Reduce size of ssl_transform if no MAC ciphersuite is enabled

The hash contexts `ssl_transform->md_ctx_{enc/dec}` are not used if
only AEAD ciphersuites are enabled. This commit removes them from the
`ssl_transform` struct in this case, saving a few bytes.
This commit is contained in:
Hanno Becker 2018-01-03 15:32:51 +00:00
parent 8031d06cb2
commit d56ed2491b
2 changed files with 16 additions and 4 deletions

View File

@ -569,6 +569,8 @@ struct mbedtls_ssl_transform
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
@ -578,13 +580,14 @@ struct mbedtls_ssl_transform
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
#endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
int minor_ver;
/*

View File

@ -1171,10 +1171,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
if( mac_key_len > sizeof transform->mac_enc )
if( mac_key_len > sizeof( transform->mac_enc ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -1203,6 +1204,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_init != NULL )
@ -1221,6 +1223,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
}
#else
((void) mac_dec);
((void) mac_enc);
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
@ -7424,8 +7429,10 @@ static void ssl_transform_init( mbedtls_ssl_transform *transform )
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
#endif
}
void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@ -9647,8 +9654,10 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}