/* * Unallocate all CSR data */ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) { mbedtls_x509_name *name_cur; mbedtls_x509_name *name_prv; if( csr == NULL ) return; mbedtls_pk_free( &csr->pk ); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) mbedtls_free( csr->sig_opts ); #endif name_cur = csr->subject.next; while( name_cur != NULL ) { name_prv = name_cur; name_cur = name_cur->next; mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } if( csr->raw.p != NULL ) { mbedtls_zeroize( csr->raw.p, csr->raw.len ); mbedtls_free( csr->raw.p ); } mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) ); }
/* * Unallocate all CRL data */ void vdb_mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { mbedtls_x509_crl *crl_cur = crl; mbedtls_x509_crl *crl_prv; mbedtls_x509_name *name_cur; mbedtls_x509_name *name_prv; mbedtls_x509_crl_entry *entry_cur; mbedtls_x509_crl_entry *entry_prv; if( crl == NULL ) return; do { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) vdb_mbedtls_free( crl_cur->sig_opts ); #endif name_cur = crl_cur->issuer.next; while( name_cur != NULL ) { name_prv = name_cur; name_cur = name_cur->next; mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); vdb_mbedtls_free( name_prv ); } entry_cur = crl_cur->entry.next; while( entry_cur != NULL ) { entry_prv = entry_cur; entry_cur = entry_cur->next; mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); vdb_mbedtls_free( entry_prv ); } if( crl_cur->raw.p != NULL ) { mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); vdb_mbedtls_free( crl_cur->raw.p ); } crl_cur = crl_cur->next; } while( crl_cur != NULL ); crl_cur = crl; do { crl_prv = crl_cur; crl_cur = crl_cur->next; mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); if( crl_prv != crl ) vdb_mbedtls_free( crl_prv ); } while( crl_cur != NULL ); }
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; FILE *f; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; if( ( f = fopen( path, "wb" ) ) == NULL ) return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) { ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; goto exit; } ret = 0; exit: mbedtls_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); }
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ) { int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); fseek( f, 0, SEEK_END ); n = (size_t) ftell( f ); fseek( f, 0, SEEK_SET ); if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) n = MBEDTLS_ENTROPY_MAX_SEED_SIZE; if( fread( buf, 1, n, f ) != n ) ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; else ret = mbedtls_entropy_update_manual( ctx, buf, n ); fclose( f ); mbedtls_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); return( mbedtls_entropy_write_seed_file( ctx, path ) ); }
void mbedtls_havege_free( mbedtls_havege_state *hs ) { if( hs == NULL ) return; mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) ); }
void mbedtls_sha256_init(mbedtls_sha256_context *ctx) { mbedtls_zeroize(ctx, sizeof(mbedtls_sha256_context)); /* Enable HASH clock */ __HAL_RCC_HASH_CLK_ENABLE(); }
void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) { if( ctx == NULL ) return; mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); }
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) { mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) ); }
static void mbedtls_msg_server_step(pmbedtls_msg msg) { lwIP_ASSERT(msg); /*to prevent memory leaks, ensure that each allocated is deleted at every handshake*/ if (msg->psession){ mbedtls_session_free(&msg->psession); } #if defined(ESP8266_PLATFORM) if (msg->quiet && msg->ssl.out_buf) { mbedtls_zeroize(msg->ssl.out_buf, MBEDTLS_SSL_OUTBUFFER_LEN); os_free(msg->ssl.out_buf); msg->ssl.out_buf = NULL; } #endif mbedtls_entropy_free(&msg->entropy); mbedtls_ssl_free(&msg->ssl); mbedtls_ssl_config_free(&msg->conf); mbedtls_ctr_drbg_free(&msg->ctr_drbg); /*New connection ensure that each initial for next handshake */ os_bzero(msg, sizeof(mbedtls_msg)); msg->psession = mbedtls_session_new(); if (msg->psession){ mbedtls_net_init(&msg->fd); mbedtls_ssl_init(&msg->ssl); mbedtls_ssl_config_init(&msg->conf); mbedtls_ctr_drbg_init(&msg->ctr_drbg); mbedtls_entropy_init(&msg->entropy); } }
void mbedtls_sha256_free(mbedtls_sha256_context *ctx) { if (ctx == NULL) { return; } mbedtls_zeroize(ctx, sizeof(mbedtls_sha256_context)); }
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) { if( ctx == NULL ) return; mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); }
