GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1420c3bd68
gpgme/src/data.h
Werner Koch 085cdeddef
core: Blank out the plaintext after decryption failure. 
* src/data.h (data_prop_t): New enum.
(struct gpgme_data): Add field propidx.
* src/data.c (property_t): New.
(property_table, property_table_size, property_table_lock): New.
(insert_into_property_table): New.
(remove_from_property_table): New.
(_gpgme_data_get_dserial): New.
(_gpgme_data_set_prop): New.
(_gpgme_data_get_prop): New.
(_gpgme_data_new): Connect new object to property_table.
(_gpgme_data_release): Remove from property_table.
(gpgme_data_read): With DATA_PROP_BLANKOUT set don't fill the buffer.
* src/data-mem.c (gpgme_data_release_and_get_mem): Likewise.
* src/decrypt.c (struct op_data): Add field plaintext_dserial.
(_gpgme_op_decrypt_init_result): Add arg plaintext and init new field.
(_gpgme_decrypt_status_handler): Set DATA_PROP_BLANKOUT on decryption
failure.
(_gpgme_decrypt_start): Pass PLAIN to the init function.
* src/decrypt-verify.c (decrypt_verify_start): Ditto.
* configure.ac: Check for stdint.h and bail out if uint64_t is not
available.
--

This is a best effort feature to not output plaintext after a
decryption failure (e.g. due to no or broken authenticated
encryption).  It always work when using a memory object and reading it
after the decryption but it can't work reliable when the user is
reading from the data object while the decryption process is still
running.

This is quite a large change because the data objects and the context
objects are allowed to be owned by different threads.  Thus a
synchronization is needed and we do this with a global table of all
data objects to which the context objects can do soft-linking via a
unique data object serial number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 17:39:09 +02:00

171 lines
4.7 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* data.h - Internal data object abstraction interface.
Copyright (C) 2002, 2004, 2005 g10 Code GmbH
This file is part of GPGME.
GPGME is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
GPGME is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA. */
#ifndef DATA_H
#define DATA_H
#if HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#include <limits.h>
#include <stdint.h>
#include "gpgme.h"
/* Read up to SIZE bytes into buffer BUFFER from the data object with
the handle DH. Return the number of characters read, 0 on EOF and
-1 on error. If an error occurs, errno is set. */
typedef gpgme_ssize_t (*gpgme_data_read_cb) (gpgme_data_t dh,
void *buffer,
size_t size);
/* Write up to SIZE bytes from buffer BUFFER to the data object with
the handle DH. Return the number of characters written, or -1 on
error. If an error occurs, errno is set. */
typedef gpgme_ssize_t (*gpgme_data_write_cb) (gpgme_data_t dh,
const void *buffer,
size_t size);
/* Set the current position from where the next read or write starts
in the data object with the handle DH to OFFSET, relativ to
WHENCE. */
typedef gpgme_off_t (*gpgme_data_seek_cb) (gpgme_data_t dh,
gpgme_off_t offset,
int whence);
/* Release the data object with the handle DH. */
typedef void (*gpgme_data_release_cb) (gpgme_data_t dh);
/* Get the FD associated with the handle DH, or -1. */
typedef int (*gpgme_data_get_fd_cb) (gpgme_data_t dh);
struct _gpgme_data_cbs
{
gpgme_data_read_cb read;
gpgme_data_write_cb write;
gpgme_data_seek_cb seek;
gpgme_data_release_cb release;
gpgme_data_get_fd_cb get_fd;
};
struct gpgme_data
{
struct _gpgme_data_cbs *cbs;
gpgme_data_encoding_t encoding;
unsigned int propidx; /* Index into the property table. */
#ifdef PIPE_BUF
#define BUFFER_SIZE PIPE_BUF
#else
#ifdef _POSIX_PIPE_BUF
#define BUFFER_SIZE _POSIX_PIPE_BUF
#else
#define BUFFER_SIZE 512
#endif
#endif
char pending[BUFFER_SIZE];
int pending_len;
/* File name of the data object. */
char *file_name;
/* Hint on the to be expected total size of the data. */
gpgme_off_t size_hint;
union
{
/* For gpgme_data_new_from_fd. */
int fd;
/* For gpgme_data_new_from_stream. */
FILE *stream;
/* For gpgme_data_new_from_estream. */
gpgrt_stream_t e_stream;
/* For gpgme_data_new_from_cbs. */
struct
{
gpgme_data_cbs_t cbs;
void *handle;
} user;
/* For gpgme_data_new_from_mem. */
struct
{
char *buffer;
const char *orig_buffer;
/* Allocated size of BUFFER. */
size_t size;
size_t length;
gpgme_off_t offset;
} mem;
/* For gpgme_data_new_from_read_cb. */
struct
{
int (*cb) (void *, char *, size_t, size_t *);
void *handle;
} old_user;
} data;
};
/* The data property types. */
typedef enum
{
DATA_PROP_NONE = 0, /* Dummy property. */
DATA_PROP_BLANKOUT /* Do not return the held data. */
} data_prop_t;
/* Return the data object's serial number for handle DH. */
uint64_t _gpgme_data_get_dserial (gpgme_data_t dh);
/* Set an internal property of a data object. */
gpg_error_t _gpgme_data_set_prop (gpgme_data_t dh, uint64_t dserial,
data_prop_t name, int value);
/* Get an internal property of a data object. */
gpg_error_t _gpgme_data_get_prop (gpgme_data_t dh, uint64_t dserial,
data_prop_t name, int *r_value);
/* Create a new data object. */
gpgme_error_t _gpgme_data_new (gpgme_data_t *r_dh,
struct _gpgme_data_cbs *cbs);
void _gpgme_data_release (gpgme_data_t dh);
/* Get the file descriptor associated with DH, if possible. Otherwise
return -1. */
int _gpgme_data_get_fd (gpgme_data_t dh);
/* Get the size-hint value for DH or 0 if not available. */
gpgme_off_t _gpgme_data_get_size_hint (gpgme_data_t dh);
#endif /* DATA_H */
Reference in New Issue View Git Blame Copy Permalink