From c7ea99af4f62690cb7f5af05d92b8af24e097db4 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 18 Jun 2014 11:12:03 +0200 Subject: [PATCH] Add _init() and _free() for cipher modules --- include/polarssl/aes.h | 14 +++++++ include/polarssl/arc4.h | 16 +++++++- include/polarssl/blowfish.h | 14 +++++++ include/polarssl/camellia.h | 14 +++++++ include/polarssl/des.h | 28 +++++++++++++ include/polarssl/xtea.h | 14 +++++++ library/aes.c | 64 ++++++++++++++++++++--------- library/arc4.c | 30 ++++++++++++-- library/blowfish.c | 18 +++++++++ library/camellia.c | 25 +++++++++--- library/cipher_wrap.c | 81 ++++++++++++++++++++++++++++--------- library/ctr_drbg.c | 5 +++ library/des.c | 42 +++++++++++++++++-- library/pem.c | 12 ++++-- library/pkcs12.c | 10 ++++- library/ssl_tls.c | 20 ++++++++- library/xtea.c | 29 +++++++++++-- 17 files changed, 375 insertions(+), 61 deletions(-) diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h index 58b348e7cf..2e9092f95c 100644 --- a/include/polarssl/aes.h +++ b/include/polarssl/aes.h @@ -73,6 +73,20 @@ typedef struct } aes_context; +/** + * \brief Initialize AES context + * + * \param ctx AES context to be initialized + */ +void aes_init( aes_context *ctx ); + +/** + * \brief Clear AES context + * + * \param ctx AES context to be cleared + */ +void aes_free( aes_context *ctx ); + /** * \brief AES key schedule (encryption) * diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h index c6c676b3c3..555f54fab3 100644 --- a/include/polarssl/arc4.h +++ b/include/polarssl/arc4.h @@ -55,9 +55,23 @@ typedef struct arc4_context; /** - * \brief ARC4 key schedule + * \brief Initialize ARC4 context * * \param ctx ARC4 context to be initialized + */ +void arc4_init( arc4_context *ctx ); + +/** + * \brief Clear ARC4 context + * + * \param ctx ARC4 context to be cleared + */ +void arc4_free( arc4_context *ctx ); + +/** + * \brief ARC4 key schedule + * + * \param ctx ARC4 context to be setup * \param key the secret key * \param keylen length of the key, in bytes */ diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h index c9c8672898..c652b463d1 100644 --- a/include/polarssl/blowfish.h +++ b/include/polarssl/blowfish.h @@ -70,6 +70,20 @@ typedef struct } blowfish_context; +/** + * \brief Initialize Blowfish context + * + * \param ctx Blowfish context to be initialized + */ +void blowfish_init( blowfish_context *ctx ); + +/** + * \brief Clear Blowfish context + * + * \param ctx Blowfish context to be cleared + */ +void blowfish_free( blowfish_context *ctx ); + /** * \brief Blowfish key schedule * diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h index 34c1990681..8488d1df83 100644 --- a/include/polarssl/camellia.h +++ b/include/polarssl/camellia.h @@ -66,6 +66,20 @@ typedef struct } camellia_context; +/** + * \brief Initialize CAMELLIA context + * + * \param ctx CAMELLIA context to be initialized + */ +void camellia_init( camellia_context *ctx ); + +/** + * \brief Clear CAMELLIA context + * + * \param ctx CAMELLIA context to be cleared + */ +void camellia_free( camellia_context *ctx ); + /** * \brief CAMELLIA key schedule (encryption) * diff --git a/include/polarssl/des.h b/include/polarssl/des.h index 78729750fe..89bb394e01 100644 --- a/include/polarssl/des.h +++ b/include/polarssl/des.h @@ -77,6 +77,34 @@ typedef struct } des3_context; +/** + * \brief Initialize DES context + * + * \param ctx DES context to be initialized + */ +void des_init( des_context *ctx ); + +/** + * \brief Clear DES context + * + * \param ctx DES context to be cleared + */ +void des_free( des_context *ctx ); + +/** + * \brief Initialize Triple-DES context + * + * \param ctx DES3 context to be initialized + */ +void des3_init( des3_context *ctx ); + +/** + * \brief Clear Triple-DES context + * + * \param ctx DES3 context to be cleared + */ +void des3_free( des3_context *ctx ); + /** * \brief Set key parity on the given key to odd. * diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h index 07118d977f..794c5efa31 100644 --- a/include/polarssl/xtea.h +++ b/include/polarssl/xtea.h @@ -64,6 +64,20 @@ typedef struct } xtea_context; +/** + * \brief Initialize XTEA context + * + * \param ctx XTEA context to be initialized + */ +void xtea_init( xtea_context *ctx ); + +/** + * \brief Clear XTEA context + * + * \param ctx XTEA context to be cleared + */ +void xtea_free( xtea_context *ctx ); + /** * \brief XTEA key schedule * diff --git a/library/aes.c b/library/aes.c index a90cefff5e..f295747c59 100644 --- a/library/aes.c +++ b/library/aes.c @@ -463,6 +463,19 @@ static void aes_gen_tables( void ) #endif /* POLARSSL_AES_ROM_TABLES */ +void aes_init( aes_context *ctx ) +{ + memset( ctx, 0, sizeof( aes_context ) ); +} + +void aes_free( aes_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( aes_context ) ); +} + /* * AES key schedule (encryption) */ @@ -581,11 +594,12 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize ) { - int i, j; + int i, j, ret; aes_context cty; uint32_t *RK; uint32_t *SK; - int ret; + + aes_init( &cty ); #if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16) if( aes_padlock_ace == -1 ) @@ -599,7 +613,7 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, /* Also checks keysize */ if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 ) - return( ret ); + goto exit; ctx->nr = cty.nr; @@ -608,7 +622,7 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, { aesni_inverse_key( (unsigned char *) ctx->rk, (const unsigned char *) cty.rk, ctx->nr ); - goto done; + goto exit; } #endif @@ -635,12 +649,10 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; -#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64) -done: -#endif - polarssl_zeroize( &cty, sizeof( aes_context ) ); +exit: + aes_free( &cty ); - return( 0 ); + return( ret ); } #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ @@ -1171,7 +1183,7 @@ static const int aes_test_ctr_len[3] = */ int aes_self_test( int verbose ) { - int i, j, u, v; + int ret = 0, i, j, u, v; unsigned char key[32]; unsigned char buf[64]; unsigned char iv[16]; @@ -1189,6 +1201,7 @@ int aes_self_test( int verbose ) aes_context ctx; memset( key, 0, 32 ); + aes_init( &ctx ); /* * ECB mode @@ -1216,7 +1229,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1231,7 +1245,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1271,7 +1286,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1294,7 +1310,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1335,7 +1352,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1348,7 +1366,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1392,7 +1411,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } else @@ -1408,7 +1428,8 @@ int aes_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } } @@ -1420,7 +1441,12 @@ int aes_self_test( int verbose ) polarssl_printf( "\n" ); #endif /* POLARSSL_CIPHER_MODE_CTR */ - return( 0 ); + ret = 0; + +exit: + aes_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/arc4.c b/library/arc4.c index d722c56ea8..54e89ea888 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -46,6 +46,24 @@ #if !defined(POLARSSL_ARC4_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +void arc4_init( arc4_context *ctx ) +{ + memset( ctx, 0, sizeof( arc4_context ) ); +} + +void arc4_free( arc4_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( arc4_context ) ); +} + /* * ARC4 key schedule */ @@ -146,11 +164,13 @@ static const unsigned char arc4_test_ct[3][8] = */ int arc4_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char ibuf[8]; unsigned char obuf[8]; arc4_context ctx; + arc4_init( &ctx ); + for( i = 0; i < 3; i++ ) { if( verbose != 0 ) @@ -166,7 +186,8 @@ int arc4_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -176,7 +197,10 @@ int arc4_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + arc4_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/blowfish.c b/library/blowfish.c index d8b0c36cef..87396dc22a 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -41,6 +41,11 @@ #if !defined(POLARSSL_BLOWFISH_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* * 32-bit integer manipulation macros (big endian) */ @@ -152,6 +157,19 @@ static void blowfish_dec( blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) *xr = Xr; } +void blowfish_init( blowfish_context *ctx ) +{ + memset( ctx, 0, sizeof( blowfish_context ) ); +} + +void blowfish_free( blowfish_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( blowfish_context ) ); +} + /* * Blowfish key schedule */ diff --git a/library/camellia.c b/library/camellia.c index f1d4d6b24b..a4968f411e 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -322,6 +322,19 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], z[1] ^= I0; } +void camellia_init( camellia_context *ctx ) +{ + memset( ctx, 0, sizeof( camellia_context ) ); +} + +void camellia_free( camellia_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( camellia_context ) ); +} + /* * Camellia key schedule (encryption) */ @@ -433,16 +446,17 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize ) { - int idx; + int idx, ret; size_t i; camellia_context cty; uint32_t *RK; uint32_t *SK; - int ret; + + camellia_init( &cty ); /* Also checks keysize */ if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) ) - return( ret ); + goto exit; ctx->nr = cty.nr; idx = ( ctx->nr == 4 ); @@ -468,9 +482,10 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; - polarssl_zeroize( &cty, sizeof( camellia_context ) ); +exit: + camellia_free( &cty ); - return( 0 ); + return( ret ); } /* diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 070963a36c..47a69a97b2 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -74,11 +74,6 @@ #include -/* Implementation that should never be optimized out by the compiler */ -static void polarssl_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #if defined(POLARSSL_GCM_C) /* shared by all GCM ciphers */ static void *gcm_ctx_alloc( void ) @@ -187,12 +182,19 @@ static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * aes_ctx_alloc( void ) { - return polarssl_malloc( sizeof( aes_context ) ); + aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) ); + + if( aes == NULL ) + return( NULL ); + + aes_init( aes ); + + return( aes ); } static void aes_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( aes_context ) ); + aes_free( (aes_context *) ctx ); polarssl_free( ctx ); } @@ -541,12 +543,20 @@ static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, static void * camellia_ctx_alloc( void ) { - return polarssl_malloc( sizeof( camellia_context ) ); + camellia_context *ctx; + ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) ); + + if( ctx == NULL ) + return( NULL ); + + camellia_init( ctx ); + + return( ctx ); } static void camellia_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( camellia_context ) ); + camellia_free( (camellia_context *) ctx ); polarssl_free( ctx ); } @@ -915,23 +925,38 @@ static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, static void * des_ctx_alloc( void ) { - return polarssl_malloc( sizeof( des_context ) ); -} + des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) ); -static void * des3_ctx_alloc( void ) -{ - return polarssl_malloc( sizeof( des3_context ) ); + if( des == NULL ) + return( NULL ); + + des_init( des ); + + return( des ); } static void des_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( des_context ) ); + des_free( (des_context *) ctx ); polarssl_free( ctx ); } +static void * des3_ctx_alloc( void ) +{ + des3_context *des3; + des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) ); + + if( des3 == NULL ) + return( NULL ); + + des3_init( des3 ); + + return( des3 ); +} + static void des3_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( des3_context ) ); + des3_free( (des3_context *) ctx ); polarssl_free( ctx ); } @@ -1122,12 +1147,20 @@ static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, static void * blowfish_ctx_alloc( void ) { - return polarssl_malloc( sizeof( blowfish_context ) ); + blowfish_context *ctx; + ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) ); + + if( ctx == NULL ) + return( NULL ); + + blowfish_init( ctx ); + + return( ctx ); } static void blowfish_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( blowfish_context ) ); + blowfish_free( (blowfish_context *) ctx ); polarssl_free( ctx ); } @@ -1216,12 +1249,20 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key, static void * arc4_ctx_alloc( void ) { - return polarssl_malloc( sizeof( arc4_context ) ); + arc4_context *ctx; + ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) ); + + if( ctx == NULL ) + return( NULL ); + + arc4_init( ctx ); + + return( ctx ); } static void arc4_ctx_free( void *ctx ) { - polarssl_zeroize( ctx, sizeof( arc4_context ) ); + arc4_free( (arc4_context *) ctx ); polarssl_free( ctx ); } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 3db517d551..249b840695 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -66,6 +66,8 @@ int ctr_drbg_init_entropy_len( memset( ctx, 0, sizeof(ctr_drbg_context) ); memset( key, 0, CTR_DRBG_KEYSIZE ); + aes_init( &ctx->aes_ctx ); + ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; @@ -122,6 +124,7 @@ static int block_cipher_df( unsigned char *output, size_t buf_len, use_len; memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 ); + aes_init( &aes_ctx ); /* * Construct IV (16 bytes) and S in buffer @@ -189,6 +192,8 @@ static int block_cipher_df( unsigned char *output, p += CTR_DRBG_BLOCKSIZE; } + aes_free( &aes_ctx ); + return( 0 ); } diff --git a/library/des.c b/library/des.c index 8c156aef6b..12fe4f46a6 100644 --- a/library/des.c +++ b/library/des.c @@ -305,6 +305,32 @@ static const uint32_t RHs[16] = #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } +void des_init( des_context *ctx ) +{ + memset( ctx, 0, sizeof( des_context ) ); +} + +void des_free( des_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( des_context ) ); +} + +void des3_init( des3_context *ctx ) +{ + memset( ctx, 0, sizeof( des3_context ) ); +} + +void des3_free( des3_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( des3_context ) ); +} + static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, @@ -839,7 +865,7 @@ static const unsigned char des3_test_cbc_enc[3][8] = */ int des_self_test( int verbose ) { - int i, j, u, v; + int i, j, u, v, ret = 0; des_context ctx; des3_context ctx3; unsigned char buf[8]; @@ -848,6 +874,8 @@ int des_self_test( int verbose ) unsigned char iv[8]; #endif + des_init( &ctx ); + des3_init( &ctx3 ); /* * ECB mode */ @@ -909,7 +937,8 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1004,7 +1033,8 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1015,7 +1045,11 @@ int des_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + des_free( &ctx ); + des3_free( &ctx3 ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */ diff --git a/library/pem.c b/library/pem.c index 4e00b63f6f..a0ad46ee00 100644 --- a/library/pem.c +++ b/library/pem.c @@ -141,13 +141,15 @@ static void pem_des_decrypt( unsigned char des_iv[8], des_context des_ctx; unsigned char des_key[8]; + des_init( &des_ctx ); + pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); des_setkey_dec( &des_ctx, des_key ); des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf ); - polarssl_zeroize( &des_ctx, sizeof( des_ctx ) ); + des_free( &des_ctx ); polarssl_zeroize( des_key, 8 ); } @@ -161,13 +163,15 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], des3_context des3_ctx; unsigned char des3_key[24]; + des3_init( &des3_ctx ); + pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); des3_set3key_dec( &des3_ctx, des3_key ); des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf ); - polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) ); + des3_free( &des3_ctx ); polarssl_zeroize( des3_key, 24 ); } #endif /* POLARSSL_DES_C */ @@ -183,13 +187,15 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, aes_context aes_ctx; unsigned char aes_key[32]; + aes_init( &aes_ctx ); + pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf ); - polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) ); + aes_free( &aes_ctx ); polarssl_zeroize( aes_key, keylen ); } #endif /* POLARSSL_AES_C */ diff --git a/library/pkcs12.c b/library/pkcs12.c index b0254508d0..027f84a82d 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -147,6 +147,8 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, arc4_context ctx; ((void) mode); + arc4_init( &ctx ); + if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, POLARSSL_MD_SHA1, pwd, pwdlen, key, 16, NULL, 0 ) ) != 0 ) @@ -156,9 +158,13 @@ int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode, arc4_setup( &ctx, key, 16 ); if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 ) - return( ret ); + goto exit; - return( 0 ); +exit: + polarssl_zeroize( key, sizeof( key ) ); + arc4_free( &ctx ); + + return( ret ); #endif /* POLARSSL_ARC4_C */ } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8040f9092c..28ca14aa22 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3482,6 +3482,14 @@ int ssl_session_reset( ssl_context *ssl ) } #if defined(POLARSSL_SSL_SESSION_TICKETS) +static void ssl_ticket_keys_free( ssl_ticket_keys *tkeys ) +{ + aes_free( &tkeys->enc ); + aes_free( &tkeys->dec ); + + polarssl_zeroize( tkeys, sizeof(ssl_ticket_keys) ); +} + /* * Allocate and initialize ticket keys */ @@ -3498,8 +3506,12 @@ static int ssl_ticket_keys_init( ssl_context *ssl ) if( tkeys == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + aes_init( &tkeys->enc ); + aes_init( &tkeys->dec ); + if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } @@ -3508,12 +3520,14 @@ static int ssl_ticket_keys_init( ssl_context *ssl ) ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 || ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 ) { + ssl_ticket_keys_free( tkeys ); polarssl_free( tkeys ); return( ret ); } @@ -4580,7 +4594,11 @@ void ssl_free( ssl_context *ssl ) } #if defined(POLARSSL_SSL_SESSION_TICKETS) - polarssl_free( ssl->ticket_keys ); + if( ssl->ticket_keys ) + { + ssl_ticket_keys_free( ssl->ticket_keys ); + polarssl_free( ssl->ticket_keys ); + } #endif #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) diff --git a/library/xtea.c b/library/xtea.c index 5ff8a044fa..75215c50af 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -41,6 +41,11 @@ #if !defined(POLARSSL_XTEA_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + /* * 32-bit integer manipulation macros (big endian) */ @@ -64,6 +69,19 @@ } #endif +void xtea_init( xtea_context *ctx ) +{ + memset( ctx, 0, sizeof( xtea_context ) ); +} + +void xtea_free( xtea_context *ctx ) +{ + if( ctx == NULL ) + return; + + polarssl_zeroize( ctx, sizeof( xtea_context ) ); +} + /* * XTEA key schedule */ @@ -223,10 +241,11 @@ static const unsigned char xtea_test_ct[6][8] = */ int xtea_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char buf[8]; xtea_context ctx; + xtea_init( &ctx ); for( i = 0; i < 6; i++ ) { if( verbose != 0 ) @@ -242,7 +261,8 @@ int xtea_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto exit; } if( verbose != 0 ) @@ -252,7 +272,10 @@ int xtea_self_test( int verbose ) if( verbose != 0 ) polarssl_printf( "\n" ); - return( 0 ); +exit: + xtea_free( &ctx ); + + return( ret ); } #endif /* POLARSSL_SELF_TEST */