add CyaSSL_UnloadCertsKeys to free SSL certs and keys after handshake

2013-06-27 10:26:04 -07:00 · 2013-06-27 10:26:04 -07:00 · 307c71d9cb
commit 307c71d9cb
parent 773d0da1bc
2 changed files with 31 additions and 0 deletions
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@ -847,6 +847,7 @@ CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len,
                                               long, int);
    CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, 
                                               const unsigned char*, long);
+    CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*);
 #endif

 CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -5071,6 +5071,36 @@ int CyaSSL_set_compression(CYASSL* ssl)
                             ssl, NULL, 1);
    }

+
+    /* unload any certs or keys that SSL owns, leave CTX as is
+       SSL_SUCCESS on ok */
+    int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
+    {
+        if (ssl == NULL) {
+            CYASSL_MSG("Null function arg"); 
+            return BAD_FUNC_ARG;
+        }
+
+        if (ssl->buffers.weOwnCert) {
+            CYASSL_MSG("Unloading cert");
+            XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
+            ssl->buffers.weOwnCert = 0;
+            ssl->buffers.certificate.length = 0;
+            ssl->buffers.certificate.buffer = NULL;
+        }
+
+        if (ssl->buffers.weOwnKey) {
+            CYASSL_MSG("Unloading key");
+            XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
+            ssl->buffers.weOwnKey = 0;
+            ssl->buffers.key.length = 0;
+            ssl->buffers.key.buffer = NULL;
+        }
+
+        return SSL_SUCCESS;
+    }
+
+
    int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
    {
        CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");