diff --git a/random/rand-internal.h b/random/rand-internal.h
index d99c6671..34221569 100644
--- a/random/rand-internal.h
+++ b/random/rand-internal.h
@@ -1,148 +1,148 @@
/* rand-internal.h - header to glue the random functions
* Copyright (C) 1998, 2002 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
#ifndef G10_RAND_INTERNAL_H
#define G10_RAND_INTERNAL_H
#include "../src/cipher-proto.h"
/* Constants used to define the origin of random added to the pool.
The code is sensitive to the order of the values. */
enum random_origins
{
RANDOM_ORIGIN_INIT = 0, /* Used only for initialization. */
RANDOM_ORIGIN_EXTERNAL = 1, /* Added from an external source. */
RANDOM_ORIGIN_FASTPOLL = 2, /* Fast random poll function. */
RANDOM_ORIGIN_SLOWPOLL = 3, /* Slow poll function. */
RANDOM_ORIGIN_EXTRAPOLL = 4 /* Used to mark an extra pool seed
due to a GCRY_VERY_STRONG_RANDOM
random request. */
};
#define RANDOM_CONF_DISABLE_JENT 1
#define RANDOM_CONF_ONLY_URANDOM 2
/*-- random.c --*/
unsigned int _gcry_random_read_conf (void);
void _gcry_random_progress (const char *what, int printchar,
int current, int total);
/*-- random-csprng.c --*/
void _gcry_rngcsprng_initialize (int full);
void _gcry_rngcsprng_close_fds (void);
void _gcry_rngcsprng_dump_stats (void);
void _gcry_rngcsprng_secure_alloc (void);
void _gcry_rngcsprng_enable_quick_gen (void);
void _gcry_rngcsprng_set_daemon_socket (const char *socketname);
int _gcry_rngcsprng_use_daemon (int onoff);
int _gcry_rngcsprng_is_faked (void);
gcry_error_t _gcry_rngcsprng_add_bytes (const void *buf, size_t buflen,
int quality);
void *_gcry_rngcsprng_get_bytes (size_t nbytes,
enum gcry_random_level level);
void *_gcry_rngcsprng_get_bytes_secure (size_t nbytes,
enum gcry_random_level level);
void _gcry_rngcsprng_randomize (void *buffer, size_t length,
enum gcry_random_level level);
void _gcry_rngcsprng_set_seed_file (const char *name);
void _gcry_rngcsprng_update_seed_file (void);
void _gcry_rngcsprng_fast_poll (void);
/*-- random-drbg.c --*/
void _gcry_rngdrbg_inititialize (int full);
void _gcry_rngdrbg_close_fds (void);
void _gcry_rngdrbg_dump_stats (void);
int _gcry_rngdrbg_is_faked (void);
gcry_error_t _gcry_rngdrbg_add_bytes (const void *buf, size_t buflen,
int quality);
void _gcry_rngdrbg_randomize (void *buffer, size_t length,
enum gcry_random_level level);
gcry_error_t _gcry_rngdrbg_selftest (selftest_report_func_t report);
/*-- random-system.c --*/
void _gcry_rngsystem_initialize (int full);
void _gcry_rngsystem_close_fds (void);
void _gcry_rngsystem_dump_stats (void);
int _gcry_rngsystem_is_faked (void);
gcry_error_t _gcry_rngsystem_add_bytes (const void *buf, size_t buflen,
int quality);
void _gcry_rngsystem_randomize (void *buffer, size_t length,
enum gcry_random_level level);
/*-- rndlinux.c --*/
int _gcry_rndlinux_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
/*-- rndunix.c --*/
int _gcry_rndunix_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
/*-- rndegd.c --*/
int _gcry_rndegd_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
int _gcry_rndegd_connect_socket (int nofail);
/*-- rndw32.c --*/
int _gcry_rndw32_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
void _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin );
/*-- rndw32ce.c --*/
int _gcry_rndw32ce_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
void _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin );
/*-- rndjent.c --*/
size_t _gcry_rndjent_poll (void (*add)(const void*,
size_t, enum random_origins),
enum random_origins origin,
size_t length);
void _gcry_rndjent_dump_stats (void);
void _gcry_rndjent_fini (void);
/*-- rndhw.c --*/
int _gcry_rndhw_failed_p (void);
void _gcry_rndhw_poll_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin);
size_t _gcry_rndhw_poll_slow (void (*add)(const void*, size_t,
enum random_origins),
- enum random_origins origin);
+ enum random_origins origin, size_t req_length);
#endif /*G10_RAND_INTERNAL_H*/
diff --git a/random/rndhw.c b/random/rndhw.c
index 2829382c..3cf9acc3 100644
--- a/random/rndhw.c
+++ b/random/rndhw.c
@@ -1,221 +1,230 @@
/* rndhw.c - Access to the external random daemon
* Copyright (C) 2007 Free Software Foundation, Inc.
