ssl: refactoring ProcessBuffer to reduce stack usage:

--- variable info moved to the heap (sizeof(EncryptedInfo) saved)

ssl: refactoring CyaSSL_CertManagerVerifyBuffer to reduce stack usage:
--- variable info moved to the heap (sizeof(EncryptedInfo) saved)

ssl: refactoring CyaSSL_PemCertToDer to reduce stack usage:
--- variable info moved to the heap (sizeof(EncryptedInfo) saved)

ssl: refactoring CyaSSL_X509_load_certificate_file to reduce stack usage:
--- variable info moved to the heap (sizeof(EncryptedInfo) saved)

ssl: refactoring CyaSSL_cmp_peer_cert_to_file to reduce stack usage:
--- variable info moved to the heap (sizeof(EncryptedInfo) saved)
This commit is contained in:
Moisés Guimarães
2014-08-23 14:14:47 -03:00
parent 97548cc842
commit d264a8f890

293
src/ssl.c
View File

@ -1984,18 +1984,17 @@ int CyaSSL_Init(void)
long sz, int format, int type, CYASSL* ssl, long sz, int format, int type, CYASSL* ssl,
long* used, int userChain) long* used, int userChain)
{ {
EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */ buffer der; /* holds DER or RAW (for NTRU) */
int ret; int ret;
int dynamicType = 0; int dynamicType = 0;
int eccKey = 0; int eccKey = 0;
int rsaKey = 0; int rsaKey = 0;
void* heap = ctx ? ctx->heap : NULL; void* heap = ctx ? ctx->heap : NULL;
#ifdef CYASSL_SMALL_STACK
info.set = 0; EncryptedInfo* info;
info.ctx = ctx; #else
info.consumed = 0; EncryptedInfo info[1];
der.buffer = 0; #endif
(void)dynamicType; (void)dynamicType;
(void)rsaKey; (void)rsaKey;
@ -2017,23 +2016,40 @@ int CyaSSL_Init(void)
else else
dynamicType = DYNAMIC_TYPE_KEY; dynamicType = DYNAMIC_TYPE_KEY;
#ifdef CYASSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
return MEMORY_E;
#endif
info->set = 0;
info->ctx = ctx;
info->consumed = 0;
der.buffer = 0;
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey); ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
if (ret < 0) { if (ret < 0) {
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
if (used) if (used)
*used = info.consumed; *used = info->consumed;
/* we may have a user cert chain, try to consume */ /* we may have a user cert chain, try to consume */
if (userChain && type == CERT_TYPE && info.consumed < sz) { if (userChain && type == CERT_TYPE && info->consumed < sz) {
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
byte* chainBuffer = staticBuffer; byte* chainBuffer = staticBuffer;
byte* shrinked = NULL; /* shrinked to size chainBuffer byte* shrinked = NULL; /* shrinked to size chainBuffer
* or staticBuffer */ * or staticBuffer */
int dynamicBuffer = 0; int dynamicBuffer = 0;
word32 bufferSz = sizeof(staticBuffer); word32 bufferSz = sizeof(staticBuffer);
long consumed = info.consumed; long consumed = info->consumed;
word32 idx = 0; word32 idx = 0;
int gotOne = 0; int gotOne = 0;
@ -2044,6 +2060,9 @@ int CyaSSL_Init(void)
chainBuffer = (byte*)XMALLOC(bufferSz, heap, chainBuffer = (byte*)XMALLOC(bufferSz, heap,
DYNAMIC_TYPE_FILE); DYNAMIC_TYPE_FILE);
if (chainBuffer == NULL) { if (chainBuffer == NULL) {
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return MEMORY_E; return MEMORY_E;
} }
@ -2053,11 +2072,11 @@ int CyaSSL_Init(void)
CYASSL_MSG("Processing Cert Chain"); CYASSL_MSG("Processing Cert Chain");
while (consumed < sz) { while (consumed < sz) {
buffer part; buffer part;
info.consumed = 0; info->consumed = 0;
part.buffer = 0; part.buffer = 0;
ret = PemToDer(buff + consumed, sz - consumed, type, &part, ret = PemToDer(buff + consumed, sz - consumed, type, &part,
heap, &info, &eccKey); heap, info, &eccKey);
if (ret == 0) { if (ret == 0) {
gotOne = 1; gotOne = 1;
if ( (idx + part.length) > bufferSz) { if ( (idx + part.length) > bufferSz) {
@ -2069,9 +2088,9 @@ int CyaSSL_Init(void)
idx += CERT_HEADER_SZ; idx += CERT_HEADER_SZ;
XMEMCPY(&chainBuffer[idx], part.buffer,part.length); XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
