yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 16:55:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adapt cipher and MD layer with _init() and _free()

Browse Source
This commit is contained in:
Paul Bakker 2014-07-01 14:53:22 +02:00
parent accaffe2c3
commit 84bbeb58df
13 changed files with 134 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
include/polarssl/cipher.h
View File

@ -331,10 +331,26 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
int key_length, int key_length,
const cipher_mode_t mode ); const cipher_mode_t mode );
/**
* \brief Initialize a cipher_context (as NONE)
*/
void cipher_init( cipher_context_t *ctx );
/**
* \brief Free and clear the cipher-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void cipher_free( cipher_context_t *ctx );
/** /**
* \brief Initialises and fills the cipher context structure with * \brief Initialises and fills the cipher context structure with
* the appropriate values. * the appropriate values.
* *
* \note Currently also clears structure. In future versions you
* will be required to call cipher_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL. * \param ctx context to initialise. May not be NULL.
* \param cipher_info cipher to use. * \param cipher_info cipher to use.
* *
@ -349,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
* \brief Free the cipher-specific context of ctx. Freeing ctx * \brief Free the cipher-specific context of ctx. Freeing ctx
* itself remains the responsibility of the caller. * itself remains the responsibility of the caller.
* *
* \note Deprecated: Redirects to cipher_free()
*
* \param ctx Free the cipher-specific context * \param ctx Free the cipher-specific context
* *
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if * \returns 0
* parameter verification fails.
*/ */
int cipher_free_ctx( cipher_context_t *ctx ); int cipher_free_ctx( cipher_context_t *ctx );

21
include/polarssl/md.h
View File

@ -172,10 +172,26 @@ const md_info_t *md_info_from_string( const char *md_name );
*/ */
const md_info_t *md_info_from_type( md_type_t md_type ); const md_info_t *md_info_from_type( md_type_t md_type );
/**
* \brief Initialize a md_context (as NONE)
*/
void md_init( md_context_t *ctx );
/**
* \brief Free and clear the message-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void md_free( md_context_t *ctx );
/** /**
* \brief Initialises and fills the message digest context structure * \brief Initialises and fills the message digest context structure
* with the appropriate values. * with the appropriate values.
* *
* \note Currently also clears structure. In future versions you
* will be required to call md_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL. The * \param ctx context to initialise. May not be NULL. The
* digest-specific context (ctx->md_ctx) must be NULL. It will * digest-specific context (ctx->md_ctx) must be NULL. It will
* be allocated, and must be freed using md_free_ctx() later. * be allocated, and must be freed using md_free_ctx() later.
@ -191,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
* \brief Free the message-specific context of ctx. Freeing ctx itself * \brief Free the message-specific context of ctx. Freeing ctx itself
* remains the responsibility of the caller. * remains the responsibility of the caller.
* *
* \note Deprecated: Redirects to md_free()
*
* \param ctx Free the message-specific context * \param ctx Free the message-specific context
* *
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter * \returns 0
* verification fails.
*/ */
int md_free_ctx( md_context_t *ctx ); int md_free_ctx( md_context_t *ctx );

4
library/ccm.c
View File

@ -61,6 +61,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
memset( ctx, 0, sizeof( ccm_context ) ); memset( ctx, 0, sizeof( ccm_context ) );
cipher_init( &ctx->cipher_ctx );
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL ) if( cipher_info == NULL )
return( POLARSSL_ERR_CCM_BAD_INPUT ); return( POLARSSL_ERR_CCM_BAD_INPUT );
@ -85,7 +87,7 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
*/ */
void ccm_free( ccm_context *ctx ) void ccm_free( ccm_context *ctx )
{ {
(void) cipher_free_ctx( &ctx->cipher_ctx ); cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( ccm_context ) ); polarssl_zeroize( ctx, sizeof( ccm_context ) );
} }

