summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cipher/ChangeLog21
-rw-r--r--cipher/cipher.c8
-rw-r--r--cipher/dsa.c6
-rw-r--r--cipher/dynload.c37
-rw-r--r--cipher/elgamal.c8
-rw-r--r--cipher/md.c1
-rw-r--r--cipher/md5.c2
-rw-r--r--cipher/primegen.c13
-rw-r--r--cipher/pubkey.c1
-rw-r--r--cipher/random.c11
-rw-r--r--cipher/rmd160.c2
-rw-r--r--cipher/rndegd.c41
-rw-r--r--cipher/rndlinux.c15
-rw-r--r--cipher/rndunix.c2
-rw-r--r--cipher/rndw32.c1
-rw-r--r--cipher/sha1.c2
-rw-r--r--cipher/smallprime.c1
-rw-r--r--cipher/tiger.c2
-rw-r--r--cipher/twofish.c1
-rw-r--r--configure.in4
-rw-r--r--g10/ChangeLog13
-rw-r--r--g10/armor.c6
-rw-r--r--g10/g10.c29
-rw-r--r--g10/tdbdump.c4
-rw-r--r--include/g10lib.h94
-rw-r--r--include/memory.h1
-rw-r--r--include/util.h11
-rw-r--r--mpi/ChangeLog20
-rw-r--r--mpi/mpicoder.c14
-rw-r--r--mpi/mpih-mul.c11
-rw-r--r--mpi/mpiutil.c173
-rw-r--r--util/ChangeLog21
-rw-r--r--util/argparse.c16
-rw-r--r--util/memory.c104
-rw-r--r--util/secmem.c3
35 files changed, 416 insertions, 283 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 8231cbedb..bfe180d9f 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,24 @@
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * dynload.c (cmp_filenames): New to replaced compare_filename() in
+ module.
+ (register_cipher_extension): Removed the tilde expansion stuff.
+ * rndeg.c (my_make_filename): New.
+
+ * : Replaced header util.h by g10lib.h
+
+ * random.c (gather_faked): Replaced make_timestamp by time(2).
+ Disabled wrning printed with tty_printf.
+ * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
+ this should be replaced by a callback function.
+
+ * primegen.c (gen_prime): Use gcry_mpi_randomize.
+ (is_prime): Ditto.
+ * elgamal.c (test_keys): Ditto.
+ * dsa.c (test_keys): Ditto.
+
+ * cipher.c (gcry_cipher_close): Die on invalid handle.
+
Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>
* elgamal.c (gen_k): Use the new random API.
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 0a1ad604f..1a7a65845 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -26,7 +26,6 @@
#include <assert.h>
#include "g10lib.h"
-#include "util.h"
#include "cipher.h"
#include "des.h"
#include "blowfish.h"
@@ -418,10 +417,9 @@ gcry_cipher_close( GCRY_CIPHER_HD h )
{
if( !h )
return;
- if( h->magic != CTX_MAGIC_SECURE && h->magic != CTX_MAGIC_NORMAL ) {
- fatal_invalid_arg("gcry_cipher_close: already closed/invalid handle");
- return;
- }
+ if( h->magic != CTX_MAGIC_SECURE && h->magic != CTX_MAGIC_NORMAL )
+ g10_fatal_error(GCRYERR_INTERNAL,
+ "gcry_cipher_close: already closed/invalid handle");
h->magic = 0;
g10_free(h);
}
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 91c797c40..903625c11 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -24,7 +24,6 @@
#include <string.h>
#include <assert.h>
#include "g10lib.h"
-#include "util.h"
#include "mpi.h"
#include "cipher.h"
#include "dsa.h"
@@ -130,10 +129,7 @@ test_keys( DSA_secret_key *sk, unsigned qbits )
pk.q = sk->q;
pk.g = sk->g;
pk.y = sk->y;
- { char *p = gcry_random_bytes( (qbits+7)/8, GCRY_WEAK_RANDOM );
- mpi_set_buffer( test, p, (qbits+7)/8, 0 );
- g10_free(p);
- }
+ gcry_mpi_randomize( test, qbits, GCRY_WEAK_RANDOM );
sign( out1_a, out1_b, test, sk );
if( !verify( out1_a, out1_b, test, &pk ) )
diff --git a/cipher/dynload.c b/cipher/dynload.c
index 962b398a4..262325c71 100644
--- a/cipher/dynload.c
+++ b/cipher/dynload.c
@@ -32,7 +32,6 @@
#include <errno.h>
#endif
#include "g10lib.h"
-#include "util.h"
#include "cipher.h"
#include "dynload.h"
@@ -102,6 +101,20 @@ static int dld_available;
#endif
+static int
+cmp_filenames( const char *a, const char *b )
+{
+ /* ? check whether this is an absolute filename and
+ * resolve symlinks?
