keys: refactoring DeriveKeys to reduce stack usage:
--- variable shaOutput moved to the heap (20 bytes saved) --- variable md5Input moved to the heap (68 bytes saved) --- variable shaInput moved to the heap (119 bytes saved) --- variable keyData moved to the heap (112 bytes saved) --- variable md5 moved to the heap (sizeof(Md5) saved) --- variable sha moved to the heap (sizeof(Sha) saved)
This commit is contained in:
parent
32847ee78e
commit
39c167710f
117
src/keys.c
117
src/keys.c
@ -2234,51 +2234,98 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
|
|||||||
#ifndef NO_OLD_TLS
|
#ifndef NO_OLD_TLS
|
||||||
int DeriveKeys(CYASSL* ssl)
|
int DeriveKeys(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
int length = 2 * ssl->specs.hash_size +
|
int length = 2 * ssl->specs.hash_size +
|
||||||
2 * ssl->specs.key_size +
|
2 * ssl->specs.key_size +
|
||||||
2 * ssl->specs.iv_size;
|
2 * ssl->specs.iv_size;
|
||||||
int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
|
int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
|
word32 md5InputSz = SECRET_LEN + SHA_DIGEST_SIZE;
|
||||||
|
word32 shaInputSz = KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN;
|
||||||
|
word32 keyDataSz = KEY_PREFIX * MD5_DIGEST_SIZE; /* max size */
|
||||||
|
|
||||||
|
#ifdef CYASSL_SMALL_STACK
|
||||||
|
byte* shaOutput;
|
||||||
|
byte* md5Input;
|
||||||
|
byte* shaInput;
|
||||||
|
byte* keyData;
|
||||||
|
Md5* md5;
|
||||||
|
Sha* sha;
|
||||||
|
#else
|
||||||
|
byte shaOutput[SHA_DIGEST_SIZE];
|
||||||
|
byte md5Input[md5InputSz];
|
||||||
|
byte shaInput[shaInputSz];
|
||||||
|
byte keyData[keyDataSz];
|
||||||
|
Md5 md5[1];
|
||||||
|
Sha sha[1];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef CYASSL_SMALL_STACK
|
||||||
|
shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
|
||||||
|
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
md5Input = (byte*)XMALLOC(md5InputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
shaInput = (byte*)XMALLOC(shaInputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
keyData = (byte*)XMALLOC(keyDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
|
if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
|
||||||
|
keyData == NULL || md5 == NULL || sha == NULL) {
|
||||||
|
if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
byte shaOutput[SHA_DIGEST_SIZE];
|
InitMd5(md5);
|
||||||
byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
|
|
||||||
byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
|
|
||||||
|
|
||||||
Md5 md5;
|
|
||||||
Sha sha;
|
|
||||||
|
|
||||||
byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */
|
ret = InitSha(sha);
|
||||||
|
|
||||||
InitMd5(&md5);
|
if (ret == 0) {
|
||||||
ret = InitSha(&sha);
|
XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
|
||||||
if (ret != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
|
for (i = 0; i < rounds; ++i) {
|
||||||
|
int j = i + 1;
|
||||||
|
int idx = j;
|
||||||
|
|
||||||
for (i = 0; i < rounds; ++i) {
|
if (!SetPrefix(shaInput, i)) {
|
||||||
int j = i + 1;
|
ret = PREFIX_ERROR;
|
||||||
int idx = j;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (!SetPrefix(shaInput, i)) {
|
XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
|
||||||
return PREFIX_ERROR;
|
idx += SECRET_LEN;
|
||||||
|
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
|
||||||
|
idx += RAN_LEN;
|
||||||
|
XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
|
||||||
|
|
||||||
|
ShaUpdate(sha, shaInput, shaInputSz - KEY_PREFIX + j);
|
||||||
|
ShaFinal(sha, shaOutput);
|
||||||
|
|
||||||
|
XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
|
||||||
|
Md5Update(md5, md5Input, md5InputSz);
|
||||||
|
Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
|
if (ret == 0)
|
||||||
idx += SECRET_LEN;
|
ret = StoreKeys(ssl, keyData);
|
||||||
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
|
|
||||||
idx += RAN_LEN;
|
|
||||||
XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
|
|
||||||
|
|
||||||
ShaUpdate(&sha, shaInput, (word32)sizeof(shaInput) - KEY_PREFIX + j);
|
|
||||||
ShaFinal(&sha, shaOutput);
|
|
||||||
|
|
||||||
XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE);
|
|
||||||
Md5Update(&md5, md5Input, sizeof(md5Input));
|
|
||||||
Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return StoreKeys(ssl, keyData);
|
#ifdef CYASSL_SMALL_STACK
|
||||||
|
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user