mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:55:29 +00:00
Adapt cipher and MD layer with _init() and _free()
This commit is contained in:
parent
accaffe2c3
commit
84bbeb58df
|
@ -331,10 +331,26 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
|
|||
int key_length,
|
||||
const cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief Initialize a cipher_context (as NONE)
|
||||
*/
|
||||
void cipher_init( cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the cipher-specific context of ctx.
|
||||
* Freeing ctx itself remains the responsibility of the
|
||||
* caller.
|
||||
*/
|
||||
void cipher_free( cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initialises and fills the cipher context structure with
|
||||
* the appropriate values.
|
||||
*
|
||||
* \note Currently also clears structure. In future versions you
|
||||
* will be required to call cipher_init() on the structure
|
||||
* first.
|
||||
*
|
||||
* \param ctx context to initialise. May not be NULL.
|
||||
* \param cipher_info cipher to use.
|
||||
*
|
||||
|
@ -349,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
|
|||
* \brief Free the cipher-specific context of ctx. Freeing ctx
|
||||
* itself remains the responsibility of the caller.
|
||||
*
|
||||
* \note Deprecated: Redirects to cipher_free()
|
||||
*
|
||||
* \param ctx Free the cipher-specific context
|
||||
*
|
||||
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails.
|
||||
* \returns 0
|
||||
*/
|
||||
int cipher_free_ctx( cipher_context_t *ctx );
|
||||
|
||||
|
|
|
@ -172,10 +172,26 @@ const md_info_t *md_info_from_string( const char *md_name );
|
|||
*/
|
||||
const md_info_t *md_info_from_type( md_type_t md_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a md_context (as NONE)
|
||||
*/
|
||||
void md_init( md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the message-specific context of ctx.
|
||||
* Freeing ctx itself remains the responsibility of the
|
||||
* caller.
|
||||
*/
|
||||
void md_free( md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initialises and fills the message digest context structure
|
||||
* with the appropriate values.
|
||||
*
|
||||
* \note Currently also clears structure. In future versions you
|
||||
* will be required to call md_init() on the structure
|
||||
* first.
|
||||
*
|
||||
* \param ctx context to initialise. May not be NULL. The
|
||||
* digest-specific context (ctx->md_ctx) must be NULL. It will
|
||||
* be allocated, and must be freed using md_free_ctx() later.
|
||||
|
@ -191,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
|
|||
* \brief Free the message-specific context of ctx. Freeing ctx itself
|
||||
* remains the responsibility of the caller.
|
||||
*
|
||||
* \note Deprecated: Redirects to md_free()
|
||||
*
|
||||
* \param ctx Free the message-specific context
|
||||
*
|
||||
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
* \returns 0
|
||||
*/
|
||||
int md_free_ctx( md_context_t *ctx );
|
||||
|
||||
|
|
|
@ -61,6 +61,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
|
|||
|
||||
memset( ctx, 0, sizeof( ccm_context ) );
|
||||
|
||||
cipher_init( &ctx->cipher_ctx );
|
||||
|
||||
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
@ -85,7 +87,7 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
|
|||
*/
|
||||
void ccm_free( ccm_context *ctx )
|
||||
{
|
||||
(void) cipher_free_ctx( &ctx->cipher_ctx );
|
||||
cipher_free( &ctx->cipher_ctx );
|
||||
polarssl_zeroize( ctx, sizeof( ccm_context ) );
|
||||
}
|
||||
|
||||
|
|
|
@ -125,6 +125,22 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
|
|||
return( NULL );
|
||||
}
|
||||
|
||||
void cipher_init( cipher_context_t *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( cipher_context_t ) );
|
||||
}
|
||||
|
||||
void cipher_free( cipher_context_t *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
if( ctx->cipher_ctx )
|
||||
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
|
||||
}
|
||||
|
||||
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
|
||||
{
|
||||
if( NULL == cipher_info || NULL == ctx )
|
||||
|
@ -151,13 +167,10 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/* Deprecated, redirects to cipher_free() */
|
||||
int cipher_free_ctx( cipher_context_t *ctx )
|
||||
{
|
||||
if( ctx == NULL || ctx->cipher_info == NULL )
|
||||
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
|
||||
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
|
||||
cipher_free( ctx );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -157,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
|
|||
|
||||
memset( ctx, 0, sizeof(gcm_context) );
|
||||
|
||||
cipher_init( &ctx->cipher_ctx );
|
||||
|
||||
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( POLARSSL_ERR_GCM_BAD_INPUT );
|
||||
|
@ -493,7 +495,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
