gnupg (6 files)

cvs user dshaw cvs at cvs.gnupg.org
Thu Dec 16 06:11:43 CET 2004 

    Date: Thursday, December 16, 2004 @ 06:16:09
  Author: dshaw
    Path: /cvs/gnupg/gnupg

Modified: g10/ChangeLog g10/g10.c include/ChangeLog include/memory.h
          util/ChangeLog util/secmem.c

* g10.c (main): Add --require-secmem/--no-require-secmem to cause gpg to
exit if it cannot lock memory.  Also remove --nrsign-key and --nrlsign-key
since this can better be done via --edit-key.

* secmem.c (secmem_init): Return a flag to indicate whether we got the
lock.

* memory.h: Return a flag to indicate whether we got the lock.


-------------------+
 g10/ChangeLog     |    6 ++++++
 g10/g10.c         |   33 +++++++++++++++------------------
 include/ChangeLog |    4 ++++
 include/memory.h  |    2 +-
 util/ChangeLog    |    5 +++++
 util/secmem.c     |    9 ++++++---
 6 files changed, 37 insertions(+), 22 deletions(-)


Index: gnupg/g10/ChangeLog
diff -u gnupg/g10/ChangeLog:1.659 gnupg/g10/ChangeLog:1.660
--- gnupg/g10/ChangeLog:1.659	Wed Dec 15 06:16:53 2004
+++ gnupg/g10/ChangeLog	Thu Dec 16 06:16:08 2004
@@ -1,3 +1,9 @@
+2004-12-16  David Shaw  <dshaw at jabberwocky.com>
+
+	* g10.c (main): Add --require-secmem/--no-require-secmem to cause
+	gpg to exit if it cannot lock memory.  Also remove --nrsign-key
+	and --nrlsign-key since this can better be done via --edit-key.
+
 2004-12-15  David Shaw  <dshaw at jabberwocky.com>
 
 	* apdu.c (apdu_send_le, apdu_send_direct), keylist.c
Index: gnupg/g10/g10.c
diff -u gnupg/g10/g10.c:1.293 gnupg/g10/g10.c:1.294
--- gnupg/g10/g10.c:1.293	Wed Dec 15 06:16:53 2004
+++ gnupg/g10/g10.c	Thu Dec 16 06:16:08 2004
@@ -108,8 +108,6 @@
     aSignSym,
     aSignKey,
     aLSignKey,
-    aNRSignKey,
-    aNRLSignKey,
     aListConfig,
     aGPGConfList,
     aListPackets,
@@ -218,6 +216,8 @@
     oNoVerbose,
     oTrustDBName,
     oNoSecmemWarn,
+    oRequireSecmem,
+    oNoRequireSecmem,
     oNoPermissionWarn,
     oNoMDCWarn,
     oNoArmor,
@@ -380,8 +380,6 @@
 				    N_("remove keys from the secret keyring")},
     { aSignKey,  "sign-key"   ,256, N_("sign a key")},
     { aLSignKey, "lsign-key"  ,256, N_("sign a key locally")},
-    { aNRSignKey, "nrsign-key"  ,256, "@"},
-    { aNRLSignKey, "nrlsign-key"  ,256, "@"},
     { aEditKey,  "edit-key"   ,256, N_("sign or edit a key")},
     { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
     { aDesigRevoke, "desig-revoke",256, "@" },
@@ -557,6 +555,8 @@
     { oNoVerbose, "no-verbose", 0, "@"},
     { oTrustDBName, "trustdb-name", 2, "@" },
     { oNoSecmemWarn, "no-secmem-warning", 0, "@" },
+    { oRequireSecmem,"require-secmem", 0, "@" },
+    { oNoRequireSecmem,"no-require-secmem", 0, "@" },
     { oNoPermissionWarn, "no-permission-warning", 0, "@" },
     { oNoMDCWarn, "no-mdc-warning", 0, "@" },
     { oNoArmor, "no-armor",   0, "@"},
@@ -1614,6 +1614,7 @@
     int pwfd = -1;
     int with_fpr = 0; /* make an option out of --fingerprint */
     int any_explicit_recipient = 0;
+    int require_secmem=0,got_secmem=0;
 #ifdef USE_SHM_COPROCESSING
     ulong requested_shm_size=0;
 #endif
@@ -1746,7 +1747,7 @@
     }
 #endif
     /* initialize the secure memory. */
-    secmem_init( 32768 );
+    got_secmem=secmem_init( 32768 );
     maybe_setuid = 0;
     /* Okay, we are now working under our real uid */
 
