diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-12-10 16:43:53 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-12-10 16:43:53 +0100 |
| commit | 63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0 (patch) | |
| tree | 4e2eb36cbe8b811412158432b3c95f5bc4bb2612 | |
| parent | 71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (diff) | |
| download | busybox-w32-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.tar.gz busybox-w32-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.tar.bz2 busybox-w32-63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0.zip | |
tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC
function old new delta
tls_xread_record 634 636 +2
xwrite_encrypted 579 580 +1
tls_handshake 2095 2085 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/networking/tls.c b/networking/tls.c index 3efb0519d..be13c6d5e 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer | |||
| 407 | #endif | 407 | #endif |
| 408 | } | 408 | } |
| 409 | 409 | ||
| 410 | #if !ENABLE_FEATURE_TLS_SHA1 | ||
| 411 | # define TLS_MAC_SIZE(tls) SHA256_OUTSIZE | ||
| 412 | #else | ||
| 413 | # define TLS_MAC_SIZE(tls) (tls)->MAC_size | ||
| 414 | #endif | ||
| 415 | |||
| 410 | // RFC 2104: | 416 | // RFC 2104: |
| 411 | // HMAC(key, text) based on a hash H (say, sha256) is: | 417 | // HMAC(key, text) based on a hash H (say, sha256) is: |
| 412 | // ipad = [0x36 x INSIZE] | 418 | // ipad = [0x36 x INSIZE] |
| @@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 691 | 697 | ||
| 692 | /* Calculate MAC signature */ | 698 | /* Calculate MAC signature */ |
| 693 | hmac(tls, buf + size, /* result */ | 699 | hmac(tls, buf + size, /* result */ |
| 694 | tls->client_write_MAC_key, tls->MAC_size, | 700 | tls->client_write_MAC_key, TLS_MAC_SIZE(tls), |
| 695 | &tls->write_seq64_be, sizeof(tls->write_seq64_be), | 701 | &tls->write_seq64_be, sizeof(tls->write_seq64_be), |
| 696 | xhdr, RECHDR_LEN, | 702 | xhdr, RECHDR_LEN, |
| 697 | buf, size, | 703 | buf, size, |
| @@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 699 | ); | 705 | ); |
| 700 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); | 706 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); |
| 701 | 707 | ||
| 702 | size += tls->MAC_size; | 708 | size += TLS_MAC_SIZE(tls); |
| 703 | 709 | ||
| 704 | // RFC 5246: | 710 | // RFC 5246: |
| 705 | // 6.2.3.1. Null or Standard Stream Cipher | 711 | // 6.2.3.1. Null or Standard Stream Cipher |
| @@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 784 | 790 | ||
| 785 | tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */ | 791 | tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */ |
| 786 | dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", | 792 | dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", |
| 787 | size - tls->MAC_size, tls->MAC_size); | 793 | size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls)); |
| 788 | 794 | ||
| 789 | /* Fill IV and padding in outbuf */ | 795 | /* Fill IV and padding in outbuf */ |
| 790 | // RFC is talking nonsense: | 796 | // RFC is talking nonsense: |
| @@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) | |||
| 1099 | tls_aesgcm_decrypt(tls, p, sz); | 1105 | tls_aesgcm_decrypt(tls, p, sz); |
| 1100 | dbg("encrypted size:%u\n", sz); | 1106 | dbg("encrypted size:%u\n", sz); |
| 1101 | } else | 1107 | } else |
| 1102 | if (tls->min_encrypted_len_on_read > tls->MAC_size) { | 1108 | if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) { |
| 1103 | /* AES+SHA */ | 1109 | /* AES+SHA */ |
| 1104 | uint8_t *p = tls->inbuf + RECHDR_LEN; | 1110 | uint8_t *p = tls->inbuf + RECHDR_LEN; |
| 1105 | int padding_len; | 1111 | int padding_len; |
| @@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) | |||
| 1118 | padding_len = p[sz - 1]; | 1124 | padding_len = p[sz - 1]; |
| 1119 | dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); | 1125 | dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); |
| 1120 | padding_len++; | 1126 | padding_len++; |
| 1121 | sz -= tls->MAC_size + padding_len; /* drop MAC and padding */ | 1127 | sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */ |
| 1122 | } else { | 1128 | } else { |
| 1123 | /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ | 1129 | /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ |
| 1124 | /* else: no encryption yet on input, subtract zero = NOP */ | 1130 | /* else: no encryption yet on input, subtract zero = NOP */ |
| @@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | |||
| 2245 | tls->min_encrypted_len_on_read = tls->MAC_size; | 2251 | tls->min_encrypted_len_on_read = tls->MAC_size; |
| 2246 | } else | 2252 | } else |
| 2247 | if (!(tls->flags & ENCRYPTION_AESGCM)) { | 2253 | if (!(tls->flags & ENCRYPTION_AESGCM)) { |
| 2248 | unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; | 2254 | unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; |
| 2249 | /* all incoming packets now should be encrypted and have | 2255 | /* all incoming packets now should be encrypted and have |
| 2250 | * at least IV + (MAC padded to blocksize): | 2256 | * at least IV + (MAC padded to blocksize): |
| 2251 | */ | 2257 | */ |