min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix PKey RSA constructors 

`set1` functions bump the object's refcount so we were previously
leaking the RSA object. Split the decode from PEM part out to a method
on RSA and use that in the PKey constructors.

Also make RSA a pointer and actually free it.
This commit is contained in:
Steven Fackler 2016-01-30 13:12:06 -08:00
parent b2e18c1d76
commit 4e58fd10de
2 changed files with 62 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
openssl/src/crypto/pkey.rs
View File

@ -9,6 +9,7 @@ use crypto::hash;
use crypto::hash::Type as HashType; use crypto::hash::Type as HashType;
use ffi; use ffi;
use ssl::error::{SslError, StreamError}; use ssl::error::{SslError, StreamError};
use crypto::rsa::RSA;
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
pub enum Parts { pub enum Parts {
@ -125,18 +126,10 @@ impl PKey {
pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
where R: Read where R: Read
{ {
let mut mem_bio = try!(MemBio::new()); let rsa = try!(RSA::private_key_from_pem(reader));
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(), let evp = try_ssl_null!(ffi::EVP_PKEY_new());
ptr::null_mut(), try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr()));
None,
ptr::null_mut()));
let evp = ffi::EVP_PKEY_new();
if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
return Err(SslError::get());
}
Ok(PKey { Ok(PKey {
evp: evp, evp: evp,
@ -149,18 +142,10 @@ impl PKey {
pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
where R: Read where R: Read
{ {
let mut mem_bio = try!(MemBio::new()); let rsa = try!(RSA::public_key_from_pem(reader));
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe { unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(), let evp = try_ssl_null!(ffi::EVP_PKEY_new());
ptr::null_mut(), try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr()));
None,
ptr::null_mut()));
let evp = ffi::EVP_PKEY_new();
if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
return Err(SslError::get());
}
Ok(PKey { Ok(PKey {
evp: evp, evp: evp,

64
openssl/src/crypto/rsa.rs
View File

@ -1,41 +1,87 @@
use ffi; use ffi;
use bn::BigNum;
use std::fmt; use std::fmt;
use ssl::error::SslError; use ssl::error::{SslError, StreamError};
use std::ptr;
use std::io::{self, Read};
pub struct RSA { use bn::BigNum;
rsa_obj : ffi::RSA use bio::MemBio;
pub struct RSA(*mut ffi::RSA);
impl Drop for RSA {
fn drop(&mut self) {
unsafe {
ffi::RSA_free(self.0);
}
}
} }
impl RSA { impl RSA {
/// Reads an RSA private key from PEM formatted data.
pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
ptr::null_mut(),
None,
ptr::null_mut()));
Ok(RSA(rsa))
}
}
/// Reads an RSA public key from PEM formatted data.
pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
unsafe {
let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(),
ptr::null_mut(),
None,
ptr::null_mut()));
Ok(RSA(rsa))
}
}
pub fn as_ptr(&self) -> *mut ffi::RSA {
self.0
}
// The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers // The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers
pub fn n(&self) -> Result<BigNum, SslError> { pub fn n(&self) -> Result<BigNum, SslError> {
unsafe { unsafe {
BigNum::new_from_ffi(self.rsa_obj.n) BigNum::new_from_ffi((*self.0).n)
} }
} }
pub fn d(&self) -> Result<BigNum, SslError> { pub fn d(&self) -> Result<BigNum, SslError> {
unsafe { unsafe {
BigNum::new_from_ffi(self.rsa_obj.d) BigNum::new_from_ffi((*self.0).d)
} }
} }
pub fn e(&self) -> Result<BigNum, SslError> { pub fn e(&self) -> Result<BigNum, SslError> {
unsafe { unsafe {
BigNum::new_from_ffi(self.rsa_obj.e) BigNum::new_from_ffi((*self.0).e)
} }
} }
pub fn p(&self) -> Result<BigNum, SslError> { pub fn p(&self) -> Result<BigNum, SslError> {
unsafe { unsafe {
BigNum::new_from_ffi(self.rsa_obj.p) BigNum::new_from_ffi((*self.0).p)
} }
} }
pub fn q(&self) -> Result<BigNum, SslError> { pub fn q(&self) -> Result<BigNum, SslError> {
unsafe { unsafe {
BigNum::new_from_ffi(self.rsa_obj.q) BigNum::new_from_ffi((*self.0).q)
} }
} }
} }