* Copyright (C) 2012 Dmitry Kasatkin
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
#include
#include
#include
#include "types.h"
#include "g10lib.h"
#include "rand-internal.h"
#undef USE_PADLOCK
#ifdef ENABLE_PADLOCK_SUPPORT
# ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
# if (defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)
# define USE_PADLOCK 1
# endif
# endif
#endif /*ENABLE_PADLOCK_SUPPORT*/
#undef USE_DRNG
#ifdef ENABLE_DRNG_SUPPORT
# ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
# if (defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)
# define USE_DRNG 1
# endif
# endif
#endif /*ENABLE_RDRAND_SUPPORT*/
typedef void (*add_fn_t)(const void*, size_t, enum random_origins);
/* Keep track on whether the RNG has problems. */
static volatile int rng_failed;
#ifdef USE_PADLOCK
static size_t
poll_padlock (void (*add)(const void*, size_t, enum random_origins),
enum random_origins origin, int fast)
{
volatile char buffer[64+8] __attribute__ ((aligned (8)));
volatile char *p;
unsigned int nbytes, status;
/* Peter Gutmann's cryptlib tests again whether the RNG is enabled
but we don't do so. We would have to do this also for our AES
implementation and that is definitely too time consuming. There
would be a race condition anyway. Thus we assume that the OS
does not change the Padlock initialization while a user process
is running. */
p = buffer;
nbytes = 0;
while (nbytes < 64)
{
#if defined(__x86_64__) && SIZEOF_VOID_P == 8
asm volatile
("movq %1, %%rdi\n\t" /* Set buffer. */
"xorq %%rdx, %%rdx\n\t" /* Request up to 8 bytes. */
".byte 0x0f, 0xa7, 0xc0\n\t" /* XSTORE RNG. */
: "=a" (status)
: "g" (p)
: "%rdx", "%rdi", "cc", "memory"
);
#else
asm volatile
("movl %1, %%edi\n\t" /* Set buffer. */
"xorl %%edx, %%edx\n\t" /* Request up to 8 bytes. */
".byte 0x0f, 0xa7, 0xc0\n\t" /* XSTORE RNG. */
: "=a" (status)
: "g" (p)
: "%edx", "%edi", "cc", "memory"
);
#endif
if ((status & (1<<6)) /* RNG still enabled. */
&& !(status & (1<<13)) /* von Neumann corrector is enabled. */
&& !(status & (1<<14)) /* String filter is disabled. */
&& !(status & 0x1c00) /* BIAS voltage at default. */
&& (!(status & 0x1f) || (status & 0x1f) == 8) /* Sanity check. */
)
{
nbytes += (status & 0x1f);
if (fast)
break; /* Don't get into the loop with the fast flag set. */
p += (status & 0x1f);
}
else
{
/* If there was an error we need to break the loop and
record that there is something wrong with the padlock
RNG. */
rng_failed = 1;
break;
}
}
if (nbytes)
{
(*add) ((void*)buffer, nbytes, origin);
wipememory (buffer, nbytes);
}
return nbytes;
}
#endif /*USE_PADLOCK*/
#ifdef USE_DRNG
# define RDRAND_RETRY_LOOPS 10
# define RDRAND_INT ".byte 0x0f,0xc7,0xf0"
# if defined(__x86_64__) && SIZEOF_UNSIGNED_LONG == 8
# define RDRAND_LONG ".byte 0x48,0x0f,0xc7,0xf0"
# else
# define RDRAND_LONG RDRAND_INT
# endif
static inline int
rdrand_long (volatile unsigned long *v)
{
int ok;
asm volatile ("1: " RDRAND_LONG "\n\t"
"jc 2f\n\t"
"decl %0\n\t"
"jnz 1b\n\t"
"2:"
: "=r" (ok), "=a" (*v)
: "0" (RDRAND_RETRY_LOOPS)
: "cc", "memory");
return ok;
}
static inline int
rdrand_nlong (volatile unsigned long *v, int count)
{
while (count--)
if (!rdrand_long(v++))
return 0;
return 1;
}
static size_t
poll_drng (add_fn_t add, enum random_origins origin, int fast)
{
