[Pvfs2-cvs] commit by nlmills in pvfs2/src/common/security: pint-security.c pint-security.h rsa_security.h

CVS commit program cvs at parl.clemson.edu
Wed May 21 15:04:07 EDT 2008


Update of /anoncvs/pvfs2/src/common/security
In directory parlweb1:/tmp/cvs-serv9133/src/common/security

Modified Files:
      Tag: cu-security-branch
	pint-security.c pint-security.h 
Removed Files:
      Tag: cu-security-branch
	rsa_security.h 
Log Message:
reverted prev changes, removed separate rsa header, general cleanup


Index: pint-security.c
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.c,v
diff -p -u -r1.1.2.18 -r1.1.2.19
--- pint-security.c	21 May 2008 18:06:16 -0000	1.1.2.18
+++ pint-security.c	21 May 2008 19:04:07 -0000	1.1.2.19
@@ -31,10 +31,9 @@
 
 
 /* TODO: move to global configuration */
-#define SECURITY_DEFAULT_KEYSTORE "/tmp/keystore"
+#define SECURITY_DEFAULT_KEYSTORE     "/tmp/keystore"
 #define SECURITY_DEFAULT_PRIVKEYFILE  "/tmp/privkey.pem"
-#define SECURITY_DEFAULT_TIMEOUT 3600
-#define SECURITY_ENCRYPTION EVP_sha1()
+#define SECURITY_DEFAULT_TIMEOUT      3600                /* 1 hour */
 
 
 /* the private key used for signing */
@@ -134,6 +133,7 @@ int PINT_security_finalize(void)
 int PINT_sign_capability(PVFS_capability *cap)
 {
     EVP_MD_CTX mdctx;
+    unsigned siglen;
     char buf[256];
     int ret;
 
@@ -144,7 +144,7 @@ int PINT_sign_capability(PVFS_capability
 
     EVP_MD_CTX_init(&mdctx);
 
-    ret = EVP_SignInit_ex(&mdctx, SECURITY_ENCRYPTION, NULL);
+    ret = EVP_SignInit_ex(&mdctx, EVP_sha1(), NULL);
     if (!ret)
     {
         gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
@@ -152,8 +152,6 @@ int PINT_sign_capability(PVFS_capability
         EVP_MD_CTX_cleanup(&mdctx);
         return -1;
     }
-    cap->signature = (PVFS_sig)malloc(sizeof(EVP_PKEY_size(
-                                                   security_privkey)));
 
     ret = EVP_SignUpdate(&mdctx, &cap->owner, sizeof(PVFS_handle));
     ret &= EVP_SignUpdate(&mdctx, &cap->fsid, sizeof(PVFS_fs_id));
@@ -171,8 +169,7 @@ int PINT_sign_capability(PVFS_capability
         return -1;
     }
 
-    ret = EVP_SignFinal(&mdctx, cap->signature, &cap->sig_size, 
-                        security_privkey);
+    ret = EVP_SignFinal(&mdctx, cap->signature, &siglen, security_privkey);
     if (!ret)
     {
         gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
@@ -197,6 +194,7 @@ int PINT_sign_capability(PVFS_capability
 int PINT_verify_capability(PVFS_capability *data)
 {
     EVP_MD_CTX mdctx;
+    const EVP_MD *md;
     int ret;
     char *buf;
     EVP_PKEY *pubkey;
@@ -233,8 +231,10 @@ int PINT_verify_capability(PVFS_capabili
     }
     free(buf);
 
+    md = EVP_sha1();
+
     EVP_MD_CTX_init(&mdctx);
-    ret = EVP_VerifyInit_ex(&mdctx, SECURITY_ENCRYPTION, NULL);
+    ret = EVP_VerifyInit_ex(&mdctx, md, NULL);
     if (ret)
     {
         ret = EVP_VerifyUpdate(&mdctx, &(data->owner), sizeof(PVFS_handle));
@@ -247,8 +247,7 @@ int PINT_verify_capability(PVFS_capabili
                                 sizeof(PVFS_handle) * data->num_handles);
         if (ret)
         {
-            ret = EVP_VerifyFinal(&mdctx, data->signature, data->sig_size,
-                                  pubkey);
+            ret = EVP_VerifyFinal(&mdctx, data->signature, 128, pubkey);
         }
         else 
         {

Index: pint-security.h
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.h,v
diff -p -u -r1.1.2.9 -r1.1.2.10
--- pint-security.h	21 May 2008 18:06:16 -0000	1.1.2.9
+++ pint-security.h	21 May 2008 19:04:07 -0000	1.1.2.10
@@ -6,13 +6,15 @@
 #ifndef PINT_SECURITY_H
 #define PINT_SECURITY_H
 
+
 #include "pvfs2-config.h"
 #include "pvfs2-types.h"
 
 
-/* NOTE: add signer ID to each structure */
-
 typedef unsigned char *PVFS_sig;
+
+/* TODO: encode and decode PVFS_sig */
+
 typedef struct PVFS_capability PVFS_capability;
 struct PVFS_capability {
         PVFS_handle owner;




More information about the Pvfs2-cvs mailing list