void DisposeSafeAlloc() { delete safeMutex; pgpAssert(!safesAllocated); memset(safeAllocs[0].data, 0, SAFEALLOCSIZE * NUMSAFEALLOCS); pgp_free(safeAllocStorage); #ifdef BETA //DebugLog("Max Safes: %d", maxSafes); #endif }
static bytea * decrypt_internal(int is_pubenc, int need_text, text *data, text *key, text *keypsw, text *args) { int err; MBuf *src = NULL, *dst = NULL; uint8 tmp[VARHDRSZ]; uint8 *restmp; bytea *res; int res_len; PGP_Context *ctx = NULL; struct debug_expect ex; int got_unicode = 0; init_work(&ctx, need_text, args, &ex); src = mbuf_create_from_data((uint8 *) VARDATA(data), VARSIZE(data) - VARHDRSZ); dst = mbuf_create(VARSIZE(data) + 2048); /* * reserve room for header */ mbuf_append(dst, tmp, VARHDRSZ); /* * set key */ if (is_pubenc) { uint8 *psw = NULL; int psw_len = 0; MBuf *kbuf; if (keypsw) { psw = (uint8 *) VARDATA(keypsw); psw_len = VARSIZE(keypsw) - VARHDRSZ; } kbuf = create_mbuf_from_vardata(key); err = pgp_set_pubkey(ctx, kbuf, psw, psw_len, 1); mbuf_free(kbuf); } else err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key), VARSIZE(key) - VARHDRSZ); /* * decrypt */ if (err >= 0) err = pgp_decrypt(ctx, src, dst); /* * failed? */ if (err < 0) goto out; if (ex.expect) check_expect(ctx, &ex); /* remember the setting */ got_unicode = pgp_get_unicode_mode(ctx); out: if (src) mbuf_free(src); if (ctx) pgp_free(ctx); if (err) { px_set_debug_handler(NULL); if (dst) mbuf_free(dst); ereport(ERROR, (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION), errmsg("%s", px_strerror(err)))); } res_len = mbuf_steal_data(dst, &restmp); mbuf_free(dst); /* res_len includes VARHDRSZ */ res = (bytea *) restmp; SET_VARSIZE(res, res_len); if (need_text && got_unicode) { text *utf = convert_from_utf8(res); if (utf != res) { clear_and_pfree(res); res = utf; } } px_set_debug_handler(NULL); /* * add successfull decryptions also into RNG */ add_entropy(res, key, keypsw); return res; }
static bytea * encrypt_internal(int is_pubenc, int is_text, text *data, text *key, text *args) { MBuf *src, *dst; uint8 tmp[VARHDRSZ]; uint8 *restmp; bytea *res; int res_len; PGP_Context *ctx; int err; struct debug_expect ex; text *tmp_data = NULL; /* * Add data and key info RNG. */ add_entropy(data, key, NULL); init_work(&ctx, is_text, args, &ex); if (is_text && pgp_get_unicode_mode(ctx)) { tmp_data = convert_to_utf8(data); if (tmp_data == data) tmp_data = NULL; else data = tmp_data; } src = create_mbuf_from_vardata(data); dst = mbuf_create(VARSIZE(data) + 128); /* * reserve room for header */ mbuf_append(dst, tmp, VARHDRSZ); /* * set key */ if (is_pubenc) { MBuf *kbuf = create_mbuf_from_vardata(key); err = pgp_set_pubkey(ctx, kbuf, NULL, 0, 0); mbuf_free(kbuf); } else err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key), VARSIZE(key) - VARHDRSZ); /* * encrypt */ if (err >= 0) err = pgp_encrypt(ctx, src, dst); /* * check for error */ if (err) { if (ex.debug) px_set_debug_handler(NULL); if (tmp_data) clear_and_pfree(tmp_data); pgp_free(ctx); mbuf_free(src); mbuf_free(dst); ereport(ERROR, (errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION), errmsg("%s", px_strerror(err)))); } /* res_len includes VARHDRSZ */ res_len = mbuf_steal_data(dst, &restmp); res = (bytea *) restmp; SET_VARSIZE(res, res_len); if (tmp_data) clear_and_pfree(tmp_data); pgp_free(ctx); mbuf_free(src); mbuf_free(dst); px_set_debug_handler(NULL); return res; }
CPriorityQueue::~CPriorityQueue() { delete mAvailable; pgp_free(mQueues); }
void DESDKeyDone(void *ksa) { memset(ksa, 0, 96 * sizeof(ulong)); pgp_free((ulong *)ksa); }
void DESDKeyDone(void *ksa) { pgp_free((ulong *)ksa); }
