Commit Briefs
don't let crypto_dispatch_server handle IMSG_CRYPTO_ECDSA_SIGN
in this codepath. otherwise we end up with a mismatch where we expect a request but were sent a response.
pre-increment reqid
otherwise we send the request id N and expect to receive N+1
remove the useless logging methods
it makes more clear where the magic is. adapted from the smtpd' ca.c diff.
macos' clang is retarded
thinks rsa and ecdsa may be used un-initialized... if we enter the branch with fatalx(). sigh
simplify check
brought to my attention by gcc who isn't smart enough to figure out that `ret' is always set.
avoid arithmetic on void pointers (GNU extension)
not really sold on this one, I don't see what other interpretation could be given, but it's not standard so...
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).