mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
See ChangeLog: Fri Feb 11 17:44:40 CET 2000 Werner Koch
This commit is contained in:
parent
3fc9846d2f
commit
1d0f589754
6
NEWS
6
NEWS
@ -1,6 +1,12 @@
|
||||
Noteworthy changes in the current test release
|
||||
----------------------------------------------
|
||||
|
||||
* There is a ~/.gnupg/random_seed file now which saves the
|
||||
state of the internal RNG and increases system performance
|
||||
somewhat. This way the full entropy source is only used in
|
||||
cases were it is really required.
|
||||
Use the option --no-random-seed-file to disable this feature.
|
||||
|
||||
* New option --ignore-time-conflict.
|
||||
|
||||
* Some fixes for the W32 version
|
||||
|
@ -1,3 +1,20 @@
|
||||
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* random.c (read_seed_file): New.
|
||||
(set_random_seed_file): New.
|
||||
(read_pool): Try to read the seeding file.
|
||||
(update_random_seed_file): New.
|
||||
|
||||
(read_pool): Do an initial extra seeding when level 2 quality random
|
||||
is requested the first time. This requestes at least POOLSIZE/2 bytes
|
||||
of entropy. Compined with the seeding file this should make normal
|
||||
random bytes cheaper and increase the quality of the random bytes
|
||||
used for key generation.
|
||||
|
||||
* rndegd.c (gather_random): Shortcut level 0.
|
||||
* rndunix.c (gather_random): Ditto.
|
||||
* rndw32.c (gather_random): Ditto.
|
||||
|
||||
Fri Jan 14 18:32:01 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* rmd160.c (rmd160_get_info): Moved casting to the left side due to a
|
||||
|
165
cipher/random.c
165
cipher/random.c
@ -36,6 +36,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_GETHRTIME
|
||||
#include <sys/times.h>
|
||||
#endif
|
||||
@ -91,6 +92,9 @@ static size_t pool_writepos;
|
||||
static int pool_filled;
|
||||
static int pool_balance;
|
||||
static int just_mixed;
|
||||
static int did_initial_extra_seeding;
|
||||
static char *seed_file_name;
|
||||
static int allow_seed_file_update;
|
||||
|
||||
static int secure_alloc;
|
||||
static int quick_test;
|
||||
@ -264,6 +268,131 @@ mix_pool(byte *pool)
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
set_random_seed_file( const char *name )
|
||||
{
|
||||
if( seed_file_name )
|
||||
BUG();
|
||||
seed_file_name = m_strdup( name );
|
||||
}
|
||||
|
||||
/****************
|
||||
* Read in a seed form the random_seed file
|
||||
* and return true if this was successful
|
||||
*/
|
||||
static int
|
||||
read_seed_file()
|
||||
{
|
||||
int fd;
|
||||
struct stat sb;
|
||||
unsigned char buffer[POOLSIZE];
|
||||
int n;
|
||||
|
||||
if( !seed_file_name )
|
||||
return 0;
|
||||
|
||||
fd = open( seed_file_name, O_RDONLY );
|
||||
if( fd == -1 && errno == ENOENT) {
|
||||
allow_seed_file_update = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if( fd == -1 ) {
|
||||
log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );
|
||||
return 0;
|
||||
}
|
||||
if( fstat( fd, &sb ) ) {
|
||||
log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
if( !S_ISREG(sb.st_mode) || S_ISLNK(sb.st_mode) ) {
|
||||
log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
if( !sb.st_size ) {
|
||||
log_info(_("note: random_seed file is empty\n") );
|
||||
close(fd);
|
||||
allow_seed_file_update = 1;
|
||||
return 0;
|
||||
}
|
||||
if( sb.st_size != POOLSIZE ) {
|
||||
log_info(_("warning: invalid size of random_seed file - not used\n") );
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
do {
|
||||
n = read( fd, buffer, POOLSIZE );
|
||||
} while( n == -1 && errno == EINTR );
|
||||
if( n != POOLSIZE ) {
|
||||
log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
close(fd);
|
||||
|
||||
add_randomness( buffer, POOLSIZE, 0 );
|
||||
/* add some minor entropy to the pool now (this will also force a mixing) */
|
||||
{ pid_t x = getpid();
|
||||
add_randomness( &x, sizeof(x), 0 );
|
||||
}
|
||||
{ time_t x = time(NULL);
|
||||
add_randomness( &x, sizeof(x), 0 );
|
||||
}
|
||||
{ clock_t x = clock();
|
||||
add_randomness( &x, sizeof(x), 0 );
|
||||
}
|
||||
/* And read a few bytes from our entropy source. By using
|
||||
* a level of 0 this will not block and might not return anything
|
||||
* with some entropy drivers, however the rndlinux driver will use
|
||||
* /dev/urandom and return some stuff - Do not read to much as we
|
||||
* want to be friendly to the scare system entropy resource. */
|
||||
read_random_source( 0, 16, 0 );
|
||||
|
||||
