arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

memory reductions

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@131 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-10-01 21:49:12 +00:00
parent 91f0c4bec0
commit 18cde1355d
7 changed files with 48 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ssl/bigint.c
View File

@ -96,8 +96,6 @@ BI_CTX *bi_initialize(void)
*/
void bi_terminate(BI_CTX *ctx)
{
bigint *p, *pn;
bi_depermanent(ctx->bi_radix);
bi_free(ctx, ctx->bi_radix);
@ -110,6 +108,20 @@ void bi_terminate(BI_CTX *ctx)
abort();
}
bi_clear_cache(ctx);
free(ctx);
}
/**
*@brief Clear the memory cache.
*/
void bi_clear_cache(BI_CTX *ctx)
{
bigint *p, *pn;
if (ctx->free_list == NULL)
return;
for (p = ctx->free_list; p != NULL; p = pn)
{
pn = p->next;
@ -117,7 +129,8 @@ void bi_terminate(BI_CTX *ctx)
free(p);
}
free(ctx);
ctx->free_count = 0;
ctx->free_list = NULL;
}
/**

1
ssl/bigint.h
View File

@ -30,6 +30,7 @@ BI_CTX *bi_initialize(void);
void bi_terminate(BI_CTX *ctx);
void bi_permanent(bigint *bi);
void bi_depermanent(bigint *bi);
void bi_clear_cache(BI_CTX *ctx);
void bi_free(BI_CTX *ctx, bigint *bi);
bigint *bi_copy(bigint *bi);
bigint *bi_clone(BI_CTX *ctx, const bigint *bi);

6
ssl/rsa.c
View File

@ -249,6 +249,9 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) :
RSA_public(ctx, dat_bi);
bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
/* save a few bytes of memory */
bi_clear_cache(ctx->bi_ctx);
return byte_size;
}
@ -296,6 +299,9 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
#ifdef WIN32
free(block);
#endif
/* save a few bytes of memory */
bi_clear_cache(ctx);
return bir;
}

39
ssl/tls1.c
View File

@ -269,7 +269,6 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
SSL_CTX_UNLOCK(ssl_ctx->mutex);
/* may already be free - but be sure */
free(ssl->all_pkts);
free(ssl->final_finish_mac);
free(ssl->key_block);
free(ssl->encrypt_ctx);
@ -408,13 +407,17 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
/* make sure the cert is valid */
cert = ca_cert_ctx->cert[i];
SSL_CTX_LOCK(ssl_ctx->mutex);
if ((ret = x509_verify(ca_cert_ctx, cert)))
{
SSL_CTX_UNLOCK(ssl_ctx->mutex);
x509_free(cert); /* get rid of it */
ca_cert_ctx->cert[i] = NULL;
goto error;
}
SSL_CTX_UNLOCK(ssl_ctx->mutex);
len -= offset;
ret = SSL_OK; /* ok so far */
@ -549,6 +552,8 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
#ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif
MD5_Init(&ssl->md5_ctx);
SHA1_Init(&ssl->sha1_ctx);
/* a bit hacky but saves a few bytes of memory */
ssl->flag |= ssl_ctx->options;
@ -673,7 +678,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
*/
static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
{
unsigned char hmac_buf[SHA1_SIZE];
uint8_t hmac_buf[SHA1_SIZE];
int hmac_offset;
if (ssl->cipher_info->padding_size)
@ -709,10 +714,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
*/
void add_packet(SSL *ssl, const uint8_t *pkt, int len)
{
int new_len = ssl->all_pkts_len + len;
ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len);
memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
ssl->all_pkts_len = new_len;
MD5_Update(&ssl->md5_ctx, pkt, len);
SHA1_Update(&ssl->sha1_ctx, pkt, len);
}
/**
@ -790,7 +793,7 @@ static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
for (i=0; i < olen; i++)
for (i = 0; i < olen; i++)
out[i] = xbuf[i] ^ ybuf[i];
}
@ -828,10 +831,10 @@ static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
*/
void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
{
unsigned char mac_buf[128];
unsigned char *q = mac_buf;
MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
uint8_t mac_buf[128];
uint8_t *q = mac_buf;
MD5_CTX md5_ctx = ssl->md5_ctx;
SHA1_CTX sha1_ctx = ssl->sha1_ctx;
if (label)
{
@ -839,13 +842,9 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
q += strlen(label);
}
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
MD5_Final(q, &md5_ctx);
q += MD5_SIZE;
SHA1_Init(&sha1_ctx);
SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
SHA1_Final(q, &sha1_ctx);
q += SHA1_SIZE;
@ -1476,11 +1475,6 @@ int process_finished(SSL *ssl, int hs_len)
ret = send_finished(ssl);
}
/* Don't need this stuff anymore */
free(ssl->all_pkts);
ssl->all_pkts = NULL;
ssl->all_pkts_len = 0;
memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
free(ssl->master_secret);
ssl->master_secret = NULL;
@ -1713,7 +1707,10 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
*/
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{
int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
int ret;
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (ret) /* modify into an SSL error type */
{

2
ssl/tls1.h
View File

@ -163,6 +163,8 @@ struct _SSL
int16_t hs_status;
uint8_t *all_pkts;
int all_pkts_len;
MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
int client_fd;
const cipher_info_t *cipher_info;
uint8_t *final_finish_mac;

4
ssl/tls1_svr.c
View File

@ -432,7 +432,11 @@ static int process_cert_verify(SSL *ssl)
PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
/* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (n != SHA1_SIZE + MD5_SIZE)
{

2
www/index.html
View File

File diff suppressed because one or more lines are too long