Merge branch 'refs/heads/t/crypt'
authorAndre Noll <maan@tuebingen.mpg.de>
Sun, 13 May 2018 12:03:20 +0000 (14:03 +0200)
committerAndre Noll <maan@tuebingen.mpg.de>
Sun, 13 May 2018 12:04:25 +0000 (14:04 +0200)
A couple of simple patches which clean up the openssl and gcrypt crypto
backends. The non-trivial parts are the get_public_key() unification,
the memory leak fixes for openssl and the activation of the secmem
pool for gcrypt.

* refs/heads/t/crypt:
  gcrypt: Allocate a secmem pool at startup.
  crypt: Introduce crypt_shutdown().
  crypt: Rename init_random_seed_or_die() -> crypt_init().
  gcrypt: Use ROUND_DOWN() macro.
  crypt: Rename RSA functions.
  crypt: Deduplicate get_public_key().
  crypt.h: Remove two unused constants.
  Rename crypt.c -> openssl.c.

1  2 
NEWS.md
client_common.c
command.c
server.c

diff --combined NEWS.md
+++ b/NEWS.md
@@@ -1,15 -1,6 +1,15 @@@
  NEWS
  ====
  
- the geometry of the terminal changes.
 +-------------------------------------------
 +0.6.2 (to be accounced) "elastic diversity"
 +-------------------------------------------
 +
 +- para_gui no longer waits up to one second to update the screen when
++  the geometry of the terminal changes.
 +- Minor documentation improvements.
++- Improvements to the crypto subsystem.
 +
  ----------------------------------------
  0.6.1 (2017-09-23) "segmented iteration"
  ----------------------------------------
diff --combined client_common.c
@@@ -40,6 -40,7 +40,6 @@@ void client_close(struct client_task *c
        if (!ct)
                return;
        free(ct->user);
 -      free(ct->config_file);
        free(ct->key_file);
        lls_free_parse_result(ct->lpr, CLIENT_CMD_PTR);
        free(ct->challenge_hash);
@@@ -317,15 -318,15 +317,15 @@@ static int client_post_select(struct sc
                }
                n = sbb.iov.iov_len;
                PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
-               ret = priv_decrypt(ct->key_file, crypt_buf,
+               ret = apc_priv_decrypt(ct->key_file, crypt_buf,
                        sbb.iov.iov_base, n);
                free(sbb.iov.iov_base);
                if (ret < 0)
                        goto out;
                ct->challenge_hash = para_malloc(HASH_SIZE);
-               hash_function((char *)crypt_buf, CHALLENGE_SIZE, ct->challenge_hash);
-               ct->scc.send = sc_new(crypt_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
-               ct->scc.recv = sc_new(crypt_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+               hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+               ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+               ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
                        SESSION_KEY_LEN);
                hash_to_asc(ct->challenge_hash, buf);
                PARA_INFO_LOG("--> %s\n", buf);
@@@ -535,6 -536,7 +535,6 @@@ int client_parse_config(int argc, char 
        ret = lls(lls_parse(argc, argv, cmd, &lpr, &errctx));
        if (ret < 0)
                goto out;
 -      ll = CLIENT_OPT_UINT32_VAL(LOGLEVEL, lpr);
        version_handle_flag("client", CLIENT_OPT_GIVEN(VERSION, lpr));
        handle_help_flag(lpr);
  
                lpr = merged_lpr;
        }
        /* success */
 +      ll = CLIENT_OPT_UINT32_VAL(LOGLEVEL, lpr);
 +      if (loglevel)
 +              *loglevel = ll;
        user = CLIENT_OPT_GIVEN(USER, lpr)?
                para_strdup(CLIENT_OPT_STRING_VAL(USER, lpr)) : para_logname();
  
        ct->scc.fd = -1;
        ct->lpr = lpr;
        ct->key_file = kf;
 -      ct->config_file = cf;
        ct->user = user;
        *ct_ptr = ct;
 -      if (loglevel)
 -              *loglevel = ll;
        ret = lls_num_inputs(lpr);
  out:
        free(home);
 +      free(cf);
        if (ret < 0) {
                if (errctx)
                        PARA_ERROR_LOG("%s\n", errctx);
                free(errctx);
 -              PARA_ERROR_LOG("%s\n", para_strerror(-ret));
                lls_free_parse_result(lpr, cmd);
 -              free(cf);
                free(kf);
                *ct_ptr = NULL;
        }
diff --combined command.c
+++ b/command.c
  #include "string.h"
  #include "afh.h"
  #include "afs.h"
 +#include "net.h"
  #include "server.h"
  #include "list.h"
  #include "send.h"
  #include "sched.h"
  #include "vss.h"
 -#include "net.h"
  #include "daemon.h"
  #include "fd.h"
  #include "ipc.h"
@@@ -663,7 -663,8 +663,7 @@@ static int com_nomore(__a_unused struc
  }
  EXPORT_SERVER_CMD_HANDLER(nomore);
  