+ */
+ #ifdef HAVE_DRIVE_LETTERS
+ return stricmp(a,b);
+ #else
+ return strcmp(a,b);
+ #endif
+}
+
+
/****************
* Register an extension module. The last registered module will
* be loaded first. A name may have a list of classes
@@ -125,21 +138,9 @@ register_cipher_extension( const char *mainpgm, const char *fname )
if( !mainpgm_path && mainpgm && *mainpgm )
mainpgm_path = m_strdup(mainpgm);
#endif
- if( *fname != '/' ) { /* do tilde expansion etc */
- char *tmp;
-
- if( strchr(fname, '/') )
- tmp = make_filename(fname, NULL);
- else
- tmp = make_filename(GNUPG_LIBDIR, fname, NULL);
- el = g10_xcalloc( 1, sizeof *el + strlen(tmp) );
- strcpy(el->name, tmp );
- g10_free(tmp);
- }
- else {
- el = g10_xcalloc( 1, sizeof *el + strlen(fname) );
- strcpy(el->name, fname );
- }
+ el = g10_xcalloc( 1, sizeof *el + strlen(fname) );
+ strcpy(el->name, fname );
+
/* check whether we have a class hint */
if( (p=strchr(el->name,'(')) && (pe=strchr(p+1,')')) && !pe[1] ) {
*p = *pe = 0;
@@ -151,7 +152,7 @@ register_cipher_extension( const char *mainpgm, const char *fname )
/* check that it is not already registered */
intex = NULL;
for(r = extensions; r; r = r->next ) {
- if( !compare_filenames(r->name, el->name) ) {
+ if( !cmp_filenames(r->name, el->name) ) {
log_info("extension `%s' already registered\n", el->name );
g10_free(el);
return;
@@ -187,7 +188,7 @@ register_internal_cipher_extension(
/* check that it is not already registered */
for(r = extensions; r; r = r->next ) {
- if( !compare_filenames(r->name, el->name) ) {
+ if( !cmp_filenames(r->name, el->name) ) {
log_info("extension `%s' already registered\n", el->name );
g10_free(el);
return;
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index d57906457..f88aa91d3 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -27,7 +27,6 @@
#include <stdlib.h>
#include <string.h>
#include "g10lib.h"
-#include "util.h"
#include "mpi.h"
#include "cipher.h"
#include "elgamal.h"
@@ -77,12 +76,7 @@ test_keys( ELG_secret_key *sk, unsigned nbits )
pk.g = sk->g;
pk.y = sk->y;
- /*mpi_set_bytes( test, nbits, get_random_byte, 0 );*/
- { char *p = gcry_random_bytes( (nbits+7)/8, GCRY_WEAK_RANDOM );
- mpi_set_buffer( test, p, (nbits+7)/8, 0 );
- g10_free(p);
- }
-
+ gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );
encrypt( out1_a, out1_b, test, &pk );
decrypt( out2, out1_a, out1_b, sk );
diff --git a/cipher/md.c b/cipher/md.c
index 480954a67..bc9c6e867 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -26,7 +26,6 @@
#include <assert.h>
#include "g10lib.h"
-#include "util.h"
#include "cipher.h"
#include "dynload.h"
#include "rmd.h"
diff --git a/cipher/md5.c b/cipher/md5.c
index bb930d042..161d44300 100644
--- a/cipher/md5.c
+++ b/cipher/md5.c
@@ -33,7 +33,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include "util.h"
+#include "g10lib.h"
#include "memory.h"
#include "dynload.h"
diff --git a/cipher/primegen.c b/cipher/primegen.c
index 5dc1e1a41..cb7327a4a 100644
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@@ -29,7 +29,6 @@
#include <string.h>
#include <assert.h>
#include "g10lib.h"
-#include "util.h"
#include "mpi.h"
#include "cipher.h"
@@ -307,10 +306,7 @@ gen_prime( unsigned nbits, int secret, int randomlevel )
int dotcount=0;
/* generate a random number */
- { char *p = get_random_bits( nbits, randomlevel, secret );
- mpi_set_buffer( prime, p, (nbits+7)/8, 0 );
- g10_free(p);
- }
+ gcry_mpi_randomize( prime, nbits, randomlevel );
/* set high order bit to 1, set low order bit to 1 */
mpi_set_highbit( prime, nbits-1 );
@@ -434,11 +430,8 @@ is_prime( MPI n, int steps, int *count )
mpi_set_ui( x, 2 );
}
else {
- /*mpi_set_bytes( x, nbits-1, get_random_byte, 0 );*/
- { char *p = get_random_bits( nbits, 0, 0 );
- mpi_set_buffer( x, p, (nbits+7)/8, 0 );
- g10_free(p);
- }
+ gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
+
/* make sure that the number is smaller than the prime
* and keep the randomness of the high bit */
if( mpi_test_bit( x, nbits-2 ) ) {
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index b77ebffaa..49f4773e2 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -26,7 +26,6 @@
#include <assert.h>
#include "g10lib.h"
-#include "util.h"
#include "mpi.h"
#include "cipher.h"
#include "elgamal.h"
diff --git a/cipher/random.c b/cipher/random.c
index d80b870b4..78c9ecdaa 100644
--- a/cipher/random.c
+++ b/cipher/random.c
@@ -46,7 +46,6 @@
#include <sys/resource.h>
#endif
#include "g10lib.h"
-#include "util.h"
#include "rmd.h"
#include "ttyio.h"
#include "random.h"
@@ -463,14 +462,20 @@ gather_faked( void (*add)(const void*, size_t, int), int requester,
if( !initialized ) {
log_info(_("WARNING: using insecure random number generator!!\n"));
+ /* we can't use tty_printf here - do we need this function at
+ all - does it really make sense or canit be viewed as a potential
+ security problem ? wk 17.11.99 */
+ #warning Extended warning disabled
+ #if 0
tty_printf(_("The random number generator is only a kludge to let\n"
"it run - it is in no way a strong RNG!\n\n"
"DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n"));
+ #endif
initialized=1;
#ifdef HAVE_RAND
- srand(make_timestamp()*getpid());
+ srand( time(NULL) * getpid());
#else
- srandom(make_timestamp()*getpid());
+ srandom( time(NULL) * getpid());
#endif
}
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index ecd65b35d..7b230087f 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -23,7 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include "util.h"
+#include "g10lib.h"
#include "memory.h"
#include "rmd.h"
#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
diff --git a/cipher/rndegd.c b/cipher/rndegd.c
index d6a6a3943..36c8b4e3d 100644
--- a/cipher/rndegd.c
+++ b/cipher/rndegd.c
@@ -32,7 +32,6 @@
#include <sys/un.h>
#include "types.h"
#include "g10lib.h"
-#include "util.h"
#include "ttyio.h"
#include "dynload.h"
#include "cipher.h"
@@ -41,6 +40,44 @@
#define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
+
+/* FIXME: this is duplicated code from util/fileutil
+ * I don't think that this code should go into libgcrypt anyway.
