security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

2004-07-30 Moritz Schulte <moritz@g10code.com>

Browse Source 
* command-ssh.c: Updated Libgpg-stream (more support for secure
	memory), adjusted code for new API.
This commit is contained in:
Moritz Schulte 2004-07-30 19:49:46 +00:00
parent 65ef39ec8d
commit cc95de1d19
4 changed files with 130 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/ChangeLog
View File

@ -1,5 +1,12 @@
2004-07-30 Moritz Schulte <moritz@g10code.com>
* command-ssh.c: Updated Libgpg-stream (more support for secure
memory), adjusted code for new API.
2004-07-27 Moritz Schulte <moritz@g10code.com> 2004-07-27 Moritz Schulte <moritz@g10code.com>
* findkey.c (key_io_lock): New variable.
* command-ssh.c: Use gcrypt memory allocators, use secure memory * command-ssh.c: Use gcrypt memory allocators, use secure memory
where necessary. where necessary.

40
agent/command-ssh.c
View File

@ -627,7 +627,7 @@ ssh_extract_key_public_from_blob (unsigned char *blob, size_t blob_size,
gpg_err_code_t err = GPG_ERR_NO_ERROR; gpg_err_code_t err = GPG_ERR_NO_ERROR;
gpg_stream_t blob_stream = NULL; gpg_stream_t blob_stream = NULL;
err = gpg_stream_create (&blob_stream, NULL, err = gpg_stream_create (&blob_stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)
@ -662,7 +662,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
size_t blob_new_size = 0; size_t blob_new_size = 0;
size_t bytes_read = 0; size_t bytes_read = 0;
err = gpg_stream_create (&blob_stream, NULL, err = gpg_stream_create (&blob_stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)
@ -859,7 +859,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
/* Prepare buffer stream. */ /* Prepare buffer stream. */
err = gpg_stream_create (&key_blobs, NULL, err = gpg_stream_create (&key_blobs, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)
@ -998,7 +998,7 @@ data_sign (CTRL ctrl, unsigned char **sig, size_t *sig_n)
if (err) if (err)
goto out; goto out;
err = gpg_stream_create (&stream, NULL, err = gpg_stream_create (&stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)
@ -1609,12 +1609,19 @@ gcry_realloc_secure (void *mem, size_t size)
void void
start_command_handler_ssh (int sock_client) start_command_handler_ssh (int sock_client)
{ {
gpg_stream_spec_mem_t stream_spec_secure = { NULL, 0, 1, gpg_stream_spec_mem_t stream_spec_mem_secure = { NULL, 0, 1, 256,
gcry_realloc_secure, gcry_realloc_secure,
gcry_free }; gcry_free };
gpg_stream_spec_mem_t stream_spec = { NULL, 0, 1, gpg_stream_spec_mem_t stream_spec_mem = { NULL, 0, 1, STREAM_BLOCK_SIZE,
gcry_realloc, gcry_realloc,
gcry_free }; gcry_free };
gpg_stream_spec_fd_t stream_spec_fd = { sock_client };
gpg_stream_buffer_spec_t buffer_spec_secure = { 256,
gcry_realloc_secure,
gcry_free };
gpg_stream_buffer_spec_t buffer_spec = { 0,
gcry_realloc,
gcry_free };
struct server_control_s ctrl = { NULL }; struct server_control_s ctrl = { NULL };
gpg_err_code_t err = GPG_ERR_NO_ERROR; gpg_err_code_t err = GPG_ERR_NO_ERROR;
gpg_stream_t stream_sock = NULL; gpg_stream_t stream_sock = NULL;
@ -1632,8 +1639,10 @@ start_command_handler_ssh (int sock_client)
ctrl.connection_fd = sock_client; ctrl.connection_fd = sock_client;
err = gpg_stream_create_fd (&stream_sock, sock_client, err = gpg_stream_create (&stream_sock, &buffer_spec_secure,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE); &stream_spec_fd,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_fd);
if (err) if (err)
goto out; goto out;
@ -1648,14 +1657,17 @@ start_command_handler_ssh (int sock_client)
contain secret key material. The response does not have to contain secret key material. The response does not have to
be stored in secure memory, since we never give out secret be stored in secure memory, since we never give out secret
keys. */ keys. */
gpg_stream_destroy (stream_request);
stream_request = NULL; stream_request = NULL;
err = gpg_stream_create (&stream_request, &stream_spec_secure, err = gpg_stream_create (&stream_request, &buffer_spec_secure,
&stream_spec_mem_secure,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)
break; break;
gpg_stream_destroy (stream_response);
stream_response = NULL; stream_response = NULL;
err = gpg_stream_create (&stream_response, &stream_spec, err = gpg_stream_create (&stream_response, &buffer_spec, &stream_spec_mem,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE, GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem); gpg_stream_functions_mem);
if (err) if (err)

106
agent/gpg-stream.c
View File

@ -36,6 +36,13 @@
/* Generally used types. */
typedef void *(*func_realloc_t) (void *mem, size_t size);
typedef void (*func_free_t) (void *mem);
/* Buffer management layer. */ /* Buffer management layer. */
#define BUFFER_BLOCK_SIZE 1024 #define BUFFER_BLOCK_SIZE 1024
@ -68,10 +75,18 @@ typedef struct buffer_functions
buffer_func_stat_t func_stat; /* Stat callback. */ buffer_func_stat_t func_stat; /* Stat callback. */
} buffer_functions_t; } buffer_functions_t;
typedef struct buffer_conspec
{
size_t block_size;
func_realloc_t func_realloc;
func_free_t func_free;
} buffer_conspec_t;
/* Buffer context. */ /* Buffer context. */
struct buffer struct buffer
{ {
void *handle; /* Handle, passed to callbacks. */ void *handle; /* Handle, passed to callbacks. */
buffer_conspec_t conspec; /* Container spec. */
buffer_functions_t functions; /* Callback functions. */ buffer_functions_t functions; /* Callback functions. */
unsigned int flags; /* General flags. */ unsigned int flags; /* General flags. */
struct buffer_in struct buffer_in
@ -96,6 +111,9 @@ struct buffer
/* Buffer contains unflushed data. */ /* Buffer contains unflushed data. */
#define BUFFER_FLAG_DIRTY (1 << 0) #define BUFFER_FLAG_DIRTY (1 << 0)
/* Buffer is secure. */
#define BUFFER_FLAG_SECURE (1 << 1)
/* Fill buffer. */ /* Fill buffer. */
@ -356,30 +374,41 @@ buffer_skip (buffer_t buffer,
/* Create a new buffer. */ /* Create a new buffer. */
gpg_error_t gpg_error_t
buffer_create (buffer_t *buffer, buffer_create (buffer_t *buffer,
buffer_conspec_t *conspec,
void *handle, void *handle,
buffer_functions_t functions) buffer_functions_t functions)
{ {
func_realloc_t func_realloc = realloc;
func_free_t func_free = free;
size_t block_size = BUFFER_BLOCK_SIZE;
gpg_error_t err = GPG_ERR_NO_ERROR; gpg_error_t err = GPG_ERR_NO_ERROR;
/* Allocate memory, initialize. */
buffer_t buffer_new = NULL; buffer_t buffer_new = NULL;
char *container_in_new = NULL; char *container_in_new = NULL;
char *container_out_new = NULL; char *container_out_new = NULL;
if (conspec)
{
if (conspec->func_realloc)
func_realloc = conspec->func_realloc;
if (conspec->func_free)
func_free = conspec->func_free;
if (conspec->block_size)
block_size = conspec->block_size;
}
buffer_new = malloc (sizeof (*buffer_new)); buffer_new = malloc (sizeof (*buffer_new));
if (! buffer_new) if (! buffer_new)
err = gpg_error_from_errno (errno); err = gpg_error_from_errno (errno);
if (! err) if (! err)
{ {
container_in_new = malloc (BUFFER_BLOCK_SIZE); container_in_new = (*func_realloc) (NULL, block_size);
if (! container_in_new) if (! container_in_new)
err = gpg_error_from_errno (errno); err = gpg_error_from_errno (errno);
} }
if (! err) if (! err)
{ {
container_out_new = malloc (BUFFER_BLOCK_SIZE); container_out_new = (*func_realloc) (NULL, block_size);
if (! container_out_new) if (! container_out_new)
err = gpg_error_from_errno (errno); err = gpg_error_from_errno (errno);
} }
@ -387,14 +416,17 @@ buffer_create (buffer_t *buffer,
if (! err) if (! err)
{ {
buffer_new->handle = handle; buffer_new->handle = handle;
buffer_new->conspec.func_realloc = func_realloc;
buffer_new->conspec.func_free = func_free;
buffer_new->conspec.block_size = block_size;
buffer_new->flags = 0; buffer_new->flags = 0;
buffer_new->functions = functions; buffer_new->functions = functions;
buffer_new->buffer_in.container = container_in_new; buffer_new->buffer_in.container = container_in_new;
buffer_new->buffer_in.container_size = BUFFER_BLOCK_SIZE; buffer_new->buffer_in.container_size = block_size;
buffer_new->buffer_in.data_size = 0; buffer_new->buffer_in.data_size = 0;
