Code review comment for lp:~hipl-core/hipl/ecdsa-redhat
Revision history for this message
| Miika Komu (miika-iki) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
> review needs-fixing
>
> On Sun, Oct 30, 2011 at 07:49:28AM +0000, Miika Komu wrote:
> > Miika Komu has proposed merging lp:~hipl-core/hipl/ecdsa-redhat into
> lp:hipl.
> >
> > --- firewall/
> > +++ firewall/
> > @@ -81,8 +81,9 @@
> > /* filename needs to contain one of these to be valid HI file */
> > #define RSA_FILE "_rsa_"
> > #define DSA_FILE "_dsa_"
> > +#ifdef HAVE_EC_CRYPTO
> > #define ECDSA_FILE "_ecdsa_"
> > -
> > +#endif /* HAVE_EC_CRYPTO */
> > #define MAX_LINE_LENGTH 512
>
> unnecessary
Fixed.
> > @@ -444,6 +445,7 @@
> > return err;
> > }
> >
> > +#ifdef HAVE_EC_CRYPTO
> > /**
> > * Load an ECDSA public key from a file and convert it into a hip_host_id.
> > *
> > @@ -479,6 +481,8 @@
> > return err;
> > }
> >
> > +#endif /* HAVE_EC_CRYPTO */
> > +
> > /**
> > * load a public key from a file and convert it to a hip_host_id structure
> > *
>
> Drop the empty line before the #endif, same below
Done.
> > --- lib/core/builder.h 2011-08-15 14:11:56 +0000
> > +++ lib/core/builder.h 2011-10-30 07:48:24 +0000
> > @@ -26,18 +26,21 @@
> > #ifndef HIP_LIB_
> > #define HIP_LIB_
> >
> > +#include "config.h"
> > +
> > #include <stdint.h>
> > #include <netinet/in.h>
> > #include <openssl/rsa.h>
> > #include <openssl/dsa.h>
> > -#include <openssl/ec.h>
> >
> > -#include "config.h"
> > #include "certtools.h"
> > #include "debug.h"
> > #include "icomm.h"
> > #include "state.h"
> >
> > +#ifdef HAVE_EC_CRYPTO
> > +#include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
>
> We have system headers before local headers for a reason.
Fixed.
> > --- lib/core/crypto.h 2011-07-18 13:10:26 +0000
> > +++ lib/core/crypto.h 2011-10-30 07:48:24 +0000
> > @@ -26,12 +26,16 @@
> > #ifndef HIP_LIB_
> > #define HIP_LIB_
> >
> > +#include "config.h"
> > +
> > #include <stdint.h>
> > #include <netinet/in.h>
> > #include <sys/types.h>
> > #include <openssl/dsa.h>
> > #include <openssl/rsa.h>
> > +#ifdef HAVE_EC_CRYPTO
> > #include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
> > #include <openssl/dh.h>
> > #include <openssl/pem.h>
>
> .. like you did here ..
>
> > --- lib/core/hostid.c 2011-10-25 21:14:16 +0000
> > +++ lib/core/hostid.c 2011-10-30 07:48:24 +0000
> > @@ -28,6 +28,8 @@
> > * @brief Host identifier manipulation functions
> > */
> >
> > +#include "config.h"
> > +
> > #include <errno.h>
> > #include <stdint.h>
> > #include <stdlib.h>
> > @@ -40,7 +42,6 @@
> > #include <openssl/pem.h>
> > #include <openssl/rsa.h>
> >
> > -#include "config.h"
> > #include "lib/tool/pk.h"
> > #include "builder.h"
> > #include "crypto.h"
>
> unnecessary / unrelated
Removed.
> > @@ -689,6 +715,12 @@
> > struct endpoint_hip *endpoint_ecdsa_hip = NULL;
> > struct endpoint_hip *endpoint_
> >
> > + if (ecdsa_nid < 0) {
> > + err = -1;
> > + HIP_ERROR("NID for ECDSA is strange %d\n", ecdsa_nid);
> > + goto out_err;
> > + }
>
> ?
