Merge branch 'master' of gnunet.org:gnunet

author: Nils Gillmann <ng0@n0.is> 2018-05-17 13:39:09 +0000
committer: Nils Gillmann <ng0@n0.is> 2018-05-17 13:39:09 +0000
commit: 9f722a29b9f7abbb9d8d1de63a72d09588c02f91 (patch)
tree: 32913cdeb7364ad71a58d239be224ae29d900aaf /src
parent: c7e03281601aa687030fe3d561e1d693a46bba21 (diff)
parent: dd8289771b35e5ea36ebdcbfd5b09b599bd59c67 (diff)
download: gnunet-9f722a29b9f7abbb9d8d1de63a72d09588c02f91.tar.gz
gnunet-9f722a29b9f7abbb9d8d1de63a72d09588c02f91.zip
14 files changed, 665 insertions, 286 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c
index fb91a4a6a..75d454522 100644
--- a/src/cadet/gnunet-service-cadet_tunnels.c
+++ b/src/cadet/gnunet-service-cadet_tunnels.c
@@ -1,6 +1,6 @@
 /*
     This file is part of GNUnet.
-     Copyright (C) 2013, 2017 GNUnet e.V.
+     Copyright (C) 2013, 2017, 2018 GNUnet e.V.
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
@@ -187,6 +187,12 @@ struct CadetTunnelAxolotl
  struct GNUNET_CRYPTO_EcdhePublicKey DHRr;
  /**
+   * Last ephemeral public key received from the other peer,
+   * for duplicate detection.
+   */
+  struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
+  /**
   * Time when the current ratchet expires and a new one is triggered
   * (if @e ratchet_allowed is #GNUNET_YES).
   */
@@ -453,6 +459,29 @@ struct CadetTunnel
 /**
+ * Am I Alice or Bob, or talking to myself?
+ *
+ * @param other the other peer
+ * @return #GNUNET_YES for Alice, #GNUNET_NO for Bob, #GNUNET_SYSERR if talking to myself
+ */
+static int
+alice_or_bob (const struct GNUNET_PeerIdentity *other)
+{
+  if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
+                                           other))
+    return GNUNET_YES;
+  else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
+                                                other))
+    return GNUNET_NO;
+  else
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+}
+/**
 * Connection @a ct is now unready, clear it's ready flag
 * and move it from the ready DLL to the busy DLL.
 *
@@ -1318,6 +1347,8 @@ send_kx (struct CadetTunnel *t,
  struct GNUNET_CADET_TunnelKeyExchangeMessage *msg;
  enum GNUNET_CADET_KX_Flags flags;
+  if (GNUNET_YES != alice_or_bob (GCP_get_id (t->destination)))
+    return; /* only Alice may send KX */
  if ( (NULL == ct) ||
       (GNUNET_NO == ct->is_ready) )
    ct = get_ready_connection (t);
@@ -1331,11 +1362,6 @@ send_kx (struct CadetTunnel *t,
    return;
  }
  cc = ct->cc;
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Sending KX on %s via %s in state %s\n",
-       GCT_2s (t),
-       GCC_2s (cc),
-       estate2s (t->estate));
  env = GNUNET_MQ_msg (msg,
                       GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX);
  flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
@@ -1356,6 +1382,10 @@ send_kx (struct CadetTunnel *t,
                       CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
  GCC_transmit (cc,
                env);
+  GNUNET_STATISTICS_update (stats,
+                            "# KX transmitted",
+                            1,
+                            GNUNET_NO);
 }
@@ -1394,11 +1424,6 @@ send_kx_auth (struct CadetTunnel *t,
  }
  t->kx_auth_requested = GNUNET_NO; /* clear flag */
  cc = ct->cc;
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Sending KX_AUTH on %s using %s\n",
-       GCT_2s (t),
-       GCC_2s (ct->cc));
  env = GNUNET_MQ_msg (msg,
                       GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH);
  flags = GNUNET_CADET_KX_FLAG_NONE;
@@ -1414,7 +1439,6 @@ send_kx_auth (struct CadetTunnel *t,
  GNUNET_CRYPTO_hash (&ax->RK,
                      sizeof (ax->RK),
                      &msg->auth);
  /* Compute when to be triggered again; actual job will
     be scheduled via #connection_ready_cb() */
  t->kx_retry_delay
@@ -1429,9 +1453,12 @@ send_kx_auth (struct CadetTunnel *t,
  if (CADET_TUNNEL_KEY_OK != t->estate)
    GCT_change_estate (t,
                       CADET_TUNNEL_KEY_AX_AUTH_SENT);
  GCC_transmit (cc,
                env);
+  GNUNET_STATISTICS_update (stats,
+                            "# KX_AUTH transmitted",
+                            1,
+                            GNUNET_NO);
 }
@@ -1476,66 +1503,57 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax,
  const char salt[] = "CADET Axolotl salt";
  int am_I_alice;
-  if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
+  if (GNUNET_SYSERR == (am_I_alice = alice_or_bob (pid)))
-                                           pid))
-    am_I_alice = GNUNET_YES;
-  else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
-                                                pid))
-    am_I_alice = GNUNET_NO;
-  else
  {
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
  if (0 == memcmp (&ax->DHRr,
                   ratchet_key,
                   sizeof (*ratchet_key)))
  {
+    GNUNET_STATISTICS_update (stats,
+                              "# Ratchet key already known",
+                              1,
+                              GNUNET_NO);
    LOG (GNUNET_ERROR_TYPE_DEBUG,
         "Ratchet key already known. Ignoring KX.\n");
    return GNUNET_NO;
  }
  ax->DHRr = *ratchet_key;
+  ax->last_ephemeral = *ephemeral_key;
  /* ECDH A B0 */
  if (GNUNET_YES == am_I_alice)
  {
-    GNUNET_CRYPTO_eddsa_ecdh (my_private_key,      /* A */
+    GNUNET_CRYPTO_eddsa_ecdh (my_private_key,      /* a */
-                              ephemeral_key, /* B0 */
+                              ephemeral_key,       /* B0 */
                              &key_material[0]);
  }
  else
  {
-    GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0,            /* B0 */
+    GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0,            /* b0 */
-                              &pid->public_key,    /* A */
