RustCrypto · tarcieri · Oct 15, 2021 · Oct 15, 2021
diff --git a/pkcs8/src/document/encrypted_private_key.rs b/pkcs8/src/document/encrypted_private_key.rs
@@ -1,6 +1,6 @@
 //! PKCS#8 encrypted private key document.
 
-use crate::{error, EncryptedPrivateKeyInfo, Error, Result};
+use crate::{EncryptedPrivateKeyInfo, Error, Result};
 use alloc::{borrow::ToOwned, vec::Vec};
 use core::{
     convert::{TryFrom, TryInto},
@@ -80,19 +80,18 @@ impl EncryptedPrivateKeyDocument {
     /// PKCS#8 string.
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem(&self) -> Zeroizing<String> {
+    pub fn to_pem(&self) -> Result<Zeroizing<String>> {
         self.to_pem_with_le(LineEnding::default())
     }
 
     /// Serialize [`EncryptedPrivateKeyDocument`] as self-zeroizing PEM-encoded
     /// PKCS#8 string with the given [`LineEnding`].
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Zeroizing<String> {
-        Zeroizing::new(
-            pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0)
-                .expect(error::PEM_ENCODING_MSG),
-        )
+    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
+        pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0)
+            .map(Zeroizing::new)
+            .map_err(|_| Error::Pem)
     }
 
     /// Load [`EncryptedPrivateKeyDocument`] from an ASN.1 DER-encoded file on
@@ -124,7 +123,7 @@ impl EncryptedPrivateKeyDocument {
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     pub fn write_pem_file(&self, path: impl AsRef<Path>) -> Result<()> {
-        write_secret_file(path, self.to_pem().as_bytes())
+        write_secret_file(path, self.to_pem()?.as_bytes())
     }
 }
 
@@ -134,18 +133,19 @@ impl AsRef<[u8]> for EncryptedPrivateKeyDocument {
     }
 }
 
-impl From<EncryptedPrivateKeyInfo<'_>> for EncryptedPrivateKeyDocument {
-    fn from(key: EncryptedPrivateKeyInfo<'_>) -> EncryptedPrivateKeyDocument {
-        EncryptedPrivateKeyDocument::from(&key)
+impl TryFrom<EncryptedPrivateKeyInfo<'_>> for EncryptedPrivateKeyDocument {
+    type Error = Error;
+
+    fn try_from(key: EncryptedPrivateKeyInfo<'_>) -> Result<EncryptedPrivateKeyDocument> {
+        EncryptedPrivateKeyDocument::try_from(&key)
     }
 }
 
-impl From<&EncryptedPrivateKeyInfo<'_>> for EncryptedPrivateKeyDocument {
-    fn from(key: &EncryptedPrivateKeyInfo<'_>) -> EncryptedPrivateKeyDocument {
-        key.to_vec()
-            .ok()
-            .and_then(|buf| buf.try_into().ok())
-            .expect(error::DER_ENCODING_MSG)
+impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for EncryptedPrivateKeyDocument {
+    type Error = Error;
+
+    fn try_from(key: &EncryptedPrivateKeyInfo<'_>) -> Result<EncryptedPrivateKeyDocument> {
+        key.to_vec()?.try_into()
     }
 }
 

diff --git a/pkcs8/src/document/private_key.rs b/pkcs8/src/document/private_key.rs
@@ -1,6 +1,6 @@
 //! PKCS#8 private key document.
 
-use crate::{error, Error, PrivateKeyInfo, Result};
+use crate::{Error, PrivateKeyInfo, Result};
 use alloc::{borrow::ToOwned, vec::Vec};
 use core::{
     convert::{TryFrom, TryInto},
@@ -68,19 +68,18 @@ impl PrivateKeyDocument {
     /// Serialize [`PrivateKeyDocument`] as self-zeroizing PEM-encoded PKCS#8 string.
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem(&self) -> Zeroizing<String> {
+    pub fn to_pem(&self) -> Result<Zeroizing<String>> {
         self.to_pem_with_le(LineEnding::default())
     }
 
     /// Serialize [`PrivateKeyDocument`] as self-zeroizing PEM-encoded PKCS#8 string
     /// with the given [`LineEnding`].
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Zeroizing<String> {
-        Zeroizing::new(
-            pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0)
-                .expect(error::PEM_ENCODING_MSG),
-        )
+    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
+        pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0)
+            .map(Zeroizing::new)
+            .map_err(|_| Error::Pem)
     }
 
     /// Load [`PrivateKeyDocument`] from an ASN.1 DER-encoded file on the local
@@ -111,7 +110,7 @@ impl PrivateKeyDocument {
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     pub fn write_pem_file(&self, path: impl AsRef<Path>) -> Result<()> {
-        write_secret_file(path, self.to_pem().as_bytes())
+        write_secret_file(path, self.to_pem()?.as_bytes())
     }
 
