From a317a982217fa1575792ff6d89e73d150cb8d77d Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 16:44:11 +0200 Subject: [PATCH] Adapt programs / test suites --- include/polarssl/havege.h | 7 +++++++ library/entropy.c | 3 +++ library/havege.c | 13 +++++++++++++ programs/pkey/dh_client.c | 4 ++-- programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 3 ++- programs/pkey/ecdsa.c | 1 + programs/pkey/gen_key.c | 1 + programs/pkey/pk_decrypt.c | 1 + programs/pkey/pk_encrypt.c | 1 + programs/pkey/pk_sign.c | 1 + programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + programs/pkey/rsa_genkey.c | 1 + programs/pkey/rsa_sign_pss.c | 1 + programs/random/gen_random_ctr_drbg.c | 1 + programs/random/gen_random_havege.c | 11 +++++++---- programs/ssl/ssl_client1.c | 1 + programs/ssl/ssl_client2.c | 1 + programs/ssl/ssl_fork_server.c | 1 + programs/ssl/ssl_mail_client.c | 1 + programs/ssl/ssl_pthread_server.c | 1 + programs/ssl/ssl_server.c | 1 + programs/ssl/ssl_server2.c | 6 +++++- programs/test/benchmark.c | 4 +++- programs/test/o_p_test.c | 1 + programs/test/ssl_test.c | 1 + programs/x509/cert_app.c | 1 + programs/x509/cert_req.c | 1 + programs/x509/cert_write.c | 1 + tests/suites/test_suite_ctr_drbg.function | 8 ++++++++ tests/suites/test_suite_dhm.function | 6 +++--- tests/suites/test_suite_rsa.function | 1 + 33 files changed, 76 insertions(+), 12 deletions(-) diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h index 5998903ec..536eb0882 100644 --- a/include/polarssl/havege.h +++ b/include/polarssl/havege.h @@ -53,6 +53,13 @@ havege_state; */ void havege_init( havege_state *hs ); +/** + * \brief Clear HAVEGE state + * + * \param hs HAVEGE state to be cleared + */ +void havege_free( havege_state *hs ); + /** * \brief HAVEGE rand function * diff --git a/library/entropy.c b/library/entropy.c index 04de07fd2..7f9531721 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,6 +83,9 @@ void entropy_init( entropy_context *ctx ) void entropy_free( entropy_context *ctx ) { +#if defined(POLARSSL_HAVEGE_C) + havege_free( &ctx->havege_data ); +#endif polarssl_zeroize( ctx, sizeof( entropy_context ) ); #if defined(POLARSSL_THREADING_C) polarssl_mutex_free( &ctx->mutex ); diff --git a/library/havege.c b/library/havege.c index de024de65..3acd5bca1 100644 --- a/library/havege.c +++ b/library/havege.c @@ -43,6 +43,11 @@ #include +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array. @@ -200,6 +205,14 @@ void havege_init( havege_state *hs ) havege_fill( hs ); } +void havege_free( havege_state *hs ) +{ + if( hs == NULL ) + return; + + polarssl_zeroize( hs, sizeof( havege_state ) ); +} + /* * HAVEGE rand function */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 92c5bca7d..5315eb921 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -82,8 +82,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset( &rsa, 0, sizeof( rsa ) ); - memset( &dhm, 0, sizeof( dhm ) ); - + dhm_init( &dhm ); aes_init( &aes ); /* @@ -284,6 +283,7 @@ exit: aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index e75b33825..598940ea1 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -154,6 +154,7 @@ int main( int argc, char *argv[] ) exit: mpi_free( &G ); mpi_free( &P ); mpi_free( &Q ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bb184f8f..976da4ca8 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -83,7 +83,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset( &rsa, 0, sizeof( rsa ) ); - memset( &dhm, 0, sizeof( dhm ) ); + dhm_init( &dhm ); aes_init( &aes ); /* @@ -284,6 +284,7 @@ exit: aes_free( &aes ); rsa_free( &rsa ); dhm_free( &dhm ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 40d67da9c..67fc71031 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -229,6 +229,7 @@ exit: ecdsa_free( &ctx_verify ); ecdsa_free( &ctx_sign ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); return( ret ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 2f3ba358a..67e374743 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -388,6 +388,7 @@ exit: } pk_free( &key ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 8088c8f1c..2ecb1d8b6 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) ret = 0; exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index ad005736c..2eb139c49 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 2c355d939..d80cbd7c5 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -151,6 +151,7 @@ int main( int argc, char *argv[] ) exit: pk_free( &pk ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_ERROR_C) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index c77d210e7..c79f1e496 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -164,6 +164,7 @@ int main( int argc, char *argv[] ) ret = 0; exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 51a5ddb64..677ce76c0 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -152,6 +152,7 @@ int main( int argc, char *argv[] ) printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 861e2c73f..48d8c5e74 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -154,6 +154,7 @@ exit: fclose( fpriv ); rsa_free( &rsa ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 890a0b699..e3e56c60f 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -161,6 +161,7 @@ int main( int argc, char *argv[] ) exit: pk_free( &pk ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index ddd7737c1..94e200d85 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -115,6 +115,7 @@ cleanup: printf("\n"); fclose( f ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); return( ret ); diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index fd394117b..e9152fac5 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -48,7 +48,7 @@ int main( int argc, char *argv[] ) { FILE *f; time_t t; - int i, k; + int i, k, ret = 0; havege_state hs; unsigned char buf[1024]; @@ -73,8 +73,9 @@ int main( int argc, char *argv[] ) if( havege_random( &hs, buf, sizeof( buf ) ) != 0 ) { printf( "Failed to get random from source.