volatile unsigned long buffer[8] __attribute__ ((aligned (8)));
unsigned int nbytes = sizeof (buffer);
(void)fast;
if (!rdrand_nlong (buffer, DIM(buffer)))
return 0;
(*add)((void *)buffer, nbytes, origin);
return nbytes;
}
#endif /*USE_DRNG*/
int
_gcry_rndhw_failed_p (void)
{
return rng_failed;
}
/* Try to read random from a hardware RNG if a fast one is
available. */
void
_gcry_rndhw_poll_fast (void (*add)(const void*, size_t, enum random_origins),
enum random_origins origin)
{
(void)add;
(void)origin;
#ifdef USE_DRNG
if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
poll_drng (add, origin, 1);
#endif
#ifdef USE_PADLOCK
if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG))
poll_padlock (add, origin, 1);
#endif
}
/* Read 64 bytes from a hardware RNG and return the number of bytes
- actually read. */
+ actually read. However hardware source is let account only
+ for up to 50% (or 25% for RDRAND) of the requested bytes. */
size_t
_gcry_rndhw_poll_slow (void (*add)(const void*, size_t, enum random_origins),
- enum random_origins origin)
+ enum random_origins origin, size_t req_length)
{
size_t nbytes = 0;
(void)add;
(void)origin;
+ req_length /= 2; /* Up to 50%. */
+
#ifdef USE_DRNG
if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
- nbytes += poll_drng (add, origin, 0);
+ {
+ req_length /= 2; /* Up to 25%. */
+ nbytes += poll_drng (add, origin, 0);
+ }
#endif
#ifdef USE_PADLOCK
if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG))
nbytes += poll_padlock (add, origin, 0);
#endif
+ if (nbytes > req_length)
+ nbytes = req_length;
+
return nbytes;
}
diff --git a/random/rndlinux.c b/random/rndlinux.c
index 04e2a464..7cbf6ac2 100644
--- a/random/rndlinux.c
+++ b/random/rndlinux.c
@@ -1,365 +1,356 @@
/* rndlinux.c - raw random number for OSes with /dev/random
* Copyright (C) 1998, 2001, 2002, 2003, 2007,
* 2009 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_GETTIMEOFDAY
# include
#endif
#include
#include
#include
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
#ifdef HAVE_SYSCALL
# include
# ifdef __NR_getrandom
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
# endif
#endif
#endif
#include "types.h"
#include "g10lib.h"
#include "rand-internal.h"
static int open_device (const char *name, int retry);
static int
set_cloexec_flag (int fd)
{
int oldflags;
oldflags= fcntl (fd, F_GETFD, 0);
if (oldflags < 0)
return oldflags;
oldflags |= FD_CLOEXEC;
return fcntl (fd, F_SETFD, oldflags);
}
/*
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it
* exists)). If RETRY is true, the function does not terminate with
* a fatal error but retries until it is able to reopen the device.
*/
static int
open_device (const char *name, int retry)
{
int fd;
if (retry)
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
if (fd == -1 && retry)
{
struct timeval tv;
tv.tv_sec = 5;
tv.tv_usec = 0;
_gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec);
select (0, NULL, NULL, NULL, &tv);
goto again;
}
if (fd == -1)
log_fatal ("can't open %s: %s\n", name, strerror(errno) );
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
fd, strerror (errno));
/* We used to do the following check, however it turned out that this
is not portable since more OSes provide a random device which is
sometimes implemented as another device type.
