From 19440c298143aa311578ead17c8949312f4b94af Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 16 Oct 2016 19:06:02 -0700
Subject: [PATCH] More error cleanup

Also allocation free RSA
---
 openssl/src/crypto/dsa.rs    |   2 -
 openssl/src/crypto/pkcs12.rs |   5 +-
 openssl/src/crypto/pkey.rs   |  55 ++++----
 openssl/src/crypto/rand.rs   |   5 +-
 openssl/src/crypto/rsa.rs    | 261 ++++++++++++++++++-----------------
 5 files changed, 170 insertions(+), 158 deletions(-)

diff --git a/openssl/src/crypto/dsa.rs b/openssl/src/crypto/dsa.rs
index e0f31766..f9044661 100644
--- a/openssl/src/crypto/dsa.rs
+++ b/openssl/src/crypto/dsa.rs
@@ -236,11 +236,9 @@ impl fmt::Debug for DSA {
 
 #[cfg(test)]
 mod test {
-    use std::io::Write;
     use libc::c_char;
 
     use super::*;
-    use crypto::hash::*;
 
     #[test]
     pub fn test_generate() {
diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs
index b028f29d..846b7baf 100644
--- a/openssl/src/crypto/pkcs12.rs
+++ b/openssl/src/crypto/pkcs12.rs
@@ -6,6 +6,7 @@ use std::cmp;
 use std::ptr;
 use std::ffi::CString;
 
+use {cvt, cvt_p};
 use crypto::pkey::PKey;
 use error::ErrorStack;
 use x509::X509;
@@ -26,7 +27,7 @@ impl Pkcs12 {
             ffi::init();
             let mut ptr = der.as_ptr() as *const c_uchar;
             let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long;
-            let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length));
+            let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)));
             Ok(Pkcs12(p12))
         }
     }
@@ -40,7 +41,7 @@ impl Pkcs12 {
             let mut cert = ptr::null_mut();
             let mut chain = ptr::null_mut();
 
-            try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain));
+            try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)));
 
             let pkey = PKey::from_ptr(pkey);
             let cert = X509::from_ptr(cert);
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index 67ff7520..1d062cfa 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -3,6 +3,7 @@ use std::ptr;
 use std::mem;
 use ffi;
 
+use {cvt, cvt_p};
 use bio::{MemBio, MemBioSlice};
 use crypto::dsa::DSA;
 use crypto::rsa::RSA;
@@ -19,9 +20,9 @@ impl PKey {
     /// Create a new `PKey` containing an RSA key.
     pub fn from_rsa(rsa: RSA) -> Result<PKey, ErrorStack> {
         unsafe {
-            let evp = try_ssl_null!(ffi::EVP_PKEY_new());
+            let evp = try!(cvt_p(ffi::EVP_PKEY_new()));
             let pkey = PKey(evp);
-            try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _));
+            try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _)));
             mem::forget(rsa);
             Ok(pkey)
         }
@@ -30,9 +31,9 @@ impl PKey {
     /// Create a new `PKey` containing a DSA key.
     pub fn from_dsa(dsa: DSA) -> Result<PKey, ErrorStack> {
         unsafe {
-            let evp = try_ssl_null!(ffi::EVP_PKEY_new());
+            let evp = try!(cvt_p(ffi::EVP_PKEY_new()));
             let pkey = PKey(evp);
-            try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _));
+            try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _)));
             mem::forget(dsa);
             Ok(pkey)
         }
@@ -42,10 +43,10 @@ impl PKey {
     pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> {
         unsafe {
             assert!(key.len() <= c_int::max_value() as usize);
-            let key = try_ssl_null!(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC,
-                                                              ptr::null_mut(),
-                                                              key.as_ptr() as *const _,
-                                                              key.len() as c_int));
+            let key = try!(cvt_p(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC,
+                                                           ptr::null_mut(),
+                                                           key.as_ptr() as *const _,
+                                                           key.len() as c_int)));
             Ok(PKey(key))
         }
     }
@@ -59,10 +60,10 @@ impl PKey {
         ffi::init();
         let mem_bio = try!(MemBioSlice::new(buf));
         unsafe {
-            let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
-                                                                 ptr::null_mut(),
-                                                                 None,
-                                                                 ptr::null_mut()));
+            let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
+                                                              ptr::null_mut(),
+                                                              None,
+                                                              ptr::null_mut())));
             Ok(PKey::from_ptr(evp))
         }
     }
@@ -79,10 +80,10 @@ impl PKey {
         let mut cb = CallbackState::new(pass_cb);
         let mem_bio = try!(MemBioSlice::new(buf));
         unsafe {
-            let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
-                                                                 ptr::null_mut(),
-                                                                 Some(invoke_passwd_cb::<F>),
-                                                                 &mut cb as *mut _ as *mut c_void));
+            let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(),
+                                                              ptr::null_mut(),
+                                                              Some(invoke_passwd_cb::<F>),
+                                                              &mut cb as *mut _ as *mut c_void)));
             Ok(PKey::from_ptr(evp))
         }
     }
@@ -92,10 +93,10 @@ impl PKey {
         ffi::init();
         let mem_bio = try!(MemBioSlice::new(buf));
         unsafe {
-            let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(),
-                                                             ptr::null_mut(),
-                                                             None,
-                                                             ptr::null_mut()));
+            let evp = try!(cvt_p(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(),
+                                                          ptr::null_mut(),
+                                                          None,
+                                                          ptr::null_mut())));
             Ok(PKey::from_ptr(evp))
         }
     }
@@ -105,15 +106,15 @@ impl PKey {
         unsafe {
             // this needs to be a reference as the set1_RSA ups the reference count
             let rsa_ptr = rsa.as_ptr();
-            try_ssl!(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr));
+            try!(cvt(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr)));
             Ok(())
         }
     }
 