23
library/cipher.c
View File

@ -125,6 +125,22 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
return( NULL ); return( NULL );
} }
void cipher_init( cipher_context_t *ctx )
{
memset( ctx, 0, sizeof( cipher_context_t ) );
}
void cipher_free( cipher_context_t *ctx )
{
if( ctx == NULL )
return;
if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
}
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
{ {
if( NULL == cipher_info || NULL == ctx ) if( NULL == cipher_info || NULL == ctx )
@ -151,13 +167,10 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
return( 0 ); return( 0 );
} }
/* Deprecated, redirects to cipher_free() */
int cipher_free_ctx( cipher_context_t *ctx ) int cipher_free_ctx( cipher_context_t *ctx )
{ {
if( ctx == NULL || ctx->cipher_info == NULL ) cipher_free( ctx );
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
return( 0 ); return( 0 );
} }

4
library/gcm.c
View File

@ -157,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
memset( ctx, 0, sizeof(gcm_context) ); memset( ctx, 0, sizeof(gcm_context) );
cipher_init( &ctx->cipher_ctx );
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB ); cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL ) if( cipher_info == NULL )
return( POLARSSL_ERR_GCM_BAD_INPUT ); return( POLARSSL_ERR_GCM_BAD_INPUT );
@ -493,7 +495,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
void gcm_free( gcm_context *ctx ) void gcm_free( gcm_context *ctx )
{ {
(void) cipher_free_ctx( &ctx->cipher_ctx ); cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( gcm_context ) ); polarssl_zeroize( ctx, sizeof( gcm_context ) );
} }

4
library/hmac_drbg.c
View File

@ -93,6 +93,8 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx,
memset( ctx, 0, sizeof( hmac_drbg_context ) ); memset( ctx, 0, sizeof( hmac_drbg_context ) );
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret ); return( ret );
@ -165,6 +167,8 @@ int hmac_drbg_init( hmac_drbg_context *ctx,
memset( ctx, 0, sizeof( hmac_drbg_context ) ); memset( ctx, 0, sizeof( hmac_drbg_context ) );
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret ); return( ret );

23
library/md.c
View File

@ -172,6 +172,22 @@ const md_info_t *md_info_from_type( md_type_t md_type )
} }
} }
void md_init( md_context_t *ctx )
{
memset( ctx, 0, sizeof( md_context_t ) );
}
void md_free( md_context_t *ctx )
{
if( ctx == NULL )
return;
if( ctx->md_ctx )
ctx->md_info->ctx_free_func( ctx->md_ctx );
polarssl_zeroize( ctx, sizeof( md_context_t ) );
}
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
{ {
if( md_info == NULL || ctx == NULL ) if( md_info == NULL || ctx == NULL )
@ -191,12 +207,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
int md_free_ctx( md_context_t *ctx ) int md_free_ctx( md_context_t *ctx )
{ {
if( ctx == NULL || ctx->md_info == NULL ) md_free( ctx );
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->ctx_free_func( ctx->md_ctx );
polarssl_zeroize( ctx, sizeof( md_context_t ) );
return( 0 ); return( 0 );
} }

8
library/pkcs12.c
View File

@ -194,6 +194,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
return( ret ); return( ret );
} }
cipher_init( &cipher_ctx );
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
goto exit; goto exit;
@ -218,7 +220,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
exit: exit:
polarssl_zeroize( key, sizeof( key ) ); polarssl_zeroize( key, sizeof( key ) );
polarssl_zeroize( iv, sizeof( iv ) ); polarssl_zeroize( iv, sizeof( iv ) );
cipher_free_ctx( &cipher_ctx ); cipher_free( &cipher_ctx );
return( ret ); return( ret );
} }
@ -265,6 +267,8 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
if( md_info == NULL ) if( md_info == NULL )
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE ); return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
md_init( &md_ctx );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
return( ret ); return( ret );
hlen = md_get_size( md_info ); hlen = md_get_size( md_info );
@ -348,7 +352,7 @@ exit:
polarssl_zeroize( hash_block, sizeof( hash_block ) ); polarssl_zeroize( hash_block, sizeof( hash_block ) );
polarssl_zeroize( hash_output, sizeof( hash_output ) ); polarssl_zeroize( hash_output, sizeof( hash_output ) );
md_free_ctx( &md_ctx ); md_free( &md_ctx );
return( ret ); return( ret );
} }

