mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 01:05:41 +00:00
Free peer's public key as soon as it's no longer needed
On constrained devices, this saves a significant amount of RAM that might be needed for subsequent expensive operations like ECDHE.
This commit is contained in:
parent
17572473c6
commit
6c83db7f7b
|
@ -2354,6 +2354,10 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
/* We don't need the peer's public key anymore. Free it. */
|
||||
mbedtls_pk_free( peer_pk );
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
|
||||
|
@ -2463,6 +2467,13 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
/* We don't need the peer's public key anymore. Free it,
|
||||
* so that more RAM is available for upcoming expensive
|
||||
* operations like ECDHE. */
|
||||
mbedtls_pk_free( peer_pk );
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
|
@ -2801,6 +2812,13 @@ start_processing:
|
|||
#endif
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
/* We don't need the peer's public key anymore. Free it,
|
||||
* so that more RAM is available for upcoming expensive
|
||||
* operations like ECDHE. */
|
||||
mbedtls_pk_free( peer_pk );
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
|
||||
|
|
Loading…
Reference in a new issue