diff options
| author | Werner Koch <wk@gnupg.org> | 2011-09-15 18:08:55 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2011-09-15 18:08:55 +0200 |
| commit | e0fe4a5c862a1646066044dfe8e99264e2331752 (patch) | |
| tree | 1cf303ee9980a49105c2178096d150affcc138ba | |
| parent | fc9eec3626fcb9a3d4043d779462c4fc39cd51ae (diff) | |
| download | libgcrypt-e0fe4a5c862a1646066044dfe8e99264e2331752.tar.gz | |
Removed the module registration interface
The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot. It also does not allow for
efficient implementation of new algorithm or cipher modes. Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation. Thus we remove the entire subsystem.
Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.
In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated
directory.
| -rw-r--r-- | NEWS | 16 | ||||
| -rw-r--r-- | cipher/ChangeLog | 6 | ||||
| -rw-r--r-- | cipher/cipher.c | 20 | ||||
| -rw-r--r-- | cipher/md.c | 29 | ||||
| -rw-r--r-- | cipher/pubkey.c | 20 | ||||
| -rw-r--r-- | doc/gcrypt.texi | 389 | ||||
| -rw-r--r-- | src/ChangeLog | 19 | ||||
| -rw-r--r-- | src/Makefile.am | 4 | ||||
| -rw-r--r-- | src/gcrypt-module.h | 48 | ||||
| -rw-r--r-- | src/gcrypt.h.in | 27 | ||||
| -rw-r--r-- | src/libgcrypt.def | 25 | ||||
| -rw-r--r-- | src/libgcrypt.vers | 13 | ||||
| -rw-r--r-- | src/visibility.c | 59 | ||||
| -rw-r--r-- | src/visibility.h | 28 | ||||
| -rw-r--r-- | tests/ChangeLog | 2 | ||||
| -rw-r--r-- | tests/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/register.c | 187 |
17 files changed, 74 insertions, 820 deletions
@@ -4,10 +4,22 @@ Noteworthy changes in version 1.6.0 (unreleased) * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible too previous versions. + * Removed the module register subsystem. + * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - gcry_ac_* REMOVED. - GCRY_AC_* REMOVED. + gcry_ac_* REMOVED. + GCRY_AC_* REMOVED. + gcry_module_t REMOVED. + gcry_cipher_register REMOVED. + gcry_cipher_unregister REMOVED. + gcry_cipher_list REMOVED. + gcry_pk_register REMOVED. + gcry_pk_unregister REMOVED. + gcry_pk_list REMOVED. + gcry_md_register REMOVED. + gcry_md_unregister REMOVED. + gcry_md_list REMOVED. Noteworthy changes in version 1.5.0 (2011-06-29) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index a885443f..0bbbbb4d 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,11 @@ 2011-09-15 Werner Koch <wk@g10code.com> + * pubkey.c (gcry_pk_list): Remove. + (gcry_pk_unregister): Remove. + * md.c (gcry_md_list): Remove. + (gcry_md_unregister): Remove. + * cipher.c (gcry_cipher_list): Remove. + (gcry_cipher_unregister): Remove. * ac.c: Remove. 2011-06-29 Werner Koch <wk@g10code.com> diff --git a/cipher/cipher.c b/cipher/cipher.c index b99ab41b..3b6e9d52 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -418,7 +418,7 @@ _gcry_cipher_register (gcry_cipher_spec_t *cipher, /* Unregister the cipher identified by MODULE, which must have been registered with gcry_cipher_register. */ void -gcry_cipher_unregister (gcry_module_t module) +_gcry_cipher_unregister (gcry_module_t module) { ath_mutex_lock (&ciphers_registered_lock); _gcry_module_release (module); @@ -2156,24 +2156,6 @@ _gcry_cipher_init (void) return err; } -/* Get a list consisting of the IDs of the loaded cipher modules. If - LIST is zero, write the number of loaded cipher modules to - LIST_LENGTH and return. If LIST is non-zero, the first - *LIST_LENGTH algorithm IDs are stored in LIST, which must be of - according size. In case there are less cipher modules than - *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ -gcry_error_t -gcry_cipher_list (int *list, int *list_length) -{ - gcry_err_code_t err = GPG_ERR_NO_ERROR; - - ath_mutex_lock (&ciphers_registered_lock); - err = _gcry_module_list (ciphers_registered, list, list_length); - ath_mutex_unlock (&ciphers_registered_lock); - - return err; -} - /* Run the selftests for cipher algorithm ALGO with optional reporting function REPORT. */ diff --git a/cipher/md.c b/cipher/md.c index c3b3a4f3..5ae9aee2 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -285,16 +285,6 @@ _gcry_md_register (gcry_md_spec_t *digest, return gcry_error (err); } -/* Unregister the digest identified by ID, which must have been - registered with gcry_digest_register. */ -void -gcry_md_unregister (gcry_module_t module) -{ - ath_mutex_lock (&digests_registered_lock); - _gcry_module_release (module); - ath_mutex_unlock (&digests_registered_lock); -} - static int search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec) @@ -1325,25 +1315,6 @@ gcry_md_is_enabled (gcry_md_hd_t a, int algo) return value; } -/* Get a list consisting of the IDs of the loaded message digest - modules. If LIST is zero, write the number of loaded message - digest modules to LIST_LENGTH and return. If LIST is non-zero, the - first *LIST_LENGTH algorithm IDs are stored in LIST, which must be - of according size. In case there are less message digest modules - than *LIST_LENGTH, *LIST_LENGTH is updated to the correct - number. */ -gcry_error_t -gcry_md_list (int *list, int *list_length) -{ - gcry_err_code_t err = GPG_ERR_NO_ERROR; - - ath_mutex_lock (&digests_registered_lock); - err = _gcry_module_list (digests_registered, list, list_length); - ath_mutex_unlock (&digests_registered_lock); - - return err; -} - /* Run the selftests for digest algorithm ALGO with optional reporting function REPORT. */ diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 91098214..afb14c99 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -288,7 +288,7 @@ _gcry_pk_register (gcry_pk_spec_t *pubkey, /* Unregister the pubkey identified by ID, which must have been registered with gcry_pk_register. */ void -gcry_pk_unregister (gcry_module_t module) +_gcry_pk_unregister (gcry_module_t module) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); @@ -4092,24 +4092,6 @@ _gcry_pk_module_release (gcry_module_t module) ath_mutex_unlock (&pubkeys_registered_lock); } -/* Get a list consisting of the IDs of the loaded pubkey modules. If - LIST is zero, write the number of loaded pubkey modules to - LIST_LENGTH and return. If LIST is non-zero, the first - *LIST_LENGTH algorithm IDs are stored in LIST, which must be of - according size. In case there are less pubkey modules than - *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ -gcry_error_t -gcry_pk_list (int *list, int *list_length) -{ - gcry_err_code_t err = GPG_ERR_NO_ERROR; - - ath_mutex_lock (&pubkeys_registered_lock); - err = _gcry_module_list (pubkeys_registered, list, list_length); - ath_mutex_unlock (&pubkeys_registered_lock); - - return err; -} - /* Run the selftests for pubkey algorithm ALGO with optional reporting function REPORT. */ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 1de87fa2..14f6fd1b 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -614,7 +614,6 @@ If the logging verbosity level of Libgcrypt has been set to at least @menu * Controlling the library:: Controlling Libgcrypt's behavior. -* Modules:: Description of extension modules. * Error Handling:: Error codes and such. @end menu @@ -857,25 +856,6 @@ command must be used at initialization time; i.e. before calling @end deftypefun -@node Modules -@section Modules - -Libgcrypt supports the use of `extension modules', which -implement algorithms in addition to those already built into the library -directly. - -@deftp {Data type} gcry_module_t -This data type represents a `module'. -@end deftp - -Functions registering modules provided by the user take a `module -specification structure' as input and return a value of -@code{gcry_module_t} and an ID that is unique in the modules' -category. This ID can be used to reference the newly registered -module. After registering a module successfully, the new functionality -should be able to be used through the normal functions provided by -Libgcrypt until it is unregistered again. - @c ********************************************************** @c ******************* Errors **************************** @c ********************************************************** @@ -1430,7 +1410,6 @@ building blocks provided by Libgcrypt. @menu * Available ciphers:: List of ciphers supported by the library. -* Cipher modules:: How to work with cipher modules. * Available cipher modes:: List of cipher modes supported by the library. * Working with cipher handles:: How to perform operations related to cipher handles. * General cipher functions:: General cipher functions independent of cipher handles. @@ -1537,119 +1516,6 @@ The Camellia cipher by NTT. See @end table -@node Cipher modules -@section Cipher modules - -Libgcrypt makes it possible to load additional `cipher modules'; these -ciphers can be used just like the cipher algorithms that are built -into the library directly. For an introduction into extension -modules, see @xref{Modules}. - -@deftp {Data type} gcry_cipher_spec_t -This is the `module specification structure' needed for registering -cipher modules, which has to be filled in by the user before it can be -used to register a module. It contains the following members: - -@table @code -@item const char *name -The primary name of the algorithm. -@item const char **aliases -A list of strings that are `aliases' for the algorithm. The list must -be terminated with a NULL element. -@item gcry_cipher_oid_spec_t *oids -A list of OIDs that are to be associated with the algorithm. The -list's last element must have it's `oid' member set to NULL. See -below for an explanation of this type. -@item size_t blocksize -The block size of the algorithm, in bytes. -@item size_t keylen -The length of the key, in bits. -@item size_t contextsize -The size of the algorithm-specific `context', that should be allocated -for each handle. -@item gcry_cipher_setkey_t setkey -The function responsible for initializing a handle with a provided -key. See below for a description of this type. -@item gcry_cipher_encrypt_t encrypt -The function responsible for encrypting a single block. See below for -a description of this type. -@item gcry_cipher_decrypt_t decrypt -The function responsible for decrypting a single block. See below for -a description of this type. -@item gcry_cipher_stencrypt_t stencrypt -Like `encrypt', for stream ciphers. See below for a description of -this type. -@item gcry_cipher_stdecrypt_t stdecrypt -Like `decrypt', for stream ciphers. See below for a description of -this type. -@end table -@end deftp - -@deftp {Data type} gcry_cipher_oid_spec_t -This type is used for associating a user-provided algorithm -implementation with certain OIDs. It contains the following members: -@table @code -@item const char *oid -Textual representation of the OID. -@item int mode -Cipher mode for which this OID is valid. -@end table -@end deftp - -@deftp {Data type} gcry_cipher_setkey_t -Type for the `setkey' function, defined as: gcry_err_code_t -(*gcry_cipher_setkey_t) (void *c, const unsigned char *key, unsigned -keylen) -@end deftp - -@deftp {Data type} gcry_cipher_encrypt_t -Type for the `encrypt' function, defined as: gcry_err_code_t -(*gcry_cipher_encrypt_t) (void *c, const unsigned char *outbuf, const -unsigned char *inbuf) -@end deftp - -@deftp {Data type} gcry_cipher_decrypt_t -Type for the `decrypt' function, defined as: gcry_err_code_t -(*gcry_cipher_decrypt_t) (void *c, const unsigned char *outbuf, const -unsigned char *inbuf) -@end deftp - -@deftp {Data type} gcry_cipher_stencrypt_t -Type