diff options
Diffstat (limited to 'cipher')
-rw-r--r-- | cipher/cipher.c | 144 | ||||
-rw-r--r-- | cipher/dsa-common.c | 96 | ||||
-rw-r--r-- | cipher/dsa.c | 310 | ||||
-rw-r--r-- | cipher/ecc-common.h | 2 | ||||
-rw-r--r-- | cipher/ecc-curves.c | 90 | ||||
-rw-r--r-- | cipher/ecc-ecdsa.c | 29 | ||||
-rw-r--r-- | cipher/ecc-eddsa.c | 64 | ||||
-rw-r--r-- | cipher/ecc-gost.c | 17 | ||||
-rw-r--r-- | cipher/ecc-misc.c | 48 | ||||
-rw-r--r-- | cipher/ecc.c | 360 | ||||
-rw-r--r-- | cipher/elgamal.c | 238 | ||||
-rw-r--r-- | cipher/hmac-tests.c | 2 | ||||
-rw-r--r-- | cipher/kdf.c | 62 | ||||
-rw-r--r-- | cipher/mac-cmac.c | 2 | ||||
-rw-r--r-- | cipher/mac-gmac.c | 2 | ||||
-rw-r--r-- | cipher/mac-hmac.c | 20 | ||||
-rw-r--r-- | cipher/mac.c | 104 | ||||
-rw-r--r-- | cipher/md.c | 132 | ||||
-rw-r--r-- | cipher/primegen.c | 215 | ||||
-rw-r--r-- | cipher/pubkey-util.c | 162 | ||||
-rw-r--r-- | cipher/pubkey.c | 149 | ||||
-rw-r--r-- | cipher/rsa-common.c | 74 | ||||
-rw-r--r-- | cipher/rsa.c | 450 |
23 files changed, 1357 insertions, 1415 deletions
diff --git a/cipher/cipher.c b/cipher/cipher.c index 516f44ba..f7f5a46b 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -197,7 +197,7 @@ search_oid (const char *oid, gcry_cipher_oid_spec_t *oid_spec) not known. It is valid to pass NULL for STRING which results in a return value of 0. */ int -gcry_cipher_map_name (const char *string) +_gcry_cipher_map_name (const char *string) { gcry_cipher_spec_t *spec; @@ -225,7 +225,7 @@ gcry_cipher_map_name (const char *string) with that OID or 0 if no mode is known. Passing NULL for string yields a return value of 0. */ int -gcry_cipher_mode_from_oid (const char *string) +_gcry_cipher_mode_from_oid (const char *string) { gcry_cipher_spec_t *spec; gcry_cipher_oid_spec_t oid_spec; @@ -246,7 +246,7 @@ gcry_cipher_mode_from_oid (const char *string) used by Libgcrypt. A "?" is returned for an unknown algorithm. NULL is never returned. */ const char * -gcry_cipher_algo_name (int algorithm) +_gcry_cipher_algo_name (int algorithm) { gcry_cipher_spec_t *spec; @@ -340,21 +340,21 @@ cipher_get_blocksize (int algorithm) Values for these flags may be combined using OR. */ -gcry_error_t -gcry_cipher_open (gcry_cipher_hd_t *handle, - int algo, int mode, unsigned int flags) +gcry_err_code_t +_gcry_cipher_open (gcry_cipher_hd_t *handle, + int algo, int mode, unsigned int flags) { - gcry_err_code_t err; + gcry_err_code_t rc; gcry_cipher_hd_t h = NULL; if (mode >= GCRY_CIPHER_MODE_INTERNAL) - err = GPG_ERR_INV_CIPHER_MODE; + rc = GPG_ERR_INV_CIPHER_MODE; else - err = _gcry_cipher_open_internal (&h, algo, mode, flags); + rc = _gcry_cipher_open_internal (&h, algo, mode, flags); - *handle = err ? NULL : h; + *handle = rc ? NULL : h; - return gcry_error (err); + return rc; } @@ -545,7 +545,7 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, /* Release all resources associated with the cipher handle H. H may be NULL in which case this is a no-operation. */ void -gcry_cipher_close (gcry_cipher_hd_t h) +_gcry_cipher_close (gcry_cipher_hd_t h) { size_t off; @@ -574,13 +574,13 @@ gcry_cipher_close (gcry_cipher_hd_t h) /* Set the key to be used for the encryption context C to KEY with length KEYLEN. The length should match the required length. */ -static gcry_error_t +static gcry_err_code_t cipher_setkey (gcry_cipher_hd_t c, byte *key, size_t keylen) { - gcry_err_code_t ret; + gcry_err_code_t rc; - ret = c->spec->setkey (&c->context.c, key, keylen); - if (!ret) + rc = c->spec->setkey (&c->context.c, key, keylen); + if (!rc) { /* Duplicate initial context. */ memcpy ((void *) ((char *) &c->context.c + c->spec->contextsize), @@ -605,7 +605,7 @@ cipher_setkey (gcry_cipher_hd_t c, byte *key, size_t keylen) else c->marks.key = 0; - return gcry_error (ret); + return rc; } @@ -830,11 +830,11 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, * Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has * been requested. */ -gcry_error_t -gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize, - const void *in, size_t inlen) +gcry_err_code_t +_gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize, + const void *in, size_t inlen) { - gcry_err_code_t err; + gcry_err_code_t rc; if (!in) /* Caller requested in-place encryption. */ { @@ -842,14 +842,14 @@ gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize, inlen = outsize; } - err = cipher_encrypt (h, out, outsize, in, inlen); + rc = cipher_encrypt (h, out, outsize, in, inlen); /* Failsafe: Make sure that the plaintext will never make it into OUT if the encryption returned an error. */ - if (err && out) + if (rc && out) memset (out, 0x42, outsize); - return gcry_error (err); + return rc; } @@ -934,21 +934,17 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, } -gcry_error_t -gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize, - const void *in, size_t inlen) +gcry_err_code_t +_gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize, + const void *in, size_t inlen) { - gcry_err_code_t err; - if (!in) /* Caller requested in-place encryption. */ { in = out; inlen = outsize; } - err = cipher_decrypt (h, out, outsize, in, inlen); - - return gcry_error (err); + return cipher_decrypt (h, out, outsize, in, inlen); } @@ -971,17 +967,17 @@ cipher_sync (gcry_cipher_hd_t c) } -gcry_error_t +gcry_err_code_t _gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen) { return cipher_setkey (hd, (void*)key, keylen); } -gcry_error_t +gcry_err_code_t _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen) { - gcry_err_code_t rc = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; switch (hd->mode) { @@ -993,13 +989,13 @@ _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen) rc = cipher_setiv (hd, iv, ivlen); break; } - return gpg_error (rc); + return rc; } /* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of block size length, or (NULL,0) to set the CTR to the all-zero block. */ -gpg_error_t +gpg_err_code_t _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) { if (ctr && ctrlen == hd->spec->blocksize) @@ -1013,11 +1009,13 @@ _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) hd->unused = 0; } else - return gpg_error (GPG_ERR_INV_ARG); + return GPG_ERR_INV_ARG; + return 0; } -gcry_error_t + +gcry_err_code_t _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen) { @@ -1043,10 +1041,11 @@ _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, break; } - return gpg_error (rc); + return rc; } -gcry_error_t + +gcry_err_code_t _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) { gcry_err_code_t rc; @@ -1071,10 +1070,11 @@ _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) break; } - return gpg_error (rc); + return rc; } -gcry_error_t + +gcry_err_code_t _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) { gcry_err_code_t rc; @@ -1099,14 +1099,14 @@ _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) break; } - return gpg_error (rc); + return rc; } -gcry_error_t -gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) +gcry_err_code_t +_gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) { - gcry_err_code_t rc = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; switch (cmd) { @@ -1206,7 +1206,7 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) rc = GPG_ERR_INV_OP; } - return gcry_error (rc); + return rc; } @@ -1218,10 +1218,10 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) The function always returns GPG_ERR_INV_OP. */ -gcry_error_t -gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes) +gcry_err_code_t +_gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; (void)h; (void)buffer; @@ -1230,10 +1230,10 @@ gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes) switch (cmd) { default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } /* Return information about the given cipher algorithm ALGO. @@ -1260,17 +1260,17 @@ gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes) and thereby detecting whether a error occurred or not (i.e. while checking the block size) */ -gcry_error_t -gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes) +gcry_err_code_t +_gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; unsigned int ui; switch (what) { case GCRYCTL_GET_KEYLEN: if (buffer || (! nbytes)) - err = GPG_ERR_CIPHER_ALGO; + rc = GPG_ERR_CIPHER_ALGO; else { ui = cipher_get_keylen (algo); @@ -1278,37 +1278,39 @@ gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes) *nbytes = (size_t) ui / 8; else /* The only reason for an error is an invalid algo. */ - err = GPG_ERR_CIPHER_ALGO; + rc = GPG_ERR_CIPHER_ALGO; } break; case GCRYCTL_GET_BLKLEN: if (buffer || (! nbytes)) - err = GPG_ERR_CIPHER_ALGO; + rc = GPG_ERR_CIPHER_ALGO; else { ui = cipher_get_blocksize (algo); if ((ui > 0) && (ui < 10000)) *nbytes = ui; else - /* The only reason is an invalid algo or a strange - blocksize. */ - err = GPG_ERR_CIPHER_ALGO; + { + /* The only reason is an invalid algo or a strange + blocksize. */ + rc = GPG_ERR_CIPHER_ALGO; + } } break; case GCRYCTL_TEST_ALGO: if (buffer || nbytes) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else - err = check_cipher_algo (algo); + rc = check_cipher_algo (algo); break; default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } @@ -1321,15 +1323,16 @@ gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes) gcry_cipher_algo_info because it allows for proper type checking. */ size_t -gcry_cipher_get_algo_keylen (int algo) +_gcry_cipher_get_algo_keylen (int algo) { size_t n; - if (gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &n)) + if (_gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &n)) n = 0; return n; } + /* This functions returns the blocklength of the algorithm ALGO counted in octets. On error 0 is returned. @@ -1337,15 +1340,16 @@ gcry_cipher_get_algo_keylen (int algo) gcry_cipher_algo_info because it allows for proper type checking. */ size_t -gcry_cipher_get_algo_blklen (int algo) +_gcry_cipher_get_algo_blklen (int algo) { size_t n; - if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n)) + if (_gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n)) n = 0; return n; } + /* Explicitly initialize this module. */ gcry_err_code_t _gcry_cipher_init (void) diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c index c5386b75..da29dd32 100644 --- a/cipher/dsa-common.c +++ b/cipher/dsa-common.c @@ -54,7 +54,7 @@ _gcry_dsa_gen_k (gcry_mpi_t q, int security_level) if ( !rndbuf || nbits < 32 ) { gcry_free (rndbuf); - rndbuf = gcry_random_bytes_secure (nbytes, security_level); + rndbuf = _gcry_random_bytes_secure (nbytes, security_level); } else { /* Change only some of the higher bits. We could improve @@ -62,7 +62,7 @@ _gcry_dsa_gen_k (gcry_mpi_t q, int security_level) to get_random_bytes() and use these extra bytes here. However the required management code is more complex and thus we better use this simple method. */ - char *pp = gcry_random_bytes_secure (4, security_level); + char *pp = _gcry_random_bytes_secure (4, security_level); memcpy (rndbuf, pp, 4); gcry_free (pp); } @@ -112,8 +112,7 @@ int2octets (unsigned char **r_frame, gcry_mpi_t value, size_t nbytes) size_t nframe, noff, n; unsigned char *frame; - rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, - &nframe, value)); + rc = _gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nframe, value); if (rc) return rc; if (nframe > nbytes) @@ -127,8 +126,7 @@ int2octets (unsigned char **r_frame, gcry_mpi_t value, size_t nbytes) if (noff) memset (frame, 0, noff); nframe += noff; - rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, frame+noff, nframe-noff, - NULL, value)); + rc = _gcry_mpi_print (GCRYMPI_FMT_USG, frame+noff, nframe-noff, NULL, value); if (rc) { gcry_free (frame); @@ -152,12 +150,11 @@ bits2octets (unsigned char **r_frame, gcry_mpi_t z1; /* z1 = bits2int (b) */ - rc = gpg_err_code (gcry_mpi_scan (&z1, GCRYMPI_FMT_USG, - bits, (nbits+7)/8, NULL)); + rc = _gcry_mpi_scan (&z1, GCRYMPI_FMT_USG, bits, (nbits+7)/8, NULL); if (rc) return rc; if (nbits > qbits) - gcry_mpi_rshift (z1, z1, nbits - qbits); + mpi_rshift (z1, z1, nbits - qbits); /* z2 - z1 mod q */ if (mpi_cmp (z1, q) >= 0) @@ -199,7 +196,7 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, if (!qbits || !h1 || !hlen) return GPG_ERR_EINVAL; - if (gcry_md_get_algo_dlen (halgo) != hlen) + if (_gcry_md_get_algo_dlen (halgo) != hlen) return GPG_ERR_DIGEST_ALGO; /* Step b: V = 0x01 0x01 0x01 ... 0x01 */ @@ -229,44 +226,43 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, goto leave; /* Create a handle to compute the HMACs. */ - rc = gpg_err_code (gcry_md_open (&hd, halgo, - (GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC))); + rc = _gcry_md_open (&hd, halgo, (GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)); if (rc) goto leave; /* Step d: K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - gcry_md_write (hd, "", 1); - gcry_md_write (hd, x_buf, (qbits+7)/8); - gcry_md_write (hd, h1_buf, (qbits+7)/8); - memcpy (K, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + _gcry_md_write (hd, "", 1); + _gcry_md_write (hd, x_buf, (qbits+7)/8); + _gcry_md_write (hd, h1_buf, (qbits+7)/8); + memcpy (K, _gcry_md_read (hd, 0), hlen); /* Step e: V = HMAC_K(V) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - memcpy (V, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + memcpy (V, _gcry_md_read (hd, 0), hlen); /* Step f: K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - gcry_md_write (hd, "\x01", 1); - gcry_md_write (hd, x_buf, (qbits+7)/8); - gcry_md_write (hd, h1_buf, (qbits+7)/8); - memcpy (K, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + _gcry_md_write (hd, "\x01", 1); + _gcry_md_write (hd, x_buf, (qbits+7)/8); + _gcry_md_write (hd, h1_buf, (qbits+7)/8); + memcpy (K, _gcry_md_read (hd, 0), hlen); /* Step g: V = HMAC_K(V) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - memcpy (V, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + memcpy (V, _gcry_md_read (hd, 0), hlen); /* Step h. */ t = gcry_malloc ((qbits+7)/8+hlen); @@ -280,11 +276,11 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, for (tbits = 0; tbits < qbits;) { /* V = HMAC_K(V) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - memcpy (V, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + memcpy (V, _gcry_md_read (hd, 0), hlen); /* T = T || V */ memcpy (t+(tbits+7)/8, V, hlen); @@ -294,29 +290,29 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, /* k = bits2int (T) */ mpi_free (k); k = NULL; - rc = gpg_err_code (gcry_mpi_scan (&k, GCRYMPI_FMT_USG, t, (tbits+7)/8, NULL)); + rc = _gcry_mpi_scan (&k, GCRYMPI_FMT_USG, t, (tbits+7)/8, NULL); if (rc) goto leave; if (tbits > qbits) - gcry_mpi_rshift (k, k, tbits - qbits); + mpi_rshift (k, k, tbits - qbits); /* Check: k < q and k > 1 */ if (!(mpi_cmp (k, dsa_q) < 0 && mpi_cmp_ui (k, 0) > 0)) { /* K = HMAC_K(V || 0x00) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - gcry_md_write (hd, "", 1); - memcpy (K, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + _gcry_md_write (hd, "", 1); + memcpy (K, _gcry_md_read (hd, 0), hlen); /* V = HMAC_K(V) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - memcpy (V, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + memcpy (V, _gcry_md_read (hd, 0), hlen); goto again; } @@ -330,19 +326,19 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, extraloops--; /* K = HMAC_K(V || 0x00) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - gcry_md_write (hd, "", 1); - memcpy (K, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + _gcry_md_write (hd, "", 1); + memcpy (K, _gcry_md_read (hd, 0), hlen); /* V = HMAC_K(V) */ - rc = gpg_err_code (gcry_md_setkey (hd, K, hlen)); + rc = _gcry_md_setkey (hd, K, hlen); if (rc) goto leave; - gcry_md_write (hd, V, hlen); - memcpy (V, gcry_md_read (hd, 0), hlen); + _gcry_md_write (hd, V, hlen); + memcpy (V, _gcry_md_read (hd, 0), hlen); goto again; } @@ -351,7 +347,7 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, leave: gcry_free (t); - gcry_md_close (hd); + _gcry_md_close (hd); gcry_free (h1_buf); gcry_free (x_buf); gcry_free (K); diff --git a/cipher/dsa.c b/cipher/dsa.c index 45ad97a6..d5ff5ba7 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -148,9 +148,9 @@ test_keys (DSA_secret_key *sk, unsigned int qbits) { int result = -1; /* Default to failure. */ DSA_public_key pk; - gcry_mpi_t data = gcry_mpi_new (qbits); - gcry_mpi_t sig_a = gcry_mpi_new (qbits); - gcry_mpi_t sig_b = gcry_mpi_new (qbits); + gcry_mpi_t data = mpi_new (qbits); + gcry_mpi_t sig_a = mpi_new (qbits); + gcry_mpi_t sig_b = mpi_new (qbits); /* Put the relevant parameters into a public key structure. */ pk.p = sk->p; @@ -159,7 +159,7 @@ test_keys (DSA_secret_key *sk, unsigned int qbits) pk.y = sk->y; /* Create a random plaintext. */ - gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM); + _gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM); /* Sign DATA using the secret key. */ sign (sig_a, sig_b, data, sk, 0, 0); @@ -169,16 +169,16 @@ test_keys (DSA_secret_key *sk, unsigned int qbits) goto leave; /* Signature does not match. */ /* Modify the data and check that the signing fails. */ - gcry_mpi_add_ui (data, data, 1); + mpi_add_ui (data, data, 1); if ( verify (sig_a, sig_b, data, &pk) ) goto leave; /* Signature matches but should not. */ result = 0; /* The test succeeded. */ leave: - gcry_mpi_release (sig_b); - gcry_mpi_release (sig_a); - gcry_mpi_release (data); + _gcry_mpi_release (sig_b); + _gcry_mpi_release (sig_a); + _gcry_mpi_release (data); return result; } @@ -263,7 +263,7 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, { mpi_add_ui (h, h, 1); /* g = h^e mod p */ - gcry_mpi_powm (g, h, e, p); + mpi_powm (g, h, e, p); } while (!mpi_cmp_ui (g, 1)); /* Continue until g != 1. */ } @@ -291,10 +291,10 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, if( DBG_CIPHER ) progress('.'); if( !rndbuf ) - rndbuf = gcry_random_bytes_secure ((qbits+7)/8, random_level); + rndbuf = _gcry_random_bytes_secure ((qbits+7)/8, random_level); else { /* Change only some of the higher bits (= 2 bytes)*/ - char *r = gcry_random_bytes_secure (2, random_level); + char *r = _gcry_random_bytes_secure (2, random_level); memcpy(rndbuf, r, 2 ); gcry_free(r); } @@ -309,7 +309,7 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* y = g^x mod p */ y = mpi_alloc( mpi_get_nlimbs(p) ); - gcry_mpi_powm( y, g, x, p ); + mpi_powm (y, g, x, p); if( DBG_CIPHER ) { @@ -331,11 +331,11 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Now we can test our keys (this should never fail!). */ if ( test_keys (sk, qbits) ) { - gcry_mpi_release (sk->p); sk->p = NULL; - gcry_mpi_release (sk->q); sk->q = NULL; - gcry_mpi_release (sk->g); sk->g = NULL; - gcry_mpi_release (sk->y); sk->y = NULL; - gcry_mpi_release (sk->x); sk->x = NULL; + _gcry_mpi_release (sk->p); sk->p = NULL; + _gcry_mpi_release (sk->q); sk->q = NULL; + _gcry_mpi_release (sk->g); sk->g = NULL; + _gcry_mpi_release (sk->y); sk->y = NULL; + _gcry_mpi_release (sk->x); sk->x = NULL; fips_signal_error ("self-test after key generation failed"); return GPG_ERR_SELFTEST_FAILED; } @@ -418,9 +418,9 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Get an initial seed value. */ if (deriveparms) { - initial_seed.sexp = gcry_sexp_find_token (deriveparms, "seed", 0); + initial_seed.sexp = sexp_find_token (deriveparms, "seed", 0); if (initial_seed.sexp) - initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1, + initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1, &initial_seed.seedlen); } @@ -439,7 +439,7 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* &prime_q, &prime_p, */ /* r_counter, */ /* r_seed, r_seedlen, NULL); */ - gcry_sexp_release (initial_seed.sexp); + sexp_release (initial_seed.sexp); if (ec) goto leave; @@ -461,19 +461,19 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Select a random number x with: 0 < x < q */ - value_x = gcry_mpi_snew (qbits); + value_x = mpi_snew (qbits); do { if( DBG_CIPHER ) progress('.'); - gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM); + _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM); mpi_clear_highbit (value_x, qbits+1); } while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0)); /* y = g^x mod p */ value_y = mpi_alloc_like (prime_p); - gcry_mpi_powm (value_y, value_g, value_x, prime_p); + mpi_powm (value_y, value_g, value_x, prime_p); if (DBG_CIPHER) { @@ -495,22 +495,22 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, *r_h = value_h; value_h = NULL; leave: - gcry_mpi_release (prime_p); - gcry_mpi_release (prime_q); - gcry_mpi_release (value_g); - gcry_mpi_release (value_y); - gcry_mpi_release (value_x); - gcry_mpi_release (value_h); - gcry_mpi_release (value_e); + _gcry_mpi_release (prime_p); + _gcry_mpi_release (prime_q); + _gcry_mpi_release (value_g); + _gcry_mpi_release (value_y); + _gcry_mpi_release (value_x); + _gcry_mpi_release (value_h); + _gcry_mpi_release (value_e); /* As a last step test this keys (this should never fail of course). */ if (!ec && test_keys (sk, qbits) ) { - gcry_mpi_release (sk->p); sk->p = NULL; - gcry_mpi_release (sk->q); sk->q = NULL; - gcry_mpi_release (sk->g); sk->g = NULL; - gcry_mpi_release (sk->y); sk->y = NULL; - gcry_mpi_release (sk->x); sk->x = NULL; + _gcry_mpi_release (sk->p); sk->p = NULL; + _gcry_mpi_release (sk->q); sk->q = NULL; + _gcry_mpi_release (sk->g); sk->g = NULL; + _gcry_mpi_release (sk->y); sk->y = NULL; + _gcry_mpi_release (sk->x); sk->x = NULL; fips_signal_error ("self-test after key generation failed"); ec = GPG_ERR_SELFTEST_FAILED; } @@ -520,7 +520,7 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, *r_counter = 0; gcry_free (*r_seed); *r_seed = NULL; *r_seedlen = 0; - gcry_mpi_release (*r_h); *r_h = NULL; + _gcry_mpi_release (*r_h); *r_h = NULL; } return ec; @@ -538,7 +538,7 @@ check_secret_key( DSA_secret_key *sk ) int rc; gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) ); - gcry_mpi_powm( y, sk->g, sk->x, sk->p ); + mpi_powm( y, sk->g, sk->x, sk->p ); rc = !mpi_cmp( y, sk->y ); mpi_free( y ); return rc; @@ -575,13 +575,12 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, /* Convert the INPUT into an MPI. */ if (mpi_is_opaque (input)) { - abuf = gcry_mpi_get_opaque (input, &abits); - rc = gpg_err_code (gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, - abuf, (abits+7)/8, NULL)); + abuf = mpi_get_opaque (input, &abits); + rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL); if (rc) return rc; if (abits > qbits) - gcry_mpi_rshift (hash, hash, abits - qbits); + mpi_rshift (hash, hash, abits - qbits); } else hash = input; @@ -599,7 +598,7 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, goto leave; } - abuf = gcry_mpi_get_opaque (input, &abits); + abuf = mpi_get_opaque (input, &abits); rc = _gcry_dsa_gen_rfc6979_k (&k, skey->q, skey->x, abuf, (abits+7)/8, hashalgo, extraloops); if (rc) @@ -612,7 +611,7 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, } /* r = (a^k mod p) mod q */ - gcry_mpi_powm( r, skey->g, k, skey->p ); + mpi_powm( r, skey->g, k, skey->p ); mpi_fdiv_r( r, r, skey->q ); /* kinv = k^(-1) mod q */ @@ -722,71 +721,71 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) return rc; /* Parse the optional flags list. */ - l1 = gcry_sexp_find_token (genparms, "flags", 0); + l1 = sexp_find_token (genparms, "flags", 0); if (l1) { rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - gcry_sexp_release (l1); + sexp_release (l1); if (rc) return rc;\ } /* Parse the optional qbits element. */ - l1 = gcry_sexp_find_token (genparms, "qbits", 0); + l1 = sexp_find_token (genparms, "qbits", 0); if (l1) { char buf[50]; const char *s; size_t n; - s = gcry_sexp_nth_data (l1, 1, &n); + s = sexp_nth_data (l1, 1, &n); if (!s || n >= DIM (buf) - 1 ) { - gcry_sexp_release (l1); + sexp_release (l1); return GPG_ERR_INV_OBJ; /* No value or value too large. */ } memcpy (buf, s, n); buf[n] = 0; qbits = (unsigned int)strtoul (buf, NULL, 0); - gcry_sexp_release (l1); + sexp_release (l1); } /* Parse the optional transient-key flag. */ if (!