struct stat sb;
if( fstat( fd, &sb ) )
log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
log_fatal("invalid random device!\n" );
*/
return fd;
}
/* Note that the caller needs to make sure that this function is only
* called by one thread at a time. The function returns 0 on success
* or true on failure (in which case the caller will signal a fatal
* error). This function should be entered only by one thread at a
* time. */
int
_gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level )
{
static int fd_urandom = -1;
static int fd_random = -1;
static int only_urandom = -1;
static unsigned char ever_opened;
static volatile pid_t my_pid; /* The volatile is there to make sure
* the compiler does not optimize the
* code away in case the getpid
* function is badly attributed. */
volatile pid_t apid;
int fd;
int n;
byte buffer[768];
size_t n_hw;
size_t want = length;
size_t last_so_far = 0;
int any_need_entropy = 0;
int delay;
/* On the first call read the conf file to check whether we want to
* use only urandom. */
if (only_urandom == -1)
{
my_pid = getpid ();
if ((_gcry_random_read_conf () & RANDOM_CONF_ONLY_URANDOM))
only_urandom = 1;
else
only_urandom = 0;
}
if (!add)
{
/* Special mode to close the descriptors. */
if (fd_random != -1)
{
close (fd_random);
fd_random = -1;
}
if (fd_urandom != -1)
{
close (fd_urandom);
fd_urandom = -1;
}
_gcry_rndjent_fini ();
return 0;
}
/* Detect a fork and close the devices so that we don't use the old
* file descriptors. Note that open_device will be called in retry
* mode if the devices was opened by the parent process. */
apid = getpid ();
if (my_pid != apid)
{
if (fd_random != -1)
{
close (fd_random);
fd_random = -1;
}
if (fd_urandom != -1)
{
close (fd_urandom);
fd_urandom = -1;
}
my_pid = apid;
}
- /* First read from a hardware source. However let it account only
- for up to 50% (or 25% for RDRAND) of the requested bytes. */
- n_hw = _gcry_rndhw_poll_slow (add, origin);
- if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
- {
- if (n_hw > length/4)
- n_hw = length/4;
- }
- else
- {
- if (n_hw > length/2)
- n_hw = length/2;
- }
+ /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
+ it account only for up to 50% (or 25% for RDRAND) of the requested
+ bytes. */
+ n_hw = _gcry_rndhw_poll_slow (add, origin, length);
if (length > 1)
length -= n_hw;
/* When using a blocking random generator try to get some entropy
* from the jitter based RNG. In this case we take up to 50% of the
* remaining requested bytes. */
if (level >= GCRY_VERY_STRONG_RANDOM)
{
n_hw = _gcry_rndjent_poll (add, origin, length/2);
if (n_hw > length/2)
n_hw = length/2;
if (length > 1)
length -= n_hw;
}
/* Open the requested device. The first time a device is to be
opened we fail with a fatal error if the device does not exists.
In case the device has ever been closed, further open requests
will however retry indefinitely. The rationale for this behaviour is
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
{
if (fd_random == -1)
{
fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
ever_opened |= 1;
}
fd = fd_random;
}
else
{
if (fd_urandom == -1)
{
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
ever_opened |= 2;
}
fd = fd_urandom;
}
/* Enter the read loop. */
delay = 0; /* Start with 0 seconds so that we do no block on the
first iteration and in turn call the progress function
before blocking. To give the OS a better chance to
return with something we will actually use 100ms. */
while (length)
{
fd_set rfds;
struct timeval tv;
int rc;
/* If we have a modern operating system, we first try to use the new
* getentropy function. That call guarantees that the kernel's
* RNG has been properly seeded before returning any data. This
* is different from /dev/urandom which may, due to its
* non-blocking semantics, return data even if the kernel has
* not been properly seeded. And it differs from /dev/random by never
* blocking once the kernel is seeded. */
#if defined(HAVE_GETENTROPY) || defined(__NR_getrandom)
{
long ret;
size_t nbytes;
do
{
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
if (nbytes > 256)
nbytes = 256;
_gcry_pre_syscall ();
ret = getentropy (buffer, nbytes);
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
if (ret == -1 && errno == ENOSYS)
; /* getentropy is not supported - fallback to pulling from fd. */
else
{ /* getentropy is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getentropy: %s\n",
strerror (errno));
#ifdef __NR_getrandom
else if (ret != nbytes)
log_fatal ("getentropy returned only"
" %ld of %zu requested bytes\n", ret, nbytes);
#endif
(*add)(buffer, nbytes, origin);
length -= nbytes;
continue; /* until LENGTH is zero. */
}
}
#endif
/* If we collected some bytes update the progress indicator. We
do this always and not just if the select timed out because
often just a few bytes are gathered within the timeout
period. */
if (any_need_entropy || last_so_far != (want - length) )
{
last_so_far = want - length;
_gcry_random_progress ("need_entropy", 'X',
(int)last_so_far, (int)want);
any_need_entropy = 1;
}
/* If the system has no limit on the number of file descriptors
and we encounter an fd which is larger than the fd_set size,
we don't use the select at all. The select code is only used
to emit progress messages. A better solution would be to
fall back to poll() if available. */
#ifdef FD_SETSIZE
if (fd < FD_SETSIZE)
#endif
{
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
tv.tv_sec = delay;
tv.tv_usec = delay? 0 : 100000;
_gcry_pre_syscall ();
rc = select (fd+1, &rfds, NULL, NULL, &tv);
_gcry_post_syscall ();
if (!rc)
{
any_need_entropy = 1;
delay = 3; /* Use 3 seconds henceforth. */
continue;
}
else if( rc == -1 )
{
log_error ("select() error: %s\n", strerror(errno));
if (!delay)
delay = 1; /* Use 1 second if we encounter an error before
we have ever blocked. */
continue;
}
}
do
{
size_t nbytes;
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
n = read (fd, buffer, nbytes);
if (n >= 0 && n > nbytes)
{
log_error("bogus read from random device (n=%d)\n", n );
n = nbytes;
}
}
while (n == -1 && errno == EINTR);
if (n == -1)
log_fatal("read error on random device: %s\n", strerror(errno));
(*add)(buffer, n, origin);
length -= n;
}
wipememory (buffer, sizeof buffer);
if (any_need_entropy)
_gcry_random_progress ("need_entropy", 'X', (int)want, (int)want);
return 0; /* success */
}
diff --git a/src/g10lib.h b/src/g10lib.h
index cba2e237..243997eb 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -1,493 +1,503 @@
/* g10lib.h - Internal definitions for libgcrypt
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
* 2007, 2011 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
/* This header is to be used inside of libgcrypt in place of gcrypt.h.
