mirror of https://github.com/ctz/rustls
Update to *ring* 0.16.2 to improve sealing operations.
Restore the allocation/copying behavior to what it was before the *ring* 0.16.0 upgrade.
This commit is contained in:
parent
666a2cbd2a
commit
675ad27250
|
@ -13,7 +13,7 @@ categories = ["network-programming", "cryptography"]
|
||||||
[dependencies]
|
[dependencies]
|
||||||
base64 = "0.10"
|
base64 = "0.10"
|
||||||
log = { version = "0.4.4", optional = true }
|
log = { version = "0.4.4", optional = true }
|
||||||
ring = "0.16.0"
|
ring = "0.16.2"
|
||||||
sct = "0.6.0"
|
sct = "0.6.0"
|
||||||
webpki = "0.21.0"
|
webpki = "0.21.0"
|
||||||
|
|
||||||
|
|
|
@ -207,22 +207,19 @@ impl MessageEncrypter for GCMMessageEncrypter {
|
||||||
aead::Nonce::assume_unique_for_key(nonce)
|
aead::Nonce::assume_unique_for_key(nonce)
|
||||||
};
|
};
|
||||||
|
|
||||||
let total_len = msg.payload.len() + self.alg.tag_len();
|
|
||||||
let mut buf = Vec::with_capacity(total_len);
|
|
||||||
buf.extend_from_slice(&msg.payload);
|
|
||||||
|
|
||||||
let mut aad = [0u8; TLS12_AAD_SIZE];
|
let mut aad = [0u8; TLS12_AAD_SIZE];
|
||||||
make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len(), &mut aad);
|
make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len(), &mut aad);
|
||||||
let aad = aead::Aad::from(&aad);
|
let aad = aead::Aad::from(&aad);
|
||||||
|
|
||||||
|
let total_len = msg.payload.len() + self.alg.tag_len();
|
||||||
let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len);
|
let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len);
|
||||||
payload.extend_from_slice(&nonce.as_ref()[4..]);
|
payload.extend_from_slice(&nonce.as_ref()[4..]);
|
||||||
|
payload.extend_from_slice(&msg.payload);
|
||||||
|
|
||||||
self.enc_key.seal_in_place(nonce, aad, &mut buf)
|
self.enc_key.seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..])
|
||||||
|
.map(|tag| payload.extend(tag.as_ref()))
|
||||||
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
||||||
|
|
||||||
payload.extend_from_slice(&buf);
|
|
||||||
|
|
||||||
Ok(Message {
|
Ok(Message {
|
||||||
typ: msg.typ,
|
typ: msg.typ,
|
||||||
version: msg.version,
|
version: msg.version,
|
||||||
|
@ -322,7 +319,7 @@ impl MessageEncrypter for TLS13MessageEncrypter {
|
||||||
let mut aad = [0u8; TLS13_AAD_SIZE];
|
let mut aad = [0u8; TLS13_AAD_SIZE];
|
||||||
make_tls13_aad(total_len, &mut aad);
|
make_tls13_aad(total_len, &mut aad);
|
||||||
|
|
||||||
self.enc_key.seal_in_place(nonce, aead::Aad::from(&aad), &mut buf)
|
self.enc_key.seal_in_place_append_tag(nonce, aead::Aad::from(&aad), &mut buf)
|
||||||
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
||||||
|
|
||||||
Ok(Message {
|
Ok(Message {
|
||||||
|
@ -524,7 +521,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
|
||||||
let mut buf = Vec::with_capacity(total_len);
|
let mut buf = Vec::with_capacity(total_len);
|
||||||
buf.extend_from_slice(&msg.payload);
|
buf.extend_from_slice(&msg.payload);
|
||||||
|
|
||||||
self.enc_key.seal_in_place(nonce, aad, &mut buf)
|
self.enc_key.seal_in_place_append_tag(nonce, aad, &mut buf)
|
||||||
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
.map_err(|_| TLSError::General("encrypt failed".to_string()))?;
|
||||||
|
|
||||||
Ok(Message {
|
Ok(Message {
|
||||||
|
|
|
@ -68,21 +68,16 @@ impl ProducesTickets for AEADTicketer {
|
||||||
let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf);
|
let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf);
|
||||||
let aad = ring::aead::Aad::empty();
|
let aad = ring::aead::Aad::empty();
|
||||||
|
|
||||||
let cipher_len = message.len() + self.alg.tag_len();
|
let mut ciphertext =
|
||||||
let mut ciphertext = Vec::with_capacity(cipher_len);
|
Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len());
|
||||||
ciphertext.extend_from_slice(message);
|
ciphertext.extend(&nonce_buf);
|
||||||
|
ciphertext.extend(message);
|
||||||
match self.key.seal_in_place(nonce,
|
self.key.seal_in_place_separate_tag(nonce,aad, &mut ciphertext[nonce_buf.len()..])
|
||||||
aad,
|
.map(|tag| {
|
||||||
&mut ciphertext) {
|
ciphertext.extend(tag.as_ref());
|
||||||
Err(_) => return None,
|
ciphertext
|
||||||
Ok(_) => ()
|
})
|
||||||
};
|
.ok()
|
||||||
|
|
||||||
let mut out = Vec::with_capacity(nonce_buf.len() + cipher_len);
|
|
||||||
out.extend_from_slice(&nonce_buf);
|
|
||||||
out.extend_from_slice(&ciphertext);
|
|
||||||
Some(out)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt `ciphertext` and recover the original message.
|
/// Decrypt `ciphertext` and recover the original message.
|
||||||
|
|
Loading…
Reference in New Issue