+ */
+char *
+my_make_filename( const char *first_part, ... )
+{
+ va_list arg_ptr ;
+ size_t n;
+ const char *s;
+ char *name, *home, *p;
+
+ va_start( arg_ptr, first_part ) ;
+ n = strlen(first_part)+1;
+ while( (s=va_arg(arg_ptr, const char *)) )
+ n += strlen(s) + 1;
+ va_end(arg_ptr);
+
+ home = NULL;
+ if( *first_part == '~' && first_part[1] == '/'
+ && (home = getenv("HOME")) && *home )
+ n += strlen(home);
+
+ name = m_alloc(n);
+ p = home ? stpcpy(stpcpy(name,home), first_part+1)
+ : stpcpy(name, first_part);
+ va_start( arg_ptr, first_part ) ;
+ while( (s=va_arg(arg_ptr, const char *)) )
+ p = stpcpy(stpcpy(p,"/"), s);
+ va_end(arg_ptr);
+
+ return name;
+}
+
+
+
+
+
static int
do_write( int fd, void *buf, size_t nbytes )
{
@@ -104,7 +141,7 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
}
}
if( fd == -1 ) {
- char *name = make_filename( g10_opt_homedir, "entropy", NULL );
+ char *name = my_make_filename( g10_opt_homedir, "entropy", NULL );
struct sockaddr_un addr;
int addr_len;
diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c
index 63befd251..d25abcd31 100644
--- a/cipher/rndlinux.c
+++ b/cipher/rndlinux.c
@@ -41,8 +41,7 @@
#endif
#endif
#include "types.h"
-#include "g10lib.h" /* need this for i18n */
-#include "util.h"
+#include "g10lib.h"
#include "ttyio.h"
#include "dynload.h"
@@ -121,12 +120,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
tv.tv_sec = 3;
tv.tv_usec = 0;
if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
+ #warning FIXME: Replace fprintf by a callback
if( !warn )
- #ifdef IS_MODULE
fprintf(stderr,
- #else
- tty_printf(
- #endif
_("\n"
"Not enough random bytes available. Please do some other work to give\n"
"the OS a chance to collect more entropy! (Need %d more bytes)\n"), length );
@@ -134,12 +130,7 @@ _("\n"
continue;
}
else if( rc == -1 ) {
- #ifdef IS_MODULE
- fprintf(stderr,
- #else
- tty_printf(
- #endif
- "select() error: %s\n", strerror(errno));
+ fprintf(stderr, "select() error: %s\n", strerror(errno));
continue;
}
diff --git a/cipher/rndunix.c b/cipher/rndunix.c
index 849f1e007..4ab9f65f6 100644
--- a/cipher/rndunix.c
+++ b/cipher/rndunix.c
@@ -97,7 +97,7 @@
#ifndef IS_MODULE
#include "dynload.h"
#endif
-#include "util.h"
+#include "g10lib.h"
#ifndef EAGAIN
#define EAGAIN EWOULDBLOCK
diff --git a/cipher/rndw32.c b/cipher/rndw32.c
index d7801e391..c1045851f 100644
--- a/cipher/rndw32.c
+++ b/cipher/rndw32.c
@@ -29,7 +29,6 @@
#include "types.h"
#include "g10lib.h"
-#include "util.h"
#include "dynload.h"
diff --git a/cipher/sha1.c b/cipher/sha1.c
index 40ad62f1f..f231e37b0 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -36,7 +36,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include "util.h"
+#include "g10lib.h"
#include "memory.h"
#include "dynload.h"
#include "bithelp.h"
diff --git a/cipher/smallprime.c b/cipher/smallprime.c
index 8187aa768..d50e31740 100644
--- a/cipher/smallprime.c
+++ b/cipher/smallprime.c
@@ -21,7 +21,6 @@
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
-#include "util.h"
#include "types.h"
/* Note: 2 is not included because it can be tested more easily
diff --git a/cipher/tiger.c b/cipher/tiger.c
index 0765f0bbd..0e42160a5 100644
--- a/cipher/tiger.c
+++ b/cipher/tiger.c
@@ -23,7 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#include "util.h"
+#include "g10lib.h"
#include "memory.h"
diff --git a/cipher/twofish.c b/cipher/twofish.c
index 42eed8bf2..1eea4b8e4 100644
--- a/cipher/twofish.c
+++ b/cipher/twofish.c
@@ -28,7 +28,6 @@
#include "types.h" /* for byte and u32 typedefs */
#include "g10lib.h"
-#include "util.h"
#include "dynload.h"
diff --git a/configure.in b/configure.in
index 8f1ab0b20..0bd7ecfac 100644
--- a/configure.in
+++ b/configure.in
@@ -172,8 +172,8 @@ dnl
dnl Build shared libraries only when compilation of libgcrypt
dnl has been requested
dnl
-AM_DISABLE_SHARED
-enable_shared="$compile_libgcrypt"
+dnl AM_DISABLE_STATIC
+dnl enable_shared="$compile_libgcrypt"
AM_PROG_LIBTOOL
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 4788a4437..3ba8449b8 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * g10.c (register_extension): New...
+ (main): Use it here instead of register_cipher_extesnion.
+ (strusage): s/strusage/my_strusage/ . Made static.
+ (main): Use set_strusage().
+
+ * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that
+ traditional cpp don't mess up the macros. Suggested by Jos Backus.
+
+ * armor.c (parse_header_line): Stop parsing on a only WS line too.
+ Suggested by Aric Cyr.
+
Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>
* misc.c (pull_in_libs): Removed.
