GNUPG-1-9-BRANCH gnupg (9 files)
cvs user wk
cvs at cvs.gnupg.org
Mon Dec 20 09:28:34 CET 2004
Date: Monday, December 20, 2004 @ 09:32:56
Author: wk
Path: /cvs/gnupg/gnupg
Tag: GNUPG-1-9-BRANCH
Modified: agent/ChangeLog agent/agent.h agent/call-scd.c agent/command.c
agent/genkey.c agent/pkdecrypt.c agent/pksign.c common/ChangeLog
common/membuf.c
* call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We
now use the identical implementation from ../common/membuf.c.
* pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
membuf functions to return the value.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* genkey.c (agent_genkey): Ditto.
* command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
assuan_get_data_fp() by a the membuf scheme.
(clear_outbuf, write_and_clear_outbuf): New.
* membuf.c (put_membuf): Wipe out buffer after a failed realloc.
-------------------+
agent/ChangeLog | 13 ++++++++
agent/agent.h | 7 ++--
agent/call-scd.c | 79 +++-------------------------------------------------
agent/command.c | 64 +++++++++++++++++++++++++++++++++++++++---
agent/genkey.c | 18 +++--------
agent/pkdecrypt.c | 22 +++++++-------
agent/pksign.c | 8 +----
common/ChangeLog | 4 ++
common/membuf.c | 5 +++
9 files changed, 112 insertions(+), 108 deletions(-)
Index: gnupg/agent/ChangeLog
diff -u gnupg/agent/ChangeLog:1.59.2.50 gnupg/agent/ChangeLog:1.59.2.51
--- gnupg/agent/ChangeLog:1.59.2.50 Sun Dec 19 18:45:50 2004
+++ gnupg/agent/ChangeLog Mon Dec 20 09:32:56 2004
@@ -1,3 +1,16 @@
+2004-12-20 Werner Koch <wk at g10code.com>
+
+ * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We
+ now use the identical implementation from ../common/membuf.c.
+
+ * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
+ membuf functions to return the value.
+ * pkdecrypt.c (agent_pkdecrypt): Ditto.
+ * genkey.c (agent_genkey): Ditto.
+ * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
+ assuan_get_data_fp() by a the membuf scheme.
+ (clear_outbuf, write_and_clear_outbuf): New.
+
2004-12-19 Werner Koch <wk at g10code.com>
* query.c (initialize_module_query): New.
Index: gnupg/agent/agent.h
diff -u gnupg/agent/agent.h:1.32.2.10 gnupg/agent/agent.h:1.32.2.11
--- gnupg/agent/agent.h:1.32.2.10 Sun Dec 19 18:44:20 2004
+++ gnupg/agent/agent.h Mon Dec 20 09:32:56 2004
@@ -33,6 +33,7 @@
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/errors.h"
+#include "membuf.h"
/* Convenience function to be used instead of returning the old
GNUPG_Out_Of_Core. */
@@ -166,16 +167,16 @@
int agent_pksign_do (CTRL ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp, int ignore_cache);
int agent_pksign (ctrl_t ctrl, const char *desc_text,
- FILE *outfp, int ignore_cache);
+ membuf_t *outbuf, int ignore_cache);
/*-- pkdecrypt.c --*/
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
- FILE *outfp);
+ membuf_t *outbuf);
/*-- genkey.c --*/
int agent_genkey (ctrl_t ctrl,
- const char *keyparam, size_t keyparmlen, FILE *outfp);
+ const char *keyparam, size_t keyparmlen, membuf_t *outbuf);
int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey);
/*-- protect.c --*/
Index: gnupg/agent/call-scd.c
diff -u gnupg/agent/call-scd.c:1.13.2.7 gnupg/agent/call-scd.c:1.13.2.8
