[racket-dev] ECDHE patch for Racket's OpenSSL bindings.

From: Edward Lee (e45lee at uwaterloo.ca)
Date: Fri Apr 11 21:30:17 EDT 2014

Thanks.  I will not have time until Monday; if you can wait
until then, I will have an updated patch then.

--Edward

On Fri, Apr 11, 2014 at 06:44:17PM -0400, Ryan Culpepper wrote:
> IIRC, most of the code in openssl/mzssl.rkt predates
> ffi/unsafe/alloc. So yes, BIO_new etc should use (allocator _) etc,
> and that would simplify some of the code that currently uses the
> local with-failure macro to do deallocation. But no need to fix that
> in this patch.
> 
> Some comments on the patch:
> 
> - Regarding curves/c, the curve NID_* definitions, and symbol->nid:
> There's some redundancy here that could be eliminated with the
> following pattern:
> 
> (define curve-nid-alist
>   '((sect163k1 . 721)
>     ....))
> 
> (define curve/c (apply or/c (map car curve-nid-alist)))
> 
> (define (curve->nid sym)
>   (cond [(assq sym curve-nid-alist)
>          => cdr]
>         [else (error ....)]))
> 
> That eliminates the problem of keeping the enumeration of curves in
> sync in three places.
> 
> - SSL_CTRL_SET_ECDH_AUTO is unused; it should be removed.
> 
> - There's a missing "!" in some of the symbols passed to error in
> ssl-server-context-enable-dhe!.
> 
> If you send a new version of the patch I'll commit that; otherwise I
> can make the changes above myself when I get a chance.
> 
> Ryan
> 
> 
> On 04/11/2014 01:46 PM, Edward Lee wrote:
> >Thanks for catching the typo.  I don't have a good answer to your second
> >question; I really don't know if they should.
> >
> >--Edward
> >
> >On Thu, Apr 10, 2014 at 02:54:36PM -0400, Stephen Chang wrote:
> >>Ok thanks. Sorry, I think one more is missing from curve/c (sect283r1)?
> >>
> >>Another question: Should BIO_new_mem_buf have an additional "#:wrap
> >>(allocator BIO_free)" argument, similar to other allocating functions?
> >>
> >>More generally, should BIO_new and BIO_free have #:wrap arguments like
> >>the other allocating/deallocating functions?
> >>
> >>On Thu, Apr 10, 2014 at 2:11 PM, Edward Lee <e45lee at uwaterloo.ca> wrote:
> >>>Those are accidental omissions;  I've attached a patch that should fix
> >>>the contract and symbol->nid.
> >>>
> >>>--Edward
> >>>
> >>>On Thu, Apr 10, 2014 at 01:39:13AM -0400, Stephen Chang wrote:
> >>>>I checked out the patch and have a few questions. (I'm a non-expert.)
> >>>>
> >>>>How come some curves are omitted from the curve/c contract (eg
> >>>>sect163k1 and sect193r2)?
> >>>>
> >>>>Is there also a curve missing from symbol->nid (eg sect571r1)?
> >>>>
> >>>>
> >>>>On Wed, Apr 9, 2014 at 7:52 PM, Neil Van Dyke <neil at neilvandyke.org> wrote:
> >>>>>Edward, your patch sounds OK to me, FWIW.
> >>>>>
> >>>>>Neil V.
> >>>>>
> >>>>>
> >>>>>_________________________
> >>>>>  Racket Developers list:
> >>>>>  http://lists.racket-lang.org/dev
> >>>>>
> >>>>>
> >>>>>_________________________
> >>>>>   Racket Developers list:
> >>>>>   http://lists.racket-lang.org/dev

Posted on the dev mailing list.