diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 9746e276b..b0f31ab36 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -463,7 +463,7 @@ struct _ssl_context */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ - unsigned char *out_msg; /*!< the message contents (out_hdr+32)*/ + unsigned char *out_msg; /*!< the message contents (out_hdr+5) */ int out_msgtype; /*!< record header: message type */ size_t out_msglen; /*!< record header: message length */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dde0155cb..1baa52705 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -917,30 +917,21 @@ static int ssl_encrypt_buf( ssl_context *ssl ) { if( ssl->transform_out->maclen == 16 ) { - md5_context ctx; - md5_hmac_starts( &ctx, ssl->transform_out->mac_enc, 16 ); - md5_hmac_update( &ctx, ssl->out_ctr, 13 ); - md5_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen ); - md5_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen ); - memset( &ctx, 0, sizeof(md5_context)); + md5_hmac( ssl->transform_out->mac_enc, 16, + ssl->out_ctr, ssl->out_msglen + 13, + ssl->out_msg + ssl->out_msglen ); } else if( ssl->transform_out->maclen == 20 ) { - sha1_context ctx; - sha1_hmac_starts( &ctx, ssl->transform_out->mac_enc, 20 ); - sha1_hmac_update( &ctx, ssl->out_ctr, 13 ); - sha1_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen ); - sha1_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen ); - memset( &ctx, 0, sizeof(sha1_context)); + sha1_hmac( ssl->transform_out->mac_enc, 20, + ssl->out_ctr, ssl->out_msglen + 13, + ssl->out_msg + ssl->out_msglen ); } else if( ssl->transform_out->maclen == 32 ) { - sha2_context ctx; - sha2_hmac_starts( &ctx, ssl->transform_out->mac_enc, 32, 0 ); - sha2_hmac_update( &ctx, ssl->out_ctr, 13 ); - sha2_hmac_update( &ctx, ssl->out_msg, ssl->out_msglen ); - sha2_hmac_finish( &ctx, ssl->out_msg + ssl->out_msglen ); - memset( &ctx, 0, sizeof(sha2_context)); + sha2_hmac( ssl->transform_out->mac_enc, 32, + ssl->out_ctr, ssl->out_msglen + 13, + ssl->out_msg + ssl->out_msglen, 0 ); } else if( ssl->transform_out->maclen != 0 ) { @@ -1742,22 +1733,7 @@ int ssl_flush_output( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", 5 + ssl->out_msglen, ssl->out_left ) ); - if( ssl->out_msglen < ssl->out_left ) - { - size_t header_left = ssl->out_left - ssl->out_msglen; - - buf = ssl->out_hdr + 5 - header_left; - ret = ssl->f_send( ssl->p_send, buf, header_left ); - - SSL_DEBUG_RET( 2, "ssl->f_send (header)", ret ); - - if( ret <= 0 ) - return( ret ); - - ssl->out_left -= ret; - } - - buf = ssl->out_msg + ssl->out_msglen - ssl->out_left; + buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left; ret = ssl->f_send( ssl->p_send, buf, ssl->out_left ); SSL_DEBUG_RET( 2, "ssl->f_send", ret ); @@ -1848,10 +1824,8 @@ int ssl_write_record( ssl_context *ssl ) ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) ); - SSL_DEBUG_BUF( 4, "output record header sent to network", - ssl->out_hdr, 5 ); SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_hdr + 32, ssl->out_msglen ); + ssl->out_hdr, 5 + ssl->out_msglen ); } if( ( ret = ssl_flush_output( ssl ) ) != 0 ) @@ -2980,7 +2954,7 @@ int ssl_init( ssl_context *ssl ) ssl->out_ctr = (unsigned char *) malloc( len ); ssl->out_hdr = ssl->out_ctr + 8; - ssl->out_msg = ssl->out_ctr + 40; + ssl->out_msg = ssl->out_ctr + 13; if( ssl->out_ctr == NULL ) {