Merge topic branch t/crypt-cleanups into master

This bunch of mostry trivial changes can be merged early, before the
openssl code is converted to use the EVP API. The topic was cooking
in next for six months.

* refs/heads/t/crypt-cleanups:
  openssl: Assign bignums in canonical order.
  openssl: Unify naming of public key structures.
  openssl: Rename read_private_rsa_params() -> read_openssh_private_key().
  openssl: Rename read_rsa_bignums() -> read_public_key().
  openssl: Dedox crypt_init().
  server: Improve "loading pubkey" log message.
  gcrypt: Remove pointless state variable.
  client: Reduce line length.

diff --git a/NEWS.md b/NEWS.md
index 5430790bcc151fa90c93eabe66c009a1592c994f..4b718d8a6b396ee143fd7de65d9b49f32f0f0dd4 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ NEWS
   or playlist.
 - The ls server command gained the --limit option to force a limit
   on the number of files listed.
+- Cleanup of the openssl-specific code.
 
 Downloads:
 [tarball](./releases/paraslash-git.tar.xz)

diff --git a/client_common.c b/client_common.c
index 3b90000f90ccdcc64be78e98e564bddc9cff3adb..fe8234f98fe90f6ce74ea5e22699fbfc0059a042 100644 (file)
--- a/client_common.c
+++ b/client_common.c
@@ -344,15 +344,18 @@ static int client_post_monitor(struct sched *s, void *context)
                        goto out;
                ct->challenge_hash = alloc(HASH2_SIZE);
                if (has_feature("sha256", ct)) {
-                       hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+                       hash2_function((char *)crypt_buf, APC_CHALLENGE_SIZE,
+                               ct->challenge_hash);
                        hash2_to_asc(ct->challenge_hash, buf);
                } else {
-                       hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+                       hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE,
+                               ct->challenge_hash);
                        hash_to_asc(ct->challenge_hash, buf);
                }
-               ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
-               ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
-                       SESSION_KEY_LEN);
+               ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE,
+                        SESSION_KEY_LEN);
+               ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE
+                       + SESSION_KEY_LEN, SESSION_KEY_LEN);
                PARA_INFO_LOG("--> %s\n", buf);
                ct->status = CL_RECEIVED_CHALLENGE;
                return 0;

diff --git a/gcrypt.c b/gcrypt.c
index f9a849067f3ef1084b36e36ccef72cf1826a12a9..b46f8f9555824eb86b7bbf600b4352558ed2db26 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -114,7 +114,6 @@ void crypt_shutdown(void)
 
 struct asymmetric_key {
        gcry_sexp_t sexp;
-       int num_bytes;
 };
 
 static const char *gcrypt_strerror(gcry_error_t gret)
@@ -457,7 +456,6 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
        }
        PARA_INFO_LOG("successfully read %u bit ssh public key\n", bits);
        key = alloc(sizeof(*key));
-       key->num_bytes = ret;
        key->sexp = sexp;
        *result = key;
        ret = bits / 8;
@@ -564,8 +562,6 @@ int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
        size_t nbytes;
        int ret;
 
-       PARA_INFO_LOG("encrypting %u byte input with %d-byte key\n", len, pub->num_bytes);
-
        /* get pub key */
        pub_key = gcry_sexp_find_token(pub->sexp, "public-key", 0);
        if (!pub_key)

diff --git a/openssl.c b/openssl.c
index 718498763c8ccc287fafc78edc22157d5fff7193..f696cd9e83606bc4e6bdd89d666f0885575f1d9f 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -37,12 +37,8 @@ void get_random_bytes_or_die(unsigned char *buf, int num)
 }
 
 /*
- * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Seed the PRNG
- * used by random(3) with a random seed obtained from SSL. If /dev/urandom is
- * not readable, the function calls exit().
- *
- * \sa RAND_load_file(3), \ref get_random_bytes_or_die(), srandom(3),
- * random(3), \ref para_random().
+ * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Then seed the
+ * PRNG used by random(3) with a random seed obtained from SSL.
  */
 void crypt_init(void)
 {
@@ -101,7 +97,7 @@ static int read_bignum(const unsigned char *buf, size_t len, BIGNUM **result)
        return bnsize + 4;
 }
 
-static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result)
+static int read_public_key(const unsigned char *blob, int blen, RSA **result)
 {
        int ret;
        RSA *rsa;
@@ -153,7 +149,7 @@ bio_free:
        return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY;
 }
 
-static int read_private_rsa_params(const unsigned char *blob,
+static int read_openssh_private_key(const unsigned char *blob,
                const unsigned char *end, RSA **result)
 {
        int ret;
@@ -220,11 +216,11 @@ static int read_private_rsa_params(const unsigned char *blob,
        rsa->n = n;
        rsa->e = e;
        rsa->d = d;
+       rsa->iqmp = iqmp;
        rsa->p = p;
        rsa->q = q;
        rsa->dmp1 = dmp1;
        rsa->dmq1 = dmq1;
-       rsa->iqmp = iqmp;
 #endif
        *result = rsa;
        ret = 1;
@@ -271,7 +267,7 @@ static int get_private_key(const char *path, RSA **rsa)
                if (ret < 0)
                        goto free_blob;
                PARA_INFO_LOG("reading RSA params at offset %d\n", ret);
-               ret = read_private_rsa_params(blob + ret, end, rsa);
+               ret = read_openssh_private_key(blob + ret, end, rsa);
        } else
                ret = read_pem_private_key(path, rsa);
 free_blob:
@@ -284,34 +280,34 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
        unsigned char *blob;
        size_t decoded_size;
        int ret;
-       struct asymmetric_key *key = alloc(sizeof(*key));
+       struct asymmetric_key *pub = alloc(sizeof(*pub));
 
        ret = decode_public_key(key_file, &blob, &decoded_size);
        if (ret < 0)
                goto out;
-       ret = read_rsa_bignums(blob + ret, decoded_size - ret, &key->rsa);
+       ret = read_public_key(blob + ret, decoded_size - ret, &pub->rsa);
        if (ret < 0)
                goto free_blob;
-       ret = RSA_size(key->rsa);
+       ret = RSA_size(pub->rsa);
        assert(ret > 0);
-       *result = key;
+       *result = pub;
 free_blob:
        free(blob);
 out:
        if (ret < 0) {
-               free(key);
+               free(pub);
                *result = NULL;
                PARA_ERROR_LOG("can not load key %s\n", key_file);
        }
        return ret;
 }
 
-void apc_free_pubkey(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *pub)
 {
-       if (!key)
+       if (!pub)
                return;
-       RSA_free(key->rsa);
-       free(key);
+       RSA_free(pub->rsa);
+       free(pub);
 }
 
 int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,

diff --git a/user_list.c b/user_list.c
index f2436c9e5bf7a835db2553c4c54db112d628b40d..46770edf701e983d424e8869e7c9ccd4730c3cf9 100644 (file)
--- a/user_list.c
+++ b/user_list.c
@@ -91,7 +91,7 @@ void user_list_init(const char *user_list_file)
                        continue;
                if (strcmp(w, "user"))
                        continue;
-               PARA_DEBUG_LOG("found entry for user %s\n", n);
+               PARA_INFO_LOG("loading pubkey %s for user %s\n", k, n);
                ret = apc_get_pubkey(k, &pubkey);
                if (ret < 0) {
                        PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,