Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add signature type retrieval functions #2164

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

add signature type retrieval functions #2164

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6c3ab0b
add signature type retrieval functions
jmayclin Nov 17, 2023
e45f0ae
cargo fmt
jmayclin Feb 9, 2024
9430774
address ci failures
jmayclin Feb 9, 2024
15b8a88
address pr feedback
jmayclin Feb 11, 2024
c52564f
clarify comment
jmayclin Feb 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 9 additions & 0 deletions openssl-sys/src/handwritten/ssl.rs
View file
Open in desktop
Expand Up @@ -951,3 +951,12 @@ extern "C" {
#[cfg(any(ossl110, libressl360))]
pub fn SSL_get_security_level(s: *const SSL) -> c_int;
}

cfg_if! {
if #[cfg(ossl111)] {
extern "C" {
pub fn SSL_get_peer_signature_type_nid(s: *const SSL, pnid: *mut c_int) -> c_int;
pub fn SSL_get_signature_type_nid(s: *const SSL, pnid: *mut c_int) -> c_int;
}
}
}
19 changes: 19 additions & 0 deletions openssl-sys/src/ssl.rs
View file
Open in desktop
Expand Up @@ -349,6 +349,8 @@ pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
#[cfg(ossl102)]
pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
#[cfg(ossl102)]
pub const SSL_CTRL_GET_PEER_SIGNATURE_NID: c_int = 108;
#[cfg(ossl300)]
pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
#[cfg(ossl110)]
Expand All @@ -361,6 +363,8 @@ pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
#[cfg(any(ossl110g, libressl270))]
pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
#[cfg(ossl111)]
pub const SSL_CTRL_GET_SIGNATURE_NID: c_int = 132;
#[cfg(ossl300)]
pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;

Expand Down Expand Up @@ -522,6 +526,21 @@ cfg_if! {
}
}

#[cfg(ossl102)]
pub unsafe fn SSL_get_peer_signature_nid(ssl: *mut SSL, psig_nid: *mut c_int) -> c_int {
SSL_ctrl(
ssl,
SSL_CTRL_GET_PEER_SIGNATURE_NID,
0,
psig_nid as *mut c_void,
) as c_int
}

#[cfg(ossl111)]
pub unsafe fn SSL_get_signature_nid(ssl: *mut SSL, psig_nid: *mut c_int) -> c_int {
SSL_ctrl(ssl, SSL_CTRL_GET_SIGNATURE_NID, 0, psig_nid as *mut c_void) as c_int
}

#[cfg(ossl111)]
pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
#[cfg(ossl111)]
Expand Down
59 changes: 58 additions & 1 deletion openssl/src/ssl/mod.rs
View file
Open in desktop
Expand Up @@ -67,7 +67,7 @@ use crate::error::ErrorStack;
use crate::ex_data::Index;
#[cfg(ossl111)]
use crate::hash::MessageDigest;
#[cfg(any(ossl110, libressl270))]
#[cfg(any(ossl102, libressl270))]
use crate::nid::Nid;
use crate::pkey::{HasPrivate, PKeyRef, Params, Private};
#[cfg(ossl300)]
Expand Down Expand Up @@ -3484,6 +3484,63 @@ impl SslRef {
}
}
}

/// this returns the hash, e.g. SHA1, SHA512
jmayclin marked this conversation as resolved.
Show resolved Hide resolved
#[corresponds(SSL_get_signature_nid)]
#[cfg(ossl111)]
pub fn signature_nid(&self) -> Result<Nid, ErrorStack> {
unsafe {
let mut pnid: c_int = 0;
match cvt(ffi::SSL_get_signature_nid(self.as_ptr(), &mut pnid)) {
Ok(_) => Ok(Nid::from_raw(pnid)),
Err(e) => Err(e),
}
}
}

/// this returns the hash, e.g. SHA1, SHA512
#[corresponds(SSL_get_peer_signature_nid)]
#[cfg(ossl102)]
pub fn peer_signature_nid(&self) -> Result<Nid, ErrorStack> {
unsafe {
let mut pnid: c_int = 0;
match cvt(ffi::SSL_get_peer_signature_nid(self.as_ptr(), &mut pnid)) {
Ok(_) => Ok(Nid::from_raw(pnid)),
Err(e) => Err(e),
}
}
}

/// this returns the signature algorithm e.g. RSA/RSA_PSS
#[corresponds(SSL_get_signature_type_nid)]
#[cfg(ossl111)]
pub fn signature_type_nid(&self) -> Result<Nid, ErrorStack> {
unsafe {
let mut pnid: c_int = 0;

match cvt(ffi::SSL_get_signature_type_nid(self.as_ptr(), &mut pnid)) {
Ok(_) => Ok(Nid::from_raw(pnid)),
Err(e) => Err(e),
}
}
}

/// this returns the signature algorithm e.g. RSA/RSA_PSS
#[corresponds(SSL_get_peer_signature_type_nid)]
#[cfg(ossl111)]
pub fn peer_signature_type_nid(&self) -> Result<Nid, ErrorStack> {
unsafe {
let mut pnid: c_int = 0;

match cvt(ffi::SSL_get_peer_signature_type_nid(
self.as_ptr(),
&mut pnid,
)) {
Ok(_) => Ok(Nid::from_raw(pnid)),
Err(e) => Err(e),
}
}
}
}

/// An SSL stream midway through the handshake process.
Expand Down
24 changes: 24 additions & 0 deletions openssl/src/ssl/test/mod.rs
View file
Open in desktop
Expand Up @@ -372,6 +372,30 @@ fn peer_tmp_key_rsa() {
assert_eq!(local_temp.bits(), 521);
}

#[test]
#[cfg(ossl111)]
fn signature_nids() {
use crate::nid::Nid;

let mut server = Server::builder();
server.ctx().set_sigalgs_list("RSA-PSS+SHA384").unwrap();
let server = server.build();

let mut client = server.client();
client.ctx().set_sigalgs_list("RSA-PSS+SHA384").unwrap();

let stream = client.connect();
assert_eq!(stream.ssl().peer_signature_nid().unwrap(), Nid::SHA384);
assert_eq!(
stream.ssl().peer_signature_type_nid().unwrap(),
Nid::RSASSAPSS
);

// local signature retrievals are invalid for a client using server auth
assert!(stream.ssl().signature_nid().is_err());
assert!(stream.ssl().signature_type_nid().is_err());
}

/// Tests that when both the client as well as the server use SRTP and their
/// lists of supported protocols have an overlap -- with only ONE protocol
/// being valid for both.
Expand Down