buffer_new->buffer_in.data_offset = 0; buffer_new->buffer_in.data_offset = 0;
buffer_new->buffer_out.container = container_out_new; buffer_new->buffer_out.container = container_out_new;
buffer_new->buffer_out.container_size = BUFFER_BLOCK_SIZE; buffer_new->buffer_out.container_size = block_size;
buffer_new->buffer_out.data_size = 0; buffer_new->buffer_out.data_size = 0;
buffer_new->buffer_out.data_offset = 0; buffer_new->buffer_out.data_offset = 0;
buffer_new->buffer_out.data_flushed = 0; buffer_new->buffer_out.data_flushed = 0;
@ -422,8 +454,8 @@ buffer_destroy (buffer_t buffer)
if (buffer) if (buffer)
{ {
err = buffer_flush_do (buffer); err = buffer_flush_do (buffer);
free (buffer->buffer_in.container); (*buffer->conspec.func_free) (buffer->buffer_in.container);
free (buffer->buffer_out.container); (*buffer->conspec.func_free) (buffer->buffer_out.container);
free (buffer); free (buffer);
} }
@ -453,6 +485,19 @@ buffer_stat (buffer_t buffer,
return err; return err;
} }
gpg_error_t
buffer_conspec_get (buffer_t buffer,
buffer_conspec_t *buffer_conspec)
{
gpg_error_t err = GPG_ERR_NO_ERROR;
buffer_conspec->block_size = buffer->conspec.block_size;
buffer_conspec->func_realloc = buffer->conspec.func_realloc;
buffer_conspec->func_free = buffer->conspec.func_free;
return err;
}
/* Stream layer. */ /* Stream layer. */
@ -486,18 +531,16 @@ struct gpg_stream
/* Implementation of Memory I/O. */ /* Implementation of Memory I/O. */
typedef void *(*mem_func_realloc_t) (void *mem, size_t size);
typedef void (*mem_func_free_t) (void *mem);
typedef struct gpg_stream_handle_mem typedef struct gpg_stream_handle_mem
{ {
char *memory; /* Data. */ char *memory; /* Data. */
size_t memory_size; /* Size of MEMORY. */ size_t memory_size; /* Size of MEMORY. */
size_t data_size; /* Size of data in MEMORY. */ size_t data_size; /* Size of data in MEMORY. */
size_t block_size; /* Block size. */
unsigned int grow: 1; /* MEMORY is allowed to grow. */ unsigned int grow: 1; /* MEMORY is allowed to grow. */
size_t offset; /* Current offset in MEMORY. */ size_t offset; /* Current offset in MEMORY. */
mem_func_realloc_t func_realloc; func_realloc_t func_realloc;
mem_func_free_t func_free; func_free_t func_free;
} *gpg_stream_handle_mem_t; } *gpg_stream_handle_mem_t;
static gpg_error_t static gpg_error_t
@ -517,6 +560,8 @@ gpg_stream_func_mem_create (void **handle,
mem_handle->memory = mem_spec ? mem_spec->memory : 0; mem_handle->memory = mem_spec ? mem_spec->memory : 0;
mem_handle->memory_size = mem_spec ? mem_spec->memory_size : 0; mem_handle->memory_size = mem_spec ? mem_spec->memory_size : 0;
mem_handle->data_size = 0; mem_handle->data_size = 0;
mem_handle->block_size = ((mem_spec && mem_spec->block_size)
? mem_spec->block_size : BUFFER_BLOCK_SIZE);
mem_handle->grow = mem_spec ? mem_spec->grow : 1; mem_handle->grow = mem_spec ? mem_spec->grow : 1;
mem_handle->offset = 0; mem_handle->offset = 0;
mem_handle->func_realloc = ((mem_spec && mem_spec->func_realloc) mem_handle->func_realloc = ((mem_spec && mem_spec->func_realloc)
@ -567,14 +612,17 @@ gpg_stream_func_mem_write (void *handle,
{ {
memory_new = (*mem_handle->func_realloc) memory_new = (*mem_handle->func_realloc)
(mem_handle->memory, (mem_handle->memory,
mem_handle->memory_size + BUFFER_BLOCK_SIZE); mem_handle->memory_size + mem_handle->block_size);
if (! memory_new) if (! memory_new)
err = gpg_error_from_errno (errno); {
err = gpg_error_from_errno (errno);
break;
}
else else
{ {
if (mem_handle->memory != memory_new) if (mem_handle->memory != memory_new)
mem_handle->memory = memory_new; mem_handle->memory = memory_new;
mem_handle->memory_size += BUFFER_BLOCK_SIZE; mem_handle->memory_size += mem_handle->block_size;
