Don’t allocate extra memory in add_hmac_digest, use hmac_v functions

2025-07-27 18:02:17 +03:00 · 2017-05-08 22:02:41 +08:00
parent 48d0f114bb
commit da7ab4ade2
2 changed files with 17 additions and 14 deletions
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -85,7 +85,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
        16,                             /* block padding size */
        SHA1_SIZE,                      /* digest size */
        2*(SHA1_SIZE+16+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
        (crypt_func)AES_cbc_encrypt,    /* encrypt */
        (crypt_func)AES_cbc_decrypt     /* decrypt */
    },
@ -96,7 +96,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
        16,                             /* block padding size */
        SHA1_SIZE,                      /* digest size */
        2*(SHA1_SIZE+32+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
        (crypt_func)AES_cbc_encrypt,    /* encrypt */
        (crypt_func)AES_cbc_decrypt     /* decrypt */
    },       
@ -107,7 +107,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
        16,                             /* block padding size */
        SHA256_SIZE,                    /* digest size */
        2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
        (crypt_func)AES_cbc_encrypt,    /* encrypt */
        (crypt_func)AES_cbc_decrypt     /* decrypt */
    },       
@ -118,7 +118,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
        16,                             /* block padding size */
        SHA256_SIZE,                    /* digest size */
        2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
        (crypt_func)AES_cbc_encrypt,    /* encrypt */
        (crypt_func)AES_cbc_decrypt     /* decrypt */
    }
@ -746,21 +746,24 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+    const uint8_t* bufs[] = {
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
+        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
            ssl->write_sequence : ssl->read_sequence,
        hmac_header,
        buf
    };
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+    int lengths[] = {
-                    ssl->write_sequence : ssl->read_sequence, 8);
+        8,
-    memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
+        SSL_RECORD_SIZE,
-    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+        buf_len
    };
-    ssl->cipher_info->hmac(t_buf, hmac_len, 
+    ssl->cipher_info->hmac_v(bufs, lengths, 3,
            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
                ssl->server_mac : ssl->client_mac, 
            ssl->cipher_info->digest_size, hmac_buf);
    free(t_buf);
 #if 0
    print_blob("record", hmac_header, SSL_RECORD_SIZE);
    print_blob("buf", buf, buf_len);
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@ -132,7 +132,7 @@ typedef struct
    uint8_t padding_size;
    uint8_t digest_size;
    uint8_t key_block_size;
-    hmac_func hmac;
+    hmac_func_v hmac_v;
    crypt_func encrypt;
    crypt_func decrypt;
 } cipher_info_t;