Apple-2gs-SW/hush
1
0
Fork 0
mirror of https://github.com/sheumann/hush.git synced 2024-06-14 09:29:38 +00:00
Code Issues Projects Releases Wiki Activity

tls: AES decrypt does one unnecessary memmove

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-01-20 21:19:38 +01:00
parent 3916139ac4
commit 54b927d78b
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
networking/tls.c
View File

@ -539,7 +539,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
xhdr->type = type;
xhdr->proto_maj = TLS_MAJ;
xhdr->proto_min = TLS_MIN;
/* fake unencrypted record header len for MAC calculation */
/* fake unencrypted record len for MAC calculation */
xhdr->len16_hi = size >> 8;
xhdr->len16_lo = size & 0xff;
@ -634,7 +634,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
// AES_128_CBC Block 16 16 16
// AES_256_CBC Block 32 16 16
/* Build IV+content+MAC+padding in outbuf */
/* Fill IV and padding in outbuf */
tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */
dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE);
// RFC is talking nonsense:
@ -654,7 +654,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
// It's ok to have more than minimum padding, but we do minimum.
padding_length = (~size) & (AES_BLOCKSIZE - 1);
do {
buf[size++] = padding_length; /* padding */
buf[size++] = padding_length; /* padding */
} while ((size & (AES_BLOCKSIZE - 1)) != 0);
/* Encrypt content+MAC+padding in place */
@ -796,26 +796,23 @@ static int tls_xread_record(tls_state_t *tls)
) {
bb_error_msg_and_die("bad encrypted len:%u", sz);
}
/* Decrypt content+MAC+padding in place */
/* Decrypt content+MAC+padding, moving it over IV in the process */
psAesInit(&ctx, p, /* IV */
tls->server_write_key, sizeof(tls->server_write_key)
);
sz -= AES_BLOCKSIZE; /* we will overwrite IV now */
psAesDecrypt(&ctx,
p + AES_BLOCKSIZE, /* ciphertext */
p + AES_BLOCKSIZE, /* plaintext */
sz - AES_BLOCKSIZE
p, /* plaintext */
sz
);
padding_len = p[sz - 1];
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[AES_BLOCKSIZE], padding_len);
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
padding_len++;
sz -= AES_BLOCKSIZE + SHA256_OUTSIZE + padding_len;
sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */
if (sz < 0) {
bb_error_msg_and_die("bad padding size:%u", padding_len);
}
if (sz != 0) {
/* Skip IV */
memmove(tls->inbuf + RECHDR_LEN, tls->inbuf + RECHDR_LEN + AES_BLOCKSIZE, sz);
}
} else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
/* else: no encryption yet on input, subtract zero = NOP */
@ -828,8 +825,8 @@ static int tls_xread_record(tls_state_t *tls)
if (xhdr->type == RECORD_TYPE_ALERT && sz >= 2) {
uint8_t *p = tls->inbuf + RECHDR_LEN;
dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]);
if (p[0] == 1) { /*warning */
if (p[1] == 0) { /* warning, close_notify: EOF */
if (p[0] == 1) { /* warning */
if (p[1] == 0) { /* "close_notify" warning: it's EOF */
dbg("EOF (TLS encoded) from peer\n");
sz = 0;
goto end;