From 2e2abc61db54f3a25fcb261e2d93277673770d70 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 19 Oct 2021 13:55:28 +0200 Subject: make KDF conform to RFC 5869 --- src/util/crypto_hkdf.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index 7270b87b6..ba3626e1a 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c @@ -103,11 +103,29 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm, size_t skm_len, void *prk) { const void *ret; + size_t dlen; - ret = doHMAC (mac, xts, xts_len, skm, skm_len); + dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac)); + + /* sanity check to bound stack allocation */ + GNUNET_assert (dlen <= 512); + + /* From RFC 5869: + * salt - optional salt value (a non-secret random value); + * if not provided, it is set to a string of HashLen zeros. */ + + if (xts_len == 0) + { + char zero_salt[dlen] = { 0 }; + ret = doHMAC (mac, zero_salt, dlen, skm, skm_len); + } + else + { + ret = doHMAC (mac, xts, xts_len, skm, skm_len); + } if (ret == NULL) return GNUNET_SYSERR; - GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac))); + GNUNET_memcpy (prk, ret, dlen); return GNUNET_YES; } -- cgit v1.2.3 From 789268e1b9320a0757fe3c191767b155aedd351d Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 19 Oct 2021 13:59:42 +0200 Subject: kdf: zero out salt correctly --- src/util/crypto_hkdf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index ba3626e1a..4e4496819 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c @@ -116,7 +116,8 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm, if (xts_len == 0) { - char zero_salt[dlen] = { 0 }; + char zero_salt[dlen]; + memset (zero_salt, 0, dlen); ret = doHMAC (mac, zero_salt, dlen, skm, skm_len); } else -- cgit v1.2.3 From 1fcb8a7a58318499fde7b0ead553170ae8d47502 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 22 Oct 2021 18:37:14 +0200 Subject: -fix linker issue on Debian --- src/dhtu/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/dhtu/Makefile.am b/src/dhtu/Makefile.am index 772bee60a..0e10721cd 100644 --- a/src/dhtu/Makefile.am +++ b/src/dhtu/Makefile.am @@ -48,6 +48,7 @@ libgnunettestingdhtu_la_SOURCES = \ testing_dhtu_cmd_send.c libgnunettestingdhtu_la_LIBADD = \ $(top_builddir)/src/testing/libgnunettesting.la \ + $(top_builddir)/src/arm/libgnunetarm.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(LTLIBINTL) libgnunettestingdhtu_la_LDFLAGS = \ @@ -60,6 +61,7 @@ test_dhtu_ip_SOURCES = \ test_dhtu_ip.c test_dhtu_ip_LDADD = \ $(top_builddir)/src/testing/libgnunettesting.la \ + $(top_builddir)/src/arm/libgnunetarm.la \ $(top_builddir)/src/util/libgnunetutil.la check_PROGRAMS = \ -- cgit v1.2.3 From f94d9e793861c5e36d17f485c3c1a7053f86587e Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 23 Oct 2021 07:26:30 +0200 Subject: -style fixes --- src/include/gnunet_json_lib.h | 4 ++-- src/json/json.c | 2 +- src/pq/pq_result_helper.c | 43 +++++++++++++++++++++++++------------------ src/util/crypto_rsa.c | 23 +++++++++++++++++++---- 4 files changed, 47 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/src/include/gnunet_json_lib.h b/src/include/gnunet_json_lib.h index 92f696e08..5ef4592e5 100644 --- a/src/include/gnunet_json_lib.h +++ b/src/include/gnunet_json_lib.h @@ -107,9 +107,9 @@ struct GNUNET_JSON_Specification size_t *size_ptr; /** - * Set to #GNUNET_YES if this component is optional. + * Set to true if this component is optional. */ - int is_optional; + bool is_optional; }; diff --git a/src/json/json.c b/src/json/json.c index 51d5c0c72..6d11b4fdd 100644 --- a/src/json/json.c +++ b/src/json/json.c @@ -77,7 +77,7 @@ GNUNET_JSON_spec_mark_optional (struct GNUNET_JSON_Specification spec) { struct GNUNET_JSON_Specification ret = spec; - ret.is_optional = GNUNET_YES; + ret.is_optional = true; return ret; } diff --git a/src/pq/pq_result_helper.c b/src/pq/pq_result_helper.c index 23fb4f96e..f264603f4 100644 --- a/src/pq/pq_result_helper.c +++ b/src/pq/pq_result_helper.c @@ -127,10 +127,13 @@ GNUNET_PQ_result_spec_variable_size (const char *name, void **dst, size_t *sptr) { - struct GNUNET_PQ_ResultSpec res = - { &extract_varsize_blob, - &clean_varsize_blob, NULL, - (void *) (dst), 0, name, sptr }; + struct GNUNET_PQ_ResultSpec res = { + .conv = &extract_varsize_blob, + .cleaner = &clean_varsize_blob, + .dst = (void *) (dst), + .fname = name, + .result_size = sptr + }; return res; } @@ -207,10 +210,12 @@ GNUNET_PQ_result_spec_fixed_size (const char *name, void *dst, size_t dst_size) { - struct GNUNET_PQ_ResultSpec res = - { &extract_fixed_blob, - NULL, NULL, - (dst), dst_size, name, NULL }; + struct GNUNET_PQ_ResultSpec res = { + .conv = &extract_fixed_blob, + .dst = (dst), + .dst_size = dst_size, + .fname = name + }; return res; } @@ -301,11 +306,12 @@ struct GNUNET_PQ_ResultSpec GNUNET_PQ_result_spec_rsa_public_key (const char *name, struct GNUNET_CRYPTO_RsaPublicKey **rsa) { - struct GNUNET_PQ_ResultSpec res = - { &extract_rsa_public_key, - &clean_rsa_public_key, - NULL, - (void *) rsa, 0, name, NULL }; + struct GNUNET_PQ_ResultSpec res = { + .conv = &extract_rsa_public_key, + .cleaner = &clean_rsa_public_key, + .dst = (void *) rsa, + .fname = name + }; return res; } @@ -395,11 +401,12 @@ struct GNUNET_PQ_ResultSpec GNUNET_PQ_result_spec_rsa_signature (const char *name, struct GNUNET_CRYPTO_RsaSignature **sig) { - struct GNUNET_PQ_ResultSpec res = - { &extract_rsa_signature, - &clean_rsa_signature, - NULL, - (void *) sig, 0, (name), NULL }; + struct GNUNET_PQ_ResultSpec res = { + .conv = &extract_rsa_signature, + .cleaner = &clean_rsa_signature, + .dst = (void *) sig, + .fname = name + }; return res; } diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 4d3de00bc..f017d1f10 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c @@ -310,9 +310,15 @@ GNUNET_CRYPTO_rsa_public_key_encode ( struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr; int ret; - ret = key_from_sexp (ne, key->sexp, "public-key", "ne"); + ret = key_from_sexp (ne, + key->sexp, + "public-key", + "ne"); if (0 != ret) - ret = key_from_sexp (ne, key->sexp, "rsa", "ne"); + ret = key_from_sexp (ne, + key->sexp, + "rsa", + "ne"); if (0 != ret) { GNUNET_break (0); @@ -333,16 +339,25 @@ GNUNET_CRYPTO_rsa_public_key_encode ( (n_size > UINT16_MAX) ) { GNUNET_break (0); - *buffer = NULL; + if (NULL != buffer) + *buffer = NULL; gcry_mpi_release (ne[0]); gcry_mpi_release (ne[1]); return 0; } buf_size = n_size + e_size + sizeof (hdr); + if (NULL == buffer) + { + gcry_mpi_release (ne[0]); + gcry_mpi_release (ne[1]); + return buf_size; + } buf = GNUNET_malloc (buf_size); hdr.modulus_length = htons ((uint16_t) n_size); hdr.public_exponent_length = htons ((uint16_t) e_size); - memcpy (buf, &hdr, sizeof (hdr)); + memcpy (buf, + &hdr, + sizeof (hdr)); GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, (unsigned char *) &buf[sizeof (hdr)], -- cgit v1.2.3 From 30754bd441ae25b12537bb2b334c36af1ff93a46 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 25 Oct 2021 09:05:12 +0200 Subject: -cleanup --- src/json/json_helper.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src') diff --git a/src/json/json_helper.c b/src/json/json_helper.c index 55435ea19..3a11f205c 100644 --- a/src/json/json_helper.c +++ b/src/json/json_helper.c @@ -847,11 +847,8 @@ GNUNET_JSON_spec_rsa_public_key (const char *name, struct GNUNET_JSON_Specification ret = { .parser = &parse_rsa_public_key, .cleaner = &clean_rsa_public_key, - .cls = NULL, .field = name, - .ptr = pk, - .ptr_size = 0, - .size_ptr = NULL + .ptr = pk }; *pk = NULL; -- cgit v1.2.3 From 6a642f8f6060018115be1bf66826fc1c4676a015 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 28 Oct 2021 13:32:17 +0200 Subject: add logging for DB perf analysis --- src/pq/pq.c | 5 +++++ src/pq/pq_exec.c | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'src') diff --git a/src/pq/pq.c b/src/pq/pq.c index b260aa1db..876d4fcf6 100644 --- a/src/pq/pq.c +++ b/src/pq/pq.c @@ -95,6 +95,11 @@ GNUNET_PQ_exec_prepared (struct GNUNET_PQ_Context *db, param_lengths, param_formats, 1); + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "pq", + "Execution of prepared SQL statement `%s' finished (%d)\n", + name, + PGRES_COMMAND_OK == PQresultStatus (res)); if ( (PGRES_COMMAND_OK != PQresultStatus (res)) && (CONNECTION_OK != (status = PQstatus (db->conn))) ) { diff --git a/src/pq/pq_exec.c b/src/pq/pq_exec.c index 464fff4b4..dcde331b6 100644 --- a/src/pq/pq_exec.c +++ b/src/pq/pq_exec.c @@ -86,6 +86,11 @@ GNUNET_PQ_exec_statements (struct GNUNET_PQ_Context *db, db); result = PQexec (db->conn, es[i].sql); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Running statement `%s' on %p finished (%d)\n", + es[i].sql, + db, + PGRES_COMMAND_OK == PQresultStatus (result)); if ((GNUNET_NO == es[i].ignore_errors) && (PGRES_COMMAND_OK != PQresultStatus (result))) { -- cgit v1.2.3 From 62bd4ad64ebf1567c05170353dd7c60813c4f284 Mon Sep 17 00:00:00 2001 From: Alessio Vanni Date: Sat, 30 Oct 2021 16:07:08 +0200 Subject: -fix subtle bug in GNUNET_CONFIGURATION_default Apparently this was there since the beginning and it wasn't caught earlier merely due to a coincidence. Basically, it was looking at the caller's values instead of GNUnet's and even when I used this function in personal projects, it just happened that I was calling this function before setting the new project data, so the two environments ended up being the same. It didn't cause any issues because it was still returning GNUnet's own configuration, meaning everything else worked as expected, but naturally if one were to move the call later on it would break. Also add a comment to answer the FIXME. --- src/util/configuration.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/util/configuration.c b/src/util/configuration.c index 09a3a7d93..d9d6721cc 100644 --- a/src/util/configuration.c +++ b/src/util/configuration.c @@ -2383,31 +2383,34 @@ GNUNET_CONFIGURATION_default (void) char *cfgname = NULL; struct GNUNET_CONFIGURATION_Handle *cfg; - /* FIXME: Why are we doing this? Needs some commentary! */ + /* Makes sure function implicitly looking at the installation directory (for + example GNUNET_CONFIGURATION_load further down) use GNUnet's environment + instead of the caller's. It's done at the start to make sure as many + functions as possible are directed to the proper paths. */ GNUNET_OS_init (dpd); cfg = GNUNET_CONFIGURATION_create (); /* First, try user configuration. */ if (NULL != xdg) - GNUNET_asprintf (&cfgname, "%s/%s", xdg, pd->config_file); + GNUNET_asprintf (&cfgname, "%s/%s", xdg, dpd->config_file); else - cfgname = GNUNET_strdup (pd->user_config_file); + cfgname = GNUNET_strdup (dpd->user_config_file); /* If user config doesn't exist, try in /etc// and /etc/ */ if (GNUNET_OK != GNUNET_DISK_file_test (cfgname)) { GNUNET_free (cfgname); - GNUNET_asprintf (&cfgname, "/etc/%s", pd->config_file); + GNUNET_asprintf (&cfgname, "/etc/%s", dpd->config_file); } if (GNUNET_OK != GNUNET_DISK_file_test (cfgname)) { GNUNET_free (cfgname); GNUNET_asprintf (&cfgname, "/etc/%s/%s", - pd->project_dirname, - pd->config_file); + dpd->project_dirname, + dpd->config_file); } if (GNUNET_OK != GNUNET_DISK_file_test (cfgname)) { -- cgit v1.2.3 From 328047f8ee926055be593f180de40885823a7988 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 1 Nov 2021 09:14:42 +0100 Subject: -cleanup --- src/include/gnunet_os_lib.h | 4 ++-- src/util/os_installation.c | 20 ++------------------ 2 files changed, 4 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/include/gnunet_os_lib.h b/src/include/gnunet_os_lib.h index 749f766d2..eddf97dab 100644 --- a/src/include/gnunet_os_lib.h +++ b/src/include/gnunet_os_lib.h @@ -672,9 +672,9 @@ GNUNET_OS_install_parent_control_handler (void *cls); * #GNUNET_NO if not SUID (but binary exists), * #GNUNET_SYSERR on error (no such binary or not executable) */ -int +enum GNUNET_GenericReturnValue GNUNET_OS_check_helper_binary (const char *binary, - int check_suid, + bool check_suid, const char *params); diff --git a/src/util/os_installation.c b/src/util/os_installation.c index f15e1871a..171bb5baa 100644 --- a/src/util/os_installation.c +++ b/src/util/os_installation.c @@ -754,25 +754,9 @@ GNUNET_OS_get_suid_binary_path (const struct GNUNET_CONFIGURATION_Handle *cfg, } -/** - * Check whether an executable exists and possibly if the suid bit is - * set on the file. Attempts to find the file using the current PATH - * environment variable as a search path. - * - * @param binary the name of the file to check. - * W32: must not have an .exe suffix. - * @param check_suid input true if the binary should be checked for SUID (*nix) - * W32: checks if the program has sufficient privileges by executing this - * binary with the -d flag. -d omits a programs main loop and only - * executes all privileged operations in an binary. - * @param params parameters used for w32 privilege checking (can be NULL for != w32 ) - * @return #GNUNET_YES if the file is SUID (*nix) or can be executed with current privileges (W32), - * #GNUNET_NO if not SUID (but binary exists), - * #GNUNET_SYSERR on error (no such binary or not executable) - */ -int +enum GNUNET_GenericReturnValue GNUNET_OS_check_helper_binary (const char *binary, - int check_suid, + bool check_suid, const char *params) { struct stat statbuf; -- cgit v1.2.3 From dda40766b9b6df3644c945429e12f28cc9e7e0c8 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 1 Nov 2021 13:35:34 +0100 Subject: -style fixes --- src/include/gnunet_crypto_lib.h | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index e754756e5..0eb2ea8cd 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1260,7 +1260,7 @@ GNUNET_CRYPTO_ecdsa_public_key_from_string ( * @param priv where to store the private key * @return #GNUNET_OK on success */ -int +enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string ( const char *enc, size_t enclen, @@ -1318,7 +1318,7 @@ GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but * we found an existing file, #GNUNET_SYSERR on failure */ -int +enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey); @@ -1794,7 +1794,7 @@ GNUNET_CRYPTO_ecdsa_sign_ ( * @param pub public key of the signer * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ -int +enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, @@ -1847,7 +1847,7 @@ GNUNET_CRYPTO_eddsa_verify_ ( * @param pub public key of the signer * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ -int +enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, @@ -2257,7 +2257,8 @@ GNUNET_CRYPTO_rsa_public_key_encode ( * @return NULL on error */ struct GNUNET_CRYPTO_RsaPublicKey * -GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len); +GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, + size_t len); /** @@ -2289,9 +2290,9 @@ GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, - const struct - GNUNET_CRYPTO_RsaPrivateKey *p2); +GNUNET_CRYPTO_rsa_private_key_cmp ( + const struct GNUNET_CRYPTO_RsaPrivateKey *p1, + const struct GNUNET_CRYPTO_RsaPrivateKey *p2); /** -- cgit v1.2.3 From fab39a6089cb6f48af6bdcfa0a4df3559348259e Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Nov 2021 20:20:42 +0100 Subject: -better logging --- src/pq/pq.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/pq/pq.c b/src/pq/pq.c index 876d4fcf6..130ff355f 100644 --- a/src/pq/pq.c +++ b/src/pq/pq.c @@ -168,6 +168,9 @@ GNUNET_PQ_extract_result (PGresult *result, spec->fname); goto cleanup; case GNUNET_SYSERR: + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to extract field `%s'\n", + spec->fname); GNUNET_break (0); goto cleanup; } -- cgit v1.2.3