void egg_libgcrypt_initialize (void) { static volatile gsize gcrypt_initialized = 0; unsigned seed; if (g_once_init_enter (&gcrypt_initialized)) { /* Only initialize libgcrypt if it hasn't already been initialized */ if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { #if GCRYPT_VERSION_NUMBER < 0x010600 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif gcry_check_version (LIBGCRYPT_VERSION); gcry_set_log_handler (log_handler, NULL); gcry_set_outofcore_handler (no_mem_handler, NULL); gcry_set_fatalerror_handler (fatal_handler, NULL); gcry_set_allocation_handler ((gcry_handler_alloc_t)g_malloc, (gcry_handler_alloc_t)egg_secure_alloc, egg_secure_check, (gcry_handler_realloc_t)egg_secure_realloc, egg_secure_free); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); } gcry_create_nonce (&seed, sizeof (seed)); srand (seed); g_once_init_leave (&gcrypt_initialized, 1); } }
/* Initialise the library */ libspectrum_error libspectrum_init( void ) { #ifdef HAVE_GCRYPT_H if( !gcry_control( GCRYCTL_ANY_INITIALIZATION_P ) ) { gcrypt_version = gcry_check_version( MIN_GCRYPT_VERSION ); if( !gcrypt_version ) { libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC, "libspectrum_init: found libgcrypt %s, but need %s", gcry_check_version( NULL ), MIN_GCRYPT_VERSION ); return LIBSPECTRUM_ERROR_LOGIC; /* FIXME: better error code */ } /* Ugly hack to prevent the 'Secure memory is not locked into core' message appearing */ gcry_set_log_handler( gcrypt_log_handler, NULL ); /* Initialise the 'secure' memory (which probably won't actually be scure, but that doesn't matter as libspectrum's 'security' is bogus anyway) */ gcry_control( GCRYCTL_INIT_SECMEM, 16384 ); /* Restore the default log handler */ gcry_set_log_handler( NULL, NULL ); gcry_control( GCRYCTL_INITIALIZATION_FINISHED ); } #else /* #ifdef HAVE_GCRYPT_H */ gcrypt_version = NULL; #endif /* #ifdef HAVE_GCRYPT_H */ return LIBSPECTRUM_ERROR_NONE; }
/* * Initialize encryption if not yet initialized. * * Arguments: flags Encryption flags to use. * * Returns: 0 if encryption was initialized successfully; -1 otherwise. */ gtm_status_t gtmcrypt_init(gtm_int_t flags) { int fips_requested, fips_enabled, rv; if (gtmcrypt_inited) return 0; if (0 != gc_load_gtmshr_symbols()) return -1; # ifdef USE_GCRYPT gcry_set_log_handler(gtm_gcry_log_handler, NULL); # endif IS_FIPS_MODE_REQUESTED(fips_requested); if (fips_requested) { # ifdef USE_GCRYPT # ifndef GCRYPT_NO_FIPS if (0 != (rv = gcry_control(GCRYCTL_FORCE_FIPS_MODE))) { GC_APPEND_GCRY_ERROR(rv, "Failed to initialize FIPS mode."); return -1; } # endif # else ENABLE_FIPS_MODE(rv, fips_enabled); /* Relevant error detail populated in the above macro. */ if (-1 == rv) return -1; # endif } # ifdef USE_GCRYPT if (0 != gc_sym_init()) return -1; # endif GC_PK_INIT; /* Update $gtm_passwd for future invocation */ if (0 != gc_update_passwd(GTM_PASSWD_ENV, >mcrypt_pwent, GTMCRYPT_DEFAULT_PASSWD_PROMPT, GTMCRYPT_OP_INTERACTIVE_MODE & flags)) { return -1; } gtmcrypt_inited = TRUE; gtmcrypt_init_flags = flags; gtmcrypt_err_string[0] = '\0'; if (0 != gc_pk_gpghome_has_permissions()) return -1; return 0; }
int main( int argc, char **argv ) { ARGPARSE_ARGS pargs; enum cmd_and_opt_values cmd = 0; unsigned long from = 0, to = ULONG_MAX; int dry_run = 0; early_system_init (); set_strusage( my_strusage ); gcry_control (GCRYCTL_DISABLE_SECMEM); log_set_prefix ("kbxutil", 1); /* Make sure that our subsystems are ready. */ i18n_init (); init_common_subsystems (&argc, &argv); /* Check that the libraries are suitable. Do it here because the option parsing may need services of the library. */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } gcry_set_log_handler (my_gcry_logger, NULL); /*create_dotlock(NULL); register locking cleanup */ /* We need to use the gcry malloc function because jnlib uses them. */ keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free ); pargs.argc = &argc; pargs.argv = &argv; pargs.flags= 1; /* do not remove the args */ while (arg_parse( &pargs, opts) ) { switch (pargs.r_opt) { case oVerbose: /*opt.verbose++;*/ /*gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );*/ break; case oDebug: /*opt.debug |= pargs.r.ret_ulong; */ break; case oDebugAll: /*opt.debug = ~0;*/ break; case aFindByFpr: case aFindByKid: case aFindByUid: case aStats: case aImportOpenPGP: case aFindDups: case aCut: cmd = pargs.r_opt; break; case oFrom: from = pargs.r.ret_ulong; break; case oTo: to = pargs.r.ret_ulong; break; case oDryRun: dry_run = 1; break; default: pargs.err = 2; break; } } if (to < from) log_error ("record number of \"--to\" is lower than \"--from\" one\n"); if (log_get_errorcount(0) ) myexit(2); if (!cmd) { /* Default is to list a KBX file */ if (!argc) _keybox_dump_file (NULL, 0, stdout); else { for (; argc; argc--, argv++) _keybox_dump_file (*argv, 0, stdout); } } else if (cmd == aStats ) { if (!argc) _keybox_dump_file (NULL, 1, stdout); else { for (; argc; argc--, argv++) _keybox_dump_file (*argv, 