Merge init / free usage pattern for all public contexts
diff --git a/ChangeLog b/ChangeLog
index d9fa94a..3e99e26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@
* md_list() now returns hashes strongest first
* Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
strongest offered by client.
+ * All public contexts have _init() and _free() functions now for simpler
+ usage pattern
Bugfix
* Fix in debug_print_msg()
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 58b348e..2e9092f 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -74,6 +74,20 @@
aes_context;
/**
+ * \brief Initialize AES context
+ *
+ * \param ctx AES context to be initialized
+ */
+void aes_init( aes_context *ctx );
+
+/**
+ * \brief Clear AES context
+ *
+ * \param ctx AES context to be cleared
+ */
+void aes_free( aes_context *ctx );
+
+/**
* \brief AES key schedule (encryption)
*
* \param ctx AES context to be initialized
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index c6c676b..555f54f 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -55,9 +55,23 @@
arc4_context;
/**
- * \brief ARC4 key schedule
+ * \brief Initialize ARC4 context
*
* \param ctx ARC4 context to be initialized
+ */
+void arc4_init( arc4_context *ctx );
+
+/**
+ * \brief Clear ARC4 context
+ *
+ * \param ctx ARC4 context to be cleared
+ */
+void arc4_free( arc4_context *ctx );
+
+/**
+ * \brief ARC4 key schedule
+ *
+ * \param ctx ARC4 context to be setup
* \param key the secret key
* \param keylen length of the key, in bytes
*/
diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h
index c9c8672..c652b46 100644
--- a/include/polarssl/blowfish.h
+++ b/include/polarssl/blowfish.h
@@ -71,6 +71,20 @@
blowfish_context;
/**
+ * \brief Initialize Blowfish context
+ *
+ * \param ctx Blowfish context to be initialized
+ */
+void blowfish_init( blowfish_context *ctx );
+
+/**
+ * \brief Clear Blowfish context
+ *
+ * \param ctx Blowfish context to be cleared
+ */
+void blowfish_free( blowfish_context *ctx );
+
+/**
* \brief Blowfish key schedule
*
* \param ctx Blowfish context to be initialized
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index 34c1990..8488d1d 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -67,6 +67,20 @@
camellia_context;
/**
+ * \brief Initialize CAMELLIA context
+ *
+ * \param ctx CAMELLIA context to be initialized
+ */
+void camellia_init( camellia_context *ctx );
+
+/**
+ * \brief Clear CAMELLIA context
+ *
+ * \param ctx CAMELLIA context to be cleared
+ */
+void camellia_free( camellia_context *ctx );
+
+/**
* \brief CAMELLIA key schedule (encryption)
*
* \param ctx CAMELLIA context to be initialized
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index 84993f7..087e590 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -332,9 +332,25 @@
const cipher_mode_t mode );
/**
+ * \brief Initialize a cipher_context (as NONE)
+ */
+void cipher_init( cipher_context_t *ctx );
+
+/**
+ * \brief Free and clear the cipher-specific context of ctx.
+ * Freeing ctx itself remains the responsibility of the
+ * caller.
+ */
+void cipher_free( cipher_context_t *ctx );
+
+/**
* \brief Initialises and fills the cipher context structure with
* the appropriate values.
*
+ * \note Currently also clears structure. In future versions you
+ * will be required to call cipher_init() on the structure
+ * first.
+ *
* \param ctx context to initialise. May not be NULL.
* \param cipher_info cipher to use.
*
@@ -349,10 +365,11 @@
* \brief Free the cipher-specific context of ctx. Freeing ctx
* itself remains the responsibility of the caller.
*
+ * \note Deprecated: Redirects to cipher_free()
+ *
* \param ctx Free the cipher-specific context
*
- * \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \returns 0
*/
int cipher_free_ctx( cipher_context_t *ctx );
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index 4b5a444..bebbfe9 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -131,6 +131,13 @@
size_t len );
/**
+ * \brief Clear CTR_CRBG context data
+ *
+ * \param ctx CTR_DRBG context to clear
+ */
+void ctr_drbg_free( ctr_drbg_context *ctx );
+
+/**
* \brief Enable / disable prediction resistance (Default: Off)
*
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index 7872975..89bb394 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -78,6 +78,34 @@
des3_context;
/**
+ * \brief Initialize DES context
+ *
+ * \param ctx DES context to be initialized
+ */
+void des_init( des_context *ctx );
+
+/**
+ * \brief Clear DES context
+ *
+ * \param ctx DES context to be cleared
+ */
+void des_free( des_context *ctx );
+
+/**
+ * \brief Initialize Triple-DES context
+ *
+ * \param ctx DES3 context to be initialized
+ */
+void des3_init( des3_context *ctx );
+
+/**
+ * \brief Clear Triple-DES context
+ *
+ * \param ctx DES3 context to be cleared
+ */
+void des3_free( des3_context *ctx );
+
+/**
* \brief Set key parity on the given key to odd.
*
* DES keys are 56 bits long, but each byte is padded with
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 322a788..064472f 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -170,6 +170,13 @@
dhm_context;
/**
+ * \brief Initialize DHM context
+ *
+ * \param ctx DHM context to be initialized
+ */
+void dhm_init( dhm_context *ctx );
+
+/**
* \brief Parse the ServerKeyExchange parameters
*
* \param ctx DHM context
@@ -256,7 +263,9 @@
void *p_rng );
/**
- * \brief Free the components of a DHM key
+ * \brief Free and clear the components of a DHM key
+ *
+ * \param ctx DHM context to free and clear
*/
void dhm_free( dhm_context *ctx );
diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h
index 5998903..536eb08 100644
--- a/include/polarssl/havege.h
+++ b/include/polarssl/havege.h
@@ -54,6 +54,13 @@
void havege_init( havege_state *hs );
/**
+ * \brief Clear HAVEGE state
+ *
+ * \param hs HAVEGE state to be cleared
+ */
+void havege_free( havege_state *hs );
+
+/**
* \brief HAVEGE rand function
*
* \param p_rng A HAVEGE state
diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index 8de233a..81d8a2e 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -173,9 +173,25 @@
const md_info_t *md_info_from_type( md_type_t md_type );
/**
+ * \brief Initialize a md_context (as NONE)
+ */
+void md_init( md_context_t *ctx );
+
+/**
+ * \brief Free and clear the message-specific context of ctx.
+ * Freeing ctx itself remains the responsibility of the
+ * caller.
+ */
+void md_free( md_context_t *ctx );
+
+/**
* \brief Initialises and fills the message digest context structure
* with the appropriate values.
*
+ * \note Currently also clears structure. In future versions you
+ * will be required to call md_init() on the structure
+ * first.
+ *
* \param ctx context to initialise. May not be NULL. The
* digest-specific context (ctx->md_ctx) must be NULL. It will
* be allocated, and must be freed using md_free_ctx() later.
@@ -191,10 +207,11 @@
* \brief Free the message-specific context of ctx. Freeing ctx itself
* remains the responsibility of the caller.
*
+ * \note Deprecated: Redirects to md_free()
+ *
* \param ctx Free the message-specific context
*
- * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
- * verification fails.
