emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: code shrink

Browse Source 
function                                             old     new   delta
xwrite_and_update_handshake_hash                      81      80      -1
tls_handshake                                       1987    1957     -30

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2018-11-25 14:45:55 +01:00
parent a33b008240
commit eb53d01be5
2 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/libbb.h
View File

@ -752,7 +752,6 @@ typedef struct tls_state {
unsigned min_encrypted_len_on_read; unsigned min_encrypted_len_on_read;
uint16_t cipher_id; uint16_t cipher_id;
uint8_t encrypt_on_write;
unsigned MAC_size; unsigned MAC_size;
unsigned key_size; unsigned key_size;
unsigned IV_size; unsigned IV_size;

27
networking/tls.c
View File

@ -267,6 +267,7 @@ enum {
GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused
GOT_EC_KEY = 1 << 3, GOT_EC_KEY = 1 << 3,
ENCRYPTION_AESGCM = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one) ENCRYPTION_AESGCM = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one)
ENCRYPT_ON_WRITE = 1 << 5,
}; };
struct record_hdr { struct record_hdr {
@ -299,6 +300,13 @@ static unsigned get24be(const uint8_t *p)
} }
#if TLS_DEBUG #if TLS_DEBUG
/* Nondestructively see the current hash value */
static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer)
{
md5sha_ctx_t ctx_copy = *ctx; /* struct copy */
return sha_end(&ctx_copy, buffer);
}
static void dump_hex(const char *fmt, const void *vp, int len) static void dump_hex(const char *fmt, const void *vp, int len)
{ {
char hexbuf[32 * 1024 + 4]; char hexbuf[32 * 1024 + 4];
@ -372,18 +380,6 @@ void FAST_FUNC xorbuf_aligned_AES_BLOCK_SIZE(void *dst, const void *src)
#endif #endif
} }
/* Nondestructively see the current hash value */
static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer)
{
md5sha_ctx_t ctx_copy = *ctx; /* struct copy */
return sha_end(&ctx_copy, buffer);
}
static ALWAYS_INLINE unsigned get_handshake_hash(tls_state_t *tls, void *buffer)
{
return sha_peek(&tls->hsd->handshake_hash_ctx, buffer);
}
#if !TLS_DEBUG_HASH #if !TLS_DEBUG_HASH
# define hash_handshake(tls, fmt, buffer, len) \ # define hash_handshake(tls, fmt, buffer, len) \
hash_handshake(tls, buffer, len) hash_handshake(tls, buffer, len)
@ -910,7 +906,7 @@ static void xwrite_handshake_record(tls_state_t *tls, unsigned size)
static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size) static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size)
{ {
if (!tls->encrypt_on_write) { if (!(tls->flags & ENCRYPT_ON_WRITE)) {
uint8_t *buf; uint8_t *buf;
xwrite_handshake_record(tls, size); xwrite_handshake_record(tls, size);
@ -2032,7 +2028,8 @@ static void send_client_finished(tls_state_t *tls)
fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record)); fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record));
len = get_handshake_hash(tls, handshake_hash); len = sha_end(&tls->hsd->handshake_hash_ctx, handshake_hash);
prf_hmac_sha256(/*tls,*/ prf_hmac_sha256(/*tls,*/
record->prf_result, sizeof(record->prf_result), record->prf_result, sizeof(record->prf_result),
tls->hsd->master_secret, sizeof(tls->hsd->master_secret), tls->hsd->master_secret, sizeof(tls->hsd->master_secret),
@ -2137,7 +2134,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
send_change_cipher_spec(tls); send_change_cipher_spec(tls);
/* from now on we should send encrypted */ /* from now on we should send encrypted */
/* tls->write_seq64_be = 0; - already is */ /* tls->write_seq64_be = 0; - already is */
tls->encrypt_on_write = 1; tls->flags |= ENCRYPT_ON_WRITE;
send_client_finished(tls); send_client_finished(tls);