} }
} }
@ -882,12 +930,21 @@ gpg_stream_functions_t gpg_stream_functions_file =
static gpg_error_t static gpg_error_t
gpg_stream_create_do (gpg_stream_t *stream, gpg_stream_create_do (gpg_stream_t *stream,
gpg_stream_buffer_spec_t *buffer_spec,
void *spec, void *spec,
unsigned int flags, unsigned int flags,
gpg_stream_functions_t functions) gpg_stream_functions_t functions)
{ {
buffer_conspec_t conspec = { NULL };
gpg_error_t err = GPG_ERR_NO_ERROR; gpg_error_t err = GPG_ERR_NO_ERROR;
if (buffer_spec)
{
conspec.func_realloc = buffer_spec->func_realloc;
conspec.func_free = buffer_spec->func_free;
conspec.block_size = buffer_spec->block_size;
}
if (! (1 if (! (1
&& (0 && (0
|| ((flags & GPG_STREAM_FLAG_READ) && functions.func_read) || ((flags & GPG_STREAM_FLAG_READ) && functions.func_read)
@ -912,7 +969,8 @@ gpg_stream_create_do (gpg_stream_t *stream,
err = (*functions.func_create) (&handle, spec, flags); err = (*functions.func_create) (&handle, spec, flags);
if (! err) if (! err)
err = buffer_create (&buffer, handle, buffer_fncs); err = buffer_create (&buffer, buffer_spec ? &conspec : NULL,
handle, buffer_fncs);
if (! err) if (! err)
{ {
@ -936,13 +994,14 @@ gpg_stream_create_do (gpg_stream_t *stream,
gpg_error_t gpg_error_t
gpg_stream_create (gpg_stream_t *stream, gpg_stream_create (gpg_stream_t *stream,
gpg_stream_buffer_spec_t *buffer_spec,
void *spec, void *spec,
unsigned int flags, unsigned int flags,
gpg_stream_functions_t functions) gpg_stream_functions_t functions)
{ {
gpg_error_t err = GPG_ERR_NO_ERROR; gpg_error_t err = GPG_ERR_NO_ERROR;
err = gpg_stream_create_do (stream, spec, flags, functions); err = gpg_stream_create_do (stream, buffer_spec, spec, flags, functions);
return err; return err;
} }
@ -955,7 +1014,7 @@ gpg_stream_create_file (gpg_stream_t *stream,
gpg_stream_spec_file_t spec = { filename, GPG_STREAM_FILE_PERMISSIONS }; gpg_stream_spec_file_t spec = { filename, GPG_STREAM_FILE_PERMISSIONS };
gpg_error_t err = GPG_ERR_NO_ERROR; gpg_error_t err = GPG_ERR_NO_ERROR;
err = gpg_stream_create_do (stream, &spec, flags, gpg_stream_functions_file); err = gpg_stream_create_do (stream, NULL, &spec, flags, gpg_stream_functions_file);
return err; return err;
} }
@ -968,7 +1027,7 @@ gpg_stream_create_fd (gpg_stream_t *stream,
gpg_stream_spec_fd_t spec = { fd }; gpg_stream_spec_fd_t spec = { fd };
gpg_error_t err = GPG_ERR_NO_ERROR; gpg_error_t err = GPG_ERR_NO_ERROR;
err = gpg_stream_create_do (stream, &spec, flags, gpg_stream_functions_fd); err = gpg_stream_create_do (stream, NULL, &spec, flags, gpg_stream_functions_fd);
return err; return err;
} }
@ -1065,6 +1124,7 @@ gpg_stream_read_line_do (gpg_stream_t stream,
buffer_functions_t buffer_fncs_mem = { gpg_stream_func_mem_read, buffer_functions_t buffer_fncs_mem = { gpg_stream_func_mem_read,
gpg_stream_func_mem_write, gpg_stream_func_mem_write,
gpg_stream_func_mem_seek }; gpg_stream_func_mem_seek };
buffer_conspec_t buffer_conspec = { NULL };
void *handle = NULL; void *handle = NULL;
char *line_new = NULL; char *line_new = NULL;
buffer_t line_buffer = NULL; buffer_t line_buffer = NULL;
@ -1073,9 +1133,11 @@ gpg_stream_read_line_do (gpg_stream_t stream,
char *data = NULL; char *data = NULL;
size_t line_size = 0; size_t line_size = 0;
buffer_conspec_get (stream->buffer, &buffer_conspec);
err = gpg_stream_func_mem_create (&handle, NULL, 0); err = gpg_stream_func_mem_create (&handle, NULL, 0);
if (! err) if (! err)
err = buffer_create (&line_buffer, handle, buffer_fncs_mem); err = buffer_create (&line_buffer, &buffer_conspec, handle, buffer_fncs_mem);
if (! err) if (! err)
do do
{ {

