1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

* g10.c (main): Add --require-secmem/--no-require-secmem to cause gpg to

exit if it cannot lock memory.  Also remove --nrsign-key and --nrlsign-key
since this can better be done via --edit-key.

* secmem.c (secmem_init): Return a flag to indicate whether we got the
lock.

* memory.h: Return a flag to indicate whether we got the lock.
This commit is contained in:
David Shaw 2004-12-16 05:16:09 +00:00
parent 7a388529a3
commit e79f2db8e4
6 changed files with 37 additions and 22 deletions

View File

@ -1,3 +1,9 @@
2004-12-16 David Shaw <dshaw@jabberwocky.com>
* g10.c (main): Add --require-secmem/--no-require-secmem to cause
gpg to exit if it cannot lock memory. Also remove --nrsign-key
and --nrlsign-key since this can better be done via --edit-key.
2004-12-15 David Shaw <dshaw@jabberwocky.com> 2004-12-15 David Shaw <dshaw@jabberwocky.com>
* apdu.c (apdu_send_le, apdu_send_direct), keylist.c * apdu.c (apdu_send_le, apdu_send_direct), keylist.c

View File

@ -108,8 +108,6 @@ enum cmd_and_opt_values
aSignSym, aSignSym,
aSignKey, aSignKey,
aLSignKey, aLSignKey,
aNRSignKey,
aNRLSignKey,
aListConfig, aListConfig,
aGPGConfList, aGPGConfList,
aListPackets, aListPackets,
@ -218,6 +216,8 @@ enum cmd_and_opt_values
oNoVerbose, oNoVerbose,
oTrustDBName, oTrustDBName,
oNoSecmemWarn, oNoSecmemWarn,
oRequireSecmem,
oNoRequireSecmem,
oNoPermissionWarn, oNoPermissionWarn,
oNoMDCWarn, oNoMDCWarn,
oNoArmor, oNoArmor,
@ -380,8 +380,6 @@ static ARGPARSE_OPTS opts[] = {
N_("remove keys from the secret keyring")}, N_("remove keys from the secret keyring")},
{ aSignKey, "sign-key" ,256, N_("sign a key")}, { aSignKey, "sign-key" ,256, N_("sign a key")},
{ aLSignKey, "lsign-key" ,256, N_("sign a key locally")}, { aLSignKey, "lsign-key" ,256, N_("sign a key locally")},
{ aNRSignKey, "nrsign-key" ,256, "@"},
{ aNRLSignKey, "nrlsign-key" ,256, "@"},
{ aEditKey, "edit-key" ,256, N_("sign or edit a key")}, { aEditKey, "edit-key" ,256, N_("sign or edit a key")},
{ aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")}, { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
{ aDesigRevoke, "desig-revoke",256, "@" }, { aDesigRevoke, "desig-revoke",256, "@" },
@ -557,6 +555,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoVerbose, "no-verbose", 0, "@"}, { oNoVerbose, "no-verbose", 0, "@"},
{ oTrustDBName, "trustdb-name", 2, "@" }, { oTrustDBName, "trustdb-name", 2, "@" },
{ oNoSecmemWarn, "no-secmem-warning", 0, "@" }, { oNoSecmemWarn, "no-secmem-warning", 0, "@" },
{ oRequireSecmem,"require-secmem", 0, "@" },
{ oNoRequireSecmem,"no-require-secmem", 0, "@" },
{ oNoPermissionWarn, "no-permission-warning", 0, "@" }, { oNoPermissionWarn, "no-permission-warning", 0, "@" },
{ oNoMDCWarn, "no-mdc-warning", 0, "@" }, { oNoMDCWarn, "no-mdc-warning", 0, "@" },
{ oNoArmor, "no-armor", 0, "@"}, { oNoArmor, "no-armor", 0, "@"},
@ -1614,6 +1614,7 @@ main( int argc, char **argv )
int pwfd = -1; int pwfd = -1;
int with_fpr = 0; /* make an option out of --fingerprint */ int with_fpr = 0; /* make an option out of --fingerprint */
int any_explicit_recipient = 0; int any_explicit_recipient = 0;
int require_secmem=0,got_secmem=0;
#ifdef USE_SHM_COPROCESSING #ifdef USE_SHM_COPROCESSING
ulong requested_shm_size=0; ulong requested_shm_size=0;
#endif #endif
@ -1746,7 +1747,7 @@ main( int argc, char **argv )
} }
#endif #endif
/* initialize the secure memory. */ /* initialize the secure memory. */
secmem_init( 32768 ); got_secmem=secmem_init( 32768 );
maybe_setuid = 0; maybe_setuid = 0;
/* Okay, we are now working under our real uid */ /* Okay, we are now working under our real uid */
@ -1899,8 +1900,6 @@ main( int argc, char **argv )
case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break; case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
case aSignKey: set_cmd( &cmd, aSignKey); break; case aSignKey: set_cmd( &cmd, aSignKey); break;
case aLSignKey: set_cmd( &cmd, aLSignKey); break; case aLSignKey: set_cmd( &cmd, aLSignKey); break;
case aNRSignKey: set_cmd( &cmd, aNRSignKey); break;
case aNRLSignKey: set_cmd( &cmd, aNRLSignKey); break;
case aStore: set_cmd( &cmd, aStore); break; case aStore: set_cmd( &cmd, aStore); break;
case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break; case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break;
case aClearsign: set_cmd( &cmd, aClearsign); break; case aClearsign: set_cmd( &cmd, aClearsign); break;
@ -2284,6 +2283,8 @@ main( int argc, char **argv )
break; break;
case oCertDigestAlgo: cert_digest_string = m_strdup(pargs.r.ret_str); break; case oCertDigestAlgo: cert_digest_string = m_strdup(pargs.r.ret_str); break;
case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break; case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
case oRequireSecmem: require_secmem=1; break;
case oNoRequireSecmem: require_secmem=0; break;
case oNoPermissionWarn: opt.no_perm_warn=1; break; case oNoPermissionWarn: opt.no_perm_warn=1; break;
case oNoMDCWarn: opt.no_mdc_warn=1; break; case oNoMDCWarn: opt.no_mdc_warn=1; break;
case oDisplayCharset: case oDisplayCharset:
@ -2596,6 +2597,13 @@ main( int argc, char **argv )
secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */ secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
if(require_secmem && !got_secmem)
{
log_info(_("will not run with insecure memory due to %s"),
"--require-secmem\n");
g10_exit(2);
}
set_debug(); set_debug();
/* Do these after the switch(), so they can override settings. */ /* Do these after the switch(), so they can override settings. */
@ -3136,13 +3144,6 @@ main( int argc, char **argv )
if( argc != 1 ) if( argc != 1 )
wrong_args(_("--lsign-key user-id")); wrong_args(_("--lsign-key user-id"));
/* fall through */ /* fall through */
case aNRSignKey:
if( argc != 1 )
wrong_args(_("--nrsign-key user-id"));
/* fall through */
case aNRLSignKey:
if( argc != 1 )
wrong_args(_("--nrlsign-key user-id"));
sl=NULL; sl=NULL;
@ -3150,10 +3151,6 @@ main( int argc, char **argv )
append_to_strlist(&sl,"sign"); append_to_strlist(&sl,"sign");
else if(cmd==aLSignKey) else if(cmd==aLSignKey)
append_to_strlist(&sl,"lsign"); append_to_strlist(&sl,"lsign");
else if(cmd==aNRSignKey)
append_to_strlist(&sl,"nrsign");
else if(cmd==aNRLSignKey)
append_to_strlist(&sl,"nrlsign");
else else
BUG(); BUG();

