[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master bda62c7: * lisp/net/nsm.el: Use lexical-binding
|
From: |
Stefan Monnier |
|
Subject: |
[Emacs-diffs] master bda62c7: * lisp/net/nsm.el: Use lexical-binding |
|
Date: |
Fri, 27 Sep 2019 08:01:11 -0400 (EDT) |
branch: master
commit bda62c787f76f97ab8db913613223362656181fd
Author: Stefan Monnier <address@hidden>
Commit: Stefan Monnier <address@hidden>
* lisp/net/nsm.el: Use lexical-binding
(nsm-check-tls-connection, nsm-query): Don't pass explicitly `obarray`
since it's the default anyway.
(nsm-query, nsm-query-user, nsm-save-host): Remove redundant
advertised-calling-convention.
---
lisp/net/nsm.el | 56 ++++++++++++++++++++++----------------------------------
1 file changed, 22 insertions(+), 34 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index b8c84d5..4ca770f 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -1,4 +1,4 @@
-;;; nsm.el --- Network Security Manager
+;;; nsm.el --- Network Security Manager -*- lexical-binding:t -*-
;; Copyright (C) 2014-2019 Free Software Foundation, Inc.
@@ -269,7 +269,7 @@ See also: `network-security-protocol-checks' and
`nsm-noninteractive'"
(let* ((results
(cl-loop
for check in network-security-protocol-checks
- for type = (intern (format ":%s" (car check)) obarray)
+ for type = (intern (format ":%s" (car check)))
;; Skip the check if the user has already said that this
;; host is OK for this type of "error".
for result = (and (not (memq type
@@ -278,8 +278,7 @@ See also: `network-security-protocol-checks' and
`nsm-noninteractive'"
(nsm-level (cadr check)))
(funcall
(intern (format "nsm-protocol-check--%s"
- (car check))
- obarray)
+ (car check)))
host port status settings))
when result
collect (cons type result)))
@@ -321,7 +320,7 @@ See also: `network-security-protocol-checks' and
`nsm-noninteractive'"
(declare-function gnutls-peer-status-warning-describe "gnutls.c"
(status-symbol))
-(defun nsm-protocol-check--verify-cert (host port status settings)
+(defun nsm-protocol-check--verify-cert (_host _port status settings)
"Check for warnings from the certificate verification status.
This is the most basic security check for a TLS connection. If
@@ -332,7 +331,7 @@ This is the most basic security check for a TLS connection.
If
(not (nsm-warnings-ok-p status settings))
(mapconcat #'gnutls-peer-status-warning-describe warnings "\n"))))
-(defun nsm-protocol-check--same-cert (host port status settings)
+(defun nsm-protocol-check--same-cert (_host _port status settings)
"Check for certificate fingerprint mismatch.
If the fingerprints saved do not match the fingerprint of the
@@ -344,7 +343,7 @@ man-in-the-middle attack."
;; Key exchange checks
-(defun nsm-protocol-check--rsa-kx (host port status &optional settings)
+(defun nsm-protocol-check--rsa-kx (_host _port status &optional _settings)
"Check for static RSA key exchange.
Static RSA key exchange methods do not offer perfect forward
@@ -374,7 +373,7 @@ Security (DTLS)\", \"(4.1. General Guidelines)\"
"RSA key exchange method (%s) does not offer perfect forward secrecy"
kx))))
-(defun nsm-protocol-check--dhe-prime-kx (host port status &optional settings)
+(defun nsm-protocol-check--dhe-prime-kx (_host _port status &optional
_settings)
"Check for the key strength of DH key exchange based on integer
factorization.
This check is a response to Logjam[1]. Logjam is an attack that
@@ -405,7 +404,7 @@ Diffie-Hellman Fails in Practice\", `https://weakdh.org/'
"Diffie-Hellman key strength (%s bits) too weak (%s bits)"
prime-bits 1024))))
-(defun nsm-protocol-check--dhe-kx (host port status &optional settings)
+(defun nsm-protocol-check--dhe-kx (_host _port status &optional _settings)
"Check for existence of DH key exchange based on integer factorization.
In the years since the discovery of Logjam, it was discovered
@@ -429,7 +428,7 @@ Diffie-Hellman Backdoors in TLS.\",
"unable to verify Diffie-Hellman key exchange method (%s) parameters"
kx))))
-(defun nsm-protocol-check--export-kx (host port status &optional settings)
+(defun nsm-protocol-check--export-kx (_host _port status &optional _settings)
"Check for RSA-EXPORT key exchange.
EXPORT cipher suites are a family of 40-bit and 56-bit effective
@@ -454,7 +453,7 @@ of user-visible changes.\" Version 3.4.0,
"EXPORT level key exchange (%s) is insecure"
kx)))))
-(defun nsm-protocol-check--anon-kx (host port status &optional settings)
+(defun nsm-protocol-check--anon-kx (_host _port status &optional _settings)
"Check for anonymous key exchange.
Anonymous key exchange exposes the connection to
@@ -473,7 +472,7 @@ authentication\",
;; Cipher checks
-(defun nsm-protocol-check--cbc-cipher (host port status &optional settings)
+(defun nsm-protocol-check--cbc-cipher (_host _port status &optional _settings)
"Check for CBC mode ciphers.