 -static int com_ff(__a_unused struct command_context *cc,
 -              struct lls_parse_result *lpr)
 +static int com_ff(struct command_context *cc, struct lls_parse_result *lpr)
  {
        long promille;
        int ret, backwards = 0;
        ret = -E_NO_AUDIO_FILE;
        if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total)
                goto out;
 +      ret = 1;
        promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total;
        if (backwards)
                promille -= 1000 * i / mmd->afd.afhi.seconds_total;
        mmd->new_vss_status_flags |= VSS_REPOS;
        mmd->new_vss_status_flags &= ~VSS_NEXT;
        mmd->events++;
 -      ret = 1;
  out:
        mutex_unlock(mmd_mutex);
        return ret;
  }
  EXPORT_SERVER_CMD_HANDLER(ff);
  
 -static int com_jmp(__a_unused struct command_context *cc,
 -              struct lls_parse_result *lpr)
 +static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr)
  {
        long unsigned int i;
        int ret;
@@@ -874,12 -876,12 +874,12 @@@ static int run_command(struct command_c
   * the function if the connection was not authenticated when the timeout
   * expires.
   *
-  * \sa alarm(2), \ref crypt.c, \ref crypt.h.
+  * \sa alarm(2), \ref openssl.c, \ref crypt.h.
   */
  __noreturn void handle_connect(int fd)
  {
        int ret;
-       unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
+       unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
        unsigned char challenge_hash[HASH_SIZE];
        char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
        size_t numbytes;
                goto net_err;
        if (cc->u) {
                get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
-               ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
+               ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
                        (unsigned char *)buf);
                if (ret < 0)
                        goto net_err;
                get_random_bytes_or_die((unsigned char *)buf, numbytes);
        }
        PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n",
-               CHALLENGE_SIZE, numbytes);
+               APC_CHALLENGE_SIZE, numbytes);
        ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
        buf = NULL;
        if (ret < 0)
        if (!cc->u)
                goto net_err;
        /*
-        * The correct response is the hash of the first CHALLENGE_SIZE bytes
+        * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes
         * of the random data.
         */
        ret = -E_BAD_AUTH;
        if (numbytes != HASH_SIZE)
                goto net_err;
-       hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash);
+       hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
        if (memcmp(challenge_hash, buf, HASH_SIZE))
                goto net_err;
        /* auth successful */
        alarm(0);
        PARA_INFO_LOG("good auth for %s\n", cc->u->name);
        /* init stream cipher keys with the second part of the random buffer */
-       cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
-       cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+       cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+       cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
                SESSION_KEY_LEN);
        ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false);
        if (ret < 0)
diff --combined server.c
+++ b/server.c
@@@ -45,7 -45,6 +45,7 @@@
  #include "afh.h"
  #include "string.h"
  #include "afs.h"
 +#include "net.h"
  #include "server.h"
  #include "list.h"
  #include "send.h"
@@@ -53,6 -52,7 +53,6 @@@
  #include "vss.h"
  #include "config.h"
  #include "close_on_fork.h"
 -#include "net.h"
  #include "daemon.h"
  #include "ipc.h"
  #include "fd.h"
@@@ -456,6 -456,7 +456,7 @@@ static int init_afs(int argc, char **ar
                int i;
  
                afs_pid = getpid();
+               crypt_shutdown();
                for (i = argc - 1; i >= 0; i--)
                        memset(argv[i], 0, strlen(argv[i]));
                i = argc - lls_num_inputs(cmdline_lpr) - 1;
@@@ -513,7 -514,7 +514,7 @@@ static void server_init(int argc, char 
        /* become daemon */
        if (OPT_GIVEN(DAEMON))
                daemon_pipe = daemonize(true /* parent waits for SIGTERM */);
-       init_random_seed_or_die();
+       crypt_init();
        daemon_log_welcome("server");
        init_ipc_or_die(); /* init mmd struct and mmd->lock */
        daemon_set_start_time();
@@@ -610,6 -611,7 +611,7 @@@ int main(int argc, char *argv[]
        mutex_lock(mmd_mutex);
        ret = schedule(&sched);
        sched_shutdown(&sched);
+       crypt_shutdown();
        lls_free_parse_result(server_lpr, CMD_PTR);
        if (server_lpr != cmdline_lpr)
                lls_free_parse_result(cmdline_lpr, CMD_PTR);