static void destroy(void)
{
if (sec_rand1) pkg_free(sec_rand1);
if (sec_rand2) pkg_free(sec_rand2);
#ifdef USE_NC
destroy_nonce_count();
#endif
#ifdef USE_OT_NONCE
destroy_ot_nonce();
#endif
#if defined USE_NC || defined USE_OT_NONCE
destroy_nonce_id();
#endif
}
/* returns -1 on error, 0 on success */
int init_ot_nonce()
{
unsigned long size;
unsigned long max_mem;
unsigned orig_array_size;
if (nid_crt==0){
BUG("auth: init_ot_nonce: nonce index must be "
"initialized first (see init_nonce_id())\n");
return -1;
}
orig_array_size=otn_in_flight_no;
if (otn_in_flight_k==0){
if (otn_in_flight_no==0){
otn_in_flight_no=DEFAULT_OTN_IN_FLIGHT;
}
otn_in_flight_k=bit_scan_reverse32(otn_in_flight_no);
}
size=1UL<<otn_in_flight_k; /* ROUNDDOWN to 2^otn_in_flight_k */
if (size < MIN_OTN_IN_FLIGHT){
WARN("auth: one-time-nonce maximum in-flight nonces is very low (%d),"
" consider increasing otn_in_flight_no to at least %d\n",
orig_array_size, MIN_OTN_IN_FLIGHT);
}
if (size > MAX_OTN_IN_FLIGHT){
WARN("auth: one-time-nonce maximum in-flight nonces is too high (%d),"
" consider decreasing otn_in_flight_no to at least %d\n",
orig_array_size, MAX_OTN_IN_FLIGHT);
}
if (size!=otn_in_flight_no){
if (orig_array_size!=0)
INFO("auth: otn_in_flight_no rounded down to %ld\n", size);
else
INFO("auth: otn_in_flight_no set to %ld\n", size);
}
max_mem=shm_available();
if (size/8 >= max_mem){
ERR("auth: otn_in_flight_no (%ld) is too big for the configured "
"amount of shared memory (%ld bytes)\n", size, max_mem);
return -1;
}else if (size/8 >= max_mem/2){
WARN("auth: the currently configured otn_in_flight_no (%ld) "
"would use more then 50%% of the available shared"
" memory(%ld bytes)\n", size, max_mem);
}
otn_in_flight_no=size;
if (nid_pool_no>=otn_in_flight_no/(8*sizeof(otn_cell_t))){
ERR("auth: nid_pool_no (%d) too high for the configured "
"otn_in_flight_no (%d)\n", nid_pool_no, otn_in_flight_no);
return -1;
}
otn_partition_size=otn_in_flight_no >> nid_pool_k;
otn_partition_k=otn_in_flight_k-nid_pool_k;
otn_partition_mask=(1<<otn_partition_k)-1;
assert(otn_partition_size == otn_in_flight_no/nid_pool_no);
assert(1<<(otn_partition_k+nid_pool_k) == otn_in_flight_no);
if ((nid_t)otn_partition_size >= ((nid_t)(-1)/NID_INC)){
ERR("auth: otn_in_flight_no too big, try decreasing it or increasing"
"the number of pools/partitions, such that "
"otn_in_flight_no/nid_pool_no < %d\n",
(unsigned int)((nid_t)(-1)/NID_INC));
return -1;
}
if (otn_partition_size < MIN_OTN_PARTITION){
WARN("auth: one-time-nonces in-flight nonces very low,"
" consider either decreasing nid_pool_no (%d) or "
" increasing otn_array_size (%d) such that "
"otn_array_size/nid_pool_no >= %d\n",
nid_pool_no, orig_array_size, MIN_OTN_PARTITION);
}
/* array size should be multiple of sizeof(otn_cell_t) since we
* access it as an otn_cell_t array */
otn_array=shm_malloc(ROUND2TYPE((otn_in_flight_no+7)/8, otn_cell_t));
if (otn_array==0){
ERR("auth: init_ot_nonce: memory allocation failure, consider"
" either decreasing otn_in_flight_no of increasing the"
" the shared memory amount\n");
goto error;
}
/* init the otn_array with 1 for each bit, to avoid replay attacks after
* ser restarts ) */
memset(otn_array, 0xff, ROUND2TYPE((otn_in_flight_no+7)/8, otn_cell_t));
return 0;
error:
destroy_ot_nonce();
return -1;
}