/* We have parsed a 'certif:' attribute from a 'key-cert' object. * Now perform the check to make sure the hexid specified in the * 'key-cert:' attribute matches the hexid from the 'certif:' * attribute. We perform this check (and others) by adding the * 'certif:' attribute/PGP key block to a temp ring and parsing * the output from PGP. Additionally, we check the following: * * 1. make sure there is only 1 hexid in the key * 2. make sure there is at least 1 owner/uid specified * 3. make sure we get a 'Successful' return string from PGP * 4. call get_fingerprint () to get the key fingerprint * which checks to make sure there is only 1 fingerprint * * Return: * * file name of key certificate file if there were no errors found * - the file can then be used to easily add the PGP key to the * local ring * - the key fingerprint and owner(s)/uid(s) are saved to be * used for the corresponding 'key-cert' auto-generated fields * NULL otherwise */ char *hexid_check (parse_info_t *o) { #ifdef PGP char pgpinfn[256], tmp_pgp_dir[256], ebuf[1024]; FILE *pgpin; char_list_t *p; pgp_data_t pdat; int pgp_errors = 0, fd; #endif /* If we don't have PGP installed then there is nothing to do. */ #ifndef PGP error_msg_queue (o, "PGP is not installed on the system. Cannot perform operation.", ERROR_MSG); return NULL; #else /* make a tmp directory for the pgp rings */ umask (0022); strcpy (tmp_pgp_dir, "/var/tmp/pgp.XXXXXX"); if (mkdtemp (tmp_pgp_dir) == NULL) { error_msg_queue (o, "Internal error. Couldn't create temp directory for PGP\n", ERROR_MSG); return NULL; } /* create a file and put the key certificate into it */ strcpy (pgpinfn, "/var/tmp/irrsyntax.XXXXXX"); fd = mkstemp (pgpinfn); if ((pgpin = fdopen (fd, "w")) == NULL) { error_msg_queue (o, "Internal error. Could not check 'key-cert:' temp file creation error", ERROR_MSG); goto pgp_errors_jump; } fwrite (o->u.kc.certif, sizeof (char), strlen (o->u.kc.certif), pgpin); fclose (pgpin); /* add the certificate to a temp ring */ if (!pgp_add (default_trace, tmp_pgp_dir, pgpinfn, &pdat)) { error_msg_queue (o, "Couldn't add key-cert to ring. Didn't get successful reply from PGP", ERROR_MSG); goto pgp_errors_jump; } /* certificate checks */ /* do we have more than 1 hex ID? */ if (pdat.hex_cnt > 1) { error_msg_queue (o, "Too many public keys in certificate", ERROR_MSG); pgp_errors = 1; } /* does the hex ID of the 'key-cert' attr match the certificate hex ID ? */ else if (strcmp (pdat.hex_first->key, o->u.kc.kchexid)) { snprintf (ebuf, 1024, "Hex-ID mistmatch: 'key-cert:' (%s) 'certif:' (%s)\n", o->u.kc.kchexid, pdat.hex_first->key); error_msg_queue (o, ebuf, ERROR_MSG); pgp_errors = 1; } /* owner check */ else if (pdat.owner_first == NULL) { error_msg_queue (o, "No uid's/owners found in certificate", ERROR_MSG); pgp_errors = 1; } /* grab all the owners */ else { o->u.kc.owner_count = pdat.owner_cnt; for (p = pdat.owner_first; p != NULL; p = p->next) o->u.kc.owner = my_concat (o->u.kc.owner, p->key, 0); } /* get the key fingerprint */ if (!pgp_errors && !get_fingerprint (o, tmp_pgp_dir, &pdat)) pgp_errors = 1; if (o->u.kc.owner != NULL) if (verbose) fprintf (dfile, "owner count (%d) owner (%s)\n", o->u.kc.owner_count, o->u.kc.owner); if (o->u.kc.fingerpr != NULL) if (verbose) fprintf (dfile, "fingerpr (%s)\n", o->u.kc.fingerpr); /* end debug */ /* clean up */ pgp_free (&pdat); /* if we have errors then we won't need the key file */ if (pgp_errors) { pgp_errors_jump: rm_tmpdir (tmp_pgp_dir); /* can get rid of temporary directory */ remove (pgpinfn); return NULL; } rm_tmpdir (tmp_pgp_dir); /* can get rid of temporary directory */ /* leave pgp key for possible addition to local ring */ return strdup (pgpinfn); #endif }