New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove md array: it is not used any more. #2679
Conversation
Could you comment on red cross from travis? The one with "boring" tests of course... |
Checking it. It should be possible to reproduce it with our own signature algorithms tests. |
22026ef
to
9c868fd
Compare
9c868fd
to
69b989c
Compare
Finally got this one to pass all the tests. It ended up a bit messier than I hoped but a later tidy up/overhaul of tls1_check_chain() should improve things a lot. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit/suggestion, if you don't like them that's okay.
for (i = 0; i < SSL_PKEY_NUM; i++) { | ||
s->s3->tmp.md[i] = NULL; | ||
/* Clear certificate validity flags */ | ||
for (i = 0; i < SSL_PKEY_NUM; i++) | ||
s->s3->tmp.valid_flags[i] = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Every time I see this kind of thing, I weep. :)
{ declare uint32_t *fp; }
for (fp = s->s3->tmp.valid_flags, i = SSL_PKEY_NUM; --i >= 0; fp++)
*fp = 0;
Back when things like this counted ... :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used to do that a lot. Compilers can presumably optimise that kind of thing automaticaly these days.
At some point valid_flags is going to go away anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WFM. :)
ssl/t1_lib.c
Outdated
*/ | ||
if (s->s3->tmp.peer_sigalgs == NULL) { | ||
const uint16_t *sent_sigs; | ||
size_t sent_sigslen; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
merge these two lines?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Set default validity flags if signature algorithms extension is not present. Preserve flags when checking chains.
69b989c
to
86c2187
Compare
+1 |
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2679)
Set default validity flags if signature algorithms extension is not present. Preserve flags when checking chains. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2679)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2679)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2679)
Checklist
Description of change
This removes the md array. The changes to signature algorithm handling mean it is no longer used.