summaryrefslogtreecommitdiff
path: root/cipher/rsa-common.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2013-10-22 14:26:53 +0200
committerWerner Koch <wk@gnupg.org>2013-12-05 08:27:48 +0100
commit7bacf1812b55fa78db63abaa1f5a9220e9c6cccc (patch)
tree4141585ef24a83e22e411355585784f24b78f58f /cipher/rsa-common.c
parent85bb0a98ea5add0296cbcc415d557eaa1f6bd294 (diff)
downloadlibgcrypt-7bacf1812b55fa78db63abaa1f5a9220e9c6cccc.tar.gz
Remove macro hacks for internal vs. external functions. Part 1.
* src/visibility.h: Remove almost all define/undef hacks for symbol visibility. Add macros to detect the use of the public functions. Change all affected functions by prefixing them explicitly with an underscore and change all internal callers to call the underscore prefixed versions. Provide convenience macros from sexp and mpi functions. * src/visibility.c: Change all functions to use only gpg_err_code_t and translate to gpg_error_t only in visibility.c. -- The use of the macro magic made if hard to follow the function calls in the source. It was not easy to see if an internal or external function (as defined by visibility.c) was called. The change is quite large but hopefully makes Libgcrypt easier to maintain. Some function have not yet been fixed; this will be done soon. Because Libgcrypt does no make use of any other libgpg-error using libraries it is useless to always translate between gpg_error_t and gpg_err_code_t (i.e with and w/o error source identifier). This translation has no mostly be moved to the function wrappers in visibility.c. An additional advantage of using gpg_err_code_t is that comparison can be done without using gpg_err_code(). I am sorry for that large patch, but a series of patches would actually be more work to audit. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'cipher/rsa-common.c')
-rw-r--r--cipher/rsa-common.c74
1 files changed, 31 insertions, 43 deletions
diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
index b1b212fd..65b007f1 100644
--- a/cipher/rsa-common.c
+++ b/cipher/rsa-common.c
@@ -73,7 +73,6 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits,
size_t random_override_len)
{
gcry_err_code_t rc = 0;
- gcry_error_t err;
unsigned char *frame = NULL;
size_t nframe = (nbits+7) / 8;
int i;
@@ -116,7 +115,7 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits,
}
else
{
- p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
+ p = _gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
/* Replace zero bytes by new values. */
for (;;)
{
@@ -133,7 +132,7 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits,
break; /* Okay: no (more) zero bytes. */
k += k/128 + 3; /* Better get some more. */
- pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
+ pp = _gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
for (j=0; j < i && k; )
{
if (!p[j])
@@ -153,10 +152,8 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits,
n += valuelen;
gcry_assert (n == nframe);
- err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe);
- if (err)
- rc = gcry_err_code (err);
- else if (DBG_CIPHER)
+ rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe);
+ if (!rc &&DBG_CIPHER)
log_mpidump ("PKCS#1 block type 2 encoded data", *r_result);
gcry_free (frame);
@@ -182,7 +179,7 @@ _gcry_rsa_pkcs1_decode_for_enc (unsigned char **r_result, size_t *r_resultlen,
if ( !(frame = gcry_malloc_secure (nframe)))
return gpg_err_code_from_syserror ();
- err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value);
+ err = _gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value);
if (err)
{
gcry_free (frame);
@@ -265,7 +262,6 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
int algo)
{
gcry_err_code_t rc = 0;
- gcry_error_t err;
byte asn[100];
byte *frame = NULL;
size_t nframe = (nbits+7) / 8;
@@ -274,9 +270,9 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
size_t asnlen, dlen;
asnlen = DIM(asn);
- dlen = gcry_md_get_algo_dlen (algo);
+ dlen = _gcry_md_get_algo_dlen (algo);
- if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
+ if (_gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{
/* We don't have yet all of the above algorithms. */
return GPG_ERR_NOT_IMPLEMENTED;
@@ -315,10 +311,8 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits,
gcry_assert (n == nframe);
/* Convert it into an MPI. */
- err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe);
- if (err)
- rc = gcry_err_code (err);
- else if (DBG_CIPHER)
+ rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe);
+ if (!rc && DBG_CIPHER)
log_mpidump ("PKCS#1 block type 1 encoded data", *r_result);
gcry_free (frame);
@@ -336,11 +330,11 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen,
gcry_md_hd_t hd;
gcry_error_t err;
- err = gcry_md_open (&hd, algo, 0);
+ err = _gcry_md_open (&hd, algo, 0);
if (err)
- return gpg_err_code (err);
+ return err;
- dlen = gcry_md_get_algo_dlen (algo);
+ dlen = _gcry_md_get_algo_dlen (algo);
/* We skip step 1 which would be assert(OUTLEN <= 2^32). The loop
in step 3 is merged with step 4 by concatenating no more octets
@@ -353,7 +347,7 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen,
unsigned char c[4], *digest;
if (idx)
- gcry_md_reset (hd);
