diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-07-02 20:14:13 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-07-02 20:14:13 +0200 |
commit | 78998923980d1813bbf34052e7167a0cb19aa06f (patch) | |
tree | 67a99b953ac9dc4452a72c5d69cbd1693ab56831 | |
parent | fd9b241cafa715b0da84cdd03f53387082b373f7 (diff) | |
parent | 406e2ee8835abcad5356cb4921d76a6ffe28b7c6 (diff) | |
download | gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.tar.gz gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.zip |
Merge branch 'master' of git+ssh://gnunet.org/gnunet
-rw-r--r-- | src/gns/gnunet-dns2gns.c | 28 | ||||
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca.in | 6 | ||||
-rw-r--r-- | src/namestore/gnunet-namestore.c | 11 | ||||
-rw-r--r-- | src/revocation/revocation.conf.in | 2 | ||||
-rw-r--r-- | src/util/crypto_rsa.c | 3 |
5 files changed, 43 insertions, 7 deletions
diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c index 1e88ef056..74309f554 100644 --- a/src/gns/gnunet-dns2gns.c +++ b/src/gns/gnunet-dns2gns.c | |||
@@ -190,6 +190,31 @@ do_shutdown (void *cls) | |||
190 | } | 190 | } |
191 | } | 191 | } |
192 | 192 | ||
193 | /** | ||
194 | * Shuffle answers | ||
195 | * Fisher-Yates (aka Knuth) Shuffle | ||
196 | * | ||
197 | * @param request context for the request (with answers) | ||
198 | */ | ||
199 | static void | ||
200 | shuffle_answers (struct Request *request) | ||
201 | { | ||
202 | unsigned int idx = request->packet->num_answers; | ||
203 | unsigned int r_idx; | ||
204 | struct GNUNET_DNSPARSER_Record tmp_answer; | ||
205 | |||
206 | while (0 != idx) | ||
207 | { | ||
208 | r_idx = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
209 | request->packet->num_answers); | ||
210 | idx--; | ||
211 | tmp_answer = request->packet->answers[idx]; | ||
212 | memcpy (&request->packet->answers[idx], &request->packet->answers[r_idx], | ||
213 | sizeof (struct GNUNET_DNSPARSER_Record)); | ||
214 | memcpy (&request->packet->answers[r_idx], &tmp_answer, | ||
215 | sizeof (struct GNUNET_DNSPARSER_Record)); | ||
216 | } | ||
217 | } | ||
193 | 218 | ||
194 | /** | 219 | /** |
195 | * Send the response for the given request and clean up. | 220 | * Send the response for the given request and clean up. |
@@ -203,6 +228,7 @@ send_response (struct Request *request) | |||
203 | size_t size; | 228 | size_t size; |
204 | ssize_t sret; | 229 | ssize_t sret; |
205 | 230 | ||
231 | shuffle_answers (request); | ||
206 | if (GNUNET_SYSERR == | 232 | if (GNUNET_SYSERR == |
207 | GNUNET_DNSPARSER_pack (request->packet, | 233 | GNUNET_DNSPARSER_pack (request->packet, |
208 | UINT16_MAX /* is this not too much? */, | 234 | UINT16_MAX /* is this not too much? */, |
@@ -334,8 +360,6 @@ result_processor (void *cls, | |||
334 | // packet->flags.opcode = GNUNET_TUN_DNS_OPCODE_STATUS; // ??? | 360 | // packet->flags.opcode = GNUNET_TUN_DNS_OPCODE_STATUS; // ??? |
335 | for (uint32_t i = 0; i < rd_count; i++) | 361 | for (uint32_t i = 0; i < rd_count; i++) |
336 | { | 362 | { |
337 | // FIXME: do we need to hanlde #GNUNET_GNSRECORD_RF_SHADOW_RECORD | ||
338 | // here? Or should we do this in libgnunetgns? | ||
339 | rec.expiration_time.abs_value_us = rd[i].expiration_time; | 363 | rec.expiration_time.abs_value_us = rd[i].expiration_time; |
340 | switch (rd[i].record_type) | 364 | switch (rd[i].record_type) |
341 | { | 365 | { |
