Tweaks
This commit is contained in:
Steven Fackler
parent
5e6b8e68fd
commit
c15642ccea
|
|
@ -15,7 +15,7 @@ use crypto::util::{CallbackState, invoke_passwd_cb};
|
|||
pub struct DSAParams(*mut ffi::DSA);
|
||||
|
||||
impl DSAParams {
|
||||
pub fn with_size(size: usize) -> Result<DSAParams, ErrorStack> {
|
||||
pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {
|
||||
unsafe {
|
||||
// Wrap it so that if we panic we'll call the dtor
|
||||
let dsa = DSAParams(try_ssl_null!(ffi::DSA_new()));
|
||||
|
|
@ -55,14 +55,13 @@ impl Drop for DSA {
|
|||
}
|
||||
|
||||
impl DSA {
|
||||
/// the caller should assert that the dsa pointer is valid.
|
||||
pub unsafe fn from_raw(dsa: *mut ffi::DSA) -> DSA {
|
||||
pub unsafe fn from_ptr(dsa: *mut ffi::DSA) -> DSA {
|
||||
DSA(dsa)
|
||||
}
|
||||
|
||||
/// Generate a DSA key pair
|
||||
/// For more complicated key generation scenarios see the `DSAParams` type
|
||||
pub fn generate(size: usize) -> Result<DSA, ErrorStack> {
|
||||
pub fn generate(size: u32) -> Result<DSA, ErrorStack> {
|
||||
let params = try!(DSAParams::with_size(size));
|
||||
params.generate()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,19 +1,13 @@
|
|||
use libc::c_int;
|
||||
use ffi;
|
||||
use error::ErrorStack;
|
||||
|
||||
pub fn rand_bytes(len: usize) -> Vec<u8> {
|
||||
pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {
|
||||
unsafe {
|
||||
let mut out = Vec::with_capacity(len);
|
||||
|
||||
ffi::init();
|
||||
let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int);
|
||||
if r != 1 as c_int {
|
||||
panic!()
|
||||
}
|
||||
|
||||
out.set_len(len);
|
||||
|
||||
out
|
||||
assert!(buf.len() <= c_int::max_value() as usize);
|
||||
try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1);
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -23,7 +17,7 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn test_rand_bytes() {
|
||||
let bytes = rand_bytes(32);
|
||||
println!("{:?}", bytes);
|
||||
let mut buf = [0; 32];
|
||||
rand_bytes(&mut buf).unwrap();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -275,9 +275,10 @@ impl X509Generator {
|
|||
})
|
||||
}
|
||||
|
||||
fn random_serial() -> c_long {
|
||||
fn random_serial() -> Result<c_long, ErrorStack> {
|
||||
let len = mem::size_of::<c_long>();
|
||||
let bytes = rand_bytes(len);
|
||||
let mut bytes = vec![0; len];
|
||||
try!(rand_bytes(&mut bytes));
|
||||
let mut res = 0;
|
||||
for b in bytes.iter() {
|
||||
res = res << 8;
|
||||
|
|
@ -287,7 +288,7 @@ impl X509Generator {
|
|||
// While OpenSSL is actually OK to have negative serials
|
||||
// other libraries (for example, Go crypto) can drop
|
||||
// such certificates as invalid, so we clear the high bit
|
||||
((res as c_ulong) >> 1) as c_long
|
||||
Ok(((res as c_ulong) >> 1) as c_long)
|
||||
}
|
||||
|
||||
/// Sets the certificate public-key, then self-sign and return it
|
||||
|
|
@ -301,7 +302,7 @@ impl X509Generator {
|
|||
|
||||
try_ssl!(ffi::X509_set_version(x509.handle(), 2));
|
||||
try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle()),
|
||||
X509Generator::random_serial()));
|
||||
try!(X509Generator::random_serial())));
|
||||
|
||||
let not_before = try!(Asn1Time::days_from_now(0));
|
||||
let not_after = try!(Asn1Time::days_from_now(self.days));
|
||||
|
|
@ -839,7 +840,7 @@ impl<'a> GeneralName<'a> {
|
|||
fn test_negative_serial() {
|
||||
// I guess that's enough to get a random negative number
|
||||
for _ in 0..1000 {
|
||||
assert!(X509Generator::random_serial() > 0,
|
||||
assert!(X509Generator::random_serial().unwrap() > 0,
|
||||
"All serials should be positive");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue