From c7ea99af4f62690cb7f5af05d92b8af24e097db4 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 11:12:03 +0200 Subject: [PATCH 01/11] Add _init() and _free() for cipher modules --- include/polarssl/aes.h | 14 +++++++ include/polarssl/arc4.h | 16 +++++++- include/polarssl/blowfish.h | 14 +++++++ include/polarssl/camellia.h | 14 +++++++ include/polarssl/des.h | 28 +++++++++++++ include/polarssl/xtea.h | 14 +++++++ library/aes.c | 64 ++++++++++++++++++++--------- library/arc4.c | 30 ++++++++++++-- library/blowfish.c | 18 +++++++++ library/camellia.c | 25 +++++++++--- library/cipher_wrap.c | 81 ++++++++++++++++++++++++++++--------- library/ctr_drbg.c | 5 +++ library/des.c | 42 +++++++++++++++++-- library/pem.c | 12 ++++-- library/pkcs12.c | 10 ++++- library/ssl_tls.c | 20 ++++++++- library/xtea.c | 29 +++++++++++-- 17 files changed, 375 insertions(+), 61 deletions(-) diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h index 58b348e7c..2e9092f95 100644 --- a/include/polarssl/aes.h +++ b/include/polarssl/aes.h @@ -73,6 +73,20 @@ typedef struct } aes_context; +/** + * \brief Initialize AES context + * + * \param ctx AES context to be initialized + */ +void aes_init( aes_context *ctx ); + +/** + * \brief Clear AES context + * + * \param ctx AES context to be cleared + */ +void aes_free( aes_context *ctx ); + /** * \brief AES key schedule (encryption) * diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h index c6c676b3c..555f54fab 100644 --- a/include/polarssl/arc4.h +++ b/include/polarssl/arc4.h @@ -55,9 +55,23 @@ typedef struct arc4_context; /** - * \brief ARC4 key schedule + * \brief Initialize ARC4 context * * \param ctx ARC4 context to be initialized + */ +void arc4_init( arc4_context *ctx ); + +/** + * \brief Clear ARC4 context + * + * \param ctx ARC4 context to be cleared + */ +void arc4_free( arc4_context *ctx ); + +/** + * \brief ARC4 key schedule + * + * \param ctx ARC4 context to be setup * \param key the secret key * \param keylen length of the key, in bytes */ diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h index c9c867289..c652b463d 100644 --- a/include/polarssl/blowfish.h +++ b/include/polarssl/blowfish.h @@ -70,6 +70,20 @@ typedef struct } blowfish_context; +/** + * \brief Initialize Blowfish context + * + * \param ctx Blowfish context to be initialized + */ +void blowfish_init( blowfish_context *ctx ); + +/** + * \brief Clear Blowfish context + * + * \param ctx Blowfish context to be cleared + */ +void blowfish_free( blowfish_context *ctx ); + /** * \brief Blowfish key schedule * diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h index 34c199068..8488d1df8 100644 --- a/include/polarssl/camellia.h +++ b/include/polarssl/camellia.h @@ -66,6 +66,20 @@ typedef struct } camellia_context; +/** + * \brief Initialize CAMELLIA context + * + * \param ctx CAMELLIA context to be initialized + */ +void camellia_init( camellia_context *ctx ); + +/** + * \brief Clear CAMELLIA context + * + * \param ctx CAMELLIA context to be cleared + */ +void camellia_free( camellia_context *ctx ); + /** * \brief CAMELLIA key schedule (encryption) * diff --git a/include/polarssl/des.h b/include/polarssl/des.h index 78729750f..89bb394e0 100644 --- a/include/polarssl/des.h +++ b/include/polarssl/des.h @@ -77,6 +77,34 @@ typedef struct } des3_context; +/** + * \brief Initialize DES context + * + * \param ctx DES context to be initialized + */ +void des_init( des_context *ctx ); + +/** + * \brief Clear DES context + * + * \param ctx DES context to be cleared + */ +void des_free( des_context *ctx ); + +/** + * \brief Initialize Triple-DES context + * + * \param ctx DES3 context to be initialized + */ +void des3_init( des3_context *ctx ); + +/** + * \brief Clear Triple-DES context + * + * \param ctx DES3 context to be cleared + */ +void des3_free( des3_context *ctx ); + /** * \brief Set key parity on the given key to odd. * diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h index 07118d977..794c5efa3 100644 --- a/include/polarssl/xtea.h +++ b/include/polarssl/xtea.h @@ -64,6 +64,20 @@ typedef struct } xtea_context; +/** + * \brief Initialize XTEA context + * + * \param ctx XTEA context to be initialized + */ +void xtea_init( xtea_context *ctx ); + +/** + * \brief Clear XTEA context + * + * \param ctx XTEA context to be cleared + */ +void xtea_free( xtea_context *ctx ); + /** * \brief XTEA key schedule * diff --git a/library/aes.c b/library/aes.c index a90cefff5..f295747c5 100644 --- a/library/aes.c +++ b/library/aes.c @@ -463,6 +463,19 @@ static void aes_gen_tables( void ) #endif /* POLARSSL_AES_ROM_TABLES */ +void aes_init( aes_context *ctx ) +{ + memset( ctx, 0, sizeof( aes_context ) ); +} + +void aes_free( aes_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( aes_context ) ); +} + /* * AES key schedule (encryption) */ @@ -581,11 +594,12 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize ) { - int i, j; + int i, j, ret; aes_context cty; uint32_t *RK; uint32_t *SK; - int ret; + + aes_init( &cty ); #if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16) if( aes_padlock_ace == -1 ) @@ -599,7 +613,7 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, /* Also checks keysize */ if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 ) - return( ret ); + goto exit; ctx->nr = cty.nr; @@ -608,7 +622,7 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, { aesni_inverse_key( (unsigned char *) ctx->rk, (const unsigned char *) cty.rk, ctx->nr ); - goto done; + goto exit; } #endif @@ -635,12 +649,10 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; -#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) -done: -#endif - polarssl_zeroize( &cty, sizeof( aes_context ) ); +exit: + aes_free( &cty ); - return( 0 ); + return( ret ); } #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ @@ -1171,7 +1183,7 @@ static const int aes_test_ctr_len[3] = */ int aes_self_test( int verbose ) { - int i, j, u, v; + int ret = 0, i, j, u, v; unsigned char key[32]; unsigned char buf[64]; unsigned char iv[16]; @@ -1189,6 +1201,7 @@ int aes_self_test( int verbose ) aes_context ctx; memset( key, 0, 32 ); + aes_init( &ctx ); /* * ECB mode @@ -1216,7 +1229,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1231,7 +1245,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1271,7 +1286,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1294,7 +1310,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1335,7 +1352,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1348,7 +1366,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1392,7 +1411,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1408,7 +1428,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1420,7 +1441,12 @@ int aes_self_test( int verbose ) polarssl_printf( "\n" ); #endif /* POLARSSL_CIPHER_MODE_CTR */ - return( 0 ); + ret = 0; + +exit: + aes_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/arc4.c b/library/arc4.c index d722c56ea..54e89ea88 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -46,6 +46,24 @@ #if !defined(POLARSSL_ARC4_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void arc4_init( arc4_context *ctx ) +{ + memset( ctx, 0, sizeof( arc4_context ) ); +} + +void arc4_free( arc4_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( arc4_context ) ); +} + /* * ARC4 key schedule */ @@ -146,11 +164,13 @@ static const unsigned char arc4_test_ct[3][8] = */ int arc4_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char ibuf[8]; unsigned char obuf[8]; arc4_context ctx; + arc4_init( &ctx ); + for( i = 0; i < 3; i++ ) { if( verbose != 0 ) @@ -166,7 +186,8 @@ int arc4_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -176,7 +197,10 @@ int arc4_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + arc4_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/blowfish.c b/library/blowfish.c index d8b0c36ce..87396dc22 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -41,6 +41,11 @@ #if !defined(POLARSSL_BLOWFISH_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* * 32-bit integer manipulation macros (big endian) */ @@ -152,6 +157,19 @@ static void blowfish_dec( blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) *xr = Xr; } +void blowfish_init( blowfish_context *ctx ) +{ + memset( ctx, 0, sizeof( blowfish_context ) ); +} + +void blowfish_free( blowfish_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( blowfish_context ) ); +} + /* * Blowfish key schedule */ diff --git a/library/camellia.c b/library/camellia.c index f1d4d6b24..a4968f411 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -322,6 +322,19 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], z[1] ^= I0; } +void camellia_init( camellia_context *ctx ) +{ + memset( ctx, 0, sizeof( camellia_context ) ); +} + +void camellia_free( camellia_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( camellia_context ) ); +} + /* * Camellia key schedule (encryption) */ @@ -433,16 +446,17 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize ) { - int idx; + int idx, ret; size_t i; camellia_context cty; uint32_t *RK; uint32_t *SK; - int ret; + + camellia_init( &cty ); /* Also checks keysize */ if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) ) - return( ret ); + goto exit; ctx->nr = cty.nr; idx = ( ctx->nr == 4 ); @@ -468,9 +482,10 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; - polarssl_zeroize( &cty, sizeof( camellia_context ) ); +exit: + camellia_free( &cty ); - return( 0 ); + return( ret ); } /* diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 070963a36..47a69a97b 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -74,11 +74,6 @@ #include -/* Implementation that should never be optimized out by the compiler */ -static void polarssl_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #if defined(POLARSSL_GCM_C) /* shared by all GCM ciphers */ static void *gcm_ctx_alloc( void ) @@ -187,12 +182,19 @@ static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * aes_ctx_alloc( void ) { - return polarssl_malloc( sizeof( aes_context ) ); + aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) ); + + if( aes == NULL ) + return( NULL ); + + aes_init( aes ); + + return( aes ); } static void aes_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( aes_context ) ); + aes_free( (aes_context *) ctx ); polarssl_free( ctx ); } @@ -541,12 +543,20 @@ static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * camellia_ctx_alloc( void ) { - return polarssl_malloc( sizeof( camellia_context ) ); + camellia_context *ctx; + ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) ); + + if( ctx == NULL ) + return( NULL ); + + camellia_init( ctx ); + + return( ctx ); } static void camellia_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( camellia_context ) ); + camellia_free( (camellia_context *) ctx ); polarssl_free( ctx ); } @@ -915,23 +925,38 @@ static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, static void * des_ctx_alloc( void ) { - return polarssl_malloc( sizeof( des_context ) ); -} + des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) ); -static void * des3_ctx_alloc( void ) -{ - return polarssl_malloc( sizeof( des3_context ) ); + if( des == NULL ) + return( NULL ); + + des_init( des ); + + return( des ); } static void des_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( des_context ) ); + des_free( (des_context *) ctx ); polarssl_free( ctx ); } +static void * des3_ctx_alloc( void ) +{ + des3_context *des3; + des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) ); + + if( des3 == NULL ) + return( NULL ); + + des3_init( des3 ); + + return( des3 ); +} + static void des3_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( des3_context ) ); + des3_free( (des3_context *) ctx ); polarssl_free( ctx ); } @@ -1122,12 +1147,20 @@ static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, static void * blowfish_ctx_alloc( void ) { - return polarssl_malloc( sizeof( blowfish_context ) ); + blowfish_context *ctx; + ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) ); + + if( ctx == NULL ) + return( NULL ); + + blowfish_init( ctx ); + + return( ctx ); } static void blowfish_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( blowfish_context ) ); + blowfish_free( (blowfish_context *) ctx ); polarssl_free( ctx ); } @@ -1216,12 +1249,20 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key, static void * arc4_ctx_alloc( void ) { - return polarssl_malloc( sizeof( arc4_context ) ); + arc4_context *ctx; + ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) ); + + if( ctx == NULL ) + return( NULL ); + + arc4_init( ctx ); + + return( ctx ); } static void arc4_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( arc4_context ) ); + arc4_free( (arc4_context *) ctx ); polarssl_free( ctx ); } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 3db517d55..249b84069 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -66,6 +66,8 @@ int ctr_drbg_init_entropy_len( memset( ctx, 0, sizeof(ctr_drbg_context) ); memset( key, 0, CTR_DRBG_KEYSIZE ); + aes_init( &ctx->aes_ctx ); + ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; @@ -122,6 +124,7 @@ static int block_cipher_df( unsigned char *output, size_t buf_len, use_len; memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 ); + aes_init( &aes_ctx ); /* * Construct IV (16 bytes) and S in buffer @@ -189,6 +192,8 @@ static int block_cipher_df( unsigned char *output, p += CTR_DRBG_BLOCKSIZE; } + aes_free( &aes_ctx ); + return( 0 ); } diff --git a/library/des.c b/library/des.c