diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | configure.ac | 8 | ||||
-rw-r--r-- | random/ChangeLog | 8 | ||||
-rw-r--r-- | random/random-fips.c | 43 | ||||
-rw-r--r-- | src/ChangeLog | 4 | ||||
-rw-r--r-- | src/secmem.c | 3 | ||||
-rw-r--r-- | src/stdmem.c | 234 | ||||
-rw-r--r-- | src/versioninfo.rc.in | 2 |
9 files changed, 176 insertions, 135 deletions
@@ -1,3 +1,9 @@ +2008-09-01 Werner Koch <wk@g10code.com> + + Release 1.4.2rc2. + + * configure.ac: Update svn_revision macro. + 2008-08-22 Werner Koch <wk@g10code.com> * configure.ac: Add option --enable-hmac-binary-check. @@ -1,8 +1,7 @@ libgcrypt - The GNU crypto library ------------------------------------ - Version 1.4.2rc1 + Version 1.4.2rc2 - *** Warning: RELEASE CANDIDATE *** Copyright 2000, 2002, 2003, 2004, 2007, 2008 Free Software Foundation, Inc. diff --git a/configure.ac b/configure.ac index 82823f13..c84530e1 100644 --- a/configure.ac +++ b/configure.ac @@ -26,11 +26,11 @@ min_automake_version="1.10" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.2]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [1.4.2rc2]) +m4_define([my_issvn], [no]) -m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ - || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) +m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ + | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([libgcrypt], [my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision])], [bug-libgcrypt@gnupg.org]) diff --git a/random/ChangeLog b/random/ChangeLog index df3cac7a..bb308688 100644 --- a/random/ChangeLog +++ b/random/ChangeLog @@ -1,3 +1,11 @@ +2008-09-01 Werner Koch <wk@g10code.com> + + * random-fips.c (x931_get_dt) [W32]: Do not use getppid. + (get_entropy): Prepare for use under Windows. + (_gcry_rngfips_selftest): Ditto. + (entropy_collect_cb): Make sure that the gatherer never overflows + the buffers. + 2008-08-29 Werner Koch <wk@g10code.com> * random-fips.c (SEED_TTL): New. diff --git a/random/random-fips.c b/random/random-fips.c index 68f0ec40..effce500 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -304,7 +304,9 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) to an not so easy predictable value to avoid always starting at 0. Not really needed but it doesn't harm. */ counter1 = (u32)getpid (); +#ifndef HAVE_W32_SYSTEM counter0 = (u32)getppid (); +#endif } @@ -513,10 +515,11 @@ entropy_collect_cb (const void *buffer, size_t length, gcry_assert (fips_rng_is_locked); gcry_assert (entropy_collect_buffer); - - while (length--) + + /* Note that we need to protect against gatherers returning more + than the requested bytes (e.g. rndw32). */ + while (length-- && entropy_collect_buffer_len < entropy_collect_buffer_size) { - gcry_assert (entropy_collect_buffer_len < entropy_collect_buffer_size); entropy_collect_buffer[entropy_collect_buffer_len++] ^= *p++; } } @@ -528,17 +531,31 @@ entropy_collect_cb (const void *buffer, size_t length, static void * get_entropy (size_t nbytes) { -#if USE_RNDLINUX void *result; + int rc; gcry_assert (!entropy_collect_buffer); entropy_collect_buffer = gcry_xmalloc_secure (nbytes); entropy_collect_buffer_size = nbytes; entropy_collect_buffer_len = 0; - if (_gcry_rndlinux_gather_random (entropy_collect_cb, 0, - X931_AES_KEYLEN, - GCRY_VERY_STRONG_RANDOM) < 0 - || entropy_collect_buffer_len != entropy_collect_buffer_size) + +#if USE_RNDLINUX + rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0, + X931_AES_KEYLEN, + GCRY_VERY_STRONG_RANDOM); +#elif USE_RNDW32 + do + { + rc = _gcry_rndw32_gather_random (entropy_collect_cb, 0, + X931_AES_KEYLEN, + GCRY_VERY_STRONG_RANDOM); + } + while (rc >= 0 && entropy_collect_buffer_len < entropy_collect_buffer_size); +#else + rc = -1; +#endif + + if (rc < 0 || entropy_collect_buffer_len != entropy_collect_buffer_size) { gcry_free (entropy_collect_buffer); entropy_collect_buffer = NULL; @@ -547,10 +564,6 @@ get_entropy (size_t nbytes) result = entropy_collect_buffer; entropy_collect_buffer = NULL; return result; -#else - log_fatal ("/dev/random support is not compiled in\n"); - return NULL; /* NOTREACHED */ -#endif } @@ -953,7 +966,7 @@ _gcry_rngfips_selftest (selftest_report_func_t report) { gcry_err_code_t ec; -#if USE_RNDLINUX +#if defined(USE_RNDLINUX) || defined(USE_RNDW32) { char buffer[8]; @@ -966,8 +979,8 @@ _gcry_rngfips_selftest (selftest_report_func_t report) ec = selftest_kat (report); -#else /*!USE_RNDLINUX*/ - report ("random", 0, "setup", "no support for /dev/random"); +#else /*!(USE_RNDLINUX||USE_RNDW32)*/ + report ("random", 0, "setup", "no entropy gathering module"); ec = GPG_ERR_SELFTEST_FAILED; #endif return gpg_error (ec); diff --git a/src/ChangeLog b/src/ChangeLog index be3cc2ea..57cad799 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2008-09-01 Werner Koch <wk@g10code.com> + + * stdmem.c: Re-indented. + 2008-08-29 Werner Koch <wk@g10code.com> * fips.c (_gcry_initialize_fips_mode): Changed /proc file to test diff --git a/src/secmem.c b/src/secmem.c index 08f6ca53..6525db05 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -15,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include <config.h> diff --git a/src/stdmem.c b/src/stdmem.c index e5657987..231a541d 100644 --- a/src/stdmem.c +++ b/src/stdmem.c @@ -1,5 +1,5 @@ /* stdmem.c - private memory allocator - * Copyright (C) 1998, 2000, 2002, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000, 2002, 2005, 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -14,21 +14,20 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see <http://www.gnu.org/licenses/>. */ /* * Description of the layered memory management in Libgcrypt: * - * [User] - * | - * | - * \ / - * global.c: [MM entrance points] -----> [user callbacks] - * | | - * | | - * \ / \ / + * [User] + * | + * | + * \ / + * global.c: [MM entrance points] -----> [user callbacks] + * | | + * | | + * \ / \ / * * stdmem.c: [non-secure handlers] [secure handlers] * @@ -75,149 +74,162 @@ static int use_m_guard = 0; * here have been used. */ void -_gcry_private_enable_m_guard(void) +_gcry_private_enable_m_guard (void) { - use_m_guard = 1; + use_m_guard = 1; } -/**************** + +/* * Allocate memory of size n. * Return NULL if we are out of memory. */ void * -_gcry_private_malloc( size_t n) +_gcry_private_malloc (size_t n) { - if(!n) - return NULL; /* allocating 0 bytes is undefined - better return - an error */ - if( use_m_guard ) { - char *p; - - if( !(p = malloc( n + EXTRA_ALIGN+5 )) ) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; + if (!n) + return NULL; /* Allocating 0 bytes is undefined - we better return + an error to detect such coding errors. */ + if (use_m_guard) + { + char *p; + + if ( !(p = malloc (n + EXTRA_ALIGN+5)) ) + return NULL; + ((byte*)p)[EXTRA_ALIGN+0] = n; + ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; + ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; + ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE; + p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; + return p+EXTRA_ALIGN+4; } - else { - return malloc( n ); + else + { + return malloc( n ); } } -/**************** - * Allocate memory of size n from the secure memory pool. - * Return NULL if we are out of memory. + +/* + * Allocate memory of size N from the secure memory pool. Return NULL + * if we are out of memory. */ void * -_gcry_private_malloc_secure( size_t n) +_gcry_private_malloc_secure (size_t n) { - if(!n) - return NULL; /* allocating 0 bytes is undefined - better return - an error */ - if( use_m_guard ) { - char *p; - - if( !(p = _gcry_secmem_malloc( n +EXTRA_ALIGN+ 5 )) ) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; + if (!n) + return NULL; /* Allocating 0 bytes is undefined - better return an + error to detect such coding errors. */ + if (use_m_guard) + { + char *p; + + if ( !