Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
external
mbedtls
Commits
84bbeb58
Commit
84bbeb58
authored
Jul 01, 2014
by
Paul Bakker
Browse files
Adapt cipher and MD layer with _init() and _free()
parent
accaffe2
Changes
13
Hide whitespace changes
Inline
Side-by-side
include/polarssl/cipher.h
View file @
84bbeb58
...
...
@@ -331,10 +331,26 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
int
key_length
,
const
cipher_mode_t
mode
);
/**
* \brief Initialize a cipher_context (as NONE)
*/
void
cipher_init
(
cipher_context_t
*
ctx
);
/**
* \brief Free and clear the cipher-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void
cipher_free
(
cipher_context_t
*
ctx
);
/**
* \brief Initialises and fills the cipher context structure with
* the appropriate values.
*
* \note Currently also clears structure. In future versions you
* will be required to call cipher_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL.
* \param cipher_info cipher to use.
*
...
...
@@ -349,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
* \brief Free the cipher-specific context of ctx. Freeing ctx
* itself remains the responsibility of the caller.
*
* \note Deprecated: Redirects to cipher_free()
*
* \param ctx Free the cipher-specific context
*
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* parameter verification fails.
* \returns 0
*/
int
cipher_free_ctx
(
cipher_context_t
*
ctx
);
...
...
include/polarssl/md.h
View file @
84bbeb58
...
...
@@ -172,10 +172,26 @@ const md_info_t *md_info_from_string( const char *md_name );
*/
const
md_info_t
*
md_info_from_type
(
md_type_t
md_type
);
/**
* \brief Initialize a md_context (as NONE)
*/
void
md_init
(
md_context_t
*
ctx
);
/**
* \brief Free and clear the message-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void
md_free
(
md_context_t
*
ctx
);
/**
* \brief Initialises and fills the message digest context structure
* with the appropriate values.
*
* \note Currently also clears structure. In future versions you
* will be required to call md_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL. The
* digest-specific context (ctx->md_ctx) must be NULL. It will
* be allocated, and must be freed using md_free_ctx() later.
...
...
@@ -191,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
* \brief Free the message-specific context of ctx. Freeing ctx itself
* remains the responsibility of the caller.
*
* \note Deprecated: Redirects to md_free()
*
* \param ctx Free the message-specific context
*
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
* \returns 0
*/
int
md_free_ctx
(
md_context_t
*
ctx
);
...
...
library/ccm.c
View file @
84bbeb58
...
...
@@ -61,6 +61,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
memset
(
ctx
,
0
,
sizeof
(
ccm_context
)
);
cipher_init
(
&
ctx
->
cipher_ctx
);
cipher_info
=
cipher_info_from_values
(
cipher
,
keysize
,
POLARSSL_MODE_ECB
);
if
(
cipher_info
==
NULL
)
return
(
POLARSSL_ERR_CCM_BAD_INPUT
);
...
...
@@ -85,7 +87,7 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
*/
void
ccm_free
(
ccm_context
*
ctx
)
{
(
void
)
cipher_free
_ctx
(
&
ctx
->
cipher_ctx
);
cipher_free
(
&
ctx
->
cipher_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
ccm_context
)
);
}
...
...
library/cipher.c
View file @
84bbeb58
...
...
@@ -125,6 +125,22 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
return
(
NULL
);
}
void
cipher_init
(
cipher_context_t
*
ctx
)
{
memset
(
ctx
,
0
,
sizeof
(
cipher_context_t
)
);
}
void
cipher_free
(
cipher_context_t
*
ctx
)
{
if
(
ctx
==
NULL
)
return
;
if
(
ctx
->
cipher_ctx
)
ctx
->
cipher_info
->
base
->
ctx_free_func
(
ctx
->
cipher_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
cipher_context_t
)
);
}
int
cipher_init_ctx
(
cipher_context_t
*
ctx
,
const
cipher_info_t
*
cipher_info
)
{
if
(
NULL
==
cipher_info
||
NULL
==
ctx
)
...
...
@@ -151,13 +167,10 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
return
(
0
);
}
/* Deprecated, redirects to cipher_free() */
int
cipher_free_ctx
(
cipher_context_t
*
ctx
)
{
if
(
ctx
==
NULL
||
ctx
->
cipher_info
==
NULL
)
return
(
POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
);
ctx
->
cipher_info
->
base
->
ctx_free_func
(
ctx
->
cipher_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
cipher_context_t
)
);
cipher_free
(
ctx
);
return
(
0
);
}
...