CBC mode cipher in TLS versions earlier than 1.3 are problematic
@@ -502,7 +501,7 @@ Security (TLS) and Datagram Transport Layer Security
(DTLS)\",
"CBC mode cipher (%s) can be insecure"
cipher)))))
-(defun nsm-protocol-check--ecdsa-cbc-cipher (host port status &optional
settings)
+(defun nsm-protocol-check--ecdsa-cbc-cipher (_host _port status &optional
_settings)
"Check for CBC mode cipher usage under ECDSA key exchange.
CBC mode cipher in TLS versions earlier than 1.3 are problematic
@@ -540,7 +539,7 @@ Security (TLS) and Datagram Transport Layer Security
(DTLS)\",
"CBC mode cipher (%s) can be insecure"
cipher)))))
-(defun nsm-protocol-check--3des-cipher (host port status &optional settings)
+(defun nsm-protocol-check--3des-cipher (_host _port status &optional _settings)
"Check for 3DES ciphers.
Due to its use of 64-bit block size, it is known that a
@@ -561,7 +560,7 @@ Current Use and Deprecation of TDEA\",
"3DES cipher (%s) is weak"
cipher))))
-(defun nsm-protocol-check--rc4-cipher (host port status &optional settings)
+(defun nsm-protocol-check--rc4-cipher (_host _port status &optional _settings)
"Check for RC4 ciphers.
RC4 cipher has been prohibited by RFC 7465[1].
@@ -585,7 +584,7 @@ Reference:
;; Signature checks
-(defun nsm-protocol-check--sha1-sig (host port status &optional settings)
+(defun nsm-protocol-check--sha1-sig (_host _port status &optional _settings)
"Check for SHA1 signatures on certificates.
The first SHA1 collision was found in 2017[1], as a precaution
@@ -620,7 +619,7 @@ SHA-1 for SSL/TLS Certificates in Microsoft Edge and
Internet Explorer
algo)
end))
-(defun nsm-protocol-check--md5-sig (host port status &optional settings)
+(defun nsm-protocol-check--md5-sig (_host _port status &optional _settings)
"Check for MD5 signatures on certificates.
In 2008, a group of researchers were able to forge an
@@ -653,8 +652,8 @@ the MD5 Message-Digest and the HMAC-MD5 Algorithms\",
;; Extension checks
-(defun nsm-protocol-check--renegotiation-info-ext (host port status
- &optional settings)
+(defun nsm-protocol-check--renegotiation-info-ext (_host _port status
+ &optional _settings)
"Check for renegotiation_info TLS extension status.
If this TLS extension is not used, the connection established is
@@ -676,7 +675,7 @@ Layer Security (TLS) Renegotiation Indication Extension\",
;; Compression checks
-(defun nsm-protocol-check--compression (host port status &optional settings)
+(defun nsm-protocol-check--compression (_host _port status &optional _settings)
"Check for TLS compression.
TLS compression attacks such as CRIME would allow an attacker to
@@ -697,7 +696,7 @@ Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
;; Protocol version checks
-(defun nsm-protocol-check--version (host port status &optional settings)
+(defun nsm-protocol-check--version (_host _port status &optional _settings)
"Check for SSL/TLS protocol version.
This function guards against the usage of SSL3.0, which has been
@@ -722,7 +721,7 @@ Early TLS\"
;; Full suite checks
-(defun nsm-protocol-check--null-suite (host port status &optional settings)
+(defun nsm-protocol-check--null-suite (_host _port status &optional _settings)
"Check for NULL cipher suites.
This function checks for NULL key exchange, cipher and message
@@ -790,8 +789,7 @@ protocol."
(let ((response
(condition-case nil
(intern
- (car (split-string (nsm-query-user message status)))
- obarray)
+ (car (split-string (nsm-query-user message status))))
;; Make sure we manage to close the process if the user hits
;; `C-g'.
(quit 'no)
@@ -807,9 +805,6 @@ protocol."
(nsm-save-host host port status what problems response)
t))))
-(set-advertised-calling-convention
- 'nsm-query '(host port status what problems message) "27.1")
-
(declare-function gnutls-format-certificate "gnutls.c" (cert))
(defun nsm-query-user (message status)
@@ -923,8 +918,6 @@ protocol."
(kill-buffer cert-buffer)
(kill-buffer buffer)))))
-(set-advertised-calling-convention 'nsm-query-user '(message status) "27.1")
-
(defun nsm-save-host (host port status what problems permanency)
(let* ((id (nsm-id host port))
(saved-fingerprints (plist-get (nsm-host-settings id) :fingerprints))
@@ -964,11 +957,6 @@ protocol."
(nsm-remove-temporary-setting id)
(push saved nsm-temporary-host-settings))))
-(set-advertised-calling-convention
- 'nsm-save-host
- '(host port status what problems permanency)
- "27.1")
-
(defun nsm-write-settings ()
(with-temp-file nsm-settings-file
(insert "(\n")
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master bda62c7: * lisp/net/nsm.el: Use lexical-binding,
Stefan Monnier <=