+ * \returns 0
*/
int md_free_ctx( md_context_t *ctx );
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 96da06c..952b0bf 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -61,6 +61,20 @@
md2_context;
/**
+ * \brief Initialize MD2 context
+ *
+ * \param ctx MD2 context to be initialized
+ */
+void md2_init( md2_context *ctx );
+
+/**
+ * \brief Clear MD2 context
+ *
+ * \param ctx MD2 context to be cleared
+ */
+void md2_free( md2_context *ctx );
+
+/**
* \brief MD2 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index 6302c3c..fc5a5cd 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -67,6 +67,20 @@
md4_context;
/**
+ * \brief Initialize MD4 context
+ *
+ * \param ctx MD4 context to be initialized
+ */
+void md4_init( md4_context *ctx );
+
+/**
+ * \brief Clear MD4 context
+ *
+ * \param ctx MD4 context to be cleared
+ */
+void md4_free( md4_context *ctx );
+
+/**
* \brief MD4 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h
index bb0ebf3..2f378f6 100644
--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -67,6 +67,20 @@
md5_context;
/**
+ * \brief Initialize MD5 context
+ *
+ * \param ctx MD5 context to be initialized
+ */
+void md5_init( md5_context *ctx );
+
+/**
+ * \brief Clear MD5 context
+ *
+ * \param ctx MD5 context to be cleared
+ */
+void md5_free( md5_context *ctx );
+
+/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/ripemd160.h b/include/polarssl/ripemd160.h
index 754322d..e3b66c9 100644
--- a/include/polarssl/ripemd160.h
+++ b/include/polarssl/ripemd160.h
@@ -67,6 +67,20 @@
ripemd160_context;
/**
+ * \brief Initialize RIPEMD-160 context
+ *
+ * \param ctx RIPEMD-160 context to be initialized
+ */
+void ripemd160_init( ripemd160_context *ctx );
+
+/**
+ * \brief Clear RIPEMD-160 context
+ *
+ * \param ctx RIPEMD-160 context to be cleared
+ */
+void ripemd160_free( ripemd160_context *ctx );
+
+/**
* \brief RIPEMD-160 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h
index 57a731b..cb0c436 100644
--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -67,6 +67,20 @@
sha1_context;
/**
+ * \brief Initialize SHA-1 context
+ *
+ * \param ctx SHA-1 context to be initialized
+ */
+void sha1_init( sha1_context *ctx );
+
+/**
+ * \brief Clear SHA-1 context
+ *
+ * \param ctx SHA-1 context to be cleared
+ */
+void sha1_free( sha1_context *ctx );
+
+/**
* \brief SHA-1 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha256.h b/include/polarssl/sha256.h
index 80a0224..b143674 100644
--- a/include/polarssl/sha256.h
+++ b/include/polarssl/sha256.h
@@ -68,6 +68,20 @@
sha256_context;
/**
+ * \brief Initialize SHA-256 context
+ *
+ * \param ctx SHA-256 context to be initialized
+ */
+void sha256_init( sha256_context *ctx );
+
+/**
+ * \brief Clear SHA-256 context
+ *
+ * \param ctx SHA-256 context to be cleared
+ */
+void sha256_free( sha256_context *ctx );
+
+/**
* \brief SHA-256 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha512.h b/include/polarssl/sha512.h
index c60564f..dfbae4a 100644
--- a/include/polarssl/sha512.h
+++ b/include/polarssl/sha512.h
@@ -69,6 +69,20 @@
sha512_context;
/**
+ * \brief Initialize SHA-512 context
+ *
+ * \param ctx SHA-512 context to be initialized
+ */
+void sha512_init( sha512_context *ctx );
+
+/**
+ * \brief Clear SHA-512 context
+ *
+ * \param ctx SHA-512 context to be cleared
+ */
+void sha512_free( sha512_context *ctx );
+
+/**
* \brief SHA-512 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 2c2beda..bd7f1f7 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -1683,6 +1683,13 @@
void ssl_free( ssl_context *ssl );
/**
+ * \brief Initialize SSL session structure
+ *
+ * \param session SSL session
+ */
+void ssl_session_init( ssl_session *session );
+
+/**
* \brief Free referenced items in an SSL session including the
* peer certificate and clear memory
*
diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h
index 07118d9..794c5ef 100644
--- a/include/polarssl/xtea.h
+++ b/include/polarssl/xtea.h
@@ -65,6 +65,20 @@
xtea_context;
/**
+ * \brief Initialize XTEA context
+ *
+ * \param ctx XTEA context to be initialized
+ */
+void xtea_init( xtea_context *ctx );
+
+/**
+ * \brief Clear XTEA context
+ *
+ * \param ctx XTEA context to be cleared
+ */
+void xtea_free( xtea_context *ctx );
+
+/**
* \brief XTEA key schedule
*
* \param ctx XTEA context to be initialized
diff --git a/library/aes.c b/library/aes.c
index a90ceff..f295747 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -463,6 +463,19 @@
#endif /* POLARSSL_AES_ROM_TABLES */
+void aes_init( aes_context *ctx )
+{
+ memset( ctx, 0, sizeof( aes_context ) );
+}
+
+void aes_free( aes_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( aes_context ) );
+}
+
/*
* AES key schedule (encryption)
*/
@@ -581,11 +594,12 @@
int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
unsigned int keysize )
{
- int i, j;
+ int i, j, ret;
aes_context cty;
uint32_t *RK;
uint32_t *SK;
- int ret;
+
+ aes_init( &cty );
#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
@@ -599,7 +613,7 @@
/* Also checks keysize */
if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 )
- return( ret );
+ goto exit;
ctx->nr = cty.nr;
@@ -608,7 +622,7 @@
{
aesni_inverse_key( (unsigned char *) ctx->rk,
(const unsigned char *) cty.rk, ctx->nr );
- goto done;
+ goto exit;
}
#endif
@@ -635,12 +649,10 @@
*RK++ = *SK++;
*RK++ = *SK++;
-#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
-done:
-#endif
- polarssl_zeroize( &cty, sizeof( aes_context ) );
+exit:
+ aes_free( &cty );
- return( 0 );
+ return( ret );
}
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
@@ -1171,7 +1183,7 @@
*/
int aes_self_test( int verbose )
{
- int i, j, u, v;
+ int ret = 0, i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
unsigned char iv[16];
@@ -1189,6 +1201,7 @@
aes_context ctx;
memset( key, 0, 32 );
+ aes_init( &ctx );
/*
* ECB mode
@@ -1216,7 +1229,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
else
@@ -1231,7 +1245,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
@@ -1271,7 +1286,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
else
@@ -1294,7 +1310,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
@@ -1335,7 +1352,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
else
@@ -1348,7 +1366,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
@@ -1392,7 +1411,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
else
@@ -1408,7 +1428,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
}
@@ -1420,7 +1441,12 @@
polarssl_printf( "\n" );
#endif /* POLARSSL_CIPHER_MODE_CTR */
- return( 0 );
+ ret = 0;
+
+exit:
+ aes_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/arc4.c b/library/arc4.c
index d722c56..54e89ea 100644
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -46,6 +46,24 @@
#if !defined(POLARSSL_ARC4_ALT)
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+void arc4_init( arc4_context *ctx )
+{
+ memset( ctx, 0, sizeof( arc4_context ) );
+}
+
+void arc4_free( arc4_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( arc4_context ) );
+}
+
/*
* ARC4 key schedule
*/
@@ -146,11 +164,13 @@
*/
int arc4_self_test( int verbose )
{
- int i;
+ int i, ret = 0;
unsigned char ibuf[8];
unsigned char obuf[8];
arc4_context ctx;
+ arc4_init( &ctx );
+
for( i = 0; i < 3; i++ )
{
if( verbose != 0 )
@@ -166,7 +186,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -176,7 +197,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ arc4_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/blowfish.c b/library/blowfish.c
index d8b0c36..87396dc 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -41,6 +41,11 @@
#if !defined(POLARSSL_BLOWFISH_ALT)
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -152,6 +157,19 @@
*xr = Xr;
}
+void blowfish_init( blowfish_context *ctx )
+{
+ memset( ctx, 0, sizeof( blowfish_context ) );
+}
+
+void blowfish_free( blowfish_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( blowfish_context ) );
+}
+
/*
* Blowfish key schedule
*/
diff --git a/library/camellia.c b/library/camellia.c
index f1d4d6b..a4968f4 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -322,6 +322,19 @@
z[1] ^= I0;
}
+void camellia_init( camellia_context *ctx )
+{
+ memset( ctx, 0, sizeof( camellia_context ) );
+}
+
+void camellia_free( camellia_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( camellia_context ) );
+}
+
/*
* Camellia key schedule (encryption)
*/
@@ -433,16 +446,17 @@
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
unsigned int keysize )
{
- int idx;
+ int idx, ret;
size_t i;
camellia_context cty;
uint32_t *RK;
uint32_t *SK;
- int ret;
+
+ camellia_init( &cty );
/* Also checks keysize */
if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
- return( ret );
+ goto exit;
ctx->nr = cty.nr;
idx = ( ctx->nr == 4 );
@@ -468,9 +482,10 @@
*RK++ = *SK++;
*RK++ = *SK++;
- polarssl_zeroize( &cty, sizeof( camellia_context ) );
+exit:
+ camellia_free( &cty );
- return( 0 );
+ return( ret );
}
/*
diff --git a/library/ccm.c b/library/ccm.c
index 91dee67..60477d0 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -61,6 +61,8 @@
memset( ctx, 0, sizeof( ccm_context ) );
+ cipher_init( &ctx->cipher_ctx );
+
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_CCM_BAD_INPUT );
@@ -85,7 +87,7 @@
*/
void ccm_free( ccm_context *ctx )
{
- (void) cipher_free_ctx( &ctx->cipher_ctx );
+ cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( ccm_context ) );
}
diff --git a/library/cipher.c b/library/cipher.c
index 16acd80..5cd30f8 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -125,6 +125,22 @@
return( NULL );
}
+void cipher_init( cipher_context_t *ctx )
+{
+ memset( ctx, 0, sizeof( cipher_context_t ) );
+}
+
+void cipher_free( cipher_context_t *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ if( ctx->cipher_ctx )
+ ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+
+ polarssl_zeroize( ctx, sizeof(cipher_context_t) );
+}
+
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
{
if( NULL == cipher_info || NULL == ctx )
@@ -151,13 +167,10 @@
return( 0 );
}
+/* Deprecated, redirects to cipher_free() */
int cipher_free_ctx( cipher_context_t *ctx )
{
- if( ctx == NULL || ctx->cipher_info == NULL )
- return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
-
- ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
- polarssl_zeroize( ctx, sizeof(cipher_context_t) );
+ cipher_free( ctx );
return( 0 );
}
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 070963a..47a69a9 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -74,11 +74,6 @@
#include <stdlib.h>
-/* Implementation that should never be optimized out by the compiler */
-static void polarssl_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
#if defined(POLARSSL_GCM_C)
/* shared by all GCM ciphers */
static void *gcm_ctx_alloc( void )
@@ -187,12 +182,19 @@
static void * aes_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( aes_context ) );
+ aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) );
+
+ if( aes == NULL )
+ return( NULL );
+
+ aes_init( aes );
+
+ return( aes );
}
static void aes_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( aes_context ) );
+ aes_free( (aes_context *) ctx );
polarssl_free( ctx );
}
@@ -541,12 +543,20 @@
static void * camellia_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( camellia_context ) );
+ camellia_context *ctx;
+ ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ camellia_init( ctx );
+
+ return( ctx );
}
static void camellia_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( camellia_context ) );
+ camellia_free( (camellia_context *) ctx );
polarssl_free( ctx );
}
