[git] GnuPG - branch, master, updated. gnupg-2.1.15-357-g4473db1

by Werner Koch cvs at cvs.gnupg.org
Fri Nov 11 20:40:34 CET 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4473db1ef24031ff4e26c9a9de95dbe898ed2b97 (commit)
       via  7b04a43c05834b937b32a596f1941e9728add5fa (commit)
      from  57e95f5413e21cfcb957af2346b292686a5647b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 11 20:35:36 2016 +0100

    agent: Kludge to mitigate blocking calls in Libgcrypt.
    
    * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
    "need_entropy".
    --
    
    During key generation Libgrypt will read from /dev/random which may
    block.  Libgcrypt is not nPth aware and thus the entire process will
    block.  Fortunately there is also a select with a short timeout to run
    the progress callback.  We detect this in gpg-agent and introduce a
    short delay to give other threads (i.e. connections) an opportunity to
    run.
    
    This alone is not sufficient, an updated Libgpg-error is also required
    to make the lock functions nPth aware.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a3c1aa8..d767879 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -384,9 +384,9 @@ static pid_t parent_pid = (pid_t)(-1);
 static int active_connections;
 
 /* This object is used to dispatch progress messages from Libgcrypt to
- * the right thread.  Given that we won't have at max a few dozen
- * connections at the same time using a linked list is the easiest way
- * to handle this. */
+ * the right thread.  Given that we will have at max only a few dozen
+ * connections at a time, using a linked list is the easiest way to
+ * handle this. */
 struct progress_dispatch_s
 {
   struct progress_dispatch_s *next;
@@ -1747,6 +1747,17 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
       break;
   if (dispatch && dispatch->cb)
     dispatch->cb (dispatch->ctrl, what, printchar, current, total);
+
+  /* If Libgcrypt tells us that it needs more entropy, we better take
+   * a nap to give other threads a chance to run.  Note that Libgcrypt
+   * does not know about nPth and thus when it selects and reads from
+   * /dev/random this will block the process.  Maybe we should add a
+   * function similar to gpgrt_set_syscall_clamp to Libgcrypt or use
+   * those clamps directly.  For now sleeping for 100ms seems to be
+   * appropriate. */
+  if (what && !strcmp (what, "need_entropy"))
+    npth_usleep (100000);
+
 }
 
 

commit 7b04a43c05834b937b32a596f1941e9728add5fa
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 11 17:30:23 2016 +0100

    dirmngr: Prepare to trigger jobs by network activity.
    
    * dirmngr/http.c (netactivity_cb): New.
    (http_register_netactivity_cb): New.
    (notify_netactivity): New.
    (connect_server): Call that function.
    * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
    (netactivity_action): New stub handler.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 14189fe..254c543 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -328,6 +328,7 @@ static void cleanup (void);
 static ldap_server_t parse_ldapserver_file (const char* filename);
 #endif /*USE_LDAP*/
 static fingerprint_list_t parse_ocsp_signer (const char *string);
+static void netactivity_action (void);
 static void handle_connections (assuan_fd_t listen_fd);
 
 /* NPth wrapper function definitions. */
@@ -995,6 +996,7 @@ main (int argc, char **argv)
 #if USE_LDAP
       ldap_wrapper_launch_thread ();
 #endif /*USE_LDAP*/
+      http_register_netactivity_cb (netactivity_action);
       start_command_handler (ASSUAN_INVALID_FD);
       shutdown_reaper ();
     }
@@ -1032,6 +1034,7 @@ main (int argc, char **argv)
 #if USE_LDAP
       ldap_wrapper_launch_thread ();
 #endif /*USE_LDAP*/
+      http_register_netactivity_cb (netactivity_action);
       handle_connections (3);
       assuan_sock_close (3);
       shutdown_reaper ();
@@ -1232,6 +1235,7 @@ main (int argc, char **argv)
 #if USE_LDAP
       ldap_wrapper_launch_thread ();
 #endif /*USE_LDAP*/
+      http_register_netactivity_cb (netactivity_action);
       handle_connections (fd);
       assuan_sock_close (fd);
       shutdown_reaper ();
@@ -1702,6 +1706,16 @@ dirmngr_sighup_action (void)
 }
 
 
+/* This function is called if some network activity was done.  At this
+ * point we know the we have a network and we can decide whether to
+ * run scheduled background tasks soon.  The function should return
+ * quickly and only trigger actions for another thread. */
+static void
+netactivity_action (void)
+{
+  log_debug ("network activity seen\n");
+}
+
 
 /* The signal handler. */
 #ifndef HAVE_W32_SYSTEM
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 5f5775b..b74a9ef 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -261,6 +261,9 @@ static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
 /* The list of files with trusted CA certificates.  */
 static strlist_t tls_ca_certlist;
 
+/* The global callback for net activity.  */
+static void (*netactivity_cb)(void);
+
 
 

 #if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
@@ -499,6 +502,25 @@ http_register_tls_ca (const char *fname)
 }
 
 
+/* Register a callback which is called every time the HTTP mode has
+ * made a successful connection to some server.  */
+void
+http_register_netactivity_cb (void (*cb)(void))
+{
+  netactivity_cb = cb;
+}
+
+
+/* Call the netactivity callback if any.  */
+static void
+notify_netactivity (void)
+{
+  if (netactivity_cb)
+    netactivity_cb ();
+}
+
+
+
 #ifdef USE_TLS
 /* Free the TLS session associated with SESS, if any.  */
 static void
@@ -2279,6 +2301,8 @@ connect_server (const char *server, unsigned short port,
             *r_host_not_found = 1;
           log_error ("can't connect to '%s': %s\n", server, strerror (errno));
         }
+      else
+        notify_netactivity ();
       return sock;
 
 #else /*!ASSUAN_SOCK_TOR*/
@@ -2371,7 +2395,10 @@ connect_server (const char *server, unsigned short port,
           if (ret)
             last_errno = errno;
           else
-            connected = 1;
+            {
+              connected = 1;
+              notify_netactivity ();
+            }
         }
       free_dns_addrinfo (aibuf);
     }
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 4a70caf..2a36fda 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -98,6 +98,8 @@ typedef struct http_context_s *http_t;
 
 void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
 void http_register_tls_ca (const char *fname);
+void http_register_netactivity_cb (void (*cb)(void));
+
 
 gpg_error_t http_session_new (http_session_t *r_session,
                               const char *tls_priority,

-----------------------------------------------------------------------

Summary of changes:
 agent/gpg-agent.c | 17 ++++++++++++++---
 dirmngr/dirmngr.c | 14 ++++++++++++++
 dirmngr/http.c    | 29 ++++++++++++++++++++++++++++-
 dirmngr/http.h    |  2 ++
 4 files changed, 58 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list