Add _init() and _free() for hash modules

5b4af39a · Paul Bakker · 8cfd9d8c · 5b4af39a · 5b4af39a · 5b4af39a
Commit 5b4af39a authored Jun 26, 2014 by Paul Bakker
19 changed files
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -60,6 +60,20 @@ typedef struct
 }
 md2_context;

+/**
+ * \brief          Initialize MD2 context
+ *
+ * \param ctx      MD2 context to be initialized
+ */
+void md2_init( md2_context *ctx );
+
+/**
+ * \brief          Clear MD2 context
+ *
+ * \param ctx      MD2 context to be cleared
+ */
+void md2_free( md2_context *ctx );
+
 /**
 * \brief          MD2 context setup
 *

--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -66,6 +66,20 @@ typedef struct
 }
 md4_context;

+/**
+ * \brief          Initialize MD4 context
+ *
+ * \param ctx      MD4 context to be initialized
+ */
+void md4_init( md4_context *ctx );
+
+/**
+ * \brief          Clear MD4 context
+ *
+ * \param ctx      MD4 context to be cleared
+ */
+void md4_free( md4_context *ctx );
+
 /**
 * \brief          MD4 context setup
 *

--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -66,6 +66,20 @@ typedef struct
 }
 md5_context;

+/**
+ * \brief          Initialize MD5 context
+ *
+ * \param ctx      MD5 context to be initialized
+ */
+void md5_init( md5_context *ctx );
+
+/**
+ * \brief          Clear MD5 context
+ *
+ * \param ctx      MD5 context to be cleared
+ */
+void md5_free( md5_context *ctx );
+
 /**
 * \brief          MD5 context setup
 *

--- a/include/polarssl/ripemd160.h
+++ b/include/polarssl/ripemd160.h
@@ -66,6 +66,20 @@ typedef struct
 }
 ripemd160_context;

+/**
+ * \brief          Initialize RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be initialized
+ */
+void ripemd160_init( ripemd160_context *ctx );
+
+/**
+ * \brief          Clear RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be cleared
+ */
+void ripemd160_free( ripemd160_context *ctx );
+
 /**
 * \brief          RIPEMD-160 context setup
 *

--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -66,6 +66,20 @@ typedef struct
 }
 sha1_context;

+/**
+ * \brief          Initialize SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be initialized
+ */
+void sha1_init( sha1_context *ctx );
+
+/**
+ * \brief          Clear SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be cleared
+ */
+void sha1_free( sha1_context *ctx );
+
 /**
 * \brief          SHA-1 context setup
 *

--- a/include/polarssl/sha256.h
+++ b/include/polarssl/sha256.h
@@ -67,6 +67,20 @@ typedef struct
 }
 sha256_context;

+/**
+ * \brief          Initialize SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be initialized
+ */
+void sha256_init( sha256_context *ctx );
+
+/**
+ * \brief          Clear SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be cleared
+ */
+void sha256_free( sha256_context *ctx );
+
 /**
 * \brief          SHA-256 context setup
 *

--- a/include/polarssl/sha512.h
+++ b/include/polarssl/sha512.h
@@ -68,6 +68,20 @@ typedef struct
 }
 sha512_context;

+/**
+ * \brief          Initialize SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be initialized
+ */
+void sha512_init( sha512_context *ctx );
+
+/**
+ * \brief          Clear SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be cleared
+ */
+void sha512_free( sha512_context *ctx );
+
 /**
 * \brief          SHA-512 context setup
 *

--- a/library/md2.c
+++ b/library/md2.c
@@ -86,6 +86,19 @@ static const unsigned char PI_SUBST[256] =
    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
 };

+void md2_init( md2_context *ctx )
+{
+    memset( ctx, 0, sizeof( md2_context ) );
+}
+
+void md2_free( md2_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    polarssl_zeroize( ctx, sizeof( md2_context ) );
+}
+
 /*
 * MD2 context setup
 */
@@ -189,11 +202,11 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
    md2_context ctx;

+    md2_init( &ctx );
    md2_starts( &ctx );
    md2_update( &ctx, input, ilen );
    md2_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md2_context ) );
+    md2_free( &ctx );
 }

 #if defined(POLARSSL_FS_IO)
@@ -210,14 +223,14 @@ int md2_file( const char *path, unsigned char output[16] )
    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_MD2_FILE_IO_ERROR );

+    md2_init( &ctx );
    md2_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        md2_update( &ctx, buf, n );

    md2_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md2_context ) );
+    md2_free( &ctx );

    if( ferror( f ) != 0 )
    {
@@ -304,11 +317,11 @@ void md2_hmac( const unsigned char *key, size_t keylen,
 {
    md2_context ctx;

+    md2_init( &ctx );
    md2_hmac_starts( &ctx, key, keylen );
    md2_hmac_update( &ctx, input, ilen );
    md2_hmac_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md2_context ) );
+    md2_free( &ctx );
 }

 #if defined(POLARSSL_SELF_TEST)

--- a/library/md4.c
+++ b/library/md4.c
@@ -79,6 +79,19 @@ static void polarssl_zeroize( void *v, size_t n ) {
 }
 #endif

