Commit c15642cc authored by Steven Fackler's avatar Steven Fackler
Browse files

Tweaks

parent 5e6b8e68

openssl/src/crypto/dsa.rs

+3 −4
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ use crypto::util::{CallbackState, invoke_passwd_cb}; 
pub struct DSAParams(*mut ffi::DSA);



impl DSAParams {

    pub fn with_size(size: usize) -> Result<DSAParams, ErrorStack> {

    pub fn with_size(size: u32) -> Result<DSAParams, ErrorStack> {

        unsafe {

            // Wrap it so that if we panic we'll call the dtor

            let dsa = DSAParams(try_ssl_null!(ffi::DSA_new()));
@@ -55,14 +55,13 @@ impl Drop for DSA { 
}



impl DSA {

    /// the caller should assert that the dsa pointer is valid.

    pub unsafe fn from_raw(dsa: *mut ffi::DSA) -> DSA {

    pub unsafe fn from_ptr(dsa: *mut ffi::DSA) -> DSA {

        DSA(dsa)

    }



    /// Generate a DSA key pair

    /// For more complicated key generation scenarios see the `DSAParams` type

    pub fn generate(size: usize) -> Result<DSA, ErrorStack> {

    pub fn generate(size: u32) -> Result<DSA, ErrorStack> {

        let params = try!(DSAParams::with_size(size));

        params.generate()

    }

openssl/src/crypto/rand.rs

+7 −13
Original line number Diff line number Diff line 
use libc::c_int;

use ffi;

use error::ErrorStack;



pub fn rand_bytes(len: usize) -> Vec<u8> {

pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> {

    unsafe {

        let mut out = Vec::with_capacity(len);



        ffi::init();

        let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int);

        if r != 1 as c_int {

            panic!()

        }



        out.set_len(len);



        out

        assert!(buf.len() <= c_int::max_value() as usize);

        try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1);

        Ok(())

    }

}
@@ -23,7 +17,7 @@ mod tests { 


    #[test]

    fn test_rand_bytes() {

        let bytes = rand_bytes(32);

        println!("{:?}", bytes);

        let mut buf = [0; 32];

        rand_bytes(&mut buf).unwrap();

    }

}

openssl/src/x509/mod.rs

+6 −5
Original line number Diff line number Diff line
@@ -275,9 +275,10 @@ impl X509Generator { 
        })

    }



    fn random_serial() -> c_long {

    fn random_serial() -> Result<c_long, ErrorStack> {

        let len = mem::size_of::<c_long>();

        let bytes = rand_bytes(len);

        let mut bytes = vec![0; len];

        try!(rand_bytes(&mut bytes));

        let mut res = 0;

        for b in bytes.iter() {

            res = res << 8;
@@ -287,7 +288,7 @@ impl X509Generator { 
        // While OpenSSL is actually OK to have negative serials

        // other libraries (for example, Go crypto) can drop

        // such certificates as invalid, so we clear the high bit

        ((res as c_ulong) >> 1) as c_long

        Ok(((res as c_ulong) >> 1) as c_long)

    }



    /// Sets the certificate public-key, then self-sign and return it
@@ -301,7 +302,7 @@ impl X509Generator { 


            try_ssl!(ffi::X509_set_version(x509.handle(), 2));

            try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle()),

                                           X509Generator::random_serial()));

                                           try!(X509Generator::random_serial())));



            let not_before = try!(Asn1Time::days_from_now(0));

            let not_after = try!(Asn1Time::days_from_now(self.days));
@@ -839,7 +840,7 @@ impl<'a> GeneralName<'a> { 
fn test_negative_serial() {

    // I guess that's enough to get a random negative number

    for _ in 0..1000 {

        assert!(X509Generator::random_serial() > 0,

        assert!(X509Generator::random_serial().unwrap() > 0,

                "All serials should be positive");

    }

}