/* * Initialize encryption if not yet initialized. * * Arguments: flags Encryption flags to use. * * Returns: 0 if encryption was initialized successfully; -1 otherwise. */ gtm_status_t gtmcrypt_init(gtm_int_t flags) { int fips_requested, fips_enabled, rv; if (gtmcrypt_inited) return 0; if (0 != gc_load_gtmshr_symbols()) return -1; # ifdef USE_GCRYPT gcry_set_log_handler(gtm_gcry_log_handler, NULL); # endif IS_FIPS_MODE_REQUESTED(fips_requested); if (fips_requested) { # ifdef USE_GCRYPT # ifndef GCRYPT_NO_FIPS if (0 != (rv = gcry_control(GCRYCTL_FORCE_FIPS_MODE))) { GC_APPEND_GCRY_ERROR(rv, "Failed to initialize FIPS mode."); return -1; } # endif # else ENABLE_FIPS_MODE(rv, fips_enabled); /* Relevant error detail populated in the above macro. */ if (-1 == rv) return -1; # endif } # ifdef USE_GCRYPT if (0 != gc_sym_init()) return -1; # endif GC_PK_INIT; /* Update $gtm_passwd for future invocation */ if (0 != gc_update_passwd(GTM_PASSWD_ENV, >mcrypt_pwent, GTMCRYPT_DEFAULT_PASSWD_PROMPT, GTMCRYPT_OP_INTERACTIVE_MODE & flags)) { return -1; } gtmcrypt_inited = TRUE; gtmcrypt_init_flags = flags; gtmcrypt_err_string[0] = '\0'; if (0 != gc_pk_gpghome_has_permissions()) return -1; return 0; }
/* Note: If any of the following macros fail, the error return happens within the macro. */ xc_status_t gtmcrypt_getkey_by_hash(xc_string_t *hash, gtmcrypt_key_t *handle) { gtm_dbkeys_tbl *entry; xc_status_t status = GC_SUCCESS; int err_caused_by_gpg; char save_err[MAX_GTMCRYPT_ERR_STRLEN], hex_buff[GTMCRYPT_HASH_HEX_LEN + 1]; char *gpg_msg = "Verify encrypted key file and your GNUPGHOME settings"; char *correct_key_msg = "Verify encryption key in DB keys file"; char *alert_msg; *handle = INVALID_HANDLE; GC_VERIFY_INITED; gtmcrypt_err_string[0] = '\0'; /* discard any previously recorded error messages */ entry = gc_dbk_get_entry_by_hash(hash); /* If the load below failed, don't continue */ GC_DBK_RELOAD_IF_NEEDED(entry, status, NULL, hash->address); if (0 == status) { entry = gc_dbk_get_entry_by_hash(hash); if (NULL == entry) { /* Lookup still failed. Verify if we have right permissions on GNUPGHOME or $HOME/.gnupg * (if GNUPGHOME is unset). If not, then the below function will store the appropriate * error message in err_string and so return GC_FAILURE. */ if (GC_SUCCESS != gc_pk_gpghome_has_permissions()) return GC_FAILURE; err_caused_by_gpg = ('\0' != gtmcrypt_err_string[0]); alert_msg = (err_caused_by_gpg ? gpg_msg : correct_key_msg); GC_HEX(hash->address, hex_buff, GTMCRYPT_HASH_HEX_LEN); if (err_caused_by_gpg) { strcpy(save_err, gtmcrypt_err_string); UPDATE_ERROR_STRING("Expected hash - %s - %s. %s", hex_buff, save_err, alert_msg); } else UPDATE_ERROR_STRING("Expected hash - %s. %s", hex_buff, alert_msg); return GC_FAILURE; } *handle = entry->index; } return status; }