Skip to content

Commit

Permalink
Revert "error: combine Error::Ring and Error::RingUnspecified"
Browse files Browse the repository at this point in the history
This reverts commit b0fef6b.
  • Loading branch information
cpu committed Dec 5, 2023
1 parent 7a320da commit ce54465
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 19 deletions.
3 changes: 1 addition & 2 deletions rcgen/src/csr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,7 @@ impl CertificateSigningRequest {
let csr = x509_parser::certification_request::X509CertificationRequest::from_der(csr)
.map_err(|_| Error::CouldNotParseCertificationRequest)?
.1;
csr.verify_signature()
.map_err(|_| Error::Ring("Unspecified error".into()))?;
csr.verify_signature().map_err(|_| Error::RingUnspecified)?;
let alg_oid = csr
.signature_algorithm
.algorithm
Expand Down
9 changes: 6 additions & 3 deletions rcgen/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@ pub enum Error {
UnsupportedExtension,
/// The requested signature algorithm is not supported
UnsupportedSignatureAlgorithm,
/// An error from the `ring` library was encountered
Ring(String),
/// Unspecified `ring` error
RingUnspecified,
/// The `ring` library rejected the key upon loading
RingKeyRejected(String),
/// The provided certificate's signature algorithm
/// is incompatible with the given key pair
CertificateKeyPairMismatch,
Expand Down Expand Up @@ -71,7 +73,8 @@ impl fmt::Display for Error {
)?,
#[cfg(feature = "x509-parser")]
UnsupportedExtension => write!(f, "Unsupported extension requested in CSR")?,
Ring(e) => write!(f, "Error from *ring*: {}", e)?,
RingUnspecified => write!(f, "Unspecified ring error")?,
RingKeyRejected(e) => write!(f, "Key rejected by ring: {}", e)?,
CertificateKeyPairMismatch => write!(
f,
"The provided certificate's signature \
Expand Down
29 changes: 16 additions & 13 deletions rcgen/src/key_pair.rs
Original file line number Diff line number Diff line change
Expand Up @@ -113,30 +113,29 @@ impl KeyPair {

let kind = if alg == &PKCS_ED25519 {
KeyPairKind::Ed(
Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8)
.map_err(|e| Error::Ring(e.to_string()))?,
Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8).map_err(key_rejected_err)?,

Check warning on line 116 in rcgen/src/key_pair.rs

View check run for this annotation

Codecov / codecov/patch

rcgen/src/key_pair.rs#L116

Added line #L116 was not covered by tests
)
} else if alg == &PKCS_ECDSA_P256_SHA256 {
KeyPairKind::Ec(
EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_ASN1_SIGNING, pkcs8, rng)
.map_err(|e| Error::Ring(e.to_string()))?,
.map_err(key_rejected_err)?,

Check warning on line 121 in rcgen/src/key_pair.rs

View check run for this annotation

Codecov / codecov/patch

rcgen/src/key_pair.rs#L120-L121

Added lines #L120 - L121 were not covered by tests
)
} else if alg == &PKCS_ECDSA_P384_SHA384 {
KeyPairKind::Ec(
EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, pkcs8, rng)
.map_err(|e| Error::Ring(e.to_string()))?,
.map_err(key_rejected_err)?,

Check warning on line 126 in rcgen/src/key_pair.rs

View check run for this annotation

Codecov / codecov/patch

rcgen/src/key_pair.rs#L125-L126

Added lines #L125 - L126 were not covered by tests
)
} else if alg == &PKCS_RSA_SHA256 {
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA256)
} else if alg == &PKCS_RSA_SHA384 {
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA384)
} else if alg == &PKCS_RSA_SHA512 {
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA512)
} else if alg == &PKCS_RSA_PSS_SHA256 {
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;

Check warning on line 138 in rcgen/src/key_pair.rs

View check run for this annotation

Codecov / codecov/patch

rcgen/src/key_pair.rs#L138

Added line #L138 was not covered by tests
KeyPairKind::Rsa(rsakp, &signature::RSA_PSS_SHA256)
} else {
panic!("Unknown SignatureAlgorithm specified!");
Expand Down Expand Up @@ -181,7 +180,7 @@ impl KeyPair {
match alg.sign_alg {
SignAlgo::EcDsa(sign_alg) => {
let key_pair_doc = EcdsaKeyPair::generate_pkcs8(sign_alg, rng)
.map_err(|_| Error::Ring("Unspecified error".into()))?;
.map_err(|_| Error::RingUnspecified)?;
let key_pair_serialized = key_pair_doc.as_ref().to_vec();

let key_pair =
Expand All @@ -193,8 +192,8 @@ impl KeyPair {
})
},
SignAlgo::EdDsa(_sign_alg) => {
let key_pair_doc = Ed25519KeyPair::generate_pkcs8(rng)
.map_err(|_| Error::Ring("Unspecified error".into()))?;
let key_pair_doc =
Ed25519KeyPair::generate_pkcs8(rng).map_err(|_| Error::RingUnspecified)?;
let key_pair_serialized = key_pair_doc.as_ref().to_vec();

let key_pair = Ed25519KeyPair::from_pkcs8(&&key_pair_doc.as_ref()).unwrap();
Expand Down Expand Up @@ -237,7 +236,7 @@ impl KeyPair {
let system_random = SystemRandom::new();
let signature = kp
.sign(&system_random, msg)
.map_err(|_| Error::Ring("Unspecified error".into()))?;
.map_err(|_| Error::RingUnspecified)?;
let sig = &signature.as_ref();
writer.write_bitvec_bytes(&sig, &sig.len() * 8);
},
Expand All @@ -250,7 +249,7 @@ impl KeyPair {
let system_random = SystemRandom::new();
let mut signature = vec![0; kp.public().modulus_len()];
kp.sign(*padding_alg, &system_random, msg, &mut signature)
.map_err(|_| Error::Ring("Unspecified error".into()))?;
.map_err(|_| Error::RingUnspecified)?;
let sig = &signature.as_ref();
writer.write_bitvec_bytes(&sig, &sig.len() * 8);
},
Expand Down Expand Up @@ -377,6 +376,10 @@ pub trait RemoteKeyPair {
fn algorithm(&self) -> &'static SignatureAlgorithm;
}

pub(crate) fn key_rejected_err(err: ring::error::KeyRejected) -> Error {
Error::RingKeyRejected(err.to_string())
}

Check warning on line 381 in rcgen/src/key_pair.rs

View check run for this annotation

Codecov / codecov/patch

rcgen/src/key_pair.rs#L379-L381

Added lines #L379 - L381 were not covered by tests

pub(crate) trait PublicKeyData {
fn alg(&self) -> &SignatureAlgorithm;

Expand Down
2 changes: 1 addition & 1 deletion rcgen/tests/webpki.rs
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ fn from_remote() {
self.0
.sign(&system_random, msg)
.map(|s| s.as_ref().to_owned())
.map_err(|e| Error::Ring(e.to_string()))
.map_err(|_| Error::RingUnspecified)
}

fn algorithm(&self) -> &'static rcgen::SignatureAlgorithm {
Expand Down

0 comments on commit ce54465

Please sign in to comment.