@@ -915,23 +925,38 @@
static void * des_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( des_context ) );
-}
+ des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) );
-static void * des3_ctx_alloc( void )
-{
- return polarssl_malloc( sizeof( des3_context ) );
+ if( des == NULL )
+ return( NULL );
+
+ des_init( des );
+
+ return( des );
}
static void des_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( des_context ) );
+ des_free( (des_context *) ctx );
polarssl_free( ctx );
}
+static void * des3_ctx_alloc( void )
+{
+ des3_context *des3;
+ des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) );
+
+ if( des3 == NULL )
+ return( NULL );
+
+ des3_init( des3 );
+
+ return( des3 );
+}
+
static void des3_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( des3_context ) );
+ des3_free( (des3_context *) ctx );
polarssl_free( ctx );
}
@@ -1122,12 +1147,20 @@
static void * blowfish_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( blowfish_context ) );
+ blowfish_context *ctx;
+ ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ blowfish_init( ctx );
+
+ return( ctx );
}
static void blowfish_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( blowfish_context ) );
+ blowfish_free( (blowfish_context *) ctx );
polarssl_free( ctx );
}
@@ -1216,12 +1249,20 @@
static void * arc4_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( arc4_context ) );
+ arc4_context *ctx;
+ ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ arc4_init( ctx );
+
+ return( ctx );
}
static void arc4_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( arc4_context ) );
+ arc4_free( (arc4_context *) ctx );
polarssl_free( ctx );
}
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 3db517d..96ee4f1 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -48,6 +48,11 @@
#define polarssl_printf printf
#endif
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/*
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
* tests to succeed (which require known length fixed entropy)
@@ -66,6 +71,8 @@
memset( ctx, 0, sizeof(ctr_drbg_context) );
memset( key, 0, CTR_DRBG_KEYSIZE );
+ aes_init( &ctx->aes_ctx );
+
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
@@ -93,6 +100,15 @@
CTR_DRBG_ENTROPY_LEN ) );
}
+void ctr_drbg_free( ctr_drbg_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ aes_free( &ctx->aes_ctx );
+ polarssl_zeroize( ctx, sizeof( ctr_drbg_context ) );
+}
+
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance )
{
ctx->prediction_resistance = resistance;
@@ -122,6 +138,7 @@
size_t buf_len, use_len;
memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 );
+ aes_init( &aes_ctx );
/*
* Construct IV (16 bytes) and S in buffer
@@ -189,6 +206,8 @@
p += CTR_DRBG_BLOCKSIZE;
}
+ aes_free( &aes_ctx );
+
return( 0 );
}
diff --git a/library/des.c b/library/des.c
index 8c156ae..12fe4f4 100644
--- a/library/des.c
+++ b/library/des.c
@@ -305,6 +305,32 @@
#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
+void des_init( des_context *ctx )
+{
+ memset( ctx, 0, sizeof( des_context ) );
+}
+
+void des_free( des_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( des_context ) );
+}
+
+void des3_init( des3_context *ctx )
+{
+ memset( ctx, 0, sizeof( des3_context ) );
+}
+
+void des3_free( des3_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( des3_context ) );
+}
+
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
@@ -839,7 +865,7 @@
*/
int des_self_test( int verbose )
{
- int i, j, u, v;
+ int i, j, u, v, ret = 0;
des_context ctx;
des3_context ctx3;
unsigned char buf[8];
@@ -848,6 +874,8 @@
unsigned char iv[8];
#endif
+ des_init( &ctx );
+ des3_init( &ctx3 );
/*
* ECB mode
*/
@@ -909,7 +937,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1004,7 +1033,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1015,7 +1045,11 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ des_free( &ctx );
+ des3_free( &ctx3 );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/dhm.c b/library/dhm.c
index 5a87e3c..1b1d6d6 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -116,6 +116,11 @@
return( ret );
}
+void dhm_init( dhm_context *ctx )
+{
+ memset( ctx, 0, sizeof( dhm_context ) );
+}
+
/*
* Parse the ServerKeyExchange parameters
*/
@@ -125,8 +130,6 @@
{
int ret;
- dhm_free( ctx );
-
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
@@ -417,7 +420,6 @@
pem_context pem;
pem_init( &pem );
- memset( dhm, 0, sizeof( dhm_context ) );
ret = pem_read_buffer( &pem,
"-----BEGIN DH PARAMETERS-----",
@@ -561,6 +563,8 @@
int ret;
dhm_context dhm;
+ dhm_init( &dhm );
+
if( verbose != 0 )
polarssl_printf( " DHM parameter load: " );
@@ -570,15 +574,16 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( ret );
+ goto exit;
}
if( verbose != 0 )
polarssl_printf( "passed\n\n" );
+exit:
dhm_free( &dhm );
- return( 0 );
+ return( ret );
#else
if( verbose != 0 )
polarssl_printf( " DHM parameter load: skipped\n" );
diff --git a/library/entropy.c b/library/entropy.c
index 04de07f..7f95317 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -83,6 +83,9 @@
void entropy_free( entropy_context *ctx )
{
+#if defined(POLARSSL_HAVEGE_C)
+ havege_free( &ctx->havege_data );
+#endif
polarssl_zeroize( ctx, sizeof( entropy_context ) );
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_free( &ctx->mutex );
diff --git a/library/gcm.c b/library/gcm.c
index d4c68ae..77b1e0f 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -157,6 +157,8 @@
memset( ctx, 0, sizeof(gcm_context) );
+ cipher_init( &ctx->cipher_ctx );
+
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_GCM_BAD_INPUT );
@@ -493,7 +495,7 @@
void gcm_free( gcm_context *ctx )
{
- (void) cipher_free_ctx( &ctx->cipher_ctx );
+ cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( gcm_context ) );
}
diff --git a/library/havege.c b/library/havege.c
index de024de..3acd5bc 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -43,6 +43,11 @@
#include <string.h>
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK
* table, and generates 16 words in the RES array.
@@ -200,6 +205,14 @@
havege_fill( hs );
}
+void havege_free( havege_state *hs )
+{
+ if( hs == NULL )
+ return;
+
+ polarssl_zeroize( hs, sizeof( havege_state ) );
+}
+
/*
* HAVEGE rand function
*/
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 30307b0..d691be1 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -93,6 +93,8 @@
memset( ctx, 0, sizeof( hmac_drbg_context ) );
+ md_init( &ctx->md_ctx );
+
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
@@ -165,6 +167,8 @@
memset( ctx, 0, sizeof( hmac_drbg_context ) );
+ md_init( &ctx->md_ctx );
+
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
diff --git a/library/md.c b/library/md.c
index 00fcef3..7f9c5dc 100644
--- a/library/md.c
+++ b/library/md.c
@@ -172,6 +172,22 @@
}
}
+void md_init( md_context_t *ctx )
+{
+ memset( ctx, 0, sizeof( md_context_t ) );
+}
+
+void md_free( md_context_t *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ if( ctx->md_ctx )
+ ctx->md_info->ctx_free_func( ctx->md_ctx );
+
+ polarssl_zeroize( ctx, sizeof( md_context_t ) );
+}
+
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
{
if( md_info == NULL || ctx == NULL )
@@ -191,12 +207,7 @@
int md_free_ctx( md_context_t *ctx )
{
- if( ctx == NULL || ctx->md_info == NULL )
- return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
-
- ctx->md_info->ctx_free_func( ctx->md_ctx );
-
- polarssl_zeroize( ctx, sizeof( md_context_t ) );
+ md_free( ctx );
return( 0 );
}
diff --git a/library/md2.c b/library/md2.c
index 589c5cc..45bce37 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -86,6 +86,19 @@
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
};
+void md2_init( md2_context *ctx )
+{
+ memset( ctx, 0, sizeof( md2_context ) );
+}
+
+void md2_free( md2_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md2_context ) );
+}
+
/*
* MD2 context setup
*/
@@ -189,11 +202,11 @@
{
md2_context ctx;
+ md2_init( &ctx );
md2_starts( &ctx );
md2_update( &ctx, input, ilen );
md2_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -210,14 +223,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
+ md2_init( &ctx );
md2_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md2_update( &ctx, buf, n );
md2_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -304,11 +317,11 @@
{
md2_context ctx;
+ md2_init( &ctx );
md2_hmac_starts( &ctx, key, keylen );
md2_hmac_update( &ctx, input, ilen );
md2_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md4.c b/library/md4.c
index ccde1a1..f6b71d5 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -79,6 +79,19 @@
}
#endif
+void md4_init( md4_context *ctx )
+{
+ memset( ctx, 0, sizeof( md4_context ) );
+}
+
+void md4_free( md4_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md4_context ) );
+}
+
/*
* MD4 context setup
*/
@@ -285,11 +298,11 @@
{
md4_context ctx;
+ md4_init( &ctx );
md4_starts( &ctx );
md4_update( &ctx, input, ilen );
md4_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -306,14 +319,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
+ md4_init( &ctx );
md4_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md4_update( &ctx, buf, n );
md4_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -400,11 +413,11 @@
{
md4_context ctx;
+ md4_init( &ctx );
md4_hmac_starts( &ctx, key, keylen );
md4_hmac_update( &ctx, input, ilen );
md4_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md5.c b/library/md5.c
index ca16317..89354bc 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -78,6 +78,19 @@
}
#endif
+void md5_init( md5_context *ctx )
+{
+ memset( ctx, 0, sizeof( md5_context ) );
+}
+
+void md5_free( md5_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md5_context ) );
+}
+
/*
* MD5 context setup
*/
@@ -302,11 +315,11 @@
{
md5_context ctx;
+ md5_init( &ctx );
md5_starts( &ctx );
md5_update( &ctx, input, ilen );
md5_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -323,14 +336,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
+ md5_init( &ctx );
md5_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md5_update( &ctx, buf, n );
md5_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -417,11 +430,11 @@
{
md5_context ctx;
+ md5_init( &ctx );
md5_hmac_starts( &ctx, key, keylen );
md5_hmac_update( &ctx, input, ilen );
md5_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md_wrap.c b/library/md_wrap.c
index 834e241..de701d3 100644
--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -398,12 +398,20 @@
static void * ripemd160_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( ripemd160_context ) );
+ ripemd160_context *ctx;
+ ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ ripemd160_init( ctx );
+
+ return( ctx );
}
static void ripemd160_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( (ripemd160_context *) ctx );
polarssl_free( ctx );
}
@@ -486,12 +494,20 @@
static void * sha1_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha1_context ) );
+ sha1_context *ctx;
+ ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha1_init( ctx );
+
+ return( ctx );
}
static void sha1_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha1_context ) );
+ sha1_free( (sha1_context *) ctx );
polarssl_free( ctx );
}
@@ -687,12 +703,20 @@
static void * sha256_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha256_context ) );
+ sha256_context *ctx;
+ ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha256_init( ctx );
+
+ return( ctx );
}
static void sha256_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha256_context ) );
+ sha256_free( (sha256_context *) ctx );
polarssl_free( ctx );
}
@@ -885,12 +909,20 @@
