1/* global.c - global control functions 2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 3 * 2004, 2005, 2006, 2008, 2011 Free Software Foundation, Inc. 4 * 5 * This file is part of Libgcrypt. 6 * 7 * Libgcrypt is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU Lesser general Public License as 9 * published by the Free Software Foundation; either version 2.1 of 10 * the License, or (at your option) any later version. 11 * 12 * Libgcrypt is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21#include <config.h> 22 23#include <stdio.h> 24#include <stdlib.h> 25#include <string.h> 26#include <stdarg.h> 27#include <ctype.h> 28#include <limits.h> 29#include <errno.h> 30#include <unistd.h> 31#ifdef HAVE_SYSLOG 32# include <syslog.h> 33#endif /*HAVE_SYSLOG*/ 34 35#include "g10lib.h" 36#include "cipher.h" 37#include "stdmem.h" /* our own memory allocator */ 38#include "secmem.h" /* our own secmem allocator */ 39#include "ath.h" 40 41 42 43/**************** 44 * flag bits: 0 : general cipher debug 45 * 1 : general MPI debug 46 */ 47static unsigned int debug_flags; 48 49/* gcry_control (GCRYCTL_SET_FIPS_MODE), sets this flag so that the 50 initialization code switched fips mode on. */ 51static int force_fips_mode; 52 53/* Controlled by global_init(). */ 54static int any_init_done; 55 56/* A table to map hardware features to a string. */ 57static struct 58{ 59 unsigned int flag; 60 const char *desc; 61} hwflist[] = 62 { 63 { HWF_PADLOCK_RNG, "padlock-rng" }, 64 { HWF_PADLOCK_AES, "padlock-aes" }, 65 { HWF_PADLOCK_SHA, "padlock-sha" }, 66 { HWF_PADLOCK_MMUL,"padlock-mmul"}, 67 { HWF_INTEL_AESNI, "intel-aesni" }, 68 { 0, NULL} 69 }; 70 71/* A bit vector with the hardware features which shall not be used. 72 This variable must be set prior to any initialization. */ 73static unsigned int disabled_hw_features; 74 75 76/* Memory management. */ 77 78static gcry_handler_alloc_t alloc_func; 79static gcry_handler_alloc_t alloc_secure_func; 80static gcry_handler_secure_check_t is_secure_func; 81static gcry_handler_realloc_t realloc_func; 82static gcry_handler_free_t free_func; 83static gcry_handler_no_mem_t outofcore_handler; 84static void *outofcore_handler_value; 85static int no_secure_memory; 86 87 88 89 90 91/* This is our handmade constructor. It gets called by any function 92 likely to be called at startup. The suggested way for an 93 application to make sure that this has been called is by using 94 gcry_check_version. */ 95static void 96global_init (void) 97{ 98 gcry_error_t err = 0; 99 100 if (any_init_done) 101 return; 102 any_init_done = 1; 103 104 /* Initialize our portable thread/mutex wrapper. */ 105 err = ath_init (); 106 if (err) 107 goto fail; 108 109 /* See whether the system is in FIPS mode. This needs to come as 110 early as possible put after the ATH has been initialized. */ 111 _gcry_initialize_fips_mode (force_fips_mode); 112 113 /* Before we do any other initialization we need to test available 114 hardware features. */ 115 _gcry_detect_hw_features (disabled_hw_features); 116 117 err = _gcry_cipher_init (); 118 if (err) 119 goto fail; 120 err = _gcry_md_init (); 121 if (err) 122 goto fail; 123 err = _gcry_pk_init (); 124 if (err) 125 goto fail; 126#if 0 127 /* Hmmm, as of now ac_init does nothing. */ 128 if ( !fips_mode () ) 129 { 130 err = _gcry_ac_init (); 131 if (err) 132 goto fail; 133 } 134#endif 135 136 return; 137 138 fail: 139 BUG (); 140} 141 142 143/* This function is called by the macro fips_is_operational and makes 144 sure that the minimal initialization has been done. This is far 145 from a perfect solution and hides problems with an improper 146 initialization but at least in single-threaded mode it should work 147 reliable. 148 149 The reason we need this is that a lot of applications don't use 150 Libgcrypt properly by not running any initialization code at all. 151 They just call a Libgcrypt function and that is all what they want. 152 Now with the FIPS mode, that has the side effect of entering FIPS 153 mode (for security reasons, FIPS mode is the default if no 154 initialization has been done) and bailing out immediately because 155 the FSM is in the wrong state. If we always run the init code, 156 Libgcrypt can test for FIPS mode and at least if not in FIPS mode, 157 it will behave as before. Note that this on-the-fly initialization 158 is only done for the cryptographic functions subject to FIPS mode 159 and thus not all API calls will do such an initialization. */ 160int 161_gcry_global_is_operational (void) 162{ 163 if (!any_init_done) 164 { 165#ifdef HAVE_SYSLOG 166 syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: " 167 "missing initialization - please fix the application"); 168#endif /*HAVE_SYSLOG*/ 169 global_init (); 170 } 171 return _gcry_fips_is_operational (); 172} 173 174 175 176 177/* Version number parsing. */ 178 179/* This function parses the first portion of the version number S and 180 stores it in *NUMBER. On success, this function returns a pointer 181 into S starting with the first character, which is not part of the 182 initial number portion; on failure, NULL is returned. */ 183static const char* 184parse_version_number( const char *s, int *number ) 185{ 186 int val = 0; 187 188 if( *s == '0' && isdigit(s[1]) ) 189 return NULL; /* leading zeros are not allowed */ 190 for ( ; isdigit(*s); s++ ) { 191 val *= 10; 192 val += *s - '0'; 193 } 194 *number = val; 195 return val < 0? NULL : s; 196} 197 198/* This function breaks up the complete string-representation of the 199 version number S, which is of the following struture: <major 200 number>.<minor number>.<micro number><patch level>. The major, 201 minor and micro number components will be stored in *MAJOR, *MINOR 202 and *MICRO. 203 204 On success, the last component, the patch level, will be returned; 205 in failure, NULL will be returned. */ 206 207static const char * 208parse_version_string( const char *s, int *major, int *minor, int *micro ) 209{ 210 s = parse_version_number( s, major ); 211 if( !s || *s != '.' ) 212 return NULL; 213 s++; 214 s = parse_version_number( s, minor ); 215 if( !s || *s != '.' ) 216 return NULL; 217 s++; 218 s = parse_version_number( s, micro ); 219 if( !s ) 220 return NULL; 221 return s; /* patchlevel */ 222} 223 224/* If REQ_VERSION is non-NULL, check that the version of the library 225 is at minimum the requested one. Returns the string representation 226 of the library version if the condition is satisfied; return NULL 227 if the requested version is newer than that of the library. 228 229 If a NULL is passed to this function, no check is done, but the 230 string representation of the library is simply returned. */ 231const char * 232gcry_check_version( const char *req_version ) 233{ 234 const char *ver = VERSION; 235 int my_major, my_minor, my_micro; 236 int rq_major, rq_minor, rq_micro; 237 const char *my_plvl; 238 239 if (req_version && req_version[0] == 1 && req_version[1] == 1) 240 return _gcry_compat_identification (); 241 242 /* Initialize library. */ 243 global_init (); 244 245 if ( !req_version ) 246 /* Caller wants our version number. */ 247 return ver; 248 249 /* Parse own version number. */ 250 my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro ); 251 if ( !my_plvl ) 252 /* very strange our own version is bogus. Shouldn't we use 253 assert() here and bail out in case this happens? -mo. */ 254 return NULL; 255 256 /* Parse requested version number. */ 257 if (!parse_version_string (req_version, &rq_major, &rq_minor, &rq_micro)) 258 return NULL; /* req version string is invalid, this can happen. */ 259 260 /* Compare version numbers. */ 261 if ( my_major > rq_major 262 || (my_major == rq_major && my_minor > rq_minor) 263 || (my_major == rq_major && my_minor == rq_minor && my_micro > rq_micro) 264 || (my_major == rq_major && my_minor == rq_minor 265 && my_micro == rq_micro)) 266 { 267 return ver; 268 } 269 270 return NULL; 271} 272 273 274static void 275print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) 276{ 277 unsigned int hwf; 278 int i; 279 280 fnc (fp, "version:%s:\n", VERSION); 281 fnc (fp, "ciphers:%s:\n", LIBGCRYPT_CIPHERS); 282 fnc (fp, "pubkeys:%s:\n", LIBGCRYPT_PUBKEY_CIPHERS); 283 fnc (fp, "digests:%s:\n", LIBGCRYPT_DIGESTS); 284 fnc (fp, "rnd-mod:" 285#if USE_RNDEGD 286 "egd:" 287#endif 288#if USE_RNDLINUX 289 "linux:" 290#endif 291#if USE_RNDUNIX 292 "unix:" 293#endif 294#if USE_RNDW32 295 "w32:" 296#endif 297 "\n"); 298 fnc (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); 299 hwf = _gcry_get_hw_features (); 300 fnc (fp, "hwflist:"); 301 for (i=0; hwflist[i].desc; i++) 302 if ( (hwf & hwflist[i].flag) ) 303 fnc (fp, "%s:", hwflist[i].desc); 304 fnc (fp, "\n"); 305 /* We use y/n instead of 1/0 for the simple reason that Emacsen's 306 compile error parser would accidently flag that line when printed 307 during "make check" as an error. */ 308 fnc (fp, "fips-mode:%c:%c:\n", 309 fips_mode ()? 'y':'n', 310 _gcry_enforced_fips_mode ()? 'y':'n' ); 311} 312 313 314 315 316/* Command dispatcher function, acting as general control 317 function. */ 318gcry_error_t 319_gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) 320{ 321 static int init_finished = 0; 322 gcry_err_code_t err = 0; 323 324 switch (cmd) 325 { 326 case GCRYCTL_ENABLE_M_GUARD: 327 _gcry_private_enable_m_guard (); 328 break; 329 330 case GCRYCTL_ENABLE_QUICK_RANDOM: 331 _gcry_enable_quick_random_gen (); 332 break; 333 334 case GCRYCTL_FAKED_RANDOM_P: 335 /* Return an error if the RNG is faked one (e.g. enabled by 336 ENABLE_QUICK_RANDOM. */ 337 if (_gcry_random_is_faked ()) 338 err = GPG_ERR_GENERAL; /* Use as TRUE value. */ 339 break; 340 341 case GCRYCTL_DUMP_RANDOM_STATS: 342 _gcry_random_dump_stats (); 343 break; 344 345 case GCRYCTL_DUMP_MEMORY_STATS: 346 /*m_print_stats("[fixme: prefix]");*/ 347 break; 348 349 case GCRYCTL_DUMP_SECMEM_STATS: 350 _gcry_secmem_dump_stats (); 351 break; 352 353 case GCRYCTL_DROP_PRIVS: 354 global_init (); 355 _gcry_secmem_init (0); 356 break; 357 358 case GCRYCTL_DISABLE_SECMEM: 359 global_init (); 360 no_secure_memory = 1; 361 break; 362 363 case GCRYCTL_INIT_SECMEM: 364 global_init (); 365 _gcry_secmem_init (va_arg (arg_ptr, unsigned int)); 366 if ((_gcry_secmem_get_flags () & GCRY_SECMEM_FLAG_NOT_LOCKED)) 367 err = GPG_ERR_GENERAL; 368 break; 369 370 case GCRYCTL_TERM_SECMEM: 371 global_init (); 372 _gcry_secmem_term (); 373 break; 374 375 case GCRYCTL_DISABLE_SECMEM_WARN: 376 _gcry_secmem_set_flags ((_gcry_secmem_get_flags () 377 | GCRY_SECMEM_FLAG_NO_WARNING)); 378 break; 379 380 case GCRYCTL_SUSPEND_SECMEM_WARN: 381 _gcry_secmem_set_flags ((_gcry_secmem_get_flags () 382 | GCRY_SECMEM_FLAG_SUSPEND_WARNING)); 383 break; 384 385 case GCRYCTL_RESUME_SECMEM_WARN: 386 _gcry_secmem_set_flags ((_gcry_secmem_get_flags () 387 & ~GCRY_SECMEM_FLAG_SUSPEND_WARNING)); 388 break; 389 390 case