[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-100-g8f6082e
by Werner Koch
cvs at cvs.gnupg.org
Fri Jun 16 12:00:28 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 8f6082e95f30c1ba68d2de23da90146f87f0c66c (commit)
via b05a4abc358b204dba343d9cfbd59fdc828c1686 (commit)
from f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 16 11:55:50 2017 +0200
New global config option "only-urandom".
* random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New.
* random/random.c (_gcry_random_read_conf): Add option "only-urandom".
* random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that
option.
* tests/keygen.c (main): Add option --no-quick for better manual
tests.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 3567582..26dd6c3 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -5468,6 +5468,13 @@ ignored. Supported options are
@cindex disable-jent
Disable the use of the jitter based entropy generator.
+ at item only-urandom
+ at cindex only-urandom
+Always use the non-blocking /dev/urandom or the respective system call
+instead of the blocking /dev/random. If Libgcrypt is used early in
+the boot process of the system, this option should only be used if the
+system also supports the getrandom system call.
+
@end table
@item /etc/gcrypt/fips_enabled
@@ -5826,8 +5833,10 @@ Both generators make use of so-called entropy gathering modules:
@table @asis
@item rndlinux
-Uses the operating system provided
- at file{/dev/random} and @file{/dev/urandom} devices.
+Uses the operating system provided @file{/dev/random} and
+ at file{/dev/urandom} devices. The @file{/dev/gcrypt/random.conf}
+config option @option{only-urandom} can be used to inhibit the use of
+the blocking @file{/dev/random} device.
@item rndunix
Runs several operating system commands to collect entropy from sources
@@ -5853,6 +5862,12 @@ random number generator. As of now the supported hardware RNG is
the Padlock engine of VIA (Centaur) CPUs and x86 CPUs with the RDRAND
instruction. It is not available in FIPS mode.
+ at item rndjent
+Extra module to collect additional entropy using a CPU jitter based
+approach. This is only used on X86 hardware where the RDTSC opcode is
+available. The @file{/dev/gcrypt/random.conf} config option
+ at option{disable-jent} can be used to inhibit the use of this module.
+
@end table
diff --git a/random/rand-internal.h b/random/rand-internal.h
index ec4550c..2bc05f4 100644
--- a/random/rand-internal.h
+++ b/random/rand-internal.h
@@ -36,6 +36,7 @@ enum random_origins
};
#define RANDOM_CONF_DISABLE_JENT 1
+#define RANDOM_CONF_ONLY_URANDOM 2
/*-- random.c --*/
diff --git a/random/random.c b/random/random.c
index 4a2a61b..9aab789 100644
--- a/random/random.c
+++ b/random/random.c
@@ -94,6 +94,8 @@ _gcry_random_progress (const char *what, int printchar, int current, int total)
*
* disable-jent - Disable the jitter based extra entropy generator.
* This sets the RANDOM_CONF_DISABLE_JENT bit.
+ * only-urandom - Always use /dev/urandom instead of /dev/random.
+ * This sets the RANDOM_CONF_ONLY_URANDOM bit.
*
* The function returns a bit vector with flags read from the file.
*/
@@ -141,6 +143,8 @@ _gcry_random_read_conf (void)
if (!strcmp (p, "disable-jent"))
result |= RANDOM_CONF_DISABLE_JENT;
+ else if (!strcmp (p, "only-urandom"))
+ result |= RANDOM_CONF_ONLY_URANDOM;
else
{
#ifdef HAVE_SYSLOG
diff --git a/random/rndlinux.c b/random/rndlinux.c
index f1548fb..1bb7c76 100644
--- a/random/rndlinux.c
+++ b/random/rndlinux.c
@@ -115,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int only_urandom = -1;
static unsigned char ever_opened;
int fd;
int n;
@@ -125,6 +126,17 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
int any_need_entropy = 0;
int delay;
+ /* On the first call read the conf file to check whether we want to
+ * use only urandom. */
+ if (only_urandom == -1)
+ {
+ if ((_gcry_random_read_conf () & RANDOM_CONF_ONLY_URANDOM))
+ only_urandom = 1;
+ else
+ only_urandom = 0;
+ }
+
+
if (!add)
{
/* Special mode to close the descriptors. */
@@ -178,7 +190,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
- if (level >= GCRY_VERY_STRONG_RANDOM)
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
{
if (fd_random == -1)
{
diff --git a/tests/keygen.c b/tests/keygen.c
index 7cf48b6..6b6a60a 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -670,6 +670,7 @@ usage (int mode)
" --verbose be verbose\n"
" --debug flyswatter\n"
" --fips run in FIPS mode\n"
+ " --no-quick To not use the quick RNG hack\n"
" --progress print progress indicators\n",
mode? stderr : stdout);
if (mode)
@@ -682,6 +683,7 @@ main (int argc, char **argv)
int last_argc = -1;
int opt_fips = 0;
int with_progress = 0;
+ int no_quick = 0;
if (argc)
{ argc--; argv++; }
@@ -720,6 +722,11 @@ main (int argc, char **argv)
argc--; argv++;
with_progress = 1;
}
+ else if (!strcmp (*argv, "--no-quick"))
+ {
+ argc--; argv++;
+ no_quick = 1;
+ }
else if (!strncmp (*argv, "--", 2))
die ("unknown option '%s'", *argv);
else
@@ -740,7 +747,8 @@ main (int argc, char **argv)
if (debug)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
/* No valuable keys are create, so we can speed up our RNG. */
- xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ if (!no_quick)
+ xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
if (with_progress)
gcry_set_progress_handler (progress_cb, NULL);
commit b05a4abc358b204dba343d9cfbd59fdc828c1686
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 16 10:42:44 2017 +0200
Implement global config file /etc/gcrypt/random.conf
* src/hwfeatures.c (my_isascii): Move macro to ...
