Page Menu
Home
GnuPG
Search
Configure Global Search
Log In
Files
F20064818
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Size
154 KB
Subscribers
None
View Options
diff --git a/cipher/rijndael.c b/cipher/rijndael.c
index 08707b6d..2b19e094 100644
--- a/cipher/rijndael.c
+++ b/cipher/rijndael.c
@@ -1,1253 +1,1263 @@
/* Rijndael (AES) for GnuPG
* Copyright (C) 2000, 2001, 2002, 2003, 2007,
* 2008 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*******************************************************************
* The code here is based on the optimized implementation taken from
* http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
* which carries this notice:
*------------------------------------------
* rijndael-alg-fst.c v2.3 April '2000
*
* Optimised ANSI C code
*
* authors: v1.0: Antoon Bosselaers
* v2.0: Vincent Rijmen
* v2.3: Paulo Barreto
*
* This code is placed in the public domain.
*------------------------------------------
*
* The SP800-38a document is available at:
* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
*
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h> /* for memcmp() */
#include "types.h" /* for byte and u32 typedefs */
#include "g10lib.h"
#include "cipher.h"
#define MAXKC (256/32)
#define MAXROUNDS 14
#define BLOCKSIZE (128/8)
/* USE_PADLOCK indicates whether to compile the padlock specific
code. */
#undef USE_PADLOCK
#ifdef ENABLE_PADLOCK_SUPPORT
# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
# define USE_PADLOCK
# endif
#endif /*ENABLE_PADLOCK_SUPPORT*/
+
+/* USE_AESNI inidicates whether to compile with Intel AES-NI code. */
+#undef USE_AESNI
+#ifdef ENABLE_AESNI_SUPPORT
+# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define USE_AESNI
+# endif
+#endif /* ENABLE_AESNI_SUPPORT */
+
+
static const char *selftest(void);
typedef struct
{
int ROUNDS; /* Key-length-dependent number of rounds. */
int decryption_prepared; /* The decryption key schedule is available. */
#ifdef USE_PADLOCK
int use_padlock; /* Padlock shall be used. */
/* The key as passed to the padlock engine. */
unsigned char padlock_key[16] __attribute__ ((aligned (16)));
#endif
union
{
PROPERLY_ALIGNED_TYPE dummy;
byte keyschedule[MAXROUNDS+1][4][4];
} u1;
union
{
PROPERLY_ALIGNED_TYPE dummy;
byte keyschedule[MAXROUNDS+1][4][4];
} u2;
} RIJNDAEL_context;
#define keySched u1.keyschedule
#define keySched2 u2.keyschedule
/* All the numbers. */
#include "rijndael-tables.h"
/* Perform the key setup. */
static gcry_err_code_t
do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
{
static int initialized = 0;
static const char *selftest_failed=0;
int ROUNDS;
int i,j, r, t, rconpointer = 0;
int KC;
union
{
PROPERLY_ALIGNED_TYPE dummy;
byte k[MAXKC][4];
} k;
#define k k.k
union
{
PROPERLY_ALIGNED_TYPE dummy;
byte tk[MAXKC][4];
} tk;
#define tk tk.tk
/* The on-the-fly self tests are only run in non-fips mode. In fips
mode explicit self-tests are required. Actually the on-the-fly
self-tests are not fully thread-safe and it might happen that a
failed self-test won't get noticed in another thread.
FIXME: We might want to have a central registry of succeeded
self-tests. */
if (!fips_mode () && !initialized)
{
initialized = 1;
selftest_failed = selftest ();
if (selftest_failed)
log_error ("%s\n", selftest_failed );
}
if (selftest_failed)
return GPG_ERR_SELFTEST_FAILED;
ctx->decryption_prepared = 0;
#ifdef USE_PADLOCK
ctx->use_padlock = 0;
#endif
if( keylen == 128/8 )
{
ROUNDS = 10;
KC = 4;
#ifdef USE_PADLOCK
if ((_gcry_get_hw_features () & HWF_PADLOCK_AES))
{
ctx->use_padlock = 1;
memcpy (ctx->padlock_key, key, keylen);
}
#endif
}
else if ( keylen == 192/8 )
{
ROUNDS = 12;
KC = 6;
}
else if ( keylen == 256/8 )
{
ROUNDS = 14;
KC = 8;
}
else
return GPG_ERR_INV_KEYLEN;
ctx->ROUNDS = ROUNDS;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
{
/* Nothing to do as we support only hardware key generation for
now. */
}
else
#endif /*USE_PADLOCK*/
{
#define W (ctx->keySched)
for (i = 0; i < keylen; i++)
{
k[i >> 2][i & 3] = key[i];
}
for (j = KC-1; j >= 0; j--)
{
*((u32*)tk[j]) = *((u32*)k[j]);
}
r = 0;
t = 0;
/* Copy values into round key array. */
for (j = 0; (j < KC) && (r < ROUNDS + 1); )
{
for (; (j < KC) && (t < 4); j++, t++)
{
*((u32*)W[r][t]) = *((u32*)tk[j]);
}
if (t == 4)
{
r++;
t = 0;
}
}
while (r < ROUNDS + 1)
{
/* While not enough round key material calculated calculate
new values. */
tk[0][0] ^= S[tk[KC-1][1]];
tk[0][1] ^= S[tk[KC-1][2]];
tk[0][2] ^= S[tk[KC-1][3]];
tk[0][3] ^= S[tk[KC-1][0]];
tk[0][0] ^= rcon[rconpointer++];
if (KC != 8)
{
for (j = 1; j < KC; j++)
{
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
}
}
else
{
for (j = 1; j < KC/2; j++)
{
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
}
tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
for (j = KC/2 + 1; j < KC; j++)
{
*((u32*)tk[j]) ^= *((u32*)tk[j-1]);
}
}
/* Copy values into round key array. */
for (j = 0; (j < KC) && (r < ROUNDS + 1); )
{
for (; (j < KC) && (t < 4); j++, t++)
{
*((u32*)W[r][t]) = *((u32*)tk[j]);
}
if (t == 4)
{
r++;
t = 0;
}
}
}
#undef W
}
return 0;
#undef tk
#undef k
}
static gcry_err_code_t
rijndael_setkey (void *context, const byte *key, const unsigned keylen)
{
RIJNDAEL_context *ctx = context;
int rc = do_setkey (ctx, key, keylen);
_gcry_burn_stack ( 100 + 16*sizeof(int));
return rc;
}
/* Make a decryption key from an encryption key. */
static void
prepare_decryption( RIJNDAEL_context *ctx )
{
int r;
union
{
PROPERLY_ALIGNED_TYPE dummy;
byte *w;
} w;
#define w w.w
for (r=0; r < MAXROUNDS+1; r++ )
{
*((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
*((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
*((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
*((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
}
#define W (ctx->keySched2)
for (r = 1; r < ctx->ROUNDS; r++)
{
w = W[r][0];
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
w = W[r][1];
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
w = W[r][2];
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
w = W[r][3];
*((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
}
#undef W
#undef w
}
/* Encrypt one block. A and B need to be aligned on a 4 byte
boundary. A and B may be the same. */
static void
do_encrypt_aligned (const RIJNDAEL_context *ctx,
unsigned char *b, const unsigned char *a)
{
#define rk (ctx->keySched)
int ROUNDS = ctx->ROUNDS;
int r;
union
{
u32 tempu32[4]; /* Force correct alignment. */
byte temp[4][4];
} u;
*((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[0][0]);
*((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]);
*((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]);
*((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]);
*((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
^ *((u32*)T2[u.temp[1][1]])
^ *((u32*)T3[u.temp[2][2]])
^ *((u32*)T4[u.temp[3][3]]));
*((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
^ *((u32*)T2[u.temp[2][1]])
^ *((u32*)T3[u.temp[3][2]])
^ *((u32*)T4[u.temp[0][3]]));
*((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
^ *((u32*)T2[u.temp[3][1]])
^ *((u32*)T3[u.temp[0][2]])
^ *((u32*)T4[u.temp[1][3]]));
*((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
^ *((u32*)T2[u.temp[0][1]])
^ *((u32*)T3[u.temp[1][2]])
^ *((u32*)T4[u.temp[2][3]]));
for (r = 1; r < ROUNDS-1; r++)
{
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
*((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
^ *((u32*)T2[u.temp[1][1]])
^ *((u32*)T3[u.temp[2][2]])
^ *((u32*)T4[u.temp[3][3]]));
*((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
^ *((u32*)T2[u.temp[2][1]])
^ *((u32*)T3[u.temp[3][2]])
^ *((u32*)T4[u.temp[0][3]]));
*((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
^ *((u32*)T2[u.temp[3][1]])
^ *((u32*)T3[u.temp[0][2]])
^ *((u32*)T4[u.temp[1][3]]));
*((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
^ *((u32*)T2[u.temp[0][1]])
^ *((u32*)T3[u.temp[1][2]])
^ *((u32*)T4[u.temp[2][3]]));
}
/* Last round is special. */
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[ROUNDS-1][0]);
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
b[ 0] = T1[u.temp[0][0]][1];
b[ 1] = T1[u.temp[1][1]][1];
b[ 2] = T1[u.temp[2][2]][1];
b[ 3] = T1[u.temp[3][3]][1];
b[ 4] = T1[u.temp[1][0]][1];
b[ 5] = T1[u.temp[2][1]][1];
b[ 6] = T1[u.temp[3][2]][1];
b[ 7] = T1[u.temp[0][3]][1];
b[ 8] = T1[u.temp[2][0]][1];
b[ 9] = T1[u.temp[3][1]][1];
b[10] = T1[u.temp[0][2]][1];
b[11] = T1[u.temp[1][3]][1];
b[12] = T1[u.temp[3][0]][1];
b[13] = T1[u.temp[0][1]][1];
b[14] = T1[u.temp[1][2]][1];
b[15] = T1[u.temp[2][3]][1];
*((u32*)(b )) ^= *((u32*)rk[ROUNDS][0]);
*((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
*((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
*((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]);
#undef rk
}
static void
do_encrypt (const RIJNDAEL_context *ctx,
unsigned char *bx, const unsigned char *ax)
{
/* BX and AX are not necessary correctly aligned. Thus we need to
copy them here. */
union
{
u32 dummy[4];
byte a[16];
} a;
union
{
u32 dummy[4];
byte b[16];
} b;
memcpy (a.a, ax, 16);
do_encrypt_aligned (ctx, b.b, a.a);
memcpy (bx, b.b, 16);
}
/* Encrypt or decrypt one block using the padlock engine. A and B may
be the same. */
#ifdef USE_PADLOCK
static void
do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag,
unsigned char *bx, const unsigned char *ax)
{
/* BX and AX are not necessary correctly aligned. Thus we need to
copy them here. */
unsigned char a[16] __attribute__ ((aligned (16)));
unsigned char b[16] __attribute__ ((aligned (16)));
unsigned int cword[4] __attribute__ ((aligned (16)));
/* The control word fields are:
127:12 11:10 9 8 7 6 5 4 3:0
RESERVED KSIZE CRYPT INTER KEYGN CIPHR ALIGN DGEST ROUND */
cword[0] = (ctx->ROUNDS & 15); /* (The mask is just a safeguard.) */
cword[1] = 0;
cword[2] = 0;
cword[3] = 0;
if (decrypt_flag)
cword[0] |= 0x00000200;
memcpy (a, ax, 16);
asm volatile
("pushfl\n\t" /* Force key reload. */
"popfl\n\t"
"xchg %3, %%ebx\n\t" /* Load key. */
"movl $1, %%ecx\n\t" /* Init counter for just one block. */
".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t" /* REP XSTORE ECB. */
"xchg %3, %%ebx\n" /* Restore GOT register. */
: /* No output */
: "S" (a), "D" (b), "d" (cword), "r" (ctx->padlock_key)
: "%ecx", "cc", "memory"
);
memcpy (bx, b, 16);
}
#endif /*USE_PADLOCK*/
static void
rijndael_encrypt (void *context, byte *b, const byte *a)
{
RIJNDAEL_context *ctx = context;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
{
do_padlock (ctx, 0, b, a);
_gcry_burn_stack (48 + 15 /* possible padding for alignment */);
}
else
#endif /*USE_PADLOCK*/
{
do_encrypt (ctx, b, a);
_gcry_burn_stack (48 + 2*sizeof(int));
}
}
/* Bulk encryption of complete blocks in CFB mode. Caller needs to
make sure that IV is aligned on an unsigned long boundary. This
function is only intended for the bulk encryption feature of
cipher.c. */
void
_gcry_aes_cfb_enc (void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks)
{
RIJNDAEL_context *ctx = context;
unsigned char *outbuf = outbuf_arg;
const unsigned char *inbuf = inbuf_arg;
unsigned char *ivp;
int i;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
{
/* Fixme: Let Padlock do the CFBing. */
for ( ;nblocks; nblocks-- )
{
/* Encrypt the IV. */
do_padlock (ctx, 0, iv, iv);
/* XOR the input with the IV and store input into IV. */
for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
*outbuf++ = (*ivp++ ^= *inbuf++);
}
}
else
#endif /* USE_PADLOCK*/
{
for ( ;nblocks; nblocks-- )
{
/* Encrypt the IV. */
do_encrypt_aligned (ctx, iv, iv);
/* XOR the input with the IV and store input into IV. */
for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
*outbuf++ = (*ivp++ ^= *inbuf++);
}
}
_gcry_burn_stack (48 + 2*sizeof(int));
}
/* Bulk encryption of complete blocks in CBC mode. Caller needs to
make sure that IV is aligned on an unsigned long boundary. This
function is only intended for the bulk encryption feature of
cipher.c. */
void
_gcry_aes_cbc_enc (void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks, int cbc_mac)
{
RIJNDAEL_context *ctx = context;
unsigned char *outbuf = outbuf_arg;
const unsigned char *inbuf = inbuf_arg;
unsigned char *ivp;
int i;
for ( ;nblocks; nblocks-- )
{
for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
outbuf[i] = inbuf[i] ^ *ivp++;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
do_padlock (ctx, 0, outbuf, outbuf);
else
#endif /*USE_PADLOCK*/
do_encrypt (ctx, outbuf, outbuf );
memcpy (iv, outbuf, BLOCKSIZE);
inbuf += BLOCKSIZE;
if (!cbc_mac)
outbuf += BLOCKSIZE;
}
_gcry_burn_stack (48 + 2*sizeof(int));
}
/* Decrypt one block. A and B need to be aligned on a 4 byte boundary
and the decryption must have been prepared. A and B may be the
same. */
static void
do_decrypt_aligned (RIJNDAEL_context *ctx,
unsigned char *b, const unsigned char *a)
{
#define rk (ctx->keySched2)
int ROUNDS = ctx->ROUNDS;
int r;
union
{
u32 tempu32[4]; /* Force correct alignment. */
byte temp[4][4];
} u;
*((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[ROUNDS][0]);
*((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
*((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
*((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]);
*((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
^ *((u32*)T6[u.temp[3][1]])
^ *((u32*)T7[u.temp[2][2]])
^ *((u32*)T8[u.temp[1][3]]));
*((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
^ *((u32*)T6[u.temp[0][1]])
^ *((u32*)T7[u.temp[3][2]])
^ *((u32*)T8[u.temp[2][3]]));
*((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
^ *((u32*)T6[u.temp[1][1]])
^ *((u32*)T7[u.temp[0][2]])
^ *((u32*)T8[u.temp[3][3]]));
*((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
^ *((u32*)T6[u.temp[2][1]])
^ *((u32*)T7[u.temp[1][2]])
^ *((u32*)T8[u.temp[0][3]]));
for (r = ROUNDS-1; r > 1; r--)
{
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
*((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
^ *((u32*)T6[u.temp[3][1]])
^ *((u32*)T7[u.temp[2][2]])
^ *((u32*)T8[u.temp[1][3]]));
*((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
^ *((u32*)T6[u.temp[0][1]])
^ *((u32*)T7[u.temp[3][2]])
^ *((u32*)T8[u.temp[2][3]]));
*((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
^ *((u32*)T6[u.temp[1][1]])
^ *((u32*)T7[u.temp[0][2]])
^ *((u32*)T8[u.temp[3][3]]));
*((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
^ *((u32*)T6[u.temp[2][1]])
^ *((u32*)T7[u.temp[1][2]])
^ *((u32*)T8[u.temp[0][3]]));
}
/* Last round is special. */
*((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[1][0]);
*((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]);
*((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]);
*((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]);
b[ 0] = S5[u.temp[0][0]];
b[ 1] = S5[u.temp[3][1]];
b[ 2] = S5[u.temp[2][2]];
b[ 3] = S5[u.temp[1][3]];
b[ 4] = S5[u.temp[1][0]];
b[ 5] = S5[u.temp[0][1]];
b[ 6] = S5[u.temp[3][2]];
b[ 7] = S5[u.temp[2][3]];
b[ 8] = S5[u.temp[2][0]];
b[ 9] = S5[u.temp[1][1]];
b[10] = S5[u.temp[0][2]];
b[11] = S5[u.temp[3][3]];
b[12] = S5[u.temp[3][0]];
b[13] = S5[u.temp[2][1]];
b[14] = S5[u.temp[1][2]];
b[15] = S5[u.temp[0][3]];
*((u32*)(b )) ^= *((u32*)rk[0][0]);
*((u32*)(b+ 4)) ^= *((u32*)rk[0][1]);
*((u32*)(b+ 8)) ^= *((u32*)rk[0][2]);
*((u32*)(b+12)) ^= *((u32*)rk[0][3]);
#undef rk
}
/* Decrypt one block. AX and BX may be the same. */
static void
do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
{
/* BX and AX are not necessary correctly aligned. Thus we need to
copy them here. */
union
{
u32 dummy[4];
byte a[16];
} a;
union
{
u32 dummy[4];
byte b[16];
} b;
if ( !ctx->decryption_prepared )
{
prepare_decryption ( ctx );
_gcry_burn_stack (64);
ctx->decryption_prepared = 1;
}
memcpy (a.a, ax, 16);
do_decrypt_aligned (ctx, b.b, a.a);
memcpy (bx, b.b, 16);
#undef rk
}
static void
rijndael_decrypt (void *context, byte *b, const byte *a)
{
RIJNDAEL_context *ctx = context;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
{
do_padlock (ctx, 1, b, a);
_gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */);
}
else
#endif /*USE_PADLOCK*/
{
do_decrypt (ctx, b, a);
_gcry_burn_stack (48+2*sizeof(int));
}
}
/* Bulk decryption of complete blocks in CFB mode. Caller needs to
make sure that IV is aligned on an unisgned lonhg boundary. This
function is only intended for the bulk encryption feature of
cipher.c. */
void
_gcry_aes_cfb_dec (void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks)
{
RIJNDAEL_context *ctx = context;
unsigned char *outbuf = outbuf_arg;
const unsigned char *inbuf = inbuf_arg;
unsigned char *ivp;
unsigned char temp;
int i;
#ifdef USE_PADLOCK
if (ctx->use_padlock)
{
/* Fixme: Let Padlock do the CFBing. */
for ( ;nblocks; nblocks-- )
{
do_padlock (ctx, 0, iv, iv);
for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
{
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
}
}
else
#endif /*USE_PADLOCK*/
{
for ( ;nblocks; nblocks-- )
{
do_encrypt_aligned (ctx, iv, iv);
for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
{
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
}
}
_gcry_burn_stack (48 + 2*sizeof(int));
}
/* Bulk decryption of complete blocks in CBC mode. Caller needs to
make sure that IV is aligned on an unsigned long boundary. This
function is only intended for the bulk encryption feature of
cipher.c. */
void
_gcry_aes_cbc_dec (void *context, unsigned char *iv,
void *outbuf_arg, const void *inbuf_arg,
unsigned int nblocks)
{
RIJNDAEL_context *ctx = context;
