diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 84993f767..087e59068 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -331,10 +331,26 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode ); +/** + * \brief Initialize a cipher_context (as NONE) + */ +void cipher_init( cipher_context_t *ctx ); + +/** + * \brief Free and clear the cipher-specific context of ctx. + * Freeing ctx itself remains the responsibility of the + * caller. + */ +void cipher_free( cipher_context_t *ctx ); + /** * \brief Initialises and fills the cipher context structure with * the appropriate values. * + * \note Currently also clears structure. In future versions you + * will be required to call cipher_init() on the structure + * first. + * * \param ctx context to initialise. May not be NULL. * \param cipher_info cipher to use. * @@ -349,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ); * \brief Free the cipher-specific context of ctx. Freeing ctx * itself remains the responsibility of the caller. * + * \note Deprecated: Redirects to cipher_free() + * * \param ctx Free the cipher-specific context * - * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \returns 0 */ int cipher_free_ctx( cipher_context_t *ctx ); diff --git a/include/polarssl/md.h b/include/polarssl/md.h index 8de233a51..81d8a2e5c 100644 --- a/include/polarssl/md.h +++ b/include/polarssl/md.h @@ -172,10 +172,26 @@ const md_info_t *md_info_from_string( const char *md_name ); */ const md_info_t *md_info_from_type( md_type_t md_type ); +/** + * \brief Initialize a md_context (as NONE) + */ +void md_init( md_context_t *ctx ); + +/** + * \brief Free and clear the message-specific context of ctx. + * Freeing ctx itself remains the responsibility of the + * caller. + */ +void md_free( md_context_t *ctx ); + /** * \brief Initialises and fills the message digest context structure * with the appropriate values. * + * \note Currently also clears structure. In future versions you + * will be required to call md_init() on the structure + * first. + * * \param ctx context to initialise. May not be NULL. The * digest-specific context (ctx->md_ctx) must be NULL. It will * be allocated, and must be freed using md_free_ctx() later. @@ -191,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ); * \brief Free the message-specific context of ctx. Freeing ctx itself * remains the responsibility of the caller. * + * \note Deprecated: Redirects to md_free() + * * \param ctx Free the message-specific context * - * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \returns 0 */ int md_free_ctx( md_context_t *ctx ); diff --git a/library/ccm.c b/library/ccm.c index 91dee6720..60477d0c5 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -61,6 +61,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher, memset( ctx, 0, sizeof( ccm_context ) ); + cipher_init( &ctx->cipher_ctx ); + cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); if( cipher_info == NULL ) return( POLARSSL_ERR_CCM_BAD_INPUT ); @@ -85,7 +87,7 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher, */ void ccm_free( ccm_context *ctx ) { - (void) cipher_free_ctx( &ctx->cipher_ctx ); + cipher_free( &ctx->cipher_ctx ); polarssl_zeroize( ctx, sizeof( ccm_context ) ); } diff --git a/library/cipher.c b/library/cipher.c index 16acd805e..5cd30f8ad 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -125,6 +125,22 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id, return( NULL ); } +void cipher_init( cipher_context_t *ctx ) +{ + memset( ctx, 0, sizeof( cipher_context_t ) ); +} + +void cipher_free( cipher_context_t *ctx ) +{ + if( ctx == NULL ) + return; + + if( ctx->cipher_ctx ) + ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); + + polarssl_zeroize( ctx, sizeof(cipher_context_t) ); +} + int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) { if( NULL == cipher_info || NULL == ctx ) @@ -151,13 +167,10 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) return( 0 ); } +/* Deprecated, redirects to cipher_free() */ int cipher_free_ctx( cipher_context_t *ctx ) { - if( ctx == NULL || ctx->cipher_info == NULL ) - return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); - - ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); - polarssl_zeroize( ctx, sizeof(cipher_context_t) ); + cipher_free( ctx ); return( 0 ); } diff --git a/library/gcm.c