index 8c156aef6..12fe4f46a 100644 --- a/library/des.c +++ b/library/des.c @@ -305,6 +305,32 @@ static const uint32_t RHs[16] = #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } +void des_init( des_context *ctx ) +{ + memset( ctx, 0, sizeof( des_context ) ); +} + +void des_free( des_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( des_context ) ); +} + +void des3_init( des3_context *ctx ) +{ + memset( ctx, 0, sizeof( des3_context ) ); +} + +void des3_free( des3_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( des3_context ) ); +} + static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, @@ -839,7 +865,7 @@ static const unsigned char des3_test_cbc_enc[3][8] = */ int des_self_test( int verbose ) { - int i, j, u, v; + int i, j, u, v, ret = 0; des_context ctx; des3_context ctx3; unsigned char buf[8]; @@ -848,6 +874,8 @@ int des_self_test( int verbose ) unsigned char iv[8]; #endif + des_init( &ctx ); + des3_init( &ctx3 ); /* * ECB mode */ @@ -909,7 +937,8 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1004,7 +1033,8 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1015,7 +1045,11 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + des_free( &ctx ); + des3_free( &ctx3 ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/pem.c b/library/pem.c index 4e00b63f6..a0ad46ee0 100644 --- a/library/pem.c +++ b/library/pem.c @@ -141,13 +141,15 @@ static void pem_des_decrypt( unsigned char des_iv[8], des_context des_ctx; unsigned char des_key[8]; + des_init( &des_ctx ); + pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); des_setkey_dec( &des_ctx, des_key ); des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf ); - polarssl_zeroize( &des_ctx, sizeof( des_ctx ) ); + des_free( &des_ctx ); polarssl_zeroize( des_key, 8 ); } @@ -161,13 +163,15 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], des3_context des3_ctx; unsigned char des3_key[24]; + des3_init( &des3_ctx ); + pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); des3_set3key_dec( &des3_ctx, des3_key ); des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf ); - polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) ); + des3_free( &des3_ctx ); polarssl_zeroize( des3_key, 24 ); } #endif /* POLARSSL_DES_C */ @@ -183,13 +187,15 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, aes_context aes_ctx; unsigned char aes_key[32]; + aes_init( &aes_ctx ); + pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf ); - polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) ); + aes_free( &aes_ctx ); polarssl_zeroize( aes_key, keylen ); } #endif /* POLARSSL_AES_C */ diff --git a/library/pkcs12.c b/library/pkcs12.c index b0254508d..027f84a82 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -147,6 +147,8 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, arc4_context ctx; ((void) mode); + arc4_init( &ctx ); + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1, pwd, pwdlen, key, 16, NULL, 0 ) ) != 0 ) @@ -156,9 +158,13 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, arc4_setup( &ctx, key, 16 ); if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 ) - return( ret ); + goto exit; - return( 0 ); +exit: + polarssl_zeroize( key, sizeof( key ) ); + arc4_free( &ctx ); + + return( ret ); #endif /* POLARSSL_ARC4_C */ } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8040f9092..28ca14aa2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3482,6 +3482,14 @@ int ssl_session_reset( ssl_context *ssl ) } #if defined(POLARSSL_SSL_SESSION_TICKETS) +static void ssl_ticket_keys_free( ssl_ticket_keys *tkeys ) +{ + aes_free( &tkeys->enc ); + aes_free( &tkeys->dec ); + + polarssl_zeroize( tkeys, sizeof(ssl_ticket_keys) ); +} + /* * Allocate and initialize ticket keys */ @@ -3498,8 +3506,12 @@ static int ssl_ticket_keys_init( ssl_context *ssl ) if( tkeys == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + aes_init( &tkeys->enc ); + aes_init( &tkeys->dec ); + if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } @@ -3508,12 +3520,14 @@ static int ssl_ticket_keys_init( ssl_context *ssl ) ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 || ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } @@ -4580,7 +4594,11 @@ void ssl_free( ssl_context *ssl ) } #if defined(POLARSSL_SSL_SESSION_TICKETS) - polarssl_free( ssl->ticket_keys ); + if( ssl->ticket_keys ) + { + ssl_ticket_keys_free( ssl->ticket_keys ); + polarssl_free( ssl->ticket_keys ); + } #endif #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) diff --git a/library/xtea.c b/library/xtea.c index 5ff8a044f..75215c50a 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -41,6 +41,11 @@ #if !defined(POLARSSL_XTEA_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* * 32-bit integer manipulation macros (big endian) */ @@ -64,6 +69,19 @@ } #endif +void xtea_init( xtea_context *ctx ) +{ + memset( ctx, 0, sizeof( xtea_context ) ); +} + +void xtea_free( xtea_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( xtea_context ) ); +} + /* * XTEA key schedule */ @@ -223,10 +241,11 @@ static const unsigned char xtea_test_ct[6][8] = */ int xtea_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char buf[8]; xtea_context ctx; + xtea_init( &ctx ); for( i = 0; i < 6; i++ ) { if( verbose != 0 ) @@ -242,7 +261,8 @@ int xtea_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -252,7 +272,10 @@ int xtea_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + xtea_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ From 8cfd9d8c599c97b6d8cc60c5934d6e25780cfa58 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 11:16:11 +0200 Subject: [PATCH 02/11] Adapt programs / test suites to _init() and _free() --- programs/aes/aescrypt2.c | 6 ++++-- programs/pkey/dh_client.c | 3 +++ programs/pkey/dh_server.c | 2 ++ programs/test/benchmark.c | 14 +++++++++++++ tests/suites/test_suite_aes.function | 24 +++++++++++++++++++++++ tests/suites/test_suite_arc4.function | 3 +++ tests/suites/test_suite_blowfish.function | 21 ++++++++++++++++++++ tests/suites/test_suite_camellia.function | 18 +++++++++++++++++ tests/suites/test_suite_des.function | 24 +++++++++++++++++++++++ 9 files changed, 113 insertions(+), 2 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 28f74d1a4..db7ed325e 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -93,6 +93,8 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif + aes_init( &aes_ctx ); + /* * Parse the command-line arguments. */ @@ -357,7 +359,7 @@ int main( int argc, char *argv[] ) } memset( key, 0, sizeof( key ) ); - aes_setkey_dec( &aes_ctx, digest, 256 ); + aes_setkey_dec( &aes_ctx, digest, 256 ); sha256_hmac_starts( &sha_ctx, digest, 32, 0 ); /* @@ -426,7 +428,7 @@ exit: memset( buffer, 0, sizeof( buffer ) ); memset( digest, 0, sizeof( digest ) ); - memset( &aes_ctx, 0, sizeof( aes_context ) ); + aes_free( &aes_ctx ); memset( &sha_ctx, 0, sizeof( sha256_context ) ); return( ret ); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 154f5e3f4..92c5bca7d 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -84,6 +84,8 @@ int main( int argc, char *argv[] ) memset( &rsa, 0, sizeof( rsa ) ); memset( &dhm, 0, sizeof( dhm ) ); + aes_init( &aes ); + /* * 1. Setup the RNG */ @@ -279,6 +281,7 @@ exit: if( server_fd != -1 ) net_close( server_fd ); + aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); entropy_free( &entropy ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c2fdbbfee..8bb184f8f 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -84,6 +84,7 @@ int main( int argc, char *argv[] ) memset( &rsa, 0, sizeof( rsa ) ); memset( &dhm, 0, sizeof( dhm ) ); + aes_init( &aes ); /* * 1. Setup the RNG @@ -280,6 +281,7 @@ exit: if( client_fd != -1 ) net_close( client_fd ); + aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); entropy_free( &entropy ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index b978f01cc..a17d6900b 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -273,8 +273,10 @@ int main( int argc, char *argv[] ) if( todo.arc4 ) { arc4_context arc4; + arc4_init( &arc4 ); arc4_setup( &arc4, tmp, 32 ); TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) ); + arc4_free( &arc4 ); } #endif @@ -282,17 +284,21 @@ int main( int argc, char *argv[] ) if( todo.des3 ) { des3_context des3; + des3_init( &des3 ); des3_set3key_enc( &des3, tmp ); TIME_AND_TSC( "3DES", des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); + des3_free( &des3 ); } if( todo.des ) { des_context des; + des_init( &des ); des_setkey_enc( &des, tmp ); TIME_AND_TSC( "DES", des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); + des_free( &des ); } #endif @@ -301,6 +307,7 @@ int main( int argc, char *argv[] ) if( todo.aes_cbc ) { aes_context aes; + aes_init( &aes ); for( keysize = 128; keysize <= 256; keysize += 64 ) { snprintf( title, sizeof( title ), "AES-CBC-%d", keysize ); @@ -312,6 +319,7 @@ int main( int argc, char *argv[] ) TIME_AND_TSC( title, aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } + aes_free( &aes ); } #endif #if defined(POLARSSL_GCM_C) @@ -360,6 +368,7 @@ int main( int argc, char *argv[] ) if( todo.camellia ) { camellia_context camellia; + camellia_init( &camellia ); for( keysize = 128; keysize <= 256; keysize += 64 ) { snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize ); @@ -372,6 +381,7 @@ int main( int argc, char *argv[] ) camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } + camellia_free( &camellia ); } #endif @@ -379,6 +389,8 @@ int main( int argc, char *argv[] ) if( todo.blowfish ) { blowfish_context blowfish; + blowfish_init( &blowfish ); + for( keysize = 128; keysize <= 256; keysize += 64 ) { snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize ); @@ -391,6 +403,8 @@ int main( int argc, char *argv[] ) blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE, tmp, buf, buf ) ); } + + blowfish_free( &blowfish ); } #endif diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index b92e80dc8..20f5889bc 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -22,6 +22,7 @@ void aes_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -34,6 +35,8 @@ void aes_encrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + aes_free( &ctx ); } /* END_CASE */ @@ -52,6 +55,7 @@ void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -64,6 +68,8 @@ void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + aes_free( &ctx ); } /* END_CASE */ @@ -85,6 +91,7 @@ void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -98,6 +105,8 @@ void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + aes_free( &ctx ); } /* END_CASE */ @@ -119,6 +128,7 @@ void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -132,6 +142,8 @@ void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + aes_free( &ctx ); } /* END_CASE */ @@ -153,6 +165,7 @@ void aes_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -163,6 +176,8 @@ void aes_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, 16 ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + aes_free( &ctx ); } /* END_CASE */ @@ -184,6 +199,7 @@ void aes_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -194,6 +210,8 @@ void aes_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, 16 ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + aes_free( &ctx ); } /* END_CASE */ @@ -214,6 +232,7 @@ void aes_encrypt_cfb8( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -224,6 +243,8 @@ void aes_encrypt_cfb8( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + aes_free( &ctx ); } /* END_CASE */ @@ -244,6 +265,7 @@ void aes_decrypt_cfb8( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + aes_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -254,6 +276,8 @@ void aes_decrypt_cfb8( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + aes_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 73df59e53..f55a5e8d2 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -22,6 +22,7 @@ void arc4_crypt( char *hex_src_string, char *hex_key_string, memset(key_str, 0x00, 1000); memset(dst_str, 0x00, 1000); memset(dst_hexstr, 0x00, 2000); + arc4_init( &ctx ); src_len = unhexify( src_str, hex_src_string ); key_len = unhexify( key_str, hex_key_string ); @@ -31,6 +32,8 @@ void arc4_crypt( char *hex_src_string, char *hex_key_string, hexify( dst_hexstr, dst_str, src_len ); TEST_ASSERT( strcmp( (char *) dst_hexstr, hex_dst_string ) == 0 ); + + arc4_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 673b88c18..17a5b651b 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -22,6 +22,7 @@ void blowfish_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -34,6 +35,8 @@ void blowfish_encrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + blowfish_free( &ctx ); } /* END_CASE */ @@ -52,6 +55,7 @@ void blowfish_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -64,6 +68,8 @@ void blowfish_decrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + blowfish_free( &ctx ); } /* END_CASE */ @@ -85,6 +91,7 @@ void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -99,6 +106,8 @@ void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + blowfish_free( &ctx ); } /* END_CASE */ @@ -120,6 +129,7 @@ void blowfish_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -133,6 +143,8 @@ void blowfish_decrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + blowfish_free( &ctx ); } /* END_CASE */ @@ -154,6 +166,7 @@ void blowfish_encrypt_cfb64( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -164,6 +177,8 @@ void blowfish_encrypt_cfb64( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + blowfish_free( &ctx ); } /* END_CASE */ @@ -185,6 +200,7 @@ void blowfish_decrypt_cfb64( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -195,6 +211,8 @@ void blowfish_decrypt_cfb64( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + blowfish_free( &ctx ); } /* END_CASE */ @@ -218,6 +236,7 @@ void blowfish_encrypt_ctr( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + blowfish_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -228,5 +247,7 @@ void blowfish_encrypt_ctr( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 ); + + blowfish_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 8f9e97870..c5b66a61a 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -22,6 +22,7 @@ void camellia_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -34,6 +35,8 @@ void camellia_encrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + camellia_free( &ctx ); } /* END_CASE */ @@ -52,6 +55,7 @@ void camellia_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -64,6 +68,8 @@ void camellia_decrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + camellia_free( &ctx ); } /* END_CASE */ @@ -85,6 +91,7 @@ void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -98,6 +105,8 @@ void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + camellia_free( &ctx ); } /* END_CASE */ @@ -119,6 +128,7 @@ void camellia_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -132,6 +142,8 @@ void camellia_decrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + camellia_free( &ctx ); } /* END_CASE */ @@ -153,6 +165,7 @@ void camellia_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -163,6 +176,8 @@ void camellia_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, 16 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + camellia_free( &ctx ); } /* END_CASE */ @@ -184,6 +199,7 @@ void camellia_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + camellia_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -194,6 +210,8 @@ void camellia_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, hexify( dst_str, output, 16 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + camellia_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index d5d0f11ed..0231757c1 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -34,6 +34,7 @@ void des_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -43,6 +44,8 @@ void des_encrypt_ecb( char *hex_key_string, char *hex_src_string, hexify( dst_str, output, 8 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + des_free( &ctx ); } /* END_CASE */ @@ -60,6 +63,7 @@ void des_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -69,6 +73,8 @@ void des_decrypt_ecb( char *hex_key_string, char *hex_src_string, hexify( dst_str, output, 8 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + des_free( &ctx ); } /* END_CASE */ @@ -89,6 +95,7 @@ void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -102,6 +109,8 @@ void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + des_free( &ctx ); } /* END_CASE */ @@ -122,6 +131,7 @@ void des_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -135,6 +145,8 @@ void des_decrypt_cbc( char *hex_key_string, char *hex_iv_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + des_free( &ctx ); } /* END_CASE */ @@ -152,6 +164,7 @@ void des3_encrypt_ecb( int key_count, char *hex_key_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des3_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -167,6 +180,8 @@ void des3_encrypt_ecb( int key_count, char *hex_key_string, hexify( dst_str, output, 8 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + des3_free( &ctx ); } /* END_CASE */ @@ -184,6 +199,7 @@ void des3_decrypt_ecb( int key_count, char *hex_key_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des3_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( src_str, hex_src_string ); @@ -199,6 +215,8 @@ void des3_decrypt_ecb( int key_count, char *hex_key_string, hexify( dst_str, output, 8 ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + + des3_free( &ctx ); } /* END_CASE */ @@ -220,6 +238,7 @@ void des3_encrypt_cbc( int key_count, char *hex_key_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des3_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -240,6 +259,8 @@ void des3_encrypt_cbc( int key_count, char *hex_key_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + des3_free( &ctx ); } /* END_CASE */ @@ -261,6 +282,7 @@ void des3_decrypt_cbc( int key_count, char *hex_key_string, memset(src_str, 0x00, 100); memset(dst_str, 0x00, 100); memset(output, 0x00, 100); + des3_init( &ctx ); unhexify( key_str, hex_key_string ); unhexify( iv_str, hex_iv_string ); @@ -281,6 +303,8 @@ void des3_decrypt_cbc( int key_count, char *hex_key_string, TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } + + des3_free( &ctx ); } /* END_CASE */ From 5b4af39a36a9d796ea90f2bf1eb7438ddcffb605 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 26 Jun 2014 12:09:34 +0200 Subject: [PATCH 03/11] Add _init() and _free() for hash modules --- include/polarssl/md2.h | 14 +++++++++++ include/polarssl/md4.h | 14 +++++++++++ include/polarssl/md5.h | 14 +++++++++++ include/polarssl/ripemd160.h | 14 +++++++++++ include/polarssl/sha1.h | 14 +++++++++++ include/polarssl/sha256.h | 14 +++++++++++ include/polarssl/sha512.h | 14 +++++++++++ library/md2.c | 25 ++++++++++++++----- library/md4.c | 25 ++++++++++++++----- library/md5.c | 25 ++++++++++++++----- library/md_wrap.c | 48 ++++++++++++++++++++++++++++++------ library/pem.c | 6 +++-- library/ripemd160.c | 25 ++++++++++++++----- library/sha1.c | 40 ++++++++++++++++++++++-------- library/sha256.c | 40 ++++++++++++++++++++++-------- library/sha512.c | 40 ++++++++++++++++++++++-------- library/ssl_cli.c | 6 +++++ library/ssl_srv.c | 6 +++++ library/ssl_tls.c | 35 +++++++++++++++++++------- 19 files changed, 346 insertions(+), 73 deletions(-) diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h index 96da06ce5..952b0bfce 100644 --- a/include/polarssl/md2.h +++ b/include/polarssl/md2.h @@ -60,6 +60,20 @@ typedef struct } md2_context; +/** + * \brief Initialize MD2 context + * + * \param ctx MD2 context to be initialized + */ +void md2_init( md2_context *ctx ); + +/** + * \brief Clear MD2 context + * + * \param ctx MD2 context to be cleared + */ +void md2_free( md2_context *ctx ); + /** * \brief MD2 context setup * diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h index 6302c3c28..fc5a5cd27 100644 --- a/include/polarssl/md4.h +++ b/include/polarssl/md4.h @@ -66,6 +66,20 @@ typedef struct } md4_context; +/** + * \brief Initialize MD4 context + * + * \param ctx MD4 context to be initialized + */ +void md4_init( md4_context *ctx ); + +/** + * \brief Clear MD4 context + * + * \param ctx MD4 context to be cleared + */ +void md4_free( md4_context *ctx ); + /** * \brief MD4 context setup * diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h index bb0ebf37d..2f378f6cd 100644 --- a/include/polarssl/md5.h +++ b/include/polarssl/md5.h @@ -66,6 +66,20 @@ typedef struct } md5_context; +/** + * \brief Initialize MD5 context + * + * \param ctx MD5 context to be initialized + */ +void md5_init( md5_context *ctx ); + +/** + * \brief Clear MD5 context + * + * \param ctx MD5 context to be cleared + */ +void md5_free( md5_context *ctx ); + /** * \brief MD5 context setup * diff --git a/include/polarssl/ripemd160.h b/include/polarssl/ripemd160.h index 754322d6e..e3b66c90f 100644 --- a/include/polarssl/ripemd160.h +++ b/include/polarssl/ripemd160.h @@ -66,6 +66,20 @@ typedef struct } ripemd160_context; +/** + * \brief Initialize RIPEMD-160 context + * + * \param ctx RIPEMD-160 context to be initialized + */ +void ripemd160_init( ripemd160_context *ctx ); + +/** + * \brief Clear RIPEMD-160 context + * + * \param ctx RIPEMD-160 context to be cleared + */ +void ripemd160_free( ripemd160_context *ctx ); + /** * \brief RIPEMD-160 context setup * diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h index 57a731bfa..cb0c4367f 100644 --- a/include/polarssl/sha1.h +++ b/include/polarssl/sha1.h @@ -66,6 +66,20 @@ typedef struct } sha1_context; +/** + * \brief Initialize SHA-1 context + * + * \param ctx SHA-1 context to be initialized + */ +void sha1_init( sha1_context *ctx ); + +/** + * \brief Clear SHA-1 context + * + * \param ctx SHA-1 context to be cleared + */ +void sha1_free( sha1_context *ctx ); + /** * \brief SHA-1 context setup * diff --git a/include/polarssl/sha256.h b/include/polarssl/sha256.h index 80a022487..b14367410 100644 --- a/include/polarssl/sha256.h +++ b/include/polarssl/sha256.h @@ -67,6 +67,20 @@ typedef struct } sha256_context; +/** + * \brief Initialize SHA-256 context + * + * \param ctx SHA-256 context to be initialized + */ +void sha256_init( sha256_context *ctx ); + +/** + * \brief Clear SHA-256 context + * + * \param ctx SHA-256 context to be cleared + */ +void sha256_free( sha256_context *ctx ); + /** * \brief SHA-256 context setup * diff --git a/include/polarssl/sha512.h b/include/polarssl/sha512.h index c60564f48..dfbae4a73 100644 --- a/include/polarssl/sha512.h +++ b/include/polarssl/sha512.h @@ -68,6 +68,20 @@ typedef struct } sha512_context; +/** + * \brief Initialize SHA-512 context + * + * \param ctx SHA-512 context to be initialized + */ +void sha512_init( sha512_context *ctx ); + +/** + * \brief Clear SHA-512 context + * + * \param ctx SHA-512 context to be cleared + */ +void sha512_free( sha512_context *ctx ); + /** * \brief SHA-512 context setup * diff --git a/library/md2.c b/library/md2.c index 589c5cc0a..45bce371c 100644 --- a/library/md2.c +++ b/library/md2.c @@ -86,6 +86,19 @@ static const unsigned char PI_SUBST[256] = 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 }; +void md2_init( md2_context *ctx ) +{ + memset( ctx, 0, sizeof( md2_context ) ); +} + +void md2_free( md2_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( md2_context ) ); +} + /* * MD2 context setup */ @@ -189,11 +202,11 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) { md2_context ctx; + md2_init( &ctx ); md2_starts( &ctx ); md2_update( &ctx, input, ilen ); md2_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md2_context ) ); + md2_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -210,14 +223,14 @@ int md2_file( const char *path, unsigned char output[16] ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_MD2_FILE_IO_ERROR ); + md2_init( &ctx ); md2_starts( &ctx ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md2_update( &ctx, buf, n ); md2_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md2_context ) ); + md2_free( &ctx ); if( ferror( f ) != 0 ) { @@ -304,11 +317,11 @@ void md2_hmac( const unsigned char *key, size_t keylen, { md2_context ctx; + md2_init( &ctx ); md2_hmac_starts( &ctx, key, keylen ); md2_hmac_update( &ctx, input, ilen ); md2_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md2_context ) ); + md2_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) diff --git a/library/md4.c b/library/md4.c index ccde1a16b..f6b71d56e 100644 --- a/library/md4.c +++ b/library/md4.c @@ -79,6 +79,19 @@ static void polarssl_zeroize( void *v, size_t n ) { } #endif +void md4_init( md4_context *ctx ) +{ + memset( ctx, 0, sizeof( md4_context ) ); +} + +void md4_free( md4_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( md4_context ) ); +} + /* * MD4 context setup */ @@ -285,11 +298,11 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) { md4_context ctx; + md4_init( &ctx ); md4_starts( &ctx ); md4_update( &ctx, input, ilen ); md4_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md4_context ) ); + md4_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -306,14 +319,14 @@ int md4_file( const char *path, unsigned char output[16] ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_MD4_FILE_IO_ERROR ); + md4_init( &ctx ); md4_starts( &ctx ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md4_update( &ctx, buf, n ); md4_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md4_context ) ); + md4_free( &ctx ); if( ferror( f ) != 0 ) { @@ -400,11 +413,11 @@ void md4_hmac( const unsigned char *key, size_t keylen, { md4_context ctx; + md4_init( &ctx ); md4_hmac_starts( &ctx, key, keylen ); md4_hmac_update( &ctx, input, ilen ); md4_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md4_context ) ); + md4_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) diff --git a/library/md5.c b/library/md5.c index ca1631752..89354bc7d 100644 --- a/library/md5.c +++ b/library/md5.c @@ -78,6 +78,19 @@ static void polarssl_zeroize( void *v, size_t n ) { } #endif +void md5_init( md5_context *ctx ) +{ + memset( ctx, 0, sizeof( md5_context ) ); +} + +void md5_free( md5_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( md5_context ) ); +} + /* * MD5 context setup */ @@ -302,11 +315,11 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) { md5_context ctx; + md5_init( &ctx ); md5_starts( &ctx ); md5_update( &ctx, input, ilen ); md5_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md5_context ) ); + md5_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -323,14 +336,14 @@ int md5_file( const char *path, unsigned char output[16] ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_MD5_FILE_IO_ERROR ); + md5_init( &ctx ); md5_starts( &ctx ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) md5_update( &ctx, buf, n ); md5_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md5_context ) ); + md5_free( &ctx ); if( ferror( f ) != 0 ) { @@ -417,11 +430,11 @@ void md5_hmac( const unsigned