Re: Google summer of code?
On Wed, 2009-02-25 at 11:41 +0100, Emanuele Cesena wrote: Other interesting topics (in my order of preference) could be: [snip] Yet another interesting topic: stream ciphers. The ESTREAM projects announced a portfolio of 4 new stream ciphers: http://www.ecrypt.eu.org/stream/endofphase3.html bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PATCH]
Included are patches for OpenSSL 0.9.8j
The patches have been generated using automated tests from running
Coccinelle (http://www.emn.fr/x-info/coccinelle/) on the OpenSSL
codebase.
As far as I can tell, all the cases found are genuine optimizations,
not exactly bugs, but things that ought to be changed in the code. I
am no C or OpenSSL expert, but I believe that the attached patches
would be beneficial.
The files are described below:
badzero.patch
To improve code readability, it seems better not to compare a
pointer-typed value to 0. This patch changes types of (pointertype
== 0) to (pointertype == NULL), and with != as well. This is of
course a matter of taste, but it seems like the majority of pointer
comparisons are done with NULL instead of 0 in the code after all.
notnull.patch
NULL tests on already tested values are removed with this patch, as
well as redundant NULL checks. For instance, if a pointer is checked
for NULL, and afterwards an error occurs, and execution moves to an
error label, there are several cases where the pointer again is
checked for NULL, which could never occur in the given code path.
Also I have found a couple of repeated code lines, where the
redundant lines are removed with this patch.
Best regards,
Sune Rievers
diff -u -p a/crypto/bio/b_print.c b/crypto/bio/b_print.c
--- a/crypto/bio/b_print.c 2007-09-15 19:05:57.0 +0200
+++ b/crypto/bio/b_print.c 2009-03-04 22:32:52.0 +0100
@@ -443,7 +443,7 @@ fmtstr(
int padlen, strln;
int cnt = 0;
-if (value == 0)
+if (value == NULL)
value = NULL;
for (strln = 0; value[strln]; ++strln)
;
diff -u -p a/crypto/mem.c b/crypto/mem.c
--- a/crypto/mem.c 2008-11-24 18:02:49.0 +0100
+++ b/crypto/mem.c 2009-03-04 22:32:49.0 +0100
@@ -142,7 +142,7 @@ int CRYPTO_set_mem_functions(void *(*m)(
{
if (!allow_customize)
return 0;
- if ((m == 0) || (r == 0) || (f == 0))
+ if ((m == NULL) || (r == NULL) || (f == NULL))
return 0;
malloc_func=m; malloc_ex_func=default_malloc_ex;
realloc_func=r; realloc_ex_func=default_realloc_ex;
@@ -159,7 +159,7 @@ int CRYPTO_set_mem_ex_functions(
{
if (!allow_customize)
return 0;
- if ((m == 0) || (r == 0) || (f == 0))
+ if ((m == NULL) || (r == NULL) || (f == NULL))
return 0;
malloc_func=0; malloc_ex_func=m;
realloc_func=0; realloc_ex_func=r;
diff -u -p a/crypto/sha/sha512.c b/crypto/sha/sha512.c
--- a/crypto/sha/sha512.c 2008-09-16 12:47:28.0 +0200
+++ b/crypto/sha/sha512.c 2009-03-04 22:32:51.0 +0100
@@ -140,7 +140,7 @@ int SHA512_Final (unsigned char *md, SHA
sha512_block_data_order (c,p,1);
- if (md==0) return 0;
+ if (md==NULL) return 0;
switch (c-md_len)
{
diff -u -p a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
--- a/crypto/ecdh/ech_ossl.c 2005-05-16 12:11:00.0 +0200
+++ b/crypto/ecdh/ech_ossl.c 2009-03-04 22:32:52.0 +0100
@@ -186,7 +186,7 @@ static int ecdh_compute_key(void *out, s
goto err;
}
- if (KDF != 0)
+ if (KDF != NULL)
{
if (KDF(buf, buflen, out, outlen) == NULL)
{diff -u -p a/fips/rsa/fips_rsa_gen.c b/fips/rsa/fips_rsa_gen.c
--- a/fips/rsa/fips_rsa_gen.c 2008-09-16 12:12:21.0 +0200
+++ b/fips/rsa/fips_rsa_gen.c 2009-03-02 16:29:49.0 +0100
@@ -122,8 +122,6 @@ int fips_check_rsa(RSA *rsa)
ret = 1;
- if (!ptbuf)
- goto err;
err:
if (ret == 0)
diff -u -p a/test/methtest.c b/test/methtest.c
--- a/test/methtest.c 2002-11-28 19:54:30.0 +0100
+++ b/test/methtest.c 2009-03-02 16:30:28.0 +0100
@@ -73,7 +73,6 @@ char *argv[];
if (top == NULL) goto err;
tmp1=METH_new(x509_by_file());
- if (top == NULL) goto err;
METH_arg(tmp1,METH_TYPE_FILE,cafile1);
METH_arg(tmp1,METH_TYPE_FILE,cafile2);
METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
diff -u -p a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
--- a/crypto/x509v3/pcy_tree.c 2008-11-05 19:36:50.0 +0100
+++ b/crypto/x509v3/pcy_tree.c 2009-03-02 16:32:08.0 +0100