for the `stencrypt' function, defined as: gcry_err_code_t -(*gcry_@/cipher_@/stencrypt_@/t) (void *c, const unsigned char *outbuf, const -unsigned char *, unsigned int n) -@end deftp - -@deftp {Data type} gcry_cipher_stdecrypt_t -Type for the `stdecrypt' function, defined as: gcry_err_code_t -(*gcry_@/cipher_@/stdecrypt_@/t) (void *c, const unsigned char *outbuf, const -unsigned char *, unsigned int n) -@end deftp - -@deftypefun gcry_error_t gcry_cipher_register (gcry_cipher_spec_t *@var{cipher}, unsigned int *algorithm_id, gcry_module_t *@var{module}) - -Register a new cipher module whose specification can be found in -@var{cipher}. On success, a new algorithm ID is stored in -@var{algorithm_id} and a pointer representing this module is stored -in @var{module}. Deprecated; the module register interface will be -removed in a future version. -@end deftypefun - -@deftypefun void gcry_cipher_unregister (gcry_module_t @var{module}) -Unregister the cipher identified by @var{module}, which must have been -registered with gcry_cipher_register. -@end deftypefun - -@deftypefun gcry_error_t gcry_cipher_list (int *@var{list}, int *@var{list_length}) -Get a list consisting of the IDs of the loaded cipher modules. If -@var{list} is zero, write the number of loaded cipher modules to -@var{list_length} and return. If @var{list} is non-zero, the first -*@var{list_length} algorithm IDs are stored in @var{list}, which must -be of according size. In case there are less cipher modules than -*@var{list_length}, *@var{list_length} is updated to the correct -number. -@end deftypefun - @node Available cipher modes @section Available cipher modes @@ -1994,7 +1860,6 @@ S-expressions. @menu * Available algorithms:: Algorithms supported by the library. * Used S-expressions:: Introduction into the used S-expression. -* Public key modules:: How to work with public key modules. * Cryptographic Functions:: Functions for performing the cryptographic actions. * General public-key related Functions:: General functions, not implementing any cryptography. @end menu @@ -2233,139 +2098,6 @@ As usual the OIDs may optionally be prefixed with the string @code{OID.} or @code{oid.}. - -@node Public key modules -@section Public key modules - -Libgcrypt makes it possible to load additional `public key -modules'; these public key algorithms can be used just like the -algorithms that are built into the library directly. For an -introduction into extension modules, see @xref{Modules}. - -@deftp {Data type} gcry_pk_spec_t -This is the `module specification structure' needed for registering -public key modules, which has to be filled in by the user before it -can be used to register a module. It contains the following members: - -@table @code -@item const char *name -The primary name of this algorithm. -@item char **aliases -A list of strings that are `aliases' for the algorithm. The list -must be terminated with a NULL element. -@item const char *elements_pkey -String containing the one-letter names of the MPI values contained in -a public key. -@item const char *element_skey -String containing the one-letter names of the MPI values contained in -a secret key. -@item const char *elements_enc -String containing the one-letter names of the MPI values that are the -result of an encryption operation using this algorithm. -@item const char *elements_sig -String containing the one-letter names of the MPI values that are the -result of a sign operation using this algorithm. -@item const char *elements_grip -String containing the one-letter names of the MPI values that are to -be included in the `key grip'. -@item int use -The bitwise-OR of the following flags, depending on the abilities of -the algorithm: -@table @code -@item GCRY_PK_USAGE_SIGN -The algorithm supports signing and verifying of data. -@item GCRY_PK_USAGE_ENCR -The algorithm supports the encryption and decryption of data. -@end table -@item gcry_pk_generate_t generate -The function responsible for generating a new key pair. See below for -a description of this type. -@item gcry_pk_check_secret_key_t check_secret_key -The function responsible for checking the sanity of a provided secret -key. See below for a description of this type. -@item gcry_pk_encrypt_t encrypt -The function responsible for encrypting data. See below for a -description of this type. -@item gcry_pk_decrypt_t decrypt -The function responsible for decrypting data. See below for a -description of this type. -@item gcry_pk_sign_t sign -The function responsible for signing data. See below for a description -of this type. -@item gcry_pk_verify_t verify -The function responsible for verifying that the provided signature -matches the provided data. See below for a description of this type. -@item gcry_pk_get_nbits_t get_nbits -The function responsible for returning the number of bits of a provided -key. See below for a description of this type. -@end table -@end deftp - -@deftp {Data type} gcry_pk_generate_t -Type for the `generate' function, defined as: gcry_err_code_t -(*gcry_pk_generate_t) (int algo, unsigned int nbits, unsigned long -use_e, gcry_mpi_t *skey, gcry_mpi_t **retfactors) -@end deftp - -@deftp {Data type} gcry_pk_check_secret_key_t -Type for the `check_secret_key' function, defined as: gcry_err_code_t -(*gcry_pk_check_secret_key_t) (int algo, gcry_mpi_t *skey) -@end deftp - -@deftp {Data type} gcry_pk_encrypt_t -Type for the `encrypt' function, defined as: gcry_err_code_t -(*gcry_pk_encrypt_t) (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, -gcry_mpi_t *pkey, int flags) -@end deftp - -@deftp {Data type} gcry_pk_decrypt_t -Type for the `decrypt' function, defined as: gcry_err_code_t -(*gcry_pk_decrypt_t) (int algo, gcry_mpi_t *result, gcry_mpi_t *data, -gcry_mpi_t *skey, int flags) -@end deftp - -@deftp {Data type} gcry_pk_sign_t -Type for the `sign' function, defined as: gcry_err_code_t -(*gcry_pk_sign_t) (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, -gcry_mpi_t *skey) -@end deftp - -@deftp {Data type} gcry_pk_verify_t -Type for the `verify' function, defined as: gcry_err_code_t -(*gcry_pk_verify_t) (int algo, gcry_mpi_t hash, gcry_mpi_t *data, -gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaquev) -@end deftp - -@deftp {Data type} gcry_pk_get_nbits_t -Type for the `get_nbits' function, defined as: unsigned -(*gcry_pk_get_nbits_t) (int algo, gcry_mpi_t *pkey) -@end deftp - -@deftypefun gcry_error_t gcry_pk_register (gcry_pk_spec_t *@var{pubkey}, unsigned int *algorithm_id, gcry_module_t *@var{module}) - -Register a new public key module whose specification can be found in -@var{pubkey}. On success, a new algorithm ID is stored in -@var{algorithm_id} and a pointer representing this module is stored in -@var{module}. Deprecated; the module register interface will be -removed in a future version. - -@end deftypefun - -@deftypefun void gcry_pk_unregister (gcry_module_t @var{module}) -Unregister the public key module identified by @var{module}, which -must have been registered with gcry_pk_register. -@end deftypefun - -@deftypefun gcry_error_t gcry_pk_list (int *@var{list}, int *@var{list_length}) -Get a list consisting of the IDs of the loaded pubkey modules. If -@var{list} is zero, write the number of loaded pubkey modules to -@var{list_length} and return. If @var{list} is non-zero, the first -*@var{list_length} algorithm IDs are stored in @var{list}, which must -be of according size. In case there are less pubkey modules than -*@var{list_length}, *@var{list_length} is updated to the correct -number. -@end deftypefun - @node Cryptographic Functions @section Cryptographic Functions @@ -2960,7 +2692,6 @@ are also supported. @menu * Available hash algorithms:: List of hash algorithms supported by the library. -* Hash algorithm modules:: How to work with hash algorithm modules. * Working with hash algorithms:: List of functions related to hashing. @end menu @@ -3064,107 +2795,6 @@ bytes. @end table @c end table of hash algorithms -@node Hash algorithm modules -@section Hash algorithm modules - -Libgcrypt makes it possible to load additional `message -digest modules'; these digests can be used just like the message digest -algorithms that are built into the library directly. For an -introduction into extension modules, see @xref{Modules}. - -@deftp {Data type} gcry_md_spec_t -This is the `module specification structure' needed for registering -message digest modules, which has to be filled in by the user before -it can be used to register a module. It contains the following -members: - -@table @code -@item const char *name -The primary name of this algorithm. -@item unsigned char *asnoid -Array of bytes that form the ASN OID. -@item int asnlen -Length of bytes in `asnoid'. -@item gcry_md_oid_spec_t *oids -A list of OIDs that are to be associated with the algorithm. The -list's last element must have it's `oid' member set to NULL. See -below for an explanation of this type. See below for an explanation -of this type. -@item int mdlen -Length of the message digest algorithm. See below for an explanation -of this type. -@item gcry_md_init_t init -The function responsible for initializing a handle. See below for an -explanation of this type. -@item gcry_md_write_t write -The function responsible for writing data into a message digest -context. See below for an explanation of this type. -@item gcry_md_final_t final -The function responsible for `finalizing' a message digest context. -See below for an explanation of this type. -@item gcry_md_read_t read -The function responsible for reading out a message digest result. See -below for an explanation of this type. -@item size_t contextsize -The size of the algorithm-specific `context', that should be -allocated for each handle. -@end table -@end deftp - -@deftp {Data type} gcry_md_oid_spec_t -This type is used for associating a user-provided algorithm -implementation with certain OIDs. It contains the following members: - -@table @code -@item const char *oidstring -Textual representation of the OID. -@end table -@end deftp - -@deftp {Data type} gcry_md_init_t -Type for the `init' function, defined as: void (*gcry_md_init_t) (void -*c) -@end deftp - -@deftp {Data type} gcry_md_write_t -Type for the `write' function, defined as: void (*gcry_md_write_t) -(void *c, unsigned char *buf, size_t nbytes) -@end deftp - -@deftp {Data type} gcry_md_final_t -Type for the `final' function, defined as: void (*gcry_md_final_t) -(void *c) -@end deftp - -@deftp {Data type} gcry_md_read_t -Type for the `read' function, defined as: unsigned char -*(*gcry_md_read_t) (void *c) -@end deftp - -@deftypefun gcry_error_t gcry_md_register (gcry_md_spec_t *@var{digest}, unsigned int *algorithm_id, gcry_module_t *@var{module}) - -Register a new digest module whose specification can be found in -@var{digest}. On success, a new algorithm ID is stored in -@var{algorithm_id} and a pointer representing this module is stored -in @var{module}. Deprecated; the module register interface will be -removed in a future version. -@end deftypefun - -@deftypefun void gcry_md_unregister (gcry_module_t @var{module}) -Unregister the digest identified by @var{module}, which must have been -registered with gcry_md_register. -@end deftypefun - -@deftypefun gcry_error_t gcry_md_list (int *@var{list}, int *@var{list_length}) -Get a list consisting of the IDs of the loaded message digest modules. -If @var{list} is zero, write the number of loaded message digest -modules