aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2015-12-31 10:56:47 +0100
committerAris Adamantiadis <aris@0xbadc0de.be>2016-09-09 14:27:48 +0200
commite053ab03d6833347d27bd5d844d08dbe1315cfbf (patch)
tree031ec21550e1d0122dd65021b353d563aa173d56
parent1add3fbdb9780868474654acd09fdaa6b272914c (diff)
downloadlibssh-e053ab03d6833347d27bd5d844d08dbe1315cfbf.tar.gz
libssh-e053ab03d6833347d27bd5d844d08dbe1315cfbf.tar.xz
libssh-e053ab03d6833347d27bd5d844d08dbe1315cfbf.zip
crypto: split init and finalize functions
-rw-r--r--include/libssh/dh.h4
-rw-r--r--include/libssh/libcrypto.h14
-rw-r--r--include/libssh/libgcrypt.h2
-rw-r--r--include/libssh/wrapper.h5
-rw-r--r--src/dh.c47
-rw-r--r--src/init.c4
-rw-r--r--src/libcrypto.c25
-rw-r--r--src/libgcrypt.c29
8 files changed, 82 insertions, 48 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 484fdd56..26a81ec3 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -30,8 +30,8 @@ int ssh_dh_generate_f(ssh_session session);
int ssh_dh_generate_x(ssh_session session);
int ssh_dh_generate_y(ssh_session session);
-int ssh_crypto_init(void);
-void ssh_crypto_finalize(void);
+int ssh_dh_init(void);
+void ssh_dh_finalize(void);
ssh_string ssh_dh_get_e(ssh_session session);
ssh_string ssh_dh_get_f(ssh_session session);
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 883f5530..8f29253c 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -83,20 +83,6 @@ typedef BN_CTX* bignum_CTX;
#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr)
#define bignum_cmp(num1,num2) BN_cmp(num1,num2)
-SHA256CTX sha256_init(void);
-void sha256_update(SHA256CTX c, const void *data, unsigned long len);
-void sha256_final(unsigned char *md, SHA256CTX c);
-
-SHA384CTX sha384_init(void);
-void sha384_update(SHA384CTX c, const void *data, unsigned long len);
-void sha384_final(unsigned char *md, SHA384CTX c);
-
-SHA512CTX sha512_init(void);
-void sha512_update(SHA512CTX c, const void *data, unsigned long len);
-void sha512_final(unsigned char *md, SHA512CTX c);
-
-struct ssh_cipher_struct *ssh_get_ciphertab(void);
-
#endif /* HAVE_LIBCRYPTO */
#endif /* LIBCRYPTO_H_ */
diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index 7556acae..1e784f4d 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -83,6 +83,4 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp,
#endif /* HAVE_LIBGCRYPT */
-struct ssh_cipher_struct *ssh_get_ciphertab(void);
-
#endif /* LIBGCRYPT_H_ */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index cdd72d6d..07c26df2 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -51,6 +51,8 @@ struct ssh_hmac_struct {
enum ssh_hmac_e hmac_type;
};
+struct ssh_cipher_struct;
+
typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
MD5CTX md5_init(void);
void md5_update(MD5CTX c, const void *data, unsigned long len);
@@ -96,9 +98,12 @@ struct ssh_crypto_struct *crypto_new(void);
void crypto_free(struct ssh_crypto_struct *crypto);
void ssh_reseed(void);
+int ssh_crypto_init(void);
+void ssh_crypto_finalize(void);
void ssh_cipher_clear(struct ssh_cipher_struct *cipher);
struct ssh_hmac_struct *ssh_get_hmactab(void);
+struct ssh_cipher_struct *ssh_get_ciphertab(void);
const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
#endif /* WRAPPER_H_ */
diff --git a/src/dh.c b/src/dh.c
index bff780fc..6e87c36e 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -115,29 +115,22 @@ static unsigned long g_int = 2 ; /* G is defined as 2 by the ssh2 standards */
static bignum g;
static bignum p_group1;
static bignum p_group14;
-static int ssh_crypto_initialized;
+static int dh_crypto_initialized;
static bignum select_p(enum ssh_key_exchange_e type) {
return type == SSH_KEX_DH_GROUP14_SHA1 ? p_group14 : p_group1;
}
-/*
- * This inits the values g and p which are used for DH key agreement
- * FIXME: Make the function thread safe by adding a semaphore or mutex.
+/**
+ * @internal
+ * @brief Initialize global constants used in DH key agreement
+ * @return SSH_OK on success, SSH_ERROR otherwise.
*/
-int ssh_crypto_init(void) {
- if (ssh_crypto_initialized == 0) {
-#ifdef HAVE_LIBGCRYPT
- gcry_check_version(NULL);
- if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) {
- gcry_control(GCRYCTL_INIT_SECMEM, 4096);
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
- }
-#endif
-
+int ssh_dh_init(void) {
+ if (dh_crypto_initialized == 0) {
g = bignum_new();
if (g == NULL) {
- return -1;
+ return SSH_ERROR;
}
bignum_set_word(g,g_int);
@@ -172,35 +165,29 @@ int ssh_crypto_init(void) {
bignum_free(p_group1);
g = NULL;
p_group1 = NULL;
- return -1;
+ return SSH_ERROR;
}
bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
-
- OpenSSL_add_all_algorithms();
-
#endif
-
- ssh_crypto_initialized = 1;
+ dh_crypto_initialized = 1;
}
return 0;
}
-void ssh_crypto_finalize(void) {
- if (ssh_crypto_initialized) {
+/**
+ * @internal
+ * @brief Finalize and free global constants used in DH key agreement
+ */
+void ssh_dh_finalize(void) {
+ if (dh_crypto_initialized) {
bignum_free(g);
g = NULL;
bignum_free(p_group1);
p_group1 = NULL;
bignum_free(p_group14);
p_group14 = NULL;
-#ifdef HAVE_LIBGCRYPT
- gcry_control(GCRYCTL_TERM_SECMEM);
-#elif defined HAVE_LIBCRYPTO
- EVP_cleanup();
- CRYPTO_cleanup_all_ex_data();
-#endif
- ssh_crypto_initialized=0;
+ dh_crypto_initialized=0;
}
}
diff --git a/src/init.c b/src/init.c
index 241b8618..a2418a1d 100644
--- a/src/init.c
+++ b/src/init.c
@@ -55,6 +55,9 @@ int ssh_init(void) {
return -1;
if(ssh_crypto_init())
return -1;
+ if(ssh_dh_init() == SSH_ERROR){
+ return -1;
+ }
if(ssh_socket_init())
return -1;
return 0;
@@ -72,6 +75,7 @@ int ssh_init(void) {
*/
int ssh_finalize(void) {
ssh_crypto_finalize();
+ ssh_dh_finalize();
ssh_socket_cleanup();
/* It is important to finalize threading after CRYPTO because
* it still depends on it */
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 203f3a70..dae6f035 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -69,6 +69,31 @@ struct ssh_mac_ctx_struct {
} ctx;
};
+static int libcrypto_initialized = 0;
+/**
+ * @internal
+ * @brief Initialize libcrypto's subsystem
+ */
+int ssh_crypto_init(void) {
+ if (libcrypto_initialized == 0) {
+ OpenSSL_add_all_algorithms();
+ libcrypto_initialized = 1;
+ }
+ return 0;
+}
+
+/**
+ * @internal
+ * @brief Finalize libcrypto's subsystem
+ */
+void ssh_crypto_finalize(void) {
+ if (libcrypto_initialized) {
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ libcrypto_initialized=0;
+ }
+}
+
void ssh_reseed(void){
#ifndef _WIN32
struct timeval tv;
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 69f2ddc0..0812e1b9 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -47,6 +47,35 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
return 0;
}
+static int libgcrypt_initialized = 0;
+/**
+ * @internal
+ * @brief Initialize libgcrypt's subsystem
+ */
+int ssh_crypto_init(void) {
+ if (libgcrypt_initialized == 0) {
+ gcry_check_version(NULL);
+ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) {
+ gcry_control(GCRYCTL_INIT_SECMEM, 4096);
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
+ }
+
+ libgcrypt_initialized = 1;
+ }
+ return 0;
+}
+
+/**
+ * @internal
+ * @brief Finalize libgcrypt's subsystem
+ */
+void ssh_crypto_finalize(void) {
+ if (libgcrypt_initialized) {
+ gcry_control(GCRYCTL_TERM_SECMEM);
+ libgcrypt_initialized=0;
+ }
+}
+
void ssh_reseed(void){
}