b/library/gcm.c index d4c68ae71..77b1e0fb6 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -157,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key, memset( ctx, 0, sizeof(gcm_context) ); + cipher_init( &ctx->cipher_ctx ); + cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); if( cipher_info == NULL ) return( POLARSSL_ERR_GCM_BAD_INPUT ); @@ -493,7 +495,7 @@ int gcm_auth_decrypt( gcm_context *ctx, void gcm_free( gcm_context *ctx ) { - (void) cipher_free_ctx( &ctx->cipher_ctx ); + cipher_free( &ctx->cipher_ctx ); polarssl_zeroize( ctx, sizeof( gcm_context ) ); } diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 30307b083..d691be11f 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -93,6 +93,8 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx, memset( ctx, 0, sizeof( hmac_drbg_context ) ); + md_init( &ctx->md_ctx ); + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) return( ret ); @@ -165,6 +167,8 @@ int hmac_drbg_init( hmac_drbg_context *ctx, memset( ctx, 0, sizeof( hmac_drbg_context ) ); + md_init( &ctx->md_ctx ); + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) return( ret ); diff --git a/library/md.c b/library/md.c index 00fcef30c..7f9c5dc84 100644 --- a/library/md.c +++ b/library/md.c @@ -172,6 +172,22 @@ const md_info_t *md_info_from_type( md_type_t md_type ) } } +void md_init( md_context_t *ctx ) +{ + memset( ctx, 0, sizeof( md_context_t ) ); +} + +void md_free( md_context_t *ctx ) +{ + if( ctx == NULL ) + return; + + if( ctx->md_ctx ) + ctx->md_info->ctx_free_func( ctx->md_ctx ); + + polarssl_zeroize( ctx, sizeof( md_context_t ) ); +} + int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) { if( md_info == NULL || ctx == NULL ) @@ -191,12 +207,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) int md_free_ctx( md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( POLARSSL_ERR_MD_BAD_INPUT_DATA ); - - ctx->md_info->ctx_free_func( ctx->md_ctx ); - - polarssl_zeroize( ctx, sizeof( md_context_t ) ); + md_free( ctx ); return( 0 ); } diff --git a/library/pkcs12.c b/library/pkcs12.c index 027f84a82..0cf2edf10 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -194,6 +194,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, return( ret ); } + cipher_init( &cipher_ctx ); + if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) goto exit; @@ -218,7 +220,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, exit: polarssl_zeroize( key, sizeof( key ) ); polarssl_zeroize( iv, sizeof( iv ) ); - cipher_free_ctx( &cipher_ctx ); + cipher_free( &cipher_ctx ); return( ret ); } @@ -265,6 +267,8 @@ int pkcs12_derivation( unsigned char *data, size_t datalen, if( md_info == NULL ) return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); + md_init( &md_ctx ); + if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) return( ret ); hlen = md_get_size( md_info ); @@ -348,7 +352,7 @@ exit: polarssl_zeroize( hash_block, sizeof( hash_block ) ); polarssl_zeroize( hash_output, sizeof( hash_output ) ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( ret ); } diff --git a/library/pkcs5.c b/library/pkcs5.c index 3f94d50ee..e769783ee 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -130,9 +130,6 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, p = pbe_params->p; end = p + pbe_params->len; - memset( &md_ctx, 0, sizeof(md_context_t) ); - memset( &cipher_ctx, 0, sizeof(cipher_context_t) ); - /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, @@ -187,6 +184,9 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); } + md_init( &md_ctx ); + cipher_init( &cipher_ctx ); + memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) @@ -209,8 +209,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH; exit: - md_free_ctx( &md_ctx ); - cipher_free_ctx( &cipher_ctx ); + md_free( &md_ctx ); + cipher_free( &cipher_ctx ); return( ret ); } @@ -364,12 +364,20 @@ int pkcs5_self_test( int verbose ) int ret, i; unsigned char key[64]; + md_init( &sha1_ctx ); + info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 ); if( info_sha1 == NULL ) - return( 1 ); + { + ret = 1; + goto exit; + } if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 ) - return( 1 ); + { + ret = 1; + goto exit; + } if( verbose != 0 ) polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" ); @@ -387,7 +395,8 @@ int