diff options
| author | Steven Fackler <[email protected]> | 2018-05-24 20:35:06 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2018-05-24 21:07:36 -0700 |
| commit | a774c0c5f2867b33735bec9e1cb6c9870a5ece08 (patch) | |
| tree | fcef80401d7a31c1349b877f72b7318b67bd557e /openssl/src/x509 | |
| parent | Add some digest support (diff) | |
| download | rust-openssl-a774c0c5f2867b33735bec9e1cb6c9870a5ece08.tar.xz rust-openssl-a774c0c5f2867b33735bec9e1cb6c9870a5ece08.zip | |
Rename X509Ref::fingerprint to X509Ref::digest and avoid allocating
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/mod.rs | 30 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 8 |
2 files changed, 25 insertions, 13 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 19760f25..5c1bb23f 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -25,7 +25,7 @@ use bio::MemBioSlice; use conf::ConfRef; use error::ErrorStack; use ex_data::Index; -use hash::MessageDigest; +use hash::{DigestBytes, MessageDigest}; use nid::Nid; use pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public}; use ssl::SslRef; @@ -447,23 +447,35 @@ impl X509Ref { } } - /// Returns certificate fingerprint calculated using provided hash - pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> { + /// Returns a digest of the DER representation of the certificate. + /// + /// This corresponds to [`X509_digest`]. + /// + /// [`X509_digest`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_digest.html + pub fn digest(&self, hash_type: MessageDigest) -> Result<DigestBytes, ErrorStack> { unsafe { - let evp = hash_type.as_ptr(); + let mut digest = DigestBytes { + buf: [0; ffi::EVP_MAX_MD_SIZE as usize], + len: ffi::EVP_MAX_MD_SIZE as usize, + }; let mut len = ffi::EVP_MAX_MD_SIZE; - let mut buf = vec![0u8; len as usize]; cvt(ffi::X509_digest( self.as_ptr(), - evp, - buf.as_mut_ptr() as *mut _, + hash_type.as_ptr(), + digest.buf.as_mut_ptr() as *mut _, &mut len, ))?; - buf.truncate(len as usize); - Ok(buf) + digest.len = len as usize; + + Ok(digest) } } + #[deprecated(since = "0.10.9", note = "renamed to digest")] + pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> { + self.digest(hash_type).map(|b| b.to_vec()) + } + /// Returns the certificate's Not After validity period. pub fn not_after(&self) -> &Asn1TimeRef { unsafe { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index a3c66e0c..42859c97 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -23,12 +23,12 @@ fn pkey() -> PKey<Private> { fn test_cert_loading() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); - let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap(); + let fingerprint = cert.digest(MessageDigest::sha1()).unwrap(); let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584"; let hash_vec = Vec::from_hex(hash_str).unwrap(); - assert_eq!(fingerprint, hash_vec); + assert_eq!(hash_vec, &*fingerprint); } #[test] @@ -250,11 +250,11 @@ fn test_stack_from_pem() { assert_eq!(certs.len(), 2); assert_eq!( - hex::encode(certs[0].fingerprint(MessageDigest::sha1()).unwrap()), + hex::encode(certs[0].digest(MessageDigest::sha1()).unwrap()), "59172d9313e84459bcff27f967e79e6e9217e584" ); assert_eq!( - hex::encode(certs[1].fingerprint(MessageDigest::sha1()).unwrap()), + hex::encode(certs[1].digest(MessageDigest::sha1()).unwrap()), "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875" ); } |