From giga at le-pec.org Fri Nov 4 01:01:18 2005 From: giga at le-pec.org (Jean-Philippe Garcia Ballester) Date: Fri Nov 4 02:55:45 2005 Subject: memory leak Message-ID: <20051104000118.GA9197@le-pec.org> There is a memory leak due to gcry_check_version. Is this a known issue? Will this be fixed in the future? Could this be fixed using a __attribute__((destructor)) function? -- Jean-Philippe Garcia Ballester -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051104/c279b930/attachment.pgp From linux at paip.net Fri Nov 4 03:55:59 2005 From: linux at paip.net (Ian Goldberg) Date: Fri Nov 4 03:57:35 2005 Subject: globals in global.c Message-ID: <20051104025559.GA898@smtp.paip.net> So we've run into an interesting problem. gaim can load plugins (.so files). Two of those plugins, ssl-gnutls.so and gaim-otr.so, use libgcrypt. They each call gcry_set_allocation_handler(). [You can see where this is going.] Of course, only the last one "wins", and both plugins are now using the last one's allocation handlers. But worse, at quitting time, if the plugin that "won" is unloaded first, the global free_func and friends now point to addresses *no longer in memory*. The other plugin still has its cleanup to do, and calls functions in libgcrypt, causing a crash. Any idea how one might work around this problem? I suppose linking libgcrypt *staticly* into the plugin .so might work, at the expense of, well, the static linking. Thanks, - Ian From wk at gnupg.org Fri Nov 4 09:13:21 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Nov 4 09:16:51 2005 Subject: memory leak In-Reply-To: <20051104000118.GA9197@le-pec.org> (Jean-Philippe Garcia Ballester's message of "Fri, 4 Nov 2005 01:01:18 +0100") References: <20051104000118.GA9197@le-pec.org> Message-ID: <87mzkkg7a6.fsf@wheatstone.g10code.de> On Fri, 4 Nov 2005 01:01:18 +0100, Jean-Philippe Garcia Ballester said: > There is a memory leak due to gcry_check_version. > Is this a known issue? Please explain. During initialization which gets triggered by gcry_check_version a few one-time allocations are done. This should not happen for the second call to gcry_check_version. Salam-Shalom, Werner From mats.rojestal at bredband.net Fri Nov 18 22:24:38 2005 From: mats.rojestal at bredband.net (Mats Rojestal) Date: Fri Nov 18 23:55:43 2005 Subject: Solaris build problem for gcrypt 1.2.1 and 1.2.2 Message-ID: <437E4696.2030206@bredband.net> Hi, I get this problem when trying to build libgcrypt on solaris 9 and 10 --------------- /bin/bash ../libtool --tag=CC --mode=link gcc -I/usr/local/include -g -O2 -Wall -o ac ac.o ../src/libgcrypt.la -lnsl -lsocket gcc -I/usr/local/include -g -O2 -Wall -o .libs/ac ac.o ../src/.libs/libgcrypt.so -L/usr/local/lib /usr/local/lib/libgpg-error.so -lnsl -lsocket -R/usr/local/lib Undefined first referenced symbol in file gcry_ac_data_verify ac.o gcry_ac_open ac.o gcry_ac_key_init ac.o ... ---------------- This is problem is from all objects in cipher not properly linked to libgcrypt and file cipher/libcipher.la contain no information for libtool for correct linking. The only way to get this to work seems to edit src/Makefile and add missing objects for proper linking. This is a non portable and an ugly however this bilds libgcrypt properly for me. Hope somone kan find a fix for this. Regards, Mats R?jest?l --- src/Makefile Fri Nov 18 21:52:45 2005 +++ src/Makefile.new Fri Nov 18 22:04:29 2005 @@ -86,6 +86,19 @@ libgcrypt_la-secmem.lo libgcrypt_la-missing-string.lo \ libgcrypt_la-module.lo libgcrypt_la-ath.lo libgcrypt_la_OBJECTS = $(am_libgcrypt_la_OBJECTS) +libcipher_OBJECTS = ../cipher/.libs/ac.o ../cipher/.libs/cipher.o \ + ../cipher/.libs/elgamal.o ../cipher/.libs/md4.o \ + ../cipher/.libs/random.o ../cipher/.libs/rndlinux.o \ + ../cipher/.libs/sha256.o ../cipher/.libs/arcfour.o \ + ../cipher/.libs/crc.o ../cipher/.libs/md5.o \ + ../cipher/.libs/rfc2268.o ../cipher/.libs/rsa.o \ + ../cipher/.libs/sha512.o ../cipher/.libs/blowfish.o \ + ../cipher/.libs/des.o ../cipher/.libs/primegen.o \ + ../cipher/.libs/rijndael.o ../cipher/.libs/serpent.o \ + ../cipher/.libs/tiger.o ../cipher/.libs/cast5.o \ + ../cipher/.libs/dsa.o ../cipher/.libs/md.o ../cipher/.libs/pubkey.o \ + ../cipher/.libs/rmd160.o ../cipher/.libs/sha1.o \ + ../cipher/.libs/twofish.o binSCRIPT_INSTALL = $(INSTALL_SCRIPT) SCRIPTS = $(bin_SCRIPTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) @@ -259,7 +272,7 @@ libgcrypt_la_DEPENDENCIES = ../cipher/libcipher.la ../mpi/libmpi.la \ $(srcdir)/libgcrypt.vers -libgcrypt_la_LIBADD = ../cipher/libcipher.la ../mpi/libmpi.la \ +libgcrypt_la_LIBADD = $(libcipher_OBJECTS) ../mpi/libmpi.la \ -L/usr/local/lib -lgpg-error all: all-am From eduardo.espejo at t-empresas.com.pe Sat Nov 19 00:08:30 2005 From: eduardo.espejo at t-empresas.com.pe (Eduardo Espejo Gavilano) Date: Sat Nov 19 01:55:46 2005 Subject: Solaris build problem for gcrypt 1.2.1 and 1.2.2 In-Reply-To: <437E4696.2030206@bredband.net> Message-ID: I'm not sure that it is an option but using the GNU ld works for me... Regards, Eduardo Espejo gcrypt-devel-bounces@gnupg.org escribi? el 18/11/2005 04:24:38 p.m.: > Hi, > > I get this problem when trying to build libgcrypt on solaris 9 and 10 > > --------------- > /bin/bash ../libtool --tag=CC --mode=link gcc -I/usr/local/include - > g -O2 -Wall > -o ac ac.o ../src/libgcrypt.la -lnsl -lsocket > gcc -I/usr/local/include -g -O2 -Wall -o .libs/ac ac.o > ../src/.libs/libgcrypt.so -L/usr/local/lib /usr/local/lib/libgpg- > error.so -lnsl > -lsocket -R/usr/local/lib > Undefined first referenced > symbol in file > gcry_ac_data_verify ac.o > gcry_ac_open ac.o > gcry_ac_key_init ac.o > ... > > ---------------- > > This is problem is from all objects in cipher not properly linked > to libgcrypt > and file cipher/libcipher.la contain no information for libtool for > correct linking. > The only way to get this to work seems to edit src/Makefile and add missing > objects for proper linking. This is a non portable and an ugly however this > bilds libgcrypt properly for me. Hope somone kan find a fix for this. > > Regards, > > Mats R?jest?l > > > --- src/Makefile Fri Nov 18 21:52:45 2005 > +++ src/Makefile.new Fri Nov 18 22:04:29 2005 > @@ -86,6 +86,19 @@ > libgcrypt_la-secmem.lo libgcrypt_la-missing-string.lo \ > libgcrypt_la-module.lo libgcrypt_la-ath.lo > libgcrypt_la_OBJECTS = $(am_libgcrypt_la_OBJECTS) > +libcipher_OBJECTS = ../cipher/.libs/ac.o ../cipher/.libs/cipher.o \ > + ../cipher/.libs/elgamal.o ../cipher/.libs/md4.o \ > + ../cipher/.libs/random.o ../cipher/.libs/rndlinux.o \ > + ../cipher/.libs/sha256.o ../cipher/.libs/arcfour.o \ > + ../cipher/.libs/crc.o ../cipher/.libs/md5.o \ > + ../cipher/.libs/rfc2268.o ../cipher/.libs/rsa.o \ > + ../cipher/.libs/sha512.o ../cipher/.libs/blowfish.o \ > + ../cipher/.libs/des.o ../cipher/.libs/primegen.o \ > + ../cipher/.libs/rijndael.o ../cipher/.libs/serpent.o \ > + ../cipher/.libs/tiger.o ../cipher/.libs/cast5.o \ > + ../cipher/.libs/dsa.o ../cipher/.libs/md.o ../cipher/.libs/pubkey.o \ > + ../cipher/.libs/rmd160.o ../cipher/.libs/sha1.o \ > + ../cipher/.libs/twofish.o > binSCRIPT_INSTALL = $(INSTALL_SCRIPT) > SCRIPTS = $(bin_SCRIPTS) > DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) > @@ -259,7 +272,7 @@ > libgcrypt_la_DEPENDENCIES = ../cipher/libcipher.la ../mpi/libmpi.la \ > $(srcdir)/libgcrypt.vers > > -libgcrypt_la_LIBADD = ../cipher/libcipher.la ../mpi/libmpi.la \ > +libgcrypt_la_LIBADD = $(libcipher_OBJECTS) ../mpi/libmpi.la \ > -L/usr/local/lib -lgpg-error > > all: all-am > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel From gcrypt at dstoecker.de Wed Nov 30 15:16:48 2005 From: gcrypt at dstoecker.de (Dirk Stoecker) Date: Wed Nov 30 15:16:45 2005 Subject: libgcrypt and memoryloss Message-ID: Hello, I last time tried to convince you to implement the memory patch I developed into the library. I did not succeed for following reasons: a) The patch was incomplete: --> I rechecked the complete SVN and fixed all memory stuff. The patch still remains valid unchanged. No additions for other parts of the library are needed (according to example code). b) There should be no useless code, which makes the library vulnerable. --> The patch are altogether 40 lines of active code, where only 16 of them do real work, the others are only function overhead to keep a clean interface. And they are in no way useless. Below are the important parts of the patch. c) The examples don't use it. --> Well, now I added all the files in tests to the patch. Each of these also calls FINALIZE before leaving main. All of these are 100% memory-loss free. The main work was to fix multiple memory losses in the example code as well as one in the library itself (cipher/ac.c). So to get a final note: The examples for libgcrypt and the base library have a memory loss problem. Without handling the one-time-allocations first it has been nearly impossible to track this down and fix them (as nobody did till now). With the fix applied there are no memory memory loss problems which are covered by the example programs. The fix itself does not change the library interface at all, but only adds the already planned possibility to make a finalize call. I will release the attached patch on my website, as due the LGPL conditions I am required to do so. I myself no longer use the dynamic library, but a largely stripped link library. Nevertheless I would prefer the patch included in main distribution, so I need not release the patch. Are there still any reasons to NOT apply the patch? Below the relevant parts of the patch, which probably nobody of you ever had a look on. It has NOTHING to do with dll unloading or anything like that which was used during argumentation from your side. src/global.c +static void +global_finalize (void) +{ + _gcry_pk_finalize(); + _gcry_md_finalize(); + _gcry_cipher_finalize(); +// ath_finalize(); + _gcry_random_finalize(); + any_init_done = 0; +} -- + case GCRYCTL_FINALIZE: + global_finalize(); + break; src/g10lib.h +void _gcry_cipher_finalize(void); +void _gcry_md_finalize(void); +void _gcry_pk_finalize(void); cipher/pubkey.c +void +_gcry_pk_finalize(void) +{ + if(default_pubkeys_registered) + { + ath_mutex_lock(&pubkeys_registered_lock); + while(pubkeys_registered) + { + _gcry_module_release(pubkeys_registered); + } + default_pubkeys_registered = 0; + ath_mutex_unlock(&pubkeys_registered_lock); + } +} cipher/md.c +void +_gcry_md_finalize(void) +{ + if(default_digests_registered) + { + ath_mutex_lock(&digests_registered_lock); + while(digests_registered) + { + _gcry_module_release(digests_registered); + } + default_digests_registered = 0; + ath_mutex_unlock(&digests_registered_lock); + } +} cipher/cipher.c +void +_gcry_cipher_finalize(void) +{ + if(default_ciphers_registered) + { + ath_mutex_lock(&ciphers_registered_lock); + while(ciphers_registered) + { + _gcry_module_release(ciphers_registered); + } + default_ciphers_registered = 0; + ath_mutex_unlock(&ciphers_registered_lock); + } +} cipher/random.c +void +_gcry_random_finalize(void) +{ + if(is_initialized) + { + gcry_free(rndpool); + gcry_free(keypool); + is_initialized = 0; + } +} cipher/random.h +void _gcry_random_finalize(void); Ciao -- ____ _ _ ____ _ _ _ _ ____ | | | | | | \ / | | | the cool Gremlin from Bischofswerda | __ | ____| | \/ | | | WWW: http://www.dstoecker.de/ | | | | | | | | PGP key available on www page. |____| _|_ |____| _|_ _|_ |____| I hope AMIGA never stops making fun! -------------- next part -------------- Index: src/global.c =================================================================== --- src/global.c (Revision 1140) +++ src/global.c (Arbeitskopie) @@ -100,6 +100,17 @@ +static void +global_finalize (void) +{ + _gcry_pk_finalize(); + _gcry_md_finalize(); + _gcry_cipher_finalize(); +// ath_finalize(); + _gcry_random_finalize(); + any_init_done = 0; +} + /* Version number parsing. */ /* This function parses the first portion of the version number S and @@ -334,6 +345,10 @@ _gcry_fast_random_poll (); break; + case GCRYCTL_FINALIZE: + global_finalize(); + break; + default: err = GPG_ERR_INV_OP; } Index: src/gcrypt.h =================================================================== --- src/gcrypt.h (Revision 1140) +++ src/gcrypt.h (Arbeitskopie) @@ -1142,7 +1142,7 @@ typedef enum gcry_ac_em { GCRY_AC_EME_PKCS_V1_5, - GCRY_AC_EMSA_PKCS_V1_5, + GCRY_AC_EMSA_PKCS_V1_5 } gcry_ac_em_t; @@ -1150,7 +1150,7 @@ typedef enum gcry_ac_scheme { GCRY_AC_ES_PKCS_V1_5, - GCRY_AC_SSA_PKCS_V1_5, + GCRY_AC_SSA_PKCS_V1_5 } gcry_ac_scheme_t; Index: src/g10lib.h =================================================================== --- src/g10lib.h (Revision 1140) +++ src/g10lib.h (Arbeitskopie) @@ -233,6 +233,10 @@ gcry_err_code_t _gcry_pk_init (void); gcry_err_code_t _gcry_ac_init (void); +void _gcry_cipher_finalize(void); +void _gcry_md_finalize(void); +void _gcry_pk_finalize(void); + gcry_err_code_t _gcry_pk_module_lookup (int id, gcry_module_t *module); void _gcry_pk_module_release (gcry_module_t module); gcry_err_code_t _gcry_pk_get_elements (int algo, char **enc, char **sig); Index: tests/pubkey.c =================================================================== --- tests/pubkey.c (Revision 1140) +++ tests/pubkey.c (Arbeitskopie) @@ -90,6 +90,7 @@ /* Extract data from plaintext. */ l = gcry_sexp_find_token (plain0, "value", 0); x0 = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l); /* Encrypt data. */ rc = gcry_pk_encrypt (&cipher, plain0, pkey); @@ -131,6 +132,8 @@ /* Compare. */ if (gcry_mpi_cmp (x0, x1)) die ("data corrupted\n"); + gcry_mpi_release (x0); + gcry_mpi_release (x1); } static void @@ -164,6 +167,7 @@ check_keys_crypt (pkey, skey, plain); gcry_sexp_release (plain); + gcry_mpi_release(x); } static void @@ -251,5 +255,7 @@ for (; i > 0; i--) check_run (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/tsexp.c =================================================================== --- tests/tsexp.c (Revision 1140) +++ tests/tsexp.c (Arbeitskopie) @@ -64,6 +64,7 @@ { int pass; gcry_sexp_t sexp; + gcry_mpi_t mpi; int idx; char *secure_buffer; size_t secure_buffer_len; @@ -94,39 +95,46 @@ case 0: string = ("(public-key (dsa (p #41424344#) (y this_is_y) " "(q #61626364656667#) (g %m)))"); - - if ( gcry_sexp_build (&sexp, NULL, string, - gcry_mpi_set_ui (NULL, 42)) ) + mpi = gcry_mpi_set_ui (NULL, 42); + if ( gcry_sexp_build (&sexp, NULL, string, mpi) ) { + gcry_mpi_release(mpi); fail (" scanning `%s' failed\n", string); return; } + gcry_mpi_release(mpi); break; case 1: string = ("(public-key (dsa (p #41424344#) (y this_is_y) " "(q %b) (g %m)))"); + mpi = gcry_mpi_set_ui (NULL, 42); if ( gcry_sexp_build (&sexp, NULL, string, 15, "foo\0\x01\0x02789012345", - gcry_mpi_set_ui (NULL, 42)) ) + mpi) ) { + gcry_mpi_release(mpi); fail (" scanning `%s' failed\n", string); return; } + gcry_mpi_release(mpi); break; case 2: string = ("(public-key (dsa (p #41424344#) (y silly_y_value) " "(q %b) (g %m)))"); + mpi = gcry_mpi_set_ui (NULL, 17); if ( gcry_sexp_build (&sexp, NULL, string, secure_buffer_len, secure_buffer, - gcry_mpi_set_ui (NULL, 17)) ) + mpi) ) { + gcry_mpi_release(mpi); fail (" scanning `%s' failed\n", string); return; } + gcry_mpi_release(mpi); if (!gcry_is_secure (sexp)) fail ("gcry_sexp_build did not switch to secure memory\n"); break; @@ -148,62 +156,58 @@ s1 = gcry_sexp_find_token (sexp, token, strlen(token) ); if (!s1) + fail ("didn't found `%s'\n", token); + else { - fail ("didn't found `%s'\n", token); - continue; - } + p = gcry_sexp_nth_data (s1, 0, &n); + if (!p) + fail ("no car for `%s'\n", token); + else + { + info ("car=`%.*s'\n", (int)n, p); - p = gcry_sexp_nth_data (s1, 0, &n); - if (!p) - { - fail ("no car for `%s'\n", token); - continue; - } - info ("car=`%.*s'\n", (int)n, p); + s2 = gcry_sexp_cdr (s1); + if (!s2) + fail ("no cdr for `%s'\n", token); + else + { + p = gcry_sexp_nth_data (s2, 0, &n); + if (p) + fail ("data at car of `%s'\n", token); + else if (parm) + { + gcry_sexp_release (s2); + s2 = gcry_sexp_find_token (s1, parm, strlen (parm)); + if (!s2) + fail ("didn't found `%s'\n", parm); + else + { + p = gcry_sexp_nth_data (s2, 0, &n); + if (!p) + fail("no car for `%s'\n", parm ); + else + { + info ("car=`%.*s'\n", (int)n, p); + p = gcry_sexp_nth_data (s2, 1, &n); + if (!p) + fail("no cdr for `%s'\n", parm ); + else + { + info ("cdr=`%.*s'\n", (int)n, p); - s2 = gcry_sexp_cdr (s1); - if (!s2) - { - fail ("no cdr for `%s'\n", token); - continue; - } - - p = gcry_sexp_nth_data (s2, 0, &n); - if (p) - { - fail ("data at car of `%s'\n", token); - continue; - } - - if (parm) - { - s2 = gcry_sexp_find_token (s1, parm, strlen (parm)); - if (!s2) - { - fail ("didn't found `%s'\n", parm); - continue; + a = gcry_sexp_nth_mpi (s2, 0, GCRYMPI_FMT_USG); + if (!a) + fail("failed to cdr the mpi for `%s'\n", parm); + gcry_mpi_release (a); + } + } + } + } + } + if (s2) + gcry_sexp_release (s2); } - p = gcry_sexp_nth_data (s2, 0, &n); - if (!p) - { - fail("no car for `%s'\n", parm ); - continue; - } - info ("car=`%.*s'\n", (int)n, p); - p = gcry_sexp_nth_data (s2, 1, &n); - if (!p) - { - fail("no cdr for `%s'\n", parm ); - continue; - } - info ("cdr=`%.