[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-commits-diffs] net.venge.monotone: 5934509c86e975ce771c66a1511
From: |
code |
Subject: |
[Monotone-commits-diffs] net.venge.monotone: 5934509c86e975ce771c66a1511671620eceb6d0 |
Date: |
Mon, 18 Mar 2013 21:51:19 +0100 (CET) |
revision: 5934509c86e975ce771c66a1511671620eceb6d0
date: 2013-03-18T20:51:04
author: address@hidden
branch: net.venge.monotone
changelog:
merge of '00e50c1340793157706ec27e9e336422ec13bf10'
and '9ff6e41adc6f40ae054fb4487f356bf69324dbdb'
manifest:
format_version "1"
new_manifest [b94626d5d4825e62146f6d3c447de91549c8fd09]
old_revision [00e50c1340793157706ec27e9e336422ec13bf10]
patch "src/database.cc"
from [39ab2644b936e09a536b99ebd28b93f6e0d7c162]
to [a2f65339e0beb0740c9338b149b47e70c9ae0bfd]
patch "src/key_store.cc"
from [1ca13b7ee527bc2872d9fc325cf5ef327ca053c2]
to [974edefb0c48a3cdb903cac5c03859563c1e6971]
old_revision [9ff6e41adc6f40ae054fb4487f356bf69324dbdb]
patch "doc/monotone.texi"
from [54602b03c6fbd96c3eacf8ec43e25202d4e12889]
to [fcc02ef992214968bfbdd4a1f968846535de22f7]
patch "src/merge_content.cc"
from [095c2d20ac8d8d495806f6463c311d253cb6a686]
to [b3aeba9d9a98bf032c7771ae7426e9209085f070]
============================================================
--- src/database.cc 39ab2644b936e09a536b99ebd28b93f6e0d7c162
+++ src/database.cc a2f65339e0beb0740c9338b149b47e70c9ae0bfd
@@ -98,12 +98,15 @@ using boost::lexical_cast;
using boost::tuple;
using boost::lexical_cast;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
+using Botan::PK_Encryptor_EME;
+#else
using Botan::PK_Encryptor;
+#endif
using Botan::PK_Verifier;
using Botan::SecureVector;
using Botan::X509_PublicKey;
using Botan::RSA_PublicKey;
-using Botan::get_pk_encryptor;
int const
int const
@@ -3435,23 +3438,25 @@ database::encrypt_rsa(key_id const & pub
throw recoverable_failure(origin::system,
"Failed to get RSA encrypting key");
- shared_ptr<PK_Encryptor>
- encryptor(get_pk_encryptor(*pub_key, "EME1(SHA-1)"));
-
SecureVector<Botan::byte> ct;
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
- ct = encryptor->encrypt(
+ PK_Encryptor_EME encryptor(*pub_key, "EME1(SHA-1)");
+ ct = encryptor.encrypt(
reinterpret_cast<Botan::byte const *>(plaintext.data()),
plaintext.size(), lazy_rng::get());
#else
+ shared_ptr<PK_Encryptor>
+ encryptor(Botan::get_pk_encryptor(*pub_key, "EME1(SHA-1)"));
+
ct = encryptor->encrypt(
reinterpret_cast<Botan::byte const *>(plaintext.data()),
plaintext.size());
#endif
- ciphertext = rsa_oaep_sha_data(string(reinterpret_cast<char const *>(ct.begin()),
- ct.size()),
- origin::database);
+
+ ciphertext = rsa_oaep_sha_data(
+ string(reinterpret_cast<char const *>(ct.begin()), ct.size()),
+ origin::database);
}
cert_status
@@ -3486,7 +3491,11 @@ database::check_signature(key_id const &
E(pub_key, id.inner().made_from,
F("failed to get RSA verifying key for %s") % id);
- verifier.reset(get_pk_verifier(*pub_key, "EMSA3(SHA-1)"));
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ verifier.reset(new Botan::PK_Verifier(*pub_key, "EMSA3(SHA1)"));
+#else
+ verifier.reset(Botan::get_pk_verifier(*pub_key, "EMSA3(SHA-1)"));
+#endif
/* XXX This is ugly. We need to keep the key around
* as long as the verifier is around, but the shared_ptr will go
============================================================
--- src/key_store.cc 1ca13b7ee527bc2872d9fc325cf5ef327ca053c2
