arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

some more memory tweaks

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@135 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2007-10-04 11:25:28 +00:00
parent 6afb2ce28b
commit fa0bf09b86
5 changed files with 88 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
ssl/tls1.c
View File

@ -269,13 +269,9 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
SSL_CTX_UNLOCK(ssl_ctx->mutex);
/* may already be free - but be sure */
free(ssl->final_finish_mac);
free(ssl->key_block);
free(ssl->encrypt_ctx);
free(ssl->decrypt_ctx);
free(ssl->master_secret);
free(ssl->md5_ctx);
free(ssl->sha1_ctx);
disposable_free(ssl);
#ifdef CONFIG_SSL_CERT_VERIFICATION
x509_free(ssl->x509_ctx);
#endif
@ -499,6 +495,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
{
int ret = SSL_OK;
disposable_new(ssl);
#ifdef CONFIG_SSL_ENABLE_CLIENT
if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
{
@ -547,17 +544,12 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
ssl->need_bytes = SSL_RECORD_SIZE; /* need a record */
ssl->client_fd = client_fd;
ssl->flag = SSL_NEED_RECORD;
ssl->certs = ssl_ctx->certs;
ssl->chain_length = ssl_ctx->chain_length;
ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif
ssl->md5_ctx = (MD5_CTX *)malloc(sizeof(MD5_CTX));
ssl->sha1_ctx = (SHA1_CTX *)malloc(sizeof(SHA1_CTX));
MD5_Init(ssl->md5_ctx);
SHA1_Init(ssl->sha1_ctx);
disposable_new(ssl);
/* a bit hacky but saves a few bytes of memory */
ssl->flag |= ssl_ctx->options;
@ -718,8 +710,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
*/
void add_packet(SSL *ssl, const uint8_t *pkt, int len)
{
MD5_Update(ssl->md5_ctx, pkt, len);
SHA1_Update(ssl->sha1_ctx, pkt, len);
MD5_Update(&ssl->dc->md5_ctx, pkt, len);
SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
}
/**
@ -809,10 +801,9 @@ void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
{
uint8_t buf[128]; /* needs to be > 13+32+32 in size */
strcpy((char *)buf, "master secret");
memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE);
memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE);
ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
SSL_SECRET_SIZE);
}
@ -837,8 +828,8 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
{
uint8_t mac_buf[128];
uint8_t *q = mac_buf;
MD5_CTX md5_ctx = *ssl->md5_ctx;
SHA1_CTX sha1_ctx = *ssl->sha1_ctx;
MD5_CTX md5_ctx = ssl->dc->md5_ctx;
SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
if (label)
{
@ -854,7 +845,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
if (label)
{
prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
digest, SSL_FINISHED_HASH_SIZE);
}
else /* for use in a certificate verify */
@ -864,7 +855,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
#if 0
printf("label: %s\n", label);
print_blob("master secret", ssl->master_secret, 48);
print_blob("master secret", ssl->dc->master_secret, 48);
print_blob("mac_buf", mac_buf, q-mac_buf);
print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
#endif
@ -1071,27 +1062,26 @@ static void set_key_block(SSL *ssl, int is_write)
uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
uint8_t client_iv[16], server_iv[16]; /* big enough for AES128/256 */
int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
int key_block_existed = 1;
/* only do once in a handshake */
if (ssl->key_block == NULL)
if (ssl->dc->key_block == NULL)
{
ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
#if 0
print_blob("client", ssl->client_random, 32);
print_blob("server", ssl->server_random, 32);
print_blob("master", ssl->master_secret, SSL_SECRET_SIZE);
print_blob("client", ssl->dc->client_random, 32);
print_blob("server", ssl->dc->server_random, 32);
print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
#endif
generate_key_block(ssl->client_random, ssl->server_random,
ssl->master_secret, ssl->key_block, ciph_info->key_block_size);
generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
ssl->dc->master_secret, ssl->dc->key_block,
ciph_info->key_block_size);
#if 0
print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
#endif
key_block_existed = 0;
}
q = ssl->key_block;
q = ssl->dc->key_block;
if ((is_client && is_write) || (!is_client && !is_write))
