Commit 4965ce9f authored by James Mayclin's avatar James Mayclin
Browse files

address pr feedback 

* tmp_key return private information, use the appropriate type
* gate imports behind the appropriate flags
parent cc0698ad

openssl/src/lib.rs

+7 −1
Original line number Diff line number Diff line
@@ -124,7 +124,9 @@ 
#[doc(inline)]

pub use ffi::init;



use libc::{c_int, c_long};

use libc::c_int;

#[cfg(ossl300)]

use libc::c_long;



use crate::error::ErrorStack;
@@ -212,7 +214,11 @@ fn cvt(r: c_int) -> Result<c_int, ErrorStack> { 
    }

}



// cvt_long is currently only used in functions that require openssl >= 3.0.0,

// so this cfg statement is used to avoid "unused function" errors when

// compiling with openssl < 3.0.0

#[inline]

#[cfg(ossl300)]

fn cvt_long(r: c_long) -> Result<c_long, ErrorStack> {

    if r <= 0 {

        Err(ErrorStack::get())

openssl/src/ssl/mod.rs

+8 −5
Original line number Diff line number Diff line
@@ -57,6 +57,8 @@ 
//!     }

//! }

//! ```

#[cfg(ossl300)]

use crate::cvt_long;

use crate::dh::{Dh, DhRef};

#[cfg(all(ossl101, not(ossl110)))]

use crate::ec::EcKey;
@@ -67,7 +69,9 @@ use crate::ex_data::Index; 
use crate::hash::MessageDigest;

#[cfg(any(ossl110, libressl270))]

use crate::nid::Nid;

use crate::pkey::{HasPrivate, PKey, PKeyRef, Params, Private, Public};

use crate::pkey::{HasPrivate, PKeyRef, Params, Private};

#[cfg(ossl300)]

use crate::pkey::{PKey, Public};

use crate::srtp::{SrtpProtectionProfile, SrtpProtectionProfileRef};

use crate::ssl::bio::BioMethod;

use crate::ssl::callbacks::*;
@@ -78,7 +82,7 @@ use crate::x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef}; 
#[cfg(any(ossl102, libressl261))]

use crate::x509::verify::X509VerifyParamRef;

use crate::x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};

use crate::{cvt, cvt_long, cvt_n, cvt_p, init};

use crate::{cvt, cvt_n, cvt_p, init};

use bitflags::bitflags;

use cfg_if::cfg_if;

use foreign_types::{ForeignType, ForeignTypeRef, Opaque};
@@ -3468,16 +3472,15 @@ impl SslRef { 
    // dropped

    #[corresponds(SSL_get_tmp_key)]

    #[cfg(ossl300)]

    pub fn tmp_key(&self) -> Result<PKey<Public>, ErrorStack> {

    pub fn tmp_key(&self) -> Result<PKey<Private>, ErrorStack> {

        unsafe {

            let mut key = ptr::null_mut();

            match cvt_long(ffi::SSL_get_tmp_key(self.as_ptr(), &mut key)) {

                Ok(_) => Ok(PKey::<Public>::from_ptr(key)),

                Ok(_) => Ok(PKey::<Private>::from_ptr(key)),

                Err(e) => Err(e),

            }

        }

    }



}



/// An SSL stream midway through the handshake process.

openssl/src/ssl/test/mod.rs

+4 −1
Original line number Diff line number Diff line
@@ -355,7 +355,10 @@ fn peer_tmp_key_rsa() { 
    server.ctx().set_cipher_list("RSA").unwrap();

    // RSA key exchange is not allowed in TLS 1.3, so force the connection

    // to negotiate TLS 1.2

    server.ctx().set_max_proto_version(Some(SslVersion::TLS1_2)).unwrap();

    server

        .ctx()

        .set_max_proto_version(Some(SslVersion::TLS1_2))

        .unwrap();

    let server = server.build();

    let mut client = server.client();

    client.ctx().set_groups_list("P-521").unwrap();