diff options
| author | Werner Koch <wk@gnupg.org> | 1999-11-19 17:11:37 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 1999-11-19 17:11:37 +0100 |
| commit | 2694bceb45f71b7808aec66f30d8ee720a92eb67 (patch) | |
| tree | 358ee56c220c853334ec604d653c3483be72ff2f | |
| parent | See ChangeLog: Mon Nov 15 21:36:02 CET 1999 Werner Koch (diff) | |
| download | gnupg2-2694bceb45f71b7808aec66f30d8ee720a92eb67.tar.xz gnupg2-2694bceb45f71b7808aec66f30d8ee720a92eb67.zip | |
See ChangeLog: Fri Nov 19 17:15:20 CET 1999 Werner Koch
| -rw-r--r-- | cipher/ChangeLog | 21 | ||||
| -rw-r--r-- | cipher/cipher.c | 8 | ||||
| -rw-r--r-- | cipher/dsa.c | 6 | ||||
| -rw-r--r-- | cipher/dynload.c | 37 | ||||
| -rw-r--r-- | cipher/elgamal.c | 8 | ||||
| -rw-r--r-- | cipher/md.c | 1 | ||||
| -rw-r--r-- | cipher/md5.c | 2 | ||||
| -rw-r--r-- | cipher/primegen.c | 13 | ||||
| -rw-r--r-- | cipher/pubkey.c | 1 | ||||
| -rw-r--r-- | cipher/random.c | 11 | ||||
| -rw-r--r-- | cipher/rmd160.c | 2 | ||||
| -rw-r--r-- | cipher/rndegd.c | 41 | ||||
| -rw-r--r-- | cipher/rndlinux.c | 15 | ||||
| -rw-r--r-- | cipher/rndunix.c | 2 | ||||
| -rw-r--r-- | cipher/rndw32.c | 1 | ||||
| -rw-r--r-- | cipher/sha1.c | 2 | ||||
| -rw-r--r-- | cipher/smallprime.c | 1 | ||||
| -rw-r--r-- | cipher/tiger.c | 2 | ||||
| -rw-r--r-- | cipher/twofish.c | 1 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/armor.c | 6 | ||||
| -rw-r--r-- | g10/g10.c | 29 | ||||
| -rw-r--r-- | g10/tdbdump.c | 4 | ||||
| -rw-r--r-- | include/g10lib.h | 94 | ||||
| -rw-r--r-- | include/memory.h | 1 | ||||
| -rw-r--r-- | include/util.h | 11 | ||||
| -rw-r--r-- | mpi/ChangeLog | 20 | ||||
| -rw-r--r-- | mpi/mpicoder.c | 14 | ||||
| -rw-r--r-- | mpi/mpih-mul.c | 11 | ||||
| -rw-r--r-- | mpi/mpiutil.c | 173 | ||||
| -rw-r--r-- | util/ChangeLog | 21 | ||||
| -rw-r--r-- | util/argparse.c | 16 | ||||
| -rw-r--r-- | util/memory.c | 104 | ||||
| -rw-r--r-- | util/secmem.c | 3 |
35 files changed, 416 insertions, 283 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 8231cbedb..bfe180d9f 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,24 @@ +Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de> + + * dynload.c (cmp_filenames): New to replaced compare_filename() in + module. + (register_cipher_extension): Removed the tilde expansion stuff. + * rndeg.c (my_make_filename): New. + + * : Replaced header util.h by g10lib.h + + * random.c (gather_faked): Replaced make_timestamp by time(2). + Disabled wrning printed with tty_printf. + * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx; + this should be replaced by a callback function. + + * primegen.c (gen_prime): Use gcry_mpi_randomize. + (is_prime): Ditto. + * elgamal.c (test_keys): Ditto. + * dsa.c (test_keys): Ditto. + + * cipher.c (gcry_cipher_close): Die on invalid handle. + Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de> * elgamal.c (gen_k): Use the new random API. diff --git a/cipher/cipher.c b/cipher/cipher.c index 0a1ad604f..1a7a65845 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -26,7 +26,6 @@ #include <assert.h> #include "g10lib.h" -#include "util.h" #include "cipher.h" #include "des.h" #include "blowfish.h" @@ -418,10 +417,9 @@ gcry_cipher_close( GCRY_CIPHER_HD h ) { if( !h ) return; - if( h->magic != CTX_MAGIC_SECURE && h->magic != CTX_MAGIC_NORMAL ) { - fatal_invalid_arg("gcry_cipher_close: already closed/invalid handle"); - return; - } + if( h->magic != CTX_MAGIC_SECURE && h->magic != CTX_MAGIC_NORMAL ) + g10_fatal_error(GCRYERR_INTERNAL, + "gcry_cipher_close: already closed/invalid handle"); h->magic = 0; g10_free(h); } diff --git a/cipher/dsa.c b/cipher/dsa.c index 91c797c40..903625c11 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -24,7 +24,6 @@ #include <string.h> #include <assert.h> #include "g10lib.h" -#include "util.h" #include "mpi.h" #include "cipher.h" #include "dsa.h" @@ -130,10 +129,7 @@ test_keys( DSA_secret_key *sk, unsigned qbits ) pk.q = sk->q; pk.g = sk->g; pk.y = sk->y; - { char *p = gcry_random_bytes( (qbits+7)/8, GCRY_WEAK_RANDOM ); - mpi_set_buffer( test, p, (qbits+7)/8, 0 ); - g10_free(p); - } + gcry_mpi_randomize( test, qbits, GCRY_WEAK_RANDOM ); sign( out1_a, out1_b, test, sk ); if( !verify( out1_a, out1_b, test, &pk ) ) diff --git a/cipher/dynload.c b/cipher/dynload.c index 962b398a4..262325c71 100644 --- a/cipher/dynload.c +++ b/cipher/dynload.c @@ -32,7 +32,6 @@ #include <errno.h> #endif #include "g10lib.h" -#include "util.h" #include "cipher.h" #include "dynload.h" @@ -102,6 +101,20 @@ static int dld_available; #endif +static int +cmp_filenames( const char *a, const char *b ) +{ + /* ? check whether this is an absolute filename and + * resolve symlinks? + */ + #ifdef HAVE_DRIVE_LETTERS + return stricmp(a,b); + #else + return strcmp(a,b); + #endif +} + + /**************** * Register an extension module. The last registered module will * be loaded first. A name may have a list of classes @@ -125,21 +138,9 @@ register_cipher_extension( const char *mainpgm, const char *fname ) if( !mainpgm_path && mainpgm && *mainpgm ) mainpgm_path = m_strdup(mainpgm); #endif - if( *fname != '/' ) { /* do tilde expansion etc */ - char *tmp; - - if( strchr(fname, '/') ) - tmp = make_filename(fname, NULL); - else - tmp = make_filename(GNUPG_LIBDIR, fname, NULL); - el = g10_xcalloc( 1, sizeof *el + strlen(tmp) ); - strcpy(el->name, tmp ); - g10_free(tmp); - } - else { - el = g10_xcalloc( 1, sizeof *el + strlen(fname) ); - strcpy(el->name, fname ); - } + el = g10_xcalloc( 1, sizeof *el + strlen(fname) ); + strcpy(el->name, fname ); + /* check whether we have a class hint */ if( (p=strchr(el->name,'(')) && (pe=strchr(p+1,')')) && !pe[1] ) { *p = *pe = 0; @@ -151,7 +152,7 @@ register_cipher_extension( const char *mainpgm, const char *fname ) /* check that it is not already registered */ intex = NULL; for(r = extensions; r; r = r->next ) { - if( !compare_filenames(r->name, el->name) ) { + if( !cmp_filenames(r->name, el->name) ) { log_info("extension `%s' already registered\n", el->name ); g10_free(el); return; @@ -187,7 +188,7 @@ register_internal_cipher_extension( /* check that it is not already registered */ for(r = extensions; r; r = r->next ) { - if( !compare_filenames(r->name, el->name) ) { + if( !cmp_filenames(r->name, el->name) ) { log_info("extension `%s' already registered\n", el->name ); g10_free(el); return; diff --git a/cipher/elgamal.c b/cipher/elgamal.c index d57906457..f88aa91d3 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -27,7 +27,6 @@ #include <stdlib.h> #include <string.h> #include "g10lib.h" -#include "util.h" #include "mpi.h" #include "cipher.h" #include "elgamal.h" @@ -77,12 +76,7 @@ test_keys( ELG_secret_key *sk, unsigned nbits ) pk.g = sk->g; pk.y = sk->y; - /*mpi_set_bytes( test, nbits, get_random_byte, 0 );*/ - { char *p = gcry_random_bytes( (nbits+7)/8, GCRY_WEAK_RANDOM ); - mpi_set_buffer( test, p, (nbits+7)/8, 0 ); - g10_free(p); - } - + gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM ); encrypt( out1_a, out1_b, test, &pk ); decrypt( out2, out1_a, out1_b, sk ); diff --git a/cipher/md.c b/cipher/md.c index 480954a67..bc9c6e867 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -26,7 +26,6 @@ #include <assert.h> #include "g10lib.h" -#include "util.h" #include "cipher.h" #include "dynload.h" #include "rmd.h" diff --git a/cipher/md5.c b/cipher/md5.c index bb930d042..161d44300 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -33,7 +33,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> -#include "util.h" +#include "g10lib.h" #include "memory.h" #include "dynload.h" diff --git a/cipher/primegen.c b/cipher/primegen.c index 5dc1e1a41..cb7327a4a 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -29,7 +29,6 @@ #include <string.h> #include <assert.h> #include "g10lib.h" -#include "util.h" #include "mpi.h" #include "cipher.h" @@ -307,10 +306,7 @@ gen_prime( unsigned nbits, int secret, int randomlevel ) int dotcount=0; /* generate a random number */ - { char *p = get_random_bits( nbits, randomlevel, secret ); - mpi_set_buffer( prime, p, (nbits+7)/8, 0 ); - g10_free(p); - } + gcry_mpi_randomize( prime, nbits, randomlevel ); /* set high order bit to 1, set low order bit to 1 */ mpi_set_highbit( prime, nbits-1 ); @@ -434,11 +430,8 @@ is_prime( MPI n, int steps, int *count ) mpi_set_ui( x, 2 ); } else { - /*mpi_set_bytes( x, nbits-1, get_random_byte, 0 );*/ - { char *p = get_random_bits( nbits, 0, 0 ); - mpi_set_buffer( x, p, (nbits+7)/8, 0 ); - g10_free(p); - } + gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); + /* make sure that the number is smaller than the prime * and keep the randomness of the high bit */ if( mpi_test_bit( x, nbits-2 ) ) { diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b77ebffaa..49f4773e2 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -26,7 +26,6 @@ #include <assert.h> #include "g10lib.h" -#include "util.h" #include "mpi.h" #include "cipher.h" #include "elgamal.h" diff --git a/cipher/random.c b/cipher/random.c index d80b870b4..78c9ecdaa 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -46,7 +46,6 @@ #include <sys/resource.h> #endif #include "g10lib.h" -#include "util.h" #include "rmd.h" #include "ttyio.h" #include "random.h" @@ -463,14 +462,20 @@ gather_faked( void (*add)(const void*, size_t, int), int requester, if( !initialized ) { log_info(_("WARNING: using insecure random number generator!!\n")); + /* we can't use tty_printf here - do we need this function at + all - does it really make sense or canit be viewed as a potential + security problem ? wk 17.11.99 */ + #warning Extended warning disabled + #if 0 tty_printf(_("The random number generator is only a kludge to let\n" "it run - it is in no way a strong RNG!