ring-native-ossl 0.1.10

A ring-compatible API backed by native-ossl (OpenSSL)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

//! Cryptographic hash functions, mirroring `ring::digest`.
//!
//! Provides SHA-256, SHA-384, SHA-512, and SHA-1 (the last only for legacy
//! compatibility).  Both one-shot ([`digest`]) and incremental ([`Context`])
//! interfaces are available.  Panics on internal OpenSSL errors because those
//! indicate a non-functional OpenSSL installation rather than bad caller input.

use native_ossl::digest::{DigestAlg, DigestCtx};
use std::ffi::CStr;

/// A digest algorithm descriptor, mirroring `ring::digest::Algorithm`.
#[derive(Debug)]
pub struct Algorithm {
    pub(crate) name: &'static CStr,
    pub output_len: usize,
    pub block_len: usize,
}

pub static SHA256: Algorithm = Algorithm {
    name: c"SHA2-256",
    output_len: 32,
    block_len: 64,
};
pub static SHA384: Algorithm = Algorithm {
    name: c"SHA2-384",
    output_len: 48,
    block_len: 128,
};
pub static SHA512: Algorithm = Algorithm {
    name: c"SHA2-512",
    output_len: 64,
    block_len: 128,
};
pub static SHA1_FOR_LEGACY_USE_ONLY: Algorithm = Algorithm {
    name: c"SHA1",
    output_len: 20,
    block_len: 64,
};

/// Digest output bytes.
pub struct Digest {
    value: [u8; 64],
    len: usize,
    alg: &'static Algorithm,
}

impl Digest {
    #[must_use]
    pub fn algorithm(&self) -> &'static Algorithm {
        self.alg
    }
}

impl AsRef<[u8]> for Digest {
    fn as_ref(&self) -> &[u8] {
        &self.value[..self.len]
    }
}

/// Incremental digest context, mirroring `ring::digest::Context`.
pub struct Context {
    alg: &'static Algorithm,
    ctx: DigestCtx,
}

impl Context {
    /// # Panics
    ///
    /// Panics if OpenSSL cannot load the digest algorithm or create a context,
    /// which indicates a non-functional OpenSSL installation.
    #[must_use]
    pub fn new(algorithm: &'static Algorithm) -> Self {
        let alg_obj = DigestAlg::fetch(algorithm.name, None)
            .unwrap_or_else(|e| panic!("OpenSSL digest algorithm unavailable: {e}"));
        let ctx = alg_obj
            .new_context()
            .unwrap_or_else(|e| panic!("EVP_MD_CTX_new failed: {e}"));
        Self {
            alg: algorithm,
            ctx,
        }
    }

    /// # Panics
    ///
    /// Panics if OpenSSL's `EVP_DigestUpdate` fails.
    pub fn update(&mut self, data: &[u8]) {
        self.ctx
            .update(data)
            .unwrap_or_else(|e| panic!("EVP_DigestUpdate failed: {e}"));
    }

    /// # Panics
    ///
    /// Panics if OpenSSL's `EVP_MD_CTX_copy_ex` fails.
    #[must_use]
    pub fn clone_state(&self) -> Self {
        Self {
            alg: self.alg,
            ctx: self
                .ctx
                .fork()
                .unwrap_or_else(|e| panic!("EVP_MD_CTX_copy_ex failed: {e}")),
        }
    }

    /// # Panics
    ///
    /// Panics if OpenSSL's `EVP_DigestFinal_ex` fails.
    #[must_use]
    pub fn finish(mut self) -> Digest {
        let mut out = [0u8; 64];
        let n = self
            .ctx
            .finish(&mut out)
            .unwrap_or_else(|e| panic!("EVP_DigestFinal_ex failed: {e}"));
        Digest {
            value: out,
            len: n,
            alg: self.alg,
        }
    }

    #[must_use]
    pub fn algorithm(&self) -> &'static Algorithm {
        self.alg
    }
}

impl Clone for Context {
    fn clone(&self) -> Self {
        self.clone_state()
    }
}

/// One-shot digest computation, mirroring `ring::digest::digest`.
#[must_use]
pub fn digest(algorithm: &'static Algorithm, data: &[u8]) -> Digest {
    let mut ctx = Context::new(algorithm);
    ctx.update(data);
    ctx.finish()
}