unsigned char *outbuf = outbuf_arg;
const unsigned char *inbuf = inbuf_arg;
unsigned char *ivp;
int i;
unsigned char savebuf[BLOCKSIZE];
for ( ;nblocks; nblocks-- )
{
/* We need to save INBUF away because it may be identical to
OUTBUF. */
memcpy (savebuf, inbuf, BLOCKSIZE);
#ifdef USE_PADLOCK
if (ctx->use_padlock)
do_padlock (ctx, 1, outbuf, inbuf);
else
#endif /*USE_PADLOCK*/
do_decrypt (ctx, outbuf, inbuf);
for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
outbuf[i] ^= *ivp++;
memcpy (iv, savebuf, BLOCKSIZE);
inbuf += BLOCKSIZE;
outbuf += BLOCKSIZE;
}
_gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*));
}
/* Run the self-tests for AES 128. Returns NULL on success. */
static const char*
selftest_basic_128 (void)
{
RIJNDAEL_context ctx;
unsigned char scratch[16];
/* The test vectors are from the AES supplied ones; more or less
randomly taken from ecb_tbl.txt (I=42,81,14) */
static const unsigned char plaintext_128[16] =
{
0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
};
static const unsigned char key_128[16] =
{
0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
};
static const unsigned char ciphertext_128[16] =
{
0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
};
rijndael_setkey (&ctx, key_128, sizeof (key_128));
rijndael_encrypt (&ctx, scratch, plaintext_128);
if (memcmp (scratch, ciphertext_128, sizeof (ciphertext_128)))
return "AES-128 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_128, sizeof (plaintext_128)))
return "AES-128 test decryption failed.";
return NULL;
}
/* Run the self-tests for AES 192. Returns NULL on success. */
static const char*
selftest_basic_192 (void)
{
RIJNDAEL_context ctx;
unsigned char scratch[16];
static unsigned char plaintext_192[16] =
{
0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
};
static unsigned char key_192[24] =
{
0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
};
static const unsigned char ciphertext_192[16] =
{
0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
};
rijndael_setkey (&ctx, key_192, sizeof(key_192));
rijndael_encrypt (&ctx, scratch, plaintext_192);
if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
return "AES-192 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
return "AES-192 test decryption failed.";
return NULL;
}
/* Run the self-tests for AES 256. Returns NULL on success. */
static const char*
selftest_basic_256 (void)
{
RIJNDAEL_context ctx;
unsigned char scratch[16];
static unsigned char plaintext_256[16] =
{
0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
};
static unsigned char key_256[32] =
{
0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
};
static const unsigned char ciphertext_256[16] =
{
0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
};
rijndael_setkey (&ctx, key_256, sizeof(key_256));
rijndael_encrypt (&ctx, scratch, plaintext_256);
if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
return "AES-256 test encryption failed.";
rijndael_decrypt (&ctx, scratch, scratch);
if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
return "AES-256 test decryption failed.";
return NULL;
}
/* Run all the self-tests and return NULL on success. This function
is used for the on-the-fly self-tests. */
static const char *
selftest (void)
{
const char *r;
if ( (r = selftest_basic_128 ())
|| (r = selftest_basic_192 ())
|| (r = selftest_basic_256 ()) )
return r;
return r;
}
/* SP800-38a.pdf for AES-128. */
static const char *
selftest_fips_128_38a (int requested_mode)
{
struct tv
{
int mode;
const unsigned char key[16];
const unsigned char iv[16];
struct
{
const unsigned char input[16];
const unsigned char output[16];
} data[4];
} tv[2] =
{
{
GCRY_CIPHER_MODE_CFB, /* F.3.13, CFB128-AES128 */
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
{
{ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
{ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
{ { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
{ 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b } },
{ { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
{ 0x26, 0x75, 0x1f, 0x67, 0xa3, 0xcb, 0xb1, 0x40,
0xb1, 0x80, 0x8c, 0xf1, 0x87, 0xa4, 0xf4, 0xdf } },
{ { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
{ 0xc0, 0x4b, 0x05, 0x35, 0x7c, 0x5d, 0x1c, 0x0e,
0xea, 0xc4, 0xc6, 0x6f, 0x9f, 0xf7, 0xf2, 0xe6 } }
}
},
{
GCRY_CIPHER_MODE_OFB,
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
{
{ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
{ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
{ { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
{ 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25 } },
{ { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
{ 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc } },
{ { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
{ 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e } },
}
}
};
unsigned char scratch[16];
gpg_error_t err;
int tvi, idx;
gcry_cipher_hd_t hdenc = NULL;
gcry_cipher_hd_t hddec = NULL;
#define Fail(a) do { \
_gcry_cipher_close (hdenc); \
_gcry_cipher_close (hddec); \
return a; \
} while (0)
gcry_assert (sizeof tv[0].data[0].input == sizeof scratch);
gcry_assert (sizeof tv[0].data[0].output == sizeof scratch);
for (tvi=0; tvi < DIM (tv); tvi++)
if (tv[tvi].mode == requested_mode)
break;
if (tvi == DIM (tv))
Fail ("no test data for this mode");
err = _gcry_cipher_open (&hdenc, GCRY_CIPHER_AES, tv[tvi].mode, 0);
if (err)
Fail ("open");
err = _gcry_cipher_open (&hddec, GCRY_CIPHER_AES, tv[tvi].mode, 0);
if (err)
Fail ("open");
err = _gcry_cipher_setkey (hdenc, tv[tvi].key, sizeof tv[tvi].key);
if (!err)
err = _gcry_cipher_setkey (hddec, tv[tvi].key, sizeof tv[tvi].key);
if (err)
Fail ("set key");
err = _gcry_cipher_setiv (hdenc, tv[tvi].iv, sizeof tv[tvi].iv);
if (!err)
err = _gcry_cipher_setiv (hddec, tv[tvi].iv, sizeof tv[tvi].iv);
if (err)
Fail ("set IV");
for (idx=0; idx < DIM (tv[tvi].data); idx++)
{
err = _gcry_cipher_encrypt (hdenc, scratch, sizeof scratch,
tv[tvi].data[idx].input,
sizeof tv[tvi].data[idx].input);
if (err)
Fail ("encrypt command");
if (memcmp (scratch, tv[tvi].data[idx].output, sizeof scratch))
Fail ("encrypt mismatch");
err = _gcry_cipher_decrypt (hddec, scratch, sizeof scratch,
tv[tvi].data[idx].output,
sizeof tv[tvi].data[idx].output);
if (err)
Fail ("decrypt command");
if (memcmp (scratch, tv[tvi].data[idx].input, sizeof scratch))
Fail ("decrypt mismatch");
}
#undef Fail
_gcry_cipher_close (hdenc);
_gcry_cipher_close (hddec);
return NULL;
}
/* Complete selftest for AES-128 with all modes and driver code. */
static gpg_err_code_t
selftest_fips_128 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "low-level";
errtxt = selftest_basic_128 ();
if (errtxt)
goto failed;
if (extended)
{
what = "cfb";
errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_CFB);
if (errtxt)
goto failed;
what = "ofb";
errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_OFB);
if (errtxt)
goto failed;
}
return 0; /* Succeeded. */
failed:
if (report)
report ("cipher", GCRY_CIPHER_AES128, what, errtxt);
return GPG_ERR_SELFTEST_FAILED;
}
/* Complete selftest for AES-192. */
static gpg_err_code_t
selftest_fips_192 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
(void)extended; /* No extended tests available. */
what = "low-level";
errtxt = selftest_basic_192 ();
if (errtxt)
goto failed;
return 0; /* Succeeded. */
failed:
if (report)
report ("cipher", GCRY_CIPHER_AES192, what, errtxt);
return GPG_ERR_SELFTEST_FAILED;
}
/* Complete selftest for AES-256. */
static gpg_err_code_t
selftest_fips_256 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
(void)extended; /* No extended tests available. */
what = "low-level";
errtxt = selftest_basic_256 ();
if (errtxt)
goto failed;
return 0; /* Succeeded. */
failed:
if (report)
report ("cipher", GCRY_CIPHER_AES256, what, errtxt);
return GPG_ERR_SELFTEST_FAILED;
}
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_CIPHER_AES128:
ec = selftest_fips_128 (extended, report);
break;
case GCRY_CIPHER_AES192:
ec = selftest_fips_192 (extended, report);
break;
case GCRY_CIPHER_AES256:
ec = selftest_fips_256 (extended, report);
break;
default:
ec = GPG_ERR_CIPHER_ALGO;
break;
}
return ec;
}
static const char *rijndael_names[] =
{
"RIJNDAEL",
"AES128",
"AES-128",
NULL
};
static gcry_cipher_oid_spec_t rijndael_oids[] =
{
{ "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
{ "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
{ "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
{ "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
{ NULL }
};
gcry_cipher_spec_t _gcry_cipher_spec_aes =
{
"AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
};
cipher_extra_spec_t _gcry_cipher_extraspec_aes =
{
run_selftests
};
static const char *rijndael192_names[] =
{
"RIJNDAEL192",
"AES-192",
NULL
};
static gcry_cipher_oid_spec_t rijndael192_oids[] =
{
{ "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
{ "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
{ "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
{ "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
{ NULL }
};
gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
{
"AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
};
cipher_extra_spec_t _gcry_cipher_extraspec_aes192 =
{
run_selftests
};
static const char *rijndael256_names[] =
{
"RIJNDAEL256",
"AES-256",
NULL
};
static gcry_cipher_oid_spec_t rijndael256_oids[] =
{
{ "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
{ "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
{ "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
{ "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
{ NULL }
};
gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
{
"AES256", rijndael256_names, rijndael256_oids, 16, 256,
sizeof (RIJNDAEL_context),
rijndael_setkey, rijndael_encrypt, rijndael_decrypt
};
cipher_extra_spec_t _gcry_cipher_extraspec_aes256 =
{
run_selftests
};
diff --git a/src/ChangeLog b/src/ChangeLog
index 8c0ef73b..eb804a2c 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,2241 +1,2245 @@
+2011-02-11 Werner Koch <wk@g10code.com>
+
+ * g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI.
+
2011-02-01 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_pk_get_curve, gcry_pk_get_param): New.
* libgcrypt.vers (gcry_pk_get_curve, gcry_pk_get_param): Add.
* libgcrypt.def (gcry_pk_get_curve, gcry_pk_get_param): Add.
* visibility.c (gcry_pk_get_curve, gcry_pk_get_param): New.
* cipher-proto.h (pk_extra_spec): Add fields GET_CURVE and
GET_CURVE_PARM.
2011-01-31 Werner Koch <wk@g10code.com>
* sexp.c (vsexp_sscan): Allow opaque MPIs in "%m".
2010-08-27 Werner Koch <wk@g10code.com>
* g10lib.h (HWF_INTEL_AES): New.
* global.c (print_config): Print new flag.
* hwfeatures.c (detect_ia32_gnuc): Detect this flag.
2010-08-16 Werner Koch <wk@g10code.com>
* gcrypt.h.in [!WIN32]: Add INSERT_SYS_SELECT_H autoconf substitute.
2010-07-09 Werner Koch <wk@g10code.com>
* gcrypt.h.in [!__GNUC__ && W32]: Typedef ssize_t and pid_t to
help building with MSVC.
2010-06-24 Werner Koch <wk@g10code.com>
* gcrypt.h.in [W32]: Include time.h and not sys/time.h.
2010-04-19 Marcus Brinkmann <marcus@g10code.de>
* misc.c (write2stderr): Dummy variable to silence gcc warning.
2010-04-16 Marcus Brinkmann <marcus@g10code.de>
* sexp.c: (sexp_sscan): Make it variable length, and rename the
old version to ...
(vsexp_sscan): ... this new function. Also swap last two arguments.
(gcry_sexp_create): Remove dummy va_list.
(gcry_sexp_build): Use vsexp_sscan instead of sexp_sscan.
(_gcry_sexp_vbuild): Likewise.
(gcry_sexp_build_array): Remove dummy va_list.
(gcry_sexp_sscan): Likewise.
2010-04-12 Brad Hards <bradh@frogmouth.net> (wk)
Spelling fixes.
2010-03-15 Werner Koch <wk@g10code.com>
* gcrypt.h.in: Add autoconf template to set generated file to
read-only in an Emacs buffer.
2010-01-21 Werner Koch <wk@g10code.com>
* Makefile.am (arch_gpg_error_cflags, arch_gpg_error_libs): New.
(dumpsexp_CFLAGS): New.
(dumpsexp_LDADD): Add arch_gpg_error_libs.
(hmac256_CFLAGS, hmac256_LDADD): Add the arch variables.
(libgcrypt_la_DEPENDENCIES): Add libcompat.
* secmem.c (lock_pool): Mark unused args.
* global.c (do_malloc, gcry_realloc, gcry_free, gcry_calloc)
(gcry_calloc_secure, gcry_xcalloc, gcry_xcalloc_secure): Use
gpg_err_set_errno.
(_gcry_vcontrol): Call _gcry_compat_identification.
* hmac256.c [__MINGW32CE__]: Include gpg-error.h.
(_gcry_hmac256_file): Use gpg_err_set_errno.
(gpg_err_set_errno) [!GPG_ERR_INLINE]: Add macro.
* g10lib.h: Include libcompat.h.
2010-01-05 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRY_PK_ECDH): New.
2009-12-08 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRY_CIPHER_MODE_AESWRAP): New.
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (LTRCCOMPILE): Refactor with ...
(RCCOMPILE): ... this new macro. Add $(libgcrypt_la_CPPFLAGS).
(SUFFIXES): Add .lo.
(.rc.o): Change to ...
(.rc.lo): ... this implicit rule.
(gcrypt_res_ldflag): Removed.
(gcrypt_res): Use libtool object file name here.
(libgcrypt_la_LDFLAGS): Remove gcrypt_res_ldflag usage.
(libgcrypt_la_LIBADD): Add gcrypt_res.
2009-11-29 Werner Koch <wk@g10code.com>
* hwfeatures.c (detect_ia32_gnuc): Repalce "=r" by "+r" so that
HAS-CPUDID is always initialized. Thanks to Ben Hutchings for
pointing out this problem.
2009-08-05 Werner Koch <wk@g10code.com>
* ath.h: Include sys/msg.h.
2009-07-02 Werner Koch <wk@g10code.com>
* fips.c (_gcry_initialize_fips_mode): Do not use FIPS mode if
/proc/.../fips_enabled has insufficient permissions.
* dumpsexp.c (main): Fix handling multiple files.
(parse_and_print): Implement hex and octal escaping.
* sexp.c (unquote_string): Remove superfluous clearing of ESC.
* dumpsexp.c (parse_and_print): Add missing break.
(main): Fix return value.
Reported by Fabian Keil.
2009-02-16 Werner Koch <wk@g10code.com>
* ath.h [HAVE_SYS_SELECT_H]: Include <sys/select.h> for fd_set.
[!HAVE_SYS_SELECT_H]: Include <sys/time.h>. Move inclusion of
config.h to the top. The actual configure check was already
there.
* sexp.c: Remove memory.h.
* mpi.h: Remove memory.h. Add string.h.
2009-02-02 Werner Koch <wk@g10code.com>
* ath.h: Include sys/time.h. Fixes bug#993.
2009-01-22 Werner Koch <wk@g10code.com>
* fips.c (_gcry_initialize_fips_mode): Remove superfluous const
from static string. Reported by Albert Chin.
* hmac256.c (selftest): Ditto and change to unsigned char.
2008-12-10 Werner Koch <wk@g10code.com>
* hmac256.c (finalize): Fix for big endian hosts.
2008-12-05 Werner Koch <wk@g10code.com>
* global.c (gcry_free): Save and restore ERRNO if set.
2008-11-24 Werner Koch <wk@g10code.com>
* sexp.c (get_internal_buffer): New.
(sexp_sscan): Add format character S.
* cipher-proto.h (pk_ext_generate_t): Add field EXTRAINFO changed
all implementors.
* cipher-proto.h (pk_ext_generate_t): Simplify.
(pk_get_param): New.
(pk_extra_spec_t): Add field GET_PARAM.
* cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): Remove.
(_gcry_pubkey_extraspec_elg): New.
2008-11-05 Werner Koch <wk@g10code.com>
* cipher.h (CIPHER_INFO_NO_WEAK_KEY): New.
* cipher-proto.h (cipher_set_extra_info_t): New.
(cipher_extra_spec): Add field SET_EXTRA_INFO.
2008-10-30 Werner Koch <wk@g10code.com>
* g10lib.h (GCC_ATTR_FORMAT_ARG): New.
(_gcry_gettext): Use it.
2008-10-24 Werner Koch <wk@g10code.com>
* global.c (inactive_fips_mode): Move to fips.c.
(gcry_set_allocation_handler): Factor code out to ...
* fips.c (_gcry_inactivate_fips_mode): New.
(_gcry_is_fips_mode_inactive): New.
2008-09-29 Werner Koch <wk@g10code.com>
* gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST):
New.
* module.c (MODULE_ID_USER, MODULE_ID_USER_LAST): Define using new
macros.
2008-09-20 Werner Koch <wk@g10code.com>
* hmac256.c (finalize) [WORDS_BIGENDIAN]: Fix sigbus problem.
2008-09-18 Werner Koch <wk@g10code.com>
* cipher-proto.h (pk_ext_generate_t): Add args QBITS, NAME, DOMAIN.
* fips.c (fips_new_state): Allow Error => Error transition.
2008-09-18 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_fips_mode_active): New.
* secmem.c (_gcry_secmem_init): Factor most code out to ..
(secmem_init): .. new.
(DEFAULT_POOL_SIZE): Rename to MINIMUM_POOL_SIZE.
(STANDARD_POOL_SIZE): New.
(_gcry_secmem_malloc_internal): Don't abort if the pool is not
initialized but try to out intialize it first and only then print
an error message and return NULL. If the pool is not locked while
in FIPS mode, return NULL.
* fips.c (FIPS_FORCE_FILE): New constant. Change the file name to
"/etc/gcrypt/fips_enabled".
(enforced_fips_mode): New.
(_gcry_initialize_fips_mode): Set that flag.
(_gcry_enforced_fips_mode): New.
* global.c (inactive_fips_mode): New.
(_gcry_vcontrol): Take that flag in account for GCRYCTL_FIPS_MODE_P.
(gcry_set_allocation_handler): Take care of the enforced fips mdoe
flag.
(get_no_secure_memory): New.
(do_malloc, gcry_is_secure): Use it.
2008-09-16 Werner Koch <wk@g10code.com>
* global.c (print_config): Use y/n for fips mode.
* fips.c (fips_new_state): Allow transition to Error and
Fatal-error from Init.
2008-09-15 Werner Koch <wk@g10code.com>
* fips.c [HAVE_SYSLOG]: Include syslog.h.
(_gcry_initialize_fips_mode, lock_fsm, unlock_fsm)
(_gcry_fips_signal_error, fips_new_state)
(_gcry_fips_noreturn) [HAVE_SYSLOG]: Also log via syslog.
(check_binary_integrity) [HAVE_SYSLOG]: Log failure.
* global.h [HAVE_SYSLOG]: Include syslog.h.
(_gcry_global_is_operational) [HAVE_SYSLOG]: Print warning.
