Implement SSL_CIPHER_get_auth_nid

Author: ctz

MATRIX.md

@@ -30,7 +30,7 @@
 | `SRP_Calc_A_param` [^deprecatedin_3_0] [^srp] |  |  |  |  |
 | `SSL_CIPHER_description`  |  | :white_check_mark: |  | :white_check_mark: |
 | `SSL_CIPHER_find`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| `SSL_CIPHER_get_auth_nid`  |  |  | :white_check_mark: |  |
+| `SSL_CIPHER_get_auth_nid`  |  |  | :white_check_mark: | :white_check_mark: |
 | `SSL_CIPHER_get_bits`  |  |  | :white_check_mark: | :white_check_mark: |
 | `SSL_CIPHER_get_cipher_nid`  |  |  |  |  |
 | `SSL_CIPHER_get_digest_nid`  |  |  |  |  |

build.rs

@@ -52,6 +52,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_check_private_key",
     "SSL_CIPHER_description",
     "SSL_CIPHER_find",
+    "SSL_CIPHER_get_auth_nid",
     "SSL_CIPHER_get_bits",
     "SSL_CIPHER_get_id",
     "SSL_CIPHER_get_name",

src/constants.rs

@@ -150,3 +150,7 @@ pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
         _ => None,
     }
 }
+
+pub(super) const NID_AUTH_ANY: c_int = 1064;
+pub(super) const NID_AUTH_ECDSA: c_int = 1047;
+pub(super) const NID_AUTH_RSA: c_int = 1046;

src/entry.rs

@@ -1550,6 +1550,12 @@ entry! {
     }
 }
 
+entry! {
+    pub fn _SSL_CIPHER_get_auth_nid(cipher: *const SSL_CIPHER) -> c_int {
+        try_ref_from_ptr!(cipher).auth
+    }
+}
+
 entry! {
     pub fn _SSL_CIPHER_get_protocol_id(cipher: *const SSL_CIPHER) -> u16 {
         try_ref_from_ptr!(cipher).protocol_id()

src/lib.rs

@@ -93,6 +93,7 @@ static TLS_METHOD: SslMethod = SslMethod {
 /// Functions that return `SSL_CIPHER` give static-lifetime pointers.
 pub struct SslCipher {
     pub bits: usize,
+    pub auth: i32,
     pub openssl_name: &'static CStr,
     pub standard_name: &'static CStr,
     pub version: &'static CStr,
@@ -139,6 +140,7 @@ impl SslCipher {
 
 static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    auth: constants::NID_AUTH_ECDSA,
     bits: 128,
     openssl_name: c"ECDHE-ECDSA-AES128-GCM-SHA256",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
@@ -148,6 +150,7 @@ static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
 
 static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    auth: constants::NID_AUTH_ECDSA,
     bits: 256,
     openssl_name: c"ECDHE-ECDSA-AES256-GCM-SHA384",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
@@ -157,6 +160,7 @@ static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
 
 static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    auth: constants::NID_AUTH_ECDSA,
     bits: 256,
     openssl_name: c"ECDHE-ECDSA-CHACHA20-POLY1305",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
@@ -166,6 +170,7 @@ static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
 
 static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    auth: constants::NID_AUTH_RSA,
     bits: 128,
     openssl_name: c"ECDHE-RSA-AES128-GCM-SHA256",
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
@@ -175,6 +180,7 @@ static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
 
 static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    auth: constants::NID_AUTH_RSA,
     bits: 256,
     openssl_name: c"ECDHE-RSA-AES256-GCM-SHA384",
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
@@ -184,6 +190,7 @@ static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
 
 static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    auth: constants::NID_AUTH_RSA,
     bits: 256,
     openssl_name: c"ECDHE-RSA-CHACHA20-POLY1305",
     standard_name: c"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
@@ -193,6 +200,7 @@ static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
 
 static TLS13_AES_128_GCM_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS13_AES_128_GCM_SHA256,
+    auth: constants::NID_AUTH_ANY,
     bits: 128,
     openssl_name: c"TLS_AES_128_GCM_SHA256",
     standard_name: c"TLS_AES_128_GCM_SHA256",
@@ -202,6 +210,7 @@ static TLS13_AES_128_GCM_SHA256: SslCipher = SslCipher {
 
 static TLS13_AES_256_GCM_SHA384: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS13_AES_256_GCM_SHA384,
+    auth: constants::NID_AUTH_ANY,
     bits: 256,
     openssl_name: c"TLS_AES_256_GCM_SHA384",
     standard_name: c"TLS_AES_256_GCM_SHA384",
@@ -211,6 +220,7 @@ static TLS13_AES_256_GCM_SHA384: SslCipher = SslCipher {
 
 static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     rustls: &provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
+    auth: constants::NID_AUTH_ANY,
     bits: 256,
     openssl_name: c"TLS_CHACHA20_POLY1305_SHA256",
     standard_name: c"TLS_CHACHA20_POLY1305_SHA256",

tests/ciphers.c

@@ -8,12 +8,13 @@
 
 static void print_cipher(const SSL_CIPHER *cipher) {
   if (cipher) {
-    printf("openssl_id=0x%08x protocol_id=0x%08x ", SSL_CIPHER_get_id(cipher),
-           SSL_CIPHER_get_protocol_id(cipher));
+    printf("openssl_id=0x%08x protocol_id=0x%08x auth=%d ",
+           SSL_CIPHER_get_id(cipher), SSL_CIPHER_get_protocol_id(cipher),
+           SSL_CIPHER_get_auth_nid(cipher));
   } else {
-    // SSL_CIPHER_get_id(NULL) and SSL_CIPHER_get_protocol_id(NULL) both
-    // segfault
-    printf("openssl_id=undef protocol_id=undef ");
+    // SSL_CIPHER_get_id(NULL), SSL_CIPHER_get_protocol_id(NULL),
+    // SSL_CIPHER_get_auth_nid(NULL) all segfault
+    printf("openssl_id=undef protocol_id=undef auth=undef ");
   }
   int alg_bits = -1;
   printf("bits=%d ", SSL_CIPHER_get_bits(cipher, &alg_bits));