From 91e023d896dd5ca49dd440276f2241570acffd96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 28 Jan 2016 18:24:27 -0500
Subject: [PATCH] Move initialize_libgcrypt to separate file

It's annoying to have the exact same function in three places.
It's stored in src/shared, but it's not added to the library to
avoid the dependency on libgcrypt.
---
 Makefile.am                        |  8 ++++--
 src/journal/fsprg.c                | 25 +++++--------------
 src/journal/journal-authenticate.c | 15 ++---------
 src/resolve/resolved-dns-dnssec.c  | 20 +++------------
 src/shared/gcrypt-util.c           | 40 ++++++++++++++++++++++++++++++
 src/shared/gcrypt-util.h           | 24 ++++++++++++++++++
 6 files changed, 82 insertions(+), 50 deletions(-)
 create mode 100644 src/shared/gcrypt-util.c
 create mode 100644 src/shared/gcrypt-util.h

diff --git a/Makefile.am b/Makefile.am
index db95b109ce..d2cf9360ed 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4274,7 +4274,9 @@ libsystemd_journal_internal_la_SOURCES += \
 	src/journal/journal-authenticate.c \
 	src/journal/journal-authenticate.h \
 	src/journal/fsprg.c \
-	src/journal/fsprg.h
+	src/journal/fsprg.h \
+	src/shared/gcrypt-util.c \
+	src/shared/gcrypt-util.h
 
 libsystemd_journal_internal_la_LIBADD += \
 	$(GCRYPT_LIBS)
@@ -5216,7 +5218,9 @@ systemd_resolved_SOURCES = \
 	src/resolve/resolved-etc-hosts.h \
 	src/resolve/resolved-etc-hosts.c \
 	src/resolve/dns-type.c \
-	src/resolve/dns-type.h
+	src/resolve/dns-type.h \
+	src/shared/gcrypt-util.c \
+	src/shared/gcrypt-util.h
 
 nodist_systemd_resolved_SOURCES = \
 	src/resolve/dns_type-from-name.h \
diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c
index a9f564c249..12ae7449f9 100644
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@@ -32,6 +32,7 @@
 #include <string.h>
 
 #include "fsprg.h"
+#include "gcrypt-util.h"
 
 #define ISVALID_SECPAR(secpar) (((secpar) % 16 == 0) && ((secpar) >= 16) && ((secpar) <= 16384))
 #define VALIDATE_SECPAR(secpar) assert(ISVALID_SECPAR(secpar));
@@ -208,20 +209,6 @@ static void CRT_compose(gcry_mpi_t *x, const gcry_mpi_t xp, const gcry_mpi_t xq,
         gcry_mpi_release(u);
 }
 
-static void initialize_libgcrypt(void) {
-        const char *p;
-        if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
-                return;
-
-        p = gcry_check_version("1.4.5");
-        assert(p);
-
-        /* Turn off "secmem". Clients which whish to make use of this
-         * feature should initialize the library manually */
-        gcry_control(GCRYCTL_DISABLE_SECMEM);
-        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
-}
-
 /******************************************************************************/
 
 size_t FSPRG_mskinbytes(unsigned _secpar) {
@@ -261,7 +248,7 @@ void FSPRG_GenMK(void *msk, void *mpk, const void *seed, size_t seedlen, unsigne
         VALIDATE_SECPAR(_secpar);
         secpar = _secpar;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         if (!seed) {
                 gcry_randomize(iseed, FSPRG_RECOMMENDED_SEEDLEN, GCRY_STRONG_RANDOM);
@@ -297,7 +284,7 @@ void FSPRG_GenState0(void *state, const void *mpk, const void *seed, size_t seed
         gcry_mpi_t n, x;
         uint16_t secpar;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         secpar = read_secpar(mpk + 0);
         n = mpi_import(mpk + 2, secpar / 8);
@@ -316,7 +303,7 @@ void FSPRG_Evolve(void *state) {
         uint16_t secpar;
         uint64_t epoch;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         secpar = read_secpar(state + 0);
         n = mpi_import(state + 2 + 0 * secpar / 8, secpar / 8);
@@ -343,7 +330,7 @@ void FSPRG_Seek(void *state, uint64_t epoch, const void *msk, const void *seed,
         gcry_mpi_t p, q, n, x, xp, xq, kp, kq, xm;
         uint16_t secpar;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         secpar = read_secpar(msk + 0);
         p  = mpi_import(msk + 2 + 0 * (secpar / 2) / 8, (secpar / 2) / 8);
@@ -382,7 +369,7 @@ void FSPRG_Seek(void *state, uint64_t epoch, const void *msk, const void *seed,
 void FSPRG_GetKey(const void *state, void *key, size_t keylen, uint32_t idx) {
         uint16_t secpar;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         secpar = read_secpar(state + 0);
         det_randomize(key, keylen, state + 2, 2 * secpar / 8 + 8, idx);
diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c
index aeec83da1e..45d7f4b340 100644
--- a/src/journal/journal-authenticate.c
+++ b/src/journal/journal-authenticate.c
@@ -24,6 +24,7 @@
 
