From a5ede6a85101f294333ce7f102cb98d718b53638 Mon Sep 17 00:00:00 2001
From: Chris Dawes <cmsd2@cantab.net>
Date: Wed, 4 May 2016 09:00:05 +0100
Subject: [PATCH] add missing NIDs and use Nid as input to signing

---
 openssl/src/crypto/rsa.rs | 27 ++++--------------
 openssl/src/nid.rs        | 58 +++++++++++++++++++++++++++------------
 2 files changed, 45 insertions(+), 40 deletions(-)

diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index ada5f1c1a..f9d1dece0 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -6,24 +6,7 @@ use std::io::{self, Read};
 
 use bn::BigNum;
 use bio::MemBio;
-
-#[derive(Copy, Clone, Debug)]
-pub enum PKCSHashType {
-    SHA256,
-    SHA384,
-    SHA512
-}
-
-/// https://github.com/openssl/openssl/blob/master/include/openssl/obj_mac.h#L2790
-impl Into<i32> for PKCSHashType {
-    fn into(self) -> i32 {
-        match self {
-            PKCSHashType::SHA256 => 672,
-            PKCSHashType::SHA384 => 673,
-            PKCSHashType::SHA512 => 674
-        }
-    }
-}
+use nid::Nid;
 
 pub struct RSA(*mut ffi::RSA);
 
@@ -109,13 +92,13 @@ impl RSA {
         }
     }
     
-    pub fn sign(&self, hash_id: PKCSHashType, message: &[u8]) -> Result<Vec<u8>, SslError> {
+    pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result<Vec<u8>, SslError> {
         let k_len = try!(self.size());
         let mut sig = vec![0;k_len as usize];
         let mut sig_len = k_len;
         
         unsafe {
-            let result = ffi::RSA_sign(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
+            let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
             assert!(sig_len == k_len);
             
             if result == 1 {
@@ -126,9 +109,9 @@ impl RSA {
         }
     }
     
-    pub fn verify(&self, hash_id: PKCSHashType, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
+    pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
         unsafe {
-            let result = ffi::RSA_verify(hash_id.into(), message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
+            let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
             
