/**************** * Note: This copy function should not interpret the MPI * but copy it transparently. */ gcry_mpi_t gcry_mpi_copy( gcry_mpi_t a ) { int i; gcry_mpi_t b; if( a && (a->flags & 4) ) { void *p = gcry_is_secure(a->d)? gcry_xmalloc_secure( (a->sign+7)/8 ) : gcry_xmalloc( (a->sign+7)/8 ); memcpy( p, a->d, (a->sign+7)/8 ); b = gcry_mpi_set_opaque( NULL, p, a->sign ); } else if( a ) { b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) : mpi_alloc( a->nlimbs ); b->nlimbs = a->nlimbs; b->sign = a->sign; b->flags = a->flags; for(i=0; i < b->nlimbs; i++ ) b->d[i] = a->d[i]; } else b = NULL; return b; }
void * gcry_xrealloc( void *a, size_t n ) { void *p; while ( !(p = gcry_realloc( a, n )) ) { if( !outofcore_handler || !outofcore_handler( outofcore_handler_value, n, gcry_is_secure(a)? 3:2 ) ) { _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL ); } } return p; }
/* Create and return a copy of the null-terminated string STRING. If it is contained in secure memory, the copy will be contained in secure memory as well. In an out-of-memory condition, NULL is returned. */ char * gcry_strdup (const char *string) { char *string_cp = NULL; size_t string_n = 0; string_n = strlen (string); if (gcry_is_secure (string)) string_cp = gcry_malloc_secure (string_n + 1); else string_cp = gcry_malloc (string_n + 1); if (string_cp) strcpy (string_cp, string); return string_cp; }
char * gcry_xstrdup (const char *string) { char *p; while ( !(p = gcry_strdup (string)) ) { size_t n = strlen (string); int is_sec = !!gcry_is_secure (string); if (!outofcore_handler || !outofcore_handler (outofcore_handler_value, n, is_sec) ) { _gcry_fatal_error (gpg_err_code_from_errno (errno), is_sec? _("out of core in secure memory"):NULL); } } return p; }
/**************** * This function allocates an MPI which is optimized to hold * a value as large as the one given in the argument and allocates it * with the same flags as A. */ gcry_mpi_t _gcry_mpi_alloc_like( gcry_mpi_t a ) { gcry_mpi_t b; if( a && (a->flags & 4) ) { int n = (a->sign+7)/8; void *p = gcry_is_secure(a->d)? gcry_malloc_secure( n ) : gcry_malloc( n ); memcpy( p, a->d, n ); b = gcry_mpi_set_opaque( NULL, p, a->sign ); } else if( a ) { b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) : mpi_alloc( a->nlimbs ); b->nlimbs = 0; b->sign = 0; b->flags = a->flags; } else b = NULL; return b; }
/**************** * Release resource of the given SEXP object. */ void gcry_sexp_release( gcry_sexp_t sexp ) { if (sexp) { if (gcry_is_secure (sexp)) { /* Extra paranoid wiping. */ const byte *p = sexp->d; int type; while ( (type = *p) != ST_STOP ) { p++; switch ( type ) { case ST_OPEN: break; case ST_CLOSE: break; case ST_DATA: { DATALEN n; memcpy ( &n, p, sizeof n ); p += sizeof n; p += n; } break; default: break; } } wipememory (sexp->d, p - sexp->d); } gcry_free ( sexp ); } }
/* fixme: we need better tests */ static void basic (void) { int pass; gcry_sexp_t sexp; int idx; char *secure_buffer; size_t secure_buffer_len; const char *string; static struct { const char *token; const char *parm; } values[] = { { "public-key", NULL }, { "dsa", NULL }, { "dsa", "p" }, { "dsa", "y" }, { "dsa", "q" }, { "dsa", "g" }, { NULL } }; info ("doing some pretty pointless tests\n"); secure_buffer_len = 99; secure_buffer = gcry_xmalloc_secure (secure_buffer_len); memset (secure_buffer, 'G', secure_buffer_len); for (pass=0;;pass++) { gcry_mpi_t m; switch (pass) { case 0: string = ("(public-key (dsa (p #41424344#) (y this_is_y) " "(q #61626364656667#) (g %m)))"); m = gcry_mpi_set_ui (NULL, 42); if ( gcry_sexp_build (&sexp, NULL, string, m ) ) { gcry_mpi_release (m); fail (" scanning `%s' failed\n", string); return; } gcry_mpi_release (m); break; case 1: string = ("(public-key (dsa (p #41424344#) (y this_is_y) " "(q %b) (g %m)))"); m = gcry_mpi_set_ui (NULL, 42); if ( gcry_sexp_build (&sexp, NULL, string, 15, "foo\0\x01\0x02789012345", m) ) { gcry_mpi_release (m); fail (" scanning `%s' failed\n", string); return; } gcry_mpi_release (m); break; case 2: string = ("(public-key (dsa (p #41424344#) (y silly_y_value) " "(q %b) (g %m)))"); m = gcry_mpi_set_ui (NULL, 17); if ( gcry_sexp_build (&sexp, NULL, string, secure_buffer_len, secure_buffer, m) ) { gcry_mpi_release (m); fail (" scanning `%s' failed\n", string); return; } gcry_mpi_release (m); if (!gcry_is_secure (sexp)) fail ("gcry_sexp_build did not switch to secure memory\n"); break; case 3: { gcry_sexp_t help_sexp; if (gcry_sexp_new (&help_sexp, "(foobar-parms (xp #1234#)(xq #03#))", 0, 1)) { fail (" scanning fixed string failed\n"); return; } string = ("(public-key (dsa (p #41424344#) (parm %S) " "(y dummy)(q %b) (g %m)))"); m = gcry_mpi_set_ui (NULL, 17); if ( gcry_sexp_build (&sexp, NULL, string, help_sexp, secure_buffer_len, secure_buffer, m) ) { gcry_mpi_release (m); fail (" scanning `%s' failed\n", string); return; } gcry_mpi_release (m); gcry_sexp_release (help_sexp); } break; default: return; /* Ready. */ } /* now find something */ for (idx=0; values[idx].token; idx++) { const char *token = values[idx].token; const char *parm = values[idx].parm; gcry_sexp_t s1, s2; gcry_mpi_t a; const char *p; size_t n; s1 = gcry_sexp_find_token (sexp, token, strlen(token) ); if (!s1) { fail ("didn't found `%s'\n", token); continue; } p = gcry_sexp_nth_data (s1, 0, &n); if (!p) { gcry_sexp_release (s1); fail ("no car for `%s'\n", token); continue; } info ("car=`%.*s'\n", (int)n, p); s2 = gcry_sexp_cdr (s1); if (!s2) { gcry_sexp_release (s1); fail ("no cdr for `%s'\n", token); continue; } p = gcry_sexp_nth_data (s2, 0, &n); gcry_sexp_release (s2); if (p) { gcry_sexp_release (s1); fail ("data at car of `%s'\n", token); continue; } if (parm) { s2 = gcry_sexp_find_token (s1, parm, strlen (parm)); gcry_sexp_release (s1); if (!s2) { fail ("didn't found `%s'\n", parm); continue; } p = gcry_sexp_nth_data (s2, 0, &n); if (!p) { gcry_sexp_release (s2); fail("no car for `%s'\n", parm ); continue; } info ("car=`%.*s'\n", (int)n, p); p = gcry_sexp_nth_data (s2, 1, &n); if (!p) { gcry_sexp_release (s2); fail("no cdr for `%s'\n", parm ); continue; } info ("cdr=`%.*s'\n", (int)n, p); a = gcry_sexp_nth_mpi (s2, 0, GCRYMPI_FMT_USG); gcry_sexp_release (s2); if (!a) { fail("failed to cdr the mpi for `%s'\n", parm); continue; } gcry_mpi_release (a); } else gcry_sexp_release (s1); } gcry_sexp_release (sexp); sexp = NULL; } gcry_free (secure_buffer); }
/* Convert the external representation of an integer stored in BUFFER with a length of BUFLEN into a newly create MPI returned in RET_MPI. If NBYTES is not NULL, it will receive the number of bytes actually scanned after a successful operation. */ gcry_error_t gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, const void *buffer_arg, size_t buflen, size_t *nscanned) { const unsigned char *buffer = (const unsigned char*)buffer_arg; struct gcry_mpi *a = NULL; unsigned int len; int secure = (buffer && gcry_is_secure (buffer)); if (format == GCRYMPI_FMT_SSH) len = 0; else len = buflen; if (format == GCRYMPI_FMT_STD) { const unsigned char *s = buffer; a = secure? mpi_alloc_secure ((len+BYTES_PER_MPI_LIMB-1) /BYTES_PER_MPI_LIMB) : mpi_alloc ((len+BYTES_PER_MPI_LIMB-1)/BYTES_PER_MPI_LIMB); if (len) { a->sign = !!