3 files changed, 103 insertions, 24 deletions

diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index 0868ee95..bb77453f 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -21,5 +21,6 @@ pub mod pkey;
 pub mod rand;
 pub mod symm;
 pub mod memcmp;
+pub mod rsa;
 
 mod symm_internal;
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index 934a93ed..e556730d 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -9,6 +9,7 @@ use crypto::hash;
 use crypto::hash::Type as HashType;
 use ffi;
 use ssl::error::{SslError, StreamError};
+use crypto::rsa::RSA;
 
 #[derive(Copy, Clone)]
 pub enum Parts {
@@ -100,7 +101,7 @@ impl PKey {
                                                                  None,
                                                                  ptr::null_mut()));
             Ok(PKey {
-                evp: evp,
+                evp: evp as *mut ffi::EVP_PKEY,
                 parts: Parts::Both,
             })
         }
@@ -119,7 +120,7 @@ impl PKey {
                                                              None,
                                                              ptr::null_mut()));
             Ok(PKey {
-                evp: evp,
+                evp: evp as *mut ffi::EVP_PKEY,
                 parts: Parts::Public,
             })
         }
@@ -129,18 +130,10 @@ impl PKey {
     pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
     where R: Read
     {
-        let mut mem_bio = try!(MemBio::new());
-        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
-
+        let rsa = try!(RSA::private_key_from_pem(reader));
         unsafe {
-            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
-                                                                 ptr::null_mut(),
-                                                                 None,
-                                                                 ptr::null_mut()));
-            let evp = ffi::EVP_PKEY_new();
-            if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
-                return Err(SslError::get());
-            }
+            let evp = try_ssl_null!(ffi::EVP_PKEY_new());
+            try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr()));
 
             Ok(PKey {
                 evp: evp,
@@ -153,18 +146,10 @@ impl PKey {
     pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
     where R: Read
     {
-        let mut mem_bio = try!(MemBio::new());
-        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
-
+        let rsa = try!(RSA::public_key_from_pem(reader));
         unsafe {
-            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(),
-                                                                 ptr::null_mut(),
-                                                                 None,
-                                                                 ptr::null_mut()));
-            let evp = ffi::EVP_PKEY_new();
-            if ffi::EVP_PKEY_set1_RSA(evp, rsa) == 0 {
-                return Err(SslError::get());
-            }
+            let evp = try_ssl_null!(ffi::EVP_PKEY_new());
+            try_ssl!(ffi::EVP_PKEY_set1_RSA(evp, rsa.as_ptr()));
 
             Ok(PKey {
                 evp: evp,
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
new file mode 100644
index 00000000..ee0d9ec4
--- /dev/null
+++ b/openssl/src/crypto/rsa.rs
@@ -0,0 +1,93 @@
+use ffi;
+use std::fmt;
+use ssl::error::{SslError, StreamError};
+use std::ptr;
+use std::io::{self, Read};
+
+use bn::BigNum;
+use bio::MemBio;
+
+pub struct RSA(*mut ffi::RSA);
+
+impl Drop for RSA {
+    fn drop(&mut self) {
+        unsafe {
+            ffi::RSA_free(self.0);
+        }
+    }
+}
+
+impl RSA {
+    /// Reads an RSA private key from PEM formatted data.
+    pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
+    where R: Read
+    {
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
+                                                                    ptr::null_mut(),
+                                                                    None,
+                                                                    ptr::null_mut()));
+            Ok(RSA(rsa))
+        }
+    }
+
+    /// Reads an RSA public key from PEM formatted data.
+    pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
+    where R: Read
+    {
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.get_handle(),
+                                                                 ptr::null_mut(),
+                                                                 None,
+                                                                 ptr::null_mut()));
+            Ok(RSA(rsa))
+        }
+    }
+
+    pub fn as_ptr(&self) -> *mut ffi::RSA {
+        self.0
+    }
+
+    // The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers
+    pub fn n(&self) -> Result<BigNum, SslError> {
+        unsafe {
+            BigNum::new_from_ffi((*self.0).n)
+        }
+    }
+
+    pub fn d(&self) -> Result<BigNum, SslError> {
+        unsafe {
+            BigNum::new_from_ffi((*self.0).d)
+        }
+    }
+
+    pub fn e(&self) -> Result<BigNum, SslError> {
+        unsafe {
+            BigNum::new_from_ffi((*self.0).e)
+        }
+    }
+
+    pub fn p(&self) -> Result<BigNum, SslError> {
+        unsafe {
+            BigNum::new_from_ffi((*self.0).p)
+        }
+    }
+
+    pub fn q(&self) -> Result<BigNum, SslError> {
+        unsafe {
+            BigNum::new_from_ffi((*self.0).q)
+        }
+    }
+}
+
+impl fmt::Debug for RSA {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "RSA")
+    }
+}