Skip to content

Commit

Permalink
cleanup warnings in standard builds
Browse files Browse the repository at this point in the history
  • Loading branch information
@bluejekyll
bluejekyll committed May 6, 2017
1 parent acf106d commit a152f5b
Show file tree
Hide file tree
Showing 12 changed files with 79 additions and 91 deletions.
4 changes: 3 additions & 1 deletion client/src/client/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ use std::io;
use futures::Stream;
use tokio_core::reactor::Core;

use client::{ClientHandle, BasicClientHandle, ClientConnection, ClientFuture, SecureClientHandle};
use client::{ClientHandle, BasicClientHandle, ClientConnection, ClientFuture};
#[cfg(any(feature = "openssl", feature = "ring"))]
use client::SecureClientHandle;
use error::*;
use rr::{domain, DNSClass, IntoRecordSet, RecordType, Record};
use rr::dnssec::Signer;
Expand Down
2 changes: 2 additions & 0 deletions client/src/client/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ mod client_future;
mod memoize_client_handle;
mod rc_future;
mod retry_client_handle;
#[cfg(any(feature = "openssl", feature = "ring"))]
mod secure_client_handle;

#[allow(deprecated)]
Expand All @@ -33,4 +34,5 @@ pub use self::client_future::{ClientFuture, BasicClientHandle, ClientHandle, Str
ClientStreamHandle};
pub use self::memoize_client_handle::MemoizeClientHandle;
pub use self::retry_client_handle::RetryClientHandle;
#[cfg(any(feature = "openssl", feature = "ring"))]
pub use self::secure_client_handle::SecureClientHandle;
5 changes: 3 additions & 2 deletions client/src/client/secure_client_handle.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,15 @@ use std::rc::Rc;

use futures::*;

#[cfg(feature = "openssl")]
use chrono::Duration;
use client::ClientHandle;
use error::*;
use op::{Message, OpCode, Query};
use rr::{domain, DNSClass, RData, Record, RecordType};
use rr::dnssec::{Algorithm, KeyPair, SupportedAlgorithms, TrustAnchor};
use rr::dnssec::{Algorithm, SupportedAlgorithms, TrustAnchor};
#[cfg(feature = "openssl")]
use rr::dnssec::Signer;
use rr::dnssec::{KeyPair, Signer};
use rr::rdata::{DNSKEY, SIG};
use rr::rdata::opt::EdnsOption;

Expand Down
6 changes: 3 additions & 3 deletions client/src/rr/dnssec/digest_type.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
#[cfg(feature = "openssl")]
use openssl::hash;
#[cfg(feature = "openssl")]
use openssl::hash::MessageDigest;
use openssl::hash::{DigestBytes, MessageDigest};

use rr::dnssec::Algorithm;
use error::*;
Expand Down Expand Up @@ -77,8 +77,8 @@ impl DigestType {

/// Hash the data
#[cfg(feature = "openssl")]
pub fn hash(&self, data: &[u8]) -> DnsSecResult<Vec<u8>> {
hash::hash(try!(self.to_openssl_digest()), data).map_err(|e| e.into())
pub fn hash(&self, data: &[u8]) -> DnsSecResult<DigestBytes> {
hash::hash2(try!(self.to_openssl_digest()), data).map_err(|e| e.into())
}

/// This will always error, enable openssl feature at compile time
Expand Down
65 changes: 23 additions & 42 deletions client/src/rr/dnssec/key_format.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use openssl::rsa::Rsa;
#[cfg(feature = "openssl")]
use openssl::symm::Cipher;

use ::error::*;
use error::*;
use rr::dnssec::Algorithm;
use rr::dnssec::KeyPair;

