diff options
author | Werner Koch <wk@gnupg.org> | 1999-11-15 20:32:24 +0000 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 1999-11-15 20:32:24 +0000 |
commit | 004b4b2bbd984c5efb4ecfa0b1fb3151e3b066bf (patch) | |
tree | 317d7c1cb57ac3e82481ca347374665de916064a | |
parent | f0ea5ed32081cfb734eae236a21a73f179c59e69 (diff) | |
download | libgcrypt-004b4b2bbd984c5efb4ecfa0b1fb3151e3b066bf.tar.gz |
See ChangeLog: Mon Nov 15 21:36:02 CET 1999 Werner Koch
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | cipher/ChangeLog | 7 | ||||
-rw-r--r-- | cipher/dsa.c | 20 | ||||
-rw-r--r-- | cipher/elgamal.c | 29 | ||||
-rw-r--r-- | cipher/md.c | 2 | ||||
-rw-r--r-- | cipher/primegen.c | 2 | ||||
-rw-r--r-- | cipher/pubkey.c | 4 | ||||
-rw-r--r-- | cipher/random.c | 1 | ||||
-rw-r--r-- | cipher/rndegd.c | 6 | ||||
-rw-r--r-- | cipher/rndlinux.c | 7 | ||||
-rw-r--r-- | cipher/rndunix.c | 4 | ||||
-rw-r--r-- | src/gcrypt.h | 32 | ||||
-rw-r--r-- | src/global.c | 141 | ||||
-rw-r--r-- | src/misc.c | 47 |
14 files changed, 232 insertions, 72 deletions
diff --git a/Makefile.am b/Makefile.am index 20fad910..b7836126 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ else checks = checks endif -SUBDIRS = intl zlib util mpi cipher ${gcrypt} tools g10 po doc ${checks} +SUBDIRS = intl zlib util mpi cipher ${gcrypt} g10 po doc ${checks} EXTRA_DIST = README-alpha VERSION PROJECTS BUGS # gettext never gets it right, so we take here care of deleting the # symlink. my_clean_gcrypt is just a kludge until we can include diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 6aed450d..8231cbed 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de> + + * elgamal.c (gen_k): Use the new random API. + (generate): Ditto. + * dsa.c (gen_k): Ditto. + (generate): Ditto. + Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de> * pubkey.c (disable_pubkey_algo): Made static. diff --git a/cipher/dsa.c b/cipher/dsa.c index 5a356c9c..91c797c4 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -79,13 +79,14 @@ gen_k( MPI q ) if( !rndbuf || nbits < 32 ) { g10_free(rndbuf); - rndbuf = get_random_bits( nbits, 1, 1 ); + rndbuf = gcry_random_bytes_secure( (nbits+7)/8, + GCRY_STRONG_RANDOM ); } else { /* change only some of the higher bits */ /* we could imporove this by directly requesting more memory - * at the first call to get_random_bits() and use this the here + * at the first call to get_random_bytes() and use this the here * maybe it is easier to do this directly in random.c */ - char *pp = get_random_bits( 32, 1, 1 ); + char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); memcpy( rndbuf,pp, 4 ); g10_free(pp); } @@ -129,8 +130,7 @@ test_keys( DSA_secret_key *sk, unsigned qbits ) pk.q = sk->q; pk.g = sk->g; pk.y = sk->y; - /*mpi_set_bytes( test, qbits, get_random_byte, 0 );*/ - { char *p = get_random_bits( qbits, 0, 0 ); + { char *p = gcry_random_bytes( (qbits+7)/8, GCRY_WEAK_RANDOM ); mpi_set_buffer( test, p, (qbits+7)/8, 0 ); g10_free(p); } @@ -199,10 +199,12 @@ generate( DSA_secret_key *sk, unsigned nbits, MPI **ret_factors ) if( DBG_CIPHER ) progress('.'); if( !rndbuf ) - rndbuf = get_random_bits( qbits, 2, 1 ); + rndbuf = gcry_random_bytes_secure( (qbits+7)/8, + GCRY_VERY_STRONG_RANDOM ); else { /* change only some of the higher bits (= 2 bytes)*/ - char *r = get_random_bits( 16, 2, 1 ); - memcpy(rndbuf, r, 16/8 ); + char *r = gcry_random_bytes_secure( 2, + GCRY_VERY_STRONG_RANDOM ); + memcpy(rndbuf, r, 2 ); g10_free(r); } mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 ); @@ -454,7 +456,7 @@ dsa_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig, *nsig = 2; switch( algo ) { - case PUBKEY_ALGO_DSA: *use = PUBKEY_USAGE_SIG; return "DSA"; + case PUBKEY_ALGO_DSA: *use = GCRY_PK_USAGE_SIGN; return "DSA"; default: *use = 0; return NULL; } } diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 48fe22ac..d5790645 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -78,11 +78,12 @@ test_keys( ELG_secret_key *sk, unsigned nbits ) pk.y = sk->y; /*mpi_set_bytes( test, nbits, get_random_byte, 0 );*/ - { char *p = get_random_bits( nbits, 0, 0 ); + { char *p = gcry_random_bytes( (nbits+7)/8, GCRY_WEAK_RANDOM ); mpi_set_buffer( test, p, (nbits+7)/8, 0 ); g10_free(p); } + encrypt( out1_a, out1_b, test, &pk ); decrypt( out2, out1_a, out1_b, sk ); if( mpi_cmp( test, out2 ) ) @@ -121,14 +122,14 @@ gen_k( MPI p ) progress('.'); if( !rndbuf || nbits < 32 ) { g10_free(rndbuf); - rndbuf = get_random_bits( nbits, 1, 1 ); + rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM ); } else { /* change only some of the higher bits */ /* we could imporove this by directly requesting more memory - * at the first call to get_random_bits() and use this the here + * at the first call to get_random_bytes() and use this the here * maybe it is easier to do this directly in random.c */ - char *pp = get_random_bits( 32, 1, 1 ); - memcpy( rndbuf,pp, 4 ); + char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); + memcpy( rndbuf, pp, 4 ); g10_free(pp); } mpi_set_buffer( k, rndbuf, nbytes, 0 ); @@ -214,16 +215,20 @@ generate( ELG_secret_key *sk, unsigned nbits, MPI **ret_factors ) if( rndbuf ) { /* change only some of the higher bits */ if( nbits < 16 ) {/* should never happen ... */ g10_free(rndbuf); - rndbuf = get_random_bits( nbits, 2, 1 ); + rndbuf = gcry_random_bytes_secure( (nbits+7)/8, + GCRY_VERY_STRONG_RANDOM ); } else { - char *r = get_random_bits( 16, 2, 1 ); - memcpy(rndbuf, r, 16/8 ); + char *r = gcry_random_bytes_secure( 2, + GCRY_VERY_STRONG_RANDOM ); + memcpy(rndbuf, r, 2 ); g10_free(r); } } - else - rndbuf = get_random_bits( nbits, 2, 1 ); + else { + rndbuf = gcry_random_bytes_secure( (nbits+7)/8, + GCRY_VERY_STRONG_RANDOM ); + } mpi_set_buffer( x, rndbuf, (nbits+7)/8, 0 ); mpi_clear_highbit( x, nbits+1 ); } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); @@ -589,10 +594,10 @@ elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig, switch( algo ) { case PUBKEY_ALGO_ELGAMAL: - *use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC; + *use = GCRY_PK_USAGE_SIGN|GCRY_PK_USAGE_ENCR; return "ELG"; case PUBKEY_ALGO_ELGAMAL_E: - *use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC; + *use = GCRY_PK_USAGE_SIGN|GCRY_PK_USAGE_ENCR; return "ELG-E"; default: *use = 0; return NULL; } diff --git a/cipher/md.c b/cipher/md.c index bb179b67..480954a6 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -326,7 +326,7 @@ md_enable( GCRY_MD_HD hd, int algo ) - sizeof(r->context) ) : g10_malloc( sizeof *ac + r->contextsize - sizeof(r->context) ); - if( !rc ) + if( !ac ) return set_lasterr( GCRYERR_NO_MEM ); *ac = *r; diff --git a/cipher/primegen.c b/cipher/primegen.c index ca8e3ee9..5dc1e1a4 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -122,7 +122,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, q_factor = mode==1? gen_prime( req_qbits, 0, 1 ) : NULL; /* allocate an array to hold the factors + 2 for later usage */ - factors = g10_xcalloc_clear( n+2, sizeof *factors ); + factors = g10_xcalloc( n+2, sizeof *factors ); /* make a pool of 3n+5 primes (this is an arbitrary value) */ m = n*3+5; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 8d00d95a..b77ebffa 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -670,7 +670,7 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) elems1 = algo_info_table[i].common_elements; elems2 = want_private? algo_info_table[i].secret_elements : algo_info_table[i].public_elements; - array = g10_calloc( (strlen(elems1)+strlen(elems2)+1, sizeof *array ); + array = g10_calloc( strlen(elems1)+strlen(elems2)+1, sizeof *array ); if( !array ) return GCRYERR_NO_MEM; @@ -825,7 +825,7 @@ gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey ) release_mpi_array( skey ); return -1; /* fixme: get a real errorcode for this */ } - result = g10_xcalloc_clear( (strlen(algo_elems)+1) , sizeof *result ); + result = g10_xcalloc( (strlen(algo_elems)+1) , sizeof *result ); rc = pubkey_sign( algo, result, hash, skey ); release_mpi_array( skey ); mpi_free( hash ); diff --git a/cipher/random.c b/cipher/random.c index b8a09bb5..d80b870b 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -49,7 +49,6 @@ #include "util.h" #include "rmd.h" #include "ttyio.h" -#include "i18n.h" #include "random.h" #include "rand-internal.h" #include "dynload.h" diff --git a/cipher/rndegd.c b/cipher/rndegd.c index 87d75cf8..d6a6a394 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -37,12 +37,6 @@ #include "dynload.h" #include "cipher.h" -#ifdef IS_MODULE - #define _(a) (a) -#else - #include "i18n.h" -#endif - #ifndef offsetof #define offsetof(type, member) ((size_t) &((type *)0)->member) #endif diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index 78fee156..63befd25 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -41,16 +41,11 @@ #endif #endif #include "types.h" +#include "g10lib.h" /* need this for i18n */ #include "util.h" #include "ttyio.h" #include "dynload.h" -#ifdef IS_MODULE - #define _(a) (a) -#else - #include "i18n.h" -#endif - static int open_device( const char *name, int minor ); static int gather_random( void (*add)(const void*, size_t, int), int requester, size_t length, int level ); diff --git a/cipher/rndunix.c b/cipher/rndunix.c index 36482dfa..849f1e00 100644 --- a/cipher/rndunix.c +++ b/cipher/rndunix.c @@ -44,8 +44,8 @@ code base to be maintained */ - /* Fixme: We use plain mallocs here beucase it may be used as a module - * should be changed. * +/* Fixme: We use plain mallocs here beucase it may be used as a module + * should be changed. */ /* General includes */ diff --git a/src/gcrypt.h b/src/gcrypt.h index de5f05ab..dee14cdf 100644 --- a/src/gcrypt.h +++ b/src/gcrypt.h @@ -364,6 +364,38 @@ void gcry_randomize( byte *buffer, size_t length, void *gcry_random_bytes( size_t nbytes, enum gcry_random_level level ); void *gcry_random_bytes_secure( size_t nbytes, enum gcry_random_level level ); +/* Provide custom functions for special tasks of libgcrypt. + */ +void gcry_set_allocation_handler( void *(*new_alloc_func)(size_t n), + void *(*new_alloc_secure_func)(size_t n), + int (*new_is_secure_func)(const void*), + void *(*new_realloc_func)(void *p, size_t n), + void (*new_free_func)(void*) ); +void gcry_set_outofcore_handler( int (*h)( void*, size_t, unsigned int ), + void *opaque ); +void gcry_set_fatalerror_handler( void (*fnc)(void*,int, const char*), + void *opaque ); +void gcry_set_gettext_handler( const