@@ -160,11 +160,6 @@ static int tree_init(X509_POLICY_TREE **
tree-auth_policies = NULL;
tree-user_policies = NULL;
- if (!tree)
- {
- OPENSSL_free(tree);
- return 0;
- }
memset(tree-levels, 0, n * sizeof(X509_POLICY_LEVEL));
diff -u -p a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
--- a/crypto/objects/obj_lib.c 2006-02-08 20:16:18.0 +0100
+++ b/crypto/objects/obj_lib.c 2009-03-02 16:32:49.0 +0100
@@ -109,7 +109,6 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *
return(r);
err:
OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
- if (r !=
Re: [openssl.org #1854] GeneralizedTime support in openssl ca
Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT:
IMHO a better way to implement this functionality is with a new
function ASN1_TIME_set_string() which uses UTCTime/GeneralizedTime as
appropriate.
Updated patch with ASN1_TIME_set_string(), also doesn't restrict date
format any more.diff -ur openssl-SNAP-20090303.orig/apps/ca.c openssl-SNAP-20090303.new/apps/ca.c
--- openssl-SNAP-20090303.orig/apps/ca.c 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/apps/ca.c 2009-03-06 14:41:18.0 +0100
@@ -1109,9 +1109,9 @@
if (startdate == NULL)
ERR_clear_error();
}
- if (startdate !ASN1_UTCTIME_set_string(NULL,startdate))
+ if (startdate !ASN1_TIME_set_string(NULL, startdate))
{
- BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ\n);
+ BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n);
goto err;
}
if (startdate == NULL) startdate=today;
@@ -1123,9 +1123,9 @@
if (enddate == NULL)
ERR_clear_error();
}
- if (enddate !ASN1_UTCTIME_set_string(NULL,enddate))
+ if (enddate !ASN1_TIME_set_string(NULL, enddate))
{
- BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ\n);
+ BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n);
goto err;
}
@@ -2007,11 +2007,11 @@
if (strcmp(startdate,today) == 0)
X509_gmtime_adj(X509_get_notBefore(ret),0);
- else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+ else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
if (enddate == NULL)
X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
- else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+ else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
if (!X509_set_subject_name(ret,subject)) goto err;
@@ -2107,7 +2107,7 @@
}
BIO_printf(bio_err,Certificate is to be certified until );
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
if (days) BIO_printf(bio_err, (%ld days),days);
BIO_printf(bio_err, \n);
@@ -2397,12 +2397,15 @@
static int check_time_format(const char *str)
{
- ASN1_UTCTIME tm;
+ ASN1_TIME tm;
tm.data=(unsigned char *)str;
tm.length=strlen(str);
tm.type=V_ASN1_UTCTIME;
- return(ASN1_UTCTIME_check(tm));
+ if (ASN1_TIME_check(tm))
+ return 1;
+ tm.type=V_ASN1_GENERALIZEDTIME;
+ return(ASN1_TIME_check(tm));
}
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/asn1.h openssl-SNAP-20090303.new/crypto/asn1/asn1.h
--- openssl-SNAP-20090303.orig/crypto/asn1/asn1.h 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/asn1.h 2009-03-06 12:51:37.0 +0100
@@ -885,6 +885,7 @@
int offset_day, long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/a_time.c openssl-SNAP-20090303.new/crypto/asn1/a_time.c
--- openssl-SNAP-20090303.orig/crypto/asn1/a_time.c 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/a_time.c 2009-03-06 12:48:51.0 +0100
@@ -173,3 +173,39 @@
return ret;
}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+ {
+ ASN1_TIME t;
+
+ t.length = strlen(str);
+ t.data = (unsigned char *)str;
+
+ t.type = V_ASN1_UTCTIME;
+ if (ASN1_TIME_check(t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+(unsigned char *)str,t.length))
+return 0;
+ s-type = V_ASN1_UTCTIME;
+ }
+ return(1);
+ }
+
+ t.type = V_ASN1_GENERALIZEDTIME;
+ if (ASN1_TIME_check(t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+(unsigned char *)str,t.length))
+return 0;
+ s-type = V_ASN1_GENERALIZEDTIME;
+ }
+ return(1);
+ }
+
+ return(0);
+ }
Re: [openssl.org #1854] GeneralizedTime support in openssl ca
Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT:
IMHO a better way to implement this functionality is with a new
function ASN1_TIME_set_string() which uses UTCTime/GeneralizedTime as
appropriate.
Updated patch with ASN1_TIME_set_string(), also doesn't restrict date
format any more.
diff -ur openssl-SNAP-20090303.orig/apps/ca.c openssl-SNAP-20090303.new/apps/ca.c
--- openssl-SNAP-20090303.orig/apps/ca.c 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/apps/ca.c 2009-03-06 14:41:18.0 +0100
@@ -1109,9 +1109,9 @@
if (startdate == NULL)
ERR_clear_error();
}
- if (startdate !ASN1_UTCTIME_set_string(NULL,startdate))
+ if (startdate !ASN1_TIME_set_string(NULL, startdate))
{
- BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ\n);
+ BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n);
goto err;
}
if (startdate == NULL) startdate=today;
@@ -1123,9 +1123,9 @@
if (enddate == NULL)
ERR_clear_error();
}
- if (enddate !ASN1_UTCTIME_set_string(NULL,enddate))
+ if (enddate !ASN1_TIME_set_string(NULL, enddate))
{
- BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ\n);
+ BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n);
goto err;
}
@@ -2007,11 +2007,11 @@
if (strcmp(startdate,today) == 0)
X509_gmtime_adj(X509_get_notBefore(ret),0);
- else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+ else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
if (enddate == NULL)
X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
- else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+ else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
if (!X509_set_subject_name(ret,subject)) goto err;
@@ -2107,7 +2107,7 @@
}
BIO_printf(bio_err,Certificate is to be certified until );
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
if (days) BIO_printf(bio_err, (%ld days),days);
BIO_printf(bio_err, \n);
@@ -2397,12 +2397,15 @@
static int check_time_format(const char *str)
{
- ASN1_UTCTIME tm;
+ ASN1_TIME tm;
tm.data=(unsigned char *)str;
tm.length=strlen(str);
tm.type=V_ASN1_UTCTIME;
- return(ASN1_UTCTIME_check(tm));
+ if (ASN1_TIME_check(tm))
+ return 1;
+ tm.type=V_ASN1_GENERALIZEDTIME;
+ return(ASN1_TIME_check(tm));
}
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/asn1.h openssl-SNAP-20090303.new/crypto/asn1/asn1.h
--- openssl-SNAP-20090303.orig/crypto/asn1/asn1.h 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/asn1.h 2009-03-06 12:51:37.0 +0100
@@ -885,6 +885,7 @@
int offset_day, long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/a_time.c openssl-SNAP-20090303.new/crypto/asn1/a_time.c
--- openssl-SNAP-20090303.orig/crypto/asn1/a_time.c 2009-03-03 19:04:00.0 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/a_time.c 2009-03-06 12:48:51.0 +0100
@@ -173,3 +173,39 @@
return ret;
}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+ {
+ ASN1_TIME t;
+
+ t.length = strlen(str);
+ t.data = (unsigned char *)str;
+
+ t.type = V_ASN1_UTCTIME;
+ if (ASN1_TIME_check(t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+(unsigned char *)str,t.length))
+return 0;
+ s-type = V_ASN1_UTCTIME;
+ }
+ return(1);
+ }
+
+ t.type = V_ASN1_GENERALIZEDTIME;
+ if (ASN1_TIME_check(t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+(unsigned char *)str,t.length))
+return 0;
+ s-type = V_ASN1_GENERALIZEDTIME;
+ }
+ return(1);
+ }
+
+ return(0);
+ }
Re: [openssl-dev] [PATCH]
Hello,
Hodie III Non. Mar. MMIX, Sune Rievers scripsit:
Included are patches for OpenSSL 0.9.8j
[...]
diff -u -p a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
--- a/crypto/dso/dso_lib.c 2003-12-27 15:40:08.0 +0100
+++ b/crypto/dso/dso_lib.c 2009-03-02 16:29:40.0 +0100
@@ -400,8 +400,6 @@ char *DSO_merge(DSO *dso, const char *fi
return(NULL);
}
if(filespec1 == NULL)
- filespec1 = dso-filename;
- if(filespec1 == NULL)
{
DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
return(NULL);
This one is interesting. It disallows the use of dso-filename. I
suppose it wasn't intended. Looks like a bug in Coccinelle to me.
Nothing is asserted on the value of dso-filename, one can only be
sure that dso isn't NULL.
Good job for a ladybug :) (that's what coccinelle means, in french).
--
Erwann ABALEA erwann.aba...@keynectis.com
-
OK to continue? Yes No Maybe
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
