Add _init() and _free() for hash modules
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 96da06c..952b0bf 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -61,6 +61,20 @@
md2_context;
/**
+ * \brief Initialize MD2 context
+ *
+ * \param ctx MD2 context to be initialized
+ */
+void md2_init( md2_context *ctx );
+
+/**
+ * \brief Clear MD2 context
+ *
+ * \param ctx MD2 context to be cleared
+ */
+void md2_free( md2_context *ctx );
+
+/**
* \brief MD2 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index 6302c3c..fc5a5cd 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -67,6 +67,20 @@
md4_context;
/**
+ * \brief Initialize MD4 context
+ *
+ * \param ctx MD4 context to be initialized
+ */
+void md4_init( md4_context *ctx );
+
+/**
+ * \brief Clear MD4 context
+ *
+ * \param ctx MD4 context to be cleared
+ */
+void md4_free( md4_context *ctx );
+
+/**
* \brief MD4 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h
index bb0ebf3..2f378f6 100644
--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -67,6 +67,20 @@
md5_context;
/**
+ * \brief Initialize MD5 context
+ *
+ * \param ctx MD5 context to be initialized
+ */
+void md5_init( md5_context *ctx );
+
+/**
+ * \brief Clear MD5 context
+ *
+ * \param ctx MD5 context to be cleared
+ */
+void md5_free( md5_context *ctx );
+
+/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/ripemd160.h b/include/polarssl/ripemd160.h
index 754322d..e3b66c9 100644
--- a/include/polarssl/ripemd160.h
+++ b/include/polarssl/ripemd160.h
@@ -67,6 +67,20 @@
ripemd160_context;
/**
+ * \brief Initialize RIPEMD-160 context
+ *
+ * \param ctx RIPEMD-160 context to be initialized
+ */
+void ripemd160_init( ripemd160_context *ctx );
+
+/**
+ * \brief Clear RIPEMD-160 context
+ *
+ * \param ctx RIPEMD-160 context to be cleared
+ */
+void ripemd160_free( ripemd160_context *ctx );
+
+/**
* \brief RIPEMD-160 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h
index 57a731b..cb0c436 100644
--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -67,6 +67,20 @@
sha1_context;
/**
+ * \brief Initialize SHA-1 context
+ *
+ * \param ctx SHA-1 context to be initialized
+ */
+void sha1_init( sha1_context *ctx );
+
+/**
+ * \brief Clear SHA-1 context
+ *
+ * \param ctx SHA-1 context to be cleared
+ */
+void sha1_free( sha1_context *ctx );
+
+/**
* \brief SHA-1 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha256.h b/include/polarssl/sha256.h
index 80a0224..b143674 100644
--- a/include/polarssl/sha256.h
+++ b/include/polarssl/sha256.h
@@ -68,6 +68,20 @@
sha256_context;
/**
+ * \brief Initialize SHA-256 context
+ *
+ * \param ctx SHA-256 context to be initialized
+ */
+void sha256_init( sha256_context *ctx );
+
+/**
+ * \brief Clear SHA-256 context
+ *
+ * \param ctx SHA-256 context to be cleared
+ */
+void sha256_free( sha256_context *ctx );
+
+/**
* \brief SHA-256 context setup
*
* \param ctx context to be initialized
diff --git a/include/polarssl/sha512.h b/include/polarssl/sha512.h
index c60564f..dfbae4a 100644
--- a/include/polarssl/sha512.h
+++ b/include/polarssl/sha512.h
@@ -69,6 +69,20 @@
sha512_context;
/**
+ * \brief Initialize SHA-512 context
+ *
+ * \param ctx SHA-512 context to be initialized
+ */
+void sha512_init( sha512_context *ctx );
+
+/**
+ * \brief Clear SHA-512 context
+ *
+ * \param ctx SHA-512 context to be cleared
+ */
+void sha512_free( sha512_context *ctx );
+
+/**
* \brief SHA-512 context setup
*
* \param ctx context to be initialized
diff --git a/library/md2.c b/library/md2.c
index 589c5cc..45bce37 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -86,6 +86,19 @@
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
};
+void md2_init( md2_context *ctx )
+{
+ memset( ctx, 0, sizeof( md2_context ) );
+}
+
+void md2_free( md2_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md2_context ) );
+}
+
/*
* MD2 context setup
*/
@@ -189,11 +202,11 @@
{
md2_context ctx;
+ md2_init( &ctx );
md2_starts( &ctx );
md2_update( &ctx, input, ilen );
md2_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -210,14 +223,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
+ md2_init( &ctx );
md2_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md2_update( &ctx, buf, n );
md2_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -304,11 +317,11 @@
{
md2_context ctx;
+ md2_init( &ctx );
md2_hmac_starts( &ctx, key, keylen );
md2_hmac_update( &ctx, input, ilen );
md2_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md2_context ) );
+ md2_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md4.c b/library/md4.c
