diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 9b42b6e1f..1a125280a 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -72,13 +72,6 @@ #include -/* stream ciphers except arc4 need 32bit alignment, intel ok without */ -#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__) - #define NO_XSTREAM_ALIGNMENT -#else - #define XSTREAM_ALIGNMENT -#endif - #ifdef IPHONE #define SIZEOF_LONG_LONG 8 #endif @@ -478,6 +471,29 @@ #endif +/* stream ciphers except arc4 need 32bit alignment, intel ok without */ +#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__) + #define NO_XSTREAM_ALIGNMENT +#else + #define XSTREAM_ALIGNMENT +#endif + + + +/* if using hardware crypto and have alignment requirements, specify the + requirement here. The record header of SSL/TLS will prvent easy alignment. + This hint tries to help as much as possible. Needs to be bigger than + record header sz (5) if not 0 */ +#ifndef CYASSL_GENERAL_ALIGNMENT + #ifdef CYASSL_AESNI + #define CYASSL_GENERAL_ALIGNMENT 16 + #elif defined(XSTREAM_ALIGNMENT) + #define CYASSL_GENERAL_ALIGNMENT 8 + #else + #define CYASSL_GENERAL_ALIGNMENT 0 + #endif +#endif + /* Place any other flags or defines here */ diff --git a/cyassl/internal.h b/cyassl/internal.h index e26146509..00cafab24 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -853,8 +853,9 @@ typedef struct { word32 idx; /* idx to part of length already consumed */ byte* buffer; /* place holder for static or dynamic buffer */ word32 bufferSize; /* current buffer size */ - byte dynamicFlag; /* dynamic memory currently in use */ ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; + byte dynamicFlag; /* dynamic memory currently in use */ + byte offset; /* alignment offset attempt */ } bufferStatic; /* Cipher Suites holder */ diff --git a/src/internal.c b/src/internal.c index 7bb002842..9b858f181 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1204,11 +1204,13 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; ssl->buffers.inputBuffer.dynamicFlag = 0; + ssl->buffers.inputBuffer.offset = 0; ssl->buffers.outputBuffer.length = 0; ssl->buffers.outputBuffer.idx = 0; ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; ssl->buffers.outputBuffer.dynamicFlag = 0; + ssl->buffers.outputBuffer.offset = 0; ssl->buffers.domainName.buffer = 0; #ifndef NO_CERTS ssl->buffers.serverDH_P.buffer = 0; @@ -2288,10 +2290,12 @@ retry: void ShrinkOutputBuffer(CYASSL* ssl) { CYASSL_MSG("Shrinking output buffer\n"); - XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; ssl->buffers.outputBuffer.dynamicFlag = 0; + ssl->buffers.outputBuffer.offset = 0; } @@ -2387,11 +2391,24 @@ int SendBuffered(CYASSL* ssl) /* Grow the output buffer */ static INLINE int GrowOutputBuffer(CYASSL* ssl, int size) { - byte* tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length, - ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + byte* tmp; + byte align = CYASSL_GENERAL_ALIGNMENT; + /* the encrypted data will be offset from the front of the buffer by + the record header, if the user wants encrypted alignment they need + to define their alignment requirement */ + + if (align && align < RECORD_HEADER_SZ) { + CYASSL_MSG("CyaSSL alignment requirement is too small"); + return BAD_ALIGN_E; + } + + tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); CYASSL_MSG("growing output buffer\n"); if (!tmp) return MEMORY_E; + if (align) + tmp += align - RECORD_HEADER_SZ; if (ssl->buffers.outputBuffer.length) XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, @@ -2401,6 +2418,10 @@ static INLINE int GrowOutputBuffer(CYASSL* ssl, int size) XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); ssl->buffers.outputBuffer.dynamicFlag = 1; + if (align) + ssl->buffers.outputBuffer.offset = align - RECORD_HEADER_SZ; + else + ssl->buffers.outputBuffer.offset = 0; ssl->buffers.outputBuffer.buffer = tmp; ssl->buffers.outputBuffer.bufferSize = size + ssl->buffers.outputBuffer.length;