change interface to match original openssl, add helper functions for convenience

Jonas Maier · Jonas Maier · commit a48269f80941 · 2024-08-03T11:47:41.000+02:00
diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
@@ -210,7 +210,9 @@ extern "C" {
 
     pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ;
 
+    pub fn X509_ALGOR_new() -> *mut X509_ALGOR;
     pub fn X509_ALGOR_free(x: *mut X509_ALGOR);
+    pub fn X509_ALGOR_set_md(alg: *mut X509_ALGOR, md: *const EVP_MD);
 
     pub fn X509_REVOKED_new() -> *mut X509_REVOKED;
     pub fn X509_REVOKED_free(x: *mut X509_REVOKED);
diff --git a/openssl-sys/src/ts.rs b/openssl-sys/src/ts.rs
@@ -1,7 +1,6 @@
 use libc::*;
 
-#[allow(unused_imports)]
-use *;
+use crate::{ASN1_INTEGER, ASN1_OBJECT, BIO, EVP_MD, EVP_PKEY, X509, X509_ALGOR};
 
 pub enum TS_MSG_IMPRINT {}
 pub enum TS_REQ {}
diff --git a/openssl/src/ts.rs b/openssl/src/ts.rs
@@ -6,15 +6,16 @@
 use bitflags::bitflags;
 use foreign_types::{ForeignType, ForeignTypeRef};
 use libc::{c_int, c_long, c_uint};
+use openssl_macros::corresponds;
 
 use std::ptr;
 
 use crate::asn1::{Asn1IntegerRef, Asn1ObjectRef};
 use crate::bio::MemBioSlice;
 use crate::error::ErrorStack;
-use crate::hash::MessageDigest;
+use crate::hash::{Hasher, MessageDigest};
 use crate::pkey::{HasPrivate, PKeyRef};
-use crate::x509::{X509Algorithm, X509Ref};
+use crate::x509::{X509Algorithm, X509AlgorithmRef, X509Ref};
 use crate::{cvt, cvt_p};
 
 foreign_type_and_impl_send_sync! {
@@ -33,31 +34,28 @@ impl TsMsgImprint {
     ///
     /// This corresponds to `TS_MSG_IMPRINT_new`.
     pub fn new() -> Result<TsMsgImprint, ErrorStack> {
+        ffi::init();
         unsafe {
-            ffi::init();
-            let imprint: *mut ffi::TS_MSG_IMPRINT = cvt_p(ffi::TS_MSG_IMPRINT_new())?;
+            let imprint = cvt_p(ffi::TS_MSG_IMPRINT_new())?;
             Ok(TsMsgImprint::from_ptr(imprint))
         }
     }
 
     /// Sets the algorithm identifier of the message digest algorithm.
-    ///
-    /// This corresponds to `TS_MSG_IMPRINT_set_algo`.
-    pub fn set_algo(&mut self, digest: &MessageDigest) -> Result<(), ErrorStack> {
+    #[corresponds(TS_MSG_IMPRINT_set_algo)]
+    pub fn set_algo(&mut self, algo: &X509AlgorithmRef) -> Result<(), ErrorStack> {
         unsafe {
-            let algorithm = X509Algorithm::from_ptr(cvt_p(ffi::X509_ALGOR_new())?);
-            ffi::X509_ALGOR_set_md(algorithm.as_ptr(), digest.as_ptr());
             cvt(ffi::TS_MSG_IMPRINT_set_algo(
                 self.as_ptr(),
-                algorithm.as_ptr(),
+                algo.as_ptr(),
             ))
             .map(|_| ())
         }
     }
 
-    /// Sets the message digest of the data to be timestamped.
-    ///
-    /// This corresponds to `TS_MSG_IMPRINT_set_msg`.
+    /// Sets the message **digest** of the data to be timestamped.
+    /// It is named this way to match the name in openssl itself
+    #[corresponds(TS_MSG_IMPRINT_set_msg)]
     pub fn set_msg(&mut self, digest: &[u8]) -> Result<(), ErrorStack> {
         let length = convert_digest_length_to_int(digest.len());
         unsafe {
@@ -69,6 +67,28 @@ impl TsMsgImprint {
             .map(|_| ())
         }
     }
+
+    /// Creates a ready-to-use message imprint from a message and a specified hash algorithm.
+    pub fn from_message_with_algo(msg: &[u8], md: MessageDigest) -> Result<Self, ErrorStack> {
+        let mut h = Hasher::new(md)?;
+        h.update(msg)?;
+        let hash = h.finish()?;
+        Self::from_prehash_with_algo(&hash, md)
+    }
+
+    /// Creates a ready-to-use message imprint from the hash of a message and a specified hash algorithm.
+    /// 
+    /// `hash` must have originated from the hash function specified by `md`.
+    pub fn from_prehash_with_algo(hash: &[u8], md: MessageDigest) -> Result<Self, ErrorStack> {
+        let mut algo = X509Algorithm::new()?;
+        algo.set_md(md);
+
+        let mut imprint = Self::new()?;
+        imprint.set_algo(&algo)?;
+        imprint.set_msg(hash)?;
+
+        Ok(imprint)
+    }
 }
 
 fn convert_digest_length_to_int(len: usize) -> c_int {
@@ -372,14 +392,11 @@ mod tests {
     use crate::bn::BigNum;
     use crate::hash::MessageDigest;
     use crate::pkey::PKey;
-    use crate::sha::sha512;
     use crate::x509::X509;
 
     #[test]
     fn test_request() {
-        let mut imprint = TsMsgImprint::new().unwrap();
-        imprint.set_algo(&MessageDigest::sha512()).unwrap();
-        imprint.set_msg(&sha512(b"BLAHBLAHBLAH\n")).unwrap();
+        let imprint = TsMsgImprint::from_message_with_algo(b"BLAHBLAHBLAH\n", MessageDigest::sha512()).unwrap();
 
         let mut request = TsReq::new().unwrap();
         request.set_version(1).unwrap();
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
@@ -2320,6 +2320,16 @@ foreign_type_and_impl_send_sync! {
     pub struct X509AlgorithmRef;
 }
 
+impl X509Algorithm {
+    pub fn new() -> Result<Self, ErrorStack> {
+        ffi::init();
+        unsafe {
+            let ptr = cvt_p(ffi::X509_ALGOR_new())?;
+            Ok(Self::from_ptr(ptr))
+        }
+    }
+}
+
 impl X509AlgorithmRef {
     /// Returns the ASN.1 OID of this algorithm.
     pub fn object(&self) -> &Asn1ObjectRef {
@@ -2329,6 +2339,12 @@ impl X509AlgorithmRef {
             Asn1ObjectRef::from_const_ptr_opt(oid).expect("algorithm oid must not be null")
         }
     }
+
+    pub fn set_md(&mut self, md: MessageDigest) {
+        unsafe {
+            ffi::X509_ALGOR_set_md(self.as_ptr(), md.as_ptr());
+        }
+    }
 }
 
 foreign_type_and_impl_send_sync! {
