Tweaks

openssl/src/crypto/dsa.rs

@@ -15,7 +15,7 @@ use crypto::util::{CallbackState, invoke_passwd_cb};
 pub struct DSAParams(*mut ffi::DSA);
 
 impl DSAParams {
-    pub fn with_size(size: usize) -> Result<DSAParams, ErrorStack> {
+    pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {
         unsafe {
             // Wrap it so that if we panic we'll call the dtor
             let dsa = DSAParams(try_ssl_null!(ffi::DSA_new()));
@@ -55,14 +55,13 @@ impl Drop for DSA {
 }
 
 impl DSA {
-    /// the caller should assert that the dsa pointer is valid.
+    pub unsafe fn from_ptr(dsa: *mut ffi::DSA) -> DSA {
-    pub unsafe fn from_raw(dsa: *mut ffi::DSA) -> DSA {
         DSA(dsa)
     }
 
     /// Generate a DSA key pair
     /// For more complicated key generation scenarios see the `DSAParams` type
-    pub fn generate(size: usize) -> Result<DSA, ErrorStack> {
+    pub fn generate(size: u32) -> Result<DSA, ErrorStack> {
         let params = try!(DSAParams::with_size(size));
         params.generate()
     }

openssl/src/crypto/rand.rs

@@ -1,19 +1,13 @@
 use libc::c_int;
 use ffi;
+use error::ErrorStack;
 
-pub fn rand_bytes(len: usize) -> Vec<u8> {
+pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
     unsafe {
-        let mut out = Vec::with_capacity(len);
-
         ffi::init();
-        let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int);
+        assert!(buf.len() <= c_int::max_value() as usize);
-        if r != 1 as c_int {
+        try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1);
-            panic!()
+        Ok(())
-        }
-
-        out.set_len(len);
-
-        out
     }
 }
 
@@ -23,7 +17,7 @@ mod tests {
 
     #[test]
     fn test_rand_bytes() {
-        let bytes = rand_bytes(32);
+        let mut buf = [0; 32];
-        println!("{:?}", bytes);
+        rand_bytes(&mut buf).unwrap();
     }
 }

openssl/src/x509/mod.rs

@@ -275,9 +275,10 @@ impl X509Generator {
         })
     }
 
-    fn random_serial() -> c_long {
+    fn random_serial() -> Result<c_long, ErrorStack> {
         let len = mem::size_of::<c_long>();
-        let bytes = rand_bytes(len);
+        let mut bytes = vec![0; len];
+        try!(rand_bytes(&mut bytes));
         let mut res = 0;
         for b in bytes.iter() {
             res = res << 8;
@@ -287,7 +288,7 @@ impl X509Generator {
         // While OpenSSL is actually OK to have negative serials
         // other libraries (for example, Go crypto) can drop
         // such certificates as invalid, so we clear the high bit
-        ((res as c_ulong) >> 1) as c_long
+        Ok(((res as c_ulong) >> 1) as c_long)
     }
 
     /// Sets the certificate public-key, then self-sign and return it
@@ -301,7 +302,7 @@ impl X509Generator {
 
             try_ssl!(ffi::X509_set_version(x509.handle(), 2));
             try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle()),
-                                           X509Generator::random_serial()));
+                                           try!(X509Generator::random_serial())));
 
             let not_before = try!(Asn1Time::days_from_now(0));
             let not_after = try!(Asn1Time::days_from_now(self.days));
@@ -839,7 +840,7 @@ impl<'a> GeneralName<'a> {
 fn test_negative_serial() {
     // I guess that's enough to get a random negative number
     for _ in 0..1000 {
-        assert!(X509Generator::random_serial() > 0,
+        assert!(X509Generator::random_serial().unwrap() > 0,
                 "All serials should be positive");
     }
 }