Skip to content

Add wrappers for OSSL 3 encoders and decoders #2444

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
+1,465 −71
Open

Add wrappers for OSSL 3 encoders and decoders #2444

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
52244a1
macros: add cstr_const
huwcbjones Sep 8, 2025
23951bf
kdf: use cstr_const
huwcbjones Sep 8, 2025
5190020
kdf/argon2 helpers: make kdf names const
huwcbjones Sep 8, 2025
21acbab
pkey: add common OSSL params
huwcbjones Sep 8, 2025
39c9fa2
partial revert: Remove unused param builder methods
huwcbjones Sep 11, 2025
d45abf6
ossl_param: add tests
huwcbjones Aug 6, 2025
be26428
ossl_params/arrayref: refactor locate_octet_string to use locate
huwcbjones Aug 6, 2025
1431dc2
ossl_param/array: implement locate_bn
huwcbjones Sep 12, 2025
1c977c3
ossl_param/array: implement merge
huwcbjones Sep 12, 2025
9c093e4
pkey_ctx/set_nonce_type: use ParamBuilder
huwcbjones Aug 6, 2025
3a6f454
pkey_ctx: add Selection trait for Param/Public/Private markers
huwcbjones Aug 6, 2025
0b88eb4
pkey_ctx: add ability to create a PKey from params
huwcbjones Aug 6, 2025
0de8c6a
pkey: implement to_data
huwcbjones Sep 12, 2025
274160d
pkey: test round-robin to_data => from_data
huwcbjones Sep 12, 2025
7c002a2
Add encoder wrapper
huwcbjones Aug 11, 2025
04ca0f8
pkey/Id: implement TryInto<&str>
huwcbjones Aug 15, 2025
2305d40
pkey/Id: implement TryInto<&CStr>
huwcbjones Aug 15, 2025
2bbe9c0
Add decoder wrapper
huwcbjones Aug 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions openssl/src/kdf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,19 +34,19 @@ cfg_if::cfg_if! {
use crate::error::ErrorStack;
use crate::ossl_param::OsslParamBuilder;

// Safety: these all have null terminators.
// We cen remove these CStr::from_bytes_with_nul_unchecked calls
// when we upgrade to Rust 1.77+ with literal c"" syntax.
cstr_const!(OSSL_KDF_PARAM_PASSWORD, b"pass\0");
cstr_const!(OSSL_KDF_PARAM_SALT, b"salt\0");
cstr_const!(OSSL_KDF_PARAM_SECRET, b"secret\0");
cstr_const!(OSSL_KDF_PARAM_ITER, b"iter\0");
cstr_const!(OSSL_KDF_PARAM_SIZE, b"size\0");
cstr_const!(OSSL_KDF_PARAM_THREADS, b"threads\0");
cstr_const!(OSSL_KDF_PARAM_ARGON2_AD, b"ad\0");
cstr_const!(OSSL_KDF_PARAM_ARGON2_LANES, b"lanes\0");
cstr_const!(OSSL_KDF_PARAM_ARGON2_MEMCOST, b"memcost\0");

const OSSL_KDF_PARAM_PASSWORD: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"pass\0") };
const OSSL_KDF_PARAM_SALT: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"salt\0") };
const OSSL_KDF_PARAM_SECRET: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"secret\0") };
const OSSL_KDF_PARAM_ITER: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"iter\0") };
const OSSL_KDF_PARAM_SIZE: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"size\0") };
const OSSL_KDF_PARAM_THREADS: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"threads\0") };
const OSSL_KDF_PARAM_ARGON2_AD: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"ad\0") };
const OSSL_KDF_PARAM_ARGON2_LANES: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"lanes\0") };
const OSSL_KDF_PARAM_ARGON2_MEMCOST: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"memcost\0") };
cstr_const!(KDF_ARGON2D, b"ARGON2D\0");
cstr_const!(KDF_ARGON2I, b"ARGON2I\0");
cstr_const!(KDF_ARGON2ID, b"ARGON2ID\0");

#[allow(clippy::too_many_arguments)]
pub fn argon2d(
Expand All @@ -60,7 +60,7 @@ cfg_if::cfg_if! {
memcost: u32,
out: &mut [u8],
) -> Result<(), ErrorStack> {
return argon2_helper(CStr::from_bytes_with_nul(b"ARGON2D\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out);
argon2_helper(KDF_ARGON2D, ctx, pass, salt, ad, secret, iter, lanes, memcost, out)
}

#[allow(clippy::too_many_arguments)]
Expand All @@ -75,7 +75,7 @@ cfg_if::cfg_if! {
memcost: u32,
out: &mut [u8],
) -> Result<(), ErrorStack> {
return argon2_helper(CStr::from_bytes_with_nul(b"ARGON2I\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out);
argon2_helper(KDF_ARGON2I, ctx, pass, salt, ad, secret, iter, lanes, memcost, out)
}

#[allow(clippy::too_many_arguments)]
Expand All @@ -90,7 +90,7 @@ cfg_if::cfg_if! {
memcost: u32,
out: &mut [u8],
) -> Result<(), ErrorStack> {
return argon2_helper(CStr::from_bytes_with_nul(b"ARGON2ID\0").unwrap(), ctx, pass, salt, ad, secret, iter, lanes, memcost, out);
argon2_helper(KDF_ARGON2ID, ctx, pass, salt, ad, secret, iter, lanes, memcost, out)
}

/// Derives a key using the argon2* algorithms.
Expand Down
2 changes: 2 additions & 0 deletions openssl/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,8 @@ pub mod nid;
#[cfg(not(osslconf = "OPENSSL_NO_OCSP"))]
pub mod ocsp;
#[cfg(ossl300)]
mod ossl_encdec;
#[cfg(ossl300)]
mod ossl_param;
pub mod pkcs12;
pub mod pkcs5;
Expand Down
11 changes: 11 additions & 0 deletions openssl/src/macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,3 +268,14 @@ macro_rules! generic_foreign_type_and_impl_send_sync {
unsafe impl<T> Sync for $borrowed<T>{}
};
}

#[cfg_attr(not(ossl300), allow(unused_macros))]
macro_rules! cstr_const {
// Safety: these all have null terminators.
// We cen remove these CStr::from_bytes_with_nul_unchecked calls
// when we upgrade to Rust 1.77+ with literal c"" syntax.
($vis:vis $name:ident, $key:literal) => {
#[allow(dead_code)]
$vis const $name: &std::ffi::CStr = unsafe { std::ffi::CStr::from_bytes_with_nul_unchecked($key) };
}
}
Loading