diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-25 14:45:55 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-25 14:45:55 +0100 |
| commit | eb53d01be54caf0208e4006c089d7841fe4a0f57 (patch) | |
| tree | ea71c60693be2bd394b55860a9beff51d7228815 | |
| parent | a33b0082408a2c9b2b45db205aca41393ba826a2 (diff) | |
| download | busybox-w32-eb53d01be54caf0208e4006c089d7841fe4a0f57.tar.gz busybox-w32-eb53d01be54caf0208e4006c089d7841fe4a0f57.tar.bz2 busybox-w32-eb53d01be54caf0208e4006c089d7841fe4a0f57.zip | |
tls: code shrink
function old new delta
xwrite_and_update_handshake_hash 81 80 -1
tls_handshake 1987 1957 -30
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | include/libbb.h | 1 | ||||
| -rw-r--r-- | networking/tls.c | 27 |
2 files changed, 12 insertions, 16 deletions
diff --git a/include/libbb.h b/include/libbb.h index 883457c0d..ebd090e18 100644 --- a/include/libbb.h +++ b/include/libbb.h | |||
| @@ -752,7 +752,6 @@ typedef struct tls_state { | |||
| 752 | 752 | ||
| 753 | unsigned min_encrypted_len_on_read; | 753 | unsigned min_encrypted_len_on_read; |
| 754 | uint16_t cipher_id; | 754 | uint16_t cipher_id; |
| 755 | uint8_t encrypt_on_write; | ||
| 756 | unsigned MAC_size; | 755 | unsigned MAC_size; |
| 757 | unsigned key_size; | 756 | unsigned key_size; |
| 758 | unsigned IV_size; | 757 | unsigned IV_size; |
diff --git a/networking/tls.c b/networking/tls.c index 149f55ee4..9b4298de7 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -267,6 +267,7 @@ enum { | |||
| 267 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused | 267 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused |
| 268 | GOT_EC_KEY = 1 << 3, | 268 | GOT_EC_KEY = 1 << 3, |
| 269 | ENCRYPTION_AESGCM = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one) | 269 | ENCRYPTION_AESGCM = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one) |
| 270 | ENCRYPT_ON_WRITE = 1 << 5, | ||
| 270 | }; | 271 | }; |
| 271 | 272 | ||
| 272 | struct record_hdr { | 273 | struct record_hdr { |
| @@ -299,6 +300,13 @@ static unsigned get24be(const uint8_t *p) | |||
| 299 | } | 300 | } |
| 300 | 301 | ||
| 301 | #if TLS_DEBUG | 302 | #if TLS_DEBUG |
| 303 | /* Nondestructively see the current hash value */ | ||
| 304 | static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer) | ||
| 305 | { | ||
| 306 | md5sha_ctx_t ctx_copy = *ctx; /* struct copy */ | ||
| 307 | return sha_end(&ctx_copy, buffer); | ||
| 308 | } | ||
| 309 | |||
| 302 | static void dump_hex(const char *fmt, const void *vp, int len) | 310 | static void dump_hex(const char *fmt, const void *vp, int len) |
| 303 | { | 311 | { |
| 304 | char hexbuf[32 * 1024 + 4]; | 312 | char hexbuf[32 * 1024 + 4]; |
| @@ -372,18 +380,6 @@ void FAST_FUNC xorbuf_aligned_AES_BLOCK_SIZE(void *dst, const void *src) | |||
| 372 | #endif | 380 | #endif |
| 373 | } | 381 | } |
| 374 | 382 | ||
| 375 | /* Nondestructively see the current hash value */ | ||
| 376 | static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer) | ||
| 377 | { | ||
| 378 | md5sha_ctx_t ctx_copy = *ctx; /* struct copy */ | ||
| 379 | return sha_end(&ctx_copy, buffer); | ||
| 380 | } | ||
| 381 | |||
| 382 | static ALWAYS_INLINE unsigned get_handshake_hash(tls_state_t *tls, void *buffer) | ||
| 383 | { | ||
| 384 | return sha_peek(&tls->hsd->handshake_hash_ctx, buffer); | ||
| 385 | } | ||
| 386 | |||
| 387 | #if !TLS_DEBUG_HASH | 383 | #if !TLS_DEBUG_HASH |
| 388 | # define hash_handshake(tls, fmt, buffer, len) \ | 384 | # define hash_handshake(tls, fmt, buffer, len) \ |
| 389 | hash_handshake(tls, buffer, len) | 385 | hash_handshake(tls, buffer, len) |
| @@ -910,7 +906,7 @@ static void xwrite_handshake_record(tls_state_t *tls, unsigned size) | |||
| 910 | 906 | ||
| 911 | static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size) | 907 | static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size) |
| 912 | { | 908 | { |
| 913 | if (!tls->encrypt_on_write) { | 909 | if (!(tls->flags & ENCRYPT_ON_WRITE)) { |
| 914 | uint8_t *buf; | 910 | uint8_t *buf; |
| 915 | 911 | ||
| 916 | xwrite_handshake_record(tls, size); | 912 | xwrite_handshake_record(tls, size); |
| @@ -2032,7 +2028,8 @@ static void send_client_finished(tls_state_t *tls) | |||
| 2032 | 2028 | ||
| 2033 | fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record)); | 2029 | fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record)); |
| 2034 | 2030 | ||
| 2035 | len = get_handshake_hash(tls, handshake_hash); | 2031 | len = sha_end(&tls->hsd->handshake_hash_ctx, handshake_hash); |
| 2032 | |||
| 2036 | prf_hmac_sha256(/*tls,*/ | 2033 | prf_hmac_sha256(/*tls,*/ |
| 2037 | record->prf_result, sizeof(record->prf_result), | 2034 | record->prf_result, sizeof(record->prf_result), |
| 2038 | tls->hsd->master_secret, sizeof(tls->hsd->master_secret), | 2035 | tls->hsd->master_secret, sizeof(tls->hsd->master_secret), |
| @@ -2137,7 +2134,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | |||
| 2137 | send_change_cipher_spec(tls); | 2134 | send_change_cipher_spec(tls); |
| 2138 | /* from now on we should send encrypted */ | 2135 | /* from now on we should send encrypted */ |
| 2139 | /* tls->write_seq64_be = 0; - already is */ | 2136 | /* tls->write_seq64_be = 0; - already is */ |
| 2140 | tls->encrypt_on_write = 1; | 2137 | tls->flags |= ENCRYPT_ON_WRITE; |
| 2141 | 2138 | ||
| 2142 | send_client_finished(tls); | 2139 | send_client_finished(tls); |
| 2143 | 2140 | ||