From: Andre Noll Date: Sun, 24 Dec 2023 15:43:04 +0000 (+0100) Subject: Merge topic branch t/crypt-cleanups into master X-Git-Tag: v0.7.3~9 X-Git-Url: http://git.tuebingen.mpg.de/?a=commitdiff_plain;h=a7f9189eff6a035849ee95ea6b3492f96d4e0c16;hp=624910afb851cf78669be188214b0332d5d5ee12;p=paraslash.git Merge topic branch t/crypt-cleanups into master This bunch of mostry trivial changes can be merged early, before the openssl code is converted to use the EVP API. The topic was cooking in next for six months. * refs/heads/t/crypt-cleanups: openssl: Assign bignums in canonical order. openssl: Unify naming of public key structures. openssl: Rename read_private_rsa_params() -> read_openssh_private_key(). openssl: Rename read_rsa_bignums() -> read_public_key(). openssl: Dedox crypt_init(). server: Improve "loading pubkey" log message. gcrypt: Remove pointless state variable. client: Reduce line length. --- diff --git a/NEWS.md b/NEWS.md index 5430790b..4b718d8a 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ NEWS or playlist. - The ls server command gained the --limit option to force a limit on the number of files listed. +- Cleanup of the openssl-specific code. Downloads: [tarball](./releases/paraslash-git.tar.xz) diff --git a/client_common.c b/client_common.c index 3b90000f..fe8234f9 100644 --- a/client_common.c +++ b/client_common.c @@ -344,15 +344,18 @@ static int client_post_monitor(struct sched *s, void *context) goto out; ct->challenge_hash = alloc(HASH2_SIZE); if (has_feature("sha256", ct)) { - hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash); + hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE, + ct->challenge_hash); hash2_to_asc(ct->challenge_hash, buf); } else { - hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash); + hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, + ct->challenge_hash); hash_to_asc(ct->challenge_hash, buf); } - ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); - ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, - SESSION_KEY_LEN); + ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, + SESSION_KEY_LEN); + ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + + SESSION_KEY_LEN, SESSION_KEY_LEN); PARA_INFO_LOG("--> %s\n", buf); ct->status = CL_RECEIVED_CHALLENGE; return 0; diff --git a/gcrypt.c b/gcrypt.c index f9a84906..b46f8f95 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -114,7 +114,6 @@ void crypt_shutdown(void) struct asymmetric_key { gcry_sexp_t sexp; - int num_bytes; }; static const char *gcrypt_strerror(gcry_error_t gret) @@ -457,7 +456,6 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) } PARA_INFO_LOG("successfully read %u bit ssh public key\n", bits); key = alloc(sizeof(*key)); - key->num_bytes = ret; key->sexp = sexp; *result = key; ret = bits / 8; @@ -564,8 +562,6 @@ int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, size_t nbytes; int ret; - PARA_INFO_LOG("encrypting %u byte input with %d-byte key\n", len, pub->num_bytes); - /* get pub key */ pub_key = gcry_sexp_find_token(pub->sexp, "public-key", 0); if (!pub_key) diff --git a/openssl.c b/openssl.c index 71849876..f696cd9e 100644 --- a/openssl.c +++ b/openssl.c @@ -37,12 +37,8 @@ void get_random_bytes_or_die(unsigned char *buf, int num) } /* - * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Seed the PRNG - * used by random(3) with a random seed obtained from SSL. If /dev/urandom is - * not readable, the function calls exit(). - * - * \sa RAND_load_file(3), \ref get_random_bytes_or_die(), srandom(3), - * random(3), \ref para_random(). + * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Then seed the + * PRNG used by random(3) with a random seed obtained from SSL. */ void crypt_init(void) { @@ -101,7 +97,7 @@ static int read_bignum(const unsigned char *buf, size_t len, BIGNUM **result) return bnsize + 4; } -static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result) +static int read_public_key(const unsigned char *blob, int blen, RSA **result) { int ret; RSA *rsa; @@ -153,7 +149,7 @@ bio_free: return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY; } -static int read_private_rsa_params(const unsigned char *blob, +static int read_openssh_private_key(const unsigned char *blob, const unsigned char *end, RSA **result) { int ret; @@ -220,11 +216,11 @@ static int read_private_rsa_params(const unsigned char *blob, rsa->n = n; rsa->e = e; rsa->d = d; + rsa->iqmp = iqmp; rsa->p = p; rsa->q = q; rsa->dmp1 = dmp1; rsa->dmq1 = dmq1; - rsa->iqmp = iqmp; #endif *result = rsa; ret = 1; @@ -271,7 +267,7 @@ static int get_private_key(const char *path, RSA **rsa) if (ret < 0) goto free_blob; PARA_INFO_LOG("reading RSA params at offset %d\n", ret); - ret = read_private_rsa_params(blob + ret, end, rsa); + ret = read_openssh_private_key(blob + ret, end, rsa); } else ret = read_pem_private_key(path, rsa); free_blob: @@ -284,34 +280,34 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) unsigned char *blob; size_t decoded_size; int ret; - struct asymmetric_key *key = alloc(sizeof(*key)); + struct asymmetric_key *pub = alloc(sizeof(*pub)); ret = decode_public_key(key_file, &blob, &decoded_size); if (ret < 0) goto out; - ret = read_rsa_bignums(blob + ret, decoded_size - ret, &key->rsa); + ret = read_public_key(blob + ret, decoded_size - ret, &pub->rsa); if (ret < 0) goto free_blob; - ret = RSA_size(key->rsa); + ret = RSA_size(pub->rsa); assert(ret > 0); - *result = key; + *result = pub; free_blob: free(blob); out: if (ret < 0) { - free(key); + free(pub); *result = NULL; PARA_ERROR_LOG("can not load key %s\n", key_file); } return ret; } -void apc_free_pubkey(struct asymmetric_key *key) +void apc_free_pubkey(struct asymmetric_key *pub) { - if (!key) + if (!pub) return; - RSA_free(key->rsa); - free(key); + RSA_free(pub->rsa); + free(pub); } int apc_priv_decrypt(const char *key_file, unsigned char *outbuf, diff --git a/user_list.c b/user_list.c index f2436c9e..46770edf 100644 --- a/user_list.c +++ b/user_list.c @@ -91,7 +91,7 @@ void user_list_init(const char *user_list_file) continue; if (strcmp(w, "user")) continue; - PARA_DEBUG_LOG("found entry for user %s\n", n); + PARA_INFO_LOG("loading pubkey %s for user %s\n", k, n); ret = apc_get_pubkey(k, &pubkey); if (ret < 0) { PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,