index ccde1a1..f6b71d5 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -79,6 +79,19 @@
}
#endif
+void md4_init( md4_context *ctx )
+{
+ memset( ctx, 0, sizeof( md4_context ) );
+}
+
+void md4_free( md4_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md4_context ) );
+}
+
/*
* MD4 context setup
*/
@@ -285,11 +298,11 @@
{
md4_context ctx;
+ md4_init( &ctx );
md4_starts( &ctx );
md4_update( &ctx, input, ilen );
md4_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -306,14 +319,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
+ md4_init( &ctx );
md4_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md4_update( &ctx, buf, n );
md4_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -400,11 +413,11 @@
{
md4_context ctx;
+ md4_init( &ctx );
md4_hmac_starts( &ctx, key, keylen );
md4_hmac_update( &ctx, input, ilen );
md4_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md4_context ) );
+ md4_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md5.c b/library/md5.c
index ca16317..89354bc 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -78,6 +78,19 @@
}
#endif
+void md5_init( md5_context *ctx )
+{
+ memset( ctx, 0, sizeof( md5_context ) );
+}
+
+void md5_free( md5_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( md5_context ) );
+}
+
/*
* MD5 context setup
*/
@@ -302,11 +315,11 @@
{
md5_context ctx;
+ md5_init( &ctx );
md5_starts( &ctx );
md5_update( &ctx, input, ilen );
md5_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -323,14 +336,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
+ md5_init( &ctx );
md5_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md5_update( &ctx, buf, n );
md5_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -417,11 +430,11 @@
{
md5_context ctx;
+ md5_init( &ctx );
md5_hmac_starts( &ctx, key, keylen );
md5_hmac_update( &ctx, input, ilen );
md5_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( md5_context ) );
+ md5_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
diff --git a/library/md_wrap.c b/library/md_wrap.c
index 834e241..de701d3 100644
--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -398,12 +398,20 @@
static void * ripemd160_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( ripemd160_context ) );
+ ripemd160_context *ctx;
+ ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ ripemd160_init( ctx );
+
+ return( ctx );
}
static void ripemd160_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( (ripemd160_context *) ctx );
polarssl_free( ctx );
}
@@ -486,12 +494,20 @@
static void * sha1_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha1_context ) );
+ sha1_context *ctx;
+ ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha1_init( ctx );
+
+ return( ctx );
}
static void sha1_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha1_context ) );
+ sha1_free( (sha1_context *) ctx );
polarssl_free( ctx );
}
@@ -687,12 +703,20 @@
static void * sha256_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha256_context ) );
+ sha256_context *ctx;
+ ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha256_init( ctx );
+
+ return( ctx );
}
static void sha256_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha256_context ) );
+ sha256_free( (sha256_context *) ctx );
polarssl_free( ctx );
}
@@ -885,12 +909,20 @@
static void * sha512_ctx_alloc( void )
{
- return polarssl_malloc( sizeof( sha512_context ) );
+ sha512_context *ctx;
+ ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ sha512_init( ctx );
+
+ return( ctx );
}
static void sha512_ctx_free( void *ctx )
{
- polarssl_zeroize( ctx, sizeof( sha512_context ) );
+ sha512_free( (sha512_context *) ctx );
polarssl_free( ctx );
}
diff --git a/library/pem.c b/library/pem.c
index a0ad46e..485d829 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -92,6 +92,8 @@
unsigned char md5sum[16];
size_t use_len;
+ md5_init( &md5_ctx );
+
/*
* key[ 0..15] = MD5(pwd || IV)
*/
@@ -104,7 +106,7 @@
{
memcpy( key, md5sum, keylen );
- polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
return;
}
@@ -126,7 +128,7 @@
memcpy( key + 16, md5sum, use_len );
- polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
}
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 3c2a7e6..fcd7760 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -81,6 +81,19 @@
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
+void ripemd160_init( ripemd160_context *ctx )
+{
+ memset( ctx, 0, sizeof( ripemd160_context ) );
+}
+
+void ripemd160_free( ripemd160_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( ripemd160_context ) );
+}
+
/*
* RIPEMD-160 context setup
*/
@@ -364,11 +377,11 @@
{