     /// Get a reference to the interal RSA key for direct access to the key components
-    pub fn get_rsa(&self) -> Result<RSA, ErrorStack> {
+    pub fn rsa(&self) -> Result<RSA, ErrorStack> {
         unsafe {
-            let rsa = try_ssl_null!(ffi::EVP_PKEY_get1_RSA(self.0));
+            let rsa = try!(cvt_p(ffi::EVP_PKEY_get1_RSA(self.0)));
             // this is safe as the ffi increments a reference counter to the internal key
             Ok(RSA::from_ptr(rsa))
         }
@@ -124,13 +125,13 @@ impl PKey {
     pub fn private_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
         let mem_bio = try!(MemBio::new());
         unsafe {
-            try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(),
+            try!(cvt(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(),
                                                    self.0,
                                                    ptr::null(),
                                                    ptr::null_mut(),
                                                    -1,
                                                    None,
-                                                   ptr::null_mut()));
+                                                   ptr::null_mut())));
 
         }
         Ok(mem_bio.get_buf().to_owned())
@@ -139,7 +140,9 @@ impl PKey {
     /// Stores public key as a PEM
     pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
         let mem_bio = try!(MemBio::new());
-        unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)) }
+        unsafe {
+            try!(cvt(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)));
+        }
         Ok(mem_bio.get_buf().to_owned())
     }
 
diff --git a/openssl/src/crypto/rand.rs b/openssl/src/crypto/rand.rs
index 519449e9..c1c49e7b 100644
--- a/openssl/src/crypto/rand.rs
+++ b/openssl/src/crypto/rand.rs
@@ -1,13 +1,14 @@
 use libc::c_int;
 use ffi;
+
+use cvt;
 use error::ErrorStack;
 
 pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
     unsafe {
         ffi::init();
         assert!(buf.len() <= c_int::max_value() as usize);
-        try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1);
-        Ok(())
+        cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ())
     }
 }
 
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 1212ee3a..95675abe 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -4,6 +4,7 @@ use std::ptr;
 use std::mem;
 use libc::{c_int, c_void, c_char};
 
