Permalink
Browse files

v0.80f: Some fixes + master_key_timeout in config.

Signed-off-by: FellowTraveler <F3llowTraveler@gmail.com>
  • Loading branch information...
1 parent de04107 commit 6573381364b9c374ab5945e27e6c186a82631a5b @FellowTraveler committed May 17, 2012
Oops, something went wrong.
@@ -262,8 +262,13 @@ class OTAsymmetricKey
//
const
EVP_PKEY * GetKey();
- void SetKey(EVP_PKEY * pKey, bool bIsPrivateKey=false);
+ void SetKeyAsCopyOf(EVP_PKEY & theKey, bool bIsPrivateKey=false);
+ static // CALLER must EVP_pkey_free!
+ EVP_PKEY * CopyPublicKey (EVP_PKEY & theKey);
+ static
+ EVP_PKEY * CopyPrivateKey(EVP_PKEY & theKey);
+
// We're moving to a system where the actual key isn't kept loaded in
// memory except under 2 circumstances: 1. We are using it currently,
// and we're going to destroy it when we're done with it. 2. A timer
@@ -411,7 +411,7 @@ int OTMasterKey::GetTimeoutSeconds()
void OTMasterKey::SetTimeoutSeconds(int nTimeoutSeconds) // So we can load from the config file.
{
- OT_ASSERT_MSG(nTimeoutSeconds > 0, "OTMasterKey::SetTimeoutSeconds: ASSERT: nTimeoutSeconds must be >0.\n");
+ OT_ASSERT_MSG(nTimeoutSeconds >= (-1), "OTMasterKey::SetTimeoutSeconds: ASSERT: nTimeoutSeconds must be >= (-1)\n");
lock_guard<mutex> lock(m_Mutex); // Multiple threads can't get inside here at the same time.
@@ -689,10 +689,12 @@ void OTMasterKey::ThreadTimeout(void * pArg)
// --------------------------------------
int nTimeoutSeconds = pMyself->GetTimeoutSeconds(); // locks mutex internally.
- this_thread::sleep_for(chrono::seconds( nTimeoutSeconds )); // <===== ASLEEP!
+ if (nTimeoutSeconds > 0)
+ this_thread::sleep_for(chrono::seconds( nTimeoutSeconds )); // <===== ASLEEP!
// --------------------------------------
- pMyself->DestroyMasterPassword(); // locks mutex internally.
+ if (nTimeoutSeconds != (-1))
+ pMyself->DestroyMasterPassword(); // locks mutex internally.
}
View
@@ -195,13 +195,14 @@ class OTPassword;
//using namespace tthread; // in the C++ file
// ----------------------------
-
+// OTMasterKey
// This class handles the functionality of caching the master key for X seconds
// as an OTPassword, and then deleting it. It also caches the encrypted version
// in an OTSymmetricKey, which can be unlocked to an OTPassword again for X more
// seconds (by entering the passphrase...)
-
+// This is only the hard-coded default; it's also in the config file.
+//
#define OT_MASTER_KEY_TIMEOUT 300
View
@@ -226,7 +226,7 @@ int OTLog::__latency_receive_ms = 5000; // number of ms to wait before retry
long OTLog::__minimum_market_scale = 1; // Server admin can configure this to any higher power-of-ten.
-OTString OTLog::__Version = "0.80e";
+OTString OTLog::__Version = "0.80f";
View
@@ -581,10 +581,10 @@ OTItem * OTPseudonym::GenerateTransactionStatement(const OTTransaction & theOwne
-bool OTPseudonym::ConvertToMasterKey()
+bool OTPseudonym::Savex509CertAndPrivateKey(bool bCreateFile/*=true*/)
{
- const char * szFunc = "OTPseudonym::ConvertToMasterKey";
-
+ const char * szFunc = "OTPseudonym::Savex509CertAndPrivateKey";
+ // ---------------------------------------
X509 * x509 = m_pkeyPublic->GetX509();
EVP_PKEY * pPrivateKey = m_pkeyPrivate->GetKeyLowLevel();
@@ -599,18 +599,6 @@ bool OTPseudonym::ConvertToMasterKey()
OTLog::vError("%s: Error: Unexpected NULL pPrivateKey. (Returning false.)\n", szFunc);
return false;
}
-
- return this->Savex509CertAndPrivateKey(x509, pPrivateKey, true); //bool bCreateFile=true
- }
-
-
-
-bool OTPseudonym::Savex509CertAndPrivateKey(X509 * x509, EVP_PKEY * pPrivateKey, bool bCreateFile/*=true*/)
-{
- OT_ASSERT(NULL != x509);
- OT_ASSERT(NULL != pPrivateKey);
- // ---------------------------------------
- const char * szFunc = "OTPseudonym::Savex509CertAndPrivateKey";
// ---------------------------------------
class _Nym__saveCert_
{
@@ -656,7 +644,7 @@ bool OTPseudonym::Savex509CertAndPrivateKey(X509 * x509, EVP_PKEY * pPrivateKey,
bool bSuccess = false;
- unsigned char buffer_pri[4096] = ""; // todo hardcoded
+ unsigned char buffer_pri [4096] = ""; // todo hardcoded
unsigned char buffer_x509[8192] = ""; // todo hardcoded
OTString strx509;
@@ -675,7 +663,11 @@ bool OTPseudonym::Savex509CertAndPrivateKey(X509 * x509, EVP_PKEY * pPrivateKey,
EVP_PKEY * pPublicKey = X509_get_pubkey(x509);
if (NULL != pPublicKey)
- m_pkeyPublic->SetKey(pPublicKey, false); // bool bIsPrivateKey=false;
+ {
+ m_pkeyPublic->SetKeyAsCopyOf(*pPublicKey, false); // bool bIsPrivateKey=false;
+ EVP_PKEY_free(pPublicKey);
+ pPublicKey = NULL;
+ }
// else?
