[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util
From: |
gnunet |
Subject: |
[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util |
Date: |
Mon, 4 Mar 2013 15:09:27 +0100 |
Author: grothoff
Date: 2013-03-04 15:09:27 +0100 (Mon, 04 Mar 2013)
New Revision: 26299
Modified:
gnunet/src/gns/gns.conf.in
gnunet/src/include/gnunet_crypto_lib.h
gnunet/src/testing/testing.c
gnunet/src/util/crypto_ecc.c
Log:
add argument to GNUNET_CRYPTO_ecc_decode_key to allow testing to disable key
validation
Modified: gnunet/src/gns/gns.conf.in
===================================================================
--- gnunet/src/gns/gns.conf.in 2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/gns/gns.conf.in 2013-03-04 14:09:27 UTC (rev 26299)
@@ -22,6 +22,13 @@
# Automatically import PKEYs we learn into the shorten zone?
AUTO_IMPORT_PKEY = YES
+# Do we require users that want to access GNS to run this process
+# (usually not a good idea)
+UNIX_MATCH_UID = NO
+
+# Do we require users that want to access GNS to be in the 'gnunet' group?
+UNIX_MATCH_GID = YES
+
# When we automatically import PKEYs into shorten zone, require confirmation
# before they become active? (Not useful right now as the GUI to confirm
# doesn't exist)
Modified: gnunet/src/include/gnunet_crypto_lib.h
===================================================================
--- gnunet/src/include/gnunet_crypto_lib.h 2013-03-04 13:52:11 UTC (rev
26298)
+++ gnunet/src/include/gnunet_crypto_lib.h 2013-03-04 14:09:27 UTC (rev
26299)
@@ -1244,11 +1244,15 @@
*
* @param buf the buffer where the private key data is stored
* @param len the length of the data in 'buffer'
+ * @param validate GNUNET_YES to validate that the key is well-formed,
+ * GNUNET_NO if the key comes from a totally trusted source
+ * and validation is considered too expensive
* @return NULL on error
*/
struct GNUNET_CRYPTO_EccPrivateKey *
GNUNET_CRYPTO_ecc_decode_key (const char *buf,
- size_t len);
+ size_t len,
+ int validate);
/**
Modified: gnunet/src/testing/testing.c
===================================================================
--- gnunet/src/testing/testing.c 2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/testing/testing.c 2013-03-04 14:09:27 UTC (rev 26299)
@@ -544,7 +544,8 @@
private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data +
(key_number *
GNUNET_TESTING_HOSTKEYFILESIZE),
- GNUNET_TESTING_HOSTKEYFILESIZE);
+ GNUNET_TESTING_HOSTKEYFILESIZE,
+ GNUNET_NO);
if (NULL == private_key)
{
LOG (GNUNET_ERROR_TYPE_ERROR,
Modified: gnunet/src/util/crypto_ecc.c
===================================================================
--- gnunet/src/util/crypto_ecc.c 2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/util/crypto_ecc.c 2013-03-04 14:09:27 UTC (rev 26299)
@@ -325,11 +325,15 @@
*
* @param buf the buffer where the private key data is stored
* @param len the length of the data in 'buffer'
+ * @param validate GNUNET_YES to validate that the key is well-formed,
+ * GNUNET_NO if the key comes from a totally trusted source
+ * and validation is considered too expensive
* @return NULL on error
*/
struct GNUNET_CRYPTO_EccPrivateKey *
GNUNET_CRYPTO_ecc_decode_key (const char *buf,
- size_t len)
+ size_t len,
+ int validate)
{
struct GNUNET_CRYPTO_EccPrivateKey *ret;
uint16_t be;
@@ -350,8 +354,9 @@
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc);
return NULL;
- }
- if (0 != (rc = gcry_pk_testkey (sexp)))
+ }
+ if ( (GNUNET_YES == validate) &&
+ (0 != (rc = gcry_pk_testkey (sexp))) )
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
return NULL;
@@ -451,7 +456,7 @@
char enc[fs];
GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs));
- if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs)))
+ if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs,
GNUNET_YES)))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key (failed decode,
%llu bytes). Deleting it.\n"),
@@ -646,7 +651,7 @@
len = ntohs (enc->size);
ret = NULL;
if ((len > fs) ||
- (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len))))
+ (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len,
GNUNET_YES))))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key. Deleting it.\n"),
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r26299 - in gnunet/src: gns include testing util,
gnunet <=