This way we can better distinguish between internal and external
usage of gcrypt.h. */
#ifndef G10LIB_H
#define G10LIB_H 1
#ifdef _GCRYPT_H
#error gcrypt.h already included
#endif
#ifndef _GCRYPT_IN_LIBGCRYPT
#error something is wrong with config.h
#endif
#include
#include
#include "visibility.h"
#include "types.h"
�
/* Attribute handling macros. */
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
#define JNLIB_GCC_M_FUNCTION 1
#define JNLIB_GCC_A_NR __attribute__ ((noreturn))
#define JNLIB_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
#define JNLIB_GCC_A_NR_PRINTF( f, a ) \
__attribute__ ((noreturn, format (printf,f,a)))
#define GCC_ATTR_NORETURN __attribute__ ((__noreturn__))
#else
#define JNLIB_GCC_A_NR
#define JNLIB_GCC_A_PRINTF( f, a )
#define JNLIB_GCC_A_NR_PRINTF( f, a )
#define GCC_ATTR_NORETURN
#endif
#if __GNUC__ >= 3
/* According to glibc this attribute is available since 2.8 however we
better play safe and use it only with gcc 3 or newer. */
#define GCC_ATTR_FORMAT_ARG(a) __attribute__ ((format_arg (a)))
#else
#define GCC_ATTR_FORMAT_ARG(a)
#endif
/* I am not sure since when the unused attribute is really supported.
In any case it it only needed for gcc versions which print a
warning. Thus let us require gcc >= 3.5. */
#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 5 )
#define GCC_ATTR_UNUSED __attribute__ ((unused))
#else
#define GCC_ATTR_UNUSED
#endif
#if __GNUC__ > 3
#define NOINLINE_FUNC __attribute__((noinline))
#else
#define NOINLINE_FUNC
#endif
#if __GNUC__ >= 3
#define LIKELY(expr) __builtin_expect( !!(expr), 1 )
#define UNLIKELY(expr) __builtin_expect( !!(expr), 0 )
#define CONSTANT_P(expr) __builtin_constant_p( expr )
#else
#define LIKELY(expr) (!!(expr))
#define UNLIKELY(expr) (!!(expr))
#define CONSTANT_P(expr) (0)
#endif
/* Gettext macros. */
#define _(a) _gcry_gettext(a)
#define N_(a) (a)
/* Some handy macros */
#ifndef STR
#define STR(v) #v
#endif
#define STR2(v) STR(v)
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
#define DIMof(type,member) DIM(((type *)0)->member)
#define my_isascii(c) (!((c) & 0x80))
�
/*-- src/global.c -*/
extern int _gcry_global_any_init_done;
int _gcry_global_is_operational (void);
gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
void _gcry_check_heap (const void *a);
void _gcry_pre_syscall (void);
void _gcry_post_syscall (void);
int _gcry_get_debug_flag (unsigned int mask);
char *_gcry_get_config (int mode, const char *what);
/* Malloc functions and common wrapper macros. */
void *_gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_realloc (void *a, size_t n);
char *_gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
void *_gcry_xrealloc (void *a, size_t n);
char *_gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
void _gcry_free (void *a);
int _gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
#define xtrymalloc(a) _gcry_malloc ((a))
#define xtrycalloc(a,b) _gcry_calloc ((a),(b))
#define xtrymalloc_secure(a) _gcry_malloc_secure ((a))
#define xtrycalloc_secure(a,b) _gcry_calloc_secure ((a),(b))
#define xtryrealloc(a,b) _gcry_realloc ((a),(b))
#define xtrystrdup(a) _gcry_strdup ((a))
#define xmalloc(a) _gcry_xmalloc ((a))
#define xcalloc(a,b) _gcry_xcalloc ((a),(b))
#define xmalloc_secure(a) _gcry_xmalloc_secure ((a))
#define xcalloc_secure(a,b) _gcry_xcalloc_secure ((a),(b))
#define xrealloc(a,b) _gcry_xrealloc ((a),(b))
#define xstrdup(a) _gcry_xstrdup ((a))
#define xfree(a) _gcry_free ((a))
/*-- src/misc.c --*/
#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
void _gcry_bug (const char *file, int line,
