Adapt cipher and MD layer with _init() and _free()
diff --git a/library/ccm.c b/library/ccm.c
index 91dee67..60477d0 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -61,6 +61,8 @@
memset( ctx, 0, sizeof( ccm_context ) );
+ cipher_init( &ctx->cipher_ctx );
+
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_CCM_BAD_INPUT );
@@ -85,7 +87,7 @@
*/
void ccm_free( ccm_context *ctx )
{
- (void) cipher_free_ctx( &ctx->cipher_ctx );
+ cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( ccm_context ) );
}
diff --git a/library/cipher.c b/library/cipher.c
index 16acd80..5cd30f8 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -125,6 +125,22 @@
return( NULL );
}
+void cipher_init( cipher_context_t *ctx )
+{
+ memset( ctx, 0, sizeof( cipher_context_t ) );
+}
+
+void cipher_free( cipher_context_t *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ if( ctx->cipher_ctx )
+ ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+
+ polarssl_zeroize( ctx, sizeof(cipher_context_t) );
+}
+
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
{
if( NULL == cipher_info || NULL == ctx )
@@ -151,13 +167,10 @@
return( 0 );
}
+/* Deprecated, redirects to cipher_free() */
int cipher_free_ctx( cipher_context_t *ctx )
{
- if( ctx == NULL || ctx->cipher_info == NULL )
- return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
-
- ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
- polarssl_zeroize( ctx, sizeof(cipher_context_t) );
+ cipher_free( ctx );
return( 0 );
}
diff --git a/library/gcm.c b/library/gcm.c
index d4c68ae..77b1e0f 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -157,6 +157,8 @@
memset( ctx, 0, sizeof(gcm_context) );
+ cipher_init( &ctx->cipher_ctx );
+
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_GCM_BAD_INPUT );
@@ -493,7 +495,7 @@
void gcm_free( gcm_context *ctx )
{
- (void) cipher_free_ctx( &ctx->cipher_ctx );
+ cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( gcm_context ) );
}
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 30307b0..d691be1 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -93,6 +93,8 @@
memset( ctx, 0, sizeof( hmac_drbg_context ) );
+ md_init( &ctx->md_ctx );
+
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
@@ -165,6 +167,8 @@
memset( ctx, 0, sizeof( hmac_drbg_context ) );
+ md_init( &ctx->md_ctx );
+
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
diff --git a/library/md.c b/library/md.c
index 00fcef3..7f9c5dc 100644
--- a/library/md.c
+++ b/library/md.c
@@ -172,6 +172,22 @@
}
}
+void md_init( md_context_t *ctx )
+{
+ memset( ctx, 0, sizeof( md_context_t ) );
+}
+
+void md_free( md_context_t *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ if( ctx->md_ctx )
+ ctx->md_info->ctx_free_func( ctx->md_ctx );
+
+ polarssl_zeroize( ctx, sizeof( md_context_t ) );
+}
+
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
{
if( md_info == NULL || ctx == NULL )
@@ -191,12 +207,7 @@
int md_free_ctx( md_context_t *ctx )
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->ctx_free_func( ctx->md_ctx );
-
- polarssl_zeroize( ctx, sizeof( md_context_t ) );
+ md_free( ctx );
return( 0 );
}
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 027f84a..0cf2edf 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -194,6 +194,8 @@
return( ret );
}
+ cipher_init( &cipher_ctx );
+
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
@@ -218,7 +220,7 @@
exit:
polarssl_zeroize( key, sizeof( key ) );
polarssl_zeroize( iv, sizeof( iv ) );
- cipher_free_ctx( &cipher_ctx );
+ cipher_free( &cipher_ctx );
return( ret );
}
@@ -265,6 +267,8 @@
if( md_info == NULL )
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
+ md_init( &md_ctx );
+
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
return( ret );
hlen = md_get_size( md_info );
@@ -348,7 +352,7 @@
polarssl_zeroize( hash_block, sizeof( hash_block ) );
polarssl_zeroize( hash_output, sizeof( hash_output ) );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( ret );
}
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 3f94d50..e769783 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -130,9 +130,6 @@
p = pbe_params->p;
end = p + pbe_params->len;
- memset( &md_ctx, 0, sizeof(md_context_t) );
- memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
-
/*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
@@ -187,6 +184,9 @@
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
