arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-09 03:41:41 +03:00
Code

some more memory tweaks

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@135 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-10-04 11:25:28 +00:00
parent 6afb2ce28b
commit fa0bf09b86
5 changed files with 88 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/test/ssltest.c
View File

@ -1470,9 +1470,8 @@ static void do_basic(void)
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0); ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
/* check the return status */ /* check the return status */
if (ssl_handshake_status(ssl_clnt)) if (ssl_handshake_status(ssl_clnt) < 0)
{ {
printf("Client ");
ssl_display_error(ssl_handshake_status(ssl_clnt)); ssl_display_error(ssl_handshake_status(ssl_clnt));
goto error; goto error;
} }
@ -1722,7 +1721,7 @@ error:
**************************************************************************/ **************************************************************************/
static void do_header_issue(void) static void do_header_issue(void)
{ {
uint8_t axtls_buf[2048]; char axtls_buf[2048];
#ifndef WIN32 #ifndef WIN32
pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
#endif #endif

123
ssl/tls1.c
View File

@ -269,13 +269,9 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
SSL_CTX_UNLOCK(ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl_ctx->mutex);
/* may already be free - but be sure */ /* may already be free - but be sure */
free(ssl->final_finish_mac);
free(ssl->key_block);
free(ssl->encrypt_ctx); free(ssl->encrypt_ctx);
free(ssl->decrypt_ctx); free(ssl->decrypt_ctx);
free(ssl->master_secret); disposable_free(ssl);
free(ssl->md5_ctx);
free(ssl->sha1_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
x509_free(ssl->x509_ctx); x509_free(ssl->x509_ctx);
#endif #endif
@ -499,6 +495,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
{ {
int ret = SSL_OK; int ret = SSL_OK;
disposable_new(ssl);
#ifdef CONFIG_SSL_ENABLE_CLIENT #ifdef CONFIG_SSL_ENABLE_CLIENT
if (IS_SET_SSL_FLAG(SSL_IS_CLIENT)) if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
{ {
@ -547,17 +544,12 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
ssl->need_bytes = SSL_RECORD_SIZE; /* need a record */ ssl->need_bytes = SSL_RECORD_SIZE; /* need a record */
ssl->client_fd = client_fd; ssl->client_fd = client_fd;
ssl->flag = SSL_NEED_RECORD; ssl->flag = SSL_NEED_RECORD;
ssl->certs = ssl_ctx->certs;
ssl->chain_length = ssl_ctx->chain_length;
ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */ ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
ssl->hs_status = SSL_NOT_OK; /* not connected */ ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_ENABLE_VERIFICATION #ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx; ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
#endif #endif
ssl->md5_ctx = (MD5_CTX *)malloc(sizeof(MD5_CTX)); disposable_new(ssl);
ssl->sha1_ctx = (SHA1_CTX *)malloc(sizeof(SHA1_CTX));
MD5_Init(ssl->md5_ctx);
SHA1_Init(ssl->sha1_ctx);
/* a bit hacky but saves a few bytes of memory */ /* a bit hacky but saves a few bytes of memory */
ssl->flag |= ssl_ctx->options; ssl->flag |= ssl_ctx->options;
@ -718,8 +710,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
*/ */
void add_packet(SSL *ssl, const uint8_t *pkt, int len) void add_packet(SSL *ssl, const uint8_t *pkt, int len)
{ {
MD5_Update(ssl->md5_ctx, pkt, len); MD5_Update(&ssl->dc->md5_ctx, pkt, len);
SHA1_Update(ssl->sha1_ctx, pkt, len); SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
} }
/** /**
@ -809,10 +801,9 @@ void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
{ {
uint8_t buf[128]; /* needs to be > 13+32+32 in size */ uint8_t buf[128]; /* needs to be > 13+32+32 in size */
strcpy((char *)buf, "master secret"); strcpy((char *)buf, "master secret");
memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE); memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE); memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE); prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
SSL_SECRET_SIZE); SSL_SECRET_SIZE);
} }
@ -837,8 +828,8 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
{ {
uint8_t mac_buf[128]; uint8_t mac_buf[128];
uint8_t *q = mac_buf; uint8_t *q = mac_buf;
MD5_CTX md5_ctx = *ssl->md5_ctx; MD5_CTX md5_ctx = ssl->dc->md5_ctx;