GCRYCTL_USE_SECURE_RNDPOOL: 391 global_init (); 392 _gcry_secure_random_alloc (); /* Put random number into secure memory. */ 393 break; 394 395 case GCRYCTL_SET_RANDOM_SEED_FILE: 396 _gcry_set_random_seed_file (va_arg (arg_ptr, const char *)); 397 break; 398 399 case GCRYCTL_UPDATE_RANDOM_SEED_FILE: 400 if ( fips_is_operational () ) 401 _gcry_update_random_seed_file (); 402 break; 403 404 case GCRYCTL_SET_VERBOSITY: 405 _gcry_set_log_verbosity (va_arg (arg_ptr, int)); 406 break; 407 408 case GCRYCTL_SET_DEBUG_FLAGS: 409 debug_flags |= va_arg (arg_ptr, unsigned int); 410 break; 411 412 case GCRYCTL_CLEAR_DEBUG_FLAGS: 413 debug_flags &= ~va_arg (arg_ptr, unsigned int); 414 break; 415 416 case GCRYCTL_DISABLE_INTERNAL_LOCKING: 417 /* Not used anymore. */ 418 global_init (); 419 break; 420 421 case GCRYCTL_ANY_INITIALIZATION_P: 422 if (any_init_done) 423 err = GPG_ERR_GENERAL; 424 break; 425 426 case GCRYCTL_INITIALIZATION_FINISHED_P: 427 if (init_finished) 428 err = GPG_ERR_GENERAL; /* Yes. */ 429 break; 430 431 case GCRYCTL_INITIALIZATION_FINISHED: 432 /* This is a hook which should be used by an application after 433 all initialization has been done and right before any threads 434 are started. It is not really needed but the only way to be 435 really sure that all initialization for thread-safety has 436 been done. */ 437 if (! init_finished) 438 { 439 global_init (); 440 /* Do only a basic random initialization, i.e. init the 441 mutexes. */ 442 _gcry_random_initialize (0); 443 init_finished = 1; 444 /* Force us into operational state if in FIPS mode. */ 445 (void)fips_is_operational (); 446 } 447 break; 448 449 case GCRYCTL_SET_THREAD_CBS: 450 err = ath_install (va_arg (arg_ptr, void *), any_init_done); 451 if (! err) 452 global_init (); 453 break; 454 455 case GCRYCTL_FAST_POLL: 456 /* We need to do make sure that the random pool is really 457 initialized so that the poll function is not a NOP. */ 458 _gcry_random_initialize (1); 459 460 if ( fips_is_operational () ) 461 _gcry_fast_random_poll (); 462 break; 463 464 case GCRYCTL_SET_RNDEGD_SOCKET: 465#if USE_RNDEGD 466 err = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *)); 467#else 468 err = gpg_error (GPG_ERR_NOT_SUPPORTED); 469#endif 470 break; 471 472 case GCRYCTL_SET_RANDOM_DAEMON_SOCKET: 473 _gcry_set_random_daemon_socket (va_arg (arg_ptr, const char *)); 474 break; 475 476 case GCRYCTL_USE_RANDOM_DAEMON: 477 /* We need to do make sure that the random pool is really 478 initialized so that the poll function is not a NOP. */ 479 _gcry_random_initialize (1); 480 _gcry_use_random_daemon (!! va_arg (arg_ptr, int)); 481 break; 482 483 /* This command dumps information pertaining to the 484 configuration of libgcrypt to the given stream. It may be 485 used before the initialization has been finished but not 486 before a gcry_version_check. */ 487 case GCRYCTL_PRINT_CONFIG: 488 { 489 FILE *fp = va_arg (arg_ptr, FILE *); 490 print_config (fp?fprintf:_gcry_log_info_with_dummy_fp, fp); 491 } 492 break; 493 494 case GCRYCTL_OPERATIONAL_P: 495 /* Returns true if the library is in an operational state. This 496 is always true for non-fips mode. */ 497 if (_gcry_fips_test_operational ()) 498 err = GPG_ERR_GENERAL; /* Used as TRUE value */ 499 break; 500 501 case GCRYCTL_FIPS_MODE_P: 502 if (fips_mode () 503 && !