+void md4_init( md4_context *ctx )
+{
+    memset( ctx, 0, sizeof( md4_context ) );
+}
+
+void md4_free( md4_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    polarssl_zeroize( ctx, sizeof( md4_context ) );
+}
+
 /*
 * MD4 context setup
 */
@@ -285,11 +298,11 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
    md4_context ctx;

+    md4_init( &ctx );
    md4_starts( &ctx );
    md4_update( &ctx, input, ilen );
    md4_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md4_context ) );
+    md4_free( &ctx );
 }

 #if defined(POLARSSL_FS_IO)
@@ -306,14 +319,14 @@ int md4_file( const char *path, unsigned char output[16] )
    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_MD4_FILE_IO_ERROR );

+    md4_init( &ctx );
    md4_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        md4_update( &ctx, buf, n );

    md4_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md4_context ) );
+    md4_free( &ctx );

    if( ferror( f ) != 0 )
    {
@@ -400,11 +413,11 @@ void md4_hmac( const unsigned char *key, size_t keylen,
 {
    md4_context ctx;

+    md4_init( &ctx );
    md4_hmac_starts( &ctx, key, keylen );
    md4_hmac_update( &ctx, input, ilen );
    md4_hmac_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md4_context ) );
+    md4_free( &ctx );
 }

 #if defined(POLARSSL_SELF_TEST)

--- a/library/md5.c
+++ b/library/md5.c
@@ -78,6 +78,19 @@ static void polarssl_zeroize( void *v, size_t n ) {
 }
 #endif

+void md5_init( md5_context *ctx )
+{
+    memset( ctx, 0, sizeof( md5_context ) );
+}
+
+void md5_free( md5_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    polarssl_zeroize( ctx, sizeof( md5_context ) );
+}
+
 /*
 * MD5 context setup
 */
@@ -302,11 +315,11 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
    md5_context ctx;

+    md5_init( &ctx );
    md5_starts( &ctx );
    md5_update( &ctx, input, ilen );
    md5_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md5_context ) );
+    md5_free( &ctx );
 }

 #if defined(POLARSSL_FS_IO)
@@ -323,14 +336,14 @@ int md5_file( const char *path, unsigned char output[16] )
    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_MD5_FILE_IO_ERROR );

+    md5_init( &ctx );
    md5_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        md5_update( &ctx, buf, n );

    md5_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md5_context ) );
+    md5_free( &ctx );

    if( ferror( f ) != 0 )
    {
@@ -417,11 +430,11 @@ void md5_hmac( const unsigned char *key, size_t keylen,
 {
    md5_context ctx;

+    md5_init( &ctx );
    md5_hmac_starts( &ctx, key, keylen );
    md5_hmac_update( &ctx, input, ilen );
    md5_hmac_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( md5_context ) );
+    md5_free( &ctx );
 }

 #if defined(POLARSSL_SELF_TEST)

--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -398,12 +398,20 @@ static void ripemd160_hmac_reset_wrap( void *ctx )

 static void * ripemd160_ctx_alloc( void )
 {
-    return polarssl_malloc( sizeof( ripemd160_context ) );
+    ripemd160_context *ctx;
+    ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    ripemd160_init( ctx );
+
+    return( ctx );
 }

 static void ripemd160_ctx_free( void *ctx )
 {
-    polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+    ripemd160_free( (ripemd160_context *) ctx );
    polarssl_free( ctx );
 }

@@ -486,12 +494,20 @@ static void sha1_hmac_reset_wrap( void *ctx )

 static void * sha1_ctx_alloc( void )
 {
-    return polarssl_malloc( sizeof( sha1_context ) );
+    sha1_context *ctx;
+    ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    sha1_init( ctx );
+
+    return( ctx );
 }

 static void sha1_ctx_free( void *ctx )
 {
-    polarssl_zeroize( ctx, sizeof( sha1_context ) );
+    sha1_free( (sha1_context *) ctx );
    polarssl_free( ctx );
 }

@@ -687,12 +703,20 @@ static void sha256_hmac_wrap( const unsigned char *key, size_t keylen,

 static void * sha256_ctx_alloc( void )
 {
-    return polarssl_malloc( sizeof( sha256_context ) );
+    sha256_context *ctx;
+    ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    sha256_init( ctx );
+
+    return( ctx );
 }

 static void sha256_ctx_free( void *ctx )
 {
-    polarssl_zeroize( ctx, sizeof( sha256_context ) );
+    sha256_free( (sha256_context *) ctx );
    polarssl_free( ctx );
 }

@@ -885,12 +909,20 @@ static void sha512_hmac_wrap( const unsigned char *key, size_t keylen,

 static void * sha512_ctx_alloc( void )
 {
-    return polarssl_malloc( sizeof( sha512_context ) );
+    sha512_context *ctx;
+    ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    sha512_init( ctx );
+
+    return( ctx );
 }

 static void sha512_ctx_free( void *ctx )
 {
-    polarssl_zeroize( ctx, sizeof( sha512_context ) );
+    sha512_free( (sha512_context *) ctx );
    polarssl_free( ctx );
 }