--- gnupg/agent/call-scd.c:1.13.2.7 Sun Dec 19 18:44:20 2004
+++ gnupg/agent/call-scd.c Mon Dec 20 09:32:56 2004
@@ -82,75 +82,6 @@
void *getpin_cb_arg;
};
-struct membuf {
- size_t len;
- size_t size;
- char *buf;
- int out_of_core;
-};
-
-
-�
-/* A simple implementation of a dynamic buffer. Use init_membuf() to
- create a buffer, put_membuf to append bytes and get_membuf to
- release and return the buffer. Allocation errors are detected but
- only returned at the final get_membuf(), this helps not to clutter
- the code with out of core checks. */
-
-static void
-init_membuf (struct membuf *mb, int initiallen)
-{
- mb->len = 0;
- mb->size = initiallen;
- mb->out_of_core = 0;
- mb->buf = xtrymalloc (initiallen);
- if (!mb->buf)
- mb->out_of_core = 1;
-}
-
-static void
-put_membuf (struct membuf *mb, const void *buf, size_t len)
-{
- if (mb->out_of_core)
- return;
-
- if (mb->len + len >= mb->size)
- {
- char *p;
-
- mb->size += len + 1024;
- p = xtryrealloc (mb->buf, mb->size);
- if (!p)
- {
- mb->out_of_core = 1;
- return;
- }
- mb->buf = p;
- }
- memcpy (mb->buf + mb->len, buf, len);
- mb->len += len;
-}
-
-static void *
-get_membuf (struct membuf *mb, size_t *len)
-{
- char *p;
-
- if (mb->out_of_core)
- {
- xfree (mb->buf);
- mb->buf = NULL;
- return NULL;
- }
-
- p = mb->buf;
- *len = mb->len;
- mb->buf = NULL;
- mb->out_of_core = 1; /* don't allow a reuse */
- return p;
-}
-
-
�
/* This function must be called once to initialize this module. This
@@ -468,7 +399,7 @@
static AssuanError
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
- struct membuf *data = opaque;
+ membuf_t *data = opaque;
if (buffer)
put_membuf (data, buffer, length);
@@ -519,7 +450,7 @@
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
- struct membuf data;
+ membuf_t data;
struct inq_needpin_s inqparm;
size_t len;
unsigned char *sigbuf;
@@ -591,7 +522,7 @@
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
- struct membuf data;
+ membuf_t data;
struct inq_needpin_s inqparm;
size_t len;
@@ -643,7 +574,7 @@
{
int rc;
char line[ASSUAN_LINELENGTH];
- struct membuf data;
+ membuf_t data;
size_t len;
*r_buf = NULL;
@@ -679,7 +610,7 @@
{
int rc;
char line[ASSUAN_LINELENGTH];
- struct membuf data;
+ membuf_t data;
size_t len, buflen;
*r_buf = NULL;
Index: gnupg/agent/command.c
diff -u gnupg/agent/command.c:1.25.2.7 gnupg/agent/command.c:1.25.2.8
--- gnupg/agent/command.c:1.25.2.7 Sun Sep 26 23:48:13 2004
+++ gnupg/agent/command.c Mon Dec 20 09:32:56 2004
@@ -50,7 +50,7 @@
ASSUAN_CONTEXT assuan_ctx;
int message_fd;
int use_cache_for_signing;
- char *keydesc; /* Allocated description fro the next key
+ char *keydesc; /* Allocated description for the next key
operation. */
};
@@ -58,6 +58,41 @@
�
+/* Release the memory buffer MB but first wipe out the used memory. */
+static void
+clear_outbuf (membuf_t *mb)
+{
+ void *p;
+ size_t n;
+
+ p = get_membuf (mb, &n);
+ if (p)
+ {
+ memset (p, 0, n);
+ xfree (p);
+ }
+}
+
+
+/* Write the content of memory buffer MB as assuan data to CTX and
+ wipe the buffer out afterwards. */
+static gpg_error_t
+write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
+{
+ assuan_error_t ae;
+ void *p;
+ size_t n;
+
+ p = get_membuf (mb, &n);
+ if (!p)
+ return gpg_error (GPG_ERR_ENOMEM);
