search

aws / s2n-tls

An implementation of the TLS/SSL protocols
https://aws.github.io/s2n-tls/usage-guide/
Apache License 2.0
4.53k stars 706 forks source link

Reuse MAC writing logic in s2n_record_read #4546

Open goatgoose opened 6 months ago

goatgoose commented 6 months ago

Problem:

https://github.com/aws/s2n-tls/pull/4539 added a new s2n_record_write_mac function which calculates the record MAC and writes it into a stuffer. This function was added to write the MAC into the record. However, a MAC also needs to be calculated when receiving stream and CBC records in order to compare the calculated MAC against the received MAC. s2n_record_write_mac can be reused for this purpose as well.

Solution:

Reuse s2n_record_write_mac when validating the record MAC:

goatgoose commented 5 months ago

Unfortunately this change impacts the sidetrail proofs. When I attempted this it increased sidetrail's runtime by a lot. It might be difficult to implement this and work around all of the proofs.