fn unwrap()

in aws-lc-rs/src/key_wrap.rs [265:311]

• 39 lines of code
• 4 McCabe index (conditional complexity)

    fn unwrap<'output>(
        self,
        ciphertext: &[u8],
        output: &'output mut [u8],
    ) -> Result<&'output mut [u8], Unspecified> {
        if output.len() < ciphertext.len() - 8 {
            return Err(Unspecified);
        }

        let mut aes_key = MaybeUninit::<AES_KEY>::uninit();

        if 0 != unsafe {
            AES_set_decrypt_key(
                self.key.as_ptr(),
                (self.key.len() * 8).try_into().map_err(|_| Unspecified)?,
                aes_key.as_mut_ptr(),
            )
        } {
            return Err(Unspecified);
        }

        let aes_key = unsafe { aes_key.assume_init() };

        // AWS-LC validates the following:
        // * in_len < INT_MAX
        // * in_len > 24
        // * in_len % 8 == 0
        let out_len = indicator_check!(unsafe {
            AES_unwrap_key(
                &aes_key,
                null(),
                output.as_mut_ptr(),
                ciphertext.as_ptr(),
                ciphertext.len(),
            )
        });

        if out_len == -1 {
            return Err(Unspecified);
        }

        let out_len: usize = out_len.try_into().map_err(|_| Unspecified)?;

        debug_assert_eq!(out_len, ciphertext.len() - 8);

        Ok(&mut output[..out_len])
    }