[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-134-g638b209
by Werner Koch
cvs at cvs.gnupg.org
Wed May 22 18:22:38 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 638b20967fb4f60b3366251f16963a4a54108087 (commit)
via 2b8014af202c9e0f7619f7a4377f5eb752235220 (commit)
via 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab (commit)
from b65281a1b76d7898eb7607932246b78277d8570b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 638b20967fb4f60b3366251f16963a4a54108087
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 25 12:00:16 2013 +0100
Register a DCO.
--
diff --git a/AUTHORS b/AUTHORS
index a7a8f3f..fac0219 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -124,6 +124,9 @@ Dmitry Kasatkin <dmitry.kasatkin at intel.com>
Jussi Kivilinna <jussi.kivilinna at mbnet.fi>
2012-11-15:20121115172331.150537dzb5i6jmy8 at www.dalek.fi:
+Jussi Kivilinna <jussi.kivilinna at iki.fi>
+2013-05-06:5186720A.4090101 at iki.fi:
+
Rafaël Carré <funman at videolan.org>
2012-04-20:4F91988B.1080502 at videolan.org:
commit 2b8014af202c9e0f7619f7a4377f5eb752235220
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 18 14:40:43 2013 +0200
Add control commands to disable mlock and setuid dropping.
* src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New.
(GCRYCTL_DISABLE_PRIV_DROP): New.
* src/global.c (_gcry_vcontrol): Implement them.
* src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New.
(GCRY_SECMEM_FLAG_NO_PRIV_DROP): New.
* src/secmem.c (no_mlock, no_priv_drop): New.
(_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them.
(lock_pool): Handle no_mlock and no_priv_drop.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index 5dea552..ac60993 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,8 @@ Noteworthy changes in version 1.6.0 (unreleased)
GCRYPT_VERSION_NUMBER NEW.
GCRY_KDF_SCRYPT NEW.
gcry_pubkey_get_sexp NEW.
+ GCRYCTL_DISABLE_LOCKED_SECMEM NEW.
+ GCRYCTL_DISABLE_PRIV_DROP NEW.
Noteworthy changes in version 1.5.0 (2011-06-29)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index d4c4194..4d24475 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -679,6 +679,24 @@ Many applications do not require secure memory, so they should disable
it right away. This command should be executed right after
@code{gcry_check_version}.
+ at item GCRYCTL_DISABLE_LOCKED_SECMEM; Arguments: none
+This command disables the use of the mlock call for secure memory.
+Disabling the use of mlock may for example be done if an encrypted
+swap space is in use. This command should be executed right after
+ at code{gcry_check_version}.
+
+ at item GCRYCTL_DISABLE_PRIV_DROP; Arguments: none
+This command sets a global flag to tell the secure memory subsystem
+that it shall not drop privileges after secure memory has been
+allocated. This command is commonly used right after
+ at code{gcry_check_version} but may also be used right away at program
+startup. It won't have an effect after the secure memory pool has
+been initialized. WARNING: A process running setuid(root) is a severe
+security risk. Processes making use of Libgcrypt or other complex
+code should drop these extra privileges as soon as possible. If this
+command has been used the caller is responsible for dropping the
+privileges.
