as_ptr()) } } + /// Sets the context's supported curves. + /// + /// This corresponds to [`SSL_CTX_set1_curves`] + /// + /// [`SSL_CTX_set1_curves`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set1_curves + pub fn set_curves(&mut self, curves: &[SslCurve]) -> Result<(), ErrorStack> { + unsafe { + cvt_0i(ffi::SSL_CTX_set1_curves( + self.as_ptr(), + curves.as_ptr() as *const _, + curves.len(), + )) + .map(|_| ()) + } + } + /// Consumes the builder, returning a new `SslContext`. pub fn build(self) -> SslContext { self.0