Remove ssl_optimize_checksum()

This function is called on client-only once the ciphersuite has
been chosen and it it is known which digest the client will need
for the handshake transcript throughout the handshake, and causes
all other unneeded handshake transcripts to be discontinued.

(On the server, we cannot call this function because we don't know
 which hash the client will those in its CertificateVerify message).

However, the benefit of this call is marginal, since transcript hash
computation is negligible compared to asymmetric crypto, and moreover
the handshake transcript contexts for the unused digests are still
stored in the SSL handshake parameter structure and not freed until
the end of the handshake.

Finally, if we're running on a _really_ constrained client, there
will be only one hash function enabled anyway, and in this case
the checksum optimization has no effect.

This commit therefore removes checksum optimization altogether,
saving some code on constrained systems.
This commit is contained in:
Hanno Becker 2019-08-15 16:56:35 +01:00
parent c2fb759f3b
commit 533f5b1d8d
2 changed files with 6 additions and 70 deletions

View file

@ -1823,7 +1823,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
mbedtls_ssl_optimize_checksum( ssl, server_suite_info );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );

View file

@ -834,12 +834,8 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_update_checksum( mbedtls_ssl_context *,
const unsigned char *, size_t );
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * ); static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
@ -853,13 +849,11 @@ static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * ); static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * ); static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
#endif #endif
@ -7378,40 +7372,11 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info )
{
((void) ciphersuite_info);
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 )
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C)
if( mbedtls_ssl_suite_get_mac( ciphersuite_info ) == MBEDTLS_MD_SHA384 )
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
else
#endif
#if defined(MBEDTLS_SHA256_C)
if( mbedtls_ssl_suite_get_mac( ciphersuite_info ) != MBEDTLS_MD_SHA384 )
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
else
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return;
}
}
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -7424,8 +7389,8 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
} }
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, static void ssl_update_checksum( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)
@ -7442,34 +7407,6 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
} }
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
}
#endif
#if defined(MBEDTLS_SHA512_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
}
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_finished_ssl( static void ssl_calc_finished_ssl(
mbedtls_ssl_context *ssl, unsigned char *buf, int from ) mbedtls_ssl_context *ssl, unsigned char *buf, int from )
@ -8064,7 +8001,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
handshake->update_checksum = ssl_update_checksum_start; handshake->update_checksum = ssl_update_checksum;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)