Skip to content

Commit

Permalink
Remove ring from public API again
Browse files Browse the repository at this point in the history
  • Loading branch information
thomaseizinger committed Oct 3, 2023
1 parent d52b1fb commit ae5f317
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 88 deletions.
6 changes: 0 additions & 6 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,6 @@
Use `matches!` instead.
- Remove `TryFrom<[u8]>` and `TryFrom<Vec<u8>>` for `KeyPair` in favor of allowing `KeyPair::from_der` to take `impl Into<Cow<'b, [u8]>>` which allows `Vec<u8>` as well as `[u8]`.
- Upgrade to `ring` `v0.17`.
- Add `ring::rand::SecureRandom` parameter to:
- `KeyPair::generate`
- `KeyPair::from_der`
- `KeyPair::from_der_and_sign_algo`
- `KeyPair::from_pem`
- `KeyPair::from_pem_and_sign_algo`

## Release 0.11.3 - October 1, 2023

Expand Down
2 changes: 1 addition & 1 deletion examples/rsa-irc-openssl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {

let pkey: openssl::pkey::PKey<_> = openssl::rsa::Rsa::generate(2048)?.try_into()?;
let key_pair_pem = String::from_utf8(pkey.private_key_to_pem_pkcs8()?)?;
let key_pair = rcgen::KeyPair::from_pem(&key_pair_pem, &ring::rand::SystemRandom::new())?;
let key_pair = rcgen::KeyPair::from_pem(&key_pair_pem)?;
params.key_pair = Some(key_pair);

let cert = Certificate::from_params(params)?;
Expand Down
4 changes: 1 addition & 3 deletions examples/rsa-irc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let bits = 2048;
let private_key = RsaPrivateKey::new(&mut rng, bits)?;
let private_key_der = private_key.to_pkcs8_der()?;
let key_pair =
rcgen::KeyPair::from_der(private_key_der.as_bytes(), &ring::rand::SystemRandom::new())
.unwrap();
let key_pair = rcgen::KeyPair::from_der(private_key_der.as_bytes()).unwrap();
params.key_pair = Some(key_pair);

let cert = Certificate::from_params(params)?;
Expand Down
15 changes: 7 additions & 8 deletions src/key_pair.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,19 +54,19 @@ impl KeyPair {
/// Parses the key pair from the DER format
///
/// Equivalent to using the [`TryFrom`] implementation.
pub fn from_der(der: &[u8], rng: &dyn SecureRandom) -> Result<Self, RcgenError> {
Ok(KeyPair::from_raw(der, rng)?)
pub fn from_der(der: &[u8]) -> Result<Self, RcgenError> {
Ok(KeyPair::from_raw(der, &SystemRandom::new())?)
}
/// Returns the key pair's signature algorithm
pub fn algorithm(&self) -> &'static SignatureAlgorithm {
self.alg
}
/// Parses the key pair from the ASCII PEM format
#[cfg(feature = "pem")]
pub fn from_pem(pem_str: &str, rng: &dyn SecureRandom) -> Result<Self, RcgenError> {
pub fn from_pem(pem_str: &str) -> Result<Self, RcgenError> {
let private_key = pem::parse(pem_str)?;
let private_key_der: &[_] = private_key.contents();
Ok(KeyPair::from_raw(private_key_der, rng)?)
Ok(KeyPair::from_raw(private_key_der, &SystemRandom::new())?)
}

/// Obtains the key pair from a raw public key and a remote private key
Expand All @@ -86,11 +86,10 @@ impl KeyPair {
pub fn from_pem_and_sign_algo(
pem_str: &str,
alg: &'static SignatureAlgorithm,
rng: &dyn SecureRandom,
) -> Result<Self, RcgenError> {
let private_key = pem::parse(pem_str)?;
let private_key_der: &[_] = private_key.contents();
Ok(Self::from_der_and_sign_algo(private_key_der, alg, rng)?)
Ok(Self::from_der_and_sign_algo(private_key_der, alg)?)
}

/// Obtains the key pair from a DER formatted key
Expand All @@ -105,8 +104,8 @@ impl KeyPair {
pub fn from_der_and_sign_algo(
pkcs8: &[u8],
alg: &'static SignatureAlgorithm,
rng: &dyn SecureRandom,
) -> Result<Self, RcgenError> {
let rng = &SystemRandom::new();
let pkcs8_vec = pkcs8.to_vec();

let kind = if alg == &PKCS_ED25519 {
Expand Down Expand Up @@ -369,7 +368,7 @@ mod test {
let pkcs8 = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &rng).unwrap();
let der = pkcs8.as_ref().to_vec();