Expand All @@ -22,33 +22,12 @@ pub enum KeyFormat {

impl KeyFormat {
/// Decode private key
#[allow(unused)]
pub fn decode_key(self,
bytes: &[u8],
password: Option<&str>,
algorithm: Algorithm)
-> DnsSecResult<KeyPair> {
// if self == KeyFormat::Pkcs12 {
// let pkcs12 = try!(Pkcs12::from_der(bytes)
// .map_err(|e| DnsSecErrorKind::Msg(format!("could not decode pkcs12: {}", e).into())));
// let pkcs12 = try!(pkcs12.parse(password.unwrap_or(""))
// .map_err(|e| format!("could not parse pkcs12, bad password?: {}", e).into()));
//
// let pkey = pkcs12.pkey;
// match algorithm {
// Algorithm::RSASHA1 |
// Algorithm::RSASHA1NSEC3SHA1 |
// Algorithm::RSASHA256 |
// Algorithm::RSASHA512 => {
// return Ok(KeyPair::from_rsa_pkey(pkey))
// },
// Algorithm::ECDSAP256SHA256 |
// Algorithm::ECDSAP384SHA384 => {
// return Ok(KeyPair::from_ec_pkey(pkey))
// },
// e @ _ => return Err(format!("unsupported algorithm with pkcs12 (RSA or EC only): {:?}", e).into())
// }
// }

// empty string prevents openssl from triggering a read from stdin...
let password = password.unwrap_or("");
let password = password.as_bytes();
Expand All @@ -65,11 +44,7 @@ impl KeyFormat {
.map_err(|e| format!("error reading RSA as DER: {}", e)))
}
KeyFormat::Pem => {
let key = //if let Some(password) = password {
Rsa::private_key_from_pem_passphrase(bytes, password)
/* } else {
Rsa::private_key_from_pem(bytes)
}*/;
let key = Rsa::private_key_from_pem_passphrase(bytes, password);

try!(key.map_err(|e| {
format!("could not decode RSA from PEM, bad password?: {}", e)
Expand All @@ -79,7 +54,7 @@ impl KeyFormat {
return Err(format!("unsupported key format with RSA (DER or PEM only): \
{:?}",
e)
.into())
.into())
}
};

Expand All @@ -95,11 +70,7 @@ impl KeyFormat {
.map_err(|e| format!("error reading EC as DER: {}", e)))
}
KeyFormat::Pem => {
let key = // if let Some(password) = password {
EcKey::private_key_from_pem_passphrase(bytes, password)
/* } else {
EcKey::private_key_from_pem(bytes)
}*/;
let key = EcKey::private_key_from_pem_passphrase(bytes, password);

try!(key.map_err(|e| {
format!("could not decode EC from PEM, bad password?: {}", e)
Expand All @@ -109,7 +80,7 @@ impl KeyFormat {
return Err(format!("unsupported key format with EC (DER or PEM only): \
{:?}",
e)
.into())
.into())
}
};

Expand All @@ -125,7 +96,7 @@ impl KeyFormat {
e @ _ => {
return Err(format!("unsupported key format with ED25519 (RAW only): {:?}",
e)
.into())
.into())
}
}
}
Expand All @@ -139,7 +110,11 @@ impl KeyFormat {
/// Decode private key
pub fn encode_key(self, key_pair: &KeyPair, password: Option<&str>) -> DnsSecResult<Vec<u8>> {
// on encoding, if the password is empty string, ignore it (empty string is ok on decode)
let password = password.iter().filter(|s| !s.is_empty()).map(|s| s.as_bytes()).next();
let password = password
.iter()
.filter(|s| !s.is_empty())
.map(|s| s.as_bytes())
.next();

