"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/crypto_backend/crypto_gcrypt.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

crypto_gcrypt.c  (cryptsetup-2.3.6.tar.xz):crypto_gcrypt.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 109 skipping to change at line 109
int r; int r;
if (crypto_backend_initialised) if (crypto_backend_initialised)
return 0; return 0;
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
if (!gcry_check_version (GCRYPT_REQ_VERSION)) { if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
return -ENOSYS; return -ENOSYS;
} }
/* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities, /* If gcrypt compiled to support POSIX 1003.1e capabilities,
* it drops all privileges during secure memory initialisation. * it drops all privileges during secure memory initialisation.
* For now, the only workaround is to disable secure memory in gcrypt. * For now, the only workaround is to disable secure memory in gcrypt.
* cryptsetup always need at least cap_sys_admin privilege for dm-ioctl * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
* and it locks its memory space anyway. * and it locks its memory space anyway.
*/ */
#if 0 #if 0
gcry_control (GCRYCTL_DISABLE_SECMEM); gcry_control (GCRYCTL_DISABLE_SECMEM);
crypto_backend_secmem = 0; crypto_backend_secmem = 0;
#else #else
skipping to change at line 350 skipping to change at line 350
} }
void crypt_hmac_destroy(struct crypt_hmac *ctx) void crypt_hmac_destroy(struct crypt_hmac *ctx)
{ {
gcry_md_close(ctx->hd); gcry_md_close(ctx->hd);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
free(ctx); free(ctx);
} }
/* RNG */ /* RNG */
int crypt_backend_rng(char *buffer, size_t length, int quality, int fips) int crypt_backend_rng(char *buffer, size_t length, int quality, int fips __attri bute__((unused)))
{ {
switch(quality) { switch(quality) {
case CRYPT_RND_NORMAL: case CRYPT_RND_NORMAL:
gcry_randomize(buffer, length, GCRY_STRONG_RANDOM); gcry_randomize(buffer, length, GCRY_STRONG_RANDOM);
break; break;
case CRYPT_RND_SALT: case CRYPT_RND_SALT:
case CRYPT_RND_KEY: case CRYPT_RND_KEY:
default: default:
gcry_randomize(buffer, length, GCRY_VERY_STRONG_RANDOM); gcry_randomize(buffer, length, GCRY_VERY_STRONG_RANDOM);
break; break;
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)