1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

See ChangeLog: Fri Feb 11 17:44:40 CET 2000 Werner Koch

This commit is contained in:
Werner Koch 2000-02-11 16:48:22 +00:00
parent 3fc9846d2f
commit 1d0f589754
13 changed files with 772 additions and 674 deletions

6
NEWS
View File

@ -1,6 +1,12 @@
Noteworthy changes in the current test release Noteworthy changes in the current test release
---------------------------------------------- ----------------------------------------------
* There is a ~/.gnupg/random_seed file now which saves the
state of the internal RNG and increases system performance
somewhat. This way the full entropy source is only used in
cases were it is really required.
Use the option --no-random-seed-file to disable this feature.
* New option --ignore-time-conflict. * New option --ignore-time-conflict.
* Some fixes for the W32 version * Some fixes for the W32 version

View File

@ -1,3 +1,20 @@
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
* random.c (read_seed_file): New.
(set_random_seed_file): New.
(read_pool): Try to read the seeding file.
(update_random_seed_file): New.
(read_pool): Do an initial extra seeding when level 2 quality random
is requested the first time. This requestes at least POOLSIZE/2 bytes
of entropy. Compined with the seeding file this should make normal
random bytes cheaper and increase the quality of the random bytes
used for key generation.
* rndegd.c (gather_random): Shortcut level 0.
* rndunix.c (gather_random): Ditto.
* rndw32.c (gather_random): Ditto.
Fri Jan 14 18:32:01 CET 2000 Werner Koch <wk@gnupg.de> Fri Jan 14 18:32:01 CET 2000 Werner Koch <wk@gnupg.de>
* rmd160.c (rmd160_get_info): Moved casting to the left side due to a * rmd160.c (rmd160_get_info): Moved casting to the left side due to a

View File

@ -36,6 +36,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h>
#ifdef HAVE_GETHRTIME #ifdef HAVE_GETHRTIME
#include <sys/times.h> #include <sys/times.h>
#endif #endif
@ -91,6 +92,9 @@ static size_t pool_writepos;
static int pool_filled; static int pool_filled;
static int pool_balance; static int pool_balance;
static int just_mixed; static int just_mixed;
static int did_initial_extra_seeding;
static char *seed_file_name;
static int allow_seed_file_update;
static int secure_alloc; static int secure_alloc;
static int quick_test; static int quick_test;
@ -264,6 +268,131 @@ mix_pool(byte *pool)
} }
void
set_random_seed_file( const char *name )
{
if( seed_file_name )
BUG();
seed_file_name = m_strdup( name );
}
/****************
* Read in a seed form the random_seed file
* and return true if this was successful
*/
static int
read_seed_file()
{
int fd;
struct stat sb;
unsigned char buffer[POOLSIZE];
int n;
if( !seed_file_name )
return 0;
fd = open( seed_file_name, O_RDONLY );
if( fd == -1 && errno == ENOENT) {
allow_seed_file_update = 1;
return 0;
}
if( fd == -1 ) {
log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );
return 0;
}
if( fstat( fd, &sb ) ) {
log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );
close(fd);
return 0;
}
if( !S_ISREG(sb.st_mode) || S_ISLNK(sb.st_mode) ) {
log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );
close(fd);
return 0;
}
if( !sb.st_size ) {
log_info(_("note: random_seed file is empty\n") );
close(fd);
allow_seed_file_update = 1;
return 0;
}
if( sb.st_size != POOLSIZE ) {
log_info(_("warning: invalid size of random_seed file - not used\n") );
close(fd);
return 0;
}
do {
n = read( fd, buffer, POOLSIZE );
} while( n == -1 && errno == EINTR );
if( n != POOLSIZE ) {
log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );
close(fd);
return 0;
}
close(fd);
add_randomness( buffer, POOLSIZE, 0 );
/* add some minor entropy to the pool now (this will also force a mixing) */
{ pid_t x = getpid();
add_randomness( &x, sizeof(x), 0 );
}
{ time_t x = time(NULL);
add_randomness( &x, sizeof(x), 0 );
}
{ clock_t x = clock();
add_randomness( &x, sizeof(x), 0 );
}
/* And read a few bytes from our entropy source. By using
* a level of 0 this will not block and might not return anything
* with some entropy drivers, however the rndlinux driver will use
* /dev/urandom and return some stuff - Do not read to much as we
* want to be friendly to the scare system entropy resource. */
read_random_source( 0, 16, 0 );
allow_seed_file_update = 1;
return 1;
}
void
update_random_seed_file()
{
ulong *sp, *dp;
int fd, i;
if( !seed_file_name || !is_initialized )
return;
if( !allow_seed_file_update ) {
log_info(_("note: random_seed file not updated\n"));
return;
}
/* copy the entropy pool to a scratch pool and mix both of them */
for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
i < POOLWORDS; i++, dp++, sp++ ) {
*dp = *sp + ADD_VALUE;
}
mix_pool(rndpool); rndstats.mixrnd++;
mix_pool(keypool); rndstats.mixkey++;
fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
if( fd == -1 ) {
log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );
return;
}
do {
i = write( fd, keypool, POOLSIZE );
} while( i == -1 && errno == EINTR );
if( i != POOLSIZE ) {
log_info(_("can't write `%s': %s\n"), seed_file_name, strerror(errno) );
}
if( close(fd) )
log_info(_("can't close `%s': %s\n"), seed_file_name, strerror(errno) );
}
static void static void
read_pool( byte *buffer, size_t length, int level ) read_pool( byte *buffer, size_t length, int level )
{ {
@ -275,6 +404,27 @@ read_pool( byte *buffer, size_t length, int level )
POOLSIZE*8-1 ); POOLSIZE*8-1 );
} }
if( !pool_filled ) {
if( read_seed_file() )
pool_filled = 1;
}
/* For level 2 quality (key generation) we alwas make
* sure that the pool has been seeded enough initially */
if( level == 2 && !did_initial_extra_seeding ) {
size_t needed;
pool_balance = 0;
needed = length - pool_balance;
if( needed < POOLSIZE/2 )
needed = POOLSIZE/2;
else if( needed > POOLSIZE )
BUG();
read_random_source( 3, needed, 2 );
pool_balance += needed;
did_initial_extra_seeding=1;
}
/* for level 2 make sure that there is enough random in the pool */ /* for level 2 make sure that there is enough random in the pool */
if( level == 2 && pool_balance < length ) { if( level == 2 && pool_balance < length ) {
size_t needed; size_t needed;
@ -338,6 +488,12 @@ read_pool( byte *buffer, size_t length, int level )
/**************** /****************
* Add LENGTH bytes of randomness from buffer to the pool. * Add LENGTH bytes of randomness from buffer to the pool.
* source may be used to specify the randomness source. * source may be used to specify the randomness source.
* Source is:
* 0 - used ony for initialization
* 1 - fast random poll function
* 2 - normal poll function
* 3 - used when level 2 random quality has been requested
* to do an extra pool seed.
*/ */
static void static void
add_randomness( const void *buffer, size_t length, int source ) add_randomness( const void *buffer, size_t length, int source )
@ -423,6 +579,15 @@ fast_random_poll()
} }
#endif #endif
#endif #endif
/* time and clock are availabe on all systems - so
* we better do it just in case one of the above functions
* didn't work */
{ time_t x = time(NULL);
add_randomness( &x, sizeof(x), 1 );
}
{ clock_t x = clock();
add_randomness( &x, sizeof(x), 1 );
}
} }