int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *outputLength) { (void)obj; int ret; uint32_t entropySizeBits; uint32_t *entrSource_ptr; uint32_t actualLength; ret = LLF_RND_GetTrngSource( &ctx.platform_impl_ctx.rndState , /*in/out*/ obj, /*in/out*/ 0, /*in*/ &entropySizeBits, /*in/out*/ &entrSource_ptr, /*out*/ &actualLength, /*out*/ (uint32_t*)&rndWorkBuff.crysRndWorkBuff /*in*/); if ( ret != 0 ) return -1; if ( length < actualLength ) actualLength = length; *outputLength = actualLength; memcpy( output, entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); mbedtls_zeroize( entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); return 0; }
int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) { if (st_md5_restore_hw_context(ctx) != 1) { // Return HASH_BUSY timeout error here return MBEDTLS_ERR_MD5_HW_ACCEL_FAILED; } /* Last accumulation for extra bytes in sbuf_len */ /* This sets HW flags in case mbedtls_md5_update has not been called yet */ if (HAL_HASH_MD5_Accumulate(&ctx->hhash_md5, ctx->sbuf, ctx->sbuf_len) != 0) { return MBEDTLS_ERR_MD5_HW_ACCEL_FAILED; } mbedtls_zeroize( ctx->sbuf, ST_MD5_BLOCK_SIZE); ctx->sbuf_len = 0; __HAL_HASH_START_DIGEST(); if (HAL_HASH_MD5_Finish(&ctx->hhash_md5, output, 10)) { return MBEDTLS_ERR_MD5_HW_ACCEL_FAILED; } if (st_md5_save_hw_context(ctx) != 1) { // Return HASH_BUSY timeout error here return MBEDTLS_ERR_MD5_HW_ACCEL_FAILED; } return 0; }
static void mbedtls_msg_free(pmbedtls_msg *msg) { lwIP_ASSERT(msg); lwIP_ASSERT(*msg); /*to prevent memory leaks, ensure that each allocated is deleted at every handshake*/ if ((*msg)->psession){ mbedtls_session_free(&((*msg)->psession)); } #if defined(ESP8266_PLATFORM) if ((*msg)->quiet && (*msg)->ssl.out_buf) { mbedtls_zeroize((*msg)->ssl.out_buf, MBEDTLS_SSL_OUTBUFFER_LEN); os_free((*msg)->ssl.out_buf); (*msg)->ssl.out_buf = NULL; } #endif mbedtls_entropy_free(&(*msg)->entropy); mbedtls_ssl_free(&(*msg)->ssl); mbedtls_ssl_config_free(&(*msg)->conf); mbedtls_ctr_drbg_free(&(*msg)->ctr_drbg); os_free(*msg); *msg = NULL; }
void mbedtls_md_free( mbedtls_md_context_t *ctx ) { if( ctx == NULL || ctx->md_info == NULL ) return; if( ctx->md_ctx != NULL ) ctx->md_info->ctx_free_func( ctx->md_ctx ); if( ctx->hmac_ctx != NULL ) { mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); mbedtls_free( ctx->hmac_ctx ); } mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); }
/* * Free the components of a DHM key */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) { mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); }
/* * Free (the components of) a mbedtls_pk_context */ void mbedtls_pk_free( mbedtls_pk_context *ctx ) { if( ctx == NULL || ctx->pk_info == NULL ) return; ctx->pk_info->ctx_free_func( ctx->pk_ctx ); mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); }
void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) { #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_free( &ctx->havege_data ); #endif #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) ); }
void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) { mbedtls_mpi_free( &ctx->serial ); mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) ); }
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) { if( ctx == NULL ) return; if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); }
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) { if( cur == NULL ) return; mbedtls_free( cur->oid.p ); mbedtls_free( cur->val.p ); mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); }
/* * Entropy accumulator update */ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id, const unsigned char *data, size_t len ) { unsigned char header[2]; unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = len; const unsigned char *p = data; int ret = 0; if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) goto cleanup; #else if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) goto cleanup; #endif p = tmp; use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; } header[0] = source_id; header[1] = use_len & 0xFF; /* * Start the accumulator if this has not already happened. Note that * it is sufficient to start the accumulator here only because all calls to * gather entropy eventually execute this code. */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) if( ctx->accumulator_started == 0 && ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto cleanup; else ctx->accumulator_started = 1; if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) goto cleanup; ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ); #else if( ctx->accumulator_started == 0 && ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto cleanup; else ctx->accumulator_started = 1; if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) goto cleanup; ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ); #endif cleanup: mbedtls_zeroize( tmp, sizeof( tmp ) ); return( ret ); }
