X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=gcrypt.c;h=694c0adb8454b73dc0e5b67876fc7a03617b61d0;hp=b21cf72272b6cfdaaf84adab464d11d882607c9c;hb=23ef2355fbdebce56083ec7a0ebb65a05c42e5dc;hpb=a4c2c4f9c7cd580252917729a65d482de3c14a97 diff --git a/gcrypt.c b/gcrypt.c index b21cf722..694c0adb 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -56,7 +56,7 @@ void get_random_bytes_or_die(unsigned char *buf, int num) * call to gcry_check_version() initializes the gcrypt library and checks that * we have at least the minimal required version. */ -void init_random_seed_or_die(void) +void crypt_init(void) { const char *req_ver = "1.5.0"; int seed; @@ -66,10 +66,29 @@ void init_random_seed_or_die(void) req_ver, gcry_check_version(NULL)); exit(EXIT_FAILURE); } + + /* + * Allocate a pool of secure memory. This also drops privileges where + * needed. + */ + gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0); + + /* Tell Libgcrypt that initialization has completed. */ + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed)); srandom(seed); } +void crypt_shutdown(void) +{ + /* + * WK does not see a way to apply a patch for the sake of Valgrind, so + * as of 2018 libgrypt has no deinitialization routine to free the + * resources on exit. + */ +} + /** S-expression for the public part of an RSA key. */ #define RSA_PUBKEY_SEXP "(public-key (rsa (n %m) (e %m)))" /** S-expression for a private RSA key. */ @@ -218,7 +237,7 @@ static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn, PARA_DEBUG_LOG("bn_size %d (0x%x)\n", bn_size, (unsigned)bn_size); gret = gcry_mpi_scan(bn, GCRYMPI_FMT_STD, cp, bn_size, NULL); if (gret) { - PARA_ERROR_LOG("%s while scanning n\n", + PARA_ERROR_LOG("gcry_mpi_scan: %s\n", gcry_strerror(gcry_err_code(gret))); return-E_MPI_SCAN; } @@ -406,7 +425,7 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) ret = -E_SEXP_BUILD; goto release_n; } - ret = nr_scanned / 32 * 32; + ret = ROUND_DOWN(nr_scanned, 32); PARA_INFO_LOG("successfully read %d bit ssh public key\n", ret * 8); key = para_malloc(sizeof(*key)); key->num_bytes = ret;