Cryptography Reference
In-Depth Information
¶meters->active_send_parameters );
if ( parameters->unread_buffer )
{
free( parameters->unread_buffer );
}
free_protection_parameters( ¶meters->pending_send_parameters );
free_protection_parameters( ¶meters->pending_recv_parameters );
free_protection_parameters( ¶meters->active_send_parameters );
free_protection_parameters( ¶meters->active_recv_parameters );
return 1;
}
This routine goes ahead and frees any memory that was allocated by the
connection; it mostly relies on
free_protection_parameters
to free the MAC
secrets, keys, and IVs. This is shown in Listing 6-76.
Listing 6-76:
“tls.c” free_protection_parameters
static void free_protection_parameters( ProtectionParameters *parameters )
{
if ( parameters->MAC_secret )
{
free( parameters->MAC_secret );
}
if ( parameters->key )
{
free( parameters->key );
}
if ( parameters->IV )
{
free( parameters->IV );
}
}
Another benefi t of the dedicated TLS shutdown protocol is that either side
can switch back to plaintext if desired without severing the connection. This
could potentially be useful if for regulatory reasons some data had to be sent
in the clear. I'm not aware of any applications that take advantage of this, but
it's nice to know that the fl exibility is there if you need it.
Examining HTTPS End-to-End Examples (TLS 1.0)
You can, and should, compile the code presented in this chapter and try to
connect to a few different public secure websites. You may have to scrounge
around to fi nd one that doesn't require a context to be previously established;
your bank's login landing page might be a good choice (if it's not SSL enabled,
consider a different bank).
Search WWH ::
Custom Search