+ _gcry_md_reset (hd);
c[0] = (idx >> 24) & 0xFF;
c[1] = (idx >> 16) & 0xFF;
@@ -361,16 +355,16 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen,
c[3] = idx & 0xFF;
idx++;
- gcry_md_write (hd, seed, seedlen);
- gcry_md_write (hd, c, 4);
- digest = gcry_md_read (hd, 0);
+ _gcry_md_write (hd, seed, seedlen);
+ _gcry_md_write (hd, c, 4);
+ digest = _gcry_md_read (hd, 0);
n = (outlen - nbytes < dlen)? (outlen - nbytes) : dlen;
memcpy (output+nbytes, digest, n);
nbytes += n;
}
- gcry_md_close (hd);
+ _gcry_md_close (hd);
return GPG_ERR_NO_ERROR;
}
@@ -413,7 +407,6 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
const void *random_override, size_t random_override_len)
{
gcry_err_code_t rc = 0;
- gcry_error_t err;
unsigned char *frame = NULL;
size_t nframe = (nbits+7) / 8;
unsigned char *p;
@@ -429,7 +422,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
labellen = 0;
}
- hlen = gcry_md_get_algo_dlen (algo);
+ hlen = _gcry_md_get_algo_dlen (algo);
/* We skip step 1a which would be to check that LABELLEN is not
greater than 2^61-1. See rfc-3447 7.1.1. */
@@ -449,7 +442,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
/* Step 2a: Compute the hash of the label. We store it in the frame
where later the maskedDB will commence. */
- gcry_md_hash_buffer (algo, frame + 1 + hlen, label, labellen);
+ _gcry_md_hash_buffer (algo, frame + 1 + hlen, label, labellen);
/* Step 2b: Set octet string to zero. */
/* This has already been done while allocating FRAME. */
@@ -471,7 +464,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
memcpy (frame + 1, random_override, hlen);
}
else
- gcry_randomize (frame + 1, hlen, GCRY_STRONG_RANDOM);
+ _gcry_randomize (frame + 1, hlen, GCRY_STRONG_RANDOM);
/* Step 2e and 2f: Create maskedDB. */
{
@@ -523,10 +516,8 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
/* This has already been done by using in-place operations. */
/* Convert the stuff into an MPI as expected by the caller. */
- err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, nframe, NULL);
- if (err)
- rc = gcry_err_code (err);
- else if (DBG_CIPHER)
+ rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, nframe, NULL);
+ if (!rc && DBG_CIPHER)
log_mpidump ("OAEP encoded data", *r_result);
gcry_free (frame);
@@ -574,13 +565,13 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen,
}
/* Get the length of the digest. */
- hlen = gcry_md_get_algo_dlen (algo);
+ hlen = _gcry_md_get_algo_dlen (algo);
/* Hash the label right away. */
lhash = gcry_malloc (hlen);
if (!lhash)
return gpg_err_code_from_syserror ();
- gcry_md_hash_buffer (algo, lhash, label, labellen);
+ _gcry_md_hash_buffer (algo, lhash, label, labellen);
/* Turn the MPI into an octet string. If the octet string is
shorter than the key we pad it to the left with zeroes. This may
@@ -725,7 +716,6 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
const void *random_override, size_t random_override_len)
{
gcry_err_code_t rc = 0;
- gcry_error_t err;
size_t hlen; /* Length of the hash digest. */
unsigned char *em = NULL; /* Encoded message. */
size_t emlen = (nbits+7)/8; /* Length in bytes of EM. */
@@ -741,7 +731,7 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
/* This code is implemented as described by rfc-3447 9.1.1. */
/* Get the length of the digest. */
- hlen = gcry_md_get_algo_dlen (algo);
+ hlen = _gcry_md_get_algo_dlen (algo);
gcry_assert (hlen); /* We expect a valid ALGO here. */
/* Allocate a help buffer and setup some pointers. */
@@ -794,12 +784,12 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
memcpy (salt, random_override, saltlen);
}
else
- gcry_randomize (salt, saltlen, GCRY_STRONG_RANDOM);
+ _gcry_randomize (salt, saltlen, GCRY_STRONG_RANDOM);
}
/* Step 5 and 6: M' = Hash(Padding1 || mHash || salt). */
memset (buf, 0, 8); /* Padding. */
- gcry_md_hash_buffer (algo, h, buf, 8 + hlen + saltlen);
+ _gcry_md_hash_buffer (algo, h, buf, 8 + hlen + saltlen);
/* Step 7 and 8: DB = PS || 0x01 || salt. */
/* Note that we use EM to store DB and later Xor in-place. */
@@ -822,10 +812,8 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo,
em[emlen-1] = 0xbc;
/* Convert EM into an MPI. */
- err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, em, emlen, NULL);
- if (err)
- rc = gcry_err_code (err);
- else if (DBG_CIPHER)
+ rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, em, emlen, NULL);
+ if (!rc && DBG_CIPHER)
log_mpidump ("PSS encoded data", *r_result);
leave:
@@ -869,7 +857,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded,
/* This code is implemented as described by rfc-3447 9.1.2. */
/* Get the length of the digest. */
- hlen = gcry_md_get_algo_dlen (algo);
+ hlen = _gcry_md_get_algo_dlen (algo);
gcry_assert (hlen); /* We expect a valid ALGO here. */
/* Allocate a help buffer and setup some pointers.
@@ -965,7 +953,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded,
memcpy (buf+8+hlen, salt, saltlen);
/* Step 13: H' = Hash(M'). */
- gcry_md_hash_buffer (algo, buf, buf, 8 + hlen + saltlen);
+ _gcry_md_hash_buffer (algo, buf, buf, 8 + hlen + saltlen);
/* Step 14: Check H == H'. */
rc = memcmp (h, buf, hlen) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-21 20:10:18 +0000