diff --git a/g10/armor.c b/g10/armor.c
index 38c48fbbe..053cae7ff 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -311,9 +311,15 @@ parse_header_line( armor_filter_context_t *afx, byte *line, unsigned len )
byte *p;
int hashes=0;
+ /* fixme: why this double check? I think the original code w/o the
+ * second check for an empty line was done from an early draft of
+ * of OpenPGP - or simply very stupid code */
if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) )
return 0; /* empty line */
len = trim_trailing_ws( line, len );
+ if( !len )
+ return 0; /* WS only same as empty line */
+
p = strchr( line, ':');
if( !p || !p[1] ) {
log_error(_("invalid armor header: "));
diff --git a/g10/g10.c b/g10/g10.c
index 8ab8493c3..1cf7c09d9 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -367,8 +367,8 @@ our_pk_test_algo( int algo )
}
-const char *
-strusage( int level )
+static const char *
+my_strusage( int level )
{
static char *digests, *pubkeys, *ciphers;
const char *p;
@@ -410,7 +410,7 @@ strusage( int level )
p = digests;
break;
- default: p = default_strusage(level);
+ default: p = NULL;
}
return p;
}
@@ -487,6 +487,25 @@ make_username( const char *string )
static void
+register_extension( const char *mainpgm, const char *fname )
+{
+ if( *fname != '/' ) { /* do tilde expansion etc */
+ char *tmp;
+
+ if( strchr(fname, '/') )
+ tmp = make_filename(fname, NULL);
+ else
+ tmp = make_filename(GNUPG_LIBDIR, fname, NULL);
+ register_cipher_extension( mainpgm, tmp );
+ m_free(tmp);
+ }
+ else
+ register_cipher_extension( mainpgm, fname );
+}
+
+
+
+static void
set_debug(void)
{
if( opt.debug & DBG_MEMORY_VALUE )
@@ -564,6 +583,7 @@ main( int argc, char **argv )
#endif
trap_unaligned();
+ set_strusage( my_strusage );
secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */
/* Please note that we may running SUID(ROOT), so be very CAREFUL
* when adding any stuff between here and the call to
@@ -782,8 +802,7 @@ main( int argc, char **argv )
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
case oAlwaysTrust: opt.always_trust = 1; break;
case oLoadExtension:
- register_cipher_extension(orig_argc? *orig_argv:NULL,
- pargs.r.ret_str);
+ register_extension(orig_argc? *orig_argv:NULL, pargs.r.ret_str);
break;
case oRFC1991:
opt.rfc1991 = 1;
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index 799309e05..1d608bd19 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -43,8 +43,8 @@
#include "tdbio.h"
-#define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
- (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
+#define HEXTOBIN(x) ( (x) >= '0' && (x) <= '9' ? ((x)-'0') : \
+ (x) >= 'A' && (x) <= 'F' ? ((x)-'A'+10) : ((x)-'a'+10))
/****************
* Read a record but die if it does not exist
diff --git a/include/g10lib.h b/include/g10lib.h
index aa2977825..158901c0f 100644
--- a/include/g10lib.h
+++ b/include/g10lib.h
@@ -28,8 +28,13 @@
#ifdef _GCRYPT_H
#error gcrypt.h already included
#endif
+/* because libgcrypt is distributed along with GnuPG, we need some way
+ * to do a sanity check. If this macro is defined, we are inside of
+ * libgcrypt */
+#define _GCRYPT_IN_LIBGCRYPT 1
#include <gcrypt.h>
+#include "types.h"
#ifdef G10_I18N_H
#error i18n should not be included here
@@ -54,20 +59,45 @@ void *g10_xcalloc_secure( size_t n, size_t m );
void *g10_xrealloc( void *a, size_t n );
char *g10_xstrdup( const char * a);
void g10_free( void *p );
+int g10_is_secure( const void *a );
+void g10_check_heap( const void *a );
/*-- gcrypt/misc.c --*/
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+#define G10_GCC_A_NR __attribute__ ((noreturn))
+#define G10_GCC_A_PRINTF( f, a ) \
+ __attribute__ ((format (printf,f,a)))
+#define G10_GCC_A_NR_PRINTF( f, a ) \
+ __attribute__ ((noreturn, format (printf,f,a)))
+void g10_bug( const char *file, int line, const char *func ) G10_GCC_A_NR;
+#else
+#define G10_GCC_A_NR
+#define G10_GCC_A_PRINTF( f, a )
+#define G10_GCC_A_NR_PRINTF( f, a )
+void g10_bug( const char *file, int line );
+#endif
+
const char *g10_gettext( const char *key );
-void g10_fatal_error(int rc, const char *text );
+void g10_fatal_error(int rc, const char *text ) G10_GCC_A_NR;
+void g10_log( int level, const char *fmt, ... ) G10_GCC_A_PRINTF(2,3);
+void g10_log_bug( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2);
+void g10_log_fatal( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2);
+void g10_log_error( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2);
+void g10_log_info( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2);
+void g10_log_debug( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2);
-/*-- util/memory.c --*/
+/*-- util/{secmem,memory}.c --*/
+
+void *g10_private_malloc( size_t n );
+void *g10_private_malloc_secure( size_t n );
+int g10_private_is_secure( const void *p );
+void g10_private_check_heap( const void *p );
+void *g10_private_realloc( void *a, size_t n );
+void g10_private_free( void *p );
-#define g10_private_malloc(n) m_alloc((n))
-#define g10_private_malloc_secure(n) m_alloc_secure((n))
-#define g10_private_is_secure(n) m_is_secure((n))
-#define g10_private_realloc(a,n) m_realloc((a),(n))
-#define g10_private_free(p) m_free((p))
/*-- cipher/pubkey.c --*/
@@ -96,4 +126,54 @@ MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
+/* logging macros */
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+ #define BUG() g10_bug( __FILE__ , __LINE__, __FUNCTION__ )
+#else
+ #define BUG() g10_bug( __FILE__ , __LINE__ )
+#endif
+
+#define log_hexdump g10_log_hexdump
+#define log_bug g10_log_bug
+#define log_fatal g10_log_fatal
+#define log_error g10_log_error
+#define log_info g10_log_info
+#define log_debug g10_log_debug
+
+
+/* replacements of missing functions */
+#ifndef HAVE_MEMICMP
+int memicmp( const char *a, const char *b, size_t n );
+#endif
+#ifndef HAVE_STPCPY
+char *stpcpy(char *a,const char *b);
+#endif
+#ifndef HAVE_STRLWR
+char *strlwr(char *a);
+#endif
+#ifndef HAVE_STRTOUL
+ #define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c)))
+#endif
+#ifndef HAVE_MEMMOVE
+ #define memmove(d, s, n) bcopy((s), (d), (n))
+#endif
+#ifndef HAVE_STRICMP
+ #define stricmp(a,b) strcasecmp( (a), (b) )
+#endif
+#ifndef HAVE_ATEXIT
+ #define atexit(a) (on_exit((a),0))
+#endif
+#ifndef HAVE_RAISE
+ #define raise(a) kill(getpid(), (a))
+#endif
+
+/* some handy macros */
+#ifndef STR
+ #define STR(v) #v
+#endif
+#define STR2(v) STR(v)
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member) DIM(((type *)0)->member)
+
+
#endif /* G10LIB_H */
diff --git a/include/memory.h b/include/memory.h
index 84b7337c6..d7d7aabeb 100644
--- a/include/memory.h
+++ b/include/memory.h
@@ -67,7 +67,6 @@ void secmem_term( void );
void *secmem_malloc( size_t size );
void *secmem_realloc( void *a, size_t newsize );
void secmem_free( void *a );
-int m_is_secure( const void *p );
void secmem_dump_stats(void);
void secmem_set_flags( unsigned flags );
unsigned secmem_get_flags(void);
diff --git a/include/util.h b/include/util.h
index 8eec982cc..cf656f625 100644
--- a/include/util.h
+++ b/include/util.h
@@ -1,5 +1,5 @@
/* util.h
- * Copyright (C) 1998 Free Software Foundation, Inc.