+                              &pid->public_key,     /* A */
                              &key_material[0]);
  }
  /* ECDH A0 B */
  if (GNUNET_YES == am_I_alice)
  {
-    GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0,            /* A0 */
+    GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0,            /* a0 */
-                              &pid->public_key,    /* B */
+                              &pid->public_key,     /* B */
                              &key_material[1]);
  }
  else
  {
-    GNUNET_CRYPTO_eddsa_ecdh (my_private_key,      /* A */
+    GNUNET_CRYPTO_eddsa_ecdh (my_private_key,      /* b  */
-                              ephemeral_key, /* B0 */
+                              ephemeral_key,       /* A0 */
                              &key_material[1]);
  }
  /* ECDH A0 B0 */
-  /* (This is the triple-DH, we could probably safely skip this,
+  GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0,             /* a0 or b0 */
-     as A0/B0 are already in the key material.) */
+                          ephemeral_key,         /* B0 or A0 */
-  GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0,             /* A0 or B0 */
-                          ephemeral_key,  /* B0 or A0 */
                          &key_material[2]);
  /* KDF */
  GNUNET_CRYPTO_kdf (keys, sizeof (keys),
                     salt, sizeof (salt),
@@ -1547,7 +1565,11 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax,
                   sizeof (ax->RK)))
  {
    LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Root key of handshake already known. Ignoring KX.\n");
+         "Root key already known. Ignoring KX.\n");
+    GNUNET_STATISTICS_update (stats,
+                              "# Root key already known",
+                              1,
+                              GNUNET_NO);
    return GNUNET_NO;
  }
@@ -1592,75 +1614,75 @@ retry_kx (void *cls)
       GCT_2s (t),
       estate2s (t->estate));
  switch (t->estate)
-  {
-  case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
-  case CADET_TUNNEL_KEY_AX_SENT:       /* trying again */
-    send_kx (t,
-             NULL,
-             &t->ax);
-    break;
-  case CADET_TUNNEL_KEY_AX_RECV:
-  case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
-    /* We are responding, so only require reply
-       if WE have a channel waiting. */
-    if (NULL != t->unverified_ax)
    {
-      /* Send AX_AUTH so we might get this one verified */
+    case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
-      ax = t->unverified_ax;
+    case CADET_TUNNEL_KEY_AX_SENT:       /* trying again */
-    }
+      send_kx (t,
-    else
+               NULL,
-    {
+               &t->ax);
-      /* How can this be? */
+      break;
-      GNUNET_break (0);
+    case CADET_TUNNEL_KEY_AX_RECV:
-      ax = &t->ax;
+    case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
-    }
+      /* We are responding, so only require reply
-    send_kx_auth (t,
+         if WE have a channel waiting. */
-                  NULL,
+      if (NULL != t->unverified_ax)
-                  ax,
+        {
-                  (0 == GCT_count_channels (t))
+          /* Send AX_AUTH so we might get this one verified */
-                  ? GNUNET_NO
+          ax = t->unverified_ax;
-                  : GNUNET_YES);
+        }
-    break;
+      else
-  case CADET_TUNNEL_KEY_AX_AUTH_SENT:
+        {
-    /* We are responding, so only require reply
+          /* How can this be? */
-       if WE have a channel waiting. */
+          GNUNET_break (0);
-    if (NULL != t->unverified_ax)
+          ax = &t->ax;
-    {
+        }
-      /* Send AX_AUTH so we might get this one verified */
+      send_kx_auth (t,
-      ax = t->unverified_ax;
+                    NULL,
-    }
+                    ax,
-    else
+                    (0 == GCT_count_channels (t))
-    {
+                    ? GNUNET_NO
-      /* How can this be? */
+                    : GNUNET_YES);
-      GNUNET_break (0);
+      break;
-      ax = &t->ax;
+    case CADET_TUNNEL_KEY_AX_AUTH_SENT:
-    }
+      /* We are responding, so only require reply
-    send_kx_auth (t,
+         if WE have a channel waiting. */
-                  NULL,
+      if (NULL != t->unverified_ax)
-                  ax,
+        {
-                  (0 == GCT_count_channels (t))
+          /* Send AX_AUTH so we might get this one verified */
-                  ? GNUNET_NO
+          ax = t->unverified_ax;
-                  : GNUNET_YES);
+        }
-    break;
+      else
-  case CADET_TUNNEL_KEY_OK:
+        {
-    /* Must have been the *other* peer asking us to
+          /* How can this be? */
-       respond with a KX_AUTH. */
+          GNUNET_break (0);
-    if (NULL != t->unverified_ax)
+          ax = &t->ax;
-    {
+        }
-      /* Sending AX_AUTH in response to AX so we might get this one verified */
+      send_kx_auth (t,
-      ax = t->unverified_ax;
+                    NULL,
-    }
+                    ax,
-    else
+                    (0 == GCT_count_channels (t))
-    {
+                    ? GNUNET_NO
-      /* Sending AX_AUTH in response to AX_AUTH */
+                    : GNUNET_YES);
-      ax = &t->ax;
+      break;
+    case CADET_TUNNEL_KEY_OK:
+      /* Must have been the *other* peer asking us to
+         respond with a KX_AUTH. */
+      if (NULL != t->unverified_ax)
+        {
+          /* Sending AX_AUTH in response to AX so we might get this one verified */
+          ax = t->unverified_ax;
+        }
+      else
+        {
+          /* Sending AX_AUTH in response to AX_AUTH */
+          ax = &t->ax;
+        }
+      send_kx_auth (t,
+                    NULL,
+                    ax,
+                    GNUNET_NO);
+      break;
    }
-    send_kx_auth (t,
-                  NULL,
-                  ax,
