diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 010ffd8f..5a528b1b 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -110,11 +110,16 @@ impl PKey { } } - fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) { + fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) -> bool { unsafe { let rsa = ptr::null_mut(); f(&rsa, &s.as_ptr(), s.len() as c_uint); - ffi::EVP_PKEY_set1_RSA(self.evp, rsa); + if !rsa.is_null() { + ffi::EVP_PKEY_set1_RSA(self.evp, rsa) == 1 + } + else { + false + } } } @@ -148,8 +153,9 @@ impl PKey { * Loads a DER serialized form of the public key, as produced by save_pub(). */ pub fn load_pub(&mut self, s: &[u8]) { - self._fromstr(s, ffi::d2i_RSA_PUBKEY); - self.parts = Parts::Public; + if self._fromstr(s, ffi::d2i_RSA_PUBKEY) { + self.parts = Parts::Public; + } } /** @@ -164,8 +170,9 @@ impl PKey { * save_priv(). */ pub fn load_priv(&mut self, s: &[u8]) { - self._fromstr(s, ffi::d2i_RSAPrivateKey); - self.parts = Parts::Both; + if self._fromstr(s, ffi::d2i_RSAPrivateKey) { + self.parts = Parts::Both; + } } /// Stores private key as a PEM @@ -198,7 +205,13 @@ impl PKey { */ pub fn size(&self) -> usize { unsafe { - ffi::RSA_size(ffi::EVP_PKEY_get1_RSA(self.evp)) as usize + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + 0 + } + else { + ffi::RSA_size(rsa) as usize + } } } @@ -237,6 +250,9 @@ impl PKey { pub fn max_data(&self) -> usize { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + return 0; + } let len = ffi::RSA_size(rsa); // 41 comes from RSA_public_encrypt(3) for OAEP @@ -247,6 +263,9 @@ impl PKey { pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + panic!("Could not get RSA key for encryption"); + } let len = ffi::RSA_size(rsa); assert!(s.len() < self.max_data()); @@ -272,6 +291,9 @@ impl PKey { pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + panic!("Could not get RSA key for decryption"); + } let len = ffi::RSA_size(rsa); assert_eq!(s.len() as c_int, ffi::RSA_size(rsa)); @@ -329,6 +351,9 @@ impl PKey { pub fn sign_with_hash(&self, s: &[u8], hash: hash::Type) -> Vec { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + panic!("Could not get RSA key for signing"); + } let len = ffi::RSA_size(rsa); let mut r = repeat(0u8).take(len as usize + 1).collect::>(); @@ -353,6 +378,9 @@ impl PKey { pub fn verify_with_hash(&self, h: &[u8], s: &[u8], hash: hash::Type) -> bool { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + if rsa.is_null() { + panic!("Could not get RSA key for verification"); + } let rv = ffi::RSA_verify( openssl_hash_nid(hash), @@ -532,4 +560,36 @@ mod tests { assert!(priv_key.windows(11).any(|s| s == b"PRIVATE KEY")); assert!(pub_key.windows(10).any(|s| s == b"PUBLIC KEY")); } + + #[test] + #[should_panic(expected = "Could not get RSA key for encryption")] + fn test_nokey_encrypt() { + let mut pkey = super::PKey::new(); + pkey.load_pub(&[]); + pkey.encrypt(&[]); + } + + #[test] + #[should_panic(expected = "Could not get RSA key for decryption")] + fn test_nokey_decrypt() { + let mut pkey = super::PKey::new(); + pkey.load_priv(&[]); + pkey.decrypt(&[]); + } + + #[test] + #[should_panic(expected = "Could not get RSA key for signing")] + fn test_nokey_sign() { + let mut pkey = super::PKey::new(); + pkey.load_priv(&[]); + pkey.sign(&[]); + } + + #[test] + #[should_panic(expected = "Could not get RSA key for verification")] + fn test_nokey_verify() { + let mut pkey = super::PKey::new(); + pkey.load_pub(&[]); + pkey.verify(&[], &[]); + } }