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) { if( ctx == NULL ) return; #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_aes_free( &ctx->aes_ctx ); mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); }
void mbedtls_aes_free( mbedtls_aes_context *ctx ) { if( ctx == NULL ) return; /* Force the CRYP Periheral Clock Reset */ __HAL_RCC_CRYP_FORCE_RESET(); /* Release the CRYP Periheral Clock Reset */ __HAL_RCC_CRYP_RELEASE_RESET(); mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); }
extern "C" int trng_get_bytes_esp32(uint8_t *output, size_t length, size_t *output_length) { mbed::I2C mI2c(I2C_SDA, I2C_SCL); int ret; char send_data[1]; char recv_data[4]; size_t idx = 0; int i; int retry_cnt = 0; if ((output == NULL) || (output_length == NULL)) { return -1; } while ((retry_cnt < RETRY_CNT_MAX) && (idx < length)) { send_data[0] = 0; ret = mI2c.write(ESP32_I2C_ADDR, send_data, sizeof(send_data)); if (ret == 0) { ret = mI2c.read(ESP32_I2C_ADDR, recv_data, sizeof(recv_data)); if (ret == 0) { for (i = 0; (i < sizeof(recv_data)) && (idx < length); i++) { output[idx++] = recv_data[i]; } } } if (ret != 0) { retry_cnt++; wait_ms(100); } } if (retry_cnt >= RETRY_CNT_MAX) { idx = 0; mbedtls_zeroize(output, length); } *output_length = idx; mbedtls_zeroize(recv_data, sizeof(recv_data)); return (idx != 0 ? 0 : -1); }
/* * Load one or more CRLs and add them to the chained list */ int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) { int ret; size_t n; unsigned char *buf; if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) return (ret); ret = mbedtls_x509_crl_parse(chain, buf, n); mbedtls_zeroize(buf, n); mbedtls_free(buf); return (ret); }
/* * Load and parse a public key */ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) { int ret; size_t n; unsigned char *buf; if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = mbedtls_pk_parse_public_key( ctx, buf, n ); mbedtls_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); }
/* * Load and parse DHM parameters */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) { int ret; size_t n; unsigned char *buf; if( ( ret = load_file( path, &buf, &n ) ) != 0 ) return( ret ); ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); mbedtls_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); }
/* * Run through the different sources to add entropy to our accumulator */ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) { int ret, i, have_one_strong = 0; unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER]; size_t olen; if( ctx->source_count == 0 ) return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED ); /* * Run through our entropy sources */ for( i = 0; i < ctx->source_count; i++ ) { if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) have_one_strong = 1; olen = 0; if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 ) { goto cleanup; } /* * Add if we actually gathered something */ if( olen > 0 ) { if( ( ret = entropy_update( ctx, (unsigned char) i, buf, olen ) ) != 0 ) return( ret ); ctx->source[i].size += olen; } } if( have_one_strong == 0 ) ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; cleanup: mbedtls_zeroize( buf, sizeof( buf ) ); return( ret ); }
int mbedtls_asn1_get_alg( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ) { int ret; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( ret ); if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); alg->tag = **p; end = *p + len; if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 ) return( ret ); alg->p = *p; *p += alg->len; if( *p == end ) { mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) ); return( 0 ); } params->tag = **p; (*p)++; if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 ) return( ret ); params->p = *p; *p += params->len; if( *p != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); return( 0 ); }