Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cargo fmt inside of ffi_panic_boundary! invocations #383

Merged
merged 1 commit into from
Jan 17, 2024
Merged

cargo fmt inside of ffi_panic_boundary! invocations #383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/acceptor.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ impl rustls_acceptor {
ffi_panic_boundary! {
let acceptor: &mut Acceptor = try_mut_from_ptr!(acceptor);
if out_accepted.is_null() {
return NullParameter
return NullParameter;
}
match acceptor.accept() {
Ok(None) => rustls_result::AcceptorNotReady,
Expand Down Expand Up @@ -406,7 +406,7 @@ impl rustls_accepted {
let wrapped = crate::connection::Connection::from_server(built);
set_boxed_mut_ptr(out_conn, wrapped);
rustls_result::Ok
},
}
Err(e) => map_error(e),
}
}
Expand Down
82 changes: 52 additions & 30 deletions src/cipher.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ pub extern "C" fn rustls_certificate_get_der(
ffi_panic_boundary! {
let cert = try_ref_from_ptr!(cert);
if out_der_data.is_null() || out_der_len.is_null() {
return NullParameter
return NullParameter;
}
let der = cert.as_ref();
unsafe {
Expand Down Expand Up @@ -314,7 +314,11 @@ impl rustls_certified_key {
}
};
let certified_key = match rustls_certified_key::certified_key_build(
cert_chain, cert_chain_len, private_key, private_key_len) {
cert_chain,
cert_chain_len,
private_key,
private_key_len,
) {
Ok(key) => Box::new(key),
Err(rr) => return rr,
};
Expand All @@ -338,7 +342,7 @@ impl rustls_certified_key {
let certified_key: &CertifiedKey = try_ref_from_ptr!(certified_key);
match certified_key.cert.get(i) {
Some(cert) => cert as *const CertificateDer as *const _,
None => null()
None => null(),
}
}
}
Expand All @@ -364,7 +368,7 @@ impl rustls_certified_key {
let certified_key: &CertifiedKey = try_ref_from_ptr!(certified_key);
let mut new_key = certified_key.clone();
if !ocsp_response.is_null() {
let ocsp_slice = unsafe{ &*ocsp_response };
let ocsp_slice = unsafe { &*ocsp_response };
new_key.ocsp = Some(Vec::from(try_slice!(ocsp_slice.data, ocsp_slice.len)));
} else {
new_key.ocsp = None;
Expand Down Expand Up @@ -491,7 +495,8 @@ impl rustls_root_cert_store_builder {
Some(b) => b,
};

let certs_der: Result<Vec<CertificateDer>, _> = rustls_pemfile::certs(&mut Cursor::new(certs_pem)).collect();
let certs_der: Result<Vec<CertificateDer>, _> =
rustls_pemfile::certs(&mut Cursor::new(certs_pem)).collect();
let certs_der = match certs_der {
Ok(vv) => vv,
Err(_) => return rustls_result::CertificateParseError,
Expand Down Expand Up @@ -552,7 +557,8 @@ impl rustls_root_cert_store_builder {
};

let mut bufreader = BufReader::new(&mut cafile);
let certs: Result<Vec<CertificateDer>, _> = rustls_pemfile::certs(&mut bufreader).collect();
let certs: Result<Vec<CertificateDer>, _> =
rustls_pemfile::certs(&mut bufreader).collect();
let certs = match certs {
Ok(certs) => certs,
Err(_) => return rustls_result::Io,
Expand Down Expand Up @@ -711,7 +717,7 @@ impl rustls_web_pki_client_cert_verifier_builder {
) -> *mut rustls_web_pki_client_cert_verifier_builder {
ffi_panic_boundary! {
let store = try_clone_arc!(store);
let builder = ClientCertVerifierBuilder {
let builder = ClientCertVerifierBuilder {
root_hint_subjects: store.subjects(),
roots: store,
crls: Vec::default(),
Expand All @@ -738,23 +744,24 @@ impl rustls_web_pki_client_cert_verifier_builder {
crl_pem_len: size_t,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = match client_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
};

let crl_pem: &[u8] = try_slice!(crl_pem, crl_pem_len);
let crls_der: Result<Vec<CertificateRevocationListDer>, _> = crls(&mut Cursor::new(crl_pem)).collect();
let crls_der = match crls_der{
let crls_der: Result<Vec<CertificateRevocationListDer>, _> =
crls(&mut Cursor::new(crl_pem)).collect();
let crls_der = match crls_der {
Ok(vv) => vv,
Err(_) => return rustls_result::CertificateRevocationListParseError,
};
if crls_der.is_empty() {
return rustls_result::CertificateRevocationListParseError;
}