char *key, size_t keylen, { md5_context ctx; + md5_init( &ctx ); md5_hmac_starts( &ctx, key, keylen ); md5_hmac_update( &ctx, input, ilen ); md5_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( md5_context ) ); + md5_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) diff --git a/library/md_wrap.c b/library/md_wrap.c index 834e24118..de701d319 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -398,12 +398,20 @@ static void ripemd160_hmac_reset_wrap( void *ctx ) static void * ripemd160_ctx_alloc( void ) { - return polarssl_malloc( sizeof( ripemd160_context ) ); + ripemd160_context *ctx; + ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) ); + + if( ctx == NULL ) + return( NULL ); + + ripemd160_init( ctx ); + + return( ctx ); } static void ripemd160_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( ripemd160_context ) ); + ripemd160_free( (ripemd160_context *) ctx ); polarssl_free( ctx ); } @@ -486,12 +494,20 @@ static void sha1_hmac_reset_wrap( void *ctx ) static void * sha1_ctx_alloc( void ) { - return polarssl_malloc( sizeof( sha1_context ) ); + sha1_context *ctx; + ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) ); + + if( ctx == NULL ) + return( NULL ); + + sha1_init( ctx ); + + return( ctx ); } static void sha1_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( sha1_context ) ); + sha1_free( (sha1_context *) ctx ); polarssl_free( ctx ); } @@ -687,12 +703,20 @@ static void sha256_hmac_wrap( const unsigned char *key, size_t keylen, static void * sha256_ctx_alloc( void ) { - return polarssl_malloc( sizeof( sha256_context ) ); + sha256_context *ctx; + ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) ); + + if( ctx == NULL ) + return( NULL ); + + sha256_init( ctx ); + + return( ctx ); } static void sha256_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( sha256_context ) ); + sha256_free( (sha256_context *) ctx ); polarssl_free( ctx ); } @@ -885,12 +909,20 @@ static void sha512_hmac_wrap( const unsigned char *key, size_t keylen, static void * sha512_ctx_alloc( void ) { - return polarssl_malloc( sizeof( sha512_context ) ); + sha512_context *ctx; + ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) ); + + if( ctx == NULL ) + return( NULL ); + + sha512_init( ctx ); + + return( ctx ); } static void sha512_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( sha512_context ) ); + sha512_free( (sha512_context *) ctx ); polarssl_free( ctx ); } diff --git a/library/pem.c b/library/pem.c index a0ad46ee0..485d829c0 100644 --- a/library/pem.c +++ b/library/pem.c @@ -92,6 +92,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, unsigned char md5sum[16]; size_t use_len; + md5_init( &md5_ctx ); + /* * key[ 0..15] = MD5(pwd || IV) */ @@ -104,7 +106,7 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, { memcpy( key, md5sum, keylen ); - polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) ); + md5_free( &md5_ctx ); polarssl_zeroize( md5sum, 16 ); return; } @@ -126,7 +128,7 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, memcpy( key + 16, md5sum, use_len ); - polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) ); + md5_free( &md5_ctx ); polarssl_zeroize( md5sum, 16 ); } diff --git a/library/ripemd160.c b/library/ripemd160.c index 3c2a7e663..fcd77609f 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -81,6 +81,19 @@ static void polarssl_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +void ripemd160_init( ripemd160_context *ctx ) +{ + memset( ctx, 0, sizeof( ripemd160_context ) ); +} + +void ripemd160_free( ripemd160_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( ripemd160_context ) ); +} + /* * RIPEMD-160 context setup */ @@ -364,11 +377,11 @@ void ripemd160( const unsigned char *input, size_t ilen, { ripemd160_context ctx; + ripemd160_init( &ctx ); ripemd160_starts( &ctx ); ripemd160_update( &ctx, input, ilen ); ripemd160_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( ripemd160_context ) ); + ripemd160_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -385,14 +398,14 @@ int ripemd160_file( const char *path, unsigned char output[20] ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR ); + ripemd160_init( &ctx ); ripemd160_starts( &ctx ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) ripemd160_update( &ctx, buf, n ); ripemd160_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( ripemd160_context ) ); + ripemd160_free( &ctx ); if( ferror( f ) != 0 ) { @@ -479,11 +492,11 @@ void ripemd160_hmac( const unsigned char *key, size_t keylen, { ripemd160_context ctx; + ripemd160_init( &ctx ); ripemd160_hmac_starts( &ctx, key, keylen ); ripemd160_hmac_update( &ctx, input, ilen ); ripemd160_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( ripemd160_context ) ); + ripemd160_free( &ctx ); } diff --git a/library/sha1.c b/library/sha1.c index a528d8ec7..20408c742 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -78,6 +78,19 @@ static void polarssl_zeroize( void *v, size_t n ) { } #endif +void sha1_init( sha1_context *ctx ) +{ + memset( ctx, 0, sizeof( sha1_context ) ); +} + +void sha1_free( sha1_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( sha1_context ) ); +} + /* * SHA-1 context setup */ @@ -335,11 +348,11 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) { sha1_context ctx; + sha1_init( &ctx ); sha1_starts( &ctx ); sha1_update( &ctx, input, ilen ); sha1_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha1_context ) ); + sha1_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -356,14 +369,14 @@ int sha1_file( const char *path, unsigned char output[20] ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); + sha1_init( &ctx ); sha1_starts( &ctx ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha1_update( &ctx, buf, n ); sha1_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha1_context ) ); + sha1_free( &ctx ); if( ferror( f ) != 0 ) { @@ -450,11 +463,11 @@ void sha1_hmac( const unsigned char *key, size_t keylen, { sha1_context ctx; + sha1_init( &ctx ); sha1_hmac_starts( &ctx, key, keylen ); sha1_hmac_update( &ctx, input, ilen ); sha1_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha1_context ) ); + sha1_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) @@ -554,11 +567,13 @@ static const unsigned char sha1_hmac_test_sum[7][20] = */ int sha1_self_test( int verbose ) { - int i, j, buflen; + int i, j, buflen, ret = 0; unsigned char buf[1024]; unsigned char sha1sum[20]; sha1_context ctx; + sha1_init( &ctx ); + /* * SHA-1 */ @@ -587,7 +602,8 @@ int sha1_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -623,7 +639,8 @@ int sha1_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -633,7 +650,10 @@ int sha1_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + sha1_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/sha256.c b/library/sha256.c index 5633f9e8f..4fc66982f 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -78,6 +78,19 @@ static void polarssl_zeroize( void *v, size_t n ) { } #endif +void sha256_init( sha256_context *ctx ) +{ + memset( ctx, 0, sizeof( sha256_context ) ); +} + +void sha256_free( sha256_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( sha256_context ) ); +} + /* * SHA-256 context setup */ @@ -338,11 +351,11 @@ void sha256( const unsigned char *input, size_t ilen, { sha256_context ctx; + sha256_init( &ctx ); sha256_starts( &ctx, is224 ); sha256_update( &ctx, input, ilen ); sha256_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha256_context ) ); + sha256_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -359,14 +372,14 @@ int sha256_file( const char *path, unsigned char output[32], int is224 ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_SHA256_FILE_IO_ERROR ); + sha256_init( &ctx ); sha256_starts( &ctx, is224 ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha256_update( &ctx, buf, n ); sha256_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha256_context ) ); + sha256_free( &ctx ); if( ferror( f ) != 0 ) { @@ -457,11 +470,11 @@ void sha256_hmac( const unsigned char *key, size_t keylen, { sha256_context ctx; + sha256_init( &ctx ); sha256_hmac_starts( &ctx, key, keylen, is224 ); sha256_hmac_update( &ctx, input, ilen ); sha256_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha256_context ) ); + sha256_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) @@ -632,11 +645,13 @@ static const unsigned char sha256_hmac_test_sum[14][32] = */ int sha256_self_test( int verbose ) { - int i, j, k, buflen; + int i, j, k, buflen, ret = 0; unsigned char buf[1024]; unsigned char sha256sum[32]; sha256_context ctx; + sha256_init( &ctx ); + for( i = 0; i < 6; i++ ) { j = i % 3; @@ -665,7 +680,8 @@ int sha256_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -704,7 +720,8 @@ int sha256_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -714,7 +731,10 @@ int sha256_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + sha256_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/sha512.c b/library/sha512.c index a29c80a5a..f1d15256f 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -133,6 +133,19 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; +void sha512_init( sha512_context *ctx ) +{ + memset( ctx, 0, sizeof( sha512_context ) ); +} + +void sha512_free( sha512_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( sha512_context ) ); +} + /* * SHA-512 context setup */ @@ -336,11 +349,11 @@ void sha512( const unsigned char *input, size_t ilen, { sha512_context ctx; + sha512_init( &ctx ); sha512_starts( &ctx, is384 ); sha512_update( &ctx, input, ilen ); sha512_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha512_context ) ); + sha512_free( &ctx ); } #if defined(POLARSSL_FS_IO) @@ -357,14 +370,14 @@ int sha512_file( const char *path, unsigned char output[64], int is384 ) if( ( f = fopen( path, "rb" ) ) == NULL ) return( POLARSSL_ERR_SHA512_FILE_IO_ERROR ); + sha512_init( &ctx ); sha512_starts( &ctx, is384 ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) sha512_update( &ctx, buf, n ); sha512_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha512_context ) ); + sha512_free( &ctx ); if( ferror( f ) != 0 ) { @@ -455,11 +468,11 @@ void sha512_hmac( const unsigned char *key, size_t keylen, { sha512_context ctx; + sha512_init( &ctx ); sha512_hmac_starts( &ctx, key, keylen, is384 ); sha512_hmac_update( &ctx, input, ilen ); sha512_hmac_finish( &ctx, output ); - - polarssl_zeroize( &ctx, sizeof( sha512_context ) ); + sha512_free( &ctx ); } #if defined(POLARSSL_SELF_TEST) @@ -686,11 +699,13 @@ static const unsigned char sha512_hmac_test_sum[14][64] = */ int sha512_self_test( int verbose ) { - int i, j, k, buflen; + int i, j, k, buflen, ret = 0; unsigned char buf[1024]; unsigned char sha512sum[64]; sha512_context ctx; + sha512_init( &ctx ); + for( i = 0; i < 6; i++ ) { j = i % 3; @@ -719,7 +734,8 @@ int sha512_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -758,7 +774,8 @@ int sha512_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -768,7 +785,10 @@ int sha512_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + sha512_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 035cf3994..c6a11dec6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1718,6 +1718,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md5_context md5; sha1_context sha1; + md5_init( &md5 ); + sha1_init( &sha1 ); + hashlen = 36; /* @@ -1742,6 +1745,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) sha1_update( &sha1, ssl->handshake->randbytes, 64 ); sha1_update( &sha1, ssl->in_msg + 4, params_len ); sha1_finish( &sha1, hash + 16 ); + + md5_free( &md5 ); + sha1_free( &sha1 ); } else #endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 8c8fa2cbf..1e75408ee 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2337,6 +2337,9 @@ curve_matching_done: md5_context md5; sha1_context sha1; + md5_init( &md5 ); + sha1_init( &sha1 ); + /* * digitally-signed struct { * opaque md5_hash[16]; @@ -2361,6 +2364,9 @@ curve_matching_done: sha1_finish( &sha1, hash + 16 ); hashlen = 36; + + md5_free( &md5 ); + sha1_free( &sha1 ); } else #endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 28ca14aa2..963f02b71 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -156,6 +156,9 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, unsigned char sha1sum[20]; ((void)label); + md5_init( &md5 ); + sha1_init( &sha1 ); + /* * SSLv3: * block = @@ -180,8 +183,8 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, md5_finish( &md5, dstbuf + i * 16 ); } - polarssl_zeroize( &md5, sizeof( md5 ) ); - polarssl_zeroize( &sha1, sizeof( sha1 ) ); + md5_free( &md5 ); + sha1_free( &sha1 ); polarssl_zeroize( padding, sizeof( padding ) ); polarssl_zeroize( sha1sum, sizeof( sha1sum ) ); @@ -805,6 +808,9 @@ void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] ) SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + md5_free( &md5 ); + sha1_free( &sha1 ); + return; } #endif /* POLARSSL_SSL_PROTO_SSL3 */ @@ -826,6 +832,9 @@ void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] ) SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + md5_free( &md5 ); + sha1_free( &sha1 ); + return; } #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */ @@ -844,6 +853,8 @@ void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] ) SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + sha256_free( &sha256 ); + return; } #endif /* POLARSSL_SHA256_C */ @@ -861,6 +872,8 @@ void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + sha512_free( &sha512 ); + return; } #endif /* POLARSSL_SHA512_C */ @@ -2878,8 +2891,8 @@ static void ssl_calc_finished_ssl( SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); - polarssl_zeroize( &md5, sizeof( md5_context ) ); - polarssl_zeroize( &sha1, sizeof( sha1_context ) ); + md5_free( &md5 ); + sha1_free( &sha1 ); polarssl_zeroize( padbuf, sizeof( padbuf ) ); polarssl_zeroize( md5sum, sizeof( md5sum ) ); @@ -2936,8 +2949,8 @@ static void ssl_calc_finished_tls( SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - polarssl_zeroize( &md5, sizeof( md5_context ) ); - polarssl_zeroize( &sha1, sizeof( sha1_context ) ); + md5_free( &md5 ); + sha1_free( &sha1 ); polarssl_zeroize( padbuf, sizeof( padbuf ) ); @@ -2985,7 +2998,7 @@ static void ssl_calc_finished_tls_sha256( SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - polarssl_zeroize( &sha256, sizeof( sha256_context ) ); + sha256_free( &sha256 ); polarssl_zeroize( padbuf, sizeof( padbuf ) ); @@ -3032,7 +3045,7 @@ static void ssl_calc_finished_tls_sha384( SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - polarssl_zeroize( &sha512, sizeof( sha512_context ) ); + sha512_free( &sha512 ); polarssl_zeroize( padbuf, sizeof( padbuf ) ); @@ -3302,14 +3315,18 @@ static int ssl_handshake_init( ssl_context *ssl ) #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ defined(POLARSSL_SSL_PROTO_TLS1_1) - md5_starts( &ssl->handshake->fin_md5 ); + md5_init( &ssl->handshake->fin_md5 ); + sha1_init( &ssl->handshake->fin_sha1 ); + md5_starts( &ssl->handshake->fin_md5 ); sha1_starts( &ssl->handshake->fin_sha1 ); #endif #if defined(POLARSSL_SSL_PROTO_TLS1_2) #if defined(POLARSSL_SHA256_C) + sha256_init( &ssl->handshake->fin_sha256 ); sha256_starts( &ssl->handshake->fin_sha256, 0 ); #endif #if defined(POLARSSL_SHA512_C) + sha512_init( &ssl->handshake->fin_sha512 ); sha512_starts( &ssl->handshake->fin_sha512, 1 ); #endif #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ From 14e8be4d338acd25dc81236997c2c22a232cf38f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 26 Jun 2014 12:25:06 +0200 Subject: [PATCH 04/11] Adapted programs / test suites to _init() and _free() --- programs/aes/aescrypt2.c | 3 ++- tests/suites/test_suite_hmac_shax.function | 15 +++++++++++++++ tests/suites/test_suite_mdx.function | 12 ++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index db7ed325e..40b7fec38 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -94,6 +94,7 @@ int main( int argc, char *argv[] ) #endif aes_init( &aes_ctx ); + sha256_init( &sha_ctx ); /* * Parse the command-line arguments. @@ -429,7 +430,7 @@ exit: memset( digest, 0, sizeof( digest ) ); aes_free( &aes_ctx ); - memset( &sha_ctx, 0, sizeof( sha256_context ) ); + sha256_free( &sha_ctx ); return( ret ); } diff --git a/tests/suites/test_suite_hmac_shax.function b/tests/suites/test_suite_hmac_shax.function index d65437b0e..10b376f5b 100644 --- a/tests/suites/test_suite_hmac_shax.function +++ b/tests/suites/test_suite_hmac_shax.function @@ -17,6 +17,7 @@ void sha1_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, sizeof src_str); memset(key_str, 0x00, sizeof key_str); + sha1_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -56,6 +57,8 @@ void sha1_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + sha1_free( &ctx ); } /* END_CASE */ @@ -72,6 +75,7 @@ void sha224_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, sizeof src_str); memset(key_str, 0x00, sizeof key_str); + sha256_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -111,6 +115,8 @@ void sha224_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + sha256_free( &ctx ); } /* END_CASE */ @@ -127,6 +133,7 @@ void sha256_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, sizeof src_str); memset(key_str, 0x00, sizeof key_str); + sha256_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -166,6 +173,8 @@ void sha256_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + sha256_free( &ctx ); } /* END_CASE */ @@ -182,6 +191,7 @@ void sha384_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, sizeof src_str); memset(key_str, 0x00, sizeof key_str); + sha512_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -221,6 +231,8 @@ void sha384_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + sha512_free( &ctx ); } /* END_CASE */ @@ -237,6 +249,7 @@ void sha512_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset(src_str, 0x00, sizeof src_str); memset(key_str, 0x00, sizeof key_str); + sha512_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -276,5 +289,7 @@ void sha512_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + sha512_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 24fb32894..12a5e1b49 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -98,6 +98,7 @@ void md2_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); + md2_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -137,6 +138,8 @@ void md2_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + md2_free( &ctx ); } /* END_CASE */ @@ -153,6 +156,7 @@ void md4_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); + md4_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -192,6 +196,8 @@ void md4_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + md4_free( &ctx ); } /* END_CASE */ @@ -208,6 +214,7 @@ void md5_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); + md5_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -247,6 +254,8 @@ void md5_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + md5_free( &ctx ); } /* END_CASE */ @@ -263,6 +272,7 @@ void ripemd160_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); + ripemd160_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); @@ -302,6 +312,8 @@ void ripemd160_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + ripemd160_free( &ctx ); } /* END_CASE */ From fff0366bbaa925498bd29897f0e3c69aa482021a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 16:21:25 +0200 Subject: [PATCH 05/11] Add ctr_drbg_free() --- include/polarssl/ctr_drbg.h | 7 +++++++ library/ctr_drbg.c | 14 ++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h index 4b5a444a5..bebbfe931 100644 --- a/include/polarssl/ctr_drbg.h +++ b/include/polarssl/ctr_drbg.h @@ -130,6 +130,13 @@ int ctr_drbg_init( ctr_drbg_context *ctx, const unsigned char *custom, size_t len ); +/** + * \brief Clear CTR_CRBG context data + * + * \param ctx CTR_DRBG context to clear + */ +void ctr_drbg_free( ctr_drbg_context *ctx ); + /** * \brief Enable / disable prediction resistance (Default: Off) * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 249b84069..96ee4f162 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -48,6 +48,11 @@ #define polarssl_printf printf #endif +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST * tests to succeed (which require known length fixed entropy) @@ -95,6 +100,15 @@ int ctr_drbg_init( ctr_drbg_context *ctx, CTR_DRBG_ENTROPY_LEN ) ); } +void ctr_drbg_free( ctr_drbg_context *ctx ) +{ + if( ctx == NULL ) + return; + + aes_free( &ctx->aes_ctx ); + polarssl_zeroize( ctx, sizeof( ctr_drbg_context ) ); +} + void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance ) { ctx->prediction_resistance = resistance; From 8f870b047c3544f6c6f15bd09cc18739e8284e95 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 20 Jun 2014 13:32:38 +0200 Subject: [PATCH 06/11] Add dhm_init() --- include/polarssl/dhm.h | 11 ++++++++++- library/dhm.c | 15 ++++++++++----- library/ssl_tls.c | 3 +++ 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h index 322a78860..064472f35 100644 --- a/include/polarssl/dhm.h +++ b/include/polarssl/dhm.h @@ -169,6 +169,13 @@ typedef struct } dhm_context; +/** + * \brief Initialize DHM context + * + * \param ctx DHM context to be initialized + */ +void dhm_init( dhm_context *ctx ); + /** * \brief Parse the ServerKeyExchange parameters * @@ -256,7 +263,9 @@ int dhm_calc_secret( dhm_context *ctx, void *p_rng ); /** - * \brief Free the components of a DHM key + * \brief Free and clear the components of a DHM key + * + * \param ctx DHM context to free and clear */ void dhm_free( dhm_context *ctx ); diff --git a/library/dhm.c b/library/dhm.c index 5a87e3ca7..1b1d6d65c 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -116,6 +116,11 @@ cleanup: return( ret ); } +void dhm_init( dhm_context *ctx ) +{ + memset( ctx, 0, sizeof( dhm_context ) ); +} + /* * Parse the ServerKeyExchange parameters */ @@ -125,8 +130,6 @@ int dhm_read_params( dhm_context *ctx, { int ret; - dhm_free( ctx ); - if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 ) @@ -417,7 +420,6 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, pem_context pem; pem_init( &pem ); - memset( dhm, 0, sizeof( dhm_context ) ); ret = pem_read_buffer( &pem, "-----BEGIN DH PARAMETERS-----", @@ -561,6 +563,8 @@ int dhm_self_test( int verbose ) int ret; dhm_context dhm; + dhm_init( &dhm ); + if( verbose != 0 ) polarssl_printf( " DHM parameter load: " ); @@ -570,15 +574,16 @@ int dhm_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( ret ); + goto exit; } if( verbose != 0 ) polarssl_printf( "passed\n\n" ); +exit: dhm_free( &dhm ); - return( 0 ); + return( ret ); #else if( verbose != 0 ) polarssl_printf( " DHM parameter load: skipped\n" ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 963f02b71..a6761adce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3334,6 +3334,9 @@ static int ssl_handshake_init( ssl_context *ssl ) ssl->handshake->update_checksum = ssl_update_checksum_start; ssl->handshake->sig_alg = SSL_HASH_SHA1; +#if defined(POLARSSL_DHM_C) + dhm_init( &ssl->handshake->dhm_ctx ); +#endif #if defined(POLARSSL_ECDH_C) ecdh_init( &ssl->handshake->ecdh_ctx ); #endif From a317a982217fa1575792ff6d89e73d150cb8d77d Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 16:44:11 +0200 Subject: [PATCH 07/11] Adapt programs / test suites --- include/polarssl/havege.h | 7 +++++++ library/entropy.c | 3 +++ library/havege.c | 13 +++++++++++++ programs/pkey/dh_client.c | 4 ++-- programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 3 ++- programs/pkey/ecdsa.c | 1 + programs/pkey/gen_key.c | 1 + programs/pkey/pk_decrypt.c | 1 + programs/pkey/pk_encrypt.c | 1 + programs/pkey/pk_sign.c | 1 + programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + programs/pkey/rsa_genkey.c | 1 + programs/pkey/rsa_sign_pss.c | 1 + programs/random/gen_random_ctr_drbg.c | 1 + programs/random/gen_random_havege.c | 11 +++++++---- programs/ssl/ssl_client1.c | 1 + programs/ssl/ssl_client2.c | 1 + programs/ssl/ssl_fork_server.c | 1 + programs/ssl/ssl_mail_client.c | 1 + programs/ssl/ssl_pthread_server.c | 1 + programs/ssl/ssl_server.c | 1 + programs/ssl/ssl_server2.c | 6 +++++- programs/test/benchmark.c | 4 +++- programs/test/o_p_test.c | 1 + programs/test/ssl_test.c | 1 + programs/x509/cert_app.c | 1 + programs/x509/cert_req.c | 1 + programs/x509/cert_write.c | 1 + tests/suites/test_suite_ctr_drbg.function | 8 ++++++++ tests/suites/test_suite_dhm.function | 6 +++--- tests/suites/test_suite_rsa.function | 1 + 33 files changed, 76 insertions(+), 12 deletions(-) diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h index 5998903ec..536eb0882 100644 --- a/include/polarssl/havege.h +++ b/include/polarssl/havege.h @@ -53,6 +53,13 @@ havege_state; */ void havege_init( havege_state *hs ); +/** + * \brief Clear HAVEGE state + * + * \param hs HAVEGE state to be cleared + */ +void havege_free( havege_state *hs ); + /** * \brief HAVEGE rand function * diff --git a/library/entropy.c b/library/entropy.c index 04de07fd2..7f9531721 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,6 +83,9 @@ void entropy_init( entropy_context *ctx ) void entropy_free( entropy_context *ctx ) { +#if defined(POLARSSL_HAVEGE_C) + havege_free( &ctx->havege_data ); +#endif polarssl_zeroize( ctx, sizeof( entropy_context ) ); #if defined(POLARSSL_THREADING_C) polarssl_mutex_free( &ctx->mutex ); diff --git a/library/havege.c b/library/havege.c index de024de65..3acd5bca1 100644 --- a/library/havege.c +++ b/library/havege.c @@ -43,6 +43,11 @@ #include +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array. @@ -200,6 +205,14 @@ void havege_init( havege_state *hs ) havege_fill( hs ); } +void havege_free( havege_state *hs ) +{ + if( hs == NULL ) + return; + + polarssl_zeroize( hs, sizeof( havege_state ) ); +} + /* * HAVEGE rand function */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 92c5bca7d..5315eb921 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -82,8 +82,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset( &rsa, 0, sizeof( rsa ) ); - memset( &dhm, 0, sizeof( dhm ) ); - + dhm_init( &dhm ); aes_init( &aes ); /* @@ -284,6 +283,7 @@ exit: aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index e75b33825..598940ea1 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -154,6 +154,7 @@ int main( int argc, char *argv[] ) exit: mpi_free( &G ); mpi_free( &P ); mpi_free( &Q ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bb184f8f..976da4ca8 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -83,7 +83,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset( &rsa, 0, sizeof( rsa ) ); - memset( &dhm, 0, sizeof( dhm ) ); + dhm_init( &dhm ); aes_init( &aes ); /* @@ -284,6 +284,7 @@ exit: aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 40d67da9c..67fc71031 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -229,6 +229,7 @@ exit: ecdsa_free( &ctx_verify ); ecdsa_free( &ctx_sign ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); return( ret ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 2f3ba358a..67e374743 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -388,6 +388,7 @@ exit: } pk_free( &key ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 8088c8f1c..2ecb1d8b6 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) ret = 0; exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index ad005736c..2eb139c49 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 2c355d939..d80cbd7c5 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -151,6 +151,7 @@ int main( int argc, char *argv[] ) exit: pk_free( &pk ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index c77d210e7..c79f1e496 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -164,6 +164,7 @@ int main( int argc, char *argv[] ) ret = 0; exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 51a5ddb64..677ce76c0 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -152,6 +152,7 @@ int main( int argc, char *argv[] ) printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 861e2c73f..48d8c5e74 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -154,6 +154,7 @@ exit: fclose( fpriv ); rsa_free( &rsa ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 890a0b699..e3e56c60f 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -161,6 +161,7 @@ int main( int argc, char *argv[] ) exit: pk_free( &pk ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index ddd7737c1..94e200d85 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -115,6 +115,7 @@ cleanup: printf("\n"); fclose( f ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); return( ret ); diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index fd394117b..e9152fac5 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -48,7 +48,7 @@ int main( int argc, char *argv[] ) { FILE *f; time_t t; - int i, k; + int i, k, ret = 0; havege_state hs; unsigned char buf[1024]; @@ -73,8 +73,9 @@ int main( int argc, char *argv[] ) if( havege_random( &hs, buf, sizeof( buf ) ) != 0 ) { printf( "Failed to get random from source.