13
agent/gpg-stream.h
View File

@ -62,6 +62,17 @@ typedef struct gpg_stream_functions
gpg_stream_func_destroy_t func_destroy; gpg_stream_func_destroy_t func_destroy;
} gpg_stream_functions_t; } gpg_stream_functions_t;
typedef void *(*gpg_stream_func_realloc_t) (void *mem, size_t size);
typedef void (*gpg_stream_func_free_t) (void *mem);
typedef struct gpg_stream_buffer_spec
{
size_t block_size;
gpg_stream_func_realloc_t func_realloc;
gpg_stream_func_free_t func_free;
} gpg_stream_buffer_spec_t;
#define GPG_STREAM_FLAG_READ (1 << 0) #define GPG_STREAM_FLAG_READ (1 << 0)
#define GPG_STREAM_FLAG_WRITE (1 << 1) #define GPG_STREAM_FLAG_WRITE (1 << 1)
#define GPG_STREAM_FLAG_EXCLUSIVE (1 << 2) #define GPG_STREAM_FLAG_EXCLUSIVE (1 << 2)
@ -72,6 +83,7 @@ typedef struct gpg_stream_functions
#define GPG_STREAM_FLAG_BINARY (1 << 7) #define GPG_STREAM_FLAG_BINARY (1 << 7)
gpg_error_t gpg_stream_create (gpg_stream_t *stream, gpg_error_t gpg_stream_create (gpg_stream_t *stream,
gpg_stream_buffer_spec_t *buffer_spec,
void *spec, void *spec,
unsigned int flags, unsigned int flags,
gpg_stream_functions_t functions); gpg_stream_functions_t functions);
@ -129,6 +141,7 @@ typedef struct gpg_stream_spec_mem
char *memory; char *memory;
size_t memory_size; size_t memory_size;
unsigned int grow: 1; unsigned int grow: 1;
size_t block_size;
void *(*func_realloc) (void *mem, size_t size); void *(*func_realloc) (void *mem, size_t size);
void (*func_free) (void *mem); void (*func_free) (void *mem);
} gpg_stream_spec_mem_t; } gpg_stream_spec_mem_t;