crypto: Split init and finalize functions

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-29 01:03:57 +03:00 · 2015-12-31 10:56:47 +01:00
parent 38c53db953
commit 2b40ad29c0
10 changed files with 188 additions and 113 deletions
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -40,6 +40,8 @@ struct ssh_mac_ctx_struct {
  gcry_md_hd_t ctx;
 };

+static int libgcrypt_initialized = 0;
+
 static int alloc_key(struct ssh_cipher_struct *cipher) {
    cipher->key = malloc(cipher->keylen);
    if (cipher->key == NULL) {
@@ -544,22 +546,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
  }
 };

-void libgcrypt_init(void)
-{
-    size_t i;
-
-    for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
-        int cmp;
-        cmp = strcmp(ssh_ciphertab[i].name, "chacha20-poly1305@openssh.com");
-        if (cmp == 0) {
-            memcpy(&ssh_ciphertab[i],
-                   ssh_get_chacha20poly1305_cipher(),
-                   sizeof(struct ssh_cipher_struct));
-            break;
-        }
-    }
-}
-
 struct ssh_cipher_struct *ssh_get_ciphertab(void)
 {
  return ssh_ciphertab;
@@ -615,4 +601,56 @@ fail:
    return result;
 }

+
+/**
+ * @internal
+ *
+ * @brief Initialize libgcrypt's subsystem
+ */
+int ssh_crypto_init(void)
+{
+    size_t i;
+
+    if (libgcrypt_initialized) {
+        return SSH_OK;
+    }
+
+    gcry_check_version(NULL);
+    if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P, 0)) {
+        gcry_control(GCRYCTL_INIT_SECMEM, 4096);
+        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+    }
+
+    for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
+        int cmp;
+        cmp = strcmp(ssh_ciphertab[i].name, "chacha20-poly1305@openssh.com");
+        if (cmp == 0) {
+            memcpy(&ssh_ciphertab[i],
+                   ssh_get_chacha20poly1305_cipher(),
+                   sizeof(struct ssh_cipher_struct));
+            break;
+        }
+    }
+
+    libgcrypt_initialized = 1;
+
+    return SSH_OK;
+}
+
+/**
+ * @internal
+ *
+ * @brief Finalize libgcrypt's subsystem
+ */
+void ssh_crypto_finalize(void)
+{
+    if (!libgcrypt_initialized) {
+        return;
+    }
+
+    gcry_control(GCRYCTL_TERM_SECMEM);
+
+    libgcrypt_initialized = 0;
+}
+
 #endif