\n\n" "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n")); + #endif initialized=1; #ifdef HAVE_RAND - srand(make_timestamp()*getpid()); + srand( time(NULL) * getpid()); #else - srandom(make_timestamp()*getpid()); + srandom( time(NULL) * getpid()); #endif } diff --git a/cipher/rmd160.c b/cipher/rmd160.c index ecd65b35d..7b230087f 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -23,7 +23,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> -#include "util.h" +#include "g10lib.h" #include "memory.h" #include "rmd.h" #include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ diff --git a/cipher/rndegd.c b/cipher/rndegd.c index d6a6a3943..36c8b4e3d 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -32,7 +32,6 @@ #include <sys/un.h> #include "types.h" #include "g10lib.h" -#include "util.h" #include "ttyio.h" #include "dynload.h" #include "cipher.h" @@ -41,6 +40,44 @@ #define offsetof(type, member) ((size_t) &((type *)0)->member) #endif + +/* FIXME: this is duplicated code from util/fileutil + * I don't think that this code should go into libgcrypt anyway. + */ +char * +my_make_filename( const char *first_part, ... ) +{ + va_list arg_ptr ; + size_t n; + const char *s; + char *name, *home, *p; + + va_start( arg_ptr, first_part ) ; + n = strlen(first_part)+1; + while( (s=va_arg(arg_ptr, const char *)) ) + n += strlen(s) + 1; + va_end(arg_ptr); + + home = NULL; + if( *first_part == '~' && first_part[1] == '/' + && (home = getenv("HOME")) && *home ) + n += strlen(home); + + name = m_alloc(n); + p = home ? stpcpy(stpcpy(name,home), first_part+1) + : stpcpy(name, first_part); + va_start( arg_ptr, first_part ) ; + while( (s=va_arg(arg_ptr, const char *)) ) + p = stpcpy(stpcpy(p,"/"), s); + va_end(arg_ptr); + + return name; +} + + + + + static int do_write( int fd, void *buf, size_t nbytes ) { @@ -104,7 +141,7 @@ gather_random( void (*add)(const void*, size_t, int), int requester, } } if( fd == -1 ) { - char *name = make_filename( g10_opt_homedir, "entropy", NULL ); + char *name = my_make_filename( g10_opt_homedir, "entropy", NULL ); struct sockaddr_un addr; int addr_len; diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index 63befd251..d25abcd31 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -41,8 +41,7 @@ #endif #endif #include "types.h" -#include "g10lib.h" /* need this for i18n */ -#include "util.h" +#include "g10lib.h" #include "ttyio.h" #include "dynload.h" @@ -121,12 +120,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester, tv.tv_sec = 3; tv.tv_usec = 0; if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) { + #warning FIXME: Replace fprintf by a callback if( !warn ) - #ifdef IS_MODULE fprintf(stderr, - #else - tty_printf( - #endif _("\n" "Not enough random bytes available. Please do some other work to give\n" "the OS a chance to collect more entropy! (Need %d more bytes)\n"), length ); @@ -134,12 +130,7 @@ _("\n" continue; } else if( rc == -1 ) { - #ifdef IS_MODULE - fprintf(stderr, - #else - tty_printf( - #endif - "select() error: %s\n", strerror(errno)); + fprintf(stderr, "select() error: %s\n", strerror(errno)); continue; } diff --git a/cipher/rndunix.c b/cipher/rndunix.c index 849f1e007..4ab9f65f6 100644 --- a/cipher/rndunix.c +++ b/cipher/rndunix.c @@ -97,7 +97,7 @@ #ifndef IS_MODULE #include "dynload.h" #endif -#include "util.h" +#include "g10lib.h" #ifndef EAGAIN #define EAGAIN EWOULDBLOCK diff --git a/cipher/rndw32.c b/cipher/rndw32.c index d7801e391..c1045851f 100644 --- a/cipher/rndw32.c +++ b/cipher/rndw32.c @@ -29,7 +29,6 @@ #include "types.h" #include "g10lib.h" -#include "util.h" #include "dynload.h" diff --git a/cipher/sha1.c b/cipher/sha1.c index 40ad62f1f..f231e37b0 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -36,7 +36,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> -#include "util.h" +#include "g10lib.h" #include "memory.h" #include "dynload.h" #include "bithelp.h" diff --git a/cipher/smallprime.c b/cipher/smallprime.c index 8187aa768..d50e31740 100644 --- a/cipher/smallprime.c +++ b/cipher/smallprime.c @@ -21,7 +21,6 @@ #include <config.h> #include <stdio.h> #include <stdlib.h> -#include "util.h" #include "types.h" /* Note: 2 is not included because it can be tested more easily diff --git a/cipher/tiger.c b/cipher/tiger.c index 0765f0bbd..0e42160a5 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -23,7 +23,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> -#include "util.h" +#include "g10lib.h" #include "memory.h" diff --git a/cipher/twofish.c b/cipher/twofish.c index 42eed8bf2..1eea4b8e4 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -28,7 +28,6 @@ #include "types.h" /* for byte and u32 typedefs */ #include "g10lib.h" -#include "util.h" #include "dynload.h" diff --git a/configure.in b/configure.in index 8f1ab0b20..0bd7ecfac 100644 --- a/configure.in +++ b/configure.in @@ -172,8 +172,8 @@ dnl dnl Build shared libraries only when compilation of libgcrypt dnl has been requested dnl -AM_DISABLE_SHARED -enable_shared="$compile_libgcrypt" +dnl AM_DISABLE_STATIC +dnl enable_shared="$compile_libgcrypt" AM_PROG_LIBTOOL diff --git a/g10/ChangeLog b/g10/ChangeLog index 4788a4437..3ba8449b8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de> + + * g10.c (register_extension): New... + (main): Use it here instead of register_cipher_extesnion. + (strusage): s/strusage/my_strusage/ . Made static. + (main): Use set_strusage(). + + * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that + traditional cpp don't mess up the macros. Suggested by Jos Backus. + + * armor.c (parse_header_line): Stop parsing on a only WS line too. + Suggested by