diff --git a/src/io.c b/src/io.c index 5446db36c..74edb72e1 100644 --- a/src/io.c +++ b/src/io.c @@ -477,7 +477,6 @@ int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx) int sd = ssl->wfd; struct sockaddr_storage peer; XSOCKLENT peerSz = sizeof(peer); - Sha sha; byte digest[SHA_DIGEST_SIZE]; int ret = 0; @@ -488,12 +487,10 @@ int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx) CYASSL_MSG("getpeername failed in EmbedGenerateCookie"); return GEN_COOKIE_E; } - - ret = InitSha(&sha); + + ret = ShaHash((byte*)&peer, peerSz, digest); if (ret != 0) return ret; - ShaUpdate(&sha, (byte*)&peer, peerSz); - ShaFinal(&sha, digest); if (sz > SHA_DIGEST_SIZE) sz = SHA_DIGEST_SIZE; @@ -841,68 +838,81 @@ static int process_http_response(int sfd, byte** respBuf, int EmbedOcspLookup(void* ctx, const char* url, int urlSz, byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) { - char domainName[80], path[80]; - int httpBufSz; SOCKET_T sfd = 0; - word16 port; - int ocspRespSz = 0; - byte* httpBuf = NULL; + word16 port; + int ret = -1; +#ifdef CYASSL_SMALL_STACK + char* path; + char* domainName; +#else + char path[80]; + char domainName[80]; +#endif + +#ifdef CYASSL_SMALL_STACK + path = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (path == NULL) + return -1; + + domainName = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (domainName == NULL) { + XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return -1; + } +#endif (void)ctx; if (ocspReqBuf == NULL || ocspReqSz == 0) { CYASSL_MSG("OCSP request is required for lookup"); - return -1; } - - if (ocspRespBuf == NULL) { + else if (ocspRespBuf == NULL) { CYASSL_MSG("Cannot save OCSP response"); - return -1; } - - if (decode_url(url, urlSz, domainName, path, &port) < 0) { + else if (decode_url(url, urlSz, domainName, path, &port) < 0) { CYASSL_MSG("Unable to decode OCSP URL"); - return -1; } - - /* Note, the library uses the EmbedOcspRespFree() callback to - * free this buffer. */ - httpBufSz = SCRATCH_BUFFER_SIZE; - httpBuf = (byte*)XMALLOC(httpBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER); + else { + /* Note, the library uses the EmbedOcspRespFree() callback to + * free this buffer. */ + int httpBufSz = SCRATCH_BUFFER_SIZE; + byte* httpBuf = (byte*)XMALLOC(httpBufSz, NULL, + DYNAMIC_TYPE_IN_BUFFER); - if (httpBuf == NULL) { - CYASSL_MSG("Unable to create OCSP response buffer"); - return -1; - } + if (httpBuf == NULL) { + CYASSL_MSG("Unable to create OCSP response buffer"); + } + else { + httpBufSz = build_http_request(domainName, path, ocspReqSz, + httpBuf, httpBufSz); - httpBufSz = build_http_request(domainName, path, ocspReqSz, - httpBuf, httpBufSz); - - if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) { - int written; - written = (int)send(sfd, (char*)httpBuf, httpBufSz, 0); - if (written == httpBufSz) { - written = (int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0); - if (written == ocspReqSz) { - ocspRespSz = process_http_response(sfd, ocspRespBuf, - httpBuf, SCRATCH_BUFFER_SIZE); + if ((tcp_connect(&sfd, domainName, port) != 0) || (sfd <= 0)) { + CYASSL_MSG("OCSP Responder connection failed"); } - } - close(sfd); - if (ocspRespSz == 0) { - CYASSL_MSG("OCSP response was not OK, no OCSP response"); + else if ((int)send(sfd, (char*)httpBuf, httpBufSz, 0) != + httpBufSz) { + CYASSL_MSG("OCSP http request failed"); + } + else if ((int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) != + ocspReqSz) { + CYASSL_MSG("OCSP ocsp request failed"); + } + else { + ret = process_http_response(sfd, ocspRespBuf, httpBuf, + SCRATCH_BUFFER_SIZE); + } + + close(sfd); XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); - return -1; } - } else { - CYASSL_MSG("OCSP Responder connection failed"); - close(sfd); - XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); - return -1; } - XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); - return ocspRespSz; +#ifdef CYASSL_SMALL_STACK + XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; }