void
egg_libgcrypt_initialize (void)
{
static volatile gsize gcrypt_initialized = 0;
unsigned seed;
if (g_once_init_enter (&gcrypt_initialized)) {
/* Only initialize libgcrypt if it hasn't already been initialized */
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
#if GCRYPT_VERSION_NUMBER < 0x010600
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
gcry_check_version (LIBGCRYPT_VERSION);
gcry_set_log_handler (log_handler, NULL);
gcry_set_outofcore_handler (no_mem_handler, NULL);
gcry_set_fatalerror_handler (fatal_handler, NULL);
gcry_set_allocation_handler ((gcry_handler_alloc_t)g_malloc,
(gcry_handler_alloc_t)egg_secure_alloc,
egg_secure_check,
(gcry_handler_realloc_t)egg_secure_realloc,
egg_secure_free);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
}
gcry_create_nonce (&seed, sizeof (seed));
srand (seed);
g_once_init_leave (&gcrypt_initialized, 1);
}
}
/* Initialise the library */
libspectrum_error
libspectrum_init( void )
{
#ifdef HAVE_GCRYPT_H
if( !gcry_control( GCRYCTL_ANY_INITIALIZATION_P ) ) {
gcrypt_version = gcry_check_version( MIN_GCRYPT_VERSION );
if( !gcrypt_version ) {
libspectrum_print_error(
LIBSPECTRUM_ERROR_LOGIC,
"libspectrum_init: found libgcrypt %s, but need %s",
gcry_check_version( NULL ), MIN_GCRYPT_VERSION
);
return LIBSPECTRUM_ERROR_LOGIC; /* FIXME: better error code */
}
/* Ugly hack to prevent the 'Secure memory is not locked into
core' message appearing */
gcry_set_log_handler( gcrypt_log_handler, NULL );
/* Initialise the 'secure' memory (which probably won't actually
be scure, but that doesn't matter as libspectrum's 'security'
is bogus anyway) */
gcry_control( GCRYCTL_INIT_SECMEM, 16384 );
/* Restore the default log handler */
gcry_set_log_handler( NULL, NULL );
gcry_control( GCRYCTL_INITIALIZATION_FINISHED );
}
#else /* #ifdef HAVE_GCRYPT_H */
gcrypt_version = NULL;
#endif /* #ifdef HAVE_GCRYPT_H */
return LIBSPECTRUM_ERROR_NONE;
}
/*
* Initialize encryption if not yet initialized.
*
* Arguments: flags Encryption flags to use.
*
* Returns: 0 if encryption was initialized successfully; -1 otherwise.
*/
gtm_status_t gtmcrypt_init(gtm_int_t flags)
{
int fips_requested, fips_enabled, rv;
if (gtmcrypt_inited)
return 0;
if (0 != gc_load_gtmshr_symbols())
return -1;
# ifdef USE_GCRYPT
gcry_set_log_handler(gtm_gcry_log_handler, NULL);
# endif
IS_FIPS_MODE_REQUESTED(fips_requested);
if (fips_requested)
{
# ifdef USE_GCRYPT
# ifndef GCRYPT_NO_FIPS
if (0 != (rv = gcry_control(GCRYCTL_FORCE_FIPS_MODE)))
{
GC_APPEND_GCRY_ERROR(rv, "Failed to initialize FIPS mode.");
return -1;
}
# endif
# else
ENABLE_FIPS_MODE(rv, fips_enabled);
/* Relevant error detail populated in the above macro. */
if (-1 == rv)
return -1;
# endif
}
# ifdef USE_GCRYPT
if (0 != gc_sym_init())
return -1;
# endif
GC_PK_INIT;
/* Update $gtm_passwd for future invocation */
if (0 != gc_update_passwd(GTM_PASSWD_ENV, >mcrypt_pwent, GTMCRYPT_DEFAULT_PASSWD_PROMPT,
GTMCRYPT_OP_INTERACTIVE_MODE & flags))
{
return -1;
}
gtmcrypt_inited = TRUE;
gtmcrypt_init_flags = flags;
gtmcrypt_err_string[0] = '\0';
if (0 != gc_pk_gpghome_has_permissions())
return -1;
return 0;
}
int
main( int argc, char **argv )
{
ARGPARSE_ARGS pargs;
enum cmd_and_opt_values cmd = 0;
unsigned long from = 0, to = ULONG_MAX;
int dry_run = 0;
early_system_init ();
set_strusage( my_strusage );
gcry_control (GCRYCTL_DISABLE_SECMEM);
log_set_prefix ("kbxutil", 1);
/* Make sure that our subsystems are ready. */
i18n_init ();
init_common_subsystems (&argc, &argv);
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the library. */
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
{
log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
}
gcry_set_log_handler (my_gcry_logger, NULL);
/*create_dotlock(NULL); register locking cleanup */
/* We need to use the gcry malloc function because jnlib uses them. */
keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* do not remove the args */
while (arg_parse( &pargs, opts) )
{
switch (pargs.r_opt)
{
case oVerbose:
/*opt.verbose++;*/
/*gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );*/
break;
case oDebug:
/*opt.debug |= pargs.r.ret_ulong; */
break;
case oDebugAll:
/*opt.debug = ~0;*/
break;
case aFindByFpr:
case aFindByKid:
case aFindByUid:
case aStats:
case aImportOpenPGP:
case aFindDups:
case aCut:
cmd = pargs.r_opt;
break;
case oFrom:
from = pargs.r.ret_ulong;
break;
case oTo:
to = pargs.r.ret_ulong;
break;
case oDryRun:
dry_run = 1;
break;
default:
pargs.err = 2;
break;
}
}
if (to < from)
log_error ("record number of \"--to\" is lower than \"--from\" one\n");
if (log_get_errorcount(0) )
myexit(2);
if (!cmd)
{ /* Default is to list a KBX file */
if (!argc)
_keybox_dump_file (NULL, 0, stdout);
else
{
for (; argc; argc--, argv++)
_keybox_dump_file (*argv, 0, stdout);
}
}
else if (cmd == aStats )
{
if (!argc)
_keybox_dump_file (NULL, 1, stdout);
else
{
for (; argc; argc--, argv++)
_keybox_dump_file (*argv, 1, stdout);
}
}
else if (cmd == aFindDups )
{
if (!argc)
