diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-10 09:44:41 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-10 09:44:41 +0900 |
| commit | f98ca6aa34ccdbbaf94f93ae30beafe400303c97 (patch) | |
| tree | 1e4c6b251a57545c5e3b06425332a23d72de255d | |
| parent | 90f41a1898e421c04080d35d7fea98ee18e74865 (diff) | |
| download | libgcrypt-f98ca6aa34ccdbbaf94f93ae30beafe400303c97.tar.gz | |
Remove the built-in memory guard support.
* configure.ac (--enable-m-guard): Remove.
* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED for
GCRYCTL_ENABLE_M_GUARD.
* src/stdmem.c (use_m_guard, _gcry_private_enable_m_guard): Remove.
(_gcry_private_malloc): Remove the code path with use_m_guard==1.
(_gcry_private_malloc_secure): Likewise.
(_gcry_private_realloc, _gcry_private_free): Likewise.
(_gcry_private_check_heap): Remove.
* src/stdmem.h: Remove declarations for memory guard functions.
--
GnuPG-bug-id: T5822
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | configure.ac | 13 | ||||
| -rw-r--r-- | doc/gcrypt.texi | 8 | ||||
| -rw-r--r-- | src/global.c | 4 | ||||
| -rw-r--r-- | src/stdmem.c | 123 | ||||
| -rw-r--r-- | src/stdmem.h | 3 |
7 files changed, 12 insertions, 149 deletions
@@ -1,6 +1,10 @@ Noteworthy changes in version 1.11.0 (unreleased) [C25/A5/R0] ------------------------------------------------- + * Other features: + + - The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not + supported any more. Please use valgrind or other tools. Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0] @@ -90,12 +90,6 @@ With this option a "make check" will take really long due to extra checks for the hash algorithms. - --enable-m-guard - Enable the integrated malloc checking code. Please - note that this feature does not work on all CPUs - (e.g. SunOS 5.7 on UltraSparc-2) and might give - you a bus error. - --disable-asm Do not use assembler modules. It is not possible to use this on some CPU types. diff --git a/configure.ac b/configure.ac index 0667484e..a9350c9c 100644 --- a/configure.ac +++ b/configure.ac @@ -363,8 +363,6 @@ AC_CHECK_SIZEOF(unsigned long, 4) AC_CHECK_SIZEOF(unsigned long long, 0) AC_CHECK_SIZEOF(void *, 0) -AC_CHECK_ALIGNOF(long double) - AC_TYPE_UINTPTR_T if test "$ac_cv_sizeof_unsigned_short" = "0" \ @@ -539,17 +537,6 @@ if test "$try_asm_modules" != yes ; then AC_DEFINE(ASM_DISABLED,1,[Defined if --disable-asm was used to configure]) fi -# Implementation of the --enable-m-guard switch. -AC_MSG_CHECKING([whether memory guard is requested]) -AC_ARG_ENABLE(m-guard, - AS_HELP_STRING([--enable-m-guard], - [Enable memory guard facility]), - [use_m_guard=$enableval], [use_m_guard=no]) -AC_MSG_RESULT($use_m_guard) -if test "$use_m_guard" = yes ; then - AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) -fi - # Implementation of the --enable-large-data-tests switch. AC_MSG_CHECKING([whether to run large data tests]) AC_ARG_ENABLE(large-data-tests, diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 92eb5024..25d2f951 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -652,12 +652,8 @@ arguments can or have to be provided. @table @code @item GCRYCTL_ENABLE_M_GUARD; Arguments: none -This command enables the built-in memory guard. It must not be used -to activate the memory guard after the memory management has already -been used; therefore it can ONLY be used before -@code{gcry_check_version}. Note that the memory guard is NOT used -when the user of the library has set his own memory management -callbacks. +This command was to enable the built-in memory guard, but not supported +any more. @item GCRYCTL_ENABLE_QUICK_RANDOM; Arguments: none This command inhibits the use the very secure random quality level diff --git a/src/global.c b/src/global.c index 7cf40e4a..956043c4 100644 --- a/src/global.c +++ b/src/global.c @@ -523,7 +523,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) switch (cmd) { case GCRYCTL_ENABLE_M_GUARD: - _gcry_private_enable_m_guard (); + rc = GPG_ERR_NOT_SUPPORTED; break; case GCRYCTL_ENABLE_QUICK_RANDOM: @@ -1043,8 +1043,6 @@ _gcry_check_heap( const void *a ) #if 0 if( some_handler ) some_handler(a) - else - _gcry_private_check_heap(a) #endif } diff --git a/src/stdmem.c b/src/stdmem.c index f657ddcc..d0ebef0c 100644 --- a/src/stdmem.c +++ b/src/stdmem.c @@ -57,32 +57,6 @@ -#define MAGIC_NOR_BYTE 0x55 -#define MAGIC_SEC_BYTE 0xcc -#define MAGIC_END_BYTE 0xaa - -#ifdef ALIGNOF_LONG_DOUBLE -#define EXTRA_ALIGN (ALIGNOF_LONG_DOUBLE-4) -#elif SIZEOF_UNSIGNED_LONG == 8 -#define EXTRA_ALIGN 4 -#else -#define EXTRA_ALIGN 0 -#endif - - -static int use_m_guard = 0; - -/**************** - * Warning: Never use this function after any of the functions - * here have been used. - */ -void -_gcry_private_enable_m_guard (void) -{ - use_m_guard = 1; -} - - /* * Allocate memory of size n. * Return NULL if we are out of memory. @@ -97,23 +71,7 @@ _gcry_private_malloc (size_t n) an error to detect such coding errors. */ } - if (use_m_guard) - { - char *p; - - if ( !(p = malloc (n + EXTRA_ALIGN+5)) ) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; - } - else - { - return malloc( n ); - } + return malloc( n ); } @@ -132,23 +90,7 @@ _gcry_private_malloc_secure (size_t n, int xhint) error to detect such coding errors. */ } - if (use_m_guard) - { - char *p; - - if (!(p = _gcry_secmem_malloc (n + EXTRA_ALIGN + 5, xhint))) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; - } - else - { - return _gcry_secmem_malloc (n, xhint); - } + return _gcry_secmem_malloc (n, xhint); } @@ -160,33 +102,7 @@ _gcry_private_malloc_secure (size_t n, int xhint) void * _gcry_private_realloc (void *a, size_t n, int xhint) { - if (use_m_guard) - { - unsigned char *p = a; - char *b; - size_t len; - - if (!a) - return _gcry_private_malloc(n); - - _gcry_private_check_heap(p); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if( len >= n ) /* We don't shrink for now. */ - return a; - if (p[-1] == MAGIC_SEC_BYTE) - b = _gcry_private_malloc_secure (n, xhint); - else - b = _gcry_private_malloc(n); - if (!b) - return NULL; - memcpy (b, a, len); - memset (b+len, 0, n-len); - _gcry_private_free (p); - return b; - } - else if ( _gcry_private_is_secure(a) ) + if ( _gcry_private_is_secure(a) ) { return _gcry_secmem_realloc (a, n, xhint); } @@ -197,28 +113,6 @@ _gcry_private_realloc (void *a, size_t n, int xhint) } -void -_gcry_private_check_heap (const void *a) -{ - if (use_m_guard) - { - const byte *p = a; - size_t len; - - if (!p) - return; - - if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) ) - _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if ( p[len] != MAGIC_END_BYTE ) - _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]); - } -} - - /* * Free a memory block allocated by this or the secmem module */ @@ -230,15 +124,8 @@ _gcry_private_free (void *a) if (!p) return; - if (use_m_guard) - { - _gcry_private_check_heap (p); - freep = p - EXTRA_ALIGN - 4; - } - else - { - freep = p; - } + + freep = p; if (!_gcry_private_is_secure (freep) || !_gcry_secmem_free (freep)) diff --git a/src/stdmem.h b/src/stdmem.h index c52aab54..ba885005 100644 --- a/src/stdmem.h +++ b/src/stdmem.h @@ -21,12 +21,9 @@ #ifndef G10_STDMEM_H #define G10_STDMEM_H 1 -void _gcry_private_enable_m_guard(void); - void *_gcry_private_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC; void *_gcry_private_malloc_secure (size_t n, int xhint) _GCRY_GCC_ATTR_MALLOC; void *_gcry_private_realloc (void *a, size_t n, int xhint); -void _gcry_private_check_heap (const void *a); void _gcry_private_free (void *a); #endif /* G10_STDMEM_H */ |