[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] Last round (I hope) of code tweaks before 0.0.1. Only ...
Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv2678/src
Modified Files:
_minionlib.h aes_ctr.c crypt.c main.c tls.c
Log Message:
Last round (I hope) of code tweaks before 0.0.1. Only system tests and docs remain!
Refactoring:
- Move _base64 from ServerInfo to formatBase64 in Common
- Finish separating server code.
- Move ServerConfig to new file
- Move Server key mgt to new file
- Don't warn on missing overwrite; we now override.
- Minimize calls to true RNG
Everywhere:
- Remove extraneous whitespace
- Wrap overlong lines
- Remove extraneous import statements
- Give all modules sane __all__ fields
- Make Pychecker pleased.
Index: _minionlib.h
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/_minionlib.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- _minionlib.h 11 Dec 2002 03:18:38 -0000 1.9
+++ _minionlib.h 12 Dec 2002 19:56:47 -0000 1.10
@@ -6,7 +6,8 @@
#include <Python.h>
#include <openssl/opensslv.h>
#if (OPENSSL_VERSION_NUMBER < 0x00907003L)
-#error "Mixminion requires OpenSSL 0.9.7 (which might not have been released yet, but you can get snapshots from openssl.org)."
+#error "Mixminion requires OpenSSL 0.9.7 (which may not be released yet,\
+but you can get snapshots from openssl.org)."
#endif
#include <openssl/aes.h>
@@ -14,7 +15,7 @@
/* We provide our own implementation of counter mode; see aes_ctr.c
*/
-void mm_aes_counter128(const char *in, char *out, unsigned int len,
+void mm_aes_counter128(const char *in, char *out, unsigned int len,
AES_KEY *key, unsigned long count);
/* Propagate an error from OpenSSL. If 'crypto', it's a cryptography
Index: aes_ctr.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/aes_ctr.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- aes_ctr.c 22 Nov 2002 21:06:11 -0000 1.7
+++ aes_ctr.c 12 Dec 2002 19:56:47 -0000 1.8
@@ -2,7 +2,7 @@
/* $Id$ */
/* This file reimplements counter mode. The OpenSSL implementation is
- * unsuitable because
+ * unsuitable because
* a) It wants to compute E(x << 64) for E(0),E(1),...
* b) It can't begin in the middle of a stream. (It can resume,
* but that's not the same.)
@@ -29,18 +29,18 @@
#ifdef MM_B_ENDIAN
#define GET_U32(ptr) (*(u32*)(ptr))
-#define SET_U32(ptr,i) (*(u32*)(ptr)) = i
+#define SET_U32(ptr,i) (*(u32*)(ptr)) = i
#define INCR_U32(ptr, i) i = ++(*(u32*)(ptr))
#endif
/* An earlier version used bswap_32 where available to try to get the
- supposed benefits of inline assembly. Bizarrely, on my Athlon,
+ supposed benefits of inline assembly. Bizarrely, on my Athlon,
bswap_32 is actually slower. On the other hand,
the code in glib/gtypes.h _is_ faster; but shaves only 1%
off encryption. We seem to be near the point of diminishing
returns here. */
-#ifndef GET_U32
+#ifndef GET_U32
#define GET_U32_cp(ptr) ( (u32)ptr[0] ^ \
(((u32)ptr[1]) << 8) ^ \
(((u32)ptr[2]) << 16) ^ \
@@ -48,7 +48,7 @@
#define SET_U32_cp(ptr, i) { ptr[0] = (i) & 0xff; \
ptr[1] = (i>>8) & 0xff; \
ptr[2] = (i>>16) & 0xff; \
- ptr[3] = (i>>24) & 0xff; }
+ ptr[3] = (i>>24) & 0xff; }
#define GET_U32(ptr) GET_U32_cp(((u8*)(ptr)))
#define SET_U32(ptr,i) SET_U32_cp(((u8*)(ptr)), i)
#define INCR_U32(ptr, i) { i = GET_U32(ptr)+1; SET_U32(ptr,i); }
@@ -73,7 +73,7 @@
void
mm_aes_counter128(const char *in, char *out, unsigned int len, AES_KEY *key,
- unsigned long count)
+ unsigned long count)
{
unsigned char counter[16];
unsigned char tmp[16];
@@ -90,7 +90,7 @@
AES_encrypt(counter, tmp, key);
do {
*(out++) = *(in++) ^ tmp[count];
- if (--len == 0) return;
+ if (--len == 0) return;
} while (++count != 16);
mm_incr(CTR32);
count = 0;
Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- crypt.c 16 Oct 2002 23:12:13 -0000 1.13
+++ crypt.c 12 Dec 2002 19:56:47 -0000 1.14
@@ -18,19 +18,19 @@
#define TYPE_ERR(s) PyErr_SetString(PyExc_TypeError, s)
#define KEY_IS_PRIVATE(rsa) ((rsa)->p)
-char mm_CryptoError__doc__[] =
+char mm_CryptoError__doc__[] =
"mixminion._minionlib.SSLError\n\n"
"Exception raised for error in crypto library.\n";
PyObject *mm_CryptoError = NULL;
/* Helper function: raise an error with appropriate text from the
- * underlying OpenSSL exception.
+ * underlying OpenSSL exception.
*
* Requires that mm_*Error are initialized and ERR_load_*_strings
* have been called.