* src/g10lib.h: here.
* tests/random.c (main): Dump random stats.
* random/random.c (RANDOM_CONF_FILE): New.
(_gcry_random_read_conf): New.
(_gcry_random_dump_stats): Call rndjent stats.
* random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New.
(_gcry_rndjent_poll): Take care of config option disable-jent. Wipe
buffer. Bump counters.
(_gcry_rndjent_dump_stats): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index ae66dfc..3567582 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -5455,6 +5455,21 @@ are:
This file can be used to disable the use of hardware based
optimizations, @pxref{hardware features}.
+
+ at item /etc/gcrypt/random.conf
+ at cindex /etc/gcrypt/random.conf
+This file can be used to globally change parameters of the random
+generator. The file is a simple text file where empty lines and
+lines with the first non white-space character being '#' are
+ignored. Supported options are
+
+ at table @file
+ at item disable-jent
+ at cindex disable-jent
+Disable the use of the jitter based entropy generator.
+
+ at end table
+
@item /etc/gcrypt/fips_enabled
@itemx /proc/sys/crypto/fips_enabled
@cindex /etc/gcrypt/fips_enabled
diff --git a/random/rand-internal.h b/random/rand-internal.h
index 7a798e9..ec4550c 100644
--- a/random/rand-internal.h
+++ b/random/rand-internal.h
@@ -35,9 +35,11 @@ enum random_origins
random request. */
};
+#define RANDOM_CONF_DISABLE_JENT 1
/*-- random.c --*/
+unsigned int _gcry_random_read_conf (void);
void _gcry_random_progress (const char *what, int printchar,
int current, int total);
@@ -128,6 +130,7 @@ size_t _gcry_rndjent_poll (void (*add)(const void*,
size_t, enum random_origins),
enum random_origins origin,
size_t length);
+void _gcry_rndjent_dump_stats (void);
/*-- rndhw.c --*/
int _gcry_rndhw_failed_p (void);
diff --git a/random/random.c b/random/random.c
index ff9be16..4a2a61b 100644
--- a/random/random.c
+++ b/random/random.c
@@ -29,12 +29,19 @@
#include <time.h>
#include <sys/types.h>
#include <unistd.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+#include <ctype.h>
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
#include "cipher.h" /* For _gcry_sha1_hash_buffer(). */
+/* The name of a file used to globally configure the RNG. */
+#define RANDOM_CONF_FILE "/etc/gcrypt/random.conf"
+
/* If not NULL a progress function called from certain places and the
opaque value passed along. Registered by
@@ -81,6 +88,71 @@ _gcry_random_progress (const char *what, int printchar, int current, int total)
}
+/* Read a file with configure options. The file is a simple text file
+ * where empty lines and lines with the first non white-space
+ * character being '#' are ignored. Supported configure options are:
+ *
+ * disable-jent - Disable the jitter based extra entropy generator.
+ * This sets the RANDOM_CONF_DISABLE_JENT bit.
+ *
+ * The function returns a bit vector with flags read from the file.