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in index 412e53f8d..9a298f24a 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca.in +++ b/src/gns/gnunet-gns-proxy-setup-ca.in | |||
@@ -119,9 +119,9 @@ generate_ca() | |||
119 | infomsg "Generating CA" | 119 | infomsg "Generating CA" |
120 | TMPDIR=${TMPDIR:-/tmp} | 120 | TMPDIR=${TMPDIR:-/tmp} |
121 | if test -e "$TMPDIR"; then | 121 | if test -e "$TMPDIR"; then |
122 | GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1 | 122 | GNSCERT=`mktemp -t cert.pem.XXXXXXXX` || exit 1 |
123 | GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1 | 123 | GNSCAKY=`mktemp -t caky.pem.XXXXXXXX` || exit 1 |
124 | GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1 | 124 | GNSCANO=`mktemp -t cano.pem.XXXXXXXX` || exit 1 |
125 | else | 125 | else |
126 | # This warning is mostly pointless. | 126 | # This warning is mostly pointless. |
127 | warningmsg "You need to export the TMPDIR variable" | 127 | warningmsg "You need to export the TMPDIR variable" |
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c index 94fcb8952..f438de136 100644 --- a/src/namestore/gnunet-namestore.c +++ b/src/namestore/gnunet-namestore.c | |||
@@ -1087,6 +1087,17 @@ run_with_zone_pkey (const struct GNUNET_CONFIGURATION_Handle *cfg) | |||
1087 | ret = 1; | 1087 | ret = 1; |
1088 | return; | 1088 | return; |
1089 | } | 1089 | } |
1090 | if ((GNUNET_DNSPARSER_TYPE_SRV == type) || | ||
1091 | (GNUNET_DNSPARSER_TYPE_TLSA == type) || | ||
1092 | (GNUNET_DNSPARSER_TYPE_OPENPGPKEY == type)) | ||
1093 | { | ||
1094 | fprintf (stderr, | ||
1095 | _ ("For DNS record types `SRV', `TLSA' and `OPENPGPKEY'")); | ||
1096 | fprintf (stderr, ", please use a `BOX' record instead\n"); | ||
1097 | GNUNET_SCHEDULER_shutdown (); | ||
1098 | ret = 1; | ||
1099 | return; | ||
1100 | } | ||
1090 | if (NULL == value) | 1101 | if (NULL == value) |
1091 | { | 1102 | { |
1092 | fprintf (stderr, | 1103 | fprintf (stderr, |
diff --git a/src/revocation/revocation.conf.in b/src/revocation/revocation.conf.in index 04393ea9f..d2d7de46e 100644 --- a/src/revocation/revocation.conf.in +++ b/src/revocation/revocation.conf.in | |||
@@ -14,6 +14,6 @@ UNIX_MATCH_GID = YES | |||
14 | # (using only a single-core) with SCRYPT. | 14 | # (using only a single-core) with SCRYPT. |
15 | # DO NOT CHANGE THIS VALUE, doing so will break the protocol! | 15 | # DO NOT CHANGE THIS VALUE, doing so will break the protocol! |
16 | WORKBITS = 22 | 16 | WORKBITS = 22 |
17 | EPOCH_DURATION = 356 d | 17 | EPOCH_DURATION = 365 d |
18 | 18 | ||
19 | DATABASE = $GNUNET_DATA_HOME/revocation.dat | 19 | DATABASE = $GNUNET_DATA_HOME/revocation.dat |
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index cb4640d48..b12ec7434 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -1301,7 +1301,8 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | |||
1301 | * so the exchange is being malicious in an unfamilair way, maybe | 1301 | * so the exchange is being malicious in an unfamilair way, maybe |
1302 | * just trying to crash us. Arguably, we've only an internal error | 1302 | * just trying to crash us. Arguably, we've only an internal error |
1303 | * though because we should've detected this in our previous call | 1303 | * though because we should've detected this in our previous call |
1304 | * to GNUNET_CRYPTO_rsa_unblind. */return GNUNET_NO; | 1304 | * to GNUNET_CRYPTO_rsa_unblind. */// |
1305 | return GNUNET_NO; | ||
1305 | } | 1306 | } |
1306 | 1307 | ||
1307 | data = mpi_to_sexp (r); | 1308 | data = mpi_to_sexp (r); |