*/
-void
+void
mm_SSL_ERR(int crypto)
{
int err = ERR_get_error();
@@ -43,12 +43,12 @@
PyErr_SetString(exception, "Internal error");
}
-const char mm_sha1__doc__[] =
+const char mm_sha1__doc__[] =
"sha1(s) -> str\n\n"
"Computes the SHA-1 hash of a string.\n";
PyObject*
-mm_sha1(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_sha1(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "string", NULL};
unsigned char *cp = NULL;
@@ -58,17 +58,17 @@
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "s#:sha1", kwlist,
&cp, &len))
- return NULL;
+ return NULL;
if (!(output = PyString_FromStringAndSize(NULL, SHA_DIGEST_LENGTH))) {
PyErr_NoMemory();
return NULL;
}
-
+
SHA1_Init(&ctx);
- SHA1_Update(&ctx,cp,len);
+ SHA1_Update(&ctx,cp,len);
SHA1_Final(PyString_AS_STRING(output),&ctx);
memset(&ctx,0,sizeof(ctx));
-
+
return output;
}
@@ -100,16 +100,16 @@
#define WRAP_AES(aes) (PyCObject_FromVoidPtrAndDesc( (void*) (aes),\
(void*) aes_descriptor, aes_destruct))
-const char mm_aes_key__doc__[] =
+const char mm_aes_key__doc__[] =
"aes_key(str) -> key\n\n"
"Converts a 16-byte string to an AES key for use with aes_ctr128_crypt.\n"
"\n(The performance advantage to doing so is only significant for small\n"
- "(<1K) blocks.)\n";
+ "(<1K) blocks.)\n";
PyObject*
mm_aes_key(PyObject *self, PyObject *args, PyObject *kwdict)
{
- static char *kwlist[] = { "key", NULL };
+ static char *kwlist[] = { "key", NULL };
char *key;
int keylen;
AES_KEY *aes_key = NULL;
@@ -122,16 +122,16 @@
TYPE_ERR("aes_key() requires a 128-bit (16 byte) string");
return NULL;
}
-
+
if (!(aes_key = malloc(sizeof(AES_KEY)))) {
- PyErr_NoMemory(); goto err;
+ PyErr_NoMemory(); goto err;
}
if (AES_set_encrypt_key(key, keylen*8, aes_key)) {
mm_SSL_ERR(1);
goto err;
}
- if (!(result = WRAP_AES(aes_key))) {
- PyErr_NoMemory(); goto err;
+ if (!(result = WRAP_AES(aes_key))) {
+ PyErr_NoMemory(); goto err;
}
return result;
@@ -144,7 +144,7 @@
}
-const char mm_aes_ctr128_crypt__doc__[] =
+const char mm_aes_ctr128_crypt__doc__[] =
"aes_ctr128_crypt(key, string, idx=0, prng=0) -> str\n\n"
"Encrypts a string in counter mode. If idx is nonzero, the counter begins\n"
"at idx. If prng is nonzero, ignores string and just produces a stream of\n"
@@ -156,7 +156,7 @@
"with the plaintext.\n";
PyObject*
-mm_aes_ctr128_crypt(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_aes_ctr128_crypt(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "key", "string", "idx", "prng", NULL };
unsigned char *input;
@@ -166,30 +166,30 @@
PyObject *output;
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"O&s#|li:aes_ctr128_crypt", kwlist,
- aes_arg_convert, &aes_key,
+ aes_arg_convert, &aes_key,
&input, &inputlen,
&idx, &prng))
return NULL;
-
+
if (idx < 0) idx = 0;
if (prng < 0) prng = 0;
- if (prng) {
+ if (prng) {
inputlen = prng;
if (!(input = malloc(prng))) { PyErr_NoMemory(); return NULL; }
memset(input, 0, inputlen);
- }
-
+ }
+
if (!(output = PyString_FromStringAndSize(NULL, inputlen))) {
- PyErr_NoMemory();
+ PyErr_NoMemory();
if (prng) free(input);
return NULL;
}
mm_aes_counter128(input, PyString_AS_STRING(output), inputlen,
- aes_key, idx);
+ aes_key, idx);
if (prng) free(input);
return output;
@@ -217,10 +217,10 @@
TYPE_ERR("Mismatch between argument lengths");
return NULL;
}
-
- if (!(output = PyString_FromStringAndSize(NULL,s1len))) {
- PyErr_NoMemory();
- return NULL;
+
+ if (!(output = PyString_FromStringAndSize(NULL,s1len))) {
+ PyErr_NoMemory();
+ return NULL;
}
outp = PyString_AS_STRING(output);
@@ -238,17 +238,17 @@
"OAEP padding.\n";
PyObject *
-mm_openssl_seed(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_openssl_seed(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "seed", NULL };
unsigned char *seed;
int seedlen;
- if (!PyArg_ParseTupleAndKeywords(args, kwdict, "s#:openssl_seed",
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict, "s#:openssl_seed",
kwlist,
&seed, &seedlen))
return NULL;
-
+
RAND_seed(seed, seedlen);
Py_INCREF(Py_None);
return Py_None;
@@ -265,7 +265,7 @@
static PyObject *
mm_RSA_new(RSA *rsa) {
mm_RSA *self;
-
+
assert(rsa);
if (!(self=PyObject_NEW(mm_RSA, &mm_RSA_Type)))
return NULL;
@@ -280,7 +280,7 @@
"operation; else, performs a private-key operation.";
PyObject *
-mm_RSA_crypt(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_RSA_crypt(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "string", "public", "encrypt", NULL };
@@ -293,7 +293,7 @@
PyObject *output;
assert(mm_RSA_Check(self));
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"s#ii:crypt", kwlist,
&string, &stringlen, &pub, &encrypt))
return NULL;
@@ -309,10 +309,10 @@
out = PyString_AS_STRING(output);
if (encrypt) {
if (pub)