to @var{list_length} and return. If @var{list} is non-zero, -the first *@var{list_length} algorithm IDs are stored in @var{list}, -which must be of according size. In case there are less message -digests modules than *@var{list_length}, *@var{list_length} is updated -to the correct number. -@end deftypefun - @node Working with hash algorithms @section Working with hash algorithms @@ -4502,18 +4132,13 @@ Create a new public/private key pair. @end table -With the help of the module registration system all these functions +All these functions lookup the module implementing the algorithm and pass the actual work to that module. The parsing of the S-expression input and the construction of S-expression for the return values is done by the high level code (@file{cipher/pubkey.c}). Thus the internal interface between the algorithm modules and the high level functions passes data -in a custom format. The interface to the modules is published -(@file{gcrypt-modules.h}) so that it can used to register external -implementations of algorithms with Libgcrypt. However, for some -algorithms this module interface is to limited and thus for the -internal modules an extra interface is sometimes used to convey more -information. +in a custom format. By default Libgcrypt uses a blinding technique for RSA decryption to mitigate real world timing attacks over a network: Instead of using @@ -5126,12 +4751,7 @@ verification fails. (@code{cipher/@/dsa.c:@/test_keys}) @subsection Software Load Tests -Loading of extra modules into libgcrypt is disabled in FIPS mode and -thus no tests are -implemented. (@code{cipher/@/cipher.c:@/_gcry_cipher_register}, -@code{cipher/@/md.c:@/_gcry_md_register}, -@code{cipher/@/pubkey.c:@/_gcry_pk_register}) - +No code is loaded at runtime. @subsection Manual Key Entry Tests @@ -5332,9 +4952,6 @@ large-pool-CSPRNG generator. The command @code{GCRYCTL_ENABLE_QUICK_RANDOM} is ignored. @item -Registration of external modules is not supported. - -@item Message digest debugging is disabled. @item diff --git a/src/ChangeLog b/src/ChangeLog index 3da69b2d..630aa4e7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,11 +1,30 @@ 2011-09-15 Werner Koch <wk@g10code.com> + Removal of the gcry_ac and the module register interfaces. + + * Makefile.am (include_HEADERS): Remove gcrypt-module.h. + (libgcrypt_la_SOURCES): Add gcrypt-module.h which is now internal + header. + * gcrypt-module.h (gcry_md_register, gcry_md_unregister): Remove. + (gcry_pk_register, gcry_pk_unregister): Remove. + (gcry_cipher_register, gcry_cipher_unregister): Remove. + * visibility.h: Include gcrypt-module.h. + * gcrypt.h.in: Do not include gcrypt-module.h. * gcrypt.h.in: Remove all gcry_ac symbols. + (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove. * visibility.h: Remove all gcry_ac symbols. + (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove. + (gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register) + (gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove. * visibility.c: Remove all gcry_ac wrappers. + (gcry_pk_list, gcry_cipher_list, gcry_md_list): Remove. + (gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register) + (gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove. * libgcrypt.vers: Remove all gcry_ac symbols. (GCRYPT_1.2): Rename to GCRYPT_1.6. + (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove. * libgcrypt.def: Remove all gcry_ac symbols. + (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove. * global.c (global_init): Remove comment code with a call to _gcry_ac_init. diff --git a/src/Makefile.am b/src/Makefile.am index 91680220..2a070677 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = Manifest libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ bin_SCRIPTS = libgcrypt-config m4datadir = $(datadir)/aclocal m4data_DATA = libgcrypt.m4 -include_HEADERS = gcrypt.h gcrypt-module.h +include_HEADERS = gcrypt.h lib_LTLIBRARIES = libgcrypt.la bin_PROGRAMS = dumpsexp hmac256 @@ -53,7 +53,7 @@ endif libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS) libgcrypt_la_SOURCES = g10lib.h visibility.c visibility.h types.h \ - cipher.h cipher-proto.h \ + cipher.h cipher-proto.h gcrypt-module.h \ misc.c global.c sexp.c hwfeatures.c \ stdmem.c stdmem.h secmem.c secmem.h \ mpi.h missing-string.c module.c fips.c \ diff --git a/src/gcrypt-module.h b/src/gcrypt-module.h index f39e2b5c..93f61629 100644 --- a/src/gcrypt-module.h +++ b/src/gcrypt-module.h @@ -19,11 +19,13 @@ /* This file contains the necessary declarations/definitions for - working with Libgcrypt modules. + working with Libgcrypt modules. Since 1.6 this is an internal + interface and will eventually be merged into another header or + entirely removed. */ -#ifndef _GCRYPT_MODULE_H -#define _GCRYPT_MODULE_H +#ifndef GCRYPT_MODULE_H +#define GCRYPT_MODULE_H #ifdef __cplusplus extern "C" { @@ -93,19 +95,6 @@ typedef struct gcry_cipher_spec gcry_cipher_stdecrypt_t stdecrypt; } gcry_cipher_spec_t; -/* Register a new cipher module whose specification can be found in - CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID - and a pointer representing this module is stored in MODULE. */ -gcry_error_t gcry_cipher_register (gcry_cipher_spec_t *cipher, - int *algorithm_id, - gcry_module_t *module) - /* */ _GCRY_ATTR_INTERNAL; - - -/* Unregister the cipher identified by MODULE, which must have been - registered with gcry_cipher_register. */ -void gcry_cipher_unregister (gcry_module_t module) - /* */ _GCRY_ATTR_INTERNAL; /* ********************** */ @@ -171,18 +160,6 @@ typedef struct gcry_pk_spec gcry_pk_get_nbits_t get_nbits; } gcry_pk_spec_t; -/* Register a new pubkey module whose specification can be found in - PUBKEY. On success, a new algorithm