+ * Copyright (C) 1998,1999 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
@@ -20,6 +20,10 @@
#ifndef G10_UTIL_H
#define G10_UTIL_H
+#ifdef _GCRYPT_IN_LIBGCRYPT
+ #error This header should not be used internally by libgcrypt
+#endif
+
#include "types.h"
#include "errors.h"
#include "types.h"
@@ -120,11 +124,8 @@ int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts);
int optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts);
void usage( int level );
-const char *default_strusage( int level );
-
-
-/*-- (main program) --*/
const char *strusage( int level );
+void set_strusage( const char *(*f)( int ) );
/*-- dotlock.c --*/
diff --git a/mpi/ChangeLog b/mpi/ChangeLog
index d6cf6e3ee..3a0fca1ad 100644
--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@@ -1,3 +1,23 @@
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * mpicoder.c (g10_log_mpidump): Add a temporary workaround
+
+ * mpih-mul.c (mpihelp_mul_n): s/m_is_ecure/g10_is_secure/
+
+ * mpiutil.c (mpi_alloc): Remved the debug mode because it has turned
+ out, that this feature was not very useful in the past. Use the
+ new alloc functions.
+ (mpi_alloc_secure): Ditto.
+ (mpi_alloc_limb_space): Ditto.
+ (mpi_free_limb_space): Ditto.
+ (mpi_resize): Ditto.
+ (mpi_free): Ditto.
+ (mpi_set_secure): Removed the debug stuff.
+ (mpi_set_opaque): Ditto.
+ (mpi_copy): Ditto.
+ (mpi_alloc_set_ui): Ditto.
+ (mpi_m_check): Use g10_ wrapper.
+
Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index dae6eb4e1..25d37ec41 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -42,6 +42,9 @@
int
mpi_write( IOBUF out, MPI a )
{
+ return -1;
+ #warning Function is disabled
+ #if 0
int rc;
unsigned nbits = mpi_get_nbits(a);
byte *p, *buf;
@@ -57,6 +60,7 @@ mpi_write( IOBUF out, MPI a )
rc = iobuf_write( out, p, n );
m_free(buf);
return rc;
+ #endif
}
@@ -73,6 +77,9 @@ mpi_debug_read(IOBUF inp, unsigned *ret_nread, int secure, const char *info)
mpi_read(IOBUF inp, unsigned *ret_nread, int secure)
#endif
{
+ return NULL;
+ #warning Function is disabled
+ #if 0
int c, i, j;
unsigned nbits, nbytes, nlimbs, nread=0;
mpi_limb_t a;
@@ -120,6 +127,7 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure)
else
*ret_nread = nread;
return val;
+ #endif
}
@@ -246,6 +254,7 @@ mpi_fromstr(MPI val, const char *str)
/****************
* print an MPI to the given stream and return the number of characters
* printed.
+ * FIXME: Replace this by the more generic gcry_mpi_print()
*/
int
mpi_print( FILE *fp, MPI a, int mode )
@@ -289,9 +298,10 @@ mpi_print( FILE *fp, MPI a, int mode )
void
g10_log_mpidump( const char *text, MPI a )
{
- FILE *fp = log_stream();
+ FILE *fp = stderr; /* used to be log_stream() */
- g10_log_print_prefix(text);
+ /* FIXME: Replace this function by a g10_log_xxx one */
+ fprintf(fp,"%s: ",text);
mpi_print(fp, a, 1 );
fputc('\n', fp);
}
diff --git a/mpi/mpih-mul.c b/mpi/mpih-mul.c
index 7707c0e30..67749f4cd 100644
--- a/mpi/mpih-mul.c
+++ b/mpi/mpih-mul.c
@@ -31,6 +31,7 @@
#include <stdlib.h>
#include "mpi-internal.h"
#include "longlong.h"
+#include "g10lib.h" /* for g10_is_secure() */
@@ -352,7 +353,7 @@ mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size)
mpih_sqr_n_basecase( prodp, up, size );
else {
mpi_ptr_t tspace;
- secure = m_is_secure( up );
+ secure = g10_is_secure( up );
tspace = mpi_alloc_limb_space( 2 * size, secure );
mpih_sqr_n( prodp, up, size, tspace );
mpi_free_limb_space( tspace );
@@ -363,7 +364,7 @@ mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size)
mul_n_basecase( prodp, up, vp, size );
else {
mpi_ptr_t tspace;
- secure = m_is_secure( up ) || m_is_secure( vp );
+ secure = g10_is_secure( up ) || g10_is_secure( vp );
tspace = mpi_alloc_limb_space( 2 * size, secure );
mul_n (prodp, up, vp, size, tspace);
mpi_free_limb_space( tspace );
@@ -438,15 +439,15 @@ mpihelp_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize,
}
tspace = mpi_alloc_limb_space( 2 * vsize,
- m_is_secure( up ) || m_is_secure( vp ) );
+ g10_is_secure( up ) || g10_is_secure( vp ) );
MPN_MUL_N_RECURSE( prodp, up, vp, vsize, tspace );
prodp += vsize;
up += vsize;
usize -= vsize;
if( usize >= vsize ) {
- mpi_ptr_t tp = mpi_alloc_limb_space( 2 * vsize, m_is_secure( up )
- || m_is_secure( vp ) );
+ mpi_ptr_t tp = mpi_alloc_limb_space( 2 * vsize, g10_is_secure( up )
+ || g10_is_secure( vp ) );
do {
MPN_MUL_N_RECURSE( tp, up, vp, vsize, tspace );
cy = mpihelp_add_n( prodp, prodp, tp, vsize );
diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index 62cb882d6..317940b5f 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -27,14 +27,7 @@
#include "mpi.h"
#include "mpi-internal.h"
#include "memory.h"
-#include "util.h"
-
-
-#ifdef M_DEBUG
- #undef mpi_alloc
