[git commit] tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC

Denys Vlasenko vda.linux at googlemail.com
Mon Dec 10 15:43:53 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=63bfe0e4c0f3e14dc3a358bbb1ba59a1ade421e0
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
tls_xread_record                                     634     636      +2
xwrite_encrypted                                     579     580      +1
tls_handshake                                       2095    2085     -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10)              Total: -7 bytes

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/networking/tls.c b/networking/tls.c
index 3efb0519d..be13c6d5e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer
 #endif
 }
 
+#if !ENABLE_FEATURE_TLS_SHA1
+# define TLS_MAC_SIZE(tls) SHA256_OUTSIZE
+#else
+# define TLS_MAC_SIZE(tls) (tls)->MAC_size
+#endif
+
 // RFC 2104:
 // HMAC(key, text) based on a hash H (say, sha256) is:
 // ipad = [0x36 x INSIZE]
@@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 
 	/* Calculate MAC signature */
 	hmac(tls, buf + size, /* result */
-		tls->client_write_MAC_key, tls->MAC_size,
+		tls->client_write_MAC_key, TLS_MAC_SIZE(tls),
 		&tls->write_seq64_be, sizeof(tls->write_seq64_be),
 		xhdr, RECHDR_LEN,
 		buf, size,
@@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	);
 	tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be));
 
-	size += tls->MAC_size;
+	size += TLS_MAC_SIZE(tls);
 
 	// RFC 5246:
 	// 6.2.3.1.  Null or Standard Stream Cipher
@@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 
 	tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */
 	dbg("before crypt: 5 hdr + %u data + %u hash bytes\n",
-			size - tls->MAC_size, tls->MAC_size);
+			size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls));
 
 	/* Fill IV and padding in outbuf */
 	// RFC is talking nonsense:
@@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			tls_aesgcm_decrypt(tls, p, sz);
 			dbg("encrypted size:%u\n", sz);
 		} else
-		if (tls->min_encrypted_len_on_read > tls->MAC_size) {
+		if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) {
 			/* AES+SHA */
 			uint8_t *p = tls->inbuf + RECHDR_LEN;
 			int padding_len;
@@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			padding_len = p[sz - 1];
 			dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
 			padding_len++;
-			sz -= tls->MAC_size + padding_len; /* drop MAC and padding */
+			sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */
 		} else {
 			/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
 			/* else: no encryption yet on input, subtract zero = NOP */
@@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 		tls->min_encrypted_len_on_read = tls->MAC_size;
 	} else
 	if (!(tls->flags & ENCRYPTION_AESGCM)) {
-		unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
+		unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
 		/* all incoming packets now should be encrypted and have
 		 * at least IV + (MAC padded to blocksize):
 		 */


More information about the busybox-cvs mailing list