const char *func) GCC_ATTR_NORETURN;
void _gcry_assert_failed (const char *expr, const char *file, int line,
const char *func) GCC_ATTR_NORETURN;
#else
void _gcry_bug (const char *file, int line);
void _gcry_assert_failed (const char *expr, const char *file, int line);
#endif
void _gcry_divide_by_zero (void) JNLIB_GCC_A_NR;
const char *_gcry_gettext (const char *key) GCC_ATTR_FORMAT_ARG(1);
void _gcry_fatal_error(int rc, const char *text ) JNLIB_GCC_A_NR;
void _gcry_logv (int level,
const char *fmt, va_list arg_ptr) JNLIB_GCC_A_PRINTF(2,0);
void _gcry_log( int level, const char *fmt, ... ) JNLIB_GCC_A_PRINTF(2,3);
void _gcry_log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
void _gcry_log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
void _gcry_log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_printf ( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
void _gcry_log_printhex (const char *text, const void *buffer, size_t length);
void _gcry_log_printmpi (const char *text, gcry_mpi_t mpi);
void _gcry_log_printsxp (const char *text, gcry_sexp_t sexp);
void _gcry_set_log_verbosity( int level );
int _gcry_log_verbosity( int level );
#ifdef JNLIB_GCC_M_FUNCTION
#define BUG() _gcry_bug( __FILE__ , __LINE__, __FUNCTION__ )
#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __FUNCTION__))
#elif __STDC_VERSION__ >= 199901L
#define BUG() _gcry_bug( __FILE__ , __LINE__, __func__ )
#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __func__))
#else
#define BUG() _gcry_bug( __FILE__ , __LINE__ )
#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
: _gcry_assert_failed (STR(expr), __FILE__, __LINE__))
#endif
#define log_bug _gcry_log_bug
#define log_fatal _gcry_log_fatal
#define log_error _gcry_log_error
#define log_info _gcry_log_info
#define log_debug _gcry_log_debug
#define log_printf _gcry_log_printf
#define log_printhex _gcry_log_printhex
#define log_printmpi _gcry_log_printmpi
#define log_printsxp _gcry_log_printsxp
/* Compatibility macro. */
#define log_mpidump _gcry_log_printmpi
/* Tokeninze STRING and return a malloced array. */
char **_gcry_strtokenize (const char *string, const char *delim);
/*-- src/hwfeatures.c --*/
+#if defined(HAVE_CPU_ARCH_X86)
+
#define HWF_PADLOCK_RNG (1 << 0)
#define HWF_PADLOCK_AES (1 << 1)
#define HWF_PADLOCK_SHA (1 << 2)
#define HWF_PADLOCK_MMUL (1 << 3)
#define HWF_INTEL_CPU (1 << 4)
#define HWF_INTEL_FAST_SHLD (1 << 5)
#define HWF_INTEL_BMI2 (1 << 6)
#define HWF_INTEL_SSSE3 (1 << 7)
#define HWF_INTEL_SSE4_1 (1 << 8)
#define HWF_INTEL_PCLMUL (1 << 9)
#define HWF_INTEL_AESNI (1 << 10)
#define HWF_INTEL_RDRAND (1 << 11)
#define HWF_INTEL_AVX (1 << 12)
#define HWF_INTEL_AVX2 (1 << 13)
#define HWF_INTEL_FAST_VPGATHER (1 << 14)
#define HWF_INTEL_RDTSC (1 << 15)
#define HWF_INTEL_SHAEXT (1 << 16)
-#define HWF_ARM_NEON (1 << 17)
-#define HWF_ARM_AES (1 << 18)
-#define HWF_ARM_SHA1 (1 << 19)
-#define HWF_ARM_SHA2 (1 << 20)
-#define HWF_ARM_PMULL (1 << 21)
+#elif defined(HAVE_CPU_ARCH_ARM)
+
+#define HWF_ARM_NEON (1 << 0)
+#define HWF_ARM_AES (1 << 1)
+#define HWF_ARM_SHA1 (1 << 2)
+#define HWF_ARM_SHA2 (1 << 3)
+#define HWF_ARM_PMULL (1 << 4)
+
+#elif defined(HAVE_CPU_ARCH_PPC)
-#define HWF_PPC_VCRYPTO (1 << 22)
-#define HWF_PPC_ARCH_3_00 (1 << 23)
-#define HWF_PPC_ARCH_2_07 (1 << 24)
+#define HWF_PPC_VCRYPTO (1 << 0)
+#define HWF_PPC_ARCH_3_00 (1 << 1)
+#define HWF_PPC_ARCH_2_07 (1 << 2)
-#define HWF_S390X_MSA (1 << 25)
-#define HWF_S390X_MSA_4 (1 << 26)
-#define HWF_S390X_MSA_8 (1 << 27)
-#define HWF_S390X_VX (1 << 28)