- #undef mpi_alloc_secure
- #undef mpi_free
-#endif
+#include "g10lib.h"
/****************
* Note: It was a bad idea to use the number of limbs to allocate
@@ -44,23 +37,14 @@
* But mpi_alloc is used in a lot of places :-)
*/
MPI
-#ifdef M_DEBUG
-mpi_debug_alloc( unsigned nlimbs, const char *info )
-#else
mpi_alloc( unsigned nlimbs )
-#endif
{
MPI a;
if( DBG_MEMORY )
log_debug("mpi_alloc(%u)\n", nlimbs*BITS_PER_MPI_LIMB );
- #ifdef M_DEBUG
- a = m_debug_alloc( sizeof *a, info );
- a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 0, info ) : NULL;
- #else
- a = m_alloc( sizeof *a );
+ a = g10_xmalloc( sizeof *a );
a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 0 ) : NULL;
- #endif
a->alloced = nlimbs;
a->nlimbs = 0;
a->sign = 0;
@@ -72,28 +56,19 @@ mpi_alloc( unsigned nlimbs )
void
mpi_m_check( MPI a )
{
- m_check(a);
- m_check(a->d);
+ g10_check_heap(a);
+ g10_check_heap(a->d);
}
MPI
-#ifdef M_DEBUG
-mpi_debug_alloc_secure( unsigned nlimbs, const char *info )
-#else
mpi_alloc_secure( unsigned nlimbs )
-#endif
{
MPI a;
if( DBG_MEMORY )
log_debug("mpi_alloc_secure(%u)\n", nlimbs*BITS_PER_MPI_LIMB );
- #ifdef M_DEBUG
- a = m_debug_alloc( sizeof *a, info );
- a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 1, info ) : NULL;
- #else
- a = m_alloc( sizeof *a );
+ a = g10_xmalloc( sizeof *a );
a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL;
- #endif
a->alloced = nlimbs;
a->flags = 1;
a->nlimbs = 0;
@@ -103,90 +78,30 @@ mpi_alloc_secure( unsigned nlimbs )
}
-#if 0
-static void *unused_limbs_5;
-static void *unused_limbs_32;
-static void *unused_limbs_64;
-#endif
mpi_ptr_t
-#ifdef M_DEBUG
-mpi_debug_alloc_limb_space( unsigned nlimbs, int secure, const char *info )
-#else
mpi_alloc_limb_space( unsigned nlimbs, int secure )
-#endif
{
size_t len = nlimbs * sizeof(mpi_limb_t);
mpi_ptr_t p;
if( DBG_MEMORY )
log_debug("mpi_alloc_limb_space(%u)\n", (unsigned)len*8 );
- #if 0
- if( !secure ) {
- if( nlimbs == 5 && unused_limbs_5 ) { /* DSA 160 bits */
- p = unused_limbs_5;
- unused_limbs_5 = *p;
- return p;
- }
- else if( nlimbs == 32 && unused_limbs_32 ) { /* DSA 1024 bits */
- p = unused_limbs_32;
- unused_limbs_32 = *p;
- return p;
- }
- else if( nlimbs == 64 && unused_limbs_64 ) { /* DSA 2*1024 bits */
- p = unused_limbs_64;
- unused_limbs_64 = *p;
- return p;
- }
- }
- #endif
- #ifdef M_DEBUG
- p = secure? m_debug_alloc_secure(len, info):m_debug_alloc( len, info );
- #else
- p = secure? m_alloc_secure( len ):m_alloc( len );
- #endif
+ p = secure? g10_xmalloc_secure( len ) : g10_xmalloc( len );
return p;
}
void
-#ifdef M_DEBUG
-mpi_debug_free_limb_space( mpi_ptr_t a, const char *info )
-#else
mpi_free_limb_space( mpi_ptr_t a )
-#endif
{
if( !a )
return;
if( DBG_MEMORY )
- log_debug("mpi_free_limb_space of size %lu\n", (ulong)m_size(a)*8 );
-
- #if 0
- if( !m_is_secure(a) ) {
- size_t nlimbs = m_size(a) / 4 ;
- void *p = a;
-
- if( nlimbs == 5 ) { /* DSA 160 bits */
- *a = unused_limbs_5;
- unused_limbs_5 = a;
- return;
- }
- else if( nlimbs == 32 ) { /* DSA 1024 bits */
- *a = unused_limbs_32;
- unused_limbs_32 = a;
- return;
- }
- else if( nlimbs == 64 ) { /* DSA 2*1024 bits */
- *a = unused_limbs_64;
- unused_limbs_64 = a;
- return;
- }
- }
- #endif
+ log_debug("mpi_free_limb_space\n" );
-
- m_free(a);
+ g10_free(a);
}
@@ -202,33 +117,22 @@ mpi_assign_limb_space( MPI a, mpi_ptr_t ap, unsigned nlimbs )
/****************
* Resize the array of A to NLIMBS. the additional space is cleared
- * (set to 0) [done by m_realloc()]
+ * (set to 0) [done by g10_realloc()]
*/
void
-#ifdef M_DEBUG
-mpi_debug_resize( MPI a, unsigned nlimbs, const char *info )
-#else
mpi_resize( MPI a, unsigned nlimbs )
-#endif
{
if( nlimbs <= a->alloced )
return; /* no need to do it */
/* Note: a->secure is not used - instead the realloc functions
* take care of it. Maybe we should drop a->secure completely
* and rely on a mpi_is_secure function, which would be
- * a wrapper around m_is_secure
+ * a wrapper around g10_is_secure
*/
- #ifdef M_DEBUG
- if( a->d )
- a->d = m_debug_realloc(a->d, nlimbs * sizeof(mpi_limb_t), info );
- else
- a->d = m_debug_alloc_clear( nlimbs * sizeof(mpi_limb_t), info );
- #else
if( a->d )
- a->d = m_realloc(a->d, nlimbs * sizeof(mpi_limb_t) );
- else
- a->d = m_alloc_clear( nlimbs * sizeof(mpi_limb_t) );
- #endif
+ a->d = g10_xrealloc(a->d, nlimbs * sizeof(mpi_limb_t) );
+ else /* FIXME: It may not be allocted in secure memory */
+ a->d = g10_xcalloc( nlimbs , sizeof(mpi_limb_t) );
a->alloced = nlimbs;
}
@@ -242,28 +146,20 @@ mpi_clear( MPI a )
void
-#ifdef M_DEBUG
-mpi_debug_free( MPI a, const char *info )
-#else
mpi_free( MPI a )
-#endif
{
if( !a )
return;
if( DBG_MEMORY )
log_debug("mpi_free\n" );
if( a->flags & 4 )
- m_free( a->d );
