* call to gcry_check_version() initializes the gcrypt library and checks that
* we have at least the minimal required version.
*/
-void init_random_seed_or_die(void)
+void crypt_init(void)
{
const char *req_ver = "1.5.0";
int seed;
req_ver, gcry_check_version(NULL));
exit(EXIT_FAILURE);
}
+
+ /*
+ * Allocate a pool of secure memory. This also drops privileges where
+ * needed.
+ */
+ gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+ /* Tell Libgcrypt that initialization has completed. */
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
srandom(seed);
}
+void crypt_shutdown(void)
+{
+ /*
+ * WK does not see a way to apply a patch for the sake of Valgrind, so
+ * as of 2018 libgrypt has no deinitialization routine to free the
+ * resources on exit.
+ */
+}
+
/** S-expression for the public part of an RSA key. */
#define RSA_PUBKEY_SEXP "(public-key (rsa (n %m) (e %m)))"
/** S-expression for a private RSA key. */
PARA_DEBUG_LOG("bn_size %d (0x%x)\n", bn_size, (unsigned)bn_size);
gret = gcry_mpi_scan(bn, GCRYMPI_FMT_STD, cp, bn_size, NULL);
if (gret) {
- PARA_ERROR_LOG("%s while scanning n\n",
+ PARA_ERROR_LOG("gcry_mpi_scan: %s\n",
gcry_strerror(gcry_err_code(gret)));
return-E_MPI_SCAN;
}
return ret;
}
-int get_public_key(const char *key_file, struct asymmetric_key **result)
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
{
unsigned char *blob, *p, *end;
int ret;
ret = -E_SEXP_BUILD;
goto release_n;
}
- ret = nr_scanned / 32 * 32;
+ ret = ROUND_DOWN(nr_scanned, 32);
PARA_INFO_LOG("successfully read %d bit ssh public key\n", ret * 8);
key = para_malloc(sizeof(*key));
key->num_bytes = ret;
return ret;
}
-void free_public_key(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *key)
{
if (!key)
return;
return 1;
}
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen)
{
gcry_error_t gret;
return ret;
}
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf)
{
gcry_error_t gret;