pike.git / src / post_modules / Nettle / nettle.cmod

version» Context lines:

pike.git/src/post_modules/Nettle/nettle.cmod:1:   /* nettle.cmod -*- c -*- */      #include "global.h"   #include "interpret.h"   #include "svalue.h"   /* For this_object() */   #include "object.h"   #include "operators.h"   #include "module_support.h"   #include "threads.h" + #include "pike_memory.h"      #include "nettle_config.h"      #ifdef HAVE_LIBNETTLE      #include "nettle.h"      #include <nettle/yarrow.h>   #include <nettle/knuth-lfib.h>   
pike.git/src/post_modules/Nettle/nettle.cmod:139:    RETURN YARROW256_SEED_FILE_SIZE;    }       /*! @decl string(0..255) get_seed()    *! Returns part of the internal state so that it can    *! be saved for later seeding.    *!    *! @seealso    *! @[seed()], @[random_string()]    */ -  PIKEFUN string get_seed() +  PIKEFUN string(0..255) get_seed()    optflags OPT_EXTERNAL_DEPEND;    rawtype tDeprecated(tFunc(tNone, tStr8));    {    if( !yarrow256_is_seeded(&THIS->ctx) )    Pike_error("Random generator not seeded.\n");      #ifdef HAVE_STRUCT_YARROW256_CTX_SEED_FILE    RETURN make_shared_binary_string(THIS->ctx.seed_file,    YARROW256_SEED_FILE_SIZE);   #else
pike.git/src/post_modules/Nettle/nettle.cmod:232:    /*! @decl int(0..) needed_sources()    *! The number of sources that must reach the threshold before a    *! slow reseed will happen.    */    PIKEFUN int(0..) needed_sources()    optflags OPT_EXTERNAL_DEPEND;    {    RETURN yarrow256_needed_sources(&THIS->ctx);    }    -  /*! @decl string random_string(int length) +  /*! @decl string(0..255) random_string(int length)    *! Returns a pseudo-random string of the requested @[length].    */ -  PIKEFUN string random_string(int length) +  PIKEFUN string(0..255) random_string(int length)    optflags OPT_EXTERNAL_DEPEND|OPT_SIDE_EFFECT;    {    struct pike_string *rnd;    if(length < 0)    Pike_error("Invalid length, must be positive.\n");    if( !yarrow256_is_seeded(&THIS->ctx) )    Pike_error("Random generator not seeded.\n");    rnd = begin_shared_string(length);    yarrow256_random(&THIS->ctx, length, (uint8_t *)rnd->str);    RETURN end_shared_string(rnd);
pike.git/src/post_modules/Nettle/nettle.cmod:267:    if( THIS->sources )    {    free(THIS->sources);    }    }   }      /*! @endclass    */    - /*! @decl string crypt_md5(string password, string salt, void|string magic) + /*! @decl string(0..127) crypt_md5(string password, string salt,@ +  *! void|string magic)    *! Does the crypt_md5 abrakadabra (MD5 + snakeoil).    *! It is assumed that @[salt] does not contain "$".    */ - PIKEFUN string crypt_md5(string pw, string salt, void|string magic) + PIKEFUN string(0..127) crypt_md5(string pw, string salt, void|string magic)    optflags OPT_TRY_OPTIMIZE;   {    char *hash;    NO_WIDE_STRING(pw);    NO_WIDE_STRING(salt);    if(!magic)    {    hash = pike_crypt_md5(pw->len, pw->str, salt->len, salt->str,    3, "$1$");    }
pike.git/src/post_modules/Nettle/nettle.cmod:392:    THIS->mode = 0;    }       EXIT    gc_trivial;    {    if(THIS->object) {    free_object(THIS->object);    }    if(THIS->iv) { -  MEMSET(THIS->iv, 0, THIS->block_size); +  guaranteed_memset(THIS->iv, 0, THIS->block_size);    free(THIS->iv);    }    }       INLINE static void cbc_encrypt_step(const unsigned INT8 *const source,    unsigned INT8 *dest)    {    INT32 block_size = THIS->block_size;    INT32 i;   
pike.git/src/post_modules/Nettle/nettle.cmod:472:       THIS->block_size = Pike_sp[-1].u.integer;       pop_stack();       if ((!THIS->block_size) ||    (THIS->block_size > 4096))    Pike_error("Bad block size %d.\n", THIS->block_size);       if(THIS->iv) { -  MEMSET(THIS->iv, 0, old_block_size); +  guaranteed_memset(THIS->iv, 0, old_block_size);    free(THIS->iv);    }    THIS->iv = (unsigned INT8 *)xalloc(THIS->block_size);    MEMSET(THIS->iv, 0, THIS->block_size);    }    -  /*! @decl string name() +  /*! @decl string(0..255) name()    *! Returns the string @expr{"CBC(x)"@} where x is the    *! encapsulated algorithm.    */ -  PIKEFUN string name() +  PIKEFUN string(0..255) name()    optflags OPT_TRY_OPTIMIZE;    {    push_constant_text("CBC(");    safe_apply(THIS->object, "name", 0);    push_constant_text(")");    f_add(3);    }    -  /*! @decl int block_size() +  /*! @decl int(0..) block_size()    *! Reurns the block size of the encapsulated cipher.    */ -  PIKEFUN int block_size() +  PIKEFUN int(0..) block_size()    optflags OPT_TRY_OPTIMIZE;    {    RETURN THIS->block_size;    }    -  /*! @decl int key_size() +  /*! @decl int(0..) key_size()    *! Returns the key size of the encapsulated cipher.    */ -  PIKEFUN int key_size() +  PIKEFUN int(0..) key_size()    optflags OPT_EXTERNAL_DEPEND;    {    safe_apply(THIS->object, "key_size", args);    }       /*! @decl this_program set_encrypt_key(string key)    *! Prepare the cipher and the wrapper for encrypting    *! with the given @[key].    */    PIKEFUN object set_encrypt_key(string key)
pike.git/src/post_modules/Nettle/nettle.cmod:552:    optflags OPT_SIDE_EFFECT;    {    assert(THIS->iv);    NO_WIDE_STRING(iv);    if(iv->len != THIS->block_size)    Pike_error("Argument incompatible with cipher block size.\n");    MEMCPY(THIS->iv, iv->str, THIS->block_size);    RETURN this_object();    }    -  /*! @decl string crypt(string data) +  /*! @decl string(0..255) crypt(string data)    *! Encrypt/decrypt @[data] and return the result. @[data] must    *! be an integral number of blocks.    */ -  PIKEFUN string crypt(string data) { +  PIKEFUN string(0..255) crypt(string data) {    unsigned INT8 *result;    INT32 offset = 0;    ONERROR uwp;       NO_WIDE_STRING(data);       if(data->len % THIS->block_size)    Pike_error("Data length not multiple of block size.\n");       if(!(result = malloc(data->len)))
pike.git/src/post_modules/Nettle/nettle.cmod:587:    else {    while (offset < data->len) {    cbc_decrypt_step((const unsigned INT8 *)data->str + offset,    result + offset);    offset += THIS->block_size;    }    }       pop_n_elems(args);    push_string(make_shared_binary_string((INT8 *)result, offset)); -  MEMSET(result, 0, offset); +  guaranteed_memset(result, 0, offset);       CALL_AND_UNSET_ONERROR (uwp);    }   }      /*! @endclass    */      /*! @class Buffer    *! @belongs Crypto
pike.git/src/post_modules/Nettle/nettle.cmod:618:    THIS->object = NULL;    THIS->block_size = 0;    THIS->backlog = NULL;    THIS->backlog_len = 0;    }       EXIT    gc_trivial;    {    if(THIS->backlog) { -  MEMSET(THIS->backlog, 0, THIS->block_size); +  guaranteed_memset(THIS->backlog, 0, THIS->block_size);    free(THIS->backlog);    THIS->backlog = NULL;    }    if(THIS->object) {    free_object(THIS->object);    THIS->object = NULL;    }    }       /*! @decl void create(program|object|function cipher, mixed ... args)
pike.git/src/post_modules/Nettle/nettle.cmod:657:       if ((!THIS->block_size) ||    (THIS->block_size > 4096))    Pike_error("Bad block size %ld\n", DO_NOT_WARN((long)THIS->block_size));       THIS->backlog = (unsigned char *)xalloc(THIS->block_size);    THIS->backlog_len = 0;    MEMSET(THIS->backlog, 0, THIS->block_size);    }    -  /*! @decl string name() +  /*! @decl string(0..255) name()    *! Returns the string @expr{"Proxy(x)"@} where x is the    *! encapsulated algorithm.    */ -  PIKEFUN string name() +  PIKEFUN string(0..255) name()    optflags OPT_TRY_OPTIMIZE;    {    push_constant_text("Proxy(");    safe_apply(THIS->object, "name", 0);    push_constant_text(")");    f_add(3);    }    -  /*! @decl int block_size() +  /*! @decl int(0..) block_size()    *!    *! Get the block size of the contained block crypto.    */ -  PIKEFUN int block_size() +  PIKEFUN int(0..) block_size()    optflags OPT_TRY_OPTIMIZE;    {    RETURN THIS->block_size;    }    -  /*! @decl int key_size() +  /*! @decl int(0..) key_size()    *!    *! Get the key size of the contained block crypto.    */ -  PIKEFUN int key_size() +  PIKEFUN int(0..) key_size()    optflags OPT_EXTERNAL_DEPEND;    {    safe_apply(THIS->object, "key_size", args);    }       /*! @decl this_program set_encrypt_key(string key)    *!    *! Set the encryption key.    *!    *! @note
