diff --git a/configs/baremetal.h b/configs/baremetal.h index 465664279..b63584f1c 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -86,6 +86,7 @@ #define MBEDTLS_SSL_DTLS_HELLO_VERIFY #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT #define MBEDTLS_SSL_DTLS_CONNECTION_ID +#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS /* Compile-time fixed parts of the SSL configuration */ #define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7239557a0..f91f6b498 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -672,6 +672,11 @@ #error "MBEDTLS_SSL_TLS_C defined, but neither TLS or DTLS is active" #endif +#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) && \ + defined(MBEDTLS_ARC4_C) +#error "MBEDTLS_ARC4_C cannot be defined with MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS on" +#endif + #if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \ defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1)) #error "Illegal protocol selection" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4d98e42f..1cf868f50 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3284,6 +3284,20 @@ */ #define MBEDTLS_SSL_TLS_C +/** + * \def MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS + * Use one cipher context for both decryption and encryption in ssl transforms. + * + * This change saves some RAM, but makes the operations last longer: + * before every encryption and decryption a key is set on the context. + * + * This change will not work with MBEDTLS_ARC4_C, since it requires an + * additional table and offsets to be saved between cipher calls, and this + * contradicts key resetting before each use. + * + */ +//#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS + /** * \def MBEDTLS_THREADING_C * diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 19328d88f..40d246e9d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -756,9 +756,15 @@ struct mbedtls_ssl_transform z_stream ctx_inflate; /*!< decompression context */ #endif +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + unsigned char *key_enc; + unsigned char *key_dec; + unsigned int key_bitlen; + mbedtls_cipher_context_t cipher_ctx; /*!< encryption/decryption context */ +#else mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ - +#endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /* We need the Hello random bytes in order to re-derive keys from the * Master Secret and other session info, see ssl_populate_transform() */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4ebfb5c93..2c363fd33 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1563,7 +1563,21 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, iv_copy_len ); } #endif +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + return( ret ); + } + transform->key_enc = mbedtls_calloc( 1, cipher_info->key_bitlen >> 3 ); + transform->key_dec = mbedtls_calloc( 1, cipher_info->key_bitlen >> 3 ); + memcpy( transform->key_enc, key1, cipher_info->key_bitlen >> 3 ); + memcpy( transform->key_dec, key2, cipher_info->key_bitlen >> 3 ); + + transform->key_bitlen = cipher_info->key_bitlen; +#else if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, cipher_info ) ) != 0 ) { @@ -1593,10 +1607,18 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); return( ret ); } - +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) if( cipher_info->mode == MBEDTLS_MODE_CBC ) { +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx, + MBEDTLS_PADDING_NONE ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, MBEDTLS_PADDING_NONE ) ) != 0 ) { @@ -1610,6 +1632,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); return( ret ); } +#endif } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -2554,9 +2577,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", data, rec->data_len ); - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx ); +#else mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); - +#endif if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d", @@ -2671,7 +2696,25 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " "including %d bytes of padding", rec->data_len, 0 ) ); +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_enc, + transform->key_bitlen, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, + transform->iv_enc, transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, data, rec->data_len, @@ -2680,7 +2723,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - +#endif if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2754,7 +2797,27 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Encrypt and authenticate */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_enc, + transform->key_bitlen, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx, + iv, transform->ivlen, + add_data, add_data_len, /* add data */ + data, rec->data_len, /* source */ + data, &rec->data_len, /* destination */ + data + rec->data_len, transform->taglen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc, iv, transform->ivlen, add_data, add_data_len, /* add data */ @@ -2765,7 +2828,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); return( ret ); } - +#endif MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", data + rec->data_len, transform->taglen ); @@ -2841,7 +2904,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, "including %d bytes of IV and %d bytes of padding", rec->data_len, transform->ivlen, padlen + 1 ) ); +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_enc, + transform->key_bitlen, + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, + transform->iv_enc, + transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, transform->iv_enc, transform->ivlen, @@ -2851,7 +2933,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - +#endif if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2866,8 +2948,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Save IV in SSL3 and TLS1 */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mbedtls_platform_memcpy( transform->iv_enc, transform->cipher_ctx.iv, + transform->ivlen ); +#else mbedtls_platform_memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv, transform->ivlen ); +#endif } else #endif @@ -2968,8 +3055,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } data = rec->buf + rec->data_offset; +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx ); +#else mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); - +#endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Match record's CID with incoming CID. @@ -2985,6 +3075,25 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( mode == MBEDTLS_MODE_STREAM ) { padlen = 0; +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_dec, + transform->key_bitlen, + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, + transform->iv_dec, + transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, transform->iv_dec, transform->ivlen, @@ -2994,7 +3103,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - +#endif if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -3082,6 +3191,31 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Decrypt and authenticate */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_dec, + transform->key_bitlen, + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len, + data, &olen, + data + rec->data_len, + transform->taglen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); + + if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + + return( ret ); + } +#else