Skip to content

Removal of .unwrap() and .expect() in library code#46

Closed
npajkovsky wants to merge 4 commits into
bcgit:release/0.1.2alphafrom
npajkovsky:unwraps
Closed

Removal of .unwrap() and .expect() in library code#46
npajkovsky wants to merge 4 commits into
bcgit:release/0.1.2alphafrom
npajkovsky:unwraps

Conversation

@npajkovsky

Copy link
Copy Markdown
Collaborator

Most of the .unwrap(), .expect(), panic or unreachable can be tolerated, and this PR fixes
a couple of unsoundness in the library.

Closes #42

…ory defaults

Replace the three pub DEFAULT_*_HASH_NAME constants with direct enum
variant construction in Default, default_128_bit(), and
default_256_bit(). The constants were only used internally to drive
Self::new().unwrap() calls — removing them makes the defaults
infallible at compile time and reduces the public surface area of the
factory.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
…y defaults

Same pattern as the HashFactory cleanup: replace the three pub DEFAULT_*_KDF_NAME
constants with direct enum variant construction in Default, default_128_bit(), and
default_256_bit(). The constants were only used internally to drive unwrap() calls
on Self::new() — removing them makes the defaults infallible at compile time and
shrinks the public API surface.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
…y defaults

Replace pub DEFAULT_KDF_NAME, DEFAULT_128BIT_KDF_NAME, and DEFAULT_256BIT_KDF_NAME
with direct enum variant construction in Default, default_128_bit(), and
default_256_bit(). The constants existed solely to feed Self::new().unwrap() —
constructing the variants directly makes the defaults infallible at compile time
and removes three unnecessary items from the public API.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Replace manual length checks followed by unwrap() with
try_into().map_err() to coerce the signature slice to a fixed-size
array in one step. Replace assert!() + unwrap() on the streaming
verifier's optional public key with ok_or(), returning a proper
SignatureError::GenericError instead of panicking. Use
.then_some().ok_or() to convert the boolean verify result into a
Result without an if/else branch.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
@npajkovsky npajkovsky self-assigned this Jun 26, 2026
@npajkovsky npajkovsky requested a review from ounsworth June 26, 2026 11:01
pub const DEFAULT_HASH_NAME: &str = SHA3_256_NAME;
pub const DEFAULT_128BIT_HASH_NAME: &str = SHA3_256_NAME;
pub const DEFAULT_256BIT_HASH_NAME: &str = SHA3_512_NAME;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. This change will make it hard in the future if we want to make the library defaults driven from a config file or env var, but I guess for now this saves us 3 unwraps per factory. Ok.

(also, I think the whole factory crate needs a big re-visit, see #23)

@ounsworth

Copy link
Copy Markdown
Contributor

Merged manually.

@ounsworth ounsworth closed this Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants