Re: Google summer of code?
On Wed, 2009-02-25 at 11:41 +0100, Emanuele Cesena wrote: Other interesting topics (in my order of preference) could be: [snip] Yet another interesting topic: stream ciphers. The ESTREAM projects announced a portfolio of 4 new stream ciphers: http://www.ecrypt.eu.org/stream/endofphase3.html bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[PATCH]
Included are patches for OpenSSL 0.9.8j The patches have been generated using automated tests from running Coccinelle (http://www.emn.fr/x-info/coccinelle/) on the OpenSSL codebase. As far as I can tell, all the cases found are genuine optimizations, not exactly bugs, but things that ought to be changed in the code. I am no C or OpenSSL expert, but I believe that the attached patches would be beneficial. The files are described below: badzero.patch To improve code readability, it seems better not to compare a pointer-typed value to 0. This patch changes types of (pointertype == 0) to (pointertype == NULL), and with != as well. This is of course a matter of taste, but it seems like the majority of pointer comparisons are done with NULL instead of 0 in the code after all. notnull.patch NULL tests on already tested values are removed with this patch, as well as redundant NULL checks. For instance, if a pointer is checked for NULL, and afterwards an error occurs, and execution moves to an error label, there are several cases where the pointer again is checked for NULL, which could never occur in the given code path. Also I have found a couple of repeated code lines, where the redundant lines are removed with this patch. Best regards, Sune Rievers diff -u -p a/crypto/bio/b_print.c b/crypto/bio/b_print.c --- a/crypto/bio/b_print.c 2007-09-15 19:05:57.0 +0200 +++ b/crypto/bio/b_print.c 2009-03-04 22:32:52.0 +0100 @@ -443,7 +443,7 @@ fmtstr( int padlen, strln; int cnt = 0; -if (value == 0) +if (value == NULL) value = NULL; for (strln = 0; value[strln]; ++strln) ; diff -u -p a/crypto/mem.c b/crypto/mem.c --- a/crypto/mem.c 2008-11-24 18:02:49.0 +0100 +++ b/crypto/mem.c 2009-03-04 22:32:49.0 +0100 @@ -142,7 +142,7 @@ int CRYPTO_set_mem_functions(void *(*m)( { if (!allow_customize) return 0; - if ((m == 0) || (r == 0) || (f == 0)) + if ((m == NULL) || (r == NULL) || (f == NULL)) return 0; malloc_func=m; malloc_ex_func=default_malloc_ex; realloc_func=r; realloc_ex_func=default_realloc_ex; @@ -159,7 +159,7 @@ int CRYPTO_set_mem_ex_functions( { if (!allow_customize) return 0; - if ((m == 0) || (r == 0) || (f == 0)) + if ((m == NULL) || (r == NULL) || (f == NULL)) return 0; malloc_func=0; malloc_ex_func=m; realloc_func=0; realloc_ex_func=r; diff -u -p a/crypto/sha/sha512.c b/crypto/sha/sha512.c --- a/crypto/sha/sha512.c 2008-09-16 12:47:28.0 +0200 +++ b/crypto/sha/sha512.c 2009-03-04 22:32:51.0 +0100 @@ -140,7 +140,7 @@ int SHA512_Final (unsigned char *md, SHA sha512_block_data_order (c,p,1); - if (md==0) return 0; + if (md==NULL) return 0; switch (c-md_len) { diff -u -p a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c --- a/crypto/ecdh/ech_ossl.c 2005-05-16 12:11:00.0 +0200 +++ b/crypto/ecdh/ech_ossl.c 2009-03-04 22:32:52.0 +0100 @@ -186,7 +186,7 @@ static int ecdh_compute_key(void *out, s goto err; } - if (KDF != 0) + if (KDF != NULL) { if (KDF(buf, buflen, out, outlen) == NULL) {diff -u -p a/fips/rsa/fips_rsa_gen.c b/fips/rsa/fips_rsa_gen.c --- a/fips/rsa/fips_rsa_gen.c 2008-09-16 12:12:21.0 +0200 +++ b/fips/rsa/fips_rsa_gen.c 2009-03-02 16:29:49.0 +0100 @@ -122,8 +122,6 @@ int fips_check_rsa(RSA *rsa) ret = 1; - if (!ptbuf) - goto err; err: if (ret == 0) diff -u -p a/test/methtest.c b/test/methtest.c --- a/test/methtest.c 2002-11-28 19:54:30.0 +0100 +++ b/test/methtest.c 2009-03-02 16:30:28.0 +0100 @@ -73,7 +73,6 @@ char *argv[]; if (top == NULL) goto err; tmp1=METH_new(x509_by_file()); - if (top == NULL) goto err; METH_arg(tmp1,METH_TYPE_FILE,cafile1); METH_arg(tmp1,METH_TYPE_FILE,cafile2); METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); diff -u -p a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c --- a/crypto/x509v3/pcy_tree.c 2008-11-05 19:36:50.0 +0100 +++ b/crypto/x509v3/pcy_tree.c 2009-03-02 16:32:08.0 +0100 @@ -160,11 +160,6 @@ static int tree_init(X509_POLICY_TREE ** tree-auth_policies = NULL; tree-user_policies = NULL; - if (!tree) - { - OPENSSL_free(tree); - return 0; - } memset(tree-levels, 0, n * sizeof(X509_POLICY_LEVEL)); diff -u -p a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c --- a/crypto/objects/obj_lib.c 2006-02-08 20:16:18.0 +0100 +++ b/crypto/objects/obj_lib.c 2009-03-02 16:32:49.0 +0100 @@ -109,7 +109,6 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT * return(r); err: OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); - if (r !=
