Finished the bulk of changes for gnupg 1.9. This included switching

to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2025-07-02 22:46:30 +02:00 · 2003-06-18 19:56:13 +00:00 · 2003-06-18 19:56:13 +00:00 · c0c2c58054
commit c0c2c58054
parent b7b07d36e8
90 changed files with 5078 additions and 2925 deletions
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@ -1,5 +1,5 @@
 /* encr-data.c -  process an encrypted data packet
- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -23,6 +23,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+
+#include "gpg.h"
 #include "util.h"
 #include "memory.h"
 #include "packet.h"
@ -32,9 +34,9 @@
 #include "i18n.h"


-static int mdc_decode_filter( void *opaque, int control, IOBUF a,
+static int mdc_decode_filter( void *opaque, int control, iobuf_t a,
 					      byte *buf, size_t *ret_len);
-static int decode_filter( void *opaque, int control, IOBUF a,
+static int decode_filter( void *opaque, int control, iobuf_t a,
 					byte *buf, size_t *ret_len);

 typedef struct {
@ -61,16 +63,16 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )

    memset( &dfx, 0, sizeof dfx );
    if( opt.verbose && !dek->algo_info_printed ) {
-	const char *s = cipher_algo_to_string( dek->algo );
-	if( s )
+	const char *s = gcry_cipher_algo_name (dek->algo);
+	if (s && *s)
 	    log_info(_("%s encrypted data\n"), s );
 	else
 	    log_info(_("encrypted with unknown algorithm %d\n"), dek->algo );
        dek->algo_info_printed = 1;
    }
-    if( (rc=check_cipher_algo(dek->algo)) )
+    if( (rc=openpgp_cipher_test_algo(dek->algo)) )
 	goto leave;
-    blocksize = cipher_get_blocksize(dek->algo);
+    blocksize = gcry_cipher_get_algo_blklen (dek->algo);
    if( !blocksize || blocksize > 16 )
 	log_fatal("unsupported blocksize %u\n", blocksize );
    nprefix = blocksize;
@ -78,20 +80,29 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	BUG();

    if( ed->mdc_method ) {
-	dfx.mdc_hash = md_open( ed->mdc_method, 0 );
+	gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 );
 	if ( DBG_HASHING )
-	    md_start_debug(dfx.mdc_hash, "checkmdc");
+	    gcry_md_start_debug (dfx.mdc_hash, "checkmdc");
    }
-    dfx.cipher_hd = cipher_open( dek->algo,
-				 ed->mdc_method? CIPHER_MODE_CFB
-					       : CIPHER_MODE_AUTO_CFB, 1 );
-/* log_hexdump( "thekey", dek->key, dek->keylen );*/
-    rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
-    if( rc == G10ERR_WEAK_KEY )
+    rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo,
+                           GCRY_CIPHER_MODE_CFB,
+                           GCRY_CIPHER_SECURE
+                           | ((ed->mdc_method || dek->algo >= 100)?
+                              0 : GCRY_CIPHER_ENABLE_SYNC) );
+     if (rc)
+       {
+         /* we should never get an error here cause we already
+          * checked, that the algorithm is available. What about a
+          * flag to let the function die in this case? */
+	BUG();
+       }
+    /* log_hexdump( "thekey", dek->key, dek->keylen );*/
+    rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen);
+    if( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
 	log_info(_("WARNING: message was encrypted with "
 		    "a weak key in the symmetric cipher.\n"));
    else if( rc ) {
-	log_error("key setup failed: %s\n", g10_errstr(rc) );
+	log_error("key setup failed: %s\n", gpg_strerror (rc) );
 	goto leave;
    }
    if (!ed->buf) {
@ -99,9 +110,9 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
        goto leave;
    }

-    cipher_setiv( dfx.cipher_hd, NULL, 0 );
+    gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);

-    if( ed->len ) {
+    if (ed->len) {
 	for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
 	    if( (c=iobuf_get(ed->buf)) == -1 )
 		break;
@ -116,17 +127,17 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	    else
 		temp[i] = c;
    }
-    cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
-    cipher_sync( dfx.cipher_hd );
+    gcry_cipher_decrypt( dfx.cipher_hd, temp, nprefix+2, NULL, 0);
+    gcry_cipher_sync( dfx.cipher_hd );
    p = temp;
 /* log_hexdump( "prefix", temp, nprefix+2 ); */
    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
-	rc = G10ERR_BAD_KEY;
+	rc = GPG_ERR_BAD_KEY;
 	goto leave;
    }

    if( dfx.mdc_hash )
-	md_write( dfx.mdc_hash, temp, nprefix+2 );
+	gcry_md_write( dfx.mdc_hash, temp, nprefix+2 );

    if( ed->mdc_method )
 	iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
@ -136,23 +147,23 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
    proc_packets( procctx, ed->buf );
    ed->buf = NULL;
    if( ed->mdc_method && dfx.eof_seen == 2 )
-	rc = G10ERR_INVALID_PACKET;
+	rc = gpg_error (GPG_ERR_INV_PACKET);
    else if( ed->mdc_method ) { /* check the mdc */
-	int datalen = md_digest_length( ed->mdc_method );
+	int datalen = gcry_md_get_algo_dlen (ed->mdc_method);

-	cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20);
-	md_final( dfx.mdc_hash );
+	gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 20, NULL, 0);
+	gcry_md_final ( dfx.mdc_hash );
 	if( datalen != 20
-	    || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
-	    rc = G10ERR_BAD_SIGN;
-	/*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/
+	    || memcmp(gcry_md_read ( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
+	    rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+	/*log_hexdump("MDC calculated:", gcry_md_read ( dfx.mdc_hash, 0), datalen);*/
 	/*log_hexdump("MDC message   :", dfx.defer, 20);*/
    }
    

  leave:
-    cipher_close(dfx.cipher_hd);
-    md_close( dfx.mdc_hash );
+    gcry_cipher_close(dfx.cipher_hd);
+    gcry_md_close ( dfx.mdc_hash );
    return rc;
 }

@ -160,7 +171,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )

 /* I think we should merge this with cipher_filter */
 static int
-mdc_decode_filter( void *opaque, int control, IOBUF a,
+mdc_decode_filter( void *opaque, int control, iobuf_t a,
 					      byte *buf, size_t *ret_len)
 {
    decode_filter_ctx_t *dfx = opaque;
@ -218,8 +229,8 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
 	}

 	if( n ) {
-	    cipher_decrypt( dfx->cipher_hd, buf, buf, n);
-	    md_write( dfx->mdc_hash, buf, n );
+	    gcry_cipher_decrypt( dfx->cipher_hd, buf, n, NULL, 0);
+	    gcry_md_write( dfx->mdc_hash, buf, n );
 	}
 	else {
 	    assert( dfx->eof_seen );
@ -234,7 +245,7 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
 }

 static int
-decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
+decode_filter( void *opaque, int control, iobuf_t a, byte *buf, size_t *ret_len)
 {
    decode_filter_ctx_t *fc = opaque;
    size_t n, size = *ret_len;
@ -245,7 +256,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
 	n = iobuf_read( a, buf, size );
 	if( n == -1 ) n = 0;
 	if( n )
-	    cipher_decrypt( fc->cipher_hd, buf, buf, n);
+	    gcry_cipher_decrypt( fc->cipher_hd, buf, n, NULL, 0);
 	else
 	    rc = -1; /* eof */
 	*ret_len = n;