\n" ); - fclose( f ); - return( 1 ); + + ret = 1; + goto exit; } fwrite( buf, sizeof( buf ), 1, f ); @@ -89,7 +90,9 @@ int main( int argc, char *argv[] ) printf(" \n "); +exit: + havege_free( &hs ); fclose( f ); - return( 0 ); + return( ret ); } #endif /* POLARSSL_HAVEGE_C */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index e5a68e290..1b369a658 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -290,6 +290,7 @@ exit: x509_crt_free( &cacert ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 87eadf81e..0d4d5926e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1209,6 +1209,7 @@ exit: #endif ssl_session_free( &saved_session ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d10a9e691..706cdd492 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -376,6 +376,7 @@ exit: x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 792e166fd..06d6b8951 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -816,6 +816,7 @@ exit: x509_crt_free( &cacert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 3f390714b..cc6ad8901 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -492,6 +492,7 @@ exit: #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_free( &cache ); #endif + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); polarssl_mutex_free( &debug_mutex ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 545243d41..9e097998f 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -373,6 +373,7 @@ exit: #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_free( &cache ); #endif + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 371c90923..e58099f10 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -626,7 +626,7 @@ int main( int argc, char *argv[] ) pk_init( &pkey2 ); #endif #if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO) - memset( &dhm, 0, sizeof( dhm_context ) ); + dhm_init( &dhm ); #endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); @@ -1655,6 +1655,9 @@ exit: if( client_fd != -1 ) net_close( client_fd ); +#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO) + dhm_free( &dhm ); +#endif #if defined(POLARSSL_X509_CRT_PARSE_C) x509_crt_free( &cacert ); x509_crt_free( &srvcert ); @@ -1673,6 +1676,7 @@ exit: #endif ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_SSL_CACHE_C) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a17d6900b..4462357c1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -414,6 +414,7 @@ int main( int argc, char *argv[] ) havege_state hs; havege_init( &hs ); TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) ); + havege_free( &hs ); } #endif @@ -434,6 +435,7 @@ int main( int argc, char *argv[] ) TIME_AND_TSC( "CTR_DRBG (PR)", if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) exit(1) ); + ctr_drbg_free( &ctr_drbg ); } #endif @@ -531,7 +533,7 @@ int main( int argc, char *argv[] ) size_t olen; for( i = 0; i < DHM_SIZES; i++ ) { - memset( &dhm, 0, sizeof( dhm_context ) ); + dhm_init( &dhm ); if( mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 || mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 ) diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c index 14789401f..e5047e5dd 100644 --- a/programs/test/o_p_test.c +++ b/programs/test/o_p_test.c @@ -258,6 +258,7 @@ int main( int argc, char *argv[] ) printf( "String value (PolarSSL Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #ifdef WIN32 diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 7dcdcae82..ab7b8124c 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -417,6 +417,7 @@ exit: x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); if( client_fd != -1 ) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index fae00d2e8..5f8636b10 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -492,6 +492,7 @@ exit: x509_crl_free( &cacrl ); #endif pk_free( &pkey ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 6a0467ae2..f229e0bb9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -329,6 +329,7 @@ exit: x509write_csr_free( &req ); pk_free( &key ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index e50a99dfe..8f0616c83 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -652,6 +652,7 @@ exit: pk_free( &loaded_subject_key ); pk_free( &loaded_issuer_key ); mpi_free( &serial ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 56906750b..b3790a2d7 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -45,6 +45,8 @@ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 ); hexify( output_str, buf, 16 ); TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -79,6 +81,8 @@ void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string, TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 ); hexify( output_str, buf, 16 ); TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -150,6 +154,8 @@ void ctr_drbg_entropy_usage( ) last_idx = test_offset_idx; TEST_ASSERT( ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 ); TEST_ASSERT( test_offset_idx - last_idx == 13 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -161,6 +167,8 @@ void ctr_drbg_seed_file( char *path, int ret ) TEST_ASSERT( ctr_drbg_init( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( ctr_drbg_update_seed_file( &ctx, path ) == ret ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index b0df9fdbb..8c8551761 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -25,8 +25,8 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, i; rnd_pseudo_info rnd_info; - memset( &ctx_srv, 0x00, sizeof( dhm_context ) ); - memset( &ctx_cli, 0x00, sizeof( dhm_context ) ); + dhm_init( &ctx_srv ); + dhm_init( &ctx_cli ); memset( ske, 0x00, 1000 ); memset( pub_cli, 0x00, 1000 ); memset( sec_srv, 0x00, 1000 ); @@ -103,7 +103,7 @@ void dhm_file( char *filename, char *p, char *g, int len ) dhm_context ctx; mpi P, G; - memset( &ctx, 0, sizeof ctx ); + dhm_init( &ctx ); mpi_init( &P ); mpi_init( &G ); TEST_ASSERT( mpi_read_string( &P, 16, p ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a01b21710..a762e0466 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -597,6 +597,7 @@ void rsa_gen_key( int nrbits, int exponent, int result) } rsa_free( &ctx ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); } /* END_CASE */ From accaffe2c30cc0b5aff67a29ea6dcc3a3cf8ed89 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 26 Jun 2014 13:37:14 +0200 Subject: [PATCH 08/11] Restructure ssl_handshake_init() and small fixes --- include/polarssl/ssl.h | 7 +++ library/ssl_srv.c | 2 + library/ssl_tls.c | 134 ++++++++++++++++++++++++++--------------- 3 files changed, 96 insertions(+), 47 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 2c2bedab0..bd7f1f775 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1682,6 +1682,13 @@ int ssl_close_notify( ssl_context *ssl ); */ void ssl_free( ssl_context *ssl ); +/** + * \brief Initialize SSL session structure + * + * \param session SSL session + */ +void ssl_session_init( ssl_session *session ); + /** * \brief Free referenced items in an SSL session including the * peer certificate and clear memory diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1e75408ee..9d2507a3b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -343,6 +343,8 @@ static int ssl_parse_ticket( ssl_context *ssl, ssl_session_free( ssl->session_negotiate ); memcpy( ssl->session_negotiate, &session, sizeof( ssl_session ) ); + + /* Zeroize instead of free as we copied the content */ polarssl_zeroize( &session, sizeof( ssl_session ) ); return( 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a6761adce..d3bfab518 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3270,80 +3270,108 @@ int ssl_parse_finished( ssl_context *ssl ) return( 0 ); } +static void ssl_handshake_params_init( ssl_handshake_params *handshake, + ssl_key_cert *key_cert ) +{ + memset( handshake, 0, sizeof( ssl_handshake_params ) ); + +#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ + defined(POLARSSL_SSL_PROTO_TLS1_1) + md5_init( &handshake->fin_md5 ); + sha1_init( &handshake->fin_sha1 ); + md5_starts( &handshake->fin_md5 ); + sha1_starts( &handshake->fin_sha1 ); +#endif +#if defined(POLARSSL_SSL_PROTO_TLS1_2) +#if defined(POLARSSL_SHA256_C) + sha256_init( &handshake->fin_sha256 ); + sha256_starts( &handshake->fin_sha256, 0 ); +#endif +#if defined(POLARSSL_SHA512_C) + sha512_init( &handshake->fin_sha512 ); + sha512_starts( &handshake->fin_sha512, 1 ); +#endif +#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ + + handshake->update_checksum = ssl_update_checksum_start; + handshake->sig_alg = SSL_HASH_SHA1; + +#if defined(POLARSSL_DHM_C) + dhm_init( &handshake->dhm_ctx ); +#endif +#if defined(POLARSSL_ECDH_C) + ecdh_init( &handshake->ecdh_ctx ); +#endif + +#if defined(POLARSSL_X509_CRT_PARSE_C) + handshake->key_cert = key_cert; +#endif +} + +static void ssl_transform_init( ssl_transform *transform ) +{ + memset( transform, 0, sizeof(ssl_transform) ); +} + +void ssl_session_init( ssl_session *session ) +{ + memset( session, 0, sizeof(ssl_session) ); +} + static int ssl_handshake_init( ssl_context *ssl ) { + /* Clear old handshake information if present */ if( ssl->transform_negotiate ) ssl_transform_free( ssl->transform_negotiate ); - else + if( ssl->session_negotiate ) + ssl_session_free( ssl->session_negotiate ); + if( ssl->handshake ) + ssl_handshake_free( ssl->handshake ); + + /* + * Either the pointers are now NULL or cleared properly and can be freed. + * Now allocate missing structures. + */ + if( ssl->transform_negotiate == NULL ) { ssl->transform_negotiate = (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) ); - - if( ssl->transform_negotiate != NULL ) - memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) ); } - if( ssl->session_negotiate ) - ssl_session_free( ssl->session_negotiate ); - else + if( ssl->session_negotiate == NULL ) { ssl->session_negotiate = (ssl_session *) polarssl_malloc( sizeof(ssl_session) ); - - if( ssl->session_negotiate != NULL ) - memset( ssl->session_negotiate, 0, sizeof(ssl_session) ); } - if( ssl->handshake ) - ssl_handshake_free( ssl->handshake ); - else + if( ssl->handshake == NULL) { ssl->handshake = (ssl_handshake_params *) polarssl_malloc( sizeof(ssl_handshake_params) ); - - if( ssl->handshake != NULL ) - memset( ssl->handshake, 0, sizeof(ssl_handshake_params) ); } + /* All pointers should exist and can be directly freed without issue */ if( ssl->handshake == NULL || ssl->transform_negotiate == NULL || ssl->session_negotiate == NULL ) { SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) ); + + polarssl_free( ssl->handshake ); + polarssl_free( ssl->transform_negotiate ); + polarssl_free( ssl->session_negotiate ); + + ssl->handshake = NULL; + ssl->transform_negotiate = NULL; + ssl->session_negotiate = NULL; + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); } -#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ - defined(POLARSSL_SSL_PROTO_TLS1_1) - md5_init( &ssl->handshake->fin_md5 ); - sha1_init( &ssl->handshake->fin_sha1 ); - md5_starts( &ssl->handshake->fin_md5 ); - sha1_starts( &ssl->handshake->fin_sha1 ); -#endif -#if defined(POLARSSL_SSL_PROTO_TLS1_2) -#if defined(POLARSSL_SHA256_C) - sha256_init( &ssl->handshake->fin_sha256 ); - sha256_starts( &ssl->handshake->fin_sha256, 0 ); -#endif -#if defined(POLARSSL_SHA512_C) - sha512_init( &ssl->handshake->fin_sha512 ); - sha512_starts( &ssl->handshake->fin_sha512, 1 ); -#endif -#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ - - ssl->handshake->update_checksum = ssl_update_checksum_start; - ssl->handshake->sig_alg = SSL_HASH_SHA1; - -#if