| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-01-21 | convert remaining code to the imsg getters | Omar Polo | |
| Now gmid doesn't touch anymore the internals of the imsg structs. | |||
| 2024-01-21 | convert the remaining bit of crypto.c to the ibuf_* APIs | Omar Polo | |
| 2024-01-21 | convert crypto.c to the new imsg API | Omar Polo | |
| 2024-01-21 | rename ibuf to imsgbuf in crypto | Omar Polo | |
| soon we'll be using a struct ibuf and it'll be confusing. | |||
| 2023-08-29 | fix typo; the size computation is done using len, not ret | Omar Polo | |
| 2023-08-28 | don't let crypto_dispatch_server handle IMSG_CRYPTO_ECDSA_SIGN | Omar Polo | |
| in this codepath. otherwise we end up with a mismatch where we expect a request but were sent a response. | |||
| 2023-08-28 | pre-increment reqid | Omar Polo | |
| otherwise we send the request id N and expect to receive N+1 | |||
| 2023-08-28 | typo; was filling the wrong iov_len... | Omar Polo | |
| 2023-07-22 | fmt | Omar Polo | |
| 2023-07-22 | drop engine support | Omar Polo | |
| 2023-07-22 | remove the useless logging methods | Omar Polo | |
| it makes more clear where the magic is. adapted from the smtpd' ca.c diff. | |||
| 2023-06-23 | macos' clang is retarded | Omar Polo | |
| thinks rsa and ecdsa may be used un-initialized... if we enter the branch with fatalx(). sigh | |||
| 2023-06-23 | drop debug log | Omar Polo | |
| 2023-06-13 | simplify check | Omar Polo | |
| brought to my attention by gcc who isn't smart enough to figure out that `ret' is always set. | |||
| 2023-06-13 | avoid arithmetic on void pointers (GNU extension) | Omar Polo | |
| not really sold on this one, I don't see what other interpretation could be given, but it's not standard so... | |||
| 2023-06-11 | fixes for -Wpointer-sign | Omar Polo | |
| 2023-06-11 | cast uint64_t to unsigned long long | Omar Polo | |
| 2023-06-11 | work around different signature for ecdsae_compute_key | Omar Polo | |
| 2023-06-11 | add a privsep crypto engine | Omar Polo | |
| Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way). | |||
 |
index : slackcoder/gmid | |
| Small and secure gemini server | Mirror |
| aboutsummaryrefslogtreecommitdiff |