[racket-dev] ECDHE patch for Racket's OpenSSL bindings.

From: Ryan Culpepper (ryanc at ccs.neu.edu)
Date: Fri Apr 11 18:44:17 EDT 2014

Previous message: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.
Next message: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.
Messages sorted by: [date] [thread] [subject] [author]

IIRC, most of the code in openssl/mzssl.rkt predates ffi/unsafe/alloc. 
So yes, BIO_new etc should use (allocator _) etc, and that would 
simplify some of the code that currently uses the local with-failure 
macro to do deallocation. But no need to fix that in this patch.

Some comments on the patch:

- Regarding curves/c, the curve NID_* definitions, and symbol->nid: 
There's some redundancy here that could be eliminated with the following 
pattern:

(define curve-nid-alist
   '((sect163k1 . 721)
     ....))

(define curve/c (apply or/c (map car curve-nid-alist)))

(define (curve->nid sym)
   (cond [(assq sym curve-nid-alist)
          => cdr]
         [else (error ....)]))

That eliminates the problem of keeping the enumeration of curves in sync 
in three places.

- SSL_CTRL_SET_ECDH_AUTO is unused; it should be removed.

- There's a missing "!" in some of the symbols passed to error in 
ssl-server-context-enable-dhe!.

If you send a new version of the patch I'll commit that; otherwise I 
can make the changes above myself when I get a chance.

Ryan


On 04/11/2014 01:46 PM, Edward Lee wrote:
> Thanks for catching the typo.  I don't have a good answer to your second
> question; I really don't know if they should.
>
> --Edward
>
> On Thu, Apr 10, 2014 at 02:54:36PM -0400, Stephen Chang wrote:
>> Ok thanks. Sorry, I think one more is missing from curve/c (sect283r1)?
>>
>> Another question: Should BIO_new_mem_buf have an additional "#:wrap
>> (allocator BIO_free)" argument, similar to other allocating functions?
>>
>> More generally, should BIO_new and BIO_free have #:wrap arguments like
>> the other allocating/deallocating functions?
>>
>> On Thu, Apr 10, 2014 at 2:11 PM, Edward Lee <e45lee at uwaterloo.ca> wrote:
>>> Those are accidental omissions;  I've attached a patch that should fix
>>> the contract and symbol->nid.
>>>
>>> --Edward
>>>
>>> On Thu, Apr 10, 2014 at 01:39:13AM -0400, Stephen Chang wrote:
>>>> I checked out the patch and have a few questions. (I'm a non-expert.)
>>>>
>>>> How come some curves are omitted from the curve/c contract (eg
>>>> sect163k1 and sect193r2)?
>>>>
>>>> Is there also a curve missing from symbol->nid (eg sect571r1)?
>>>>
>>>>
>>>> On Wed, Apr 9, 2014 at 7:52 PM, Neil Van Dyke <neil at neilvandyke.org> wrote:
>>>>> Edward, your patch sounds OK to me, FWIW.
>>>>>
>>>>> Neil V.
>>>>>
>>>>>
>>>>> _________________________
>>>>>   Racket Developers list:
>>>>>   http://lists.racket-lang.org/dev
>>>>>
>>>>>
>>>>> _________________________
>>>>>    Racket Developers list:
>>>>>    http://lists.racket-lang.org/dev

Posted on the dev mailing list.

Previous message: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.
Next message: [racket-dev] ECDHE patch for Racket's OpenSSL bindings.
Messages sorted by: [date] [thread] [subject] [author]