|
|||
|
||||
void gcm_free( gcm_context *ctx )
|
||||
{
|
||||
(void) cipher_free_ctx( &ctx->cipher_ctx );
|
||||
cipher_free( &ctx->cipher_ctx );
|
||||
polarssl_zeroize( ctx, sizeof( gcm_context ) );
|
||||
}
|
||||
|
||||
|
|
|
@ -93,6 +93,8 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx,
|
|||
|
||||
memset( ctx, 0, sizeof( hmac_drbg_context ) );
|
||||
|
||||
md_init( &ctx->md_ctx );
|
||||
|
||||
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -165,6 +167,8 @@ int hmac_drbg_init( hmac_drbg_context *ctx,
|
|||
|
||||
memset( ctx, 0, sizeof( hmac_drbg_context ) );
|
||||
|
||||
md_init( &ctx->md_ctx );
|
||||
|
||||
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
23
library/md.c
23
library/md.c
|
@ -172,6 +172,22 @@ const md_info_t *md_info_from_type( md_type_t md_type )
|
|||
}
|
||||
}
|
||||
|
||||
void md_init( md_context_t *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( md_context_t ) );
|
||||
}
|
||||
|
||||
void md_free( md_context_t *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
if( ctx->md_ctx )
|
||||
ctx->md_info->ctx_free_func( ctx->md_ctx );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof( md_context_t ) );
|
||||
}
|
||||
|
||||
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
|
||||
{
|
||||
if( md_info == NULL || ctx == NULL )
|
||||
|
@ -191,12 +207,7 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
|
|||
|
||||
int md_free_ctx( md_context_t *ctx )
|
||||
{
|
||||
if( ctx == NULL || ctx->md_info == NULL )
|
||||
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
ctx->md_info->ctx_free_func( ctx->md_ctx );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof( md_context_t ) );
|
||||
md_free( ctx );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -194,6 +194,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
cipher_init( &cipher_ctx );
|
||||
|
||||
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
|
@ -218,7 +220,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
|
|||
exit:
|
||||
polarssl_zeroize( key, sizeof( key ) );
|
||||
polarssl_zeroize( iv, sizeof( iv ) );
|
||||
cipher_free_ctx( &cipher_ctx );
|
||||
cipher_free( &cipher_ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -265,6 +267,8 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
|
|||
if( md_info == NULL )
|
||||
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||
|
||||
md_init( &md_ctx );
|
||||
|
||||
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
|
||||
return( ret );
|
||||
hlen = md_get_size( md_info );
|
||||
|
@ -348,7 +352,7 @@ exit:
|
|||
polarssl_zeroize( hash_block, sizeof( hash_block ) );
|
||||
polarssl_zeroize( hash_output, sizeof( hash_output ) );
|
||||
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -130,9 +130,6 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
|
|||
p = pbe_params->p;
|
||||
end = p + pbe_params->len;
|
||||
|
||||
memset( &md_ctx, 0, sizeof(md_context_t) );
|
||||
memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
|
||||
|
||||
/*
|
||||
* PBES2-params ::= SEQUENCE {
|
||||
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
|
||||
|
@ -187,6 +184,9 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
|
|||
return( POLARSSL_ERR_PKCS5_INVALID_FORMAT );
|
||||
}
|
||||
|
||||
md_init( &md_ctx );
|
||||
cipher_init( &cipher_ctx );
|
||||
|
||||
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
|
||||
|
||||
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
|
||||
|
@ -209,8 +209,8 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
|
|||
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
|
||||
|
||||
exit:
|
||||
md_free_ctx( &md_ctx );
|
||||
cipher_free_ctx( &cipher_ctx );
|
||||
md_free( &md_ctx );
|
||||
cipher_free( &cipher_ctx );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -364,12 +364,20 @@ int pkcs5_self_test( int verbose )
|
|||
int ret, i;
|
||||
unsigned char key[64];
|
||||
|
||||
md_init( &sha1_ctx );
|
||||
|
||||
info_sha1 = md_info_from_type( POLARSSL_MD_SHA1 );
|
||||
if( info_sha1 == NULL )
|
||||
return( 1 );
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
|
||||
return( 1 );
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( " PBKDF2 note: test #3 may be slow!\n" );
|
||||
|
@ -387,7 +395,8 @@ int pkcs5_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
polarssl_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -396,8 +405,8 @@ int pkcs5_self_test( int verbose )
|
|||
|
||||
polarssl_printf( "\n" );
|
||||
|
||||
if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 )
|
||||
return( 1 );
|
||||
exit:
|
||||
md_free( &sha1_ctx );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
@ -540,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
|
|||
*p++ = 1;
|
||||
memcpy( p, input, ilen );
|
||||
|
||||
md_init( &md_ctx );
|
||||
md_init_ctx( &md_ctx, md_info );