match *key_pair {
#[cfg(feature = "openssl")]
Expand All @@ -152,7 +127,9 @@ impl KeyFormat {
return Err(format!("Can only password protect PEM: {:?}", self).into());
}
return pkey.private_key_to_der()
.map_err(|e| format!("error writing key as DER: {}", e).into());
.map_err(|e| {
format!("error writing key as DER: {}", e).into()
});
}
KeyFormat::Pem => {
let key = if let Some(password) = password {
Expand All @@ -167,7 +144,7 @@ impl KeyFormat {
return Err(format!("unsupported key format with RSA or EC (DER or PEM \
only): {:?}",
e)
.into())
.into())
}
}
}
Expand All @@ -178,13 +155,17 @@ impl KeyFormat {
if password.is_some() {
return Err(format!("Can only password protect PEM: {:?}", self).into());
}
return key_pair.to_private_bytes()
.map_err(|e| format!("error writing ED25519 as RAW: {}", e).into());
return key_pair
.to_private_bytes()
.map_err(|e| {
format!("error writing ED25519 as RAW: {}", e)
.into()
});
}
e @ _ => {
return Err(format!("unsupported key format with ED25519 (RAW only): {:?}",
e)
.into())
.into())
}
}
}
Expand Down
8 changes: 6 additions & 2 deletions client/src/rr/dnssec/keypair.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ impl KeyPair {
///
/// * `public_key` - the public key bytes formatted in BigEndian/NetworkByteOrder
/// * `algorithm` - the Algorithm which is used to interpret the key
#[allow(unused)]
pub fn from_public_bytes(public_key: &[u8], algorithm: Algorithm) -> DnsSecResult<Self> {
match algorithm {
#[cfg(feature = "openssl")]
Expand Down Expand Up @@ -429,7 +430,7 @@ impl KeyPair {
.to_digest(name, digest_type)
.map(|digest| (key_tag, digest))
})
.map(|(key_tag, digest)| DS::new(key_tag, algorithm, digest_type, digest))
.map(|(key_tag, digest)| DS::new(key_tag, algorithm, digest_type, digest.to_vec()))
}

/// Signs a hash.
Expand All @@ -443,6 +444,7 @@ impl KeyPair {
/// # Return value
///
/// The signature, ready to be stored in an `RData::RRSIG`.
#[allow(unused)]
pub fn sign(&self, algorithm: Algorithm, message: &[u8]) -> DnsSecResult<Vec<u8>> {
match *self {
#[cfg(feature = "openssl")]
Expand Down Expand Up @@ -478,6 +480,7 @@ impl KeyPair {
///
/// True if and only if the signature is valid for the hash. This will always return
/// false if the `key`.
#[allow(unused)]
pub fn verify(&self,
algorithm: Algorithm,
message: &[u8],
Expand Down Expand Up @@ -509,7 +512,7 @@ impl KeyPair {
.map_err(|e| e.into())
}
#[cfg(not(any(feature = "openssl", feature = "ring")))]
_ => Err(DnsSecErrorKind::Message("openssl nor ring feature(s) not enabled").into()),
_ => Err(DnsSecErrorKind::Message("openssl nor ring feature(s) not enabled").into()),
}
}

Expand Down Expand Up @@ -540,6 +543,7 @@ impl KeyPair {
///
/// Generally the format is expected to be in PEM, with the exception of ED25519, which is
/// currently little endian `32 private key bytes | 32 public key bytes`.
#[allow(unused)]
pub fn from_private_bytes(algorithm: Algorithm, bytes: &[u8]) -> DnsSecResult<Self> {
match algorithm {
#[cfg(feature = "openssl")]
Expand Down
9 changes: 6 additions & 3 deletions client/src/rr/dnssec/nsec3.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,11 @@
*/
#[cfg(feature = "openssl")]
use std::io::Write;

#[cfg(feature = "openssl")]
use openssl::hash;
#[cfg(feature = "openssl")]
use openssl::hash::DigestBytes;

use error::*;
#[cfg(feature = "openssl")]
Expand Down Expand Up @@ -147,7 +150,7 @@ impl Nsec3HashAlgorithm {
/// substitution);
/// ```
#[cfg(feature = "openssl")]
pub fn hash(&self, salt: &[u8], name: &Name, iterations: u16) -> DnsSecResult<Vec<u8>> {
pub fn hash(&self, salt: &[u8], name: &Name, iterations: u16) -> DnsSecResult<DigestBytes> {
match *self {
// if there ever is more than just SHA1 support, this should be a genericized method
Nsec3HashAlgorithm::SHA1 => {
Expand All @@ -165,7 +168,7 @@ impl Nsec3HashAlgorithm {