+ ae = assuan_send_data (ctx, p, n);
+ memset (p, 0, n);
+ xfree (p);
+ return map_assuan_err (ae);
+}
+
+
static void
reset_notify (ASSUAN_CONTEXT ctx)
{
@@ -369,14 +404,21 @@
int rc;
int ignore_cache = 0;
ctrl_t ctrl = assuan_get_pointer (ctx);
+ membuf_t outbuf;
if (opt.ignore_cache_for_signing)
ignore_cache = 1;
else if (!ctrl->server_local->use_cache_for_signing)
ignore_cache = 1;
+ init_membuf (&outbuf, 512);
+
rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
- assuan_get_data_fp (ctx), ignore_cache);
+ &outbuf, ignore_cache);
+ if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
if (rc)
log_error ("command pksign failed: %s\n", gpg_strerror (rc));
xfree (ctrl->server_local->keydesc);
@@ -395,6 +437,7 @@
ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *value;
size_t valuelen;
+ membuf_t outbuf;
/* First inquire the data to decrypt */
rc = assuan_inquire (ctx, "CIPHERTEXT",
@@ -402,10 +445,16 @@
if (rc)
return rc;
+ init_membuf (&outbuf, 512);
+
rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
- value, valuelen, assuan_get_data_fp (ctx));
+ value, valuelen, &outbuf);
xfree (value);
if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ if (rc)
log_error ("command pkdecrypt failed: %s\n", gpg_strerror (rc));
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
@@ -434,15 +483,22 @@
int rc;
unsigned char *value;
size_t valuelen;
+ membuf_t outbuf;
/* First inquire the parameters */
rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
if (rc)
return rc;
- rc = agent_genkey (ctrl, value, valuelen, assuan_get_data_fp (ctx));
+ init_membuf (&outbuf, 512);
+
+ rc = agent_genkey (ctrl, value, valuelen, &outbuf);
xfree (value);
if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ if (rc)
log_error ("command genkey failed: %s\n", gpg_strerror (rc));
return map_to_assuan_status (rc);
}
Index: gnupg/agent/genkey.c
diff -u gnupg/agent/genkey.c:1.10.2.2 gnupg/agent/genkey.c:1.10.2.3
--- gnupg/agent/genkey.c:1.10.2.2 Sat Feb 21 14:05:22 2004
+++ gnupg/agent/genkey.c Mon Dec 20 09:32:56 2004
@@ -88,7 +88,7 @@
KEYPARAM */
int
agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
- FILE *outfp)
+ membuf_t *outbuf)
{
gcry_sexp_t s_keyparam, s_key, s_private, s_public;
struct pin_entry_info_s *pi, *pi2;
@@ -171,7 +171,8 @@
gcry_sexp_release (s_key); s_key = NULL;
/* store the secret key */
- log_debug ("storing private key\n");
+ if (DBG_CRYPTO)
+ log_debug ("storing private key\n");
rc = store_key (s_private, pi? pi->pin:NULL, 0);
xfree (pi); pi = NULL;
gcry_sexp_release (s_private);
@@ -182,7 +183,8 @@
}
/* return the public key */
- log_debug ("returning public key\n");
+ if (DBG_CRYPTO)
+ log_debug ("returning public key\n");
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xtrymalloc (len);
@@ -195,15 +197,7 @@
}
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
- if (fwrite (buf, len, 1, outfp) != 1)
- {
- gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
- log_error ("error writing public key: %s\n", strerror (errno));
- gcry_sexp_release (s_private);
- gcry_sexp_release (s_public);
- xfree (buf);
- return tmperr;
- }
+ put_membuf (outbuf, buf, len);
gcry_sexp_release (s_public);
xfree (buf);
Index: gnupg/agent/pkdecrypt.c