(*s & 0x80); if (a->sign) { /* FIXME: we have to convert from 2compl to magnitude format */ mpi_free (a); return gcry_error (GPG_ERR_INTERNAL); } else _gcry_mpi_set_buffer (a, s, len, 0); } if (ret_mpi) { mpi_normalize ( a ); *ret_mpi = a; } else mpi_free(a); return 0; } else if (format == GCRYMPI_FMT_USG) { a = secure? mpi_alloc_secure ((len+BYTES_PER_MPI_LIMB-1) /BYTES_PER_MPI_LIMB) : mpi_alloc ((len+BYTES_PER_MPI_LIMB-1)/BYTES_PER_MPI_LIMB); if (len) _gcry_mpi_set_buffer (a, buffer, len, 0); if (ret_mpi) { mpi_normalize ( a ); *ret_mpi = a; } else mpi_free(a); return 0; } else if (format == GCRYMPI_FMT_PGP) { a = mpi_read_from_buffer (buffer, &len, secure); if (nscanned) *nscanned = len; if (ret_mpi && a) { mpi_normalize (a); *ret_mpi = a; } else if (a) { mpi_free(a); a = NULL; } return a? 0 : gcry_error (GPG_ERR_INV_OBJ); } else if (format == GCRYMPI_FMT_SSH) { const unsigned char *s = buffer; size_t n; /* This test is not strictly necessary and an assert (!len) would be sufficient. We keep this test in case we later allow the BUFLEN argument to act as a sanitiy check. Same below. */ if (len && len < 4) return gcry_error (GPG_ERR_TOO_SHORT); n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]); s += 4; if (len) len -= 4; if (len && n > len) return gcry_error (GPG_ERR_TOO_LARGE); a = secure? mpi_alloc_secure ((n+BYTES_PER_MPI_LIMB-1) /BYTES_PER_MPI_LIMB) : mpi_alloc ((n+BYTES_PER_MPI_LIMB-1)/BYTES_PER_MPI_LIMB); if (n) { a->sign = !!(*s & 0x80); if (a->sign) { /* FIXME: we have to convert from 2compl to magnitude format */ mpi_free(a); return gcry_error (GPG_ERR_INTERNAL); } else _gcry_mpi_set_buffer( a, s, n, 0 ); } if (nscanned) *nscanned = n+4; if (ret_mpi) { mpi_normalize ( a ); *ret_mpi = a; } else mpi_free(a); return 0; } else if (format == GCRYMPI_FMT_HEX) { /* We can only handle C strings for now. */ if (buflen) return gcry_error (GPG_ERR_INV_ARG); a = secure? mpi_alloc_secure (0) : mpi_alloc(0); if (mpi_fromstr (a, (const char *)buffer)) { mpi_free (a); return gcry_error (GPG_ERR_INV_OBJ); } if (ret_mpi) { mpi_normalize ( a ); *ret_mpi = a; } else mpi_free(a); return 0; } else return gcry_error (GPG_ERR_INV_ARG); }
gboolean egg_hkdf_perform (const gchar *hash_algo, gconstpointer input, gsize n_input, gconstpointer salt, gsize n_salt, gconstpointer info, gsize n_info, gpointer output, gsize n_output) { gpointer alloc = NULL; gpointer buffer = NULL; gcry_md_hd_t md1, md2; guint hash_len; gint i; gint flags, algo; gsize step, n_buffer; guchar *at; gcry_error_t gcry; algo = gcry_md_map_name (hash_algo); g_return_val_if_fail (algo != 0, FALSE); hash_len = gcry_md_get_algo_dlen (algo); g_return_val_if_fail (hash_len != 0, FALSE); g_return_val_if_fail (n_output <= 255 * hash_len, FALSE); /* Buffer we need to for intermediate stuff */ if (gcry_is_secure (input)) { flags = GCRY_MD_FLAG_SECURE; buffer = gcry_malloc_secure (hash_len); } else { flags = 0; buffer = gcry_malloc (hash_len); } g_return_val_if_fail (buffer, FALSE); n_buffer = 0; /* Salt defaults to hash_len zeros */ if (!salt) { salt = alloc = g_malloc0 (hash_len); n_salt = hash_len; } /* Step 1: Extract */ gcry = gcry_md_open (&md1, algo, GCRY_MD_FLAG_HMAC | flags); g_return_val_if_fail (gcry == 0, FALSE); gcry = gcry_md_setkey (md1, salt, n_salt); g_return_val_if_fail (gcry == 0, FALSE); gcry_md_write (md1, input, n_input); /* Step 2: Expand */ gcry = gcry_md_open (&md2, algo, GCRY_MD_FLAG_HMAC | flags); g_return_val_if_fail (gcry == 0, FALSE); gcry = gcry_md_setkey (md2, gcry_md_read (md1, algo), hash_len); g_return_val_if_fail (gcry == 0, FALSE); gcry_md_close (md1); at = output; for (i = 1; i < 256; ++i) { gcry_md_reset (md2); gcry_md_write (md2, buffer, n_buffer); gcry_md_write (md2, info, n_info); gcry_md_putc (md2, i); n_buffer = hash_len; memcpy (buffer, gcry_md_read (md2, algo), n_buffer); step = MIN (n_buffer, n_output); memcpy (at, buffer, step); n_output -= step; at += step; if (!n_output) break; } g_free (alloc); gcry_free (buffer); return TRUE; }