*s'\n", (int)n, p); - - a = gcry_sexp_nth_mpi (s2, 0, GCRYMPI_FMT_USG); - if (!a) - { - fail("failed to cdr the mpi for `%s'\n", parm); - continue; - } + gcry_sexp_release (s1); } } @@ -387,6 +391,8 @@ canon_len (); back_and_forth (); check_sscan (); + + gcry_control (GCRYCTL_FINALIZE); return error_count? 1:0; } Index: tests/ac-schemes.c =================================================================== --- tests/ac-schemes.c (Revision 1140) +++ tests/ac-schemes.c (Arbeitskopie) @@ -318,6 +318,14 @@ es_checks (handle, key_public, key_secret); ssa_checks (handle, key_public, key_secret); } + + if(handle) + gcry_ac_close (handle); + + if(key_secret) + gcry_ac_key_destroy (key_secret); + if(key_public) + gcry_ac_key_destroy (key_public); assert (! err); } @@ -340,6 +348,8 @@ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); check_run (); + + gcry_control (GCRYCTL_FINALIZE); return 0; } Index: tests/hmac.c =================================================================== --- tests/hmac.c (Revision 1140) +++ tests/hmac.c (Arbeitskopie) @@ -167,5 +167,7 @@ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); check_hmac (); + gcry_control (GCRYCTL_FINALIZE); + return error_count ? 1 : 0; } Index: tests/testapi.c =================================================================== --- tests/testapi.c (Revision 1140) +++ tests/testapi.c (Arbeitskopie) @@ -108,5 +108,7 @@ return 1; } + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/keygrip.c =================================================================== --- tests/keygrip.c (Revision 1140) +++ tests/keygrip.c (Arbeitskopie) @@ -135,5 +135,7 @@ check (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/pkbench.c =================================================================== --- tests/pkbench.c (Revision 1140) +++ tests/pkbench.c (Arbeitskopie) @@ -359,5 +359,7 @@ process_key_pair_file (argv[i]); } + gcry_control (GCRYCTL_FINALIZE); + return EXIT_SUCCESS; } Index: tests/prime.c =================================================================== --- tests/prime.c (Revision 1140) +++ tests/prime.c (Arbeitskopie) @@ -95,6 +95,7 @@ gcry_mpi_add_ui (prime, prime, 1); err = gcry_prime_check (prime, 0); assert (err); + gcry_mpi_release(prime); } } @@ -118,5 +119,7 @@ check_primes (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/basic.c =================================================================== --- tests/basic.c (Revision 1140) +++ tests/basic.c (Arbeitskopie) @@ -974,6 +974,8 @@ get_keys_new (&pkey, &skey); do_check_one_pubkey (n, skey, pkey, NULL, FLAG_SIGN | FLAG_CRYPT); + gcry_sexp_release (pkey); + gcry_sexp_release (skey); } /* Run all tests for the public key fucntions. */ @@ -1120,5 +1122,6 @@ check_digests (); check_pubkey (); + gcry_control (GCRYCTL_FINALIZE, 0); return error_count ? 1 : 0; } Index: tests/keygen.c =================================================================== --- tests/keygen.c (Revision 1140) +++ tests/keygen.c (Arbeitskopie) @@ -238,6 +238,8 @@ check_rsa_keys (); check_nonce (); + + gcry_control (GCRYCTL_FINALIZE); return error_count? 