Skip to content

rpk branch fixes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kornelski merged 4 commits into from
Jan 20, 2026
Merged

rpk branch fixes #1

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5dd48e3
Use existing macro for ForeignType
kornelski Jan 20, 2026
a395f89
Fix spki leak
kornelski Jan 20, 2026
c3cc1ef
Don't readd leaky set_ex_data
kornelski Jan 20, 2026
a02598c
Remove unnecessary as_mut
kornelski Jan 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 15 additions & 79 deletions boring/src/ssl/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4470,36 +4470,12 @@ impl<S> SslStreamBuilder<S> {
}
}

/// A credential.
pub struct SslCredential(NonNull<ffi::SSL_CREDENTIAL>);

unsafe impl ForeignType for SslCredential {
foreign_type_and_impl_send_sync! {
type CType = ffi::SSL_CREDENTIAL;
type Ref = SslCredentialRef;

#[inline]
unsafe fn from_ptr(ptr: *mut ffi::SSL_CREDENTIAL) -> Self {
Self(NonNull::new_unchecked(ptr))
}

#[inline]
fn as_ptr(&self) -> *mut ffi::SSL_CREDENTIAL {
self.0.as_ptr()
}
}
fn drop = ffi::SSL_CREDENTIAL_free;

impl Drop for SslCredential {
fn drop(&mut self) {
unsafe { ffi::SSL_CREDENTIAL_free(self.as_ptr()) }
}
}

impl Deref for SslCredential {
type Target = SslCredentialRef;

fn deref(&self) -> &SslCredentialRef {
unsafe { SslCredentialRef::from_ptr(self.as_ptr()) }
}
/// A credential.
pub struct SslCredential;
}

impl SslCredential {
Expand Down Expand Up @@ -4546,11 +4522,6 @@ impl SslCredential {
}
}

/// Reference to an [`SslCredential`].
///
/// [`SslCredential`]: struct.SslCredential.html
pub struct SslCredentialRef(Opaque);

impl SslCredentialRef {
/// Returns a reference to the extra data at the specified index.
#[corresponds(SSL_CREDENTIAL_get_ex_data)]
Expand Down Expand Up @@ -4578,16 +4549,6 @@ impl SslCredentialRef {
}
}

// Unsafe because SSL contexts are not guaranteed to be unique, we call
// this only from SslCredentialBuilder.
#[corresponds(SSL_CREDENTIAL_set_ex_data)]
unsafe fn set_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) {
unsafe {
let data = Box::into_raw(Box::new(data)) as *mut c_void;
ffi::SSL_CREDENTIAL_set_ex_data(self.as_ptr(), index.as_raw(), data);
}
}

// Unsafe because SSL contexts are not guaranteed to be unique, we call
// this only from SslCredentialBuilder.
#[corresponds(SSL_CREDENTIAL_set_ex_data)]
Expand All @@ -4596,36 +4557,19 @@ impl SslCredentialRef {
return Some(mem::replace(old, data));
}

self.set_ex_data(index, data);
unsafe {
let data = Box::into_raw(Box::new(data)) as *mut c_void;
ffi::SSL_CREDENTIAL_set_ex_data(self.as_ptr(), index.as_raw(), data);
}

None
}
}

unsafe impl Send for SslCredentialRef {}
unsafe impl Sync for SslCredentialRef {}

unsafe impl ForeignTypeRef for SslCredentialRef {
type CType = ffi::SSL_CREDENTIAL;
}

/// A builder for [`SslCredential`]
pub struct SslCredentialBuilder(SslCredential);

impl SslCredentialBuilder {
/// Sets the extra data at the specified index.
///
/// This can be used to provide data to callbacks registered with the context. Use the
/// `SslCredential::new_ex_index` method to create an `Index`.
///
/// Note that if this method is called multiple times with the same index, any previous
/// value stored in the `SslCredentialBuilder` will be leaked.
#[corresponds(SSL_CREDENTIAL_set_ex_data)]
pub fn set_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) {
unsafe {
self.as_mut().set_ex_data(index, data);
}
}

/// Sets or overwrites the extra data at the specified index.
///
/// This can be used to provide data to callbacks registered with the context. Use the
Expand All @@ -4634,7 +4578,7 @@ impl SslCredentialBuilder {
/// Any previous value will be returned and replaced by the new one.
#[corresponds(SSL_CREDENTIAL_set_ex_data)]
pub fn replace_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) -> Option<T> {
unsafe { self.as_mut().replace_ex_data(index, data) }
unsafe { self.0.replace_ex_data(index, data) }
}

// Sets the private key of the credential.
Expand All @@ -4658,12 +4602,10 @@ impl SslCredentialBuilder {
M: PrivateKeyMethod,
{
unsafe {
let this = self.as_mut();

this.replace_ex_data(SslCredential::cached_ex_index::<M>(), method);
self.replace_ex_data(SslCredential::cached_ex_index::<M>(), method);

cvt_0i(ffi::SSL_CREDENTIAL_set_private_key_method(
this.as_ptr(),
self.0.as_ptr(),
&ffi::SSL_PRIVATE_KEY_METHOD {
sign: Some(callbacks::raw_sign::<M>),
decrypt: Some(callbacks::raw_decrypt::<M>),
Expand Down Expand Up @@ -4692,22 +4634,16 @@ impl SslCredentialBuilder {
.transpose()?
.unwrap_or(ptr::null_mut());

let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki));
let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki)).map(|_| ());

if spki.is_null() {
if !spki.is_null() {
ffi::CRYPTO_BUFFER_free(spki);
}

ret?;

Ok(())
ret
}
}

unsafe fn as_mut(&mut self) -> &mut SslCredentialRef {
SslCredentialRef::from_ptr_mut(self.0.as_ptr())
}

pub fn build(self) -> SslCredential {
self.0
}
Expand Down