[git commit] tls: code shrink

Denys Vlasenko vda.linux at googlemail.com
Sun Nov 25 13:45:55 UTC 2018 

commit: https://git.busybox.net/busybox/commit/?id=eb53d01be54caf0208e4006c089d7841fe4a0f57
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
xwrite_and_update_handshake_hash                      81      80      -1
tls_handshake                                       1987    1957     -30

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 include/libbb.h  |  1 -
 networking/tls.c | 27 ++++++++++++---------------
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/include/libbb.h b/include/libbb.h
index 883457c0d..ebd090e18 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -752,7 +752,6 @@ typedef struct tls_state {
 
 	unsigned min_encrypted_len_on_read;
 	uint16_t cipher_id;
-	uint8_t  encrypt_on_write;
 	unsigned MAC_size;
 	unsigned key_size;
 	unsigned IV_size;
diff --git a/networking/tls.c b/networking/tls.c
index 149f55ee4..9b4298de7 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -267,6 +267,7 @@ enum {
 	GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused
 	GOT_EC_KEY             = 1 << 3,
 	ENCRYPTION_AESGCM      = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one)
+	ENCRYPT_ON_WRITE       = 1 << 5,
 };
 
 struct record_hdr {
@@ -299,6 +300,13 @@ static unsigned get24be(const uint8_t *p)
 }
 
 #if TLS_DEBUG
+/* Nondestructively see the current hash value */
+static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer)
+{
+	md5sha_ctx_t ctx_copy = *ctx; /* struct copy */
+	return sha_end(&ctx_copy, buffer);
+}
+
 static void dump_hex(const char *fmt, const void *vp, int len)
 {
 	char hexbuf[32 * 1024 + 4];
@@ -372,18 +380,6 @@ void FAST_FUNC xorbuf_aligned_AES_BLOCK_SIZE(void *dst, const void *src)
 #endif
 }
 
-/* Nondestructively see the current hash value */
-static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer)
-{
-	md5sha_ctx_t ctx_copy = *ctx; /* struct copy */
-	return sha_end(&ctx_copy, buffer);
-}
-
-static ALWAYS_INLINE unsigned get_handshake_hash(tls_state_t *tls, void *buffer)
-{
-	return sha_peek(&tls->hsd->handshake_hash_ctx, buffer);
-}
-
 #if !TLS_DEBUG_HASH
 # define hash_handshake(tls, fmt, buffer, len) \
          hash_handshake(tls, buffer, len)
@@ -910,7 +906,7 @@ static void xwrite_handshake_record(tls_state_t *tls, unsigned size)
 
 static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size)
 {
-	if (!tls->encrypt_on_write) {
+	if (!(tls->flags & ENCRYPT_ON_WRITE)) {
 		uint8_t *buf;
 
 		xwrite_handshake_record(tls, size);
@@ -2032,7 +2028,8 @@ static void send_client_finished(tls_state_t *tls)
 
 	fill_handshake_record_hdr(record, HANDSHAKE_FINISHED, sizeof(*record));
 
-	len = get_handshake_hash(tls, handshake_hash);
+	len = sha_end(&tls->hsd->handshake_hash_ctx, handshake_hash);
+
 	prf_hmac_sha256(/*tls,*/
 		record->prf_result, sizeof(record->prf_result),
 		tls->hsd->master_secret, sizeof(tls->hsd->master_secret),
@@ -2137,7 +2134,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 	send_change_cipher_spec(tls);
 	/* from now on we should send encrypted */
 	/* tls->write_seq64_be = 0; - already is */
-	tls->encrypt_on_write = 1;
+	tls->flags |= ENCRYPT_ON_WRITE;
 
 	send_client_finished(tls);

More information about the busybox-cvs mailing list