|
||||
|
||||
// maskedDB: Apply dbMask to DB
|
||||
|
@ -552,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
|
|||
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
|
||||
&md_ctx );
|
||||
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
|
||||
return( ( mode == RSA_PUBLIC )
|
||||
? rsa_public( ctx, output, output )
|
||||
|
@ -708,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
|
|||
*/
|
||||
hlen = md_get_size( md_info );
|
||||
|
||||
md_init( &md_ctx );
|
||||
md_init_ctx( &md_ctx, md_info );
|
||||
|
||||
/* Generate lHash */
|
||||
|
@ -721,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
|
|||
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
|
||||
&md_ctx );
|
||||
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
|
||||
/*
|
||||
* Check contents, in "constant-time"
|
||||
|
@ -951,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
|
|||
memcpy( p, salt, slen );
|
||||
p += slen;
|
||||
|
||||
md_init( &md_ctx );
|
||||
md_init_ctx( &md_ctx, md_info );
|
||||
|
||||
// Generate H = Hash( M' )
|
||||
|
@ -970,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
|
|||
//
|
||||
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
|
||||
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
|
||||
msb = mpi_msb( &ctx->N ) - 1;
|
||||
sig[0] &= 0xFF >> ( olen * 8 - msb );
|
||||
|
@ -1182,6 +1185,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
|||
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
|
||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
md_init( &md_ctx );
|
||||
md_init_ctx( &md_ctx, md_info );
|
||||
|
||||
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
|
||||
|
@ -1194,7 +1198,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
|||
if( p == buf + siglen ||
|
||||
*p++ != 0x01 )
|
||||
{
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
return( POLARSSL_ERR_RSA_INVALID_PADDING );
|
||||
}
|
||||
|
||||
|
@ -1204,7 +1208,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
|||
if( expected_salt_len != RSA_SALT_LEN_ANY &&
|
||||
slen != (size_t) expected_salt_len )
|
||||
{
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
return( POLARSSL_ERR_RSA_INVALID_PADDING );
|
||||
}
|
||||
|
||||
|
@ -1216,7 +1220,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
|||
md_update( &md_ctx, p, slen );
|
||||
md_finish( &md_ctx, result );
|
||||
|
||||
md_free_ctx( &md_ctx );
|
||||
md_free( &md_ctx );
|
||||
|
||||
if( memcmp( p + slen, result, hlen ) == 0 )
|
||||
return( 0 );
|
||||
|
|
|
@ -1758,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||
{
|
||||
md_context_t ctx;
|
||||
|
||||
md_init( &ctx );
|
||||
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
||||
|
@ -1779,7 +1781,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||
md_update( &ctx, ssl->handshake->randbytes, 64 );
|
||||
md_update( &ctx, ssl->in_msg + 4, params_len );
|
||||
md_finish( &ctx, hash );
|
||||
md_free_ctx( &ctx );
|
||||
md_free( &ctx );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
||||
|
|
|
@ -2380,6 +2380,8 @@ curve_matching_done:
|
|||
md_context_t ctx;
|
||||
const md_info_t *md_info = md_info_from_type( md_alg );
|
||||
|
||||
md_init( &ctx );
|
||||
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
||||
|
@ -2400,13 +2402,7 @@ curve_matching_done:
|
|||
md_update( &ctx, ssl->handshake->randbytes, 64 );
|
||||
md_update( &ctx, dig_signed, dig_signed_len );
|
||||
md_finish( &ctx, hash );
|
||||
|
||||
if( ( ret = md_free_ctx( &ctx ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "md_free_ctx", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
md_free( &ctx );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
||||
|
|
|
@ -3311,6 +3311,12 @@ static void ssl_handshake_params_init( ssl_handshake_params *handshake,
|
|||
static void ssl_transform_init( ssl_transform *transform )
|
||||
{
|
||||
memset( transform, 0, sizeof(ssl_transform) );
|
||||
|
||||
cipher_init( &transform->cipher_ctx_enc );
|
||||
cipher_init( &transform->cipher_ctx_dec );
|
||||
|
||||
md_init( &transform->md_ctx_enc );
|
||||
md_init( &transform->md_ctx_dec );
|
||||
}
|
||||
|
||||
void ssl_session_init( ssl_session *session )
|
||||
|
@ -4506,11 +4512,11 @@ void ssl_transform_free( ssl_transform *transform )
|
|||
inflateEnd( &transform->ctx_inflate );
|
||||
#endif
|
||||
|
||||
cipher_free_ctx( &transform->cipher_ctx_enc );
|
||||
cipher_free_ctx( &transform->cipher_ctx_dec );
|
||||
cipher_free( &transform->cipher_ctx_enc );
|
||||
cipher_free( &transform->cipher_ctx_dec );
|
||||
|
||||
md_free_ctx( &transform->md_ctx_enc );
|
||||
md_free_ctx( &transform->md_ctx_dec );
|
||||
md_free( &transform->md_ctx_enc );
|
||||
md_free( &transform->md_ctx_dec );
|
||||
|
||||
polarssl_zeroize( transform, sizeof( ssl_transform ) );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue