* g10.c (main): Add --require-secmem/--no-require-secmem to cause gpg to

exit if it cannot lock memory. Also remove --nrsign-key and --nrlsign-key since this can better be done via --edit-key. * secmem.c (secmem_init): Return a flag to indicate whether we got the lock. * memory.h: Return a flag to indicate whether we got the lock.
2025-07-03 22:56:33 +02:00 · 2004-12-16 05:16:09 +00:00 · 2004-12-16 05:16:09 +00:00 · e79f2db8e4
commit e79f2db8e4
parent 7a388529a3
6 changed files with 37 additions and 22 deletions
--- a/g10/g10.c
+++ b/g10/g10.c
@ -108,8 +108,6 @@ enum cmd_and_opt_values
    aSignSym,
    aSignKey,
    aLSignKey,
-    aNRSignKey,
-    aNRLSignKey,
    aListConfig,
    aGPGConfList,
    aListPackets,
@ -218,6 +216,8 @@ enum cmd_and_opt_values
    oNoVerbose,
    oTrustDBName,
    oNoSecmemWarn,
+    oRequireSecmem,
+    oNoRequireSecmem,
    oNoPermissionWarn,
    oNoMDCWarn,
    oNoArmor,
@ -380,8 +380,6 @@ static ARGPARSE_OPTS opts[] = {
 				    N_("remove keys from the secret keyring")},
    { aSignKey,  "sign-key"   ,256, N_("sign a key")},
    { aLSignKey, "lsign-key"  ,256, N_("sign a key locally")},
-    { aNRSignKey, "nrsign-key"  ,256, "@"},
-    { aNRLSignKey, "nrlsign-key"  ,256, "@"},
    { aEditKey,  "edit-key"   ,256, N_("sign or edit a key")},
    { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
    { aDesigRevoke, "desig-revoke",256, "@" },
@ -557,6 +555,8 @@ static ARGPARSE_OPTS opts[] = {
    { oNoVerbose, "no-verbose", 0, "@"},
    { oTrustDBName, "trustdb-name", 2, "@" },
    { oNoSecmemWarn, "no-secmem-warning", 0, "@" },
+    { oRequireSecmem,"require-secmem", 0, "@" },
+    { oNoRequireSecmem,"no-require-secmem", 0, "@" },
    { oNoPermissionWarn, "no-permission-warning", 0, "@" },
    { oNoMDCWarn, "no-mdc-warning", 0, "@" },
    { oNoArmor, "no-armor",   0, "@"},
@ -1614,6 +1614,7 @@ main( int argc, char **argv )
    int pwfd = -1;
    int with_fpr = 0; /* make an option out of --fingerprint */
    int any_explicit_recipient = 0;
+    int require_secmem=0,got_secmem=0;
 #ifdef USE_SHM_COPROCESSING
    ulong requested_shm_size=0;
 #endif
@ -1746,7 +1747,7 @@ main( int argc, char **argv )
    }
 #endif
    /* initialize the secure memory. */
-    secmem_init( 32768 );
+    got_secmem=secmem_init( 32768 );
    maybe_setuid = 0;
    /* Okay, we are now working under our real uid */

@ -1899,8 +1900,6 @@ main( int argc, char **argv )
 	  case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
 	  case aSignKey: set_cmd( &cmd, aSignKey); break;
 	  case aLSignKey: set_cmd( &cmd, aLSignKey); break;
-	  case aNRSignKey: set_cmd( &cmd, aNRSignKey); break;
-	  case aNRLSignKey: set_cmd( &cmd, aNRLSignKey); break;
 	  case aStore: set_cmd( &cmd, aStore); break;
 	  case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break;
 	  case aClearsign: set_cmd( &cmd, aClearsign); break;
@ -2284,6 +2283,8 @@ main( int argc, char **argv )
 	    break;
 	  case oCertDigestAlgo: cert_digest_string = m_strdup(pargs.r.ret_str); break;
 	  case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
+	  case oRequireSecmem: require_secmem=1; break;
+	  case oNoRequireSecmem: require_secmem=0; break;
 	  case oNoPermissionWarn: opt.no_perm_warn=1; break;
 	  case oNoMDCWarn: opt.no_mdc_warn=1; break;
          case oDisplayCharset:
@ -2596,6 +2597,13 @@ main( int argc, char **argv )

    secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */

+    if(require_secmem && !got_secmem)
+      {
+	log_info(_("will not run with insecure memory due to %s"),
+		 "--require-secmem\n");
+	g10_exit(2);
+      }
+
    set_debug();

    /* Do these after the switch(), so they can override settings. */
@ -3136,13 +3144,6 @@ main( int argc, char **argv )
 	if( argc != 1 )
 	  wrong_args(_("--lsign-key user-id"));
 	/* fall through */
-      case aNRSignKey:
-	if( argc != 1 )
-	  wrong_args(_("--nrsign-key user-id"));
-	/* fall through */
-      case aNRLSignKey:
-	if( argc != 1 )
-	  wrong_args(_("--nrlsign-key user-id"));

 	sl=NULL;

@ -3150,10 +3151,6 @@ main( int argc, char **argv )
 	  append_to_strlist(&sl,"sign");
 	else if(cmd==aLSignKey)
 	  append_to_strlist(&sl,"lsign");
-	else if(cmd==aNRSignKey)
-	  append_to_strlist(&sl,"nrsign");
-	else if(cmd==aNRLSignKey)
-	  append_to_strlist(&sl,"nrlsign");
 	else
 	  BUG();