fixing #1551/#2503

author: Christian Grothoff <christian@grothoff.org> 2012-09-17 10:45:23 +0000
committer: Christian Grothoff <christian@grothoff.org> 2012-09-17 10:45:23 +0000
commit: 7e065c18499688141eb68513058131a49344cac1 (patch)
tree: e441b44c8f0db8a4f214775e4945039cc820cf2f /src/util
parent: b3ad920b6e0107c3da946fe1f2f720955dbac151 (diff)
download: gnunet-7e065c18499688141eb68513058131a49344cac1.tar.gz
gnunet-7e065c18499688141eb68513058131a49344cac1.zip
4 files changed, 136 insertions, 52 deletions
diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c
index dbf71d78a..8dce1080c 100644
--- a/src/util/crypto_random.c
+++ b/src/util/crypto_random.c
@@ -1,6 +1,6 @@
 /*
     This file is part of GNUnet.
-     (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors)
+     (C) 2001, 2002, 2003, 2004, 2005, 2006, 2012 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
@@ -34,6 +34,14 @@
 #define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall)
+/**
+ * GNUNET_YES if we are using a 'weak' (low-entropy) PRNG.
+ */ 
+static int weak_random;
 /* TODO: ndurner, move this to plibc? */
 /* The code is derived from glibc, obviously */
 #if MINGW
@@ -49,14 +57,18 @@
 #undef RAND_MAX
 #endif
 #define RAND_MAX 0x7fffffff /* Hopefully this is correct */
 static int32_t glibc_weak_rand32_state = 1;
 void
 glibc_weak_srand32 (int32_t s)
 {
  glibc_weak_rand32_state = s;
 }
 int32_t
 glibc_weak_rand32 ()
 {
@@ -74,11 +86,12 @@ glibc_weak_rand32 ()
 * @return number between 0 and 1.
 */
 static double
-weak_random ()
+get_weak_random ()
 {
  return ((double) RANDOM () / RAND_MAX);
 }
 /**
 * Seed a weak random generator. Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator
 * can be seeded.
@@ -91,6 +104,7 @@ GNUNET_CRYPTO_seed_weak_random (int32_t seed)
  SRANDOM (seed);
 }
 /**
 * Produce a random value.
 *
@@ -134,7 +148,7 @@ GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
    while (ret >= ul);
    return ret % i;
  case GNUNET_CRYPTO_QUALITY_WEAK:
-    ret = i * weak_random ();
+    ret = i * get_weak_random ();
    if (ret >= i)
      ret = i - 1;
    return ret;
@@ -211,7 +225,7 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
    return ret % max;
  case GNUNET_CRYPTO_QUALITY_WEAK:
-    ret = max * weak_random ();
+    ret = max * get_weak_random ();
    if (ret >= max)
      ret = max - 1;
    return ret;
@@ -221,6 +235,19 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
  return 0;
 }
+/**
+ * Check if we are using weak random number generation.
+ *
+ * @return GNUNET_YES if weak number generation is on
+ */
+int
+GNUNET_CRYPTO_random_is_weak ()
+{
+  return weak_random;
+}
 /**
 * This function should only be called in testcases
 * where strong entropy gathering is not desired
@@ -229,6 +256,7 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 void
 GNUNET_CRYPTO_random_disable_entropy_gathering ()
 {
+  weak_random = GNUNET_YES;
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
 }
@@ -239,6 +267,7 @@ GNUNET_CRYPTO_random_disable_entropy_gathering ()
 */
 static struct GNUNET_OS_Process *genproc;
 /**
 * Function called by libgcrypt whenever we are
 * blocked gathering entropy.
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 4afda1f6e..8843464a2 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -629,11 +629,17 @@ try_read_key (const char *filename)
    (void) GNUNET_DISK_file_close (fd);
    return NULL;
  }
+  if (0 == fs)
+  {
+    GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
+    return NULL;
+  }
  if (fs > UINT16_MAX)
  {
    LOG (GNUNET_ERROR_TYPE_ERROR,
-         _("File `%s' does not contain a valid private key.  Deleting it.\n"),
+         _("File `%s' does not contain a valid private key (too long, %llu bytes).  Deleting it.\n"),   
-         filename);
+         filename,
+         (unsigned long long) fs);
    GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
    if (0 != UNLINK (filename))    
      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
@@ -648,8 +654,9 @@ try_read_key (const char *filename)
      (NULL == (ret = GNUNET_CRYPTO_rsa_decode_key ((char *) enc, len))))
  {
    LOG (GNUNET_ERROR_TYPE_ERROR,
-         _("File `%s' does not contain a valid private key.  Deleting it.\n"),
+         _("File `%s' does not contain a valid private key (failed decode, %llu bytes).  Deleting it.\n"),
-         filename);
+         filename,
+         (unsigned long long) fs);
    GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
    if (0 != UNLINK (filename))    
      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
@@ -664,6 +671,23 @@ try_read_key (const char *filename)
 /**
+ * Wait for a short time (we're trying to lock a file or want
+ * to give another process a shot at finishing a disk write, etc.).