diff -u gnupg/agent/pkdecrypt.c:1.8.2.4 gnupg/agent/pkdecrypt.c:1.8.2.5
--- gnupg/agent/pkdecrypt.c:1.8.2.4 Fri Feb 13 18:06:33 2004
+++ gnupg/agent/pkdecrypt.c Mon Dec 20 09:32:56 2004
@@ -37,7 +37,7 @@
int
agent_pkdecrypt (CTRL ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
- FILE *outfp)
+ membuf_t *outbuf)
{
gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL;
unsigned char *shadow_info = NULL;
@@ -88,11 +88,16 @@
log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
goto leave;
}
- /* FIXME: don't use buffering and change the protocol to return
- a complete S-expression and not just a part. */
- fprintf (outfp, "%u:", (unsigned int)len);
- fwrite (buf, 1, len, outfp);
- putc (0, outfp);
+ /* FIXME: Change the protocol to return a complete S-expression
+ and not just a part. */
+ {
+ char tmpbuf[50];
+
+ sprintf (tmpbuf, "%u:", (unsigned int)len);
+ put_membuf (outbuf, tmpbuf, strlen (tmpbuf));
+ put_membuf (outbuf, buf, len);
+ put_membuf (outbuf, "", 1);
+ }
}
else
{ /* No smartcard, but a private key */
@@ -119,10 +124,7 @@
buf = xmalloc (len);
len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
- /* FIXME: we must make sure that no buffering takes place or we are
- in full control of the buffer memory (easy to do) - should go
- into assuan. */
- fwrite (buf, 1, len, outfp);
+ put_membuf (outbuf, buf, len);
}
Index: gnupg/agent/pksign.c
diff -u gnupg/agent/pksign.c:1.12.2.9 gnupg/agent/pksign.c:1.12.2.10
--- gnupg/agent/pksign.c:1.12.2.9 Sun Sep 26 23:48:13 2004
+++ gnupg/agent/pksign.c Mon Dec 20 09:32:56 2004
@@ -176,7 +176,8 @@
/* SIGN whatever information we have accumulated in CTRL and write it
back to OUTFP. */
int
-agent_pksign (CTRL ctrl, const char *desc_text, FILE *outfp, int ignore_cache)
+agent_pksign (CTRL ctrl, const char *desc_text,
+ membuf_t *outbuf, int ignore_cache)
{
gcry_sexp_t s_sig = NULL;
char *buf = NULL;
@@ -193,10 +194,7 @@
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
- /* FIXME: we must make sure that no buffering takes place or we are
- in full control of the buffer memory (easy to do) - should go
- into assuan. */
- fwrite (buf, 1, len, outfp);
+ put_membuf (outbuf, buf, len);
leave:
gcry_sexp_release (s_sig);
Index: gnupg/common/ChangeLog
diff -u gnupg/common/ChangeLog:1.30.2.36 gnupg/common/ChangeLog:1.30.2.37
--- gnupg/common/ChangeLog:1.30.2.36 Sun Dec 19 14:38:24 2004
+++ gnupg/common/ChangeLog Mon Dec 20 09:32:55 2004
@@ -1,3 +1,7 @@
+2004-12-20 Werner Koch <wk at g10code.com>
+
+ * membuf.c (put_membuf): Wipe out buffer after a failed realloc.
+
2004-12-19 Werner Koch <wk at g10code.com>
* maperror.c (map_assuan_err_with_source): Oops, args were swapped.
Index: gnupg/common/membuf.c
diff -u gnupg/common/membuf.c:1.1 gnupg/common/membuf.c:1.1.2.1
--- gnupg/common/membuf.c:1.1 Thu Jun 5 09:13:47 2003
+++ gnupg/common/membuf.c Mon Dec 20 09:32:55 2004
@@ -60,6 +60,11 @@
if (!p)
{
mb->out_of_core = errno;
+ /* Wipe out what we already accumulated. This is required
+ in case we are storing sensitive data here. The membuf
+ API does not provide another way to cleanup after an
+ error. */
+ memset (mb->buf, 0, mb->len);
return;
}
mb->buf = p;
More information about the Gnupg-commits
mailing list