- i = RSA_public_encrypt(stringlen, string, out, rsa,
+ i = RSA_public_encrypt(stringlen, string, out, rsa,
RSA_NO_PADDING);
- else
- i = RSA_private_encrypt(stringlen, string, out, rsa,
+ else
+ i = RSA_private_encrypt(stringlen, string, out, rsa,
RSA_NO_PADDING);
} else {
if (pub)
@@ -328,7 +328,7 @@
mm_SSL_ERR(1);
return NULL;
}
- if(_PyString_Resize(&output, i)) return NULL;
+ if(_PyString_Resize(&output, i)) return NULL;
return output;
}
@@ -339,13 +339,13 @@
"Remember to seed the OpenSSL rng before calling this method.\n";
PyObject *
-mm_rsa_generate(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_rsa_generate(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = {"bits", "e", NULL};
int bits, e;
RSA *rsa;
- if (!PyArg_ParseTupleAndKeywords(args, kwdict, "ii:rsa_generate",
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict, "ii:rsa_generate",
kwlist,
&bits, &e))
return NULL;
@@ -353,7 +353,7 @@
if ((bits < 64) || (bits > 16384)) {
PyErr_SetString(mm_CryptoError, "Invalid length for RSA key");
return NULL;
- }
+ }
if (e < 2) {
PyErr_SetString(mm_CryptoError, "Invalid RSA exponent");
return NULL;
@@ -364,7 +364,7 @@
mm_SSL_ERR(1);
return NULL;
}
-
+
return mm_RSA_new(rsa);
}
@@ -372,12 +372,12 @@
"rsa.encode_key(public) -> str\n\n"
"Computes the DER encoding of a given key. If 'public' is true, encodes\n"
"only the public-key portions of rsa.\n";
-
+
PyObject *
-mm_RSA_encode_key(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_RSA_encode_key(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "public", NULL };
-
+
RSA *rsa;
int public;
@@ -386,26 +386,26 @@
unsigned char *out, *outp;
assert(mm_RSA_Check(self));
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"i:rsa_encode_key", kwlist, &public))
return NULL;
rsa = ((mm_RSA*)self)->rsa;
-
+
if (!public && !KEY_IS_PRIVATE(rsa)) {
TYPE_ERR("Can\'t use public key for private-key operation");
return NULL;
}
- len = public ? i2d_RSAPublicKey(rsa,NULL) :
+ len = public ? i2d_RSAPublicKey(rsa,NULL) :
i2d_RSAPrivateKey(rsa,NULL);
if (len < 0) {
mm_SSL_ERR(1);
return NULL;
}
out = outp = malloc(len+1);
- if (public)
+ if (public)
len = i2d_RSAPublicKey(rsa, &outp);
- else
+ else
len = i2d_RSAPrivateKey(rsa, &outp);
if (len < 0) {
free(out);
@@ -428,20 +428,20 @@
"public key only. Otherwise, expects a private key.\n";
PyObject *
-mm_rsa_decode_key(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_rsa_decode_key(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "key", "public", NULL };
-
+
const unsigned char *string;
int stringlen, public;
RSA *rsa;
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"s#i:rsa_decode_key", kwlist,
&string, &stringlen, &public))
return NULL;
- rsa = public ? d2i_RSAPublicKey(NULL, &string, stringlen) :
+ rsa = public ? d2i_RSAPublicKey(NULL, &string, stringlen) :
d2i_RSAPrivateKey(NULL, &string, stringlen);
if (!rsa) {
mm_SSL_ERR(1);
@@ -452,7 +452,7 @@
const char mm_RSA_PEM_write_key__doc__[]=
"rsa.PEM_write_key(file, public, [password])\n\n"
- "Writes an RSA key to a file in PEM format with PKCS#8 encryption.\n"
+ "Writes an RSA key to a file in PEM format with PKCS#8 encryption.\n"
"If public is true, writes only the public key, and ignores the password.\n"
"Otherwise, writes the full private key, optionally encrypted by a\n"
"password.\n";
@@ -468,7 +468,7 @@
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
FILE *file;
-
+
assert(mm_RSA_Check(self));
if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O!i|s#:PEM_write_key",
kwlist, &PyFile_Type, &pyfile,
@@ -476,7 +476,7 @@
&password, &passwordlen))
return NULL;
if (!(file = PyFile_AsFile(pyfile))) {
- TYPE_ERR("Invalid file object");
+ TYPE_ERR("Invalid file object");
return NULL;
}
@@ -501,7 +501,7 @@
goto error;
} else {
if (!PEM_write_PKCS8PrivateKey(file, pkey,
- NULL,
+ NULL,
NULL, 0,
NULL, NULL))
goto error;
@@ -522,7 +522,7 @@
const char mm_rsa_PEM_read_key__doc__[]=
"rsa_PEM_read_key(file, public, [password]) -> rsa\n\n"
- "Writes an RSA key to a file in PEM format with PKCS#8 encryption.\n"
+ "Writes an RSA key to a file in PEM format with PKCS#8 encryption.\n"
"If public is true, reads only the public key, and ignores the password.\n"
"Otherwise, writes the full private key, optionally encrypted by a\n"
"password.\n";
@@ -537,7 +537,7 @@
RSA *rsa;
FILE *file;
-
+
if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"O!i|s#:rsa_PEM_read_key",
kwlist, &PyFile_Type, &pyfile,
@@ -545,7 +545,7 @@
&password, &passwordlen))
return NULL;
if (!(file = PyFile_AsFile(pyfile))) {
- TYPE_ERR("Invalid file object");
+ TYPE_ERR("Invalid file object");
return NULL;
}
if (!passwordlen)
@@ -570,10 +570,10 @@
/**
- * Converts a BIGNUM into a newly allocated PyLongObject.
+ * Converts a BIGNUM into a newly allocated PyLongObject.
**/
static PyObject*
-bn2pylong(const BIGNUM *bn)
+bn2pylong(const BIGNUM *bn)
{
PyObject *output;
@@ -585,7 +585,7 @@
* an implementation.
**/
char *hex = BN_bn2hex(bn);
- output = PyLong_FromString(hex, NULL, 16);
+ output = PyLong_FromString(hex, NULL, 16);
OPENSSL_free(hex);
return output; /* pass along errors */
}
@@ -601,13 +601,13 @@
BIGNUM *result = NULL;
int r;
assert(PyLong_Check(pylong));
- assert(pylong && pylong->ob_type
+ assert(pylong && pylong->ob_type
&& pylong->ob_type->tp_as_number
&& pylong->ob_type->tp_as_number->nb_hex);
-
+
if (!(str = pylong->ob_type->tp_as_number->nb_hex(pylong)))
return NULL;
-
+
buf = PyString_AsString(str);
if (!buf || buf[0]!='0' || buf[1]!='x') {
Py_DECREF(str); return NULL;
@@ -624,27 +624,27 @@
"rsa.get_public_key() -> (n,e)\n";
PyObject *
-mm_RSA_get_public_key(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_RSA_get_public_key(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { NULL };
-
+
RSA *rsa;
PyObject *n, *e;
PyObject *output;
assert(mm_RSA_Check(self));
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
":rsa_get_public_key", kwlist))
return NULL;
-
+
rsa = ((mm_RSA*)self)->rsa;
if (!rsa->n) { TYPE_ERR("Key has no modulus"); return NULL;}
if (!rsa->e) { TYPE_ERR("Key has no e"); return NULL; }
- if (!(n = bn2pylong(rsa->n))) {
- PyErr_NoMemory(); return NULL;
+ if (!(n = bn2pylong(rsa->n))) {
+ PyErr_NoMemory(); return NULL;
}
- if (!(e = bn2pylong(rsa->e))) {
- PyErr_NoMemory(); Py_DECREF(n); return NULL;
+ if (!(e = bn2pylong(rsa->e))) {
+ PyErr_NoMemory(); Py_DECREF(n); return NULL;
}
output = Py_BuildValue("OO", n, e);
Py_DECREF(n);
@@ -657,28 +657,28 @@
"n and e must both be long integers. Ints won't work.\n";
PyObject *
-mm_rsa_make_public_key(PyObject *self, PyObject *args, PyObject *kwdict)
+mm_rsa_make_public_key(PyObject *self, PyObject *args, PyObject *kwdict)
{
static char *kwlist[] = { "n","e", NULL };
-
+
RSA *rsa;
PyObject *n, *e;
PyObject *output;
- if (!PyArg_ParseTupleAndKeywords(args, kwdict,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict,
"O!O!:rsa_make_public_key", kwlist,
&PyLong_Type, &n, &PyLong_Type, &e))
return NULL;
-
+
rsa = RSA_new();
if (!(rsa = RSA_new())) { PyErr_NoMemory(); return NULL; }
if (!(rsa->n = pylong2bn(n))) { RSA_free(rsa); return NULL; }
- if (!(rsa->e = pylong2bn(e))) {
- RSA_free(rsa); BN_free(rsa->n); return NULL;
+ if (!(rsa->e = pylong2bn(e))) {
+ RSA_free(rsa); BN_free(rsa->n); return NULL;
}
output = mm_RSA_new(rsa);
-
+
return output;
}
@@ -687,7 +687,7 @@
"Returns the number of *bytes* (not bits) in an RSA modulus.\n";
static PyObject *
-mm_RSA_get_modulus_bytes(PyObject *self, PyObject *args, PyObject *kwargs)
+mm_RSA_get_modulus_bytes(PyObject *self, PyObject *args, PyObject *kwargs)
{
static char *kwlist[] = { NULL };
RSA *rsa;
@@ -697,7 +697,7 @@
if (!PyArg_ParseTupleAndKeywords(args, kwargs,
":get_modulus_bytes", kwlist))
return NULL;
-
+
return PyInt_FromLong(BN_num_bytes(rsa->n));
}
@@ -709,16 +709,16 @@
METHOD(mm_RSA, PEM_write_key),
{ NULL, NULL }
};
-
+
static PyObject*
-mm_RSA_getattr(PyObject *self, char *name)
+mm_RSA_getattr(PyObject *self, char *name)
{
return Py_FindMethod(mm_RSA_methods, self, name);
}
-static const char mm_RSA_Type__doc__[] =
+static const char mm_RSA_Type__doc__[] =
"An RSA key. May be public or private.";
-
+
PyTypeObject mm_RSA_Type = {
PyObject_HEAD_INIT(&PyType_Type)
0, /*ob_size*/
@@ -752,12 +752,12 @@
int keylen, r;
PyObject *output;
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs,
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs,
"s#s#i:add_oaep_padding", kwlist,
&input,&inputlen,¶m,¶mlen,&keylen))
return NULL;
-
+
/* Strictly speaking, this is redundant. Nevertheless, I suspect
the openssl implementation of fragility, so better safe than sorry.
