From 307c71d9cb364aadf9378865e1e760a3799e4a1a Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 27 Jun 2013 10:26:04 -0700 Subject: [PATCH] add CyaSSL_UnloadCertsKeys to free SSL certs and keys after handshake --- cyassl/ssl.h | 1 + src/ssl.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 8d9352447..ae4abfbf0 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -847,6 +847,7 @@ CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len, long, int); CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, const unsigned char*, long); + CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*); #endif CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*); diff --git a/src/ssl.c b/src/ssl.c index e3ebdd3a7..e06cd1649 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5071,6 +5071,36 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl, NULL, 1); } + + /* unload any certs or keys that SSL owns, leave CTX as is + SSL_SUCCESS on ok */ + int CyaSSL_UnloadCertsKeys(CYASSL* ssl) + { + if (ssl == NULL) { + CYASSL_MSG("Null function arg"); + return BAD_FUNC_ARG; + } + + if (ssl->buffers.weOwnCert) { + CYASSL_MSG("Unloading cert"); + XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT); + ssl->buffers.weOwnCert = 0; + ssl->buffers.certificate.length = 0; + ssl->buffers.certificate.buffer = NULL; + } + + if (ssl->buffers.weOwnKey) { + CYASSL_MSG("Unloading key"); + XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); + ssl->buffers.weOwnKey = 0; + ssl->buffers.key.length = 0; + ssl->buffers.key.buffer = NULL; + } + + return SSL_SUCCESS; + } + + int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx) { CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");