* global.c (_gcry_vcontrol): Use GCRYCTL_INITIALIZATION_FINISHED
to run power-up tests. Add unpublished control commands 58-60.
* global.c (_gcry_global_is_operational): New.
* g10lib.h (fips_is_operational): Change to call this function.
2008-09-12 Werner Koch <wk@g10code.com>
* fips.c (_gcry_fips_run_selftests): Add arg EXTENDED.
(run_cipher_selftests, run_digest_selftests, run_hmac_selftests)
(run_pubkey_selftests): Ditto.
* cipher-proto.h (selftest_func_t): Add arg EXTENDED
2008-09-11 Werner Koch <wk@g10code.com>
* fips.c: Include string.h.
(loxtoi_1, loxtoi_2, loxdigit_p): New.
(check_binary_integrity): Change the format of the expected file.
* fips.c (_gcry_fips_run_selftests): Run random tests before the
pubkey tests.
2008-09-05 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCYRCTL_SELFTEST): New.
* global.c (_gcry_vcontrol): Implement.
* fips.c (_gcry_fips_run_selftests): Do state transitions only if
in fips mode. Return an error code.
2008-09-01 Werner Koch <wk@g10code.com>
* stdmem.c: Re-indented.
2008-08-29 Werner Koch <wk@g10code.com>
* fips.c (_gcry_initialize_fips_mode): Changed /proc file to test
for FIPS mode.
* cipher-proto.h (pk_compute_keygrip_t): New.
(pk_extra_spec): Add field comp_keygrip.
2008-08-28 Werner Koch <wk@g10code.com>
* hwfeatures.c (_gcry_detect_hw_features): Disable hardware
detection in FIPS mode.
2008-08-27 Werner Koch <wk@g10code.com>
* global.c (_gcry_vcontrol): Allow running selftests from error
state.
(gcry_set_outofcore_handler): Only print a warning if used in FIPS
mode.
(gcry_xmalloc, gcry_xrealloc, gcry_xmalloc_secure, gcry_xstrdup):
Ignore an outofcore handler in FIPS mode.
* fips.c (_gcry_fips_test_error_or_operational): New.
(fips_new_state): Allow transition from error into selftest.
Disallow error to init.
2008-08-26 Werner Koch <wk@g10code.com>
* fips.c (fips_new_state): Print state transitions only at
verbosity level of 2.
(reporter): Likewise.
* cipher-proto.h (pk_ext_generate_t): New.
(pk_extra_spec): Add member ext_generate.
* cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
2008-08-22 Werner Koch <wk@g10code.com>
* hmac256.c (_gcry_hmac256_file): New.
(main): New option --binary.
* fips.c (check_binary_integrity): New.
(_gcry_fips_run_selftests): Run it.
* global.c (_gcry_vcontrol) <GCRYCTL_UPDATE_RANDOM_SEED_FILE>:
Check for fips operational state.
(_gcry_vcontrol) <GCRYCTL_FAST_POLL>: Ditt.
2008-08-21 Werner Koch <wk@g10code.com>
* misc.c (_gcry_log_printhex): New.
2008-08-20 Werner Koch <wk@g10code.com>
* g10lib.h (gcry_assert): New. use this at almost all places
where we used a plain assert.
* misc.c (_gcry_assert_failed): New.
(_gcry_bug): Also use func variant for ISO-C99.
2008-08-19 Werner Koch <wk@g10code.com>
* visibility.c, visibility.h (gcry_mpi_lshift): New.
* libgcrypt.vers, libgcrypt.def, gcrypt.h.in: Ditto.
2008-08-15 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_cipher_setkey): Replace macro by function.
(gcry_cipher_setiv): Ditto.
(gcry_cipher_setctr): Ditto.
* visibility.c (gcry_cipher_setkey, gcry_cipher_setiv)
(gcry_cipher_setctr): New.
* visibility.h (gcry_cipher_setkey, gcry_cipher_setiv)
(gcry_cipher_setctr): New.
* libgcrypt.vers (gcry_cipher_setkey, gcry_cipher_setiv)
(gcry_cipher_setctr): New.
* libgcrypt.def (gcry_cipher_setkey, gcry_cipher_setiv)
(gcry_cipher_setctr): New.
* hmac256.h, hmac256.c: New.
* Makefile.am (hmac256_SOURCES): New.
* Makefile.am (bin_PROGRAMS): Add hmac256.
* gcrypt.h.in (struct gcry_thread_cbs): Change type of OPTION to
unsigned int. Although this is a type change it does not make a
difference.
* ath.c (ath_install): Take the version of the option field in
account.
* visibility.c (gcry_pk_encrypt, gcry_pk_decrypt, gcry_pk_sign)
(gcry_pk_verify, gcry_pk_testkey, gcry_pk_genkey)
(gcry_pk_get_nbits, gcry_pk_get_keygrip)
(gcry_md_open, gcry_md_copy, gcry_md_enable)
(gcry_md_write, md_final, gcry_md_ctl, gcry_md_setkey)
(gcry_md_hash_buffer, gcry_md_get_algo, gcry_md_info)
(gcry_md_is_enabled)
(gcry_cipher_open, gcry_cipher_encrypt)
(gcry_cipher_decrypt, gcry_cipher_ctl)
(gcry_cipher_algo_info): Check whether the library is operational.
* cipher-proto.h: New.
* cipher.h: Include cipher-proto.h.
* visibility.h: Remove duplicate macro definitions. Remove
gcry_cipher_register, gcry_md_register, gcry_pk_register macros.
* visibility.c: Include cipher-proto.h.
(gcry_cipher_register): Pass dummy extra args to the internal
register function.
(gcry_md_register, gcry_pk_register): Ditto.
* g10lib.h (struct gcry_module): Add field EXTRASPEC.
* module.c (_gcry_module_add): Add arg EXTRASPEC. Changed all
callers to pass NULL.
* fips.c: New.
* gcrypt.h.in (GCRYCTL_FIPS_MODE_P): New.
* global.c (global_init): Call fips initialization.
(_gcry_vcontrol): Add GCRYCTL_FIPS_MODE_P code.
(print_config): Add config item fips-mode.
(gcry_set_allocation_handler): Do not allow the use of custom
allocation handlers.
(gcry_set_outofcore_handler): Ditto.
(_gcry_get_debug_flag): Do not return any debug flags in fips mode.
* misc.c (_gcry_logv): Signal fips error on BUG or FATAL.
(_gcry_fatal_error): Ditto.
2008-07-05 Werner Koch <wk@g10code.com>
* Makefile.am: Include librandom.la.
2008-04-18 Werner Koch <wk@g10code.com>
* missing-string.c (vasprintf): Remove. It is not used. Reported
by Simon Josefsson.
2008-03-11 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_ac_em_t, gcry_ac_scheme_t): Remove trailing
comma for full C-89 compatibility.
2008-01-21 Marcus Brinkmann <marcus@g10code.de>
* hwfeatures.c (detect_ia32_gnuc): Fix inline asm.
2007-12-11 Werner Koch <wk@g10code.com>
* visibility.c (gcry_md_hash_buffer): Don't use return vor a void
function. Hey, why does gcc not complain about this?
(gcry_ac_io_init_va): Ditto.
2007-12-05 Werner Koch <wk@g10code.com>
* hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT.
2007-12-03 Werner Koch <wk@g10code.com>
* misc.c (_gcry_logv): Use abort for error levels fatal and bug as
this is more approriate for a library. Terminate the secmem
before doing so.
(_gcry_fatal_error): Terminate secmem before abort.
* secmem.c (_gcry_secmem_malloc_internal): Use log_bug instead of
exit.
2007-11-29 Werner Koch <wk@g10code.com>
* hwfeatures.c (detect_ia32_gnuc): Detect Padlock engine.
2007-11-13 Werner Koch <wk@g10code.com>
* gcrypt.h.in (_GCRY_GCC_ATTR_MALLOC): Fixed gcc version check.
Reported by Gabriele Monti.
2007-10-31 Werner Koch <wk@g10code.com>
* global.c (gcry_control): Factor most code out to ..
(_gcry_vcontrol): .. new.
* sexp.c (_gcry_sexp_vbuild): New.
* mpi.h (_gcry_mpi_set, _gcry_mpi_set_ui, _gcry_mpi_invm): Remove
prototypes as they are already in gcrypt.h.
2007-10-30 Werner Koch <wk@g10code.com>
* sexp.c (gcry_sexp_nth_string): Replace by _gcry_sexp_nth_string.
* visibility.h, visibility.c: New.
* g10lib.h: Include visibility.h instead of gcrypt.h.
* globals.c (_gcry_malloc): Rename to ..
(do_malloc): .. this.
* hwfeatures.c: New.
* global.c (global_init): Detect features.
(print_config): Print them.
2007-08-22 Werner Koch <wk@g10code.com>
* dumpsexp.c: New.
* Makefile.am (bin_PROGRAMS): Install it.
* getrandom.c (print_version): Use new standard license line.
* gcryptrnd.c (print_version): Ditto.
2007-06-06 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRY_THREAD_OPTION_PTH_IMPL): Factror network
related code out so that the prototypes can be adjusted for W32.
(_GCRY_THREAD_OPTION_PTH_IMPL_NET): New.
2007-05-09 Werner Koch <wk@g10code.com>
* libgcrypt.m4: Print found version on success.
2007-05-09 Marcus Brinkmann <marcus@g10code.de>
* gcrypt.h.in (gcry_ac_io_t): Add name for anonymous union, and mark
all members as internal (actually: deprecated).
2007-05-04 Werner Koch <wk@g10code.com>
* Makefile.am (.rc.lo): New to replace gmake specific suffix rule.
2007-05-03 Werner Koch <wk@g10code.com>
* libgcrypt.def (gcry_sexp_nth_string): New.
* Makefile.am (EXTRA_DIST): Add libgcrypt.def.
2007-05-02 Werner Koch <wk@g10code.com>
* global.c (print_config): Print ciphers, digests and pubkeys.
2007-05-02 David Shaw <dshaw@jabberwocky.com>
* cipher.h, gcrypt.h.in: Add Camellia.
2007-04-30 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRYCTL_PRINT_CONFIG): New.
(GCRYCTL_SET_RNDEGD_SOCKET): New.
* global.c (gcry_control): Add GCRYCTL_PRINT_CONFIG and
GCRYCTL_SET_RNDEGD_SOCKET.
(print_config): New.
* misc.c (_gcry_log_info_with_dummy_fp): New.
2007-04-18 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_sexp_nth_string): New.
* sexp.c (gcry_sexp_nth_data): Factored code out to ...
(sexp_nth_data): ... new.
(gcry_sexp_nth_string): New.
(gcry_sexp_nth_mpi): Reimplemented in terms of sexp_ntd_data.
2007-04-16 Werner Koch <wk@g10code.com>
* secmem.c (init_pool): Use sysconf() if available to determine
page size.
2007-03-22 Werner Koch <wk@g10code.com>
* mpi.h (mpi_mod): New.
(mpi_new, mpi_snew): New.
* gcrypt.h.in: Add GCRY_PK_ECDSA.
2007-03-16 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Fixed typo
introduced by me on 2006-10-23.
2007-02-22 Werner Koch <wk@g10code.com>
* gcrypt.h.in (gcry_ac_id_to_name, gcry_ac_name_to_id): Mark as
deprecated.
* libgcrypt.def (gcry_fast_random_poll): Removed - it is a macro.
(gcry_cipher_register, gcry_cipher_unregister): New.
(gcry_md_register, gcry_md_unregister): New.
(gcry_pk_register, gcry_pk_unregister): New.
(gcry_ac_data_from_sexp, gcry_ac_data_to_sexp): New.
(gcry_ac_io_init, gcry_ac_io_init_va): New.
(gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme): New.
(gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): New.
* missing-string.c: Include stdio.h for the vsprintf prototype.
* ath.h (struct ath_ops) [_WIN32]: Use int instead of socklen_t.
2007-02-21 Werner Koch <wk@g10code.com>
* libgcrypt.def (gcry_create_nonce, gcry_fast_random_poll)
(gcry_md_debug): New.
* libgcrypt-config.in: Remove duplicates from --cflags and --libs.
Print a error for option --thread.
* gcrypt.h.in (gcry_sexp_sprint): Change BUFFER from char* to void*.
(gcry_md_ctl): Change BUFFER from unsigned char* to void*.
(gcry_md_debug): New.
(gcry_cipher_encrypt, gcry_cipher_decrypt): Change buffer args to
void*.
(gcry_randomize): Change BUFFER to void.
(gcry_create_nonce): Ditto.
* libgcrypt.vers (gcry_md_debug): New.
* sexp.c (gcry_sexp_sprint): Ditto.
(normalize): Make P unsigned.
(gcry_sexp_nth_data): Cast return value to char*.
(sexp_sscan): Fix sign/unsigned conflicts.
(whitespacep): Change P to char*.
(unquote_string): Change STRING to char*.
(convert_to_hex): Change DEST to char*.
(convert_to_string): Change DEST and P to char*.
(convert_to_token): Chnage DEST to char*.
(gcry_sexp_canon_len): Change DISPHINT to unsigned char*.
* gcrypt-module.h (gcry_pk_spec): Made ALIASES a const.
(gcry_md_write_t): Changed BUF to a const void*.
2007-02-12 Werner Koch <wk@g10code.com>
* gcrypt.h.in: Include stdlib.h for the sake fo the trheading
macros. Suggested by Andreas Metzler.
* secmem.c (ptr_into_pool_p): New.
(_gcry_private_is_secure): Implement in terms of new function.
(BLOCK_VALID): Removed. Replaced all users by new function.
2007-01-31 Werner Koch <wk@g10code.com>
* secmem.c (_gcry_private_is_secure): Fixed severe implementation
flaw. Might be the reason for some of the more obscure bugs.
(MB_WIPE_OUT): Use wipememory2.
2006-10-23 Werner Koch <wk@g10code.com>
* gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Add some cast for
use by C-doubleplus. In general I don't like this but due to
public demand I give up ;-)
2006-10-19 Werner Koch <wk@g10code.com>
* global.c (gcry_control) <GCRYCTL_INIT_SECMEM>: Return an error
if the memory could not be locked.
* secmem.c (not_locked): New.
(_gcry_secmem_get_flags): Return that flag.
* secmem.h (GCRY_SECMEM_FLAG_NOT_LOCKED): New.
2006-10-05 Werner Koch <wk@g10code.com>
* module.c (_gcry_module_id_new): Don't assign modules in the range
the range of 1024..4096.
* gcrypt.h (GCRY_MD_USER, GCRY_MD_USER_LAST): New
(GCRY_PK_USER, GCRY_PK_USER_LAST): New.
(GCRY_CIPHER_USER, GCRY_CIPHER_USER_LAST): New.
2006-10-12 Marcus Brinkmann <marcus@g10code.de>
* gcrypt.h.in: Replace socklen_t with gcry_socklen_t.
2006-10-11 Marcus Brinkmann <marcus@g10code.de>
* gcrypt.h.in: Replace version by @VERSION@.
2006-10-10 Marcus Brinkmann <marcus@g10code.de>
* gcrypt.h: Add fallback type for socklen_t. Move to ...
* gcrypt.h.in: ... this file.
* Makefile.am (EXTRA_DIST): Add gcrypt.h.in.
2006-09-04 Werner Koch <wk@g10code.com>
* gcrypt.h: Removed some trailing comma in enums.
2006-08-29 Werner Koch <wk@g10code.com>
* global.c (gcry_xrealloc): Pass secure flag to outofcore handler.
* gcrypt.h (GCRY_CIPHER_SEED): New.
2006-08-21 Werner Koch <wk@g10code.com>
* gcrypt.h (GCRYCTL_FAKED_RANDOM_P): New.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* secmem.c (init_pool): Close FD after establishing the mapping.
2006-07-12 Marcus Brinkmann <marcus@g10code.de>
* ath.c (ath_mutex_destroy): Microoptimize destruction of unused
statitically initialized mutexes. Suggested by Victor Stinner
<victor.stinner@inl.fr>.
* gcrypt.h (GCRY_THREAD_OPTION_PTHREAD_IMPL,
(GCRY_THREAD_OPTION_PTH_IMPL): Add missing initializers to
suppress gcc warning.
Submitted by Victor Stinner <victor.stinner@inl.fr>.
2006-07-04 Marcus Brinkmann <marcus@g10code.de>
* ath.c: Avoid warning about double defined type byte and other
hacks to let it build for W32 (backported from LIBGCRYPT-1-2-BRANCH).
* ath.h, gcrypt.h, tests/benchmark.c, src/types.h: Likewise.
* gcrypt.h: Revert last change, and instead:
[_WIN32 || __WIN32__]: Do not include <sys/socket.h>, but
<winsock2.h> and <ws2tcpip.h>.
Suggested by Simon Josefsson <jas@extundo.com>.
* Makefile.am (install-data-local, uninstall-local, %.lo,
(install-def-file, uninstall-def-file): New targets.
(LTRCCOMPILE, gcrypt_res, gcrypt_res_ldflag, no_undefined,
(export_symbols, gcrypt_deps): New variables.
* versioninfo.rc.in: New file.
* libgcrypt.def: New file from ../w32-dll/libgcrypt.def.
* gcrypt.h [!HAVE_SYS_SOCKET_H]: Do not include sys/socket.h, but
the appropriate windows socket header.
2006-06-21 Werner Koch <wk@g10code.com>
* global.c (gcry_xcalloc, gcry_xcalloc_secure): Made safe against
integer overflow.
* sexp.c (make_space): Return an error on out of core.
(sexp_sscan): Remove all xmalloc style calls and return proper
error codes on allocation failures.
(gcry_sexp_find_token): Ditto.
(gcry_sexp_nth):
* sexp.c (gcry_sexp_find_token): Re-indented and removed a cruft
"while(level);" which fortunately had no effect.
2006-04-28 Werner Koch <wk@g10code.com>
* gcrypt.h (GCRY_MD_SHA224): Change value from 306 to 11 to match
the use in OpenPGP. There has been no release yet, so we can
safely do it.
2006-04-22 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_ctl_cmds): New commands:
GCRYCTL_SET_RANDOM_DAEMON_SOCKET, GCRYCTL_USE_RANDOM_DAEMON.
* global.c (gcry_control): Handle new commands, calling
_gcry_set_random_daemon_socket() and _gcry_use_random_daemon().
2006-04-18 Werner Koch <wk@g10code.com>
* gcrypt.h (GCRY_PK_USAGE_CERT, GCRY_PK_USAGE_AUTH)
(GCRY_PK_USAGE_UNKN): New.
2006-04-01 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_ac_eme_pkcs_v1_5): Removed members: key, handle;
added member: key_size.
* secmem.c (MB_FLAG_ACTIVE): Write braces around MB_FLAG_ACTIVE
definition.
2006-03-15 Werner Koch <wk@g10code.com>
* getrandom.c: New.
2006-03-14 Werner Koch <wk@g10code.com>
* gcryptrnd.c: New.
2006-03-10 Werner Koch <wk@g10code.com>
* gcrypt.h: Add GCRY_MD_SHA224.
2005-11-02 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Update comments for functions: gcry_cipher_algo_name,
gcry_pk_algo_name.
2005-10-31 Moritz Schulte <moritz@g10code.com>
* global.c: Added documentation.
2005-10-16 Moritz Schulte <moritz@g10code.com>
* global.c (global_init): Use gcry_error_t instead of
gcry_err_code_t; use goto instead of if constructs.
* stdmem.c: Inserted description of the layered memory management
in Libgcrypt.