*/
@@ -765,20 +765,20 @@
PyErr_SetString(mm_CryptoError, "String too long to pad.");
return NULL;
}
-
- if (!(output = PyString_FromStringAndSize(NULL,keylen))) {
- PyErr_NoMemory(); return NULL;
+
+ if (!(output = PyString_FromStringAndSize(NULL,keylen))) {
+ PyErr_NoMemory(); return NULL;
}
-
+
r = RSA_padding_add_PKCS1_OAEP(PyString_AS_STRING(output), keylen,
input, inputlen,
param, paramlen);
if (r <= 0) {
- mm_SSL_ERR(1);
+ mm_SSL_ERR(1);
Py_DECREF(output);
return NULL;
}
-
+
return output;
}
@@ -789,7 +789,7 @@
"If the padding is in tact, the original string is returned.\n";
PyObject *
-mm_check_oaep_padding(PyObject *self, PyObject *args, PyObject *kwargs)
+mm_check_oaep_padding(PyObject *self, PyObject *args, PyObject *kwargs)
{
static char *kwlist[] = { "s", "param", "keylen", NULL };
@@ -798,8 +798,8 @@
int keylen, r;
PyObject *output;
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs,
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs,
"s#s#i:check_oaep_padding", kwlist,
&input,&inputlen,¶m,¶mlen,&keylen))
return NULL;
@@ -809,11 +809,11 @@
PyErr_SetString(mm_CryptoError, "Bad padding");
return NULL;
}
-
- if (!(output = PyString_FromStringAndSize(NULL,keylen))) {
- PyErr_NoMemory(); return NULL;
+
+ if (!(output = PyString_FromStringAndSize(NULL,keylen))) {
+ PyErr_NoMemory(); return NULL;
}
-
+
r = RSA_padding_check_PKCS1_OAEP(PyString_AS_STRING(output), keylen,
input+1, inputlen-1, keylen,
param, paramlen);
@@ -828,7 +828,7 @@
}
static void
-gen_dh_callback(int p, int n, void *arg)
+gen_dh_callback(int p, int n, void *arg)
{
if (p == 0) fputs(".", stderr);
if (p == 1) fputs("+", stderr);
@@ -836,7 +836,7 @@
if (p == 3) fputs("\n", stderr);
}
-const char mm_generate_dh_parameters__doc__[] =
+const char mm_generate_dh_parameters__doc__[] =
"generate_dh_parameters(filename, [verbose, [bits]])\n\n"
"Generate a DH parameter file named <filename>. The parameters will be of\n"
"size <bits>, which defaults to 512. If <verbose>, a pattern of dots\n"
@@ -849,20 +849,20 @@
static char *kwlist[] = { "filename", "verbose", "bits", NULL };
char *filename;
int bits=512, verbose=0;
-
+
BIO *out = NULL;
DH *dh = NULL;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs,
- "s|ii:generate_dh_parameters",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs,
+ "s|ii:generate_dh_parameters",
kwlist,
&filename, &verbose, &bits))
return NULL;
-
+
if (!(out = BIO_new_file(filename, "w")))
goto error;
- if (!(dh = DH_generate_parameters(bits, 2,
- verbose?gen_dh_callback:NULL,
+ if (!(dh = DH_generate_parameters(bits, 2,
+ verbose?gen_dh_callback:NULL,
NULL)))
goto error;
if (!PEM_write_bio_DHparams(out, dh))
@@ -881,7 +881,7 @@
return NULL;
}
-const char mm_generate_cert__doc__[] =
+const char mm_generate_cert__doc__[] =
"generate_cert(filename, rsa, cn, start_time, end_time)\n\n"
"Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
"server. The certificate will be stored to <filename>, and use the\n"
@@ -892,7 +892,7 @@
PyObject *
mm_generate_cert(PyObject *self, PyObject *args, PyObject *kwargs)
{
- static char *kwlist[] = { "filename", "rsa", "cn",
+ static char *kwlist[] = { "filename", "rsa", "cn",
"start_time", "end_time", NULL };
char *filename, *cn;
PyObject *_rsa;
@@ -901,10 +901,10 @@
* Python wants time to be a double. OpenSSL wants time_t.
* Ordinarily, I'd worry about resolution and bounds, but if time_t
* doesn't fit in a double, Python's time.time() function is already
- * doomed.
+ * doomed.
