tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC

function old new delta tls_xread_record 634 636 +2 xwrite_encrypted 579 580 +1 tls_handshake 2095 2085 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 16:43:53 +01:00 · 2018-12-10 16:43:53 +01:00 · 63bfe0e4c0
commit 63bfe0e4c0
parent 71fa5b0a4c
1 changed files with 12 additions and 6 deletions
--- a/networking/tls.c
+++ b/networking/tls.c
@ -407,6 +407,12 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer
 #endif
 }
 #if !ENABLE_FEATURE_TLS_SHA1
 # define TLS_MAC_SIZE(tls) SHA256_OUTSIZE
 #else
 # define TLS_MAC_SIZE(tls) (tls)->MAC_size
 #endif
 // RFC 2104:
 // HMAC(key, text) based on a hash H (say, sha256) is:
 // ipad = [0x36 x INSIZE]
@ -691,7 +697,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	/* Calculate MAC signature */
 	hmac(tls, buf + size, /* result */
-		tls->client_write_MAC_key, tls->MAC_size,
+		tls->client_write_MAC_key, TLS_MAC_SIZE(tls),
 		&tls->write_seq64_be, sizeof(tls->write_seq64_be),
 		xhdr, RECHDR_LEN,
 		buf, size,
@ -699,7 +705,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	);
 	tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be));
-	size += tls->MAC_size;
+	size += TLS_MAC_SIZE(tls);
 	// RFC 5246:
 	// 6.2.3.1.  Null or Standard Stream Cipher
@ -784,7 +790,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	tls_get_random(buf - AES_BLOCK_SIZE, AES_BLOCK_SIZE); /* IV */
 	dbg("before crypt: 5 hdr + %u data + %u hash bytes\n",
-			size - tls->MAC_size, tls->MAC_size);
+			size - TLS_MAC_SIZE(tls), TLS_MAC_SIZE(tls));
 	/* Fill IV and padding in outbuf */
 	// RFC is talking nonsense:
@ -1099,7 +1105,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			tls_aesgcm_decrypt(tls, p, sz);
 			dbg("encrypted size:%u\n", sz);
 		} else
-		if (tls->min_encrypted_len_on_read > tls->MAC_size) {
+		if (tls->min_encrypted_len_on_read > TLS_MAC_SIZE(tls)) {
 			/* AES+SHA */
 			uint8_t *p = tls->inbuf + RECHDR_LEN;
 			int padding_len;
@ -1118,7 +1124,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			padding_len = p[sz - 1];
 			dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
 			padding_len++;
-			sz -= tls->MAC_size + padding_len; /* drop MAC and padding */
+			sz -= TLS_MAC_SIZE(tls) + padding_len; /* drop MAC and padding */
 		} else {
 			/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
 			/* else: no encryption yet on input, subtract zero = NOP */
@ -2245,7 +2251,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 		tls->min_encrypted_len_on_read = tls->MAC_size;
 	} else
 	if (!(tls->flags & ENCRYPTION_AESGCM)) {
-		unsigned mac_blocks = (unsigned)(tls->MAC_size + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
+		unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
 		/* all incoming packets now should be encrypted and have
 		 * at least IV + (MAC padded to blocksize):
 		 */