\n" ); - fclose( f ); - return( 1 ); + + ret = 1; + goto exit; } fwrite( buf, sizeof( buf ), 1, f ); @@ -89,7 +90,9 @@ int main( int argc, char *argv[] ) printf(" \n "); +exit: + havege_free( &hs ); fclose( f ); - return( 0 ); + return( ret ); } #endif /* POLARSSL_HAVEGE_C */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index e5a68e290..1b369a658 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -290,6 +290,7 @@ exit: x509_crt_free( &cacert ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 87eadf81e..0d4d5926e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1209,6 +1209,7 @@ exit: #endif ssl_session_free( &saved_session ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d10a9e691..706cdd492 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -376,6 +376,7 @@ exit: x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 792e166fd..06d6b8951 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -816,6 +816,7 @@ exit: x509_crt_free( &cacert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 3f390714b..cc6ad8901 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -492,6 +492,7 @@ exit: #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_free( &cache ); #endif + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); polarssl_mutex_free( &debug_mutex ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 545243d41..9e097998f 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -373,6 +373,7 @@ exit: #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_free( &cache ); #endif + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 371c90923..e58099f10 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -626,7 +626,7 @@ int main( int argc, char *argv[] ) pk_init( &pkey2 ); #endif #if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO) - memset( &dhm, 0, sizeof( dhm_context ) ); + dhm_init( &dhm ); #endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); @@ -1655,6 +1655,9 @@ exit: if( client_fd != -1 ) net_close( client_fd ); +#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO) + dhm_free( &dhm ); +#endif #if defined(POLARSSL_X509_CRT_PARSE_C) x509_crt_free( &cacert ); x509_crt_free( &srvcert ); @@ -1673,6 +1676,7 @@ exit: #endif ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(POLARSSL_SSL_CACHE_C) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a17d6900b..4462357c1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -414,6 +414,7 @@ int main( int argc, char *argv[] ) havege_state hs; havege_init( &hs ); TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) ); + havege_free( &hs ); } #endif @@ -434,6 +435,7 @@ int main( int argc, char *argv[] ) TIME_AND_TSC( "CTR_DRBG (PR)", if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 ) exit(1) ); + ctr_drbg_free( &ctr_drbg ); } #endif @@ -531,7 +533,7 @@ int main( int argc, char *argv[] ) size_t olen; for( i = 0; i < DHM_SIZES; i++ ) { - memset( &dhm, 0, sizeof( dhm_context ) ); + dhm_init( &dhm ); if( mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 || mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 ) diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c index 14789401f..e5047e5dd 100644 --- a/programs/test/o_p_test.c +++ b/programs/test/o_p_test.c @@ -258,6 +258,7 @@ int main( int argc, char *argv[] ) printf( "String value (PolarSSL Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted ); exit: + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #ifdef WIN32 diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 7dcdcae82..ab7b8124c 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -417,6 +417,7 @@ exit: x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); if( client_fd != -1 ) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index fae00d2e8..5f8636b10 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -492,6 +492,7 @@ exit: x509_crl_free( &cacrl ); #endif pk_free( &pkey ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 6a0467ae2..f229e0bb9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -329,6 +329,7 @@ exit: x509write_csr_free( &req ); pk_free( &key ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index e50a99dfe..8f0616c83 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -652,6 +652,7 @@ exit: pk_free( &loaded_subject_key ); pk_free( &loaded_issuer_key ); mpi_free( &serial ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 56906750b..b3790a2d7 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -45,6 +45,8 @@ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 ); hexify( output_str, buf, 16 ); TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -79,6 +81,8 @@ void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string, TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 ); hexify( output_str, buf, 16 ); TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -150,6 +154,8 @@ void ctr_drbg_entropy_usage( ) last_idx = test_offset_idx; TEST_ASSERT( ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 ); TEST_ASSERT( test_offset_idx - last_idx == 13 ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ @@ -161,6 +167,8 @@ void ctr_drbg_seed_file( char *path, int ret ) TEST_ASSERT( ctr_drbg_init( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( ctr_drbg_update_seed_file( &ctx, path ) == ret ); + + ctr_drbg_free( &ctx ); } /* END_CASE */ diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index b0df9fdbb..8c8551761 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -25,8 +25,8 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, i; rnd_pseudo_info rnd_info; - memset( &ctx_srv, 0x00, sizeof( dhm_context ) ); - memset( &ctx_cli, 0x00, sizeof( dhm_context ) ); + dhm_init( &ctx_srv ); + dhm_init( &ctx_cli ); memset( ske, 0x00, 1000 ); memset( pub_cli, 0x00, 1000 ); memset( sec_srv, 0x00, 1000 ); @@ -103,7 +103,7 @@ void dhm_file( char *filename, char *p, char *g, int len ) dhm_context ctx; mpi P, G; - memset( &ctx, 0, sizeof ctx ); + dhm_init( &ctx ); mpi_init( &P ); mpi_init( &G ); TEST_ASSERT( mpi_read_string( &P, 16, p ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a01b21710..a762e0466 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -597,6 +597,7 @@ void rsa_gen_key( int nrbits, int exponent, int result) } rsa_free( &ctx ); + ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); } /* END_CASE */