Re: [openssl.org #1854] GeneralizedTime support in openssl ca
Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT: IMHO a better way to implement this functionality is with a new function ASN1_TIME_set_string() which uses UTCTime/GeneralizedTime as appropriate. Updated patch with ASN1_TIME_set_string(), also doesn't restrict date format any more.diff -ur openssl-SNAP-20090303.orig/apps/ca.c openssl-SNAP-20090303.new/apps/ca.c --- openssl-SNAP-20090303.orig/apps/ca.c 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/apps/ca.c 2009-03-06 14:41:18.0 +0100 @@ -1109,9 +1109,9 @@ if (startdate == NULL) ERR_clear_error(); } - if (startdate !ASN1_UTCTIME_set_string(NULL,startdate)) + if (startdate !ASN1_TIME_set_string(NULL, startdate)) { - BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ\n); + BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n); goto err; } if (startdate == NULL) startdate=today; @@ -1123,9 +1123,9 @@ if (enddate == NULL) ERR_clear_error(); } - if (enddate !ASN1_UTCTIME_set_string(NULL,enddate)) + if (enddate !ASN1_TIME_set_string(NULL, enddate)) { - BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ\n); + BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n); goto err; } @@ -2007,11 +2007,11 @@ if (strcmp(startdate,today) == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); - else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); if (enddate == NULL) X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); - else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); if (!X509_set_subject_name(ret,subject)) goto err; @@ -2107,7 +2107,7 @@ } BIO_printf(bio_err,Certificate is to be certified until ); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err, (%ld days),days); BIO_printf(bio_err, \n); @@ -2397,12 +2397,15 @@ static int check_time_format(const char *str) { - ASN1_UTCTIME tm; + ASN1_TIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(tm)); + if (ASN1_TIME_check(tm)) + return 1; + tm.type=V_ASN1_GENERALIZEDTIME; + return(ASN1_TIME_check(tm)); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) diff -ur openssl-SNAP-20090303.orig/crypto/asn1/asn1.h openssl-SNAP-20090303.new/crypto/asn1/asn1.h --- openssl-SNAP-20090303.orig/crypto/asn1/asn1.h 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/crypto/asn1/asn1.h 2009-03-06 12:51:37.0 +0100 @@ -885,6 +885,7 @@ int offset_day, long offset_sec); int ASN1_TIME_check(ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, int ex_class, diff -ur openssl-SNAP-20090303.orig/crypto/asn1/a_time.c openssl-SNAP-20090303.new/crypto/asn1/a_time.c --- openssl-SNAP-20090303.orig/crypto/asn1/a_time.c 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/crypto/asn1/a_time.c 2009-03-06 12:48:51.0 +0100 @@ -173,3 +173,39 @@ return ret; } + +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) + { + ASN1_TIME t; + + t.length = strlen(str); + t.data = (unsigned char *)str; + + t.type = V_ASN1_UTCTIME; + if (ASN1_TIME_check(t)) + { + if (s != NULL) + { + if (!ASN1_STRING_set((ASN1_STRING *)s, +(unsigned char *)str,t.length)) +return 0; + s-type = V_ASN1_UTCTIME; + } + return(1); + } + + t.type = V_ASN1_GENERALIZEDTIME; + if (ASN1_TIME_check(t)) + { + if (s != NULL) + { + if (!ASN1_STRING_set((ASN1_STRING *)s, +(unsigned char *)str,t.length)) +return 0; + s-type = V_ASN1_GENERALIZEDTIME; + } + return(1); + } + + return(0); + }
Re: [openssl.org #1854] GeneralizedTime support in openssl ca
Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT: IMHO a better way to implement this functionality is with a new function ASN1_TIME_set_string() which uses UTCTime/GeneralizedTime as appropriate. Updated patch with ASN1_TIME_set_string(), also doesn't restrict date format any more. diff -ur openssl-SNAP-20090303.orig/apps/ca.c openssl-SNAP-20090303.new/apps/ca.c --- openssl-SNAP-20090303.orig/apps/ca.c 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/apps/ca.c 2009-03-06 14:41:18.0 +0100 @@ -1109,9 +1109,9 @@ if (startdate == NULL) ERR_clear_error(); } - if (startdate !ASN1_UTCTIME_set_string(NULL,startdate)) + if (startdate !ASN1_TIME_set_string(NULL, startdate)) { - BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ\n); + BIO_printf(bio_err,start date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n); goto err; } if (startdate == NULL) startdate=today; @@ -1123,9 +1123,9 @@ if (enddate == NULL) ERR_clear_error(); } - if (enddate !ASN1_UTCTIME_set_string(NULL,enddate)) + if (enddate !ASN1_TIME_set_string(NULL, enddate)) { - BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ\n); + BIO_printf(bio_err,end date is invalid, it should be YYMMDDHHMMSSZ or MMDDHHMMSSZ\n); goto err; } @@ -2007,11 +2007,11 @@ if (strcmp(startdate,today) == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); - else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); if (enddate == NULL) X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); - else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); if (!X509_set_subject_name(ret,subject)) goto err; @@ -2107,7 +2107,7 @@ } BIO_printf(bio_err,Certificate is to be certified until ); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err, (%ld days),days); BIO_printf(bio_err, \n); @@ -2397,12 +2397,15 @@ static int check_time_format(const char *str) { - ASN1_UTCTIME tm; + ASN1_TIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(tm)); + if (ASN1_TIME_check(tm)) + return 1; + tm.type=V_ASN1_GENERALIZEDTIME; + return(ASN1_TIME_check(tm)); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) diff -ur openssl-SNAP-20090303.orig/crypto/asn1/asn1.h openssl-SNAP-20090303.new/crypto/asn1/asn1.h --- openssl-SNAP-20090303.orig/crypto/asn1/asn1.h 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/crypto/asn1/asn1.h 2009-03-06 12:51:37.0 +0100 @@ -885,6 +885,7 @@ int offset_day, long offset_sec); int ASN1_TIME_check(ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, int ex_class, diff -ur openssl-SNAP-20090303.orig/crypto/asn1/a_time.c openssl-SNAP-20090303.new/crypto/asn1/a_time.c --- openssl-SNAP-20090303.orig/crypto/asn1/a_time.c 2009-03-03 19:04:00.0 +0100 +++ openssl-SNAP-20090303.new/crypto/asn1/a_time.c 2009-03-06 12:48:51.0 +0100 @@ -173,3 +173,39 @@ return ret; } + +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) + { + ASN1_TIME t; + + t.length = strlen(str); + t.data = (unsigned char *)str; + + t.type = V_ASN1_UTCTIME; + if (ASN1_TIME_check(t)) + { + if (s != NULL) + { + if (!ASN1_STRING_set((ASN1_STRING *)s, +(unsigned char *)str,t.length)) +return 0; + s-type = V_ASN1_UTCTIME; + } + return(1); + } + + t.type = V_ASN1_GENERALIZEDTIME; + if (ASN1_TIME_check(t)) + { + if (s != NULL) + { + if (!ASN1_STRING_set((ASN1_STRING *)s, +(unsigned char *)str,t.length)) +return 0; + s-type = V_ASN1_GENERALIZEDTIME; + } + return(1); + } + + return(0); + }
Re: [openssl-dev] [PATCH]
Hello, Hodie III Non. Mar. MMIX, Sune Rievers scripsit: Included are patches for OpenSSL 0.9.8j [...] diff -u -p a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c --- a/crypto/dso/dso_lib.c 2003-12-27 15:40:08.0 +0100 +++ b/crypto/dso/dso_lib.c 2009-03-02 16:29:40.0 +0100 @@ -400,8 +400,6 @@ char *DSO_merge(DSO *dso, const char *fi return(NULL); } if(filespec1 == NULL) - filespec1 = dso-filename; - if(filespec1 == NULL) { DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); return(NULL); This one is interesting. It disallows the use of dso-filename. I suppose it wasn't intended. Looks like a bug in Coccinelle to me. Nothing is asserted on the value of dso-filename, one can only be sure that dso isn't NULL. Good job for a ladybug :) (that's what coccinelle means, in french). -- Erwann ABALEA erwann.aba...@keynectis.com - OK to continue? Yes No Maybe __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org