...
library/gcm.c
View file @
84bbeb58
...
...
@@ -157,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
memset
(
ctx
,
0
,
sizeof
(
gcm_context
)
);
cipher_init
(
&
ctx
->
cipher_ctx
);
cipher_info
=
cipher_info_from_values
(
cipher
,
keysize
,
POLARSSL_MODE_ECB
);
if
(
cipher_info
==
NULL
)
return
(
POLARSSL_ERR_GCM_BAD_INPUT
);
...
...
@@ -493,7 +495,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
void
gcm_free
(
gcm_context
*
ctx
)
{
(
void
)
cipher_free
_ctx
(
&
ctx
->
cipher_ctx
);
cipher_free
(
&
ctx
->
cipher_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
gcm_context
)
);
}
...
...
library/hmac_drbg.c
View file @
84bbeb58
...
...
@@ -93,6 +93,8 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx,
memset
(
ctx
,
0
,
sizeof
(
hmac_drbg_context
)
);
md_init
(
&
ctx
->
md_ctx
);
if
(
(
ret
=
md_init_ctx
(
&
ctx
->
md_ctx
,
md_info
)
)
!=
0
)
return
(
ret
);
...
...
@@ -165,6 +167,8 @@ int hmac_drbg_init( hmac_drbg_context *ctx,
memset
(
ctx
,
0
,
sizeof
(
hmac_drbg_context
)
);
md_init
(
&
ctx
->
md_ctx
);
if
(
(
ret
=
md_init_ctx
(
&
ctx
->
md_ctx
,
md_info
)
)
!=
0
)
return
(
ret
);
...
...
library/md.c
View file @
84bbeb58
...
...
@@ -172,6 +172,22 @@ const md_info_t *md_info_from_type( md_type_t md_type )
}
}
void
md_init
(
md_context_t
*
ctx
)
{
memset
(
ctx
,
0
,
sizeof
(
md_context_t
)
);
}
void
md_free
(
md_context_t
*
ctx
)
{
if
(
ctx
==
NULL
)
return
;
if
(
ctx
->
md_ctx
)
ctx
->
md_info
->
ctx_free_func
(
ctx
->
md_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
md_context_t
)
);
}
int
md_init_ctx
(
md_context_t
*
ctx
,
const
md_info_t
*
md_info
)
{
if
(
md_info
==
NULL
||
ctx
==
NULL
)
...
...
@@ -191,12 +207,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
int
md_free_ctx
(
md_context_t
*
ctx
)
{
if
(
ctx
==
NULL
||
ctx
->
md_info
==
NULL
)
return
(
POLARSSL_ERR_MD_BAD_INPUT_DATA
);
ctx
->
md_info
->
ctx_free_func
(
ctx
->
md_ctx
);
polarssl_zeroize
(
ctx
,
sizeof
(
md_context_t
)
);
md_free
(
ctx
);
return
(
0
);
}
...
...
library/pkcs12.c
View file @
84bbeb58
...
...
@@ -194,6 +194,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
return
(
ret
);
}
cipher_init
(
&
cipher_ctx
);
if
(
(
ret
=
cipher_init_ctx
(
&
cipher_ctx
,
cipher_info
)
)
!=
0
)
goto
exit
;
...
...
@@ -218,7 +220,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
exit:
polarssl_zeroize
(
key
,
sizeof
(
key
)
);
polarssl_zeroize
(
iv
,
sizeof
(
iv
)
);
cipher_free
_ctx
(
&
cipher_ctx
);
cipher_free
(
&
cipher_ctx
);
return
(
ret
);
}
...
...
@@ -265,6 +267,8 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
if
(
md_info
==
NULL
)
return
(
POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE
);
md_init
(
&
md_ctx
);
if
(
(
ret
=
md_init_ctx
(
&
md_ctx
,
md_info
)
)
!=
0
)
return
(
ret
);
hlen
=
md_get_size
(
md_info
);
...
...
@@ -348,7 +352,7 @@ exit:
polarssl_zeroize
(
hash_block
,
sizeof
(
hash_block
)
);
polarssl_zeroize
(
hash_output
,
sizeof
(
hash_output
)
);
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
return
(
ret
);
}
...
