diff options
| author | lloyd <[email protected]> | 2012-01-26 18:14:23 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-01-26 18:14:23 +0000 |
| commit | 91b5bfa75c928510c8fc3e001120a3bb894dbb1d (patch) | |
| tree | 4d0f2d875f9dd3582bc984f6c8f6a71c76494281 | |
| parent | 8d06088541fbdc8a70c52a32aaa18cb02b61c44b (diff) | |
Deleting the return of private_key_for in the TLS server forces the
credentials server to return a new copy each time which is slow and
mostly pointless. Instead, specify that the key remains owned by the
credentials manager.
This is theoretically an issue if you have thousands of keys to
manage; the credentials server doesn't actually know when they have
gone out of scope until its destructor runs. So it could be forced to
use a lot of memory in the meantime. I'm not sure that this is a case
worth optimizing for, at least until someone comes along who actually
has this as a problem.
| -rw-r--r-- | src/credentials/credentials_manager.h | 2 | ||||
| -rw-r--r-- | src/tls/s_kex.cpp | 2 | ||||
| -rw-r--r-- | src/tls/tls_handshake_state.cpp | 2 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 16 |
4 files changed, 11 insertions, 11 deletions
diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 5972dc2d4..19721715d 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -113,6 +113,8 @@ class BOTAN_DLL Credentials_Manager /** * @return private key associated with this certificate if we should * use it with this context. cert was returned by cert_chain + * @note this object should retain ownership of the returned key; + * it should not be deleted by the caller. */ virtual Private_Key* private_key_for(const X509_Certificate& cert, const std::string& type, diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 5861d3494..2c699ccd1 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -17,8 +17,6 @@ #include <botan/oids.h> #include <memory> -#include <stdio.h> - namespace Botan { namespace TLS { diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index b22039f5b..6e3d80ac2 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -264,8 +264,6 @@ Handshake_State::~Handshake_State() delete client_verify; delete client_finished; delete server_finished; - - delete server_rsa_kex_key; } } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 33dc196bb..d3137a29e 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -268,24 +268,26 @@ void Server::process_handshake_msg(Handshake_Type type, cert_chains[sig_algo]); } - std::auto_ptr<Private_Key> private_key(0); + Private_Key* private_key = 0; if(kex_algo == "RSA" || sig_algo != "") { - private_key.reset( - creds.private_key_for(state->server_certs->cert_chain()[0], - "tls-server", - m_hostname)); + private_key = creds.private_key_for(state->server_certs->cert_chain()[0], + "tls-server", + m_hostname); + + if(!private_key) + throw Internal_Error("No private key located for associated server cert"); } if(kex_algo == "RSA") { - state->server_rsa_kex_key = private_key.release(); + state->server_rsa_kex_key = private_key; } else { state->server_kex = - new Server_Key_Exchange(writer, state, policy, rng, private_key.get()); + new Server_Key_Exchange(writer, state, policy, rng, private_key); } std::vector<X509_Certificate> client_auth_CAs = |