[frogr] Complete gcrypt initialization and set min version to 1.5.0

From: Andres Gomez <agomez src gnome org>
To: commits-list gnome org
Cc:
Subject: [frogr] Complete gcrypt initialization and set min version to 1.5.0
Date: Wed, 22 Oct 2014 08:40:33 +0000 (UTC)
commit 3b284772986f133b75571615a9ef46d09b2bf378
Author: Andres Gomez <agomez igalia com>
Date:   Mon Oct 20 13:40:17 2014 +0300

    Complete gcrypt initialization and set min version to 1.5.0
    
    Current code for initialization is a nice safe
    check when using the library but the recommended
    is to do so in application level which assures us
    to be using the configuration we want.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=738863

 configure.ac                |    4 +++-
 src/examples/example.c      |   18 ++++++++++++++++++
 src/flicksoup/fsp-session.c |   39 ++++++++++++++++++++++++++++++---------
 src/main.c                  |   17 +++++++++++++++++
 4 files changed, 68 insertions(+), 10 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index fa54081..d6aab41 100644
--- a/configure.ac
+++ b/configure.ac
@@ -42,11 +42,13 @@ PKG_CHECK_MODULES(JSON_GLIB, json-glib-1.0 >= $JSON-GLIB_MIN_VERSION)
 FROGR_CFLAGS="$FROGR_CFLAGS $JSON_GLIB_CFLAGS"
 FROGR_LIBS="$FROGR_LIBS $JSON_GLIB_LIBS"
 
+LIBGCRYPT_MIN_VERSION=1.5.0
 # libgcrypt does not provide a .pc file
-AM_PATH_LIBGCRYPT(,HAVE_GCRYPT=yes, HAVE_GCRYPT=no)
+AM_PATH_LIBGCRYPT($LIBGCRYPT_MIN_VERSION, HAVE_GCRYPT=yes, HAVE_GCRYPT=no)
 if test "x$HAVE_GCRYPT" = "xno"; then
    AC_MSG_ERROR([libgcrypt not found, please install it])
 else
+   AC_DEFINE_UNQUOTED([LIBGCRYPT_MIN_VERSION], ["$LIBGCRYPT_MIN_VERSION"], [Minimum supported gcrypt 
version])
    FROGR_CFLAGS="$FROGR_CFLAGS $LIBGCRYPT_CFLAGS"
    FROGR_LIBS="$FROGR_LIBS $LIBGCRYPT_LIBS"
 fi
diff --git a/src/examples/example.c b/src/examples/example.c
index e1e8e75..f4af645 100644
--- a/src/examples/example.c
+++ b/src/examples/example.c
@@ -20,10 +20,17 @@
 
 #include <stdio.h>
 #include <glib.h>
+#include <errno.h>
+#include <gcrypt.h>
+#include <pthread.h>
 
+#include <config.h>
 #include <flicksoup/flicksoup.h>
 #include <libsoup/soup.h>
 
+/* Early for gcrypt pthread threads support */
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+
 #define API_KEY "18861766601de84f0921ce6be729f925"
 #define SHARED_SECRET "6233fbefd85f733a"
 
@@ -771,6 +778,17 @@ main                                    (int    argc,
 
   g_print ("Running flicksoup example...\n\n");
 
+  /* Initialize gcrypt at the very beginning */
+  gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  /* Version check should be almost the very first call because it
+     makes sure that important subsystems are initialized. */
+  g_assert (gcry_check_version (LIBGCRYPT_MIN_VERSION));
+  /* Allocate a pool of 16k secure memory.  This make the secure
+     memory available and also drops privileges where needed. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+  /* Tell Libgcrypt that initialization has completed. */
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
   /* Find full path to the testing photo */
   test_photo_path = g_strdup_printf ("file://%s/%s",
                                      g_get_current_dir (),
diff --git a/src/flicksoup/fsp-session.c b/src/flicksoup/fsp-session.c
index 7017ff0..42740d3 100644
--- a/src/flicksoup/fsp-session.c
+++ b/src/flicksoup/fsp-session.c
@@ -132,6 +132,9 @@ enum  {
 
 /* Prototypes */
 
+static void
+_init_gcrypt                            (void);
+
 static SoupSession *
 _get_soup_session                       (FspSession *self);
 
@@ -502,15 +505,8 @@ fsp_session_init                        (FspSession *self)
   self->priv->using_default_proxy = TRUE;
   self->priv->proxy_uri = NULL;
 
-  /* Apparently, we need to initialize gcrypt not to get a crash:
-     http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html */
-  if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-    {
-      gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-      gcry_check_version (NULL);
-      gcry_control (GCRYCTL_INIT_SECMEM, 32768);
-      gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-    }
+  /* Early gcrypt initialization */
+  _init_gcrypt ();
 
 #ifdef SOUP_VERSION_2_42
   /* soup_session_async_new() deprecated in lisoup 2.42 */
@@ -520,6 +516,31 @@ fsp_session_init                        (FspSession *self)
 #endif
 }
 
+static void
+_init_gcrypt                            (void)
+{
+  /* Apparently, we need to initialize gcrypt not to get a crash:
+     http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html
+     Because you can't know in a library whether another library has
+     already initialized the library */
+  if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P))
+    {
+      g_warning ("gcrypt has not been initialized yet! "
+                 "flicksoup will initialize gcrypt now, "
+                 "but consider to initialize gcrypt yourself "
+                 "at the beginning of this program.");
+      gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+      /* Version check should be almost the very first call because it
+         makes sure that important subsystems are initialized. */
+      g_assert (gcry_check_version (LIBGCRYPT_MIN_VERSION));
+      /* Allocate a pool of 16k secure memory.  This make the secure
+         memory available and also drops privileges where needed. */
+      gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+      /* Tell Libgcrypt that initialization has completed. */
+      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+    }
+}
+
 static SoupSession *
 _get_soup_session                       (FspSession *self)
 {
diff --git a/src/main.c b/src/main.c
index de01658..993ff5b 100644
--- a/src/main.c
+++ b/src/main.c
@@ -29,6 +29,12 @@
 #include <gst/gst.h>
 #endif
 #include <libxml/parser.h>
+#include <errno.h>
+#include <gcrypt.h>
+#include <pthread.h>
+
+/* Early for gcrypt pthread threads support */
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
 
 int
 main (int argc, char **argv)
@@ -47,6 +53,17 @@ main (int argc, char **argv)
     }
 #endif
 
+  /* Initialize gcrypt at the very beginning */
+  gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  /* Version check should be almost the very first call because it
+     makes sure that important subsystems are initialized. */
+  g_assert (gcry_check_version (LIBGCRYPT_MIN_VERSION));
+  /* Allocate a pool of 16k secure memory.  This make the secure
+     memory available and also drops privileges where needed. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+  /* Tell Libgcrypt that initialization has completed. */
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
   /* Initialize libxml2 library */
   xmlInitParser ();
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]