ripemd160_context ctx;
+ ripemd160_init( &ctx );
ripemd160_starts( &ctx );
ripemd160_update( &ctx, input, ilen );
ripemd160_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -385,14 +398,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );
+ ripemd160_init( &ctx );
ripemd160_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
ripemd160_update( &ctx, buf, n );
ripemd160_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -479,11 +492,11 @@
{
ripemd160_context ctx;
+ ripemd160_init( &ctx );
ripemd160_hmac_starts( &ctx, key, keylen );
ripemd160_hmac_update( &ctx, input, ilen );
ripemd160_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( ripemd160_context ) );
+ ripemd160_free( &ctx );
}
diff --git a/library/sha1.c b/library/sha1.c
index a528d8e..20408c7 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -78,6 +78,19 @@
}
#endif
+void sha1_init( sha1_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha1_context ) );
+}
+
+void sha1_free( sha1_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha1_context ) );
+}
+
/*
* SHA-1 context setup
*/
@@ -335,11 +348,11 @@
{
sha1_context ctx;
+ sha1_init( &ctx );
sha1_starts( &ctx );
sha1_update( &ctx, input, ilen );
sha1_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -356,14 +369,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
+ sha1_init( &ctx );
sha1_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha1_update( &ctx, buf, n );
sha1_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -450,11 +463,11 @@
{
sha1_context ctx;
+ sha1_init( &ctx );
sha1_hmac_starts( &ctx, key, keylen );
sha1_hmac_update( &ctx, input, ilen );
sha1_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha1_context ) );
+ sha1_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -554,11 +567,13 @@
*/
int sha1_self_test( int verbose )
{
- int i, j, buflen;
+ int i, j, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha1sum[20];
sha1_context ctx;
+ sha1_init( &ctx );
+
/*
* SHA-1
*/
@@ -587,7 +602,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -623,7 +639,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -633,7 +650,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha1_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/sha256.c b/library/sha256.c
index 5633f9e..4fc6698 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -78,6 +78,19 @@
}
#endif
+void sha256_init( sha256_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha256_context ) );
+}
+
+void sha256_free( sha256_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha256_context ) );
+}
+
/*
* SHA-256 context setup
*/
@@ -338,11 +351,11 @@
{
sha256_context ctx;
+ sha256_init( &ctx );
sha256_starts( &ctx, is224 );
sha256_update( &ctx, input, ilen );
sha256_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -359,14 +372,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
+ sha256_init( &ctx );
sha256_starts( &ctx, is224 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha256_update( &ctx, buf, n );
sha256_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -457,11 +470,11 @@
{
sha256_context ctx;
+ sha256_init( &ctx );
sha256_hmac_starts( &ctx, key, keylen, is224 );
sha256_hmac_update( &ctx, input, ilen );
sha256_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha256_context ) );
+ sha256_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -632,11 +645,13 @@
*/
int sha256_self_test( int verbose )
{
- int i, j, k, buflen;
+ int i, j, k, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha256sum[32];
sha256_context ctx;
+ sha256_init( &ctx );
+
for( i = 0; i < 6; i++ )
{
j = i % 3;
@@ -665,7 +680,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -704,7 +720,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -714,7 +731,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha256_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/sha512.c b/library/sha512.c
index a29c80a..f1d1525 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -133,6 +133,19 @@
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
};
+void sha512_init( sha512_context *ctx )
+{
+ memset( ctx, 0, sizeof( sha512_context ) );
+}
+
+void sha512_free( sha512_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ polarssl_zeroize( ctx, sizeof( sha512_context ) );
+}
+
/*
* SHA-512 context setup
*/
@@ -336,11 +349,11 @@
{
sha512_context ctx;
+ sha512_init( &ctx );
sha512_starts( &ctx, is384 );
sha512_update( &ctx, input, ilen );
sha512_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@@ -357,14 +370,14 @@
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
+ sha512_init( &ctx );