Does not compile otherwise when ECDSA is missing (gcc complains about missing variable). If you insist, I'll commit this separately to trunk or suggest a better fix.
> > @@ -1059,41 +1101,58 @@
> > if (rsa_filenameba
> > change_
> > }
> > - if (ecdsa_
> > - change_
> > - }
> > - if (ecdsa_
> > - change_
> > - }
> > +#ifdef HAVE_EC_CRYPTO
> > + if (ecdsa_
> > + change_
> > + }
> > + if (ecdsa_
> > + change_
> > + }
> > +#endif /* HAVE_EC_CRYPTO */
> >
> > free(dsa_host_id);
> > free(dsa_
> > +#ifdef HAVE_EC_CRYPTO
> > free(ecdsa_
> > free(ecdsa_
> > +#endif /* HAVE_EC_CRYPTO */
> > free(rsa_host_id);
> > free(rsa_
> > DSA_free(dsa_key);
> > +#ifdef HAVE_EC_CRYPTO
> > EC_KEY_
> > +#endif /* HAVE_EC_CRYPTO */
> > RSA_free(rsa_key);
> > DSA_free(
> > +#ifdef HAVE_EC_CRYPTO
> > EC_KEY_
> > +#endif /* HAVE_EC_CRYPTO */
> > RSA_free(
> > free(dsa_key_rr);
> > +#ifdef HAVE_EC_CRYPTO
> > free(ecdsa_key_rr);
> > +#endif /* HAVE_EC_CRYPTO */
> > free(rsa_key_rr);
> > free(dsa_
> > +#ifdef HAVE_EC_CRYPTO
> > free(ecdsa_
> > +#endif /* HAVE_EC_CRYPTO */
> > free(rsa_
> > free(endpoint_
> > +#ifdef HAVE_EC_CRYPTO
> > free(endpoint_
> > +#endif /* HAVE_EC_CRYPTO */
> > free(endpoint_
> > free(endpoint_
> > +#ifdef HAVE_EC_CRYPTO
> > free(endpoint_
> > +#endif /* HAVE_EC_CRYPTO */
> > free(endpoint_
>
> ETOOMANYIFDEFS
Reduced to minimum.
> > --- lib/core/hostid.h 2011-07-18 13:10:26 +0000
> > +++ lib/core/hostid.h 2011-10-30 07:48:24 +0000
> > @@ -29,7 +29,9 @@
> > #include <netinet/in.h>
> > #include <openssl/dsa.h>
> > #include <openssl/rsa.h>
> > +#ifdef HAVE_EC_CRYPTO
> > #include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
>
> This will not work without config.h.
>
> Did you test this on a system with ECC? Apparently not, this should at
> least lead to 'make checkheaders' failures.
I recall I did test. The checkheaders targets succeeds (at least now).
> > --- lib/tool/pk.h 2011-07-08 11:47:12 +0000
> > +++ lib/tool/pk.h 2011-10-30 07:48:24 +0000
> > @@ -9,8 +9,10 @@
> > int hip_dsa_sign(void *peer_pub, struct hip_common *msg);
> > int hip_rsa_verify(void *priv_key, struct hip_common *msg);
> > int hip_rsa_sign(void *peer_pub, struct hip_common *msg);
> > +#ifdef HAVE_EC_CRYPTO
> > int hip_ecdsa_
> > int hip_ecdsa_sign(void *const peer_pub, struct hip_common *const msg);
> > +#endif /* HAVE_EC_CRYPTO */
> > int bn2bin_safe(const BIGNUM *a, unsigned char *to, int len);
>
> unnecessary
Removed.
> > === modified file 'test/lib/
> > --- test/lib/tool/pk.c 2011-07-18 13:10:10 +0000
> > +++ test/lib/tool/pk.c 2011-10-30 07:48:24 +0000
> > @@ -27,7 +27,9 @@
> > #include <stdlib.h>
> > #include <string.h>
> > #include <stdio.h>
> > +#ifdef HAVE_EC_CRYPTO
> > #include <openssl/ec.h>
> > +#endif /* HAVE_EC_CRYPTO */
> > #include <openssl/pem.h>
>
> see above
Did not get this.