diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | acinclude.m4 | 470 | ||||
| -rw-r--r-- | cipher/ChangeLog | 7 | ||||
| -rw-r--r-- | cipher/Makefile.am | 2 | ||||
| -rw-r--r-- | cipher/random-daemon.c | 108 | ||||
| -rw-r--r-- | cipher/random.c | 30 | ||||
| -rw-r--r-- | cipher/random.h | 9 | ||||
| -rw-r--r-- | configure.ac | 49 | ||||
| -rw-r--r-- | src/global.c | 2 |
10 files changed, 276 insertions, 410 deletions
@@ -1,6 +1,9 @@ 2006-03-14 Werner Koch <wk@g10code.com> * configure.ac: Check for fctnl and ftruncate. + (HAVE_PTH): Check for GNU Pth. + (HAVE_W32_SYSTEM): Define it. + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New. Taken from GnuPG 1.4. 2005-12-08 Werner Koch <wk@g10code.com> @@ -52,8 +52,10 @@ the GPL as found in the file COPYING. The modules under the GPL are: - rndunix - Entropy gatherer for Unices without a /dev/random - rndw32 - Entropy gatherer for MS Windows + rndunix - Entropy gatherer for Unices without a /dev/random + rndw32 - Entropy gatherer for MS Windows + gcryptrnd - The random number daemon. + getrandom - A client for that daemon. The documentation is available under the terms of the GPL. diff --git a/acinclude.m4 b/acinclude.m4 index 91ae631f..af2b2204 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -321,411 +321,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR], AC_SUBST(GPG_ERROR_LIBS) ]) -dnl ## -dnl ## GNU Pth - The GNU Portable Threads -dnl ## Copyright (c) 1999-2002 Ralf S. Engelschall <rse@engelschall.com> -dnl ## -dnl ## This file is part of GNU Pth, a non-preemptive thread scheduling -dnl ## library which can be found at http://www.gnu.org/software/pth/. -dnl ## -dnl ## This library is free software; you can redistribute it and/or -dnl ## modify it under the terms of the GNU Lesser General Public -dnl ## License as published by the Free Software Foundation; either -dnl ## version 2.1 of the License, or (at your option) any later version. -dnl ## -dnl ## This library is distributed in the hope that it will be useful, -dnl ## but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl ## Lesser General Public License for more details. -dnl ## -dnl ## You should have received a copy of the GNU Lesser General Public -dnl ## License along with this library; if not, write to the Free Software -dnl ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -dnl ## USA, or contact Ralf S. Engelschall <rse@engelschall.com>. -dnl ## -dnl ## pth.m4: Autoconf macro for locating GNU Pth from within -dnl ## configure.in of third-party software packages -dnl ## - -dnl ## -dnl ## Synopsis: -dnl ## AC_CHECK_PTH([MIN-VERSION [, # minimum Pth version, e.g. 1.2.0 -dnl ## DEFAULT-WITH-PTH [, # default value for --with-pth option -dnl ## DEFAULT-WITH-PTH-TEST [,# default value for --with-pth-test option -dnl ## EXTEND-VARS [, # whether CFLAGS/LDFLAGS/etc are extended -dnl ## ACTION-IF-FOUND [, # action to perform if Pth was found -dnl ## ACTION-IF-NOT-FOUND # action to perform if Pth was not found -dnl ## ]]]]]]) -dnl ## Examples: -dnl ## AC_CHECK_PTH(1.2.0) -dnl ## AC_CHECK_PTH(1.2.0,,,no,CFLAGS="$CFLAGS -DHAVE_PTH $PTH_CFLAGS") -dnl ## AC_CHECK_PTH(1.2.0,yes,yes,yes,CFLAGS="$CFLAGS -DHAVE_PTH") -dnl ## -dnl -dnl # auxilliary macros -AC_DEFUN([_AC_PTH_ERROR], [dnl -AC_MSG_RESULT([*FAILED*]) -dnl define(_ac_pth_line,dnl -dnl "+------------------------------------------------------------------------+") -dnl echo " _ac_pth_line" 1>&2 -cat <<EOT | sed -e 's/^[[ ]]*/ | /' -e 's/>>/ /' 1>&2 -$1 -EOT -dnl echo " _ac_pth_line" 1>&2 -dnl undefine(_ac_pth_line) -exit 1 -]) -AC_DEFUN([_AC_PTH_VERBOSE], [dnl -if test ".