client_verifier_builder.crls.extend(crls_der);
rustls_result::Ok
}
Expand All @@ -768,7 +775,8 @@ impl rustls_web_pki_client_cert_verifier_builder {
builder: *mut rustls_web_pki_client_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = match client_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand All @@ -789,7 +797,8 @@ impl rustls_web_pki_client_cert_verifier_builder {
builder: *mut rustls_web_pki_client_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = match client_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand All @@ -807,7 +816,8 @@ impl rustls_web_pki_client_cert_verifier_builder {
builder: *mut rustls_web_pki_client_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = match client_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand All @@ -829,7 +839,8 @@ impl rustls_web_pki_client_cert_verifier_builder {
builder: *mut rustls_web_pki_client_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = match client_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand Down Expand Up @@ -877,26 +888,30 @@ impl rustls_web_pki_client_cert_verifier_builder {
verifier_out: *mut *mut rustls_client_cert_verifier,
) -> rustls_result {
ffi_panic_boundary! {
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> = try_mut_from_ptr!(builder);
let client_verifier_builder: &mut Option<ClientCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let client_verifier_builder = try_take!(client_verifier_builder);

let mut builder = WebPkiClientVerifier::builder(client_verifier_builder.roots)
.with_crls(client_verifier_builder.crls);
match client_verifier_builder.revocation_depth {
RevocationCheckDepth::EndEntity => builder = builder.only_check_end_entity_revocation(),
RevocationCheckDepth::Chain => {},
RevocationCheckDepth::EndEntity => {
builder = builder.only_check_end_entity_revocation()
}
RevocationCheckDepth::Chain => {}
}
match client_verifier_builder.revocation_policy {
UnknownStatusPolicy::Allow => builder = builder.allow_unknown_revocation_status(),
UnknownStatusPolicy::Deny => {},
UnknownStatusPolicy::Deny => {}
}
if client_verifier_builder.allow_unauthenticated {
builder = builder.allow_unauthenticated();
}
if client_verifier_builder.root_hint_subjects.is_empty() {
builder = builder.clear_root_hint_subjects();
} else {
builder = builder.add_root_hint_subjects(client_verifier_builder.root_hint_subjects);
builder =
builder.add_root_hint_subjects(client_verifier_builder.root_hint_subjects);
}

let verifier = match builder.build() {
Expand Down Expand Up @@ -977,7 +992,7 @@ impl ServerCertVerifierBuilder {
roots: store,
crls: Vec::default(),
revocation_depth: RevocationCheckDepth::Chain,
revocation_policy: UnknownStatusPolicy::Deny
revocation_policy: UnknownStatusPolicy::Deny,
};
to_boxed_mut_ptr(Some(builder))
}
Expand All @@ -998,15 +1013,17 @@ impl ServerCertVerifierBuilder {
crl_pem_len: size_t,
) -> rustls_result {
ffi_panic_boundary! {
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> = try_mut_from_ptr!(builder);
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let server_verifier_builder = match server_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
};

let crl_pem: &[u8] = try_slice!(crl_pem, crl_pem_len);
let crls_der: Result<Vec<CertificateRevocationListDer>, _> = crls(&mut Cursor::new(crl_pem)).collect();
let crls_der = match crls_der{
let crls_der: Result<Vec<CertificateRevocationListDer>, _> =
crls(&mut Cursor::new(crl_pem)).collect();
let crls_der = match crls_der {
Ok(vv) => vv,
Err(_) => return rustls_result::CertificateRevocationListParseError,
};
Expand All @@ -1028,7 +1045,8 @@ impl ServerCertVerifierBuilder {
builder: *mut rustls_web_pki_server_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> = try_mut_from_ptr!(builder);
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let server_verifier_builder = match server_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand All @@ -1049,7 +1067,8 @@ impl ServerCertVerifierBuilder {
builder: *mut rustls_web_pki_server_cert_verifier_builder,
) -> rustls_result {
ffi_panic_boundary! {
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> = try_mut_from_ptr!(builder);
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let server_verifier_builder = match server_verifier_builder {
None => return AlreadyUsed,
Some(v) => v,
Expand All @@ -1073,18 +1092,21 @@ impl ServerCertVerifierBuilder {
verifier_out: *mut *mut rustls_server_cert_verifier,
) -> rustls_result {
ffi_panic_boundary! {
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> = try_mut_from_ptr!(builder);
let server_verifier_builder: &mut Option<ServerCertVerifierBuilder> =
try_mut_from_ptr!(builder);
let server_verifier_builder = try_take!(server_verifier_builder);

let mut builder = WebPkiServerVerifier::builder(server_verifier_builder.roots)
.with_crls(server_verifier_builder.crls);
match server_verifier_builder.revocation_depth {
RevocationCheckDepth::EndEntity => builder = builder.only_check_end_entity_revocation(),
RevocationCheckDepth::Chain => {},
RevocationCheckDepth::EndEntity => {
builder = builder.only_check_end_entity_revocation()
}
RevocationCheckDepth::Chain => {}
}
match server_verifier_builder.revocation_policy {
UnknownStatusPolicy::Allow => builder = builder.allow_unknown_revocation_status(),
UnknownStatusPolicy::Deny => {},
UnknownStatusPolicy::Deny => {}
}