+use {cvt, cvt_p, cvt_n};
 use bn::{BigNum, BigNumRef};
 use bio::{MemBio, MemBioSlice};
 use error::ErrorStack;
@@ -42,11 +43,11 @@ impl RSA {
     /// the supplied load and save methods for DER formatted keys.
     pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> {
         unsafe {
-            let rsa = RSA(try_ssl_null!(ffi::RSA_new()));
-            try_ssl!(compat::set_key(rsa.0,
+            let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
+            try!(cvt(compat::set_key(rsa.0,
                                      n.as_ptr(),
                                      e.as_ptr(),
-                                     ptr::null_mut()));
+                                     ptr::null_mut())));
             mem::forget((n, e));
             Ok(rsa)
         }
@@ -62,13 +63,13 @@ impl RSA {
                                    qi: BigNum)
                                    -> Result<RSA, ErrorStack> {
         unsafe {
-            let rsa = RSA(try_ssl_null!(ffi::RSA_new()));
-            try_ssl!(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()));
+            let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
+            try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())));
             mem::forget((n, e, d));
-            try_ssl!(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()));
+            try!(cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())));
             mem::forget((p, q));
-            try_ssl!(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(),
-                                            qi.as_ptr()));
+            try!(cvt(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(),
+                                            qi.as_ptr())));
             mem::forget((dp, dq, qi));
             Ok(rsa)
         }
@@ -83,12 +84,9 @@ impl RSA {
     /// The public exponent will be 65537.
     pub fn generate(bits: u32) -> Result<RSA, ErrorStack> {
         unsafe {
-            let rsa = try_ssl_null!(ffi::RSA_new());
-            let rsa = RSA(rsa);
+            let rsa = RSA(try!(cvt_p(ffi::RSA_new())));
             let e = try!(BigNum::new_from(ffi::RSA_F4 as u32));
-
-            try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut()));
-
+            try!(cvt(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut())));
             Ok(rsa)
         }
     }
@@ -97,10 +95,10 @@ impl RSA {
     pub fn private_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> {
         let mem_bio = try!(MemBioSlice::new(buf));
         unsafe {
-            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
-                                                                    ptr::null_mut(),
-                                                                    None,
-                                                                    ptr::null_mut()));
+            let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
+                                                                 ptr::null_mut(),
+                                                                 None,
+                                                                 ptr::null_mut())));
             Ok(RSA(rsa))
         }
     }
@@ -114,11 +112,10 @@ impl RSA {
 
         unsafe {
             let cb_ptr = &mut cb as *mut _ as *mut c_void;
-            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
-                                                                    ptr::null_mut(),
-                                                                    Some(invoke_passwd_cb::<F>),
-                                                                    cb_ptr));
-
+            let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(),
+                                                                 ptr::null_mut(),
+                                                                 Some(invoke_passwd_cb::<F>),
+                                                                 cb_ptr)));
             Ok(RSA(rsa))
         }
     }
@@ -127,10 +124,10 @@ impl RSA {
     pub fn public_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> {
         let mem_bio = try!(MemBioSlice::new(buf));
         unsafe {
-            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(),
-                                                                 ptr::null_mut(),
-                                                                 None,
-                                                                 ptr::null_mut()));
+            let rsa = try!(cvt_p(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(),
+                                                              ptr::null_mut(),
+                                                              None,
+                                                              ptr::null_mut())));
             Ok(RSA(rsa))
         }
     }
@@ -140,13 +137,13 @@ impl RSA {
         let mem_bio = try!(MemBio::new());
 
         unsafe {
-            try_ssl!(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(),
-                                             self.0,
-                                             ptr::null(),
-                                             ptr::null_mut(),
-                                             0,
-                                             None,
-                                             ptr::null_mut()));
+            try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(),
+                                                      self.0,
+                                                      ptr::null(),
+                                                      ptr::null_mut(),
+                                                      0,
+                                                      None,
+                                                      ptr::null_mut())));
         }
         Ok(mem_bio.get_buf().to_owned())
     }
@@ -156,93 +153,113 @@ impl RSA {
         let mem_bio = try!(MemBio::new());
 
         unsafe {
-            try_ssl!(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0))
-        };
+            try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0)));
+        }
 
         Ok(mem_bio.get_buf().to_owned())
     }
 
-    pub fn size(&self) -> Option<u32> {
-        if self.n().is_some() {
-            unsafe { Some(ffi::RSA_size(self.0) as u32) }
-        } else {
-            None
+    pub fn size(&self) -> usize {
+        unsafe {
+            assert!(self.n().is_some());
+
+            ffi::RSA_size(self.0) as usize
         }
     }
 
