min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix pkey method safety

This commit is contained in:
Steven Fackler 2016-08-05 21:04:40 -07:00
parent b4145c6fa5
commit fe47e93f2f
3 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openssl/src/crypto/pkey.rs
View File

@ -63,7 +63,7 @@ impl PKey {
} }
} }
pub fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey { pub unsafe fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey {
ffi::init(); ffi::init();
assert!(!handle.is_null()); assert!(!handle.is_null());
@ -587,7 +587,7 @@ impl PKey {
} }
} }
pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY { pub fn handle(&self) -> *mut ffi::EVP_PKEY {
return self.evp; return self.evp;
} }
@ -606,7 +606,8 @@ impl Drop for PKey {
impl Clone for PKey { impl Clone for PKey {
fn clone(&self) -> Self { fn clone(&self) -> Self {
let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts); let mut pkey = unsafe { PKey::from_handle(ffi::EVP_PKEY_new(), self.parts) };
// copy by encoding to DER and back // copy by encoding to DER and back
match self.parts { match self.parts {
Parts::Public => { Parts::Public => {

2
openssl/src/ssl/mod.rs
View File

@ -604,7 +604,7 @@ impl SslContext {
/// Specifies the private key /// Specifies the private key
pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> { pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> {
wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) }) wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.handle()) })
} }
/// Check consistency of private key and certificate /// Check consistency of private key and certificate

14
openssl/src/x509/mod.rs
View File

@ -333,7 +333,7 @@ impl X509Generator {
// If prev line succeded - ownership should go to cert // If prev line succeded - ownership should go to cert
mem::forget(not_after); mem::forget(not_after);
try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.get_handle())); try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.handle()));
let name = ffi::X509_get_subject_name(x509.handle()); let name = ffi::X509_get_subject_name(x509.handle());
try_ssl_null!(name); try_ssl_null!(name);
@ -359,7 +359,7 @@ impl X509Generator {
} }
let hash_fn = self.hash_type.evp_md(); let hash_fn = self.hash_type.evp_md();
try_ssl!(ffi::X509_sign(x509.handle(), p_key.get_handle(), hash_fn)); try_ssl!(ffi::X509_sign(x509.handle(), p_key.handle(), hash_fn));
Ok(x509) Ok(x509)
} }
} }
@ -381,7 +381,7 @@ impl X509Generator {
} }
let hash_fn = self.hash_type.evp_md(); let hash_fn = self.hash_type.evp_md();
try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn)); try_ssl!(ffi::X509_REQ_sign(req, p_key.handle(), hash_fn));
Ok(X509Req::new(req)) Ok(X509Req::new(req))
} }
@ -425,10 +425,12 @@ impl<'a> X509Ref<'a> {
} }
pub fn public_key(&self) -> PKey { pub fn public_key(&self) -> PKey {
let pkey = unsafe { ffi::X509_get_pubkey(self.0) }; unsafe {
assert!(!pkey.is_null()); let pkey = ffi::X509_get_pubkey(self.0);
assert!(!pkey.is_null());
PKey::from_handle(pkey, Parts::Public) PKey::from_handle(pkey, Parts::Public)
}
} }
/// Returns certificate fingerprint calculated using provided hash /// Returns certificate fingerprint calculated using provided hash