Reduce the scope of allow_unsafe in ring::ec.

Previously, `unsafe` was allowed everywhere in in all submodules of `ring::ec` because `ring::ec` had `#![allow(unsafe_code)]`. Fix that, which helps emphasize that the use of `unsafe` is now limited to `ring::ec::suite_b::ops` the Curve25519 code, and the ECDH code.
briansmith · Jun 29, 2016 · 752c8c6 · 752c8c6
1 parent e34adcc
commit 752c8c6
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 8 deletions.
diff --git a/src/ec/ec.rs b/src/ec/ec.rs
@@ -12,8 +12,6 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![allow(unsafe_code)]
-
 use {bssl, c, init, rand};
 use untrusted;
 
@@ -56,6 +54,7 @@ pub struct PrivateKey {
 }
 
 impl PrivateKey {
+    #[allow(unsafe_code)]
     pub fn generate(alg: &AgreementAlgorithmImpl, rng: &rand::SecureRandom)
                     -> Result<PrivateKey, ()> {
         init::init_once();
@@ -87,6 +86,7 @@ impl PrivateKey {
         result
     }
 
+    #[allow(unsafe_code)]
     #[inline(always)]
     pub fn compute_public_key(&self, alg: &AgreementAlgorithmImpl,
                               out: &mut [u8]) -> Result<(), ()> {

diff --git a/src/ec/suite_b/ecdh.rs b/src/ec/suite_b/ecdh.rs
@@ -14,8 +14,6 @@
 
 //! ECDH key agreement using the P-256 and P-384 curves.
 
-#![allow(unsafe_code)]
-
 use {agreement, bssl, c, ec, rand};
 use super::ops::*;
 use super::public_key::*;
@@ -63,6 +61,7 @@ macro_rules! ecdh {
     }
 }
 
+#[allow(unsafe_code)]
 fn ecdh(ops: &PublicKeyOps, out: &mut [u8], my_private_key: &ec::PrivateKey,
         peer_public_key: untrusted::Input) -> Result<(), ()> {
     let (peer_x, peer_y) = try!(parse_uncompressed_point(ops, peer_public_key));

diff --git a/src/ec/suite_b/ecdsa.rs b/src/ec/suite_b/ecdsa.rs
@@ -12,8 +12,6 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![allow(unsafe_code)]
-
 //! ECDSA Signatures using the P-256 and P-384 curves.
 
 use {der, digest, signature, signature_impl};

diff --git a/src/ec/suite_b/ops/ops.rs b/src/ec/suite_b/ops/ops.rs
@@ -12,6 +12,8 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
+#![allow(unsafe_code)]
+
 use {bssl, c, der};
 use core;
 use untrusted;

diff --git a/src/ec/x25519.rs b/src/ec/x25519.rs
@@ -14,8 +14,6 @@
 
 //! X25519 Key agreement.
 
-#![allow(unsafe_code)]
-
 use {agreement, bssl, c, ec, rand};
 use untrusted;
 
@@ -39,6 +37,7 @@ pub static X25519: agreement::Algorithm = agreement::Algorithm {
     },
 };
 
+#[allow(unsafe_code)]
 fn x25519_ecdh(out: &mut [u8], my_private_key: &ec::PrivateKey,
                peer_public_key: untrusted::Input) -> Result<(), ()> {
     debug_assert_eq!(out.len(), X25519_ELEM_SCALAR_PUBLIC_KEY_LEN);