SHA1_CTX sha1_ctx = *ssl->sha1_ctx; SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
if (label) if (label)
{ {
@ -854,7 +845,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
if (label) if (label)
{ {
prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf), prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
digest, SSL_FINISHED_HASH_SIZE); digest, SSL_FINISHED_HASH_SIZE);
} }
else /* for use in a certificate verify */ else /* for use in a certificate verify */
@ -864,7 +855,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
#if 0 #if 0
printf("label: %s\n", label); printf("label: %s\n", label);
print_blob("master secret", ssl->master_secret, 48); print_blob("master secret", ssl->dc->master_secret, 48);
print_blob("mac_buf", mac_buf, q-mac_buf); print_blob("mac_buf", mac_buf, q-mac_buf);
print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE); print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
#endif #endif
@ -1071,27 +1062,26 @@ static void set_key_block(SSL *ssl, int is_write)
uint8_t client_key[32], server_key[32]; /* big enough for AES256 */ uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
uint8_t client_iv[16], server_iv[16]; /* big enough for AES128/256 */ uint8_t client_iv[16], server_iv[16]; /* big enough for AES128/256 */
int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT); int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
int key_block_existed = 1;
/* only do once in a handshake */ /* only do once in a handshake */
if (ssl->key_block == NULL) if (ssl->dc->key_block == NULL)
{ {
ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size); ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
#if 0 #if 0
print_blob("client", ssl->client_random, 32); print_blob("client", ssl->dc->client_random, 32);
print_blob("server", ssl->server_random, 32); print_blob("server", ssl->dc->server_random, 32);
print_blob("master", ssl->master_secret, SSL_SECRET_SIZE); print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
#endif #endif
generate_key_block(ssl->client_random, ssl->server_random, generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
ssl->master_secret, ssl->key_block, ciph_info->key_block_size); ssl->dc->master_secret, ssl->dc->key_block,
ciph_info->key_block_size);
#if 0 #if 0
print_blob("keyblock", ssl->key_block, ciph_info->key_block_size); print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
#endif #endif
key_block_existed = 0;
} }
q = ssl->key_block; q = ssl->dc->key_block;
if ((is_client && is_write) || (!is_client && !is_write)) if ((is_client && is_write) || (!is_client && !is_write))
{ {
@ -1123,15 +1113,10 @@ static void set_key_block(SSL *ssl, int is_write)
free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx); free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
if (ssl->final_finish_mac == NULL)
{
ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
}
/* now initialise the ciphers */ /* now initialise the ciphers */
if (is_client) if (is_client)
{ {
finished_digest(ssl, server_finished, ssl->final_finish_mac); finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
if (is_write) if (is_write)
ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0); ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
@ -1140,7 +1125,7 @@ static void set_key_block(SSL *ssl, int is_write)
} }
else else
{ {
finished_digest(ssl, client_finished, ssl->final_finish_mac); finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
if (is_write) if (is_write)
ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0); ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
@ -1149,14 +1134,6 @@ static void set_key_block(SSL *ssl, int is_write)
} }
ssl->cipher_info = ciph_info; ssl->cipher_info = ciph_info;
/* clean up if possible */
if (key_block_existed)
{
memset(ssl->key_block, 0, ciph_info->key_block_size);
free(ssl->key_block);
ssl->key_block = NULL;
}
} }
/** /**
@ -1249,7 +1226,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
switch (ssl->record_type) switch (ssl->record_type)
{ {
case PT_HANDSHAKE_PROTOCOL: case PT_HANDSHAKE_PROTOCOL:
ssl->bm_proc_index = 0; ssl->dc->bm_proc_index = 0;
ret = do_handshake(ssl, buf, read_len); ret = do_handshake(ssl, buf, read_len);
break; break;
@ -1379,7 +1356,7 @@ int send_finished(SSL *ssl)