-                  GNUNET_NO);
-    break;
-  }
 }
@@ -1677,76 +1699,110 @@ GCT_handle_kx (struct CadetTConnection *ct,
               const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
 {
  struct CadetTunnel *t = ct->t;
-  struct CadetTunnelAxolotl *ax;
  int ret;
-  if (0 ==
+  GNUNET_STATISTICS_update (stats,
-      memcmp (&t->ax.DHRr,
+                            "# KX received",
-              &msg->ratchet_key,
+                            1,
-              sizeof (msg->ratchet_key)))
+                            GNUNET_NO);
+  if (GNUNET_YES == alice_or_bob (GCP_get_id (t->destination)))
  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
+    /* Bob is not allowed to send KX! */
-         "Got duplicate KX. Firing back KX_AUTH.\n");
+    GNUNET_break_op (0);
-    send_kx_auth (t,
-                  ct,
-                  &t->ax,
-                  GNUNET_NO);
    return;
  }
+#if 1
+  if ( (0 ==
+        memcmp (&t->ax.DHRr,
+                &msg->ratchet_key,
+                sizeof (msg->ratchet_key))) &&
+       (0 ==
+        memcmp (&t->ax.last_ephemeral,
+                &msg->ephemeral_key,
+                sizeof (msg->ephemeral_key))) )
+    {
+      GNUNET_STATISTICS_update (stats,
+                                "# Duplicate KX received",
+                                1,
+                                GNUNET_NO);
+      send_kx_auth (t,
+                    ct,
+                    &t->ax,
+                    GNUNET_NO);
+      return;
+    }
+#endif
  /* We only keep ONE unverified KX around, so if there is an existing one,
     clean it up. */
  if (NULL != t->unverified_ax)
  {
-    if (0 ==
+    if ( (0 ==
-        memcmp (&t->unverified_ax->DHRr,
+          memcmp (&t->unverified_ax->DHRr,
-                &msg->ratchet_key,
+                  &msg->ratchet_key,
-                sizeof (msg->ratchet_key)))
+                  sizeof (msg->ratchet_key))) &&
+         (0 ==
+          memcmp (&t->unverified_ax->last_ephemeral,
+                  &msg->ephemeral_key,
+                  sizeof (msg->ephemeral_key))) )
    {
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
+      GNUNET_STATISTICS_update (stats,
-           "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n",
+                                "# Duplicate unverified KX received",
-           GCT_2s (t));
+                                1,
+                                GNUNET_NO);
+#if 1
      send_kx_auth (t,
                    ct,
                    t->unverified_ax,
                    GNUNET_NO);
      return;
+#endif
    }
    LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Dropping old unverified KX state. Got a fresh KX for %s.\n",
+         "Dropping old unverified KX state.\n");
-         GCT_2s (t));
+    GNUNET_STATISTICS_update (stats,
+                              "# Unverified KX dropped for fresh KX",
+                              1,
+                              GNUNET_NO);
+    GNUNET_break (NULL == t->unverified_ax->skipped_head);
    memset (t->unverified_ax,
            0,
            sizeof (struct CadetTunnelAxolotl));
-    t->unverified_ax->DHRs = t->ax.DHRs;
-    t->unverified_ax->kx_0 = t->ax.kx_0;
  }
  else
  {
    LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Creating fresh unverified KX for %s.\n",
+         "Creating fresh unverified KX for %s\n",
         GCT_2s (t));
+    GNUNET_STATISTICS_update (stats,
+                              "# Fresh KX setup",
+                              1,
+                              GNUNET_NO);
    t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl);
-    t->unverified_ax->DHRs = t->ax.DHRs;
-    t->unverified_ax->kx_0 = t->ax.kx_0;
  }
  /* Set as the 'current' RK/DHRr the one we are currently using,
     so that the duplicate-detection logic of
     #update_ax_by_kx can work. */
  t->unverified_ax->RK = t->ax.RK;
  t->unverified_ax->DHRr = t->ax.DHRr;
+  t->unverified_ax->DHRs = t->ax.DHRs;
+  t->unverified_ax->kx_0 = t->ax.kx_0;
  t->unverified_attempts = 0;
-  ax = t->unverified_ax;
  /* Update 'ax' by the new key material */
-  ret = update_ax_by_kx (ax,
+  ret = update_ax_by_kx (t->unverified_ax,
                         GCP_get_id (t->destination),
                         &msg->ephemeral_key,
                         &msg->ratchet_key);
  GNUNET_break (GNUNET_SYSERR != ret);
  if (GNUNET_OK != ret)
+  {
+    GNUNET_STATISTICS_update (stats,
+                              "# Useless KX",
+                              1,
+                              GNUNET_NO);
    return; /* duplicate KX, nothing to do */
+  }
  /* move ahead in our state machine */
  if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
    GCT_change_estate (t,
@@ -1782,6 +1838,10 @@ GCT_handle_kx_auth (struct CadetTConnection *ct,
  struct GNUNET_HashCode kx_auth;
  int ret;
+  GNUNET_STATISTICS_update (stats,
+                            "# KX_AUTH received",
+                            1,
+                            GNUNET_NO);
  if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
       (CADET_TUNNEL_KEY_AX_RECV == t->estate) )
  {
@@ -1794,7 +1854,6 @@ GCT_handle_kx_auth (struct CadetTConnection *ct,
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Handling KX_AUTH message for %s\n",
       GCT_2s (t));
  /* We do everything in ax_tmp until we've checked the authentication
     so we don't clobber anything we care about by accident. */
  ax_tmp = t->ax;
@@ -1828,9 +1887,13 @@ GCT_handle_kx_auth (struct CadetTConnection *ct,
                              "# KX_AUTH not using our last KX received (auth failure)",
                              1,
                              GNUNET_NO);
-    send_kx (t,
+    LOG (GNUNET_ERROR_TYPE_WARNING,
-             ct,
+         "KX AUTH missmatch!\n");
-             &t->ax);
+    if (NULL == t->kx_task)
+      t->kx_task