// todo hardcoded 4080 (see array above.)
@@ -705,7 +697,7 @@ bool OTPseudonym::Savex509CertAndPrivateKey(X509 * x509, EVP_PKEY * pPrivateKey,
if (false == OTDB::StorePlainString(strFinal.Get(), OTLog::CertFolder(), strFilename.Get()))
{
- OTLog::vError("%s: Failure storing cert for new nym: %s\n", szFunc, strFilename.Get());
+ OTLog::vError("%s: Failure storing new cert for nym: %s\n", szFunc, strFilename.Get());
return false;
}
@@ -782,22 +774,23 @@ bool OTPseudonym::GenerateNym(int nBits/*=1024*/, bool bCreateFile/*=true*/) //
// 1024 is apparently a minimum requirement, if not an only requirement.
// Will need to go over just what sorts of keys are involved here... todo.
- if (NULL == pNewKey)
- {
- OTLog::vError("%s: Failed attempting to generate new private key.\n", szFunc);
-
- if (NULL != x509)
- X509_free(x509);
-
- return false;
- }
// ------------------------------------------------------------
if (NULL == x509)
{
OTLog::vError("%s: Failed attempting to generate new x509 cert.\n", szFunc);
-
+
if (NULL != pNewKey)
EVP_PKEY_free(pNewKey);
+
+ return false;
+ }
+ // ---------------------------------------------------------------
+ if (NULL == pNewKey)
+ {
+ OTLog::vError("%s: Failed attempting to generate new private key.\n", szFunc);
+
+ if (NULL != x509)
+ X509_free(x509);
return false;
}
@@ -823,11 +816,15 @@ bool OTPseudonym::GenerateNym(int nBits/*=1024*/, bool bCreateFile/*=true*/) //
// private key itself... might as well keep it loaded for now.
// (Therefore it's now owned by m_pkeyPrivate, no need to cleanup after this.)
//
- m_pkeyPrivate->SetKey(pNewKey, true); // bool bIsPrivateKey=true; (Default is false)
- m_pkeyPublic->SetX509(x509); // x509 is now owned.
+ m_pkeyPrivate->SetKeyAsCopyOf(*pNewKey, true); // bool bIsPrivateKey=true; (Default is false)
+ EVP_PKEY_free(pNewKey);
+ pNewKey = NULL;
+
+ m_pkeyPublic->SetX509(x509); // x509 is now owned by m_pkeyPublic. (No need to free it here.)
// ---------------------------------------------------------------
- bool bSaved = this->Savex509CertAndPrivateKey(x509, pNewKey, bCreateFile);
- pNewKey = NULL;
+ bool bSaved = this->Savex509CertAndPrivateKey(bCreateFile);
+ // NOTE: cannot reference x509 and pNewKey below this point, since they
+ // were probably destroyed and re-loaded during Savex509CertAndPrivateKey...
// ---------------------------------------------------------------
if (bSaved && bCreateFile)
{
View
@@ -350,7 +350,7 @@ class OTPseudonym
// have to call a function that reverses the one below. (ConvertBackOutOfMasterKey or
// some such thing.)
//
- bool ConvertToMasterKey();
+// bool ConvertToMasterKey(); // Replaced by Savex509CertAndPrivateKey().
