Use MaybeUninit for raw_ticket_key

kornelski · kornelski · commit 6d711ac8fdd4 · 2025-09-30T15:06:11.000+01:00
diff --git a/boring/src/ssl/callbacks.rs b/boring/src/ssl/callbacks.rs
@@ -12,9 +12,9 @@ use crate::ssl::TicketKeyCallbackResult;
 use crate::x509::{X509StoreContext, X509StoreContextRef};
 use foreign_types::ForeignType;
 use foreign_types::ForeignTypeRef;
-use libc::c_char;
-use libc::{c_int, c_uchar, c_uint, c_void};
+use libc::{c_char, c_int, c_uchar, c_uint, c_void};
 use std::ffi::CStr;
+use std::mem::MaybeUninit;
 use std::ptr;
 use std::slice;
 use std::str;
@@ -270,6 +270,11 @@ where
     }
 }
 
+unsafe fn to_uninit<'a, T: 'a>(ptr: *mut T) -> &'a mut MaybeUninit<T> {
+    assert!(!ptr.is_null());
+    unsafe { &mut *ptr.cast::<MaybeUninit<T>>() }
+}
+
 pub(super) unsafe extern "C" fn raw_ticket_key<F>(
     ssl: *mut ffi::SSL,
     key_name: *mut u8,
@@ -283,8 +288,8 @@ where
             &SslRef,
             &mut [u8; 16],
             &mut [u8; ffi::EVP_MAX_IV_LENGTH as usize],
-            *mut ffi::EVP_CIPHER_CTX,
-            *mut ffi::HMAC_CTX,
+            &mut MaybeUninit<ffi::EVP_CIPHER_CTX>,
+            &mut MaybeUninit<ffi::HMAC_CTX>,
             bool,
         ) -> TicketKeyCallbackResult
         + 'static
@@ -294,32 +299,34 @@ where
     // SAFETY: boring provides valid inputs.
     let ssl = unsafe { SslRef::from_ptr_mut(ssl) };
 
+    let evp_ctx = unsafe { to_uninit(evp_ctx) };
+    let hmac_ctx = unsafe { to_uninit(hmac_ctx) };
+
     let ssl_context = ssl.ssl_context().to_owned();
     let callback = ssl_context
         .ex_data::<F>(SslContext::cached_ex_index::<F>())
         .expect("expected session resumption callback");
 
     // SAFETY: the callback guarantees that key_name is 16 bytes
     let key_name =
-        unsafe { slice::from_raw_parts_mut(key_name, ffi::SSL_TICKET_KEY_NAME_LEN as usize) };
-    let key_name = <&mut [u8; 16]>::try_from(key_name).expect("boring provides a 16-byte key name");
+        unsafe { to_uninit(key_name.cast::<[u8; ffi::SSL_TICKET_KEY_NAME_LEN as usize]>()) };
 
     // SAFETY: the callback provides 16 bytes iv
     //
     // https://github.com/google/boringssl/blob/main/ssl/ssl_session.cc#L331
-    let iv = unsafe { core::slice::from_raw_parts_mut(iv, ffi::EVP_MAX_IV_LENGTH as usize) };
-    let iv = <&mut [u8; ffi::EVP_MAX_IV_LENGTH as usize]>::try_from(iv)
-        .expect("boring provides a 16-byte iv");
+    let iv = unsafe { to_uninit(iv.cast::<[u8; ffi::EVP_MAX_IV_LENGTH as usize]>()) };
 
     // When encrypting a new ticket, encrypt will be one.
     let encrypt = encrypt == 1;
 
     // Zero-initialize the key_name and iv, since the application is expected to populate these
     // fields in the encrypt mode.
     if encrypt {
-        unsafe { ptr::write(key_name, [0; 16]) };
-        unsafe { ptr::write(iv, [0; ffi::EVP_MAX_IV_LENGTH as usize]) };
+        *key_name = MaybeUninit::zeroed();
+        *iv = MaybeUninit::zeroed();
     }
+    let key_name = unsafe { key_name.assume_init_mut() };
+    let iv = unsafe { iv.assume_init_mut() };
 
     callback(ssl, key_name, iv, evp_ctx, hmac_ctx, encrypt).into()
 }
diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
@@ -1254,8 +1254,8 @@ impl SslContextBuilder {
                 &SslRef,
                 &mut [u8; 16],
                 &mut [u8; ffi::EVP_MAX_IV_LENGTH as usize],
-                *mut ffi::EVP_CIPHER_CTX,
-                *mut ffi::HMAC_CTX,
+                &mut MaybeUninit<ffi::EVP_CIPHER_CTX>,
+                &mut MaybeUninit<ffi::HMAC_CTX>,
                 bool,
             ) -> TicketKeyCallbackResult
             + 'static
diff --git a/boring/src/ssl/test/session_resumption.rs b/boring/src/ssl/test/session_resumption.rs
@@ -6,6 +6,7 @@ use crate::ssl::SslSessionCacheMode;
 use crate::ssl::TicketKeyCallbackResult;
 use crate::symm::Cipher;
 use std::ffi::c_void;
+use std::mem::MaybeUninit;
 use std::sync::atomic::{AtomicU8, Ordering};
 use std::sync::OnceLock;
 
@@ -147,8 +148,8 @@ fn test_noop_tickey_key_callback(
     _ssl: &SslRef,
     key_name: &mut [u8; 16],
     iv: &mut [u8; ffi::EVP_MAX_IV_LENGTH as usize],
-    evp_ctx: *mut ffi::EVP_CIPHER_CTX,
-    hmac_ctx: *mut ffi::HMAC_CTX,
+    evp_ctx: &mut MaybeUninit<ffi::EVP_CIPHER_CTX>,
+    hmac_ctx: &mut MaybeUninit<ffi::HMAC_CTX>,
     encrypt: bool,
 ) -> TicketKeyCallbackResult {
     // These should only be used for testing purposes.
@@ -167,7 +168,7 @@ fn test_noop_tickey_key_callback(
         // Set the encryption context.
         let ret = unsafe {
             ffi::EVP_EncryptInit_ex(
-                evp_ctx,
+                evp_ctx.as_mut_ptr(),
                 cipher.as_ptr(),
                 // ENGINE api is deprecated
                 core::ptr::null_mut(),
@@ -180,7 +181,7 @@ fn test_noop_tickey_key_callback(
         // Set the hmac context.
         let ret = unsafe {
             ffi::HMAC_Init_ex(
-                hmac_ctx,
+                hmac_ctx.as_mut_ptr(),
                 TEST_HMAC_KEY.as_ptr() as *const c_void,
                 TEST_HMAC_KEY.len(),
                 digest.as_ptr(),
@@ -202,8 +203,8 @@ fn test_success_tickey_key_callback(
     _ssl: &SslRef,
     key_name: &mut [u8; 16],
     iv: &mut [u8; ffi::EVP_MAX_IV_LENGTH as usize],
-    evp_ctx: *mut ffi::EVP_CIPHER_CTX,
-    hmac_ctx: *mut ffi::HMAC_CTX,
+    evp_ctx: &mut MaybeUninit<ffi::EVP_CIPHER_CTX>,
+    hmac_ctx: &mut MaybeUninit<ffi::HMAC_CTX>,
     encrypt: bool,
 ) -> TicketKeyCallbackResult {
     // These should only be used for testing purposes.
@@ -222,7 +223,7 @@ fn test_success_tickey_key_callback(
         // Set the encryption context.
         let ret = unsafe {
             ffi::EVP_EncryptInit_ex(
-                evp_ctx,
+                evp_ctx.as_mut_ptr(),
                 cipher.as_ptr(),
                 // ENGINE api is deprecated
                 core::ptr::null_mut(),
@@ -235,7 +236,7 @@ fn test_success_tickey_key_callback(
         // Set the hmac context.
         let ret = unsafe {
             ffi::HMAC_Init_ex(
-                hmac_ctx,
+                hmac_ctx.as_mut_ptr(),
                 TEST_HMAC_KEY.as_ptr() as *const c_void,
                 TEST_HMAC_KEY.len(),
                 digest.as_ptr(),
@@ -249,7 +250,7 @@ fn test_success_tickey_key_callback(
         // Set the decryption context.
         let ret = unsafe {
             ffi::EVP_DecryptInit_ex(
-                evp_ctx,
+                evp_ctx.as_mut_ptr(),
                 cipher.as_ptr(),
                 // ENGINE api is deprecated
                 core::ptr::null_mut(),
@@ -262,7 +263,7 @@ fn test_success_tickey_key_callback(
         // Set the hmac context.
         let ret = unsafe {
             ffi::HMAC_Init_ex(
-                hmac_ctx,
+                hmac_ctx.as_mut_ptr(),
                 TEST_HMAC_KEY.as_ptr() as *const c_void,
                 TEST_HMAC_KEY.len(),
                 digest.as_ptr(),
