aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Schulte <[email protected]>2004-07-30 19:49:46 +0000
committerMoritz Schulte <[email protected]>2004-07-30 19:49:46 +0000
commitcc95de1d19bfc58130ddd7eee7ae6a769b5b2e99 (patch)
tree9cee3f6755c272ac066e2757e531653da1ac463b
parentLast commit was incomplete (diff)
downloadgnupg-cc95de1d19bfc58130ddd7eee7ae6a769b5b2e99.tar.gz
gnupg-cc95de1d19bfc58130ddd7eee7ae6a769b5b2e99.zip
2004-07-30 Moritz Schulte <[email protected]>
* command-ssh.c: Updated Libgpg-stream (more support for secure memory), adjusted code for new API.
Diffstat
-rw-r--r--agent/ChangeLog7
-rw-r--r--agent/command-ssh.c40
-rw-r--r--agent/gpg-stream.c106
-rw-r--r--agent/gpg-stream.h13
4 files changed, 130 insertions, 36 deletions
diff --git a/agent/ChangeLog b/agent/ChangeLog
index 2c503a5fc..bf741f33e 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,5 +1,12 @@
+2004-07-30 Moritz Schulte <[email protected]>
+
+ * command-ssh.c: Updated Libgpg-stream (more support for secure
+ memory), adjusted code for new API.
+
2004-07-27 Moritz Schulte <[email protected]>
+ * findkey.c (key_io_lock): New variable.
+
* command-ssh.c: Use gcrypt memory allocators, use secure memory
where necessary.
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 44da7ac26..6f8b1db71 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -627,7 +627,7 @@ ssh_extract_key_public_from_blob (unsigned char *blob, size_t blob_size,
gpg_err_code_t err = GPG_ERR_NO_ERROR;
gpg_stream_t blob_stream = NULL;
- err = gpg_stream_create (&blob_stream, NULL,
+ err = gpg_stream_create (&blob_stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
@@ -662,7 +662,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
size_t blob_new_size = 0;
size_t bytes_read = 0;
- err = gpg_stream_create (&blob_stream, NULL,
+ err = gpg_stream_create (&blob_stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
@@ -859,7 +859,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
/* Prepare buffer stream. */
- err = gpg_stream_create (&key_blobs, NULL,
+ err = gpg_stream_create (&key_blobs, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
@@ -998,7 +998,7 @@ data_sign (CTRL ctrl, unsigned char **sig, size_t *sig_n)
if (err)
goto out;
- err = gpg_stream_create (&stream, NULL,
+ err = gpg_stream_create (&stream, NULL, NULL,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
@@ -1609,12 +1609,19 @@ gcry_realloc_secure (void *mem, size_t size)
void
start_command_handler_ssh (int sock_client)
{
- gpg_stream_spec_mem_t stream_spec_secure = { NULL, 0, 1,
- gcry_realloc_secure,
- gcry_free };
- gpg_stream_spec_mem_t stream_spec = { NULL, 0, 1,
- gcry_realloc,
- gcry_free };
+ gpg_stream_spec_mem_t stream_spec_mem_secure = { NULL, 0, 1, 256,
+ gcry_realloc_secure,
+ gcry_free };
+ gpg_stream_spec_mem_t stream_spec_mem = { NULL, 0, 1, STREAM_BLOCK_SIZE,
+ gcry_realloc,
+ gcry_free };
+ gpg_stream_spec_fd_t stream_spec_fd = { sock_client };
+ gpg_stream_buffer_spec_t buffer_spec_secure = { 256,
+ gcry_realloc_secure,
+ gcry_free };
+ gpg_stream_buffer_spec_t buffer_spec = { 0,
+ gcry_realloc,
+ gcry_free };
struct server_control_s ctrl = { NULL };
gpg_err_code_t err = GPG_ERR_NO_ERROR;
gpg_stream_t stream_sock = NULL;
@@ -1632,8 +1639,10 @@ start_command_handler_ssh (int sock_client)
ctrl.connection_fd = sock_client;
- err = gpg_stream_create_fd (&stream_sock, sock_client,
- GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE);
+ err = gpg_stream_create (&stream_sock, &buffer_spec_secure,
+ &stream_spec_fd,
+ GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
+ gpg_stream_functions_fd);
if (err)
goto out;
@@ -1648,14 +1657,17 @@ start_command_handler_ssh (int sock_client)
contain secret key material. The response does not have to
be stored in secure memory, since we never give out secret
keys. */
+ gpg_stream_destroy (stream_request);
stream_request = NULL;
- err = gpg_stream_create (&stream_request, &stream_spec_secure,
+ err = gpg_stream_create (&stream_request, &buffer_spec_secure,
+ &stream_spec_mem_secure,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
break;
+ gpg_stream_destroy (stream_response);
stream_response = NULL;
- err = gpg_stream_create (&stream_response, &stream_spec,
+ err = gpg_stream_create (&stream_response, &buffer_spec, &stream_spec_mem,
GPG_STREAM_FLAG_READ | GPG_STREAM_FLAG_WRITE,
gpg_stream_functions_mem);
if (err)
diff --git a/agent/gpg-stream.c b/agent/gpg-stream.c
index 1fb3c4033..e8baf0e32 100644
--- a/agent/gpg-stream.c
+++ b/agent/gpg-stream.c
@@ -36,6 +36,13 @@
+/* Generally used types. */
+
+typedef void *(*func_realloc_t) (void *mem, size_t size);
+typedef void (*func_free_t) (void *mem);
+
+
+
/* Buffer management layer. */
#define BUFFER_BLOCK_SIZE 1024
@@ -68,10 +75,18 @@ typedef struct buffer_functions
buffer_func_stat_t func_stat; /* Stat callback. */
} buffer_functions_t;
+typedef struct buffer_conspec
+{
+ size_t block_size;
+ func_realloc_t func_realloc;
+ func_free_t func_free;
+} buffer_conspec_t;
+
/* Buffer context. */
struct buffer
{
void *handle; /* Handle, passed to callbacks. */
+ buffer_conspec_t conspec; /* Container spec. */
buffer_functions_t functions; /* Callback functions. */
unsigned int flags; /* General flags. */
struct buffer_in
@@ -96,6 +111,9 @@ struct buffer
/* Buffer contains unflushed data. */
#define BUFFER_FLAG_DIRTY (1 << 0)
+/* Buffer is secure. */
+#define BUFFER_FLAG_SECURE (1 << 1)
+
/* Fill buffer. */
@@ -356,30 +374,41 @@ buffer_skip (buffer_t buffer,
/* Create a new buffer. */
gpg_error_t
buffer_create (buffer_t *buffer,
+ buffer_conspec_t *conspec,
void *handle,
buffer_functions_t functions)
{
+ func_realloc_t func_realloc = realloc;
+ func_free_t func_free = free;
+ size_t block_size = BUFFER_BLOCK_SIZE;
gpg_error_t err = GPG_ERR_NO_ERROR;
-
- /* Allocate memory, initialize. */
-
buffer_t buffer_new = NULL;
char *container_in_new = NULL;
char *container_out_new = NULL;
+ if (conspec)
+ {
+ if (conspec->func_realloc)
+ func_realloc = conspec->func_realloc;
+ if (conspec->func_free)
+ func_free = conspec->func_free;
+ if (conspec->block_size)
+ block_size = conspec->block_size;
+ }
+
buffer_new = malloc (sizeof (*buffer_new));
if (! buffer_new)
err = gpg_error_from_errno (errno);
if (! err)
{
- container_in_new = malloc (BUFFER_BLOCK_SIZE);
+ container_in_new = (*func_realloc) (NULL, block_size);
if (! container_in_new)
err = gpg_error_from_errno (errno);
}
if (! err)
{
- container_out_new = malloc (BUFFER_BLOCK_SIZE);
+ container_out_new = (*func_realloc) (NULL, block_size);
if (! container_out_new)
err = gpg_error_from_errno (errno);
}
@@ -387,14 +416,17 @@ buffer_create (buffer_t *buffer,
if (! err)
{
buffer_new->handle = handle;
+ buffer_new->conspec.func_realloc = func_realloc;
+ buffer_new->conspec.func_free = func_free;
+ buffer_new->conspec.block_size = block_size;