{
@ -1123,15 +1113,10 @@ static void set_key_block(SSL *ssl, int is_write)
free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
if (ssl->final_finish_mac == NULL)
{
ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
}
/* now initialise the ciphers */
if (is_client)
{
finished_digest(ssl, server_finished, ssl->final_finish_mac);
finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
if (is_write)
ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
@ -1140,7 +1125,7 @@ static void set_key_block(SSL *ssl, int is_write)
}
else
{
finished_digest(ssl, client_finished, ssl->final_finish_mac);
finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
if (is_write)
ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
@ -1149,14 +1134,6 @@ static void set_key_block(SSL *ssl, int is_write)
}
ssl->cipher_info = ciph_info;
/* clean up if possible */
if (key_block_existed)
{
memset(ssl->key_block, 0, ciph_info->key_block_size);
free(ssl->key_block);
ssl->key_block = NULL;
}
}
/**
@ -1249,7 +1226,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
switch (ssl->record_type)
{
case PT_HANDSHAKE_PROTOCOL:
ssl->bm_proc_index = 0;
ssl->dc->bm_proc_index = 0;
ret = do_handshake(ssl, buf, read_len);
break;
@ -1379,7 +1356,7 @@ int send_finished(SSL *ssl)
if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
{
memcpy(ssl->session->master_secret,
ssl->master_secret, SSL_SECRET_SIZE);
ssl->dc->master_secret, SSL_SECRET_SIZE);
}
#endif
@ -1470,7 +1447,7 @@ int process_finished(SSL *ssl, int hs_len)
PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
/* check that we all work before we continue */
if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
return SSL_ERROR_FINISHED_INVALID;
if ((!is_client && !resume) || (is_client && resume))
@ -1479,14 +1456,6 @@ int process_finished(SSL *ssl, int hs_len)
ret = send_finished(ssl);
}
memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
free(ssl->master_secret);
ssl->master_secret = NULL;
memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
free(ssl->final_finish_mac);
ssl->final_finish_mac = NULL;
/* if we ever renegotiate */
ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;
ssl->hs_status = ret; /* set the final handshake status */
@ -1509,9 +1478,9 @@ int send_certificate(SSL *ssl)
buf[1] = 0;
buf[4] = 0;
while (i < ssl->chain_length)
while (i < ssl->ssl_ctx->chain_length)
{
SSL_CERT *cert = &ssl->certs[i];
SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
buf[offset++] = 0;
buf[offset++] = cert->size >> 8; /* cert 1 length */
buf[offset++] = cert->size & 0xff;
@ -1530,6 +1499,35 @@ int send_certificate(SSL *ssl)
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
}
/**
* Create a blob of memory that we'll get rid of once the handshake is
* complete.
*/
void disposable_new(SSL *ssl)
{
if (ssl->dc == NULL)
{
ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
MD5_Init(&ssl->dc->md5_ctx);
SHA1_Init(&ssl->dc->sha1_ctx);
}
}
/**
* Remove the temporary blob of memory.
*/
void disposable_free(SSL *ssl)
{
if (ssl->dc)
{
free(ssl->dc->key_block);
memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
free(ssl->dc);
ssl->dc = NULL;
}
}
#ifndef CONFIG_SSL_SKELETON_MODE /* no session resumption in this mode */
/**
* Find if an existing session has the same session id. If so, use the
@ -1566,9 +1564,8 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
if (memcmp(ssl_sessions[i]->session_id, session_id,
SSL_SESSION_ID_SIZE) == 0)
{
ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
ssl->session_index = i;
memcpy(ssl->master_secret,
memcpy(ssl->dc->master_secret,
ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
SET_SSL_FLAG(SSL_SESSION_RESUME);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@ -1730,7 +1727,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
{
int ret = SSL_OK;
uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index];
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int pkt_size = ssl->bm_index;
int cert_size, offset = 5;
int total_cert_size = (buf[offset]<<8) + buf[offset+1];
@ -1766,7 +1763,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
ssl->bm_proc_index += offset;
ssl->dc->bm_proc_index += offset;
error:
return ret;
}