mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:05:37 +01:00
Reorder structures
Place smallest items first, as this makes them most easily addressable in Thumb architecture. 16-bit access instructions have a 5-bit offset field, which is interpreted as bytes, halfwords, or words depending on access size, so smaller fields have smaller range. Range is 0-31 times the access size. The mbedtls_ssl_context structure is too large to be fully easily accessed even for words, so reorder functional blocks to put more frequently-referenced fields in the first 128 bytes, reducing total code size. Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
This commit is contained in:
parent
1d53ce33c4
commit
57d9bdc5f9
@ -971,8 +971,6 @@ struct mbedtls_ssl_session
|
|||||||
int compression; /*!< chosen compression */
|
int compression; /*!< chosen compression */
|
||||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||||
size_t id_len; /*!< session id length */
|
size_t id_len; /*!< session id length */
|
||||||
unsigned char id[32]; /*!< session identifier */
|
|
||||||
unsigned char master[48]; /*!< the master secret */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
@ -1004,6 +1002,9 @@ struct mbedtls_ssl_session
|
|||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
int encrypt_then_mac; /*!< flag for EtM activation */
|
int encrypt_then_mac; /*!< flag for EtM activation */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
unsigned char id[32]; /*!< session identifier */
|
||||||
|
unsigned char master[48]; /*!< the master secret */
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1011,7 +1012,124 @@ struct mbedtls_ssl_session
|
|||||||
*/
|
*/
|
||||||
struct mbedtls_ssl_config
|
struct mbedtls_ssl_config
|
||||||
{
|
{
|
||||||
/* Group items by size (largest first) to minimize padding overhead */
|
/* Group items by size (smallest first) to minimize padding overhead */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Flags (bytes)
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
|
uint8_t endpoint; /*!< 0: client, 1: server */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||||
|
uint8_t transport; /*!< stream (TLS) or datagram (DTLS) */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
||||||
|
uint8_t authmode; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
|
||||||
|
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
||||||
|
uint8_t allow_legacy_renegotiation; /*!< MBEDTLS_LEGACY_XXX */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
|
||||||
|
#if defined(MBEDTLS_ARC4_C)
|
||||||
|
uint8_t arc4_disabled; /*!< blacklist RC4 ciphersuites? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
uint8_t mfl_code; /*!< desired fragment length */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
|
uint8_t encrypt_then_mac; /*!< negotiate encrypt-then-mac? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
|
||||||
|
uint8_t extended_ms; /*!< negotiate extended master secret? */
|
||||||
|
#endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
|
||||||
|
uint8_t enforce_extended_master_secret; /*!< enforce the usage of
|
||||||
|
* extended master secret */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
|
||||||
|
uint8_t anti_replay; /*!< detect and prevent replay? */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||||
|
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||||
|
uint8_t cbc_record_splitting; /*!< do cbc record splitting */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
|
uint8_t disable_renegotiation; /*!< disable renegotiation? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||||
|
uint8_t trunc_hmac; /*!< negotiate truncated hmac? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
uint8_t session_tickets; /*!< use session tickets? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
uint8_t fallback; /*!< is this a fallback? */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
|
||||||
|
uint8_t cert_req_ca_list; /*!< enable sending CA list in
|
||||||
|
Certificate Request messages? */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
|
||||||
|
uint8_t ignore_unexpected_cid; /*!< Determines whether DTLS record
|
||||||
|
* with unexpected CID should
|
||||||
|
* lead to failure. */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Numerical settings
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
|
||||||
|
unsigned char min_major_ver; /*!< min. major version used */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
|
||||||
|
unsigned char max_major_ver; /*!< max. major version used */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
|
||||||
|
uint16_t min_minor_ver; /*!< min. minor version used */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
|
||||||
|
uint16_t max_minor_ver; /*!< max. minor version used */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||||
|
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
||||||
|
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
||||||
|
retransmission timeout (ms) */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX)
|
||||||
|
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
||||||
|
retransmission timeout (ms) */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
|
int renego_max_records; /*!< grace period for renegotiation */
|
||||||
|
unsigned char renego_period[8]; /*!< value of the record counters
|
||||||
|
that triggers renegotiation */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
|
||||||
|
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Pointers
|
* Pointers
|
||||||
@ -1145,122 +1263,6 @@ struct mbedtls_ssl_config
|
|||||||
const char **alpn_list; /*!< ordered list of protocols */
|
const char **alpn_list; /*!< ordered list of protocols */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
|
||||||
* Numerical settings (int then char)
|
|
||||||
*/
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
|
||||||
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
|
||||||
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
|
||||||
retransmission timeout (ms) */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX)
|
|
||||||
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
|
||||||
retransmission timeout (ms) */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
int renego_max_records; /*!< grace period for renegotiation */
|
|
||||||
unsigned char renego_period[8]; /*!< value of the record counters
|
|
||||||
that triggers renegotiation */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
|
|
||||||
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
|
|
||||||
unsigned char min_major_ver; /*!< min. major version used */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
|
|
||||||
unsigned char max_major_ver; /*!< max. major version used */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
|
|
||||||
uint16_t min_minor_ver; /*!< min. minor version used */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
|
|
||||||
uint16_t max_minor_ver; /*!< max. minor version used */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Flags (bytes)
|
|
||||||
*/
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
|
||||||
uint8_t endpoint; /*!< 0: client, 1: server */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
|
||||||
uint8_t transport; /*!< stream (TLS) or datagram (DTLS) */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
|
||||||
uint8_t authmode; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
|
|
||||||