buffer_new->flags = 0;
buffer_new->functions = functions;
buffer_new->buffer_in.container = container_in_new;
- buffer_new->buffer_in.container_size = BUFFER_BLOCK_SIZE;
+ buffer_new->buffer_in.container_size = block_size;
buffer_new->buffer_in.data_size = 0;
buffer_new->buffer_in.data_offset = 0;
buffer_new->buffer_out.container = container_out_new;
- buffer_new->buffer_out.container_size = BUFFER_BLOCK_SIZE;
+ buffer_new->buffer_out.container_size = block_size;
buffer_new->buffer_out.data_size = 0;
buffer_new->buffer_out.data_offset = 0;
buffer_new->buffer_out.data_flushed = 0;
@@ -422,8 +454,8 @@ buffer_destroy (buffer_t buffer)
if (buffer)
{
err = buffer_flush_do (buffer);
- free (buffer->buffer_in.container);
- free (buffer->buffer_out.container);
+ (*buffer->conspec.func_free) (buffer->buffer_in.container);
+ (*buffer->conspec.func_free) (buffer->buffer_out.container);
free (buffer);
}
@@ -453,6 +485,19 @@ buffer_stat (buffer_t buffer,
return err;
}
+gpg_error_t
+buffer_conspec_get (buffer_t buffer,
+ buffer_conspec_t *buffer_conspec)
+{
+ gpg_error_t err = GPG_ERR_NO_ERROR;
+
+ buffer_conspec->block_size = buffer->conspec.block_size;
+ buffer_conspec->func_realloc = buffer->conspec.func_realloc;
+ buffer_conspec->func_free = buffer->conspec.func_free;
+
+ return err;
+}
+
/* Stream layer. */
@@ -486,18 +531,16 @@ struct gpg_stream
/* Implementation of Memory I/O. */
-typedef void *(*mem_func_realloc_t) (void *mem, size_t size);
-typedef void (*mem_func_free_t) (void *mem);
-
typedef struct gpg_stream_handle_mem
{
char *memory; /* Data. */
size_t memory_size; /* Size of MEMORY. */
size_t data_size; /* Size of data in MEMORY. */
+ size_t block_size; /* Block size. */
unsigned int grow: 1; /* MEMORY is allowed to grow. */
size_t offset; /* Current offset in MEMORY. */
- mem_func_realloc_t func_realloc;
- mem_func_free_t func_free;
+ func_realloc_t func_realloc;
+ func_free_t func_free;
} *gpg_stream_handle_mem_t;
static gpg_error_t
@@ -517,6 +560,8 @@ gpg_stream_func_mem_create (void **handle,
mem_handle->memory = mem_spec ? mem_spec->memory : 0;
mem_handle->memory_size = mem_spec ? mem_spec->memory_size : 0;
mem_handle->data_size = 0;
+ mem_handle->block_size = ((mem_spec && mem_spec->block_size)
+ ? mem_spec->block_size : BUFFER_BLOCK_SIZE);
mem_handle->grow = mem_spec ? mem_spec->grow : 1;
mem_handle->offset = 0;
mem_handle->func_realloc = ((mem_spec && mem_spec->func_realloc)
@@ -567,14 +612,17 @@ gpg_stream_func_mem_write (void *handle,
{
memory_new = (*mem_handle->func_realloc)
(mem_handle->memory,
- mem_handle->memory_size + BUFFER_BLOCK_SIZE);
+ mem_handle->memory_size + mem_handle->block_size);
if (! memory_new)
- err = gpg_error_from_errno (errno);
+ {
+ err = gpg_error_from_errno (errno);
+ break;
+ }
else
{
if (mem_handle->memory != memory_new)
mem_handle->memory = memory_new;
- mem_handle->memory_size += BUFFER_BLOCK_SIZE;
+ mem_handle->memory_size += mem_handle->block_size;
}
}
@@ -882,12 +930,21 @@ gpg_stream_functions_t gpg_stream_functions_file =
static gpg_error_t
gpg_stream_create_do (gpg_stream_t *stream,
+ gpg_stream_buffer_spec_t *buffer_spec,
void *spec,
unsigned int flags,
gpg_stream_functions_t functions)
{
+ buffer_conspec_t conspec = { NULL };
gpg_error_t err = GPG_ERR_NO_ERROR;
+ if (buffer_spec)
+ {
+ conspec.func_realloc = buffer_spec->func_realloc;
+ conspec.func_free = buffer_spec->func_free;