+ * Sleeps for 100ms (as that should be long enough for virtually all
+ * modern systems to context switch and allow another process to do
+ * some 'real' work).
+ */
+static void
+short_wait ()
+{
+  struct GNUNET_TIME_Relative timeout;
+  timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100);
+  GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
+}
+/**
 * Create a new private key by reading it from a file.  If the
 * files does not exist, create a new key and write it to the
 * file.  Caller must free return value.  Note that this function
@@ -723,7 +747,7 @@ GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename)
                                  sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded),
                                  GNUNET_YES))
    {
-      sleep (1);
+      short_wait (1);
      if (0 == ++cnt % 10)
      {
        ec = errno;
@@ -781,7 +805,7 @@ GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename)
             _
             ("This may be ok if someone is currently generating a hostkey.\n"));
      }
-      sleep (1);
+      short_wait (1);
      continue;
    }
    if (GNUNET_YES != GNUNET_DISK_file_test (filename))
@@ -817,7 +841,7 @@ GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename)
             _
             ("This may be ok if someone is currently generating a hostkey.\n"));
      }
-      sleep (2);                /* wait a bit longer! */
+      short_wait (1);                /* wait a bit longer! */
      continue;
    }
    break;
@@ -996,6 +1020,7 @@ GNUNET_CRYPTO_rsa_key_create_start (const char *filename,
 {
  struct GNUNET_CRYPTO_RsaKeyGenerationContext *gc;
  struct GNUNET_CRYPTO_RsaPrivateKey *pk;
+  const char *weak_random;
  if (NULL != (pk = try_read_key (filename)))
  {
@@ -1023,13 +1048,18 @@ GNUNET_CRYPTO_rsa_key_create_start (const char *filename,
    GNUNET_free (gc);
    return NULL;
  }
+  weak_random = NULL;
+  if (GNUNET_YES ==
+      GNUNET_CRYPTO_random_is_weak ())
+    weak_random = "-w";
  gc->gnunet_rsa = GNUNET_OS_start_process (GNUNET_NO,
                                            GNUNET_OS_INHERIT_STD_ERR,
                                            NULL, 
                                            gc->gnunet_rsa_out,
                                            "gnunet-rsa",
-                                            "gnunet-rsa",
+                                            "gnunet-rsa",                                           
                                            gc->filename,
+                                            weak_random,
                                            NULL);
  if (NULL == gc->gnunet_rsa)
  {
diff --git a/src/util/gnunet-rsa.c b/src/util/gnunet-rsa.c
index 61e1b66df..e9fbf15df 100644
--- a/src/util/gnunet-rsa.c
+++ b/src/util/gnunet-rsa.c
@@ -43,6 +43,11 @@ static int print_peer_identity;
 */
 static int print_short_identity;
+/**
+ * Use weak random number generator for key generation.
+ */
+static int weak_random;
 /**
 * The private information of an RSA key pair.
@@ -104,6 +109,8 @@ run (void *cls, char *const *args, const char *cfgfile,
    fprintf (stderr, _("No hostkey file specified on command line\n"));
    return;
  }
+  if (0 != weak_random)    
+    GNUNET_CRYPTO_random_disable_entropy_gathering ();  
  pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]);
  if (NULL == pk)
    return;
@@ -159,6 +166,9 @@ main (int argc, char *const *argv)
    { 's', "print-short-identity", NULL,
      gettext_noop ("print the short hash of the public key in ASCII format"),
      0, &GNUNET_GETOPT_set_one, &print_short_identity },
+    { 'w', "weak-random", NULL,
+      gettext_noop ("use insecure, weak random number generator for key generation (for testing only)"),
+      0, &GNUNET_GETOPT_set_one, &weak_random },
    GNUNET_GETOPT_OPTION_END
  };
diff --git a/src/util/server.c b/src/util/server.c
index ff4584677..4622e0779 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -334,43 +334,6 @@ process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 /**
- * Add a listen task with the scheduler for this server.