Aric Cyr. + Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de> * misc.c (pull_in_libs): Removed. diff --git a/g10/armor.c b/g10/armor.c index 38c48fbbe..053cae7ff 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -311,9 +311,15 @@ parse_header_line( armor_filter_context_t *afx, byte *line, unsigned len ) byte *p; int hashes=0; + /* fixme: why this double check? I think the original code w/o the + * second check for an empty line was done from an early draft of + * of OpenPGP - or simply very stupid code */ if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) ) return 0; /* empty line */ len = trim_trailing_ws( line, len ); + if( !len ) + return 0; /* WS only same as empty line */ + p = strchr( line, ':'); if( !p || !p[1] ) { log_error(_("invalid armor header: ")); @@ -367,8 +367,8 @@ our_pk_test_algo( int algo ) } -const char * -strusage( int level ) +static const char * +my_strusage( int level ) { static char *digests, *pubkeys, *ciphers; const char *p; @@ -410,7 +410,7 @@ strusage( int level ) p = digests; break; - default: p = default_strusage(level); + default: p = NULL; } return p; } @@ -487,6 +487,25 @@ make_username( const char *string ) static void +register_extension( const char *mainpgm, const char *fname ) +{ + if( *fname != '/' ) { /* do tilde expansion etc */ + char *tmp; + + if( strchr(fname, '/') ) + tmp = make_filename(fname, NULL); + else + tmp = make_filename(GNUPG_LIBDIR, fname, NULL); + register_cipher_extension( mainpgm, tmp ); + m_free(tmp); + } + else + register_cipher_extension( mainpgm, fname ); +} + + + +static void set_debug(void) { if( opt.debug & DBG_MEMORY_VALUE ) @@ -564,6 +583,7 @@ main( int argc, char **argv ) #endif trap_unaligned(); + set_strusage( my_strusage ); secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */ /* Please note that we may running SUID(ROOT), so be very CAREFUL * when adding any stuff between here and the call to @@ -782,8 +802,7 @@ main( int argc, char **argv ) case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; case oAlwaysTrust: opt.always_trust = 1; break; case oLoadExtension: - register_cipher_extension(orig_argc? *orig_argv:NULL, - pargs.r.ret_str); + register_extension(orig_argc? *orig_argv:NULL, pargs.r.ret_str); break; case oRFC1991: opt.rfc1991 = 1; diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 799309e05..1d608bd19 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -43,8 +43,8 @@ #include "tdbio.h" -#define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \ - (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10)) +#define HEXTOBIN(x) ( (x) >= '0' && (x) <= '9' ? ((x)-'0') : \ + (x) >= 'A' && (x) <= 'F' ? ((x)-'A'+10) : ((x)-'a'+10)) /**************** * Read a record but die if it does not exist diff --git a/include/g10lib.h b/include/g10lib.h index aa2977825..158901c0f 100644 --- a/include/g10lib.h +++ b/include/g10lib.h @@ -28,8 +28,13 @@ #ifdef _GCRYPT_H #error gcrypt.h already included #endif +/* because libgcrypt is distributed along with GnuPG, we need some way + * to do a sanity check. If this macro is defined, we are inside of + * libgcrypt */ +#define _GCRYPT_IN_LIBGCRYPT 1 #include <gcrypt.h> +#include "types.h" #ifdef G10_I18N_H #error i18n should not be included here @@ -54,20 +59,45 @@ void *g10_xcalloc_secure( size_t n, size_t m ); void *g10_xrealloc( void *a, size_t n ); char *g10_xstrdup( const char * a); void g10_free( void *p ); +int g10_is_secure( const void *a ); +void g10_check_heap( const void *a ); /*-- gcrypt/misc.c --*/ + +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) +#define G10_GCC_A_NR __attribute__ ((noreturn)) +#define G10_GCC_A_PRINTF( f, a ) \ + __attribute__ ((format (printf,f,a))) +#define G10_GCC_A_NR_PRINTF( f, a ) \ + __attribute__ ((noreturn, format (printf,f,a))) +void g10_bug( const char *file, int line, const char *func ) G10_GCC_A_NR; +#else +#define G10_GCC_A_NR +#define G10_GCC_A_PRINTF( f, a ) +#define G10_GCC_A_NR_PRINTF( f, a ) +void g10_bug( const char *file, int line ); +#endif + const char *g10_gettext( const char *key ); -void g10_fatal_error(int rc, const char *text ); +void g10_fatal_error(int rc, const char *text ) G10_GCC_A_NR; +void g10_log( int level, const char *fmt, ... ) G10_GCC_A_PRINTF(2,3); +void g10_log_bug( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2); +void g10_log_fatal( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2); +void g10_log_error( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); +void g10_log_info( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); +void g10_log_debug( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); -/*-- util/memory.c --*/ +/*-- util/{secmem,memory}.c --*/ + +void *g10_private_malloc( size_t n ); +void *g10_private_malloc_secure( size_t n ); +int g10_private_is_secure( const void *p ); +void g10_private_check_heap( const void *p ); +void *g10_private_realloc( void *a, size_t n ); +void g10_private_free( void *p ); -#define g10_private_malloc(n) m_alloc((n)) -#define g10_private_malloc_secure(n) m_alloc_secure((n)) -#define g10_private_is_secure(n) m_is_secure((n)) -#define