+        = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
+                                   &retry_kx,
+                                   t);
    return;
  }
  /* Yep, we're good. */
diff --git a/src/dns/.gitignore b/src/dns/.gitignore
index f045f806a..d3a62470e 100644
--- a/src/dns/.gitignore
+++ b/src/dns/.gitignore
@@ -4,3 +4,4 @@ gnunet-dns-redirector
 gnunet-helper-dns
 test_hexcoder
 gnunet-zoneimport
+gnunet-zonewalk
diff --git a/src/gns/gnunet-gns-benchmark.c b/src/gns/gnunet-gns-benchmark.c
index afa540c85..d5afae9f6 100644
--- a/src/gns/gnunet-gns-benchmark.c
+++ b/src/gns/gnunet-gns-benchmark.c
@@ -492,7 +492,7 @@ process_stdin (void *cls)
      delta = GNUNET_TIME_absolute_get_duration (last);
      last = GNUNET_TIME_absolute_get ();
      fprintf (stderr,
-               "Read 10000 domain names in %s\n",
+               "Read 100000 domain names in %s\n",
               GNUNET_STRINGS_relative_time_to_string (delta,
                                                       GNUNET_YES));
    }
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 08663a57e..02ebcf0f1 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -1801,6 +1801,23 @@ create_response (void *cls,
      curl_easy_setopt (s5r->curl, CURLOPT_WRITEDATA, s5r);
      curl_easy_setopt (s5r->curl, CURLOPT_READFUNCTION, &curl_upload_cb);
      curl_easy_setopt (s5r->curl, CURLOPT_READDATA, s5r);
+      {
+        const char *us;
+        long upload_size;
+        us = MHD_lookup_connection_value (con,
+                                          MHD_HEADER_KIND,
+                                          MHD_HTTP_HEADER_CONTENT_LENGTH);
+        if ( (1 == sscanf (us,
+                           "%ld",
+                           &upload_size)) &&
+             (upload_size >= 0) )
+        {
+          curl_easy_setopt (s5r->curl,
+                            CURLOPT_INFILESIZE,
+                            upload_size);
+        }
+      }
    }
    else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_POST))
    {
@@ -1810,6 +1827,23 @@ create_response (void *cls,
      curl_easy_setopt (s5r->curl, CURLOPT_WRITEDATA, s5r);
      curl_easy_setopt (s5r->curl, CURLOPT_READFUNCTION, &curl_upload_cb);
      curl_easy_setopt (s5r->curl, CURLOPT_READDATA, s5r);
+      {
+        const char *us;
+        long upload_size;
+        us = MHD_lookup_connection_value (con,
+                                          MHD_HEADER_KIND,
+                                          MHD_HTTP_HEADER_CONTENT_LENGTH);
+        if ( (1 == sscanf (us,
+                           "%ld",
+                           &upload_size)) &&
+             (upload_size >= 0) )
+        {
+          curl_easy_setopt (s5r->curl,
+                            CURLOPT_INFILESIZE,
+                            upload_size);
+        }
+      }
    }
    else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_HEAD))
    {
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index c376ddfcc..cffae824d 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -296,7 +296,6 @@ client_disconnect_cb (void *cls,
                                 clh);
    GNUNET_free (clh);
  }
  GNUNET_free (gc);
 }
@@ -340,26 +339,29 @@ send_lookup_response (void* cls,
                      const struct GNUNET_GNSRECORD_Data *rd)
 {
  struct ClientLookupHandle *clh = cls;
-  struct GNUNET_MQ_Envelope *env;
+  struct GnsClient *gc = clh->gc;
+ struct GNUNET_MQ_Envelope *env;
  struct LookupResultMessage *rmsg;
  size_t len;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Sending LOOKUP_RESULT message with %u results\n",
              (unsigned int) rd_count);
+  len = GNUNET_GNSRECORD_records_get_size (rd_count,
-  len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
+                                           rd);
  env = GNUNET_MQ_msg_extra (rmsg,
                             len,
                             GNUNET_MESSAGE_TYPE_GNS_LOOKUP_RESULT);
  rmsg->id = clh->request_id;
  rmsg->rd_count = htonl (rd_count);
-  GNUNET_GNSRECORD_records_serialize (rd_count, rd, len,
+  GNUNET_GNSRECORD_records_serialize (rd_count,
+                                      rd,
+                                      len,
                                      (char*) &rmsg[1]);
-  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(clh->gc->client),
+  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (gc->client),
                  env);
-  GNUNET_CONTAINER_DLL_remove (clh->gc->clh_head,
+  GNUNET_CONTAINER_DLL_remove (gc->clh_head,
-                               clh->gc->clh_tail,
+                               gc->clh_tail,
                               clh);
  GNUNET_free (clh);
  GNUNET_STATISTICS_update (statistics,
@@ -428,7 +430,6 @@ handle_lookup (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received LOOKUP `%s' message\n",
              name);
  clh = GNUNET_new (struct ClientLookupHandle);
  GNUNET_CONTAINER_DLL_insert (gc->clh_head,
                               gc->clh_tail,
diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h
index 0fb39575c..0c527e774 100644
--- a/src/include/gnunet_common.h
+++ b/src/include/gnunet_common.h
@@ -592,7 +592,7 @@ GNUNET_sh2s (const struct GNUNET_ShortHashCode *shc);
 * @return string
 */
 const char *
-GNUNET_h2s (const struct GNUNET_HashCode * hc);
+GNUNET_h2s (const struct GNUNET_HashCode *hc);
 /**
@@ -607,7 +607,7 @@ GNUNET_h2s (const struct GNUNET_HashCode * hc);
 * @return string
 */
 const char *
-GNUNET_h2s2 (const struct GNUNET_HashCode * hc);
+GNUNET_h2s2 (const struct GNUNET_HashCode *hc);
 /**
@@ -621,7 +621,71 @@ GNUNET_h2s2 (const struct GNUNET_HashCode * hc);
 * @return string
 */
 const char *
-GNUNET_h2s_full (const struct GNUNET_HashCode * hc);
+GNUNET_h2s_full (const struct GNUNET_HashCode *hc);
+/**
+ * Public key. Details in gnunet_util_crypto.h.