+ g10_free( a->d );
else {
- #ifdef M_DEBUG
- mpi_debug_free_limb_space(a->d, info);
- #else
mpi_free_limb_space(a->d);
- #endif
}
if( a->flags & ~7 )
log_bug("invalid flag value in mpi\n");
- m_free(a);
+ g10_free(a);
}
@@ -280,18 +176,10 @@ mpi_set_secure( MPI a )
assert(!ap);
return;
}
- #ifdef M_DEBUG
- bp = mpi_debug_alloc_limb_space( a->nlimbs, 1, "set_secure" );
- #else
bp = mpi_alloc_limb_space( a->nlimbs, 1 );
- #endif
MPN_COPY( bp, ap, a->nlimbs );
a->d = bp;
- #ifdef M_DEBUG
- mpi_debug_free_limb_space(ap, "set_secure");
- #else
mpi_free_limb_space(ap);
- #endif
}
@@ -299,21 +187,13 @@ MPI
mpi_set_opaque( MPI a, void *p, int len )
{
if( !a ) {
- #ifdef M_DEBUG
- a = mpi_debug_alloc(0,"alloc_opaque");
- #else
a = mpi_alloc(0);
- #endif
}
if( a->flags & 4 )
- m_free( a->d );
+ g10_free( a->d );
else {
- #ifdef M_DEBUG
- mpi_debug_free_limb_space(a->d, "alloc_opaque");
- #else
mpi_free_limb_space(a->d);
- #endif
}
a->d = p;
@@ -341,29 +221,20 @@ mpi_get_opaque( MPI a, int *len )
* but copy it transparently.
*/
MPI
-#ifdef M_DEBUG
-mpi_debug_copy( MPI a, const char *info )
-#else
mpi_copy( MPI a )
-#endif
{
int i;
MPI b;
if( a && (a->flags & 4) ) {
- void *p = m_is_secure(a->d)? m_alloc_secure( a->nbits )
- : m_alloc( a->nbits );
+ void *p = g10_is_secure(a->d)? g10_xmalloc_secure( a->nbits )
+ : g10_xmalloc( a->nbits );
memcpy( p, a->d, a->nbits );
b = mpi_set_opaque( NULL, p, a->nbits );
}
else if( a ) {
- #ifdef M_DEBUG
- b = mpi_is_secure(a)? mpi_debug_alloc_secure( a->nlimbs, info )
- : mpi_debug_alloc( a->nlimbs, info );
- #else
b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs )
: mpi_alloc( a->nlimbs );
- #endif
b->nlimbs = a->nlimbs;
b->sign = a->sign;
b->flags = a->flags;
@@ -388,8 +259,8 @@ mpi_alloc_like( MPI a )
MPI b;
if( a && (a->flags & 4) ) {
- void *p = m_is_secure(a->d)? m_alloc_secure( a->nbits )
- : m_alloc( a->nbits );
+ void *p = g10_is_secure(a->d)? g10_malloc_secure( a->nbits )
+ : g10_malloc( a->nbits );
memcpy( p, a->d, a->nbits );
b = mpi_set_opaque( NULL, p, a->nbits );
}
@@ -440,11 +311,7 @@ mpi_set_ui( MPI w, unsigned long u)
MPI
mpi_alloc_set_ui( unsigned long u)
{
- #ifdef M_DEBUG
- MPI w = mpi_debug_alloc(1,"alloc_set_ui");
- #else
MPI w = mpi_alloc(1);
- #endif
w->d[0] = u;
w->nlimbs = u? 1:0;
w->sign = 0;
diff --git a/util/ChangeLog b/util/ChangeLog
index ff2e09e38..ea9c7f3fe 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,24 @@
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * argparse.c (default_strusage): Renamed to strusage. Fall back
+ to the old behaviour if no sepcial strhandler has been set.
+
+ * memory.c (g10_private_check_heap): New.
+
+ * secmem.c (m_is_secure): Renamed to ...
+ (g10_private_is_secure): ... this.
+ * memory.c (g10_private_malloc): New. Takes core functionalty of ...
+ (m_alloc): ... and calls it.
+ (g10_private_malloc_secure): New. Takes core functionalty of ...
+ (m_alloc_secure): ... and calls it.
+ (g10_private_realloc): New. Takes core functionalty of ...
+ (m_realloc): ... and this one calls it.
+ (g10_private_free): Wraps around m_free().
+
+ * argparse.c (g10_set_strusage): New.
+ (default_strusage): renamed to ...
+ (g10_default_strusage): .. this.
+
Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
* g10u.c: Removed.
diff --git a/util/argparse.c b/util/argparse.c
index c6f405f62..12b0ebd7f 100644
--- a/util/argparse.c
+++ b/util/argparse.c
@@ -135,10 +135,13 @@ struct alias_def_s {
const char *value; /* ptr into name */
};
+static const char *(*strusage_handler)( int ) = NULL;
+
static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s);
static void show_help(ARGPARSE_OPTS *opts, unsigned flags);
static void show_version(void);
+
static void
initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
{
@@ -886,9 +889,13 @@ usage( int level )
* 41: long usage note (with LF)
*/
const char *
-default_strusage( int level )
+strusage( int level )
{
- const char *p = NULL;
+ const char *p = strusage_handler? strusage_handler(level) : NULL;
+
+ if( p )
+ return p;
+
switch( level ) {
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
@@ -917,6 +924,11 @@ default_strusage( int level )
return p;
}
+void
+set_strusage( const char *(*f)( int ) )
+{
+ strusage_handler = f;
+}
#ifdef TEST
diff --git a/util/memory.c b/util/memory.c
index af79cd0cb..712e20d26 100644
--- a/util/memory.c
+++ b/util/memory.c
@@ -37,6 +37,9 @@
#include "memory.h"
#include "util.h"
+/* FXIME: ugly hack. Need a prototype here bug can't include g10lib.h */
+int g10_private_is_secure( void *p );
+
#define MAGIC_NOR_BYTE 0x55
#define MAGIC_SEC_BYTE 0xcc
@@ -384,49 +387,74 @@ out_of_core(size_t n, int secure)
}
+
+
/****************
* Allocate memory of size n.