+ conspec.block_size = buffer_spec->block_size;
+ }
+
if (! (1
&& (0
|| ((flags & GPG_STREAM_FLAG_READ) && functions.func_read)
@@ -912,7 +969,8 @@ gpg_stream_create_do (gpg_stream_t *stream,
err = (*functions.func_create) (&handle, spec, flags);
if (! err)
- err = buffer_create (&buffer, handle, buffer_fncs);
+ err = buffer_create (&buffer, buffer_spec ? &conspec : NULL,
+ handle, buffer_fncs);
if (! err)
{
@@ -936,13 +994,14 @@ gpg_stream_create_do (gpg_stream_t *stream,
gpg_error_t
gpg_stream_create (gpg_stream_t *stream,
+ gpg_stream_buffer_spec_t *buffer_spec,
void *spec,
unsigned int flags,
gpg_stream_functions_t functions)
{
gpg_error_t err = GPG_ERR_NO_ERROR;
- err = gpg_stream_create_do (stream, spec, flags, functions);
+ err = gpg_stream_create_do (stream, buffer_spec, spec, flags, functions);
return err;
}
@@ -955,7 +1014,7 @@ gpg_stream_create_file (gpg_stream_t *stream,
gpg_stream_spec_file_t spec = { filename, GPG_STREAM_FILE_PERMISSIONS };
gpg_error_t err = GPG_ERR_NO_ERROR;
- err = gpg_stream_create_do (stream, &spec, flags, gpg_stream_functions_file);
+ err = gpg_stream_create_do (stream, NULL, &spec, flags, gpg_stream_functions_file);
return err;
}
@@ -968,7 +1027,7 @@ gpg_stream_create_fd (gpg_stream_t *stream,
gpg_stream_spec_fd_t spec = { fd };
gpg_error_t err = GPG_ERR_NO_ERROR;
- err = gpg_stream_create_do (stream, &spec, flags, gpg_stream_functions_fd);
+ err = gpg_stream_create_do (stream, NULL, &spec, flags, gpg_stream_functions_fd);
return err;
}
@@ -1065,6 +1124,7 @@ gpg_stream_read_line_do (gpg_stream_t stream,
buffer_functions_t buffer_fncs_mem = { gpg_stream_func_mem_read,
gpg_stream_func_mem_write,
gpg_stream_func_mem_seek };
+ buffer_conspec_t buffer_conspec = { NULL };
void *handle = NULL;
char *line_new = NULL;
buffer_t line_buffer = NULL;
@@ -1073,9 +1133,11 @@ gpg_stream_read_line_do (gpg_stream_t stream,
char *data = NULL;
size_t line_size = 0;
+ buffer_conspec_get (stream->buffer, &buffer_conspec);
+
err = gpg_stream_func_mem_create (&handle, NULL, 0);
if (! err)
- err = buffer_create (&line_buffer, handle, buffer_fncs_mem);
+ err = buffer_create (&line_buffer, &buffer_conspec, handle, buffer_fncs_mem);
if (! err)
do
{
diff --git a/agent/gpg-stream.h b/agent/gpg-stream.h
index 464d9ea9b..3bea06dbc 100644
--- a/agent/gpg-stream.h
+++ b/agent/gpg-stream.h
@@ -62,6 +62,17 @@ typedef struct gpg_stream_functions
gpg_stream_func_destroy_t func_destroy;
} gpg_stream_functions_t;
+typedef void *(*gpg_stream_func_realloc_t) (void *mem, size_t size);
+typedef void (*gpg_stream_func_free_t) (void *mem);
+
+typedef struct gpg_stream_buffer_spec
+{
+ size_t block_size;
+ gpg_stream_func_realloc_t func_realloc;
+ gpg_stream_func_free_t func_free;
+} gpg_stream_buffer_spec_t;
+
+
#define GPG_STREAM_FLAG_READ (1 << 0)
#define GPG_STREAM_FLAG_WRITE (1 << 1)
#define GPG_STREAM_FLAG_EXCLUSIVE (1 << 2)
@@ -72,6 +83,7 @@ typedef struct gpg_stream_functions
#define GPG_STREAM_FLAG_BINARY (1 << 7)
gpg_error_t gpg_stream_create (gpg_stream_t *stream,
+ gpg_stream_buffer_spec_t *buffer_spec,
void *spec,
unsigned int flags,
gpg_stream_functions_t functions);
@@ -129,6 +141,7 @@ typedef struct gpg_stream_spec_mem
char *memory;
size_t memory_size;
unsigned int grow: 1;
+ size_t block_size;
void *(*func_realloc) (void *mem, size_t size);
void (*func_free) (void *mem);
} gpg_stream_spec_mem_t;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 20:58:10 +0000