diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2015-12-31 10:56:47 +0100 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2016-05-13 09:26:06 +0200 |
commit | a764e3ba84153632ccfc226f9cfaebfc3e64482c (patch) | |
tree | 975e320ab86d76b4be0d1cbabb09ccf65f517f50 | |
parent | 6ef047e5c7e40f05e180f67225618fea463c7c64 (diff) | |
download | libssh-a764e3ba84153632ccfc226f9cfaebfc3e64482c.tar.gz libssh-a764e3ba84153632ccfc226f9cfaebfc3e64482c.tar.xz libssh-a764e3ba84153632ccfc226f9cfaebfc3e64482c.zip |
crypto: split init and finalize functions
-rw-r--r-- | include/libssh/dh.h | 4 | ||||
-rw-r--r-- | include/libssh/libcrypto.h | 14 | ||||
-rw-r--r-- | include/libssh/libgcrypt.h | 2 | ||||
-rw-r--r-- | include/libssh/wrapper.h | 5 | ||||
-rw-r--r-- | src/dh.c | 47 | ||||
-rw-r--r-- | src/init.c | 4 | ||||
-rw-r--r-- | src/libcrypto.c | 25 | ||||
-rw-r--r-- | src/libgcrypt.c | 29 |
8 files changed, 82 insertions, 48 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h index 484fdd56..26a81ec3 100644 --- a/include/libssh/dh.h +++ b/include/libssh/dh.h @@ -30,8 +30,8 @@ int ssh_dh_generate_f(ssh_session session); int ssh_dh_generate_x(ssh_session session); int ssh_dh_generate_y(ssh_session session); -int ssh_crypto_init(void); -void ssh_crypto_finalize(void); +int ssh_dh_init(void); +void ssh_dh_finalize(void); ssh_string ssh_dh_get_e(ssh_session session); ssh_string ssh_dh_get_f(ssh_session session); diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index 883f5530..8f29253c 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -83,20 +83,6 @@ typedef BN_CTX* bignum_CTX; #define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr) #define bignum_cmp(num1,num2) BN_cmp(num1,num2) -SHA256CTX sha256_init(void); -void sha256_update(SHA256CTX c, const void *data, unsigned long len); -void sha256_final(unsigned char *md, SHA256CTX c); - -SHA384CTX sha384_init(void); -void sha384_update(SHA384CTX c, const void *data, unsigned long len); -void sha384_final(unsigned char *md, SHA384CTX c); - -SHA512CTX sha512_init(void); -void sha512_update(SHA512CTX c, const void *data, unsigned long len); -void sha512_final(unsigned char *md, SHA512CTX c); - -struct ssh_cipher_struct *ssh_get_ciphertab(void); - #endif /* HAVE_LIBCRYPTO */ #endif /* LIBCRYPTO_H_ */ diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h index 7556acae..1e784f4d 100644 --- a/include/libssh/libgcrypt.h +++ b/include/libssh/libgcrypt.h @@ -83,6 +83,4 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp, #endif /* HAVE_LIBGCRYPT */ -struct ssh_cipher_struct *ssh_get_ciphertab(void); - #endif /* LIBGCRYPT_H_ */ diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h index cdd72d6d..07c26df2 100644 --- a/include/libssh/wrapper.h +++ b/include/libssh/wrapper.h @@ -51,6 +51,8 @@ struct ssh_hmac_struct { enum ssh_hmac_e hmac_type; }; +struct ssh_cipher_struct; + typedef struct ssh_mac_ctx_struct *ssh_mac_ctx; MD5CTX md5_init(void); void md5_update(MD5CTX c, const void *data, unsigned long len); @@ -96,9 +98,12 @@ struct ssh_crypto_struct *crypto_new(void); void crypto_free(struct ssh_crypto_struct *crypto); void ssh_reseed(void); +int ssh_crypto_init(void); +void ssh_crypto_finalize(void); void ssh_cipher_clear(struct ssh_cipher_struct *cipher); struct ssh_hmac_struct *ssh_get_hmactab(void); +struct ssh_cipher_struct *ssh_get_ciphertab(void); const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type); #endif /* WRAPPER_H_ */ @@ -115,29 +115,22 @@ static unsigned long g_int = 2 ; /* G is defined as 2 by the ssh2 standards */ static bignum g; static bignum p_group1; static bignum p_group14; -static int ssh_crypto_initialized; +static int dh_crypto_initialized; static bignum select_p(enum ssh_key_exchange_e type) { return type == SSH_KEX_DH_GROUP14_SHA1 ? p_group14 : p_group1; } -/* - * This inits the values g and p which are used for DH key agreement - * FIXME: Make the function thread safe by adding a semaphore or mutex. +/** + * @internal + * @brief Initialize global constants used in DH key agreement + * @return SSH_OK on success, SSH_ERROR otherwise. */ -int ssh_crypto_init(void) { - if (ssh_crypto_initialized == 0) { -#ifdef HAVE_LIBGCRYPT - gcry_check_version(NULL); - if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) { - gcry_control(GCRYCTL_INIT_SECMEM, 4096); - gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); - } -#endif - +int ssh_dh_init(void) { + if (dh_crypto_initialized == 0) { g = bignum_new(); if (g == NULL) { - return -1; + return SSH_ERROR; } bignum_set_word(g,g_int); @@ -172,35 +165,29 @@ int ssh_crypto_init(void) { bignum_free(p_group1); g = NULL; p_group1 = NULL; - return -1; + return SSH_ERROR; } bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14); - - OpenSSL_add_all_algorithms(); - #endif - - ssh_crypto_initialized = 1; + dh_crypto_initialized = 1; } return 0; } -void ssh_crypto_finalize(void) { - if (ssh_crypto_initialized) { +/** + * @internal + * @brief Finalize and free global constants used in DH key agreement + */ +void ssh_dh_finalize(void) { + if (dh_crypto_initialized) { bignum_free(g); g = NULL; bignum_free(p_group1); p_group1 = NULL; bignum_free(p_group14); p_group14 = NULL; -#ifdef HAVE_LIBGCRYPT - gcry_control(GCRYCTL_TERM_SECMEM); -#elif defined HAVE_LIBCRYPTO - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); -#endif - ssh_crypto_initialized=0; + dh_crypto_initialized=0; } } @@ -55,6 +55,9 @@ int ssh_init(void) { return -1; if(ssh_crypto_init()) return -1; + if(ssh_dh_init() == SSH_ERROR){ + return -1; + } if(ssh_socket_init()) return -1; return 0; @@ -72,6 +75,7 @@ int ssh_init(void) { */ int ssh_finalize(void) { ssh_crypto_finalize(); + ssh_dh_finalize(); ssh_socket_cleanup(); /* It is important to finalize threading after CRYPTO because * it still depends on it */ diff --git a/src/libcrypto.c b/src/libcrypto.c index 203f3a70..dae6f035 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -69,6 +69,31 @@ struct ssh_mac_ctx_struct { } ctx; }; +static int libcrypto_initialized = 0; +/** + * @internal + * @brief Initialize libcrypto's subsystem + */ +int ssh_crypto_init(void) { + if (libcrypto_initialized == 0) { + OpenSSL_add_all_algorithms(); + libcrypto_initialized = 1; + } + return 0; +} + +/** + * @internal + * @brief Finalize libcrypto's subsystem + */ +void ssh_crypto_finalize(void) { + if (libcrypto_initialized) { + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + libcrypto_initialized=0; + } +} + void ssh_reseed(void){ #ifndef _WIN32 struct timeval tv; diff --git a/src/libgcrypt.c b/src/libgcrypt.c index 69f2ddc0..0812e1b9 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -47,6 +47,35 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { return 0; } +static int libgcrypt_initialized = 0; +/** + * @internal + * @brief Initialize libgcrypt's subsystem + */ +int ssh_crypto_init(void) { + if (libgcrypt_initialized == 0) { + gcry_check_version(NULL); + if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) { + gcry_control(GCRYCTL_INIT_SECMEM, 4096); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); + } + + libgcrypt_initialized = 1; + } + return 0; +} + +/** + * @internal + * @brief Finalize libgcrypt's subsystem + */ +void ssh_crypto_finalize(void) { + if (libgcrypt_initialized) { + gcry_control(GCRYCTL_TERM_SECMEM); + libgcrypt_initialized=0; + } +} + void ssh_reseed(void){ } |