* g10lib.h: Removed G10_I18N_H related check; it seems to be a
GnuPG relict (Libgcrypt does not define this symbol anywhere).
(FLAG_MODULE_DISABLED): Don't forget parantheses around shifted
value.
Removed GCC_ATTR_PURE macro definitions, since gcrypt.h does
already contain such a macro named _GCRY_GCC_ATTR_PURE, which we
can use here as well.
Likewise for GCC_ATTR_MALLOC and _GCRY_GCC_ATTR_MALLOC.
* stdmem.h: Use _GCRY_GCC_ATTR_MALLOC instead of GCC_ATTR_MALLOC.
* secmem.h: Likewise.
2005-10-09 Moritz Schulte <moritz@g10code.com>
* global.c (gcry_control): Call global_init() after passing thread
cbs to ath. global_init() MUST to be called AFTER passing the cbs
to ath and BEFORE calling library functions, which make use of
ath. This change combines cbs installing with ath initialization
and thus removes the need to call other library initialization
functions inbetween like e.g. gcry_check_version().
2005-10-01 Moritz Schulte <moritz@g10code.com>
* ath.c: Assign copyright to FSF.
* ath.h: Likewise.
2005-06-25 Moritz Schulte <moritz@g10code.com>
* Makefile.am (pkgconfigdir, pkgconfig_DATA): Removed variables.
* libgcrypt.pc.in: Removed file - we do not want to support a
second, foreign configuration system.
2005-06-17 Moritz Schulte <moritz@g10code.com>
* global.c (gcry_xstrdup): Removed superfluous strcpy call.
2005-04-22 Moritz Schulte <moritz@g10code.com>
* Makefile.am (pkgconfigdir, pkgconfig_DATA): New; support for
pkgconfig provided by Albert Chin.
* libgcrypt.pc.in (Cflags): New file.
2005-04-16 Moritz Schulte <moritz@g10code.com>
* g10lib.h (_gcry_ac_init): Declare.
* global.c (global_init): Call _gcry_ac_init; don't forget to set
err.
2005-04-14 Werner Koch <wk@g10code.com>
* sexp.c (whitespacep): New.
(sexp_sscan): Replaced isdigit and isspace by whitespacep and
digitp.
2005-04-11 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_md_algos): Added: GCRY_MD_WHIRLPOOL.
* cipher.h (_gcry_digest_spec_whirlpool): Declare.
2005-03-30 Moritz Schulte <moritz@g10code.com>
* libgcrypt.vers: Added: gcry_ac_io_init, gry_ac_io_init_va.
* gcrypt.h (gcry_ac_data_read_cb_t, gcry_ac_data_write_cb_t,
gcry_ac_io_mode_t, gcry_ac_io_type_t, gcry_ac_io_t): New types.
(gcry_ac_io_init_va): Declare function.
(gcry_ac_data_encode, gcry_ac_data_decode,
gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme,
gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): Use
gcry_ac_io_type_t objects instead of memory strings directly.
2005-03-03 Moritz Schulte <moritz@g10code.com>
* libgcrypt.vers: Added: gcry_ac_data_to_sexp() and
gcry_ac_data_from_sexp().
2005-02-22 Werner Koch <wk@g10code.com>
* global.c (_gcry_malloc): Make sure ERRNO is set if we return
NULL. Remove unneeded initialization of M to allow the compiler
to catch errors.
(gcry_realloc): Make sure ERRNO is set if we return NULL>
2005-02-13 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Declare new functions: gcry_ac_data_encrypt_scheme,
gcry_ac_data_decrypt_scheme, gcry_ac_data_sign_scheme,
gcry_ac_data_verify_scheme, gcry_ac_data_encode,
gcry_ac_data_decode, gcry_ac_data_to_sexp, gcry_ac_data_from_sexp.
New types: gcry_ac_emsa_pkcs_v1_5_t, gcry_ac_ssa_pkcs_v1_5_t,
gcry_md_algo_t.
New enumeration lists: gcry_ac_scheme_t, gcry_ac_em_t.
* libgcrypt.vers: Added new ac functions.
* g10lib.h: Declare function: _gcry_pk_get_elements.
* mpi.h (mpi_get_ui): New macro.
Declare function: _gcry_mpi_get_ui.
2004-11-09 Werner Koch <wk@g10code.com>
* gcrypt.h: Removed 3 trailing commas from enums. Noted by Heiko
Stamer.
2004-09-21 Werner Koch <wk@g10code.de>
* sexp.c (sexp_sscan): Removed C++ style comments. Noted by Yoann
Vandoorselaere.
2004-08-23 Moritz Schulte <moritz@g10code.com>
* global.c: Do not include <assert.h>.
* sexp.c: Likewise.
* module.c: Likewise.
* misc.c: Likewise.
2004-08-18 Moritz Schulte <moritz@g10code.com>
* secmem.c (_gcry_secmem_init): Try to lock pool into core not
only when running with root privileges.
2004-08-16 Werner Koch <wk@g10code.de>
* secmem.h (_gcry_secmem_set_flags,_gcry_secmem_get_flags):
Removed __pure__.
(GCRY_SECMEM_FLAG_NO_WARNING): Put macro value into parens.
* secmem.c (_gcry_secmem_init): Defer printing of the warning.
2004-08-10 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Include <sys/time.h>, thanks to Simon Josefsson.
2004-05-07 Werner Koch <wk@gnupg.org>
* gcrypt.h: Added GCRYCTL_FAST_POLL.
(gcry_fast_random_poll): New.
* global.c (gcry_control) <INITIALIZATION_FINISHED>: Do only basic
random subsystem init.
(gcry_control) <FAST_POLL>: New.
2004-04-22 Marcus Brinkmann <marcus@g10code.de>
* libgcrypt.m4: Quote first argument to AC_DEFUN.
2004-04-15 Werner Koch <wk@gnupg.org>
* secmem.c (_gcry_secmem_malloc_internal): Removed old extra info
error output.
(_gcry_secmem_term): Use wipememory2 here.
* misc.c (_gcry_burn_stack): Use wipememory to avoid optimizations.
* string.c: Removed. Was never used.
* global.c (gcry_strdup): Replaced by the version from string.c
(gcry_xstrdup): Rewritten.
* gcrypt.h: Removed duplicate prototype for gcry_strdup.
2004-03-29 Werner Koch <wk@gnupg.org>
* secmem.c (_gcry_secmem_realloc): Fixed double unlock; bug
manifested itself due to the more rigorous checking in the changed
ath.h
* libgcrypt-config.in (Options): Ignore the obsolete --threads
option for now.
2004-03-17 Marcus Brinkmann <marcus@g10code.de>
* libgcrypt-config.in (includedir, libdir): Quote'em. Use
$gpg_error_cflags and $gpg_error_libs. Fix construction of
$includes.
2004-03-14 Marcus Brinkmann <marcus@g10code.de>
* libgcrypt-config.in (includedir, libdir): New variables. For
--cflags, don't test $cflags. Also check against /include for the
GNU/Hurd. Don't overwrite but extend $cflags_final. Likewise for
--libs.
2004-03-10 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (ltlib_libgcrypt_pthread, ltlib_libgcrypt_pth): Removed.
(lib_LTLIBRARIES): Remove those variables from here.
(libgcrypt_pthread_la_SOURCES, libgcrypt_pthread_la_LDFLAGS,
(libgcrypt_pthread_la_DEPENDENCIES, libgcrypt_pthread_la_LIBADD,
(libgcrypt_pth_la_SOURCES, libgcrypt_pth_la_LDFLAGS,
(libgcrypt_pth_la_DEPENDENCIES, libgcrypt_pth_la_LIBADD,
(noinst_LTLIBRARIES): Removed.
(libgcrypt_real_la_SOURCES): Merge with ...
(libgcrypt_la_SOURCES): ... likewise.
(libgcrypt_real_la_DEPENDENCIES): Merge with ...
(libgcrypt_la_DEPENDENCIES): ... this.
(libgcrypt_real_la_LIBADD): Merge with ...
(libgcrypt_la_LIBADD): ... this.
* libgcrypt-config.in (libs_pthread, libs_pth, cflags_pth)
(cflags_pthread, thread_module, thread_modules): Removed.
(Options): Remove --thread option from help output. If the option
is specified, output an error and exit.
For --cflags and --libs option, remove pth and pthread from output.
* gcrypt.h: Include <sys/types.h> and <sys/socket.h>.
(enum gcry_ctl_cmds): Add GCRYCTL_SET_THREAD_CBS.
(gcry_thread_cbs): New struct.
* global.c (gcry_control): Implement GCRYCTL_SET_THREAD_CBS.
(global_init): Don't call ath_init here.
* ath.h: Rewritten.
* ath.c: Rewritten.
2004-03-06 Werner Koch <wk@gnupg.org>
* libgcrypt-config.in: s/--soname-number/--api-version/
* libgcrypt.m4: Changed test for API version.
2004-03-05 Werner Koch <wk@gnupg.org>
* libgcrypt.m4: Optionally check the SONAME number.
* libgcrypt-config.in: Add option --soname-number
2004-03-01 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libgcrypt_la_SOURCES): Add ath.c.
* ath.c (ath_init): Add missing function.
* Makefile.am (ath_pth_src): Removed.
(ath_pthread_src): Removed.
(libgcrypt_la_SOURCES): Remove ath-compat, $(ath_pth_src) and
$(ath_pthread_src).
* ath-compat.c, ath-pth-compat.c, ath-pthread-compat.c: Files
removed.
2004-02-20 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRY_PRIME_CHECK_AT_GOT_PRIME)
(GCRY_PRIME_CHECK_AT_FINISH),
(GCRY_PRIME_CHECK_AT_MAYBE_PRIME): New.
2004-02-18 Werner Koch <wk@gnupg.org>
* libgcrypt-config.in: Ignore setting of --prefix.
2004-02-13 Werner Koch <wk@gnupg.org>
* gcrypt.h: Added GCRY_CIPHER_RFC2268_128, alsthough not yet
supported.
2004-02-06 Werner Koch <wk@gnupg.org>
* gcrypt.h: Added GCRY_CIPHER_RFC2268_40.
2004-02-03 Werner Koch <wk@gnupg.org>
* secmem.c (_gcry_secmem_init): Do not print the "not locked into
core warning" if the NO_WARNING flag has been set.
* sexp.c (sexp_sscan): Allocate result in secure memory if BUFFER
is in secure memory. Switch to secure memory for the a secure %b
format item. Extra paranoid wipe on error.
(gcry_sexp_release): Added paranoid wiping for securely allocated
S-expressions.
2004-01-25 Moritz Schulte <mo@g10code.com>
* ath.h: Include <config.h>.
2004-01-12 Moritz Schulte <mo@g10code.com>
* gcrypt.h: Adjusted declarations of: gcry_ac_data_set,
gcry_ac_data_get_name, gcry_ac_data_get_index,
gcry_ac_key_pair_generate, gcry_ac_key_test,
gcry_ac_key_get_nbits, gcry_ac_key_get_grip.
* gcrypt.h (GCRY_AC_FLAG_DATA_NO_BLINDING): Removed symbol.
(GCRY_AC_FLAG_DEALLOC, GCRY_AC_FLAG_COPY)
(GCRY_AC_FLAG_NO_BLINDING): New symbols.
* global.c (gcry_strdup): Removed function.
* string.c: New file.
* Makefile.am (libgcrypt_real_la_SOURCES): Added: string.c.
* string.c (gcry_strdup): New function.
* gcrypt.h (gcry_strdup): Declare.
2003-12-19 Werner Koch <wk@gnupg.org>
* g10lib.h (wipememory, wipememory2): New; taken from gnupg.
2003-11-14 Werner Koch <wk@gnupg.org>
* global.c (gcry_strdup): Don't copy the string after a malloc
error.
2003-11-11 Werner Koch <wk@gnupg.org>
* sexp.c (sexp_sscan): Implemented "%b" format specifier.
2003-11-11 Moritz Schulte <mo@g10code.com>
* libgcrypt.m4: Do not set prefix when calling libgcrypt-config.
Thanks to Nikos Mavroyanopoulos.
2003-11-08 Moritz Schulte <mo@g10code.com>
* cipher.h (small_prime_numbers): Removed declaration.
(PUBKEY_FLAG_NO_BLINDING): Put braces around shift.
2003-11-04 Werner Koch <wk@gnupg.org>
* cipher.h (_gcry_sha1_has_buffer): New.
* gcrypt.h (gcry_create_nonce): New.
2003-10-31 Werner Koch <wk@gnupg.org>
* libgcrypt.vers (_gcry_generate_elg_prime): Removed this symbol;
gnutls does not need it anymore.
* secmem.c (mb_get_new): s/pool/block/ due to global pool.
* misc.c (gcry_set_log_handler): s/logf/f/ to avoid shadowing
warning against a builtin.
* ath-pth-compat.c: cast pth_connect to get rid of the const
prototype.
2003-10-27 Werner Koch <wk@gnupg.org>
* ath.h (ATH_MUTEX_INITIALIZER): Removed spurious semicolon.
2003-10-27 Moritz Schulte <mo@g10code.com>
* libgcrypt-config.in: Include libs/cflags of libgpg-error.
* sexp.c (sexp_sscan): Cleaned up, deallocate scanned sexp on
error.
* module.c (MODULE_ID_MIN): New symbol, use it.
2003-10-27 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_pk_testkey): Doc fix.
2003-09-29 Moritz Schulte <mo@g10code.com>
* libgcrypt-config.in: Fix --algorithms option.
2003-10-23 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_err_code): Use GPG_ERR_INLINE instead of
__inline__.
* secmem.c (lock_pool): Don't print the warning for certain
systems, handle ENOMEM.
2003-10-21 Werner Koch <wk@gnupg.org>
* secmem.c (_gcry_secmem_dump_stats): Fixed format sepcifier for a
size_t. Reported by Stephane Corthesy.
2003-10-10 Werner Koch <wk@gnupg.org>
* global.c (_gcry_malloc): Handle the no_secure_memory option.
* gcrypt.h (gcry_prime_group_generator): New.
(gcry_prime_release_factors): New.
2003-10-07 Werner Koch <wk@gnupg.org>
* sexp.c (sexp_sscan): Check that parenthesis are matching.
2003-09-28 Moritz Schulte <mo@g10code.com>
* g10lib.h: Declare: _gcry_malloc.
(GCRY_ALLOC_FLAG_SECURE): New symbol.
* global.c (_gcry_malloc): New function...
(gcry_malloc): ... use it.
(gcry_malloc_secure): Likewise.
* ath.c: Change License to LGPL.
* ath-pthread-compat.c: Likewise.
* ath-pthread.c: Likewise.
* ath-pth-compat.c: Likewise.
* ath-pth.c: Likewise.
* ath.h: Likewise.
* ath-compat.c: Likewise.
* secmem.c (_gcry_secmem_realloc): Do not forget to release secmem
lock. Thanks to low halo for triggering this bug.
2003-09-04 Werner Koch <wk@gnupg.org>
* gcrypt.h (_GCRY_ERR_SOURCE_DEFAULT): Removed cruft.
(gcry_prime_check_func_t): Renamed arg for clarity.
2003-09-02 Moritz Schulte <mo@g10code.com>
* gcrypt.h (GCRY_PRIME_FLAG_SPECIAL_FACTOR): New symbol.
2003-09-01 Moritz Schulte <mo@g10code.com>
* gcrypt.h (gcry_random_level_t): New type.
(gcry_prime_check_func_t): Likewise.
(GCRY_PRIME_FLAG_SECRET): New symbol.
(gcry_prime_generate, gcry_prime_check): Declare functions.
2003-08-28 Werner Koch <wk@gnupg.org>
* Makefile.am (libgcrypt_pth_la_LDFLAGS): Removed PTH_CFLAGS cruft.
2003-08-27 Moritz Schulte <mo@g10code.com>
* global.c (gcry_control): Remove call to ath_deinit.
* Makefile.am (libgcrypt_real_la_DEPENDENCIES): Fixed.
(libgcrypt_real_la_LIBADD): Fixed.
Removed unecessary variables.
* libgcrypt-config.in: Adjusted script for new thread handling.
* Makefile.am: New version, based on GPGMEs Makefile.am.
* ath.c, ath-compat.c, ath.h, ath-pth.c, ath-pth-compat.c,
ath-pthread.c, ath-pthread-compat.c: New files, merged from GPGME.
* ath.c, ath.h, ath-pthread.c, ath-pth.c: Removed files.
2003-08-08 Moritz Schulte <moritz@g10code.com>
* global.c (gcry_realloc): Remove FIXME about `clearing out
realloced memory', since _gcry_secmem_realloc takes care of
overwriting old memory.
2003-08-07 Werner Koch <wk@gnupg.org>
* module.c (_gcry_module_release): Don't act if module is NULL.
2003-07-30 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (enum gcry_ac_id): Added: GCRY_AC_ELG_E.
Reverted change: use gcry_md_flags enumeration list instead of
defines.
2003-07-29 Werner Koch <wk@gnupg.org>
* global.c (gcry_control): Add GCRYCTL_SET_RANDOM_SEED_FILE and
GCRYCTL_UPDATE_RANDOM_SEED_FILE.
* gcrypt.h: Ditto. Renamed index to idx, so avoid warning
related to the old index function.
2003-07-28 Moritz Schulte <moritz@g10code.com>
* global.c (gcry_err_code_from_errno, gcry_err_code_to_errno)
(gcry_err_make_from_errno, gcry_error_from_errno): New functions.
* gcrypt.h: Declared: gcry_err_code_from_errno,
gcry_err_code_to_errno, gcry_err_make_from_errno,
gcry_error_from_errno.
* Makefile.am (include_HEADERS): Added: gcrypt-module.h.
* gcrypt.h: Include <gcrypt-module.h>.
* gcrypt-module.h: New file.
2003-07-27 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_mpi_scan, gcry_mpi_print): API change.
(gcry_mpi_dump): New.
2003-07-21 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Declared: gcry_ac_key_data_get.
(gcry_pk_spec): Renamed member `sexp_names' into `aliases'.
2003-07-20 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_md_oid_spec_t): New type.
(gcry_md_spec): New member: oids.
2003-07-19 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_cipher_oid_spec_t): New type.
(gcry_cipher_spec): New member: oids;
2003-07-18 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_mpi_set_opaque): Add a warning comment.
2003-07-15 Moritz Schulte <moritz@g10code.com>
* secmem.c (compress_pool): Remove function, since unused blocks
are automatically concatenad.
* gcrypt.h: Bumped version number up to 1.1.42-cvs.
2003-07-14 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_cipher_spec): New member: aliases.
* Makefile.am (noinst_PROGRAMS, testapi_SOURCES, testapai_LDADD,
benchmark_SOURCES, benchmark_LDADD): Removed.
* benchmark.c, testapi.c: Removed files.
* mpi.h: Removed disabled typedef.
* g10lib.h: Likewise.
* benchmark.c, g10lib.h, gcrypt.h, global.c, module.c, sexp.c:
Used gcry_err* wrappers for libgpg-error symbols.
2003-07-12 Moritz Schulte <moritz@g10code.com>
* global.c: Likewise.
* gcrypt.h: New type: gcry_error_t, gcry_err_code_t and
gcry_err_source_t.
(gcry_err_make, gcry_error, gcry_err_code, gcry_err_source): New
functions.
* global.c (gcry_strerror): New function.
(gcry_strsource): New function.
* gcrypt.h: New symbol: GCRY_CIPHER_TWOFISH128.