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
|
||||||
uint8_t allow_legacy_renegotiation; /*!< MBEDTLS_LEGACY_XXX */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
|
|
||||||
#if defined(MBEDTLS_ARC4_C)
|
|
||||||
uint8_t arc4_disabled; /*!< blacklist RC4 ciphersuites? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
|
||||||
uint8_t mfl_code; /*!< desired fragment length */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
||||||
uint8_t encrypt_then_mac; /*!< negotiate encrypt-then-mac? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
|
|
||||||
uint8_t extended_ms; /*!< negotiate extended master secret? */
|
|
||||||
#endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
|
|
||||||
uint8_t enforce_extended_master_secret; /*!< enforce the usage of
|
|
||||||
* extended master secret */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
|
|
||||||
uint8_t anti_replay; /*!< detect and prevent replay? */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */
|
|
||||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
|
||||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
|
||||||
uint8_t cbc_record_splitting; /*!< do cbc record splitting */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
uint8_t disable_renegotiation; /*!< disable renegotiation? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
|
||||||
uint8_t trunc_hmac; /*!< negotiate truncated hmac? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
|
||||||
uint8_t session_tickets; /*!< use session tickets? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
uint8_t fallback; /*!< is this a fallback? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
|
|
||||||
uint8_t cert_req_ca_list; /*!< enable sending CA list in
|
|
||||||
Certificate Request messages? */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
|
|
||||||
uint8_t ignore_unexpected_cid; /*!< Determines whether DTLS record
|
|
||||||
* with unexpected CID should
|
|
||||||
* lead to failure. */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
|
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct mbedtls_ssl_context
|
struct mbedtls_ssl_context
|
||||||
@ -1308,19 +1310,6 @@ struct mbedtls_ssl_context
|
|||||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_SEND)
|
|
||||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_SEND */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_RECV)
|
|
||||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_RECV */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
|
|
||||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_RECV_TIMEOUT */
|
|
||||||
/*!< Callback for network receive with timeout */
|
|
||||||
|
|
||||||
void *p_bio; /*!< context for I/O operations */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Session layer
|
* Session layer
|
||||||
*/
|
*/
|
||||||
@ -1332,26 +1321,6 @@ struct mbedtls_ssl_context
|
|||||||
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
|
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
|
||||||
the handshake process */
|
the handshake process */
|
||||||
|
|
||||||
/*
|
|
||||||
* Record layer transformations
|
|
||||||
*/
|
|
||||||
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
|
|
||||||
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
|
|
||||||
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
|
|
||||||
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Timers
|
|
||||||
*/
|
|
||||||
void *p_timer; /*!< context for the timer callbacks */
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER)
|
|
||||||
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_SET_TIMER */
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_GET_TIMER)
|
|
||||||
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
|
|
||||||
#endif /* !MBEDTLS_SSL_CONF_GET_TIMER */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Record layer (incoming data)
|
* Record layer (incoming data)
|
||||||
*/
|
*/
|
||||||
@ -1415,6 +1384,39 @@ struct mbedtls_ssl_context
|
|||||||
signed char split_done; /*!< current record already splitted? */
|
signed char split_done; /*!< current record already splitted? */
|
||||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Record layer transformations
|
||||||
|
*/
|
||||||
|
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
|
||||||
|
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
|
||||||
|
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
|
||||||
|
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_SEND)
|
||||||
|
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_SEND */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_RECV)
|
||||||
|
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_RECV */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
|
||||||
|
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_RECV_TIMEOUT */
|
||||||
|
/*!< Callback for network receive with timeout */
|
||||||
|
|
||||||
|
void *p_bio; /*!< context for I/O operations */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Timers
|
||||||
|
*/
|
||||||
|
void *p_timer; /*!< context for the timer callbacks */
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER)
|
||||||
|
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_SET_TIMER */
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_GET_TIMER)
|
||||||
|
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_GET_TIMER */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PKI layer
|
* PKI layer
|
||||||
*/
|
*/
|
||||||
|
@ -461,19 +461,6 @@ struct mbedtls_ssl_handshake_params
|
|||||||
unsigned char *psk; /*!< PSK from the callback */
|
unsigned char *psk; /*!< PSK from the callback */
|
||||||
size_t psk_len; /*!< Length of PSK from callback */
|
size_t psk_len; /*!< Length of PSK from callback */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
|
||||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
|
||||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
||||||
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
|
|
||||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
|
||||||
int sni_authmode; /*!< authmode from SNI callback */
|
|
||||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
|
||||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
|
||||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
|
||||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
int ecrs_enabled; /*!< Handshake supports EC restart? */
|
int ecrs_enabled; /*!< Handshake supports EC restart? */
|
||||||
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
||||||
@ -530,6 +517,19 @@ struct mbedtls_ssl_handshake_params
|
|||||||
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
|
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||||
|
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
|
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
|
||||||
|
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
|
int sni_authmode; /*!< authmode from SNI callback */
|
||||||
|
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||||
|
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||||
|
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||||
|
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
unsigned char randbytes[64]; /*!< random bytes */
|
unsigned char randbytes[64]; /*!< random bytes */
|
||||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||||
/*!< premaster secret */
|
/*!< premaster secret */
|
||||||
|
Loading…
Reference in New Issue
Block a user