let verifier = match builder.build() {
Expand Down
61 changes: 33 additions & 28 deletions src/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,8 @@ impl rustls_client_config_builder {
builder_out: *mut *mut rustls_client_config_builder,
) -> rustls_result {
ffi_panic_boundary! {
let cipher_suites: &[*const rustls_supported_ciphersuite] = try_slice!(cipher_suites, cipher_suites_len);
let cipher_suites: &[*const rustls_supported_ciphersuite] =
try_slice!(cipher_suites, cipher_suites_len);
let mut cs_vec: Vec<SupportedCipherSuite> = Vec::new();
for &cs in cipher_suites.iter() {
let cs = try_ref_from_ptr!(cs);
Expand All @@ -175,7 +176,7 @@ impl rustls_client_config_builder {
}
}

let provider = rustls::crypto::CryptoProvider{
let provider = rustls::crypto::CryptoProvider {
cipher_suites: cs_vec,
..rustls::crypto::ring::default_provider()
};
Expand Down Expand Up @@ -366,7 +367,7 @@ impl rustls_client_config_builder {
None => return rustls_result::InvalidParameter,
};

let verifier: Verifier = Verifier{callback};
let verifier: Verifier = Verifier { callback };
config_builder.verifier = Arc::new(verifier);
rustls_result::Ok
}
Expand Down Expand Up @@ -451,7 +452,8 @@ impl rustls_client_config_builder {
) -> rustls_result {
ffi_panic_boundary! {
let config: &mut ClientConfigBuilder = try_mut_from_ptr!(builder);
let keys_ptrs: &[*const rustls_certified_key] = try_slice!(certified_keys, certified_keys_len);
let keys_ptrs: &[*const rustls_certified_key] =
try_slice!(certified_keys, certified_keys_len);
let mut keys: Vec<Arc<CertifiedKey>> = Vec::new();
for &key_ptr in keys_ptrs {
let certified_key: Arc<CertifiedKey> = try_clone_arc!(key_ptr);
Expand Down Expand Up @@ -497,7 +499,10 @@ impl rustls_client_config_builder {
) -> *const rustls_client_config {
ffi_panic_boundary! {
let builder: Box<ClientConfigBuilder> = try_box_from_ptr!(builder);
let config = builder.base.dangerous().with_custom_certificate_verifier(builder.verifier);
let config = builder
.base
.dangerous()
.with_custom_certificate_verifier(builder.verifier);
let mut config = match builder.cert_resolver {
Some(r) => config.with_client_cert_resolver(r),
None => config.with_no_client_auth(),
Expand Down Expand Up @@ -552,29 +557,29 @@ impl rustls_client_config {
conn_out: *mut *mut rustls_connection,
) -> rustls_result {
ffi_panic_boundary! {
let server_name: &CStr = unsafe {
if server_name.is_null() {
return NullParameter;
}
CStr::from_ptr(server_name)
};
let config: Arc<ClientConfig> = try_clone_arc!(config);
let server_name: &str = match server_name.to_str() {
Ok(s) => s,
Err(std::str::Utf8Error { .. }) => return rustls_result::InvalidDnsNameError,
};
let server_name: pki_types::ServerName = match server_name.try_into() {
Ok(sn) => sn,
Err(_) => return rustls_result::InvalidDnsNameError,
};
let client = ClientConnection::new(config, server_name).unwrap();

// We've succeeded. Put the client on the heap, and transfer ownership
// to the caller. After this point, we must return rustls_result::Ok so the
// caller knows it is responsible for this memory.
let c = Connection::from_client(client);
set_boxed_mut_ptr(conn_out, c);
rustls_result::Ok
let server_name: &CStr = unsafe {
if server_name.is_null() {
return NullParameter;
}
CStr::from_ptr(server_name)
};
let config: Arc<ClientConfig> = try_clone_arc!(config);
let server_name: &str = match server_name.to_str() {
Ok(s) => s,
Err(std::str::Utf8Error { .. }) => return rustls_result::InvalidDnsNameError,
};
let server_name: pki_types::ServerName = match server_name.try_into() {
Ok(sn) => sn,
Err(_) => return rustls_result::InvalidDnsNameError,
};
let client = ClientConnection::new(config, server_name).unwrap();

// We've succeeded. Put the client on the heap, and transfer ownership
// to the caller. After this point, we must return rustls_result::Ok so the
// caller knows it is responsible for this memory.
let c = Connection::from_client(client);
set_boxed_mut_ptr(conn_out, c);
rustls_result::Ok
}
}
}
Expand Down
Loading