}
+ md_init( &md_ctx );
+ cipher_init( &cipher_ctx );
+
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
@@ -209,8 +209,8 @@
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
exit:
- md_free_ctx( &md_ctx );
- cipher_free_ctx( &cipher_ctx );
+ md_free( &md_ctx );
+ cipher_free( &cipher_ctx );
return( ret );
}
@@ -364,12 +364,20 @@
int ret, i;
unsigned char key[64];
+ md_init( &sha1_ctx );
+
info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 );
if( info_sha1 == NULL )
- return( 1 );
+ {
+ ret = 1;
+ goto exit;
+ }
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
- return( 1 );
+ {
+ ret = 1;
+ goto exit;
+ }
if( verbose != 0 )
polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
@@ -387,7 +395,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -396,8 +405,8 @@
polarssl_printf( "\n" );
- if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 )
- return( 1 );
+exit:
+ md_free( &sha1_ctx );
return( 0 );
}
diff --git a/library/rsa.c b/library/rsa.c
index 3cbac66..0fd5199 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -540,6 +540,7 @@
*p++ = 1;
memcpy( p, input, ilen );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// maskedDB: Apply dbMask to DB
@@ -552,7 +553,7 @@
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( ( mode == RSA_PUBLIC )
? rsa_public( ctx, output, output )
@@ -708,6 +709,7 @@
*/
hlen = md_get_size( md_info );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
/* Generate lHash */
@@ -721,7 +723,7 @@
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
/*
* Check contents, in "constant-time"
@@ -951,6 +953,7 @@
memcpy( p, salt, slen );
p += slen;
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// Generate H = Hash( M' )
@@ -970,7 +973,7 @@
//
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
msb = mpi_msb( &ctx->N ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb );
@@ -1182,6 +1185,7 @@
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
@@ -1194,7 +1198,7 @@
if( p == buf + siglen ||
*p++ != 0x01 )
{
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
@@ -1204,7 +1208,7 @@
if( expected_salt_len != RSA_SALT_LEN_ANY &&
slen != (size_t) expected_salt_len )
{
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
@@ -1216,7 +1220,7 @@
md_update( &md_ctx, p, slen );
md_finish( &md_ctx, result );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
if( memcmp( p + slen, result, hlen ) == 0 )
return( 0 );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c6a11de..d38d769 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1758,6 +1758,8 @@
{
md_context_t ctx;
+ md_init( &ctx );
+
/* Info from md_alg will be used instead */
hashlen = 0;
@@ -1779,7 +1781,7 @@
md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, ssl->in_msg + 4, params_len );
md_finish( &ctx, hash );
- md_free_ctx( &ctx );
+ md_free( &ctx );
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9d2507a..25be988 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2380,6 +2380,8 @@
md_context_t ctx;
const md_info_t *md_info = md_info_from_type( md_alg );
+ md_init( &ctx );
+
/* Info from md_alg will be used instead */
hashlen = 0;
@@ -2400,13 +2402,7 @@
md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, dig_signed, dig_signed_len );
md_finish( &ctx, hash );
-
- if( ( ret = md_free_ctx( &ctx ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "md_free_ctx", ret );
- return( ret );
- }
-
+ md_free( &ctx );
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d3bfab5..6d7b0c8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3311,6 +3311,12 @@
static void ssl_transform_init( ssl_transform *transform )
{
memset( transform, 0, sizeof(ssl_transform) );
+
+ cipher_init( &transform->cipher_ctx_enc );
+ cipher_init( &transform->cipher_ctx_dec );
+
+ md_init( &transform->md_ctx_enc );
+ md_init( &transform->md_ctx_dec );
}
void ssl_session_init( ssl_session *session )
@@ -4506,11 +4512,11 @@
inflateEnd( &transform->ctx_inflate );
#endif
- cipher_free_ctx( &transform->cipher_ctx_enc );
- cipher_free_ctx( &transform->cipher_ctx_dec );
+ cipher_free( &transform->cipher_ctx_enc );
+ cipher_free( &transform->cipher_ctx_dec );
- md_free_ctx( &transform->md_ctx_enc );
- md_free_ctx( &transform->md_ctx_dec );
+ md_free( &transform->md_ctx_enc );
+ md_free( &transform->md_ctx_dec );
polarssl_zeroize( transform, sizeof( ssl_transform ) );
}