feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

make peerRsaKey dynamic, free at end of handshake

Browse Source
This commit is contained in:
toddouska
2012-09-14 16:52:39 -07:00
parent cfd5a20e48
commit b160f8c486
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cyassl/internal.h
View File

@ -1250,7 +1250,7 @@ struct CYASSL {
Arrays* arrays; Arrays* arrays;
CYASSL_SESSION session; CYASSL_SESSION session;
VerifyCallback verifyCallback; /* cert verification callback */ VerifyCallback verifyCallback; /* cert verification callback */
RsaKey peerRsaKey; RsaKey* peerRsaKey;
byte peerRsaKeyPresent; byte peerRsaKeyPresent;
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
word16 peerNtruKeyLen; word16 peerNtruKeyLen;

35
src/internal.c
View File

@ -936,7 +936,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#ifdef CYASSL_SHA384 #ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384); InitSha384(&ssl->hashSha384);
#endif #endif
InitRsaKey(&ssl->peerRsaKey, ctx->heap); ssl->peerRsaKey = NULL;
ssl->verifyCallback = ctx->verifyCallback; ssl->verifyCallback = ctx->verifyCallback;
ssl->peerRsaKeyPresent = 0; ssl->peerRsaKeyPresent = 0;
@ -1057,6 +1057,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ctx->refCount++; ctx->refCount++;
UnLockMutex(&ctx->countMutex); UnLockMutex(&ctx->countMutex);
/* arrays */
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap, ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
DYNAMIC_TYPE_ARRAYS); DYNAMIC_TYPE_ARRAYS);
if (ssl->arrays == NULL) { if (ssl->arrays == NULL) {
@ -1078,6 +1079,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->arrays->cookieSz = 0; ssl->arrays->cookieSz = 0;
#endif #endif
/* RNG */
ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
if (ssl->rng == NULL) { if (ssl->rng == NULL) {
CYASSL_MSG("RNG Memory error"); CYASSL_MSG("RNG Memory error");
@ -1087,6 +1089,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
if ( (ret = InitRng(ssl->rng)) != 0) if ( (ret = InitRng(ssl->rng)) != 0)
return ret; return ret;
/* suites */
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
DYNAMIC_TYPE_SUITES); DYNAMIC_TYPE_SUITES);
if (ssl->suites == NULL) { if (ssl->suites == NULL) {
@ -1095,6 +1098,15 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
} }
*ssl->suites = ctx->suites; *ssl->suites = ctx->suites;
/* peer key */
ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap,
DYNAMIC_TYPE_RSA);
if (ssl->peerRsaKey == NULL) {
CYASSL_MSG("PeerRsaKey Memory error");
return MEMORY_E;
}
InitRsaKey(ssl->peerRsaKey, ctx->heap);
/* make sure server has cert and key unless using PSK */ /* make sure server has cert and key unless using PSK */
if (ssl->options.side == SERVER_END && !havePSK) if (ssl->options.side == SERVER_END && !havePSK)
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
@ -1150,7 +1162,10 @@ void SSL_ResourceFree(CYASSL* ssl)
if (ssl->buffers.weOwnKey) if (ssl->buffers.weOwnKey)
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
FreeRsaKey(&ssl->peerRsaKey); if (ssl->peerRsaKey) {
FreeRsaKey(ssl->peerRsaKey);
XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
}
if (ssl->buffers.inputBuffer.dynamicFlag) if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, FORCED_FREE); ShrinkInputBuffer(ssl, FORCED_FREE);
if (ssl->buffers.outputBuffer.dynamicFlag) if (ssl->buffers.outputBuffer.dynamicFlag)
@ -1199,6 +1214,14 @@ void FreeHandshakeResources(CYASSL* ssl)
/* arrays */ /* arrays */
if (ssl->options.saveArrays) if (ssl->options.saveArrays)
FreeArrays(ssl, 1); FreeArrays(ssl, 1);
/* peerRsaKey */
if (ssl->peerRsaKey) {
FreeRsaKey(ssl->peerRsaKey);
XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
ssl->peerRsaKey = NULL;
}
} }
@ -2077,7 +2100,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
if (dCert.keyOID == RSAk) { if (dCert.keyOID == RSAk) {
word32 idx = 0; word32 idx = 0;
if (RsaPublicKeyDecode(dCert.publicKey, &idx, if (RsaPublicKeyDecode(dCert.publicKey, &idx,
&ssl->peerRsaKey, dCert.pubKeySize) != 0) { ssl->peerRsaKey, dCert.pubKeySize) != 0) {
ret = PEER_KEY_ERROR; ret = PEER_KEY_ERROR;
} }
else else
@ -5172,7 +5195,7 @@ int SetCipherList(Suites* s, const char* list)
if (!ssl->peerRsaKeyPresent) if (!ssl->peerRsaKeyPresent)
return NO_PEER_KEY; return NO_PEER_KEY;
ret = RsaSSL_VerifyInline(signature, sigLen,&out, &ssl->peerRsaKey); ret = RsaSSL_VerifyInline(signature, sigLen,&out, ssl->peerRsaKey);
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
@ -5242,7 +5265,7 @@ int SetCipherList(Suites* s, const char* list)
return NO_PEER_KEY; return NO_PEER_KEY;
ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret, SECRET_LEN, ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret, SECRET_LEN,
encSecret, sizeof(encSecret), &ssl->peerRsaKey, encSecret, sizeof(encSecret), ssl->peerRsaKey,
ssl->rng); ssl->rng);
if (ret > 0) { if (ret > 0) {
encSz = ret; encSz = ret;
@ -6901,7 +6924,7 @@ int SetCipherList(Suites* s, const char* list)
if (ssl->peerRsaKeyPresent != 0) { if (ssl->peerRsaKeyPresent != 0) {
CYASSL_MSG("Doing RSA peer cert verify"); CYASSL_MSG("Doing RSA peer cert verify");
outLen = RsaSSL_VerifyInline(sig, sz, &out, &ssl->peerRsaKey); outLen = RsaSSL_VerifyInline(sig, sz, &out, ssl->peerRsaKey);
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];