(flags & PUBKEY_FLAG_TRANSIENT_KEY)) { - l1 = gcry_sexp_find_token (genparms, "transient-key", 0); + l1 = sexp_find_token (genparms, "transient-key", 0); if (l1) { flags |= PUBKEY_FLAG_TRANSIENT_KEY; - gcry_sexp_release (l1); + sexp_release (l1); } } /* Get the optional derive parameters. */ - deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0); + deriveparms = sexp_find_token (genparms, "derive-parms", 0); /* Parse the optional "use-fips186" flags. */ if (!(flags & PUBKEY_FLAG_USE_FIPS186)) { - l1 = gcry_sexp_find_token (genparms, "use-fips186", 0); + l1 = sexp_find_token (genparms, "use-fips186", 0); if (l1) { flags |= PUBKEY_FLAG_USE_FIPS186; - gcry_sexp_release (l1); + sexp_release (l1); } } if (!(flags & PUBKEY_FLAG_USE_FIPS186_2)) { - l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0); + l1 = sexp_find_token (genparms, "use-fips186-2", 0); if (l1) { flags |= PUBKEY_FLAG_USE_FIPS186_2; - gcry_sexp_release (l1); + sexp_release (l1); } } /* Check whether domain parameters are given. */ - domainsexp = gcry_sexp_find_token (genparms, "domain", 0); + domainsexp = sexp_find_token (genparms, "domain", 0); if (domainsexp) { /* DERIVEPARMS can't be used together with domain parameters. @@ -794,30 +793,30 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) are derived from the domain parameters. */ if (deriveparms || qbits || nbits) { - gcry_sexp_release (domainsexp); - gcry_sexp_release (deriveparms); + sexp_release (domainsexp); + sexp_release (deriveparms); return GPG_ERR_INV_VALUE; } /* Put all domain parameters into the domain object. */ - l1 = gcry_sexp_find_token (domainsexp, "p", 0); - domain.p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (domainsexp, "q", 0); - domain.q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (domainsexp, "g", 0); - domain.g = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); - gcry_sexp_release (domainsexp); + l1 = sexp_find_token (domainsexp, "p", 0); + domain.p = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); + l1 = sexp_find_token (domainsexp, "q", 0); + domain.q = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); + l1 = sexp_find_token (domainsexp, "g", 0); + domain.g = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); + sexp_release (domainsexp); /* Check that all domain parameters are available. */ if (!domain.p || !domain.q || !domain.g) { - gcry_mpi_release (domain.p); - gcry_mpi_release (domain.q); - gcry_mpi_release (domain.g); - gcry_sexp_release (deriveparms); + _gcry_mpi_release (domain.p); + _gcry_mpi_release (domain.q); + _gcry_mpi_release (domain.g); + sexp_release (deriveparms); return GPG_ERR_MISSING_VALUE; } @@ -844,11 +843,11 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) { /* Format the seed-values unless domain parameters are used for which a H_VALUE of NULL is an indication. */ - rc = gcry_sexp_build (&seedinfo, NULL, - "(seed-values(counter %d)(seed %b)(h %m))", - counter, (int)seedlen, seed, h_value); + rc = sexp_build (&seedinfo, NULL, + "(seed-values(counter %d)(seed %b)(h %m))", + counter, (int)seedlen, seed, h_value); gcry_free (seed); - gcry_mpi_release (h_value); + _gcry_mpi_release (h_value); } } else @@ -904,7 +903,7 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) arg_list[i++] = factors + j; arg_list[i] = NULL; - rc = gcry_sexp_build_array (&misc_info, NULL, format, arg_list); + rc = sexp_build_array (&misc_info, NULL, format, arg_list); } } @@ -913,31 +912,31 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) } if (!rc) - rc = gcry_sexp_build (r_skey, NULL, - "(key-data" - " (public-key" - " (dsa(p%m)(q%m)(g%m)(y%m)))" - " (private-key" - " (dsa(p%m)(q%m)(g%m)(y%m)(x%m)))" - " %S)", - sk.p, sk.q, sk.g, sk.y, - sk.p, sk.q, sk.g, sk.y, sk.x, - misc_info); - - - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); - - gcry_mpi_release (domain.p); - gcry_mpi_release (domain.q); - gcry_mpi_release (domain.g); - - gcry_sexp_release (seedinfo); - gcry_sexp_release (misc_info); - gcry_sexp_release (deriveparms); + rc = sexp_build (r_skey, NULL, + "(key-data" + " (public-key" + " (dsa(p%m)(q%m)(g%m)(y%m)))" + " (private-key" + " (dsa(p%m)(q%m)(g%m)(y%m)(x%m)))" + " %S)", + sk.p, sk.q, sk.g, sk.y, + sk.p, sk.q, sk.g, sk.y, sk.x, + misc_info); + + + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); + + _gcry_mpi_release (domain.p); + _gcry_mpi_release (domain.q); + _gcry_mpi_release (domain.g); + + sexp_release (seedinfo); + sexp_release (misc_info); + sexp_release (deriveparms); if (factors) { gcry_mpi_t *mp; @@ -966,11 +965,11 @@ dsa_check_secret_key (gcry_sexp_t keyparms) rc = GPG_ERR_BAD_SECKEY; leave: - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); if (DBG_CIPHER) log_debug ("dsa_testkey => %s\n", gpg_strerror (rc)); return rc; @@ -1012,8 +1011,8 @@ dsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_mpidump ("dsa_sign x", sk.x); } - sig_r = gcry_mpi_new (0); - sig_s = gcry_mpi_new (0); + sig_r = mpi_new (0); + sig_s = mpi_new (0); rc = sign (sig_r, sig_s, data, &sk, ctx.flags, ctx.hash_algo); if (rc) goto leave; @@ -1022,17 +1021,17 @@ dsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_mpidump ("dsa_sign sig_r", sig_r); log_mpidump ("dsa_sign sig_s", sig_s); } - rc = gcry_sexp_build (r_sig, NULL, "(sig-val(dsa(r%M)(s%M)))", sig_r, sig_s); + rc = sexp_build (r_sig, NULL, "(sig-val(dsa(r%M)(s%M)))", sig_r, sig_s); leave: - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); - gcry_mpi_release (data); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); + _gcry_mpi_release (data); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("dsa_sign => %s\n", gpg_strerror (rc)); @@ -1096,17 +1095,16 @@ dsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) qbits = mpi_get_nbits (pk.q); - abuf = gcry_mpi_get_opaque (data, &abits); - rc = gpg_err_code (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, - abuf, (abits+7)/8, NULL)); + abuf = mpi_get_opaque (data, &abits); + rc = _gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL); if (!rc) { if (abits > qbits) - gcry_mpi_rshift (a, a, abits - qbits); + mpi_rshift (a, a, abits - qbits); if (!verify (sig_r, sig_s, a, &pk)) rc = GPG_ERR_BAD_SIGNATURE; - gcry_mpi_release (a); + _gcry_mpi_release (a); } } else @@ -1116,14 +1114,14 @@ dsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) } leave: - gcry_mpi_release (pk.p); - gcry_mpi_release (pk.q); - gcry_mpi_release (pk.g); - gcry_mpi_release (pk.y); - gcry_mpi_release (data); - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); - gcry_sexp_release (l1); + _gcry_mpi_release (pk.p); + _gcry_mpi_release (pk.q); + _gcry_mpi_release (pk.g); + _gcry_mpi_release (pk.y); + _gcry_mpi_release (data); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("dsa_verify => %s\n", rc?gpg_strerror (rc):"Good"); @@ -1150,14 +1148,14 @@ dsa_get_nbits (gcry_sexp_t parms) gcry_mpi_t p; unsigned int nbits; - l1 = gcry_sexp_find_token (parms, "p", 1); + l1 = sexp_find_token (parms, "p", 1); if (!l1) return 0; /* Parameter P not found. */ - p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); + p = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); nbits = p? mpi_get_nbits (p) : 0; - gcry_mpi_release (p); + _gcry_mpi_release (p); return nbits; } @@ -1183,30 +1181,29 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) gcry_sexp_t data_bad = NULL; gcry_sexp_t sig = NULL; - err = gcry_sexp_sscan (&data, NULL, - sample_data, strlen (sample_data)); + err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data)); if (!err) - err = gcry_sexp_sscan (&data_bad, NULL, - sample_data_bad, strlen (sample_data_bad)); + err = sexp_sscan (&data_bad, NULL, + sample_data_bad, strlen (sample_data_bad)); if (err) { errtxt = "converting data failed"; goto leave; } - err = gcry_pk_sign (&sig, data, skey); + err = _gcry_pk_sign (&sig, data, skey); if (err) { errtxt = "signing failed"; goto leave; } - err = gcry_pk_verify (sig, data, pkey); + err = _gcry_pk_verify (sig, data, pkey); if (err) { errtxt = "verify failed"; goto leave; } - err = gcry_pk_verify (sig, data_bad, pkey); + err = _gcry_pk_verify (sig, data_bad, pkey); if (gcry_err_code (err) != GPG_ERR_BAD_SIGNATURE) { errtxt = "bad signature not detected"; @@ -1215,9 +1212,9 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) leave: - gcry_sexp_release (sig); - gcry_sexp_release (data_bad); - gcry_sexp_release (data); + sexp_release (sig); + sexp_release (data_bad); + sexp_release (data); return errtxt; } @@ -1233,22 +1230,21 @@ selftests_dsa (selftest_report_func_t report) /* Convert the S-expressions into the internal representation. */ what = "convert"; - err = gcry_sexp_sscan (&skey, NULL, - sample_secret_key, strlen (sample_secret_key)); + err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key)); if (!err) - err = gcry_sexp_sscan (&pkey, NULL, - sample_public_key, strlen (sample_public_key)); + err = sexp_sscan (&pkey, NULL, + sample_public_key, strlen (sample_public_key)); if (err) { - errtxt = gcry_strerror (err); + errtxt = _gcry_strerror (err); goto failed; } what = "key consistency"; - err = gcry_pk_testkey (skey); + err = _gcry_pk_testkey (skey); if (err) { - errtxt = gcry_strerror (err); + errtxt = _gcry_strerror (err); goto failed; } @@ -1257,13 +1253,13 @@ selftests_dsa (selftest_report_func_t report) if (errtxt) goto failed; - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + sexp_release (pkey); + sexp_release (skey); return 0; /* Succeeded. */ failed: - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + sexp_release (pkey); + sexp_release (skey); if (report) report ("pubkey", GCRY_PK_DSA, what, errtxt); return GPG_ERR_SELFTEST_FAILED; diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index 74adaece..1ee1d39d 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -89,7 +89,7 @@ elliptic_curve_t _gcry_ecc_curve_copy (elliptic_curve_t E); const char *_gcry_ecc_model2str (enum gcry_mpi_ec_models model); const char *_gcry_ecc_dialect2str (enum ecc_dialects dialect); gcry_mpi_t _gcry_ecc_ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p); -gcry_error_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); +gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, mpi_point_t G, gcry_mpi_t d); diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index f7c1c6db..5c418d9a 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -310,7 +310,7 @@ point_copy (gcry_mpi_point_t point) if (point) { - newpoint = gcry_mpi_point_new (0); + newpoint = mpi_point_new (0); point_set (newpoint, point); } else @@ -323,12 +323,12 @@ point_copy (gcry_mpi_point_t point) static gcry_mpi_t scanval (const char *string) { - gpg_error_t err; + gpg_err_code_t rc; gcry_mpi_t val; - err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); - if (err) - log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (err)); + rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); + if (rc) + log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc)); return val; } @@ -524,9 +524,9 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits) /* * Extract the curve parameters.. */ - rc = gpg_err_code (_gcry_sexp_extract_param (keyparms, NULL, "-pabgn", - &E.p, &E.a, &E.b, &mpi_g, &E.n, - NULL)); + rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgn", + &E.p, &E.a, &E.b, &mpi_g, &E.n, + NULL)); if (rc == GPG_ERR_NO_OBJ) { /* This might be the second use case of checking whether a @@ -534,12 +534,12 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits) gcry_sexp_t l1; char *name; - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + l1 = sexp_find_token (keyparms, "curve", 5); if (!l1) goto leave; /* No curve name parameter. */ - name = _gcry_sexp_nth_string (l1, 1); - gcry_sexp_release (l1); + name = sexp_nth_string (l1, 1); + sexp_release (l1); if (!name) goto leave; /* Name missing or out of core. */ @@ -602,13 +602,13 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits) } leave: - gcry_mpi_release (tmp); - gcry_mpi_release (E.p); - gcry_mpi_release (E.a); - gcry_mpi_release (E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (tmp); + _gcry_mpi_release (E.p); + _gcry_mpi_release (E.a); + _gcry_mpi_release (E.b); + _gcry_mpi_release (mpi_g); _gcry_mpi_point_free_parts (&E.G); - gcry_mpi_release (E.n); + _gcry_mpi_release (E.n); return result; } @@ -620,11 +620,11 @@ mpi_from_keyparam (gcry_mpi_t *r_a, gcry_sexp_t keyparam, const char *name) gcry_err_code_t ec = 0; gcry_sexp_t l1; - l1 = gcry_sexp_find_token (keyparam, name, 0); + l1 = sexp_find_token (keyparam, name, 0); if (l1) { - *r_a = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); + *r_a = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); if (!*r_a) ec = GPG_ERR_INV_OBJ; } @@ -644,17 +644,17 @@ point_from_keyparam (gcry_mpi_point_t *r_a, gcry_sexp_t l1; gcry_mpi_point_t point; - l1 = gcry_sexp_find_token (keyparam, name, 0); + l1 = sexp_find_token (keyparam, name, 0); if (l1) { gcry_mpi_t a; - a = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_OPAQUE); - gcry_sexp_release (l1); + a = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_OPAQUE); + sexp_release (l1); if (!a) return GPG_ERR_INV_OBJ; - point = gcry_mpi_point_new (0); + point = mpi_point_new (0); if (ec && ec->dialect == ECC_DIALECT_ED25519) rc = _gcry_ecc_eddsa_decodepoint (a, ec, point, NULL, NULL); else @@ -662,7 +662,7 @@ point_from_keyparam (gcry_mpi_point_t *r_a, mpi_free (a); if (rc) { - gcry_mpi_point_release (point); + mpi_point_release (point); return rc; } } @@ -703,7 +703,7 @@ point_from_keyparam (gcry_mpi_point_t *r_a, if (!z) z = mpi_set_ui (NULL, 1); if (x && y) - point = gcry_mpi_point_snatch_set (NULL, x, y, z); + point = mpi_point_snatch_set (NULL, x, y, z); else { mpi_free (x); @@ -750,18 +750,18 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, if (keyparam) { /* Parse an optional flags list. */ - l1 = gcry_sexp_find_token (keyparam, "flags", 0); + l1 = sexp_find_token (keyparam, "flags", 0); if (l1) { errc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - gcry_sexp_release (l1); + sexp_release (l1); l1 = NULL; if (errc) goto leave; } /* Check whether a curve name was given. */ - l1 = gcry_sexp_find_token (keyparam, "curve", 5); + l1 = sexp_find_token (keyparam, "curve", 5); /* If we don't have a curve name or if override parameters have explicitly been requested, parse them. */ @@ -798,8 +798,8 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, if (l1) { - name = _gcry_sexp_nth_string (l1, 1); - gcry_sexp_release (l1); + name = sexp_nth_string (l1, 1); + sexp_release (l1); if (!name) { errc = GPG_ERR_INV_OBJ; /* Name missing or out of core. */ @@ -845,7 +845,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, } if (!G) { - G = gcry_mpi_point_snatch_set (NULL, E->G.x, E->G.y, E->G.z); + G = mpi_point_snatch_set (NULL, E->G.x, E->G.y, E->G.z); E->G.x = NULL; E->G.y = NULL; E->G.z = NULL; @@ -913,13 +913,13 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, } leave: - gcry_ctx_release (ctx); + _gcry_ctx_release (ctx); mpi_free (p); mpi_free (a); mpi_free (b); - gcry_mpi_point_release (G); + _gcry_mpi_point_release (G); mpi_free (n); - gcry_mpi_point_release (Q); + _gcry_mpi_point_release (Q); mpi_free (d); return errc; } @@ -976,13 +976,13 @@ _gcry_ecc_get_param_sexp (const char *name) if (_gcry_ecc_get_param (name, pkey)) return NULL; - if (gcry_sexp_build (&result, NULL, - "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", - pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) + if (sexp_build (&result, NULL, + "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", + pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) result = NULL; for (i=0; pkey[i]; i++) - gcry_mpi_release (pkey[i]); + _gcry_mpi_release (pkey[i]); return result; } @@ -1045,7 +1045,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy) if (!_gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, &encpk, &encpklen)) - return gcry_mpi_set_opaque (NULL, encpk, encpklen*8); + return mpi_set_opaque (NULL, encpk, encpklen*8); } } @@ -1108,7 +1108,7 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec) if (newvalue) { if (!ec->Q) - ec->Q = gcry_mpi_point_new (0); + ec->Q = mpi_point_new (0); if (ec->dialect == ECC_DIALECT_ED25519) rc = _gcry_ecc_eddsa_decodepoint (newvalue, ec, ec->Q, NULL, NULL); else @@ -1116,7 +1116,7 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec) } if (rc || !newvalue) { - gcry_mpi_point_release (ec->Q); + _gcry_mpi_point_release (ec->Q); ec->Q = NULL; } /* Note: We assume that Q matches d and thus do not reset d. */ @@ -1129,7 +1129,7 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec) { /* We need to reset the public key because it may not anymore match. */ - gcry_mpi_point_release (ec->Q); + _gcry_mpi_point_release (ec->Q); ec->Q = NULL; } } @@ -1146,12 +1146,12 @@ _gcry_ecc_set_point (const char *name, gcry_mpi_point_t newvalue, mpi_ec_t ec) { if (!strcmp (name, "g")) { - gcry_mpi_point_release (ec->G); + _gcry_mpi_point_release (ec->G); ec->G = point_copy (newvalue); } else if (!strcmp (name, "q")) { - gcry_mpi_point_release (ec->Q); + _gcry_mpi_point_release (ec->Q); ec->Q = point_copy (newvalue); } else diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 7663623d..b4bbe2cc 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -42,7 +42,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s, int flags, int hashalgo) { - gpg_err_code_t err = 0; + gpg_err_code_t rc = 0; int extraloops = 0; gcry_mpi_t k, dr, sum, k_1, x; mpi_point_struct I; @@ -59,13 +59,12 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, /* Convert the INPUT into an MPI if needed. */ if (mpi_is_opaque (input)) { - abuf = gcry_mpi_get_opaque (input, &abits); - err = gpg_err_code (gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, - abuf, (abits+7)/8, NULL)); - if (err) - return err; + abuf = mpi_get_opaque (input, &abits); + rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL); + if (rc) + return rc; if (abits > qbits) - gcry_mpi_rshift (hash, hash, abits - qbits); + mpi_rshift (hash, hash, abits - qbits); } else hash = input; @@ -98,15 +97,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, used as h1 from 3.2.a. */ if (!mpi_is_opaque (input)) { - err = GPG_ERR_CONFLICT; + rc = GPG_ERR_CONFLICT; goto leave; } - abuf = gcry_mpi_get_opaque (input, &abits); - err = _gcry_dsa_gen_rfc6979_k (&k, skey->E.n, skey->d, - abuf, (abits+7)/8, - hashalgo, extraloops); - if (err) + abuf = mpi_get_opaque (input, &abits); + rc = _gcry_dsa_gen_rfc6979_k (&k, skey->E.n, skey->d, + abuf, (abits+7)/8, + hashalgo, extraloops); + if (rc) goto leave; extraloops++; } @@ -118,7 +117,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, { if (DBG_CIPHER) log_debug ("ecc sign: Failed to get affine coordinates\n"); - err = GPG_ERR_BAD_SIGNATURE; + rc = GPG_ERR_BAD_SIGNATURE; goto leave; } mpi_mod (r, x, skey->E.n); /* r = x mod n */ @@ -150,7 +149,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (hash != input) mpi_free (hash); - return err; + return rc; } diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 29145f82..12cdea0c 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -50,12 +50,12 @@ reverse_buffer (unsigned char *buffer, unsigned int length) static gcry_mpi_t scanval (const char *string) { - gpg_error_t err; + gpg_err_code_t rc; gcry_mpi_t val; - err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); - if (err) - log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (err)); + rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); + if (rc) + log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc)); return val; } @@ -150,7 +150,7 @@ _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value, unsigned int nbits) if (!mpi_is_opaque (value)) return GPG_ERR_INV_OBJ; - buf = gcry_mpi_get_opaque (value, &rawmpilen); + buf = mpi_get_opaque (value, &rawmpilen); if (!buf) return GPG_ERR_INV_OBJ; rawmpilen = (rawmpilen + 7)/8; @@ -159,12 +159,12 @@ _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value, unsigned int nbits) uncompressed format. In this case extract y and compress. */ if (rawmpilen > 1 && buf[0] == 0x04 && (rawmpilen%2)) { - rc = gcry_mpi_scan (&x, GCRYMPI_FMT_STD, - buf+1, (rawmpilen-1)/2, NULL); + rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD, + buf+1, (rawmpilen-1)/2, NULL); if (rc) return rc; - rc = gcry_mpi_scan (&y, GCRYMPI_FMT_STD, - buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL); + rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD, + buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL); if (rc) { mpi_free (x); @@ -177,7 +177,7 @@ _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value, unsigned int nbits) if (rc) return rc; - gcry_mpi_set_opaque (value, enc, 8*enclen); + mpi_set_opaque (value, enc, 8*enclen); } return 0; @@ -233,7 +233,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) mpi_mulm (t, x, x, ec->p); mpi_mulm (t, t, v, ec->p); /* -t == u ? x = x * sqrt(-1) */ - gcry_mpi_neg (t, t); + mpi_neg (t, t); if (!mpi_cmp (t, u)) { static gcry_mpi_t m1; /* Fixme: this is not thread-safe. */ @@ -245,7 +245,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) mpi_mulm (t, x, x, ec->p); mpi_mulm (t, t, v, ec->p); /* -t == u ? x = x * sqrt(-1) */ - gcry_mpi_neg (t, t); + mpi_neg (t, t); if (!mpi_cmp (t, u)) rc = GPG_ERR_INV_OBJ; } @@ -282,7 +282,7 @@ _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, { const unsigned char *buf; - buf = gcry_mpi_get_opaque (pk, &rawmpilen); + buf = mpi_get_opaque (pk, &rawmpilen); if (!buf) return GPG_ERR_INV_OBJ; rawmpilen = (rawmpilen + 7)/8; @@ -295,12 +295,12 @@ _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, { gcry_mpi_t x, y; - rc = gcry_mpi_scan (&x, GCRYMPI_FMT_STD, - buf+1, (rawmpilen-1)/2, NULL); + rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD, + buf+1, (rawmpilen-1)/2, NULL); if (rc) return rc; - rc = gcry_mpi_scan (&y, GCRYMPI_FMT_STD, - buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL); + rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD, + buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL); if (rc) { mpi_free (x); @@ -397,7 +397,7 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, goto leave; } dlen = b; - dbuf = gcry_random_bytes_secure (dlen, random_level); + dbuf = _gcry_random_bytes_secure (dlen, random_level); /* Compute the A value. */ hvec[0].data = dbuf; @@ -433,9 +433,9 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, leave: point_free (&Q); - gcry_mpi_release (a); - gcry_mpi_release (x); - gcry_mpi_release (y); + _gcry_mpi_release (a); + _gcry_mpi_release (x); + _gcry_mpi_release (y); gcry_free (hash_d); return rc; } @@ -554,7 +554,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } /* Compute R. */ - mbuf = gcry_mpi_get_opaque (input, &tmp); + mbuf = mpi_get_opaque (input, &tmp); mlen = (tmp +7)/8; if (DBG_CIPHER) log_printhex (" m", mbuf, mlen); @@ -597,7 +597,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, goto leave; /* No more need for RAWMPI thus we now transfer it to R_R. */ - gcry_mpi_set_opaque (r_r, rawmpi, rawmpilen*8); + mpi_set_opaque (r_r, rawmpi, rawmpilen*8); rawmpi = NULL; reverse_buffer (digest, 64); @@ -611,16 +611,16 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, goto leave; if (DBG_CIPHER) log_printhex (" e_s", rawmpi, rawmpilen); - gcry_mpi_set_opaque (s, rawmpi, rawmpilen*8); + mpi_set_opaque (s, rawmpi, rawmpilen*8); rawmpi = NULL; rc = 0; leave: - gcry_mpi_release (a); - gcry_mpi_release (x); - gcry_mpi_release (y); - gcry_mpi_release (r); + _gcry_mpi_release (a); + _gcry_mpi_release (x); + _gcry_mpi_release (y); + _gcry_mpi_release (r); gcry_free (digest); _gcry_mpi_ec_free (ctx); point_free (&I); @@ -691,11 +691,11 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey, } /* Convert the other input parameters. */ - mbuf = gcry_mpi_get_opaque (input, &tmp); + mbuf = mpi_get_opaque (input, &tmp); mlen = (tmp +7)/8; if (DBG_CIPHER) log_printhex (" m", mbuf, mlen); - rbuf = gcry_mpi_get_opaque (r_in, &tmp); + rbuf = mpi_get_opaque (r_in, &tmp); rlen = (tmp +7)/8; if (DBG_CIPHER) log_printhex (" r", rbuf, rlen); @@ -763,8 +763,8 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_free (encpk); gcry_free (tbuf); _gcry_mpi_ec_free (ctx); - gcry_mpi_release (s); - gcry_mpi_release (h); + _gcry_mpi_release (s); + _gcry_mpi_release (h); point_free (&Ia); point_free (&Ib); point_free (&Q); diff --git a/cipher/ecc-gost.c b/cipher/ecc-gost.c index ce3e921a..a34fa084 100644 --- a/cipher/ecc-gost.c +++ b/cipher/ecc-gost.c @@ -41,7 +41,7 @@ gpg_err_code_t _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s) { - gpg_err_code_t err = 0; + gpg_err_code_t rc = 0; gcry_mpi_t k, dr, sum, ke, x, e; mpi_point_struct I; gcry_mpi_t hash; @@ -57,13 +57,12 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey, /* Convert the INPUT into an MPI if needed. */ if (mpi_is_opaque (input)) { - abuf = gcry_mpi_get_opaque (input, &abits); - err = gpg_err_code (gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, - abuf, (abits+7)/8, NULL)); - if (err) - return err; + abuf = mpi_get_opaque (input, &abits); + rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL); + if (rc) + return rc; if (abits > qbits) - gcry_mpi_rshift (hash, hash, abits - qbits); + mpi_rshift (hash, hash, abits - qbits); } else hash = input; @@ -100,7 +99,7 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey, { if (DBG_CIPHER) log_debug ("ecc sign: Failed to get affine coordinates\n"); - err = GPG_ERR_BAD_SIGNATURE; + rc = GPG_ERR_BAD_SIGNATURE; goto leave; } mpi_mod (r, x, skey->E.n); /* r = x mod n */ @@ -131,7 +130,7 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey, if (hash != input) mpi_free (hash); - return err; + return rc; } diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c index 1633d32d..26c9e8d9 100644 --- a/cipher/ecc-misc.c +++ b/cipher/ecc-misc.c @@ -104,7 +104,7 @@ _gcry_ecc_dialect2str (enum ecc_dialects dialect) gcry_mpi_t _gcry_ecc_ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p) { - gpg_error_t err; + gpg_err_code_t rc; int pbytes = (mpi_get_nbits (p)+7)/8; size_t n; unsigned char *buf, *ptr; @@ -113,27 +113,27 @@ _gcry_ecc_ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p) buf = gcry_xmalloc ( 1 + 2*pbytes ); *buf = 04; /* Uncompressed point. */ ptr = buf+1; - err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, x); - if (err) - log_fatal ("mpi_print failed: %s\n", gpg_strerror (err)); + rc = _gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, x); + if (rc) + log_fatal ("mpi_print failed: %s\n", gpg_strerror (rc)); if (n < pbytes) { memmove (ptr+(pbytes-n), ptr, n); memset (ptr, 0, (pbytes-n)); } ptr += pbytes; - err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, y); - if (err) - log_fatal ("mpi_print failed: %s\n", gpg_strerror (err)); + rc = _gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, y); + if (rc) + log_fatal ("mpi_print failed: %s\n", gpg_strerror (rc)); if (n < pbytes) { memmove (ptr+(pbytes-n), ptr, n); memset (ptr, 0, (pbytes-n)); } - err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, buf, 1+2*pbytes, NULL); - if (err) - log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err)); + rc = _gcry_mpi_scan (&result, GCRYMPI_FMT_USG, buf, 1+2*pbytes, NULL); + if (rc) + log_fatal ("mpi_scan failed: %s\n", gpg_strerror (rc)); gcry_free (buf); return result; @@ -163,10 +163,10 @@ _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx) /* RESULT must have been initialized and is set on success to the point given by VALUE. */ -gcry_error_t +gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value) { - gcry_error_t err; + gcry_err_code_t rc; size_t n; const unsigned char *buf; unsigned char *buf_memory; @@ -176,7 +176,7 @@ _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value) { unsigned int nbits; - buf = gcry_mpi_get_opaque (value, &nbits); + buf = mpi_get_opaque (value, &nbits); if (!buf) return GPG_ERR_INV_OBJ; n = (nbits + 7)/8; @@ -186,11 +186,11 @@ _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value) { n = (mpi_get_nbits (value)+7)/8; buf_memory= gcry_xmalloc (n); - err = gcry_mpi_print (GCRYMPI_FMT_USG, buf_memory, n, &n, value); - if (err) + rc = _gcry_mpi_print (GCRYMPI_FMT_USG, buf_memory, n, &n, value); + if (rc) { gcry_free (buf_memory); - return err; + return rc; } buf = buf_memory; } @@ -211,18 +211,18 @@ _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value) return GPG_ERR_INV_OBJ; } n = (n-1)/2; - err = gcry_mpi_scan (&x, GCRYMPI_FMT_USG, buf+1, n, NULL); - if (err) + rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_USG, buf+1, n, NULL); + if (rc) { gcry_free (buf_memory); - return err; + return rc; } - err = gcry_mpi_scan (&y, GCRYMPI_FMT_USG, buf+1+n, n, NULL); + rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_USG, buf+1+n, n, NULL); gcry_free (buf_memory); - if (err) + if (rc) { mpi_free (x); - return err; + return rc; } mpi_set (result->x, x); @@ -316,7 +316,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, /* And finally the public key. */ if (!Q) - Q = gcry_mpi_point_new (0); + Q = mpi_point_new (0); if (Q) _gcry_mpi_ec_mul_point (Q, a, G, ec); mpi_free (a); @@ -324,7 +324,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, else { if (!Q) - Q = gcry_mpi_point_new (0); + Q = mpi_point_new (0); if (Q) _gcry_mpi_ec_mul_point (Q, d, G, ec); } diff --git a/cipher/ecc.c b/cipher/ecc.c index bda2a86e..a7de2543 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -122,7 +122,7 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, char *rndbuf; sk->d = mpi_snew (256); - rndbuf = gcry_random_bytes_secure (32, random_level); + rndbuf = _gcry_random_bytes_secure (32, random_level); rndbuf[0] &= 0x7f; /* Clear bit 255. */ rndbuf[0] |= 0x40; /* Set bit 254. */ rndbuf[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0 */ @@ -181,11 +181,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, the smallest one */ mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ if (E->model == MPI_EC_WEIERSTRASS) - gcry_mpi_point_snatch_set (&sk->Q, x, negative, + mpi_point_snatch_set (&sk->Q, x, negative, mpi_alloc_set_ui (1)); else - gcry_mpi_point_snatch_set (&sk->Q, negative, y, - mpi_alloc_set_ui (1)); + mpi_point_snatch_set (&sk->Q, negative, y, mpi_alloc_set_ui (1)); if (DBG_CIPHER) log_debug ("ecgen converted Q to a compliant point\n"); @@ -244,7 +243,7 @@ test_keys (ECC_secret_key *sk, unsigned int nbits) point_init (&pk.Q); point_set (&pk.Q, &sk->Q); - gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); + _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); if (_gcry_ecc_ecdsa_sign (test, sk, r, s, 0, 0) ) log_fatal ("ECDSA operation: sign failed\n"); @@ -413,31 +412,31 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) return rc; /* Parse the optional "curve" parameter. */ - l1 = gcry_sexp_find_token (genparms, "curve", 0); + l1 = sexp_find_token (genparms, "curve", 0); if (l1) { curve_name = _gcry_sexp_nth_string (l1, 1); - gcry_sexp_release (l1); + sexp_release (l1); if (!curve_name) return GPG_ERR_INV_OBJ; /* No curve name or value too large. */ } /* Parse the optional flags list. */ - l1 = gcry_sexp_find_token (genparms, "flags", 0); + l1 = sexp_find_token (genparms, "flags", 0); if (l1) { rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - gcry_sexp_release (l1); + sexp_release (l1); if (rc) goto leave; } /* Parse the deprecated optional transient-key flag. */ - l1 = gcry_sexp_find_token (genparms, "transient-key", 0); + l1 = sexp_find_token (genparms, "transient-key", 0); if (l1) { flags |= PUBKEY_FLAG_TRANSIENT_KEY; - gcry_sexp_release (l1); + sexp_release (l1); } /* NBITS is required if no curve name has been given. */ @@ -492,7 +491,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) if (rc) return rc; public = mpi_new (0); - gcry_mpi_set_opaque (public, encpk, encpklen*8); + mpi_set_opaque (public, encpk, encpklen*8); encpk = NULL; } else @@ -504,14 +503,14 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) secret = sk.d; sk.d = NULL; if (E.name) { - rc = gcry_sexp_build (&curve_info, NULL, "(curve %s)", E.name); + rc = sexp_build (&curve_info, NULL, "(curve %s)", E.name); if (rc) goto leave; } if ((flags & PUBKEY_FLAG_PARAM) || (flags & PUBKEY_FLAG_EDDSA)) { - rc = gcry_sexp_build + rc = sexp_build (&curve_flags, NULL, ((flags & PUBKEY_FLAG_PARAM) && (flags & PUBKEY_FLAG_EDDSA))? "(flags param eddsa)" : @@ -523,29 +522,29 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) } if ((flags & PUBKEY_FLAG_PARAM) && E.name) - rc = gcry_sexp_build (r_skey, NULL, - "(key-data" - " (public-key" - " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))" - " (private-key" - " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))" - " )", - curve_info, curve_flags, - sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, - curve_info, curve_flags, - sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret); + rc = sexp_build (r_skey, NULL, + "(key-data" + " (public-key" + " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))" + " (private-key" + " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))" + " )", + curve_info, curve_flags, + sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, + curve_info, curve_flags, + sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret); else - rc = gcry_sexp_build (r_skey, NULL, - "(key-data" - " (public-key" - " (ecc%S%S(q%m)))" - " (private-key" - " (ecc%S%S(q%m)(d%m)))" - " )", - curve_info, curve_flags, - public, - curve_info, curve_flags, - public, secret); + rc = sexp_build (r_skey, NULL, + "(key-data" + " (public-key" + " (ecc%S%S(q%m)))" + " (private-key" + " (ecc%S%S(q%m)(d%m)))" + " )", + curve_info, curve_flags, + public, + curve_info, curve_flags, + public, secret); if (rc) goto leave; @@ -575,8 +574,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) mpi_free (x); mpi_free (y); _gcry_mpi_ec_free (ctx); - gcry_sexp_release (curve_flags); - gcry_sexp_release (curve_info); + sexp_release (curve_flags); + sexp_release (curve_info); return rc; } @@ -596,7 +595,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms) memset (&sk, 0, sizeof sk); /* Look for flags. */ - l1 = gcry_sexp_find_token (keyparms, "flags", 0); + l1 = sexp_find_token (keyparms, "flags", 0); if (l1) { rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); @@ -606,21 +605,21 @@ ecc_check_secret_key (gcry_sexp_t keyparms) /* Extract the parameters. */ if ((flags & PUBKEY_FLAG_PARAM)) - rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", - &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, - &mpi_q, &sk.d, NULL); + rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", + &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, + &mpi_q, &sk.d, NULL); else - rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d", - &mpi_q, &sk.d, NULL); + rc = sexp_extract_param (keyparms, NULL, "/q?+d", + &mpi_q, &sk.d, NULL); if (rc) goto leave; /* Add missing parameters using the optional curve parameter. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_update_curve_param (curvename, @@ -697,17 +696,17 @@ ecc_check_secret_key (gcry_sexp_t keyparms) leave: _gcry_mpi_ec_free (ec); - gcry_mpi_release (sk.E.p); - gcry_mpi_release (sk.E.a); - gcry_mpi_release (sk.E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (sk.E.p); + _gcry_mpi_release (sk.E.a); + _gcry_mpi_release (sk.E.b); + _gcry_mpi_release (mpi_g); point_free (&sk.E.G); - gcry_mpi_release (sk.E.n); - gcry_mpi_release (mpi_q); + _gcry_mpi_release (sk.E.n); + _gcry_mpi_release (mpi_q); point_free (&sk.Q); - gcry_mpi_release (sk.d); + _gcry_mpi_release (sk.d); gcry_free (curvename); - gcry_sexp_release (l1); + sexp_release (l1); if (DBG_CIPHER) log_debug ("ecc_testkey => %s\n", gpg_strerror (rc)); return rc; @@ -743,12 +742,12 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) * Extract the key. */ if ((ctx.flags & PUBKEY_FLAG_PARAM)) - rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", - &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, - &mpi_q, &sk.d, NULL); + rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", + &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, + &mpi_q, &sk.d, NULL); else - rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d", - &mpi_q, &sk.d, NULL); + rc = sexp_extract_param (keyparms, NULL, "/q?+d", + &mpi_q, &sk.d, NULL); if (rc) goto leave; if (mpi_g) @@ -759,11 +758,11 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL); @@ -806,48 +805,48 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } - sig_r = gcry_mpi_new (0); - sig_s = gcry_mpi_new (0); + sig_r = mpi_new (0); + sig_s = mpi_new (0); if ((ctx.flags & PUBKEY_FLAG_EDDSA)) { /* EdDSA requires the public key. */ rc = _gcry_ecc_eddsa_sign (data, &sk, sig_r, sig_s, ctx.hash_algo, mpi_q); if (!rc) - rc = gcry_sexp_build (r_sig, NULL, - "(sig-val(eddsa(r%M)(s%M)))", sig_r, sig_s); + rc = sexp_build (r_sig, NULL, + "(sig-val(eddsa(r%M)(s%M)))", sig_r, sig_s); } else if ((ctx.flags & PUBKEY_FLAG_GOST)) { rc = _gcry_ecc_gost_sign (data, &sk, sig_r, sig_s); if (!rc) - rc = gcry_sexp_build (r_sig, NULL, - "(sig-val(gost(r%M)(s%M)))", sig_r, sig_s); + rc = sexp_build (r_sig, NULL, + "(sig-val(gost(r%M)(s%M)))", sig_r, sig_s); } else { rc = _gcry_ecc_ecdsa_sign (data, &sk, sig_r, sig_s, ctx.flags, ctx.hash_algo); if (!rc) - rc = gcry_sexp_build (r_sig, NULL, - "(sig-val(ecdsa(r%M)(s%M)))", sig_r, sig_s); + rc = sexp_build (r_sig, NULL, + "(sig-val(ecdsa(r%M)(s%M)))", sig_r, sig_s); } leave: - gcry_mpi_release (sk.E.p); - gcry_mpi_release (sk.E.a); - gcry_mpi_release (sk.E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (sk.E.p); + _gcry_mpi_release (sk.E.a); + _gcry_mpi_release (sk.E.b); + _gcry_mpi_release (mpi_g); point_free (&sk.E.G); - gcry_mpi_release (sk.E.n); - gcry_mpi_release (mpi_q); + _gcry_mpi_release (sk.E.n); + _gcry_mpi_release (mpi_q); point_free (&sk.Q); - gcry_mpi_release (sk.d); - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); + _gcry_mpi_release (sk.d); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); gcry_free (curvename); - gcry_mpi_release (data); - gcry_sexp_release (l1); + _gcry_mpi_release (data); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("ecc_sign => %s\n", gpg_strerror (rc)); @@ -887,9 +886,8 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) rc = _gcry_pk_util_preparse_sigval (s_sig, ecc_names, &l1, &sigflags); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, - (sigflags & PUBKEY_FLAG_EDDSA)? "/rs":"rs", - &sig_r, &sig_s, NULL); + rc = sexp_extract_param (l1, NULL, (sigflags & PUBKEY_FLAG_EDDSA)? "/rs":"rs", + &sig_r, &sig_s, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -908,12 +906,12 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) * Extract the key. */ if ((ctx.flags & PUBKEY_FLAG_PARAM)) - rc = _gcry_sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?/q", - &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, - &mpi_q, NULL); + rc = sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?/q", + &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, + &mpi_q, NULL); else - rc = _gcry_sexp_extract_param (s_keyparms, NULL, "/q", - &mpi_q, NULL); + rc = sexp_extract_param (s_keyparms, NULL, "/q", + &mpi_q, NULL); if (rc) goto leave; if (mpi_g) @@ -924,11 +922,11 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (s_keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (s_keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_fill_in_curve (0, curvename, &pk.E, NULL); @@ -1017,16 +1015,15 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) qbits = mpi_get_nbits (pk.E.n); - abuf = gcry_mpi_get_opaque (data, &abits); - rc = gpg_err_code (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, - abuf, (abits+7)/8, NULL)); + abuf = mpi_get_opaque (data, &abits); + rc = _gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL); if (!rc) { if (abits > qbits) - gcry_mpi_rshift (a, a, abits - qbits); + mpi_rshift (a, a, abits - qbits); rc = _gcry_ecc_ecdsa_verify (a, &pk, sig_r, sig_s); - gcry_mpi_release (a); + _gcry_mpi_release (a); } } else @@ -1034,19 +1031,19 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) } leave: - gcry_mpi_release (pk.E.p); - gcry_mpi_release (pk.E.a); - gcry_mpi_release (pk.E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (pk.E.p); + _gcry_mpi_release (pk.E.a); + _gcry_mpi_release (pk.E.b); + _gcry_mpi_release (mpi_g); point_free (&pk.E.G); - gcry_mpi_release (pk.E.n); - gcry_mpi_release (mpi_q); + _gcry_mpi_release (pk.E.n); + _gcry_mpi_release (mpi_q); point_free (&pk.Q); - gcry_mpi_release (data); - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); + _gcry_mpi_release (data); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); gcry_free (curvename); - gcry_sexp_release (l1); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("ecc_verify => %s\n", rc?gpg_strerror (rc):"Good"); @@ -1119,9 +1116,9 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* * Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?+q", - &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, - &mpi_q, NULL); + rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?+q", + &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, + &mpi_q, NULL); if (rc) goto leave; if (mpi_g) @@ -1132,11 +1129,11 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_fill_in_curve (0, curvename, &pk.E, NULL); @@ -1214,21 +1211,20 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) point_free (&R); } - rc = gcry_sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", - mpi_s, mpi_e); + rc = sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", mpi_s, mpi_e); leave: - gcry_mpi_release (pk.E.p); - gcry_mpi_release (pk.E.a); - gcry_mpi_release (pk.E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (pk.E.p); + _gcry_mpi_release (pk.E.a); + _gcry_mpi_release (pk.E.b); + _gcry_mpi_release (mpi_g); point_free (&pk.E.G); - gcry_mpi_release (pk.E.n); - gcry_mpi_release (mpi_q); + _gcry_mpi_release (pk.E.n); + _gcry_mpi_release (mpi_q); point_free (&pk.Q); - gcry_mpi_release (data); - gcry_mpi_release (mpi_s); - gcry_mpi_release (mpi_e); + _gcry_mpi_release (data); + _gcry_mpi_release (mpi_s); + _gcry_mpi_release (mpi_e); gcry_free (curvename); _gcry_mpi_ec_free (ec); _gcry_pk_util_free_encoding_ctx (&ctx); @@ -1273,7 +1269,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_pk_util_preparse_encval (s_data, ecc_names, &l1, &ctx); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, "e", &data_e, NULL); + rc = sexp_extract_param (l1, NULL, "e", &data_e, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -1287,9 +1283,9 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* * Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?+d", - &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, - &sk.d, NULL); + rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?+d", + &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, + &sk.d, NULL); if (rc) goto leave; if (mpi_g) @@ -1300,11 +1296,11 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL); @@ -1378,22 +1374,22 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_printmpi ("ecc_decrypt res", r); if (!rc) - rc = gcry_sexp_build (r_plain, NULL, "(value %m)", r); + rc = sexp_build (r_plain, NULL, "(value %m)", r); leave: point_free (&R); point_free (&kG); - gcry_mpi_release (r); - gcry_mpi_release (sk.E.p); - gcry_mpi_release (sk.E.a); - gcry_mpi_release (sk.E.b); - gcry_mpi_release (mpi_g); + _gcry_mpi_release (r); + _gcry_mpi_release (sk.E.p); + _gcry_mpi_release (sk.E.a); + _gcry_mpi_release (sk.E.b); + _gcry_mpi_release (mpi_g); point_free (&sk.E.G); - gcry_mpi_release (sk.E.n); - gcry_mpi_release (sk.d); - gcry_mpi_release (data_e); - gcry_free (curvename); - gcry_sexp_release (l1); + _gcry_mpi_release (sk.E.n); + _gcry_mpi_release (sk.d); + _gcry_mpi_release (data_e); + _gcry_free (curvename); + sexp_release (l1); _gcry_mpi_ec_free (ec); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1425,15 +1421,15 @@ ecc_get_nbits (gcry_sexp_t parms) unsigned int nbits = 0; char *curve; - l1 = gcry_sexp_find_token (parms, "p", 1); + l1 = sexp_find_token (parms, "p", 1); if (!l1) { /* Parameter P not found - check whether we have "curve". */ - l1 = gcry_sexp_find_token (parms, "curve", 5); + l1 = sexp_find_token (parms, "curve", 5); if (!l1) return 0; /* Neither P nor CURVE found. */ - curve = _gcry_sexp_nth_string (l1, 1); - gcry_sexp_release (l1); + curve = sexp_nth_string (l1, 1); + sexp_release (l1); if (!curve) return 0; /* No curve name given (or out of core). */ @@ -1443,12 +1439,12 @@ ecc_get_nbits (gcry_sexp_t parms) } else { - p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); + p = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); if (p) { nbits = mpi_get_nbits (p); - gcry_mpi_release (p); + _gcry_mpi_release (p); } } return nbits; @@ -1476,7 +1472,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) /* Look for flags. */ - l1 = gcry_sexp_find_token (keyparms, "flags", 0); + l1 = sexp_find_token (keyparms, "flags", 0); if (l1) { rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); @@ -1488,35 +1484,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) if ((flags & PUBKEY_FLAG_PARAM)) { if ((flags & PUBKEY_FLAG_EDDSA)) - rc = _gcry_sexp_extract_param (keyparms, NULL, "p?a?b?g?n?/q", - &values[0], &values[1], &values[2], - &values[3], &values[4], &values[5], - NULL); + rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?