--- a/library/pem.c
+++ b/library/pem.c
@@ -92,6 +92,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
    unsigned char md5sum[16];
    size_t use_len;

+    md5_init( &md5_ctx );
+
    /*
     * key[ 0..15] = MD5(pwd || IV)
     */
@@ -104,7 +106,7 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
    {
        memcpy( key, md5sum, keylen );

-        polarssl_zeroize( &md5_ctx, sizeof(  md5_ctx ) );
+        md5_free( &md5_ctx );
        polarssl_zeroize( md5sum, 16 );
        return;
    }
@@ -126,7 +128,7 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,

    memcpy( key + 16, md5sum, use_len );

-    polarssl_zeroize( &md5_ctx, sizeof(  md5_ctx ) );
+    md5_free( &md5_ctx );
    polarssl_zeroize( md5sum, 16 );
 }


--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -81,6 +81,19 @@ static void polarssl_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }

+void ripemd160_init( ripemd160_context *ctx )
+{
+    memset( ctx, 0, sizeof( ripemd160_context ) );
+}
+
+void ripemd160_free( ripemd160_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+}
+
 /*
 * RIPEMD-160 context setup
 */
@@ -364,11 +377,11 @@ void ripemd160( const unsigned char *input, size_t ilen,
 {
    ripemd160_context ctx;

+    ripemd160_init( &ctx );
    ripemd160_starts( &ctx );
    ripemd160_update( &ctx, input, ilen );
    ripemd160_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+    ripemd160_free( &ctx );
 }

 #if defined(POLARSSL_FS_IO)
@@ -385,14 +398,14 @@ int ripemd160_file( const char *path, unsigned char output[20] )
    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );

+    ripemd160_init( &ctx );
    ripemd160_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        ripemd160_update( &ctx, buf, n );

    ripemd160_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+    ripemd160_free( &ctx );

    if( ferror( f ) != 0 )
    {
@@ -479,11 +492,11 @@ void ripemd160_hmac( const unsigned char *key, size_t keylen,
 {
    ripemd160_context ctx;

+    ripemd160_init( &ctx );
    ripemd160_hmac_starts( &ctx, key, keylen );
    ripemd160_hmac_update( &ctx, input, ilen );
    ripemd160_hmac_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+    ripemd160_free( &ctx );
 }



--- a/library/sha1.c
+++ b/library/sha1.c
@@ -78,6 +78,19 @@ static void polarssl_zeroize( void *v, size_t n ) {
 }
 #endif

+void sha1_init( sha1_context *ctx )
+{
+    memset( ctx, 0, sizeof( sha1_context ) );
+}
+
+void sha1_free( sha1_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    polarssl_zeroize( ctx, sizeof( sha1_context ) );
+}
+
 /*
 * SHA-1 context setup
 */
@@ -335,11 +348,11 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
 {
    sha1_context ctx;

+    sha1_init( &ctx );
    sha1_starts( &ctx );
    sha1_update( &ctx, input, ilen );
    sha1_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+    sha1_free( &ctx );
 }

 #if defined(POLARSSL_FS_IO)
@@ -356,14 +369,14 @@ int sha1_file( const char *path, unsigned char output[20] )
    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );

+    sha1_init( &ctx );
    sha1_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        sha1_update( &ctx, buf, n );

    sha1_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+    sha1_free( &ctx );

    if( ferror( f ) != 0 )
    {
@@ -450,11 +463,11 @@ void sha1_hmac( const unsigned char *key, size_t keylen,
 {
    sha1_context ctx;

+    sha1_init( &ctx );
    sha1_hmac_starts( &ctx, key, keylen );
    sha1_hmac_update( &ctx, input, ilen );
    sha1_hmac_finish( &ctx, output );
-
-    polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+    sha1_free( &ctx );
 }

 #if defined(POLARSSL_SELF_TEST)
@@ -554,11 +567,13 @@ static const unsigned char sha1_hmac_test_sum[7][20] =
 */
 int sha1_self_test( int verbose )
 {
-    int i, j, buflen;
+    int i, j, buflen, ret = 0;
    unsigned char buf[1024];
    unsigned char sha1sum[20];
    sha1_context ctx;

+    sha1_init( &ctx );
+
    /*
     * SHA-1
     */
@@ -587,7 +602,8 @@ int sha1_self_test( int verbose )
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

-            return( 1 );
+            ret = 1;
+            goto exit;
        }

        if( verbose != 0 )
@@ -623,7 +639,8 @@ int sha1_self_test( int verbose )
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

-            return( 1 );
+            ret = 1;
+            goto exit;
        }

        if( verbose != 0 )
@@ -633,7 +650,10 @@ int sha1_self_test( int verbose )
    if( verbose != 0 )
        polarssl_printf( "\n" );

-    return( 0 );
+exit:
+    sha1_free( &ctx );
+
+    return( ret );
 }

 #endif /* POLARSSL_SELF_TEST */

--- a/library/sha256.c
+++ b/library/sha256.c