From ddd0cd47bc0bb3478b7d250192248a1e3aa2a243 Mon Sep 17 00:00:00 2001 From: Etienne Dechamps Date: Mon, 30 Jun 2014 14:03:17 +0100 Subject: [PATCH] Verify seqno early in sptps_verify_datagram(). This is a slight optimization for sptps_verify_datagram(), which might come in handy since this function is called in a loop via try_harder(). It turns out that since sptps_verify_datagram() doesn't update any state, it doesn't matter in which order verifications are done. However, it does affect performance since it's much cheaper to check the seqno than to try to decrypt the packet. Since this function is called with the wrong node most of the time, it makes verification vastly faster for the majority of calls because the seqno will be wrong in most cases. --- src/sptps.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/sptps.c b/src/sptps.c index 3fbd8540..e9ce94ae 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -431,13 +431,12 @@ bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) { uint32_t seqno; memcpy(&seqno, data, 4); seqno = ntohl(seqno); + if (!sptps_check_seqno(s, seqno, false)) + return false; char buffer[len]; size_t outlen; - if(!chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen)) - return false; - - return sptps_check_seqno(s, seqno, false); + return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen); } // Receive incoming data, datagram version.