From c15642ccea8e38362ab65cfbb94d638518375658 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 10 Aug 2016 21:25:18 -0700 Subject: [PATCH] Tweaks --- openssl/src/crypto/dsa.rs | 7 +++---- openssl/src/crypto/rand.rs | 20 +++++++------------- openssl/src/x509/mod.rs | 11 ++++++----- 3 files changed, 16 insertions(+), 22 deletions(-) diff --git a/openssl/src/crypto/dsa.rs b/openssl/src/crypto/dsa.rs index 7e6f0381..7d6e1c05 100644 --- a/openssl/src/crypto/dsa.rs +++ b/openssl/src/crypto/dsa.rs @@ -15,7 +15,7 @@ use crypto::util::{CallbackState, invoke_passwd_cb}; pub struct DSAParams(*mut ffi::DSA); impl DSAParams { - pub fn with_size(size: usize) -> Result { + pub fn with_size(size: u32) -> Result { unsafe { // Wrap it so that if we panic we'll call the dtor let dsa = DSAParams(try_ssl_null!(ffi::DSA_new())); @@ -55,14 +55,13 @@ impl Drop for DSA { } impl DSA { - /// the caller should assert that the dsa pointer is valid. - pub unsafe fn from_raw(dsa: *mut ffi::DSA) -> DSA { + pub unsafe fn from_ptr(dsa: *mut ffi::DSA) -> DSA { DSA(dsa) } /// Generate a DSA key pair /// For more complicated key generation scenarios see the `DSAParams` type - pub fn generate(size: usize) -> Result { + pub fn generate(size: u32) -> Result { let params = try!(DSAParams::with_size(size)); params.generate() } diff --git a/openssl/src/crypto/rand.rs b/openssl/src/crypto/rand.rs index ba57a8a1..519449e9 100644 --- a/openssl/src/crypto/rand.rs +++ b/openssl/src/crypto/rand.rs @@ -1,19 +1,13 @@ use libc::c_int; use ffi; +use error::ErrorStack; -pub fn rand_bytes(len: usize) -> Vec { +pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { - let mut out = Vec::with_capacity(len); - ffi::init(); - let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int); - if r != 1 as c_int { - panic!() - } - - out.set_len(len); - - out + assert!(buf.len() <= c_int::max_value() as usize); + try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1); + Ok(()) } } @@ -23,7 +17,7 @@ mod tests { #[test] fn test_rand_bytes() { - let bytes = rand_bytes(32); - println!("{:?}", bytes); + let mut buf = [0; 32]; + rand_bytes(&mut buf).unwrap(); } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 31c67453..cf5f4595 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -275,9 +275,10 @@ impl X509Generator { }) } - fn random_serial() -> c_long { + fn random_serial() -> Result { let len = mem::size_of::(); - let bytes = rand_bytes(len); + let mut bytes = vec![0; len]; + try!(rand_bytes(&mut bytes)); let mut res = 0; for b in bytes.iter() { res = res << 8; @@ -287,7 +288,7 @@ impl X509Generator { // While OpenSSL is actually OK to have negative serials // other libraries (for example, Go crypto) can drop // such certificates as invalid, so we clear the high bit - ((res as c_ulong) >> 1) as c_long + Ok(((res as c_ulong) >> 1) as c_long) } /// Sets the certificate public-key, then self-sign and return it @@ -301,7 +302,7 @@ impl X509Generator { try_ssl!(ffi::X509_set_version(x509.handle(), 2)); try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle()), - X509Generator::random_serial())); + try!(X509Generator::random_serial()))); let not_before = try!(Asn1Time::days_from_now(0)); let not_after = try!(Asn1Time::days_from_now(self.days)); @@ -839,7 +840,7 @@ impl<'a> GeneralName<'a> { fn test_negative_serial() { // I guess that's enough to get a random negative number for _ in 0..1000 { - assert!(X509Generator::random_serial() > 0, + assert!(X509Generator::random_serial().unwrap() > 0, "All serials should be positive"); } }