+ */
+unsigned int
+_gcry_random_read_conf (void)
+{
+ const char *fname = RANDOM_CONF_FILE;
+ FILE *fp;
+ char buffer[256];
+ char *p, *pend;
+ int lnr = 0;
+ unsigned int result = 0;
+
+ fp = fopen (fname, "r");
+ if (!fp)
+ return result;
+
+ for (;;)
+ {
+ if (!fgets (buffer, sizeof buffer, fp))
+ {
+ if (!feof (fp))
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING,
+ "Libgcrypt warning: error reading '%s', line %d",
+ fname, lnr);
+#endif /*HAVE_SYSLOG*/
+ }
+ fclose (fp);
+ return result;
+ }
+ lnr++;
+ for (p=buffer; my_isascii (*p) && isspace (*p); p++)
+ ;
+ pend = strchr (p, '\n');
+ if (pend)
+ *pend = 0;
+ pend = p + (*p? (strlen (p)-1):0);
+ for ( ;pend > p; pend--)
+ if (my_isascii (*pend) && isspace (*pend))
+ *pend = 0;
+ if (!*p || *p == '#')
+ continue;
+
+ if (!strcmp (p, "disable-jent"))
+ result |= RANDOM_CONF_DISABLE_JENT;
+ else
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING,
+ "Libgcrypt warning: unknown option in '%s', line %d",
+ fname, lnr);
+#endif /*HAVE_SYSLOG*/
+ }
+ }
+}
+
+
/* Set the preferred RNG type. This may be called at any time even
before gcry_check_version. Thus we can't assume any thread system
initialization. A type of 0 is used to indicate that any Libgcrypt
@@ -202,6 +274,7 @@ _gcry_random_dump_stats (void)
_gcry_rngdrbg_dump_stats ();
else
_gcry_rngcsprng_dump_stats ();
+ _gcry_rndjent_dump_stats ();
}
diff --git a/random/rndjent.c b/random/rndjent.c
index fa3bb99..f997850 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -120,6 +120,11 @@ static int jent_rng_is_initialized;
* NULL. Protected by JENT_RNG_LOCK. */
struct rand_data *jent_rng_collector;
+/* The number of times the core entropy function has been called and
+ * the number of random bytes retrieved. */
+static unsigned long jent_rng_totalcalls;
+static unsigned long jent_rng_totalbytes;
+
/* Acquire the jent_rng_lock. */
static void
@@ -177,13 +182,16 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
jent_rng_is_initialized = 1;
jent_entropy_collector_free (jent_rng_collector);
jent_rng_collector = NULL;
- if (!jent_entropy_init ())
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
+ {
+ if (!jent_entropy_init ())
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ }
}
if (jent_rng_collector)
{
- /* We have a working JENT. */
+ /* We have a working JENT and it has not been disabled. */
char buffer[256];
while (length)
@@ -191,13 +199,16 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
int rc;
size_t n = length < sizeof(buffer)? length : sizeof (buffer);
+ jent_rng_totalcalls++;
rc = jent_read_entropy (jent_rng_collector, buffer, n);
if (rc < 0)
break;
(*add) (buffer, rc, origin);
length -= rc;
nbytes += rc;
+ jent_rng_totalbytes += rc;
}
+ wipememory (buffer, sizeof buffer);
}
unlock_rng ();
@@ -206,3 +217,23 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
return nbytes;
}
+
+
+/* Log statistical informantion about the use of this module. */
+void
+_gcry_rndjent_dump_stats (void)
+{
+ /* In theory we would need to lock the stats here. However this
+ function is usually called during cleanup and then we _might_ run
+ into problems. */
+
+#ifdef USE_JENT
+ if ((_gcry_get_hw_features () & HWF_INTEL_RDTSC))
+ {
+
+ log_info ("rndjent stat: collector=%p calls=%lu bytes=%lu\n",
+ jent_rng_collector, jent_rng_totalcalls, jent_rng_totalbytes);
+
+ }
+#endif /*USE_JENT*/
+}
diff --git a/src/g10lib.h b/src/g10lib.h
index 82562c7..ec8aab5 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -96,6 +96,9 @@
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
#define DIMof(type,member) DIM(((type *)0)->member)
+#define my_isascii(c) (!((c) & 0x80))
+
+
/*-- src/global.c -*/
diff --git a/src/hwfeatures.c b/src/hwfeatures.c
index 45d7680..1cad546 100644
--- a/src/hwfeatures.c
+++ b/src/hwfeatures.c
@@ -73,9 +73,6 @@ static unsigned int disabled_hw_features;
available. */
static unsigned int hw_features;
-/* Convenience macros. */
-#define my_isascii(c) (!((c) & 0x80))
-
/* Disable a feature by name. This function must be called *before*
diff --git a/tests/random.c b/tests/random.c
index 37a52b8..8a85429 100644
--- a/tests/random.c
+++ b/tests/random.c
@@ -650,5 +650,8 @@ main (int argc, char **argv)
if (!in_recursion)
run_all_rng_tests (program);
+ if (debug)
+ xgcry_control (GCRYCTL_DUMP_RANDOM_STATS);
+
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
doc/gcrypt.texi | 34 ++++++++++++++++++++--
random/rand-internal.h | 4 +++
random/random.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++
random/rndjent.c | 37 ++++++++++++++++++++++--
random/rndlinux.c | 14 ++++++++-
src/g10lib.h | 3 ++
src/hwfeatures.c | 3 --
tests/keygen.c | 10 ++++++-
tests/random.c | 3 ++
9 files changed, 175 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list