let key_pair = KeyPair::from_der(&der, &rng).unwrap();
let key_pair = KeyPair::from_der(&der).unwrap();
assert_eq!(key_pair.algorithm(), &PKCS_ECDSA_P256_SHA256);
}
}
24 changes: 5 additions & 19 deletions tests/botan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,7 @@ fn test_botan_25519_v1_given() {
let mut params = default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V1,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V1).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -122,11 +118,7 @@ fn test_botan_25519_v2_given() {
let mut params = default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V2,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V2).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -142,11 +134,7 @@ fn test_botan_rsa_given() {
let mut params = default_params();
params.alg = &rcgen::PKCS_RSA_SHA256;

let kp = rcgen::KeyPair::from_pem(
util::RSA_TEST_KEY_PAIR_PEM,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::RSA_TEST_KEY_PAIR_PEM).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand Down Expand Up @@ -193,8 +181,7 @@ fn test_botan_imported_ca() {
ca_cert.serialize_private_key_der(),
);

let ca_key_pair =
KeyPair::from_der(ca_key_der.as_slice(), &ring::rand::SystemRandom::new()).unwrap();
let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap();
let imported_ca_cert_params =
CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap();
let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap();
Expand Down Expand Up @@ -230,8 +217,7 @@ fn test_botan_imported_ca_with_printable_string() {
ca_cert.serialize_private_key_der(),
);

let ca_key_pair =
KeyPair::from_der(ca_key_der.as_slice(), &ring::rand::SystemRandom::new()).unwrap();
let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap();
let imported_ca_cert_params =
CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap();
let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap();
Expand Down
6 changes: 1 addition & 5 deletions tests/generic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,7 @@ mod test_key_params_mismatch {
wrong_params.key_pair =
Some(KeyPair::generate(kalg_1, &ring::rand::SystemRandom::new()).unwrap());
} else {
let kp = KeyPair::from_pem(
util::RSA_TEST_KEY_PAIR_PEM,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = KeyPair::from_pem(util::RSA_TEST_KEY_PAIR_PEM).unwrap();
wrong_params.key_pair = Some(kp);
}
wrong_params.alg = *kalg_2;
Expand Down
25 changes: 4 additions & 21 deletions tests/openssl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -233,11 +233,7 @@ fn test_openssl_25519_v1_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V1,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V1).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -258,11 +254,7 @@ fn test_openssl_25519_v2_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V2,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V2).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -280,11 +272,7 @@ fn test_openssl_rsa_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_RSA_SHA256;

let kp = rcgen::KeyPair::from_pem(
util::RSA_TEST_KEY_PAIR_PEM,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::RSA_TEST_KEY_PAIR_PEM).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -306,12 +294,7 @@ fn test_openssl_rsa_combinations_given() {
let mut params = util::default_params();
params.alg = alg;

let kp = rcgen::KeyPair::from_pem_and_sign_algo(
util::RSA_TEST_KEY_PAIR_PEM,
alg,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, alg).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand Down
31 changes: 6 additions & 25 deletions tests/webpki.rs
Original file line number Diff line number Diff line change
Expand Up @@ -164,11 +164,7 @@ fn test_webpki_25519_v1_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V1,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V1).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -185,11 +181,7 @@ fn test_webpki_25519_v2_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_ED25519;

let kp = rcgen::KeyPair::from_pem(
util::ED25519_TEST_KEY_PAIR_PEM_V2,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::ED25519_TEST_KEY_PAIR_PEM_V2).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand All @@ -206,11 +198,7 @@ fn test_webpki_rsa_given() {
let mut params = util::default_params();
params.alg = &rcgen::PKCS_RSA_SHA256;

let kp = rcgen::KeyPair::from_pem(
util::RSA_TEST_KEY_PAIR_PEM,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem(util::RSA_TEST_KEY_PAIR_PEM).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand Down Expand Up @@ -250,12 +238,7 @@ fn test_webpki_rsa_combinations_given() {
for c in configs {
let mut params = util::default_params();
params.alg = c.0;
let kp = rcgen::KeyPair::from_pem_and_sign_algo(
util::RSA_TEST_KEY_PAIR_PEM,
c.0,
&ring::rand::SystemRandom::new(),
)
.unwrap();
let kp = rcgen::KeyPair::from_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, c.0).unwrap();
params.key_pair = Some(kp);

let cert = Certificate::from_params(params).unwrap();
Expand Down Expand Up @@ -434,8 +417,7 @@ fn test_webpki_imported_ca() {
ca_cert.serialize_private_key_der(),
);

let ca_key_pair =
KeyPair::from_der(ca_key_der.as_slice(), &ring::rand::SystemRandom::new()).unwrap();
let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap();
let imported_ca_cert_params =
CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap();
let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap();
Expand Down Expand Up @@ -477,8 +459,7 @@ fn test_webpki_imported_ca_with_printable_string() {
ca_cert.serialize_private_key_der(),
);

let ca_key_pair =
KeyPair::from_der(ca_key_der.as_slice(), &ring::rand::SystemRandom::new()).unwrap();
let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap();
let imported_ca_cert_params =
CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap();
let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap();
Expand Down

0 comments on commit ae5f317

Please sign in to comment.