Panic on error when setting default curves list

These lists are hardcoded and the calls have no business failing in the first place.
2023-09-14 20:00:10 +02:00 · 2023-09-14 20:00:10 +02:00 · 3b88f4ee5b
parent 7b0de9341c
commit 3b88f4ee5b
2 changed files with 10 additions and 8 deletions
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -2437,7 +2437,7 @@ impl SslRef {
    }

    #[cfg(feature = "kx-safe-default")]
-    fn client_set_default_curves_list(&mut self) -> Result<(), ErrorStack> {
+    fn client_set_default_curves_list(&mut self) {
        let curves = if cfg!(feature = "kx-client-pq-preferred") {
            if cfg!(feature = "kx-client-nist-required") {
                "P256Kyber768Draft00:P-256:P-384:P-521"
@ -2459,11 +2459,13 @@ impl SslRef {
        };

        self.set_curves_list(curves)
+            .expect("invalid default client curves list");
    }

    #[cfg(feature = "kx-safe-default")]
-    fn server_set_default_curves_list(&mut self) -> Result<(), ErrorStack> {
+    fn server_set_default_curves_list(&mut self) {
        self.set_curves_list("X25519Kyber768Draft00:P256Kyber768Draft00:X25519:P-256:P-384")
+            .expect("invalid default server curves list");
    }

    /// Like [`SslContextBuilder::set_verify`].
@ -3597,7 +3599,7 @@ where
        let mut stream = self.inner;

        #[cfg(feature = "kx-safe-default")]
-        stream.ssl.client_set_default_curves_list()?;
+        stream.ssl.client_set_default_curves_list();

        let ret = unsafe { ffi::SSL_connect(stream.ssl.as_ptr()) };
        if ret > 0 {
@ -3622,7 +3624,7 @@ where
        let mut stream = self.inner;

        #[cfg(feature = "kx-safe-default")]
-        stream.ssl.server_set_default_curves_list()?;
+        stream.ssl.server_set_default_curves_list();

        let ret = unsafe { ffi::SSL_accept(stream.ssl.as_ptr()) };
        if ret > 0 {
--- a/boring/src/ssl/test/mod.rs
+++ b/boring/src/ssl/test/mod.rs
@ -1122,8 +1122,8 @@ fn client_set_default_curves_list() {
    let ssl_ctx = SslContextBuilder::new(SslMethod::tls()).unwrap().build();
    let mut ssl = Ssl::new(&ssl_ctx).unwrap();

-    ssl.client_set_default_curves_list()
-        .expect("Failed to set curves list. Is Kyber768 missing in boringSSL?")
+    // Panics if Kyber768 missing in boringSSL.
+    ssl.client_set_default_curves_list();
 }

 #[cfg(feature = "kx-safe-default")]
@ -1132,6 +1132,6 @@ fn server_set_default_curves_list() {
    let ssl_ctx = SslContextBuilder::new(SslMethod::tls()).unwrap().build();
    let mut ssl = Ssl::new(&ssl_ctx).unwrap();

-    ssl.server_set_default_curves_list()
-        .expect("Failed to set curves list. Is Kyber768 missing in boringSSL?")
+    // Panics if Kyber768 missing in boringSSL.
+    ssl.server_set_default_curves_list();
 }