Don’t allocate extra memory in add_hmac_digest, use hmac_v functions

Author: igrr

ssl/tls1.c

@@ -85,7 +85,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
         2*(SHA1_SIZE+16+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },
@@ -96,7 +96,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
         2*(SHA1_SIZE+32+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },       
@@ -107,7 +107,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA256_SIZE,                    /* digest size */
         2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },       
@@ -118,7 +118,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA256_SIZE,                    /* digest size */
         2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     }
@@ -746,21 +746,24 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
+    const uint8_t* bufs[] = {
+        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence,
+        hmac_header,
+        buf
+    };
 
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
-                    ssl->write_sequence : ssl->read_sequence, 8);
-    memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
-    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+    int lengths[] = {
+        8,
+        SSL_RECORD_SIZE,
+        buf_len
+    };
 
-    ssl->cipher_info->hmac(t_buf, hmac_len, 
+    ssl->cipher_info->hmac_v(bufs, lengths, 3,
             (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
-    free(t_buf);
-
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);

ssl/tls1.h

@@ -132,7 +132,7 @@ typedef struct
     uint8_t padding_size;
     uint8_t digest_size;
     uint8_t key_block_size;
-    hmac_func hmac;
+    hmac_func_v hmac_v;
     crypt_func encrypt;
     crypt_func decrypt;
 } cipher_info_t;