View File

@ -1,3 +1,7 @@
2004-12-16 David Shaw <dshaw@jabberwocky.com>
* memory.h: Return a flag to indicate whether we got the lock.
2004-11-29 David Shaw <dshaw@jabberwocky.com> 2004-11-29 David Shaw <dshaw@jabberwocky.com>
* cipher.h: Add PUBKEY_USAGE_UNKNOWN. * cipher.h: Add PUBKEY_USAGE_UNKNOWN.

View File

@ -66,7 +66,7 @@ size_t m_size( const void *a );
void m_print_stats(const char *prefix); void m_print_stats(const char *prefix);
/*-- secmem.c --*/ /*-- secmem.c --*/
void secmem_init( size_t npool ); int secmem_init( size_t npool );
void secmem_term( void ); void secmem_term( void );
void *secmem_malloc( size_t size ); void *secmem_malloc( size_t size );
void *secmem_realloc( void *a, size_t newsize ); void *secmem_realloc( void *a, size_t newsize );

View File

@ -1,3 +1,8 @@
2004-12-16 David Shaw <dshaw@jabberwocky.com>
* secmem.c (secmem_init): Return a flag to indicate whether we got
the lock.
2004-12-06 Werner Koch <wk@g10code.com> 2004-12-06 Werner Koch <wk@g10code.com>
* iobuf.c (fd_cache_strcmp): New. Use whenever we compare * iobuf.c (fd_cache_strcmp): New. Use whenever we compare

View File

@ -88,8 +88,8 @@ print_warn(void)
if (!no_warning) if (!no_warning)
{ {
log_info(_("WARNING: using insecure memory!\n")); log_info(_("WARNING: using insecure memory!\n"));
log_info(_("please see http://www.gnupg.org/faq.html " log_info(_("please see http://www.gnupg.org/faq.html"
"for more information\n")); " for more information\n"));
} }
} }
@ -297,7 +297,8 @@ secmem_get_flags(void)
return flags; return flags;
} }
void /* Returns 1 if memory was locked, 0 if not. */
int
secmem_init( size_t n ) secmem_init( size_t n )
{ {
if( !n ) { if( !n ) {
@ -326,6 +327,8 @@ secmem_init( size_t n )
else else
log_error("Oops, secure memory pool already initialized\n"); log_error("Oops, secure memory pool already initialized\n");
} }
return !show_warning;
} }