Merge changes for leaner memory footprint

2014-07-04 15:02:19 +02:00 · 2014-07-04 15:02:19 +02:00 · 8fb99abaac
commit 8fb99abaac
parent b9e08b086b ac7dd33de1
11 changed files with 137 additions and 36 deletions
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@ -57,6 +57,9 @@
 */
 static const int ciphersuite_preference[] =
 {
+#if defined(SSL_CIPHERSUITES)
+    SSL_CIPHERSUITES,
+#else
    /* All AES-256 ephemeral suites */
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@ -257,13 +260,10 @@ static const int ciphersuite_preference[] =
    TLS_PSK_WITH_NULL_SHA256,
    TLS_PSK_WITH_NULL_SHA,

+#endif
    0
 };

-#define MAX_CIPHERSUITES    176
-static int supported_ciphersuites[MAX_CIPHERSUITES];
-static int supported_init = 0;
-
 static const ssl_ciphersuite_t ciphersuite_definitions[] =
 {
 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@ -1679,6 +1679,17 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
    { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
 };

+#if defined(SSL_CIPHERSUITES)
+const int *ssl_list_ciphersuites( void )
+{
+    return( ciphersuite_preference );
+}
+#else
+#define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
+                            sizeof( ciphersuite_definitions[0]  )
+static int supported_ciphersuites[MAX_CIPHERSUITES];
+static int supported_init = 0;
+
 const int *ssl_list_ciphersuites( void )
 {
    /*
@ -1687,21 +1698,21 @@ const int *ssl_list_ciphersuites( void )
     */
    if( supported_init == 0 )
    {
-        const int *p = ciphersuite_preference;
-        int *q = supported_ciphersuites;
-        size_t i;
-        size_t max = sizeof(supported_ciphersuites) / sizeof(int);
+        const int *p;
+        int *q;

-        for( i = 0; i < max - 1 && p[i] != 0; i++ )
+        for( p = ciphersuite_preference, q = supported_ciphersuites;
+             *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
+             p++ )
        {
 #if defined(POLARSSL_REMOVE_ARC4_CIPHERSUITES)
            const ssl_ciphersuite_t *cs_info;
-            if( ( cs_info = ssl_ciphersuite_from_id( p[i] ) ) != NULL &&
+            if( ( cs_info = ssl_ciphersuite_from_id( *p ) ) != NULL &&
                cs_info->cipher != POLARSSL_CIPHER_ARC4_128 )
 #else
-            if( ssl_ciphersuite_from_id( p[i] ) != NULL )
+            if( ssl_ciphersuite_from_id( *p ) != NULL )
 #endif
-                *(q++) = p[i];
+                *(q++) = *p;
        }
        *q = 0;

@ -1710,6 +1721,7 @@ const int *ssl_list_ciphersuites( void )

    return( supported_ciphersuites );
 };
+#endif /* SSL_CIPHERSUITES */

 const ssl_ciphersuite_t *ssl_ciphersuite_from_string(
                                                const char *ciphersuite_name )
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3747,12 +3747,7 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
    if( psk == NULL || psk_identity == NULL )
        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

-    /*
-     * The length will be check later anyway, but in case it is obviously
-     * too large, better abort now. The PMS is as follows:
-     * other_len (2 bytes) + other + psk_len (2 bytes) + psk
-     */
-    if( psk_len + 4 > POLARSSL_PREMASTER_SIZE )
+    if( psk_len > POLARSSL_PSK_MAX_LEN )
        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

    if( ssl->psk != NULL )