             Ok(result == 1)
         }
diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs
index bfcae15aa..21ef18e0b 100644
--- a/openssl/src/nid.rs
+++ b/openssl/src/nid.rs
@@ -2,7 +2,7 @@
 #[derive(Copy, Clone, Hash, PartialEq, Eq)]
 #[repr(usize)]
 pub enum Nid {
-    Undefined,
+    Undefined, // 0
     Rsadsi,
     Pkcs,
     MD2,
@@ -12,7 +12,7 @@ pub enum Nid {
     RsaEncryption,
     RSA_MD2,
     RSA_MD5,
-    PBE_MD2_DES,
+    PBE_MD2_DES, // 10
     X500,
     x509,
     CN,
@@ -22,7 +22,7 @@ pub enum Nid {
     O,
     OU,
     RSA,
-    Pkcs7,
+    Pkcs7, // 20
     Pkcs7_data,
     Pkcs7_signedData,
     Pkcs7_envelopedData,
@@ -32,7 +32,7 @@ pub enum Nid {
     Pkcs3,
     DhKeyAgreement,
     DES_ECB,
-    DES_CFB,
+    DES_CFB, // 30
     DES_CBC,
     DES_EDE,
     DES_EDE3,
@@ -42,7 +42,7 @@ pub enum Nid {
     RC2_CBC,
     RC2_ECB,
     RC2_CFB,
-    RC2_OFB,
+    RC2_OFB, // 40
     SHA,
     RSA_SHA,
     DES_EDE_CBC,
@@ -52,7 +52,7 @@ pub enum Nid {
     Pkcs9,
     Email,
     UnstructuredName,
-    ContentType,
+    ContentType, // 50
     MessageDigest,
     SigningTime,
     CounterSignature,
@@ -62,7 +62,7 @@ pub enum Nid {
     Netscape,
     NetscapeCertExtention,
     NetscapeDatatype,
-    DES_EDE_CFB64,
+    DES_EDE_CFB64, // 60
     DES_EDE3_CFB64,
     DES_EDE_OFB64,
     DES_EDE3_OFB64,
@@ -72,7 +72,7 @@ pub enum Nid {
     DSA_OLD,
     PBE_SHA1_RC2_64,
     PBKDF2,
-    DSA_SHA1_OLD,
+    DSA_SHA1_OLD, // 70
     NetscapeCertType,
     NetscapeBaseUrl,
     NetscapeRevocationUrl,
@@ -82,7 +82,7 @@ pub enum Nid {
     NetscapeSSLServerName,
     NetscapeComment,
     NetscapeCertSequence,
-    DESX_CBC,
+    DESX_CBC, // 80
     ID_CE,
     SubjectKeyIdentifier,
     KeyUsage,
@@ -92,7 +92,7 @@ pub enum Nid {
     BasicConstraints,
     CrlNumber,
     CertificatePolicies,
-    AuthorityKeyIdentifier,
+    AuthorityKeyIdentifier, // 90
     BF_CBC,
     BF_ECB,
     BF_CFB,
@@ -102,7 +102,7 @@ pub enum Nid {
     RC4_40,
     RC2_40_CBC,
     G,
-    S,
+    S, // 100
     I,
     /// uniqueIdentifier
     UID,
@@ -113,7 +113,7 @@ pub enum Nid {
     D,
     CAST5_CBC,
     CAST5_ECB,
-    CAST5_CFB,
+    CAST5_CFB, // 110
     CAST5_OFB,
     PbeWithMD5AndCast5CBC,
     DSA_SHA1,
@@ -123,7 +123,7 @@ pub enum Nid {
     RIPEMD160,
     // 118 missing
     RSA_RIPEMD160 = 119,
-    RC5_CBC,
+    RC5_CBC, // 120
     RC5_ECB,
     RC5_CFB,
     RC5_OFB,
@@ -133,7 +133,7 @@ pub enum Nid {
     PKIX,
     ID_KP,
     ServerAuth,
-    ClientAuth,
+    ClientAuth, // 130
     CodeSigning,
     EmailProtection,
     TimeStamping,
@@ -143,7 +143,7 @@ pub enum Nid {
     MsSGC,
     MsEFS,
     NsSGC,
-    DeltaCRL,
+    DeltaCRL, // 140
     CRLReason,
     InvalidityDate,
     SXNetID,
@@ -153,7 +153,7 @@ pub enum Nid {
     PBE_SHA1_2DES,
     PBE_SHA1_RC2_128,
     PBE_SHA1_RC2_40,
-    KeyBag,
+    KeyBag, // 150
     Pkcs8ShroudedKeyBag,
     CertBag,
     CrlBag,
@@ -163,7 +163,7 @@ pub enum Nid {
     LocalKeyID,
     X509Certificate,
     SdsiCertificate,
-    X509Crl,
+    X509Crl, // 160
     PBES2,
     PBMAC1,
     HmacWithSha1,
@@ -171,6 +171,28 @@ pub enum Nid {
     ID_QT_UNOTICE,
     RC2_64_CBC,
     SMIMECaps,
+    PBE_MD2_RC2_64,
+    PBE_MD5_RC2_64,
+    PBE_SHA1_DES,
+    MicrosoftExtensionRequest,
+    ExtensionRequest,
+    Name,
+    DnQualifier,
+    IdPe,
+    IdAd,
+    AuthorityInfoAccess,
+    OCSP,
+    CaIssuers,
+    OCSPSigning, // 180
+    
+    // 181 and up are from openssl's obj_mac.h
+
+
     /// Shown as UID in cert subject
-    UserId = 458
+    UserId = 458,
+
+    
+    SHA256 = 672,
+    SHA384,
+    SHA512,
 }
-- 
GitLab