static void * sha512_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha512_context ) );
+ sha512_context *ctx;
+ ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha512_init( ctx );
+
+ return( ctx );
}
static void sha512_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha512_context ) );
+ sha512_free( (sha512_context *) ctx );
polarssl_free( ctx );
}
diff --git a/library/pem.c b/library/pem.c
index 4e00b63..485d829 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -92,6 +92,8 @@
unsigned char md5sum[16];
size_t use_len;
+ md5_init( &md5_ctx );
+
/*
* key[ 0..15] = MD5(pwd || IV)
*/
@@ -104,7 +106,7 @@
{
memcpy( key, md5sum, keylen );
- polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
return;
}
@@ -126,7 +128,7 @@
memcpy( key + 16, md5sum, use_len );
- polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
}
@@ -141,13 +143,15 @@
des_context des_ctx;
unsigned char des_key[8];
+ des_init( &des_ctx );
+
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
des_setkey_dec( &des_ctx, des_key );
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
des_iv, buf, buf );
- polarssl_zeroize( &des_ctx, sizeof( des_ctx ) );
+ des_free( &des_ctx );
polarssl_zeroize( des_key, 8 );
}
@@ -161,13 +165,15 @@
des3_context des3_ctx;
unsigned char des3_key[24];
+ des3_init( &des3_ctx );
+
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
des3_set3key_dec( &des3_ctx, des3_key );
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
- polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) );
+ des3_free( &des3_ctx );
polarssl_zeroize( des3_key, 24 );
}
#endif /* POLARSSL_DES_C */
@@ -183,13 +189,15 @@
aes_context aes_ctx;
unsigned char aes_key[32];
+ aes_init( &aes_ctx );
+
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
aes_iv, buf, buf );
- polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) );
+ aes_free( &aes_ctx );
polarssl_zeroize( aes_key, keylen );
}
#endif /* POLARSSL_AES_C */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index b025450..0cf2edf 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -147,6 +147,8 @@
arc4_context ctx;
((void) mode);
+ arc4_init( &ctx );
+
if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1,
pwd, pwdlen,
key, 16, NULL, 0 ) ) != 0 )
@@ -156,9 +158,13 @@
arc4_setup( &ctx, key, 16 );
if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 )
- return( ret );
+ goto exit;
- return( 0 );
+exit:
+ polarssl_zeroize( key, sizeof( key ) );
+ arc4_free( &ctx );
+
+ return( ret );
#endif /* POLARSSL_ARC4_C */
}
@@ -188,6 +194,8 @@
return( ret );
}
+ cipher_init( &cipher_ctx );
+
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
@@ -212,7 +220,7 @@
exit:
polarssl_zeroize( key, sizeof( key ) );
polarssl_zeroize( iv, sizeof( iv ) );
- cipher_free_ctx( &cipher_ctx );
+ cipher_free( &cipher_ctx );
return( ret );
}
@@ -259,6 +267,8 @@
if( md_info == NULL )
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
+ md_init( &md_ctx );
+
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
return( ret );
hlen = md_get_size( md_info );
@@ -342,7 +352,7 @@
polarssl_zeroize( hash_block, sizeof( hash_block ) );
polarssl_zeroize( hash_output, sizeof( hash_output ) );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( ret );
}
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 3f94d50..e769783 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -130,9 +130,6 @@
p = pbe_params->p;
end = p + pbe_params->len;
- memset( &md_ctx, 0, sizeof(md_context_t) );
- memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
-
/*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
@@ -187,6 +184,9 @@
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
}
+ md_init( &md_ctx );
+ cipher_init( &cipher_ctx );
+
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
@@ -209,8 +209,8 @@
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
exit:
- md_free_ctx( &md_ctx );
- cipher_free_ctx( &cipher_ctx );
+ md_free( &md_ctx );
+ cipher_free( &cipher_ctx );
return( ret );
}
@@ -364,12 +364,20 @@
int ret, i;
unsigned char key[64];
+ md_init( &sha1_ctx );
+
info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 );
if( info_sha1 == NULL )
- return( 1 );
+ {
+ ret = 1;
+ goto exit;
+ }
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
- return( 1 );
+ {
+ ret = 1;
+ goto exit;
+ }
if( verbose != 0 )
polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
@@ -387,7 +395,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -396,8 +405,8 @@
polarssl_printf( "\n" );
- if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 )
- return( 1 );
+exit:
+ md_free( &sha1_ctx );
return( 0 );
}
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 3c2a7e6..fcd7760 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -81,6 +81,19 @@
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
+void ripemd160_init( ripemd160_context *ctx )
+{
+ memset( ctx, 0, sizeof( ripemd160_context ) );
+}
+
+void ripemd160_free( ripemd160_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+}
+
/*
* RIPEMD-160 context setup
*/
@@ -364,11 +377,11 @@
{
ripemd160_context ctx;
+ ripemd160_init( &ctx );
ripemd160_starts( &ctx );
ripemd160_update( &ctx, input, ilen );
ripemd160_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -385,14 +398,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );
+ ripemd160_init( &ctx );
ripemd160_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
ripemd160_update( &ctx, buf, n );
ripemd160_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -479,11 +492,11 @@
{
ripemd160_context ctx;
+ ripemd160_init( &ctx );
ripemd160_hmac_starts( &ctx, key, keylen );
ripemd160_hmac_update( &ctx, input, ilen );
ripemd160_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
}
diff --git a/library/rsa.c b/library/rsa.c
index 3cbac66..0fd5199 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -540,6 +540,7 @@
*p++ = 1;
memcpy( p, input, ilen );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// maskedDB: Apply dbMask to DB
@@ -552,7 +553,7 @@
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( ( mode == RSA_PUBLIC )
? rsa_public( ctx, output, output )
@@ -708,6 +709,7 @@
*/
hlen = md_get_size( md_info );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
/* Generate lHash */
@@ -721,7 +723,7 @@
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
/*
* Check contents, in "constant-time"
@@ -951,6 +953,7 @@
memcpy( p, salt, slen );
p += slen;
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// Generate H = Hash( M' )
@@ -970,7 +973,7 @@
//
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
msb = mpi_msb( &ctx->N ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb );
@@ -1182,6 +1185,7 @@
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
@@ -1194,7 +1198,7 @@
if( p == buf + siglen ||
*p++ != 0x01 )
{
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
@@ -1204,7 +1208,7 @@
if( expected_salt_len != RSA_SALT_LEN_ANY &&
slen != (size_t) expected_salt_len )
{
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
@@ -1216,7 +1220,7 @@
md_update( &md_ctx, p, slen );
md_finish( &md_ctx, result );
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
if( memcmp( p + slen, result, hlen ) == 0 )
return( 0 );
diff --git a/library/sha1.c b/library/sha1.c
index a528d8e..20408c7 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -78,6 +78,19 @@
}
#endif
+void sha1_init( sha1_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha1_context ) );
+}
+
+void sha1_free( sha1_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha1_context ) );
+}
+
/*
* SHA-1 context setup
*/
@@ -335,11 +348,11 @@
{
sha1_context ctx;
+ sha1_init( &ctx );
sha1_starts( &ctx );
sha1_update( &ctx, input, ilen );
sha1_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -356,14 +369,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
+ sha1_init( &ctx );
sha1_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha1_update( &ctx, buf, n );
sha1_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -450,11 +463,11 @@
{
sha1_context ctx;
+ sha1_init( &ctx );
sha1_hmac_starts( &ctx, key, keylen );
sha1_hmac_update( &ctx, input, ilen );
sha1_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -554,11 +567,13 @@
*/
int sha1_self_test( int verbose )
{
- int i, j, buflen;
+ int i, j, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha1sum[20];
sha1_context ctx;
+ sha1_init( &ctx );
+
/*
* SHA-1
*/
@@ -587,7 +602,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -623,7 +639,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -633,7 +650,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha1_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/sha256.c b/library/sha256.c
index 5633f9e..4fc6698 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -78,6 +78,19 @@
}
#endif
+void sha256_init( sha256_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha256_context ) );
+}
+
+void sha256_free( sha256_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha256_context ) );
+}
+
/*
* SHA-256 context setup
*/
@@ -338,11 +351,11 @@
{
sha256_context ctx;
+ sha256_init( &ctx );
sha256_starts( &ctx, is224 );
sha256_update( &ctx, input, ilen );
sha256_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -359,14 +372,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
+ sha256_init( &ctx );
sha256_starts( &ctx, is224 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha256_update( &ctx, buf, n );
sha256_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -457,11 +470,11 @@
{
sha256_context ctx;
+ sha256_init( &ctx );
sha256_hmac_starts( &ctx, key, keylen, is224 );
sha256_hmac_update( &ctx, input, ilen );
sha256_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -632,11 +645,13 @@
*/
int sha256_self_test( int verbose )
{
- int i, j, k, buflen;
+ int i, j, k, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha256sum[32];
sha256_context ctx;
+ sha256_init( &ctx );
+
for( i = 0; i < 6; i++ )
{
j = i % 3;
@@ -665,7 +680,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -704,7 +720,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -714,7 +731,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha256_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/sha512.c b/library/sha512.c
index a29c80a..f1d1525 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -133,6 +133,19 @@
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
};
+void sha512_init( sha512_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha512_context ) );
+}
+
+void sha512_free( sha512_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha512_context ) );
+}
+
/*
* SHA-512 context setup
*/
@@ -336,11 +349,11 @@
{
sha512_context ctx;
+ sha512_init( &ctx );
sha512_starts( &ctx, is384 );
sha512_update( &ctx, input, ilen );
sha512_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -357,14 +370,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
+ sha512_init( &ctx );
sha512_starts( &ctx, is384 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha512_update( &ctx, buf, n );
sha512_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -455,11 +468,11 @@
{
sha512_context ctx;
+ sha512_init( &ctx );
sha512_hmac_starts( &ctx, key, keylen, is384 );
sha512_hmac_update( &ctx, input, ilen );
sha512_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -686,11 +699,13 @@
*/
int sha512_self_test( int verbose )
{
- int i, j, k, buflen;
+ int i, j, k, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha512sum[64];
sha512_context ctx;
+ sha512_init( &ctx );
+
for( i = 0; i < 6; i++ )
{
j = i % 3;
@@ -719,7 +734,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -758,7 +774,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -768,7 +785,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha512_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 035cf39..d38d769 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1718,6 +1718,9 @@
md5_context md5;
sha1_context sha1;
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
hashlen = 36;
/*
@@ -1742,6 +1745,9 @@
sha1_update( &sha1, ssl->handshake->randbytes, 64 );
sha1_update( &sha1, ssl->in_msg + 4, params_len );
sha1_finish( &sha1, hash + 16 );
+
+ md5_free( &md5 );
+ sha1_free( &sha1 );
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
@@ -1752,6 +1758,8 @@
{
md_context_t ctx;
+ md_init( &ctx );
+
/* Info from md_alg will be used instead */
hashlen = 0;
@@ -1773,7 +1781,7 @@
md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, ssl->in_msg + 4, params_len );
md_finish( &ctx, hash );
- md_free_ctx( &ctx );
+ md_free( &ctx );
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8c8fa2c..25be988 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -343,6 +343,8 @@
ssl_session_free( ssl->session_negotiate );
memcpy( ssl->session_negotiate, &session, sizeof( ssl_session ) );
+
+ /* Zeroize instead of free as we copied the content */
polarssl_zeroize( &session, sizeof( ssl_session ) );
return( 0 );
@@ -2337,6 +2339,9 @@
md5_context md5;
sha1_context sha1;
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
/*
* digitally-signed struct {
* opaque md5_hash[16];
@@ -2361,6 +2366,9 @@
sha1_finish( &sha1, hash + 16 );
hashlen = 36;
+
+ md5_free( &md5 );
+ sha1_free( &sha1 );
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
@@ -2372,6 +2380,8 @@
md_context_t ctx;
const md_info_t *md_info = md_info_from_type( md_alg );
+ md_init( &ctx );
+
/* Info from md_alg will be used instead */
hashlen = 0;
@@ -2392,13 +2402,7 @@
md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, dig_signed, dig_signed_len );
md_finish( &ctx, hash );
-
- if( ( ret = md_free_ctx( &ctx ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "md_free_ctx", ret );
- return( ret );
- }
-
+ md_free( &ctx );
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8040f90..6d7b0c8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -156,6 +156,9 @@
unsigned char sha1sum[20];
((void)label);
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
/*
* SSLv3:
* block =
@@ -180,8 +183,8 @@
md5_finish( &md5, dstbuf + i * 16 );
}
- polarssl_zeroize( &md5, sizeof( md5 ) );
- polarssl_zeroize( &sha1, sizeof( sha1 ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padding, sizeof( padding ) );
polarssl_zeroize( sha1sum, sizeof( sha1sum ) );
@@ -805,6 +808,9 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
+
return;
}
#endif /* POLARSSL_SSL_PROTO_SSL3 */
@@ -826,6 +832,9 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
+
return;
}
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */
@@ -844,6 +853,8 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ sha256_free( &sha256 );
+
return;
}
#endif /* POLARSSL_SHA256_C */
@@ -861,6 +872,8 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ sha512_free( &sha512 );
+
return;
}
#endif /* POLARSSL_SHA512_C */
@@ -2878,8 +2891,8 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
- polarssl_zeroize( &md5, sizeof( md5_context ) );
- polarssl_zeroize( &sha1, sizeof( sha1_context ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
polarssl_zeroize( md5sum, sizeof( md5sum ) );
@@ -2936,8 +2949,8 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &md5, sizeof( md5_context ) );
- polarssl_zeroize( &sha1, sizeof( sha1_context ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -2985,7 +2998,7 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &sha256, sizeof( sha256_context ) );
+ sha256_free( &sha256 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -3032,7 +3045,7 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &sha512, sizeof( sha512_context ) );
+ sha512_free( &sha512 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -3257,73 +3270,114 @@
return( 0 );
}
+static void ssl_handshake_params_init( ssl_handshake_params *handshake,
+ ssl_key_cert *key_cert )
+{
+ memset( handshake, 0, sizeof( ssl_handshake_params ) );
+
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ md5_init( &handshake->fin_md5 );
+ sha1_init( &handshake->fin_sha1 );
+ md5_starts( &handshake->fin_md5 );
+ sha1_starts( &handshake->fin_sha1 );
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+ sha256_init( &handshake->fin_sha256 );
+ sha256_starts( &handshake->fin_sha256, 0 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ sha512_init( &handshake->fin_sha512 );
+ sha512_starts( &handshake->fin_sha512, 1 );
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+
+ handshake->update_checksum = ssl_update_checksum_start;
+ handshake->sig_alg = SSL_HASH_SHA1;
+
+#if defined(POLARSSL_DHM_C)
+ dhm_init( &handshake->dhm_ctx );
+#endif
+#if defined(POLARSSL_ECDH_C)
+ ecdh_init( &handshake->ecdh_ctx );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ handshake->key_cert = key_cert;
+#endif
+}
+
+static void ssl_transform_init( ssl_transform *transform )
+{
+ memset( transform, 0, sizeof(ssl_transform) );
+
+ cipher_init( &transform->cipher_ctx_enc );
+ cipher_init( &transform->cipher_ctx_dec );
+
+ md_init( &transform->md_ctx_enc );
+ md_init( &transform->md_ctx_dec );
+}
+
+void ssl_session_init( ssl_session *session )
+{
+ memset( session, 0, sizeof(ssl_session) );
+}
+
static int ssl_handshake_init( ssl_context *ssl )
{
+ /* Clear old handshake information if present */
if( ssl->transform_negotiate )
ssl_transform_free( ssl->transform_negotiate );
- else
+ if( ssl->session_negotiate )
+ ssl_session_free( ssl->session_negotiate );
+ if( ssl->handshake )
+ ssl_handshake_free( ssl->handshake );
+
+ /*
+ * Either the pointers are now NULL or cleared properly and can be freed.
+ * Now allocate missing structures.
+ */
+ if( ssl->transform_negotiate == NULL )
{
ssl->transform_negotiate =
(ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
-
- if( ssl->transform_negotiate != NULL )
- memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) );
}
- if( ssl->session_negotiate )
- ssl_session_free( ssl->session_negotiate );
- else
+ if( ssl->session_negotiate == NULL )
{
ssl->session_negotiate =
(ssl_session *) polarssl_malloc( sizeof(ssl_session) );
-
- if( ssl->session_negotiate != NULL )
- memset( ssl->session_negotiate, 0, sizeof(ssl_session) );
}
- if( ssl->handshake )
- ssl_handshake_free( ssl->handshake );
- else
+ if( ssl->handshake == NULL)
{
ssl->handshake = (ssl_handshake_params *)
polarssl_malloc( sizeof(ssl_handshake_params) );
-
- if( ssl->handshake != NULL )
- memset( ssl->handshake, 0, sizeof(ssl_handshake_params) );
}
+ /* All pointers should exist and can be directly freed without issue */
if( ssl->handshake == NULL ||
ssl->transform_negotiate == NULL ||
ssl->session_negotiate == NULL )
{
SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) );
+
+ polarssl_free( ssl->handshake );
+ polarssl_free( ssl->transform_negotiate );
+ polarssl_free( ssl->session_negotiate );
+
+ ssl->handshake = NULL;
+ ssl->transform_negotiate = NULL;
+ ssl->session_negotiate = NULL;
+
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
}
-#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
- defined(POLARSSL_SSL_PROTO_TLS1_1)
- md5_starts( &ssl->handshake->fin_md5 );
- sha1_starts( &ssl->handshake->fin_sha1 );
-#endif
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
-#if defined(POLARSSL_SHA256_C)
- sha256_starts( &ssl->handshake->fin_sha256, 0 );
-#endif
-#if defined(POLARSSL_SHA512_C)
- sha512_starts( &ssl->handshake->fin_sha512, 1 );
-#endif
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
-
- ssl->handshake->update_checksum = ssl_update_checksum_start;
- ssl->handshake->sig_alg = SSL_HASH_SHA1;
-
-#if defined(POLARSSL_ECDH_C)
- ecdh_init( &ssl->handshake->ecdh_ctx );
-#endif
-
-#if defined(POLARSSL_X509_CRT_PARSE_C)
- ssl->handshake->key_cert = ssl->key_cert;
-#endif
+ /* Initialize structures */
+ ssl_session_init( ssl->session_negotiate );
+ ssl_transform_init( ssl->transform_negotiate );
+ ssl_handshake_params_init( ssl->handshake, ssl->key_cert );
return( 0 );
}
@@ -3482,6 +3536,14 @@
}
#if defined(POLARSSL_SSL_SESSION_TICKETS)
+static void ssl_ticket_keys_free( ssl_ticket_keys *tkeys )
+{
+ aes_free( &tkeys->enc );
+ aes_free( &tkeys->dec );
+
+ polarssl_zeroize( tkeys, sizeof(ssl_ticket_keys) );
+}
+
/*
* Allocate and initialize ticket keys
*/
@@ -3498,8 +3560,12 @@
if( tkeys == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+ aes_init( &tkeys->enc );
+ aes_init( &tkeys->dec );
+
if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
{
+ ssl_ticket_keys_free( tkeys );
polarssl_free( tkeys );
return( ret );
}
@@ -3508,12 +3574,14 @@
( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
{
+ ssl_ticket_keys_free( tkeys );
polarssl_free( tkeys );
return( ret );
}
if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
{
+ ssl_ticket_keys_free( tkeys );
polarssl_free( tkeys );
return( ret );
}
@@ -4436,16 +4504,19 @@
void ssl_transform_free( ssl_transform *transform )
{
+ if( transform == NULL )
+ return;
+
#if defined(POLARSSL_ZLIB_SUPPORT)
deflateEnd( &transform->ctx_deflate );
inflateEnd( &transform->ctx_inflate );
#endif
- cipher_free_ctx( &transform->cipher_ctx_enc );
- cipher_free_ctx( &transform->cipher_ctx_dec );
+ cipher_free( &transform->cipher_ctx_enc );
+ cipher_free( &transform->cipher_ctx_dec );
- md_free_ctx( &transform->md_ctx_enc );
- md_free_ctx( &transform->md_ctx_dec );
+ md_free( &transform->md_ctx_enc );
+ md_free( &transform->md_ctx_dec );
polarssl_zeroize( transform, sizeof( ssl_transform ) );
}
@@ -4473,6 +4544,9 @@
void ssl_handshake_free( ssl_handshake_params *handshake )
{
+ if( handshake == NULL )
+ return;
+
#if defined(POLARSSL_DHM_C)
dhm_free( &handshake->dhm_ctx );
#endif
@@ -4509,6 +4583,9 @@
void ssl_session_free( ssl_session *session )
{
+ if( session == NULL )
+ return;
+
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( session->peer_cert != NULL )
{
@@ -4529,6 +4606,9 @@
*/
void ssl_free( ssl_context *ssl )
{
+ if( ssl == NULL )
+ return;
+
SSL_DEBUG_MSG( 2, ( "=> free" ) );
if( ssl->out_ctr != NULL )
@@ -4580,7 +4660,11 @@
}
#if defined(POLARSSL_SSL_SESSION_TICKETS)
- polarssl_free( ssl->ticket_keys );
+ if( ssl->ticket_keys )
+ {
+ ssl_ticket_keys_free( ssl->ticket_keys );
+ polarssl_free( ssl->ticket_keys );
+ }
#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
diff --git a/library/xtea.c b/library/xtea.c
index 5ff8a04..75215c5 100644
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -41,6 +41,11 @@
#if !defined(POLARSSL_XTEA_ALT)
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -64,6 +69,19 @@
}
#endif
+void xtea_init( xtea_context *ctx )
+{
+ memset( ctx, 0, sizeof( xtea_context ) );
+}
+
+void xtea_free( xtea_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( xtea_context ) );
+}
+
/*
* XTEA key schedule
*/
@@ -223,10 +241,11 @@
*/
int xtea_self_test( int verbose )
{
- int i;
+ int i, ret = 0;
unsigned char buf[8];
xtea_context ctx;
+ xtea_init( &ctx );
for( i = 0; i < 6; i++ )
{
if( verbose != 0 )
@@ -242,7 +261,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -252,7 +272,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ xtea_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 28f74d1..40b7fec 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -93,6 +93,9 @@
off_t filesize, offset;
#endif
+ aes_init( &aes_ctx );
+ sha256_init( &sha_ctx );
+
/*
* Parse the command-line arguments.
*/
@@ -357,7 +360,7 @@
}
memset( key, 0, sizeof( key ) );
- aes_setkey_dec( &aes_ctx, digest, 256 );
+ aes_setkey_dec( &aes_ctx, digest, 256 );
sha256_hmac_starts( &sha_ctx, digest, 32, 0 );
/*
@@ -426,8 +429,8 @@
memset( buffer, 0, sizeof( buffer ) );
memset( digest, 0, sizeof( digest ) );
- memset( &aes_ctx, 0, sizeof( aes_context ) );
- memset( &sha_ctx, 0, sizeof( sha256_context ) );
+ aes_free( &aes_ctx );
+ sha256_free( &sha_ctx );
return( ret );
}
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 3e89ba6..f5484d4 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -95,8 +95,8 @@
off_t filesize, offset;
#endif
- memset( &cipher_ctx, 0, sizeof( cipher_context_t ));
- memset( &md_ctx, 0, sizeof( md_context_t ));
+ cipher_init( &cipher_ctx );
+ md_init( &md_ctx );
/*
* Parse the command-line arguments.
@@ -533,8 +533,8 @@
memset( buffer, 0, sizeof( buffer ) );
memset( digest, 0, sizeof( digest ) );
- cipher_free_ctx( &cipher_ctx );
- md_free_ctx( &md_ctx );
+ cipher_free( &cipher_ctx );
+ md_free( &md_ctx );
return( ret );
}
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index b5de2a1..4d007cf 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -165,7 +165,7 @@
const md_info_t *md_info;
md_context_t md_ctx;
- memset( &md_ctx, 0, sizeof( md_context_t ));
+ md_init( &md_ctx );
if( argc == 1 )
{
@@ -217,7 +217,7 @@
ret |= generic_print( md_info, argv[i] );
exit:
- md_free_ctx( &md_ctx );
+ md_free( &md_ctx );
return( ret );
}
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 154f5e3..5315eb9 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -82,7 +82,8 @@
((void) argv);
memset( &rsa, 0, sizeof( rsa ) );
- memset( &dhm, 0, sizeof( dhm ) );
+ dhm_init( &dhm );
+ aes_init( &aes );
/*
* 1. Setup the RNG
@@ -279,8 +280,10 @@
if( server_fd != -1 )
net_close( server_fd );
+ aes_free( &aes );
rsa_free( &rsa );
dhm_free( &dhm );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index e75b338..598940e 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -154,6 +154,7 @@
exit:
mpi_free( &G ); mpi_free( &P ); mpi_free( &Q );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index c2fdbbf..976da4c 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -83,7 +83,8 @@
((void) argv);
memset( &rsa, 0, sizeof( rsa ) );
- memset( &dhm, 0, sizeof( dhm ) );
+ dhm_init( &dhm );
+ aes_init( &aes );
/*
* 1. Setup the RNG
@@ -280,8 +281,10 @@
if( client_fd != -1 )
net_close( client_fd );
+ aes_free( &aes );
rsa_free( &rsa );
dhm_free( &dhm );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 40d67da..67fc710 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -229,6 +229,7 @@
ecdsa_free( &ctx_verify );
ecdsa_free( &ctx_sign );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
return( ret );
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 2f3ba35..67e3747 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -388,6 +388,7 @@
}
pk_free( &key );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 8088c8f..2ecb1d8 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -140,6 +140,7 @@
ret = 0;
exit:
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_ERROR_C)
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index ad00573..2eb139c 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -140,6 +140,7 @@
printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
exit:
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_ERROR_C)
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 2c355d9..d80cbd7 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -151,6 +151,7 @@
exit:
pk_free( &pk );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_ERROR_C)
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index c77d210..c79f1e4 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -164,6 +164,7 @@
ret = 0;
exit:
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 51a5ddb..677ce76 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -152,6 +152,7 @@
printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
exit:
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 861e2c7..48d8c5e 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -154,6 +154,7 @@
fclose( fpriv );
rsa_free( &rsa );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 890a0b6..e3e56c6 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -161,6 +161,7 @@
exit:
pk_free( &pk );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index ddd7737..94e200d 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -115,6 +115,7 @@
printf("\n");
fclose( f );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
return( ret );
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index fd39411..e9152fa 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -48,7 +48,7 @@
{
FILE *f;
time_t t;
- int i, k;
+ int i, k, ret = 0;
havege_state hs;
unsigned char buf[1024];
@@ -73,8 +73,9 @@
if( havege_random( &hs, buf, sizeof( buf ) ) != 0 )
{
printf( "Failed to get random from source.\n" );
- fclose( f );
- return( 1 );
+
+ ret = 1;
+ goto exit;
}
fwrite( buf, sizeof( buf ), 1, f );
@@ -89,7 +90,9 @@
printf(" \n ");
+exit:
+ havege_free( &hs );
fclose( f );
- return( 0 );
+ return( ret );
}
#endif /* POLARSSL_HAVEGE_C */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index e5a68e2..1b369a6 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -290,6 +290,7 @@
x509_crt_free( &cacert );
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
memset( &ssl, 0, sizeof( ssl ) );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 87eadf8..0d4d592 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1209,6 +1209,7 @@
#endif
ssl_session_free( &saved_session );
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
memset( &ssl, 0, sizeof( ssl ) );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index d10a9e6..706cdd4 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -376,6 +376,7 @@
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 792e166..06d6b89 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -816,6 +816,7 @@
x509_crt_free( &cacert );
pk_free( &pkey );
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 3f39071..cc6ad89 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -492,6 +492,7 @@
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
polarssl_mutex_free( &debug_mutex );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 545243d..9e09799 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -373,6 +373,7 @@
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 371c909..e58099f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -626,7 +626,7 @@
pk_init( &pkey2 );
#endif
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
- memset( &dhm, 0, sizeof( dhm_context ) );
+ dhm_init( &dhm );
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
@@ -1655,6 +1655,9 @@
if( client_fd != -1 )
net_close( client_fd );
+#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
+ dhm_free( &dhm );
+#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_free( &cacert );
x509_crt_free( &srvcert );
@@ -1673,6 +1676,7 @@
#endif
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_SSL_CACHE_C)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index b978f01c..4462357 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -273,8 +273,10 @@
if( todo.arc4 )
{
arc4_context arc4;
+ arc4_init( &arc4 );
arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
+ arc4_free( &arc4 );
}
#endif
@@ -282,17 +284,21 @@
if( todo.des3 )
{
des3_context des3;
+ des3_init( &des3 );
des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
+ des3_free( &des3 );
}
if( todo.des )
{
des_context des;
+ des_init( &des );
des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
+ des_free( &des );
}
#endif
@@ -301,6 +307,7 @@
if( todo.aes_cbc )
{
aes_context aes;
+ aes_init( &aes );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
@@ -312,6 +319,7 @@
TIME_AND_TSC( title,
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
+ aes_free( &aes );
}
#endif
#if defined(POLARSSL_GCM_C)
@@ -360,6 +368,7 @@
if( todo.camellia )
{
camellia_context camellia;
+ camellia_init( &camellia );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
@@ -372,6 +381,7 @@
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
+ camellia_free( &camellia );
}
#endif
@@ -379,6 +389,8 @@
if( todo.blowfish )
{
blowfish_context blowfish;
+ blowfish_init( &blowfish );
+
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
@@ -391,6 +403,8 @@
blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
+
+ blowfish_free( &blowfish );
}
#endif
@@ -400,6 +414,7 @@
havege_state hs;
havege_init( &hs );
TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) );
+ havege_free( &hs );
}
#endif
@@ -420,6 +435,7 @@
TIME_AND_TSC( "CTR_DRBG (PR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
+ ctr_drbg_free( &ctr_drbg );
}
#endif
@@ -517,7 +533,7 @@
size_t olen;
for( i = 0; i < DHM_SIZES; i++ )
{
- memset( &dhm, 0, sizeof( dhm_context ) );
+ dhm_init( &dhm );
if( mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 ||
mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 )
diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c
index 1478940..e5047e5 100644
--- a/programs/test/o_p_test.c
+++ b/programs/test/o_p_test.c
@@ -258,6 +258,7 @@
printf( "String value (PolarSSL Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted );
exit:
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#ifdef WIN32
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 7dcdcae..ab7b812 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -417,6 +417,7 @@
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
if( client_fd != -1 )
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index fae00d2..5f8636b 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -492,6 +492,7 @@
