diff options
| author | Steven Fackler <[email protected]> | 2016-08-05 21:04:40 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-08-05 21:04:40 -0700 |
| commit | fe47e93f2f5b6c2b2243b15445bbfdd4e58780b1 (patch) | |
| tree | cc6f8b48a0b532e47dd527c35f16ef082e6daa86 /openssl/src | |
| parent | Clean up x509 (diff) | |
| download | rust-openssl-fe47e93f2f5b6c2b2243b15445bbfdd4e58780b1.tar.xz rust-openssl-fe47e93f2f5b6c2b2243b15445bbfdd4e58780b1.zip | |
Fix pkey method safety
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/crypto/pkey.rs | 7 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 2 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 14 |
3 files changed, 13 insertions, 10 deletions
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index ab9a4a95..9f72464b 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -63,7 +63,7 @@ impl PKey { } } - pub fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey { + pub unsafe fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey { ffi::init(); assert!(!handle.is_null()); @@ -587,7 +587,7 @@ impl PKey { } } - pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY { + pub fn handle(&self) -> *mut ffi::EVP_PKEY { return self.evp; } @@ -606,7 +606,8 @@ impl Drop for PKey { impl Clone for PKey { fn clone(&self) -> Self { - let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts); + let mut pkey = unsafe { PKey::from_handle(ffi::EVP_PKEY_new(), self.parts) }; + // copy by encoding to DER and back match self.parts { Parts::Public => { diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index c95f2646..7ef8a7a5 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -604,7 +604,7 @@ impl SslContext { /// Specifies the private key pub fn set_private_key(&mut self, key: &PKey) -> Result<(), ErrorStack> { - wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) }) + wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.handle()) }) } /// Check consistency of private key and certificate diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 5bb17e35..f81c74a1 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -333,7 +333,7 @@ impl X509Generator { // If prev line succeded - ownership should go to cert mem::forget(not_after); - try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.get_handle())); + try_ssl!(ffi::X509_set_pubkey(x509.handle(), p_key.handle())); let name = ffi::X509_get_subject_name(x509.handle()); try_ssl_null!(name); @@ -359,7 +359,7 @@ impl X509Generator { } let hash_fn = self.hash_type.evp_md(); - try_ssl!(ffi::X509_sign(x509.handle(), p_key.get_handle(), hash_fn)); + try_ssl!(ffi::X509_sign(x509.handle(), p_key.handle(), hash_fn)); Ok(x509) } } @@ -381,7 +381,7 @@ impl X509Generator { } let hash_fn = self.hash_type.evp_md(); - try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn)); + try_ssl!(ffi::X509_REQ_sign(req, p_key.handle(), hash_fn)); Ok(X509Req::new(req)) } @@ -425,10 +425,12 @@ impl<'a> X509Ref<'a> { } pub fn public_key(&self) -> PKey { - let pkey = unsafe { ffi::X509_get_pubkey(self.0) }; - assert!(!pkey.is_null()); + unsafe { + let pkey = ffi::X509_get_pubkey(self.0); + assert!(!pkey.is_null()); - PKey::from_handle(pkey, Parts::Public) + PKey::from_handle(pkey, Parts::Public) + } } /// Returns certificate fingerprint calculated using provided hash |