*/
double start_time, end_time;
-
+
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
BIO *out = NULL;
@@ -913,10 +913,10 @@
int nid;
PyObject *retval;
time_t time;
-
+
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO!sdd:generate_cert",
kwlist, &filename,
- &mm_RSA_Type, &_rsa, &cn,
+ &mm_RSA_Type, &_rsa, &cn,
&start_time, &end_time))
return NULL;
@@ -936,12 +936,12 @@
goto error;
if (!(name = X509_NAME_new()))
goto error;
-
+
#define SET_PART(part, val) \
if ((nid = OBJ_txt2nid(part)) == NID_undef) goto error; \
if (!X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,\
val, -1, -1, 0)) goto error;
-
+
SET_PART("countryName", "US");
SET_PART("organizationName", "Mixminion network");
SET_PART("commonName", cn);
@@ -950,7 +950,7 @@
goto error;
time = (time_t) start_time;
- if (!X509_time_adj(X509_get_notBefore(x509),0,&time))
+ if (!X509_time_adj(X509_get_notBefore(x509),0,&time))
goto error;
time = (time_t) end_time;
if (!X509_time_adj(X509_get_notAfter(x509),0,&time))
Index: main.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/main.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- main.c 19 Aug 2002 20:27:02 -0000 1.7
+++ main.c 12 Dec 2002 19:56:47 -0000 1.8
@@ -49,7 +49,7 @@
returns 1 on failure; 0 on success */
static int
-exc(PyObject *module_dict, PyObject **exception, char *longName,
+exc(PyObject *module_dict, PyObject **exception, char *longName,
char *itemString, char *doc)
{
PyObject *s, *exc_d;
@@ -95,19 +95,19 @@
OpenSSL_add_all_algorithms();
- if (exc(d, &mm_CryptoError, "mixminion._minionlib.CryptoError",
+ if (exc(d, &mm_CryptoError, "mixminion._minionlib.CryptoError",
"CryptoError", mm_CryptoError__doc__))
return;
- if (exc(d, &mm_TLSError, "mixminion._minionlib.TLSError",
+ if (exc(d, &mm_TLSError, "mixminion._minionlib.TLSError",
"TLSError", mm_TLSError__doc__))
return;
- if (exc(d, &mm_TLSWantRead, "mixminion._minionlib.TLSWantRead",
+ if (exc(d, &mm_TLSWantRead, "mixminion._minionlib.TLSWantRead",
"TLSWantRead", mm_TLSWantRead__doc__))
return;
- if (exc(d, &mm_TLSWantWrite, "mixminion._minionlib.TLSWantWrite",
+ if (exc(d, &mm_TLSWantWrite, "mixminion._minionlib.TLSWantWrite",
"TLSWantWrite", mm_TLSWantWrite__doc__))
return;
- if (exc(d, &mm_TLSClosed, "mixminion._minionlib.TLSClosed",
+ if (exc(d, &mm_TLSClosed, "mixminion._minionlib.TLSClosed",
"TLSClosed", mm_TLSClosed__doc__))
return;
@@ -116,12 +116,12 @@
return;
Py_INCREF(&mm_TLSContext_Type);
- if (PyDict_SetItemString(d, "TLSContext",
+ if (PyDict_SetItemString(d, "TLSContext",
(PyObject*)&mm_TLSContext_Type) < 0)
return;
Py_INCREF(&mm_TLSSock_Type);
- if (PyDict_SetItemString(d, "TLSSock",
+ if (PyDict_SetItemString(d, "TLSSock",
(PyObject*)&mm_TLSSock_Type) < 0)
return;
}
Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- tls.c 2 Dec 2002 03:18:23 -0000 1.9
+++ tls.c 12 Dec 2002 19:56:47 -0000 1.10
@@ -5,22 +5,22 @@
#include <openssl/ssl.h>
#include <openssl/tls1.h>
-char mm_TLSError__doc__[] =
+char mm_TLSError__doc__[] =
"mixminion._minionlib.TLSError\n\n"
"Exception raised for error in underlying TLS/SSL library.\n";
PyObject *mm_TLSError = NULL;
-char mm_TLSWantRead__doc__[] =
+char mm_TLSWantRead__doc__[] =
"mixminion._minionlib.TLSWantRead\n\n"
"Exception raised when a non-blocking TLS operation would block on reading.\n";
PyObject *mm_TLSWantRead = NULL;
-char mm_TLSWantWrite__doc__[] =
+char mm_TLSWantWrite__doc__[] =
"mixminion._minionlib.TLSWantWrite\n\n"
"Exception raised when a non-blocking TLS operation would block on writing.\n";
PyObject *mm_TLSWantWrite = NULL;
-char mm_TLSClosed__doc__[] =
+char mm_TLSClosed__doc__[] =
"mixminion._minionlib.TLSClosed\n\n"
"Exception raised when a connection is unexpectedly closed.\n";
PyObject *mm_TLSClosed = NULL;
@@ -35,15 +35,15 @@
TYPE_ERR("No arguments expected"); \
return NULL; \
}
-
+
/* Return values for tls_error */
#define NO_ERROR 0
#define ERROR 1
#define ZERO_RETURN -1
-/*
+/*
* Checks for an outstanding error on a given SSL object that has just
* returned the value 'r'. Returns NO_ERROR, ERROR, or ZERO_RETURN.
- * On ERROR, a Python error is set.
+ * On ERROR, a Python error is set.