if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec, iv, transform->ivlen, add_data, add_data_len, @@ -3097,6 +3231,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, return( ret ); } +#endif + auth_done++; /* Double-check that AEAD decryption doesn't change content length. */ @@ -3239,7 +3375,23 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx, + transform->key_dec, + transform->key_bitlen, + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + return( ret ); + } + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, + transform->iv_dec, transform->ivlen, + data, rec->data_len, data, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); + return( ret ); + } +#else if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, transform->iv_dec, transform->ivlen, data, rec->data_len, data, &olen ) ) != 0 ) @@ -3247,7 +3399,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - +#endif /* Double-check that length hasn't changed during decryption. */ if( rec->data_len != olen ) { @@ -3266,8 +3418,13 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * of the records; in other words, IVs are maintained across * record decryptions. */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mbedtls_platform_memcpy( transform->iv_dec, transform->cipher_ctx.iv, + transform->ivlen ); +#else mbedtls_platform_memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv, transform->ivlen ); +#endif } #endif @@ -8495,9 +8652,12 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) { memset( transform, 0, sizeof(mbedtls_ssl_transform) ); - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mbedtls_cipher_init( &transform->cipher_ctx ); +#else mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_dec ); +#endif #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) mbedtls_md_init( &transform->md_ctx_enc ); @@ -9866,8 +10026,11 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); #endif - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx ) ) +#else switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) +#endif { #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ @@ -9898,10 +10061,13 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) case MBEDTLS_MODE_CBC: { size_t block_size; - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + block_size = mbedtls_cipher_get_block_size( + &transform->cipher_ctx ); +#else block_size = mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc ); - +#endif /* Expansion due to the addition of the MAC. */ transform_expansion += transform->maclen; @@ -11371,8 +11537,13 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, mbedtls_ssl_ver_gt( mbedtls_ssl_get_minor_ver( ssl ), MBEDTLS_SSL_MINOR_VERSION_1 ) || +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx ) + != MBEDTLS_MODE_CBC ) +#else mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) != MBEDTLS_MODE_CBC ) +#endif { return( ssl_write_real( ssl, buf, len ) ); } @@ -11486,10 +11657,16 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) deflateEnd( &transform->ctx_deflate ); inflateEnd( &transform->ctx_inflate ); #endif - +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + mbedtls_cipher_free( &transform->cipher_ctx ); + if( transform->key_dec != NULL ) + mbedtls_free( transform->key_dec ); + if( transform->key_enc != NULL ) + mbedtls_free( transform->key_enc ); +#else mbedtls_cipher_free( &transform->cipher_ctx_enc ); mbedtls_cipher_free( &transform->cipher_ctx_dec ); - +#endif #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); diff --git a/library/version_features.c b/library/version_features.c index 84cb8a62b..ec4a692a0 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -792,6 +792,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_TLS_C) "MBEDTLS_SSL_TLS_C", #endif /* MBEDTLS_SSL_TLS_C */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + "MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS", +#endif /* MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS */ #if defined(MBEDTLS_THREADING_C) "MBEDTLS_THREADING_C", #endif /* MBEDTLS_THREADING_C */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index af77ed553..e8fd6341a 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2154,6 +2154,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_TLS_C */ +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + if( strcmp( "MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS */ + #if defined(MBEDTLS_THREADING_C) if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 ) { diff --git a/scripts/config.pl b/scripts/config.pl index b63dc7766..5d2b28ee2 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -57,6 +57,7 @@ # MBEDTLS_AES_ONLY_ENCRYPT # MBEDTLS_AES_SCA_COUNTERMEASURES # MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +# MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS # and any symbol beginning _ALT # # The baremetal configuration excludes options that require a library or @@ -140,6 +141,7 @@ MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH MBEDTLS_AES_ONLY_ENCRYPT MBEDTLS_AES_SCA_COUNTERMEASURES MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS _ALT\s*$ ); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9873dd828..a689d4580 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -68,15 +68,41 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memset( key0, 0x1, keylen ); memset( key1, 0x2, keylen ); +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + t_in->key_enc = mbedtls_calloc( 1, keylen ); + t_in->key_dec = mbedtls_calloc( 1, keylen ); + + t_out->key_enc = mbedtls_calloc( 1, keylen ); + t_out->key_dec = mbedtls_calloc( 1, keylen ); + + memcpy( t_in->key_enc, key0, keylen); + memcpy( t_in->key_dec, key1, keylen); + t_in->key_bitlen = cipher_info->key_bitlen; + + memcpy( t_out->key_enc, key1, keylen); + memcpy( t_out->key_dec, key0, keylen); + t_out->key_bitlen = cipher_info->key_bitlen; + + /* Setup cipher contexts */ + CHK( mbedtls_cipher_setup( &t_in->cipher_ctx, cipher_info ) == 0 ); + CHK( mbedtls_cipher_setup( &t_out->cipher_ctx, cipher_info ) == 0 ); +#else /* Setup cipher contexts */ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 ); CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 ); CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 ); CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 ); +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) if( cipher_info->mode == MBEDTLS_MODE_CBC ) { +#if defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) + CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx, + MBEDTLS_PADDING_NONE ) == 0 ); + CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx, + MBEDTLS_PADDING_NONE ) == 0 ); +#else CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc, MBEDTLS_PADDING_NONE ) == 0 ); CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec, @@ -85,9 +111,11 @@ static int build_transforms( mbedtls_ssl_transform *t_in, MBEDTLS_PADDING_NONE ) == 0 ); CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec, MBEDTLS_PADDING_NONE ) == 0 ); +#endif } #endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if !defined(MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS) CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0, keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1, @@ -96,7 +124,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0, keylen << 3, MBEDTLS_DECRYPT ) == 0 ); - +#endif /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) if( cipher_info->mode == MBEDTLS_MODE_CBC ||