[svn] gcry - r1198 - branches/LIBGCRYPT-1-2-BRANCH/src

svn author wk cvs at cvs.gnupg.org
Wed Jan 31 19:00:36 CET 2007 

Author: wk
Date: 2007-01-31 19:00:36 +0100 (Wed, 31 Jan 2007)
New Revision: 1198

Modified:
   branches/LIBGCRYPT-1-2-BRANCH/src/ChangeLog
   branches/LIBGCRYPT-1-2-BRANCH/src/secmem.c
Log:
* secmem.c (_gcry_private_is_secure): Fixed severe implementation
  flaw.  Might be the reason for some of the more obscure bugs.
  (MB_WIPE_OUT): Use wipememory2.
		 


Modified: branches/LIBGCRYPT-1-2-BRANCH/src/ChangeLog
===================================================================
--- branches/LIBGCRYPT-1-2-BRANCH/src/ChangeLog	2007-01-30 20:12:02 UTC (rev 1197)
+++ branches/LIBGCRYPT-1-2-BRANCH/src/ChangeLog	2007-01-31 18:00:36 UTC (rev 1198)
@@ -1,3 +1,9 @@
+2007-01-31  Werner Koch  <wk at g10code.com>
+
+	* secmem.c (_gcry_private_is_secure): Fixed severe implementation
+	flaw.  Might be the reason for some of the more obscure bugs.
+	(MB_WIPE_OUT): Use wipememory2.
+
 2006-11-30  Werner Koch  <wk at g10code.com>
 
 	* gcrypt.h.in: Replace socklen_t with gcry_socklen_t.

Modified: branches/LIBGCRYPT-1-2-BRANCH/src/secmem.c
===================================================================
--- branches/LIBGCRYPT-1-2-BRANCH/src/secmem.c	2007-01-30 20:12:02 UTC (rev 1197)
+++ branches/LIBGCRYPT-1-2-BRANCH/src/secmem.c	2007-01-31 18:00:36 UTC (rev 1198)
@@ -524,7 +524,7 @@
   /* This does not make much sense: probably this memory is held in the
    * cache. We do it anyway: */
 #define MB_WIPE_OUT(byte) \
-  memset ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
+  wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
 
   MB_WIPE_OUT (0xff);
   MB_WIPE_OUT (0xaa);
@@ -582,19 +582,14 @@
   return a;
 }
 
+
+/* Return true if P points into the secure memory area.  */
 int
 _gcry_private_is_secure (const void *p)
 {
-  int ret = 0;
-
-  SECMEM_LOCK;
-
-  if (pool_okay && BLOCK_VALID (ADDR_TO_BLOCK (p)))
-    ret = 1;
-
-  SECMEM_UNLOCK;
-
-  return ret;
+  return (pool_okay
+          && p >= pool
+          && p < (const void*)((const char*)pool+pool_size));
 }

More information about the Gnupg-commits mailing list