Feedback

aws-lc-rs/src/bn.rs

@@ -15,6 +15,20 @@ impl TryFrom<&[u8]> for LcPtr<BIGNUM> {
     }
 }
 
+impl TryFrom<u64> for LcPtr<BIGNUM> {
+    type Error = ();
+
+    fn try_from(value: u64) -> Result<Self, Self::Error> {
+        unsafe {
+            let bn = LcPtr::new(BN_new())?;
+            if 1 != BN_set_u64(*bn, value) {
+                return Err(());
+            }
+            Ok(bn)
+        }
+    }
+}
+
 impl TryFrom<&[u8]> for DetachableLcPtr<BIGNUM> {
     type Error = ();
 

aws-lc-rs/src/pkcs8.rs

@@ -29,7 +29,7 @@ impl AsRef<[u8]> for Document {
 
 impl Drop for Document {
     fn drop(&mut self) {
-        self.bytes.as_mut().zeroize();
+        self.bytes.zeroize();
     }
 }
 

aws-lc-rs/src/rsa/key.rs

@@ -146,7 +146,7 @@ impl KeyPair {
     }
 
     /// Parses an unencrypted PKCS#8-encoded RSA private key.
-    /// 
+    ///
     /// A RSA keypair may be generated using [`KeyPair::generate`].
     ///
     /// Only two-prime (not multi-prime) keys are supported. The public modulus
@@ -591,14 +591,14 @@ pub(super) fn generate_rsa_key(
     // keygen function based on the whether the build of AWS-LC had FIPS enbaled. Rather we delegate to the desired
     // generation function.
 
+    const RSA_F4: u64 = 65537;
+
     let rsa = DetachableLcPtr::new(unsafe { RSA_new() })?;
 
     if 1 != if fips {
         indicator_check!(unsafe { RSA_generate_key_fips(*rsa, size, null_mut()) })
     } else {
-        // Safety: RSA_F4 == 65537, RSA_F4 an i32 is safe to cast to u64
-        debug_assert_eq!(RSA_F4 as u64, 65537u64);
-        let e: DetachableLcPtr<BIGNUM> = (RSA_F4 as u64).try_into()?;
+        let e: LcPtr<BIGNUM> = RSA_F4.try_into()?;
         unsafe { RSA_generate_key_ex(*rsa, size, *e, null_mut()) }
     } {
         return Err(Unspecified);