2003-07-09 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (enum gcry_md_flags): Removed, used define instead,
since that is more common than an enumeration list when it comes
to flags that can be bitwise ORed.
2003-07-08 Moritz Schulte <moritz@g10code.com>
* global.c: Use new types for handlers.
* gcrypt.h: Declare: gcry_ac_data_copy.
2003-07-07 Moritz Schulte <moritz@g10code.com>
* sexp.c (gcry_sexp_build_array): Use dummy argument pointer.
Thanks to Simon Josefsson <jas@extunde.com>.
* gcrypt.h: Declare: gcry_cipher_list, gcry_pk_list, gcry_md_list.
2003-07-05 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Declare: gcry_cipher_register, gcry_cipher_unregister,
gcry_md_register, gcry_md_unregister, gcry_pk_register,
gcry_pk_unregister.
(gcry_cipher_spec): Removed member: algorithm.
(gcry_pk_spec): Likewise.
(gcry_md_spec): Likewise.
Adjusted declarations: gcry_cipher_register, gcry_pk_register,
gcry_md_register.
* module.c: Replaced all occurences of `id' with `mod_id', since
`id' is a keyword in obj-c.
* gcrypt.h (gcry_cipher_spec): Renamed member `id' to `algorithm'.
(gcry_pk_spec): Likewise.
(gcry_md_spec): Likewise.
* cipher.h: Removed types: gcry_pubkey_generate_t,
gcry_pubkey_check_secret_key_t, gcry_pubkey_encrypt_t,
gcry_pubkey_decrypt_t, gcry_pubkey_sign_t, gcry_pubkey_verify_t,
gcry_pubkey_get_nbits_t, gcry_pk_spec_t, gcry_digest_init_t,
gcry_digest_write_t, gcry_digest_final_t, gcry_digest_read_t,
gcry_digest_spec_t, gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
gcry_cipher_stdecrypt_t, gcry_cipher_spec_t.
* gcrypt.h: New types: gcry_pk_generate_t,
gcry_pk_check_secret_key_t, gcry_pk_encrypt_t, gcry_pk_decrypt_t,
gcry_pk_sign_t, gcry_pk_verify_t, gcry_pk_get_nbits_t,
gcry_pk_spec_t, gcry_md_init_t, gcry_md_write_t, gcry_md_final_t,
gcry_md_read_t, gcry_md_spec_t, gcry_cipher_setkey_t,
gcry_cipher_encrypt_t, gcry_cipher_decrypt_t,
gcry_cipher_stencrypt_t, gcry_cipher_stdecrypt_t,
gcry_cipher_spec_t, gcry_module_t.
2003-07-04 Moritz Schulte <moritz@g10code.com>
* module.c (_gcry_module_list): New function.
2003-07-02 Moritz Schulte <moritz@g10code.com>
* module.c (_gcry_module_lookup): Fixed typo.
* gcrypt.h: Added all definitions and declarations necessary for
the new ac interface.
2003-06-30 Moritz Schulte <moritz@g10code.com>
* g10lib.h: Added declarations: _gcry_pk_module_lookup,
_gcry_pk_module_release.
2003-06-18 Werner Koch <wk@gnupg.org>
* benchmark.c (cipher_bench): Adjusted for new API of get_blklen
and get_keylen.
* gcrypt.h (gcry_cipher_get_algo_blklen)
(gcry_cipher_get_algo_keylen): Replaced macro by funcion.
2003-06-18 Moritz Schulte <moritz@g10code.com>
* cipher.h: Renamed types GcryDigestSpec, GcryCipherSpec and
GcryPubkeySpec into: gcry_digest_spec_t, gcry_cipher_spec_t and
gcry_pubkey_spec_t.
(gcry_pubkey_spec): Defined member `id' as unsigned.
(gcry_digest_spec): Likewise.
(gcry_cipher_spec): Likewise.
* module.c (_gcry_module_id_new): New function.
(_gcry_module_add): Generate a new ID via _gcry_module_id_new in
case `id' is zero.
* g10lib.h, module.c: Replace old type GcryModule with newer one:
gcry_module_t.
* module.c (_gcry_module_add): Added argument `id', use it.
* g10lib.h: Added declaration: _gcry_module_lookup_id.
(_gcry_module_add): Added argument `id'.
* module.c (_gcry_module_lookup_id): New function.
* g10lib.h (struct gcry_module): New member: id.
* gcrypt.h: New type: gcry_handler_progress_t,
gcry_handler_alloc_t, gcry_haandler_secure_check_t,
gcry_handler_realloc_t, gcry_handler_free_t,
gcry_handler_no_mem_t, gcry_handler_error_t, gcry_handler_log_t.
Use new types.
* cipher.h: Include <gcrypt.h>.
New types: gcry_pk_generate_t, gcry_pk_check_secret_key_t,
gcry_pk_encrypt_t, gcry_pk_decrypt_t, gcry_pk_sign_t,
gcry_pk_verify_t, gcry_pk_get_nbits_t, gcry_md_init_t,
gcry_md_write_t, gcry_md_final_t, gcry_md_read_t,
gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
gcry_cipher_stdecrypt_t.
Use new types.
2003-06-17 Moritz Schulte <moritz@g10code.com>
* Makefile.am (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
2003-06-16 Moritz Schulte <moritz@g10code.com>
* g10lib.h: Replace last occurences of old type names with newer
names (i.e. replace MPI with gcry_mpi_t).
* mpi.h: Likewise.
* sexp.c: Likewise.
2003-06-15 Moritz Schulte <moritz@g10code.com>
* testapi.c (test_genkey): Use gpg_strerror instead of
gcry_strerror.
* global.c (gcry_control): Fixed typo.
* misc.c (_gcry_fatal_error): Use gpg_strerror instead of
gcry_strerror.
* types.h (STRLIST): Removed type since it is not used.
2003-06-11 Moritz Schulte <moritz@g10code.com>
* global.c (global_init): Call: _gcry_cipher_init, _gcry_md_init,
_gcry_pk_init.
* g10lib.h: Declare: _gcry_cipher_init, _gcry_md_init,
_gcry_pk_init.
* global.c (gcry_strerror): Remove compatibility code.
* Makefile.am: Remove support libgpg-error special handling.
(AM_CPPFLAGS): Add @GPG_ERROR_CFLAGS@
* gcrypt.h: Likewise.
2003-06-13 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_md_get_algo): Reverted to old API. This is a
convenience function anyway and error checking is not approriate.
(gcry_md_is_enabled): New.
(gcry_md_is_secure): Replaced macro by function and reverted to old
API.
2003-06-11 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRYERR): Define _GCRY_ERR_SOURCE_DEFAULT instead of
GPG_ERR_SOURCE_DEFAULT, so that libgpg-error still works despite
the use of the old gcrypt error codes.
(gcry_md_copy): Swapped arguments.
2003-06-09 Moritz Schulte <moritz@g10code.com>
* Makefile.am: Support for libgpg-error.
2003-06-08 Moritz Schulte <moritz@g10code.com>
* sexp.c (gcry_sexp_create): Expect sane error values from
gcry_sexp_canon_len instead of the `historical' values.
2003-06-07 Moritz Schulte <moritz@g10code.com>
* ath.c, ath.c, ath-pth.c, ath-pthread.c, benchmark.c, cipher.h,
g10lib.h, gcrypt.h, global.c, misc.c, missing-string.c, module.c,
mpi.h, secmem.c, secmem.h, sexp.c, stdmem.c, stdmem.h, testapi.c,
types.h: Edited all preprocessor instructions to remove whitespace
before the '#'. This is not required by C89, but there are some
compilers out there that don't like it. Replaced any occurence of
the now deprecated type names with the new ones.
* gcrypt.h: Re-organized checking for gcc features; New macro:
_GCRY_GCC_ATTR_DEPRECATED.
Include copy of libgpg-error's gpg-error.h in order to make it
easy to build libgcrypt without needing libgpg-error.h.
(GCRY_MPI, GcryMPI, GCRY_SEXP, GcrySexp, GCRY_CIPHER_HD,
GcryCipherHd, GCRY_MD_HD, GcryMDHd): Declared deprecated.
(gcry_mpi_t, gcry_sexp_t, gcry_cipher_hd_t, gcry_md_hd_t): New
types.
2003-06-04 Moritz Schulte <moritz@g10code.com>
* sexp.c (sexp_sscan): New argument: arg_list, adjusted all
callers.
(ARG_NEXT): New macro.
(sexp_sscan): Use ARG_NEXT for receiving format string arguments.
(gcry_sexp_build_array): New function.
2003-06-02 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Added some comments describing the gcry_sexp_*
functions.
Include <gpg-error.h> instead of <gpg/error.h>.
2003-06-01 Moritz Schulte <moritz@g10code.com>
* sexp.c (OLDPARSECODE): Removed macro...
(gcry_sexp_canon_len): ... and do not use it.
* gcrypt.h (gcry_errno): Removed declaration.
* g10lib.h (string_to_pubkey_algo, pubkey_algo_to_string,
pubkey_nbits): Removed declarations for non-existing functions.
2003-05-31 Moritz Schulte <moritz@g10code.com>
* cipher.h (is_RSA, is_ELGAMAL): Removed macros.
* g10lib.h (set_lasterr): Removed macro.
(_gcry_set_lasterr): Removed declaration.
* gcrypt.h: Changed declarations for: gcry_pk_algo_info,
gcry_md_open, gcry_md_copy, gcry_md_algo_info, gcry_md_info,
gcry_md_get_algo, gcry_random_add_bytes.
(gcry_md_is_secure): Adjust macro for new API.
2003-05-29 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Changed declarations for: gcry_cipher_open,
gcry_cipher_info, gcry_cipher_algo_info.
(gcry_cipher_get_algo_keylen): Adjuster for new
gcry_cipher_algo_info interface.
(gcry_cipher_get_algo_blklen): Likewise.
* global.c (gcry_errno): Removed function.
(gcry_strerror): Do not use gcry_errno.
(_gcry_set_lasterr): Removed function.
(last_ec): Removed variable.
2003-05-27 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (enum gcry_cipher_algos): Make Serpent IDs do not
conflict with OpenPGP. Reported by Timo Schulz.
* global.c (gcry_control): Fixed name of enum list.
2003-05-25 Moritz Schulte <moritz@g10code.com>
* cipher.h (gcry_cipher_spec): Adjust return type of `setkey' for
libgpg-error.
(gcry_pubkey_spec): Adjust return type of `generate',
`check_secret_key', `encrypt', `decrypt', `sign' and `verify' for
libgpg-error.
* sexp.c (gcry_sexp_canon_len): Adjusted for libgpg-error.
(gcry_sexp_create): Likewise.
(gcry_sexp_new): Likewise.
(sexp_sscan): Likewise.
(gcry_sexp_build): Likewise.
(gcry_sexp_sscan): Likewise.
* module.c (_gcry_module_add): Likewise.
* global.c (last_ec): Change type to gpg_error_t.
(gcry_control): Adjust for libgpg-error.
(gcry_errno): Likewise.
(gcry_strerror): Likewise.
(_gcry_set_lasterr): Likewise.
(gcry_xmalloc): Likewise.
(gcry_xrealloc): Likewise.
2003-05-22 Moritz Schulte <moritz@g10code.com>
* types.h: Merged code from GnuPG regarding U64_C.
* missing-string.c (strsep): Removed function.
* g10lib.h: Removed declarations: strsep, strlwr.
* secmem.c (secmem_lock): New variable.
(SECMEM_LOCK, SECMEM_UNLOCK): New macros.
(_gcry_secmem_set_flags): Use SECMEM_LOCK and SECMEM_UNLOCK.
(_gcry_secmem_get_flags): Likewise.
(_gcry_secmem_init): Likewie.
(_gcry_secmem_malloc): Likewise.
(_gcry_secmem_free): Likewise.
(_gcry_secmem_malloc): Renamed to ...
(_gcry_secmem_malloc_internal): ... this.
(_gcry_secmem_malloc): New function, use SECMEM_LOCK,
SECMEM_UNLOCK, call _gcry_secmem_malloc_internal.
(_gcry_secmem_free): Renamed to ...
(_gcry_secmem_free_internal): ... this.
(_gcry_secmem_free): New function, use SECMEM_LOCK, SECMEM_UNLOCK,
call _gcry_secmem_free_internal.
(_gcry_secmem_realloc): Use SECMEM_LOCK, SECMEM_UNLOCK, call
_gcry_secmem_malloc_internal and _gcry_secmem_free_internal.
(_gcry_private_is_secure): Use SECMEM_LOCK, SECMEM_UNLOCK.
(_gcry_secmem_dump_stats): Likewise.
(_gcry_secmem_malloc_internal): Removed unused variable:
compressed.
Include "ath.h".
2003-05-21 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (GCRY_CIPHER_SERPENT128, GCRY_CIPHER_SERPENT192,
GCRY_CIPHER_SERPENT256): New symbols.
2003-05-19 Moritz Schulte <moritz@g10code.com>
* gcrypt.h: Reversed changes from 2003-03-03 since they would have
been an unnecessary ABI break.
2003-05-13 Moritz Schulte <moritz@g10code.com>
* secmem.c (stats_update): New function.
(BLOCK_HEAD_SIZE): New symbol.
(MB_FLAG_ACTIVE): New symbol.
(ADDR_TO_BLOCK, BLOCK_VALID): New macros.
(mb_get_next): New function.
(mb_get_prev): New function.
(mb_merge): New function.
(mb_get_new): New function.
(unused_blocks): Removed variable.
(init_pool): Initialize new memory pool.
(_gcry_secmem_malloc): Use new heap management code.
(_gcry_secmem_free): Likewise.
(_gcry_secmem_realloc): Likewise.
Renamed type MEMBLOCK to memblock_t.
2003-04-27 Moritz Schulte <moritz@g10code.com>
* cipher.h (gcry_pubkey_spec): New member: sexp_names.
2003-04-23 Moritz Schulte <moritz@g10code.com>
* cipher.h (gcry_pubkey_spec): Removed members: npkey, nskey,
nenc, nsig.
(gcry_pubkey_spec): Added members: elements_pkey, elements_skey,
elements_enc, elements_sig, elements_grip.
2003-04-17 Moritz Schulte <moritz@g10code.com>
* g10lib.h (GcryModule): New typedef.
* gcrypt.h (gcry_cipher_register, gcry_cipher_unregister,
gcry_digest_register, gcry_digest_unregister,
gcry_pubkey_register, gcry_pubkey_unregister): Function
declarations removed - for now.
* gcrypt.h (GcryModule): Declaration removed.
* gcrypt.h (GcryPubkeySpec, GcryDigestSpec, GcryCipherSpec):
Types Moved...
* cipher.h: ... here.
2003-04-17 Moritz Schulte <moritz@g10code.com>
* cipher.h: Declare digest_spec_sha512 and digest_spec_384.
2003-04-16 Moritz Schulte <moritz@g10code.com>
* module.c (_gcry_module_use): New function.
* g10lib.h (_gcry_module_use): Declare function.
* libgcrypt-config.in: Support for --algorithms switch, which
prints the algorithms included in the built libgcrypt.
* global.c (gcry_set_progress_handler): Register progress
functions depending on the enabled algorithms.
2003-04-07 Moritz Schulte <moritz@g10code.com>
* Makefile.am (libgcrypt_la_SOURCES): Added module.c
* module.c: New file.
(_gcry_module_add): New function.
(_gcry_module_drop): New function.
(_gcry_module_lookup): New function.
(_gcry_module_release): New function.
* g10lib.h (GcryModule): New types.
(FLAG_MODULE_DISABLED): New symbol.
Added declarations for _gcry_module_add, _gcry_module_release and
_gcry_module_lookup.
* gcrypt.h: New types: GcryPubkeySpec, GcryDigestSpec,
GcryCipherSpec.
Added declarations for: gcry_cipher_register,
gcry_cipher_unregister, gcry_digest_register,
gcry_digest_unregister, gcry_pubkey_register and
gcry_pubkey_unregister.
* cipher.h: Removed symbols: CIPHER_ALGO_NONE, CIPHER_ALGO_IDEA,
CIPHER_ALGO_3DES, CIPHER_ALGO_CAST5, CIPHER_ALGO_BLOWFISH,
CIPHER_ALGO_SAFER_SK128, CIPHER_ALGO_DES_SK, CIPHER_ALGO_TWOFISH,
CIPHER_ALGO_TWOFISH_OLD, CIPHER_ALGO_DUMMY, PUBKEY_USAGE_SIG,
PUBKEY_USAGE_ENC, DIGEST_ALGO_MD5, DIGEST_ALGO_SHA1,
DIGEST_ALGO_RMD160, DIGEST_ALGO_TIGER, PUBKEY_ALGO_RSA,
PUBKEY_ALGO_RSA_E, PUBKEY_ALGO_RSA_S, PUBKEY_ALGO_DSA,
PUBKEY_ALGO_ELGAMAL, PUBKEY_ALGO_ELGAMAL_E.
2003-04-02 Moritz Schulte <moritz@g10code.com>
* benchmark.c (md_bench): Fix error message.
2003-03-31 Moritz Schulte <moritz@g10code.com>
* benchmark.c (cipher_bench): Added CTR mode.
2003-03-30 Simon Josefsson <jas@extundo.com>
* gcrypt.h (enum gcry_control_cmds): Add GCRY_SET_CTR.
(enum gcry_cipher_modes): Add GCRY_CIPHER_MODE_CTR.
(gcry_cipher_setctr): New macro to set counter.
2003-03-19 Moritz Schulte <moritz@g10code.com>
* cipher.h (PUBKEY_FLAG_NO_BLINDING): New symbol.
2003-03-22 Simon Josefsson <jas@extundo.com>
* gcrypt.h: Add GCRYCTL_SET_CBC_MAC and GCRY_CIPHER_CBC_MAC.
2003-03-19 Werner Koch <wk@gnupg.org>
* g10lib.h: Adjusted primegen.c prototypes.
2003-03-12 Werner Koch <wk@gnupg.org>
* sexp.c (sexp_sscan): Initialize NM. Thanks to Ian Peters for
valgrinding this.
2003-03-06 Moritz Schulte <mo@g10code.com>
* secmem.h (GCRY_SECMEM_FLAG_NO_WARNING,
GCRY_SECMEM_FLAG_SUSPEND_WARNING): New symbols.
* global.c (gcry_control): Use
GCRY_SECMEM_FLAG_{NO,SUSPEND}_WARNING, instead of hard-coded
values.
* secmem.c (_gcry_secmem_set_flags): Likewise.
* secmem.c (_gcry_secmem_get_flags): Likewise.
2003-03-03 Moritz Schulte <moritz@g10code.com>
* misc.c: Removed old FIXME, since there is already a function to
set the value of `verbosity_level'.
* gcrypt.h: Removed enumeration list: gcry_ctl_cmds.
New enumeration lists: gcry_global_control_cmds,
gcry_control_cmds, gcry_info_cmds, gcry_algo_info_cmds.
2003-03-02 Moritz Schulte <moritz@g10code.com>
* gcrypt.h (gcry_cipher_reset): New macro for resetting a handle.
2003-02-28 Moritz Schulte <moritz@g10code.com>
* secmem.c (DEFAULT_PAGESIZE): New symbol.
(init_pool): Use DEFAULT_PAGESIZE.
2003-02-23 Moritz Schulte <moritz@g10code.com>
* secmem.h: Fix typo in declaration of _gcry_secmem_term.
* sexp.c: Move macro definitions of `digitp', `octdigit', `alphap'
and `hexdigit' ...
* g10lib.h: ... here.
* misc.c (_gcry_burn_stack): New function (former name:
burn_stack).
* g10lib.h (burn_stack): Declare _gcry_burn_stack().
2003-01-24 Werner Koch <wk@gnupg.org>
* global.c (gcry_set_progress_handler): Register a random progress
handler.
2003-01-23 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRY_ENABLE_QUICK_RANDOM): New.
* global.c (gcry_control): Make use of it.
2003-01-21 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_random_add_bytes): Add QUALITY argument.
2003-01-21 Timo Schulz <twoaday@freakmail.de>
* gcrypt.h (gcry_random_add_bytes): New.
2003-01-20 Simon Josefsson <jas@extundo.com>
* gcrypt.h (gcry_md_algos): Add GCRY_MD_CRC32,
GCRY_MD_CRC32_RFC1510, GCRY_MD_CRC24_RFC2440.
2003-01-16 Werner Koch <wk@gnupg.org>
* gcrypt.h (gcry_md_write): Changed type of 2nd argument to void*.
(gcry_md_hash_buffer): Changed type of both buffers to void*.
(gcry_md_setkey): Changed type of 2nd argument to void*.
(gcry_md_get_asnoid): New.
2003-01-15 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_length): Fixed. This was seriously broken.
2003-01-14 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRYERR_INV_FLAG), global.c (gcry_strerror): New.
2003-01-02 Werner Koch <wk@gnupg.org>
* libgcrypt.vers: Temporary export _gcry_generate_elg_prime for
use by GNUTLS.
2002-12-21 Werner Koch <wk@gnupg.org>
* gcrypt.h: Make use of gcc's pure and malloc attributes
(gcry_md_putc): Use a helper variable to avoid multiple
evaluation of H.
* g10lib.h, stdmem.h, secmem.h: Use gcc attributes pure and malloc.
* stdmem.c (use_m_guard): Don't default to yes.
2002-12-19 Werner Koch <wk@gnupg.org>
* global.c (global_init): The meat was never run due to a faulty
check. Thanks to Nikos for pointing this out.
* global.c (gcry_control): Return 1 and not -1 for the
initialization tests.
* libgcrypt.vers: New.
* Makefile.am: Use this instead of the build symbol file.
* global.c (gcry_control) <initialization>: Call the random module
initializer to make sure that the pool lock flag has been
initialized.
2002-12-09 Werner Koch <wk@gnupg.org>
* global.c (gcry_calloc,gcry_calloc_secure): Check for overflow.
Noted by Florian Weimer.
2002-11-10 Simon Josefsson <jas@extundo.com>
* gcrypt.h (gcry_ctl_cmds): New GCRYCTL_SET_CBC_CTS control flag.
(gcry_cipher_flags): New GCRY_CIPHER_CBC_CTS gcry_cipher_open() flag.
(gcry_cipher_cts): New macro for toggling CTS.
2002-11-10 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRY_MD_MD4): New. We use a non OpenPGP value here.
2002-09-20 Werner Koch <wk@gnupg.org>
* ath.c: Include sys.time.h if sys/select.h does not exist.
(ath_select, ath_waitpid): Shortcut for Windows.
* ath.h: Include some Windows headers. By Timo.
2002-09-18 Werner Koch <wk@gnupg.org>
* ath.h: Prefix ath_deinit.
2002-09-17 Werner Koch <wk@gnupg.org>
* benchmark.c: New.
(mpi_bench, do_powm): Add a a simple test for RSA.
* global.c (global_init): New. Use it instead of the setting
any_init_done. Initialize the ATH system.
(gcry_check_version): Hook global_init in. This is the suggested
way to initialize the library.
(_gcry_no_internal_locking): Removed. We simply call a ath_deinit
and leave it to ATH to disbale the locking.
* ath.c, ath.h, ath-pth.c, ath-pthread.c: New. Taken from GPGME.
* mutex.h: Removed.
* Makefile.am (ath_components): New.
2002-09-16 Werner Koch <wk@gnupg.org>
* secmem.c (_gcry_secmem_dump_stats): Replaced fprintf by log_*.
2002-08-23 Werner Koch <wk@gnupg.org>
* missing-string.c: Removed unneeded strlwr.
* libgcrypt.m4: Made much more simple.
* libgcrypt-config.in: Made --prefix work for --libs.
2002-08-14 Werner Koch <wk@gnupg.org>
* gcrypt.h: Add GCRY_CIPGER_DES. Included string.h for size_t.
Suggested by Simon Josefsson.
2002-07-25 Werner Koch <wk@gnupg.org>
* cipher.h: Added prototypes for progress functions.
* global.c: Include cipher.h for those prototypes.
* stdmem.c (_gcry_private_realloc): Replaced void* by char * for
pointer arithmetic reasons. Noted by Stephan Austermuehle.
2002-06-24 Werner Koch <wk@gnupg.org>
* missing-string.c: Include ctype.h.
* gcrypt.h (gcry_mpi_invm, gcry_mpi_div, gcry_mpi_mod)
(gcry_mpi_swap): New.
2002-06-18 Werner Koch <wk@gnupg.org>
* gcrypt.h: Added a bunch of brief function descriptions.
2002-05-21 Werner Koch <wk@gnupg.org>
* misc.c (_gcry_log_printf): Don't initialize a va_list. Noted by
Jeff Johnson.
* global.c (gcry_set_progress_handler): New.
* gcrypt.h: Replaced the typedef for byte.
2002-05-16 Werner Koch <wk@gnupg.org>
* missing-string.c: New.
* gcrypt.h: Add new error codes GCRYERR_SEXP_ and typedefs
GcryMPI, GcrySexp, GcryCipherHd, GcryMDHd as aliases for the old
ones using an underscore.
* global.c (gcry_strerror): Add strings fro the new error codes.
* sexp.c (gcry_sexp_canon_len): Use a macro to convert from new to
old error codes.
(gcry_sexp_create,gcry_sexp_new): New.
2002-05-15 Werner Koch <wk@gnupg.org>
* mutex.h (DEFINE_LOCAL_MUTEX): Macro to define a mutex and
initialize it so that we can detect an unitialized mutex and don't
read from stdin.
2002-05-14 Werner Koch <wk@gnupg.org>
Changed license of all files to the LGPL.
2002-05-07 Werner Koch <wk@gnupg.org>
* global.c (gcry_control): Add commands
GCRYCTL_ANY_INITIALIZATION_P and GCRYCTL_INITIALIZATION_FINISHED_P
so that other libraries are able to check for required
initializations.
2002-05-02 Werner Koch <wk@gnupg.org>
* gcrypt.h (GCRYCTL_DISABLE_INTERNAL_LOCKING): New.
* global.c (gcry_control): Implement it.
(_gcry_no_internal_locking): New.
* mutex.h: Prefixed all fucntions with _gcry_. Bypass all
functions when desired.
* gcrypt.h (GCRYCTL_DISABLE_SECMEM): New.
* global.c (gcry_control,gcry_malloc_secure,gcry_is_secure):
Implement it here.
* secmem.c (_gcry_private_is_secure): Return false if the pool is
not initialized.
* gcrypt.h (GCRYCTL_INITIALIZATION_FINISHED): New.
* gcrypt.h (gcry_cipher_algos): Replaced RINDAEL by AES and change
the macros to expand from rijdael to aes.
* stdmem.c (_gcry_private_malloc): Return NULL for 0 byte allocation.
(_gcry_private_malloc_secure): Ditto.
* g10lib.h: Copied the JNLIB_GCC macros from ../jnlib/mischelp.h
and removed the inclusion of that file.
2002-04-15 Werner Koch <wk@gnupg.org>
* global.c (gcry_strdup): New.
2002-03-18 Werner Koch <wk@gnupg.org>
* mutex.h: New file with a portable thread mutex implementation
written by Marcus Brinkmann. Taken from GPGME.
2002-02-18 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_sscan): Don't initialize the dummy
variable. Suggested by Jordi Mallach.
2002-01-31 Werner Koch <wk@gnupg.org>
* sexp.c (suitable_encoding,convert_to_hex,convert_to_string)
(convert_to_token): New.
(gcry_sexp_sprint): Better formatting of advanced encoding, does
now insert LFs and escapes all unprintable characters.
(unquote_string): New.
(sexp_sscan): Implemented the missing conversion of quoted strings.
2002-01-26 Werner Koch <wk@gnupg.org>
* libgcrypt-config.in: Add copyright notice.
2002-01-11 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_canon_len): Fixed last change.
2002-01-01 Timo Schulz <ts@winpt.org>
* stdmem.c (_gcry_private_realloc): If pointer is NULL now realloc
behaves like malloc.
2001-12-20 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_canon_len): Describe the error codes and
return an error if this is not a S-Exp; i.e. it does not start
with an open parenthesis.
2001-12-18 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_canon_len): Fixed the test on NULL buffer.
* Makefile.am (DISTCLEANFILES): Include libgcrypt.sym
* sexp.c: Removed the commented test code because we now have a
test in ../tests/
2001-12-17 Werner Koch <wk@gnupg.org>
* sexp.c (gcry_sexp_canon_len): New.
2001-12-11 Werner Koch <wk@gnupg.org>
* gcrypt.h: Fixed AES128 macro, add enum for OFB mode.
2001-12-05 Werner Koch <wk@gnupg.org>
* misc.c (_gcry_log_printf): New.
* sexp.c (dump_string,gcry_sexp_dump): Use logging functions
instead of stderr.
2001-11-16 Werner Koch <wk@gnupg.org>
* gcrypt.h: New constant GCRYCTL_IS_ALGO_ENABLED.
2001-10-02 Werner Koch <wk@gnupg.org>
* gcrypt.h: Removed a couple of trailing commas.
2001-08-28 Werner Koch <wk@gnupg.org>
* sexp.c (sexp_sscan): Add an argument to enable the
arg_ptr. Changed all callers. Suggested by Tom Holroyd.
2001-08-03 Werner Koch <wk@gnupg.org>
* global.c (gcry_strerror): Updated list of error codes.
2001-07-23 Werner Koch <wk@gnupg.org>
* gcrypt.h: Replaced the last ulong. Noted by Rami Lehti.
2001-05-31 Werner Koch <wk@gnupg.org>
* gcrypt.h, mpi.h: Made some mpi functions public.
* wrapper.c: Removed.
* global.c: Renamed all g10_ prefixed functions which had wrappers
to gcry_xxx. So we now use the exported memory functions inernally.
Renamed all g10_ prefixed functions to _gcry_ prefixed ones.
* g10lib.h (_GCRYPT_IN_LIBGCRYPT): Replace defintion by a test on it.
2001-05-28 Werner Koch <wk@gnupg.org>
* libgcrypt.m4: Check GCRYPT_VERSION macro and not LIBGCRYPT_VERSION.
* mpi.h: Removed mpi_fromstr prototype.
2001-01-11 Werner Koch <wk@gnupg.org>
* Makefile.am (libgcrypt_la_SOURCES): Add mpi.h
2000-12-19 Werner Koch <wk@gnupg.org>
* types.h: Moved from ../include to here.
Major change:
Removed all GnuPG stuff and renamed this piece of software
to gcrypt.
2000-11-14 Werner Koch <wk@gnupg.org>
* mpi.h: Moved to ../mpi.
* Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
problems.
2000-10-11 Werner Koch <wk@gnupg.org>
* mpi.h: Changed the way mpi_limb_t is defined.
2000-10-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Take version-info from configure.
2000-10-09 Werner Koch <wk@gnupg.org>
* gcrypt.h: New cipher mode, new algo Arcfour and new error code
GCRYERR_INV_CIPHER_MODE.
* global.c (gcry_strerror): New errorcode.
Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>
* gcrypt.h (gcry_md_setkey): Replaced macro by function prototype.
Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>
* gcrypt.h (GCRYCTL_GET_ALGO_USAGE): New.
* secmem.c (secmem_realloc): check for failed secmem_malloc. By
Matt Kraai.
Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>
* sexp.c: Removed the datalen fields from list tags.
(gcry_sexp_car_data,gcry_sexp_cdr_data,gcry_sexp_car_mpi,
gcry_sexp_cdr_mpi): Removed.
(gcry_sexp_nth,gcry_sexp_nth_data,gcry_sexp_nth_mpi): New.
Fri Jul 28 18:19:11 CEST 2000 Werner Koch <wk@openit.de>
* sexp.c (sexp_sscan): Fixed reallocation to secure memory.
(new_empty_list): Removed
(gcry_sexp_length): New.
(gcry_sexp_enum): Removed.
(normalize): New. Reworked the whole thing to use NULL for an empty list.
(make_space): New instead of the macro.
Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>
* sexp.c: Major rewrite.
(gcry_sexp_sscan): Reordered arguments. Moved functionality to ..
(sexp_sscan): .. this.
(gcry_sexp_build): New.
(gcry_sexp_new_name_mpi, gcry_sexp_new_name_data, gcry_sexp_new_data,
gcry_sexp_new_mpi): Removed.
Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>
* gcrypt.h (gcry_md_start_debug, gcry_md_stop_debug): New.
(gcry_ctl_cmds): New control values
* sexp.c (gcry_sexp_sscan): Add hex format parsing.
* secmem.c (lock_pool): Check for ENOSYS return my mlock() on old SCOs.
(pool_is_mmapped): Made volatile.
(lock_pool): No more warning for QNX. By Sam Roberts.
(lock_pool,secmem_init): Additional check for dropped privs.
2000-03-21 09:18:48 Werner Koch (wk@habibti.gnupg.de)
* gcrypt.h (gcry_md_setkey): New.
(GCRY_MD_FLAG_HMAC): New.
Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>
* Makefile.am: Add g10lib.h
Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>
* sexp.c (gcry_sexp_sscan): Allow NULL for erroff.
Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>
* sexp.c (gcry_sexp_alist): New.
Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
* secmem.c: Moved from ../util to here.
* secmem.h: New.
* stdmem.c: New. Based on the old ../util/memory.c.
* stdmem.h: New.
Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>
* gcrypt.m4: New.
* gcrypt-config: New.
* mpi.h (mpi_get_nbit_info): Removed
(mpi_set_nbit_info): Removed.
(struct gcry_mpi): Removed the nbits field.
* misc.c (g10_log_verbosity): New.
* global.c (g10_xstrdup): New.
* mpiapi.c: Removed.
* mpi.h: Moved from ../include to here. Removed some obsolete
prototypes and the iobuf.h header.
* cipher.h: Moved from ../include to here. Removed the mpi.h header.
* g10lib.h: Moved from ../include to here.
Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
* sexp.c (dump_string): New. Taken from gnupg/util/miscutil.c.
(do_dump_list): s/print_string/dump_string/.
* testapi.c: New.
* mpiapi.c (gcry_mpi_randomize): Use new random API.
Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
* gloabl.c (gcry_control): Add cases for dumping random
and secmem stats.
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* pkapi.c: Removed.
* symapi.c: Removed.
* g10lib.h: Moved to ../include.
* mdapi.c: Removed.
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* sexp.c: New.
Tue Dec 8 13:15:16 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
* gcrypt.h: New
* mpiapi.c: New
Copyright (C) 1998,1999,2000,2001,2002,2003
2004, 2005, 2008, 2009, 2011 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/g10lib.h b/src/g10lib.h
index 60773fd8..28c5e936 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -1,364 +1,364 @@
/* g10lib.h - Internal definitions for libgcrypt
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
- * 2007 Free Software Foundation, Inc.
+ * 2007, 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* This header is to be used inside of libgcrypt in place of gcrypt.h.