g10_private_realloc(a,n) m_realloc((a),(n)) -#define g10_private_free(p) m_free((p)) /*-- cipher/pubkey.c --*/ @@ -96,4 +126,54 @@ MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits, +/* logging macros */ +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) + #define BUG() g10_bug( __FILE__ , __LINE__, __FUNCTION__ ) +#else + #define BUG() g10_bug( __FILE__ , __LINE__ ) +#endif + +#define log_hexdump g10_log_hexdump +#define log_bug g10_log_bug +#define log_fatal g10_log_fatal +#define log_error g10_log_error +#define log_info g10_log_info +#define log_debug g10_log_debug + + +/* replacements of missing functions */ +#ifndef HAVE_MEMICMP +int memicmp( const char *a, const char *b, size_t n ); +#endif +#ifndef HAVE_STPCPY +char *stpcpy(char *a,const char *b); +#endif +#ifndef HAVE_STRLWR +char *strlwr(char *a); +#endif +#ifndef HAVE_STRTOUL + #define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c))) +#endif +#ifndef HAVE_MEMMOVE + #define memmove(d, s, n) bcopy((s), (d), (n)) +#endif +#ifndef HAVE_STRICMP + #define stricmp(a,b) strcasecmp( (a), (b) ) +#endif +#ifndef HAVE_ATEXIT + #define atexit(a) (on_exit((a),0)) +#endif +#ifndef HAVE_RAISE + #define raise(a) kill(getpid(), (a)) +#endif + +/* some handy macros */ +#ifndef STR + #define STR(v) #v +#endif +#define STR2(v) STR(v) +#define DIM(v) (sizeof(v)/sizeof((v)[0])) +#define DIMof(type,member) DIM(((type *)0)->member) + + #endif /* G10LIB_H */ diff --git a/include/memory.h b/include/memory.h index 84b7337c6..d7d7aabeb 100644 --- a/include/memory.h +++ b/include/memory.h @@ -67,7 +67,6 @@ void secmem_term( void ); void *secmem_malloc( size_t size ); void *secmem_realloc( void *a, size_t newsize ); void secmem_free( void *a ); -int m_is_secure( const void *p ); void secmem_dump_stats(void); void secmem_set_flags( unsigned flags ); unsigned secmem_get_flags(void); diff --git a/include/util.h b/include/util.h index 8eec982cc..cf656f625 100644 --- a/include/util.h +++ b/include/util.h @@ -1,5 +1,5 @@ /* util.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,1999 Free Software Foundation, Inc. * * This file is part of GNUPG. * @@ -20,6 +20,10 @@ #ifndef G10_UTIL_H #define G10_UTIL_H +#ifdef _GCRYPT_IN_LIBGCRYPT + #error This header should not be used internally by libgcrypt +#endif + #include "types.h" #include "errors.h" #include "types.h" @@ -120,11 +124,8 @@ int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts); int optfile_parse( FILE *fp, const char *filename, unsigned *lineno, ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts); void usage( int level ); -const char *default_strusage( int level ); - - -/*-- (main program) --*/ const char *strusage( int level ); +void set_strusage( const char *(*f)( int ) ); /*-- dotlock.c --*/ diff --git a/mpi/ChangeLog b/mpi/ChangeLog index d6cf6e3ee..3a0fca1ad 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,23 @@ +Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de> + + * mpicoder.c (g10_log_mpidump): Add a temporary workaround + + * mpih-mul.c (mpihelp_mul_n): s/m_is_ecure/g10_is_secure/ + + * mpiutil.c (mpi_alloc): Remved the debug mode because it has turned + out, that this feature was not very useful in the past. Use the + new alloc functions. + (mpi_alloc_secure): Ditto. + (mpi_alloc_limb_space): Ditto. + (mpi_free_limb_space): Ditto. + (mpi_resize): Ditto. + (mpi_free): Ditto. + (mpi_set_secure): Removed the debug stuff. + (mpi_set_opaque): Ditto. + (mpi_copy): Ditto. + (mpi_alloc_set_ui): Ditto. + (mpi_m_check): Use g10_ wrapper. + Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index dae6eb4e1..25d37ec41 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -42,6 +42,9 @@ int mpi_write( IOBUF out, MPI a ) { + return -1; + #warning Function is disabled + #if 0 int rc; unsigned nbits = mpi_get_nbits(a); byte *p, *buf; @@ -57,6 +60,7 @@ mpi_write( IOBUF out, MPI a ) rc = iobuf_write( out, p, n ); m_free(buf); return rc; + #endif } @@ -73,6 +77,9 @@ mpi_debug_read(IOBUF inp, unsigned *ret_nread, int secure, const char *info) mpi_read(IOBUF inp, unsigned *ret_nread, int secure) #endif { + return NULL; + #warning Function is disabled + #if 0 int c, i, j; unsigned nbits, nbytes, nlimbs, nread=0; mpi_limb_t a; @@ -120,6 +127,7 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure) else *ret_nread = nread; return val; + #endif } @@ -246,6 +254,7 @@ mpi_fromstr(MPI val, const char *str) /**************** * print an MPI to the given stream and return the number of characters * printed. + * FIXME: Replace this by the more generic gcry_mpi_print() */ int mpi_print( FILE *fp, MPI a, int mode ) @@ -289,9 +298,10 @@ mpi_print( FILE *fp, MPI a, int mode ) void g10_log_mpidump( const char *text, MPI a ) { - FILE *fp = log_stream(); + FILE *fp = stderr; /* used to be log_stream() */ - g10_log_print_prefix(text); + /* FIXME: Replace this function by a g10_log_xxx one */ + fprintf(fp,"%s: ",text); mpi_print(fp, a, 1 ); fputc('\n', fp); } diff --git a/mpi/mpih-mul.c b/mpi/mpih-mul.c index 7707c0e30..67749f4cd 100644 --- a/mpi/mpih-mul.c +++ b/mpi/mpih-mul.c @@ -31,6 +31,7 @@ #include <stdlib.h> #include "mpi-internal.h" #include "longlong.h" +#include "g10lib.h" /* for g10_is_secure() */ @@ -352,7 +353,7 @@ mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size) mpih_sqr_n_basecase( prodp, up, size ); else { mpi_ptr_t tspace; - secure = m_is_secure( up ); + secure = g10_is_secure( up ); tspace = mpi_alloc_limb_space( 2 * size, secure ); mpih_sqr_n( prodp, up, size, tspace ); mpi_free_limb_space( tspace ); @@ -363,7 +364,7 @@ mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size) mul_n_basecase( prodp, up, vp, size ); else { mpi_ptr_t tspace; - secure = m_is_secure( up ) || m_is_secure( vp ); + secure = g10_is_secure( up ) || g10_is_secure( vp ); tspace = mpi_alloc_limb_space( 2 * size, secure ); mul_n (prodp, up, vp, size, tspace); mpi_free_limb_space( tspace ); @@ -438,15 +439,15 @@ mpihelp_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize, } tspace = mpi_alloc_limb_space( 2 * vsize, - m_is_secure( up ) || m_is_secure( vp ) ); + g10_is_secure( up ) || g10_is_secure( vp ) ); MPN_MUL_N_RECURSE( prodp, up, vp, vsize, tspace ); prodp += vsize; up += vsize; usize -= vsize; if( usize >= vsize ) { - mpi_ptr_t tp = mpi_alloc_limb_space( 2 * vsize, m_is_secure( up ) - || m_is_secure( vp ) ); + mpi_ptr_t tp = mpi_alloc_limb_space( 2 * vsize, g10_is_secure( up ) + || g10_is_secure( vp ) ); do { MPN_MUL_N_RECURSE( tp, up, vp, vsize, tspace ); cy = mpihelp_add_n( prodp, prodp, tp, vsize ); diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 62cb882d6..317940b5f 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -27,14 +27,7 @@ #include "mpi.h" #include "mpi-internal.h" #include "memory.h" -#include "util.h" - - -#ifdef M_DEBUG - #undef mpi_alloc - #undef mpi_alloc_secure - #undef mpi_free -#endif +#include "g10lib.h" /**************** * Note: It was a bad idea to use the number of limbs to allocate @@ -44,23 +37,14 @@ * But mpi_alloc is used in a lot of places :-) */ MPI -#ifdef M_DEBUG -mpi_debug_alloc( unsigned nlimbs, const char *info ) -#else mpi_alloc( unsigned nlimbs ) -#endif { MPI a; if( DBG_MEMORY ) log_debug("mpi_alloc(%u)\n", nlimbs*BITS_PER_MPI_LIMB ); - #ifdef M_DEBUG - a = m_debug_alloc( sizeof *a, info ); - a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 0, info ) : NULL; - #else - a = m_alloc( sizeof *a ); + a = g10_xmalloc( sizeof *a ); a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 0 ) : NULL; - #endif a->alloced = nlimbs; a->nlimbs = 0; a->sign = 0; @@ -72,28 +56,19 @@ mpi_alloc( unsigned nlimbs ) void mpi_m_check( MPI a ) { - m_check(a); - m_check(a->d); + g10_check_heap(a); + g10_check_heap(a->d); } MPI -#ifdef M_DEBUG -mpi_debug_alloc_secure( unsigned nlimbs, const char *info ) -#else mpi_alloc_secure( unsigned nlimbs ) -#endif { MPI a; if( DBG_MEMORY ) log_debug("mpi_alloc_secure(%u)\n", nlimbs*BITS_PER_MPI_LIMB ); - #ifdef M_DEBUG - a = m_debug_alloc( sizeof *a, info ); - a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 1, info ) : NULL; - #else - a = m_alloc( sizeof *a ); + a = g10_xmalloc( sizeof *a ); a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL; - #endif a->alloced = nlimbs; a->flags = 1; a->nlimbs = 0; @@ -103,90 +78,30 @@ mpi_alloc_secure( unsigned nlimbs ) } -#if 0 -static void *unused_limbs_5; -static void *unused_limbs_32; -static void *unused_limbs_64; -#endif mpi_ptr_t -#ifdef M_DEBUG -mpi_debug_alloc_limb_space( unsigned nlimbs, int secure, const char *info ) -#else mpi_alloc_limb_space( unsigned nlimbs, int secure ) -#endif { size_t len = nlimbs * sizeof(mpi_limb_t); mpi_ptr_t p; if( DBG_MEMORY ) log_debug("mpi_alloc_limb_space(%u)\n", (unsigned)len*8 ); - #if 0 - if( !secure ) { - if( nlimbs == 5 && unused_limbs_5 ) { /* DSA 160 bits */ - p = unused_limbs_5; - unused_limbs_5 = *p; - return p; - } - else if( nlimbs == 32 && unused_limbs_32 ) { /* DSA 1024 bits */ - p = unused_limbs_32; - unused_limbs_32 = *p; - return p; - } - else if( nlimbs == 64 && unused_limbs_64 ) { /* DSA 2*1024 bits */ - p = unused_limbs_64; - unused_limbs_64 = *p; - return p; - } - } - #endif - #ifdef M_DEBUG - p = secure? m_debug_alloc_secure(len, info):m_debug_alloc( len, info ); - #else - p = secure? m_alloc_secure( len ):m_alloc( len ); - #endif + p = secure? g10_xmalloc_secure( len ) : g10_xmalloc( len ); return p; } void -#ifdef M_DEBUG -mpi_debug_free_limb_space( mpi_ptr_t a, const char *info ) -#else mpi_free_limb_space( mpi_ptr_t a ) -#endif { if( !a ) return; if( DBG_MEMORY ) - log_debug("mpi_free_limb_space of size %lu\n", (ulong)m_size(a)*8 ); - - #if 0 - if( !m_is_secure(a) ) { - size_t nlimbs = m_size(a) / 4 ; - void *p = a; - - if( nlimbs == 5 ) { /* DSA 160 bits */ - *a = unused_limbs_5; - unused_limbs_5 = a; - return; - } - else if( nlimbs == 32 ) { /* DSA 1024 bits */ - *a = unused_limbs_32; - unused_limbs_32 = a; - return; - } - else if( nlimbs == 64 ) { /* DSA 2*1024 bits */ - *a = unused_limbs_64; - unused_limbs_64 = a; - return; - } - } - #endif + log_debug("mpi_free_limb_space\n" ); - - m_free(a); + g10_free(a); } @@ -202,33 +117,22 @@ mpi_assign_limb_space( MPI a, mpi_ptr_t ap, unsigned nlimbs ) /**************** * Resize the