29
library/pkcs5.c
View File

@ -130,9 +130,6 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
p = pbe_params->p; p = pbe_params->p;
end = p + pbe_params->len; end = p + pbe_params->len;
memset( &md_ctx, 0, sizeof(md_context_t) );
memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
/* /*
* PBES2-params ::= SEQUENCE { * PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
@ -187,6 +184,9 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
} }
md_init( &md_ctx );
cipher_init( &cipher_ctx );
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
@ -209,8 +209,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH; ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
exit: exit:
md_free_ctx( &md_ctx ); md_free( &md_ctx );
cipher_free_ctx( &cipher_ctx ); cipher_free( &cipher_ctx );
return( ret ); return( ret );
} }
@ -364,12 +364,20 @@ int pkcs5_self_test( int verbose )
int ret, i; int ret, i;
unsigned char key[64]; unsigned char key[64];
md_init( &sha1_ctx );
info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 ); info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 );
if( info_sha1 == NULL ) if( info_sha1 == NULL )
return( 1 ); {
ret = 1;
goto exit;
}
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 ) if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
return( 1 ); {
ret = 1;
goto exit;
}
if( verbose != 0 ) if( verbose != 0 )
polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" ); polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
@ -387,7 +395,8 @@ int pkcs5_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
polarssl_printf( "failed\n" ); polarssl_printf( "failed\n" );
return( 1 ); ret = 1;
goto exit;
} }
if( verbose != 0 ) if( verbose != 0 )
@ -396,8 +405,8 @@ int pkcs5_self_test( int verbose )
polarssl_printf( "\n" ); polarssl_printf( "\n" );
if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 ) exit:
return( 1 ); md_free( &sha1_ctx );
return( 0 ); return( 0 );
} }

16
library/rsa.c
View File

@ -540,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
*p++ = 1; *p++ = 1;
memcpy( p, input, ilen ); memcpy( p, input, ilen );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); md_init_ctx( &md_ctx, md_info );
// maskedDB: Apply dbMask to DB // maskedDB: Apply dbMask to DB
@ -552,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx ); &md_ctx );
md_free_ctx( &md_ctx ); md_free( &md_ctx );
return( ( mode == RSA_PUBLIC ) return( ( mode == RSA_PUBLIC )
? rsa_public( ctx, output, output ) ? rsa_public( ctx, output, output )
@ -708,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
*/ */
hlen = md_get_size( md_info ); hlen = md_get_size( md_info );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); md_init_ctx( &md_ctx, md_info );
/* Generate lHash */ /* Generate lHash */
@ -721,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx ); &md_ctx );
md_free_ctx( &md_ctx ); md_free( &md_ctx );
/* /*
* Check contents, in "constant-time" * Check contents, in "constant-time"
@ -951,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
memcpy( p, salt, slen ); memcpy( p, salt, slen );
p += slen; p += slen;
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); md_init_ctx( &md_ctx, md_info );
// Generate H = Hash( M' ) // Generate H = Hash( M' )
@ -970,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
// //
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
md_free_ctx( &md_ctx ); md_free( &md_ctx );
msb = mpi_msb( &ctx->N ) - 1; msb = mpi_msb( &ctx->N ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb ); sig[0] &= 0xFF >> ( olen * 8 - msb );
@ -1182,6 +1185,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if( buf[0] >> ( 8 - siglen * 8 + msb ) ) if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info ); md_init_ctx( &md_ctx, md_info );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
@ -1194,7 +1198,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if( p == buf + siglen || if( p == buf + siglen ||
*p++ != 0x01 ) *p++ != 0x01 )
{ {
md_free_ctx( &md_ctx ); md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING ); return( POLARSSL_ERR_RSA_INVALID_PADDING );
} }
@ -1204,7 +1208,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
if( expected_salt_len != RSA_SALT_LEN_ANY && if( expected_salt_len != RSA_SALT_LEN_ANY &&
slen != (size_t) expected_salt_len ) slen != (size_t) expected_salt_len )
{ {
md_free_ctx( &md_ctx ); md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING ); return( POLARSSL_ERR_RSA_INVALID_PADDING );
} }
@ -1216,7 +1220,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
md_update( &md_ctx, p, slen ); md_update( &md_ctx, p, slen );
md_finish( &md_ctx, result ); md_finish( &md_ctx, result );
md_free_ctx( &md_ctx ); md_free( &md_ctx );
if( memcmp( p + slen, result, hlen ) == 0 ) if( memcmp( p + slen, result, hlen ) == 0 )
return( 0 ); return( 0 );