pike.git/src/post_modules/Nettle/nettle.cmod:724:    PIKEFUN object set_decrypt_key(string key)    optflags OPT_SIDE_EFFECT;    {    MEMSET(THIS->backlog, 0, THIS->block_size);    THIS->backlog_len = 0;    safe_apply(THIS->object, "set_decrypt_key", args);    pop_stack();    RETURN this_object();    }    -  /*! @decl string crypt(string data) +  /*! @decl string(0..255) crypt(string data)    *!    *! Encrypt some data.    *!    *! Adds data to be encrypted to the buffer. If there's enough    *! data to en/decrypt a block, that will be done, and the result    *! returned. Any uncrypted data will be left in the buffer.    */ -  PIKEFUN string crypt(string data) { +  PIKEFUN string(0..255) crypt(string data) {    unsigned char *result;    ptrdiff_t roffset = 0;    ptrdiff_t soffset = 0;    ptrdiff_t len;    ONERROR uwp;       if (!(result = malloc(data->len + THIS->block_size)))    SIMPLE_OUT_OF_MEMORY_ERROR("crypt", data->len + THIS->block_size);    SET_ONERROR (uwp, free, result);   
pike.git/src/post_modules/Nettle/nettle.cmod:803:       if (soffset < Pike_sp[-1].u.string->len) {    MEMCPY(THIS->backlog, Pike_sp[-1].u.string->str + soffset,    Pike_sp[-1].u.string->len - soffset);    THIS->backlog_len = Pike_sp[-1].u.string->len - soffset;    }       pop_n_elems(args);       push_string(make_shared_binary_string((char *)result, roffset + len)); -  MEMSET(result, 0, roffset + len); +  guaranteed_memset(result, 0, roffset + len);    CALL_AND_UNSET_ONERROR (uwp);    }    -  /*! @decl string pad(void|int method) +  /*! @decl string(0..255) pad(void|int method)    *!    *! Pad and encrypt any data left in the buffer.    *!    *! @param method    *! The type of padding to apply to the buffer.    *! @int    *! @value Crypto.PAD_SSL    *! @value Crypto.PAD_ISO_10126    *! @value Crypto.PAD_ANSI_X923    *! @value Crypto.PAD_PKCS7    *! @value Crypto.PAD_ZERO    *! @endint    *! Defaults to Crypto.PAD_SSL for compatibility reasons.    *!    *! @seealso    *! @[unpad()]    */ -  PIKEFUN string pad(void|int method) { +  PIKEFUN string(0..255) pad(void|int method) {    ptrdiff_t i;    int m = 0;    int size = THIS->block_size - THIS->backlog_len;       if(method)    {    if(TYPEOF(*method) != PIKE_T_INT)    Pike_error("Bad argument type.\n");    m = method->u.integer;    }
pike.git/src/post_modules/Nettle/nettle.cmod:886:       push_string(make_shared_binary_string((const char *)THIS->backlog,    THIS->block_size));       MEMSET(THIS->backlog, 0, THIS->block_size);    THIS->backlog_len = 0;       safe_apply(THIS->object, "crypt", 1);    }    -  /*! @decl string unpad(string data, void|int method) +  /*! @decl string(0..255) unpad(string data, void|int method)    *!    *! Decrypt and unpad a block of data.    *!    *! This performs the reverse operation of @[pad()].    *!    *! @param method    *! The type of padding that was applied to the original buffer.    *! @int    *! @value Crypto.PAD_SSL    *! @value Crypto.PAD_ISO_10126    *! @value Crypto.PAD_ANSI_X923    *! @value Crypto.PAD_PKCS7    *! @value Crypto.PAD_ZERO    *! @endint    *! Defaults to Crypto.PAD_SSL for compatibility reasons.    *!    *! @seealso    *! @[pad()]    */ -  PIKEFUN string unpad(string str, void|int method) { +  PIKEFUN string(0..255) unpad(string str, void|int method) {    ptrdiff_t len;    int m = 0;       len = str->len;    if( len % THIS->block_size)    Pike_error("String must be integral numbers of blocks.\n");       if( method!=NULL )    {    m = method->u.integer;