/// until there is another supported algorithm, just hardcoded to this.
#[cfg(feature = "openssl")]
fn sha1_recursive_hash(salt: &[u8], bytes: Vec<u8>, iterations: u16) -> DnsSecResult<Vec<u8>> {
fn sha1_recursive_hash(salt: &[u8], bytes: Vec<u8>, iterations: u16) -> DnsSecResult<DigestBytes> {
let digest_type = try!(DigestType::SHA1.to_openssl_digest());
hash::Hasher::new(digest_type)
.map_err(|e| e.into())
Expand All @@ -177,7 +180,7 @@ impl Nsec3HashAlgorithm {
try!(hasher.write_all(&bytes));
}
try!(hasher.write_all(salt));
hasher.finish().map_err(|e| e.into())
hasher.finish2().map_err(|e| e.into())
})
}
}
Expand Down
35 changes: 9 additions & 26 deletions client/src/rr/dnssec/signer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ use op::Message;
#[cfg(any(feature = "openssl", feature = "ring"))]
use rr::{DNSClass, Name, Record, RecordType, RData};
#[cfg(any(feature = "openssl", feature = "ring"))]
use rr::dnssec::{Algorithm, DigestType, DnsSecErrorKind, DnsSecResult};
use rr::dnssec::KeyPair;
use rr::dnssec::{Algorithm, DnsSecErrorKind, DnsSecResult, KeyPair};
#[cfg(any(feature = "openssl", feature = "ring"))]
use rr::rdata::{DNSKEY, KEY, sig, SIG};
#[cfg(any(feature = "openssl", feature = "ring"))]
Expand Down Expand Up @@ -826,12 +825,8 @@ mod tests {

let rsa = Rsa::generate(512).unwrap();
let key = KeyPair::from_rsa(rsa).unwrap();
let signer = Signer::new(Algorithm::RSASHA256,
key,
Name::root(),
Duration::max_value(),
true,
true);
let sig0key = key.to_sig0key(Algorithm::RSASHA256).unwrap();
let signer = Signer::sig0(sig0key, key, Name::root(), true);

let pre_sig0 = pre_sig0(&signer, 0, 300);
let sig = signer.sign_message(&question, &pre_sig0).unwrap();
Expand All @@ -857,12 +852,8 @@ mod tests {
fn test_hash_rrset() {
let rsa = Rsa::generate(512).unwrap();
let key = KeyPair::from_rsa(rsa).unwrap();
let signer = Signer::new(Algorithm::RSASHA256,
key,
Name::root(),
Duration::max_value(),
true,
true);
let sig0key = key.to_sig0key(Algorithm::RSASHA256).unwrap();
let signer = Signer::sig0(sig0key, key, Name::root(), true);

let origin: Name = Name::parse("example.com.", None).unwrap();
let rrsig = Record::new()
Expand Down Expand Up @@ -946,12 +937,8 @@ mod tests {
fn test_sign_and_verify_rrset() {
let rsa = Rsa::generate(512).unwrap();
let key = KeyPair::from_rsa(rsa).unwrap();
let signer = Signer::new(Algorithm::RSASHA256,
key,
Name::root(),
Duration::max_value(),
true,
true);
let sig0key = key.to_sig0key(Algorithm::RSASHA256).unwrap();
let signer = Signer::sig0(sig0key, key, Name::root(), true);

let origin: Name = Name::parse("example.com.", None).unwrap();
let rrsig = Record::new()
Expand Down Expand Up @@ -997,12 +984,8 @@ mod tests {
println!("pkey: {:?}", rsa.public_key_to_pem().unwrap());

let key = KeyPair::from_rsa(rsa).unwrap();
let signer = Signer::new(Algorithm::RSASHA256,
key,
Name::root(),
Duration::max_value(),
true,
true);
let sig0key = key.to_sig0key(Algorithm::RSASHA256).unwrap();
let signer = Signer::sig0(sig0key, key, Name::root(), true);
let key_tag = signer.calculate_key_tag().unwrap();

println!("key_tag: {}", key_tag);
Expand Down
1 change: 1 addition & 0 deletions client/src/rr/dnssec/trust_anchor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ use std::default::Default;
#[cfg(feature = "openssl")]
use openssl::rsa::Rsa;

#[cfg(feature = "openssl")]
use rr::dnssec::KeyPair;

#[cfg(feature = "openssl")]
Expand Down

0 comments on commit a152f5b

Please sign in to comment.