(p = _gcry_secmem_malloc (n +EXTRA_ALIGN+ 5)) ) + return NULL; + ((byte*)p)[EXTRA_ALIGN+0] = n; + ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; + ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; + ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE; + p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; + return p+EXTRA_ALIGN+4; } - else { - return _gcry_secmem_malloc( n ); + else + { + return _gcry_secmem_malloc( n ); } } -/**************** +/* * Realloc and clear the old space * Return NULL if there is not enough memory. */ void * -_gcry_private_realloc( void *a, size_t n ) +_gcry_private_realloc ( void *a, size_t n ) { - if( use_m_guard ) { - unsigned char *p = a; - char *b; - size_t len; - - if (!a) - return _gcry_private_malloc(n); + if (use_m_guard) + { + unsigned char *p = a; + char *b; + size_t len; + + if (!a) + return _gcry_private_malloc(n); - _gcry_private_check_heap(p); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if( len >= n ) /* we don't shrink for now */ - return a; - if( p[-1] == MAGIC_SEC_BYTE ) - b = _gcry_private_malloc_secure(n); - else - b = _gcry_private_malloc(n); - if( !b ) - return NULL; - memcpy(b, a, len ); - memset(b+len, 0, n-len ); - _gcry_private_free( p ); - return b; + _gcry_private_check_heap(p); + len = p[-4]; + len |= p[-3] << 8; + len |= p[-2] << 16; + if( len >= n ) /* We don't shrink for now. */ + return a; + if (p[-1] == MAGIC_SEC_BYTE) + b = _gcry_private_malloc_secure(n); + else + b = _gcry_private_malloc(n); + if (!b) + return NULL; + memcpy (b, a, len); + memset (b+len, 0, n-len); + _gcry_private_free (p); + return b; } - else if( _gcry_private_is_secure(a) ) { - return _gcry_secmem_realloc( a, n ); + else if ( _gcry_private_is_secure(a) ) + { + return _gcry_secmem_realloc( a, n ); } - else { - return realloc( a, n ); + else + { + return realloc( a, n ); } } void -_gcry_private_check_heap( const void *a ) +_gcry_private_check_heap (const void *a) { - if( use_m_guard ) { - const byte *p = a; - size_t len; - - if( !p ) - return; - - if( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) ) - _gcry_log_fatal("memory at %p corrupted (underflow=%02x)\n", p, p[-1] ); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if( p[len] != MAGIC_END_BYTE ) - _gcry_log_fatal("memory at %p corrupted (overflow=%02x)\n", p, p[-1] ); + if (use_m_guard) + { + const byte *p = a; + size_t len; + + if (!p) + return; + + if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) ) + _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]); + len = p[-4]; + len |= p[-3] << 8; + len |= p[-2] << 16; + if ( p[len] != MAGIC_END_BYTE ) + _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]); } } -/**************** + +/* * Free a memory block allocated by this opr the secmem module */ void -_gcry_private_free( void *a ) +_gcry_private_free (void *a) { - byte *p = a; - - if( !p ) - return; - if( use_m_guard ) { - _gcry_private_check_heap(p); - if( _gcry_private_is_secure(a) ) - _gcry_secmem_free(p-EXTRA_ALIGN-4); - else { - free(p-EXTRA_ALIGN-4); + byte *p = a; + + if (!p) + return; + if (use_m_guard ) + { + _gcry_private_check_heap(p); + if ( _gcry_private_is_secure(a) ) + _gcry_secmem_free(p-EXTRA_ALIGN-4); + else + { + free(p-EXTRA_ALIGN-4); } } - else if( _gcry_private_is_secure(a) ) - _gcry_secmem_free(p); - else - free(p); + else if ( _gcry_private_is_secure(a) ) + _gcry_secmem_free(p); + else + free(p); } diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index e167eaf0..e5e87e0b 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright © 2007 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright © 2008 Free Software Foundation, Inc.\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" |