summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2018-12-10 16:43:53 +0100
committerDenys Vlasenko2018-12-10 16:43:53 +0100
commit63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0 (patch)
tree4e2eb36cbe8b811412158432b3c95f5bc4bb2612
parent71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (diff)
downloadbusybox-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.zip
busybox-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.tar.gz
tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC
function old new delta tls_xread_record 634 636 +2 xwrite_encrypted 579 580 +1 tls_handshake 2095 2085 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/tls.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 3efb051..be13c6d 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer
#endif
}
+#if !ENABLE_FEATURE_TLS_SHA1
+# define TLS_MAC_SIZE(tls) SHA256_OUTSIZE
+#else
+# define TLS_MAC_SIZE(tls) (tls)->MAC_size
+#endif
+
// RFC 2104:
// HMAC(key, text) based on a hash H (say, sha256) is:
// ipad = [0x36 x INSIZE]
@@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
/* Calculate MAC signature */
hmac(tls, buf + size, /* result */
- tls->client_write_MAC_key, tls->MAC_size,
+ tls->client_write_MAC_key, TLS_MAC_SIZE(tls),
&tls->write_seq64_be, sizeof(tls->write_seq64_be),
xhdr, RECHDR_LEN,
buf, size,
@@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
);
tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be));
- size += tls->MAC_size;
+ size += TLS_MAC_SIZE(tls);
// RFC 5246:
// 6.2.3.1. Null or Standard Stream Cipher
@@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */
dbg("before crypt: 5 hdr + %u data + %u hash bytes\n",
- size - tls->MAC_size, tls->MAC_size);
+ size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls));
/* Fill IV and padding in outbuf */
// RFC is talking nonsense:
@@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
tls_aesgcm_decrypt(tls, p, sz);
dbg("encrypted size:%u\n", sz);
} else
- if (tls->min_encrypted_len_on_read > tls->MAC_size) {
+ if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) {
/* AES+SHA */
uint8_t *p = tls->inbuf + RECHDR_LEN;
int padding_len;
@@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
padding_len = p[sz - 1];
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
padding_len++;
- sz -= tls->MAC_size + padding_len; /* drop MAC and padding */
+ sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */
} else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
/* else: no encryption yet on input, subtract zero = NOP */
@@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
tls->min_encrypted_len_on_read = tls->MAC_size;
} else
if (!(tls->flags & ENCRYPTION_AESGCM)) {
- unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
+ unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
/* all incoming packets now should be encrypted and have
* at least IV + (MAC padded to blocksize):
*/