From 42f14a96fb417f549fa87ab0ffdb55239894dfb0 Mon Sep 17 00:00:00 2001 From: David Girault Date: Tue, 16 Jan 2018 10:35:37 +0100 Subject: [PATCH] altcp_tls: avoid use of static in altcp_tls_config cert and pkey are allocated with the altcp_tls_config structure. Signed-off-by: goldsimon --- src/apps/altcp_tls/altcp_tls_mbedtls.c | 46 ++++++++++++++++++-------- 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/src/apps/altcp_tls/altcp_tls_mbedtls.c b/src/apps/altcp_tls/altcp_tls_mbedtls.c index 466be388..5e0f9ebf 100644 --- a/src/apps/altcp_tls/altcp_tls_mbedtls.c +++ b/src/apps/altcp_tls/altcp_tls_mbedtls.c @@ -680,12 +680,17 @@ dummy_rng(void *ctx, unsigned char *buffer, size_t len) static struct altcp_tls_config * altcp_tls_create_config(int is_server) { + size_t sz; int ret; struct altcp_tls_config *conf; altcp_mbedtls_mem_init(); - conf = (struct altcp_tls_config *)altcp_mbedtls_alloc_config(sizeof(struct altcp_tls_config)); + sz = sizeof(struct altcp_tls_config) + sizeof(mbedtls_x509_crt); + if (is_server) + sz += sizeof(mbedtls_pk_context); + + conf = (struct altcp_tls_config *)altcp_mbedtls_alloc_config(sz); if (conf == NULL) { return NULL; } @@ -735,35 +740,41 @@ altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_ const u8_t *cert, size_t cert_len) { int ret; - static mbedtls_x509_crt srvcert; - static mbedtls_pk_context pkey; + mbedtls_x509_crt *srvcert; + mbedtls_pk_context *pkey; struct altcp_tls_config *conf = altcp_tls_create_config(1); if (conf == NULL) { return NULL; } - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); + srvcert = (mbedtls_x509_crt *)(conf+1); + mbedtls_x509_crt_init(srvcert); + + pkey = (mbedtls_pk_context *)(srvcert+1); + mbedtls_pk_init(pkey); /* Load the certificates and private key */ - ret = mbedtls_x509_crt_parse(&srvcert, cert, cert_len); + ret = mbedtls_x509_crt_parse(srvcert, cert, cert_len); if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse failed: %d\n", ret)); altcp_mbedtls_free_config(conf); return NULL; } - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) privkey, privkey_len, privkey_pass, privkey_pass_len); + ret = mbedtls_pk_parse_key(pkey, (const unsigned char *) privkey, privkey_len, privkey_pass, privkey_pass_len); if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_pk_parse_public_key failed: %d\n", ret)); + mbedtls_x509_crt_free(srvcert); altcp_mbedtls_free_config(conf); return NULL; } - mbedtls_ssl_conf_ca_chain(&conf->conf, srvcert.next, NULL); - ret = mbedtls_ssl_conf_own_cert(&conf->conf, &srvcert, &pkey); + mbedtls_ssl_conf_ca_chain(&conf->conf, srvcert->next, NULL); + ret = mbedtls_ssl_conf_own_cert(&conf->conf, srvcert, pkey); if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_own_cert failed: %d\n", ret)); + mbedtls_x509_crt_free(srvcert); + mbedtls_pk_free(pkey); altcp_mbedtls_free_config(conf); return NULL; } @@ -774,29 +785,38 @@ struct altcp_tls_config * altcp_tls_create_config_client(const u8_t *cert, size_t cert_len) { int ret; - static mbedtls_x509_crt acc_cert; + mbedtls_x509_crt *acc_cert; struct altcp_tls_config *conf = altcp_tls_create_config(0); if (conf == NULL) { return NULL; } - mbedtls_x509_crt_init(&acc_cert); + /* Initialise certificates, allocated with conf */ + acc_cert = (mbedtls_x509_crt *)(conf+1); + mbedtls_x509_crt_init(acc_cert); /* Load the certificates */ - ret = mbedtls_x509_crt_parse(&acc_cert, cert, cert_len); + ret = mbedtls_x509_crt_parse(acc_cert, cert, cert_len); if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse failed: %d", ret)); altcp_mbedtls_free_config(conf); return NULL; } - mbedtls_ssl_conf_ca_chain(&conf->conf, &acc_cert, NULL); + mbedtls_ssl_conf_ca_chain(&conf->conf, acc_cert, NULL); return conf; } void altcp_tls_free_config(struct altcp_tls_config *conf) { + mbedtls_x509_crt *cert = (mbedtls_x509_crt *)(conf+1); + int endpoint = conf->conf.endpoint; + if (endpoint == MBEDTLS_SSL_IS_SERVER) { + mbedtls_pk_context *pkey = (mbedtls_pk_context *)(cert+1); + mbedtls_pk_free(pkey); + } + mbedtls_x509_crt_free(cert); altcp_mbedtls_free_config(conf); }