yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 07:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reduce size of ssl_transform if no MAC ciphersuite is enabled

Browse Source 
The hash contexts `ssl_transform->md_ctx_{enc/dec}` are not used if
only AEAD ciphersuites are enabled. This commit removes them from the
`ssl_transform` struct in this case, saving a few bytes.
This commit is contained in:
Hanno Becker 2018-01-03 15:32:51 +00:00
parent 8031d06cb2
commit d56ed2491b
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/mbedtls/ssl_internal.h
View File

@ -569,6 +569,8 @@ struct mbedtls_ssl_transform
unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */ /* Needed only for SSL v3.0 secret */
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
@ -578,13 +580,14 @@ struct mbedtls_ssl_transform
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */ int encrypt_then_mac; /*!< flag for EtM activation */
#endif #endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
int minor_ver; int minor_ver;
/* /*

11
library/ssl_tls.c
View File

@ -1171,10 +1171,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
if( mac_key_len > sizeof transform->mac_enc ) if( mac_key_len > sizeof( transform->mac_enc ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -1203,6 +1204,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_init != NULL ) if( mbedtls_ssl_hw_record_init != NULL )
@ -1221,6 +1223,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
} }
} }
#else
((void) mac_dec);
((void) mac_enc);
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_EXPORT_KEYS) #if defined(MBEDTLS_SSL_EXPORT_KEYS)
@ -7424,8 +7429,10 @@ static void ssl_transform_init( mbedtls_ssl_transform *transform )
mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec ); mbedtls_cipher_init( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc ); mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec ); mbedtls_md_init( &transform->md_ctx_dec );
#endif
} }
void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@ -9647,8 +9654,10 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
mbedtls_cipher_free( &transform->cipher_ctx_enc ); mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec ); mbedtls_cipher_free( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec ); mbedtls_md_free( &transform->md_ctx_dec );
#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
} }