// ------------------------------------------------
OTPseudonym();
@@ -425,7 +425,7 @@ class OTPseudonym
bool LoadPublicKey();
bool Loadx509CertAndPrivateKey();
- bool Savex509CertAndPrivateKey(X509 * x509, EVP_PKEY * pPrivateKey, bool bCreateFile/*=true*/);
+ bool Savex509CertAndPrivateKey(bool bCreateFile=true);
// bool SavePseudonymWallet(FILE * fl) const;
bool SavePseudonymWallet(OTString & strOutput) const;
View
@@ -1515,15 +1515,15 @@ bool OTWallet::LoadWallet(const char * szFilename)
OTMasterKey::It()->SetMasterKey(ascMasterKey);
}
- OTLog::vOutput(1, "\nLoading masterKey:\n%s\n", ascMasterKey.Get());
+ OTLog::vOutput(1, "Loading masterKey:\n%s\n", ascMasterKey.Get());
}
else if (strNodeName.Compare("nymUsingMasterKey")) // -------------------------------------------------------------
{
NymID = xml->getAttributeValue("id"); // message digest from hash of x.509 cert or public key.
- OTLog::vOutput(0, "\n\n NymID using Master Key: %s\n", NymID.Get());
+ OTLog::vOutput(0, "NymID using Master Key: %s\n", NymID.Get());
OT_ASSERT_MSG(NymID.Exists(), "OTWallet::LoadWallet: NymID using Master Key was empty when loading wallet!\n");
// ----------------------
const OTIdentifier theNymID(NymID);
@@ -1745,7 +1745,7 @@ bool OTWallet::ConvertNymToMasterKey(OTPseudonym & theNym)
//
if (false == IsNymOnMasterKey(theNym.GetConstID()))
{
- const bool bConverted = theNym.ConvertToMasterKey();
+ const bool bConverted = theNym.Savex509CertAndPrivateKey();
if (bConverted)
{
View
@@ -1 +1 @@
-0.80.e
+0.80.f
@@ -3,6 +3,13 @@ NOTES on the Version:
// --------------------------------------------------------------------
+ 0.80f--- OTAsymmetricKey now creates its own copy of the EVP_PKEY when
+ setting it, to fix an openssl-related segfault.
+
+ master_key_timeout was added to the config files.
+
+ _PASSWORD_LEN bug was fixed. (#ifndef, #define'd as 128.)
+
0.80e--- Added the OTMasterKey class. The user's passphrase is no longer
used to directly open his private keys for his Nyms. Instead,
the passphrase is used to derive a key, which is used to unlock
@@ -52,3 +52,19 @@ recv_fail_max_ms =3000
;;
;; blocking =true
;;
+
+
+;; master_key_timeout
+;;
+;; This is how long the master key will be in memory until a thread
+;; wipes it out. 0 means you have to type your password EVERY time
+;; OT uses a private key. (Even multiple times in a single function.)
+;; 300 means you only have to type it once per 5 minutes. -1 means
+;; you only type it once PER RUN (popular for servers.)
+
+[security]
+master_key_timeout =300
+
+
+
+
@@ -148,4 +148,18 @@ cmd_trigger_clause=true
+;; master_key_timeout
+;;
+;; This is how long the master key will be in memory until a thread
+;; wipes it out. 0 means you have to type your password EVERY time
+;; OT uses a private key. (Even multiple times in a single function.)
+;; 300 means you only have to type it once per 5 minutes. -1 means
+;; you only type it once PER RUN (popular for servers.)
+
+[security]
+master_key_timeout =-1
+
+
+
+
@@ -52,3 +52,19 @@ recv_fail_max_ms =3000
;;
;; blocking =true
;;
+
+
+
+;; master_key_timeout
+;;
+;; This is how long the master key will be in memory until a thread
+;; wipes it out. 0 means you have to type your password EVERY time
+;; OT uses a private key. (Even multiple times in a single function.)
+;; 300 means you only have to type it once per 5 minutes. -1 means
+;; you only type it once PER RUN (popular for servers.)
+
+[security]
+master_key_timeout =300
+
+
+
@@ -148,4 +148,18 @@ cmd_trigger_clause=true
+;; master_key_timeout
+;;
+;; This is how long the master key will be in memory until a thread
+;; wipes it out. 0 means you have to type your password EVERY time
+;; OT uses a private key. (Even multiple times in a single function.)
+;; 300 means you only have to type it once per 5 minutes. -1 means
+;; you only type it once PER RUN (popular for servers.)
+
+[security]
+master_key_timeout =-1
+
+
+
+
Oops, something went wrong.

0 comments on commit 6573381

Please sign in to comment.