restructure certs/keys; add key/cert generation #18
Conversation
|
I'm bolting the GC patch onto this pull request because it depends on my Cert/Key reorganization. |
|
thanks for all your work on this! this is looking fantastic, just a few (hopefully) minor things |
lunixbochs
force-pushed
the
keygen
branch
2 times, most recently
from
e5a8fe2 to
1ecbe19
Compare
|
New commits up with the comments addressed. |
|
Fresh commits addressing the new comments. |
|
Anything else I need to fix on this? I'm working on another branch that depends on this PR and it'll be cleaner if I don't just keep tacking on commits here. |
|
whoops sorry, spaced looking at it, looking now |
|
minor nits, sorry i'm so bad at getting them all the first time through. i think aside from the missing free these three are ready to go. |
lunixbochs
force-pushed
the
keygen
branch
2 times, most recently
from
7a3252f to
8def9ca
Compare
|
New commits up, but the |
|
Okay, so there's a bigger problem. |
|
I did some digging. It's much safer to compare against Some of the calls return pointers, lengths, etc. I'm dropping the commit, and this should be safe to merge otherwise. |
|
I looked up pretty much all of the OpenSSL functions we're checking for error values and categorized them by which values they return: https://gist.github.com/lunixbochs/33aa6ebba56981d94a9c It actually looks like some of our calls are erroneously using |
|
Based on this, I've added a patch to standardize returns on |
|
i think the main trouble is that openssl return values are inconsistent about what means success. there have been some high profile security vulnerabilities based on assumptions around return codes. i don't think we'll find a broad policy that works in every case, but my overarching desire is to be as strict as possible in each case about what means success sorry, i've been and am away from my computer, but i'll hop on later to try and help sort out the return code thing. in the mean time let's leave otherwise pr-untouched functions as-is |
|
in cases of length, maybe we should check for >0 as success? some negative return values are undocumented. thanks for putting the gist together |
|
actually, i changed my mind about leaving stuff as-is. this gist is really thorough. if you could just make sure negative values are treated as errors too i'd be happy |
|
I switched |
|
I have a fix for #4 waiting to PR once this lands, though I should probably write a test for it. |
|
sorry to be so slow on getting to you on these things, and sorry to be so picky on a topic that is fundamentally not really your main motivation on this issue. |
|
basically, i want to be as strict as possible in interpreting success |
NID is also now an exposed type
|
I'm pulling the extra commit and only changing return handling for functions I touched. Here's the diff: https://gist.github.com/lunixbochs/49fc48fad6e02bac7703 |
restructure certs/keys; add key/cert generation
|
thank you so much for being so patient with me. this is great, and you jumped through way more hoops than i should have put you through. :) |
MEN-3877: Protect dynamic c structures from accidental free
fix: unsafe pointer passing
I moved this pull request into a branch so I can mash multiple changes into my master.
I split pem.go into key.go and cert.go, and added methods for manipulating certificates and generating RSA keys. This provides enough functionality to generate a RSA keys, make a CA, and issue a certificate with constraints. cert_test.go demonstrates this process.
NID is also now an exposed type.