/q", + &values[0], &values[1], &values[2], + &values[3], &values[4], &values[5], + NULL); else - rc = _gcry_sexp_extract_param (keyparms, NULL, "p?a?b?g?n?q", - &values[0], &values[1], &values[2], - &values[3], &values[4], &values[5], - NULL); + rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?q", + &values[0], &values[1], &values[2], + &values[3], &values[4], &values[5], + NULL); } else { if ((flags & PUBKEY_FLAG_EDDSA)) - rc = _gcry_sexp_extract_param (keyparms, NULL, "/q", - &values[5], NULL); + rc = sexp_extract_param (keyparms, NULL, "/q", + &values[5], NULL); else - rc = _gcry_sexp_extract_param (keyparms, NULL, "q", - &values[5], NULL); + rc = sexp_extract_param (keyparms, NULL, "q", + &values[5], NULL); } if (rc) goto leave; /* Check whether a curve parameter is available and use that to fill in missing values. */ - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (keyparms, "curve", 5); + sexp_release (l1); + l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { - curvename = gcry_sexp_nth_string (l1, 1); + curvename = sexp_nth_string (l1, 1); if (curvename) { rc = _gcry_ecc_update_curve_param (curvename, @@ -1577,12 +1573,12 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) const unsigned char *raw; unsigned int n; - raw = gcry_mpi_get_opaque (values[idx], &n); + raw = mpi_get_opaque (values[idx], &n); n = (n + 7)/8; snprintf (buf, sizeof buf, "(1:%c%u:", names[idx], n); - gcry_md_write (md, buf, strlen (buf)); - gcry_md_write (md, raw, n); - gcry_md_write (md, ")", 1); + _gcry_md_write (md, buf, strlen (buf)); + _gcry_md_write (md, raw, n); + _gcry_md_write (md, ")", 1); } else { @@ -1596,16 +1592,16 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) goto leave; } snprintf (buf, sizeof buf, "(1:%c%u:", names[idx], rawmpilen); - gcry_md_write (md, buf, strlen (buf)); - gcry_md_write (md, rawmpi, rawmpilen); - gcry_md_write (md, ")", 1); + _gcry_md_write (md, buf, strlen (buf)); + _gcry_md_write (md, rawmpi, rawmpilen); + _gcry_md_write (md, ")", 1); gcry_free (rawmpi); } } leave: gcry_free (curvename); - gcry_sexp_release (l1); + sexp_release (l1); for (idx = 0; idx < N_COMPONENTS; idx++) _gcry_mpi_release (values[idx]); @@ -1661,7 +1657,7 @@ _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec) &encpk, &encpklen); if (rc) goto leave; - mpi_Q = gcry_mpi_set_opaque (NULL, encpk, encpklen*8); + mpi_Q = mpi_set_opaque (NULL, encpk, encpklen*8); encpk = NULL; } else @@ -1680,18 +1676,16 @@ _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec) if (ec->d && (!mode || mode == GCRY_PK_GET_SECKEY)) { /* Let's return a private key. */ - rc = gcry_sexp_build - (r_sexp, NULL, - "(private-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))", - ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q, ec->d); + rc = sexp_build (r_sexp, NULL, + "(private-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))", + ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q, ec->d); } else if (ec->Q) { /* Let's return a public key. */ - rc = gcry_sexp_build - (r_sexp, NULL, - "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))", - ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q); + rc = sexp_build (r_sexp, NULL, + "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))", + ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q); } else rc = GPG_ERR_BAD_CRYPT_CTX; diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 432ba6fd..beef8e4e 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -141,17 +141,17 @@ static int test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) { ELG_public_key pk; - gcry_mpi_t test = gcry_mpi_new ( 0 ); - gcry_mpi_t out1_a = gcry_mpi_new ( nbits ); - gcry_mpi_t out1_b = gcry_mpi_new ( nbits ); - gcry_mpi_t out2 = gcry_mpi_new ( nbits ); + gcry_mpi_t test = mpi_new ( 0 ); + gcry_mpi_t out1_a = mpi_new ( nbits ); + gcry_mpi_t out1_b = mpi_new ( nbits ); + gcry_mpi_t out2 = mpi_new ( nbits ); int failed = 0; pk.p = sk->p; pk.g = sk->g; pk.y = sk->y; - gcry_mpi_randomize ( test, nbits, GCRY_WEAK_RANDOM ); + _gcry_mpi_randomize ( test, nbits, GCRY_WEAK_RANDOM ); do_encrypt ( out1_a, out1_b, test, &pk ); decrypt ( out2, out1_a, out1_b, sk ); @@ -162,10 +162,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) if ( !verify( out1_a, out1_b, test, &pk ) ) failed |= 2; - gcry_mpi_release ( test ); - gcry_mpi_release ( out1_a ); - gcry_mpi_release ( out1_b ); - gcry_mpi_release ( out2 ); + _gcry_mpi_release ( test ); + _gcry_mpi_release ( out1_a ); + _gcry_mpi_release ( out1_b ); + _gcry_mpi_release ( out2 ); if (failed && !nodie) log_fatal ("Elgamal test key for %s %s failed\n", @@ -217,7 +217,7 @@ gen_k( gcry_mpi_t p, int small_k ) if( !rndbuf || nbits < 32 ) { gcry_free(rndbuf); - rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM ); + rndbuf = _gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM ); } else { @@ -226,7 +226,7 @@ gen_k( gcry_mpi_t p, int small_k ) to get_random_bytes() and use this the here maybe it is easier to do this directly in random.c Anyway, it is highly inlikely that we will ever reach this code. */ - char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); + char *pp = _gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); memcpy( rndbuf, pp, 4 ); gcry_free(pp); } @@ -246,7 +246,7 @@ gen_k( gcry_mpi_t p, int small_k ) progress('-'); break; /* no */ } - if (gcry_mpi_gcd( temp, k, p_1 )) + if (mpi_gcd( temp, k, p_1 )) goto found; /* okay, k is relative prime to (p-1) */ mpi_add_ui( k, k, 1 ); if( DBG_CIPHER ) @@ -280,7 +280,7 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) unsigned int xbits; byte *rndbuf; - p_min1 = gcry_mpi_new ( nbits ); + p_min1 = mpi_new ( nbits ); qbits = wiener_map( nbits ); if( qbits & 1 ) /* better have a even one */ qbits++; @@ -303,7 +303,7 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) xbits = qbits * 3 / 2; if( xbits >= nbits ) BUG(); - x = gcry_mpi_snew ( xbits ); + x = mpi_snew ( xbits ); if( DBG_CIPHER ) log_debug("choosing a random x of size %u\n", xbits ); rndbuf = NULL; @@ -316,21 +316,20 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) if( xbits < 16 ) /* should never happen ... */ { gcry_free(rndbuf); - rndbuf = gcry_random_bytes_secure( (xbits+7)/8, - GCRY_VERY_STRONG_RANDOM ); + rndbuf = _gcry_random_bytes_secure ((xbits+7)/8, + GCRY_VERY_STRONG_RANDOM); } else { - char *r = gcry_random_bytes_secure( 2, - GCRY_VERY_STRONG_RANDOM ); + char *r = _gcry_random_bytes_secure (2, GCRY_VERY_STRONG_RANDOM); memcpy(rndbuf, r, 2 ); gcry_free(r); } } else { - rndbuf = gcry_random_bytes_secure( (xbits+7)/8, - GCRY_VERY_STRONG_RANDOM ); + rndbuf = _gcry_random_bytes_secure ((xbits+7)/8, + GCRY_VERY_STRONG_RANDOM ); } _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 ); mpi_clear_highbit( x, xbits+1 ); @@ -338,8 +337,8 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); gcry_free(rndbuf); - y = gcry_mpi_new (nbits); - gcry_mpi_powm( y, g, x, p ); + y = mpi_new (nbits); + mpi_powm( y, g, x, p ); if( DBG_CIPHER ) { @@ -356,7 +355,7 @@ generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) sk->y = y; sk->x = x; - gcry_mpi_release ( p_min1 ); + _gcry_mpi_release ( p_min1 ); /* Now we can test our keys (this should never fail!) */ test_keys ( sk, nbits - 64, 0 ); @@ -391,7 +390,7 @@ generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x, if ( xbits < 64 || xbits >= nbits ) return GPG_ERR_INV_VALUE; - p_min1 = gcry_mpi_new ( nbits ); + p_min1 = mpi_new ( nbits ); qbits = wiener_map ( nbits ); if ( (qbits & 1) ) /* Better have an even one. */ qbits++; @@ -403,14 +402,14 @@ generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x, log_debug ("using a supplied x of size %u", xbits ); if ( !(mpi_cmp_ui ( x, 0 ) > 0 && mpi_cmp ( x, p_min1 ) <0 ) ) { - gcry_mpi_release ( p_min1 ); - gcry_mpi_release ( p ); - gcry_mpi_release ( g ); + _gcry_mpi_release ( p_min1 ); + _gcry_mpi_release ( p ); + _gcry_mpi_release ( g ); return GPG_ERR_INV_VALUE; } - y = gcry_mpi_new (nbits); - gcry_mpi_powm ( y, g, x, p ); + y = mpi_new (nbits); + mpi_powm ( y, g, x, p ); if ( DBG_CIPHER ) { @@ -425,17 +424,17 @@ generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x, sk->p = p; sk->g = g; sk->y = y; - sk->x = gcry_mpi_copy (x); + sk->x = mpi_copy (x); - gcry_mpi_release ( p_min1 ); + _gcry_mpi_release ( p_min1 ); /* Now we can test our keys. */ if ( test_keys ( sk, nbits - 64, 1 ) ) { - gcry_mpi_release ( sk->p ); sk->p = NULL; - gcry_mpi_release ( sk->g ); sk->g = NULL; - gcry_mpi_release ( sk->y ); sk->y = NULL; - gcry_mpi_release ( sk->x ); sk->x = NULL; + _gcry_mpi_release ( sk->p ); sk->p = NULL; + _gcry_mpi_release ( sk->g ); sk->g = NULL; + _gcry_mpi_release ( sk->y ); sk->y = NULL; + _gcry_mpi_release ( sk->x ); sk->x = NULL; return GPG_ERR_BAD_SECKEY; } @@ -453,7 +452,7 @@ check_secret_key( ELG_secret_key *sk ) int rc; gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) ); - gcry_mpi_powm( y, sk->g, sk->x, sk->p ); + mpi_powm (y, sk->g, sk->x, sk->p); rc = !mpi_cmp( y, sk->y ); mpi_free( y ); return rc; @@ -471,14 +470,15 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) */ k = gen_k( pkey->p, 1 ); - gcry_mpi_powm( a, pkey->g, k, pkey->p ); + mpi_powm (a, pkey->g, k, pkey->p); + /* b = (y^k * input) mod p * = ((y^k mod p) * (input mod p)) mod p * and because input is < p * = ((y^k mod p) * input) mod p */ - gcry_mpi_powm( b, pkey->y, k, pkey->p ); - gcry_mpi_mulm( b, b, input, pkey->p ); + mpi_powm (b, pkey->y, k, pkey->p); + mpi_mulm (b, b, input, pkey->p); #if 0 if( DBG_CIPHER ) { @@ -502,7 +502,7 @@ decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); /* output = b/(a^x) mod p */ - gcry_mpi_powm( t1, a, skey->x, skey->p ); + mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); mpi_mulm( output, b, t1, skey->p ); #if 0 @@ -539,7 +539,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) */ mpi_sub_ui(p_1, p_1, 1); k = gen_k( skey->p, 0 /* no small K ! */ ); - gcry_mpi_powm( a, skey->g, k, skey->p ); + mpi_powm( a, skey->g, k, skey->p ); mpi_mul(t, skey->x, a ); mpi_subm(t, input, t, p_1 ); mpi_invm(inv, k, p_1 ); @@ -643,11 +643,11 @@ elg_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) return rc; /* Parse the optional xvalue element. */ - l1 = gcry_sexp_find_token (genparms, "xvalue", 0); + l1 = sexp_find_token (genparms, "xvalue", 0); if (l1) { - xvalue = gcry_sexp_nth_mpi (l1, 1, 0); - gcry_sexp_release (l1); + xvalue = sexp_nth_mpi (l1, 1, 0); + sexp_release (l1); if (!xvalue) return GPG_ERR_BAD_MPI; } @@ -693,30 +693,30 @@ elg_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) arg_list[nfac] = factors + nfac; } p = stpcpy (p, "))"); - rc = gcry_sexp_build_array (&misc_info, NULL, buffer, arg_list); + rc = sexp_build_array (&misc_info, NULL, buffer, arg_list); gcry_free (arg_list); gcry_free (buffer); if (rc) goto leave; } - rc = gcry_sexp_build (r_skey, NULL, - "(key-data" - " (public-key" - " (elg(p%m)(g%m)(y%m)))" - " (private-key" - " (elg(p%m)(g%m)(y%m)(x%m)))" - " %S)", - sk.p, sk.g, sk.y, - sk.p, sk.g, sk.y, sk.x, - misc_info); + rc = sexp_build (r_skey, NULL, + "(key-data" + " (public-key" + " (elg(p%m)(g%m)(y%m)))" + " (private-key" + " (elg(p%m)(g%m)(y%m)(x%m)))" + " %S)", + sk.p, sk.g, sk.y, + sk.p, sk.g, sk.y, sk.x, + misc_info); leave: mpi_free (sk.p); mpi_free (sk.g); mpi_free (sk.y); mpi_free (sk.x); - gcry_sexp_release (misc_info); + sexp_release (misc_info); if (factors) { gcry_mpi_t *mp; @@ -735,9 +735,9 @@ elg_check_secret_key (gcry_sexp_t keyparms) gcry_err_code_t rc; ELG_secret_key sk = {NULL, NULL, NULL, NULL}; - rc = _gcry_sexp_extract_param (keyparms, NULL, "pgyx", - &sk.p, &sk.g, &sk.y, &sk.x, - NULL); + rc = sexp_extract_param (keyparms, NULL, "pgyx", + &sk.p, &sk.g, &sk.y, &sk.x, + NULL); if (rc) goto leave; @@ -745,10 +745,10 @@ elg_check_secret_key (gcry_sexp_t keyparms) rc = GPG_ERR_BAD_SECKEY; leave: - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); if (DBG_CIPHER) log_debug ("elg_testkey => %s\n", gpg_strerror (rc)); return rc; @@ -781,8 +781,8 @@ elg_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "pgy", - &pk.p, &pk.g, &pk.y, NULL); + rc = sexp_extract_param (keyparms, NULL, "pgy", + &pk.p, &pk.g, &pk.y, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -793,18 +793,18 @@ elg_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Do Elgamal computation and build result. */ - mpi_a = gcry_mpi_new (0); - mpi_b = gcry_mpi_new (0); + mpi_a = mpi_new (0); + mpi_b = mpi_new (0); do_encrypt (mpi_a, mpi_b, data, &pk); - rc = gcry_sexp_build (r_ciph, NULL, "(enc-val(elg(a%m)(b%m)))", mpi_a, mpi_b); + rc = sexp_build (r_ciph, NULL, "(enc-val(elg(a%m)(b%m)))", mpi_a, mpi_b); leave: - gcry_mpi_release (mpi_a); - gcry_mpi_release (mpi_b); - gcry_mpi_release (pk.p); - gcry_mpi_release (pk.g); - gcry_mpi_release (pk.y); - gcry_mpi_release (data); + _gcry_mpi_release (mpi_a); + _gcry_mpi_release (mpi_b); + _gcry_mpi_release (pk.p); + _gcry_mpi_release (pk.g); + _gcry_mpi_release (pk.y); + _gcry_mpi_release (data); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("elg_encrypt => %s\n", gpg_strerror (rc)); @@ -832,7 +832,7 @@ elg_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_pk_util_preparse_encval (s_data, elg_names, &l1, &ctx); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, "ab", &data_a, &data_b, NULL); + rc = sexp_extract_param (l1, NULL, "ab", &data_a, &data_b, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -847,9 +847,9 @@ elg_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "pgyx", - &sk.p, &sk.g, &sk.y, &sk.x, - NULL); + rc = sexp_extract_param (keyparms, NULL, "pgyx", + &sk.p, &sk.g, &sk.y, &sk.x, + NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -861,7 +861,7 @@ elg_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_printmpi ("elg_decrypt x", sk.x); } - plain = gcry_mpi_snew (ctx.nbits); + plain = mpi_snew (ctx.nbits); decrypt (plain, data_a, data_b, &sk); if (DBG_CIPHER) log_printmpi ("elg_decrypt res", plain); @@ -873,8 +873,7 @@ elg_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_rsa_pkcs1_decode_for_enc (&unpad, &unpadlen, ctx.nbits, plain); mpi_free (plain); plain = NULL; if (!rc) - rc = gcry_sexp_build (r_plain, NULL, "(value %b)", - (int)unpadlen, unpad); + rc = sexp_build (r_plain, NULL, "(value %b)", (int)unpadlen, unpad); break; case PUBKEY_ENC_OAEP: @@ -883,31 +882,30 @@ elg_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) ctx.label, ctx.labellen); mpi_free (plain); plain = NULL; if (!rc) - rc = gcry_sexp_build (r_plain, NULL, "(value %b)", - (int)unpadlen, unpad); + rc = sexp_build (r_plain, NULL, "(value %b)", (int)unpadlen, unpad); break; default: /* Raw format. For backward compatibility we need to assume a signed mpi by using the sexp format string "%m". */ - rc = gcry_sexp_build (r_plain, NULL, - (ctx.flags & PUBKEY_FLAG_LEGACYRESULT) - ? "%m" : "(value %m)", - plain); + rc = sexp_build (r_plain, NULL, + (ctx.flags & PUBKEY_FLAG_LEGACYRESULT) + ? "%m" : "(value %m)", + plain); break; } leave: gcry_free (unpad); - gcry_mpi_release (plain); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); - gcry_mpi_release (data_a); - gcry_mpi_release (data_b); - gcry_sexp_release (l1); + _gcry_mpi_release (plain); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); + _gcry_mpi_release (data_a); + _gcry_mpi_release (data_b); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("elg_decrypt => %s\n", gpg_strerror (rc)); @@ -941,8 +939,8 @@ elg_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "pgyx", - &sk.p, &sk.g, &sk.y, &sk.x, NULL); + rc = sexp_extract_param (keyparms, NULL, "pgyx", + &sk.p, &sk.g, &sk.y, &sk.x, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -954,24 +952,24 @@ elg_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_mpidump ("elg_sign x", sk.x); } - sig_r = gcry_mpi_new (0); - sig_s = gcry_mpi_new (0); + sig_r = mpi_new (0); + sig_s = mpi_new (0); sign (sig_r, sig_s, data, &sk); if (DBG_CIPHER) { log_mpidump ("elg_sign sig_r", sig_r); log_mpidump ("elg_sign sig_s", sig_s); } - rc = gcry_sexp_build (r_sig, NULL, "(sig-val(elg(r%M)(s%M)))", sig_r, sig_s); + rc = sexp_build (r_sig, NULL, "(sig-val(elg(r%M)(s%M)))", sig_r, sig_s); leave: - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.g); - gcry_mpi_release (sk.y); - gcry_mpi_release (sk.x); - gcry_mpi_release (data); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.g); + _gcry_mpi_release (sk.y); + _gcry_mpi_release (sk.x); + _gcry_mpi_release (data); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("elg_sign => %s\n", gpg_strerror (rc)); @@ -1009,7 +1007,7 @@ elg_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) rc = _gcry_pk_util_preparse_sigval (s_sig, elg_names, &l1, NULL); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, "rs", &sig_r, &sig_s, NULL); + rc = sexp_extract_param (l1, NULL, "rs", &sig_r, &sig_s, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -1019,7 +1017,7 @@ elg_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (s_keyparms, NULL, "pgy", + rc = sexp_extract_param (s_keyparms, NULL, "pgy", &pk.p, &pk.g, &pk.y, NULL); if (rc) goto leave; @@ -1035,13 +1033,13 @@ elg_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) rc = GPG_ERR_BAD_SIGNATURE; leave: - gcry_mpi_release (pk.p); - gcry_mpi_release (pk.g); - gcry_mpi_release (pk.y); - gcry_mpi_release (data); - gcry_mpi_release (sig_r); - gcry_mpi_release (sig_s); - gcry_sexp_release (l1); + _gcry_mpi_release (pk.p); + _gcry_mpi_release (pk.g); + _gcry_mpi_release (pk.y); + _gcry_mpi_release (data); + _gcry_mpi_release (sig_r); + _gcry_mpi_release (sig_s); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("elg_verify => %s\n", rc?gpg_strerror (rc):"Good"); @@ -1067,14 +1065,14 @@ elg_get_nbits (gcry_sexp_t parms) gcry_mpi_t p; unsigned int nbits; - l1 = gcry_sexp_find_token (parms, "p", 1); + l1 = sexp_find_token (parms, "p", 1); if (!l1) return 0; /* Parameter P not found. */ - p= gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); + p= sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); nbits = p? mpi_get_nbits (p) : 0; - gcry_mpi_release (p); + _gcry_mpi_release (p); return nbits; } diff --git a/cipher/hmac-tests.c b/cipher/hmac-tests.c index a32ece75..7c27342c 100644 --- a/cipher/hmac-tests.c +++ b/cipher/hmac-tests.c @@ -718,7 +718,7 @@ _gcry_hmac_selftest (int algo, int extended, selftest_report_func_t report) { gcry_err_code_t ec = 0; - if (!gcry_md_test_algo (algo)) + if (!_gcry_md_test_algo (algo)) { ec = run_selftests (algo, extended, report); } diff --git a/cipher/kdf.c b/cipher/kdf.c index da63574f..542752ec 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -55,8 +55,7 @@ openpgp_s2k (const void *passphrase, size_t passphraselen, secmode = gcry_is_secure (passphrase) || gcry_is_secure (keybuffer); - ec = gpg_err_code (gcry_md_open (&md, hashalgo, - secmode? GCRY_MD_FLAG_SECURE : 0)); + ec = _gcry_md_open (&md, hashalgo, secmode? GCRY_MD_FLAG_SECURE : 0); if (ec) return ec; @@ -64,9 +63,9 @@ openpgp_s2k (const void *passphrase, size_t passphraselen, { if (pass) { - gcry_md_reset (md); + _gcry_md_reset (md); for (i=0; i < pass; i++) /* Preset the hash context. */ - gcry_md_putc (md, 0); + _gcry_md_putc (md, 0); } if (algo == GCRY_KDF_SALTED_S2K || algo == GCRY_KDF_ITERSALTED_S2K) @@ -83,30 +82,30 @@ openpgp_s2k (const void *passphrase, size_t passphraselen, while (count > len2) { - gcry_md_write (md, salt, saltlen); - gcry_md_write (md, passphrase, passphraselen); + _gcry_md_write (md, salt, saltlen); + _gcry_md_write (md, passphrase, passphraselen); count -= len2; } if (count < saltlen) - gcry_md_write (md, salt, count); + _gcry_md_write (md, salt, count); else { - gcry_md_write (md, salt, saltlen); + _gcry_md_write (md, salt, saltlen); count -= saltlen; - gcry_md_write (md, passphrase, count); + _gcry_md_write (md, passphrase, count); } } else - gcry_md_write (md, passphrase, passphraselen); + _gcry_md_write (md, passphrase, passphraselen); - gcry_md_final (md); - i = gcry_md_get_algo_dlen (hashalgo); + _gcry_md_final (md); + i = _gcry_md_get_algo_dlen (hashalgo); if (i > keysize - used) i = keysize - used; - memcpy (key+used, gcry_md_read (md, hashalgo), i); + memcpy (key+used, _gcry_md_read (md, hashalgo), i); used += i; } - gcry_md_close (md); + _gcry_md_close (md); return 0; } @@ -146,7 +145,7 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, if (!salt || !iterations || !dklen) return GPG_ERR_INV_VALUE; - hlen = gcry_md_get_algo_dlen (hashalgo); + hlen = _gcry_md_get_algo_dlen (hashalgo); if (!hlen) return GPG_ERR_DIGEST_ALGO; @@ -168,9 +167,8 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, tbuf = sbuf + saltlen + 4; ubuf = tbuf + hlen; - ec = gpg_err_code (gcry_md_open (&md, hashalgo, - (GCRY_MD_FLAG_HMAC - | (secmode?GCRY_MD_FLAG_SECURE:0)))); + ec = _gcry_md_open (&md, hashalgo, (GCRY_MD_FLAG_HMAC + | (secmode?GCRY_MD_FLAG_SECURE:0))); if (ec) { gcry_free (sbuf); @@ -183,10 +181,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, { for (iter = 0; iter < iterations; iter++) { - ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen)); + ec = _gcry_md_setkey (md, passphrase, passphraselen); if (ec) { - gcry_md_close (md); + _gcry_md_close (md); gcry_free (sbuf); return ec; } @@ -196,14 +194,14 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, sbuf[saltlen + 1] = (lidx >> 16); sbuf[saltlen + 2] = (lidx >> 8); sbuf[saltlen + 3] = lidx; - gcry_md_write (md, sbuf, saltlen + 4); - memcpy (ubuf, gcry_md_read (md, 0), hlen); + _gcry_md_write (md, sbuf, saltlen + 4); + memcpy (ubuf, _gcry_md_read (md, 0), hlen); memcpy (tbuf, ubuf, hlen); } else /* Compute U_(2..c): */ { - gcry_md_write (md, ubuf, hlen); - memcpy (ubuf, gcry_md_read (md, 0), hlen); + _gcry_md_write (md, ubuf, hlen); + memcpy (ubuf, _gcry_md_read (md, 0), hlen); for (i=0; i < hlen; i++) tbuf[i] ^= ubuf[i]; } @@ -217,7 +215,7 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, } } - gcry_md_close (md); + _gcry_md_close (md); gcry_free (sbuf); return 0; } @@ -234,12 +232,12 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, is a salt as needed by most KDF algorithms. ITERATIONS is a positive integer parameter to most KDFs. 0 is returned on success, or an error code on failure. */ -gpg_error_t -gcry_kdf_derive (const void *passphrase, size_t passphraselen, - int algo, int subalgo, - const void *salt, size_t saltlen, - unsigned long iterations, - size_t keysize, void *keybuffer) +gpg_err_code_t +_gcry_kdf_derive (const void *passphrase, size_t passphraselen, + int algo, int subalgo, + const void *salt, size_t saltlen, + unsigned long iterations, + size_t keysize, void *keybuffer) { gpg_err_code_t ec; @@ -296,5 +294,5 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, } leave: - return gpg_error (ec); + return ec; } diff --git a/cipher/mac-cmac.c b/cipher/mac-cmac.c index fddce394..69a2f174 100644 --- a/cipher/mac-cmac.c +++ b/cipher/mac-cmac.c @@ -103,7 +103,7 @@ cmac_setkey (gcry_mac_hd_t h, const unsigned char *key, size_t keylen) static gcry_err_code_t cmac_reset (gcry_mac_hd_t h) { - return gcry_cipher_reset (h->u.cmac.ctx); + return _gcry_cipher_reset (h->u.cmac.ctx); } diff --git a/cipher/mac-gmac.c b/cipher/mac-gmac.c index e040bfee..18d56b5c 100644 --- a/cipher/mac-gmac.c +++ b/cipher/mac-gmac.c @@ -97,7 +97,7 @@ gmac_setiv (gcry_mac_hd_t h, const unsigned char *iv, size_t ivlen) static gcry_err_code_t gmac_reset (gcry_mac_hd_t h) { - return gcry_cipher_reset (h->u.gmac.ctx); + return _gcry_cipher_reset (h->u.gmac.ctx); } diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c index 46b21b15..15c613d5 100644 --- a/cipher/mac-hmac.c +++ b/cipher/mac-hmac.c @@ -79,7 +79,7 @@ hmac_open (gcry_mac_hd_t h) flags = GCRY_MD_FLAG_HMAC; flags |= (secure ? GCRY_MD_FLAG_SECURE : 0); - err = gcry_md_open (&hd, md_algo, flags); + err = _gcry_md_open (&hd, md_algo, flags); if (err) return err; @@ -92,7 +92,7 @@ hmac_open (gcry_mac_hd_t h) static void hmac_close (gcry_mac_hd_t h) { - gcry_md_close (h->u.hmac.md_ctx); + _gcry_md_close (h->u.hmac.md_ctx); h->u.hmac.md_ctx = NULL; } @@ -100,14 +100,14 @@ hmac_close (gcry_mac_hd_t h) static gcry_err_code_t hmac_setkey (gcry_mac_hd_t h, const unsigned char *key, size_t keylen) { - return gcry_md_setkey (h->u.hmac.md_ctx, key, keylen); + return _gcry_md_setkey (h->u.hmac.md_ctx, key, keylen); } static gcry_err_code_t hmac_reset (gcry_mac_hd_t h) { - gcry_md_reset (h->u.hmac.md_ctx); + _gcry_md_reset (h->u.hmac.md_ctx); return 0; } @@ -115,7 +115,7 @@ hmac_reset (gcry_mac_hd_t h) static gcry_err_code_t hmac_write (gcry_mac_hd_t h, const unsigned char *buf, size_t buflen) { - gcry_md_write (h->u.hmac.md_ctx, buf, buflen); + _gcry_md_write (h->u.hmac.md_ctx, buf, buflen); return 0; } @@ -126,8 +126,8 @@ hmac_read (gcry_mac_hd_t h, unsigned char *outbuf, size_t * outlen) unsigned int dlen; const unsigned char *digest; - dlen = gcry_md_get_algo_dlen (h->u.hmac.md_algo); - digest = gcry_md_read (h->u.hmac.md_ctx, h->u.hmac.md_algo); + dlen = _gcry_md_get_algo_dlen (h->u.hmac.md_algo); + digest = _gcry_md_read (h->u.hmac.md_ctx, h->u.hmac.md_algo); if (*outlen <= dlen) buf_cpy (outbuf, digest, *outlen); @@ -147,8 +147,8 @@ hmac_verify (gcry_mac_hd_t h, const unsigned char *buf, size_t buflen) unsigned int dlen; const unsigned char *digest; - dlen = gcry_md_get_algo_dlen (h->u.hmac.md_algo); - digest = gcry_md_read (h->u.hmac.md_ctx, h->u.hmac.md_algo); + dlen = _gcry_md_get_algo_dlen (h->u.hmac.md_algo); + digest = _gcry_md_read (h->u.hmac.md_ctx, h->u.hmac.md_algo); if (buflen > dlen) return GPG_ERR_INV_LENGTH; @@ -160,7 +160,7 @@ hmac_verify (gcry_mac_hd_t h, const unsigned char *buf, size_t buflen) static unsigned int hmac_get_maclen (int algo) { - return gcry_md_get_algo_dlen (map_mac_algo_to_md (algo)); + return _gcry_md_get_algo_dlen (map_mac_algo_to_md (algo)); } diff --git a/cipher/mac.c b/cipher/mac.c index 5ac87291..71d59538 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -140,7 +140,7 @@ spec_from_name (const char *name) * Map a string to the mac algo */ int -gcry_mac_map_name (const char *string) +_gcry_mac_map_name (const char *string) { gcry_mac_spec_t *spec; @@ -163,7 +163,7 @@ gcry_mac_map_name (const char *string) * is valid. */ const char * -gcry_mac_algo_name (int algorithm) +_gcry_mac_algo_name (int algorithm) { gcry_mac_spec_t *spec; @@ -310,87 +310,67 @@ mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen) /* Create a MAC object for algorithm ALGO. FLAGS may be given as an bitwise OR of the gcry_mac_flags values. H is guaranteed to be a valid handle or NULL on error. */ -gcry_error_t -gcry_mac_open (gcry_mac_hd_t * h, int algo, unsigned int flags, - gcry_ctx_t ctx) +gpg_err_code_t +_gcry_mac_open (gcry_mac_hd_t * h, int algo, unsigned int flags, + gcry_ctx_t ctx) { - gcry_err_code_t err; + gcry_err_code_t rc; gcry_mac_hd_t hd = NULL; if ((flags & ~GCRY_MAC_FLAG_SECURE)) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else - err = mac_open (&hd, algo, !!(flags & GCRY_MAC_FLAG_SECURE), ctx); + rc = mac_open (&hd, algo, !!(flags & GCRY_MAC_FLAG_SECURE), ctx); - *h = err ? NULL : hd; - return gpg_error (err); + *h = rc ? NULL : hd; + return rc; } void -gcry_mac_close (gcry_mac_hd_t hd) +_gcry_mac_close (gcry_mac_hd_t hd) { mac_close (hd); } -gcry_error_t -gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen) +gcry_err_code_t +_gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen) { - gcry_error_t err; - - err = mac_setkey (hd, key, keylen); - - return gpg_error (err); + return mac_setkey (hd, key, keylen); } -gcry_error_t -gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen) +gcry_err_code_t +_gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen) { - gcry_error_t err; - - err = mac_setiv (hd, iv, ivlen); - - return gpg_error (err); + return mac_setiv (hd, iv, ivlen); } -gcry_error_t -gcry_mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen) +gcry_err_code_t +_gcry_mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen) { - gcry_err_code_t err; - - err = mac_write (hd, inbuf, inlen); - - return gpg_error (err); + return mac_write (hd, inbuf, inlen); } -gcry_error_t -gcry_mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen) +gcry_err_code_t +_gcry_mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen) { - gcry_error_t err; - - err = mac_read (hd, outbuf, outlen); - - return gpg_error (err); + return mac_read (hd, outbuf, outlen); } -gcry_error_t -gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen) +gcry_err_code_t +_gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen) { - gcry_err_code_t err; - - err = mac_verify (hd, buf, buflen); - - return gpg_error (err); + return mac_verify (hd, buf, buflen); } unsigned int -gcry_mac_get_algo_maclen (int algo) +_gcry_mac_get_algo_maclen (int algo) { gcry_mac_spec_t *spec; @@ -403,7 +383,7 @@ gcry_mac_get_algo_maclen (int algo) unsigned int -gcry_mac_get_algo_keylen (int algo) +_gcry_mac_get_algo_keylen (int algo) { gcry_mac_spec_t *spec; @@ -415,10 +395,10 @@ gcry_mac_get_algo_keylen (int algo) } -gcry_error_t -gcry_mac_ctl (gcry_mac_hd_t hd, int cmd, void *buffer, size_t buflen) +gcry_err_code_t +_gcry_mac_ctl (gcry_mac_hd_t hd, int cmd, void *buffer, size_t buflen) { - gcry_err_code_t rc = GPG_ERR_NO_ERROR; + gcry_err_code_t rc; /* Currently not used. */ (void) hd; @@ -433,7 +413,7 @@ gcry_mac_ctl (gcry_mac_hd_t hd, int cmd, void *buffer, size_t buflen) default: rc = GPG_ERR_INV_OP; } - return gcry_error (rc); + return rc; } @@ -449,37 +429,37 @@ gcry_mac_ctl (gcry_mac_hd_t hd, int cmd, void *buffer, size_t buflen) and thereby detecting whether a error occurred or not (i.e. while checking the block size) */ -gcry_error_t -gcry_mac_algo_info (int algo, int what, void *buffer, size_t * nbytes) +gcry_err_code_t +_gcry_mac_algo_info (int algo, int what, void *buffer, size_t * nbytes) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; unsigned int ui; switch (what) { case GCRYCTL_GET_KEYLEN: if (buffer || (!nbytes)) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else { - ui = gcry_mac_get_algo_keylen (algo); + ui = _gcry_mac_get_algo_keylen (algo); if (ui > 0) *nbytes = (size_t) ui; else /* The only reason for an error is an invalid algo. */ - err = GPG_ERR_MAC_ALGO; + rc = GPG_ERR_MAC_ALGO; } break; case GCRYCTL_TEST_ALGO: if (buffer || nbytes) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else - err = check_mac_algo (algo); + rc = check_mac_algo (algo); break; default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } diff --git a/cipher/md.c b/cipher/md.c index 65dadd1c..4be86277 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -211,7 +211,7 @@ search_oid (const char *oid, gcry_md_oid_spec_t *oid_spec) * Map a string to the digest algo */ int -gcry_md_map_name (const char *string) +_gcry_md_map_name (const char *string) { gcry_md_spec_t *spec; @@ -241,7 +241,7 @@ gcry_md_map_name (const char *string) * is valid. */ const char * -gcry_md_algo_name (int algorithm) +_gcry_md_algo_name (int algorithm) { gcry_md_spec_t *spec; @@ -366,22 +366,22 @@ md_open (gcry_md_hd_t *h, int algo, int secure, int hmac) given as 0 if the algorithms to be used are later set using gcry_md_enable. H is guaranteed to be a valid handle or NULL on error. */ -gcry_error_t -gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) +gcry_err_code_t +_gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { - gcry_err_code_t err; + gcry_err_code_t rc; gcry_md_hd_t hd; if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC))) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else { - err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE), - (flags & GCRY_MD_FLAG_HMAC)); + rc = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE), + (flags & GCRY_MD_FLAG_HMAC)); } - *h = err? NULL : hd; - return gcry_error (err); + *h = rc? NULL : hd; + return rc; } @@ -447,10 +447,10 @@ md_enable (gcry_md_hd_t hd, int algorithm) } -gcry_error_t -gcry_md_enable (gcry_md_hd_t hd, int algorithm) +gcry_err_code_t +_gcry_md_enable (gcry_md_hd_t hd, int algorithm) { - return gcry_error (md_enable (hd, algorithm)); + return md_enable (hd, algorithm); } @@ -538,15 +538,15 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) } -gcry_error_t -gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd) +gcry_err_code_t +_gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd) { - gcry_err_code_t err; + gcry_err_code_t rc; - err = md_copy (hd, handle); - if (err) + rc = md_copy (hd, handle); + if (rc) *handle = NULL; - return gcry_error (err); + return rc; } @@ -555,7 +555,7 @@ gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd) * instead of a md_close(); md_open(). */ void -gcry_md_reset (gcry_md_hd_t a) +_gcry_md_reset (gcry_md_hd_t a) { GcryDigestEntry *r; @@ -601,7 +601,7 @@ md_close (gcry_md_hd_t a) void -gcry_md_close (gcry_md_hd_t hd) +_gcry_md_close (gcry_md_hd_t hd) { /* Note: We allow this even in fips non operational mode. */ md_close (hd); @@ -632,7 +632,7 @@ md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen) void -gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen) +_gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen) { md_write (hd, inbuf, inlen); } @@ -693,7 +693,7 @@ prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen) helpkey = gcry_malloc_secure (md_digest_length (algo)); if (!helpkey) return gpg_err_code_from_errno (errno); - gcry_md_hash_buffer (algo, helpkey, key, keylen); + _gcry_md_hash_buffer (algo, helpkey, key, keylen); key = helpkey; keylen = md_digest_length (algo); gcry_assert ( keylen <= hd->ctx->macpads_Bsize ); @@ -715,8 +715,8 @@ prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen) } -gcry_error_t -gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen) +gcry_err_code_t +_gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen) { gcry_err_code_t rc = 0; @@ -736,12 +736,12 @@ gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen) default: rc = GPG_ERR_INV_OP; } - return gcry_error (rc); + return rc; } -gcry_error_t -gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) +gcry_err_code_t +_gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) { gcry_err_code_t rc; @@ -750,11 +750,11 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) else { rc = prepare_macpads (hd, key, keylen); - if (! rc) - gcry_md_reset (hd); + if (!rc) + _gcry_md_reset (hd); } - return gcry_error (rc); + return rc; } @@ -762,7 +762,7 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) file for the context HD. IF suffix is NULL, the file is closed and debugging is stopped. */ void -gcry_md_debug (gcry_md_hd_t hd, const char *suffix) +_gcry_md_debug (gcry_md_hd_t hd, const char *suffix) { if (suffix) md_start_debug (hd, suffix); @@ -806,12 +806,12 @@ md_read( gcry_md_hd_t a, int algo ) * the hash. */ byte * -gcry_md_read (gcry_md_hd_t hd, int algo) +_gcry_md_read (gcry_md_hd_t hd, int algo) { /* This function is expected to always return a digest, thus we can't return an error which we actually should do in non-operational state. */ - gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0); + _gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0); return md_read (hd, algo); } @@ -820,7 +820,7 @@ gcry_md_read (gcry_md_hd_t hd, int algo) * Read out an intermediate digest. Not yet functional. */ gcry_err_code_t -gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen) +_gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen) { (void)hd; (void)algo; @@ -840,8 +840,8 @@ gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen) * hash. No error is returned, the function will abort on an invalid * algo. DISABLED_ALGOS are ignored here. */ void -gcry_md_hash_buffer (int algo, void *digest, - const void *buffer, size_t length) +_gcry_md_hash_buffer (int algo, void *digest, + const void *buffer, size_t length) { if (algo == GCRY_MD_SHA1) _gcry_sha1_hash_buffer (digest, buffer, length); @@ -892,8 +892,8 @@ gcry_md_hash_buffer (int algo, void *digest, DIGEST which must have been provided by the caller with an appropriate length. */ gpg_err_code_t -gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, - const gcry_buffer_t *iov, int iovcnt) +_gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, + const gcry_buffer_t *iov, int iovcnt) { int hmac; @@ -932,9 +932,9 @@ gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, if (hmac) { - rc = gcry_err_code - (gcry_md_setkey (h, (const char*)iov[0].data + iov[0].off, - iov[0].len)); + rc = _gcry_md_setkey (h, + (const char*)iov[0].data + iov[0].off, + iov[0].len); if (rc) { md_close (h); @@ -968,7 +968,7 @@ md_get_algo (gcry_md_hd_t a) int -gcry_md_get_algo (gcry_md_hd_t hd) +_gcry_md_get_algo (gcry_md_hd_t hd) { return md_get_algo (hd); } @@ -992,7 +992,7 @@ md_digest_length (int algorithm) * This function will return 0 in case of errors. */ unsigned int -gcry_md_get_algo_dlen (int algorithm) +_gcry_md_get_algo_dlen (int algorithm) { return md_digest_length (algorithm); } @@ -1040,25 +1040,25 @@ md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen) * and thereby detecting whether a error occurred or not (i.e. while checking * the block size) */ -gcry_error_t -gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes) +gcry_err_code_t +_gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes) { - gcry_err_code_t err; + gcry_err_code_t rc; switch (what) { case GCRYCTL_TEST_ALGO: if (buffer || nbytes) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else - err = check_digest_algo (algo); + rc = check_digest_algo (algo); break; case GCRYCTL_GET_ASNOID: /* We need to check that the algo is available because md_asn_oid would otherwise raise an assertion. */ - err = check_digest_algo (algo); - if (!err) + rc = check_digest_algo (algo); + if (!rc) { const char unsigned *asn; size_t asnlen; @@ -1074,25 +1074,25 @@ gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes) else { if (buffer) - err = GPG_ERR_TOO_SHORT; + rc = GPG_ERR_TOO_SHORT; else - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; } } break; case GCRYCTL_SELFTEST: /* Helper function for the regression tests. */ - err = gpg_err_code (_gcry_md_selftest (algo, nbytes? (int)*nbytes : 0, + rc = gpg_err_code (_gcry_md_selftest (algo, nbytes? (int)*nbytes : 0, NULL)); break; default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; break; } - return gcry_error (err); + return rc; } @@ -1151,10 +1151,10 @@ md_stop_debug( gcry_md_hd_t md ) * Returns 1 if the algo is enabled for that handle. * The algo must be passed as the address of an int. */ -gcry_error_t -gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) +gcry_err_code_t +_gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) { - gcry_err_code_t err = 0; + gcry_err_code_t rc = 0; switch (cmd) { @@ -1168,7 +1168,7 @@ gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) int algo; if ( !buffer || (nbytes && (*nbytes != sizeof (int)))) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else { algo = *(int*)buffer; @@ -1186,10 +1186,10 @@ gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) } default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } @@ -1202,11 +1202,11 @@ _gcry_md_init (void) int -gcry_md_is_secure (gcry_md_hd_t a) +_gcry_md_is_secure (gcry_md_hd_t a) { size_t value; - if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value)) + if (_gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value)) value = 1; /* It seems to be better to assume secure memory on error. */ return value; @@ -1214,12 +1214,12 @@ gcry_md_is_secure (gcry_md_hd_t a) int -gcry_md_is_enabled (gcry_md_hd_t a, int algo) +_gcry_md_is_enabled (gcry_md_hd_t a, int algo) { size_t value; value = sizeof algo; - if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value)) + if (_gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value)) value = 0; return value; } diff --git a/cipher/primegen.c b/cipher/primegen.c index 94e8599c..8694c314 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -179,7 +179,7 @@ save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel) { if (i >= n/3*2) { - gcry_mpi_release (item2->prime); + _gcry_mpi_release (item2->prime); item2->prime = NULL; if (!item) item = item2; @@ -192,7 +192,7 @@ save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel) if (!item) { /* Out of memory. Silently giving up. */ - gcry_mpi_release (prime); + _gcry_mpi_release (prime); return; } item->next = primepool; @@ -376,7 +376,7 @@ prime_generate_internal (int need_q_factor, pbits, req_qbits, qbits, fbits, n); /* Allocate an integer to old the new prime. */ - prime = gcry_mpi_new (pbits); + prime = mpi_new (pbits); /* Generate first prime factor. */ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL); @@ -614,7 +614,7 @@ prime_generate_internal (int need_q_factor, if (all_factors) { i = 0; - factors_new[i++] = gcry_mpi_set_ui (NULL, 2); + factors_new[i++] = mpi_set_ui (NULL, 2); factors_new[i++] = mpi_copy (q); if (need_q_factor) factors_new[i++] = mpi_copy (q_factor); @@ -663,7 +663,7 @@ prime_generate_internal (int need_q_factor, mpi_fdiv_q (tmp, pmin1, factors[i]); /* No mpi_pow(), but it is okay to use this with mod prime. */ - gcry_mpi_powm (b, g, tmp, prime); + mpi_powm (b, g, tmp, prime); if (! mpi_cmp_ui (b, 1)) break; } @@ -776,7 +776,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, /* Make nbits fit into gcry_mpi_t implementation. */ val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); - prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits ); + prime = secret? mpi_snew (nbits): mpi_new (nbits); result = mpi_alloc_like( prime ); pminus1= mpi_alloc_like( prime ); ptest = mpi_alloc_like( prime ); @@ -786,7 +786,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, int dotcount=0; /* generate a random number */ - gcry_mpi_randomize( prime, nbits, randomlevel ); + _gcry_mpi_randomize( prime, nbits, randomlevel ); /* Set high order bit to 1, set low order bit to 1. If we are generating a secret prime we are most probably doing that @@ -821,7 +821,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, /* Do a fast Fermat test now. */ count2++; mpi_sub_ui( pminus1, ptest, 1); - gcry_mpi_powm( result, val_2, pminus1, ptest ); + mpi_powm( result, val_2, pminus1, ptest ); if ( !mpi_cmp_ui( result, 1 ) ) { /* Not composite, perform stronger tests */ @@ -887,7 +887,7 @@ check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds, gcry_mpi_t result = mpi_alloc_like( prime ); gcry_mpi_t pminus1 = mpi_alloc_like( prime ); mpi_sub_ui( pminus1, prime, 1); - gcry_mpi_powm( result, val_2, pminus1, prime ); + mpi_powm( result, val_2, pminus1, prime ); mpi_free( pminus1 ); if ( mpi_cmp_ui( result, 1 ) ) { @@ -949,7 +949,7 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count) } else { - gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); + _gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); /* Make sure that the number is smaller than the prime and keep the randomness of the high bit. */ @@ -964,12 +964,12 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count) } gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0); } - gcry_mpi_powm ( y, x, q, n); + mpi_powm ( y, x, q, n); if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) ) { for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ ) { - gcry_mpi_powm(y, y, a2, n); + mpi_powm(y, y, a2, n); if( !mpi_cmp_ui( y, 1 ) ) goto leave; /* Not a prime. */ } @@ -1121,67 +1121,66 @@ m_out_of_n ( char *array, int m, int n ) non-zero, allocate a new, NULL-terminated array holding the prime factors and store it in FACTORS. FLAGS might be used to influence the prime number generation process. */ -gcry_error_t -gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, - unsigned int factor_bits, gcry_mpi_t **factors, - gcry_prime_check_func_t cb_func, void *cb_arg, - gcry_random_level_t random_level, - unsigned int flags) +gcry_err_code_t +_gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, + unsigned int factor_bits, gcry_mpi_t **factors, + gcry_prime_check_func_t cb_func, void *cb_arg, + gcry_random_level_t random_level, + unsigned int flags) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; gcry_mpi_t *factors_generated = NULL; gcry_mpi_t prime_generated = NULL; unsigned int mode = 0; if (!prime) - return gpg_error (GPG_ERR_INV_ARG); + return GPG_ERR_INV_ARG; *prime = NULL; if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR) mode = 1; /* Generate. */ - err = prime_generate_internal ((mode==1), &prime_generated, prime_bits, - factor_bits, NULL, - factors? &factors_generated : NULL, - random_level, flags, 1, - cb_func, cb_arg); + rc = prime_generate_internal ((mode==1), &prime_generated, prime_bits, + factor_bits, NULL, + factors? &factors_generated : NULL, + random_level, flags, 1, + cb_func, cb_arg); - if (! err) - if (cb_func) - { - /* Additional check. */ - if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated)) - { - /* Failed, deallocate resources. */ - unsigned int i; + if (!rc && cb_func) + { + /* Additional check. */ + if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated)) + { + /* Failed, deallocate resources. */ + unsigned int i; - mpi_free (prime_generated); - if (factors) - { - for (i = 0; factors_generated[i]; i++) - mpi_free (factors_generated[i]); - gcry_free (factors_generated); - } - err = GPG_ERR_GENERAL; - } - } + mpi_free (prime_generated); + if (factors) + { + for (i = 0; factors_generated[i]; i++) + mpi_free (factors_generated[i]); + gcry_free (factors_generated); + } + rc = GPG_ERR_GENERAL; + } + } - if (! err) + if (!rc) { if (factors) *factors = factors_generated; *prime = prime_generated; } - return gcry_error (err); + return rc; } /* Check whether the number X is prime. */ -gcry_error_t -gcry_prime_check (gcry_mpi_t x, unsigned int flags) +gcry_err_code_t +_gcry_prime_check (gcry_mpi_t x, unsigned int flags) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */ (void)flags; @@ -1189,37 +1188,37 @@ gcry_prime_check (gcry_mpi_t x, unsigned int flags) /* We use 64 rounds because the prime we are going to test is not guaranteed to be a random one. */ if (! check_prime (x, val_2, 64, NULL, NULL)) - err = GPG_ERR_NO_PRIME; + rc = GPG_ERR_NO_PRIME; mpi_free (val_2); - return gcry_error (err); + return rc; } /* Find a generator for PRIME where the factorization of (prime-1) is in the NULL terminated array FACTORS. Return the generator as a newly allocated MPI in R_G. If START_G is not NULL, use this as s atart for the search. Returns 0 on success.