+ */
+struct GNUNET_CRYPTO_EddsaPublicKey;
+/**
+ * Public key. Details in gnunet_util_crypto.h.
+ */
+struct GNUNET_CRYPTO_EcdhePublicKey;
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_p2s (const struct GNUNET_CRYPTO_EddsaPublicKey *p);
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_p2s2 (const struct GNUNET_CRYPTO_EddsaPublicKey *p);
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_e2s (const struct GNUNET_CRYPTO_EcdhePublicKey *p);
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_e2s2 (const struct GNUNET_CRYPTO_EcdhePublicKey *p);
 /**
diff --git a/src/rps/test_rps.c b/src/rps/test_rps.c
index b433a51d4..bae28428f 100644
--- a/src/rps/test_rps.c
+++ b/src/rps/test_rps.c
@@ -2180,22 +2180,25 @@ void view_update_cb (void *cls,
         rps_peer->index,
         count_peer_in_views_2 (rps_peer->index));
  cumulated_view_sizes();
-  to_file ("/tmp/rps/repr.txt",
+  if (0 != view_size)
-         "%" PRIu64 /* index */
+  {
-         " %" PRIu32 /* occurrence in views */
+    to_file ("/tmp/rps/repr.txt",
-         " %" PRIu32 /* view sizes */
+           "%" PRIu64 /* index */
-         " %f" /* fraction of repr in views */
+           " %" PRIu32 /* occurrence in views */
-         " %f" /* average view size */
+           " %" PRIu32 /* view sizes */
-         " %f" /* prob of occurrence in view slot */
+           " %f" /* fraction of repr in views */
-         " %f" "", /* exp frac of repr in views */
+           " %f" /* average view size */
-         rps_peer->index,
+           " %f" /* prob of occurrence in view slot */
-         count_peer_in_views_2 (rps_peer->index),
+           " %f" "", /* exp frac of repr in views */
-         view_sizes,
+           rps_peer->index,
-         count_peer_in_views_2 (rps_peer->index) / (view_size * 1.0), /* fraction of representation in views */
+           count_peer_in_views_2 (rps_peer->index),
-         view_sizes / (view_size * 1.0), /* average view size */
+           view_sizes,
-         1.0 /view_size, /* prob of occurrence in view slot */
+           count_peer_in_views_2 (rps_peer->index) / (view_size * 1.0), /* fraction of representation in views */
-         (1.0/view_size) * (view_sizes/view_size) /* expected fraction of repr in views */
+           view_sizes / (view_size * 1.0), /* average view size */
-         );
+           1.0 /view_size, /* prob of occurrence in view slot */
+           (1.0/view_size) * (view_sizes/view_size) /* expected fraction of repr in views */
+           );
+  }
  compute_probabilities (rps_peer->index);
  all_views_updated_cb();
 }
@@ -2770,7 +2773,7 @@ main (int argc, char *argv[])
    cur_test_run.main_test = churn_test_cb;
    cur_test_run.reply_handle = default_reply_handle;
    cur_test_run.eval_cb = default_eval_cb;
-    cur_test_run.have_churn = HAVE_CHURN;
+    cur_test_run.have_churn = HAVE_NO_CHURN;
    cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
    timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10);
  }
@@ -2779,7 +2782,7 @@ main (int argc, char *argv[])
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "This is the profiler\n");
    cur_test_run.name = "test-rps-profiler";
-    num_peers = 10;
+    num_peers = 100;
    mal_type = 3;
    cur_test_run.init_peer = profiler_init_peer;
    //cur_test_run.pre_test = mal_pre;
@@ -2790,7 +2793,8 @@ main (int argc, char *argv[])
    cur_test_run.post_test = post_profiler;
    cur_test_run.request_interval = 2;
    cur_test_run.num_requests = 5;
-    cur_test_run.have_churn = HAVE_CHURN;
+    //cur_test_run.have_churn = HAVE_CHURN;
+    cur_test_run.have_churn = HAVE_NO_CHURN;
    cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
    cur_test_run.have_collect_statistics = COLLECT_STATISTICS;
    cur_test_run.stat_collect_flags = STAT_TYPE_ROUNDS |
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index eb655157d..407f482df 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -598,4 +598,5 @@ EXTRA_DIST = \
  test_resolver_api_data.conf \
  test_service_data.conf \
  test_speedup_data.conf \
-  gnunet-qr.py.in
+  gnunet-qr.py.in \
+  crypto_bug.c
diff --git a/src/util/common_logging.c b/src/util/common_logging.c
index ea5430191..df501fbcd 100644
--- a/src/util/common_logging.c
+++ b/src/util/common_logging.c
@@ -1192,6 +1192,106 @@ GNUNET_h2s2 (const struct GNUNET_HashCode * hc)
 /**
 * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_p2s (const struct GNUNET_CRYPTO_EddsaPublicKey *p)
+{
+  static struct GNUNET_CRYPTO_HashAsciiEncoded ret;
+  struct GNUNET_HashCode hc;
+  GNUNET_CRYPTO_hash (p,
+                      sizeof (*p),
+                      &hc);
+  GNUNET_CRYPTO_hash_to_enc (&hc,
+                             &ret);
+  ret.encoding[6] = '\0';
+  return (const char *) ret.encoding;
+}
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_p2s2 (const struct GNUNET_CRYPTO_EddsaPublicKey *p)
+{
+  static struct GNUNET_CRYPTO_HashAsciiEncoded ret;
+  struct GNUNET_HashCode hc;
+  GNUNET_CRYPTO_hash (p,
+                      sizeof (*p),
+                      &hc);
+  GNUNET_CRYPTO_hash_to_enc (&hc,
+                             &ret);
+  ret.encoding[6] = '\0';
+  return (const char *) ret.encoding;
+}
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_e2s (const struct GNUNET_CRYPTO_EcdhePublicKey *p)
+{
+  static struct GNUNET_CRYPTO_HashAsciiEncoded ret;
+  struct GNUNET_HashCode hc;
+  GNUNET_CRYPTO_hash (p,
+                      sizeof (*p),
+                      &hc);
+  GNUNET_CRYPTO_hash_to_enc (&hc,
+                             &ret);
+  ret.encoding[6] = '\0';
+  return (const char *) ret.encoding;
+}
+/**
+ * @ingroup logging
+ * Convert a public key value to a string (for printing debug messages).