ID is stored in ALGORITHM_ID - and a pointer representhing this module is stored in MODULE. */ -gcry_error_t gcry_pk_register (gcry_pk_spec_t *pubkey, - unsigned int *algorithm_id, - gcry_module_t *module) - /* */ _GCRY_ATTR_INTERNAL; - -/* Unregister the pubkey identified by ID, which must have been - registered with gcry_pk_register. */ -void gcry_pk_unregister (gcry_module_t module) - /* */ _GCRY_ATTR_INTERNAL; /* ********************** */ @@ -218,23 +195,10 @@ typedef struct gcry_md_spec size_t contextsize; /* allocate this amount of context */ } gcry_md_spec_t; -/* Register a new digest module whose specification can be found in - DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID - and a pointer representhing this module is stored in MODULE. */ -gcry_error_t gcry_md_register (gcry_md_spec_t *digest, - unsigned int *algorithm_id, - gcry_module_t *module) - /* */ _GCRY_ATTR_INTERNAL; - -/* Unregister the digest identified by ID, which must have been - registered with gcry_digest_register. */ -void gcry_md_unregister (gcry_module_t module) - /* */ _GCRY_ATTR_INTERNAL; - #if 0 /* keep Emacsens's auto-indent happy */ { #endif #ifdef __cplusplus } #endif -#endif +#endif /*GCRYPT_MODULE_H*/ diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 33059d2f..f66642b1 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -951,14 +951,6 @@ size_t gcry_cipher_get_algo_blklen (int algo); #define gcry_cipher_test_algo(a) \ gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) -/* Get a list consisting of the IDs of the loaded cipher modules. If - LIST is zero, write the number of loaded cipher modules to - LIST_LENGTH and return. If LIST is non-zero, the first - *LIST_LENGTH algorithm IDs are stored in LIST, which must be of - according size. In case there are less cipher modules than - *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ -gcry_error_t gcry_cipher_list (int *list, int *list_length); - /************************************ * * @@ -1049,13 +1041,6 @@ gcry_sexp_t gcry_pk_get_param (int algo, const char *name); #define gcry_pk_test_algo(a) \ gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) -/* Get a list consisting of the IDs of the loaded pubkey modules. If - LIST is zero, write the number of loaded pubkey modules to - LIST_LENGTH and return. If LIST is non-zero, the first - *LIST_LENGTH algorithm IDs are stored in LIST, which must be of - according size. In case there are less pubkey modules than - *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ -gcry_error_t gcry_pk_list (int *list, int *list_length); @@ -1239,15 +1224,6 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix); gcry_md_ctl( (a), GCRYCTL_STOP_DUMP, (b), 0 ) #endif -/* Get a list consisting of the IDs of the loaded message digest - modules. If LIST is zero, write the number of loaded message - digest modules to LIST_LENGTH and return. If LIST is non-zero, the - first *LIST_LENGTH algorithm IDs are stored in LIST, which must be - of according size. In case there are less message digest modules - than *LIST_LENGTH, *LIST_LENGTH is updated to the correct - number. */ -gcry_error_t gcry_md_list (int *list, int *list_length); - /****************************** @@ -1490,9 +1466,6 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE; #define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0) -/* Include support for Libgcrypt modules. */ -#include <gcrypt-module.h> - #if 0 /* (Keep Emacsens' auto-indent happy.) */ { #endif diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 55fd6d70..9bf01670 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -132,7 +132,8 @@ EXPORTS gcry_cipher_decrypt @101 gcry_cipher_get_algo_keylen @102 gcry_cipher_get_algo_blklen @103 - gcry_cipher_list @104 + +;; @104 used to be part of the module register interface gcry_pk_encrypt @105 gcry_pk_decrypt @106 @@ -146,7 +147,8 @@ EXPORTS gcry_pk_map_name @114 gcry_pk_get_nbits @115 gcry_pk_get_keygrip @116 - gcry_pk_list @117 + +;; @117 used to be part of the module register interface ;; ;; 118 to 142 were used in previous Libgcrypt versions for the gcry_ac @@ -171,8 +173,7 @@ EXPORTS gcry_md_algo_name @158 gcry_md_map_name @159 gcry_md_setkey @160 - gcry_md_list @161 - +;; @161 used to be part of the module register interface gcry_randomize @162 gcry_random_add_bytes @163 gcry_random_bytes @164 @@ -188,16 +189,14 @@ EXPORTS gcry_md_debug @172 - gcry_cipher_register @173 - gcry_cipher_unregister @174 - gcry_md_register @175 - gcry_md_unregister @176 - gcry_pk_register @177 - gcry_pk_unregister @178 - +;; @173 used to be part of the module register interface +;; @174 used to be part of the module register interface +;; @175 used to be part of the module register interface +;; @176 used to be part of the module register interface +;; @177 used to be part of the module register interface +;; @178 used to be part of the module register interface ;; -;; 179 to 186 were used in previous Libgcrypt versions for the gcry_ac -;; interface +;; @179 to @186 used to be part of the removed gcry_ac interface ;; gcry_sexp_nth_string @187 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 58307db5..dcb37490 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -40,23 +40,22 @@ GCRYPT_1.6 { gcry_md_copy; gcry_md_ctl; gcry_md_enable; gcry_md_get; gcry_md_get_algo; gcry_md_get_algo_dlen; gcry_md_hash_buffer; gcry_md_info; gcry_md_is_enabled; gcry_md_is_secure; - gcry_md_list; gcry_md_map_name; gcry_md_open; gcry_md_read; - gcry_md_register; gcry_md_reset; gcry_md_setkey; - gcry_md_unregister; gcry_md_write; gcry_md_debug; + gcry_md_map_name; gcry_md_open; gcry_md_read; + gcry_md_reset; gcry_md_setkey; + gcry_md_write; gcry_md_debug; gcry_cipher_algo_info; gcry_cipher_algo_name; gcry_cipher_close; gcry_cipher_ctl; gcry_cipher_decrypt; gcry_cipher_encrypt; gcry_cipher_get_algo_blklen; gcry_cipher_get_algo_keylen; - gcry_cipher_info; gcry_cipher_list; gcry_cipher_map_name; + gcry_cipher_info; gcry_cipher_map_name; gcry_cipher_mode_from_oid; gcry_cipher_open; - gcry_cipher_register; gcry_cipher_unregister; gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr; gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl; gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey; - gcry_pk_get_keygrip; gcry_pk_get_nbits; gcry_pk_list; + gcry_pk_get_keygrip; gcry_pk_get_nbits; gcry_pk_map_name; gcry_pk_register; gcry_pk_sign; - gcry_pk_testkey; gcry_pk_unregister; gcry_pk_verify; + gcry_pk_testkey; gcry_pk_verify; gcry_pk_get_curve; gcry_pk_get_param; gcry_kdf_derive; diff --git a/src/visibility.c b/src/visibility.c index d1c55de5..2d3edbc9 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -622,12 +622,6 @@ gcry_cipher_get_algo_blklen (int algo) } gcry_error_t -gcry_cipher_list (int *list, int *list_length) -{ - return _gcry_cipher_list (list, list_length); -} - -gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t pkey) { if (!fips_is_operational ()) @@ -760,12 +754,6 @@ gcry_pk_get_param (int algo, const char *name) } gcry_error_t -gcry_pk_list (int *list, int *list_length) -{ - return _gcry_pk_list (list, list_length); -} - -gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { if (!fips_is_operational ()) @@ -922,13 +910,6 @@ gcry_md_debug (gcry_md_hd_t hd, const char *suffix) _gcry_md_debug (hd, suffix); } -gcry_error_t -gcry_md_list (int *list, int *list_length) -{ - return _gcry_md_list (list, list_length); -} - - gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen, int algo, int hashalgo, @@ -1163,43 +1144,3 @@ gcry_is_secure (const void *a) { return _gcry_is_secure (a); } - - -gcry_error_t -gcry_cipher_register (gcry_cipher_spec_t *cipher, int *algorithm_id, - gcry_module_t *module) -{ - return _gcry_cipher_register (cipher, NULL, algorithm_id, module); -} - -void -gcry_cipher_unregister (gcry_module_t module) -{ - _gcry_cipher_unregister (module); -} - -gcry_error_t -gcry_pk_register (gcry_pk_spec_t *pubkey, unsigned int *algorithm_id, - gcry_module_t *module) -{ - return _gcry_pk_register (pubkey, NULL, algorithm_id, module); -} - -void -gcry_pk_unregister (gcry_module_t module) -{ - _gcry_pk_unregister (module); -} - -gcry_error_t -gcry_md_register (gcry_md_spec_t *digest, unsigned int *algorithm_id, - gcry_module_t *module) -{ - return _gcry_md_register (digest, NULL, algorithm_id, module); -} - -void -gcry_md_unregister (gcry_module_t module) -{ - _gcry_md_unregister (module); -} diff --git a/src/visibility.h b/src/visibility.h index 072018ac..4606a209 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -66,12 +66,9 @@ #define gcry_md_info _gcry_md_info #define gcry_md_is_enabled _gcry_md_is_enabled #define gcry_md_is_secure _gcry_md_is_secure -#define gcry_md_list _gcry_md_list #define gcry_md_map_name _gcry_md_map_name #define gcry_md_open _gcry_md_open #define gcry_md_read _gcry_md_read -/* gcry_md_register and _gcry_md_register differ. */ -#define gcry_md_unregister _gcry_md_unregister #define gcry_md_reset _gcry_md_reset #define gcry_md_setkey _gcry_md_setkey #define gcry_md_write _gcry_md_write @@ -89,12 +86,9 @@ #define gcry_cipher_get_algo_blklen _gcry_cipher_get_algo_blklen #define gcry_cipher_get_algo_keylen _gcry_cipher_get_algo_keylen #define gcry_cipher_info _gcry_cipher_info -#define gcry_cipher_list _gcry_cipher_list #define gcry_cipher_map_name _gcry_cipher_map_name #define gcry_cipher_mode_from_oid _gcry_cipher_mode_from_oid #define gcry_cipher_open _gcry_cipher_open -/* gcry_cipher_register and _gcry_cipher_register differ. */ -#define gcry_cipher_unregister _gcry_cipher_unregister #define gcry_pk_algo_info _gcry_pk_algo_info #define gcry_pk_algo_name _gcry_pk_algo_name @@ -106,10 +100,7 @@ #define gcry_pk_get_curve _gcry_pk_get_curve #define gcry_pk_get_param _gcry_pk_get_param #define gcry_pk_get_nbits _gcry_pk_get_nbits -#define gcry_pk_list _gcry_pk_list #define gcry_pk_map_name _gcry_pk_map_name -/* gcry_pk_register and _gcry_pk_register differ. */ -#define gcry_pk_unregister _gcry_pk_unregister #define gcry_pk_sign _gcry_pk_sign #define gcry_pk_testkey _gcry_pk_testkey #define gcry_pk_verify _gcry_pk_verify @@ -206,6 +197,7 @@ #else # include "gcrypt.h" #endif +#include "gcrypt-module.h" /* Prototypes of functions exported but not ready for use. */ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo, @@ -280,12 +272,9 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo, #undef gcry_md_info #undef gcry_md_is_enabled #undef gcry_md_is_secure -#undef gcry_md_list #undef gcry_md_map_name #undef gcry_md_open #undef gcry_md_read -/* gcry_md_register is not anymore a macro. */ -#undef gcry_md_unregister #undef gcry_md_reset #undef gcry_md_setkey #undef gcry_md_write @@ -303,12 +292,9 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo, #undef gcry_cipher_get_algo_blklen #undef gcry_cipher_get_algo_keylen #undef gcry_cipher_info -#undef gcry_cipher_list #undef gcry_cipher_map_name #undef gcry_cipher_mode_from_oid #undef gcry_cipher_open -/* gcry_cipher_register is not anymore a macro. */ -#undef gcry_cipher_unregister #undef gcry_pk_algo_info #undef gcry_pk_algo_name @@ -320,10 +306,7 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo, #undef gcry_pk_get_curve #undef gcry_pk_get_param #undef gcry_pk_get_nbits -#undef gcry_pk_list #undef gcry_pk_map_name -/* gcry_pk_register is not anymore a macro. */ -#undef gcry_pk_unregister #undef gcry_pk_sign #undef gcry_pk_testkey #undef gcry_pk_verify @@ -455,14 +438,11 @@ MARK_VISIBLE (gcry_md_hash_buffer) MARK_VISIBLE (gcry_md_info) MARK_VISIBLE (gcry_md_is_enabled) MARK_VISIBLE (gcry_md_is_secure) -MARK_VISIBLE (gcry_md_list) MARK_VISIBLE (gcry_md_map_name) MARK_VISIBLE (gcry_md_open) MARK_VISIBLE (gcry_md_read) -MARK_VISIBLEX(gcry_md_register) MARK_VISIBLE (gcry_md_reset) MARK_VISIBLE (gcry_md_setkey) -MARK_VISIBLE (gcry_md_unregister) MARK_VISIBLE (gcry_md_write) MARK_VISIBLE (gcry_md_debug) @@ -478,12 +458,9 @@ MARK_VISIBLE (gcry_cipher_encrypt) MARK_VISIBLE (gcry_cipher_get_algo_blklen) MARK_VISIBLE (gcry_cipher_get_algo_keylen) MARK_VISIBLE (gcry_cipher_info) -MARK_VISIBLE (gcry_cipher_list) MARK_VISIBLE (gcry_cipher_map_name) MARK_VISIBLE (gcry_cipher_mode_from_oid) MARK_VISIBLE (gcry_cipher_open) -MARK_VISIBLEX(gcry_cipher_register) -MARK_VISIBLE (gcry_cipher_unregister) MARK_VISIBLE (gcry_pk_algo_info) MARK_VISIBLE (gcry_pk_algo_name) @@ -495,12 +472,9 @@ MARK_VISIBLE (gcry_pk_get_keygrip) MARK_VISIBLE (gcry_pk_get_curve) MARK_VISIBLE (gcry_pk_get_param) MARK_VISIBLE (gcry_pk_get_nbits) -MARK_VISIBLE (gcry_pk_list) MARK_VISIBLE (gcry_pk_map_name) -MARK_VISIBLEX(gcry_pk_register) MARK_VISIBLE (gcry_pk_sign) MARK_VISIBLE (gcry_pk_testkey) -MARK_VISIBLE (gcry_pk_unregister) MARK_VISIBLE (gcry_pk_verify) MARK_VISIBLE (gcry_kdf_derive) diff --git a/tests/ChangeLog b/tests/ChangeLog index 03f001ea..8e968986 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,5 +1,7 @@ 2011-09-15 Werner Koch <wk@g10code.com> + * register.c: Remove. + * ac-data.c, ac-schemes.c, ac.c: Remove. 2011-06-13 Werner Koch <wk@g10code.com> diff --git a/tests/Makefile.am b/tests/Makefile.am index e20518f6..f1f9e6f3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -18,7 +18,7 @@ ## Process this file with automake to produce Makefile.in -TESTS = version t-mpi-bit prime register basic \ +TESTS = version t-mpi-bit prime basic \ mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap \ curves t-kdf pkcs1v2 diff --git a/tests/register.c b/tests/register.c deleted file mode 100644 index 4d8cebe8..00000000 --- a/tests/register.c +++ /dev/null @@ -1,187 +0,0 @@ -/* register.c - Test for registering of additional cipher modules. - * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. - * - * This file is part of Libgcrypt. - * - * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * Libgcrypt is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> - -#include "../src/gcrypt.h" - -static int verbose; -static int in_fips_mode; - -static void -die (const char *format, ...) -{ - va_list arg_ptr ; - - va_start( arg_ptr, format ) ; - vfprintf (stderr, format, arg_ptr ); - va_end(arg_ptr); - exit (1); -} - -gcry_err_code_t -foo_setkey (void *c, const unsigned char *key, unsigned keylen) -{ - (void)c; - (void)key; - (void)keylen; - - return 0; -} - -#define FOO_BLOCKSIZE 16 - -void -foo_encrypt (void *c, unsigned char *outbuf, const unsigned char *inbuf) -{ - int i; - - (void)c; - - for (i = 0; i < FOO_BLOCKSIZE; i++) - outbuf[i] = inbuf[i] ^ 0x42; -} - -void -foo_decrypt (void *c, unsigned char *outbuf, const unsigned char *inbuf) -{ - int i; - - (void)c; - - for (i = 0; i < FOO_BLOCKSIZE; i++) - outbuf[i] = inbuf[i] ^ 0x42; -} - -gcry_cipher_spec_t cipher_spec_foo = - { - "FOO", NULL, NULL, 16, 0, 0, - foo_setkey, foo_encrypt, foo_decrypt, - NULL, NULL, - }; - -int -check_list (int algorithm) -{ - gcry_error_t err = GPG_ERR_NO_ERROR; - int *list, list_length; - int i, ret = 0; - - err = gcry_cipher_list (NULL, &list_length); - assert (! err); - list = malloc (sizeof (int) * list_length); - assert (list); - err = gcry_cipher_list (list, &list_length); - - for (i = 0; i < list_length && (! ret); i++) - if (list[i] == algorithm) - ret = 1; - - return ret; -} - -void -check_run (void) -{ - int err, algorithm; - gcry_cipher_hd_t h; - char plain[16] = "Heil Discordia!"; - char encrypted[16], decrypted[16]; - gcry_module_t module; - int ret; - - err = gcry_cipher_register (&cipher_spec_foo, &algorithm, &module); - if (in_fips_mode) - { - if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) - die ("register cipher failed in fips mode: %s\n", gpg_strerror (err)); - return; - } - else - { - if (err) - die ("register cipher failed: %s\n", gpg_strerror (err)); - } - - err = gcry_cipher_open (&h, algorithm, GCRY_CIPHER_MODE_CBC, 0); - if (err) - die ("gcry_cipher_open failed: %s\n", gpg_strerror (err)); - - err = gcry_cipher_encrypt (h, - (unsigned char *) encrypted, sizeof (encrypted), - (unsigned char *) plain, sizeof (plain)); - assert (! err); - assert (memcmp ((void *) plain, (void *) encrypted, sizeof (plain))); - - err = gcry_cipher_reset (h); - assert (! err); - - err = gcry_cipher_decrypt (h, - (unsigned char *) decrypted, sizeof (decrypted), - (unsigned char *) encrypted, sizeof (encrypted)); - assert (! err); - assert (! memcmp ((void *) plain, (void *) decrypted, sizeof (plain))); - - ret = check_list (algorithm); - assert (ret); - - gcry_cipher_close (h); - - gcry_cipher_unregister (module); - - ret = check_list (algorithm); - assert (! ret); -} - -int -main (int argc, char **argv) -{ - int debug = 0; - int i = 1; - - if (argc > 1 && !strcmp (argv[1], "--verbose")) - verbose = 1; - else if (argc > 1 && !strcmp (argv[1], "--debug")) - verbose = debug = 1; - - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - if (!gcry_check_version (GCRYPT_VERSION)) - die ("version mismatch\n"); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - if (debug) - gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); - - if ( gcry_control (GCRYCTL_FIPS_MODE_P, 0) ) - in_fips_mode = 1; - - for (; i > 0; i--) - check_run (); - - /* In fips mode we let the Makefile skip this test because a PASS - would not make much sense with all egistering disabled. */ - return in_fips_mode? 77:0; -} |