idx += part.length; idx += part.length;
consumed += info.consumed; consumed += info->consumed;
if (used) if (used)
*used += info.consumed; *used += info->consumed;
} }
} }
@ -2086,6 +2105,9 @@ int CyaSSL_Init(void)
CYASSL_MSG(" Error in Cert in Chain"); CYASSL_MSG(" Error in Cert in Chain");
if (dynamicBuffer) if (dynamicBuffer)
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
@ -2114,9 +2136,14 @@ int CyaSSL_Init(void)
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
} }
} }
if (dynamicBuffer) if (dynamicBuffer)
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (shrinked == NULL) { if (shrinked == NULL) {
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return MEMORY_E; return MEMORY_E;
} }
@ -2124,13 +2151,19 @@ int CyaSSL_Init(void)
} }
else { /* ASN1 (DER) or RAW (NTRU) */ else { /* ASN1 (DER) or RAW (NTRU) */
der.buffer = (byte*) XMALLOC(sz, heap, dynamicType); der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
if (!der.buffer) return MEMORY_ERROR; if (!der.buffer) {
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_ERROR;
}
XMEMCPY(der.buffer, buff, sz); XMEMCPY(der.buffer, buff, sz);
der.length = (word32)sz; der.length = (word32)sz;
} }
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
if (info.set) { if (info->set) {
/* decrypt */ /* decrypt */
char password[80]; char password[80];
int passwordSz; int passwordSz;
@ -2139,77 +2172,80 @@ int CyaSSL_Init(void)
byte iv[AES_IV_SIZE]; byte iv[AES_IV_SIZE];
if (!ctx || !ctx->passwd_cb) { if (!ctx || !ctx->passwd_cb) {
XFREE(der.buffer, heap, dynamicType);
return NO_PASSWORD; return NO_PASSWORD;
} }
else {
/* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
XFREE(der.buffer, heap, dynamicType);
return ASN_INPUT_E;
}
passwordSz = ctx->passwd_cb(password, sizeof(password), 0, passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
ctx->userdata); ctx->userdata);
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
XFREE(der.buffer, heap, dynamicType);
return ret;
}
if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { /* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
!= 0) {
ret = ASN_INPUT_E;
}
else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
/* empty */
}
else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
Des enc; Des enc;
ret = Des_SetKey(&enc, key, info.iv, DES_DECRYPTION); ret = Des_SetKey(&enc, key, info->iv, DES_DECRYPTION);
if (ret != 0) if (ret == 0)
return ret; Des_CbcDecrypt(&enc, der.buffer, der.buffer,
der.length);
Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
} }
else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) { else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
Des3 enc; Des3 enc;
ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); ret = Des3_SetKey(&enc, key, info->iv, DES_DECRYPTION);
if (ret != 0) if (ret == 0)
return ret; ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer,
der.length);
ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
if (ret != 0)
return ret;
} }
else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
Aes enc; Aes enc;
ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info->iv,
AES_DECRYPTION); AES_DECRYPTION);
if (ret == 0) if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); ret = AesCbcDecrypt(&enc, der.buffer, der.buffer,
der.length);
} }
else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
Aes enc; Aes enc;
ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info->iv,
AES_DECRYPTION); AES_DECRYPTION);
if (ret == 0) if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); ret = AesCbcDecrypt(&enc, der.buffer, der.buffer,
der.length);
} }
else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
Aes enc; Aes enc;
ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info->iv,
AES_DECRYPTION); AES_DECRYPTION);
if (ret == 0) if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); ret = AesCbcDecrypt(&enc, der.buffer, der.buffer,
der.length);
} }
else { else {
XFREE(der.buffer, heap, dynamicType); ret = SSL_BAD_FILE;
return SSL_BAD_FILE; }
} }
if (ret != 0) { if (ret != 0) {
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (type == CA_TYPE) { if (type == CA_TYPE) {
if (ctx == NULL) { if (ctx == NULL) {
CYASSL_MSG("Need context for CA load"); CYASSL_MSG("Need context for CA load");
@ -2387,13 +2423,28 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
der.length = 0; der.length = 0;
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
EncryptedInfo info; #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info;
#else
EncryptedInfo info[1];
#endif
info.set = 0; #ifdef CYASSL_SMALL_STACK
info.ctx = NULL; info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
info.consumed = 0; DYNAMIC_TYPE_TMP_BUFFER);
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey); if (info == NULL)
return MEMORY_E;
#endif
info->set = 0;
info->ctx = NULL;
info->consumed = 0;
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
InitDecodedCert(&cert, der.buffer, der.length, cm->heap); InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
} }
else else
InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap); InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
@ -3124,15 +3175,22 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int ecc = 0; int ecc = 0;
long sz = 0; long sz = 0;
XFILE file = XFOPEN(fileName, "rb"); XFILE file = XFOPEN(fileName, "rb");
EncryptedInfo info;
buffer converted; buffer converted;
CYASSL_ENTER("CyaSSL_PemCertToDer"); CYASSL_ENTER("CyaSSL_PemCertToDer");
converted.buffer = 0; converted.buffer = 0;
if (file == XBADFILE) return SSL_BAD_FILE; if (file == XBADFILE)
return SSL_BAD_FILE;
XFSEEK(file, 0, XSEEK_END); XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file); sz = XFTELL(file);
if (sz < 0) {
XFCLOSE(file);
return SSL_BAD_FILE;
}
XREWIND(file); XREWIND(file);
if (sz > (long)sizeof(staticBuffer)) { if (sz > (long)sizeof(staticBuffer)) {
@ -3143,15 +3201,31 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
} }
dynamic = 1; dynamic = 1;
} }
else if (sz < 0) {
XFCLOSE(file);
return SSL_BAD_FILE;
}
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
ret = SSL_BAD_FILE; ret = SSL_BAD_FILE;
else {
#ifdef CYASSL_SMALL_STACK
EncryptedInfo* info;
#else
EncryptedInfo info[1];
#endif
#ifdef CYASSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
ret = MEMORY_E;
else else
ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc); #endif
{
ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info, &ecc);
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
}
if (ret == 0) { if (ret == 0) {
if (converted.length < (word32)derSz) { if (converted.length < (word32)derSz) {
@ -3165,6 +3239,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
if (dynamic) if (dynamic)
XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE); XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
XFCLOSE(file); XFCLOSE(file);
return ret; return ret;
@ -8238,7 +8313,9 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return NULL; return NULL;
file = XFOPEN(fname, "rb"); file = XFOPEN(fname, "rb");
if (file == XBADFILE) return NULL; if (file == XBADFILE)
return NULL;
XFSEEK(file, 0, XSEEK_END); XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file); sz = XFTELL(file);
XREWIND(file); XREWIND(file);
@ -8251,25 +8328,43 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
} }
dynamic = 1; dynamic = 1;
} }
if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) { if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) {
XFCLOSE(file); XFCLOSE(file);
if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return NULL; return NULL;
} }
XFCLOSE(file); XFCLOSE(file);