*
* On SSL_ERROR_ZERO_RETURN, a Python error is set if !(flags &
* IGNORE_ZERO_RETURN). On SSL_ERROR_SYSCALL, an error condition is
@@ -51,7 +51,7 @@
*/
#define IGNORE_ZERO_RETURN 1
#define IGNORE_SYSCALL 2
-static int
+static int
tls_error(SSL *ssl, int r, int flags)
{
int err = SSL_get_error(ssl,r);
@@ -96,7 +96,7 @@
#define mm_TLSSock_Check(v) ((v)->ob_type == &mm_TLSSock_Type)
-const char mm_TLSContext_new__doc__[] =
+const char mm_TLSContext_new__doc__[] =
"TLSContext([certfile, [rsa, [dhfile] ] ] )\n\n"
"Allocates a new TLSContext object. The files, if provided, are used\n"
"contain the PEM-encoded X509 public keys, private key, and DH\n"
@@ -106,7 +106,7 @@
"LIMITATION: We don\'t expose any more features than Mixminion needs.\n";
PyObject*
-mm_TLSContext_new(PyObject *self, PyObject *args, PyObject *kwargs)
+mm_TLSContext_new(PyObject *self, PyObject *args, PyObject *kwargs)
{
static char *kwlist[] = { "certfile", "pkfile", "dhfile", NULL };
char *certfile = NULL, *dhfile=NULL;
@@ -119,28 +119,28 @@
BIO *bio;
RSA *_rsa = NULL;
EVP_PKEY *pkey = NULL;
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sO!s:TLSContext_new",
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sO!s:TLSContext_new",
kwlist,
- &certfile,
+ &certfile,
&mm_RSA_Type, &rsa,
&dhfile))
return NULL;
method = TLSv1_method();
-
+
if (!(ctx = SSL_CTX_new(method))) {
mm_SSL_ERR(0); return NULL;
}
if (!SSL_CTX_set_cipher_list(ctx, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)){
SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
}
- if (certfile &&
+ if (certfile &&
!SSL_CTX_use_certificate_file(ctx,certfile,SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
}
if (rsa) {
- if (!(_rsa = RSAPrivateKey_dup(rsa->rsa)) ||
+ if (!(_rsa = RSAPrivateKey_dup(rsa->rsa)) ||
!(pkey = EVP_PKEY_new()) ||
!EVP_PKEY_assign_RSA(pkey, _rsa)) {
if (!pkey && _rsa) RSA_free(_rsa);
@@ -152,38 +152,38 @@
SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
}
EVP_PKEY_free(pkey);
- }
+ }
if (dhfile) {
if ( !(bio = BIO_new_file(dhfile, "r"))) {
SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
}
dh=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
- BIO_free(bio);
+ BIO_free(bio);
if (!dh) {
- SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
+ SSL_CTX_free(ctx); mm_SSL_ERR(0); return NULL;
}
- SSL_CTX_set_tmp_dh(ctx,dh);
+ SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-
+
result = PyObject_New(mm_TLSContext, &mm_TLSContext_Type);
if (!result) {
- SSL_CTX_free(ctx); return NULL;
+ SSL_CTX_free(ctx); return NULL;
}
result->ctx = ctx;
return (PyObject*)result;
}
-static void
+static void
mm_TLSContext_dealloc(mm_TLSContext *self)
{
SSL_CTX_free(self->ctx);
PyObject_DEL(self);
}
-static char mm_TLSContext_sock__doc__[] =
+static char mm_TLSContext_sock__doc__[] =
"context.sock(socket, [serverMode])\n\n"
"Creates a new TLS socket to send and receive from a given underlying\n"
"socket.\n\n"
@@ -201,8 +201,8 @@
BIO *bio;
SSL *ssl;
mm_TLSSock *ret;
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|i:sock",
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|i:sock",
kwlist, &sockObj, &serverMode))
return NULL;
assert(mm_TLSContext_Check(self));
@@ -218,7 +218,7 @@
mm_SSL_ERR(0); return NULL;
}
- if (serverMode && !SSL_set_cipher_list(ssl,
+ if (serverMode && !SSL_set_cipher_list(ssl,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"
SSL3_TXT_RSA_DES_192_CBC3_SHA)) {
mm_SSL_ERR(0); SSL_free(ssl); return NULL;
@@ -228,7 +228,7 @@
SSL_free(ssl); mm_SSL_ERR(0); return NULL;
}
SSL_set_bio(ssl,bio,bio);
-
+
if (!(ret = PyObject_New(mm_TLSSock, &mm_TLSSock_Type))) {
SSL_free(ssl); PyErr_NoMemory(); SSL_free(ssl); return NULL;
}
@@ -245,9 +245,9 @@
METHOD(mm_TLSContext, sock),
{ NULL, NULL }
};
-
+
static PyObject*
-mm_TLSContext_getattr(PyObject *self, char *name)
+mm_TLSContext_getattr(PyObject *self, char *name)
{
return Py_FindMethod(mm_TLSContext_methods, self, name);
}
@@ -275,7 +275,7 @@
(char*)mm_TLSContext_Type__doc__
};
-static void
+static void
mm_TLSSock_dealloc(mm_TLSSock *self)
{
Py_DECREF(self->context);
@@ -284,7 +284,7 @@
PyObject_DEL(self);
}
-static char mm_TLSSock_accept__doc__[] =
+static char mm_TLSSock_accept__doc__[] =
"tlssock.accept()\n\n"
"Perform initial server-side TLS handshaking.\n"
"Returns None if finished. May raise TLSWantRead or TLSWantWrite.\n";