+ * This is one of the very few calls in the entire API that is
+ * NOT reentrant!
+ *
+ * @param hc the hash code
+ * @return string
+ */
+const char *
+GNUNET_e2s2 (const struct GNUNET_CRYPTO_EcdhePublicKey *p)
+{
+  static struct GNUNET_CRYPTO_HashAsciiEncoded ret;
+  struct GNUNET_HashCode hc;
+  GNUNET_CRYPTO_hash (p,
+                      sizeof (*p),
+                      &hc);
+  GNUNET_CRYPTO_hash_to_enc (&hc,
+                             &ret);
+  ret.encoding[6] = '\0';
+  return (const char *) ret.encoding;
+}
+/**
+ * @ingroup logging
 * Convert a short hash value to a string (for printing debug messages).
 * This is one of the very few calls in the entire API that is
 * NOT reentrant!
diff --git a/src/util/crypto_bug.c b/src/util/crypto_bug.c
new file mode 100644
index 000000000..c25e79c63
--- /dev/null
+++ b/src/util/crypto_bug.c
@@ -0,0 +1,79 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2018 GNUnet e.V.
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+/**
+ * @file util/crypto_bug.c
+ * @brief work around unidentified public key cryptography bug
+ * @author Christian Grothoff
+ */
+/**
+ * Enable work-around.  Will cause code to call #check_eddsa_key() to
+ * see if we have a bad key, and if so, create a new one.
+ */
+#define CRYPTO_BUG 1
+#if CRYPTO_BUG
+/**
+ * Check if ECDH works with @a priv_dsa and this version
+ * of libgcrypt.
+ *
+ * @param priv_dsa key to check
+ * @return #GNUNET_OK if key passes
+ */
+static int
+check_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa)
+{
+  struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh;
+  struct GNUNET_CRYPTO_EddsaPublicKey id1;
+  struct GNUNET_CRYPTO_EcdhePublicKey id2;
+  struct GNUNET_HashCode dh[2];
+  GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa,
+                                      &id1);
+  for (unsigned int j=0;j<4;j++)
+  {
+    priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create ();
+    /* Extract public keys */
+    GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh,
+                                        &id2);
+    /* Do ECDH */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_eddsa_ecdh (priv_dsa,
+                                             &id2,
+                                             &dh[0]));
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh,
+                                             &id1,
+                                             &dh[1]));
+    /* Check that both DH results are equal. */
+    if (0 != memcmp (&dh[0],
+                     &dh[1],
+                     sizeof (struct GNUNET_HashCode)))
+    {
+      GNUNET_break (0); /* bad EdDSA key! */
+      return GNUNET_SYSERR;
+    }
+    GNUNET_free (priv_ecdh);
+  }
+  return GNUNET_OK;
+}
+#endif
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 5d5e8a9ce..1abf0fddc 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -52,6 +52,9 @@
 #define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0)
+#include "crypto_bug.c"
 /**
 * Extract values from an S-expression.
 *
@@ -455,7 +458,7 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
 int
 GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
                                             size_t enclen,
-                                             struct GNUNET_CRYPTO_EddsaPrivateKey *pub)
+                                             struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
 {
  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
@@ -465,10 +468,19 @@ GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
  if (enclen != keylen)
    return GNUNET_SYSERR;
-  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen,
+  if (GNUNET_OK !=
-                                                  pub,
+      GNUNET_STRINGS_string_to_data (enc, enclen,
-                                                  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
+                                     priv,
+                                     sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
    return GNUNET_SYSERR;
+#if CRYPTO_BUG
+  if (GNUNET_OK !=
+      check_eddsa_key (priv))
+  {
+    GNUNET_break (0);
+    return GNUNET_OK;
+  }
+#endif
  return GNUNET_OK;
 }
@@ -651,6 +663,9 @@ GNUNET_CRYPTO_eddsa_key_create ()
  gcry_mpi_t d;
  int rc;
+#if CRYPTO_BUG
+ again:
+#endif
  if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
                                  "(genkey(ecc(curve \"" CURVE "\")"
                                  "(flags eddsa)))")))
@@ -683,6 +698,17 @@ GNUNET_CRYPTO_eddsa_key_create ()
  priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey);
  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
  gcry_mpi_release (d);
+#if CRYPTO_BUG
+  if (GNUNET_OK !=
+      check_eddsa_key (priv))
+  {
+    GNUNET_break (0);
+    GNUNET_free (priv);
+    goto again;
+  }
+#endif
  return priv;
 }
@@ -1279,6 +1305,48 @@ eddsa_d_to_a (gcry_mpi_t d)
 /**
+ * Take point from ECDH and convert it to key material.