1, stdout); } } else if (cmd == aFindDups ) { if (!argc) _keybox_dump_find_dups (NULL, 0, stdout); else { for (; argc; argc--, argv++) _keybox_dump_find_dups (*argv, 0, stdout); } } else if (cmd == aCut ) { if (!argc) _keybox_dump_cut_records (NULL, from, to, stdout); else { for (; argc; argc--, argv++) _keybox_dump_cut_records (*argv, from, to, stdout); } } else if (cmd == aImportOpenPGP) { if (!argc) import_openpgp ("-", dry_run); else { for (; argc; argc--, argv++) import_openpgp (*argv, dry_run); } } #if 0 else if ( cmd == aFindByFpr ) { char *fpr; if ( argc != 2 ) wrong_args ("kbxfile foingerprint"); fpr = format_fingerprint ( argv[1] ); if ( !fpr ) log_error ("invalid formatted fingerprint\n"); else { kbxfile_search_by_fpr ( argv[0], fpr ); gcry_free ( fpr ); } } else if ( cmd == aFindByKid ) { u32 kid[2]; int mode; if ( argc != 2 ) wrong_args ("kbxfile short-or-long-keyid"); mode = format_keyid ( argv[1], kid ); if ( !mode ) log_error ("invalid formatted keyID\n"); else { kbxfile_search_by_kid ( argv[0], kid, mode ); } } else if ( cmd == aFindByUid ) { if ( argc != 2 ) wrong_args ("kbxfile userID"); kbxfile_search_by_uid ( argv[0], argv[1] ); } #endif else log_error ("unsupported action\n"); myexit(0); return 8; /*NEVER REACHED*/ }
/** * gnutls_global_init - This function initializes the global data to defaults. * * This function initializes the global data to defaults. * Every gnutls application has a global data which holds common parameters * shared by gnutls session structures. * You must call gnutls_global_deinit() when gnutls usage is no longer needed * Returns zero on success. * * Note that this function will also initialize libgcrypt, if it has not * been initialized before. Thus if you want to manually initialize libgcrypt * you must do it before calling this function. This is useful in cases you * want to disable libgcrypt's internal lockings etc. * * This function increment a global counter, so that * gnutls_global_deinit() only releases resources when it has been * called as many times as gnutls_global_init(). This is useful when * GnuTLS is used by more than one library in an application. This * function can be called many times, but will only do something the * first time. * * Note! This function is not thread safe. If two threads call this * function simultaneously, they can cause a race between checking * the global counter and incrementing it, causing both threads to * execute the library initialization code. That would lead to a * memory leak. To handle this, your application could invoke this * function after aquiring a thread mutex. To ignore the potential * memory leak is also an option. * **/ int gnutls_global_init (void) { int result = 0; int res; char c; if (_gnutls_init++) goto out; #if HAVE_WINSOCK { WORD requested; WSADATA data; int err; requested = MAKEWORD (1, 1); err = WSAStartup (requested, &data); if (err != 0) { _gnutls_debug_log ("WSAStartup failed: %d.\n", err); return GNUTLS_E_LIBRARY_VERSION_MISMATCH; } if (data.wVersion < requested) { _gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n", data.wVersion, requested); WSACleanup (); return GNUTLS_E_LIBRARY_VERSION_MISMATCH; } } #endif bindtextdomain (PACKAGE, LOCALEDIR); if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) { const char *p; p = strchr (GNUTLS_GCRYPT_VERSION, ':'); if (p == NULL) p = GNUTLS_GCRYPT_VERSION; else p++; if (gcry_check_version (p) == NULL) { gnutls_assert (); _gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p); return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; } /* for gcrypt in order to be able to allocate memory */ gcry_set_allocation_handler (gnutls_malloc, gnutls_secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free); /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); #ifdef DEBUG /* applications may want to override that, so we only use * it in debugging mode. */ gcry_set_log_handler (_gnutls_gcry_log_handler, NULL); #endif } if (gc_init () != GC_OK) { gnutls_assert (); _gnutls_debug_log ("Initializing crypto backend failed\n"); return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY; } /* for gcrypt in order to be able to allocate memory */ gc_set_allocators (gnutls_malloc, gnutls_secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free); #ifdef DEBUG gnutls_global_set_log_function (dlog); #endif /* initialize parser * This should not deal with files in the final * version. */ if (asn1_check_version (GNUTLS_LIBTASN1_VERSION) == NULL) { gnutls_assert (); return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY; } res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); if (res != ASN1_SUCCESS) { result = _gnutls_asn2err (res); goto out; } res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); if (res != ASN1_SUCCESS) { asn1_delete_structure (&_gnutls_pkix1_asn); result = _gnutls_asn2err (res); goto out; } /* Initialize the gcrypt (if used random generator) */ gc_pseudo_random (&c, 1); out: return result; }