@@ -297,18 +297,18 @@
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
ssl = ((mm_TLSSock*)self)->ssl;
Py_BEGIN_ALLOW_THREADS
r = SSL_accept(ssl);
Py_END_ALLOW_THREADS
-
+
if (tls_error(ssl, r, 0))
return NULL;
-
+
Py_INCREF(Py_None);
return Py_None;
-}
+}
static char mm_TLSSock_connect__doc__[] =
"tlssock.connect()\n\n"
@@ -319,11 +319,11 @@
mm_TLSSock_connect(PyObject *self, PyObject *args, PyObject *kwargs)
{
SSL *ssl;
- int r, err;
+ int r, err;
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
ssl = ((mm_TLSSock*)self)->ssl;
Py_BEGIN_ALLOW_THREADS
@@ -335,9 +335,9 @@
Py_INCREF(Py_None);
return Py_None;
-}
+}
-static char mm_TLSSock_pending__doc__[] =
+static char mm_TLSSock_pending__doc__[] =
"tlssock.pending()\n\n"
"Returns true iff there is data waiting to be read from this socket.";
@@ -348,13 +348,13 @@
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
ssl = ((mm_TLSSock*)self)->ssl;
-
+
return PyInt_FromLong(SSL_pending(ssl));
-}
+}
-static char mm_TLSSock_read__doc__[] =
+static char mm_TLSSock_read__doc__[] =
"tlssock.read(size)\n\n"
"Tries to read [up to] size bytes from this socket.\n"
"Returns a string if the read was successful. Returns 0 if the connection\n"
@@ -374,13 +374,13 @@
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i:read", kwlist,
&n))
return NULL;
-
+
ssl = ((mm_TLSSock*)self)->ssl;
-
+
if (!(res = PyString_FromStringAndSize(NULL, n))) {
- PyErr_NoMemory(); return NULL;
+ PyErr_NoMemory(); return NULL;
}
-
+
Py_BEGIN_ALLOW_THREADS
r = SSL_read(ssl, PyString_AS_STRING(res), n);
Py_END_ALLOW_THREADS
@@ -395,19 +395,19 @@
case NO_ERROR:
Py_INCREF(Py_None);
return Py_None;
- case ZERO_RETURN:
+ case ZERO_RETURN:
return PyInt_FromLong(0);
case ERROR:
default:
return NULL;
}
-}
+}
-static char mm_TLSSock_write__doc__[] =
+static char mm_TLSSock_write__doc__[] =
"tlssock.write(string)\n\n"
"Try to write to a TLS socket.\n"
"If the write was successful, returns the number of bytes written. If the\n"
- "connection is being shutdown, returns 0. Raises TLSWantRead or\n"
+ "connection is being shutdown, returns 0. Raises TLSWantRead or\n"
"TLSWantWrite if the underlying nonblocking socket would block on one of\n"
"these operations.\n";
@@ -424,15 +424,15 @@
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s#:write", kwlist,
&string, &stringlen))
return NULL;
-
+
ssl = ((mm_TLSSock*)self)->ssl;
-
+
Py_BEGIN_ALLOW_THREADS
r = SSL_write(ssl, string, stringlen);
Py_END_ALLOW_THREADS
-
+
switch(tls_error(ssl, r, IGNORE_ZERO_RETURN)) {
- case NO_ERROR:
+ case NO_ERROR:
return PyInt_FromLong(r);
case ZERO_RETURN:
return PyInt_FromLong(0);
@@ -443,7 +443,7 @@
}
}
-static char mm_TLSSock_shutdown__doc__[] =
+static char mm_TLSSock_shutdown__doc__[] =
"tlssock.shutdown()\n\n"
"Initiates a shutdown.\n"
"If 0 is returned, the shutdown is not complete. If 1 is returned, the\n"
@@ -457,7 +457,7 @@
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
ssl = ((mm_TLSSock*)self)->ssl;
Py_BEGIN_ALLOW_THREADS
@@ -470,9 +470,9 @@
Py_INCREF(Py_None);
return Py_None;
-}
+}
-static char mm_TLSSock_fileno__doc__[] =
+static char mm_TLSSock_fileno__doc__[] =
"tlssock.fileno()\n\n"
"Returns the integer filehandle underlying this TLS socket.\n";
@@ -482,11 +482,11 @@
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
return PyInt_FromLong(((mm_TLSSock*)self)->sock);
}
-static char mm_TLSSock_get_peer_cert_pk__doc__[] =
+static char mm_TLSSock_get_peer_cert_pk__doc__[] =
"tlssock.get_peer_cert_pk()\n\n"
"Returns the public key of the certificate used by the server on the\n"
"other side of this connection. Returns None if no such cert exists\n";
@@ -502,17 +502,17 @@
assert(mm_TLSSock_Check(self));
FAIL_IF_ARGS();
-
+
ssl = ((mm_TLSSock*)self)->ssl;
if (!(cert = SSL_get_peer_certificate(ssl))) {
mm_SSL_ERR(0); return NULL;
}
pkey = X509_get_pubkey(cert);
if (!(rsa = EVP_PKEY_get1_RSA(pkey))) {
- EVP_PKEY_free(pkey); mm_SSL_ERR(0); return NULL;
+ EVP_PKEY_free(pkey); mm_SSL_ERR(0); return NULL;
}
EVP_PKEY_free(pkey);
-
+
if (!(result = PyObject_New(mm_RSA, &mm_RSA_Type))) {
RSA_free(rsa); PyErr_NoMemory(); return NULL;
}
@@ -532,9 +532,9 @@
METHOD(mm_TLSSock, fileno),
{ NULL, NULL }
};
-
+
static PyObject*
-mm_TLSSock_getattr(PyObject *self, char *name)
+mm_TLSSock_getattr(PyObject *self, char *name)
{
return Py_FindMethod(mm_TLSSock_methods, self, name);
}