+
@item GCRYCTL_INIT_SECMEM; Arguments: int nbytes
This command is used to allocate a pool of secure memory and thus
enabling the use of secure memory. It also drops all extra privileges
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index f472b02..27a29ec 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -302,7 +302,9 @@ enum gcry_ctl_cmds
GCRYCTL_DISABLE_HWF = 63,
GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64,
GCRYCTL_SET_PREFERRED_RNG_TYPE = 65,
- GCRYCTL_GET_CURRENT_RNG_TYPE = 66
+ GCRYCTL_GET_CURRENT_RNG_TYPE = 66,
+ GCRYCTL_DISABLE_LOCKED_SECMEM = 67,
+ GCRYCTL_DISABLE_PRIV_DROP = 68
};
/* Perform various operations defined by CMD. */
diff --git a/src/global.c b/src/global.c
index f873897..a6fe980 100644
--- a/src/global.c
+++ b/src/global.c
@@ -2,6 +2,7 @@
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
* 2004, 2005, 2006, 2008, 2011,
* 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -687,6 +688,18 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
}
break;
+ case GCRYCTL_DISABLE_LOCKED_SECMEM:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_NO_MLOCK));
+ break;
+
+ case GCRYCTL_DISABLE_PRIV_DROP:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_NO_PRIV_DROP));
+ break;
+
default:
_gcry_set_preferred_rng_type (0);
err = GPG_ERR_INV_OP;
diff --git a/src/secmem.c b/src/secmem.c
index 107c662..c350bc9 100644
--- a/src/secmem.c
+++ b/src/secmem.c
@@ -1,6 +1,7 @@
/* secmem.c - memory allocation from a secure heap
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2003, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -78,6 +79,8 @@ static int show_warning;
static int not_locked;
static int no_warning;
static int suspend_warning;
+static int no_mlock;
+static int no_priv_drop;
/* Stats. */
static unsigned int cur_alloced, cur_blocks;
@@ -241,7 +244,7 @@ lock_pool (void *p, size_t n)
int err;
cap_set_proc (cap_from_text ("cap_ipc_lock+ep"));
- err = mlock (p, n);
+ err = no_mlock? 0 : mlock (p, n);
if (err && errno)
err = errno;
cap_set_proc (cap_from_text ("cap_ipc_lock+p"));
@@ -282,22 +285,27 @@ lock_pool (void *p, size_t n)
}
else
{
- err = mlock (p, n);
+ err = no_mlock? 0 : mlock (p, n);
if (err && errno)
err = errno;
}
#else /* !HAVE_BROKEN_MLOCK */
- err = mlock (p, n);
+ err = no_mlock? 0 : mlock (p, n);
if (err && errno)
err = errno;
#endif /* !HAVE_BROKEN_MLOCK */
+ /* Test whether we are running setuid(0). */
if (uid && ! geteuid ())
{
- /* check that we really dropped the privs.
- * Note: setuid(0) should always fail */
- if (setuid (uid) || getuid () != geteuid () || !setuid (0))
- log_fatal ("failed to reset uid: %s\n", strerror (errno));
+ /* Yes, we are. */
+ if (!no_priv_drop)
+ {
+ /* Check that we really dropped the privs.
+ * Note: setuid(0) should always fail */
+ if (setuid (uid) || getuid () != geteuid () || !setuid (0))
+ log_fatal ("failed to reset uid: %s\n", strerror (errno));
+ }
}
if (err)
@@ -339,7 +347,8 @@ lock_pool (void *p, size_t n)
#else
(void)p;
(void)n;
- log_info ("Please note that you don't have secure memory on this system\n");
+ if (!no_mlock)
+ log_info ("Please note that you don't have secure memory on this system\n");
#endif
}
@@ -424,6 +433,8 @@ _gcry_secmem_set_flags (unsigned flags)
was_susp = suspend_warning;
no_warning = flags & GCRY_SECMEM_FLAG_NO_WARNING;
suspend_warning = flags & GCRY_SECMEM_FLAG_SUSPEND_WARNING;
+ no_mlock = flags & GCRY_SECMEM_FLAG_NO_MLOCK;
+ no_priv_drop = flags & GCRY_SECMEM_FLAG_NO_PRIV_DROP;
/* and now issue the warning if it is not longer suspended */
if (was_susp && !suspend_warning && show_warning)
@@ -445,6 +456,8 @@ _gcry_secmem_get_flags (void)
flags = no_warning ? GCRY_SECMEM_FLAG_NO_WARNING : 0;
flags |= suspend_warning ? GCRY_SECMEM_FLAG_SUSPEND_WARNING : 0;
flags |= not_locked ? GCRY_SECMEM_FLAG_NOT_LOCKED : 0;
+ flags |= no_mlock ? GCRY_SECMEM_FLAG_NO_MLOCK : 0;
+ flags |= no_priv_drop ? GCRY_SECMEM_FLAG_NO_PRIV_DROP : 0;
SECMEM_UNLOCK;
diff --git a/src/secmem.h b/src/secmem.h
index 29e151a..3577381 100644
--- a/src/secmem.h
+++ b/src/secmem.h
@@ -35,5 +35,7 @@ int _gcry_private_is_secure (const void *p);
#define GCRY_SECMEM_FLAG_NO_WARNING (1 << 0)
#define GCRY_SECMEM_FLAG_SUSPEND_WARNING (1 << 1)
#define GCRY_SECMEM_FLAG_NOT_LOCKED (1 << 2)
+#define GCRY_SECMEM_FLAG_NO_MLOCK (1 << 3)
+#define GCRY_SECMEM_FLAG_NO_PRIV_DROP (1 << 4)
#endif /* G10_SECMEM_H */
commit 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 18 14:40:43 2013 +0200
Fix libtool 2.4.2 to correctly detect .def files.
