emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: AES decrypt does one unnecessary memmove

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-01-20 21:19:38 +01:00
parent 3916139ac4
commit 54b927d78b
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
networking/tls.c
View File

@ -539,7 +539,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
xhdr->type = type; xhdr->type = type;
xhdr->proto_maj = TLS_MAJ; xhdr->proto_maj = TLS_MAJ;
xhdr->proto_min = TLS_MIN; xhdr->proto_min = TLS_MIN;
/* fake unencrypted record header len for MAC calculation */ /* fake unencrypted record len for MAC calculation */
xhdr->len16_hi = size >> 8; xhdr->len16_hi = size >> 8;
xhdr->len16_lo = size & 0xff; xhdr->len16_lo = size & 0xff;
@ -634,7 +634,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
// AES_128_CBC Block 16 16 16 // AES_128_CBC Block 16 16 16
// AES_256_CBC Block 32 16 16 // AES_256_CBC Block 32 16 16
/* Build IV+content+MAC+padding in outbuf */ /* Fill IV and padding in outbuf */
tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */ tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */
dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE); dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE);
// RFC is talking nonsense: // RFC is talking nonsense:
@ -796,26 +796,23 @@ static int tls_xread_record(tls_state_t *tls)
) { ) {
bb_error_msg_and_die("bad encrypted len:%u", sz); bb_error_msg_and_die("bad encrypted len:%u", sz);
} }
/* Decrypt content+MAC+padding in place */ /* Decrypt content+MAC+padding, moving it over IV in the process */
psAesInit(&ctx, p, /* IV */ psAesInit(&ctx, p, /* IV */
tls->server_write_key, sizeof(tls->server_write_key) tls->server_write_key, sizeof(tls->server_write_key)
); );
sz -= AES_BLOCKSIZE; /* we will overwrite IV now */
psAesDecrypt(&ctx, psAesDecrypt(&ctx,
p + AES_BLOCKSIZE, /* ciphertext */ p + AES_BLOCKSIZE, /* ciphertext */
p + AES_BLOCKSIZE, /* plaintext */ p, /* plaintext */
sz - AES_BLOCKSIZE sz
); );
padding_len = p[sz - 1]; padding_len = p[sz - 1];
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[AES_BLOCKSIZE], padding_len); dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
padding_len++; padding_len++;
sz -= AES_BLOCKSIZE + SHA256_OUTSIZE + padding_len; sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */
if (sz < 0) { if (sz < 0) {
bb_error_msg_and_die("bad padding size:%u", padding_len); bb_error_msg_and_die("bad padding size:%u", padding_len);
} }
if (sz != 0) {
/* Skip IV */
memmove(tls->inbuf + RECHDR_LEN, tls->inbuf + RECHDR_LEN + AES_BLOCKSIZE, sz);
}
} else { } else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
/* else: no encryption yet on input, subtract zero = NOP */ /* else: no encryption yet on input, subtract zero = NOP */
@ -829,7 +826,7 @@ static int tls_xread_record(tls_state_t *tls)
uint8_t *p = tls->inbuf + RECHDR_LEN; uint8_t *p = tls->inbuf + RECHDR_LEN;
dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]); dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]);
if (p[0] == 1) { /* warning */ if (p[0] == 1) { /* warning */
if (p[1] == 0) { /* warning, close_notify: EOF */ if (p[1] == 0) { /* "close_notify" warning: it's EOF */
dbg("EOF (TLS encoded) from peer\n"); dbg("EOF (TLS encoded) from peer\n");
sz = 0; sz = 0;
goto end; goto end;