...
library/pkcs5.c
View file @
84bbeb58
...
...
@@ -130,9 +130,6 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
p
=
pbe_params
->
p
;
end
=
p
+
pbe_params
->
len
;
memset
(
&
md_ctx
,
0
,
sizeof
(
md_context_t
)
);
memset
(
&
cipher_ctx
,
0
,
sizeof
(
cipher_context_t
)
);
/*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
...
...
@@ -187,6 +184,9 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
return
(
POLARSSL_ERR_PKCS5_INVALID_FORMAT
);
}
md_init
(
&
md_ctx
);
cipher_init
(
&
cipher_ctx
);
memcpy
(
iv
,
enc_scheme_params
.
p
,
enc_scheme_params
.
len
);
if
(
(
ret
=
md_init_ctx
(
&
md_ctx
,
md_info
)
)
!=
0
)
...
...
@@ -209,8 +209,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
ret
=
POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
;
exit:
md_free
_ctx
(
&
md_ctx
);
cipher_free
_ctx
(
&
cipher_ctx
);
md_free
(
&
md_ctx
);
cipher_free
(
&
cipher_ctx
);
return
(
ret
);
}
...
...
@@ -364,12 +364,20 @@ int pkcs5_self_test( int verbose )
int
ret
,
i
;
unsigned
char
key
[
64
];
md_init
(
&
sha1_ctx
);
info_sha1
=
md_info_from_type
(
POLARSSL_MD_SHA1
);
if
(
info_sha1
==
NULL
)
return
(
1
);
{
ret
=
1
;
goto
exit
;
}
if
(
(
ret
=
md_init_ctx
(
&
sha1_ctx
,
info_sha1
)
)
!=
0
)
return
(
1
);
{
ret
=
1
;
goto
exit
;
}
if
(
verbose
!=
0
)
polarssl_printf
(
" PBKDF2 note: test #3 may be slow!
\n
"
);
...
...
@@ -387,7 +395,8 @@ int pkcs5_self_test( int verbose )
if
(
verbose
!=
0
)
polarssl_printf
(
"failed
\n
"
);
return
(
1
);
ret
=
1
;
goto
exit
;
}
if
(
verbose
!=
0
)
...
...
@@ -396,8 +405,8 @@ int pkcs5_self_test( int verbose )
polarssl_printf
(
"
\n
"
);
if
(
(
ret
=
md_free_ctx
(
&
sha1_ctx
)
)
!=
0
)
return
(
1
);
exit:
md_free
(
&
sha1_ctx
);
return
(
0
);
}
...
...
library/rsa.c
View file @
84bbeb58
...
...
@@ -540,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
*
p
++
=
1
;
memcpy
(
p
,
input
,
ilen
);
md_init
(
&
md_ctx
);
md_init_ctx
(
&
md_ctx
,
md_info
);
// maskedDB: Apply dbMask to DB
...
...
@@ -552,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
mgf_mask
(
output
+
1
,
hlen
,
output
+
hlen
+
1
,
olen
-
hlen
-
1
,
&
md_ctx
);
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
return
(
(
mode
==
RSA_PUBLIC
)
?
rsa_public
(
ctx
,
output
,
output
)
...
...
@@ -708,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
*/
hlen
=
md_get_size
(
md_info
);
md_init
(
&
md_ctx
);
md_init_ctx
(
&
md_ctx
,
md_info
);
/* Generate lHash */
...
...
@@ -721,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
mgf_mask
(
buf
+
hlen
+
1
,
ilen
-
hlen
-
1
,
buf
+
1
,
hlen
,
&
md_ctx
);
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
/*
* Check contents, in "constant-time"
...
...
@@ -951,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
memcpy
(
p
,
salt
,
slen
);
p
+=
slen
;
md_init
(
&
md_ctx
);
md_init_ctx
(
&
md_ctx
,
md_info
);
// Generate H = Hash( M' )
...
...
@@ -970,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
//
mgf_mask
(
sig
+
offset
,
olen
-
hlen
-
1
-
offset
,
p
,
hlen
,
&
md_ctx
);
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
msb
=
mpi_msb
(
&
ctx
->
N
)
-
1
;
sig
[
0
]
&=
0xFF
>>
(
olen
*
8
-
msb
);
...
...
