mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 06:45:39 +00:00
Remove ssl_optimize_checksum()
This function is called on client-only once the ciphersuite has been chosen and it it is known which digest the client will need for the handshake transcript throughout the handshake, and causes all other unneeded handshake transcripts to be discontinued. (On the server, we cannot call this function because we don't know which hash the client will those in its CertificateVerify message). However, the benefit of this call is marginal, since transcript hash computation is negligible compared to asymmetric crypto, and moreover the handshake transcript contexts for the unused digests are still stored in the SSL handshake parameter structure and not freed until the end of the handshake. Finally, if we're running on a _really_ constrained client, there will be only one hash function enabled anyway, and in this case the checksum optimization has no effect. This commit therefore removes checksum optimization altogether, saving some code on constrained systems.
This commit is contained in:
parent
c2fb759f3b
commit
533f5b1d8d
|
@ -1823,7 +1823,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
mbedtls_ssl_optimize_checksum( ssl, server_suite_info );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
||||||
|
|
|
@ -834,12 +834,8 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
#endif /* MBEDTLS_SHA512_C */
|
#endif /* MBEDTLS_SHA512_C */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum( mbedtls_ssl_context *,
|
||||||
|
const unsigned char *, size_t );
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
|
static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
|
||||||
|
@ -853,13 +849,11 @@ static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
|
|
||||||
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * );
|
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * );
|
||||||
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
|
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_SHA512_C)
|
||||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
|
|
||||||
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * );
|
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * );
|
||||||
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
|
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
|
||||||
#endif
|
#endif
|
||||||
|
@ -7378,35 +7372,6 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
|
||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info )
|
|
||||||
{
|
|
||||||
((void) ciphersuite_info);
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 )
|
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
|
||||||
if( mbedtls_ssl_suite_get_mac( ciphersuite_info ) == MBEDTLS_MD_SHA384 )
|
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
|
||||||
if( mbedtls_ssl_suite_get_mac( ciphersuite_info ) != MBEDTLS_MD_SHA384 )
|
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||||
|
@ -7424,7 +7389,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||||
|
@ -7442,34 +7407,6 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
|
|
||||||
const unsigned char *buf, size_t len )
|
|
||||||
{
|
|
||||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
|
||||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
|
||||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
|
||||||
const unsigned char *buf, size_t len )
|
|
||||||
{
|
|
||||||
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
|
||||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
|
||||||
const unsigned char *buf, size_t len )
|
|
||||||
{
|
|
||||||
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
static void ssl_calc_finished_ssl(
|
static void ssl_calc_finished_ssl(
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||||
|
@ -8064,7 +8001,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
handshake->update_checksum = ssl_update_checksum_start;
|
handshake->update_checksum = ssl_update_checksum;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
|
|
Loading…
Reference in a new issue