diff --git a/ChangeLog b/ChangeLog index 3a3237c4c..2621f5371 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date) = Branch 1.3 Changes * RSA blinding locks for a smaller amount of time + * TLS compression only allocates working buffer once Bugfix * Missing MSVC defines added diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index cf18ea751..3e3ace30b 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -667,6 +667,9 @@ struct _ssl_context size_t out_msglen; /*!< record header: message length */ size_t out_left; /*!< amount of data not yet written */ +#if defined(POLARSSL_ZLIB_SUPPORT) + unsigned char *compress_buf; /*!< zlib data buffer */ +#endif #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */ #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 39291fa43..edcc1c884 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -706,6 +706,18 @@ int ssl_derive_keys( ssl_context *ssl ) // if( session->compression == SSL_COMPRESS_DEFLATE ) { + if( ssl->compress_buf == NULL ) + { + SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); + ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN ); + if( ssl->compress_buf == NULL ) + { + SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", + SSL_BUFFER_LEN ) ); + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + } + } + SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); @@ -1662,20 +1674,13 @@ static int ssl_compress_buf( ssl_context *ssl ) int ret; unsigned char *msg_post = ssl->out_msg; size_t len_pre = ssl->out_msglen; - unsigned char *msg_pre; + unsigned char *msg_pre = ssl->compress_buf; SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); if( len_pre == 0 ) return( 0 ); - msg_pre = (unsigned char*) polarssl_malloc( len_pre ); - if( msg_pre == NULL ) - { - SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) ); - return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - } - memcpy( msg_pre, ssl->out_msg, len_pre ); SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", @@ -1698,8 +1703,6 @@ static int ssl_compress_buf( ssl_context *ssl ) ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out; - polarssl_free( msg_pre ); - SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", ssl->out_msglen ) ); @@ -1716,20 +1719,13 @@ static int ssl_decompress_buf( ssl_context *ssl ) int ret; unsigned char *msg_post = ssl->in_msg; size_t len_pre = ssl->in_msglen; - unsigned char *msg_pre; + unsigned char *msg_pre = ssl->compress_buf; SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); if( len_pre == 0 ) return( 0 ); - msg_pre = (unsigned char*) polarssl_malloc( len_pre ); - if( msg_pre == NULL ) - { - SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) ); - return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - } - memcpy( msg_pre, ssl->in_msg, len_pre ); SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", @@ -1752,8 +1748,6 @@ static int ssl_decompress_buf( ssl_context *ssl ) ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out; - polarssl_free( msg_pre ); - SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", ssl->in_msglen ) ); @@ -4228,6 +4222,14 @@ void ssl_free( ssl_context *ssl ) polarssl_free( ssl->in_ctr ); } +#if defined(POLARSSL_ZLIB_SUPPORT) + if( ssl->compress_buf != NULL ) + { + memset( ssl->compress_buf, 0, SSL_BUFFER_LEN ); + polarssl_free( ssl->compress_buf ); + } +#endif + #if defined(POLARSSL_DHM_C) mpi_free( &ssl->dhm_P ); mpi_free( &ssl->dhm_G );