+#elif defined(HAVE_CPU_ARCH_S390X)
+
+#define HWF_S390X_MSA (1 << 0)
+#define HWF_S390X_MSA_4 (1 << 1)
+#define HWF_S390X_MSA_8 (1 << 2)
+#define HWF_S390X_VX (1 << 3)
+
+#endif
gpg_err_code_t _gcry_disable_hw_feature (const char *name);
void _gcry_detect_hw_features (void);
unsigned int _gcry_get_hw_features (void);
const char *_gcry_enum_hw_features (int idx, unsigned int *r_feature);
/*-- mpi/mpiutil.c --*/
const char *_gcry_mpi_get_hw_config (void);
/*-- cipher/pubkey.c --*/
/* FIXME: shouldn't this go into mpi.h? */
#ifndef mpi_powm
#define mpi_powm(w,b,e,m) gcry_mpi_powm( (w), (b), (e), (m) )
#endif
/*-- primegen.c --*/
gcry_err_code_t _gcry_primegen_init (void);
gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits,
gcry_random_level_t random_level,
int (*extra_check)(void*, gcry_mpi_t),
void *extra_check_arg);
gcry_mpi_t _gcry_generate_public_prime (unsigned int nbits,
gcry_random_level_t random_level,
int (*extra_check)(void*, gcry_mpi_t),
void *extra_check_arg);
gcry_err_code_t _gcry_generate_elg_prime (int mode,
unsigned int pbits,
unsigned int qbits,
gcry_mpi_t g,
gcry_mpi_t *r_prime,
gcry_mpi_t **factors);
gcry_mpi_t _gcry_derive_x931_prime (const gcry_mpi_t xp,
const gcry_mpi_t xp1, const gcry_mpi_t xp2,
const gcry_mpi_t e,
gcry_mpi_t *r_p1, gcry_mpi_t *r_p2);
gpg_err_code_t _gcry_generate_fips186_2_prime
(unsigned int pbits, unsigned int qbits,
const void *seed, size_t seedlen,
gcry_mpi_t *r_q, gcry_mpi_t *r_p,
int *r_counter,
void **r_seed, size_t *r_seedlen);
gpg_err_code_t _gcry_generate_fips186_3_prime
(unsigned int pbits, unsigned int qbits,
const void *seed, size_t seedlen,
gcry_mpi_t *r_q, gcry_mpi_t *r_p,
int *r_counter,
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
unsigned int bits);
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
char *stpcpy (char *a, const char *b);
#endif
#ifndef HAVE_STRCASECMP
int strcasecmp (const char *a, const char *b) _GCRY_GCC_ATTR_PURE;
#endif
#include "../compat/libcompat.h"
/* Macros used to rename missing functions. */
#ifndef HAVE_STRTOUL
#define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c)))
#endif
#ifndef HAVE_MEMMOVE
#define memmove(d, s, n) bcopy((s), (d), (n))
#endif
#ifndef HAVE_STRICMP
#define stricmp(a,b) strcasecmp( (a), (b) )
#endif
#ifndef HAVE_ATEXIT
#define atexit(a) (on_exit((a),0))
#endif
#ifndef HAVE_RAISE
#define raise(a) kill(getpid(), (a))
#endif
/* Stack burning. */
#ifdef HAVE_GCC_ASM_VOLATILE_MEMORY
#define __gcry_burn_stack_dummy() asm volatile ("":::"memory")
#else
void __gcry_burn_stack_dummy (void);
#endif
void __gcry_burn_stack (unsigned int bytes);
#define _gcry_burn_stack(bytes) \
do { __gcry_burn_stack (bytes); \
__gcry_burn_stack_dummy (); } while(0)
/* To avoid that a compiler optimizes certain memset calls away, these
macros may be used instead. For small constant length buffers,
memory wiping is inlined. For non-constant or large length buffers,
memory is wiped with memset through _gcry_fast_wipememory. */
#define wipememory2(_ptr,_set,_len) do { \
if (!CONSTANT_P(_len) || _len > 64) { \
if (CONSTANT_P(_set) && (_set) == 0) \
_gcry_fast_wipememory((void *)_ptr, _len); \
else \
_gcry_fast_wipememory2((void *)_ptr, _set, _len); \
} else {\
volatile char *_vptr = (volatile char *)(_ptr); \
size_t _vlen = (_len); \
const unsigned char _vset = (_set); \
fast_wipememory2(_vptr, _vset, _vlen); \
while(_vlen) { *_vptr = (_vset); _vptr++; _vlen--; } \
} \
} while(0)
#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
void _gcry_fast_wipememory(void *ptr, size_t len);
void _gcry_fast_wipememory2(void *ptr, int set, size_t len);