This way we can better distinguish between internal and external
usage of gcrypt.h. */
#ifndef G10LIB_H
#define G10LIB_H 1
#ifdef _GCRYPT_H
#error gcrypt.h already included
#endif
#ifndef _GCRYPT_IN_LIBGCRYPT
#error something is wrong with config.h
#endif
#include <stdio.h>
#include <stdarg.h>
#include "visibility.h"
#include "types.h"
/* Attribute handling macros. */
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
#define JNLIB_GCC_M_FUNCTION 1
#define JNLIB_GCC_A_NR __attribute__ ((noreturn))
#define JNLIB_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
#define JNLIB_GCC_A_NR_PRINTF( f, a ) \
__attribute__ ((noreturn, format (printf,f,a)))
#define GCC_ATTR_NORETURN __attribute__ ((__noreturn__))
#else
#define JNLIB_GCC_A_NR
#define JNLIB_GCC_A_PRINTF( f, a )
#define JNLIB_GCC_A_NR_PRINTF( f, a )
#define GCC_ATTR_NORETURN
#endif
#if __GNUC__ >= 3
/* According to glibc this attribute is available since 2.8 however we
better play safe and use it only with gcc 3 or newer. */
#define GCC_ATTR_FORMAT_ARG(a) __attribute__ ((format_arg (a)))
#else
#define GCC_ATTR_FORMAT_ARG(a)
#endif
/* Gettext macros. */
#define _(a) _gcry_gettext(a)
#define N_(a) (a)
/* Some handy macros */
#ifndef STR
#define STR(v) #v
#endif
#define STR2(v) STR(v)
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
#define DIMof(type,member) DIM(((type *)0)->member)
/*-- src/global.c -*/
int _gcry_global_is_operational (void);
gcry_error_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
void _gcry_check_heap (const void *a);
int _gcry_get_debug_flag (unsigned int mask);
/*-- src/misc.c --*/
#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
void _gcry_bug (const char *file, int line,
const char *func) GCC_ATTR_NORETURN;
void _gcry_assert_failed (const char *expr, const char *file, int line,
const char *func) GCC_ATTR_NORETURN;
#else
void _gcry_bug (const char *file, int line);
void _gcry_assert_failed (const char *expr, const char *file, int line);
#endif
const char *_gcry_gettext (const char *key) GCC_ATTR_FORMAT_ARG(1);
void _gcry_fatal_error(int rc, const char *text ) JNLIB_GCC_A_NR;
void _gcry_log( int level, const char *fmt, ... ) JNLIB_GCC_A_PRINTF(2,3);
void _gcry_log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
void _gcry_log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
void _gcry_log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
int _gcry_log_info_with_dummy_fp (FILE *fp, const char *fmt, ... )
JNLIB_GCC_A_PRINTF(2,3);
void _gcry_log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_printf ( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_printhex (const char *text, const void *buffer, size_t length);
void _gcry_set_log_verbosity( int level );
int _gcry_log_verbosity( int level );
#ifdef JNLIB_GCC_M_FUNCTION
#define BUG() _gcry_bug( __FILE__ , __LINE__, __FUNCTION__ )
#define gcry_assert(expr) ((expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __FUNCTION__))
#elif __STDC_VERSION__ >= 199901L
#define BUG() _gcry_bug( __FILE__ , __LINE__, __func__ )
#define gcry_assert(expr) ((expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __func__))
#else
#define BUG() _gcry_bug( __FILE__ , __LINE__ )
#define gcry_assert(expr) ((expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__))
#endif
#define log_bug _gcry_log_bug
#define log_fatal _gcry_log_fatal
#define log_error _gcry_log_error
#define log_info _gcry_log_info
#define log_debug _gcry_log_debug
#define log_printf _gcry_log_printf
#define log_printhex _gcry_log_printhex
/*-- src/hwfeatures.c --*/
/* (Do not change these values unless synced with the asm code.) */
#define HWF_PADLOCK_RNG 1
#define HWF_PADLOCK_AES 2
#define HWF_PADLOCK_SHA 4
#define HWF_PADLOCK_MMUL 8
-#define HWF_INTEL_AES 256
+#define HWF_INTEL_AESNI 256
unsigned int _gcry_get_hw_features (void);
void _gcry_detect_hw_features (void);
/*-- mpi/mpiutil.c --*/
const char *_gcry_mpi_get_hw_config (void);
/*-- cipher/pubkey.c --*/
/* FIXME: shouldn't this go into mpi.h? */
#ifndef mpi_powm
#define mpi_powm(w,b,e,m) gcry_mpi_powm( (w), (b), (e), (m) )
#endif
/*-- primegen.c --*/
gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits,
gcry_random_level_t random_level,
int (*extra_check)(void*, gcry_mpi_t),
void *extra_check_arg);
gcry_mpi_t _gcry_generate_public_prime (unsigned int nbits,
gcry_random_level_t random_level,
int (*extra_check)(void*, gcry_mpi_t),
void *extra_check_arg);
gcry_mpi_t _gcry_generate_elg_prime (int mode,
unsigned int pbits, unsigned int qbits,
gcry_mpi_t g, gcry_mpi_t **factors);
gcry_mpi_t _gcry_derive_x931_prime (const gcry_mpi_t xp,
const gcry_mpi_t xp1, const gcry_mpi_t xp2,
const gcry_mpi_t e,
gcry_mpi_t *r_p1, gcry_mpi_t *r_p2);
gpg_err_code_t _gcry_generate_fips186_2_prime
(unsigned int pbits, unsigned int qbits,
const void *seed, size_t seedlen,
gcry_mpi_t *r_q, gcry_mpi_t *r_p,
int *r_counter,
void **r_seed, size_t *r_seedlen);
gpg_err_code_t _gcry_generate_fips186_3_prime
(unsigned int pbits, unsigned int qbits,
const void *seed, size_t seedlen,
gcry_mpi_t *r_q, gcry_mpi_t *r_p,
int *r_counter,
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
char *stpcpy (char *a, const char *b);
#endif
#ifndef HAVE_STRCASECMP
int strcasecmp (const char *a, const char *b) _GCRY_GCC_ATTR_PURE;
#endif
#include "../compat/libcompat.h"
/* Macros used to rename missing functions. */
#ifndef HAVE_STRTOUL
#define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c)))
#endif
#ifndef HAVE_MEMMOVE
#define memmove(d, s, n) bcopy((s), (d), (n))
#endif
#ifndef HAVE_STRICMP
#define stricmp(a,b) strcasecmp( (a), (b) )
#endif
#ifndef HAVE_ATEXIT
#define atexit(a) (on_exit((a),0))
#endif
#ifndef HAVE_RAISE
#define raise(a) kill(getpid(), (a))
#endif
/* Stack burning. */
void _gcry_burn_stack (int bytes);
/* To avoid that a compiler optimizes certain memset calls away, these
macros may be used instead. */
#define wipememory2(_ptr,_set,_len) do { \
volatile char *_vptr=(volatile char *)(_ptr); \
size_t _vlen=(_len); \
while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
} while(0)
#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
/* Digit predicates. */
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
#define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
#define alphap(a) ( (*(a) >= 'A' && *(a) <= 'Z') \
|| (*(a) >= 'a' && *(a) <= 'z'))
#define hexdigitp(a) (digitp (a) \
|| (*(a) >= 'A' && *(a) <= 'F') \
|| (*(a) >= 'a' && *(a) <= 'f'))
/* Management for ciphers/digests/pubkey-ciphers. */
/* Structure for each registered `module'. */
struct gcry_module
{
struct gcry_module *next; /* List pointers. */
struct gcry_module **prevp;
void *spec; /* Pointer to the subsystem-specific
specification structure. */
void *extraspec; /* Pointer to the subsystem-specific
extra specification structure. */
int flags; /* Associated flags. */
int counter; /* Use counter. */
unsigned int mod_id; /* ID of this module. */
};
/* Flags for the `flags' member of gcry_module_t. */
#define FLAG_MODULE_DISABLED (1 << 0)
gcry_err_code_t _gcry_module_add (gcry_module_t *entries,
unsigned int id,
void *spec,
void *extraspec,
gcry_module_t *module);
typedef int (*gcry_module_lookup_t) (void *spec, void *data);
/* Lookup a module specification by it's ID. After a successful
lookup, the module has it's resource counter incremented. */
gcry_module_t _gcry_module_lookup_id (gcry_module_t entries,
unsigned int id);
/* Internal function. Lookup a module specification. */
gcry_module_t _gcry_module_lookup (gcry_module_t entries, void *data,
gcry_module_lookup_t func);
/* Release a module. In case the use-counter reaches zero, destroy
the module. */
void _gcry_module_release (gcry_module_t entry);
/* Add a reference to a module. */
void _gcry_module_use (gcry_module_t module);
/* Return a list of module IDs. */
gcry_err_code_t _gcry_module_list (gcry_module_t modules,
int *list, int *list_length);
gcry_err_code_t _gcry_cipher_init (void);
gcry_err_code_t _gcry_md_init (void);
gcry_err_code_t _gcry_pk_init (void);
gcry_err_code_t _gcry_ac_init (void);
gcry_err_code_t _gcry_pk_module_lookup (int id, gcry_module_t *module);
void _gcry_pk_module_release (gcry_module_t module);
gcry_err_code_t _gcry_pk_get_elements (int algo, char **enc, char **sig);
/* Memory management. */
#define GCRY_ALLOC_FLAG_SECURE (1 << 0)
/*-- sexp.c --*/
gcry_error_t _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
const char *format, va_list arg_ptr);
char *_gcry_sexp_nth_string (const gcry_sexp_t list, int number);
/*-- fips.c --*/
void _gcry_initialize_fips_mode (int force);
int _gcry_fips_mode (void);
#define fips_mode() _gcry_fips_mode ()
int _gcry_enforced_fips_mode (void);
void _gcry_inactivate_fips_mode (const char *text);
int _gcry_is_fips_mode_inactive (void);
void _gcry_fips_signal_error (const char *srcfile,
int srcline,
const char *srcfunc,
int is_fatal,
const char *description);
#ifdef JNLIB_GCC_M_FUNCTION
# define fips_signal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 0, (a))
# define fips_signal_fatal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 1, (a))
#else
# define fips_signal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 0, (a))
# define fips_signal_fatal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
#endif
int _gcry_fips_is_operational (void);
#define fips_is_operational() (_gcry_global_is_operational ())
#define fips_not_operational() (GCRY_GPG_ERR_NOT_OPERATIONAL)
int _gcry_fips_test_operational (void);
int _gcry_fips_test_error_or_operational (void);
gpg_err_code_t _gcry_fips_run_selftests (int extended);
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
#endif /* G10LIB_H */
diff --git a/src/global.c b/src/global.c
index 096ac98c..35a2ca14 100644
--- a/src/global.c
+++ b/src/global.c
@@ -1,1072 +1,1072 @@
/* global.c - global control functions
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
* 2004, 2005, 2006, 2008 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <ctype.h>
#include <limits.h>
#include <errno.h>
#include <unistd.h>
#ifdef HAVE_SYSLOG
# include <syslog.h>
#endif /*HAVE_SYSLOG*/
#include "g10lib.h"
#include "cipher.h"
#include "stdmem.h" /* our own memory allocator */
#include "secmem.h" /* our own secmem allocator */
#include "ath.h"
/****************
* flag bits: 0 : general cipher debug
* 1 : general MPI debug
*/
static unsigned int debug_flags;
/* gcry_control (GCRYCTL_SET_FIPS_MODE), sets this flag so that the
initialization code switched fips mode on. */
static int force_fips_mode;
/* Controlled by global_init(). */
static int any_init_done;
/* Memory management. */
static gcry_handler_alloc_t alloc_func;
static gcry_handler_alloc_t alloc_secure_func;
static gcry_handler_secure_check_t is_secure_func;
static gcry_handler_realloc_t realloc_func;
static gcry_handler_free_t free_func;
static gcry_handler_no_mem_t outofcore_handler;
static void *outofcore_handler_value;
static int no_secure_memory;
/* This is our handmade constructor. It gets called by any function
likely to be called at startup. The suggested way for an
application to make sure that this has been called is by using
gcry_check_version. */
static void
global_init (void)
{
gcry_error_t err = 0;
if (any_init_done)
return;
any_init_done = 1;
/* Initialize our portable thread/mutex wrapper. */
err = ath_init ();
if (err)
goto fail;
/* See whether the system is in FIPS mode. This needs to come as
early as possible put after the ATH has been initialized. */
_gcry_initialize_fips_mode (force_fips_mode);
/* Before we do any other initialization we need to test available
hardware features. */
_gcry_detect_hw_features ();
err = _gcry_cipher_init ();
if (err)
goto fail;
err = _gcry_md_init ();
if (err)
goto fail;
err = _gcry_pk_init ();
if (err)
goto fail;
#if 0
/* Hmmm, as of now ac_init does nothing. */
if ( !fips_mode () )
{
err = _gcry_ac_init ();
if (err)
goto fail;
}
#endif
return;
fail:
BUG ();
}
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
initialization but at least in single-threaded mode it should work
reliable.
The reason we need this is that a lot of applications don't use
Libgcrypt properly by not running any initialization code at all.
They just call a Libgcrypt function and that is all what they want.
Now with the FIPS mode, that has the side effect of entering FIPS
mode (for security reasons, FIPS mode is the default if no
initialization has been done) and bailing out immediately because
the FSM is in the wrong state. If we always run the init code,
Libgcrypt can test for FIPS mode and at least if not in FIPS mode,
it will behave as before. Note that this on-the-fly initialization
is only done for the cryptographic functions subject to FIPS mode
and thus not all API calls will do such an initialization. */
int
_gcry_global_is_operational (void)
{
if (!any_init_done)
{
#ifdef HAVE_SYSLOG
syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
"missing initialization - please fix the application");
#endif /*HAVE_SYSLOG*/
global_init ();
}
return _gcry_fips_is_operational ();
}
/* Version number parsing. */
/* This function parses the first portion of the version number S and
stores it in *NUMBER. On success, this function returns a pointer
into S starting with the first character, which is not part of the
initial number portion; on failure, NULL is returned. */
static const char*
parse_version_number( const char *s, int *number )
{
int val = 0;
if( *s == '0' && isdigit(s[1]) )
return NULL; /* leading zeros are not allowed */
for ( ; isdigit(*s); s++ ) {
val *= 10;
val += *s - '0';
}
*number = val;
return val < 0? NULL : s;
}
/* This function breaks up the complete string-representation of the
version number S, which is of the following struture: <major
number>.<minor number>.<micro number><patch level>. The major,
minor and micro number components will be stored in *MAJOR, *MINOR
and *MICRO.
On success, the last component, the patch level, will be returned;
in failure, NULL will be returned. */
static const char *
parse_version_string( const char *s, int *major, int *minor, int *micro )
{
s = parse_version_number( s, major );
if( !s || *s != '.' )
return NULL;
s++;
s = parse_version_number( s, minor );
if( !s || *s != '.' )
return NULL;
s++;
s = parse_version_number( s, micro );
if( !s )
return NULL;
return s; /* patchlevel */
}
/* If REQ_VERSION is non-NULL, check that the version of the library
is at minimum the requested one. Returns the string representation
of the library version if the condition is satisfied; return NULL
if the requested version is newer than that of the library.
If a NULL is passed to this function, no check is done, but the
string representation of the library is simply returned. */
const char *
gcry_check_version( const char *req_version )
{
const char *ver = VERSION;
int my_major, my_minor, my_micro;
int rq_major, rq_minor, rq_micro;
const char *my_plvl, *rq_plvl;
/* Initialize library. */
global_init ();
if ( !req_version )
/* Caller wants our version number. */
return ver;
/* Parse own version number. */
my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro );
if ( !my_plvl )
/* very strange our own version is bogus. Shouldn't we use
assert() here and bail out in case this happens? -mo. */
return NULL;
/* Parse requested version number. */
rq_plvl = parse_version_string( req_version, &rq_major, &rq_minor,
&rq_micro );
if ( !rq_plvl )
/* req version string is invalid, this can happen. */
return NULL;
/* Compare version numbers. */
if ( my_major > rq_major
|| (my_major == rq_major && my_minor > rq_minor)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro > rq_micro)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro == rq_micro
&& strcmp( my_plvl, rq_plvl ) >= 0) ) {
return ver;
}
return NULL;
}
static void
print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp)
{
unsigned int hwf;
struct {
unsigned int flag;
const char *desc;
} hwflist[] = {
{ HWF_PADLOCK_RNG, "padlock-rng" },
{ HWF_PADLOCK_AES, "padlock-aes" },
{ HWF_PADLOCK_SHA, "padlock-sha" },
- { HWF_INTEL_AES, "intel-aes" },
+ { HWF_INTEL_AESNI, "intel-aesni" },
{ 0, NULL}
};
int i;
fnc (fp, "version:%s:\n", VERSION);
fnc (fp, "ciphers:%s:\n", LIBGCRYPT_CIPHERS);
fnc (fp, "pubkeys:%s:\n", LIBGCRYPT_PUBKEY_CIPHERS);
fnc (fp, "digests:%s:\n", LIBGCRYPT_DIGESTS);
fnc (fp, "rnd-mod:"
#if USE_RNDEGD
"egd:"
#endif
#if USE_RNDLINUX
"linux:"
#endif
#if USE_RNDUNIX
"unix:"
#endif
#if USE_RNDW32
"w32:"
#endif
"\n");
fnc (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ());
hwf = _gcry_get_hw_features ();
fnc (fp, "hwflist:");
for (i=0; hwflist[i].desc; i++)
if ( (hwf & hwflist[i].flag) )
fnc (fp, "%s:", hwflist[i].desc);
fnc (fp, "\n");
/* We use y/n instead of 1/0 for the simple reason that Emacsen's
compile error parser would accidently flag that line when printed
during "make check" as an error. */
fnc (fp, "fips-mode:%c:%c:\n",
fips_mode ()? 'y':'n',
_gcry_enforced_fips_mode ()? 'y':'n' );
}
/* Command dispatcher function, acting as general control
function. */
gcry_error_t
_gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
{
static int init_finished = 0;
gcry_err_code_t err = 0;
switch (cmd)
{
case GCRYCTL_ENABLE_M_GUARD:
_gcry_private_enable_m_guard ();
break;
case GCRYCTL_ENABLE_QUICK_RANDOM:
_gcry_enable_quick_random_gen ();
break;
case GCRYCTL_FAKED_RANDOM_P:
/* Return an error if the RNG is faked one (e.g. enabled by
ENABLE_QUICK_RANDOM. */
if (_gcry_random_is_faked ())
err = GPG_ERR_GENERAL; /* Use as TRUE value. */
break;
case GCRYCTL_DUMP_RANDOM_STATS:
_gcry_random_dump_stats ();
break;
case GCRYCTL_DUMP_MEMORY_STATS:
/*m_print_stats("[fixme: prefix]");*/
break;
case GCRYCTL_DUMP_SECMEM_STATS:
_gcry_secmem_dump_stats ();
break;
case GCRYCTL_DROP_PRIVS:
global_init ();
_gcry_secmem_init (0);
break;
case GCRYCTL_DISABLE_SECMEM:
global_init ();
no_secure_memory = 1;
break;
case GCRYCTL_INIT_SECMEM:
global_init ();
_gcry_secmem_init (va_arg (arg_ptr, unsigned int));
if ((_gcry_secmem_get_flags () & GCRY_SECMEM_FLAG_NOT_LOCKED))
err = GPG_ERR_GENERAL;
break;
case GCRYCTL_TERM_SECMEM:
global_init ();
_gcry_secmem_term ();
break;
case GCRYCTL_DISABLE_SECMEM_WARN:
_gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
| GCRY_SECMEM_FLAG_NO_WARNING));
break;
case GCRYCTL_SUSPEND_SECMEM_WARN:
_gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
| GCRY_SECMEM_FLAG_SUSPEND_WARNING));
break;
case GCRYCTL_RESUME_SECMEM_WARN:
_gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
& ~GCRY_SECMEM_FLAG_SUSPEND_WARNING));
break;
case GCRYCTL_USE_SECURE_RNDPOOL:
global_init ();
_gcry_secure_random_alloc (); /* Put random number into secure memory. */
break;
case GCRYCTL_SET_RANDOM_SEED_FILE:
_gcry_set_random_seed_file (va_arg (arg_ptr, const char *));
break;
case GCRYCTL_UPDATE_RANDOM_SEED_FILE:
if ( fips_is_operational () )
_gcry_update_random_seed_file ();
break;
case GCRYCTL_SET_VERBOSITY:
_gcry_set_log_verbosity (va_arg (arg_ptr, int));
break;
case GCRYCTL_SET_DEBUG_FLAGS:
debug_flags |= va_arg (arg_ptr, unsigned int);
break;
case GCRYCTL_CLEAR_DEBUG_FLAGS:
debug_flags &= ~va_arg (arg_ptr, unsigned int);
break;
case GCRYCTL_DISABLE_INTERNAL_LOCKING:
/* Not used anymore. */
global_init ();
break;
case GCRYCTL_ANY_INITIALIZATION_P:
if (any_init_done)
err = GPG_ERR_GENERAL;
break;
case GCRYCTL_INITIALIZATION_FINISHED_P:
if (init_finished)
err = GPG_ERR_GENERAL; /* Yes. */
break;
case GCRYCTL_INITIALIZATION_FINISHED:
/* This is a hook which should be used by an application after
all initialization has been done and right before any threads
are started. It is not really needed but the only way to be
really sure that all initialization for thread-safety has
been done. */
if (! init_finished)
{
global_init ();
/* Do only a basic random initialization, i.e. init the
mutexes. */
_gcry_random_initialize (0);
init_finished = 1;
/* Force us into operational state if in FIPS mode. */
(void)fips_is_operational ();
}
break;
case GCRYCTL_SET_THREAD_CBS:
err = ath_install (va_arg (arg_ptr, void *), any_init_done);
if (! err)
global_init ();
break;
case GCRYCTL_FAST_POLL:
/* We need to do make sure that the random pool is really
initialized so that the poll function is not a NOP. */
_gcry_random_initialize (1);
if ( fips_is_operational () )
_gcry_fast_random_poll ();
break;
case GCRYCTL_SET_RNDEGD_SOCKET:
#if USE_RNDEGD
err = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *));
#else
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
break;
case GCRYCTL_SET_RANDOM_DAEMON_SOCKET:
_gcry_set_random_daemon_socket (va_arg (arg_ptr, const char *));
break;
case GCRYCTL_USE_RANDOM_DAEMON:
/* We need to do make sure that the random pool is really
initialized so that the poll function is not a NOP. */
_gcry_random_initialize (1);
_gcry_use_random_daemon (!! va_arg (arg_ptr, int));
break;
/* This command dumps information pertaining to the
configuration of libgcrypt to the given stream. It may be
used before the initialization has been finished but not
before a gcry_version_check. */
case GCRYCTL_PRINT_CONFIG:
{
FILE *fp = va_arg (arg_ptr, FILE *);
print_config (fp?fprintf:_gcry_log_info_with_dummy_fp, fp);
}
break;
case GCRYCTL_OPERATIONAL_P:
/* Returns true if the library is in an operational state. This
is always true for non-fips mode. */
if (_gcry_fips_test_operational ())
err = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
&& !_gcry_is_fips_mode_inactive ()
&& !no_secure_memory)
err = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
case GCRYCTL_FORCE_FIPS_MODE:
/* Performing this command puts the library into fips mode. If
the library has already been initialized into fips mode, a
selftest is triggered. It is not possible to put the libraty
into fips mode after having passed the initialization. */
if (!any_init_done)
{
/* Not yet intialized at all. Set a flag so that we are put
into fips mode during initialization. */
force_fips_mode = 1;
}
else
{
/* Already initialized. If we are already operational we
run a selftest. If not we use the is_operational call to
force us into operational state if possible. */
if (_gcry_fips_test_error_or_operational ())
_gcry_fips_run_selftests (1);
if (_gcry_fips_is_operational ())
err = GPG_ERR_GENERAL; /* Used as TRUE value */
}
break;
case GCRYCTL_SELFTEST:
/* Run a selftest. This works in fips mode as well as in
standard mode. In contrast to the power-up tests, we use an
extended version of the selftests. Returns 0 on success or an
error code. */
global_init ();
err = _gcry_fips_run_selftests (1);
break;
case 58: /* Init external random test. */
{
void **rctx = va_arg (arg_ptr, void **);
unsigned int flags = va_arg (arg_ptr, unsigned int);
const void *key = va_arg (arg_ptr, const void *);
size_t keylen = va_arg (arg_ptr, size_t);
const void *seed = va_arg (arg_ptr, const void *);
size_t seedlen = va_arg (arg_ptr, size_t);
const void *dt = va_arg (arg_ptr, const void *);
size_t dtlen = va_arg (arg_ptr, size_t);
if (!fips_is_operational ())
err = fips_not_operational ();
else
err = _gcry_random_init_external_test (rctx, flags, key, keylen,
seed, seedlen, dt, dtlen);
}
break;
case 59: /* Run external random test. */
{
void *ctx = va_arg (arg_ptr, void *);
void *buffer = va_arg (arg_ptr, void *);
size_t buflen = va_arg (arg_ptr, size_t);
if (!fips_is_operational ())
err = fips_not_operational ();
else
err = _gcry_random_run_external_test (ctx, buffer, buflen);
}
break;
case 60: /* Deinit external random test. */
{
void *ctx = va_arg (arg_ptr, void *);
_gcry_random_deinit_external_test (ctx);
}
break;
default:
/* A call to make sure that the dummy code is linked in. */
_gcry_compat_identification ();
err = GPG_ERR_INV_OP;
}
return gcry_error (err);
}
/* Command dispatcher function, acting as general control
function. */
gcry_error_t
gcry_control (enum gcry_ctl_cmds cmd, ...)