_gcry_is_fips_mode_inactive () 504 && !no_secure_memory) 505 err = GPG_ERR_GENERAL; /* Used as TRUE value */ 506 break; 507 508 case GCRYCTL_FORCE_FIPS_MODE: 509 /* Performing this command puts the library into fips mode. If 510 the library has already been initialized into fips mode, a 511 selftest is triggered. It is not possible to put the libraty 512 into fips mode after having passed the initialization. */ 513 if (!any_init_done) 514 { 515 /* Not yet intialized at all. Set a flag so that we are put 516 into fips mode during initialization. */ 517 force_fips_mode = 1; 518 } 519 else 520 { 521 /* Already initialized. If we are already operational we 522 run a selftest. If not we use the is_operational call to 523 force us into operational state if possible. */ 524 if (_gcry_fips_test_error_or_operational ()) 525 _gcry_fips_run_selftests (1); 526 if (_gcry_fips_is_operational ()) 527 err = GPG_ERR_GENERAL; /* Used as TRUE value */ 528 } 529 break; 530 531 case GCRYCTL_SELFTEST: 532 /* Run a selftest. This works in fips mode as well as in 533 standard mode. In contrast to the power-up tests, we use an 534 extended version of the selftests. Returns 0 on success or an 535 error code. */ 536 global_init (); 537 err = _gcry_fips_run_selftests (1); 538 break; 539 540#if _GCRY_GCC_VERSION >= 40600 541# pragma GCC diagnostic push 542# pragma GCC diagnostic ignored "-Wswitch" 543#endif 544 case 58: /* Init external random test. */ 545 { 546 void **rctx = va_arg (arg_ptr, void **); 547 unsigned int flags = va_arg (arg_ptr, unsigned int); 548 const void *key = va_arg (arg_ptr, const void *); 549 size_t keylen = va_arg (arg_ptr, size_t); 550 const void *seed = va_arg (arg_ptr, const void *); 551 size_t seedlen = va_arg (arg_ptr, size_t); 552 const void *dt = va_arg (arg_ptr, const void *); 553 size_t dtlen = va_arg (arg_ptr, size_t); 554 if (!fips_is_operational ()) 555 err = fips_not_operational (); 556 else 557 err = _gcry_random_init_external_test (rctx, flags, key, keylen, 558 seed, seedlen, dt, dtlen); 559 } 560 break; 561 case 59: /* Run external random test. */ 562 { 563 void *ctx = va_arg (arg_ptr, void *); 564 void *buffer = va_arg (arg_ptr, void *); 565 size_t buflen = va_arg (arg_ptr, size_t); 566 if (!fips_is_operational ()) 567 err = fips_not_operational (); 568 else 569 err = _gcry_random_run_external_test (ctx, buffer, buflen); 570 } 571 break; 572 case 60: /* Deinit external random test. */ 573 { 574 void *ctx = va_arg (arg_ptr, void *); 575 _gcry_random_deinit_external_test (ctx); 576 } 577 break; 578 case 61: /* RFU */ 579 break; 580 case 62: /* RFU */ 581 break; 582#if _GCRY_GCC_VERSION >= 40600 583# pragma GCC diagnostic pop 584#endif 585 586 case GCRYCTL_DISABLE_HWF: 587 { 588 const char *name = va_arg (arg_ptr, const char *); 589 int i; 590 591 for (i=0; hwflist[i].desc; i++) 592 if (!strcmp (hwflist[i].desc, name)) 593 { 594 disabled_hw_features |= hwflist[i].flag; 595 break; 596 } 597 if (!hwflist[i].desc) 598 err = GPG_ERR_INV_NAME; 599 } 600 break; 601 602 case GCRYCTL_SET_ENFORCED_FIPS_FLAG: 603 if (!any_init_done) 604 { 605 /* Not yet intialized at all. Set the enforced fips mode flag */ 606 _gcry_set_enforced_fips_mode (); 607 } 608 else 609 err = GPG_ERR_GENERAL; 610 break; 611 612 default: 613 err = GPG_ERR_INV_OP; 614 } 615 616 return gcry_error (err); 617} 618 619 620/* Command dispatcher function, acting as general control 621 function. */ 622gcry_error_t 623gcry_control (enum gcry_ctl_cmds cmd, ...) 624{ 625 gcry_error_t err; 626 va_list arg_ptr; 627 628 va_start (arg_ptr, cmd); 629 err = _gcry_vcontrol (cmd, arg_ptr); 630 va_end(arg_ptr); 631 return err; 632} 633 634 635 636/* Return a pointer to a string containing a description of the error 637 code in the error value ERR. */ 638const char * 639gcry_strerror (gcry_error_t err) 640{ 641 return gpg_strerror (err); 642} 643 644/* Return a pointer to a string containing a description of the error 645 source in the error value ERR. */ 646const char * 647gcry_strsource (gcry_error_t err) 648{ 649 return gpg_strsource (err); 650} 651 652/* Retrieve the error code for the system error ERR. This returns 653 GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report 654 this). */ 655gcry_err_code_t 656gcry_err_code_from_errno (int err) 657{ 658 return gpg_err_code_from_errno (err); 659} 660 661 662/* Retrieve the system error for the error code CODE. This returns 0 663 if CODE is not a system error code. */ 664int 665gcry_err_code_to_errno (gcry_err_code_t code) 666{ 667 return gpg_err_code_from_errno (code); 668} 669 670 671/* Return an error value with the error source SOURCE and the system 672 error ERR. */ 673gcry_error_t 674gcry_err_make_from_errno (gpg_err_source_t source, int err) 675{ 676 return gpg_err_make_from_errno (source, err); 677} 678 679 680/* Return an error value with the system error ERR. */ 681gcry_err_code_t 682gcry_error_from_errno (int err) 683{ 684 return gcry_error (gpg_err_code_from_errno (err)); 685} 686 687 688/* Set custom allocation handlers. This is in general not useful 689 * because the libgcrypt allocation functions are guaranteed to 690 * provide proper allocation handlers which zeroize memory if needed. 691 * NOTE: All 5 functions should be set. */ 692void 693gcry_set_allocation_handler (gcry_handler_alloc_t new_alloc_func, 694 gcry_handler_alloc_t new_alloc_secure_func, 695 gcry_handler_secure_check_t new_is_secure_func, 696 gcry_handler_realloc_t new_realloc_func, 697 gcry_handler_free_t new_free_func) 698{ 699 global_init (); 700 701 if (fips_mode ()) 702 { 703 /* We do not want to enforce the fips mode, but merely set a 704 flag so that the application may check whether it is still in 705 fips mode. */ 706 _gcry_inactivate_fips_mode ("custom allocation handler"); 707 } 708 709 alloc_func = new_alloc_func; 710 alloc_secure_func = new_alloc_secure_func; 711 is_secure_func = new_is_secure_func; 712 realloc_func = new_realloc_func; 713 free_func = new_free_func; 714} 715 716 717 718/**************** 719 * Set an optional handler which is called in case the xmalloc functions 720 * ran out of memory. This handler may do one of these things: 721 * o free some memory and return true, so that the xmalloc function 722 * tries again. 723 * o Do whatever it like and return false, so that the xmalloc functions 724 * use the default fatal error handler. 725 * o Terminate the program and don't return. 726 * 727 * The handler function is called with 3 arguments: The opaque value set with 728 * this function, the requested memory size, and a flag with these bits 729 * currently defined: 730 * bit 0 set = secure memory has been requested. 731 */ 732void 733gcry_set_outofcore_handler( int (*f)( void*, size_t, unsigned int ), 734 void *value ) 735{ 736 global_init (); 737 738 if (fips_mode () ) 739 { 740 log_info ("out of core handler ignored in FIPS mode\n"); 741 return; 742 } 743 744 outofcore_handler = f; 745 outofcore_handler_value = value; 746} 747 748/* Return the no_secure_memory flag. */ 749static int 750get_no_secure_memory (void) 751{ 752 if (!no_secure_memory) 753 return 0; 754 if (_gcry_enforced_fips_mode ()) 755 { 756 no_secure_memory = 0; 757 return 0; 758 } 759 return no_secure_memory; 760} 761 762 763static gcry_err_code_t 764do_malloc (size_t n, unsigned int flags, void **mem) 765{ 766 gcry_err_code_t err = 0; 767 void *m; 768 769 if ((flags & GCRY_ALLOC_FLAG_SECURE) && !get_no_secure_memory ()) 770 { 771 if (alloc_secure_func) 772 m = (*alloc_secure_func) (n); 773 else 774 m = _gcry_private_malloc_secure (n); 775 } 776 else 777 { 778 if (alloc_func) 779 m = (*alloc_func) (n); 780 else 781 m = _gcry_private_malloc (n); 782 } 783 784 if (!m) 785 { 786 /* Make sure that ERRNO has been set in case a user supplied 787 memory handler didn't it correctly. */ 788 if (!errno) 789 gpg_err_set_errno (ENOMEM); 790 err = gpg_err_code_from_errno (errno); 791 } 792 else 793 *mem = m; 794 795 return err; 796} 797 798void * 799gcry_malloc (size_t n) 800{ 801 void *mem = NULL; 802 803 do_malloc (n, 0, &mem); 804 805 return mem; 806} 807 808void * 809gcry_malloc_secure (size_t n) 810{ 811 void *mem = NULL; 812 813 do_malloc (n, GCRY_ALLOC_FLAG_SECURE, &mem); 814 815 return mem; 816} 817 818int 819gcry_is_secure (const void *a) 820{ 821 if (get_no_secure_memory ()) 822 return 0; 823 if (is_secure_func) 824 return is_secure_func (a) ; 825 return _gcry_private_is_secure (a); 826} 827 828void 829_gcry_check_heap( const void *a ) 830{ 831 (void)a; 832 833 /* FIXME: implement this*/ 834#if 0 835 if( some_handler ) 836 some_handler(a) 837 else 838 _gcry_private_check_heap(a) 839#endif 840} 841 842void * 843gcry_realloc (void *a, size_t n) 844{ 845 void *p; 846 847 /* To avoid problems with non-standard realloc implementations and 848 our own secmem_realloc, we divert to malloc and free here. */ 849 if (!a) 850 return gcry_malloc (n); 851 if (!n) 852 { 853 gcry_free (a); 854 return NULL; 855 } 856 857 if (realloc_func) 858 p = realloc_func (a, n); 859 else 860 p = _gcry_private_realloc (a, n); 861 if (!p && !errno) 862 gpg_err_set_errno (ENOMEM); 863 return p; 864} 865 866void 867gcry_free (void *p) 868{ 869 int save_errno; 870 871 if (!p) 872 return; 873 874 /* In case ERRNO is set we better save it so that the free machinery 875 may not accidently change ERRNO. We restore it only if it was 876 already set to comply with the usual C semantic for ERRNO. */ 877 save_errno = errno; 878 if (free_func) 879 free_func (p); 880 else 881 _gcry_private_free (p); 882 883 if (save_errno) 884 gpg_err_set_errno (save_errno); 885} 886 887void * 888gcry_calloc (size_t n, size_t m) 889{ 890 size_t bytes; 891 void *p; 892 893 bytes = n * m; /* size_t is unsigned so the behavior on overflow is 894 defined. */ 895 if (m && bytes / m != n) 896 { 897 gpg_err_set_errno (ENOMEM); 898 return NULL; 899 } 900 901 p = gcry_malloc (bytes); 902 if (p) 903 memset (p, 0, bytes); 904 return p; 905} 906 907void * 908gcry_calloc_secure (size_t n, size_t m) 909{ 910 size_t bytes; 911 void *p; 912 913 bytes = n * m; /* size_t is unsigned so the behavior on overflow is 914 defined. */ 915 if (m && bytes / m != n) 916 { 917 gpg_err_set_errno (ENOMEM); 918 return NULL; 919 } 920 921 p = gcry_malloc_secure (bytes); 922 if (p) 923 memset (p, 0, bytes); 924 return p; 925} 926 927 928/* Create and return a copy of the null-terminated string STRING. If 929 it is contained in secure memory, the copy will be contained in 930 secure memory as well. In an out-of-memory condition, NULL is 931 returned. */ 932char * 933gcry_strdup (const char *string) 934{ 935 char *string_cp = NULL; 936 size_t string_n = 0; 937 938 string_n = strlen (string); 939 940 if (gcry_is_secure (string)) 941 string_cp = gcry_malloc_secure (string_n + 1); 942 else 943 string_cp = gcry_malloc (string_n + 1); 944 945 if (string_cp) 946 strcpy (string_cp, string); 947 948 return string_cp; 949} 950 951 952void * 953gcry_xmalloc( size_t n ) 954{ 955 void *p; 956 957 while ( !(p = gcry_malloc( n )) ) 958 { 959 if ( fips_mode () 960 || !outofcore_handler 961 || !outofcore_handler (outofcore_handler_value, n, 0) ) 962 { 963 _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL); 964 } 965 } 966 return p; 967} 968 969void * 970gcry_xrealloc( void *a, size_t n ) 971{ 972 void *p; 973 974 while ( !(p = gcry_realloc( a, n )) ) 975 { 976 if ( fips_mode () 977 || !outofcore_handler 978 || !outofcore_handler (outofcore_handler_value, n, 979 gcry_is_secure(a)? 3:2 ) ) 980 { 981 _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL ); 982 } 983 } 984 return p; 985} 986 987void * 988gcry_xmalloc_secure( size_t n ) 989{ 990 void *p; 991 992 while ( !(p = gcry_malloc_secure( n )) ) 993 { 994 if ( fips_mode () 995 || !outofcore_handler 996 || !outofcore_handler (outofcore_handler_value, n, 1) ) 997 { 998 _gcry_fatal_error (gpg_err_code_from_errno (errno), 999 _("out of core in secure memory")); 1000 } 1001 } 1002 return p; 1003} 1004 1005 1006void * 1007gcry_xcalloc( size_t n, size_t m ) 1008{ 1009 size_t nbytes; 1010 void *p; 1011 1012 nbytes = n * m; 1013 if (m && nbytes / m != n) 1014 { 1015 gpg_err_set_errno (ENOMEM); 1016 _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL ); 1017 } 1018 1019 p = gcry_xmalloc ( nbytes ); 1020 memset ( p, 0, nbytes ); 1021 return p; 1022} 1023 1024void * 1025gcry_xcalloc_secure( size_t n, size_t m ) 1026{ 1027 size_t nbytes; 1028 void *p; 1029 1030 nbytes = n * m; 1031 if (m && nbytes / m != n) 1032 { 1033 gpg_err_set_errno (ENOMEM); 1034 _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL ); 1035 } 1036 1037 p = gcry_xmalloc_secure ( nbytes ); 1038 memset ( p, 0, nbytes ); 1039 return p; 1040} 1041 1042char * 1043gcry_xstrdup (const char *string) 1044{ 1045 char *p; 1046 1047 while ( !(p = gcry_strdup (string)) ) 1048 { 1049 size_t n = strlen (string); 1050 int is_sec = !!gcry_is_secure (string); 1051 1052 if (fips_mode () 1053 || !outofcore_handler 1054 || !outofcore_handler (outofcore_handler_value, n, is_sec) ) 1055 { 1056 _gcry_fatal_error (gpg_err_code_from_errno (errno), 1057 is_sec? _("out of core in secure memory"):NULL); 1058 } 1059 } 1060 1061 return p; 1062} 1063 1064 1065int 1066_gcry_get_debug_flag (unsigned int mask) 1067{ 1068 if ( fips_mode () ) 1069 return 0; 1070 return (debug_flags & mask); 1071} 1072 1073 1074 1075/* It is often useful to get some feedback of long running operations. 1076 This function may be used to register a handler for this. 1077 The callback function CB is used as: 1078 1079 void cb (void *opaque, const char *what, int printchar, 1080 int current, int total); 1081 1082 Where WHAT is a string identifying the the type of the progress 1083 output, PRINTCHAR the character usually printed, CURRENT the amount 1084 of progress currently done and TOTAL the expected amount of 1085 progress. A value of 0 for TOTAL indicates that there is no 1086 estimation available. 1087 1088 Defined values for WHAT: 1089 1090 "need_entropy" X 0 number-of-bytes-required 1091 When running low on entropy 1092 "primegen" '\n' 0 0 1093 Prime generated 1094 '!' 1095 Need to refresh the prime pool 1096 '<','>' 1097 Number of bits adjusted 1098 '^' 1099 Looking for a generator 1100 '.' 1101 Fermat tests on 10 candidates failed 1102 ':' 1103 Restart with a new random value 1104 '+' 1105 Rabin Miller test passed 1106 "pk_elg" '+','-','.','\n' 0 0 1107 Only used in debugging mode. 1108 "pk_dsa" 1109 Only used in debugging mode. 1110*/ 1111void 1112gcry_set_progress_handler (void (*cb)(void *,const char*,int, int, int), 1113 void *cb_data) 1114{ 1115#if USE_DSA 1116 _gcry_register_pk_dsa_progress (cb, cb_data); 1117#endif 1118#if USE_ELGAMAL 1119 _gcry_register_pk_elg_progress (cb, cb_data); 1120#endif 1121 _gcry_register_primegen_progress (cb, cb_data); 1122 _gcry_register_random_progress (cb, cb_data); 1123} 1124