defined(POLARSSL_DHM_C) - dhm_init( &ssl->handshake->dhm_ctx ); -#endif -#if defined(POLARSSL_ECDH_C) - ecdh_init( &ssl->handshake->ecdh_ctx ); -#endif - -#if defined(POLARSSL_X509_CRT_PARSE_C) - ssl->handshake->key_cert = ssl->key_cert; -#endif + /* Initialize structures */ + ssl_session_init( ssl->session_negotiate ); + ssl_transform_init( ssl->transform_negotiate ); + ssl_handshake_params_init( ssl->handshake, ssl->key_cert ); return( 0 ); } @@ -4470,6 +4498,9 @@ int ssl_close_notify( ssl_context *ssl ) void ssl_transform_free( ssl_transform *transform ) { + if( transform == NULL ) + return; + #if defined(POLARSSL_ZLIB_SUPPORT) deflateEnd( &transform->ctx_deflate ); inflateEnd( &transform->ctx_inflate ); @@ -4507,6 +4538,9 @@ static void ssl_key_cert_free( ssl_key_cert *key_cert ) void ssl_handshake_free( ssl_handshake_params *handshake ) { + if( handshake == NULL ) + return; + #if defined(POLARSSL_DHM_C) dhm_free( &handshake->dhm_ctx ); #endif @@ -4543,6 +4577,9 @@ void ssl_handshake_free( ssl_handshake_params *handshake ) void ssl_session_free( ssl_session *session ) { + if( session == NULL ) + return; + #if defined(POLARSSL_X509_CRT_PARSE_C) if( session->peer_cert != NULL ) { @@ -4563,6 +4600,9 @@ void ssl_session_free( ssl_session *session ) */ void ssl_free( ssl_context *ssl ) { + if( ssl == NULL ) + return; + SSL_DEBUG_MSG( 2, ( "=> free" ) ); if( ssl->out_ctr != NULL ) From 84bbeb58df94dc62f3bf8fed7bfc65ab46ed5469 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 1 Jul 2014 14:53:22 +0200 Subject: [PATCH 09/11] Adapt cipher and MD layer with _init() and _free() --- include/polarssl/cipher.h | 21 +++++++++++++++++++-- include/polarssl/md.h | 21 +++++++++++++++++++-- library/ccm.c | 4 +++- library/cipher.c | 23 ++++++++++++++++++----- library/gcm.c | 4 +++- library/hmac_drbg.c | 4 ++++ library/md.c | 23 +++++++++++++++++------ library/pkcs12.c | 8 ++++++-- library/pkcs5.c | 29 +++++++++++++++++++---------- library/rsa.c | 16 ++++++++++------ library/ssl_cli.c | 4 +++- library/ssl_srv.c | 10 +++------- library/ssl_tls.c | 14 ++++++++++---- 13 files changed, 134 insertions(+), 47 deletions(-) diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 84993f767..087e59068 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -331,10 +331,26 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode ); +/** + * \brief Initialize a cipher_context (as NONE) + */ +void cipher_init( cipher_context_t *ctx ); + +/** + * \brief Free and clear the cipher-specific context of ctx. + * Freeing ctx itself remains the responsibility of the + * caller. + */ +void cipher_free( cipher_context_t *ctx ); + /** * \brief Initialises and fills the cipher context structure with * the appropriate values. * + * \note Currently also clears structure. In future versions you + * will be required to call cipher_init() on the structure + * first. + * * \param ctx context to initialise. May not be NULL. * \param cipher_info cipher to use. * @@ -349,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ); * \brief Free the cipher-specific context of ctx. Freeing ctx * itself remains the responsibility of the caller. * + * \note Deprecated: Redirects to cipher_free() + * * \param ctx Free the cipher-specific context * - * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \returns 0 */ int cipher_free_ctx( cipher_context_t *ctx ); diff --git a/include/polarssl/md.h b/include/polarssl/md.h index 8de233a51..81d8a2e5c 100644 --- a/include/polarssl/md.h +++ b/include/polarssl/md.h @@ -172,10 +172,26 @@ const md_info_t *md_info_from_string( const char *md_name ); */ const md_info_t *md_info_from_type( md_type_t md_type ); +/** + * \brief Initialize a md_context (as NONE) + */ +void md_init( md_context_t *ctx ); + +/** + * \brief Free and clear the message-specific context of ctx. + * Freeing ctx itself remains the responsibility of the + * caller. + */ +void md_free( md_context_t *ctx ); + /** * \brief Initialises and fills the message digest context structure * with the appropriate values. * + * \note Currently also clears structure. In future versions you + * will be required to call md_init() on the structure + * first. + * * \param ctx context to initialise. May not be NULL. The * digest-specific context (ctx->md_ctx) must be NULL. It will * be allocated, and must be freed using md_free_ctx() later. @@ -191,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ); * \brief Free the message-specific context of ctx. Freeing ctx itself * remains the responsibility of the caller. * + * \note Deprecated: Redirects to md_free() + * * \param ctx Free the message-specific context * - * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \returns 0 */ int md_free_ctx( md_context_t *ctx ); diff --git a/library/ccm.c b/library/ccm.c index 91dee6720..60477d0c5 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -61,6 +61,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher, memset( ctx, 0, sizeof( ccm_context ) ); + cipher_init( &ctx->cipher_ctx ); + cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); if( cipher_info == NULL ) return( POLARSSL_ERR_CCM_BAD_INPUT ); @@ -85,7 +87,7 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher, */ void ccm_free( ccm_context *ctx ) { - (void) cipher_free_ctx( &ctx->cipher_ctx ); + cipher_free( &ctx->cipher_ctx ); polarssl_zeroize( ctx, sizeof( ccm_context ) ); } diff --git a/library/cipher.c b/library/cipher.c index 16acd805e..5cd30f8ad 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -125,6 +125,22 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id, return( NULL ); } +void cipher_init( cipher_context_t *ctx ) +{ + memset( ctx, 0, sizeof( cipher_context_t ) ); +} + +void cipher_free( cipher_context_t *ctx ) +{ + if( ctx == NULL ) + return; + + if( ctx->cipher_ctx ) + ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); + + polarssl_zeroize( ctx, sizeof(cipher_context_t) ); +} + int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) { if( NULL == cipher_info || NULL == ctx ) @@ -151,13 +167,10 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) return( 0 ); } +/* Deprecated, redirects to cipher_free() */ int cipher_free_ctx( cipher_context_t *ctx ) { - if( ctx == NULL || ctx->cipher_info == NULL ) - return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); - - ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); - polarssl_zeroize( ctx, sizeof(cipher_context_t) ); + cipher_free( ctx ); return( 0 ); } diff --git a/library/gcm.c b/library/gcm.c index d4c68ae71..77b1e0fb6 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -157,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, memset( ctx, 0, sizeof(gcm_context) ); + cipher_init( &ctx->cipher_ctx ); + cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); if( cipher_info == NULL ) return( POLARSSL_ERR_GCM_BAD_INPUT ); @@ -493,7 +495,7 @@ int gcm_auth_decrypt( gcm_context *ctx, void gcm_free( gcm_context *ctx ) { - (void) cipher_free_ctx( &ctx->cipher_ctx ); + cipher_free( &ctx->cipher_ctx ); polarssl_zeroize( ctx, sizeof( gcm_context ) ); } diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 30307b083..d691be11f 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -93,6 +93,8 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx, memset( ctx, 0, sizeof( hmac_drbg_context ) ); + md_init( &ctx->md_ctx ); + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) return( ret ); @@ -165,6 +167,8 @@ int hmac_drbg_init( hmac_drbg_context *ctx, memset( ctx, 0, sizeof( hmac_drbg_context ) ); + md_init( &ctx->md_ctx ); + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) return( ret ); diff --git a/library/md.c b/library/md.c index 00fcef30c..7f9c5dc84 100644 --- a/library/md.c +++ b/library/md.c @@ -172,6 +172,22 @@ const md_info_t *md_info_from_type( md_type_t md_type ) } } +void md_init( md_context_t *ctx ) +{ + memset( ctx, 0, sizeof( md_context_t ) ); +} + +void md_free( md_context_t *ctx ) +{ + if( ctx == NULL ) + return; + + if( ctx->md_ctx ) + ctx->md_info->ctx_free_func( ctx->md_ctx ); + + polarssl_zeroize( ctx, sizeof( md_context_t ) ); +} + int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) { if( md_info == NULL || ctx == NULL ) @@ -191,12 +207,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) int md_free_ctx( md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( POLARSSL_ERR_MD_BAD_INPUT_DATA ); - - ctx->md_info->ctx_free_func( ctx->md_ctx ); - - polarssl_zeroize( ctx, sizeof( md_context_t ) ); + md_free( ctx ); return( 0 ); } diff --git a/library/pkcs12.c b/library/pkcs12.c index 027f84a82..0cf2edf10 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -194,6 +194,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, return( ret ); } + cipher_init( &cipher_ctx ); + if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) goto exit; @@ -218,7 +220,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, exit: polarssl_zeroize( key, sizeof( key ) ); polarssl_zeroize( iv, sizeof( iv ) ); - cipher_free_ctx( &cipher_ctx ); + cipher_free( &cipher_ctx ); return( ret ); } @@ -265,6 +267,8 @@ int pkcs12_derivation( unsigned char *data, size_t datalen, if( md_info == NULL ) return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); + md_init( &md_ctx ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) return( ret ); hlen = md_get_size( md_info ); @@ -348,7 +352,7 @@ exit: polarssl_zeroize( hash_block, sizeof( hash_block ) ); polarssl_zeroize( hash_output, sizeof( hash_output ) ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( ret ); } diff --git a/library/pkcs5.c b/library/pkcs5.c index 3f94d50ee..e769783ee 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -130,9 +130,6 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, p = pbe_params->p; end = p + pbe_params->len; - memset( &md_ctx, 0, sizeof(md_context_t) ); - memset( &cipher_ctx, 0, sizeof(cipher_context_t) ); - /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, @@ -187,6 +184,9 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); } + md_init( &md_ctx ); + cipher_init( &cipher_ctx ); + memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) @@ -209,8 +209,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH; exit: - md_free_ctx( &md_ctx ); - cipher_free_ctx( &cipher_ctx ); + md_free( &md_ctx ); + cipher_free( &cipher_ctx ); return( ret ); } @@ -364,12 +364,20 @@ int pkcs5_self_test( int verbose ) int ret, i; unsigned char key[64]; + md_init( &sha1_ctx ); + info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 ); if( info_sha1 == NULL ) - return( 1 ); + { + ret = 1; + goto exit; + } if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 ) - return( 1 ); + { + ret = 1; + goto exit; + } if( verbose != 0 ) polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" ); @@ -387,7 +395,8 @@ int pkcs5_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -396,8 +405,8 @@ int pkcs5_self_test( int verbose ) polarssl_printf( "\n" ); - if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 ) - return( 1 ); +exit: + md_free( &sha1_ctx ); return( 0 ); } diff --git a/library/rsa.c b/library/rsa.c index 3cbac66e1..0fd5199b2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -540,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, *p++ = 1; memcpy( p, input, ilen ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); // maskedDB: Apply dbMask to DB @@ -552,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( ( mode == RSA_PUBLIC ) ? rsa_public( ctx, output, output ) @@ -708,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, */ hlen = md_get_size( md_info ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); /* Generate lHash */ @@ -721,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); /* * Check contents, in "constant-time" @@ -951,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, memcpy( p, salt, slen ); p += slen; + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); // Generate H = Hash( M' ) @@ -970,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, // mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); msb = mpi_msb( &ctx->N ) - 1; sig[0] &= 0xFF >> ( olen * 8 - msb ); @@ -1182,6 +1185,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( buf[0] >> ( 8 - siglen * 8 + msb ) ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); @@ -1194,7 +1198,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( p == buf + siglen || *p++ != 0x01 ) { - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); } @@ -1204,7 +1208,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( expected_salt_len != RSA_SALT_LEN_ANY && slen != (size_t) expected_salt_len ) { - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); } @@ -1216,7 +1220,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, md_update( &md_ctx, p, slen ); md_finish( &md_ctx, result ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); if( memcmp( p + slen, result, hlen ) == 0 ) return( 0 ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c6a11dec6..d38d76955 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1758,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { md_context_t ctx; + md_init( &ctx ); + /* Info from md_alg will be used instead */ hashlen = 0; @@ -1779,7 +1781,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, ssl->in_msg + 4, params_len ); md_finish( &ctx, hash ); - md_free_ctx( &ctx ); + md_free( &ctx ); } else #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9d2507a3b..25be98826 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2380,6 +2380,8 @@ curve_matching_done: md_context_t ctx; const md_info_t *md_info = md_info_from_type( md_alg ); + md_init( &ctx ); + /* Info from md_alg will be used instead */ hashlen = 0; @@ -2400,13 +2402,7 @@ curve_matching_done: md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, dig_signed, dig_signed_len ); md_finish( &ctx, hash ); - - if( ( ret = md_free_ctx( &ctx ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "md_free_ctx", ret ); - return( ret ); - } - + md_free( &ctx ); } else #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d3bfab518..6d7b0c8a7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3311,6 +3311,12 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake, static void ssl_transform_init( ssl_transform *transform ) { memset( transform, 0, sizeof(ssl_transform) ); + + cipher_init( &transform->cipher_ctx_enc ); + cipher_init( &transform->cipher_ctx_dec ); + + md_init( &transform->md_ctx_enc ); + md_init( &transform->md_ctx_dec ); } void ssl_session_init( ssl_session *session ) @@ -4506,11 +4512,11 @@ void ssl_transform_free( ssl_transform *transform ) inflateEnd( &transform->ctx_inflate ); #endif - cipher_free_ctx( &transform->cipher_ctx_enc ); - cipher_free_ctx( &transform->cipher_ctx_dec ); + cipher_free( &transform->cipher_ctx_enc ); + cipher_free( &transform->cipher_ctx_dec ); - md_free_ctx( &transform->md_ctx_enc ); - md_free_ctx( &transform->md_ctx_dec ); + md_free( &transform->md_ctx_enc ); + md_free( &transform->md_ctx_dec ); polarssl_zeroize( transform, sizeof( ssl_transform ) ); } From d2a2d61a68ed0dc4b94a8d7041208bb5b5fd7c4a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 1 Jul 2014 15:45:49 +0200 Subject: [PATCH 10/11] Adapt programs / test suites --- programs/aes/crypt_and_hash.c | 8 ++-- programs/hash/generic_sum.c | 4 +- tests/suites/test_suite_cipher.function | 58 ++++++++++++++----------- tests/suites/test_suite_md.function | 32 ++++++++------ tests/suites/test_suite_pbkdf2.function | 6 ++- tests/suites/test_suite_pkcs5.function | 4 +- 6 files changed, 65 insertions(+), 47 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 3e89ba6fc..f5484d410 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -95,8 +95,8 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif - memset( &cipher_ctx, 0, sizeof( cipher_context_t )); - memset( &md_ctx, 0, sizeof( md_context_t )); + cipher_init( &cipher_ctx ); + md_init( &md_ctx ); /* * Parse the command-line arguments. @@ -533,8 +533,8 @@ exit: memset( buffer, 0, sizeof( buffer ) ); memset( digest, 0, sizeof( digest ) ); - cipher_free_ctx( &cipher_ctx ); - md_free_ctx( &md_ctx ); + cipher_free( &cipher_ctx ); + md_free( &md_ctx ); return( ret ); } diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index b5de2a1d6..4d007cf7a 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -165,7 +165,7 @@ int main( int argc, char *argv[] ) const md_info_t *md_info; md_context_t md_ctx; - memset( &md_ctx, 0, sizeof( md_context_t )); + md_init( &md_ctx ); if( argc == 1 ) { @@ -217,7 +217,7 @@ int main( int argc, char *argv[] ) ret |= generic_print( md_info, argv[i] ); exit: - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( ret ); } diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 7c9c76d02..3afdff606 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -29,7 +29,7 @@ void cipher_null_args( ) unsigned char buf[1] = { 0 }; size_t olen; - memset( &ctx, 0, sizeof( cipher_context_t ) ); + cipher_init( &ctx ); TEST_ASSERT( cipher_get_block_size( NULL ) == 0 ); TEST_ASSERT( cipher_get_block_size( &ctx ) == 0 ); @@ -111,8 +111,8 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len, /* * Prepare contexts */ - memset( &ctx_dec, 0, sizeof( ctx_dec ) ); - memset( &ctx_enc, 0, sizeof( ctx_enc ) ); + cipher_init( &ctx_dec ); + cipher_init( &ctx_enc ); memset( key, 0x2a, sizeof( key ) ); @@ -207,8 +207,8 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len, /* * Done */ - TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) ); - TEST_ASSERT( 0 == cipher_free_ctx( &ctx_enc ) ); + cipher_free( &ctx_dec ); + cipher_free( &ctx_enc ); } /* END_CASE */ @@ -231,7 +231,7 @@ void enc_fail( int cipher_id, int pad_mode, int key_len, memset( key, 0, 32 ); memset( iv , 0, 16 ); - memset( &ctx, 0, sizeof( ctx ) ); + cipher_init( &ctx ); memset( inbuf, 5, 64 ); memset( encbuf, 0, 64 ); @@ -259,7 +259,7 @@ void enc_fail( int cipher_id, int pad_mode, int key_len, TEST_ASSERT( ret == cipher_finish( &ctx, encbuf + outlen, &outlen ) ); /* done */ - TEST_ASSERT( 0 == cipher_free_ctx( &ctx ) ); + cipher_free( &ctx ); } /* END_CASE */ @@ -279,16 +279,16 @@ void dec_empty_buf() memset( key, 0, 32 ); memset( iv , 0, 16 ); - - memset( &ctx_dec, 0, sizeof( ctx_dec ) ); - + + cipher_init( &ctx_dec ); + memset( encbuf, 0, 64 ); memset( decbuf, 0, 64 ); /* Initialise context */ cipher_info = cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC ); TEST_ASSERT( NULL != cipher_info); - + TEST_ASSERT( 0 == cipher_init_ctx( &ctx_dec, cipher_info ) ); TEST_ASSERT( 0 == cipher_setkey( &ctx_dec, key, 128, POLARSSL_DECRYPT ) ); @@ -308,7 +308,7 @@ void dec_empty_buf() &ctx_dec, decbuf + outlen, &outlen ) ); TEST_ASSERT( 0 == outlen ); - TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) ); + cipher_free( &ctx_dec ); } /* END_CASE */ @@ -335,10 +335,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, memset( key, 0, 32 ); memset( iv , 0, 16 ); - - memset( &ctx_dec, 0, sizeof( ctx_dec ) ); - memset( &ctx_enc, 0, sizeof( ctx_enc ) ); - + + cipher_init( &ctx_dec ); + cipher_init( &ctx_enc ); + memset( inbuf, 5, 64 ); memset( encbuf, 0, 64 ); memset( decbuf, 0, 64 ); @@ -346,10 +346,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, /* Initialise enc and dec contexts */ cipher_info = cipher_info_from_type( cipher_id ); TEST_ASSERT( NULL != cipher_info); - + TEST_ASSERT( 0 == cipher_init_ctx( &ctx_dec, cipher_info ) ); TEST_ASSERT( 0 == cipher_init_ctx( &ctx_enc, cipher_info ) ); - + TEST_ASSERT( 0 == cipher_setkey( &ctx_dec, key, key_len, POLARSSL_DECRYPT ) ); TEST_ASSERT( 0 == cipher_setkey( &ctx_enc, key, key_len, POLARSSL_ENCRYPT ) ); @@ -397,8 +397,8 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); - TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) ); - TEST_ASSERT( 0 == cipher_free_ctx( &ctx_enc ) ); + cipher_free( &ctx_dec ); + cipher_free( &ctx_enc ); } /* END_CASE */ @@ -423,6 +423,8 @@ void decrypt_test_vec( int cipher_id, int pad_mode, unsigned char output[200]; size_t outlen, total_len; + cipher_init( &ctx ); + memset( key, 0x00, sizeof( key ) ); memset( iv, 0x00, sizeof( iv ) ); memset( cipher, 0x00, sizeof( cipher ) ); @@ -477,7 +479,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode, TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) ); } - cipher_free_ctx( &ctx ); + cipher_free( &ctx ); } /* END_CASE */ @@ -499,6 +501,8 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv, unsigned char output[200]; size_t outlen; + cipher_init( &ctx ); + memset( key, 0x00, sizeof( key ) ); memset( iv, 0x00, sizeof( iv ) ); memset( cipher, 0x00, sizeof( cipher ) ); @@ -563,7 +567,7 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv, cleanup: - cipher_free_ctx( &ctx ); + cipher_free( &ctx ); } /* END_CASE */ @@ -580,6 +584,8 @@ void test_vec_ecb( int cipher_id, int operation, char *hex_key, unsigned char output[32]; size_t outlen; + cipher_init( &ctx ); + memset( key, 0x00, sizeof( key ) ); memset( input, 0x00, sizeof( input ) ); memset( result, 0x00, sizeof( result ) ); @@ -610,7 +616,7 @@ void test_vec_ecb( int cipher_id, int operation, char *hex_key, TEST_ASSERT( 0 == memcmp( output, result, cipher_get_block_size( &ctx ) ) ); - cipher_free_ctx( &ctx ); + cipher_free( &ctx ); } /* END_CASE */ @@ -620,13 +626,15 @@ void set_padding( int cipher_id, int pad_mode, int ret ) const cipher_info_t *cipher_info; cipher_context_t ctx; + cipher_init( &ctx ); + cipher_info = cipher_info_from_type( cipher_id ); TEST_ASSERT( NULL != cipher_info ); TEST_ASSERT( 0 == cipher_init_ctx( &ctx, cipher_info ) ); TEST_ASSERT( ret == cipher_set_padding_mode( &ctx, pad_mode ) ); - TEST_ASSERT( 0 == cipher_free_ctx( &ctx ) ); + cipher_free( &ctx ); } /* END_CASE */ @@ -639,7 +647,7 @@ void check_padding( int pad_mode, char *input_str, int ret, int dlen_check ) size_t ilen, dlen; /* build a fake context just for getting access to get_padding */ - memset( &ctx, 0, sizeof( ctx ) ); + cipher_init( &ctx ); cipher_info.mode = POLARSSL_MODE_CBC; ctx.cipher_info = &cipher_info; diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 9f064434c..338f8af2f 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -15,7 +15,7 @@ void md_process( ) md_context_t ctx; unsigned char buf[150]; - memset( &ctx, 0, sizeof ctx ); + md_init( &ctx ); /* * Very minimal testing of md_process, just make sure the various @@ -31,7 +31,7 @@ void md_process( ) TEST_ASSERT( info != NULL ); TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); TEST_ASSERT( md_process( &ctx, buf ) == 0 ); - TEST_ASSERT( md_free_ctx( &ctx ) == 0 ); + md_free( &ctx ); } } /* END_CASE */ @@ -43,7 +43,7 @@ void md_null_args( ) const md_info_t *info = md_info_from_type( *( md_list() ) ); unsigned char buf[1] = { 0 }; - memset( &ctx, 0, sizeof( md_context_t ) ); + md_init( &ctx ); TEST_ASSERT( md_get_size( NULL ) == 0 ); @@ -177,9 +177,11 @@ void md_text_multi( char *text_md_name, char *text_src_string, unsigned char src_str[1000]; unsigned char hash_str[1000]; unsigned char output[100]; - + const md_info_t *md_info = NULL; - md_context_t ctx = MD_CONTEXT_T_INIT; + md_context_t ctx; + + md_init( &ctx ); memset(md_name, 0x00, 100); memset(src_str, 0x00, 1000); @@ -196,8 +198,8 @@ void md_text_multi( char *text_md_name, char *text_src_string, TEST_ASSERT ( ctx.md_ctx != NULL ); TEST_ASSERT ( 0 == md_update( &ctx, src_str, strlen( (char *) src_str ) ) ); TEST_ASSERT ( 0 == md_finish( &ctx, output ) ); - TEST_ASSERT ( 0 == md_free_ctx( &ctx ) ); - + md_free( &ctx ); + hexify( hash_str, output, md_get_size(md_info) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -214,7 +216,9 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, unsigned char output[100]; int src_len; const md_info_t *md_info = NULL; - md_context_t ctx = MD_CONTEXT_T_INIT; + md_context_t ctx; + + md_init( &ctx ); memset(md_name, 0x00, 100); memset(src_str, 0x00, 10000); @@ -227,13 +231,13 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) ); src_len = unhexify( src_str, hex_src_string ); - + TEST_ASSERT ( 0 == md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); TEST_ASSERT ( 0 == md_update( &ctx, src_str, src_len ) ); TEST_ASSERT ( 0 == md_finish( &ctx, output ) ); - TEST_ASSERT ( 0 == md_free_ctx( &ctx ) ); - + md_free( &ctx ); + hexify( hash_str, output, md_get_size(md_info) ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -283,7 +287,9 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, unsigned char output[100]; int key_len, src_len; const md_info_t *md_info = NULL; - md_context_t ctx = MD_CONTEXT_T_INIT; + md_context_t ctx; + + md_init( &ctx ); memset(md_name, 0x00, 100); memset(src_str, 0x00, 10000); @@ -314,7 +320,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, TEST_ASSERT ( 0 == md_hmac_reset( &ctx ) ); TEST_ASSERT ( 0 == md_hmac_update( &ctx, src_str, src_len ) ); TEST_ASSERT ( 0 == md_hmac_finish( &ctx, output ) ); - TEST_ASSERT ( 0 == md_free_ctx( &ctx ) ); + md_free( &ctx ); hexify( hash_str, output, md_get_size(md_info) ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); diff --git a/tests/suites/test_suite_pbkdf2.function b/tests/suites/test_suite_pbkdf2.function index bd52bf91e..4b31896b8 100644 --- a/tests/suites/test_suite_pbkdf2.function +++ b/tests/suites/test_suite_pbkdf2.function @@ -17,10 +17,12 @@ void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string, md_context_t ctx; const md_info_t *info; - + int pw_len, salt_len; unsigned char key[100]; + md_init( &ctx ); + memset(pw_str, 0x00, 100); memset(salt_str, 0x00, 100); memset(dst_str, 0x00, 100); @@ -36,7 +38,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string, char *hex_salt_string, TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( md_free_ctx( &ctx ) == 0 ); + md_free( &ctx ); hexify( dst_str, key, key_len ); TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 ); diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index c7455715c..a86778a3c 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -22,6 +22,8 @@ void pbkdf2_hmac( int hash, char *hex_password_string, int pw_len, salt_len; unsigned char key[100]; + md_init( &ctx ); + memset(pw_str, 0x00, 100); memset(salt_str, 0x00, 100); memset(dst_str, 0x00, 100); @@ -37,7 +39,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string, TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( md_free_ctx( &ctx ) == 0 ); + md_free( &ctx ); hexify( dst_str, key, key_len ); TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 ); From 28476e278981bb20f7947a5661b41bdb2390434d Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 1 Jul 2014 15:59:04 +0200 Subject: [PATCH 11/11] Updated ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index d9fa94aaf..3e99e263a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,8 @@ Changes * md_list() now returns hashes strongest first * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks strongest offered by client. + * All public contexts have _init() and _free() functions now for simpler + usage pattern Bugfix * Fix in debug_print_msg()