array of A to NLIMBS. the additional space is cleared - * (set to 0) [done by m_realloc()] + * (set to 0) [done by g10_realloc()] */ void -#ifdef M_DEBUG -mpi_debug_resize( MPI a, unsigned nlimbs, const char *info ) -#else mpi_resize( MPI a, unsigned nlimbs ) -#endif { if( nlimbs <= a->alloced ) return; /* no need to do it */ /* Note: a->secure is not used - instead the realloc functions * take care of it. Maybe we should drop a->secure completely * and rely on a mpi_is_secure function, which would be - * a wrapper around m_is_secure + * a wrapper around g10_is_secure */ - #ifdef M_DEBUG - if( a->d ) - a->d = m_debug_realloc(a->d, nlimbs * sizeof(mpi_limb_t), info ); - else - a->d = m_debug_alloc_clear( nlimbs * sizeof(mpi_limb_t), info ); - #else if( a->d ) - a->d = m_realloc(a->d, nlimbs * sizeof(mpi_limb_t) ); - else - a->d = m_alloc_clear( nlimbs * sizeof(mpi_limb_t) ); - #endif + a->d = g10_xrealloc(a->d, nlimbs * sizeof(mpi_limb_t) ); + else /* FIXME: It may not be allocted in secure memory */ + a->d = g10_xcalloc( nlimbs , sizeof(mpi_limb_t) ); a->alloced = nlimbs; } @@ -242,28 +146,20 @@ mpi_clear( MPI a ) void -#ifdef M_DEBUG -mpi_debug_free( MPI a, const char *info ) -#else mpi_free( MPI a ) -#endif { if( !a ) return; if( DBG_MEMORY ) log_debug("mpi_free\n" ); if( a->flags & 4 ) - m_free( a->d ); + g10_free( a->d ); else { - #ifdef M_DEBUG - mpi_debug_free_limb_space(a->d, info); - #else mpi_free_limb_space(a->d); - #endif } if( a->flags & ~7 ) log_bug("invalid flag value in mpi\n"); - m_free(a); + g10_free(a); } @@ -280,18 +176,10 @@ mpi_set_secure( MPI a ) assert(!ap); return; } - #ifdef M_DEBUG - bp = mpi_debug_alloc_limb_space( a->nlimbs, 1, "set_secure" ); - #else bp = mpi_alloc_limb_space( a->nlimbs, 1 ); - #endif MPN_COPY( bp, ap, a->nlimbs ); a->d = bp; - #ifdef M_DEBUG - mpi_debug_free_limb_space(ap, "set_secure"); - #else mpi_free_limb_space(ap); - #endif } @@ -299,21 +187,13 @@ MPI mpi_set_opaque( MPI a, void *p, int len ) { if( !a ) { - #ifdef M_DEBUG - a = mpi_debug_alloc(0,"alloc_opaque"); - #else a = mpi_alloc(0); - #endif } if( a->flags & 4 ) - m_free( a->d ); + g10_free( a->d ); else { - #ifdef M_DEBUG - mpi_debug_free_limb_space(a->d, "alloc_opaque"); - #else mpi_free_limb_space(a->d); - #endif } a->d = p; @@ -341,29 +221,20 @@ mpi_get_opaque( MPI a, int *len ) * but copy it transparently. */ MPI -#ifdef M_DEBUG -mpi_debug_copy( MPI a, const char *info ) -#else mpi_copy( MPI a ) -#endif { int i; MPI b; if( a && (a->flags & 4) ) { - void *p = m_is_secure(a->d)? m_alloc_secure( a->nbits ) - : m_alloc( a->nbits ); + void *p = g10_is_secure(a->d)? g10_xmalloc_secure( a->nbits ) + : g10_xmalloc( a->nbits ); memcpy( p, a->d, a->nbits ); b = mpi_set_opaque( NULL, p, a->nbits ); } else if( a ) { - #ifdef M_DEBUG - b = mpi_is_secure(a)? mpi_debug_alloc_secure( a->nlimbs, info ) - : mpi_debug_alloc( a->nlimbs, info ); - #else b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) : mpi_alloc( a->nlimbs ); - #endif b->nlimbs = a->nlimbs; b->sign = a->sign; b->flags = a->flags; @@ -388,8 +259,8 @@ mpi_alloc_like( MPI a ) MPI b; if( a && (a->flags & 4) ) { - void *p = m_is_secure(a->d)? m_alloc_secure( a->nbits ) - : m_alloc( a->nbits ); + void *p = g10_is_secure(a->d)? g10_malloc_secure( a->nbits ) + : g10_malloc( a->nbits ); memcpy( p, a->d, a->nbits ); b = mpi_set_opaque( NULL, p, a->nbits ); } @@ -440,11 +311,7 @@ mpi_set_ui( MPI w, unsigned long u) MPI mpi_alloc_set_ui( unsigned long u) { - #ifdef M_DEBUG - MPI w = mpi_debug_alloc(1,"alloc_set_ui"); - #else MPI w = mpi_alloc(1); - #endif w->d[0] = u; w->nlimbs = u? 1:0; w->sign = 0; diff --git a/util/ChangeLog b/util/ChangeLog index ff2e09e38..ea9c7f3fe 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,24 @@ +Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de> + + * argparse.c (default_strusage): Renamed to strusage. Fall back + to the old behaviour if no sepcial strhandler has been set. + + * memory.c (g10_private_check_heap): New. + + * secmem.c (m_is_secure): Renamed to ... + (g10_private_is_secure): ... this. + * memory.c (g10_private_malloc): New. Takes core functionalty of ... + (m_alloc): ... and calls it. + (g10_private_malloc_secure): New. Takes core functionalty of ... + (m_alloc_secure): ... and calls it. + (g10_private_realloc): New. Takes core functionalty of ... + (m_realloc): ... and this one calls it. + (g10_private_free): Wraps around m_free(). + + * argparse.c (g10_set_strusage): New. + (default_strusage): renamed to ... + (g10_default_strusage): .. this. + Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de> * g10u.c: Removed. diff --git a/util/argparse.c b/util/argparse.c index c6f405f62..12b0ebd7f 100644 --- a/util/argparse.c +++ b/util/argparse.c @@ -135,10 +135,13 @@ struct alias_def_s { const char *value; /* ptr into name */ }; +static const char *(*strusage_handler)( int ) = NULL; + static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s); static void show_help(ARGPARSE_OPTS *opts, unsigned flags); static void show_version(void); + static void initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) { @@ -886,9 +889,13 @@ usage( int level ) * 41: long usage note (with LF) */ const char * -default_strusage( int level ) +strusage( int level ) { - const char *p = NULL; + const char *p = strusage_handler? strusage_handler(level) : NULL; + + if( p ) + return p; + switch( level ) { case 11: p = "foo"; break; case 13: p = "0.0"; break; @@ -917,6 +924,11 @@ default_strusage( int level ) return p; } +void +set_strusage( const char *(*f)( int ) ) +{ + strusage_handler = f; +} #ifdef TEST diff --git a/util/memory.c b/util/memory.c index af79cd0cb..712e20d26 100644 --- a/util/memory.c +++ b/util/memory.c @@ -37,6 +37,9 @@ #include "memory.h" #include "util.h" +/* FXIME: ugly hack. Need a prototype here bug can't include g10lib.h */ +int g10_private_is_secure( void *p ); + #define MAGIC_NOR_BYTE 0x55 #define MAGIC_SEC_BYTE 0xcc @@ -384,49 +387,74 @@ out_of_core(size_t n, int secure) } + + /**************** * Allocate memory of size n. - * This function gives up if we do not have enough memory + * Return NULL if we are out of memory. */ void * -FNAME(alloc)( size_t n FNAMEPRT ) +g10_private_malloc( size_t n) { char *p; #ifdef M_GUARD if( !(p = malloc( n + EXTRA_ALIGN+5 )) ) - out_of_core(n,0); + return NULL; store_len(p,n,0); used_memory += n; p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; return p+EXTRA_ALIGN+4; - #else - if( !(p = malloc( n )) ) + #else /* fixme: This can be done with a macro */ + return malloc( n ); + #endif +} + +/**************** + * Allocate memory of size n. + * This function gives up if we do not have enough memory + */ +void * +FNAME(alloc)( size_t n FNAMEPRT ) +{ + char *p = g10_private_malloc( n ); + if( !p ) out_of_core(n,0); return p; - #endif } + /**************** * Allocate memory of size n from the secure memory pool. - * This function gives up if we do not have enough memory + * Return NULL if we are out of memory. */ void * -FNAME(alloc_secure)( size_t n FNAMEPRT ) +g10_private_malloc_secure( size_t n) { char *p; #ifdef M_GUARD if( !(p = secmem_malloc( n +EXTRA_ALIGN+ 5 )) ) - out_of_core(n,1); + return NULL; store_len(p,n,1); p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; return p+EXTRA_ALIGN+4; #else - if( !(p = secmem_malloc( n )) ) + return secmem_malloc( n ); + #endif +} + +/**************** + * Allocate memory of size n from the secure memory pool. + * This function gives up if we do not have enough memory + */ +void * +FNAME(alloc_secure)( size_t n FNAMEPRT ) +{ + char *p = g10_private_malloc_secure( n ); + if( !p ) out_of_core(n,1); return p; - #endif } void * @@ -447,12 +475,12 @@ FNAME(alloc_secure_clear)( size_t n FNAMEPRT) return p; } - /**************** * realloc and clear the old space + * Return NULL if there is not enoug memory. */ void * -FNAME(realloc)( void *a, size_t n FNAMEPRT ) +g10_private_realloc( void *a, size_t n ) { #ifdef M_GUARD unsigned char *p = a; @@ -462,28 +490,39 @@ FNAME(realloc)( void *a, size_t n FNAMEPRT ) if( len >= n ) /* we don't shrink for now */ return a; if( p[-1] == MAGIC_SEC_BYTE ) - b = FNAME(alloc_secure_clear)(n FNAMEARG); + b = g10_private_malloc_secure(n); else - b = FNAME(alloc_clear)(n FNAMEARG); + b = g10_private_malloc(n); + if( !b ) + return NULL; + memset(p, 0, n ); FNAME(check)(NULL FNAMEARG); memcpy(b, a, len ); FNAME(free)(p FNAMEARG); + return b; #else - void *b; - - if( m_is_secure(a) ) { - if( !(b = secmem_realloc( a, n )) ) - out_of_core(n,1); + if( g10_private_is_secure(a) ) { + return secmem_realloc( a, n ); } else { - if( !(b = realloc( a, n )) ) - out_of_core(n,0); + return realloc( a, n ); } #endif - return b; } +/**************** + * realloc and clear the old space + */ +void * +FNAME(realloc)( void *a, size_t n FNAMEPRT ) +{ + void *b = g10_private_realloc( a, n ); + if( !b ) + out_of_core(n, g10_private_is_secure(a)); + return b; +} + /**************** * Free a pointer @@ -499,20 +538,25 @@ FNAME(free)( void *a FNAMEPRT ) free_entry(p-EXTRA_ALIGN-4, info); #elif M_GUARD m_check(p); - if( m_is_secure(a) ) + if( g10_private_is_secure(a) ) secmem_free(p-EXTRA_ALIGN-4); else { used_memory -= m_size(a); free(p-EXTRA_ALIGN-4); } #else - if( m_is_secure(a) ) + if( g10_private_is_secure(a) ) secmem_free(p); else free(p); #endif } +void +g10_private_free( void *a ) +{ + m_free(a); +} void FNAME(check)( const void *a FNAMEPRT ) @@ -537,6 +581,13 @@ FNAME(check)( const void *a FNAMEPRT ) } +void +g10_private_check_heap( const void *p ) +{ + m_check(p); +} + + size_t m_size( const void *a ) { @@ -573,7 +624,7 @@ FNAME(copy)( const void *a FNAMEPRT ) return NULL; n = m_size(a); Aiiiih woher nehmen - if( m_is_secure(a) ) + if( g10_private_is_secure(a) ) b = FNAME(alloc_secure)(n FNAMEARG); else b = FNAME(alloc)(n FNAMEARG); @@ -591,3 +642,4 @@ FNAME(strdup)( const char *a FNAMEPRT ) return p; } + diff --git a/util/secmem.c b/util/secmem.c index db4ee4148..84ec4c2a1 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -370,8 +370,9 @@ secmem_free( void *a ) cur_alloced -= size; } + int -m_is_secure( const void *p ) +g10_private_is_secure( const void *p ) { return p >= pool && p < (void*)((char*)pool+poolsize); } |