{
gcry_error_t err;
va_list arg_ptr;
va_start (arg_ptr, cmd);
err = _gcry_vcontrol (cmd, arg_ptr);
va_end(arg_ptr);
return err;
}
/* Return a pointer to a string containing a description of the error
code in the error value ERR. */
const char *
gcry_strerror (gcry_error_t err)
{
return gpg_strerror (err);
}
/* Return a pointer to a string containing a description of the error
source in the error value ERR. */
const char *
gcry_strsource (gcry_error_t err)
{
return gpg_strsource (err);
}
/* Retrieve the error code for the system error ERR. This returns
GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
this). */
gcry_err_code_t
gcry_err_code_from_errno (int err)
{
return gpg_err_code_from_errno (err);
}
/* Retrieve the system error for the error code CODE. This returns 0
if CODE is not a system error code. */
int
gcry_err_code_to_errno (gcry_err_code_t code)
{
return gpg_err_code_from_errno (code);
}
/* Return an error value with the error source SOURCE and the system
error ERR. */
gcry_error_t
gcry_err_make_from_errno (gpg_err_source_t source, int err)
{
return gpg_err_make_from_errno (source, err);
}
/* Return an error value with the system error ERR. */
gcry_err_code_t
gcry_error_from_errno (int err)
{
return gcry_error (gpg_err_code_from_errno (err));
}
/* Set custom allocation handlers. This is in general not useful
* because the libgcrypt allocation functions are guaranteed to
* provide proper allocation handlers which zeroize memory if needed.
* NOTE: All 5 functions should be set. */
void
gcry_set_allocation_handler (gcry_handler_alloc_t new_alloc_func,
gcry_handler_alloc_t new_alloc_secure_func,
gcry_handler_secure_check_t new_is_secure_func,
gcry_handler_realloc_t new_realloc_func,
gcry_handler_free_t new_free_func)
{
global_init ();
if (fips_mode ())
{
/* We do not want to enforce the fips mode, but merely set a
flag so that the application may check whether it is still in
fips mode. */
_gcry_inactivate_fips_mode ("custom allocation handler");
}
alloc_func = new_alloc_func;
alloc_secure_func = new_alloc_secure_func;
is_secure_func = new_is_secure_func;
realloc_func = new_realloc_func;
free_func = new_free_func;
}
/****************
* Set an optional handler which is called in case the xmalloc functions
* ran out of memory. This handler may do one of these things:
* o free some memory and return true, so that the xmalloc function
* tries again.
* o Do whatever it like and return false, so that the xmalloc functions
* use the default fatal error handler.
* o Terminate the program and don't return.
*
* The handler function is called with 3 arguments: The opaque value set with
* this function, the requested memory size, and a flag with these bits
* currently defined:
* bit 0 set = secure memory has been requested.
*/
void
gcry_set_outofcore_handler( int (*f)( void*, size_t, unsigned int ),
void *value )
{
global_init ();
if (fips_mode () )
{
log_info ("out of core handler ignored in FIPS mode\n");
return;
}
outofcore_handler = f;
outofcore_handler_value = value;
}
/* Return the no_secure_memory flag. */
static int
get_no_secure_memory (void)
{
if (!no_secure_memory)
return 0;
if (_gcry_enforced_fips_mode ())
{
no_secure_memory = 0;
return 0;
}
return no_secure_memory;
}
static gcry_err_code_t
do_malloc (size_t n, unsigned int flags, void **mem)
{
gcry_err_code_t err = 0;
void *m;
if ((flags & GCRY_ALLOC_FLAG_SECURE) && !get_no_secure_memory ())
{
if (alloc_secure_func)
m = (*alloc_secure_func) (n);
else
m = _gcry_private_malloc_secure (n);
}
else
{
if (alloc_func)
m = (*alloc_func) (n);
else
m = _gcry_private_malloc (n);
}
if (!m)
{
/* Make sure that ERRNO has been set in case a user supplied
memory handler didn't it correctly. */
if (!errno)
gpg_err_set_errno (ENOMEM);
err = gpg_err_code_from_errno (errno);
}
else
*mem = m;
return err;
}
void *
gcry_malloc (size_t n)
{
void *mem = NULL;
do_malloc (n, 0, &mem);
return mem;
}
void *
gcry_malloc_secure (size_t n)
{
void *mem = NULL;
do_malloc (n, GCRY_ALLOC_FLAG_SECURE, &mem);
return mem;
}
int
gcry_is_secure (const void *a)
{
if (get_no_secure_memory ())
return 0;
if (is_secure_func)
return is_secure_func (a) ;
return _gcry_private_is_secure (a);
}
void
_gcry_check_heap( const void *a )
{
(void)a;
/* FIXME: implement this*/
#if 0
if( some_handler )
some_handler(a)
else
_gcry_private_check_heap(a)
#endif
}
void *
gcry_realloc (void *a, size_t n)
{
void *p;
if (realloc_func)
p = realloc_func (a, n);
else
p = _gcry_private_realloc (a, n);
if (!p && !errno)
gpg_err_set_errno (ENOMEM);
return p;
}
void
gcry_free (void *p)
{
int save_errno;
if (!p)
return;
/* In case ERRNO is set we better save it so that the free machinery
may not accidently change ERRNO. We restore it only if it was
already set to comply with the usual C semantic for ERRNO. */
save_errno = errno;
if (free_func)
free_func (p);
else
_gcry_private_free (p);
if (save_errno)
gpg_err_set_errno (save_errno);
}
void *
gcry_calloc (size_t n, size_t m)
{
size_t bytes;
void *p;
bytes = n * m; /* size_t is unsigned so the behavior on overflow is
defined. */
if (m && bytes / m != n)
{
gpg_err_set_errno (ENOMEM);
return NULL;
}
p = gcry_malloc (bytes);
if (p)
memset (p, 0, bytes);
return p;
}
void *
gcry_calloc_secure (size_t n, size_t m)
{
size_t bytes;
void *p;
bytes = n * m; /* size_t is unsigned so the behavior on overflow is
defined. */
if (m && bytes / m != n)
{
gpg_err_set_errno (ENOMEM);
return NULL;
}
p = gcry_malloc_secure (bytes);
if (p)
memset (p, 0, bytes);
return p;
}
/* Create and return a copy of the null-terminated string STRING. If
it is contained in secure memory, the copy will be contained in
secure memory as well. In an out-of-memory condition, NULL is
returned. */
char *
gcry_strdup (const char *string)
{
char *string_cp = NULL;
size_t string_n = 0;
string_n = strlen (string);
if (gcry_is_secure (string))
string_cp = gcry_malloc_secure (string_n + 1);
else
string_cp = gcry_malloc (string_n + 1);
if (string_cp)
strcpy (string_cp, string);
return string_cp;
}
void *
gcry_xmalloc( size_t n )
{
void *p;
while ( !(p = gcry_malloc( n )) )
{
if ( fips_mode ()
|| !outofcore_handler
|| !outofcore_handler (outofcore_handler_value, n, 0) )
{
_gcry_fatal_error (gpg_err_code_from_errno (errno), NULL);
}
}
return p;
}
void *
gcry_xrealloc( void *a, size_t n )
{
void *p;
while ( !(p = gcry_realloc( a, n )) )
{
if ( fips_mode ()
|| !outofcore_handler
|| !outofcore_handler (outofcore_handler_value, n,
gcry_is_secure(a)? 3:2 ) )
{
_gcry_fatal_error (gpg_err_code_from_errno (errno), NULL );
}
}
return p;
}
void *
gcry_xmalloc_secure( size_t n )
{
void *p;
while ( !(p = gcry_malloc_secure( n )) )
{
if ( fips_mode ()
|| !outofcore_handler
|| !outofcore_handler (outofcore_handler_value, n, 1) )
{
_gcry_fatal_error (gpg_err_code_from_errno (errno),
_("out of core in secure memory"));
}
}
return p;
}
void *
gcry_xcalloc( size_t n, size_t m )
{
size_t nbytes;
void *p;
nbytes = n * m;
if (m && nbytes / m != n)
{
gpg_err_set_errno (ENOMEM);
_gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
}
p = gcry_xmalloc ( nbytes );
memset ( p, 0, nbytes );
return p;
}
void *
gcry_xcalloc_secure( size_t n, size_t m )
{
size_t nbytes;
void *p;
nbytes = n * m;
if (m && nbytes / m != n)
{
gpg_err_set_errno (ENOMEM);
_gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
}
p = gcry_xmalloc_secure ( nbytes );
memset ( p, 0, nbytes );
return p;
}
char *
gcry_xstrdup (const char *string)
{
char *p;
while ( !(p = gcry_strdup (string)) )
{
size_t n = strlen (string);
int is_sec = !!gcry_is_secure (string);
if (fips_mode ()
|| !outofcore_handler
|| !outofcore_handler (outofcore_handler_value, n, is_sec) )
{
_gcry_fatal_error (gpg_err_code_from_errno (errno),
is_sec? _("out of core in secure memory"):NULL);
}
}
return p;
}
int
_gcry_get_debug_flag (unsigned int mask)
{
if ( fips_mode () )
return 0;
return (debug_flags & mask);
}
/* It is often useful to get some feedback of long running operations.
This function may be used to register a handler for this.
The callback function CB is used as:
void cb (void *opaque, const char *what, int printchar,
int current, int total);
Where WHAT is a string identifying the the type of the progress
output, PRINTCHAR the character usually printed, CURRENT the amount
of progress currently done and TOTAL the expected amount of
progress. A value of 0 for TOTAL indicates that there is no
estimation available.
Defined values for WHAT:
"need_entropy" X 0 number-of-bytes-required
When running low on entropy
"primegen" '\n' 0 0
Prime generated
'!'
Need to refresh the prime pool
'<','>'
Number of bits adjusted
'^'
Looking for a generator
'.'
Fermat tests on 10 candidates failed
':'
Restart with a new random value
'+'
Rabin Miller test passed
"pk_elg" '+','-','.','\n' 0 0
Only used in debugging mode.
"pk_dsa"
Only used in debugging mode.
*/
void
gcry_set_progress_handler (void (*cb)(void *,const char*,int, int, int),
void *cb_data)
{
#if USE_DSA
_gcry_register_pk_dsa_progress (cb, cb_data);
#endif
#if USE_ELGAMAL
_gcry_register_pk_elg_progress (cb, cb_data);
#endif
_gcry_register_primegen_progress (cb, cb_data);
_gcry_register_random_progress (cb, cb_data);
}
diff --git a/src/hwfeatures.c b/src/hwfeatures.c
index 99c9347e..5a0a8055 100644
--- a/src/hwfeatures.c
+++ b/src/hwfeatures.c
@@ -1,190 +1,190 @@
/* hwfeatures.c - Detect hardware features.
* Copyright (C) 2007 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include "g10lib.h"
/* A bit vector describing the hardware features currently
available. */
static unsigned int hw_features;
/* Return a bit vector describing the available hardware features.
The HWF_ constants are used to test for them. */
unsigned int
_gcry_get_hw_features (void)
{
return hw_features;
}
#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
static void
detect_ia32_gnuc (void)
{
/* The code here is only useful for the PadLock engine thus we don't
build it if that support has been disabled. */
int has_cpuid = 0;
char vendor_id[12+1];
/* Detect the CPUID feature by testing some undefined behaviour (16
vs 32 bit pushf/popf). */
asm volatile
("pushf\n\t" /* Copy flags to EAX. */
"popl %%eax\n\t"
"movl %%eax, %%ecx\n\t" /* Save flags into ECX. */
"xorl $0x200000, %%eax\n\t" /* Toggle ID bit and copy it to the flags. */
"pushl %%eax\n\t"
"popf\n\t"
"pushf\n\t" /* Copy changed flags again to EAX. */
"popl %%eax\n\t"
"pushl %%ecx\n\t" /* Restore flags from ECX. */
"popf\n\t"
"xorl %%eax, %%ecx\n\t" /* Compare flags against saved flags. */
"jz .Lno_cpuid%=\n\t" /* Toggling did not work, thus no CPUID. */
"movl $1, %0\n" /* Worked. true -> HAS_CPUID. */
".Lno_cpuid%=:\n\t"
: "+r" (has_cpuid)
:
: "%eax", "%ecx", "cc"
);
if (!has_cpuid)
return; /* No way. */
asm volatile
("pushl %%ebx\n\t" /* Save GOT register. */
"xorl %%eax, %%eax\n\t" /* 0 -> EAX. */
"cpuid\n\t" /* Get vendor ID. */
"movl %%ebx, (%0)\n\t" /* EBX,EDX,ECX -> VENDOR_ID. */
"movl %%edx, 4(%0)\n\t"
"movl %%ecx, 8(%0)\n\t"
"popl %%ebx\n"
:
: "S" (&vendor_id[0])
: "%eax", "%ecx", "%edx", "cc"
);
vendor_id[12] = 0;
if (0)
; /* Just to make "else if" and ifdef macros look pretty. */
#ifdef ENABLE_PADLOCK_SUPPORT
else if (!strcmp (vendor_id, "CentaurHauls"))
{
/* This is a VIA CPU. Check what PadLock features we have. */
asm volatile
("pushl %%ebx\n\t" /* Save GOT register. */
"movl $0xC0000000, %%eax\n\t" /* Check for extended centaur */
"cpuid\n\t" /* feature flags. */
"popl %%ebx\n\t" /* Restore GOT register. */
"cmpl $0xC0000001, %%eax\n\t"
"jb .Lready%=\n\t" /* EAX < 0xC0000000 => no padlock. */
"pushl %%ebx\n\t" /* Save GOT register. */
"movl $0xC0000001, %%eax\n\t" /* Ask for the extended */
"cpuid\n\t" /* feature flags. */
"popl %%ebx\n\t" /* Restore GOT register. */
"movl %%edx, %%eax\n\t" /* Take copy of feature flags. */
"andl $0x0C, %%eax\n\t" /* Test bits 2 and 3 to see whether */
"cmpl $0x0C, %%eax\n\t" /* the RNG exists and is enabled. */
"jnz .Lno_rng%=\n\t"
"orl $1, %0\n" /* Set our HWF_PADLOCK_RNG bit. */
".Lno_rng%=:\n\t"
"movl %%edx, %%eax\n\t" /* Take copy of feature flags. */
"andl $0xC0, %%eax\n\t" /* Test bits 6 and 7 to see whether */
"cmpl $0xC0, %%eax\n\t" /* the ACE exists and is enabled. */
"jnz .Lno_ace%=\n\t"
"orl $2, %0\n" /* Set our HWF_PADLOCK_AES bit. */
".Lno_ace%=:\n\t"
"movl %%edx, %%eax\n\t" /* Take copy of feature flags. */
"andl $0xC00, %%eax\n\t" /* Test bits 10, 11 to see whether */
"cmpl $0xC00, %%eax\n\t" /* the PHE exists and is enabled. */
"jnz .Lno_phe%=\n\t"
"orl $4, %0\n" /* Set our HWF_PADLOCK_SHA bit. */
".Lno_phe%=:\n\t"
"movl %%edx, %%eax\n\t" /* Take copy of feature flags. */
"andl $0x3000, %%eax\n\t" /* Test bits 12, 13 to see whether */
"cmpl $0x3000, %%eax\n\t" /* MONTMUL exists and is enabled. */
"jnz .Lready%=\n\t"
"orl $8, %0\n" /* Set our HWF_PADLOCK_MMUL bit. */
".Lready%=:\n"
: "+r" (hw_features)
:
: "%eax", "%edx", "cc"
);
}
#endif /*ENABLE_PADLOCK_SUPPORT*/
else if (!strcmp (vendor_id, "GenuineIntel"))
{
/* This is an Intel CPU. */
asm volatile
("pushl %%ebx\n\t" /* Save GOT register. */
"movl $1, %%eax\n\t" /* Get CPU info and feature flags. */
"cpuid\n"
"popl %%ebx\n\t" /* Restore GOT register. */
"cmpl $0x02000000, %%ecx\n\t" /* Test bit 25. */
- "jnz .Lno_aes%=\n\t" /* No AES support. */
+ "jz .Lno_aes%=\n\t" /* No AES support. */
"orl $256, %0\n" /* Set our HWF_INTEL_AES bit. */
".Lno_aes%=:\n"
: "+r" (hw_features)
:
: "%eax", "%ecx", "%edx", "cc"
);
}
else if (!strcmp (vendor_id, "AuthenticAMD"))
{
/* This is an AMD CPU. */
}
}
#endif /* __i386__ && SIZEOF_UNSIGNED_LONG == 4 && __GNUC__ */
/* Detect the available hardware features. This function is called
once right at startup and we assume that no other threads are
running. */
void
_gcry_detect_hw_features (void)
{
hw_features = 0;
if (fips_mode ())
return; /* Hardware support is not to be evaluated. */
#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4
#ifdef __GNUC__
detect_ia32_gnuc ();
#endif
#elif defined (__i386__) && SIZEOF_UNSIGNED_LONG == 8
#ifdef __GNUC__
#endif
#endif
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Feb 23, 7:37 PM (1 d, 9 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
50/3f/e136273ffe458389a184107e1b65
Attached To
rC libgcrypt
Event Timeline
Log In to Comment