/**************** * Scan the provided buffer and return the S expression in our internal * format. Returns a newly allocated expression. If erroff is not NULL and * a parsing error has occurred, the offset into buffer will be returned. * If ARGFLAG is true, the function supports some printf like * expressions. * These are: * %m - MPI * %s - string (no autoswitch to secure allocation) * %d - integer stored as string (no autoswitch to secure allocation) * %b - memory buffer; this takes _two_ arguments: an integer with the * length of the buffer and a pointer to the buffer. * %S - Copy an gcry_sexp_t here. The S-expression needs to be a * regular one, starting with a parenthesis. * (no autoswitch to secure allocation) * all other format elements are currently not defined and return an error. * this includes the "%%" sequence becauce the percent sign is not an * allowed character. * FIXME: We should find a way to store the secure-MPIs not in the string * but as reference to somewhere - this can help us to save huge amounts * of secure memory. The problem is, that if only one element is secure, all * other elements are automagicaly copied to secure memory too, so the most * common operation gcry_sexp_cdr_mpi() will always return a secure MPI * regardless whether it is needed or not. */ static gcry_error_t vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length, int argflag, void **arg_list, va_list arg_ptr) { gcry_err_code_t err = 0; static const char tokenchars[] = "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789-./_:*+="; const char *p; size_t n; const char *digptr = NULL; const char *quoted = NULL; const char *tokenp = NULL; const char *hexfmt = NULL; const char *base64 = NULL; const char *disphint = NULL; const char *percent = NULL; int hexcount = 0; int quoted_esc = 0; int datalen = 0; size_t dummy_erroff; struct make_space_ctx c; int arg_counter = 0; int level = 0; if (!erroff) erroff = &dummy_erroff; /* Depending on whether ARG_LIST is non-zero or not, this macro gives us the next argument, either from the variable argument list as specified by ARG_PTR or from the argument array ARG_LIST. */ #define ARG_NEXT(storage, type) \ do \ { \ if (!arg_list) \ storage = va_arg (arg_ptr, type); \ else \ storage = *((type *) (arg_list[arg_counter++])); \ } \ while (0) /* The MAKE_SPACE macro is used before each store operation to ensure that the buffer is large enough. It requires a global context named C and jumps out to the label LEAVE on error! It also sets ERROFF using the variables BUFFER and P. */ #define MAKE_SPACE(n) do { \ gpg_err_code_t _ms_err = make_space (&c, (n)); \ if (_ms_err) \ { \ err = _ms_err; \ *erroff = p - buffer; \ goto leave; \ } \ } while (0) /* The STORE_LEN macro is used to store the length N at buffer P. */ #define STORE_LEN(p,n) do { \ DATALEN ashort = (n); \ memcpy ( (p), &ashort, sizeof(ashort) ); \ (p) += sizeof (ashort); \ } while (0) /* We assume that the internal representation takes less memory than the provided one. However, we add space for one extra datalen so that the code which does the ST_CLOSE can use MAKE_SPACE */ c.allocated = length + sizeof(DATALEN); if (buffer && length && gcry_is_secure (buffer)) c.sexp = gcry_malloc_secure (sizeof *c.sexp + c.allocated - 1); else c.sexp = gcry_malloc (sizeof *c.sexp + c.allocated - 1); if (!c.sexp) { err = gpg_err_code_from_errno (errno); *erroff = 0; goto leave; } c.pos = c.sexp->d; for (p = buffer, n = length; n; p++, n--) { if (tokenp && !hexfmt) { if (strchr (tokenchars, *p)) continue; else { datalen = p - tokenp; MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); memcpy (c.pos, tokenp, datalen); c.pos += datalen; tokenp = NULL; } } if (quoted) { if (quoted_esc) { switch (*p) { case 'b': case 't': case 'v': case 'n': case 'f': case 'r': case '"': case '\'': case '\\': quoted_esc = 0; break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': if (!