From 63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 10 Dec 2018 16:43:53 +0100 Subject: tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC function old new delta tls_xread_record 634 636 +2 xwrite_encrypted 579 580 +1 tls_handshake 2095 2085 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes Signed-off-by: Denys Vlasenko --- networking/tls.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/networking/tls.c b/networking/tls.c index 3efb051..be13c6d 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer #endif } +#if !ENABLE_FEATURE_TLS_SHA1 +# define TLS_MAC_SIZE(tls) SHA256_OUTSIZE +#else +# define TLS_MAC_SIZE(tls) (tls)->MAC_size +#endif + // RFC 2104: // HMAC(key, text) based on a hash H (say, sha256) is: // ipad = [0x36 x INSIZE] @@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un /* Calculate MAC signature */ hmac(tls, buf + size, /* result */ - tls->client_write_MAC_key, tls->MAC_size, + tls->client_write_MAC_key, TLS_MAC_SIZE(tls), &tls->write_seq64_be, sizeof(tls->write_seq64_be), xhdr, RECHDR_LEN, buf, size, @@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un ); tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); - size += tls->MAC_size; + size += TLS_MAC_SIZE(tls); // RFC 5246: // 6.2.3.1. Null or Standard Stream Cipher @@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */ dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", - size - tls->MAC_size, tls->MAC_size); + size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls)); /* Fill IV and padding in outbuf */ // RFC is talking nonsense: @@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) tls_aesgcm_decrypt(tls, p, sz); dbg("encrypted size:%u\n", sz); } else - if (tls->min_encrypted_len_on_read > tls->MAC_size) { + if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) { /* AES+SHA */ uint8_t *p = tls->inbuf + RECHDR_LEN; int padding_len; @@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) padding_len = p[sz - 1]; dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); padding_len++; - sz -= tls->MAC_size + padding_len; /* drop MAC and padding */ + sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */ } else { /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ /* else: no encryption yet on input, subtract zero = NOP */ @@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) tls->min_encrypted_len_on_read = tls->MAC_size; } else if (!(tls->flags & ENCRYPTION_AESGCM)) { - unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; + unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; /* all incoming packets now should be encrypted and have * at least IV + (MAC padded to blocksize): */ -- cgit v1.1