diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-10-13 11:17:45 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-10-13 11:48:49 +0200 |
| commit | 87db0d161c89d944219b2516317ee2155814c2c6 (patch) | |
| tree | 2eeedbbbd94d88328d982b13617aff4bf9629c8a | |
| parent | a7c19682e6980baad8f09357ca4acc5ac9c41ee5 (diff) | |
openpgp-ffi: Make pgp_key_pair_as_signer consume the key pair.
- This was actually assumed by pgp_signer_new, leading to a double
free if the key pair was later freed.
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp/crypto.h | 3 | ||||
| -rw-r--r-- | openpgp-ffi/src/cert.rs | 1 | ||||
| -rw-r--r-- | openpgp-ffi/src/crypto.rs | 15 |
3 files changed, 9 insertions, 10 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp/crypto.h b/openpgp-ffi/include/sequoia/openpgp/crypto.h index d0330da4..ae47c923 100644 --- a/openpgp-ffi/include/sequoia/openpgp/crypto.h +++ b/openpgp-ffi/include/sequoia/openpgp/crypto.h @@ -99,8 +99,7 @@ void pgp_key_pair_free (pgp_key_pair_t kp); /*/ /// Creates a signer from a key pair. /// -/// Note that the returned object merely references the key pair, and -/// must not outlive the key pair. +/// Consumes the key pair. /*/ pgp_signer_t pgp_key_pair_as_signer (pgp_key_pair_t kp); diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs index f47e9021..4917e789 100644 --- a/openpgp-ffi/src/cert.rs +++ b/openpgp-ffi/src/cert.rs @@ -217,7 +217,6 @@ fn int_to_reason_for_revocation(code: c_int) -> ReasonForRevocation { /// "It was the maid :/"); /// assert (revocation); /// pgp_signer_free (primary_signer); -/// pgp_key_pair_free (primary_keypair); /// /// pgp_packet_t packet = pgp_signature_into_packet (revocation); /// cert = pgp_cert_insert_packets (NULL, cert, &packet, 1); diff --git a/openpgp-ffi/src/crypto.rs b/openpgp-ffi/src/crypto.rs index 4bc35f5b..90db3180 100644 --- a/openpgp-ffi/src/crypto.rs +++ b/openpgp-ffi/src/crypto.rs @@ -58,7 +58,7 @@ fn pgp_password_from_bytes(buf: *const u8, size: size_t) -> *mut Password { /// Frees a signer. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn pgp_signer_free - (s: Option<&mut &'static mut dyn crypto::Signer>) + (s: Option<&mut Box<dyn crypto::Signer>>) { ffi_free!(s) } @@ -86,15 +86,16 @@ pub extern "C" fn pgp_key_pair_free /// Creates a signer from a key pair. /// -/// Note that the returned object merely references the key pair, and -/// must not outlive the key pair. +/// Consumes the key pair. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn pgp_key_pair_as_signer (kp: *mut crypto::KeyPair) - -> *mut &'static mut dyn crypto::Signer + -> *mut Box<dyn crypto::Signer> { - let kp = ffi_param_ref_mut!(kp); - let signer: &mut dyn crypto::Signer = kp; + let kp = ffi_param_move!(kp); + let signer: Box<dyn crypto::Signer> = Box::new(*kp); + // We cannot give out a raw pointer to the trait object, because + // Rust insists they are not "FFI-safe". So we need to box it + // again. Yuck. box_raw!(signer) - //box_raw!(kp) } |