Merge branch 'refs/heads/t/mixer-fix'

[paraslash.git] / gcrypt.c

diff --git a/gcrypt.c b/gcrypt.c
index 2398a605d29211d8581b5b76e0cb586258fe0898..694c0adb8454b73dc0e5b67876fc7a03617b61d0 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -56,7 +56,7 @@ void get_random_bytes_or_die(unsigned char *buf, int num)
  * call to gcry_check_version() initializes the gcrypt library and checks that
  * we have at least the minimal required version.
  */
-void init_random_seed_or_die(void)
+void crypt_init(void)
 {
        const char *req_ver = "1.5.0";
        int seed;
@@ -66,10 +66,29 @@ void init_random_seed_or_die(void)
                        req_ver, gcry_check_version(NULL));
                exit(EXIT_FAILURE);
        }
+
+       /*
+        * Allocate a pool of secure memory. This also drops privileges where
+        * needed.
+        */
+       gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+       /* Tell Libgcrypt that initialization has completed. */
+       gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
        get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
        srandom(seed);
 }
 
+void crypt_shutdown(void)
+{
+       /*
+        * WK does not see a way to apply a patch for the sake of Valgrind, so
+        * as of 2018 libgrypt has no deinitialization routine to free the
+        * resources on exit.
+        */
+}
+
 /** S-expression for the public part of an RSA key. */
 #define RSA_PUBKEY_SEXP "(public-key (rsa (n %m) (e %m)))"
 /** S-expression for a private RSA key. */
@@ -218,7 +237,7 @@ static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn,
        PARA_DEBUG_LOG("bn_size %d (0x%x)\n", bn_size, (unsigned)bn_size);
        gret = gcry_mpi_scan(bn, GCRYMPI_FMT_STD, cp, bn_size, NULL);
        if (gret) {
-               PARA_ERROR_LOG("%s while scanning n\n",
+               PARA_ERROR_LOG("gcry_mpi_scan: %s\n",
                        gcry_strerror(gcry_err_code(gret)));
                return-E_MPI_SCAN;
        }
@@ -366,7 +385,7 @@ free_blob:
        return ret;
 }
 
-int get_public_key(const char *key_file, struct asymmetric_key **result)
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
 {
        unsigned char *blob, *p, *end;
        int ret;
@@ -406,7 +425,7 @@ int get_public_key(const char *key_file, struct asymmetric_key **result)
                ret = -E_SEXP_BUILD;
                goto release_n;
        }
-       ret = nr_scanned / 32 * 32;
+       ret = ROUND_DOWN(nr_scanned, 32);
        PARA_INFO_LOG("successfully read %d bit ssh public key\n", ret * 8);
        key = para_malloc(sizeof(*key));
        key->num_bytes = ret;
@@ -421,7 +440,7 @@ free_blob:
        return ret;
 }
 
-void free_public_key(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *key)
 {
        if (!key)
                return;
@@ -439,7 +458,7 @@ static int decode_rsa(gcry_sexp_t sexp, unsigned char *outbuf, size_t *nbytes)
        return 1;
 }
 
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
                unsigned char *inbuf, int inlen)
 {
        gcry_error_t gret;
@@ -506,7 +525,7 @@ free_key:
        return ret;
 }
 
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
                unsigned len, unsigned char *outbuf)
 {
        gcry_error_t gret;