((n > 2) && (p[1] >= '0') && (p[1] <= '7') && (p[2] >= '0') && (p[2] <= '7'))) { *erroff = p - buffer; /* Invalid octal value. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } p += 2; n -= 2; quoted_esc = 0; break; case 'x': if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2))) { *erroff = p - buffer; /* Invalid hex value. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } p += 2; n -= 2; quoted_esc = 0; break; case '\r': /* ignore CR[,LF] */ if (n && (p[1] == '\n')) { p++; n--; } quoted_esc = 0; break; case '\n': /* ignore LF[,CR] */ if (n && (p[1] == '\r')) { p++; n--; } quoted_esc = 0; break; default: *erroff = p - buffer; /* Invalid quoted string escape. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } } else if (*p == '\\') quoted_esc = 1; else if (*p == '\"') { /* Keep it easy - we know that the unquoted string will never be larger. */ unsigned char *save; size_t len; quoted++; /* Skip leading quote. */ MAKE_SPACE (p - quoted); *c.pos++ = ST_DATA; save = c.pos; STORE_LEN (c.pos, 0); /* Will be fixed up later. */ len = unquote_string (quoted, p - quoted, c.pos); c.pos += len; STORE_LEN (save, len); quoted = NULL; } } else if (hexfmt) { if (isxdigit (*p)) hexcount++; else if (*p == '#') { if ((hexcount & 1)) { *erroff = p - buffer; err = GPG_ERR_SEXP_ODD_HEX_NUMBERS; goto leave; } datalen = hexcount / 2; MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); for (hexfmt++; hexfmt < p; hexfmt++) { int tmpc; if (whitespacep (hexfmt)) continue; tmpc = hextonibble (*(const unsigned char*)hexfmt); for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++) ; if (hexfmt < p) { tmpc *= 16; tmpc += hextonibble (*(const unsigned char*)hexfmt); } *c.pos++ = tmpc; } hexfmt = NULL; } else if (!whitespacep (p)) { *erroff = p - buffer; err = GPG_ERR_SEXP_BAD_HEX_CHAR; goto leave; } } else if (base64) { if (*p == '|') base64 = NULL; } else if (digptr) { if (digitp (p)) ; else if (*p == ':') { datalen = atoi (digptr); /* FIXME: check for overflow. */ digptr = NULL; if (datalen > n - 1) { *erroff = p - buffer; /* Buffer too short. */ err = GPG_ERR_SEXP_STRING_TOO_LONG; goto leave; } /* Make a new list entry. */ MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); memcpy (c.pos, p + 1, datalen); c.pos += datalen; n -= datalen; p += datalen; } else if (*p == '\"') { digptr = NULL; /* We ignore the optional length. */ quoted = p; quoted_esc = 0; } else if (*p == '#') { digptr = NULL; /* We ignore the optional length. */ hexfmt = p; hexcount = 0; } else if (*p == '|') { digptr = NULL; /* We ignore the optional length. */ base64 = p; } else { *erroff = p - buffer; err = GPG_ERR_SEXP_INV_LEN_SPEC; goto leave; } } else if (percent) { if (*p == 'm' || *p == 'M') { /* Insert an MPI. */ gcry_mpi_t m; size_t nm = 0; int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG; ARG_NEXT (m, gcry_mpi_t); if (gcry_mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE)) { void *mp; unsigned int nbits; mp = gcry_mpi_get_opaque (m, &nbits); nm = (nbits+7)/8; if (mp && nm) { MAKE_SPACE (nm); if (!gcry_is_secure (c.sexp->d) && gcry_mpi_get_flag (m, GCRYMPI_FLAG_SECURE)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = gcry_malloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); gcry_free (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, nm); memcpy (c.pos, mp, nm); c.pos += nm; } } else { if (gcry_mpi_print (mpifmt, NULL, 0, &nm, m)) BUG (); MAKE_SPACE (nm); if (!gcry_is_secure (c.sexp->d) && gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = gcry_malloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); gcry_free (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, nm); if (gcry_mpi_print (mpifmt, c.pos, nm, &nm, m)) BUG (); c.pos += nm; } } else if (*p == 's') { /* Insert an string. */ const char *astr; size_t alen; ARG_NEXT (astr, const char *); alen = strlen (astr); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, astr, alen); c.pos += alen; } else if (*p == 'b') { /* Insert a memory buffer. */ const char *astr; int alen; ARG_NEXT (alen, int); ARG_NEXT (astr, const char *); MAKE_SPACE (alen); if (alen && !gcry_is_secure (c.sexp->d) && gcry_is_secure (astr)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = gcry_malloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); gcry_free (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, astr, alen); c.pos += alen; } else if (*p == 'd') { /* Insert an integer as string. */ int aint; size_t alen; char buf[35]; ARG_NEXT (aint, int); sprintf (buf, "%d", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, buf, alen); c.pos += alen; } else if (*p == 'u') { /* Insert an unsigned integer as string. */ unsigned int aint; size_t alen; char buf[35]; ARG_NEXT (aint, unsigned int); sprintf (buf, "%u", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, buf, alen); c.pos += alen; } else if (*p == 'S') { /* Insert a gcry_sexp_t. */ gcry_sexp_t asexp; size_t alen, aoff; ARG_NEXT (asexp, gcry_sexp_t); alen = get_internal_buffer (asexp, &aoff); if (alen) { MAKE_SPACE (alen); memcpy (c.pos, asexp->d + aoff, alen); c.pos += alen; } } else { *erroff = p - buffer; /* Invalid format specifier. */ err = GPG_ERR_SEXP_INV_LEN_SPEC; goto leave; } percent = NULL; } else if (*p == '(') { if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } MAKE_SPACE (0); *c.pos++ = ST_OPEN; level++; } else if (*p == ')') { /* Walk up. */ if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } MAKE_SPACE (0); *c.pos++ = ST_CLOSE; level--; } else if (*p == '\"') { quoted = p; quoted_esc = 0; } else if (*p == '#') { hexfmt = p; hexcount = 0; } else if (*p == '|') base64 = p; else if (*p == '[') { if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_NESTED_DH; goto leave; } disphint = p; } else if (*p == ']') { if (!disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } disphint = NULL; } else if (digitp (p)) { if (*p == '0') { /* A length may not begin with zero. */ *erroff = p - buffer; err = GPG_ERR_SEXP_ZERO_PREFIX; goto leave; } digptr = p; } else if (strchr (tokenchars, *p)) tokenp = p; else if (whitespacep (p)) ; else if (*p == '{') { /* fixme: handle rescanning: we can do this by saving our current state and start over at p+1 -- Hmmm. At this point here we are in a well defined state, so we don't need to save it. Great. */ *erroff = p - buffer; err = GPG_ERR_SEXP_UNEXPECTED_PUNC; goto leave; } else if (strchr ("&\\", *p)) { /* Reserved punctuation. */ *erroff = p - buffer; err = GPG_ERR_SEXP_UNEXPECTED_PUNC; goto leave; } else if (argflag && (*p == '%')) percent = p; else { /* Bad or unavailable. */ *erroff = p - buffer; err = GPG_ERR_SEXP_BAD_CHARACTER; goto leave; } } MAKE_SPACE (0); *c.pos++ = ST_STOP; if (level && !err) err = GPG_ERR_SEXP_UNMATCHED_PAREN; leave: if (err) { /* Error -> deallocate. */ if (c.sexp) { /* Extra paranoid wipe on error. */ if (gcry_is_secure (c.sexp)) wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1); gcry_free (c.sexp); } /* This might be expected by existing code... */ *retsexp = NULL; } else *retsexp = normalize (c.sexp); return gcry_error (err); #undef MAKE_SPACE #undef STORE_LEN }