der.buffer = NULL; der.buffer = NULL;
der.length = 0; der.length = 0;
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
EncryptedInfo info;
int ecc = 0; int ecc = 0;
#ifdef CYASSL_SMALL_STACK
EncryptedInfo* info;
#else
EncryptedInfo info[1];
#endif
info.set = 0; #ifdef CYASSL_SMALL_STACK
info.ctx = NULL; info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
info.consumed = 0; DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, &info, &ecc) != 0) return NULL;
}
#endif
info->set = 0;
info->ctx = NULL;
info->consumed = 0;
if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0)
{ {
/* Only time this should fail, and leave `der` with a buffer /* Only time this should fail, and leave `der` with a buffer
is when the Base64 Decode fails. Release `der.buffer` in is when the Base64 Decode fails. Release `der.buffer` in
@ -8279,6 +8374,10 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
der.buffer = NULL; der.buffer = NULL;
} }
} }
#ifdef CYASSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
} }
else { else {
der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT); der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
@ -8287,7 +8386,9 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
der.length = (word32)sz; der.length = (word32)sz;
} }
} }
if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
/* At this point we want `der` to have the certificate in DER format */ /* At this point we want `der` to have the certificate in DER format */
/* ready to be decoded. */ /* ready to be decoded. */
@ -9649,31 +9750,48 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
byte staticBuffer[FILE_BUFFER_SIZE]; byte staticBuffer[FILE_BUFFER_SIZE];
byte* myBuffer = staticBuffer; byte* myBuffer = staticBuffer;
CYASSL_CTX* ctx = ssl->ctx; CYASSL_CTX* ctx = ssl->ctx;
EncryptedInfo info;
buffer fileDer; buffer fileDer;
int eccKey = 0; int eccKey = 0;
int dynamic = 0;
CYASSL_X509* peer_cert = &ssl->peerCert; CYASSL_X509* peer_cert = &ssl->peerCert;
#ifdef CYASSL_SMALL_STACK
info.set = 0; EncryptedInfo* info;
info.ctx = ctx; #else
info.consumed = 0; EncryptedInfo info[1];
fileDer.buffer = 0; #endif
file = XFOPEN(fname, "rb"); file = XFOPEN(fname, "rb");
if (file == XBADFILE) return SSL_BAD_FILE; if (file == XBADFILE)
return SSL_BAD_FILE;
XFSEEK(file, 0, XSEEK_END); XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file); sz = XFTELL(file);
XREWIND(file); XREWIND(file);
if (sz > (long)sizeof(staticBuffer)) { if (sz > (long)sizeof(staticBuffer)) {
CYASSL_MSG("Getting dynamic buffer"); CYASSL_MSG("Getting dynamic buffer");
myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
dynamic = 1;
} }
#ifdef CYASSL_SMALL_STACK
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL)
ret = MEMORY_E;
else
#endif
{
info->set = 0;
info->ctx = ctx;
info->consumed = 0;
fileDer.buffer = 0;
if ((myBuffer != NULL) && if ((myBuffer != NULL) &&
(sz > 0) && (sz > 0) &&
(XFREAD(myBuffer, sz, 1, file) > 0) && (XFREAD(myBuffer, sz, 1, file) > 0) &&
(PemToDer(myBuffer, sz, CERT_TYPE, (PemToDer(myBuffer, sz, CERT_TYPE,
&fileDer, ctx->heap, &info, &eccKey) == 0) && &fileDer, ctx->heap, info, &eccKey) == 0) &&
(fileDer.length != 0) && (fileDer.length != 0) &&
(fileDer.length == peer_cert->derCert.length) && (fileDer.length == peer_cert->derCert.length) &&
(XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer, (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
@ -9682,11 +9800,16 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
ret = 0; ret = 0;
} }
XFCLOSE(file); #ifdef CYASSL_SMALL_STACK
if (fileDer.buffer) XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT); XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
if (myBuffer && (myBuffer != staticBuffer)) if (dynamic)
XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
XFCLOSE(file);
} }
return ret; return ret;