[racket-dev] ECDHE patch for Racket's OpenSSL bindings.
IIRC, most of the code in openssl/mzssl.rkt predates ffi/unsafe/alloc.
So yes, BIO_new etc should use (allocator _) etc, and that would
simplify some of the code that currently uses the local with-failure
macro to do deallocation. But no need to fix that in this patch.
Some comments on the patch:
- Regarding curves/c, the curve NID_* definitions, and symbol->nid:
There's some redundancy here that could be eliminated with the following
pattern:
(define curve-nid-alist
'((sect163k1 . 721)
....))
(define curve/c (apply or/c (map car curve-nid-alist)))
(define (curve->nid sym)
(cond [(assq sym curve-nid-alist)
=> cdr]
[else (error ....)]))
That eliminates the problem of keeping the enumeration of curves in sync
in three places.
- SSL_CTRL_SET_ECDH_AUTO is unused; it should be removed.
- There's a missing "!" in some of the symbols passed to error in
ssl-server-context-enable-dhe!.
If you send a new version of the patch I'll commit that; otherwise I
can make the changes above myself when I get a chance.
Ryan
On 04/11/2014 01:46 PM, Edward Lee wrote:
> Thanks for catching the typo. I don't have a good answer to your second
> question; I really don't know if they should.
>
> --Edward
>
> On Thu, Apr 10, 2014 at 02:54:36PM -0400, Stephen Chang wrote:
>> Ok thanks. Sorry, I think one more is missing from curve/c (sect283r1)?
>>
>> Another question: Should BIO_new_mem_buf have an additional "#:wrap
>> (allocator BIO_free)" argument, similar to other allocating functions?
>>
>> More generally, should BIO_new and BIO_free have #:wrap arguments like
>> the other allocating/deallocating functions?
>>
>> On Thu, Apr 10, 2014 at 2:11 PM, Edward Lee <e45lee at uwaterloo.ca> wrote:
>>> Those are accidental omissions; I've attached a patch that should fix
>>> the contract and symbol->nid.
>>>
>>> --Edward
>>>
>>> On Thu, Apr 10, 2014 at 01:39:13AM -0400, Stephen Chang wrote:
>>>> I checked out the patch and have a few questions. (I'm a non-expert.)
>>>>
>>>> How come some curves are omitted from the curve/c contract (eg
>>>> sect163k1 and sect193r2)?
>>>>
>>>> Is there also a curve missing from symbol->nid (eg sect571r1)?
>>>>
>>>>
>>>> On Wed, Apr 9, 2014 at 7:52 PM, Neil Van Dyke <neil at neilvandyke.org> wrote:
>>>>> Edward, your patch sounds OK to me, FWIW.
>>>>>
>>>>> Neil V.
>>>>>
>>>>>
>>>>> _________________________
>>>>> Racket Developers list:
>>>>> http://lists.racket-lang.org/dev
>>>>>
>>>>>
>>>>> _________________________
>>>>> Racket Developers list:
>>>>> http://lists.racket-lang.org/dev