 #include "fd-util.h"
 #include "fsprg.h"
+#include "gcrypt-util.h"
 #include "hexdecoct.h"
 #include "journal-authenticate.h"
 #include "journal-def.h"
@@ -426,25 +427,13 @@ finish:
         return r;
 }
 
-static void initialize_libgcrypt(void) {
-        const char *p;
-
-        if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
-                return;
-
-        p = gcry_check_version("1.4.5");
-        assert(p);
-
-        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
-}
-
 int journal_file_hmac_setup(JournalFile *f) {
         gcry_error_t e;
 
         if (!f->seal)
                 return 0;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(true);
 
         e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
         if (e != 0)
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 21cf161494..f799379efd 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -25,6 +25,7 @@
 
 #include "alloc-util.h"
 #include "dns-domain.h"
+#include "gcrypt-util.h"
 #include "hexdecoct.h"
 #include "resolved-dns-dnssec.h"
 #include "resolved-dns-packet.h"
@@ -128,19 +129,6 @@ int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
 
 #ifdef HAVE_GCRYPT
 
-static void initialize_libgcrypt(void) {
-        const char *p;
-
-        if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
-                return;
-
-        p = gcry_check_version("1.4.5");
-        assert(p);
-
-        gcry_control(GCRYCTL_DISABLE_SECMEM);
-        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
-}
-
 static int rr_compare(const void *a, const void *b) {
         DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
         size_t m;
@@ -739,7 +727,7 @@ int dnssec_verify_rrset(
         qsort_safe(list, n, sizeof(DnsResourceRecord*), rr_compare);
 
         /* OK, the RRs are now in canonical order. Let's calculate the digest */
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         hash_size = gcry_md_get_algo_dlen(md_algorithm);
         assert(hash_size > 0);
@@ -1072,7 +1060,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
         if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
                 return 0;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
         if (md_algorithm < 0)
@@ -1191,7 +1179,7 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         if (algorithm < 0)
                 return algorithm;
 
-        initialize_libgcrypt();
+        initialize_libgcrypt(false);
 
         hash_size = gcry_md_get_algo_dlen(algorithm);
         assert(hash_size > 0);
diff --git a/src/shared/gcrypt-util.c b/src/shared/gcrypt-util.c
new file mode 100644
index 0000000000..3bbc161ef2
--- /dev/null
+++ b/src/shared/gcrypt-util.c
@@ -0,0 +1,40 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <gcrypt.h>
+
+#include "hexdecoct.h"
+#include "gcrypt-util.h"
+
+void initialize_libgcrypt(bool secmem) {
+        const char *p;
+        if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
+                return;
+
+        p = gcry_check_version("1.4.5");
+        assert(p);
+
+        /* Turn off "secmem". Clients which whish to make use of this
+         * feature should initialize the library manually */
+        if (!secmem)
+                gcry_control(GCRYCTL_DISABLE_SECMEM);
+        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+}
diff --git a/src/shared/gcrypt-util.h b/src/shared/gcrypt-util.h
new file mode 100644
index 0000000000..42ce3fd121
--- /dev/null
+++ b/src/shared/gcrypt-util.h
@@ -0,0 +1,24 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2016 Zbigniew Jędrzejewski-Szmek
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+void initialize_libgcrypt(bool secmem);