$verbose" = .yes; then - AC_MSG_RESULT([ $1]) -fi -]) -dnl # the user macro -AC_DEFUN([AC_CHECK_PTH], [dnl -dnl -dnl # prerequisites -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_PROG_CPP])dnl -dnl -PTH_CPPFLAGS='' -PTH_CFLAGS='' -PTH_LDFLAGS='' -PTH_LIBS='' -AC_SUBST(PTH_CPPFLAGS) -AC_SUBST(PTH_CFLAGS) -AC_SUBST(PTH_LDFLAGS) -AC_SUBST(PTH_LIBS) -dnl # command line options -AC_MSG_CHECKING(for GNU Pth) -_AC_PTH_VERBOSE([]) -AC_ARG_WITH(pth,dnl -[ --with-pth[=ARG] Build with GNU Pth Library (default=]ifelse([$2],,yes,$2)[)],dnl -,dnl -with_pth="ifelse([$2],,yes,$2)" -)dnl -AC_ARG_WITH(pth-test,dnl -[ --with-pth-test Perform GNU Pth Sanity Test (default=]ifelse([$3],,yes,$3)[)],dnl -,dnl -with_pth_test="ifelse([$3],,yes,$3)" -)dnl -_AC_PTH_VERBOSE([+ Command Line Options:]) -_AC_PTH_VERBOSE([ o --with-pth=$with_pth]) -_AC_PTH_VERBOSE([ o --with-pth-test=$with_pth_test]) -dnl -dnl # configuration -if test ".$with_pth" != .no; then - _pth_subdir=no - _pth_subdir_opts='' - case "$with_pth" in - subdir:* ) - _pth_subdir=yes - changequote(, )dnl - _pth_subdir_opts=`echo $with_pth | sed -e 's/^subdir:[^ ]*[ ]*//'` - with_pth=`echo $with_pth | sed -e 's/^subdir:\([^ ]*\).*$/\1/'` - changequote([, ])dnl - ;; - esac - _pth_version="" - _pth_location="" - _pth_type="" - _pth_cppflags="" - _pth_cflags="" - _pth_ldflags="" - _pth_libs="" - if test ".$with_pth" = .yes; then - # via config script in $PATH - changequote(, )dnl - _pth_version=`(pth-config --version) 2>/dev/null |\ - sed -e 's/^.*\([0-9]\.[0-9]*[ab.][0-9]*\).*$/\1/'` - changequote([, ])dnl - if test ".$_pth_version" != .; then - _pth_location=`pth-config --prefix` - _pth_type='installed' - _pth_cppflags=`pth-config --cflags` - _pth_cflags=`pth-config --cflags` - _pth_ldflags=`pth-config --ldflags` - _pth_libs=`pth-config --libs` - fi - elif test -d "$with_pth"; then - with_pth=`echo $with_pth | sed -e 's;/*$;;'` - _pth_found=no - # via locally included source tree - if test ".$_pth_subdir" = .yes; then - _pth_location="$with_pth" - _pth_type='local' - _pth_cppflags="-I$with_pth" - _pth_cflags="-I$with_pth" - if test -f "$with_pth/ltconfig"; then - _pth_ldflags="-L$with_pth/.libs" - else - _pth_ldflags="-L$with_pth" - fi - _pth_libs="-lpth" - changequote(, )dnl - _pth_version=`grep '^const char PTH_Hello' $with_pth/pth_vers.c |\ - sed -e 's;^.*Version[ ]*\([0-9]*\.[0-9]*[.ab][0-9]*\)[ ].*$;\1;'` - changequote([, ])dnl - _pth_found=yes - ac_configure_args="$ac_configure_args --enable-subdir $_pth_subdir_opts" - with_pth_test=no - fi - # via config script under a specified directory - # (a standard installation, but not a source tree) - if test ".$_pth_found" = .no; then - for _dir in $with_pth/bin $with_pth; do - if test -f "$_dir/pth-config"; then - test -f "$_dir/pth-config.in" && continue # pth-config in source tree! - changequote(, )dnl - _pth_version=`($_dir/pth-config --version) 2>/dev/null |\ - sed -e 's/^.