commit | bca5a1335a1860a49ab5def77e650db290b0c089 | [log] [tgz] |
---|---|---|
author | Asim Shankar <ashankar@google.com> | Wed Apr 13 03:36:43 2016 -0400 |
committer | Asim Shankar <ashankar@google.com> | Wed Apr 13 03:37:14 2016 -0400 |
tree | 13032ad09166fb32427e62d558ca7a5be0eb5df7 | |
parent | aa279b58ae6112e3b1a6f6fbf4d47bc3237c5e25 [diff] |
security: Fix up use of OpenSSL The switch to Go 1.6 means that there is no advantage to using OpenSSL's crypto library (libcrypto) for ECDSA signing and verification on amd64. However, on other architectures (such as ARM-based RaspberryPis and Androids or Intel Edisons (386)) using libcrypto may still yield a performance benefit over the implementation in the standard Go library (which lacks optimized assembly for these architectures). This change fixes up use of OpenSSL's libcrypto in this post 1.6 world. (1) Simplified build tags: By default use the Go standard library. When the 'openssl' tag is specified, use that. (2) Use cgo in a manner compatible with the stricter rules on pointer passing introduced in Go 1.6 (see https://golang.org/doc/go1.6#cgo). Specifically d2i_EC_PUBKEY and d2i_ECPrivateKey take an argument of type (char**), causing Go 1.6 to complain with a panic: "panic: runtime error: cgo argument has Go pointer to Go pointer" if that argument was backed by memory allocated by the Go runtime. However, the only reason the d2i_* functions take a pointer-to-a-pointer is to increment the input to the address following the parsed data (see https://www.openssl.org/docs/manmaster/crypto/d2i_X509.html), not to allocate memory and assign to that pointer. Thus, in this change, the wrapper openssl_d2i_* functions in openssl.c have been modified to trick the Go runtime into avoiding that check. This will cause subtle bugs if I misunderstood the contract the d2i_* functions have. Change-Id: I62a3ebecee7c2afdc3f70f961f26a5db488cff6d
This repository defines the Go APIs of Vanadium.