     /// Encrypt this private key using a symmetric encryption key derived
@@ -153,14 +152,14 @@ impl PrivateKeyDocument {
     ) -> Result<EncryptedPrivateKeyDocument> {
         pbes2_params
             .encrypt(password, self.as_ref())
-            .map(|encrypted_data| {
+            .map_err(|_| Error::Crypto)
+            .and_then(|encrypted_data| {
                 EncryptedPrivateKeyInfo {
                     encryption_algorithm: pbes2_params.into(),
                     encrypted_data: &encrypted_data,
                 }
-                .into()
+                .try_into()
             })
-            .map_err(|_| Error::Crypto)
     }
 }
 
@@ -170,19 +169,19 @@ impl AsRef<[u8]> for PrivateKeyDocument {
     }
 }
 
-impl From<PrivateKeyInfo<'_>> for PrivateKeyDocument {
-    fn from(private_key_info: PrivateKeyInfo<'_>) -> PrivateKeyDocument {
-        PrivateKeyDocument::from(&private_key_info)
+impl TryFrom<PrivateKeyInfo<'_>> for PrivateKeyDocument {
+    type Error = Error;
+
+    fn try_from(private_key_info: PrivateKeyInfo<'_>) -> Result<PrivateKeyDocument> {
+        PrivateKeyDocument::try_from(&private_key_info)
     }
 }
 
-impl From<&PrivateKeyInfo<'_>> for PrivateKeyDocument {
-    fn from(private_key_info: &PrivateKeyInfo<'_>) -> PrivateKeyDocument {
-        private_key_info
-            .to_vec()
-            .expect(error::DER_ENCODING_MSG)
-            .try_into()
-            .expect(error::DER_ENCODING_MSG)
+impl TryFrom<&PrivateKeyInfo<'_>> for PrivateKeyDocument {
+    type Error = Error;
+
+    fn try_from(private_key_info: &PrivateKeyInfo<'_>) -> Result<PrivateKeyDocument> {
+        private_key_info.to_vec()?.try_into()
     }
 }
 

diff --git a/pkcs8/src/document/public_key.rs b/pkcs8/src/document/public_key.rs
@@ -1,6 +1,6 @@
 //! SPKI public key document.
 
-use crate::{error, Error, Result, SubjectPublicKeyInfo};
+use crate::{Error, Result, SubjectPublicKeyInfo};
 use alloc::{borrow::ToOwned, vec::Vec};
 use core::{
     convert::{TryFrom, TryInto},
@@ -64,16 +64,16 @@ impl PublicKeyDocument {
     /// Serialize [`PublicKeyDocument`] as PEM-encoded PKCS#8 (SPKI) string.
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem(&self) -> String {
+    pub fn to_pem(&self) -> Result<String> {
         self.to_pem_with_le(LineEnding::default())
     }
 
     /// Serialize [`PublicKeyDocument`] as PEM-encoded PKCS#8 (SPKI) string
     /// with the given [`LineEnding`].
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> String {
-        pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0).expect(error::PEM_ENCODING_MSG)
+    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Result<String> {
+        pem::encode_string(PEM_TYPE_LABEL, line_ending, &self.0).map_err(|_| Error::Pem)
     }
 
     /// Load [`PublicKeyDocument`] from an ASN.1 DER-encoded file on the local
@@ -105,7 +105,7 @@ impl PublicKeyDocument {
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     pub fn write_pem_file(&self, path: impl AsRef<Path>) -> Result<()> {
-        fs::write(path, self.to_pem().as_bytes())?;
+        fs::write(path, self.to_pem()?.as_bytes())?;
         Ok(())
     }
 }
@@ -116,18 +116,19 @@ impl AsRef<[u8]> for PublicKeyDocument {
     }
 }
 
-impl From<SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
-    fn from(spki: SubjectPublicKeyInfo<'_>) -> PublicKeyDocument {
-        PublicKeyDocument::from(&spki)
+impl TryFrom<SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
+    type Error = Error;
+
+    fn try_from(spki: SubjectPublicKeyInfo<'_>) -> Result<PublicKeyDocument> {
+        PublicKeyDocument::try_from(&spki)
     }
 }
 
-impl From<&SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
-    fn from(spki: &SubjectPublicKeyInfo<'_>) -> PublicKeyDocument {
-        spki.to_vec()
-            .ok()
-            .and_then(|buf| buf.try_into().ok())
-            .expect(error::DER_ENCODING_MSG)
+impl TryFrom<&SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
+    type Error = Error;
+
+    fn try_from(spki: &SubjectPublicKeyInfo<'_>) -> Result<PublicKeyDocument> {
+        spki.to_vec()?.try_into()
     }
 }
 

diff --git a/pkcs8/src/encrypted_private_key_info.rs b/pkcs8/src/encrypted_private_key_info.rs
@@ -13,7 +13,7 @@ use core::convert::TryInto;
 