-    /**
-     * Decrypts data with the private key, using provided padding, returning the decrypted data.
-     */
-    pub fn private_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> {
+    /// Decrypts data using the private key, returning the number of decrypted bytes.
+    ///
+    /// # Panics
+    ///
+    /// Panics if `self` has no private components, or if `to` is smaller
+    /// than `self.size()`.
+    pub fn private_decrypt(&self,
+                           from: &[u8],
+                           to: &mut [u8],
+                           padding: Padding)
+                           -> Result<usize, ErrorStack> {
         assert!(self.d().is_some(), "private components missing");
-        let k_len = self.size().expect("RSA missing an n");
-        let mut to: Vec<u8> = vec![0; k_len as usize];
+        assert!(from.len() <= i32::max_value() as usize);
+        assert!(to.len() >= self.size());
 
         unsafe {
-            let enc_len = try_ssl_returns_size!(ffi::RSA_private_decrypt(from.len() as i32,
-                                   from.as_ptr(),
-                                   to.as_mut_ptr(),
-                                   self.0,
-                                   padding.0));
-           to.truncate(enc_len as usize);
-           Ok(to)
+            let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int,
+                                                          from.as_ptr(),
+                                                          to.as_mut_ptr(),
+                                                          self.0,
+                                                          padding.0)));
+           Ok(len as usize)
         }
     }
 
-    /**
-     * Encrypts data with the private key, using provided padding, returning the encrypted data.
-     */
-    pub fn private_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> {
+    /// Encrypts data using the private key, returning the number of encrypted bytes.
+    ///
+    /// # Panics
+    ///
+    /// Panics if `self` has no private components, or if `to` is smaller
+    /// than `self.size()`.
+    pub fn private_encrypt(&self,
+                           from: &[u8],
+                           to: &mut [u8],
+                           padding: Padding)
+                           -> Result<usize, ErrorStack> {
         assert!(self.d().is_some(), "private components missing");
-        let k_len = self.size().expect("RSA missing an n");
-        let mut to:Vec<u8> = vec![0; k_len as usize];
+        assert!(from.len() <= i32::max_value() as usize);
+        assert!(to.len() >= self.size());
 
         unsafe {
-            let enc_len = try_ssl_returns_size!(ffi::RSA_private_encrypt(from.len() as c_int,
-                                   from.as_ptr(),
-                                   to.as_mut_ptr(),
-                                   self.0,
-                                   padding.0));
-           assert!(enc_len as u32 == k_len);
-
-           Ok(to)
+            let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int,
+                                                          from.as_ptr(),
+                                                          to.as_mut_ptr(),
+                                                          self.0,
+                                                          padding.0)));
+           Ok(len as usize)
         }
     }
 
-    /**
-     * Decrypts data with the public key, using provided padding, returning the decrypted data.
-     */
-    pub fn public_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> {
-        let k_len = self.size().expect("RSA missing an n");
-        let mut to: Vec<u8> = vec![0; k_len as usize];
+    /// Decrypts data using the public key, returning the number of decrypted bytes.
+    ///
+    /// # Panics
+    ///
+    /// Panics if `to` is smaller than `self.size()`.
+    pub fn public_decrypt(&self,
+                          from: &[u8],
+                          to: &mut [u8],
+                          padding: Padding)
+                          -> Result<usize, ErrorStack> {
+        assert!(from.len() <= i32::max_value() as usize);
+        assert!(to.len() >= self.size());
 
         unsafe {
-            let enc_len = try_ssl_returns_size!(ffi::RSA_public_decrypt(from.len() as i32,
-                                   from.as_ptr(),
-                                   to.as_mut_ptr(),
-                                   self.0,
-                                   padding.0));
-           to.truncate(enc_len as usize);
-           Ok(to)
+            let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int,
+                                                         from.as_ptr(),
+                                                         to.as_mut_ptr(),
+                                                         self.0,
+                                                         padding.0)));
+            Ok(len as usize)
         }
     }
 