*/ -gcry_error_t -gcry_prime_group_generator (gcry_mpi_t *r_g, - gcry_mpi_t prime, gcry_mpi_t *factors, - gcry_mpi_t start_g) +gcry_err_code_t +_gcry_prime_group_generator (gcry_mpi_t *r_g, + gcry_mpi_t prime, gcry_mpi_t *factors, + gcry_mpi_t start_g) { - gcry_mpi_t tmp = gcry_mpi_new (0); - gcry_mpi_t b = gcry_mpi_new (0); - gcry_mpi_t pmin1 = gcry_mpi_new (0); - gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3); + gcry_mpi_t tmp = mpi_new (0); + gcry_mpi_t b = mpi_new (0); + gcry_mpi_t pmin1 = mpi_new (0); + gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); int first = 1; int i, n; if (!factors || !r_g || !prime) - return gpg_error (GPG_ERR_INV_ARG); + return GPG_ERR_INV_ARG; *r_g = NULL; for (n=0; factors[n]; n++) ; if (n < 2) - return gpg_error (GPG_ERR_INV_ARG); + return GPG_ERR_INV_ARG; /* Extra sanity check - usually disabled. */ /* mpi_set (tmp, factors[0]); */ @@ -1229,13 +1228,13 @@ gcry_prime_group_generator (gcry_mpi_t *r_g, /* if (mpi_cmp (prime, tmp)) */ /* return gpg_error (GPG_ERR_INV_ARG); */ - gcry_mpi_sub_ui (pmin1, prime, 1); + mpi_sub_ui (pmin1, prime, 1); do { if (first) first = 0; else - gcry_mpi_add_ui (g, g, 1); + mpi_add_ui (g, g, 1); if (DBG_CIPHER) log_printmpi ("checking g", g); @@ -1245,7 +1244,7 @@ gcry_prime_group_generator (gcry_mpi_t *r_g, for (i = 0; i < n; i++) { mpi_fdiv_q (tmp, pmin1, factors[i]); - gcry_mpi_powm (b, g, tmp, prime); + mpi_powm (b, g, tmp, prime); if (! mpi_cmp_ui (b, 1)) break; } @@ -1254,9 +1253,9 @@ gcry_prime_group_generator (gcry_mpi_t *r_g, } while (i < n); - gcry_mpi_release (tmp); - gcry_mpi_release (b); - gcry_mpi_release (pmin1); + _gcry_mpi_release (tmp); + _gcry_mpi_release (b); + _gcry_mpi_release (pmin1); *r_g = g; return 0; @@ -1264,7 +1263,7 @@ gcry_prime_group_generator (gcry_mpi_t *r_g, /* Convenience function to release the factors array. */ void -gcry_prime_release_factors (gcry_mpi_t *factors) +_gcry_prime_release_factors (gcry_mpi_t *factors) { if (factors) { @@ -1285,7 +1284,7 @@ find_x931_prime (const gcry_mpi_t pfirst) gcry_mpi_t val_2 = mpi_alloc_set_ui (2); gcry_mpi_t prime; - prime = gcry_mpi_copy (pfirst); + prime = mpi_copy (pfirst); /* If P is even add 1. */ mpi_set_bit (prime, 0); @@ -1389,7 +1388,7 @@ _gcry_derive_x931_prime (const gcry_mpi_t xp, mpi_sub_ui (yp0, yp0, 1); /* Ditto. */ for (;;) { - gcdres = gcry_mpi_gcd (gcdtmp, e, yp0); + gcdres = mpi_gcd (gcdtmp, e, yp0); mpi_add_ui (yp0, yp0, 1); if (!gcdres) progress ('/'); /* gcd (e, yp0-1) != 1 */ @@ -1468,8 +1467,8 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, val_2 = mpi_alloc_set_ui (2); value_n = (pbits - 1) / qbits; value_b = (pbits - 1) - value_n * qbits; - value_w = gcry_mpi_new (pbits); - value_x = gcry_mpi_new (pbits); + value_w = mpi_new (pbits); + value_x = mpi_new (pbits); restart: /* Generate Q. */ @@ -1479,7 +1478,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, if (!seed) { seedlen = sizeof seed_help_buffer; - gcry_create_nonce (seed_help_buffer, seedlen); + _gcry_create_nonce (seed_help_buffer, seedlen); seed = seed_help_buffer; } @@ -1491,15 +1490,15 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, if (seed_plus[i]) break; } - gcry_md_hash_buffer (GCRY_MD_SHA1, value_u, seed, seedlen); - gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + _gcry_md_hash_buffer (GCRY_MD_SHA1, value_u, seed, seedlen); + _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); for (i=0; i < sizeof value_u; i++) value_u[i] ^= digest[i]; /* Step 3: Form q from U */ - gcry_mpi_release (prime_q); prime_q = NULL; - ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, - value_u, sizeof value_u, NULL)); + _gcry_mpi_release (prime_q); prime_q = NULL; + ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, + value_u, sizeof value_u, NULL); if (ec) goto leave; mpi_set_highbit (prime_q, qbits-1 ); @@ -1518,7 +1517,7 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, counter = 0; /* Generate P. */ - prime_p = gcry_mpi_new (pbits); + prime_p = mpi_new (pbits); for (;;) { /* Step 7: For k = 0,...n let @@ -1544,11 +1543,11 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, if (seed_plus[i]) break; } - gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); - gcry_mpi_release (tmpval); tmpval = NULL; - ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, - digest, sizeof digest, NULL)); + _gcry_mpi_release (tmpval); tmpval = NULL; + ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, + digest, sizeof digest, NULL); if (ec) goto leave; if (value_k == value_n) @@ -1610,13 +1609,13 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, leave: - gcry_mpi_release (tmpval); - gcry_mpi_release (value_x); - gcry_mpi_release (value_w); - gcry_mpi_release (prime_p); - gcry_mpi_release (prime_q); + _gcry_mpi_release (tmpval); + _gcry_mpi_release (value_x); + _gcry_mpi_release (value_w); + _gcry_mpi_release (prime_p); + _gcry_mpi_release (prime_q); gcry_free (seed_plus); - gcry_mpi_release (val_2); + _gcry_mpi_release (val_2); return ec; } @@ -1681,11 +1680,11 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, return GPG_ERR_INV_KEYLEN; /* Also check that the hash algorithm is available. */ - ec = gpg_err_code (gcry_md_test_algo (hashalgo)); + ec = _gcry_md_test_algo (hashalgo); if (ec) return ec; gcry_assert (qbits/8 <= sizeof digest); - gcry_assert (gcry_md_get_algo_dlen (hashalgo) == qbits/8); + gcry_assert (_gcry_md_get_algo_dlen (hashalgo) == qbits/8); /* Step 2: Check seedlen. */ @@ -1704,8 +1703,8 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, goto leave; } val_2 = mpi_alloc_set_ui (2); - value_w = gcry_mpi_new (pbits); - value_x = gcry_mpi_new (pbits); + value_w = mpi_new (pbits); + value_x = mpi_new (pbits); /* Step 3: n = \lceil L / outlen \rceil - 1 */ value_n = (pbits + qbits - 1) / qbits - 1; @@ -1721,12 +1720,12 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, { seedlen = qbits/8; gcry_assert (seedlen <= sizeof seed_help_buffer); - gcry_create_nonce (seed_help_buffer, seedlen); + _gcry_create_nonce (seed_help_buffer, seedlen); seed = seed_help_buffer; } /* Step 6: U = hash(seed) */ - gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen); + _gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen); /* Step 7: q = 2^{N-1} + U + 1 - (U mod 2) */ if ( !(value_u[qbits/8-1] & 0x01) ) @@ -1738,9 +1737,9 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, break; } } - gcry_mpi_release (prime_q); prime_q = NULL; - ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, - value_u, sizeof value_u, NULL)); + _gcry_mpi_release (prime_q); prime_q = NULL; + ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, + value_u, sizeof value_u, NULL); if (ec) goto leave; mpi_set_highbit (prime_q, qbits-1 ); @@ -1761,7 +1760,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, counter = 0; /* Generate P. */ - prime_p = gcry_mpi_new (pbits); + prime_p = mpi_new (pbits); for (;;) { /* Step 11.1: For j = 0,...n let @@ -1785,11 +1784,11 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, if (seed_plus[i]) break; } - gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); - gcry_mpi_release (tmpval); tmpval = NULL; - ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, - digest, sizeof digest, NULL)); + _gcry_mpi_release (tmpval); tmpval = NULL; + ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, + digest, sizeof digest, NULL); if (ec) goto leave; if (value_j == value_n) @@ -1853,12 +1852,12 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, *r_hashalgo = hashalgo; leave: - gcry_mpi_release (tmpval); - gcry_mpi_release (value_x); - gcry_mpi_release (value_w); - gcry_mpi_release (prime_p); - gcry_mpi_release (prime_q); + _gcry_mpi_release (tmpval); + _gcry_mpi_release (value_x); + _gcry_mpi_release (value_w); + _gcry_mpi_release (prime_p); + _gcry_mpi_release (prime_q); gcry_free (seed_plus); - gcry_mpi_release (val_2); + _gcry_mpi_release (val_2); return ec; } diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 3e0b5ef2..7f3fd824 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -62,9 +62,9 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list, int flags = 0; int igninvflag = 0; - for (i=list?gcry_sexp_length (list)-1:0; i > 0; i--) + for (i = list ? sexp_length (list)-1 : 0; i > 0; i--) { - s = gcry_sexp_nth_data (list, i, &n); + s = sexp_nth_data (list, i, &n); if (!s) continue; /* Not a data element. */ @@ -225,7 +225,7 @@ get_hash_algo (const char *s, size_t n) { memcpy (tmpname, s, n); tmpname[n] = 0; - algo = gcry_md_map_name (tmpname); + algo = _gcry_md_map_name (tmpname); gcry_free (tmpname); } } @@ -259,21 +259,21 @@ _gcry_pk_util_get_nbits (gcry_sexp_t list, unsigned int *r_nbits) *r_nbits = 0; - list = gcry_sexp_find_token (list, "nbits", 0); + list = sexp_find_token (list, "nbits", 0); if (!list) return 0; /* No NBITS found. */ - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s || n >= DIM (buf) - 1 ) { /* NBITS given without a cdr. */ - gcry_sexp_release (list); + sexp_release (list); return GPG_ERR_INV_OBJ; } memcpy (buf, s, n); buf[n] = 0; *r_nbits = (unsigned int)strtoul (buf, NULL, 0); - gcry_sexp_release (list); + sexp_release (list); return 0; } @@ -306,24 +306,24 @@ _gcry_pk_util_get_rsa_use_e (gcry_sexp_t list, unsigned long *r_e) *r_e = 0; - list = gcry_sexp_find_token (list, "rsa-use-e", 0); + list = sexp_find_token (list, "rsa-use-e", 0); if (!list) { *r_e = 65537; /* Not given, use the value generated by old versions. */ return 0; } - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s || n >= DIM (buf) - 1 ) { /* No value or value too large. */ - gcry_sexp_release (list); + sexp_release (list); return GPG_ERR_INV_OBJ; } memcpy (buf, s, n); buf[n] = 0; *r_e = strtoul (buf, NULL, 0); - gcry_sexp_release (list); + sexp_release (list); return 0; } @@ -350,20 +350,20 @@ _gcry_pk_util_preparse_sigval (gcry_sexp_t s_sig, const char **algo_names, *r_eccflags = 0; /* Extract the signature value. */ - l1 = gcry_sexp_find_token (s_sig, "sig-val", 0); + l1 = sexp_find_token (s_sig, "sig-val", 0); if (!l1) { rc = GPG_ERR_INV_OBJ; /* Does not contain a signature value object. */ goto leave; } - l2 = gcry_sexp_nth (l1, 1); + l2 = sexp_nth (l1, 1); if (!l2) { rc = GPG_ERR_NO_OBJ; /* No cadr for the sig object. */ goto leave; } - name = _gcry_sexp_nth_string (l2, 0); + name = sexp_nth_string (l2, 0); if (!name) { rc = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ @@ -374,15 +374,15 @@ _gcry_pk_util_preparse_sigval (gcry_sexp_t s_sig, const char **algo_names, /* Skip a "flags" parameter and look again for the algorithm name. This is not used but here just for the sake of consistent S-expressions we need to handle it. */ - gcry_sexp_release (l2); - l2 = gcry_sexp_nth (l1, 2); + sexp_release (l2); + l2 = sexp_nth (l1, 2); if (!l2) { rc = GPG_ERR_INV_OBJ; goto leave; } gcry_free (name); - name = _gcry_sexp_nth_string (l2, 0); + name = sexp_nth_string (l2, 0); if (!name) { rc = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ @@ -412,8 +412,8 @@ _gcry_pk_util_preparse_sigval (gcry_sexp_t s_sig, const char **algo_names, leave: gcry_free (name); - gcry_sexp_release (l2); - gcry_sexp_release (l1); + sexp_release (l2); + sexp_release (l1); return rc; } @@ -453,14 +453,14 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, *r_parms = NULL; /* Check that the first element is valid. */ - l1 = gcry_sexp_find_token (sexp, "enc-val" , 0); + l1 = sexp_find_token (sexp, "enc-val" , 0); if (!l1) { rc = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object. */ goto leave; } - l2 = gcry_sexp_nth (l1, 1); + l2 = sexp_nth (l1, 1); if (!l2) { rc = GPG_ERR_NO_OBJ; /* No cadr for the data object. */ @@ -468,7 +468,7 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, } /* Extract identifier of sublist. */ - name = _gcry_sexp_nth_string (l2, 0); + name = sexp_nth_string (l2, 0); if (!name) { rc = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ @@ -493,11 +493,11 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, if (ctx->encoding == PUBKEY_ENC_OAEP) { /* Get HASH-ALGO. */ - gcry_sexp_release (l2); - l2 = gcry_sexp_find_token (l1, "hash-algo", 0); + sexp_release (l2); + l2 = sexp_find_token (l1, "hash-algo", 0); if (l2) { - s = gcry_sexp_nth_data (l2, 1, &n); + s = sexp_nth_data (l2, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else @@ -511,11 +511,11 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, } /* Get LABEL. */ - gcry_sexp_release (l2); - l2 = gcry_sexp_find_token (l1, "label", 0); + sexp_release (l2); + l2 = sexp_find_token (l1, "label", 0); if (l2) { - s = gcry_sexp_nth_data (l2, 1, &n); + s = sexp_nth_data (l2, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else if (n > 0) @@ -535,9 +535,9 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, } /* Get the next which has the actual data - skip HASH-ALGO and LABEL. */ - for (i = 2; (gcry_sexp_release (l2), l2 = gcry_sexp_nth (l1, i)); i++) + for (i = 2; (sexp_release (l2), l2 = sexp_nth (l1, i)); i++) { - s = gcry_sexp_nth_data (l2, 0, &n); + s = sexp_nth_data (l2, 0, &n); if (!(n == 9 && !memcmp (s, "hash-algo", 9)) && !(n == 5 && !memcmp (s, "label", 5)) && !(n == 15 && !memcmp (s, "random-override", 15))) @@ -551,7 +551,7 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, /* Extract sublist identifier. */ gcry_free (name); - name = _gcry_sexp_nth_string (l2, 0); + name = sexp_nth_string (l2, 0); if (!name) { rc = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ @@ -577,8 +577,8 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names, leave: gcry_free (name); - gcry_sexp_release (l2); - gcry_sexp_release (l1); + sexp_release (l2); + sexp_release (l1); return rc; } @@ -650,22 +650,22 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, int parsed_flags = 0; *ret_mpi = NULL; - ldata = gcry_sexp_find_token (input, "data", 0); + ldata = sexp_find_token (input, "data", 0); if (!ldata) { /* assume old style */ - *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0); + *ret_mpi = sexp_nth_mpi (input, 0, 0); return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ; } /* See whether there is a flags list. */ { - gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0); + gcry_sexp_t lflags = sexp_find_token (ldata, "flags", 0); if (lflags) { if (_gcry_pk_util_parse_flaglist (lflags, &parsed_flags, &ctx->encoding)) unknown_flag = 1; - gcry_sexp_release (lflags); + sexp_release (lflags); } } @@ -673,8 +673,8 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, ctx->encoding = PUBKEY_ENC_RAW; /* default to raw */ /* Get HASH or MPI */ - lhash = gcry_sexp_find_token (ldata, "hash", 0); - lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0); + lhash = sexp_find_token (ldata, "hash", 0); + lvalue = lhash? NULL : sexp_find_token (ldata, "value", 0); if (!(!lhash ^ !lvalue)) rc = GPG_ERR_INV_OBJ; /* none or both given */ @@ -694,10 +694,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, goto leave; } /* Get HASH-ALGO. */ - list = gcry_sexp_find_token (ldata, "hash-algo", 0); + list = sexp_find_token (ldata, "hash-algo", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else @@ -706,7 +706,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, if (!ctx->hash_algo) rc = GPG_ERR_DIGEST_ALGO; } - gcry_sexp_release (list); + sexp_release (list); } else rc = GPG_ERR_INV_OBJ; @@ -714,7 +714,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, goto leave; /* Get VALUE. */ - value = gcry_sexp_nth_buffer (lvalue, 1, &valuelen); + value = sexp_nth_buffer (lvalue, 1, &valuelen); if (!value) { /* We assume that a zero length message is meant by @@ -734,7 +734,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, goto leave; /* Note that mpi_set_opaque takes ownership of VALUE. */ - *ret_mpi = gcry_mpi_set_opaque (NULL, value, valuelen*8); + *ret_mpi = mpi_set_opaque (NULL, value, valuelen*8); } else if (ctx->encoding == PUBKEY_ENC_RAW && lhash && ((parsed_flags & PUBKEY_FLAG_RAW_FLAG) @@ -744,9 +744,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, used for DSA. For better backward error compatibility we allow this only if either the rfc6979 flag has been given or the raw flags was explicitly given. */ - if (gcry_sexp_length (lhash) != 3) + if (sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; - else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n ) + else if ( !(s=sexp_nth_data (lhash, 1, &n)) || !n ) rc = GPG_ERR_INV_OBJ; else { @@ -756,7 +756,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, ctx->hash_algo = get_hash_algo (s, n); if (!ctx->hash_algo) rc = GPG_ERR_DIGEST_ALGO; - else if (!(value=gcry_sexp_nth_buffer (lhash, 2, &valuelen))) + else if (!(value=sexp_nth_buffer (lhash, 2, &valuelen))) rc = GPG_ERR_INV_OBJ; else if ((valuelen * 8) < valuelen) { @@ -764,7 +764,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, rc = GPG_ERR_TOO_LARGE; } else - *ret_mpi = gcry_mpi_set_opaque (NULL, value, valuelen*8); + *ret_mpi = mpi_set_opaque (NULL, value, valuelen*8); } } else if (ctx->encoding == PUBKEY_ENC_RAW && lvalue) @@ -778,7 +778,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, } /* Get the value */ - *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, GCRYMPI_FMT_USG); + *ret_mpi = sexp_nth_mpi (lvalue, 1, GCRYMPI_FMT_USG); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ; } @@ -791,15 +791,15 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, void *random_override = NULL; size_t random_override_len = 0; - if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) + if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else { /* Get optional RANDOM-OVERRIDE. */ - list = gcry_sexp_find_token (ldata, "random-override", 0); + list = sexp_find_token (ldata, "random-override", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else if (n > 0) @@ -813,7 +813,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, random_override_len = n; } } - gcry_sexp_release (list); + sexp_release (list); if (rc) goto leave; } @@ -828,9 +828,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, else if (ctx->encoding == PUBKEY_ENC_PKCS1 && lhash && (ctx->op == PUBKEY_OP_SIGN || ctx->op == PUBKEY_OP_VERIFY)) { - if (gcry_sexp_length (lhash) != 3) + if (sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; - else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n ) + else if ( !(s=sexp_nth_data (lhash, 1, &n)) || !n ) rc = GPG_ERR_INV_OBJ; else { @@ -841,7 +841,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, if (!ctx->hash_algo) rc = GPG_ERR_DIGEST_ALGO; - else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen)) + else if ( !(value=sexp_nth_data (lhash, 2, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else @@ -856,7 +856,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; - if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) + if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else { @@ -865,10 +865,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, size_t random_override_len = 0; /* Get HASH-ALGO. */ - list = gcry_sexp_find_token (ldata, "hash-algo", 0); + list = sexp_find_token (ldata, "hash-algo", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else @@ -877,16 +877,16 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, if (!ctx->hash_algo) rc = GPG_ERR_DIGEST_ALGO; } - gcry_sexp_release (list); + sexp_release (list); if (rc) goto leave; } /* Get LABEL. */ - list = gcry_sexp_find_token (ldata, "label", 0); + list = sexp_find_token (ldata, "label", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else if (n > 0) @@ -900,15 +900,15 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, ctx->labellen = n; } } - gcry_sexp_release (list); + sexp_release (list); if (rc) goto leave; } /* Get optional RANDOM-OVERRIDE. */ - list = gcry_sexp_find_token (ldata, "random-override", 0); + list = sexp_find_token (ldata, "random-override", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else if (n > 0) @@ -922,7 +922,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, random_override_len = n; } } - gcry_sexp_release (list); + sexp_release (list); if (rc) goto leave; } @@ -938,9 +938,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, else if (ctx->encoding == PUBKEY_ENC_PSS && lhash && ctx->op == PUBKEY_OP_SIGN) { - if (gcry_sexp_length (lhash) != 3) + if (sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; - else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n ) + else if ( !(s=sexp_nth_data (lhash, 1, &n)) || !n ) rc = GPG_ERR_INV_OBJ; else { @@ -953,7 +953,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, if (!ctx->hash_algo) rc = GPG_ERR_DIGEST_ALGO; - else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen)) + else if ( !(value=sexp_nth_data (lhash, 2, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else @@ -961,24 +961,24 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, gcry_sexp_t list; /* Get SALT-LENGTH. */ - list = gcry_sexp_find_token (ldata, "salt-length", 0); + list = sexp_find_token (ldata, "salt-length", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) { rc = GPG_ERR_NO_OBJ; goto leave; } ctx->saltlen = (unsigned int)strtoul (s, NULL, 10); - gcry_sexp_release (list); + sexp_release (list); } /* Get optional RANDOM-OVERRIDE. */ - list = gcry_sexp_find_token (ldata, "random-override", 0); + list = sexp_find_token (ldata, "random-override", 0); if (list) { - s = gcry_sexp_nth_data (list, 1, &n); + s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; else if (n > 0) @@ -992,7 +992,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, random_override_len = n; } } - gcry_sexp_release (list); + sexp_release (list); if (rc) goto leave; } @@ -1010,9 +1010,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, else if (ctx->encoding == PUBKEY_ENC_PSS && lhash && ctx->op == PUBKEY_OP_VERIFY) { - if (gcry_sexp_length (lhash) != 3) + if (sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; - else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n ) + else if ( !