- * This function gives up if we do not have enough memory
+ * Return NULL if we are out of memory.
*/
void *
-FNAME(alloc)( size_t n FNAMEPRT )
+g10_private_malloc( size_t n)
{
char *p;
#ifdef M_GUARD
if( !(p = malloc( n + EXTRA_ALIGN+5 )) )
- out_of_core(n,0);
+ return NULL;
store_len(p,n,0);
used_memory += n;
p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
return p+EXTRA_ALIGN+4;
- #else
- if( !(p = malloc( n )) )
+ #else /* fixme: This can be done with a macro */
+ return malloc( n );
+ #endif
+}
+
+/****************
+ * Allocate memory of size n.
+ * This function gives up if we do not have enough memory
+ */
+void *
+FNAME(alloc)( size_t n FNAMEPRT )
+{
+ char *p = g10_private_malloc( n );
+ if( !p )
out_of_core(n,0);
return p;
- #endif
}
+
/****************
* Allocate memory of size n from the secure memory pool.
- * This function gives up if we do not have enough memory
+ * Return NULL if we are out of memory.
*/
void *
-FNAME(alloc_secure)( size_t n FNAMEPRT )
+g10_private_malloc_secure( size_t n)
{
char *p;
#ifdef M_GUARD
if( !(p = secmem_malloc( n +EXTRA_ALIGN+ 5 )) )
- out_of_core(n,1);
+ return NULL;
store_len(p,n,1);
p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
return p+EXTRA_ALIGN+4;
#else
- if( !(p = secmem_malloc( n )) )
+ return secmem_malloc( n );
+ #endif
+}
+
+/****************
+ * Allocate memory of size n from the secure memory pool.
+ * This function gives up if we do not have enough memory
+ */
+void *
+FNAME(alloc_secure)( size_t n FNAMEPRT )
+{
+ char *p = g10_private_malloc_secure( n );
+ if( !p )
out_of_core(n,1);
return p;
- #endif
}
void *
@@ -447,12 +475,12 @@ FNAME(alloc_secure_clear)( size_t n FNAMEPRT)
return p;
}
-
/****************
* realloc and clear the old space
+ * Return NULL if there is not enoug memory.
*/
void *
-FNAME(realloc)( void *a, size_t n FNAMEPRT )
+g10_private_realloc( void *a, size_t n )
{
#ifdef M_GUARD
unsigned char *p = a;
@@ -462,28 +490,39 @@ FNAME(realloc)( void *a, size_t n FNAMEPRT )
if( len >= n ) /* we don't shrink for now */
return a;
if( p[-1] == MAGIC_SEC_BYTE )
- b = FNAME(alloc_secure_clear)(n FNAMEARG);
+ b = g10_private_malloc_secure(n);
else
- b = FNAME(alloc_clear)(n FNAMEARG);
+ b = g10_private_malloc(n);
+ if( !b )
+ return NULL;
+ memset(p, 0, n );
FNAME(check)(NULL FNAMEARG);
memcpy(b, a, len );
FNAME(free)(p FNAMEARG);
+ return b;
#else
- void *b;
-
- if( m_is_secure(a) ) {
- if( !(b = secmem_realloc( a, n )) )
- out_of_core(n,1);
+ if( g10_private_is_secure(a) ) {
+ return secmem_realloc( a, n );
}
else {
- if( !(b = realloc( a, n )) )
- out_of_core(n,0);
+ return realloc( a, n );
}
#endif
- return b;
}
+/****************
+ * realloc and clear the old space
+ */
+void *
+FNAME(realloc)( void *a, size_t n FNAMEPRT )
+{
+ void *b = g10_private_realloc( a, n );
+ if( !b )
+ out_of_core(n, g10_private_is_secure(a));
+ return b;
+}
+
/****************
* Free a pointer
@@ -499,20 +538,25 @@ FNAME(free)( void *a FNAMEPRT )
free_entry(p-EXTRA_ALIGN-4, info);
#elif M_GUARD
m_check(p);
- if( m_is_secure(a) )
+ if( g10_private_is_secure(a) )
secmem_free(p-EXTRA_ALIGN-4);
else {
used_memory -= m_size(a);
free(p-EXTRA_ALIGN-4);
}
#else
- if( m_is_secure(a) )
+ if( g10_private_is_secure(a) )
secmem_free(p);
else
free(p);
#endif
}
+void
+g10_private_free( void *a )
+{
+ m_free(a);
+}
void
FNAME(check)( const void *a FNAMEPRT )
@@ -537,6 +581,13 @@ FNAME(check)( const void *a FNAMEPRT )
}
+void
+g10_private_check_heap( const void *p )
+{
+ m_check(p);
+}
+
+
size_t
m_size( const void *a )
{
@@ -573,7 +624,7 @@ FNAME(copy)( const void *a FNAMEPRT )
return NULL;
n = m_size(a); Aiiiih woher nehmen
- if( m_is_secure(a) )
+ if( g10_private_is_secure(a) )
b = FNAME(alloc_secure)(n FNAMEARG);
else
b = FNAME(alloc)(n FNAMEARG);
@@ -591,3 +642,4 @@ FNAME(strdup)( const char *a FNAMEPRT )
return p;
}
+
diff --git a/util/secmem.c b/util/secmem.c
index db4ee4148..84ec4c2a1 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -370,8 +370,9 @@ secmem_free( void *a )
cur_alloced -= size;
}
+
int
-m_is_secure( const void *p )
+g10_private_is_secure( const void *p )
{
return p >= pool && p < (void*)((char*)pool+poolsize);
}