-    /**
-     * Encrypts data with the public key, using provided padding, returning the encrypted data.
-     */
-    pub fn public_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> {
-        let k_len = self.size().expect("RSA missing an n");
-        let mut to:Vec<u8> = vec![0; k_len as usize];
+    /// Encrypts data using the private key, returning the number of encrypted bytes.
+    ///
+    /// # Panics
+    ///
+    /// Panics if `to` is smaller than `self.size()`.
+    pub fn public_encrypt(&self,
+                          from: &[u8],
+                          to: &mut [u8],
+                          padding: Padding)
+                          -> Result<usize, ErrorStack> {
+        assert!(from.len() <= i32::max_value() as usize);
+        assert!(to.len() >= self.size());
 
         unsafe {
-            let enc_len = try_ssl_returns_size!(ffi::RSA_public_encrypt(from.len() as c_int,
-                                   from.as_ptr(),
-                                   to.as_mut_ptr(),
-                                   self.0,
-                                   padding.0));
-           assert!(enc_len as u32 == k_len);
-
-           Ok(to)
+            let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int,
+                                                         from.as_ptr(),
+                                                         to.as_mut_ptr(),
+                                                         self.0,
+                                                         padding.0)));
+            Ok(len as usize)
         }
     }
 
@@ -424,55 +441,47 @@ mod test {
         let key = include_bytes!("../../test/rsa.pem.pub");
         let public_key = RSA::public_key_from_pem(key).unwrap();
 
-        let original_data: Vec<u8> = "This is test".to_string().into_bytes();
-        let result = public_key.public_encrypt(&original_data, Padding::pkcs1()).unwrap();
-
-        assert_eq!(result.len(), 256);
+        let mut result = vec![0; public_key.size()];
+        let original_data = b"This is test";
+        let len = public_key.public_encrypt(original_data, &mut result, Padding::pkcs1()).unwrap();
+        assert_eq!(len, 256);
 
         let pkey = include_bytes!("../../test/rsa.pem");
         let private_key = RSA::private_key_from_pem(pkey).unwrap();
-        let dec_result = private_key.private_decrypt(&result, Padding::pkcs1()).unwrap();
+        let mut dec_result = vec![0; private_key.size()];
+        let len = private_key.private_decrypt(&result, &mut dec_result, Padding::pkcs1()).unwrap();
 
-       assert_eq!(dec_result, original_data);
+       assert_eq!(&dec_result[..len], original_data);
     }
 
     #[test]
    fn test_private_encrypt() {
-       let k0 = super::RSA::generate(512).unwrap();
-       let k0pkey = k0.public_key_to_pem().unwrap();
-       let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
+        let k0 = super::RSA::generate(512).unwrap();
+        let k0pkey = k0.public_key_to_pem().unwrap();
+        let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
 
-       let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+        let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
 
-       let emsg = k0.private_encrypt(&msg, Padding::pkcs1()).unwrap();
-       let dmsg = k1.public_decrypt(&emsg, Padding::pkcs1()).unwrap();
-       assert!(msg == dmsg);
+        let mut emesg = vec![0; k0.size()];
+        k0.private_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap();
+        let mut dmesg = vec![0; k1.size()];
+        let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap();
+        assert_eq!(msg, &dmesg[..len]);
    }
 
    #[test]
    fn test_public_encrypt() {
        let k0 = super::RSA::generate(512).unwrap();
-       let k0pkey = k0.public_key_to_pem().unwrap();
-       let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
+       let k0pkey = k0.private_key_to_pem().unwrap();
+       let k1 = super::RSA::private_key_from_pem(&k0pkey).unwrap();
 
-       let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+       let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
 
-       let emsg = k1.public_encrypt(&msg, Padding::pkcs1_oaep()).unwrap();
-       let dmsg = k0.private_decrypt(&emsg, Padding::pkcs1_oaep()).unwrap();
-       assert!(msg == dmsg);
-   }
-
-   #[test]
-   fn test_public_encrypt_pkcs() {
-       let k0 = super::RSA::generate(512).unwrap();
-       let k0pkey = k0.public_key_to_pem().unwrap();
-       let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap();
-
-       let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
-
-       let emsg = k1.public_encrypt(&msg, super::Padding::pkcs1()).unwrap();
-       let dmsg = k0.private_decrypt(&emsg, super::Padding::pkcs1()).unwrap();
-       assert!(msg == dmsg);
+       let mut emesg = vec![0; k0.size()];
+       k0.public_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap();
+       let mut dmesg = vec![0; k1.size()];
+       let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap();
+       assert_eq!(msg, &dmesg[..len]);
    }
 
 }