x509_crl_free( &cacrl );
#endif
pk_free( &pkey );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 6a0467a..f229e0b 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -329,6 +329,7 @@
x509write_csr_free( &req );
pk_free( &key );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index e50a99d..8f0616c 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -652,6 +652,7 @@
pk_free( &loaded_subject_key );
pk_free( &loaded_issuer_key );
mpi_free( &serial );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index b92e80d..20f5889 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -22,6 +22,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -34,6 +35,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -52,6 +55,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -64,6 +68,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -85,6 +91,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -98,6 +105,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -119,6 +128,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -132,6 +142,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -153,6 +165,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -163,6 +176,8 @@
hexify( dst_str, output, 16 );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -184,6 +199,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -194,6 +210,8 @@
hexify( dst_str, output, 16 );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -214,6 +232,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -224,6 +243,8 @@
hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ aes_free( &ctx );
}
/* END_CASE */
@@ -244,6 +265,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ aes_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -254,6 +276,8 @@
hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ aes_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index 73df59e..f55a5e8 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -22,6 +22,7 @@
memset(key_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
memset(dst_hexstr, 0x00, 2000);
+ arc4_init( &ctx );
src_len = unhexify( src_str, hex_src_string );
key_len = unhexify( key_str, hex_key_string );
@@ -31,6 +32,8 @@
hexify( dst_hexstr, dst_str, src_len );
TEST_ASSERT( strcmp( (char *) dst_hexstr, hex_dst_string ) == 0 );
+
+ arc4_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index 673b88c..17a5b65 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -22,6 +22,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -34,6 +35,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -52,6 +55,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -64,6 +68,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -85,6 +91,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -99,6 +106,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -120,6 +129,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -133,6 +143,8 @@
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -154,6 +166,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -164,6 +177,8 @@
hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -185,6 +200,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -195,6 +211,8 @@
hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ blowfish_free( &ctx );
}
/* END_CASE */
@@ -218,6 +236,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ blowfish_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -228,5 +247,7 @@
hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ blowfish_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 8f9e978..c5b66a6 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -22,6 +22,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -34,6 +35,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ camellia_free( &ctx );
}
/* END_CASE */
@@ -52,6 +55,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -64,6 +68,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ camellia_free( &ctx );
}
/* END_CASE */
@@ -85,6 +91,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -98,6 +105,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ camellia_free( &ctx );
}
/* END_CASE */
@@ -119,6 +128,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -132,6 +142,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ camellia_free( &ctx );
}
/* END_CASE */
@@ -153,6 +165,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -163,6 +176,8 @@
hexify( dst_str, output, 16 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ camellia_free( &ctx );
}
/* END_CASE */
@@ -184,6 +199,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ camellia_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -194,6 +210,8 @@
hexify( dst_str, output, 16 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ camellia_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 7c9c76d..3afdff6 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -29,7 +29,7 @@
unsigned char buf[1] = { 0 };
size_t olen;
- memset( &ctx, 0, sizeof( cipher_context_t ) );
+ cipher_init( &ctx );
TEST_ASSERT( cipher_get_block_size( NULL ) == 0 );
TEST_ASSERT( cipher_get_block_size( &ctx ) == 0 );
@@ -111,8 +111,8 @@
/*
* Prepare contexts
*/
- memset( &ctx_dec, 0, sizeof( ctx_dec ) );
- memset( &ctx_enc, 0, sizeof( ctx_enc ) );
+ cipher_init( &ctx_dec );
+ cipher_init( &ctx_enc );
memset( key, 0x2a, sizeof( key ) );
@@ -207,8 +207,8 @@
/*
* Done
*/
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) );
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx_enc ) );
+ cipher_free( &ctx_dec );
+ cipher_free( &ctx_enc );
}
/* END_CASE */
@@ -231,7 +231,7 @@
memset( key, 0, 32 );
memset( iv , 0, 16 );
- memset( &ctx, 0, sizeof( ctx ) );
+ cipher_init( &ctx );
memset( inbuf, 5, 64 );
memset( encbuf, 0, 64 );
@@ -259,7 +259,7 @@
TEST_ASSERT( ret == cipher_finish( &ctx, encbuf + outlen, &outlen ) );
/* done */
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx ) );
+ cipher_free( &ctx );
}
/* END_CASE */
@@ -279,16 +279,16 @@
memset( key, 0, 32 );
memset( iv , 0, 16 );
-
- memset( &ctx_dec, 0, sizeof( ctx_dec ) );
-
+
+ cipher_init( &ctx_dec );
+
memset( encbuf, 0, 64 );
memset( decbuf, 0, 64 );
/* Initialise context */
cipher_info = cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
TEST_ASSERT( NULL != cipher_info);
-
+
TEST_ASSERT( 0 == cipher_init_ctx( &ctx_dec, cipher_info ) );
TEST_ASSERT( 0 == cipher_setkey( &ctx_dec, key, 128, POLARSSL_DECRYPT ) );
@@ -308,7 +308,7 @@
&ctx_dec, decbuf + outlen, &outlen ) );
TEST_ASSERT( 0 == outlen );
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) );
+ cipher_free( &ctx_dec );
}
/* END_CASE */
@@ -335,10 +335,10 @@
memset( key, 0, 32 );
memset( iv , 0, 16 );
-
- memset( &ctx_dec, 0, sizeof( ctx_dec ) );
- memset( &ctx_enc, 0, sizeof( ctx_enc ) );
-
+
+ cipher_init( &ctx_dec );
+ cipher_init( &ctx_enc );
+
memset( inbuf, 5, 64 );
memset( encbuf, 0, 64 );
memset( decbuf, 0, 64 );
@@ -346,10 +346,10 @@
/* Initialise enc and dec contexts */
cipher_info = cipher_info_from_type( cipher_id );
TEST_ASSERT( NULL != cipher_info);
-
+
TEST_ASSERT( 0 == cipher_init_ctx( &ctx_dec, cipher_info ) );
TEST_ASSERT( 0 == cipher_init_ctx( &ctx_enc, cipher_info ) );
-
+
TEST_ASSERT( 0 == cipher_setkey( &ctx_dec, key, key_len, POLARSSL_DECRYPT ) );
TEST_ASSERT( 0 == cipher_setkey( &ctx_enc, key, key_len, POLARSSL_ENCRYPT ) );
@@ -397,8 +397,8 @@
TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx_dec ) );
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx_enc ) );
+ cipher_free( &ctx_dec );
+ cipher_free( &ctx_enc );
}
/* END_CASE */
@@ -423,6 +423,8 @@
unsigned char output[200];
size_t outlen, total_len;
+ cipher_init( &ctx );
+
memset( key, 0x00, sizeof( key ) );
memset( iv, 0x00, sizeof( iv ) );
memset( cipher, 0x00, sizeof( cipher ) );
@@ -477,7 +479,7 @@
TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) );
}
- cipher_free_ctx( &ctx );
+ cipher_free( &ctx );
}
/* END_CASE */
@@ -499,6 +501,8 @@
unsigned char output[200];
size_t outlen;
+ cipher_init( &ctx );
+
memset( key, 0x00, sizeof( key ) );
memset( iv, 0x00, sizeof( iv ) );
memset( cipher, 0x00, sizeof( cipher ) );
@@ -563,7 +567,7 @@
cleanup:
- cipher_free_ctx( &ctx );
+ cipher_free( &ctx );
}
/* END_CASE */
@@ -580,6 +584,8 @@
unsigned char output[32];
size_t outlen;
+ cipher_init( &ctx );
+
memset( key, 0x00, sizeof( key ) );
memset( input, 0x00, sizeof( input ) );
memset( result, 0x00, sizeof( result ) );
@@ -610,7 +616,7 @@
TEST_ASSERT( 0 == memcmp( output, result,
cipher_get_block_size( &ctx ) ) );
- cipher_free_ctx( &ctx );
+ cipher_free( &ctx );
}
/* END_CASE */
@@ -620,13 +626,15 @@
const cipher_info_t *cipher_info;
cipher_context_t ctx;
+ cipher_init( &ctx );
+
cipher_info = cipher_info_from_type( cipher_id );
TEST_ASSERT( NULL != cipher_info );
TEST_ASSERT( 0 == cipher_init_ctx( &ctx, cipher_info ) );
TEST_ASSERT( ret == cipher_set_padding_mode( &ctx, pad_mode ) );
- TEST_ASSERT( 0 == cipher_free_ctx( &ctx ) );
+ cipher_free( &ctx );
}
/* END_CASE */
@@ -639,7 +647,7 @@
size_t ilen, dlen;
/* build a fake context just for getting access to get_padding */
- memset( &ctx, 0, sizeof( ctx ) );
+ cipher_init( &ctx );
cipher_info.mode = POLARSSL_MODE_CBC;
ctx.cipher_info = &cipher_info;
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 5690675..b3790a2 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -45,6 +45,8 @@
TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
hexify( output_str, buf, 16 );
TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
+
+ ctr_drbg_free( &ctx );
}
/* END_CASE */
@@ -79,6 +81,8 @@
TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
hexify( output_str, buf, 16 );
TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
+
+ ctr_drbg_free( &ctx );
}
/* END_CASE */
