aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/sign.rs
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src/sign.rs')
-rw-r--r--openssl/src/sign.rs76
1 files changed, 60 insertions, 16 deletions
diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs
index ec37c885..279f294d 100644
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@@ -62,27 +62,32 @@
//! assert!(memcmp::eq(&hmac, &target));
//! ```
use ffi;
+use foreign_types::ForeignTypeRef;
use std::io::{self, Write};
use std::marker::PhantomData;
use std::ptr;
use {cvt, cvt_p};
use hash::MessageDigest;
-use pkey::PKeyRef;
+use pkey::{PKeyRef, PKeyCtxRef};
use error::ErrorStack;
-use types::OpenSslTypeRef;
#[cfg(ossl110)]
use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
#[cfg(any(ossl101, ossl102))]
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
-pub struct Signer<'a>(*mut ffi::EVP_MD_CTX, PhantomData<&'a PKeyRef>);
+pub struct Signer<'a> {
+ md_ctx: *mut ffi::EVP_MD_CTX,
+ pkey_ctx: *mut ffi::EVP_PKEY_CTX,
+ pkey_pd: PhantomData<&'a PKeyRef>,
+}
impl<'a> Drop for Signer<'a> {
fn drop(&mut self) {
+ // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
unsafe {
- EVP_MD_CTX_free(self.0);
+ EVP_MD_CTX_free(self.md_ctx);
}
}
}
@@ -93,8 +98,9 @@ impl<'a> Signer<'a> {
ffi::init();
let ctx = try!(cvt_p(EVP_MD_CTX_new()));
+ let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
let r = ffi::EVP_DigestSignInit(ctx,
- ptr::null_mut(),
+ &mut pctx,
type_.as_ptr(),
ptr::null_mut(),
pkey.as_ptr());
@@ -102,22 +108,37 @@ impl<'a> Signer<'a> {
EVP_MD_CTX_free(ctx);
return Err(ErrorStack::get());
}
- Ok(Signer(ctx, PhantomData))
+
+ assert!(!pctx.is_null());
+
+ Ok(Signer {
+ md_ctx: ctx,
+ pkey_ctx: pctx,
+ pkey_pd: PhantomData,
+ })
}
}
+ pub fn pkey_ctx(&self) -> &PKeyCtxRef {
+ unsafe { PKeyCtxRef::from_ptr(self.pkey_ctx) }
+ }
+
+ pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef {
+ unsafe { PKeyCtxRef::from_ptr_mut(self.pkey_ctx) }
+ }
+
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
- cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ())
+ cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ())
}
}
pub fn finish(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
- try!(cvt(ffi::EVP_DigestSignFinal(self.0, ptr::null_mut(), &mut len)));
+ try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, ptr::null_mut(), &mut len)));
let mut buf = vec![0; len];
- try!(cvt(ffi::EVP_DigestSignFinal(self.0, buf.as_mut_ptr() as *mut _, &mut len)));
+ try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, buf.as_mut_ptr() as *mut _, &mut len)));
// The advertised length is not always equal to the real length for things like DSA
buf.truncate(len);
Ok(buf)
@@ -136,12 +157,17 @@ impl<'a> Write for Signer<'a> {
}
}
-pub struct Verifier<'a>(*mut ffi::EVP_MD_CTX, PhantomData<&'a PKeyRef>);
+pub struct Verifier<'a> {
+ md_ctx: *mut ffi::EVP_MD_CTX,
+ pkey_ctx: *mut ffi::EVP_PKEY_CTX,
+ pkey_pd: PhantomData<&'a PKeyRef>,
+}
impl<'a> Drop for Verifier<'a> {
fn drop(&mut self) {
+ // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
unsafe {
- EVP_MD_CTX_free(self.0);
+ EVP_MD_CTX_free(self.md_ctx);
}
}
}
@@ -152,8 +178,9 @@ impl<'a> Verifier<'a> {
ffi::init();
let ctx = try!(cvt_p(EVP_MD_CTX_new()));
+ let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
let r = ffi::EVP_DigestVerifyInit(ctx,
- ptr::null_mut(),
+ &mut pctx,
type_.as_ptr(),
ptr::null_mut(),
pkey.as_ptr());
@@ -162,19 +189,33 @@ impl<'a> Verifier<'a> {
return Err(ErrorStack::get());
}
- Ok(Verifier(ctx, PhantomData))
+ assert!(!pctx.is_null());
+
+ Ok(Verifier {
+ md_ctx: ctx,
+ pkey_ctx: pctx,
+ pkey_pd: PhantomData,
+ })
}
}
+ pub fn pkey_ctx(&self) -> &PKeyCtxRef {
+ unsafe { PKeyCtxRef::from_ptr(self.pkey_ctx) }
+ }
+
+ pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef {
+ unsafe { PKeyCtxRef::from_ptr_mut(self.pkey_ctx) }
+ }
+
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
- cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ())
+ cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ())
}
}
pub fn finish(&self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
- let r = EVP_DigestVerifyFinal(self.0, signature.as_ptr() as *const _, signature.len());
+ let r = EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len());
match r {
1 => Ok(true),
0 => {
@@ -219,7 +260,7 @@ mod test {
use sign::{Signer, Verifier};
use ec::{EcGroup, EcKey};
use nid;
- use rsa::Rsa;
+ use rsa::{Rsa, PKCS1_PADDING};
use dsa::Dsa;
use pkey::PKey;
@@ -254,6 +295,8 @@ mod test {
let pkey = PKey::from_rsa(private_key).unwrap();
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
+ assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
+ signer.pkey_ctx_mut().set_rsa_padding(PKCS1_PADDING).unwrap();
signer.update(INPUT).unwrap();
let result = signer.finish().unwrap();
@@ -267,6 +310,7 @@ mod test {
let pkey = PKey::from_rsa(private_key).unwrap();
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
+ assert_eq!(verifier.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
verifier.update(INPUT).unwrap();
assert!(verifier.finish(SIGNATURE).unwrap());
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-23 18:56:48 +0000