+++ src/key_store.cc 974edefb0c48a3cdb903cac5c03859563c1e6971
@@ -55,6 +55,7 @@ using Botan::get_cipher;
using Botan::Pipe;
using Botan::get_pk_decryptor;
using Botan::get_cipher;
+using Botan::byte;
typedef pair<key_name, keypair> key_info;
@@ -710,10 +711,19 @@ key_store::create_key_pair(database & db
// serialize and maybe encrypt the private key
keypair kp;
- SecureVector<Botan::byte> pubkey, privkey;
+ SecureVector<byte> pubkey, privkey;
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if ((*maybe_passphrase)().length())
+ unfiltered_pipe->write(
+ Botan::PKCS8::BER_encode(priv, lazy_rng::get(),
+ (*maybe_passphrase)(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ unfiltered_pipe->write(Botan::PKCS8::PEM_encode(priv));
+#else
+ if ((*maybe_passphrase)().length())
Botan::PKCS8::encrypt_key(priv, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -723,13 +733,20 @@ key_store::create_key_pair(database & db
Botan::RAW_BER);
else
Botan::PKCS8::encode(priv, *unfiltered_pipe);
+#endif
unfiltered_pipe->end_msg();
- kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
- origin::internal);
+ kp.priv = rsa_priv_key(
+ unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
+ origin::internal);
+
// serialize the public key
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::X509::BER_encode(priv));
+#else
Botan::X509::encode(priv, *unfiltered_pipe, Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.pub = rsa_pub_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
@@ -796,7 +813,16 @@ key_store::change_key_passphrase(key_id
get_passphrase(new_phrase, name, id, true, false);
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if (new_phrase().length())
+ unfiltered_pipe->write(
+ Botan::PKCS8::BER_encode(*priv, lazy_rng::get(),
+ new_phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ unfiltered_pipe->write(Botan::PKCS8::PEM_encode(*priv));
+#else
+ if (new_phrase().length())
Botan::PKCS8::encrypt_key(*priv, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -806,6 +832,7 @@ key_store::change_key_passphrase(key_id
Botan::RAW_BER);
else
Botan::PKCS8::encode(*priv, *unfiltered_pipe);
+#endif
unfiltered_pipe->end_msg();
kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
@@ -826,14 +853,23 @@ key_store::decrypt_rsa(key_id const & id
load_key_pair(*this, id, kp);
shared_ptr<RSA_PrivateKey> priv_key = s->decrypt_private_key(id);
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ Botan::PK_Decryptor_EME decryptor(*priv_key, "EME1(SHA-1)");
+
+ SecureVector<byte> plain =
+ decryptor.decrypt(reinterpret_cast<byte const *>(ciphertext().data()),
+ ciphertext().size());
+ plaintext = string(plain.begin(), plain.end());
+#else
shared_ptr<PK_Decryptor>
- decryptor(get_pk_decryptor(*priv_key, "EME1(SHA-1)"));
+ decryptor(Botan::get_pk_decryptor(*priv_key, "EME1(SHA-1)"));
- SecureVector<Botan::byte> plain =
- decryptor->decrypt(reinterpret_cast<Botan::byte const *>(ciphertext().data()),
+ SecureVector<byte> plain =
+ decryptor->decrypt(reinterpret_cast<byte const *>(ciphertext().data()),
ciphertext().size());
plaintext = string(reinterpret_cast<char const*>(plain.begin()),
plain.size());
+#endif
}
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)
catch (std::exception & e)
@@ -873,8 +909,8 @@ key_store::make_signature(database & db,
{
if (agent.connected()) {
//grab the monotone public key as an RSA_PublicKey