if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions) if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
{ {
memcpy(ssl->session->master_secret, memcpy(ssl->session->master_secret,
ssl->master_secret, SSL_SECRET_SIZE); ssl->dc->master_secret, SSL_SECRET_SIZE);
} }
#endif #endif
@ -1470,7 +1447,7 @@ int process_finished(SSL *ssl, int hs_len)
PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4); PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
/* check that we all work before we continue */ /* check that we all work before we continue */
if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE)) if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
return SSL_ERROR_FINISHED_INVALID; return SSL_ERROR_FINISHED_INVALID;
if ((!is_client && !resume) || (is_client && resume)) if ((!is_client && !resume) || (is_client && resume))
@ -1479,14 +1456,6 @@ int process_finished(SSL *ssl, int hs_len)
ret = send_finished(ssl); ret = send_finished(ssl);
} }
memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
free(ssl->master_secret);
ssl->master_secret = NULL;
memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
free(ssl->final_finish_mac);
ssl->final_finish_mac = NULL;
/* if we ever renegotiate */ /* if we ever renegotiate */
ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO; ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;
ssl->hs_status = ret; /* set the final handshake status */ ssl->hs_status = ret; /* set the final handshake status */
@ -1509,9 +1478,9 @@ int send_certificate(SSL *ssl)
buf[1] = 0; buf[1] = 0;
buf[4] = 0; buf[4] = 0;
while (i < ssl->chain_length) while (i < ssl->ssl_ctx->chain_length)
{ {
SSL_CERT *cert = &ssl->certs[i]; SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
buf[offset++] = 0; buf[offset++] = 0;
buf[offset++] = cert->size >> 8; /* cert 1 length */ buf[offset++] = cert->size >> 8; /* cert 1 length */
buf[offset++] = cert->size & 0xff; buf[offset++] = cert->size & 0xff;
@ -1530,6 +1499,35 @@ int send_certificate(SSL *ssl)
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
} }
/**
* Create a blob of memory that we'll get rid of once the handshake is
* complete.
*/
void disposable_new(SSL *ssl)
{
if (ssl->dc == NULL)
{
ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
MD5_Init(&ssl->dc->md5_ctx);
SHA1_Init(&ssl->dc->sha1_ctx);
}
}
/**
* Remove the temporary blob of memory.
*/
void disposable_free(SSL *ssl)
{
if (ssl->dc)
{
free(ssl->dc->key_block);
memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
free(ssl->dc);
ssl->dc = NULL;
}
}
#ifndef CONFIG_SSL_SKELETON_MODE /* no session resumption in this mode */ #ifndef CONFIG_SSL_SKELETON_MODE /* no session resumption in this mode */
/** /**
* Find if an existing session has the same session id. If so, use the * Find if an existing session has the same session id. If so, use the
@ -1566,9 +1564,8 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
if (memcmp(ssl_sessions[i]->session_id, session_id, if (memcmp(ssl_sessions[i]->session_id, session_id,
SSL_SESSION_ID_SIZE) == 0) SSL_SESSION_ID_SIZE) == 0)
{ {
ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
ssl->session_index = i; ssl->session_index = i;
memcpy(ssl->master_secret, memcpy(ssl->dc->master_secret,
ssl_sessions[i]->master_secret, SSL_SECRET_SIZE); ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
SET_SSL_FLAG(SSL_SESSION_RESUME); SET_SSL_FLAG(SSL_SESSION_RESUME);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@ -1730,7 +1727,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
int process_certificate(SSL *ssl, X509_CTX **x509_ctx) int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
{ {
int ret = SSL_OK; int ret = SSL_OK;
uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index]; uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int pkt_size = ssl->bm_index; int pkt_size = ssl->bm_index;
int cert_size, offset = 5; int cert_size, offset = 5;
int total_cert_size = (buf[offset]<<8) + buf[offset+1]; int total_cert_size = (buf[offset]<<8) + buf[offset+1];
@ -1766,7 +1763,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
DISPLAY_CERT(ssl, "process_certificate", *x509_ctx); DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG; ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
ssl->bm_proc_index += offset; ssl->dc->bm_proc_index += offset;
error: error:
return ret; return ret;
} }