(s=sexp_nth_data (lhash, 1, &n)) || !n ) rc = GPG_ERR_INV_OBJ; else { @@ -1022,7 +1022,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, rc = GPG_ERR_DIGEST_ALGO; else { - *ret_mpi = gcry_sexp_nth_mpi (lhash, 2, GCRYMPI_FMT_USG); + *ret_mpi = sexp_nth_mpi (lhash, 2, GCRYMPI_FMT_USG); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ; ctx->verify_cmp = pss_verify_cmp; @@ -1034,9 +1034,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, rc = GPG_ERR_CONFLICT; leave: - gcry_sexp_release (ldata); - gcry_sexp_release (lhash); - gcry_sexp_release (lvalue); + sexp_release (ldata); + sexp_release (lhash); + sexp_release (lvalue); if (!rc) ctx->flags = parsed_flags; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index c1d8bbc6..e89fa950 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -137,34 +137,33 @@ spec_from_sexp (gcry_sexp_t sexp, int want_private, public key but a private key was supplied, we allow the use of the private key anyway. The rationale for this is that the private key is a superset of the public key. */ - list = gcry_sexp_find_token (sexp, - want_private? "private-key":"public-key", 0); + list = sexp_find_token (sexp, want_private? "private-key":"public-key", 0); if (!list && !want_private) - list = gcry_sexp_find_token (sexp, "private-key", 0); + list = sexp_find_token (sexp, "private-key", 0); if (!list) return GPG_ERR_INV_OBJ; /* Does not contain a key object. */ - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); + l2 = sexp_cadr (list); + sexp_release (list); list = l2; - name = _gcry_sexp_nth_string (list, 0); + name = sexp_nth_string (list, 0); if (!name) { - gcry_sexp_release ( list ); + sexp_release ( list ); return GPG_ERR_INV_OBJ; /* Invalid structure of object. */ } spec = spec_from_name (name); gcry_free (name); if (!spec) { - gcry_sexp_release (list); + sexp_release (list); return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ } *r_spec = spec; if (r_parms) *r_parms = list; else - gcry_sexp_release (list); + sexp_release (list); return 0; } @@ -187,7 +186,7 @@ disable_pubkey_algo (int algo) * Map a string to the pubkey algo */ int -gcry_pk_map_name (const char *string) +_gcry_pk_map_name (const char *string) { gcry_pk_spec_t *spec; @@ -206,7 +205,7 @@ gcry_pk_map_name (const char *string) a string representation of the algorithm name. For unknown algorithm IDs this functions returns "?". */ const char * -gcry_pk_algo_name (int algo) +_gcry_pk_algo_name (int algo) { gcry_pk_spec_t *spec; @@ -312,8 +311,8 @@ pubkey_get_nenc (int algo) )) */ -gcry_error_t -gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) +gcry_err_code_t +_gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -331,8 +330,8 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (keyparms); - return gcry_error (rc); + sexp_release (keyparms); + return rc; } @@ -364,8 +363,8 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) With pkcs1 or oaep decoding enabled the returned value is a verbatim octet string. */ -gcry_error_t -gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) +gcry_err_code_t +_gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -383,8 +382,8 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (keyparms); - return gcry_error (rc); + sexp_release (keyparms); + return rc; } @@ -417,8 +416,8 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) Note that (hash algo) in R_SIG is not used. */ -gcry_error_t -gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) +gcry_err_code_t +_gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -436,8 +435,8 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (keyparms); - return gcry_error (rc); + sexp_release (keyparms); + return rc; } @@ -448,8 +447,8 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) hashvalue data. Public key has to be a standard public key given as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data must be an S-Exp like the one in sign too. */ -gcry_error_t -gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) +gcry_err_code_t +_gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -465,8 +464,8 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (keyparms); - return gcry_error (rc); + sexp_release (keyparms); + return rc; } @@ -479,8 +478,8 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) Returns: 0 or an errorcode. NOTE: We currently support only secret key checking. */ -gcry_error_t -gcry_pk_testkey (gcry_sexp_t s_key) +gcry_err_code_t +_gcry_pk_testkey (gcry_sexp_t s_key) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -496,8 +495,8 @@ gcry_pk_testkey (gcry_sexp_t s_key) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (keyparms); - return gcry_error (rc); + sexp_release (keyparms); + return rc; } @@ -534,8 +533,8 @@ gcry_pk_testkey (gcry_sexp_t s_key) (pm1-factors n1 n2 ... nn) )) */ -gcry_error_t -gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) +gcry_err_code_t +_gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) { gcry_pk_spec_t *spec = NULL; gcry_sexp_t list = NULL; @@ -545,15 +544,15 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) *r_key = NULL; - list = gcry_sexp_find_token (s_parms, "genkey", 0); + list = sexp_find_token (s_parms, "genkey", 0); if (!list) { rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */ goto leave; } - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); + l2 = sexp_cadr (list); + sexp_release (list); list = l2; l2 = NULL; if (! list) @@ -584,11 +583,11 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) rc = GPG_ERR_NOT_IMPLEMENTED; leave: - gcry_sexp_release (list); + sexp_release (list); gcry_free (name); - gcry_sexp_release (l2); + sexp_release (l2); - return gcry_error (rc); + return rc; } @@ -598,7 +597,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) Hmmm: Should we have really this function or is it better to have a more general function to retrieve different properties of the key? */ unsigned int -gcry_pk_get_nbits (gcry_sexp_t key) +_gcry_pk_get_nbits (gcry_sexp_t key) { gcry_pk_spec_t *spec; gcry_sexp_t parms; @@ -614,7 +613,7 @@ gcry_pk_get_nbits (gcry_sexp_t key) return 0; /* Error - 0 is a suitable indication for that. */ nbits = spec->get_nbits (parms); - gcry_sexp_release (parms); + sexp_release (parms); return nbits; } @@ -627,7 +626,7 @@ gcry_pk_get_nbits (gcry_sexp_t key) NULL is returned to indicate an error which is most likely an unknown algorithm. The function accepts public or secret keys. */ unsigned char * -gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) +_gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) { gcry_sexp_t list = NULL; gcry_sexp_t l2 = NULL; @@ -640,18 +639,18 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) int okay = 0; /* Check that the first element is valid. */ - list = gcry_sexp_find_token (key, "public-key", 0); + list = sexp_find_token (key, "public-key", 0); if (! list) - list = gcry_sexp_find_token (key, "private-key", 0); + list = sexp_find_token (key, "private-key", 0); if (! list) - list = gcry_sexp_find_token (key, "protected-private-key", 0); + list = sexp_find_token (key, "protected-private-key", 0); if (! list) - list = gcry_sexp_find_token (key, "shadowed-private-key", 0); + list = sexp_find_token (key, "shadowed-private-key", 0); if (! list) return NULL; /* No public- or private-key object. */ - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); + l2 = sexp_cadr (list); + sexp_release (list); list = l2; l2 = NULL; @@ -667,7 +666,7 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) if (!elems) goto fail; /* No grip parameter. */ - if (gcry_md_open (&md, GCRY_MD_SHA1, 0)) + if (_gcry_md_open (&md, GCRY_MD_SHA1, 0)) goto fail; if (spec->comp_keygrip) @@ -685,19 +684,19 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) size_t datalen; char buf[30]; - l2 = gcry_sexp_find_token (list, s, 1); + l2 = sexp_find_token (list, s, 1); if (! l2) goto fail; - data = gcry_sexp_nth_data (l2, 1, &datalen); + data = sexp_nth_data (l2, 1, &datalen); if (! data) goto fail; snprintf (buf, sizeof buf, "(1:%c%u:", *s, (unsigned int)datalen); - gcry_md_write (md, buf, strlen (buf)); - gcry_md_write (md, data, datalen); - gcry_sexp_release (l2); + _gcry_md_write (md, buf, strlen (buf)); + _gcry_md_write (md, data, datalen); + sexp_release (l2); l2 = NULL; - gcry_md_write (md, ")", 1); + _gcry_md_write (md, ")", 1); } } @@ -708,21 +707,21 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) goto fail; } - memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20); + memcpy (array, _gcry_md_read (md, GCRY_MD_SHA1), 20); okay = 1; fail: gcry_free (name); - gcry_sexp_release (l2); - gcry_md_close (md); - gcry_sexp_release (list); + sexp_release (l2); + _gcry_md_close (md); + sexp_release (list); return okay? array : NULL; } const char * -gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) +_gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) { const char *result = NULL; gcry_pk_spec_t *spec; @@ -748,14 +747,14 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) if (spec->get_curve) result = spec->get_curve (keyparms, iterator, r_nbits); - gcry_sexp_release (keyparms); + sexp_release (keyparms); return result; } gcry_sexp_t -gcry_pk_get_param (int algo, const char *name) +_gcry_pk_get_param (int algo, const char *name) { gcry_sexp_t result = NULL; gcry_pk_spec_t *spec = NULL; @@ -776,10 +775,10 @@ gcry_pk_get_param (int algo, const char *name) -gcry_error_t -gcry_pk_ctl (int cmd, void *buffer, size_t buflen) +gcry_err_code_t +_gcry_pk_ctl (int cmd, void *buffer, size_t buflen) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; switch (cmd) { @@ -787,16 +786,16 @@ gcry_pk_ctl (int cmd, void *buffer, size_t buflen) /* This one expects a buffer pointing to an integer with the algo number. */ if ((! buffer) || (buflen != sizeof (int))) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else disable_pubkey_algo (*((int *) buffer)); break; default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } @@ -821,10 +820,10 @@ gcry_pk_ctl (int cmd, void *buffer, size_t buflen) the return value. The caller will in all cases consult the value and thereby detecting whether a error occurred or not (i.e. while checking the block size) */ -gcry_error_t -gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) +gcry_err_code_t +_gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; switch (what) { @@ -832,9 +831,9 @@ gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) { int use = nbytes ? *nbytes : 0; if (buffer) - err = GPG_ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; else if (check_pubkey_algo (algorithm, use)) - err = GPG_ERR_PUBKEY_ALGO; + rc = GPG_ERR_PUBKEY_ALGO; break; } @@ -877,10 +876,10 @@ gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) } default: - err = GPG_ERR_INV_OP; + rc = GPG_ERR_INV_OP; } - return gcry_error (err); + return rc; } diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c index b1b212fd..65b007f1 100644 --- a/cipher/rsa-common.c +++ b/cipher/rsa-common.c @@ -73,7 +73,6 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits, size_t random_override_len) { gcry_err_code_t rc = 0; - gcry_error_t err; unsigned char *frame = NULL; size_t nframe = (nbits+7) / 8; int i; @@ -116,7 +115,7 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits, } else { - p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM); + p = _gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM); /* Replace zero bytes by new values. */ for (;;) { @@ -133,7 +132,7 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits, break; /* Okay: no (more) zero bytes. */ k += k/128 + 3; /* Better get some more. */ - pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM); + pp = _gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM); for (j=0; j < i && k; ) { if (!p[j]) @@ -153,10 +152,8 @@ _gcry_rsa_pkcs1_encode_for_enc (gcry_mpi_t *r_result, unsigned int nbits, n += valuelen; gcry_assert (n == nframe); - err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe); - if (err) - rc = gcry_err_code (err); - else if (DBG_CIPHER) + rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe); + if (!rc &&DBG_CIPHER) log_mpidump ("PKCS#1 block type 2 encoded data", *r_result); gcry_free (frame); @@ -182,7 +179,7 @@ _gcry_rsa_pkcs1_decode_for_enc (unsigned char **r_result, size_t *r_resultlen, if ( !(frame = gcry_malloc_secure (nframe))) return gpg_err_code_from_syserror (); - err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value); + err = _gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value); if (err) { gcry_free (frame); @@ -265,7 +262,6 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits, int algo) { gcry_err_code_t rc = 0; - gcry_error_t err; byte asn[100]; byte *frame = NULL; size_t nframe = (nbits+7) / 8; @@ -274,9 +270,9 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits, size_t asnlen, dlen; asnlen = DIM(asn); - dlen = gcry_md_get_algo_dlen (algo); + dlen = _gcry_md_get_algo_dlen (algo); - if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) + if (_gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) { /* We don't have yet all of the above algorithms. */ return GPG_ERR_NOT_IMPLEMENTED; @@ -315,10 +311,8 @@ _gcry_rsa_pkcs1_encode_for_sig (gcry_mpi_t *r_result, unsigned int nbits, gcry_assert (n == nframe); /* Convert it into an MPI. */ - err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe); - if (err) - rc = gcry_err_code (err); - else if (DBG_CIPHER) + rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe); + if (!rc && DBG_CIPHER) log_mpidump ("PKCS#1 block type 1 encoded data", *r_result); gcry_free (frame); @@ -336,11 +330,11 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen, gcry_md_hd_t hd; gcry_error_t err; - err = gcry_md_open (&hd, algo, 0); + err = _gcry_md_open (&hd, algo, 0); if (err) - return gpg_err_code (err); + return err; - dlen = gcry_md_get_algo_dlen (algo); + dlen = _gcry_md_get_algo_dlen (algo); /* We skip step 1 which would be assert(OUTLEN <= 2^32). The loop in step 3 is merged with step 4 by concatenating no more octets @@ -353,7 +347,7 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen, unsigned char c[4], *digest; if (idx) - gcry_md_reset (hd); + _gcry_md_reset (hd); c[0] = (idx >> 24) & 0xFF; c[1] = (idx >> 16) & 0xFF; @@ -361,16 +355,16 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen, c[3] = idx & 0xFF; idx++; - gcry_md_write (hd, seed, seedlen); - gcry_md_write (hd, c, 4); - digest = gcry_md_read (hd, 0); + _gcry_md_write (hd, seed, seedlen); + _gcry_md_write (hd, c, 4); + digest = _gcry_md_read (hd, 0); n = (outlen - nbytes < dlen)? (outlen - nbytes) : dlen; memcpy (output+nbytes, digest, n); nbytes += n; } - gcry_md_close (hd); + _gcry_md_close (hd); return GPG_ERR_NO_ERROR; } @@ -413,7 +407,6 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, const void *random_override, size_t random_override_len) { gcry_err_code_t rc = 0; - gcry_error_t err; unsigned char *frame = NULL; size_t nframe = (nbits+7) / 8; unsigned char *p; @@ -429,7 +422,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, labellen = 0; } - hlen = gcry_md_get_algo_dlen (algo); + hlen = _gcry_md_get_algo_dlen (algo); /* We skip step 1a which would be to check that LABELLEN is not greater than 2^61-1. See rfc-3447 7.1.1. */ @@ -449,7 +442,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, /* Step 2a: Compute the hash of the label. We store it in the frame where later the maskedDB will commence. */ - gcry_md_hash_buffer (algo, frame + 1 + hlen, label, labellen); + _gcry_md_hash_buffer (algo, frame + 1 + hlen, label, labellen); /* Step 2b: Set octet string to zero. */ /* This has already been done while allocating FRAME. */ @@ -471,7 +464,7 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, memcpy (frame + 1, random_override, hlen); } else - gcry_randomize (frame + 1, hlen, GCRY_STRONG_RANDOM); + _gcry_randomize (frame + 1, hlen, GCRY_STRONG_RANDOM); /* Step 2e and 2f: Create maskedDB. */ { @@ -523,10 +516,8 @@ _gcry_rsa_oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, /* This has already been done by using in-place operations. */ /* Convert the stuff into an MPI as expected by the caller. */ - err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, nframe, NULL); - if (err) - rc = gcry_err_code (err); - else if (DBG_CIPHER) + rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, nframe, NULL); + if (!rc && DBG_CIPHER) log_mpidump ("OAEP encoded data", *r_result); gcry_free (frame); @@ -574,13 +565,13 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen, } /* Get the length of the digest. */ - hlen = gcry_md_get_algo_dlen (algo); + hlen = _gcry_md_get_algo_dlen (algo); /* Hash the label right away. */ lhash = gcry_malloc (hlen); if (!lhash) return gpg_err_code_from_syserror (); - gcry_md_hash_buffer (algo, lhash, label, labellen); + _gcry_md_hash_buffer (algo, lhash, label, labellen); /* Turn the MPI into an octet string. If the octet string is shorter than the key we pad it to the left with zeroes. This may @@ -725,7 +716,6 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, const void *random_override, size_t random_override_len) { gcry_err_code_t rc = 0; - gcry_error_t err; size_t hlen; /* Length of the hash digest. */ unsigned char *em = NULL; /* Encoded message. */ size_t emlen = (nbits+7)/8; /* Length in bytes of EM. */ @@ -741,7 +731,7 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, /* This code is implemented as described by rfc-3447 9.1.1. */ /* Get the length of the digest. */ - hlen = gcry_md_get_algo_dlen (algo); + hlen = _gcry_md_get_algo_dlen (algo); gcry_assert (hlen); /* We expect a valid ALGO here. */ /* Allocate a help buffer and setup some pointers. */ @@ -794,12 +784,12 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, memcpy (salt, random_override, saltlen); } else - gcry_randomize (salt, saltlen, GCRY_STRONG_RANDOM); + _gcry_randomize (salt, saltlen, GCRY_STRONG_RANDOM); } /* Step 5 and 6: M' = Hash(Padding1 || mHash || salt). */ memset (buf, 0, 8); /* Padding. */ - gcry_md_hash_buffer (algo, h, buf, 8 + hlen + saltlen); + _gcry_md_hash_buffer (algo, h, buf, 8 + hlen + saltlen); /* Step 7 and 8: DB = PS || 0x01 || salt. */ /* Note that we use EM to store DB and later Xor in-place. */ @@ -822,10 +812,8 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, em[emlen-1] = 0xbc; /* Convert EM into an MPI. */ - err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, em, emlen, NULL); - if (err) - rc = gcry_err_code (err); - else if (DBG_CIPHER) + rc = _gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, em, emlen, NULL); + if (!rc && DBG_CIPHER) log_mpidump ("PSS encoded data", *r_result); leave: @@ -869,7 +857,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded, /* This code is implemented as described by rfc-3447 9.1.2. */ /* Get the length of the digest. */ - hlen = gcry_md_get_algo_dlen (algo); + hlen = _gcry_md_get_algo_dlen (algo); gcry_assert (hlen); /* We expect a valid ALGO here. */ /* Allocate a help buffer and setup some pointers. @@ -965,7 +953,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded, memcpy (buf+8+hlen, salt, saltlen); /* Step 13: H' = Hash(M'). */ - gcry_md_hash_buffer (algo, buf, buf, 8 + hlen + saltlen); + _gcry_md_hash_buffer (algo, buf, buf, 8 + hlen + saltlen); /* Step 14: Check H == H'. */ rc = memcmp (h, buf, hlen) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR; diff --git a/cipher/rsa.c b/cipher/rsa.c index fed52a1f..a40edaa6 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -107,56 +107,56 @@ test_keys (RSA_secret_key *sk, unsigned int nbits) { int result = -1; /* Default to failure. */ RSA_public_key pk; - gcry_mpi_t plaintext = gcry_mpi_new (nbits); - gcry_mpi_t ciphertext = gcry_mpi_new (nbits); - gcry_mpi_t decr_plaintext = gcry_mpi_new (nbits); - gcry_mpi_t signature = gcry_mpi_new (nbits); + gcry_mpi_t plaintext = mpi_new (nbits); + gcry_mpi_t ciphertext = mpi_new (nbits); + gcry_mpi_t decr_plaintext = mpi_new (nbits); + gcry_mpi_t signature = mpi_new (nbits); /* Put the relevant parameters into a public key structure. */ pk.n = sk->n; pk.e = sk->e; /* Create a random plaintext. */ - gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); + _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); /* Encrypt using the public key. */ public (ciphertext, plaintext, &pk); /* Check that the cipher text does not match the plaintext. */ - if (!gcry_mpi_cmp (ciphertext, plaintext)) + if (!mpi_cmp (ciphertext, plaintext)) goto leave; /* Ciphertext is identical to the plaintext. */ /* Decrypt using the secret key. */ secret (decr_plaintext, ciphertext, sk); /* Check that the decrypted plaintext matches the original plaintext. */ - if (gcry_mpi_cmp (decr_plaintext, plaintext)) + if (mpi_cmp (decr_plaintext, plaintext)) goto leave; /* Plaintext does not match. */ /* Create another random plaintext as data for signature checking. */ - gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); + _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); /* Use the RSA secret function to create a signature of the plaintext. */ secret (signature, plaintext, sk); /* Use the RSA public function to verify this signature. */ public (decr_plaintext, signature, &pk); - if (gcry_mpi_cmp (decr_plaintext, plaintext)) + if (mpi_cmp (decr_plaintext, plaintext)) goto leave; /* Signature does not match. */ /* Modify the signature and check that the signing fails. */ - gcry_mpi_add_ui (signature, signature, 1); + mpi_add_ui (signature, signature, 1); public (decr_plaintext, signature, &pk); - if (!gcry_mpi_cmp (decr_plaintext, plaintext)) + if (!mpi_cmp (decr_plaintext, plaintext)) goto leave; /* Signature matches but should not. */ result = 0; /* All tests succeeded. */ leave: - gcry_mpi_release (signature); - gcry_mpi_release (decr_plaintext); - gcry_mpi_release (ciphertext); - gcry_mpi_release (plaintext); + _gcry_mpi_release (signature); + _gcry_mpi_release (decr_plaintext); + _gcry_mpi_release (ciphertext); + _gcry_mpi_release (plaintext); return result; } @@ -172,8 +172,8 @@ check_exponent (void *arg, gcry_mpi_t a) mpi_sub_ui (a, a, 1); tmp = _gcry_mpi_alloc_like (a); - result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */ - gcry_mpi_release (tmp); + result = !mpi_gcd(tmp, e, a); /* GCD is not 1. */ + _gcry_mpi_release (tmp); mpi_add_ui (a, a, 1); return result; } @@ -239,16 +239,16 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, mpi_set_ui (e, use_e); } - n = gcry_mpi_new (nbits); + n = mpi_new (nbits); p = q = NULL; do { /* select two (very secret) primes */ if (p) - gcry_mpi_release (p); + _gcry_mpi_release (p); if (q) - gcry_mpi_release (q); + _gcry_mpi_release (q); if (use_e) { /* Do an extra test to ensure that the given exponent is suitable. */ @@ -272,16 +272,16 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, /* calculate Euler totient: phi = (p-1)(q-1) */ t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); - phi = gcry_mpi_snew ( nbits ); - g = gcry_mpi_snew ( nbits ); - f = gcry_mpi_snew ( nbits ); + phi = mpi_snew ( nbits ); + g = mpi_snew ( nbits ); + f = mpi_snew ( nbits ); mpi_sub_ui( t1, p, 1 ); mpi_sub_ui( t2, q, 1 ); mpi_mul( phi, t1, t2 ); - gcry_mpi_gcd(g, t1, t2); + mpi_gcd (g, t1, t2); mpi_fdiv_q(f, phi, g); - while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */ + while (!mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */ { if (use_e) BUG (); /* The prime generator already made sure that we @@ -290,10 +290,10 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, } /* calculate the secret key d = e^1 mod phi */ - d = gcry_mpi_snew ( nbits ); - mpi_invm(d, e, f ); + d = mpi_snew ( nbits ); + mpi_invm (d, e, f ); /* calculate the inverse of p and q (used for chinese remainder theorem)*/ - u = gcry_mpi_snew ( nbits ); + u = mpi_snew ( nbits ); mpi_invm(u, p, q ); if( DBG_CIPHER ) @@ -309,11 +309,11 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, log_mpidump(" u= ", u ); } - gcry_mpi_release (t1); - gcry_mpi_release (t2); - gcry_mpi_release (phi); - gcry_mpi_release (f); - gcry_mpi_release (g); + _gcry_mpi_release (t1); + _gcry_mpi_release (t2); + _gcry_mpi_release (phi); + _gcry_mpi_release (f); + _gcry_mpi_release (g); sk->n = n; sk->e = e; @@ -325,12 +325,12 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, /* Now we can test our keys. */ if (test_keys (sk, nbits - 64)) { - gcry_mpi_release (sk->n); sk->n = NULL; - gcry_mpi_release (sk->e); sk->e = NULL; - gcry_mpi_release (sk->p); sk->p = NULL; - gcry_mpi_release (sk->q); sk->q = NULL; - gcry_mpi_release (sk->d); sk->d = NULL; - gcry_mpi_release (sk->u); sk->u = NULL; + _gcry_mpi_release (sk->n); sk->n = NULL; + _gcry_mpi_release (sk->e); sk->e = NULL; + _gcry_mpi_release (sk->p); sk->p = NULL; + _gcry_mpi_release (sk->q); sk->q = NULL; + _gcry_mpi_release (sk->d); sk->d = NULL; + _gcry_mpi_release (sk->u); sk->u = NULL; fips_signal_error ("self-test after key generation failed"); return GPG_ERR_SELFTEST_FAILED; } @@ -345,8 +345,8 @@ gen_x931_parm_xp (unsigned int nbits) { gcry_mpi_t xp; - xp = gcry_mpi_snew (nbits); - gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM); + xp = mpi_snew (nbits); + _gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM); /* The requirement for Xp is: @@ -369,8 +369,8 @@ gen_x931_parm_xi (void) { gcry_mpi_t xi; - xi = gcry_mpi_snew (101); - gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM); + xi = mpi_snew (101); + _gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM); mpi_set_highbit (xi, 100); gcry_assert ( mpi_get_nbits (xi) == 101 ); @@ -436,15 +436,15 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, /* Not given: Generate them. */ xp = gen_x931_parm_xp (nbits/2); /* Make sure that |xp - xq| > 2^{nbits - 100} holds. */ - tmpval = gcry_mpi_snew (nbits/2); + tmpval = mpi_snew (nbits/2); do { - gcry_mpi_release (xq); + _gcry_mpi_release (xq); xq = gen_x931_parm_xp (nbits/2); mpi_sub (tmpval, xp, xq); } while (mpi_get_nbits (tmpval) <= (nbits/2 - 100)); - gcry_mpi_release (tmpval); + _gcry_mpi_release (tmpval); xp1 = gen_x931_parm_xi (); xp2 = gen_x931_parm_xi (); @@ -479,12 +479,11 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, for (idx=0; tbl[idx].name; idx++) { - oneparm = gcry_sexp_find_token (deriveparms, tbl[idx].name, 0); + oneparm = sexp_find_token (deriveparms, tbl[idx].name, 0); if (oneparm) { - *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1, - GCRYMPI_FMT_USG); - gcry_sexp_release (oneparm); + *tbl[idx].value = sexp_nth_mpi (oneparm, 1, GCRYMPI_FMT_USG); + sexp_release (oneparm); } } for (idx=0; tbl[idx].name; idx++) @@ -494,7 +493,7 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, { /* At least one parameter is missing. */ for (idx=0; tbl[idx].name; idx++) - gcry_mpi_release (*tbl[idx].value); + _gcry_mpi_release (*tbl[idx].value); return GPG_ERR_MISSING_VALUE; } } @@ -504,17 +503,17 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, /* Find two prime numbers. */ p = _gcry_derive_x931_prime (xp, xp1, xp2, e, NULL, NULL); q = _gcry_derive_x931_prime (xq, xq1, xq2, e, NULL, NULL); - gcry_mpi_release (xp); xp = NULL; - gcry_mpi_release (xp1); xp1 = NULL; - gcry_mpi_release (xp2); xp2 = NULL; - gcry_mpi_release (xq); xq = NULL; - gcry_mpi_release (xq1); xq1 = NULL; - gcry_mpi_release (xq2); xq2 = NULL; + _gcry_mpi_release (xp); xp = NULL; + _gcry_mpi_release (xp1); xp1 = NULL; + _gcry_mpi_release (xp2); xp2 = NULL; + _gcry_mpi_release (xq); xq = NULL; + _gcry_mpi_release (xq1); xq1 = NULL; + _gcry_mpi_release (xq2); xq2 = NULL; if (!p || !q) { - gcry_mpi_release (p); - gcry_mpi_release (q); - gcry_mpi_release (e); + _gcry_mpi_release (p); + _gcry_mpi_release (q); + _gcry_mpi_release (e); return GPG_ERR_NO_PRIME; } } @@ -527,26 +526,26 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, mpi_swap (p, q); *swapped = 1; } - n = gcry_mpi_new (nbits); + n = mpi_new (nbits); mpi_mul (n, p, q); /* Compute the Euler totient: phi = (p-1)(q-1) */ - pm1 = gcry_mpi_snew (nbits/2); - qm1 = gcry_mpi_snew (nbits/2); - phi = gcry_mpi_snew (nbits); + pm1 = mpi_snew (nbits/2); + qm1 = mpi_snew (nbits/2); + phi = mpi_snew (nbits); mpi_sub_ui (pm1, p, 1); mpi_sub_ui (qm1, q, 1); mpi_mul (phi, pm1, qm1); - g = gcry_mpi_snew (nbits); - gcry_assert (gcry_mpi_gcd (g, e, phi)); + g = mpi_snew (nbits); + gcry_assert (mpi_gcd (g, e, phi)); /* Compute: f = lcm(p-1,q-1) = phi / gcd(p-1,q-1) */ - gcry_mpi_gcd (g, pm1, qm1); + mpi_gcd (g, pm1, qm1); f = pm1; pm1 = NULL; - gcry_mpi_release (qm1); qm1 = NULL; + _gcry_mpi_release (qm1); qm1 = NULL; mpi_fdiv_q (f, phi, g); - gcry_mpi_release (phi); phi = NULL; + _gcry_mpi_release (phi); phi = NULL; d = g; g = NULL; /* Compute the secret key: d = e^{-1} mod lcm(p-1,q-1) */ mpi_invm (d, e, f); @@ -578,12 +577,12 @@ generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, /* Now we can test our keys. */ if (test_keys (sk, nbits - 64)) { - gcry_mpi_release (sk->n); sk->n = NULL; - gcry_mpi_release (sk->e); sk->e = NULL; - gcry_mpi_release (sk->p); sk->p = NULL; - gcry_mpi_release (sk->q); sk->q = NULL; - gcry_mpi_release (sk->d); sk->d = NULL; - gcry_mpi_release (sk->u); sk->u = NULL; + _gcry_mpi_release (sk->n); sk->n = NULL; + _gcry_mpi_release (sk->e); sk->e = NULL; + _gcry_mpi_release (sk->p); sk->p = NULL; + _gcry_mpi_release (sk->q); sk->q = NULL; + _gcry_mpi_release (sk->d); sk->d = NULL; + _gcry_mpi_release (sk->u); sk->u = NULL; fips_signal_error ("self-test after key generation failed"); return GPG_ERR_SELFTEST_FAILED; } @@ -775,25 +774,25 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) return ec; /* Parse the optional flags list. */ - l1 = gcry_sexp_find_token (genparms, "flags", 0); + l1 = sexp_find_token (genparms, "flags", 0); if (l1) { ec = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - gcry_sexp_release (l1); + sexp_release (l1); if (ec) return ec; } deriveparms = (genparms? - gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL); + sexp_find_token (genparms, "derive-parms", 0) : NULL); if (!deriveparms) { /* Parse the optional "use-x931" flag. */ - l1 = gcry_sexp_find_token (genparms, "use-x931", 0); + l1 = sexp_find_token (genparms, "use-x931", 0); if (l1) { flags |= PUBKEY_FLAG_USE_X931; - gcry_sexp_release (l1); + sexp_release (l1); } } @@ -801,20 +800,20 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) { int swapped; ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped); - gcry_sexp_release (deriveparms); + sexp_release (deriveparms); if (!ec && swapped) - ec = gcry_sexp_new (&swap_info, "(misc-key-info(p-q-swapped))", 0, 1); + ec = sexp_new (&swap_info, "(misc-key-info(p-q-swapped))", 0, 1); } else { /* Parse the optional "transient-key" flag. */ if (!(flags & PUBKEY_FLAG_TRANSIENT_KEY)) { - l1 = gcry_sexp_find_token (genparms, "transient-key", 0); + l1 = sexp_find_token (genparms, "transient-key", 0); if (l1) { flags |= PUBKEY_FLAG_TRANSIENT_KEY; - gcry_sexp_release (l1); + sexp_release (l1); } } /* Generate. */ @@ -824,16 +823,16 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) if (!ec) { - ec = gcry_sexp_build (r_skey, NULL, - "(key-data" - " (public-key" - " (rsa(n%m)(e%m)))" - " (private-key" - " (rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))" - " %S)", - sk.n, sk.e, - sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, - swap_info); + ec = sexp_build (r_skey, NULL, + "(key-data" + " (public-key" + " (rsa(n%m)(e%m)))" + " (private-key" + " (rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))" + " %S)", + sk.n, sk.e, + sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, + swap_info); } mpi_free (sk.n); @@ -842,7 +841,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) mpi_free (sk.q); mpi_free (sk.d); mpi_free (sk.u); - gcry_sexp_release (swap_info); + sexp_release (swap_info); return ec; } @@ -855,9 +854,9 @@ rsa_check_secret_key (gcry_sexp_t keyparms) RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL}; /* To check the key we need the optional parameters. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "nedpqu", - &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, - NULL); + rc = sexp_extract_param (keyparms, NULL, "nedpqu", + &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, + NULL); if (rc) goto leave; @@ -865,12 +864,12 @@ rsa_check_secret_key (gcry_sexp_t keyparms) rc = GPG_ERR_BAD_SECKEY; leave: - gcry_mpi_release (sk.n); - gcry_mpi_release (sk.e); - gcry_mpi_release (sk.d); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.u); + _gcry_mpi_release (sk.n); + _gcry_mpi_release (sk.e); + _gcry_mpi_release (sk.d); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.u); if (DBG_CIPHER) log_debug ("rsa_testkey => %s\n", gpg_strerror (rc)); return rc; @@ -902,7 +901,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "ne", &pk.n, &pk.e, NULL); + rc = sexp_extract_param (keyparms, NULL, "ne", &pk.n, &pk.e, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -912,7 +911,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Do RSA computation and build result. */ - ciph = gcry_mpi_new (0); + ciph = mpi_new (0); public (ciph, data, &pk); if (DBG_CIPHER) log_mpidump ("rsa_encrypt res", ciph); @@ -926,19 +925,18 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_mpi_to_octet_string (&em, NULL, ciph, emlen); if (!rc) { - rc = gcry_sexp_build (r_ciph, NULL, - "(enc-val(rsa(a%b)))", (int)emlen, em); + rc = sexp_build (r_ciph, NULL, "(enc-val(rsa(a%b)))", (int)emlen, em); gcry_free (em); } } else - rc = gcry_sexp_build (r_ciph, NULL, "(enc-val(rsa(a%m)))", ciph); + rc = sexp_build (r_ciph, NULL, "(enc-val(rsa(a%m)))", ciph); leave: - gcry_mpi_release (ciph); - gcry_mpi_release (pk.n); - gcry_mpi_release (pk.e); - gcry_mpi_release (data); + _gcry_mpi_release (ciph); + _gcry_mpi_release (pk.n); + _gcry_mpi_release (pk.e); + _gcry_mpi_release (data); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("rsa_encrypt => %s\n", gpg_strerror (rc)); @@ -969,7 +967,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_pk_util_preparse_encval (s_data, rsa_names, &l1, &ctx); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, "a", &data, NULL); + rc = sexp_extract_param (l1, NULL, "a", &data, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -981,9 +979,9 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "nedp?q?u?", - &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, - NULL); + rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?", + &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, + NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -999,7 +997,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } } - plain = gcry_mpi_snew (ctx.nbits); + plain = mpi_snew (ctx.nbits); /* We use blinding by default to mitigate timing attacks which can be practically mounted over the network as shown by Brumley and @@ -1011,13 +1009,13 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) random number needs to be only unpredictable, thus we employ the gcry_create_nonce function by using GCRY_WEAK_RANDOM with gcry_mpi_randomize. */ - r = gcry_mpi_snew (ctx.nbits); - ri = gcry_mpi_snew (ctx.nbits); - bldata = gcry_mpi_snew (ctx.nbits); + r = mpi_snew (ctx.nbits); + ri = mpi_snew (ctx.nbits); + bldata = mpi_snew (ctx.nbits); - gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - gcry_mpi_mod (r, r, sk.n); - if (!gcry_mpi_invm (ri, r, sk.n)) + _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk.n); + if (!mpi_invm (ri, r, sk.n)) { rc = GPG_ERR_INTERNAL; goto leave; @@ -1026,20 +1024,20 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the random number, e is the public exponent, x is the non-blinded data and n is the RSA modulus. */ - gcry_mpi_powm (bldata, r, sk.e, sk.n); - gcry_mpi_mulm (bldata, bldata, data, sk.n); + mpi_powm (bldata, r, sk.e, sk.n); + mpi_mulm (bldata, bldata, data, sk.n); /* Perform decryption. */ secret (plain, bldata, &sk); - gcry_mpi_release (bldata); bldata = NULL; + _gcry_mpi_release (bldata); bldata = NULL; /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x is the blinded decrypted data, ri is the modular multiplicative inverse of r and n is the RSA modulus. */ - gcry_mpi_mulm (plain, plain, ri, sk.n); + mpi_mulm (plain, plain, ri, sk.n); - gcry_mpi_release (r); r = NULL; - gcry_mpi_release (ri); ri = NULL; + _gcry_mpi_release (r); r = NULL; + _gcry_mpi_release (ri); ri = NULL; } else secret (plain, data, &sk); @@ -1055,8 +1053,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) mpi_free (plain); plain = NULL; if (!rc) - rc = gcry_sexp_build (r_plain, NULL, - "(value %b)", (int)unpadlen, unpad); + rc = sexp_build (r_plain, NULL, "(value %b)", (int)unpadlen, unpad); break; case PUBKEY_ENC_OAEP: @@ -1066,33 +1063,32 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) mpi_free (plain); plain = NULL; if (!rc) - rc = gcry_sexp_build (r_plain, NULL, - "(value %b)", (int)unpadlen, unpad); + rc = sexp_build (r_plain, NULL, "(value %b)", (int)unpadlen, unpad); break; default: /* Raw format. For backward compatibility we need to assume a signed mpi by using the sexp format string "%m". */ - rc = gcry_sexp_build (r_plain, NULL, - (ctx.flags & PUBKEY_FLAG_LEGACYRESULT) - ? "%m":"(value %m)", plain); + rc = sexp_build (r_plain, NULL, + (ctx.flags & PUBKEY_FLAG_LEGACYRESULT) + ? "%m":"(value %m)", plain); break; } leave: gcry_free (unpad); - gcry_mpi_release (plain); - gcry_mpi_release (sk.n); - gcry_mpi_release (sk.e); - gcry_mpi_release (sk.d); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.u); - gcry_mpi_release (data); - gcry_mpi_release (r); - gcry_mpi_release (ri); - gcry_mpi_release (bldata); - gcry_sexp_release (l1); + _gcry_mpi_release (plain); + _gcry_mpi_release (sk.n); + _gcry_mpi_release (sk.e); + _gcry_mpi_release (sk.d); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.u); + _gcry_mpi_release (data); + _gcry_mpi_release (r); + _gcry_mpi_release (ri); + _gcry_mpi_release (bldata); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("rsa_decrypt => %s\n", gpg_strerror (rc)); @@ -1125,9 +1121,9 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "nedp?q?u?", - &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, - NULL); + rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?", + &sk.n, &sk.e, &sk.d, &sk.p, &sk.q, &sk.u, + NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -1144,7 +1140,7 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Do RSA computation and build the result. */ - sig = gcry_mpi_new (0); + sig = mpi_new (0); secret (sig, data, &sk); if (DBG_CIPHER) log_printmpi ("rsa_sign res", sig); @@ -1158,24 +1154,23 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_mpi_to_octet_string (&em, NULL, sig, emlen); if (!rc) { - rc = gcry_sexp_build (r_sig, NULL, - "(sig-val(rsa(s%b)))", (int)emlen, em); + rc = sexp_build (r_sig, NULL, "(sig-val(rsa(s%b)))", (int)emlen, em); gcry_free (em); } } else - rc = gcry_sexp_build (r_sig, NULL, "(sig-val(rsa(s%M)))", sig); + rc = sexp_build (r_sig, NULL, "(sig-val(rsa(s%M)))", sig); leave: - gcry_mpi_release (sig); - gcry_mpi_release (sk.n); - gcry_mpi_release (sk.e); - gcry_mpi_release (sk.d); - gcry_mpi_release (sk.p); - gcry_mpi_release (sk.q); - gcry_mpi_release (sk.u); - gcry_mpi_release (data); + _gcry_mpi_release (sig); + _gcry_mpi_release (sk.n); + _gcry_mpi_release (sk.e); + _gcry_mpi_release (sk.d); + _gcry_mpi_release (sk.p); + _gcry_mpi_release (sk.q); + _gcry_mpi_release (sk.u); + _gcry_mpi_release (data); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("rsa_sign => %s\n", gpg_strerror (rc)); @@ -1213,14 +1208,14 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = _gcry_pk_util_preparse_sigval (s_sig, rsa_names, &l1, NULL); if (rc) goto leave; - rc = _gcry_sexp_extract_param (l1, NULL, "s", &sig, NULL); + rc = sexp_extract_param (l1, NULL, "s", &sig, NULL); if (rc) goto leave; if (DBG_CIPHER) log_printmpi ("rsa_verify sig", sig); /* Extract the key. */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "ne", &pk.n, &pk.e, NULL); + rc = sexp_extract_param (keyparms, NULL, "ne", &pk.n, &pk.e, NULL); if (rc) goto leave; if (DBG_CIPHER) @@ -1230,7 +1225,7 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* Do RSA computation and compare. */ - result = gcry_mpi_new (0); + result = mpi_new (0); public (result, sig, &pk); if (DBG_CIPHER) log_printmpi ("rsa_verify cmp", result); @@ -1240,12 +1235,12 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = mpi_cmp (result, data) ? GPG_ERR_BAD_SIGNATURE : 0; leave: - gcry_mpi_release (result); - gcry_mpi_release (pk.n); - gcry_mpi_release (pk.e); - gcry_mpi_release (data); - gcry_mpi_release (sig); - gcry_sexp_release (l1); + _gcry_mpi_release (result); + _gcry_mpi_release (pk.n); + _gcry_mpi_release (pk.e); + _gcry_mpi_release (data); + _gcry_mpi_release (sig); + sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) log_debug ("rsa_verify => %s\n", rc?gpg_strerror (rc):"Good"); @@ -1271,14 +1266,14 @@ rsa_get_nbits (gcry_sexp_t parms) gcry_mpi_t n; unsigned int nbits; - l1 = gcry_sexp_find_token (parms, "n", 1); + l1 = sexp_find_token (parms, "n", 1); if (!l1) return 0; /* Parameter N not found. */ - n = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); + n = sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + sexp_release (l1); nbits = n? mpi_get_nbits (n) : 0; - gcry_mpi_release (n); + _gcry_mpi_release (n); return nbits; } @@ -1303,19 +1298,19 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam) const char *data; size_t datalen; - l1 = gcry_sexp_find_token (keyparam, "n", 1); + l1 = sexp_find_token (keyparam, "n", 1); if (!l1) return GPG_ERR_NO_OBJ; - data = gcry_sexp_nth_data (l1, 1, &datalen); + data = sexp_nth_data (l1, 1, &datalen); if (!data) { - gcry_sexp_release (l1); + sexp_release (l1); return GPG_ERR_NO_OBJ; } - gcry_md_write (md, data, datalen); - gcry_sexp_release (l1); + _gcry_md_write (md, data, datalen); + sexp_release (l1); return 0; } @@ -1343,30 +1338,29 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) gcry_sexp_t data_bad = NULL; gcry_sexp_t sig = NULL; - err = gcry_sexp_sscan (&data, NULL, - sample_data, strlen (sample_data)); + err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data)); if (!err) - err = gcry_sexp_sscan (&data_bad, NULL, - sample_data_bad, strlen (sample_data_bad)); + err = sexp_sscan (&data_bad, NULL, + sample_data_bad, strlen (sample_data_bad)); if (err) { errtxt = "converting data failed"; goto leave; } - err = gcry_pk_sign (&sig, data, skey); + err = _gcry_pk_sign (&sig, data, skey); if (err) { errtxt = "signing failed"; goto leave; } - err = gcry_pk_verify (sig, data, pkey); + err = _gcry_pk_verify (sig, data, pkey); if (err) { errtxt = "verify failed"; goto leave; } - err = gcry_pk_verify (sig, data_bad, pkey); + err = _gcry_pk_verify (sig, data_bad, pkey); if (gcry_err_code (err) != GPG_ERR_BAD_SIGNATURE) { errtxt = "bad signature not detected"; @@ -1375,9 +1369,9 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) leave: - gcry_sexp_release (sig); - gcry_sexp_release (data_bad); - gcry_sexp_release (data); + sexp_release (sig); + sexp_release (data_bad); + sexp_release (data); return errtxt; } @@ -1397,19 +1391,19 @@ extract_a_from_sexp (gcry_sexp_t encr_data) gcry_sexp_t l1, l2, l3; gcry_mpi_t a_value; - l1 = gcry_sexp_find_token (encr_data, "enc-val", 0); + l1 = sexp_find_token (encr_data, "enc-val", 0); if (!l1) return NULL; - l2 = gcry_sexp_find_token (l1, "rsa", 0); - gcry_sexp_release (l1); + l2 = sexp_find_token (l1, "rsa", 0); + sexp_release (l1); if (!l2) return NULL; - l3 = gcry_sexp_find_token (l2, "a", 0); - gcry_sexp_release (l2); + l3 = sexp_find_token (l2, "a", 0); + sexp_release (l2); if (!l3) return NULL; - a_value = gcry_sexp_nth_mpi (l3, 1, 0); - gcry_sexp_release (l3); + a_value = sexp_nth_mpi (l3, 1, 0); + sexp_release (l3); return a_value; } @@ -1430,12 +1424,11 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) gcry_sexp_t tmplist = NULL; /* Create plaintext. The plaintext is actually a big integer number. */ - plaintext = gcry_mpi_new (nbits); - gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); + plaintext = mpi_new (nbits); + _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); /* Put the plaintext into an S-expression. */ - err = gcry_sexp_build (&plain, NULL, - "(data (flags raw) (value %m))", plaintext); + err = sexp_build (&plain, NULL, "(data (flags raw) (value %m))", plaintext); if (err) { errtxt = "converting data failed"; @@ -1443,7 +1436,7 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) } /* Encrypt. */ - err = gcry_pk_encrypt (&encr, plain, pkey); + err = _gcry_pk_encrypt (&encr, plain, pkey); if (err) { errtxt = "encrypt failed"; @@ -1451,7 +1444,7 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) } /* Extraxt the ciphertext from the returned S-expression. */ - /*gcry_sexp_dump (encr);*/ + /*sexp_dump (encr);*/ ciphertext = extract_a_from_sexp (encr); if (!ciphertext) { @@ -1462,14 +1455,14 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) /* Check that the ciphertext does no match the plaintext. */ /* _gcry_log_printmpi ("plaintext", plaintext); */ /* _gcry_log_printmpi ("ciphertxt", ciphertext); */ - if (!gcry_mpi_cmp (plaintext, ciphertext)) + if (!mpi_cmp (plaintext, ciphertext)) { errtxt = "ciphertext matches plaintext"; goto leave; } /* Decrypt. */ - err = gcry_pk_decrypt (&decr, encr, skey); + err = _gcry_pk_decrypt (&decr, encr, skey); if (err) { errtxt = "decrypt failed"; @@ -1482,11 +1475,11 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) gcry_pk_encrypt directly to gcry_pk_decrypt, such a flag value won't be there as of today. To be prepared for future changes we take care of it anyway. */ - tmplist = gcry_sexp_find_token (decr, "value", 0); + tmplist = sexp_find_token (decr, "value", 0); if (tmplist) - decr_plaintext = gcry_sexp_nth_mpi (tmplist, 1, GCRYMPI_FMT_USG); + decr_plaintext = sexp_nth_mpi (tmplist, 1, GCRYMPI_FMT_USG); else - decr_plaintext = gcry_sexp_nth_mpi (decr, 0, GCRYMPI_FMT_USG); + decr_plaintext = sexp_nth_mpi (decr, 0, GCRYMPI_FMT_USG); if (!decr_plaintext) { errtxt = "decrypt returned no plaintext"; @@ -1494,20 +1487,20 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) } /* Check that the decrypted plaintext matches the original plaintext. */ - if (gcry_mpi_cmp (plaintext, decr_plaintext)) + if (mpi_cmp (plaintext, decr_plaintext)) { errtxt = "mismatch"; goto leave; } leave: - gcry_sexp_release (tmplist); - gcry_mpi_release (decr_plaintext); - gcry_sexp_release (decr); - gcry_mpi_release (ciphertext); - gcry_sexp_release (encr); - gcry_sexp_release (plain); - gcry_mpi_release (plaintext); + sexp_release (tmplist); + _gcry_mpi_release (decr_plaintext); + sexp_release (decr); + _gcry_mpi_release (ciphertext); + sexp_release (encr); + sexp_release (plain); + _gcry_mpi_release (plaintext); return errtxt; } @@ -1523,22 +1516,21 @@ selftests_rsa (selftest_report_func_t report) /* Convert the S-expressions into the internal representation. */ what = "convert"; - err = gcry_sexp_sscan (&skey, NULL, - sample_secret_key, strlen (sample_secret_key)); + err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key)); if (!err) - err = gcry_sexp_sscan (&pkey, NULL, - sample_public_key, strlen (sample_public_key)); + err = sexp_sscan (&pkey, NULL, + sample_public_key, strlen (sample_public_key)); if (err) { - errtxt = gcry_strerror (err); + errtxt = _gcry_strerror (err); goto failed; } what = "key consistency"; - err = gcry_pk_testkey (skey); + err = _gcry_pk_testkey (skey); if (err) { - errtxt = gcry_strerror (err); + errtxt = _gcry_strerror (err); goto failed; } @@ -1552,13 +1544,13 @@ selftests_rsa (selftest_report_func_t report) if (errtxt) goto failed; - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + sexp_release (pkey); + sexp_release (skey); return 0; /* Succeeded. */ failed: - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + sexp_release (pkey); + sexp_release (skey); if (report) report ("pubkey", GCRY_PK_RSA, what, errtxt); return GPG_ERR_SELFTEST_FAILED; |