*\([0-9]\.[0-9]*[ab.][0-9]*\).*$/\1/'` - changequote([, ])dnl - if test ".$_pth_version" != .; then - _pth_location=`$_dir/pth-config --prefix` - _pth_type="installed" - _pth_cppflags=`$_dir/pth-config --cflags` - _pth_cflags=`$_dir/pth-config --cflags` - _pth_ldflags=`$_dir/pth-config --ldflags` - _pth_libs=`$_dir/pth-config --libs` - _pth_found=yes - break - fi - fi - done - fi - # in any subarea under a specified directory - # (either a special installation or a Pth source tree) - if test ".$_pth_found" = .no; then - changequote(, )dnl - _pth_found=0 - for _file in x `find $with_pth -name "pth.h" -type f -print`; do - test .$_file = .x && continue - _dir=`echo $_file | sed -e 's;[^/]*$;;' -e 's;\(.\)/$;\1;'` - _pth_version=`($_dir/pth-config --version) 2>/dev/null |\ - sed -e 's/^.*\([0-9]\.[0-9]*[ab.][0-9]*\).*$/\1/'` - if test ".$_pth_version" = .; then - _pth_version=`grep '^#define PTH_VERSION_STR' $_file |\ - sed -e 's;^#define[ ]*PTH_VERSION_STR[ ]*"\([0-9]*\.[0-9]*[.ab][0-9]*\)[ ].*$;\1;'` - fi - _pth_cppflags="-I$_dir" - _pth_cflags="-I$_dir" - _pth_found=`expr $_pth_found + 1` - done - for _file in x `find $with_pth -name "libpth.[aso]" -type f -print`; do - test .$_file = .x && continue - _dir=`echo $_file | sed -e 's;[^/]*$;;' -e 's;\(.\)/$;\1;'` - _pth_ldflags="-L$_dir" - _pth_libs="-lpth" - _pth_found=`expr $_pth_found + 1` - done - changequote([, ])dnl - if test ".$_pth_found" = .2; then - _pth_location="$with_pth" - _pth_type="uninstalled" - else - _pth_version='' - fi - fi - fi - _AC_PTH_VERBOSE([+ Determined Location:]) - _AC_PTH_VERBOSE([ o path: $_pth_location]) - _AC_PTH_VERBOSE([ o type: $_pth_type]) - if test ".$_pth_version" = .; then - with_pth=no - else -dnl if test ".$with_pth" != .yes; then -dnl _AC_PTH_ERROR([dnl -dnl Unable to locate GNU Pth under $with_pth. -dnl Please specify the correct path to either a GNU Pth installation tree -dnl (use --with-pth=DIR if you used --prefix=DIR for installing GNU Pth in -dnl the past) or to a GNU Pth source tree (use --with-pth=DIR if DIR is a -dnl path to a pth-X.Y.Z/ directory; but make sure the package is already -dnl built, i.e., the "configure; make" step was already performed there).]) -dnl else -dnl _AC_PTH_ERROR([dnl -dnl Unable to locate GNU Pth in any system-wide location (see \$PATH). -dnl Please specify the correct path to either a GNU Pth installation tree -dnl (use --with-pth=DIR if you used --prefix=DIR for installing GNU Pth in -dnl the past) or to a GNU Pth source tree (use --with-pth=DIR if DIR is a -dnl path to a pth-X.Y.Z/ directory; but make sure the package is already -dnl built, i.e., the "configure; make" step was already performed there).]) -dnl fi -dnl fi - dnl # - dnl # Check whether the found version is sufficiently new - dnl # - _req_version="ifelse([$1],,1.0.0,$1)" - for _var in _pth_version _req_version; do - eval "_val=\"\$${_var}\"" - _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'` - _minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'` - _rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'` - _micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'` - case $_rtype in - "a" ) _rtype=0 ;; - "b" ) _rtype=1 ;; - "." ) _rtype=2 ;; - esac - _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \ - "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"` - eval "${_var}_hex=\"\$_hex\"" - done - _AC_PTH_VERBOSE([+ Determined Versions:]) - _AC_PTH_VERBOSE([ o existing: $_pth_version -> 0x$_pth_version_hex]) - _AC_PTH_VERBOSE([ o required: $_req_version -> 0x$_req_version_hex]) - _ok=0 - if test ".