27
ssl/tls1.h
View File

@ -150,35 +150,39 @@ typedef struct
int size; int size;
} SSL_CERT; } SSL_CERT;
typedef struct
{
MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
uint8_t *key_block;
uint8_t master_secret[SSL_SECRET_SIZE];
uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
uint16_t bm_proc_index;
} DISPOSABLE_CTX;
struct _SSL struct _SSL
{ {
uint32_t flag; uint32_t flag;
uint16_t need_bytes; uint16_t need_bytes;
uint16_t got_bytes; uint16_t got_bytes;
uint8_t record_type; uint8_t record_type;
uint8_t chain_length;
uint8_t cipher; uint8_t cipher;
uint8_t sess_id_size; uint8_t sess_id_size;
int16_t next_state; int16_t next_state;
int16_t hs_status; int16_t hs_status;
uint8_t *all_pkts; DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
int all_pkts_len;
MD5_CTX *md5_ctx;
SHA1_CTX *sha1_ctx;
int client_fd; int client_fd;
const cipher_info_t *cipher_info; const cipher_info_t *cipher_info;
uint8_t *final_finish_mac;
uint8_t *key_block;
void *encrypt_ctx; void *encrypt_ctx;
void *decrypt_ctx; void *decrypt_ctx;
uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA]; uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
uint8_t *bm_data; uint8_t *bm_data;
uint16_t bm_index; uint16_t bm_index;
uint16_t bm_read_index; uint16_t bm_read_index;
uint16_t bm_proc_index;
struct _SSL *next; /* doubly linked list */ struct _SSL *next; /* doubly linked list */
struct _SSL *prev; struct _SSL *prev;
SSL_CERT *certs;
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
#ifndef CONFIG_SSL_SKELETON_MODE #ifndef CONFIG_SSL_SKELETON_MODE
uint16_t session_index; uint16_t session_index;
@ -191,9 +195,6 @@ struct _SSL
uint8_t session_id[SSL_SESSION_ID_SIZE]; uint8_t session_id[SSL_SESSION_ID_SIZE];
uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */ uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
uint8_t *master_secret;
uint8_t read_sequence[8]; /* 64 bit sequence number */ uint8_t read_sequence[8]; /* 64 bit sequence number */
uint8_t write_sequence[8]; /* 64 bit sequence number */ uint8_t write_sequence[8]; /* 64 bit sequence number */
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
@ -232,6 +233,8 @@ typedef struct _SSL_CTX SSLCTX;
extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
void disposable_new(SSL *ssl);
void disposable_free(SSL *ssl);
int send_packet(SSL *ssl, uint8_t protocol, int send_packet(SSL *ssl, uint8_t protocol,
const uint8_t *in, int length); const uint8_t *in, int length);
int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);