@@ -150,6 +154,8 @@
last_idx = test_offset_idx;
TEST_ASSERT( ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
TEST_ASSERT( test_offset_idx - last_idx == 13 );
+
+ ctr_drbg_free( &ctx );
}
/* END_CASE */
@@ -161,6 +167,8 @@
TEST_ASSERT( ctr_drbg_init( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 );
TEST_ASSERT( ctr_drbg_write_seed_file( &ctx, path ) == ret );
TEST_ASSERT( ctr_drbg_update_seed_file( &ctx, path ) == ret );
+
+ ctr_drbg_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index d5d0f11..0231757 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -34,6 +34,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -43,6 +44,8 @@
hexify( dst_str, output, 8 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ des_free( &ctx );
}
/* END_CASE */
@@ -60,6 +63,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -69,6 +73,8 @@
hexify( dst_str, output, 8 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ des_free( &ctx );
}
/* END_CASE */
@@ -89,6 +95,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -102,6 +109,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ des_free( &ctx );
}
/* END_CASE */
@@ -122,6 +131,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -135,6 +145,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ des_free( &ctx );
}
/* END_CASE */
@@ -152,6 +164,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des3_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -167,6 +180,8 @@
hexify( dst_str, output, 8 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ des3_free( &ctx );
}
/* END_CASE */
@@ -184,6 +199,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des3_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( src_str, hex_src_string );
@@ -199,6 +215,8 @@
hexify( dst_str, output, 8 );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+
+ des3_free( &ctx );
}
/* END_CASE */
@@ -220,6 +238,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des3_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -240,6 +259,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ des3_free( &ctx );
}
/* END_CASE */
@@ -261,6 +282,7 @@
memset(src_str, 0x00, 100);
memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+ des3_init( &ctx );
unhexify( key_str, hex_key_string );
unhexify( iv_str, hex_iv_string );
@@ -281,6 +303,8 @@
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
+
+ des3_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index b0df9fd..8c85517 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -25,8 +25,8 @@
int x_size, i;
rnd_pseudo_info rnd_info;
- memset( &ctx_srv, 0x00, sizeof( dhm_context ) );
- memset( &ctx_cli, 0x00, sizeof( dhm_context ) );
+ dhm_init( &ctx_srv );
+ dhm_init( &ctx_cli );
memset( ske, 0x00, 1000 );
memset( pub_cli, 0x00, 1000 );
memset( sec_srv, 0x00, 1000 );
@@ -103,7 +103,7 @@
dhm_context ctx;
mpi P, G;
- memset( &ctx, 0, sizeof ctx );
+ dhm_init( &ctx );
mpi_init( &P ); mpi_init( &G );
TEST_ASSERT( mpi_read_string( &P, 16, p ) == 0 );
diff --git a/tests/suites/test_suite_hmac_shax.function b/tests/suites/test_suite_hmac_shax.function
index d65437b..10b376f 100644
--- a/tests/suites/test_suite_hmac_shax.function
+++ b/tests/suites/test_suite_hmac_shax.function
@@ -17,6 +17,7 @@
memset(src_str, 0x00, sizeof src_str);
memset(key_str, 0x00, sizeof key_str);
+ sha1_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -56,6 +57,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ sha1_free( &ctx );
}
/* END_CASE */
@@ -72,6 +75,7 @@
memset(src_str, 0x00, sizeof src_str);
memset(key_str, 0x00, sizeof key_str);
+ sha256_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -111,6 +115,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ sha256_free( &ctx );
}
/* END_CASE */
@@ -127,6 +133,7 @@
memset(src_str, 0x00, sizeof src_str);
memset(key_str, 0x00, sizeof key_str);
+ sha256_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -166,6 +173,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ sha256_free( &ctx );
}
/* END_CASE */
@@ -182,6 +191,7 @@
memset(src_str, 0x00, sizeof src_str);
memset(key_str, 0x00, sizeof key_str);
+ sha512_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -221,6 +231,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ sha512_free( &ctx );
}
/* END_CASE */
@@ -237,6 +249,7 @@
memset(src_str, 0x00, sizeof src_str);
memset(key_str, 0x00, sizeof key_str);
+ sha512_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -276,5 +289,7 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ sha512_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 9f06443..338f8af 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -15,7 +15,7 @@
md_context_t ctx;
unsigned char buf[150];
- memset( &ctx, 0, sizeof ctx );
+ md_init( &ctx );
/*
* Very minimal testing of md_process, just make sure the various
@@ -31,7 +31,7 @@
TEST_ASSERT( info != NULL );
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( md_process( &ctx, buf ) == 0 );
- TEST_ASSERT( md_free_ctx( &ctx ) == 0 );
+ md_free( &ctx );
}
}
/* END_CASE */
@@ -43,7 +43,7 @@
const md_info_t *info = md_info_from_type( *( md_list() ) );
unsigned char buf[1] = { 0 };
- memset( &ctx, 0, sizeof( md_context_t ) );
+ md_init( &ctx );
TEST_ASSERT( md_get_size( NULL ) == 0 );
@@ -177,9 +177,11 @@
unsigned char src_str[1000];
unsigned char hash_str[1000];
unsigned char output[100];
-
+
const md_info_t *md_info = NULL;
- md_context_t ctx = MD_CONTEXT_T_INIT;
+ md_context_t ctx;
+
+ md_init( &ctx );
memset(md_name, 0x00, 100);
memset(src_str, 0x00, 1000);
@@ -196,8 +198,8 @@
TEST_ASSERT ( ctx.md_ctx != NULL );
TEST_ASSERT ( 0 == md_update( &ctx, src_str, strlen( (char *) src_str ) ) );
TEST_ASSERT ( 0 == md_finish( &ctx, output ) );
- TEST_ASSERT ( 0 == md_free_ctx( &ctx ) );
-
+ md_free( &ctx );
+
hexify( hash_str, output, md_get_size(md_info) );
TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
@@ -214,7 +216,9 @@
unsigned char output[100];
int src_len;
const md_info_t *md_info = NULL;
- md_context_t ctx = MD_CONTEXT_T_INIT;
+ md_context_t ctx;
+
+ md_init( &ctx );
memset(md_name, 0x00, 100);
memset(src_str, 0x00, 10000);
@@ -227,13 +231,13 @@
TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
src_len = unhexify( src_str, hex_src_string );
-
+
TEST_ASSERT ( 0 == md_starts( &ctx ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
TEST_ASSERT ( 0 == md_update( &ctx, src_str, src_len ) );
TEST_ASSERT ( 0 == md_finish( &ctx, output ) );
- TEST_ASSERT ( 0 == md_free_ctx( &ctx ) );
-
+ md_free( &ctx );
+
hexify( hash_str, output, md_get_size(md_info) );
TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
@@ -283,7 +287,9 @@
unsigned char output[100];
int key_len, src_len;
const md_info_t *md_info = NULL;
- md_context_t ctx = MD_CONTEXT_T_INIT;
+ md_context_t ctx;
+
+ md_init( &ctx );
memset(md_name, 0x00, 100);
memset(src_str, 0x00, 10000);
@@ -314,7 +320,7 @@
TEST_ASSERT ( 0 == md_hmac_reset( &ctx ) );
TEST_ASSERT ( 0 == md_hmac_update( &ctx, src_str, src_len ) );
TEST_ASSERT ( 0 == md_hmac_finish( &ctx, output ) );
- TEST_ASSERT ( 0 == md_free_ctx( &ctx ) );
+ md_free( &ctx );
hexify( hash_str, output, md_get_size(md_info) );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 24fb328..12a5e1b 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -98,6 +98,7 @@
memset( src_str, 0x00, sizeof src_str );
memset( key_str, 0x00, sizeof key_str );
+ md2_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -137,6 +138,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ md2_free( &ctx );
}
/* END_CASE */
@@ -153,6 +156,7 @@
memset( src_str, 0x00, sizeof src_str );
memset( key_str, 0x00, sizeof key_str );
+ md4_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -192,6 +196,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ md4_free( &ctx );
}
/* END_CASE */
@@ -208,6 +214,7 @@
memset( src_str, 0x00, sizeof src_str );
memset( key_str, 0x00, sizeof key_str );
+ md5_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -247,6 +254,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ md5_free( &ctx );
}
/* END_CASE */
@@ -263,6 +272,7 @@
memset( src_str, 0x00, sizeof src_str );
memset( key_str, 0x00, sizeof key_str );
+ ripemd160_init( &ctx );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
@@ -302,6 +312,8 @@
hexify( hash_str, output, sizeof output );
TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+
+ ripemd160_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pbkdf2.function b/tests/suites/test_suite_pbkdf2.function
index bd52bf9..4b31896 100644
--- a/tests/suites/test_suite_pbkdf2.function
+++ b/tests/suites/test_suite_pbkdf2.function
@@ -17,10 +17,12 @@
md_context_t ctx;
const md_info_t *info;
-
+
int pw_len, salt_len;
unsigned char key[100];
+ md_init( &ctx );
+
memset(pw_str, 0x00, 100);
memset(salt_str, 0x00, 100);
memset(dst_str, 0x00, 100);
@@ -36,7 +38,7 @@
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
it_cnt, key_len, key ) == 0 );
- TEST_ASSERT( md_free_ctx( &ctx ) == 0 );
+ md_free( &ctx );
hexify( dst_str, key, key_len );
TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index c745571..a86778a 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -22,6 +22,8 @@
int pw_len, salt_len;
unsigned char key[100];
+ md_init( &ctx );
+
memset(pw_str, 0x00, 100);
memset(salt_str, 0x00, 100);
memset(dst_str, 0x00, 100);
@@ -37,7 +39,7 @@
TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
it_cnt, key_len, key ) == 0 );
- TEST_ASSERT( md_free_ctx( &ctx ) == 0 );
+ md_free( &ctx );
hexify( dst_str, key, key_len );
TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index a01b217..a762e04 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -597,6 +597,7 @@
}
rsa_free( &ctx );
+ ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
}
/* END_CASE */