$_pth_version_hex" != .; then - if test ".$_req_version_hex" != .; then - if test $_pth_version_hex -ge $_req_version_hex; then - _ok=1 - fi - fi - fi - if test ".$_ok" = .0; then - _AC_PTH_ERROR([dnl - Found Pth version $_pth_version, but required at least version $_req_version. - Upgrade Pth under $_pth_location to $_req_version or higher first, please.]) - fi - dnl # - dnl # Perform Pth Sanity Compile Check - dnl # - if test ".$with_pth_test" = .yes; then - _ac_save_CPPFLAGS="$CPPFLAGS" - _ac_save_CFLAGS="$CFLAGS" - _ac_save_LDFLAGS="$LDFLAGS" - _ac_save_LIBS="$LIBS" - CPPFLAGS="$CPPFLAGS $_pth_cppflags" - CFLAGS="$CFLAGS $_pth_cflags" - LDFLAGS="$LDFLAGS $_pth_ldflags" - LIBS="$LIBS $_pth_libs" - _AC_PTH_VERBOSE([+ Test Build Environment:]) - _AC_PTH_VERBOSE([ o CPPFLAGS=\"$CPPFLAGS\"]) - _AC_PTH_VERBOSE([ o CFLAGS=\"$CFLAGS\"]) - _AC_PTH_VERBOSE([ o LDFLAGS=\"$LDFLAGS\"]) - _AC_PTH_VERBOSE([ o LIBS=\"$LIBS\"]) - cross_compile=no - define(_code1, [dnl - #include <stdio.h> - #include <pth.h> - ]) - define(_code2, [dnl - int main(int argc, char *argv[]) - { - FILE *fp; - if (!(fp = fopen("conftestval", "w"))) - exit(1); - fprintf(fp, "hmm"); - fclose(fp); - pth_init(); - pth_kill(); - if (!(fp = fopen("conftestval", "w"))) - exit(1); - fprintf(fp, "yes"); - fclose(fp); - exit(0); - } - ]) - _AC_PTH_VERBOSE([+ Performing Sanity Checks:]) - _AC_PTH_VERBOSE([ o pre-processor test]) - AC_TRY_CPP(_code1, _ok=yes, _ok=no) - if test ".$_ok" != .yes; then - _AC_PTH_ERROR([dnl - Found GNU Pth $_pth_version under $_pth_location, but - was unable to perform a sanity pre-processor check. This means - the GNU Pth header pth.h was not found. - We used the following build environment: - >> CPP="$CPP" - >> CPPFLAGS="$CPPFLAGS" - See config.log for possibly more details.]) - fi - _AC_PTH_VERBOSE([ o link check]) - AC_TRY_LINK(_code1, _code2, _ok=yes, _ok=no) - if test ".$_ok" != .yes; then - _AC_PTH_ERROR([dnl - Found GNU Pth $_pth_version under $_pth_location, but - was unable to perform a sanity linker check. This means - the GNU Pth library libpth.a was not found. - We used the following build environment: - >> CC="$CC" - >> CFLAGS="$CFLAGS" - >> LDFLAGS="$LDFLAGS" - >> LIBS="$LIBS" - See config.log for possibly more details.]) - fi - _AC_PTH_VERBOSE([ o run-time check]) - AC_TRY_RUN(_code1 _code2, _ok=`cat conftestval`, _ok=no, _ok=no) - if test ".$_ok" != .yes; then - if test ".$_ok" = .no; then - _AC_PTH_ERROR([dnl - Found GNU Pth $_pth_version under $_pth_location, but - was unable to perform a sanity execution check. This usually - means that the GNU Pth shared library libpth.so is present - but \$LD_LIBRARY_PATH is incomplete to execute a Pth test. - In this case either disable this test via --without-pth-test, - or extend \$LD_LIBRARY_PATH, or build GNU Pth as a static - library only via its --disable-shared Autoconf option. - We used the following build environment: - >> CC="$CC" - >> CFLAGS="$CFLAGS" - >> LDFLAGS="$LDFLAGS" - >> LIBS="$LIBS" - See config.log for possibly more details.]) - else - _AC_PTH_ERROR([dnl - Found GNU Pth $_pth_version under $_pth_location, but - was unable to perform a sanity run-time check. This usually - means that the GNU Pth library failed to work and possibly - caused a core dump in the test program. In this case it - is strongly recommended that you re-install GNU Pth and this - time make sure that it really passes its "make test" procedure. - We used the following build environment: - >> CC="$CC" - >> CFLAGS="$CFLAGS" - >> LDFLAGS="$LDFLAGS" - >> LIBS="$LIBS" - See config.log for possibly more details.]) - fi - fi - _extendvars="ifelse([$4],,yes,$4)" - if test ".$_extendvars" != .yes; then - CPPFLAGS="$_ac_save_CPPFLAGS" - CFLAGS="$_ac_save_CFLAGS" - LDFLAGS="$_ac_save_LDFLAGS" - LIBS="$_ac_save_LIBS" - fi - else - _extendvars="ifelse([$4],,yes,$4)" - if test ".$_extendvars" = .yes; then - if test ".$_pth_subdir" = .yes; then - CPPFLAGS="$CPPFLAGS $_pth_cppflags" - CFLAGS="$CFLAGS $_pth_cflags" - LDFLAGS="$LDFLAGS $_pth_ldflags" - LIBS="$LIBS $_pth_libs" - fi - fi - fi - PTH_CPPFLAGS="$_pth_cppflags" - PTH_CFLAGS="$_pth_cflags" - PTH_LDFLAGS="$_pth_ldflags" - PTH_LIBS="$_pth_libs" - AC_SUBST(PTH_CPPFLAGS) - AC_SUBST(PTH_CFLAGS) - AC_SUBST(PTH_LDFLAGS) - AC_SUBST(PTH_LIBS) - _AC_PTH_VERBOSE([+ Final Results:]) - _AC_PTH_VERBOSE([ o PTH_CPPFLAGS=\"$PTH_CPPFLAGS\"]) - _AC_PTH_VERBOSE([ o PTH_CFLAGS=\"$PTH_CFLAGS\"]) - _AC_PTH_VERBOSE([ o PTH_LDFLAGS=\"$PTH_LDFLAGS\"]) - _AC_PTH_VERBOSE([ o PTH_LIBS=\"$PTH_LIBS\"]) -fi -fi -if test ".$with_pth" != .no; then - AC_MSG_RESULT([version $_pth_version, $_pth_type under $_pth_location]) - ifelse([$5], , :, [$5]) -else - AC_MSG_RESULT([no]) - ifelse([$6], , :, [$6]) -fi -]) dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different @@ -767,3 +362,68 @@ AC_DEFUN([TYPE_SOCKLEN_T], [#include <sys/types.h> #include <sys/socket.h>]) ]) + + +# GNUPG_PTH_VERSION_CHECK(REQUIRED) +# +# If the version is sufficient, HAVE_PTH will be set to yes. +# +# Taken form the m4 macros which come with Pth +AC_DEFUN([GNUPG_PTH_VERSION_CHECK], + [ + _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'` + _req_version="ifelse([$1],,1.2.0,$1)" + + AC_MSG_CHECKING(for PTH - version >= $_req_version) + for _var in _pth_version _req_version; do + eval "_val=\"\$${_var}\"" + _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'` + _minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'` + _rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'` + _micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'` + case $_rtype in + "a" ) _rtype=0 ;; + "b" ) _rtype=1 ;; + "." ) _rtype=2 ;; + esac + _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \ + "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"` + eval "${_var}_hex=\"\$_hex\"" + done + have_pth=no + if test ".$_pth_version_hex" != .; then + if test ".