From 73424c689f70402c205a1d2ff4f117c7e700274f Mon Sep 17 00:00:00 2001 From: William Smith Date: Sun, 27 Jan 2013 11:58:55 -0500 Subject: [PATCH] bignum: make mpi_init() and mpi_free() accept a single argument Make mpi_init() and mpi_free() accept a single argument. This prevents unexpected memory corruption in some cases, makes the API simpler to use and less error prone. Before this change, mpi_init() and mpi_free() accepted a variable-length list of arguments that had to be terminated by NULL. --- include/tropicssl/bignum.h | 8 ++-- library/bignum.c | 111 +++++++++++++++++++++----------------------- library/dhm.c | 5 +- library/rsa.c | 32 +++++++------ programs/pkey/dh_genprime.c | 4 +- programs/pkey/mpi_demo.c | 8 +++- 6 files changed, 87 insertions(+), 81 deletions(-) diff --git a/include/tropicssl/bignum.h b/include/tropicssl/bignum.h index 4c21334..2a00955 100644 --- a/include/tropicssl/bignum.h +++ b/include/tropicssl/bignum.h @@ -87,14 +87,14 @@ extern "C" { #endif /** - * \brief Initialize one or more mpi + * \brief Initialize one MPI */ - void mpi_init(mpi * X, ...); + void mpi_init(mpi * X); /** - * \brief Unallocate one or more mpi + * \brief Unallocate one MPI */ - void mpi_free(mpi * X, ...); + void mpi_free(mpi * X); /** * \brief Enlarge to the specified number of limbs diff --git a/library/bignum.c b/library/bignum.c index 28cb85b..d746997 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -63,48 +63,35 @@ #define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) /* - * Initialize one or more mpi + * Initialize one MPI */ -void mpi_init(mpi * X, ...) +void mpi_init(mpi * X) { - va_list args; - - va_start(args, X); - - while (X != NULL) { - X->s = 1; - X->n = 0; - X->p = NULL; - - X = va_arg(args, mpi *); + if (X == NULL) { + return; } - - va_end(args); + X->s = 1; + X->n = 0; + X->p = NULL; } /* - * Unallocate one or more mpi + * Unallocate one MPI */ -void mpi_free(mpi * X, ...) +void mpi_free(mpi * X) { - va_list args; - - va_start(args, X); - - while (X != NULL) { - if (X->p != NULL) { - memset(X->p, 0, X->n * ciL); - free(X->p); - } - - X->s = 1; - X->n = 0; - X->p = NULL; + if (X == NULL) { + return; + } - X = va_arg(args, mpi *); + if (X->p != NULL) { + memset(X->p, 0, X->n * ciL); + free(X->p); } - va_end(args); + X->s = 1; + X->n = 0; + X->p = NULL; } /* @@ -263,7 +250,7 @@ int mpi_read_string(mpi * X, int radix, const char *s) if (radix < 2 || radix > 16) return (TROPICSSL_ERR_MPI_BAD_INPUT_DATA); - mpi_init(&T, NULL); + mpi_init(&T); if (radix == 16) { n = BITS_TO_LIMBS(strlen(s) << 2); @@ -297,7 +284,7 @@ int mpi_read_string(mpi * X, int radix, const char *s) cleanup: - mpi_free(&T, NULL); + mpi_free(&T); return (ret); } @@ -354,7 +341,7 @@ int mpi_write_string(const mpi * X, int radix, char *s, int *slen) } p = s; - mpi_init(&T, NULL); + mpi_init(&T); if (X->s == -1) *p++ = '-'; @@ -383,7 +370,7 @@ int mpi_write_string(const mpi * X, int radix, char *s, int *slen) cleanup: - mpi_free(&T, NULL); + mpi_free(&T); return (ret); } @@ -753,7 +740,7 @@ int mpi_sub_abs(mpi * X, const mpi * A, const mpi * B) if (mpi_cmp_abs(A, B) < 0) return (TROPICSSL_ERR_MPI_NEGATIVE_VALUE); - mpi_init(&TB, NULL); + mpi_init(&TB); if (X == B) { MPI_CHK(mpi_copy(&TB, B)); @@ -773,7 +760,7 @@ int mpi_sub_abs(mpi * X, const mpi * A, const mpi * B) cleanup: - mpi_free(&TB, NULL); + mpi_free(&TB); return (ret); } @@ -910,7 +897,7 @@ int mpi_mul_mpi(mpi * X, const mpi * A, const mpi * B) int ret, i, j; mpi TA, TB; - mpi_init(&TA, &TB, NULL); + mpi_init(&TA); mpi_init(&TB); if (X == A) { MPI_CHK(mpi_copy(&TA, A)); @@ -939,7 +926,7 @@ int mpi_mul_mpi(mpi * X, const mpi * A, const mpi * B) cleanup: - mpi_free(&TB, &TA, NULL); + mpi_free(&TB); mpi_free(&TA); return (ret); } @@ -971,7 +958,8 @@ int mpi_div_mpi(mpi * Q, mpi * R, const mpi * A, const mpi * B) if (mpi_cmp_int(B, 0) == 0) return (TROPICSSL_ERR_MPI_DIVISION_BY_ZERO); - mpi_init(&X, &Y, &Z, &T1, &T2, NULL); + mpi_init(&X); mpi_init(&Y); mpi_init(&Z); + mpi_init(&T1); mpi_init(&T2); if (mpi_cmp_abs(A, B) < 0) { if (Q != NULL) @@ -1106,7 +1094,8 @@ int mpi_div_mpi(mpi * Q, mpi * R, const mpi * A, const mpi * B) cleanup: - mpi_free(&X, &Y, &Z, &T1, &T2, NULL); + mpi_free(&X); mpi_free(&Y); mpi_free(&Z); + mpi_free(&T1); mpi_free(&T2); return (ret); } @@ -1287,7 +1276,7 @@ int mpi_exp_mod(mpi * X, const mpi * A, const mpi * E, const mpi * N, mpi * _RR) * Init temps and window size */ mpi_montg_init(&mm, N); - mpi_init(&RR, &T, NULL); + mpi_init(&RR); mpi_init(&T); memset(W, 0, sizeof(W)); i = mpi_msb(E); @@ -1429,12 +1418,12 @@ int mpi_exp_mod(mpi * X, const mpi * A, const mpi * E, const mpi * N, mpi * _RR) cleanup: for (i = (1 << (wsize - 1)); i < (1 << wsize); i++) - mpi_free(&W[i], NULL); + mpi_free(&W[i]); - if (_RR != NULL) - mpi_free(&W[1], &T, NULL); - else - mpi_free(&W[1], &T, &RR, NULL); + mpi_free(&W[1]); mpi_free(&T); + if (_RR == NULL) { + mpi_free(&RR); + } return (ret); } @@ -1447,7 +1436,7 @@ int mpi_gcd(mpi * G, const mpi * A, const mpi * B) int ret, lz, lzt; mpi TG, TA, TB; - mpi_init(&TG, &TA, &TB, NULL); + mpi_init(&TG); mpi_init(&TA); mpi_init(&TB); MPI_CHK(mpi_copy(&TA, A)); MPI_CHK(mpi_copy(&TB, B)); @@ -1481,7 +1470,7 @@ int mpi_gcd(mpi * G, const mpi * A, const mpi * B) cleanup: - mpi_free(&TB, &TA, &TG, NULL); + mpi_free(&TB); mpi_free(&TA); mpi_free(&TG); return (ret); } @@ -1499,7 +1488,9 @@ int mpi_inv_mod(mpi * X, const mpi * A, const mpi * N) if (mpi_cmp_int(N, 0) <= 0) return (TROPICSSL_ERR_MPI_BAD_INPUT_DATA); - mpi_init(&TA, &TU, &U1, &U2, &G, &TB, &TV, &V1, &V2, NULL); + mpi_init(&TA); mpi_init(&TU); mpi_init(&U1); mpi_init(&U2); + mpi_init(&G); mpi_init(&TB); mpi_init(&TV); + mpi_init(&V1); mpi_init(&V2); MPI_CHK(mpi_gcd(&G, A, N)); @@ -1564,7 +1555,9 @@ int mpi_inv_mod(mpi * X, const mpi * A, const mpi * N) cleanup: - mpi_free(&V2, &V1, &TV, &TB, &G, &U2, &U1, &TU, &TA, NULL); + mpi_free(&V2); mpi_free(&V1); mpi_free(&TV); mpi_free(&TB); + mpi_free(&G); mpi_free(&U2); mpi_free(&U1); + mpi_free(&TU); mpi_free(&TA); return (ret); } @@ -1605,7 +1598,8 @@ int mpi_is_prime(mpi * X, int (*f_rng) (void *), void *p_rng) if (mpi_cmp_int(X, 0) == 0) return (0); - mpi_init(&W, &R, &T, &A, &RR, NULL); + mpi_init(&W); mpi_init(&R); mpi_init(&T); + mpi_init(&A); mpi_init(&RR); xs = X->s; X->s = 1; @@ -1694,7 +1688,8 @@ cleanup: X->s = xs; - mpi_free(&RR, &A, &T, &R, &W, NULL); + mpi_free(&RR); mpi_free(&A); mpi_free(&T); + mpi_free(&R); mpi_free(&W); return (ret); } @@ -1712,7 +1707,7 @@ int mpi_gen_prime(mpi * X, int nbits, int dh_flag, if (nbits < 3) return (TROPICSSL_ERR_MPI_BAD_INPUT_DATA); - mpi_init(&Y, NULL); + mpi_init(&Y); n = BITS_TO_LIMBS(nbits); @@ -1762,7 +1757,7 @@ int mpi_gen_prime(mpi * X, int nbits, int dh_flag, cleanup: - mpi_free(&Y, NULL); + mpi_free(&Y); return (ret); } @@ -1787,7 +1782,8 @@ int mpi_self_test(int verbose) int ret, i; mpi A, E, N, X, Y, U, V; - mpi_init(&A, &E, &N, &X, &Y, &U, &V, NULL); + mpi_init(&A); mpi_init(&E); mpi_init(&N); mpi_init(&X); + mpi_init(&Y); mpi_init(&U); mpi_init(&V); MPI_CHK(mpi_read_string(&A, 16, "EFE021C2645FD1DC586E69184AF4A31E" @@ -1917,7 +1913,8 @@ cleanup: if (ret != 0 && verbose != 0) printf("Unexpected error, return code = %08X\n", ret); - mpi_free(&V, &U, &Y, &X, &N, &E, &A, NULL); + mpi_free(&V); mpi_free(&U); mpi_free(&Y); mpi_free(&X); + mpi_free(&N); mpi_free(&E); mpi_free(&A); if (verbose != 0) printf("\n"); diff --git a/library/dhm.c b/library/dhm.c index 02aabf2..0732714 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -239,8 +239,9 @@ cleanup: */ void dhm_free(dhm_context * ctx) { - mpi_free(&ctx->RP, &ctx->K, &ctx->GY, - &ctx->GX, &ctx->X, &ctx->G, &ctx->P, NULL); + mpi_free(&ctx->RP); mpi_free(&ctx->K); mpi_free(&ctx->GY); + mpi_free(&ctx->GX); mpi_free(&ctx->X); mpi_free(&ctx->G); + mpi_free(&ctx->P); } #if defined(TROPICSSL_SELF_TEST) diff --git a/library/rsa.c b/library/rsa.c index b8d16a5..c17fa92 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -77,7 +77,7 @@ int rsa_gen_key(rsa_context * ctx, int nbits, int exponent) if (ctx->f_rng == NULL || nbits < 128 || exponent < 3) return (TROPICSSL_ERR_RSA_BAD_INPUT_DATA); - mpi_init(&P1, &Q1, &H, &G, NULL); + mpi_init(&P1); mpi_init(&Q1); mpi_init(&H); mpi_init(&G); /* * find primes P and Q with Q < P so that: @@ -123,7 +123,7 @@ int rsa_gen_key(rsa_context * ctx, int nbits, int exponent) cleanup: - mpi_free(&G, &H, &Q1, &P1, NULL); + mpi_free(&G); mpi_free(&H); mpi_free(&Q1); mpi_free(&P1); if (ret != 0) { rsa_free(ctx); @@ -163,7 +163,8 @@ int rsa_check_privkey(const rsa_context * ctx) if ((ret = rsa_check_pubkey(ctx)) != 0) return (ret); - mpi_init(&PQ, &DE, &P1, &Q1, &H, &I, &G, NULL); + mpi_init(&PQ); mpi_init(&DE); mpi_init(&P1); mpi_init(&Q1); + mpi_init(&H); mpi_init(&I); mpi_init(&G); MPI_CHK(mpi_mul_mpi(&PQ, &ctx->P, &ctx->Q)); MPI_CHK(mpi_mul_mpi(&DE, &ctx->D, &ctx->E)); @@ -175,13 +176,15 @@ int rsa_check_privkey(const rsa_context * ctx) if (mpi_cmp_mpi(&PQ, &ctx->N) == 0 && mpi_cmp_int(&I, 1) == 0 && mpi_cmp_int(&G, 1) == 0) { - mpi_free(&G, &I, &H, &Q1, &P1, &DE, &PQ, NULL); + mpi_free(&G); mpi_free(&I); mpi_free(&H); mpi_free(&Q1); + mpi_free(&P1); mpi_free(&DE); mpi_free(&PQ); return (0); } cleanup: - mpi_free(&G, &I, &H, &Q1, &P1, &DE, &PQ, NULL); + mpi_free(&G); mpi_free(&I); mpi_free(&H); mpi_free(&Q1); + mpi_free(&P1); mpi_free(&DE); mpi_free(&PQ); return (TROPICSSL_ERR_RSA_KEY_CHECK_FAILED | ret); } @@ -193,12 +196,12 @@ int rsa_public(rsa_context * ctx, const unsigned char *input, unsigned char *out int ret, olen; mpi T; - mpi_init(&T, NULL); + mpi_init(&T); MPI_CHK(mpi_read_binary(&T, input, ctx->len)); if (mpi_cmp_mpi(&T, &ctx->N) >= 0) { - mpi_free(&T, NULL); + mpi_free(&T); return (TROPICSSL_ERR_RSA_BAD_INPUT_DATA); } @@ -208,7 +211,7 @@ int rsa_public(rsa_context * ctx, const unsigned char *input, unsigned char *out cleanup: - mpi_free(&T, NULL); + mpi_free(&T); if (ret != 0) return (TROPICSSL_ERR_RSA_PUBLIC_FAILED | ret); @@ -224,12 +227,12 @@ int rsa_private(rsa_context * ctx, const unsigned char *input, unsigned char *ou int ret, olen; mpi T, T1, T2; - mpi_init(&T, &T1, &T2, NULL); + mpi_init(&T); mpi_init(&T1); mpi_init(&T2); MPI_CHK(mpi_read_binary(&T, input, ctx->len)); if (mpi_cmp_mpi(&T, &ctx->N) >= 0) { - mpi_free(&T, NULL); + mpi_free(&T); return (TROPICSSL_ERR_RSA_BAD_INPUT_DATA); } #if 0 @@ -263,7 +266,7 @@ int rsa_private(rsa_context * ctx, const unsigned char *input, unsigned char *ou cleanup: - mpi_free(&T, &T1, &T2, NULL); + mpi_free(&T); mpi_free(&T1); mpi_free(&T2); if (ret != 0) return (TROPICSSL_ERR_RSA_PRIVATE_FAILED | ret); @@ -548,9 +551,10 @@ int rsa_pkcs1_verify(rsa_context * ctx, */ void rsa_free(rsa_context * ctx) { - mpi_free(&ctx->RQ, &ctx->RP, &ctx->RN, - &ctx->QP, &ctx->DQ, &ctx->DP, - &ctx->Q, &ctx->P, &ctx->D, &ctx->E, &ctx->N, NULL); + mpi_free(&ctx->RQ); mpi_free(&ctx->RP); mpi_free(&ctx->RN); + mpi_free(&ctx->QP); mpi_free(&ctx->DQ); mpi_free(&ctx->DP); + mpi_free(&ctx->Q); mpi_free(&ctx->P); mpi_free(&ctx->D); + mpi_free(&ctx->E); mpi_free(&ctx->N); } #if defined(TROPICSSL_SELF_TEST) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 08157c5..f7933ba 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -59,7 +59,7 @@ int main(void) havege_state hs; FILE *fout; - mpi_init(&G, &P, &Q, NULL); + mpi_init(&G); mpi_init(&P); mpi_init(&Q); mpi_read_string(&G, 10, GENERATOR); printf("\n . Seeding the random number generator..."); @@ -116,7 +116,7 @@ int main(void) exit: - mpi_free(&Q, &P, &G, NULL); + mpi_free(&Q); mpi_free(&P); mpi_free(&G); #else printf("\n ! Prime-number generation is not available.\n\n"); #endif diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 97b81bb..2385cdf 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -45,7 +45,9 @@ int main(void) { mpi E, P, Q, N, H, D, X, Y, Z; - mpi_init(&E, &P, &Q, &N, &H, &D, &X, &Y, &Z, NULL); + mpi_init(&E); mpi_init(&P); mpi_init(&Q); mpi_init(&N); + mpi_init(&H); mpi_init(&D); mpi_init(&X); mpi_init(&Y); + mpi_init(&Z); mpi_read_string(&P, 10, "2789"); mpi_read_string(&Q, 10, "3203"); @@ -77,7 +79,9 @@ int main(void) mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL); printf("\n"); - mpi_free(&Z, &Y, &X, &D, &H, &N, &Q, &P, &E, NULL); + mpi_free(&Z); mpi_free(&Y); mpi_free(&X); mpi_free(&D); + mpi_free(&H); mpi_free(&N); mpi_free(&Q); mpi_free(&P); + mpi_free(&E); #ifdef WIN32 printf(" Press Enter to exit this program.\n"); -- 2.11.4.GIT