diff options
author | Denys Vlasenko | 2018-12-10 16:43:53 +0100 |
---|---|---|
committer | Denys Vlasenko | 2018-12-10 16:43:53 +0100 |
commit | 63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0 (patch) | |
tree | 4e2eb36cbe8b811412158432b3c95f5bc4bb2612 | |
parent | 71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (diff) | |
download | busybox-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.zip busybox-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.tar.gz |
tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC
function old new delta
tls_xread_record 634 636 +2
xwrite_encrypted 579 580 +1
tls_handshake 2095 2085 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | networking/tls.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/networking/tls.c b/networking/tls.c index 3efb051..be13c6d 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer #endif } +#if !ENABLE_FEATURE_TLS_SHA1 +# define TLS_MAC_SIZE(tls) SHA256_OUTSIZE +#else +# define TLS_MAC_SIZE(tls) (tls)->MAC_size +#endif + // RFC 2104: // HMAC(key, text) based on a hash H (say, sha256) is: // ipad = [0x36 x INSIZE] @@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un /* Calculate MAC signature */ hmac(tls, buf + size, /* result */ - tls->client_write_MAC_key, tls->MAC_size, + tls->client_write_MAC_key, TLS_MAC_SIZE(tls), &tls->write_seq64_be, sizeof(tls->write_seq64_be), xhdr, RECHDR_LEN, buf, size, @@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un ); tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); - size += tls->MAC_size; + size += TLS_MAC_SIZE(tls); // RFC 5246: // 6.2.3.1. Null or Standard Stream Cipher @@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */ dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", - size - tls->MAC_size, tls->MAC_size); + size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls)); /* Fill IV and padding in outbuf */ // RFC is talking nonsense: @@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) tls_aesgcm_decrypt(tls, p, sz); dbg("encrypted size:%u\n", sz); } else - if (tls->min_encrypted_len_on_read > tls->MAC_size) { + if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) { /* AES+SHA */ uint8_t *p = tls->inbuf + RECHDR_LEN; int padding_len; @@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) padding_len = p[sz - 1]; dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); padding_len++; - sz -= tls->MAC_size + padding_len; /* drop MAC and padding */ + sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */ } else { /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ /* else: no encryption yet on input, subtract zero = NOP */ @@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) tls->min_encrypted_len_on_read = tls->MAC_size; } else if (!(tls->flags & ENCRYPTION_AESGCM)) { - unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; + unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; /* all incoming packets now should be encrypted and have * at least IV + (MAC padded to blocksize): */ |