$_req_version_hex" != .; then + if test $_pth_version_hex -ge $_req_version_hex; then + have_pth=yes + fi + fi + fi + if test $have_pth = yes; then + AC_MSG_RESULT(yes) + AC_MSG_CHECKING([whether PTH installation is sane]) + AC_CACHE_VAL(gnupg_cv_pth_is_sane,[ + _gnupg_pth_save_cflags=$CFLAGS + _gnupg_pth_save_ldflags=$LDFLAGS + _gnupg_pth_save_libs=$LIBS + CFLAGS="$CFLAGS `$PTH_CONFIG --cflags`" + LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`" + LIBS="$LIBS `$PTH_CONFIG --libs`" + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pth.h> + ], + [[ pth_init ();]])], + gnupg_cv_pth_is_sane=yes, + gnupg_cv_pth_is_sane=no) + CFLAGS=$_gnupg_pth_save_cflags + LDFLAGS=$_gnupg_pth_save_ldflags + LIBS=$_gnupg_pth_save_libs + ]) + if test $gnupg_cv_pth_is_sane != yes; then + have_pth=no + fi + AC_MSG_RESULT($gnupg_cv_pth_is_sane) + else + AC_MSG_RESULT(no) + fi + ]) + + diff --git a/cipher/ChangeLog b/cipher/ChangeLog index dd17b998..4b39674d 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +2006-03-15 Werner Koch <wk@g10code.com> + + * random-daemon.c: New. + * random.c (_gcry_use_random_daemon): New. + (get_random_bytes, gcry_randomize, gcry_create_nonce): Try + diverting to the daemon functions. + 2006-03-14 Werner Koch <wk@g10code.com> * random.c (lock_seed_file): New. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 05d4e4d7..345e6cb2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -36,7 +36,7 @@ libcipher_la_SOURCES = \ cipher.c pubkey.c ac.c md.c \ bithelp.h \ primegen.c \ -random.c random.h \ +random.c random-daemon.c random.h \ rand-internal.h \ rmd.h diff --git a/cipher/random-daemon.c b/cipher/random-daemon.c new file mode 100644 index 00000000..45bb2a8c --- /dev/null +++ b/cipher/random-daemon.c @@ -0,0 +1,108 @@ +/* random-daemon.c - Access to the external random daemon + * Copyright (C) 2006 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +/* + The functions here are used by random.c to divert calls to an + external random number daemon. The actual daemon we use is + gcryptrnd. Such a daemon is useful to keep a persistent pool in + memory over invocations of a single application and to allow + prioritizing access to the actual entropy sources. The drawback is + that we need to use IPC (i.e. unxi domain socket) to convey + sensitive data. + */ + + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> + +#include "g10lib.h" +#include "random.h" +#include "ath.h" + + +/* The lock taken while talking to the daemon. */ +static ath_mutex_t daemon_lock = ATH_MUTEX_INITIALIZER; + + + +/* Initialize basics of this module. This should be viewed as a + constroctur to prepare locking. */ +void +_gcry_daemon_initialize_basics (void) +{ + static int initialized; + int err; + + if (!initialized) + { + initialized = 1; + err = ath_mutex_init (&daemon_lock); + if (err) + log_fatal ("failed to create the daemon lock: %s\n", strerror (err) ); + } +} + + + + + + + + + + + + + + + + + +/* Internal function to fill BUFFER with LENGTH bytes of random. We + support GCRY_STRONG_RANDOM and GCRY_VERY_STRONG_RANDOM here. + Return 0 on success. */ +int +_gcry_daemon_randomize (void *buffer, size_t length, + enum gcry_random_level level) +{ + return -1; +} + +/* Internal function to return a pointer to a randomized buffer of + LEVEL and NBYTES length. Caller must free the buffer. With SECURE + passed as TRUE, allocate the rwanom in secure memory - however note + that the IPC mechanism might have not stored it there. Return a + pointer to a newly alloced memory or NULL if it failed. */ +void * +_gcry_daemon_get_random_bytes (ize_t nbytes, int level, int secure) +{ + return NULL; +} + + +/* Internal function to fill BUFFER with NBYTES of data usable for a + nonce. Returns 0 on success. */ +int +_gcry_daemon_create_nonce (void *buffer, size_t length) +{ + return -1; +} diff --git a/cipher/random.c b/cipher/random.c index 9b9869b4..ea69f4c9 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -94,6 +94,7 @@ static int is_initialized; +static int allow_daemon; /* If true, try to use the daemon first. */ #define MASK_LEVEL(a) do { (a) &= 3; } while(0) static char *rndpool; /* allocated size is POOLSIZE+BLOCKLEN */ static char *keypool; /* allocated size is POOLSIZE+BLOCKLEN */ @@ -159,6 +160,7 @@ initialize_basics(void) if (err) log_fatal ("failed to create the nonce buffer lock: %s\n", strerror (err) ); + _gcry_daemon_initialize_basics (); } } @@ -248,6 +250,23 @@ _gcry_quick_random_gen( int onoff ) return faked_rng? 1 : last; } + +/* With ONOFF set to 1, enable the use of the daemon. With ONOFF set + to 0, disable the use of the daemon. With ONOF set to -1, return + whether the daemon has been enabled. */ +int +_gcry_use_random_daemon (int onoff) +{ + int last; + + /* FIXME: This is not really thread safe. */ + last = allow_daemon; + if (onoff != -1) + allow_daemon = onoff; + return last; +} + + int _gcry_random_is_faked() { @@ -274,6 +293,9 @@ get_random_bytes ( size_t nbytes, int level, int secure) /* Make sure the requested level is in range. */ MASK_LEVEL(level); + if (allow_daemon && (p=_gcry_daemon_get_random_bytes (nbytes, level,secure))) + return p; /* The daemon succeeded. */ + /* Lock the pool. */ err = ath_mutex_lock (&pool_lock); if (err) @@ -352,7 +374,7 @@ gcry_random_bytes( size_t nbytes, enum gcry_random_level level ) } /* The public function to return random data of the quality LEVEL; - this version of the function retrun the random a buffer allocated + this version of the function return the random a buffer allocated in secure memory. */ void * gcry_random_bytes_secure( size_t nbytes, enum gcry_random_level level ) @@ -384,6 +406,9 @@ gcry_randomize (byte *buffer, size_t length, enum gcry_random_level level) /* Make sure the level is okay. */ MASK_LEVEL(level); + if (allow_daemon && !_gcry_daemon_randomize (buffer, length, level)) + return; /* The daemon succeeded. */ + /* Acquire the pool lock. */ err = ath_mutex_lock (&pool_lock); if (err) @@ -1196,6 +1221,9 @@ gcry_create_nonce (unsigned char *buffer, size_t length) if (!is_initialized) initialize (); + if (allow_daemon && !_gcry_daemon_create_nonce (buffer, length)) + return; /* The daemon succeeded. */ + /* Acquire the nonce buffer lock. */ err = ath_mutex_lock (&nonce_buffer_lock); if (err) diff --git a/cipher/random.h b/cipher/random.h index 29076b98..c87f46e3 100644 --- a/cipher/random.h +++ b/cipher/random.h @@ -29,12 +29,21 @@ void _gcry_random_dump_stats(void); void _gcry_secure_random_alloc(void); int _gcry_quick_random_gen( int onoff ); int _gcry_random_is_faked(void); +int _gcry_use_random_daemon (int onoff); void _gcry_set_random_seed_file (const char *name); void _gcry_update_random_seed_file (void); byte *_gcry_get_random_bits( size_t nbits, int level, int secure ); void _gcry_fast_random_poll( void ); +/*-- random-daemon.c (only used from random.c) --*/ +void _gcry_daemon_initialize_basics (void); +int _gcry_daemon_randomize (void *buffer, size_t length, + enum gcry_random_level level); +void *_gcry_daemon_get_random_bytes (size_t nbytes, int level, int secure); +int _gcry_daemon_create_nonce (void *buffer, size_t length); + + #endif /*G10_RANDOM_H*/ diff --git a/configure.ac b/configure.ac index d677538d..7a7ce385 100644 --- a/configure.ac +++ b/configure.ac @@ -131,12 +131,14 @@ LIBGCRYPT_THREAD_MODULES="" # Other definitions. print_egd_notice=no +have_w32_system=no # Setup some stuff depending on host/target. case "${target}" in *-*-mingw32*) available_random_modules="w32" ac_cv_have_dev_random=no + have_w32_system=yes AC_DEFINE(USE_ONLY_8DOT3,1, [set this to limit filenames to the 8.3 format]) AC_DEFINE(HAVE_DRIVE_LETTERS,1, @@ -185,6 +187,13 @@ case "${target}" in ;; esac +if test "$have_w32_system" = yes; then + AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) +fi +AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) + + + # A printable OS Name is sometime useful. case "${target}" in *-*-mingw32*) @@ -422,6 +431,9 @@ AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM", #### Checks for libraries. #### ############################### +# +# gpg-error is required. +# AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION") if test "x$GPG_ERROR_LIBS" = "x"; then AC_MSG_ERROR([libgpg-error is needed. @@ -431,6 +443,43 @@ fi AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_GCRYPT, [The default error source for libgcrypt.]) +# +# Check whether the GNU Pth library is available. We require this +# to build the optional gcryptrnd program. +# +AC_ARG_WITH(pth-prefix, + AC_HELP_STRING([--with-pth-prefix=PFX], + [prefix where GNU Pth is installed (optional)]), + pth_config_prefix="$withval", pth_config_prefix="") +if test x$pth_config_prefix != x ; then + PTH_CONFIG="$pth_config_prefix/bin/pth-config" +fi +AC_PATH_PROG(PTH_CONFIG, pth-config, no) +if test "$PTH_CONFIG" = "no"; then + AC_MSG_WARN([[ +*** +*** To build the Libgcrypt's random humber daemon +*** we need the support of the GNU Portable Threads Library. +*** Download it from ftp://ftp.gnu.org/gnu/pth/ +*** On a Debian GNU/Linux system you might want to try +*** apt-get install libpth-dev +***]]) + else + GNUPG_PTH_VERSION_CHECK([1.3.7]) + if test $have_pth = yes; then + PTH_CFLAGS=`$PTH_CONFIG --cflags` + PTH_LIBS=`$PTH_CONFIG --ldflags` + PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs`" + AC_DEFINE(USE_GNU_PTH, 1, + [Defined if the GNU Portable Thread Library should be used]) + AC_DEFINE(HAVE_PTH, 1, + [Defined if the GNU Pth is available]) + fi +fi +AC_SUBST(PTH_CFLAGS) +AC_SUBST(PTH_LIBS) + + # Solaris needs -lsocket and -lnsl. Unisys system includes # gethostbyname in libsocket but needs libnsl for socket. AC_SEARCH_LIBS(setsockopt, [socket], , diff --git a/src/global.c b/src/global.c index ea2ca7fc..8dd2657c 100644 --- a/src/global.c +++ b/src/global.c @@ -314,7 +314,7 @@ gcry_control (enum gcry_ctl_cmds cmd, ...) if (! init_finished) { global_init (); - /* Do only a basic ranom initialization, i.e. inti the + /* Do only a basic random initialization, i.e. init the mutexes. */ _gcry_random_initialize (0); init_finished = 1; |