Skip to content

Commit

Permalink
Merge pull request #1143 from tempesta-tech/ak-1037-fixes
Browse files Browse the repository at this point in the history 
Fix review comments for #1037
  • Loading branch information
@krizhanovsky
krizhanovsky authored Jan 10, 2019
2 parents 5a9d217 + 99c04f3 commit fe511ee
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
8 changes: 4 additions & 4 deletions tls/tls_srv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1735,8 +1735,8 @@ ttls_parse_encrypted_pms(TlsCtx *tls, const unsigned char *p,
unsigned char *pms = tls->hs->premaster;
unsigned char ver[2], fake_pms[48], peer_pms[48];

BUILD_BUG_ON(sizeof(tls->hs->premaster) < 0
|| sizeof(tls->hs->premaster) < 48);
BUILD_BUG_ON(sizeof(tls->hs->premaster) < 48);

if (!ttls_pk_can_do(ttls_own_key(tls), TTLS_PK_RSA)) {
T_DBG("got no RSA private key\n");
return TTLS_ERR_PRIVATE_KEY_REQUIRED;
Expand Down Expand Up @@ -1765,15 +1765,15 @@ ttls_parse_encrypted_pms(TlsCtx *tls, const unsigned char *p,
r = ttls_pk_decrypt(ttls_own_key(tls), p, len, peer_pms, &peer_pmslen,
sizeof(peer_pms));

diff = (unsigned int) r;
diff = (unsigned int)r;
diff |= peer_pmslen ^ 48;
diff |= peer_pms[0] ^ ver[0];
diff |= peer_pms[1] ^ ver[1];
T_DBG("client key exchange message diff=%x\n", diff);

tls->hs->pmslen = 48;
/* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
mask = - ((diff | - diff) >> (sizeof(unsigned int) * 8 - 1));
mask = -((diff | -diff) >> (sizeof(unsigned int) * 8 - 1));
for (i = 0; i < tls->hs->pmslen; i++)
pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]);

Expand Down
5 changes: 3 additions & 2 deletions tls/ttls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,15 +130,16 @@ ttls_crypto_req_sglist(TlsCtx *tls, struct crypto_aead *tfm, unsigned int len,
struct scatterlist *sg_i;
struct aead_request *req;
struct sk_buff *skb = io->skb_list;
unsigned int sz, aead_sz, n, to_read, off;
unsigned int sz, aead_sz, to_read, off;
int n;

sz = aead_sz = sizeof(*req) + crypto_aead_reqsize(tfm);
if (buf) {
off = 0;
n = *sgn + 1;
} else {
off = io->off;
n += *sgn + io->chunks;
n = *sgn + io->chunks;
}
BUG_ON(!buf && (!skb || skb->len <= off)); /* nothing to decrypt */
sz += n * sizeof(**sg);
Expand Down

0 comments on commit fe511ee

Please sign in to comment.