Fix pkey method safety

2016-08-05 21:04:40 -07:00 · 2016-08-05 21:04:40 -07:00 · fe47e93f2f
parent b4145c6fa5
commit fe47e93f2f
3 changed files with 13 additions and 10 deletions
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@ -63,7 +63,7 @@ impl PKey {
        }
    }

-    pub fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey {
+    pub unsafe fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey {
        ffi::init();
        assert!(!handle.is_null());

@ -587,7 +587,7 @@ impl PKey {
        }
    }

-    pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY {
+    pub fn handle(&self) -> *mut ffi::EVP_PKEY {
        return self.evp;
    }

@ -606,7 +606,8 @@ impl Drop for PKey {

 impl Clone for PKey {
    fn clone(&self) -> Self {
-        let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts);
+        let mut pkey = unsafe { PKey::from_handle(ffi::EVP_PKEY_new(), self.parts) };
+
        // copy by encoding to DER and back
        match self.parts {
            Parts::Public => {
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -604,7 +604,7 @@ impl SslContext {

    /// Specifies the private key
    pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> {
-        wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) })
+        wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.handle()) })
    }

    /// Check consistency of private key and certificate
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@ -333,7 +333,7 @@ impl X509Generator {
            // If prev line succeded - ownership should go to cert
            mem::forget(not_after);

-            try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.get_handle()));
+            try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.handle()));

            let name = ffi::X509_get_subject_name(x509.handle());
            try_ssl_null!(name);
@ -359,7 +359,7 @@ impl X509Generator {
            }

            let hash_fn = self.hash_type.evp_md();
-            try_ssl!(ffi::X509_sign(x509.handle(), p_key.get_handle(), hash_fn));
+            try_ssl!(ffi::X509_sign(x509.handle(), p_key.handle(), hash_fn));
            Ok(x509)
        }
    }
@ -381,7 +381,7 @@ impl X509Generator {
            }

            let hash_fn = self.hash_type.evp_md();
-            try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn));
+            try_ssl!(ffi::X509_REQ_sign(req, p_key.handle(), hash_fn));

            Ok(X509Req::new(req))
        }
@ -425,11 +425,13 @@ impl<'a> X509Ref<'a> {
    }

    pub fn public_key(&self) -> PKey {
-        let pkey = unsafe { ffi::X509_get_pubkey(self.0) };
+        unsafe {
+            let pkey = ffi::X509_get_pubkey(self.0);
            assert!(!pkey.is_null());

            PKey::from_handle(pkey, Parts::Public)
        }
+    }

    /// Returns certificate fingerprint calculated using provided hash
    pub fn fingerprint(&self, hash_type: hash::Type) -> Option<Vec<u8>> {