@@ -1182,6 +1185,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if
(
buf
[
0
]
>>
(
8
-
siglen
*
8
+
msb
)
)
return
(
POLARSSL_ERR_RSA_BAD_INPUT_DATA
);
md_init
(
&
md_ctx
);
md_init_ctx
(
&
md_ctx
,
md_info
);
mgf_mask
(
p
,
siglen
-
hlen
-
1
,
p
+
siglen
-
hlen
-
1
,
hlen
,
&
md_ctx
);
...
...
@@ -1194,7 +1198,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if
(
p
==
buf
+
siglen
||
*
p
++
!=
0x01
)
{
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
return
(
POLARSSL_ERR_RSA_INVALID_PADDING
);
}
...
...
@@ -1204,7 +1208,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if
(
expected_salt_len
!=
RSA_SALT_LEN_ANY
&&
slen
!=
(
size_t
)
expected_salt_len
)
{
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
return
(
POLARSSL_ERR_RSA_INVALID_PADDING
);
}
...
...
@@ -1216,7 +1220,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
md_update
(
&
md_ctx
,
p
,
slen
);
md_finish
(
&
md_ctx
,
result
);
md_free
_ctx
(
&
md_ctx
);
md_free
(
&
md_ctx
);
if
(
memcmp
(
p
+
slen
,
result
,
hlen
)
==
0
)
return
(
0
);
...
...
library/ssl_cli.c
View file @
84bbeb58
...
...
@@ -1758,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
{
md_context_t
ctx
;
md_init
(
&
ctx
);
/* Info from md_alg will be used instead */
hashlen
=
0
;
...
...
@@ -1779,7 +1781,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
md_update
(
&
ctx
,
ssl
->
handshake
->
randbytes
,
64
);
md_update
(
&
ctx
,
ssl
->
in_msg
+
4
,
params_len
);
md_finish
(
&
ctx
,
hash
);
md_free
_ctx
(
&
ctx
);
md_free
(
&
ctx
);
}
else
#endif
/* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
...
...
library/ssl_srv.c
View file @
84bbeb58
...
...
@@ -2380,6 +2380,8 @@ curve_matching_done:
md_context_t
ctx
;
const
md_info_t
*
md_info
=
md_info_from_type
(
md_alg
);
md_init
(
&
ctx
);
/* Info from md_alg will be used instead */
hashlen
=
0
;
...
...
@@ -2400,13 +2402,7 @@ curve_matching_done:
md_update
(
&
ctx
,
ssl
->
handshake
->
randbytes
,
64
);
md_update
(
&
ctx
,
dig_signed
,
dig_signed_len
);
md_finish
(
&
ctx
,
hash
);
if
(
(
ret
=
md_free_ctx
(
&
ctx
)
)
!=
0
)
{
SSL_DEBUG_RET
(
1
,
"md_free_ctx"
,
ret
);
return
(
ret
);
}
md_free
(
&
ctx
);
}
else
#endif
/* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
...
...
library/ssl_tls.c
View file @
84bbeb58
...
...
@@ -3311,6 +3311,12 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake,
static
void
ssl_transform_init
(
ssl_transform
*
transform
)
{
memset
(
transform
,
0
,
sizeof
(
ssl_transform
)
);
cipher_init
(
&
transform
->
cipher_ctx_enc
);
cipher_init
(
&
transform
->
cipher_ctx_dec
);
md_init
(
&
transform
->
md_ctx_enc
);
md_init
(
&
transform
->
md_ctx_dec
);
}
void
ssl_session_init
(
ssl_session
*
session
)
...
...
@@ -4506,11 +4512,11 @@ void ssl_transform_free( ssl_transform *transform )
inflateEnd
(
&
transform
->
ctx_inflate
);
#endif
cipher_free
_ctx
(
&
transform
->
cipher_ctx_enc
);
cipher_free
_ctx
(
&
transform
->
cipher_ctx_dec
);
cipher_free
(
&
transform
->
cipher_ctx_enc
);
cipher_free
(
&
transform
->
cipher_ctx_dec
);
md_free
_ctx
(
&
transform
->
md_ctx_enc
);
md_free
_ctx
(
&
transform
->
md_ctx_dec
);
md_free
(
&
transform
->
md_ctx_enc
);
md_free
(
&
transform
->
md_ctx_dec
);
polarssl_zeroize
(
transform
,
sizeof
(
ssl_transform
)
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment