arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

memory reductions

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@131 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-10-01 21:49:12 +00:00
parent 91f0c4bec0
commit 18cde1355d
7 changed files with 48 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ssl/bigint.c
View File

@ -96,8 +96,6 @@ BI_CTX *bi_initialize(void)
*/ */
void bi_terminate(BI_CTX *ctx) void bi_terminate(BI_CTX *ctx)
{ {
bigint *p, *pn;
bi_depermanent(ctx->bi_radix); bi_depermanent(ctx->bi_radix);
bi_free(ctx, ctx->bi_radix); bi_free(ctx, ctx->bi_radix);
@ -110,6 +108,20 @@ void bi_terminate(BI_CTX *ctx)
abort(); abort();
} }
bi_clear_cache(ctx);
free(ctx);
}
/**
*@brief Clear the memory cache.
*/
void bi_clear_cache(BI_CTX *ctx)
{
bigint *p, *pn;
if (ctx->free_list == NULL)
return;
for (p = ctx->free_list; p != NULL; p = pn) for (p = ctx->free_list; p != NULL; p = pn)
{ {
pn = p->next; pn = p->next;
@ -117,7 +129,8 @@ void bi_terminate(BI_CTX *ctx)
free(p); free(p);
} }
free(ctx); ctx->free_count = 0;
ctx->free_list = NULL;
} }
/** /**

1
ssl/bigint.h
View File

@ -30,6 +30,7 @@ BI_CTX *bi_initialize(void);
void bi_terminate(BI_CTX *ctx); void bi_terminate(BI_CTX *ctx);
void bi_permanent(bigint *bi); void bi_permanent(bigint *bi);
void bi_depermanent(bigint *bi); void bi_depermanent(bigint *bi);
void bi_clear_cache(BI_CTX *ctx);
void bi_free(BI_CTX *ctx, bigint *bi); void bi_free(BI_CTX *ctx, bigint *bi);
bigint *bi_copy(bigint *bi); bigint *bi_copy(bigint *bi);
bigint *bi_clone(BI_CTX *ctx, const bigint *bi); bigint *bi_clone(BI_CTX *ctx, const bigint *bi);

6
ssl/rsa.c
View File

@ -249,6 +249,9 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) :
RSA_public(ctx, dat_bi); RSA_public(ctx, dat_bi);
bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size); bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
/* save a few bytes of memory */
bi_clear_cache(ctx->bi_ctx);
return byte_size; return byte_size;
} }
@ -296,6 +299,9 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
#ifdef WIN32 #ifdef WIN32
free(block); free(block);
#endif #endif
/* save a few bytes of memory */
bi_clear_cache(ctx);
return bir; return bir;
} }

37
ssl/tls1.c
View File

@ -269,7 +269,6 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
SSL_CTX_UNLOCK(ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl_ctx->mutex);
/* may already be free - but be sure */ /* may already be free - but be sure */
free(ssl->all_pkts);
free(ssl->final_finish_mac); free(ssl->final_finish_mac);
free(ssl->key_block); free(ssl->key_block);
free(ssl->encrypt_ctx); free(ssl->encrypt_ctx);
@ -408,13 +407,17 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
/* make sure the cert is valid */ /* make sure the cert is valid */
cert = ca_cert_ctx->cert[i]; cert = ca_cert_ctx->cert[i];
SSL_CTX_LOCK(ssl_ctx->mutex);
if ((ret = x509_verify(ca_cert_ctx, cert))) if ((ret = x509_verify(ca_cert_ctx, cert)))
{ {
SSL_CTX_UNLOCK(ssl_ctx->mutex);
x509_free(cert); /* get rid of it */ x509_free(cert); /* get rid of it */
ca_cert_ctx->cert[i] = NULL; ca_cert_ctx->cert[i] = NULL;
goto error; goto error;
} }
SSL_CTX_UNLOCK(ssl_ctx->mutex);
len -= offset; len -= offset;
ret = SSL_OK; /* ok so far */ ret = SSL_OK; /* ok so far */
@ -549,6 +552,8 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
#ifdef CONFIG_ENABLE_VERIFICATION #ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx; ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif #endif
MD5_Init(&ssl->md5_ctx);
SHA1_Init(&ssl->sha1_ctx);
/* a bit hacky but saves a few bytes of memory */ /* a bit hacky but saves a few bytes of memory */
ssl->flag |= ssl_ctx->options; ssl->flag |= ssl_ctx->options;
@ -673,7 +678,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
*/ */
static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len) static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
{ {
unsigned char hmac_buf[SHA1_SIZE]; uint8_t hmac_buf[SHA1_SIZE];
int hmac_offset; int hmac_offset;
if (ssl->cipher_info->padding_size) if (ssl->cipher_info->padding_size)
@ -709,10 +714,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
*/ */
void add_packet(SSL *ssl, const uint8_t *pkt, int len) void add_packet(SSL *ssl, const uint8_t *pkt, int len)
{ {
int new_len = ssl->all_pkts_len + len; MD5_Update(&ssl->md5_ctx, pkt, len);
ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len); SHA1_Update(&ssl->sha1_ctx, pkt, len);
memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
ssl->all_pkts_len = new_len;
} }
/** /**
@ -828,10 +831,10 @@ static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
*/ */
void finished_digest(SSL *ssl, const char *label, uint8_t *digest) void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
{ {
unsigned char mac_buf[128]; uint8_t mac_buf[128];
unsigned char *q = mac_buf; uint8_t *q = mac_buf;
MD5_CTX md5_ctx; MD5_CTX md5_ctx = ssl->md5_ctx;
SHA1_CTX sha1_ctx; SHA1_CTX sha1_ctx = ssl->sha1_ctx;
if (label) if (label)
{ {
@ -839,13 +842,9 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
q += strlen(label); q += strlen(label);
} }
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
MD5_Final(q, &md5_ctx); MD5_Final(q, &md5_ctx);
q += MD5_SIZE; q += MD5_SIZE;
SHA1_Init(&sha1_ctx);
SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
SHA1_Final(q, &sha1_ctx); SHA1_Final(q, &sha1_ctx);
q += SHA1_SIZE; q += SHA1_SIZE;
@ -1476,11 +1475,6 @@ int process_finished(SSL *ssl, int hs_len)
ret = send_finished(ssl); ret = send_finished(ssl);
} }
/* Don't need this stuff anymore */
free(ssl->all_pkts);
ssl->all_pkts = NULL;
ssl->all_pkts_len = 0;
memset(ssl->master_secret, 0, SSL_SECRET_SIZE); memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
free(ssl->master_secret); free(ssl->master_secret);
ssl->master_secret = NULL; ssl->master_secret = NULL;
@ -1713,7 +1707,10 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
*/ */
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl) EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{ {
int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx); int ret;
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (ret) /* modify into an SSL error type */ if (ret) /* modify into an SSL error type */
{ {

2
ssl/tls1.h
View File

@ -163,6 +163,8 @@ struct _SSL
int16_t hs_status; int16_t hs_status;
uint8_t *all_pkts; uint8_t *all_pkts;
int all_pkts_len; int all_pkts_len;
MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
int client_fd; int client_fd;
const cipher_info_t *cipher_info; const cipher_info_t *cipher_info;
uint8_t *final_finish_mac; uint8_t *final_finish_mac;

4
ssl/tls1_svr.c
View File

@ -432,7 +432,11 @@ static int process_cert_verify(SSL *ssl)
PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6); PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx); DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
/* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0); n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (n != SHA1_SIZE + MD5_SIZE) if (n != SHA1_SIZE + MD5_SIZE)
{ {

2
www/index.html
View File

File diff suppressed because one or more lines are too long