* ltmain.sh (sed_uncomment_deffile): New.
(orig_export_symbols): Uncomment def file before testing for EXPORTS.
* m4/libtool.m4: Do the same for the generated code.
--
The old code was not correct in that it only looked at the first line
and puts an EXPORTS keyword in front if missing. Binutils 2.22
accepted a duplicated EXPORTS keyword but at least 2.23.2 is more
stringent and bails out without this fix.
There is no need to send this upstream. Upstream's git master has a
lot of changes including a similar fix for this problems. There are
no signs that a libtool 2.4.3 will be released to fix this problem and
thus we need to stick to our copy of 2.4.2 along with this patch.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/ltmain.sh b/ltmain.sh
index c7d06c3..24e3fd3 100644
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -411,6 +411,10 @@ sed_make_literal_regex='s,[].[^$\\*\/],\\&,g'
# (escaped) backslashes. A very naive implementation.
lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+# Sed substitution to remove simple comments and empty
+# lines from a Windows .def file.
+sed_uncomment_deffile='/^;/d; /^[ ]*$/d'
+
# Re-`\' parameter expansions in output of double_quote_subst that were
# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
# in input to double_quote_subst, that '$' was protected from expansion.
@@ -8143,7 +8147,7 @@ EOF
cygwin* | mingw* | cegcc*)
if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
# exporting using user supplied symfile
- if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+ if test "x`$SED "$sed_uncomment_deffile" $export_symbols | $SED 1q`" != xEXPORTS; then
# and it's NOT already a .def file. Must figure out
# which of the given symbols are data symbols and tag
# them as such. So, trigger use of export_symbols_cmds.
diff --git a/m4/libtool.m4 b/m4/libtool.m4
index 4bedbd3..ff871a0 100644
--- a/m4/libtool.m4
+++ b/m4/libtool.m4
@@ -4773,7 +4773,7 @@ _LT_EOF
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
# If the export-symbols file already is a .def file (1st line
# is EXPORTS), use it as is; otherwise, prepend...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED \"$sed_uncomment_deffile\" $export_symbols | $SED 1q`" = xEXPORTS; then
cp $export_symbols $output_objdir/$soname.def;
else
echo EXPORTS > $output_objdir/$soname.def;
@@ -5150,7 +5150,7 @@ _LT_EOF
shrext_cmds=".dll"
# FIXME: Setting linknames here is a bad hack.
_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED \"$sed_uncomment_deffile\" $export_symbols | $SED 1q`" = xEXPORTS; then
sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
else
sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
@@ -6149,7 +6149,7 @@ if test "$_lt_caught_CXX_error" != yes; then
shrext_cmds=".dll"
# FIXME: Setting linknames here is a bad hack.
_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED \"$sed_uncomment_deffile\" $export_symbols | $SED 1q`" = xEXPORTS; then
$SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
else
$SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
@@ -6190,7 +6190,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
# If the export-symbols file already is a .def file (1st line
# is EXPORTS), use it as is; otherwise, prepend...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED \"$sed_uncomment_deffile\" $export_symbols | $SED 1q`" = xEXPORTS; then
cp $export_symbols $output_objdir/$soname.def;
else
echo EXPORTS > $output_objdir/$soname.def;
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +++
NEWS | 2 ++
doc/gcrypt.texi | 18 ++++++++++++++++++
ltmain.sh | 6 +++++-
m4/libtool.m4 | 8 ++++----
src/gcrypt.h.in | 4 +++-
src/global.c | 13 +++++++++++++
src/secmem.c | 29 +++++++++++++++++++++--------
src/secmem.h | 2 ++
9 files changed, 71 insertions(+), 14 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list