char *(*f)(const char*) ); + + +/* Access to the memory function of libgcrypt. + * Especially the gcry_free() should be used for memory + * allocated by gcry_ functions. + */ +void *gcry_malloc( size_t n ); +void *gcry_calloc( size_t n, size_t m ); +void *gcry_malloc_secure( size_t n ); +void *gcry_calloc_secure( size_t n, size_t m ); +void *gcry_realloc( void *a, size_t n ); +void *gcry_xmalloc( size_t n ); +void *gcry_xcalloc( size_t n, size_t m ); +void *gcry_xmalloc_secure( size_t n ); +void *gcry_xcalloc_secure( size_t n, size_t m ); +void *gcry_xrealloc( void *a, size_t n ); +char *gcry_xstrdup( const char * a); +void gcry_free( void *p ); + + #ifndef GCRYPT_NO_MPI_MACROS typedef struct gcry_mpi *MPI; diff --git a/src/global.c b/src/global.c index 72206b4c..9a54bf6c 100644 --- a/src/global.c +++ b/src/global.c @@ -26,9 +26,17 @@ #include <assert.h> #include "g10lib.h" +#include "memory.h" /* for the m_* functions */ static int last_ec; /* fixme: make thread safe */ +static void *(*alloc_func)(size_t n) = NULL; +static void *(*alloc_secure_func)(size_t n) = NULL; +static int (*is_secure_func)(const void*) = NULL; +static void *(*realloc_func)(void *p, size_t n) = NULL; +static void (*free_func)(void*) = NULL; +static int (*outofcore_handler)( void*, size_t, unsigned int ) = NULL; +static void *outofcore_handler_value = NULL; int gcry_control( enum gcry_ctl_cmds cmd, ... ) @@ -73,7 +81,7 @@ gcry_strerror( int ec ) X(SUCCESS, N_("no error")) X(GENERAL, N_("general error")) X(INV_OP, N_("invalid operation code or ctl command")) - X(NOMEM, N_("out of core")) + X(NO_MEM, N_("out of core")) X(INV_ARG, N_("invalid argument")) X(INTERNAL, N_("internal error")) X(EOF, N_("EOF")) @@ -102,23 +110,93 @@ set_lasterr( int ec ) return ec; } + + +/**************** + * NOTE: All 5 functions should be set. + */ void -g10_free( void *p ) +gcry_set_allocation_handler( void *(*new_alloc_func)(size_t n), + void *(*new_alloc_secure_func)(size_t n), + int (*new_is_secure_func)(const void*), + void *(*new_realloc_func)(void *p, size_t n), + void (*new_free_func)(void*) ) { - if( p ) - m_free(p); + alloc_func = new_alloc_func; + alloc_secure_func = new_alloc_secure_func; + is_secure_func = new_is_secure_func; + realloc_func = new_realloc_func; + free_func = new_free_func; +} + + + +/**************** + * Set an optional handler which is called in case the xmalloc functions + * ran out of memory. This handler may do one of these things: + * o free some memory and return true, so that the xmalloc function + * tries again. + * o Do whatever tit like and return false, so that the xmalloc functions + * use the default fatal error handler. + * o Terminate the program and don't return. + * + * The handler function is called with 3 argiments: The opaque value set with + * this function, the requested memory size, and a flag with these bits + * currently defined: + * bit 0 set = secure memory has been requested. + */ +void +gcry_set_outofcore_handler( int (*f)( void*, size_t, unsigned int ), + void *value ) +{ + outofcore_handler = f; + outofcore_handler_value = value; } + + void * g10_malloc( size_t n ) { - return m_alloc( n ); + if( alloc_func ) + return alloc_func( n ) ; + return g10_private_malloc( n ); } void * g10_malloc_secure( size_t n ) { - return m_alloc_secure( n ); + if( alloc_secure_func ) + return alloc_secure_func( n ) ; + return g10_private_malloc_secure( n ); +} + +int +g10_is_secure( const void *a ) +{ + if( is_secure_func ) + return is_secure_func( a ) ; + return g10_private_is_secure( a ); +} + +void * +g10_realloc( void *a, size_t n ) +{ + if( realloc_func ) + return realloc_func( a, n ) ; + return g10_private_realloc( a, n ); +} + +void +g10_free( void *p ) +{ + if( !p ) + return; + + if( free_func ) + free_func( p ); + else + g10_private_free( p ); } void * @@ -143,10 +221,27 @@ g10_calloc_secure( size_t n, size_t m ) void * g10_xmalloc( size_t n ) { - void *p = g10_malloc( n ); - if( !n ) { - fprintf(stderr,"OUT OF CORE\n"); - exit(4); + void *p; + + while ( !(p = g10_malloc( n )) ) { + if( !outofcore_handler + || !outofcore_handler( outofcore_handler_value, n, 0 ) ) { + g10_fatal_error(GCRYERR_NO_MEM, NULL ); + } + } + return p; +} + +void * +g10_xrealloc( void *a, size_t n ) +{ + void *p; + + while ( !(p = g10_realloc( a, n )) ) { + if( !outofcore_handler + || !outofcore_handler( outofcore_handler_value, n, 2 ) ) { + g10_fatal_error(GCRYERR_NO_MEM, NULL ); + } } return p; } @@ -154,10 +249,14 @@ g10_xmalloc( size_t n ) void * g10_xmalloc_secure( size_t n ) { - void *p = g10_malloc_secure( n ); - if( !n ) { - fprintf(stderr,"OUT OF CORE in secure memory\n"); - exit(4); + void *p; + + while ( !(p = g10_malloc_secure( n )) ) { + if( !outofcore_handler + || !outofcore_handler( outofcore_handler_value, n, 1 ) ) { + g10_fatal_error(GCRYERR_NO_MEM, + _("out of core in secure memory")); + } } return p; } @@ -165,22 +264,16 @@ g10_xmalloc_secure( size_t n ) void * g10_xcalloc( size_t n, size_t m ) { - void *p = g10_calloc( n, m ); - if( !n ) { - fprintf(stderr,"OUT OF CORE\n"); - exit(4); - } + void *p = g10_xmalloc( n*m ); + memset( p, 0, n*m ); return p; } void * g10_xcalloc_secure( size_t n, size_t m ) { - void *p = g10_calloc_secure( n, m ); - if( !n ) { - fprintf(stderr,"OUT OF CORE in secure memory\n"); - exit(4); - } + void *p = g10_xmalloc_secure( n* m ); + memset( p, 0, n*m ); return p; } @@ -24,27 +24,60 @@ #include <string.h> #include <stdarg.h> #include <assert.h> +#include <unistd.h> #include "g10lib.h" +static void (*fatal_error_handler)(void*,int, const char*) = NULL; +static void *fatal_error_handler_value = 0; + +static const char *(*user_gettext_handler)( const char * ) = NULL; + +void +gcry_set_gettext_handler( const char *(*f)(const char*) ) +{ + user_gettext_handler = f; +} + const char * g10_gettext( const char *key ) { - /* switch the domain to gnupg and restore later */ + if( user_gettext_handler ) + return user_gettext_handler( key ); + /* FIXME: switch the domain to gnupg and restore later */ return key; } +void +gcry_set_fatalerror_handler( void (*fnc)(void*,int, const char*), void *value) +{ + fatal_error_handler_value = value; + fatal_error_handler = fnc; +} +static void +write2stderr( const char *s ) +{ + write( 2, s, strlen(s) ); +} /**************** - * This function is here as a default fatal error - * handler. The caller might want to use his own. + * This function is called for fatal errors. A caller might want to + * set his own handler becuase this function simply calls abort(). */ -int -fatal_invalid_arg(const char *text) +void +g10_fatal_error(int rc, const char *text ) { - /*log_error("Fatal error: %s\n", text );*/ - return GCRYERR_INV_ARG; + if( !text ) /* get a default text */ + text = gcry_strerror(rc); + + if( fatal_error_handler ) + fatal_error_handler( fatal_error_handler_value, rc, text ); + + write2stderr("\nFatal error: "); + write2stderr(text); + write2stderr("\n"); + abort(); } |