diff options
Diffstat (limited to 'openssl/src/x509/mod.rs')
| -rw-r--r-- | openssl/src/x509/mod.rs | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 31c67453..cf5f4595 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -275,9 +275,10 @@ impl X509Generator { }) } - fn random_serial() -> c_long { + fn random_serial() -> Result<c_long, ErrorStack> { let len = mem::size_of::<c_long>(); - let bytes = rand_bytes(len); + let mut bytes = vec![0; len]; + try!(rand_bytes(&mut bytes)); let mut res = 0; for b in bytes.iter() { res = res << 8; @@ -287,7 +288,7 @@ impl X509Generator { // While OpenSSL is actually OK to have negative serials // other libraries (for example, Go crypto) can drop // such certificates as invalid, so we clear the high bit - ((res as c_ulong) >> 1) as c_long + Ok(((res as c_ulong) >> 1) as c_long) } /// Sets the certificate public-key, then self-sign and return it @@ -301,7 +302,7 @@ impl X509Generator { try_ssl!(ffi::X509_set_version(x509.handle(), 2)); try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle()), - X509Generator::random_serial())); + try!(X509Generator::random_serial()))); let not_before = try!(Asn1Time::days_from_now(0)); let not_after = try!(Asn1Time::days_from_now(self.days)); @@ -839,7 +840,7 @@ impl<'a> GeneralName<'a> { fn test_negative_serial() { // I guess that's enough to get a random negative number for _ in 0..1000 { - assert!(X509Generator::random_serial() > 0, + assert!(X509Generator::random_serial().unwrap() > 0, "All serials should be positive"); } } |