sha512_starts( &ctx, is384 );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha512_update( &ctx, buf, n );
sha512_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
if( ferror( f ) != 0 )
{
@@ -455,11 +468,11 @@
{
sha512_context ctx;
+ sha512_init( &ctx );
sha512_hmac_starts( &ctx, key, keylen, is384 );
sha512_hmac_update( &ctx, input, ilen );
sha512_hmac_finish( &ctx, output );
-
- polarssl_zeroize( &ctx, sizeof( sha512_context ) );
+ sha512_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@@ -686,11 +699,13 @@
*/
int sha512_self_test( int verbose )
{
- int i, j, k, buflen;
+ int i, j, k, buflen, ret = 0;
unsigned char buf[1024];
unsigned char sha512sum[64];
sha512_context ctx;
+ sha512_init( &ctx );
+
for( i = 0; i < 6; i++ )
{
j = i % 3;
@@ -719,7 +734,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -758,7 +774,8 @@
if( verbose != 0 )
polarssl_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -768,7 +785,10 @@
if( verbose != 0 )
polarssl_printf( "\n" );
- return( 0 );
+exit:
+ sha512_free( &ctx );
+
+ return( ret );
}
#endif /* POLARSSL_SELF_TEST */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 035cf39..c6a11de 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1718,6 +1718,9 @@
md5_context md5;
sha1_context sha1;
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
hashlen = 36;
/*
@@ -1742,6 +1745,9 @@
sha1_update( &sha1, ssl->handshake->randbytes, 64 );
sha1_update( &sha1, ssl->in_msg + 4, params_len );
sha1_finish( &sha1, hash + 16 );
+
+ md5_free( &md5 );
+ sha1_free( &sha1 );
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8c8fa2c..1e75408 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2337,6 +2337,9 @@
md5_context md5;
sha1_context sha1;
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
/*
* digitally-signed struct {
* opaque md5_hash[16];
@@ -2361,6 +2364,9 @@
sha1_finish( &sha1, hash + 16 );
hashlen = 36;
+
+ md5_free( &md5 );
+ sha1_free( &sha1 );
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 28ca14aa..963f02b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -156,6 +156,9 @@
unsigned char sha1sum[20];
((void)label);
+ md5_init( &md5 );
+ sha1_init( &sha1 );
+
/*
* SSLv3:
* block =
@@ -180,8 +183,8 @@
md5_finish( &md5, dstbuf + i * 16 );
}
- polarssl_zeroize( &md5, sizeof( md5 ) );
- polarssl_zeroize( &sha1, sizeof( sha1 ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padding, sizeof( padding ) );
polarssl_zeroize( sha1sum, sizeof( sha1sum ) );
@@ -805,6 +808,9 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
+
return;
}
#endif /* POLARSSL_SSL_PROTO_SSL3 */
@@ -826,6 +832,9 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
+
return;
}
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */
@@ -844,6 +853,8 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ sha256_free( &sha256 );
+
return;
}
#endif /* POLARSSL_SHA256_C */
@@ -861,6 +872,8 @@
SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+ sha512_free( &sha512 );
+
return;
}
#endif /* POLARSSL_SHA512_C */
@@ -2878,8 +2891,8 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
- polarssl_zeroize( &md5, sizeof( md5_context ) );
- polarssl_zeroize( &sha1, sizeof( sha1_context ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
polarssl_zeroize( md5sum, sizeof( md5sum ) );
@@ -2936,8 +2949,8 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &md5, sizeof( md5_context ) );
- polarssl_zeroize( &sha1, sizeof( sha1_context ) );
+ md5_free( &md5 );
+ sha1_free( &sha1 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -2985,7 +2998,7 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &sha256, sizeof( sha256_context ) );
+ sha256_free( &sha256 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -3032,7 +3045,7 @@
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- polarssl_zeroize( &sha512, sizeof( sha512_context ) );
+ sha512_free( &sha512 );
polarssl_zeroize( padbuf, sizeof( padbuf ) );
@@ -3302,14 +3315,18 @@
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined(POLARSSL_SSL_PROTO_TLS1_1)
- md5_starts( &ssl->handshake->fin_md5 );
+ md5_init( &ssl->handshake->fin_md5 );
+ sha1_init( &ssl->handshake->fin_sha1 );
+ md5_starts( &ssl->handshake->fin_md5 );
sha1_starts( &ssl->handshake->fin_sha1 );
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#if defined(POLARSSL_SHA256_C)
+ sha256_init( &ssl->handshake->fin_sha256 );
sha256_starts( &ssl->handshake->fin_sha256, 0 );
#endif
#if defined(POLARSSL_SHA512_C)
+ sha512_init( &ssl->handshake->fin_sha512 );
sha512_starts( &ssl->handshake->fin_sha512, 1 );
#endif
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