allow_seed_file_update = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void
|
||||
update_random_seed_file()
|
||||
{
|
||||
ulong *sp, *dp;
|
||||
int fd, i;
|
||||
|
||||
if( !seed_file_name || !is_initialized )
|
||||
return;
|
||||
if( !allow_seed_file_update ) {
|
||||
log_info(_("note: random_seed file not updated\n"));
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/* copy the entropy pool to a scratch pool and mix both of them */
|
||||
for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
|
||||
i < POOLWORDS; i++, dp++, sp++ ) {
|
||||
*dp = *sp + ADD_VALUE;
|
||||
}
|
||||
mix_pool(rndpool); rndstats.mixrnd++;
|
||||
mix_pool(keypool); rndstats.mixkey++;
|
||||
|
||||
fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
|
||||
if( fd == -1 ) {
|
||||
log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );
|
||||
return;
|
||||
}
|
||||
do {
|
||||
i = write( fd, keypool, POOLSIZE );
|
||||
} while( i == -1 && errno == EINTR );
|
||||
if( i != POOLSIZE ) {
|
||||
log_info(_("can't write `%s': %s\n"), seed_file_name, strerror(errno) );
|
||||
}
|
||||
if( close(fd) )
|
||||
log_info(_("can't close `%s': %s\n"), seed_file_name, strerror(errno) );
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
read_pool( byte *buffer, size_t length, int level )
|
||||
{
|
||||
@ -275,6 +404,27 @@ read_pool( byte *buffer, size_t length, int level )
|
||||
POOLSIZE*8-1 );
|
||||
}
|
||||
|
||||
if( !pool_filled ) {
|
||||
if( read_seed_file() )
|
||||
pool_filled = 1;
|
||||
}
|
||||
|
||||
/* For level 2 quality (key generation) we alwas make
|
||||
* sure that the pool has been seeded enough initially */
|
||||
if( level == 2 && !did_initial_extra_seeding ) {
|
||||
size_t needed;
|
||||
|
||||
pool_balance = 0;
|
||||
needed = length - pool_balance;
|
||||
if( needed < POOLSIZE/2 )
|
||||
needed = POOLSIZE/2;
|
||||
else if( needed > POOLSIZE )
|
||||
BUG();
|
||||
read_random_source( 3, needed, 2 );
|
||||
pool_balance += needed;
|
||||
did_initial_extra_seeding=1;
|
||||
}
|
||||
|
||||
/* for level 2 make sure that there is enough random in the pool */
|
||||
if( level == 2 && pool_balance < length ) {
|
||||
size_t needed;
|
||||
@ -338,6 +488,12 @@ read_pool( byte *buffer, size_t length, int level )
|
||||
/****************
|
||||
* Add LENGTH bytes of randomness from buffer to the pool.
|
||||
* source may be used to specify the randomness source.
|
||||
* Source is:
|
||||
* 0 - used ony for initialization
|
||||
* 1 - fast random poll function
|
||||
* 2 - normal poll function
|
||||
* 3 - used when level 2 random quality has been requested
|
||||
* to do an extra pool seed.
|
||||
*/
|
||||
static void
|
||||
add_randomness( const void *buffer, size_t length, int source )
|
||||
@ -423,6 +579,15 @@ fast_random_poll()
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
/* time and clock are availabe on all systems - so
|
||||
* we better do it just in case one of the above functions
|
||||
* didn't work */
|
||||
{ time_t x = time(NULL);
|
||||
add_randomness( &x, sizeof(x), 1 );
|
||||
}
|
||||
{ clock_t x = clock();
|
||||
add_randomness( &x, sizeof(x), 1 );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -25,6 +25,8 @@
|
||||
/*-- random.c --*/
|
||||
void random_dump_stats(void);
|
||||
void secure_random_alloc(void);
|
||||
void set_random_seed_file(const char *);
|
||||
void update_random_seed_file(void);
|
||||
int quick_random_gen( int onoff );
|
||||
int random_is_faked(void);
|
||||
void randomize_buffer( byte *buffer, size_t length, int level );
|
||||
|
@ -83,9 +83,13 @@ do_read( int fd, void *buf, size_t nbytes )
|
||||
|
||||
|
||||
|
||||
/* Note: we always use the highest level.
|
||||
/****************
|
||||
* Note: we always use the highest level.
|
||||
* TO boost the performance we may want to add some
|
||||
* additional code for level 1
|
||||
*
|
||||
* Using a level of 0 should never block and better add nothing
|
||||
* to the pool. So this is just a dummy for EGD.
|
||||
*/
|
||||
static int
|
||||
gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
@ -99,7 +103,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
|
||||
if( !length )
|
||||
return 0;
|
||||
|
||||
if( !level )
|
||||
return 0;
|
||||
|
||||
restart:
|
||||
if( do_restart ) {
|
||||
|
@ -89,6 +89,10 @@ open_device( const char *name, int minor )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Note: Using a level of 0 should never block and better add nothing
|
||||
* to the pool. This is easy to accomplish with /dev/urandom.
|
||||
*/
|
||||
static int
|
||||
gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
size_t length, int level )
|
||||
@ -106,6 +110,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
fd = fd_random;
|
||||
}
|
||||
else {
|
||||
/* this will also be used for elve 0 but by using /dev/urandom
|
||||
* we can be sure that oit will never block. */
|
||||
if( fd_urandom == -1 )
|
||||
fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );
|
||||
fd = fd_urandom;
|
||||
|
@ -716,6 +716,10 @@ read_a_msg( int fd, GATHER_MSG *msg )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Using a level of 0 should never block and better add nothing
|
||||
* to the pool. So this is just a dummy for this gatherer.
|
||||
*/
|
||||
static int
|
||||
gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
size_t length, int level )
|
||||
@ -725,6 +729,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
GATHER_MSG msg;
|
||||
size_t n;
|
||||
|
||||
if( !level )
|
||||
return 0;
|
||||
|
||||
if( !gatherer_pid ) {
|
||||
/* make sure we are not setuid */
|
||||
if( getuid() != geteuid() )
|
||||
|
@ -164,6 +164,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
|
||||
unsigned int result;
|
||||
unsigned int nbytes;
|
||||
|
||||
if( !level )
|
||||
return 0;
|
||||
|
||||
if( !slow_seeder )
|
||||
load_and_init_winseed();
|
||||
|
||||
|
14
doc/gpg.sgml
14
doc/gpg.sgml
@ -1172,6 +1172,15 @@ needed. Use this to override a previous --lock-once
|
||||
from a config file.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-random-seed-file</term>
|
||||
<listitem><para>
|
||||
&gnupg; uses a file to store it's internal random pool over invocations.
|
||||
This makes random generation faster; however sometimes write operations
|
||||
are not desired. This option can be used to achive that with the cost of
|
||||
slower random generation.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>--no-verbose</term>
|
||||
@ -1475,6 +1484,11 @@ constructed by cutting off the extension (".asc" or ".sig") of
|
||||
<listitem><para>and the lock file</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>~/.gnupg/random_seed</term>
|
||||
<listitem><para>used to preserve the internal random pool</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>~/.gnupg/options</term>
|
||||
<listitem><para>May contain options</para></listitem>
|
||||
|
@ -1,3 +1,8 @@
|
||||
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* g10.c (g10_exit): Update the random seed_file.
|
||||
(main): Set the random seed file. New option --no-random-seed-file.
|
||||
|
||||
Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk.
|
||||
|
15
g10/g10.c
15
g10/g10.c
@ -183,6 +183,7 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oFastListMode,
|
||||
oListOnly,
|
||||
oIgnoreTimeConflict,
|
||||
oNoRandomSeedFile,
|
||||
oEmu3DESS2KBug, /* will be removed in 1.1 */
|
||||
aTest };
|
||||
|
||||
@ -356,6 +357,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oFastListMode,"fast-list-mode", 0, "@" },
|
||||
{ oListOnly, "list-only", 0, "@"},
|
||||
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
|
||||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
||||
{0} };
|
||||
|
||||
@ -563,6 +565,7 @@ main( int argc, char **argv )
|
||||
int default_keyring = 1;
|
||||
int greeting = 0;
|
||||
int nogreeting = 0;
|
||||
int use_random_seed = 1;
|
||||
enum cmd_and_opt_values cmd = 0;
|
||||
const char *trustdb_name = NULL;
|
||||
char *def_cipher_string = NULL;
|
||||
@ -893,6 +896,7 @@ main( int argc, char **argv )
|
||||
case oFastListMode: opt.fast_list_mode = 1; break;
|
||||
case oListOnly: opt.list_only=1; break;
|
||||
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
|
||||
case oNoRandomSeedFile: use_random_seed = 0; break;
|
||||
|
||||
default : pargs.err = configfp? 1:2; break;
|
||||
}
|
||||
@ -996,8 +1000,16 @@ main( int argc, char **argv )
|
||||
if( log_get_errorcount(0) )
|
||||
g10_exit(2);
|
||||
|
||||
if( !cmd && opt.fingerprint && !with_fpr )
|
||||
/* set the random seed file */
|
||||
if( use_random_seed ) {
|
||||
char *p = make_filename(opt.homedir, "random_seed", NULL );
|
||||
set_random_seed_file(p);
|
||||
m_free(p);
|
||||
}
|
||||
|
||||
if( !cmd && opt.fingerprint && !with_fpr ) {
|
||||
set_cmd( &cmd, aListKeys);
|
||||
}
|
||||
|
||||
if( cmd == aKMode || cmd == aKModeC ) { /* kludge to be compatible to pgp */
|
||||
if( cmd == aKModeC ) {
|
||||
@ -1494,6 +1506,7 @@ main( int argc, char **argv )
|
||||
void
|
||||
g10_exit( int rc )
|
||||
{
|
||||
update_random_seed_file();
|
||||
if( opt.debug & DBG_MEMSTAT_VALUE ) {
|
||||
m_print_stats("on exit");
|
||||
random_dump_stats();
|
||||
|
@ -1,3 +1,7 @@
|
||||
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* id.po: Updated.
|
||||
|
||||
Thu Jan 6 16:56:18 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* Makefile.in.in: Is not longer maintained as a symlink because we
|
||||
|
Loading…
x
Reference in New Issue
Block a user