pkcs5_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -396,8 +405,8 @@ int pkcs5_self_test( int verbose ) polarssl_printf( "\n" ); - if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 ) - return( 1 ); +exit: + md_free( &sha1_ctx ); return( 0 ); } diff --git a/library/rsa.c b/library/rsa.c index 3cbac66e1..0fd5199b2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -540,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, *p++ = 1; memcpy( p, input, ilen ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); // maskedDB: Apply dbMask to DB @@ -552,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( ( mode == RSA_PUBLIC ) ? rsa_public( ctx, output, output ) @@ -708,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, */ hlen = md_get_size( md_info ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); /* Generate lHash */ @@ -721,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); /* * Check contents, in "constant-time" @@ -951,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, memcpy( p, salt, slen ); p += slen; + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); // Generate H = Hash( M' ) @@ -970,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, // mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); msb = mpi_msb( &ctx->N ) - 1; sig[0] &= 0xFF >> ( olen * 8 - msb ); @@ -1182,6 +1185,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( buf[0] >> ( 8 - siglen * 8 + msb ) ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + md_init( &md_ctx ); md_init_ctx( &md_ctx, md_info ); mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); @@ -1194,7 +1198,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( p == buf + siglen || *p++ != 0x01 ) { - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); } @@ -1204,7 +1208,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, if( expected_salt_len != RSA_SALT_LEN_ANY && slen != (size_t) expected_salt_len ) { - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING ); } @@ -1216,7 +1220,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, md_update( &md_ctx, p, slen ); md_finish( &md_ctx, result ); - md_free_ctx( &md_ctx ); + md_free( &md_ctx ); if( memcmp( p + slen, result, hlen ) == 0 ) return( 0 ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c6a11dec6..d38d76955 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1758,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { md_context_t ctx; + md_init( &ctx ); + /* Info from md_alg will be used instead */ hashlen = 0; @@ -1779,7 +1781,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, ssl->in_msg + 4, params_len ); md_finish( &ctx, hash ); - md_free_ctx( &ctx ); + md_free( &ctx ); } else #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9d2507a3b..25be98826 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2380,6 +2380,8 @@ curve_matching_done: md_context_t ctx; const md_info_t *md_info = md_info_from_type( md_alg ); + md_init( &ctx ); + /* Info from md_alg will be used instead */ hashlen = 0; @@ -2400,13 +2402,7 @@ curve_matching_done: md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, dig_signed, dig_signed_len ); md_finish( &ctx, hash ); - - if( ( ret = md_free_ctx( &ctx ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "md_free_ctx", ret ); - return( ret ); - } - + md_free( &ctx ); } else #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d3bfab518..6d7b0c8a7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3311,6 +3311,12 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake, static void ssl_transform_init( ssl_transform *transform ) { memset( transform, 0, sizeof(ssl_transform) ); + + cipher_init( &transform->cipher_ctx_enc ); + cipher_init( &transform->cipher_ctx_dec ); + + md_init( &transform->md_ctx_enc ); + md_init( &transform->md_ctx_dec ); } void ssl_session_init( ssl_session *session ) @@ -4506,11 +4512,11 @@ void ssl_transform_free( ssl_transform *transform ) inflateEnd( &transform->ctx_inflate ); #endif - cipher_free_ctx( &transform->cipher_ctx_enc ); - cipher_free_ctx( &transform->cipher_ctx_dec ); + cipher_free( &transform->cipher_ctx_enc ); + cipher_free( &transform->cipher_ctx_dec ); - md_free_ctx( &transform->md_ctx_enc ); - md_free_ctx( &transform->md_ctx_dec ); + md_free( &transform->md_ctx_enc ); + md_free( &transform->md_ctx_dec ); polarssl_zeroize( transform, sizeof( ssl_transform ) ); }