1:0; } Index: tests/ac.c =================================================================== --- tests/ac.c (Revision 1140) +++ tests/ac.c (Arbeitskopie) @@ -75,6 +75,8 @@ err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec, &key_pair, NULL); assert (! err); + gcry_mpi_release(rsa_spec.e); + key_sec = gcry_ac_key_pair_extract (key_pair, GCRY_AC_KEY_SECRET); key_copy (handle, GCRY_AC_KEY_SECRET, &key_sec_cp, key_sec); @@ -120,6 +122,11 @@ } gcry_ac_close (handle); + gcry_ac_data_destroy (data); + gcry_mpi_release(x2); + gcry_ac_key_destroy(key_sec_cp); + gcry_ac_key_destroy(key_pub_cp); + gcry_ac_key_pair_destroy(key_pair); } void @@ -156,5 +163,7 @@ for (; i > 0; i--) check_run (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/register.c =================================================================== --- tests/register.c (Revision 1140) +++ tests/register.c (Arbeitskopie) @@ -92,6 +92,8 @@ if (list[i] == algorithm) ret = 1; + free(list); + return ret; } @@ -158,5 +160,7 @@ for (; i > 0; i--) check_run (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/benchmark.c =================================================================== --- tests/benchmark.c (Revision 1140) +++ tests/benchmark.c (Arbeitskopie) @@ -424,6 +424,8 @@ return 1; } + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: tests/ac-data.c =================================================================== --- tests/ac-data.c (Revision 1140) +++ tests/ac-data.c (Arbeitskopie) @@ -174,7 +174,8 @@ gcry_ac_data_destroy (data); - + gcry_mpi_release (mpi0); + gcry_mpi_release (mpi2); } int @@ -198,5 +199,7 @@ for (; i > 0; i--) check_run (); + gcry_control (GCRYCTL_FINALIZE); + return 0; } Index: doc/Makefile.am =================================================================== --- doc/Makefile.am (Revision 1140) +++ doc/Makefile.am (Arbeitskopie) @@ -22,3 +22,4 @@ info_TEXINFOS = gcrypt.texi gcrypt_TEXINFOS = lgpl.texi gpl.texi +gcrypt.info: version.texi Index: cipher/pubkey.c =================================================================== --- cipher/pubkey.c (Revision 1140) +++ cipher/pubkey.c (Arbeitskopie) @@ -2310,6 +2310,20 @@ return err; } +void +_gcry_pk_finalize(void) +{ + if(default_pubkeys_registered) + { + ath_mutex_lock(&pubkeys_registered_lock); + while(pubkeys_registered) + { + _gcry_module_release(pubkeys_registered); + } + default_pubkeys_registered = 0; + ath_mutex_unlock(&pubkeys_registered_lock); + } +} gcry_err_code_t _gcry_pk_module_lookup (int algorithm, gcry_module_t *module) Index: cipher/md.c =================================================================== --- cipher/md.c (Revision 1140) +++ cipher/md.c (Arbeitskopie) @@ -1212,6 +1212,20 @@ return err; } +void +_gcry_md_finalize(void) +{ + if(default_digests_registered) + { + ath_mutex_lock(&digests_registered_lock); + while(digests_registered) + { + _gcry_module_release(digests_registered); + } + default_digests_registered = 0; + ath_mutex_unlock(&digests_registered_lock); + } +} int gcry_md_is_secure (gcry_md_hd_t a) Index: cipher/cipher.c =================================================================== --- cipher/cipher.c (Revision 1140) +++ cipher/cipher.c (Arbeitskopie) @@ -1380,6 +1380,21 @@ return err; } +void +_gcry_cipher_finalize(void) +{ + if(default_ciphers_registered) + { + ath_mutex_lock(&ciphers_registered_lock); + while(ciphers_registered) + { + _gcry_module_release(ciphers_registered); + } + default_ciphers_registered = 0; + ath_mutex_unlock(&ciphers_registered_lock); + } +} + /* Get a list consisting of the IDs of the loaded cipher modules. If LIST is zero, write the number of loaded cipher modules to LIST_LENGTH and return. If LIST is