 #[cfg(feature = "pem")]
 use {
-    crate::{error, pem, LineEnding},
+    crate::{pem, LineEnding},
     zeroize::Zeroizing,
 };
 
@@ -66,26 +66,28 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
     /// Encode this [`EncryptedPrivateKeyInfo`] as ASN.1 DER.
     #[cfg(feature = "alloc")]
     #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
-    pub fn to_der(&self) -> EncryptedPrivateKeyDocument {
-        self.into()
+    pub fn to_der(&self) -> Result<EncryptedPrivateKeyDocument> {
+        self.try_into()
     }
 
     /// Encode this [`EncryptedPrivateKeyInfo`] as PEM-encoded ASN.1 DER.
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem(&self) -> Zeroizing<alloc::string::String> {
+    pub fn to_pem(&self) -> Result<Zeroizing<alloc::string::String>> {
         self.to_pem_with_le(LineEnding::default())
     }
 
     /// Encode this [`EncryptedPrivateKeyInfo`] as PEM-encoded ASN.1 DER with
     /// the given [`LineEnding`].
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Zeroizing<alloc::string::String> {
-        Zeroizing::new(
-            pem::encode_string(PEM_TYPE_LABEL, line_ending, self.to_der().as_ref())
-                .expect(error::PEM_ENCODING_MSG),
-        )
+    pub fn to_pem_with_le(
+        &self,
+        line_ending: LineEnding,
+    ) -> Result<Zeroizing<alloc::string::String>> {
+        pem::encode_string(PEM_TYPE_LABEL, line_ending, self.to_der()?.as_ref())
+            .map(Zeroizing::new)
+            .map_err(|_| Error::Pem)
     }
 }
 

diff --git a/pkcs8/src/error.rs b/pkcs8/src/error.rs
@@ -2,14 +2,6 @@
 
 use core::fmt;
 
-/// Message to display when an `expect`-ed DER encoding error occurs
-#[cfg(feature = "alloc")]
-pub(crate) const DER_ENCODING_MSG: &str = "DER encoding error";
-
-/// Message to display when an `expect`-ed PEM encoding error occurs
-#[cfg(feature = "pem")]
-pub(crate) const PEM_ENCODING_MSG: &str = "PEM encoding error";
-
 /// Result type
 pub type Result<T> = core::result::Result<T, Error>;
 

diff --git a/pkcs8/src/private_key_info.rs b/pkcs8/src/private_key_info.rs
@@ -8,7 +8,7 @@ use der::{
 };
 
 #[cfg(feature = "alloc")]
-use crate::PrivateKeyDocument;
+use {crate::PrivateKeyDocument, core::convert::TryInto};
 
 #[cfg(feature = "encryption")]
 use {
@@ -18,7 +18,7 @@ use {
 
 #[cfg(feature = "pem")]
 use {
-    crate::{error, pem, LineEnding},
+    crate::{pem, LineEnding},
     alloc::string::String,
     zeroize::Zeroizing,
 };
@@ -141,32 +141,31 @@ impl<'a> PrivateKeyInfo<'a> {
         rng: impl CryptoRng + RngCore,
         password: impl AsRef<[u8]>,
     ) -> Result<EncryptedPrivateKeyDocument> {
-        PrivateKeyDocument::from(self).encrypt(rng, password)
+        PrivateKeyDocument::try_from(self)?.encrypt(rng, password)
     }
 
     /// Encode this [`PrivateKeyInfo`] as ASN.1 DER.
     #[cfg(feature = "alloc")]
     #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
-    pub fn to_der(&self) -> PrivateKeyDocument {
-        self.into()
+    pub fn to_der(&self) -> Result<PrivateKeyDocument> {
+        self.try_into()
     }
 
     /// Encode this [`PrivateKeyInfo`] as PEM-encoded ASN.1 DER.
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem(&self) -> Zeroizing<String> {
+    pub fn to_pem(&self) -> Result<Zeroizing<String>> {
         self.to_pem_with_le(LineEnding::default())
     }
 
     /// Encode this [`PrivateKeyInfo`] as PEM-encoded ASN.1 DER with the given
     /// [`LineEnding`].
     #[cfg(feature = "pem")]
     #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Zeroizing<String> {
-        Zeroizing::new(
-            pem::encode_string(PEM_TYPE_LABEL, line_ending, self.to_der().as_ref())
-                .expect(error::PEM_ENCODING_MSG),
-        )
+    pub fn to_pem_with_le(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
+        pem::encode_string(PEM_TYPE_LABEL, line_ending, self.to_der()?.as_ref())
+            .map(Zeroizing::new)
+            .map_err(|_| Error::Pem)
     }
 }