+ *
+ * @param result point from ECDH
+ * @param ctx ECC context
+ * @param key_material[out] set to derived key material
+ * @return #GNUNET_OK on success
+ */
+static int
+point_to_hash (gcry_mpi_point_t result,
+               gcry_ctx_t ctx,
+               struct GNUNET_HashCode *key_material)
+{
+  gcry_mpi_t result_x;
+  unsigned char xbuf[256 / 8];
+  size_t rsize;
+  /* finally, convert point to string for hashing */
+  result_x = gcry_mpi_new (256);
+  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
+    return GNUNET_SYSERR;
+  }
+  rsize = sizeof (xbuf);
+  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
+  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
+     as that does not include the sign bit; x should be a 255-bit
+     value, so with the sign it should fit snugly into the 256-bit
+     xbuf */
+  GNUNET_assert (0 ==
+                 gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize,
+                                 result_x));
+  GNUNET_CRYPTO_hash (xbuf,
+                      rsize,
+                      key_material);
+  gcry_mpi_release (result_x);
+  return GNUNET_OK;
+}
+/**
 * @ingroup crypto
 * Derive key material from a ECDH public key and a private EdDSA key.
 * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
@@ -1299,9 +1367,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
  gcry_mpi_t a;
  gcry_ctx_t ctx;
  gcry_sexp_t pub_sexpr;
-  gcry_mpi_t result_x;
+  int ret;
-  unsigned char xbuf[256 / 8];
-  size_t rsize;
  /* first, extract the q = dP value from the public key */
  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
@@ -1325,34 +1391,15 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
  gcry_mpi_point_release (q);
  gcry_mpi_release (a);
-  /* finally, convert point to string for hashing */
+  ret = point_to_hash (result,
-  result_x = gcry_mpi_new (256);
+                       ctx,
-  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
+                       key_material);
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
-    gcry_mpi_point_release (result);
-    gcry_ctx_release (ctx);
-    return GNUNET_SYSERR;
-  }
  gcry_mpi_point_release (result);
  gcry_ctx_release (ctx);
+  return ret;
-  rsize = sizeof (xbuf);
-  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
-  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
-     as that does not include the sign bit; x should be a 255-bit
-     value, so with the sign it should fit snugly into the 256-bit
-     xbuf */
-  GNUNET_assert (0 ==
-                 gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize,
-                                 result_x));
-  GNUNET_CRYPTO_hash (xbuf,
-                      rsize,
-                      key_material);
-  gcry_mpi_release (result_x);
-  return GNUNET_OK;
 }
 /**
 * @ingroup crypto
 * Derive key material from a ECDH public key and a private ECDSA key.
@@ -1373,9 +1420,7 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
  gcry_mpi_t d;
  gcry_ctx_t ctx;
  gcry_sexp_t pub_sexpr;
-  gcry_mpi_t result_x;
+  int ret;
-  unsigned char xbuf[256 / 8];
-  size_t rsize;
  /* first, extract the q = dP value from the public key */
  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
@@ -1396,31 +1441,12 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
  gcry_mpi_release (d);
  /* finally, convert point to string for hashing */
-  result_x = gcry_mpi_new (256);
+  ret = point_to_hash (result,
-  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
+                       ctx,
-  {
+                       key_material);
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
-    gcry_mpi_point_release (result);
-    gcry_ctx_release (ctx);
-    return GNUNET_SYSERR;
-  }
  gcry_mpi_point_release (result);
  gcry_ctx_release (ctx);
+  return ret;
-  rsize = sizeof (xbuf);
-  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
-  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
-     as that does not include the sign bit; x should be a 255-bit
-     value, so with the sign it should fit snugly into the 256-bit
-     xbuf */
-  GNUNET_assert (0 ==
-                 gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize,
-                                 result_x));
-  GNUNET_CRYPTO_hash (xbuf,
-                      rsize,
-                      key_material);
-  gcry_mpi_release (result_x);
-  return GNUNET_OK;
 }
@@ -1445,9 +1471,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  gcry_mpi_t d;
  gcry_ctx_t ctx;
  gcry_sexp_t pub_sexpr;
-  gcry_mpi_t result_x;
+  int ret;
-  unsigned char xbuf[256 / 8];
-  size_t rsize;
  /* first, extract the q = dP value from the public key */
  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
@@ -1468,31 +1492,12 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  gcry_mpi_release (d);
  /* finally, convert point to string for hashing */
-  result_x = gcry_mpi_new (256);
+  ret = point_to_hash (result,
-  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
+                       ctx,
-  {
+                       key_material);
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
-    gcry_mpi_point_release (result);
-    gcry_ctx_release (ctx);
-    return GNUNET_SYSERR;
-  }
  gcry_mpi_point_release (result);
  gcry_ctx_release (ctx);
+  return ret;
-  rsize = sizeof (xbuf);
-  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
-  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
-     as that does not include the sign bit; x should be a 255-bit
-     value, so with the sign it should fit snugly into the 256-bit
-     xbuf */
-  GNUNET_assert (0 ==
-                 gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize,
-                                 result_x));
-  GNUNET_CRYPTO_hash (xbuf,
-                      rsize,
-                      key_material);
-  gcry_mpi_release (result_x);
-  return GNUNET_OK;
 }
 /**
diff --git a/src/util/crypto_ecc_setup.c b/src/util/crypto_ecc_setup.c
index e7caf9ded..76c25dc70 100644
--- a/src/util/crypto_ecc_setup.c
+++ b/src/util/crypto_ecc_setup.c
@@ -41,6 +41,9 @@
 #define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0)
+#include "crypto_bug.c"
 /**
 * Wait for a short time (we're trying to lock a file or want
 * to give another process a shot at finishing a disk write, etc.).
