From da7ab4ade2cac18966a615c95b9b4bfd117a24b3 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Mon, 8 May 2017 22:02:41 +0800 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20allocate=20extra=20memory=20in?= =?UTF-8?q?=20add=5Fhmac=5Fdigest,=20use=20hmac=5Fv=20functions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ssl/tls1.c | 29 ++++++++++++++++------------- ssl/tls1.h | 2 +- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/ssl/tls1.c b/ssl/tls1.c index fcc0bbaad..c021b100a 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -85,7 +85,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 16, /* block padding size */ SHA1_SIZE, /* digest size */ 2*(SHA1_SIZE+16+16), /* key block size */ - hmac_sha1, /* hmac algorithm */ + hmac_sha1_v, /* hmac algorithm */ (crypt_func)AES_cbc_encrypt, /* encrypt */ (crypt_func)AES_cbc_decrypt /* decrypt */ }, @@ -96,7 +96,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 16, /* block padding size */ SHA1_SIZE, /* digest size */ 2*(SHA1_SIZE+32+16), /* key block size */ - hmac_sha1, /* hmac algorithm */ + hmac_sha1_v, /* hmac algorithm */ (crypt_func)AES_cbc_encrypt, /* encrypt */ (crypt_func)AES_cbc_decrypt /* decrypt */ }, @@ -107,7 +107,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 16, /* block padding size */ SHA256_SIZE, /* digest size */ 2*(SHA256_SIZE+32+16), /* key block size */ - hmac_sha256, /* hmac algorithm */ + hmac_sha256_v, /* hmac algorithm */ (crypt_func)AES_cbc_encrypt, /* encrypt */ (crypt_func)AES_cbc_decrypt /* decrypt */ }, @@ -118,7 +118,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 16, /* block padding size */ SHA256_SIZE, /* digest size */ 2*(SHA256_SIZE+32+16), /* key block size */ - hmac_sha256, /* hmac algorithm */ + hmac_sha256_v, /* hmac algorithm */ (crypt_func)AES_cbc_encrypt, /* encrypt */ (crypt_func)AES_cbc_decrypt /* decrypt */ } @@ -746,21 +746,24 @@ static void increment_write_sequence(SSL *ssl) static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header, const uint8_t *buf, int buf_len, uint8_t *hmac_buf) { - int hmac_len = buf_len + 8 + SSL_RECORD_SIZE; - uint8_t *t_buf = (uint8_t *)malloc(hmac_len); + const uint8_t* bufs[] = { + (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? + ssl->write_sequence : ssl->read_sequence, + hmac_header, + buf + }; - memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? - ssl->write_sequence : ssl->read_sequence, 8); - memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE); - memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len); + int lengths[] = { + 8, + SSL_RECORD_SIZE, + buf_len + }; - ssl->cipher_info->hmac(t_buf, hmac_len, + ssl->cipher_info->hmac_v(bufs, lengths, 3, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? ssl->server_mac : ssl->client_mac, ssl->cipher_info->digest_size, hmac_buf); - free(t_buf); - #if 0 print_blob("record", hmac_header, SSL_RECORD_SIZE); print_blob("buf", buf, buf_len); diff --git a/ssl/tls1.h b/ssl/tls1.h index 9f4926876..fb3e55527 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -132,7 +132,7 @@ typedef struct uint8_t padding_size; uint8_t digest_size; uint8_t key_block_size; - hmac_func hmac; + hmac_func_v hmac_v; crypt_func encrypt; crypt_func decrypt; } cipher_info_t;