#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \
defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \
defined(HAVE_GCC_ATTRIBUTE_MAY_ALIAS)
typedef struct fast_wipememory_s
{
u64 a;
} __attribute__((packed, aligned(1), may_alias)) fast_wipememory_t;
/* fast_wipememory may leave tail bytes unhandled, in which case tail bytes
are handled by wipememory. */
# define fast_wipememory2(_vptr,_vset,_vlen) do { \
fast_wipememory_t _vset_long; \
if (_vlen < sizeof(fast_wipememory_t)) \
break; \
_vset_long.a = (_vset); \
_vset_long.a *= U64_C(0x0101010101010101); \
do { \
volatile fast_wipememory_t *_vptr_long = \
(volatile void *)_vptr; \
_vptr_long->a = _vset_long.a; \
_vlen -= sizeof(fast_wipememory_t); \
_vptr += sizeof(fast_wipememory_t); \
} while (_vlen >= sizeof(fast_wipememory_t)); \
} while (0)
#else
# define fast_wipememory2(_vptr,_vset,_vlen)
#endif
/* Digit predicates. */
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
#define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
#define alphap(a) ( (*(a) >= 'A' && *(a) <= 'Z') \
|| (*(a) >= 'a' && *(a) <= 'z'))
#define hexdigitp(a) (digitp (a) \
|| (*(a) >= 'A' && *(a) <= 'F') \
|| (*(a) >= 'a' && *(a) <= 'f'))
/* Init functions. */
gcry_err_code_t _gcry_cipher_init (void);
gcry_err_code_t _gcry_md_init (void);
gcry_err_code_t _gcry_mac_init (void);
gcry_err_code_t _gcry_pk_init (void);
gcry_err_code_t _gcry_secmem_module_init (void);
gcry_err_code_t _gcry_mpi_init (void);
/* Memory management. */
#define GCRY_ALLOC_FLAG_SECURE (1 << 0)
#define GCRY_ALLOC_FLAG_XHINT (1 << 1) /* Called from xmalloc. */
/*-- sexp.c --*/
gcry_err_code_t _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
const char *format, va_list arg_ptr);
char *_gcry_sexp_nth_string (const gcry_sexp_t list, int number);
gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
const char *list, va_list arg_ptr);
/*-- fips.c --*/
extern int _gcry_no_fips_mode_required;
void _gcry_initialize_fips_mode (int force);
/* This macro returns true if fips mode is enabled. This is
independent of the fips required finite state machine and only used
to enable fips specific code.
No locking is required because we have the requirement that this
variable is only initialized once with no other threads
existing. */
#define fips_mode() (!_gcry_no_fips_mode_required)
int _gcry_enforced_fips_mode (void);
void _gcry_set_enforced_fips_mode (void);
void _gcry_inactivate_fips_mode (const char *text);
int _gcry_is_fips_mode_inactive (void);
void _gcry_fips_signal_error (const char *srcfile,
int srcline,
const char *srcfunc,
int is_fatal,
const char *description);
#ifdef JNLIB_GCC_M_FUNCTION
# define fips_signal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 0, (a))
# define fips_signal_fatal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 1, (a))
#else
# define fips_signal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 0, (a))
# define fips_signal_fatal_error(a) \
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
#endif
int _gcry_fips_is_operational (void);
/* Return true if the library is in the operational state. */
#define fips_is_operational() \
(!_gcry_global_any_init_done ? \
_gcry_global_is_operational() : \
(!fips_mode () || _gcry_global_is_operational ()))
#define fips_not_operational() (GPG_ERR_NOT_OPERATIONAL)
int _gcry_fips_test_operational (void);
int _gcry_fips_test_error_or_operational (void);
gpg_err_code_t _gcry_fips_run_selftests (int extended);
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
#endif /* G10LIB_H */