@@ -1899,8 +1900,6 @@
 	  case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
 	  case aSignKey: set_cmd( &cmd, aSignKey); break;
 	  case aLSignKey: set_cmd( &cmd, aLSignKey); break;
-	  case aNRSignKey: set_cmd( &cmd, aNRSignKey); break;
-	  case aNRLSignKey: set_cmd( &cmd, aNRLSignKey); break;
 	  case aStore: set_cmd( &cmd, aStore); break;
 	  case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break;
 	  case aClearsign: set_cmd( &cmd, aClearsign); break;
@@ -2284,6 +2283,8 @@
 	    break;
 	  case oCertDigestAlgo: cert_digest_string = m_strdup(pargs.r.ret_str); break;
 	  case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
+	  case oRequireSecmem: require_secmem=1; break;
+	  case oNoRequireSecmem: require_secmem=0; break;
 	  case oNoPermissionWarn: opt.no_perm_warn=1; break;
 	  case oNoMDCWarn: opt.no_mdc_warn=1; break;
           case oDisplayCharset:
@@ -2596,6 +2597,13 @@
 
     secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
 
+    if(require_secmem && !got_secmem)
+      {
+	log_info(_("will not run with insecure memory due to %s"),
+		 "--require-secmem\n");
+	g10_exit(2);
+      }
+
     set_debug();
 
     /* Do these after the switch(), so they can override settings. */
@@ -3136,13 +3144,6 @@
 	if( argc != 1 )
 	  wrong_args(_("--lsign-key user-id"));
 	/* fall through */
-      case aNRSignKey:
-	if( argc != 1 )
-	  wrong_args(_("--nrsign-key user-id"));
-	/* fall through */
-      case aNRLSignKey:
-	if( argc != 1 )
-	  wrong_args(_("--nrlsign-key user-id"));
 
 	sl=NULL;
 
@@ -3150,10 +3151,6 @@
 	  append_to_strlist(&sl,"sign");
 	else if(cmd==aLSignKey)
 	  append_to_strlist(&sl,"lsign");
-	else if(cmd==aNRSignKey)
-	  append_to_strlist(&sl,"nrsign");
-	else if(cmd==aNRLSignKey)
-	  append_to_strlist(&sl,"nrlsign");
 	else
 	  BUG();
 
Index: gnupg/include/ChangeLog
diff -u gnupg/include/ChangeLog:1.80 gnupg/include/ChangeLog:1.81
--- gnupg/include/ChangeLog:1.80	Mon Nov 29 22:14:18 2004
+++ gnupg/include/ChangeLog	Thu Dec 16 06:16:08 2004
@@ -1,3 +1,7 @@
+2004-12-16  David Shaw  <dshaw at jabberwocky.com>
+
+	* memory.h: Return a flag to indicate whether we got the lock.
+
 2004-11-29  David Shaw  <dshaw at jabberwocky.com>
 
 	* cipher.h: Add PUBKEY_USAGE_UNKNOWN.
Index: gnupg/include/memory.h
diff -u gnupg/include/memory.h:1.15 gnupg/include/memory.h:1.16
--- gnupg/include/memory.h:1.15	Sun Sep 28 15:42:18 2003
+++ gnupg/include/memory.h	Thu Dec 16 06:16:08 2004
@@ -66,7 +66,7 @@
 void m_print_stats(const char *prefix);
 
 /*-- secmem.c --*/
-void secmem_init( size_t npool );
+int secmem_init( size_t npool );
 void secmem_term( void );
 void *secmem_malloc( size_t size );
 void *secmem_realloc( void *a, size_t newsize );
Index: gnupg/util/ChangeLog
diff -u gnupg/util/ChangeLog:1.169 gnupg/util/ChangeLog:1.170
--- gnupg/util/ChangeLog:1.169	Mon Dec  6 11:32:20 2004
+++ gnupg/util/ChangeLog	Thu Dec 16 06:16:09 2004
@@ -1,3 +1,8 @@
+2004-12-16  David Shaw  <dshaw at jabberwocky.com>
+
+	* secmem.c (secmem_init): Return a flag to indicate whether we got
+	the lock.
+
 2004-12-06  Werner Koch  <wk at g10code.com>
 
 	* iobuf.c (fd_cache_strcmp): New. Use whenever we compare
Index: gnupg/util/secmem.c
diff -u gnupg/util/secmem.c:1.41 gnupg/util/secmem.c:1.42
--- gnupg/util/secmem.c:1.41	Tue Feb 24 17:06:55 2004
+++ gnupg/util/secmem.c	Thu Dec 16 06:16:09 2004
@@ -88,8 +88,8 @@
   if (!no_warning)
     {
       log_info(_("WARNING: using insecure memory!\n"));
-      log_info(_("please see http://www.gnupg.org/faq.html "
-		 "for more information\n"));
+      log_info(_("please see http://www.gnupg.org/faq.html"
+		 " for more information\n"));
     }
 }
 
@@ -297,7 +297,8 @@
     return flags;
 }
 
-void
+/* Returns 1 if memory was locked, 0 if not. */
+int
 secmem_init( size_t n )
 {
     if( !n ) {
@@ -326,6 +327,8 @@
 	else
 	    log_error("Oops, secure memory pool already initialized\n");
     }
+
+    return !show_warning;
 }

More information about the Gnupg-commits mailing list