non-zero, the first Index: cipher/random.c =================================================================== --- cipher/random.c (Revision 1140) +++ cipher/random.c (Arbeitskopie) @@ -168,10 +168,8 @@ keypool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN) : gcry_xcalloc(1,POOLSIZE+BLOCKLEN); is_initialized = 1; - } - /* Used to register a progress callback. */ void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int), @@ -206,6 +204,17 @@ } void +_gcry_random_finalize(void) +{ + if(is_initialized) + { + gcry_free(rndpool); + gcry_free(keypool); + is_initialized = 0; + } +} + +void _gcry_random_dump_stats() { /* FIXME: don't we need proper locking here? -mo */ Index: cipher/ac.c =================================================================== --- cipher/ac.c (Revision 1140) +++ cipher/ac.c (Arbeitskopie) @@ -726,14 +726,14 @@ for (i = 0; i < sexp_n; i++) { - sexp_tmp = gcry_sexp_nth (sexp_cur, i); - if (! sexp_tmp) + gcry_sexp_t sexp_tmp2 = gcry_sexp_nth (sexp_cur, i); + if (! sexp_tmp2) { err = gcry_error (GPG_ERR_INV_SEXP); break; } - data = gcry_sexp_nth_data (sexp_tmp, 0, &data_n); + data = gcry_sexp_nth_data (sexp_tmp2, 0, &data_n); string = gcry_malloc (data_n + 1); if (! string) { @@ -743,22 +743,24 @@ memcpy (string, data, data_n); string[data_n] = 0; - mpi = gcry_sexp_nth_mpi (sexp_tmp, 1, 0); + mpi = gcry_sexp_nth_mpi (sexp_tmp2, 1, 0); if (! mpi) { err = gcry_error (GPG_ERR_INV_SEXP); /* FIXME? */ break; } - err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_DEALLOC, string, mpi); + err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_COPY | + GCRY_AC_FLAG_DEALLOC, string, mpi); if (err) break; + gcry_free (string); + gcry_mpi_release (mpi); string = NULL; mpi = NULL; - gcry_sexp_release (sexp_tmp); - sexp_tmp = NULL; + gcry_sexp_release (sexp_tmp2); } if (err) goto out; @@ -1180,11 +1182,14 @@ strncpy (value_name, data_raw, data_raw_n); value_name[data_raw_n] = 0; - err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC, value_name, value_mpi); + err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC | + GCRY_AC_FLAG_COPY, value_name, value_mpi); if (err) break; gcry_sexp_release (value_sexp); + gcry_mpi_release (value_mpi); + gcry_free (value_name); value_sexp = NULL; value_name = NULL; value_mpi = NULL; @@ -1480,7 +1485,7 @@ gcry_ac_key_pair_t key_pair_new; gcry_ac_key_t key_secret; gcry_ac_key_t key_public; - gcry_sexp_t key_sexp; + gcry_sexp_t key_sexp = NULL; gcry_error_t err; char *genkey_format; size_t genkey_format_n; @@ -1630,6 +1635,7 @@ gcry_free (genkey_format); gcry_free (arg_list); + gcry_sexp_release (key_sexp); gcry_sexp_release (genkey_sexp_request); gcry_sexp_release (genkey_sexp_reply); if (err) @@ -1693,17 +1699,10 @@ void _gcry_ac_key_destroy (gcry_ac_key_t key) { - unsigned int i; - if (key) { if (key->data) - { - for (i = 0; i < key->data->data_n; i++) - if (key->data->data[i].mpi != NULL) - gcry_mpi_release (key->data->data[i].mpi); - gcry_free (key->data); - } + gcry_ac_data_destroy (key->data); gcry_free (key); } } Index: cipher/random.h =================================================================== --- cipher/random.h (Revision 1140) +++ cipher/random.h (Arbeitskopie) @@ -23,6 +23,7 @@ #include "types.h" void _gcry_random_initialize (int full); +void _gcry_random_finalize(void); void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int), void *cb_data ); void _gcry_random_dump_stats(void);