- SecureVector<Botan::byte> pub_block
- (reinterpret_cast<Botan::byte const *>(key.pub().data()),
+ SecureVector<byte> pub_block
+ (reinterpret_cast<byte const *>(key.pub().data()),
key.pub().size());
L(FL("make_signature: building %d-byte pub key") % pub_block.size());
shared_ptr<X509_PublicKey> x509_key =
@@ -902,7 +938,7 @@ key_store::make_signature(database & db,
|| s->ssh_sign_mode == "check"
|| s->ssh_sign_mode == "no")
{
- SecureVector<Botan::byte> sig;
+ SecureVector<byte> sig;
// we permit the user to relax security here, by caching a decrypted key
// (if they permit it) through the life of a program run. this helps when
@@ -926,7 +962,13 @@ key_store::make_signature(database & db,
L(FL("make_signature: adding private key (%s) to ssh-agent") % id);
agent.add_identity(*priv_key, name());
}
- signer = shared_ptr<PK_Signer>(get_pk_signer(*priv_key, "EMSA3(SHA-1)"));
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ signer = shared_ptr<PK_Signer>(
+ new PK_Signer(*priv_key, "EMSA3(SHA-1)"));
+#else
+ signer = shared_ptr<PK_Signer>(
+ get_pk_signer(*priv_key, "EMSA3(SHA-1)"));
+#endif
/* If persist_phrase is true, the RSA_PrivateKey object is
cached in s->active_keys and will survive as long as the
@@ -937,11 +979,11 @@ key_store::make_signature(database & db,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
sig = signer->sign_message(
- reinterpret_cast<Botan::byte const *>(tosign.data()),
+ reinterpret_cast<byte const *>(tosign.data()),
tosign.size(), lazy_rng::get());
#else
sig = signer->sign_message(
- reinterpret_cast<Botan::byte const *>(tosign.data()),
+ reinterpret_cast<byte const *>(tosign.data()),
tosign.size());
#endif
sig_string = string(reinterpret_cast<char const*>(sig.begin()), sig.size());
@@ -1006,7 +1048,16 @@ key_store::export_key_for_agent(key_id c
// This pipe cannot sensibly be recycled.
Pipe p(new Botan::DataSink_Stream(os));
p.start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if (new_phrase().length())
+ p.write(Botan::PKCS8::PEM_encode(*priv,
+ lazy_rng::get(),
+ new_phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ p.write(Botan::PKCS8::PEM_encode(*priv));
+#else
+ if (new_phrase().length())
Botan::PKCS8::encrypt_key(*priv,
p,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
@@ -1016,6 +1067,7 @@ key_store::export_key_for_agent(key_id c
"PBE-PKCS5v20(SHA-1,TripleDES/CBC)");
else
Botan::PKCS8::encode(*priv, p);
+#endif
p.end_msg();
}
@@ -1031,7 +1083,7 @@ key_store_state::migrate_old_key_pair
rsa_pub_key const & pub)
{
keypair kp;
- SecureVector<Botan::byte> arc4_key;
+ SecureVector<byte> arc4_key;
utf8 phrase;
shared_ptr<PKCS8_PrivateKey> pkcs8_key;
shared_ptr<RSA_PrivateKey> priv_key;
@@ -1051,10 +1103,10 @@ key_store_state::migrate_old_key_pair
{
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)
arc4_key.resize(phrase().size());
- arc4_key.copy(reinterpret_cast<Botan::byte const *>(phrase().data()),
+ arc4_key.copy(reinterpret_cast<byte const *>(phrase().data()),
phrase().size());
#else
- arc4_key.set(reinterpret_cast<Botan::byte const *>(phrase().data()),
+ arc4_key.set(reinterpret_cast<byte const *>(phrase().data()),
phrase().size());
#endif
@@ -1065,7 +1117,7 @@ key_store_state::migrate_old_key_pair
// This is necessary because PKCS8::load_key() cannot currently
// recognize an unencrypted, raw-BER blob as such, but gets it
// right if it's PEM-coded.