View File

@ -25,6 +25,8 @@
/*-- random.c --*/ /*-- random.c --*/
void random_dump_stats(void); void random_dump_stats(void);
void secure_random_alloc(void); void secure_random_alloc(void);
void set_random_seed_file(const char *);
void update_random_seed_file(void);
int quick_random_gen( int onoff ); int quick_random_gen( int onoff );
int random_is_faked(void); int random_is_faked(void);
void randomize_buffer( byte *buffer, size_t length, int level ); void randomize_buffer( byte *buffer, size_t length, int level );

View File

@ -83,9 +83,13 @@ do_read( int fd, void *buf, size_t nbytes )
/* Note: we always use the highest level. /****************
* Note: we always use the highest level.
* TO boost the performance we may want to add some * TO boost the performance we may want to add some
* additional code for level 1 * additional code for level 1
*
* Using a level of 0 should never block and better add nothing
* to the pool. So this is just a dummy for EGD.
*/ */
static int static int
gather_random( void (*add)(const void*, size_t, int), int requester, gather_random( void (*add)(const void*, size_t, int), int requester,
@ -99,7 +103,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
if( !length ) if( !length )
return 0; return 0;
if( !level )
return 0;
restart: restart:
if( do_restart ) { if( do_restart ) {

View File

@ -89,6 +89,10 @@ open_device( const char *name, int minor )
} }
/****************
* Note: Using a level of 0 should never block and better add nothing
* to the pool. This is easy to accomplish with /dev/urandom.
*/
static int static int
gather_random( void (*add)(const void*, size_t, int), int requester, gather_random( void (*add)(const void*, size_t, int), int requester,
size_t length, int level ) size_t length, int level )
@ -106,6 +110,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
fd = fd_random; fd = fd_random;
} }
else { else {
/* this will also be used for elve 0 but by using /dev/urandom
* we can be sure that oit will never block. */
if( fd_urandom == -1 ) if( fd_urandom == -1 )
fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 ); fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );
fd = fd_urandom; fd = fd_urandom;

View File

@ -716,6 +716,10 @@ read_a_msg( int fd, GATHER_MSG *msg )
} }
/****************
* Using a level of 0 should never block and better add nothing
* to the pool. So this is just a dummy for this gatherer.
*/
static int static int
gather_random( void (*add)(const void*, size_t, int), int requester, gather_random( void (*add)(const void*, size_t, int), int requester,
size_t length, int level ) size_t length, int level )
@ -725,6 +729,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
GATHER_MSG msg; GATHER_MSG msg;
size_t n; size_t n;
if( !level )
return 0;
if( !gatherer_pid ) { if( !gatherer_pid ) {
/* make sure we are not setuid */ /* make sure we are not setuid */
if( getuid() != geteuid() ) if( getuid() != geteuid() )