@@ -221,6 +224,15 @@ GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
                       filename);
  GNUNET_assert (GNUNET_YES ==
                 GNUNET_DISK_file_close (fd));
+#if CRYPTO_BUG
+  if (GNUNET_OK !=
+      check_eddsa_key (priv))
+  {
+    GNUNET_break (0);
+    GNUNET_free (priv);
+    return NULL;
+  }
+#endif
  return priv;
 }
@@ -248,7 +260,7 @@ GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
  int ec;
  uint64_t fs;
  ssize_t sret;
-  
  if (GNUNET_SYSERR ==
      GNUNET_DISK_directory_create_for_file (filename))
    return NULL;
diff --git a/src/util/test_crypto_ecdh_eddsa.c b/src/util/test_crypto_ecdh_eddsa.c
index ec7819c3b..356c64bf1 100644
--- a/src/util/test_crypto_ecdh_eddsa.c
+++ b/src/util/test_crypto_ecdh_eddsa.c
@@ -36,30 +36,35 @@ test_ecdh()
  struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh;
  struct GNUNET_CRYPTO_EddsaPublicKey id1;
  struct GNUNET_CRYPTO_EcdhePublicKey id2;
-  struct GNUNET_HashCode dh[3];
+  struct GNUNET_HashCode dh[2];
  /* Generate keys */
  priv_dsa = GNUNET_CRYPTO_eddsa_key_create ();
-  priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create ();
-  /* Extract public keys */
  GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa,
                                      &id1);
-  GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh,
+  for (unsigned int j=0;j<10;j++)
-                                      &id2);
+  {
-  /* Do ECDH */
+    fprintf (stderr, ",");
-  GNUNET_assert (GNUNET_OK ==
+    priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create ();
-                 GNUNET_CRYPTO_eddsa_ecdh (priv_dsa,
+    /* Extract public keys */
-                                           &id2,
+    GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh,
-                                           &dh[0]));
+                                        &id2);
-  GNUNET_assert (GNUNET_OK ==
+    /* Do ECDH */
-                 GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh,
+    GNUNET_assert (GNUNET_OK ==
-                                           &id1,
+                   GNUNET_CRYPTO_eddsa_ecdh (priv_dsa,
-                                           &dh[1]));
+                                             &id2,
-  /* Check that both DH results are equal. */
+                                             &dh[0]));
-  GNUNET_assert (0 == memcmp (&dh[0], &dh[1],
+    GNUNET_assert (GNUNET_OK ==
-                              sizeof (struct GNUNET_HashCode)));
+                   GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh,
+                                             &id1,
+                                             &dh[1]));
+    /* Check that both DH results are equal. */
+    GNUNET_assert (0 == memcmp (&dh[0],
+                                &dh[1],
+                                sizeof (struct GNUNET_HashCode)));
+    GNUNET_free (priv_ecdh);
+  }
  GNUNET_free (priv_dsa);
-  GNUNET_free (priv_ecdh);
  return 0;
 }
@@ -75,10 +80,15 @@ main (int argc, char *argv[])
    return 0;
  }
  if (getenv ("GNUNET_GCRYPT_DEBUG"))
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
  GNUNET_log_setup ("test-crypto-ecdh-eddsa", "WARNING", NULL);
-  if (0 != test_ecdh())
+  for (unsigned int i=0;i<100;i++)
-    return 1;
+  {
+    fprintf (stderr,
+             ".");
+    if (0 != test_ecdh())
+      return 1;
+  }
  return 0;
 }
diff --git a/src/util/test_crypto_ecdhe.c b/src/util/test_crypto_ecdhe.c
index 0cfb7f2c3..d59562552 100644
--- a/src/util/test_crypto_ecdhe.c
+++ b/src/util/test_crypto_ecdhe.c
@@ -50,16 +50,21 @@ main (int argc, char *argv[])
    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
  GNUNET_log_setup ("test-crypto-ecdhe", "WARNING", NULL);
-  priv1 = GNUNET_CRYPTO_ecdhe_key_create ();
+  for (unsigned int i=0;i<100;i++)
-  priv2 = GNUNET_CRYPTO_ecdhe_key_create ();
+  {
-  GNUNET_CRYPTO_ecdhe_key_get_public (priv1, &pub1);
+    fprintf (stderr,
-  GNUNET_CRYPTO_ecdhe_key_get_public (priv2, &pub2);
+             ".");
-  GNUNET_CRYPTO_ecc_ecdh (priv1, &pub2, &ecdh1);
+    priv1 = GNUNET_CRYPTO_ecdhe_key_create ();
-  GNUNET_CRYPTO_ecc_ecdh (priv2, &pub1, &ecdh2);
+    priv2 = GNUNET_CRYPTO_ecdhe_key_create ();
-  GNUNET_assert (0 == memcmp (&ecdh1, &ecdh2,
+    GNUNET_CRYPTO_ecdhe_key_get_public (priv1, &pub1);
-                              sizeof (struct GNUNET_HashCode)));
+    GNUNET_CRYPTO_ecdhe_key_get_public (priv2, &pub2);
-  GNUNET_free (priv1);
+    GNUNET_CRYPTO_ecc_ecdh (priv1, &pub2, &ecdh1);
-  GNUNET_free (priv2);
+    GNUNET_CRYPTO_ecc_ecdh (priv2, &pub1, &ecdh2);
+    GNUNET_assert (0 == memcmp (&ecdh1, &ecdh2,
+                                sizeof (struct GNUNET_HashCode)));
+    GNUNET_free (priv1);
+    GNUNET_free (priv2);
+  }
  return 0;
 }
author	Nils Gillmann <ng0@n0.is>	2018-05-17 13:39:09 +0000
committer	Nils Gillmann <ng0@n0.is>	2018-05-17 13:39:09 +0000
commit	9f722a29b9f7abbb9d8d1de63a72d09588c02f91 (patch)
tree	32913cdeb7364ad71a58d239be224ae29d900aaf /src
parent	c7e03281601aa687030fe3d561e1d693a46bba21 (diff)
parent	dd8289771b35e5ea36ebdcbfd5b09b599bd59c67 (diff)
download	gnunet-9f722a29b9f7abbb9d8d1de63a72d09588c02f91.tar.gz gnunet-9f722a29b9f7abbb9d8d1de63a72d09588c02f91.zip