Merge branch 'master' of git+ssh://gnunet.org/gnunet

author: Christian Grothoff <christian@grothoff.org> 2020-07-02 20:14:13 +0200
committer: Christian Grothoff <christian@grothoff.org> 2020-07-02 20:14:13 +0200
commit: 78998923980d1813bbf34052e7167a0cb19aa06f (patch)
tree: 67a99b953ac9dc4452a72c5d69cbd1693ab56831 /src
parent: fd9b241cafa715b0da84cdd03f53387082b373f7 (diff)
parent: 406e2ee8835abcad5356cb4921d76a6ffe28b7c6 (diff)
download: gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.tar.gz
gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.zip
5 files changed, 43 insertions, 7 deletions
diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c
index 1e88ef056..74309f554 100644
--- a/src/gns/gnunet-dns2gns.c
+++ b/src/gns/gnunet-dns2gns.c
@@ -190,6 +190,31 @@ do_shutdown (void *cls)
  }
 }
+/**
+ * Shuffle answers
+ * Fisher-Yates (aka Knuth) Shuffle
+ *
+ * @param request context for the request (with answers)
+ */
+static void
+shuffle_answers (struct Request *request)
+{
+  unsigned int idx = request->packet->num_answers;
+  unsigned int r_idx;
+  struct GNUNET_DNSPARSER_Record tmp_answer;
+  while (0 != idx)
+  {
+    r_idx = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
+                                      request->packet->num_answers);
+    idx--;
+    tmp_answer = request->packet->answers[idx];
+    memcpy (&request->packet->answers[idx], &request->packet->answers[r_idx],
+            sizeof (struct GNUNET_DNSPARSER_Record));
+    memcpy (&request->packet->answers[r_idx], &tmp_answer,
+            sizeof (struct GNUNET_DNSPARSER_Record));
+  }
+}
 /**
 * Send the response for the given request and clean up.
@@ -203,6 +228,7 @@ send_response (struct Request *request)
  size_t size;
  ssize_t sret;
+  shuffle_answers (request);
  if (GNUNET_SYSERR ==
      GNUNET_DNSPARSER_pack (request->packet,
                             UINT16_MAX /* is this not too much? */,
@@ -334,8 +360,6 @@ result_processor (void *cls,
  // packet->flags.opcode = GNUNET_TUN_DNS_OPCODE_STATUS; // ???
  for (uint32_t i = 0; i < rd_count; i++)
  {
-    // FIXME: do we need to hanlde #GNUNET_GNSRECORD_RF_SHADOW_RECORD
-    // here? Or should we do this in libgnunetgns?
    rec.expiration_time.abs_value_us = rd[i].expiration_time;
    switch (rd[i].record_type)
    {
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index 412e53f8d..9a298f24a 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -119,9 +119,9 @@ generate_ca()
    infomsg "Generating CA"
    TMPDIR=${TMPDIR:-/tmp}
    if test -e "$TMPDIR"; then
-        GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1
+        GNSCERT=`mktemp -t cert.pem.XXXXXXXX` || exit 1
-        GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1
+        GNSCAKY=`mktemp -t caky.pem.XXXXXXXX` || exit 1
-        GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1
+        GNSCANO=`mktemp -t cano.pem.XXXXXXXX` || exit 1
    else
        # This warning is mostly pointless.
        warningmsg "You need to export the TMPDIR variable"
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index 94fcb8952..f438de136 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -1087,6 +1087,17 @@ run_with_zone_pkey (const struct GNUNET_CONFIGURATION_Handle *cfg)
      ret = 1;
      return;
    }
+    if ((GNUNET_DNSPARSER_TYPE_SRV == type) ||
+        (GNUNET_DNSPARSER_TYPE_TLSA == type) ||
+        (GNUNET_DNSPARSER_TYPE_OPENPGPKEY == type))
+    {
+      fprintf (stderr,
+               _ ("For DNS record types `SRV', `TLSA' and `OPENPGPKEY'"));
+      fprintf (stderr, ", please use a `BOX' record instead\n");
+      GNUNET_SCHEDULER_shutdown ();
+      ret = 1;
+      return;
+    }
    if (NULL == value)
    {
      fprintf (stderr,
diff --git a/src/revocation/revocation.conf.in b/src/revocation/revocation.conf.in
index 04393ea9f..d2d7de46e 100644
--- a/src/revocation/revocation.conf.in
+++ b/src/revocation/revocation.conf.in
@@ -14,6 +14,6 @@ UNIX_MATCH_GID = YES
 # (using only a single-core) with SCRYPT.
 # DO NOT CHANGE THIS VALUE, doing so will break the protocol!
 WORKBITS = 22
-EPOCH_DURATION = 356 d
+EPOCH_DURATION = 365 d
 DATABASE = $GNUNET_DATA_HOME/revocation.dat
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index cb4640d48..b12ec7434 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -1301,7 +1301,8 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
     * so the exchange is being malicious in an unfamilair way, maybe
     * just trying to crash us.  Arguably, we've only an internal error
     * though because we should've detected this in our previous call
-     * to GNUNET_CRYPTO_rsa_unblind. */return GNUNET_NO;
+     * to GNUNET_CRYPTO_rsa_unblind. *///
+    return GNUNET_NO;
  }
  data = mpi_to_sexp (r);
author	Christian Grothoff <christian@grothoff.org>	2020-07-02 20:14:13 +0200
committer	Christian Grothoff <christian@grothoff.org>	2020-07-02 20:14:13 +0200
commit	78998923980d1813bbf34052e7167a0cb19aa06f (patch)
tree	67a99b953ac9dc4452a72c5d69cbd1693ab56831 /src
parent	fd9b241cafa715b0da84cdd03f53387082b373f7 (diff)
parent	406e2ee8835abcad5356cb4921d76a6ffe28b7c6 (diff)
download	gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.tar.gz gnunet-78998923980d1813bbf34052e7167a0cb19aa06f.zip