[svn] GnuPG - r5489 - trunk/agent
svn author wk
cvs at cvs.gnupg.org
Mon Nov 29 07:49:45 CET 2010
Author: wk
Date: 2010-11-29 07:49:44 +0100 (Mon, 29 Nov 2010)
New Revision: 5489
Modified:
trunk/agent/ChangeLog
trunk/agent/cache.c
trunk/agent/gpg-agent.c
Log:
Init cache encryption on the fly.
add some debug code
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2010-11-26 09:42:56 UTC (rev 5488)
+++ trunk/agent/ChangeLog 2010-11-29 06:49:44 UTC (rev 5489)
@@ -1,6 +1,13 @@
+2010-11-29 Werner Koch <wk at g10code.com>
+
+ * cache.c (initialize_module_cache): Factor code out to ...
+ (init_encryption): new.
+ (new_data, agent_get_cache): Init encryption on on the fly.
+
2010-11-26 Werner Koch <wk at g10code.com>
* gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL): New.
+ (handle_tick) [W32CE]: Don't check own socket.
2010-11-23 Werner Koch <wk at g10code.com>
Modified: trunk/agent/cache.c
===================================================================
--- trunk/agent/cache.c 2010-11-26 09:42:56 UTC (rev 5488)
+++ trunk/agent/cache.c 2010-11-29 06:49:44 UTC (rev 5489)
@@ -71,15 +71,42 @@
void
initialize_module_cache (void)
{
- static int initialized;
+ if (!pth_mutex_init (&encryption_lock))
+ {
+ gpg_error_t err = gpg_error_from_syserror ();
+ log_fatal ("error initializing cache module: %s\n", gpg_strerror (err));
+ }
+}
+
+
+void
+deinitialize_module_cache (void)
+{
+ gcry_cipher_close (encryption_handle);
+ encryption_handle = NULL;
+}
+
+
+/* We do the encryption init on the fly. We can't do it in the module
+ init code because that is run before we listen for connections and
+ in case we are started on demand by gpg etc. it will only wait for
+ a few seconds to decide whether the agent may now accept
+ connections. Thus we should get into listen state as soon as
+ possible. */
+static gpg_error_t
+init_encryption (void)
+{
gpg_error_t err;
void *key;
- if (!pth_mutex_init (&encryption_lock))
- err = gpg_error_from_syserror ();
- else
- err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128,
- GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE);
+ if (encryption_handle)
+ return 0; /* Shortcut - Already initialized. */
+
+ if (!pth_mutex_acquire (&encryption_lock, 0, NULL))
+ log_fatal ("failed to acquire cache encryption mutex\n");
+
+ err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE);
if (!err)
{
key = gcry_random_bytes (ENCRYPTION_KEYSIZE, GCRY_STRONG_RANDOM);
@@ -90,22 +117,24 @@
err = gcry_cipher_setkey (encryption_handle, key, ENCRYPTION_KEYSIZE);
xfree (key);
}
+ if (err)
+ {
+ gcry_cipher_close (encryption_handle);
+ encryption_handle = NULL;
+ }
}
if (err)
- log_fatal ("error initializing cache encryption context: %s\n",
- gpg_strerror (err));
- initialized = 1;
+ log_error ("error initializing cache encryption context: %s\n",
+ gpg_strerror (err));
+
+ if (!pth_mutex_release (&encryption_lock))
+ log_fatal ("failed to release cache encryption mutex\n");
+
+ return err? gpg_error (GPG_ERR_NOT_INITIALIZED) : 0;
}
-void
-deinitialize_module_cache (void)
-{
- gcry_cipher_close (encryption_handle);
- encryption_handle = NULL;
-}
-
static void
release_data (struct secret_data_s *data)
{
@@ -122,8 +151,9 @@
*r_data = NULL;
- if (!encryption_handle)
- return gpg_error (GPG_ERR_NOT_INITIALIZED);
+ err = init_encryption ();
+ if (err)
+ return err;
length = strlen (string) + 1;
@@ -369,8 +399,8 @@
log_debug ("... hit\n");
if (r->pw->totallen < 32)
err = gpg_error (GPG_ERR_INV_LENGTH);
- else if (!encryption_handle)
- err = gpg_error (GPG_ERR_NOT_INITIALIZED);
+ else if ((err = init_encryption ()))
+ ;
else if (!(value = xtrymalloc_secure (r->pw->totallen - 8)))
err = gpg_error_from_syserror ();
else
Modified: trunk/agent/gpg-agent.c
===================================================================
--- trunk/agent/gpg-agent.c 2010-11-26 09:42:56 UTC (rev 5488)
+++ trunk/agent/gpg-agent.c 2010-11-29 06:49:44 UTC (rev 5489)
@@ -203,10 +203,9 @@
#endif
/* How often shall we check our own socket in standard socket mode.
- For WindowsCE be use a longer interval because we don't expect any
- problems and resources are anyway scare. */
+ If that value is 0 we don't check at all. */
#ifdef HAVE_W32_SYSTEM
-# define CHECK_OWN_SOCKET_INTERVAL (300)
+# define CHECK_OWN_SOCKET_INTERVAL (0)
#else
# define CHECK_OWN_SOCKET_INTERVAL (60) /* Seconds. */
#endif
@@ -1691,11 +1690,13 @@
#endif /*HAVE_W32_SYSTEM*/
/* Code to be run from time to time. */
+#if CHECK_OWN_SOCKET_INTERVAL > 0
if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL))
{
check_own_socket ();
last_minute = time (NULL);
}
+#endif
}
@@ -1799,8 +1800,13 @@
{
ctrl_t ctrl = arg;
+ if (opt.verbose)
+ log_debug ("handler 0x%lx checking nonce\n", pth_thread_id ());
if (check_nonce (ctrl, &socket_nonce))
- return NULL;
+ {
+ log_debug ("handler 0x%lx nonce check FAILED\n", pth_thread_id ());
+ return NULL;
+ }
agent_init_default_ctrl (ctrl);
if (opt.verbose)
@@ -1918,6 +1924,7 @@
for (;;)
{
+ log_debug ("%s: Begin main loop\n", __func__);
/* Make sure that our signals are not blocked. */
pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
@@ -1927,6 +1934,7 @@
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
break; /* ready */
+ log_debug ("%s: shutdown pending\n", __func__);
/* Do not accept new connections but keep on running the
loop to cope with the timer events. */
FD_ZERO (&fdset);
@@ -1945,6 +1953,7 @@
nexttick.tv_usec = 0;
}
time_ev = pth_event (PTH_EVENT_TIME, nexttick);
+ log_debug ("%s: time event created\n", __func__);
}
/* POSIX says that fd_set should be implemented as a structure,
@@ -1953,7 +1962,10 @@
if (time_ev)
pth_event_concat (ev, time_ev, NULL);
+
+ log_debug ("%s: Pre-select\n", __func__);
ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev);
+ log_debug ("%s: Post-select res=%d\n", __func__, ret);
if (time_ev)
pth_event_isolate (time_ev);
@@ -1984,8 +1996,10 @@
continue;
}
+ log_debug ("%s: Checking events\n", __func__);
if (pth_event_occurred (ev))
{
+ log_debug ("%s: Got event\n", __func__);
#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
agent_sigusr2_action ();
#else
@@ -1995,12 +2009,14 @@
if (time_ev && pth_event_occurred (time_ev))
{
+ log_debug ("%s: Got tick event\n", __func__);
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
+ log_debug ("%s: Restore mask\n", __func__);
/* We now might create new threads and because we don't want any
signals (as we are handling them here) to be delivered to a
new thread. Thus we need to block those signals. */
@@ -2010,9 +2026,11 @@
{
ctrl_t ctrl;
+ log_debug ("%s: Pre-accept\n", __func__);
plen = sizeof paddr;
fd = INT2FD (pth_accept (FD2INT(listen_fd),
(struct sockaddr *)&paddr, &plen));
+ log_debug ("%s: Post-accept fd=%d\n", __func__, fd);
if (fd == GNUPG_INVALID_FD)
{
log_error ("accept failed: %s\n", strerror (errno));
@@ -2034,6 +2052,7 @@
{
char threadname[50];
+ log_debug ("%s: Spawning handler\n", __func__);
snprintf (threadname, sizeof threadname-1,
"conn fd=%d (gpg)", FD2INT(fd));
threadname[sizeof threadname -1] = 0;
@@ -2046,6 +2065,7 @@
assuan_sock_close (fd);
xfree (ctrl);
}
+ log_debug ("%s: handler spawned\n", __func__);
}
fd = GNUPG_INVALID_FD;
}
@@ -2055,6 +2075,7 @@
{
ctrl_t ctrl;
+ log_debug ("%s: SSH STUFF!\n", __func__);
plen = sizeof paddr;
fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh),
(struct sockaddr *)&paddr, &plen));
@@ -2095,8 +2116,10 @@
}
fd = GNUPG_INVALID_FD;
}
+ log_debug ("%s: End main loop\n", __func__);
}
+ log_debug ("%s: main loop terminated\n", __func__);
pth_event_free (ev, PTH_FREE_ALL);
if (time_ev)
pth_event_free (time_ev, PTH_FREE_ALL);
More information about the Gnupg-commits
mailing list