forked from wolfSSL/wolfssl
add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt
This commit is contained in:
toddouska
@@ -72,13 +72,6 @@
|
|||||||
|
|
||||||
#include <cyassl/ctaocrypt/visibility.h>
|
#include <cyassl/ctaocrypt/visibility.h>
|
||||||
|
|
||||||
/* stream ciphers except arc4 need 32bit alignment, intel ok without */
|
|
||||||
#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
|
|
||||||
#define NO_XSTREAM_ALIGNMENT
|
|
||||||
#else
|
|
||||||
#define XSTREAM_ALIGNMENT
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef IPHONE
|
#ifdef IPHONE
|
||||||
#define SIZEOF_LONG_LONG 8
|
#define SIZEOF_LONG_LONG 8
|
||||||
#endif
|
#endif
|
||||||
@@ -478,6 +471,29 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* stream ciphers except arc4 need 32bit alignment, intel ok without */
|
||||||
|
#if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
|
||||||
|
#define NO_XSTREAM_ALIGNMENT
|
||||||
|
#else
|
||||||
|
#define XSTREAM_ALIGNMENT
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* if using hardware crypto and have alignment requirements, specify the
|
||||||
|
requirement here. The record header of SSL/TLS will prvent easy alignment.
|
||||||
|
This hint tries to help as much as possible. Needs to be bigger than
|
||||||
|
record header sz (5) if not 0 */
|
||||||
|
#ifndef CYASSL_GENERAL_ALIGNMENT
|
||||||
|
#ifdef CYASSL_AESNI
|
||||||
|
#define CYASSL_GENERAL_ALIGNMENT 16
|
||||||
|
#elif defined(XSTREAM_ALIGNMENT)
|
||||||
|
#define CYASSL_GENERAL_ALIGNMENT 8
|
||||||
|
#else
|
||||||
|
#define CYASSL_GENERAL_ALIGNMENT 0
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Place any other flags or defines here */
|
/* Place any other flags or defines here */
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -853,8 +853,9 @@ typedef struct {
|
|||||||
word32 idx; /* idx to part of length already consumed */
|
word32 idx; /* idx to part of length already consumed */
|
||||||
byte* buffer; /* place holder for static or dynamic buffer */
|
byte* buffer; /* place holder for static or dynamic buffer */
|
||||||
word32 bufferSize; /* current buffer size */
|
word32 bufferSize; /* current buffer size */
|
||||||
byte dynamicFlag; /* dynamic memory currently in use */
|
|
||||||
ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
|
ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
|
||||||
|
byte dynamicFlag; /* dynamic memory currently in use */
|
||||||
|
byte offset; /* alignment offset attempt */
|
||||||
} bufferStatic;
|
} bufferStatic;
|
||||||
|
|
||||||
/* Cipher Suites holder */
|
/* Cipher Suites holder */
|
||||||
|
|||||||
@@ -1204,11 +1204,13 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
||||||
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||||
ssl->buffers.inputBuffer.dynamicFlag = 0;
|
ssl->buffers.inputBuffer.dynamicFlag = 0;
|
||||||
|
ssl->buffers.inputBuffer.offset = 0;
|
||||||
ssl->buffers.outputBuffer.length = 0;
|
ssl->buffers.outputBuffer.length = 0;
|
||||||
ssl->buffers.outputBuffer.idx = 0;
|
ssl->buffers.outputBuffer.idx = 0;
|
||||||
ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
|
ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
|
||||||
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||||
ssl->buffers.outputBuffer.dynamicFlag = 0;
|
ssl->buffers.outputBuffer.dynamicFlag = 0;
|
||||||
|
ssl->buffers.outputBuffer.offset = 0;
|
||||||
ssl->buffers.domainName.buffer = 0;
|
ssl->buffers.domainName.buffer = 0;
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
ssl->buffers.serverDH_P.buffer = 0;
|
ssl->buffers.serverDH_P.buffer = 0;
|
||||||
@@ -2288,10 +2290,12 @@ retry:
|
|||||||
void ShrinkOutputBuffer(CYASSL* ssl)
|
void ShrinkOutputBuffer(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
CYASSL_MSG("Shrinking output buffer\n");
|
CYASSL_MSG("Shrinking output buffer\n");
|
||||||
XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
|
||||||
|
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
||||||
ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
|
ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
|
||||||
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||||
ssl->buffers.outputBuffer.dynamicFlag = 0;
|
ssl->buffers.outputBuffer.dynamicFlag = 0;
|
||||||
|
ssl->buffers.outputBuffer.offset = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -2387,11 +2391,24 @@ int SendBuffered(CYASSL* ssl)
|
|||||||
/* Grow the output buffer */
|
/* Grow the output buffer */
|
||||||
static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
|
static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
|
||||||
{
|
{
|
||||||
byte* tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length,
|
byte* tmp;
|
||||||
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
byte align = CYASSL_GENERAL_ALIGNMENT;
|
||||||
|
/* the encrypted data will be offset from the front of the buffer by
|
||||||
|
the record header, if the user wants encrypted alignment they need
|
||||||
|
to define their alignment requirement */
|
||||||
|
|
||||||
|
if (align && align < RECORD_HEADER_SZ) {
|
||||||
|
CYASSL_MSG("CyaSSL alignment requirement is too small");
|
||||||
|
return BAD_ALIGN_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
|
||||||
|
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
||||||
CYASSL_MSG("growing output buffer\n");
|
CYASSL_MSG("growing output buffer\n");
|
||||||
|
|
||||||
if (!tmp) return MEMORY_E;
|
if (!tmp) return MEMORY_E;
|
||||||
|
if (align)
|
||||||
|
tmp += align - RECORD_HEADER_SZ;
|
||||||
|
|
||||||
if (ssl->buffers.outputBuffer.length)
|
if (ssl->buffers.outputBuffer.length)
|
||||||
XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
|
XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
|
||||||
@@ -2401,6 +2418,10 @@ static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
|
|||||||
XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap,
|
XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap,
|
||||||
DYNAMIC_TYPE_OUT_BUFFER);
|
DYNAMIC_TYPE_OUT_BUFFER);
|
||||||
ssl->buffers.outputBuffer.dynamicFlag = 1;
|
ssl->buffers.outputBuffer.dynamicFlag = 1;
|
||||||
|
if (align)
|
||||||
|
ssl->buffers.outputBuffer.offset = align - RECORD_HEADER_SZ;
|
||||||
|
else
|
||||||
|
ssl->buffers.outputBuffer.offset = 0;
|
||||||
ssl->buffers.outputBuffer.buffer = tmp;
|
ssl->buffers.outputBuffer.buffer = tmp;
|
||||||
ssl->buffers.outputBuffer.bufferSize = size +
|
ssl->buffers.outputBuffer.bufferSize = size +
|
||||||
ssl->buffers.outputBuffer.length;
|
ssl->buffers.outputBuffer.length;
|
||||||
|
|||||||
Reference in New Issue
Block a user