- SecureVector<Botan::byte> arc4_decrypt(arc4_decryptor.read_all());
+ SecureVector<byte> arc4_decrypt(arc4_decryptor.read_all());
Botan::DataSource_Memory ds(Botan::PEM_Code::encode(arc4_decrypt,
"PRIVATE KEY"));
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
@@ -1098,6 +1150,11 @@ key_store_state::migrate_old_key_pair
// now we can write out the new key
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::PKCS8::BER_encode(
+ *priv_key, lazy_rng::get(), phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+#else
Botan::PKCS8::encrypt_key(*priv_key, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -1105,6 +1162,7 @@ key_store_state::migrate_old_key_pair
phrase(),
"PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
@@ -1113,7 +1171,11 @@ key_store_state::migrate_old_key_pair
// Botan for the X.509 encoding of the private key implies that we want
// it to derive and produce the public key)
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::X509::BER_encode(*priv_key));
+#else
Botan::X509::encode(*priv_key, *unfiltered_pipe, Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.pub = rsa_pub_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
============================================================
--- doc/monotone.texi 54602b03c6fbd96c3eacf8ec43e25202d4e12889
+++ doc/monotone.texi fcc02ef992214968bfbdd4a1f968846535de22f7
@@ -5729,6 +5729,15 @@ @section Network
Branches matching a pattern are excluded if the pattern is preceded by
'-', included otherwise.
+The syntax for patterns is very simple. @code{*} matches 0 or more
+arbitrary characters. @code{?} matches exactly 1 arbitrary character
+(you need to escape that as @code{%3F} in a URI). @address@hidden,@}}
+matches alternatives; @address@hidden,bar,address@hidden matches ``foo'', or
+``bar'', or ``baz''. These can be combined arbitrarily. A backslash
+(@code{\}) escapes these special characters, to match exactly that
+character; this might be useful in case someone, for some odd
+reason, decides to put a ``*'' into their branch name.
+
Valid examples of URIs monotone accepts are:
@smallexample
@@ -5736,6 +5745,7 @@ @section Network
mtn://my.server:4690?my.branch
mtn://my.server/project?my.other.branch*;-my.other.branch.test
mtn://my.server/project?one.branch;-one.branch.test;another.branch;-another.branch.test
+mtn://my.server/address@hidden,address@hidden;address@hidden,address@hidden
file:///path/to/database.mtn?my.branch
ssh://joe@@my.server/~/db.mtn?joes.branch
@end group
@@ -5815,15 +5825,6 @@ @section Network
file. This file can then be read to identify specific monotone server
processes.
-The syntax for patterns is very simple. @code{*} matches 0 or more
-arbitrary characters. @code{?} matches exactly 1 arbitrary character
-(you need to escape that with @code{%3F} in a URI). @address@hidden,@}}
-matches alternatives; @address@hidden,bar,address@hidden matches ``foo'', or
-``bar'', or ``baz''. These can be combined arbitrarily. A backslash
-(@code{\}) escapes these special characters, to match exactly that
-character; this might be useful in case someone, for some odd
-reason, decides to put a ``*'' into their branch name.
-
@anchor{mtn address@hidden mtn clone @var{uri} address@hidden address@hidden address@hidden
@itemx mtn clone @var{address}[:@var{port}] @var{branchname} address@hidden @strong{deprecated}
@command{clone} is a helper command that performs the roles of a
@@ -12244,7 +12245,7 @@ @subsection Trust Evaluation Hooks
The default definition of this hook returns @code{true} if
@file{_MTN/wanted-testresults} does not exist. Otherwise, the file
-should contain a list of signing key hex-encoded hashes in lowercase (40 characters).
+should contain a list of signing key hex-encoded hashes in lowercase (40 characters).
The hook returns @code{false}
if a listed signing key hash is present in both @var{old_results} and
@var{new_results}, with the value @code{true} in @var{old_results}
============================================================
--- src/merge_content.cc 095c2d20ac8d8d495806f6463c311d253cb6a686
+++ src/merge_content.cc b3aeba9d9a98bf032c7771ae7426e9209085f070
@@ -1,5 +1,5 @@
// Copyright (C) 2008 Nathaniel Smith <address@hidden>
-// 2008, 2010, 2012 Stephen Leake <address@hidden>
+// 2008, 2010, 2012, 2013 Stephen Leake <address@hidden>
//
// This program is made available under the GNU GPL version 2.0 or
// greater. See the accompanying file COPYING for details.
@@ -204,9 +204,9 @@ content_merge_database_adaptor::get_drop
}
else
{
- parents.erase (i);
set<revision_id> more_parents;
db.get_revision_parents(*i, more_parents);
+ parents.erase (i);
parents.insert(more_parents.begin(), more_parents.end());
}
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-commits-diffs] net.venge.monotone: 5934509c86e975ce771c66a1511671620eceb6d0,
code <=