View File

@ -164,6 +164,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
unsigned int result; unsigned int result;
unsigned int nbytes; unsigned int nbytes;
if( !level )
return 0;
if( !slow_seeder ) if( !slow_seeder )
load_and_init_winseed(); load_and_init_winseed();

View File

@ -1172,6 +1172,15 @@ needed. Use this to override a previous --lock-once
from a config file. from a config file.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--no-random-seed-file</term>
<listitem><para>
&gnupg; uses a file to store it's internal random pool over invocations.
This makes random generation faster; however sometimes write operations
are not desired. This option can be used to achive that with the cost of
slower random generation.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--no-verbose</term> <term>--no-verbose</term>
@ -1475,6 +1484,11 @@ constructed by cutting off the extension (".asc" or ".sig") of
<listitem><para>and the lock file</para></listitem> <listitem><para>and the lock file</para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>~/.gnupg/random_seed</term>
<listitem><para>used to preserve the internal random pool</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>~/.gnupg/options</term> <term>~/.gnupg/options</term>
<listitem><para>May contain options</para></listitem> <listitem><para>May contain options</para></listitem>

View File

@ -1,3 +1,8 @@
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
* g10.c (g10_exit): Update the random seed_file.
(main): Set the random seed file. New option --no-random-seed-file.
Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de> Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
* keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk.

View File

@ -183,6 +183,7 @@ enum cmd_and_opt_values { aNull = 0,
oFastListMode, oFastListMode,
oListOnly, oListOnly,
oIgnoreTimeConflict, oIgnoreTimeConflict,
oNoRandomSeedFile,
oEmu3DESS2KBug, /* will be removed in 1.1 */ oEmu3DESS2KBug, /* will be removed in 1.1 */
aTest }; aTest };
@ -356,6 +357,7 @@ static ARGPARSE_OPTS opts[] = {
{ oFastListMode,"fast-list-mode", 0, "@" }, { oFastListMode,"fast-list-mode", 0, "@" },
{ oListOnly, "list-only", 0, "@"}, { oListOnly, "list-only", 0, "@"},
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" }, { oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
{0} }; {0} };
@ -563,6 +565,7 @@ main( int argc, char **argv )
int default_keyring = 1; int default_keyring = 1;
int greeting = 0; int greeting = 0;
int nogreeting = 0; int nogreeting = 0;
int use_random_seed = 1;
enum cmd_and_opt_values cmd = 0; enum cmd_and_opt_values cmd = 0;
const char *trustdb_name = NULL; const char *trustdb_name = NULL;
char *def_cipher_string = NULL; char *def_cipher_string = NULL;
@ -893,6 +896,7 @@ main( int argc, char **argv )
case oFastListMode: opt.fast_list_mode = 1; break; case oFastListMode: opt.fast_list_mode = 1; break;
case oListOnly: opt.list_only=1; break; case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oNoRandomSeedFile: use_random_seed = 0; break;
default : pargs.err = configfp? 1:2; break; default : pargs.err = configfp? 1:2; break;
} }
@ -996,8 +1000,16 @@ main( int argc, char **argv )
if( log_get_errorcount(0) ) if( log_get_errorcount(0) )
g10_exit(2); g10_exit(2);
if( !cmd && opt.fingerprint && !with_fpr ) /* set the random seed file */
if( use_random_seed ) {
char *p = make_filename(opt.homedir, "random_seed", NULL );
set_random_seed_file(p);
m_free(p);
}
if( !cmd && opt.fingerprint && !with_fpr ) {
set_cmd( &cmd, aListKeys); set_cmd( &cmd, aListKeys);
}
if( cmd == aKMode || cmd == aKModeC ) { /* kludge to be compatible to pgp */ if( cmd == aKMode || cmd == aKModeC ) { /* kludge to be compatible to pgp */
if( cmd == aKModeC ) { if( cmd == aKModeC ) {
@ -1494,6 +1506,7 @@ main( int argc, char **argv )
void void
g10_exit( int rc ) g10_exit( int rc )
{ {
update_random_seed_file();
if( opt.debug & DBG_MEMSTAT_VALUE ) { if( opt.debug & DBG_MEMSTAT_VALUE ) {
m_print_stats("on exit"); m_print_stats("on exit");
random_dump_stats(); random_dump_stats();

View File

@ -1,3 +1,7 @@
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
* id.po: Updated.
Thu Jan 6 16:56:18 CET 2000 Werner Koch <wk@gnupg.de> Thu Jan 6 16:56:18 CET 2000 Werner Koch <wk@gnupg.de>
* Makefile.in.in: Is not longer maintained as a symlink because we * Makefile.in.in: Is not longer maintained as a symlink because we

1193
po/id.po

File diff suppressed because it is too large Load Diff