4
library/ssl_cli.c
View File

@ -1758,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
{ {
md_context_t ctx; md_context_t ctx;
md_init( &ctx );
/* Info from md_alg will be used instead */ /* Info from md_alg will be used instead */
hashlen = 0; hashlen = 0;
@ -1779,7 +1781,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, ssl->in_msg + 4, params_len ); md_update( &ctx, ssl->in_msg + 4, params_len );
md_finish( &ctx, hash ); md_finish( &ctx, hash );
md_free_ctx( &ctx ); md_free( &ctx );
} }
else else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \

10
library/ssl_srv.c
View File

@ -2380,6 +2380,8 @@ curve_matching_done:
md_context_t ctx; md_context_t ctx;
const md_info_t *md_info = md_info_from_type( md_alg ); const md_info_t *md_info = md_info_from_type( md_alg );
md_init( &ctx );
/* Info from md_alg will be used instead */ /* Info from md_alg will be used instead */
hashlen = 0; hashlen = 0;
@ -2400,13 +2402,7 @@ curve_matching_done:
md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, dig_signed, dig_signed_len ); md_update( &ctx, dig_signed, dig_signed_len );
md_finish( &ctx, hash ); md_finish( &ctx, hash );
md_free( &ctx );
if( ( ret = md_free_ctx( &ctx ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_free_ctx", ret );
return( ret );
}
} }
else else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \

14
library/ssl_tls.c
View File

@ -3311,6 +3311,12 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake,
static void ssl_transform_init( ssl_transform *transform ) static void ssl_transform_init( ssl_transform *transform )
{ {
memset( transform, 0, sizeof(ssl_transform) ); memset( transform, 0, sizeof(ssl_transform) );
cipher_init( &transform->cipher_ctx_enc );
cipher_init( &transform->cipher_ctx_dec );
md_init( &transform->md_ctx_enc );
md_init( &transform->md_ctx_dec );
} }
void ssl_session_init( ssl_session *session ) void ssl_session_init( ssl_session *session )
@ -4506,11 +4512,11 @@ void ssl_transform_free( ssl_transform *transform )
inflateEnd( &transform->ctx_inflate ); inflateEnd( &transform->ctx_inflate );
#endif #endif
cipher_free_ctx( &transform->cipher_ctx_enc ); cipher_free( &transform->cipher_ctx_enc );
cipher_free_ctx( &transform->cipher_ctx_dec ); cipher_free( &transform->cipher_ctx_dec );
md_free_ctx( &transform->md_ctx_enc ); md_free( &transform->md_ctx_enc );
md_free_ctx( &transform->md_ctx_dec ); md_free( &transform->md_ctx_dec );
polarssl_zeroize( transform, sizeof( ssl_transform ) ); polarssl_zeroize( transform, sizeof( ssl_transform ) );
} }