_keybox_dump_find_dups (NULL, 0, stdout);
else
{
for (; argc; argc--, argv++)
_keybox_dump_find_dups (*argv, 0, stdout);
}
}
else if (cmd == aCut )
{
if (!argc)
_keybox_dump_cut_records (NULL, from, to, stdout);
else
{
for (; argc; argc--, argv++)
_keybox_dump_cut_records (*argv, from, to, stdout);
}
}
else if (cmd == aImportOpenPGP)
{
if (!argc)
import_openpgp ("-", dry_run);
else
{
for (; argc; argc--, argv++)
import_openpgp (*argv, dry_run);
}
}
#if 0
else if ( cmd == aFindByFpr )
{
char *fpr;
if ( argc != 2 )
wrong_args ("kbxfile foingerprint");
fpr = format_fingerprint ( argv[1] );
if ( !fpr )
log_error ("invalid formatted fingerprint\n");
else
{
kbxfile_search_by_fpr ( argv[0], fpr );
gcry_free ( fpr );
}
}
else if ( cmd == aFindByKid )
{
u32 kid[2];
int mode;
if ( argc != 2 )
wrong_args ("kbxfile short-or-long-keyid");
mode = format_keyid ( argv[1], kid );
if ( !mode )
log_error ("invalid formatted keyID\n");
else
{
kbxfile_search_by_kid ( argv[0], kid, mode );
}
}
else if ( cmd == aFindByUid )
{
if ( argc != 2 )
wrong_args ("kbxfile userID");
kbxfile_search_by_uid ( argv[0], argv[1] );
}
#endif
else
log_error ("unsupported action\n");
myexit(0);
return 8; /*NEVER REACHED*/
}
/**
* gnutls_global_init - This function initializes the global data to defaults.
*
* This function initializes the global data to defaults.
* Every gnutls application has a global data which holds common parameters
* shared by gnutls session structures.
* You must call gnutls_global_deinit() when gnutls usage is no longer needed
* Returns zero on success.
*
* Note that this function will also initialize libgcrypt, if it has not
* been initialized before. Thus if you want to manually initialize libgcrypt
* you must do it before calling this function. This is useful in cases you
* want to disable libgcrypt's internal lockings etc.
*
* This function increment a global counter, so that
* gnutls_global_deinit() only releases resources when it has been
* called as many times as gnutls_global_init(). This is useful when
* GnuTLS is used by more than one library in an application. This
* function can be called many times, but will only do something the
* first time.
*
* Note! This function is not thread safe. If two threads call this
* function simultaneously, they can cause a race between checking
* the global counter and incrementing it, causing both threads to
* execute the library initialization code. That would lead to a
* memory leak. To handle this, your application could invoke this
* function after aquiring a thread mutex. To ignore the potential
* memory leak is also an option.
*
**/
int
gnutls_global_init (void)
{
int result = 0;
int res;
char c;
if (_gnutls_init++)
goto out;
#if HAVE_WINSOCK
{
WORD requested;
WSADATA data;
int err;
requested = MAKEWORD (1, 1);
err = WSAStartup (requested, &data);
if (err != 0)
{
_gnutls_debug_log ("WSAStartup failed: %d.\n", err);
return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
}
if (data.wVersion < requested)
{
_gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n",
data.wVersion, requested);
WSACleanup ();
return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
}
}
#endif
bindtextdomain (PACKAGE, LOCALEDIR);
if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
{
const char *p;
p = strchr (GNUTLS_GCRYPT_VERSION, ':');
if (p == NULL)
p = GNUTLS_GCRYPT_VERSION;
else
p++;
if (gcry_check_version (p) == NULL)
{
gnutls_assert ();
_gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p);
return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
}
/* for gcrypt in order to be able to allocate memory */
gcry_set_allocation_handler (gnutls_malloc, gnutls_secure_malloc,
_gnutls_is_secure_memory, gnutls_realloc,
gnutls_free);
/* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
#ifdef DEBUG
/* applications may want to override that, so we only use
* it in debugging mode.
*/
gcry_set_log_handler (_gnutls_gcry_log_handler, NULL);
#endif
}
if (gc_init () != GC_OK)
{
gnutls_assert ();
_gnutls_debug_log ("Initializing crypto backend failed\n");
return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY;
}
/* for gcrypt in order to be able to allocate memory */
gc_set_allocators (gnutls_malloc, gnutls_secure_malloc,
_gnutls_is_secure_memory, gnutls_realloc, gnutls_free);
#ifdef DEBUG
gnutls_global_set_log_function (dlog);
#endif
/* initialize parser
* This should not deal with files in the final
* version.
*/
if (asn1_check_version (GNUTLS_LIBTASN1_VERSION) == NULL)
{
gnutls_assert ();
return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
}
res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
if (res != ASN1_SUCCESS)
{
result = _gnutls_asn2err (res);
goto out;
}
res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
if (res != ASN1_SUCCESS)
{
asn1_delete_structure (&_gnutls_pkix1_asn);
result = _gnutls_asn2err (res);
goto out;
}
/* Initialize the gcrypt (if used random generator) */
gc_pseudo_random (&c, 1);
out:
return result;
}
