[git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.1-5-gf4582f8

by Werner Koch cvs at cvs.gnupg.org
Fri Nov 24 10:15:09 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1.8-BRANCH has been updated
       via  f4582f8c429f22b18f8ca8a40660a91d721f5c96 (commit)
      from  334e1a1cfc8f59db765a0bff0ca29090aa11b0f6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f4582f8c429f22b18f8ca8a40660a91d721f5c96
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Nov 23 19:15:41 2017 +0100

    api: Add auto expand secmem feature
    
    * src/global.c (_gcry_vcontrol): Implement control value 78.
    * src/secmem.c (auto_expand): New var.
    (_gcry_secmem_set_auto_expand): New.
    (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.
    --
    
    Backported from master.  GCRYCTL_AUTO_EXPAND_SECMEM has been replaced
    by its value (78) because we want to add this on the quiet so that we
    do not need to claim an API update.
    
    GnuPG-bug-id: 3530
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 2bf23a5..0dd8a18 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -425,7 +425,7 @@ and freed memory, you need to initialize Libgcrypt this way:
   /* Allocate a pool of 16k secure memory.  This makes the secure memory
      available and also drops privileges where needed.  Note that by
      using functions like gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt
-     may extend the secure memory pool with memory which lacks the
+     may expand the secure memory pool with memory which lacks the
      property of not being swapped out to disk.   */
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
 
@@ -672,7 +672,7 @@ This command disables the use of the mlock call for secure memory.
 Disabling the use of mlock may for example be done if an encrypted
 swap space is in use.  This command should be executed right after
 @code{gcry_check_version}.  Note that by using functions like
-gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may extend the secure
+gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may expand the secure
 memory pool with memory which lacks the property of not being swapped
 out to disk (but will still be zeroed out on free).
 
@@ -688,7 +688,7 @@ code should drop these extra privileges as soon as possible.  If this
 command has been used the caller is responsible for dropping the
 privileges.
 
- at item GCRYCTL_INIT_SECMEM; Arguments: int nbytes
+ at item GCRYCTL_INIT_SECMEM; Arguments: unsigned int nbytes
 This command is used to allocate a pool of secure memory and thus
 enabling the use of secure memory.  It also drops all extra privileges
 the process has (i.e. if it is run as setuid (root)).  If the argument
diff --git a/src/global.c b/src/global.c
index 4e2e274..cd3d9d9 100644
--- a/src/global.c
+++ b/src/global.c
@@ -531,6 +531,10 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
 			       & ~GCRY_SECMEM_FLAG_SUSPEND_WARNING));
       break;
 
+    case 78: /* GCRYCTL_AUTO_EXPAND_SECMEM (backport from 1.9) */
+      _gcry_secmem_set_auto_expand (va_arg (arg_ptr, unsigned int));
+      break;
+
     case GCRYCTL_USE_SECURE_RNDPOOL:
       global_init ();
       _gcry_secure_random_alloc (); /* Put random number into secure memory. */
diff --git a/src/secmem.c b/src/secmem.c
index f7ad1f6..79c135f 100644
--- a/src/secmem.c
+++ b/src/secmem.c
@@ -91,7 +91,7 @@ typedef struct pooldesc_s
 static pooldesc_t mainpool;
 
 
-/* A couple of flags whith some being set early. */
+/* A couple of flags with some being set early.  */
 static int disable_secmem;
 static int show_warning;
 static int not_locked;
@@ -99,6 +99,8 @@ static int no_warning;
 static int suspend_warning;
 static int no_mlock;
 static int no_priv_drop;
+static unsigned int auto_expand;
+
 
 /* Lock protecting accesses to the memory pools.  */
 GPGRT_LOCK_DEFINE (secmem_lock);
@@ -458,6 +460,24 @@ init_pool (pooldesc_t *pool, size_t n)
   mb->flags = 0;
 }
 
+
+/* Enable overflow pool allocation in all cases.  CHUNKSIZE is a hint
+ * on how large to allocate overflow pools.  */
+void
+_gcry_secmem_set_auto_expand (unsigned int chunksize)
+{
+  /* Round up to a multiple of the STANDARD_POOL_SIZE.  */
+  chunksize = ((chunksize + (2*STANDARD_POOL_SIZE) - 1)
+               / STANDARD_POOL_SIZE ) * STANDARD_POOL_SIZE;
+  if (chunksize < STANDARD_POOL_SIZE) /* In case of overflow.  */
+    chunksize = STANDARD_POOL_SIZE;
+
+  SECMEM_LOCK;
+  auto_expand = chunksize;
+  SECMEM_UNLOCK;
+}
+
+
 void
 _gcry_secmem_set_flags (unsigned flags)
 {
@@ -617,7 +637,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint)
   /* If we are called from xmalloc style function resort to the
    * overflow pools to return memory.  We don't do this in FIPS mode,
    * though. */
-  if (xhint && !fips_mode ())
+  if ((xhint || auto_expand) && !fips_mode ())
     {
       for (pool = pool->next; pool; pool = pool->next)
         {
@@ -635,7 +655,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint)
       pool = calloc (1, sizeof *pool);
       if (!pool)
         return NULL;  /* Not enough memory for a new pool descriptor.  */
-      pool->size = STANDARD_POOL_SIZE;
+      pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
       pool->mem = malloc (pool->size);
       if (!pool->mem)
         return NULL; /* Not enough memory available for a new pool.  */
diff --git a/src/secmem.h b/src/secmem.h
index 29dd64f..8ad6ef1 100644
--- a/src/secmem.h
+++ b/src/secmem.h
@@ -27,6 +27,7 @@ void *_gcry_secmem_malloc (size_t size, int xhint) _GCRY_GCC_ATTR_MALLOC;
 void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint);
 int  _gcry_secmem_free (void *a);
 void _gcry_secmem_dump_stats (int extended);
+void _gcry_secmem_set_auto_expand (unsigned int chunksize);
 void _gcry_secmem_set_flags (unsigned flags);
 unsigned _gcry_secmem_get_flags(void);
 int _gcry_private_is_secure (const void *p);

-----------------------------------------------------------------------

Summary of changes:
 doc/gcrypt.texi |  6 +++---
 src/global.c    |  4 ++++
 src/secmem.c    | 26 +++++++++++++++++++++++---
 src/secmem.h    |  1 +
 4 files changed, 31 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org

More information about the Gnupg-commits mailing list