16
ssl/tls1_clnt.c
View File

@ -110,13 +110,11 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
case HS_FINISHED: case HS_FINISHED:
ret = process_finished(ssl, hs_len); ret = process_finished(ssl, hs_len);
free(ssl->md5_ctx); disposable_free(ssl); /* free up some memory */
free(ssl->sha1_ctx);
ssl->md5_ctx = NULL;
ssl->sha1_ctx = NULL;
break; break;
case HS_HELLO_REQUEST: case HS_HELLO_REQUEST:
disposable_new(ssl);
ret = do_client_connect(ssl); ret = do_client_connect(ssl);
break; break;
} }
@ -185,7 +183,7 @@ static int send_client_hello(SSL *ssl)
*tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8); *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
*tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff)); *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
get_random(SSL_RANDOM_SIZE-4, &buf[10]); get_random(SSL_RANDOM_SIZE-4, &buf[10]);
memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE); memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; offset = 6 + SSL_RANDOM_SIZE;
/* give session resumption a go */ /* give session resumption a go */
@ -236,7 +234,7 @@ static int process_server_hello(SSL *ssl)
return SSL_ERROR_INVALID_VERSION; return SSL_ERROR_INVALID_VERSION;
/* get the server random value */ /* get the server random value */
memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE); memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */ offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
sess_id_size = buf[offset++]; sess_id_size = buf[offset++];
@ -265,7 +263,7 @@ static int process_server_hello(SSL *ssl)
offset++; // skip the compr offset++; // skip the compr
PARANOIA_CHECK(pkt_size, offset); PARANOIA_CHECK(pkt_size, offset);
ssl->bm_proc_index = offset+1; ssl->dc->bm_proc_index = offset+1;
error: error:
return ret; return ret;
@ -317,7 +315,7 @@ static int send_client_key_xchg(SSL *ssl)
*/ */
static int process_cert_req(SSL *ssl) static int process_cert_req(SSL *ssl)
{ {
uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index]; uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int ret = SSL_OK; int ret = SSL_OK;
int offset = (buf[2] << 4) + buf[3]; int offset = (buf[2] << 4) + buf[3];
int pkt_size = ssl->bm_index; int pkt_size = ssl->bm_index;
@ -325,7 +323,7 @@ static int process_cert_req(SSL *ssl)
/* don't do any processing - we will send back an RSA certificate anyway */ /* don't do any processing - we will send back an RSA certificate anyway */
ssl->next_state = HS_SERVER_HELLO_DONE; ssl->next_state = HS_SERVER_HELLO_DONE;
SET_SSL_FLAG(SSL_HAS_CERT_REQ); SET_SSL_FLAG(SSL_HAS_CERT_REQ);
ssl->bm_proc_index += offset; ssl->dc->bm_proc_index += offset;
PARANOIA_CHECK(pkt_size, offset); PARANOIA_CHECK(pkt_size, offset);
error: error:
return ret; return ret;

11
ssl/tls1_svr.c
View File

@ -92,10 +92,7 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
case HS_FINISHED: case HS_FINISHED:
ret = process_finished(ssl, hs_len); ret = process_finished(ssl, hs_len);
free(ssl->md5_ctx); disposable_free(ssl); /* free up some memory */
free(ssl->sha1_ctx);
ssl->md5_ctx = NULL;
ssl->sha1_ctx = NULL;
break; break;
} }
@ -122,7 +119,7 @@ static int process_client_hello(SSL *ssl)
goto error; goto error;
} }
memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE); memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
/* process the session id */ /* process the session id */
id_len = buf[offset++]; id_len = buf[offset++];
@ -233,7 +230,7 @@ server_hello:
random_offset += 0x10; random_offset += 0x10;
} }
memcpy(&ssl->client_random[random_offset], &buf[offset], ch_len); memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
ret = send_server_hello_sequence(ssl); ret = send_server_hello_sequence(ssl);
error: error:
@ -303,7 +300,7 @@ static int send_server_hello(SSL *ssl)
/* server random value */ /* server random value */
get_random(SSL_RANDOM_SIZE, &buf[6]); get_random(SSL_RANDOM_SIZE, &buf[6]);
memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE); memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; offset = 6 + SSL_RANDOM_SIZE;
#ifndef CONFIG_SSL_SKELETON_MODE #ifndef CONFIG_SSL_SKELETON_MODE