- *
- * @param server handle to our server for which we are adding the listen
- *        socket
- */
-static void
-schedule_listen_task (struct GNUNET_SERVER_Handle *server)
-{
-  struct GNUNET_NETWORK_FDSet *r;
-  unsigned int i;
-  if (NULL == server->listen_sockets[0])
-    return; /* nothing to do, no listen sockets! */
-  if (NULL == server->listen_sockets[1])
-  {
-    /* simplified method: no fd set needed; this is then much simpler and
-       much more efficient */
-    server->listen_task =
-      GNUNET_SCHEDULER_add_read_net_with_priority (GNUNET_TIME_UNIT_FOREVER_REL,
-                                                   GNUNET_SCHEDULER_PRIORITY_HIGH,
-                                                   server->listen_sockets[0],
-                                                   &process_listen_socket, server);
-    return;
-  }
-  r = GNUNET_NETWORK_fdset_create ();
-  i = 0;
-  while (NULL != server->listen_sockets[i])
-    GNUNET_NETWORK_fdset_set (r, server->listen_sockets[i++]);
-  server->listen_task =
-    GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_HIGH,
-                                 GNUNET_TIME_UNIT_FOREVER_REL, r, NULL,
-                                 &process_listen_socket, server);
-  GNUNET_NETWORK_fdset_destroy (r);
-}
-/**
 * Scheduler says our listen socket is ready.  Process it!
 *
 * @param cls handle to our server for which we are processing the listen
@@ -389,7 +352,7 @@ process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
  {
    /* ignore shutdown, someone else will take care of it! */
-    schedule_listen_task (server);
+    GNUNET_SERVER_resume (server);
    return;
  }
  i = 0;
@@ -412,7 +375,7 @@ process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
    i++;
  }
  /* listen for more! */
-  schedule_listen_task (server);
+  GNUNET_SERVER_resume (server);
 }
@@ -536,7 +499,7 @@ GNUNET_SERVER_create_with_sockets (GNUNET_CONNECTION_AccessCheck access,
  server->access_cls = access_cls;
  server->require_found = require_found;
  if (NULL != lsocks)
-    schedule_listen_task (server);
+    GNUNET_SERVER_resume (server);
  return server;
 }
@@ -671,6 +634,58 @@ test_monitor_clients (struct GNUNET_SERVER_Handle *server)
 /**
+ * Suspend accepting connections from the listen socket temporarily.
+ *
+ * @param server server to stop accepting connections.
+ */
+void
+GNUNET_SERVER_suspend (struct GNUNET_SERVER_Handle *server)
+{
+  if (GNUNET_SCHEDULER_NO_TASK != server->listen_task)
+  {
+    GNUNET_SCHEDULER_cancel (server->listen_task);
+    server->listen_task = GNUNET_SCHEDULER_NO_TASK;
+  }
+}
+/**
+ * Resume accepting connections from the listen socket.
+ *
+ * @param server server to stop accepting connections.
+ */
+void
+GNUNET_SERVER_resume (struct GNUNET_SERVER_Handle *server)
+{
+  struct GNUNET_NETWORK_FDSet *r;
+  unsigned int i;
+  if (NULL == server->listen_sockets[0])
+    return; /* nothing to do, no listen sockets! */
+  if (NULL == server->listen_sockets[1])
+  {
+    /* simplified method: no fd set needed; this is then much simpler and
+       much more efficient */
+    server->listen_task =
+      GNUNET_SCHEDULER_add_read_net_with_priority (GNUNET_TIME_UNIT_FOREVER_REL,
+                                                   GNUNET_SCHEDULER_PRIORITY_HIGH,
+                                                   server->listen_sockets[0],
+                                                   &process_listen_socket, server);
+    return;
+  }
+  r = GNUNET_NETWORK_fdset_create ();
+  i = 0;
+  while (NULL != server->listen_sockets[i])
+    GNUNET_NETWORK_fdset_set (r, server->listen_sockets[i++]);
+  server->listen_task =
+    GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_HIGH,
+                                 GNUNET_TIME_UNIT_FOREVER_REL, r, NULL,
+                                 &process_listen_socket, server);
+  GNUNET_NETWORK_fdset_destroy (r);
+}
+/**
 * Stop the listen socket and get ready to shutdown the server
 * once only 'monitor' clients are left.
 *
author	Christian Grothoff <christian@grothoff.org>	2012-09-17 10:45:23 +0000
committer	Christian Grothoff <christian@grothoff.org>	2012-09-17 10:45:23 +0000
commit	7e065c18499688141eb68513058131a49344cac1 (patch)
tree	e441b44c8f0db8a4f214775e4945039cc820cf2f /src/util
parent	b3ad920b6e0107c3da946fe1f2f720955dbac151 (diff)
download	gnunet-7e065c18499688141eb68513058131a49344cac1.tar.gz gnunet-7e065c18499688141eb68513058131a49344cac1.zip