Some minor struct optimizations.

include/mbedtls/cipher.h

@@ -283,17 +283,17 @@ typedef struct mbedtls_cipher_info_t
  */
 typedef struct mbedtls_cipher_context_t
 {
+    /** Operation that the key of the context has been
+     * initialized for.
+     */
+    mbedtls_operation_t operation;
+
     /** Information about the associated cipher. */
     const mbedtls_cipher_info_t *cipher_info;
 
     /** Key length to use. */
     int key_bitlen;
 
-    /** Operation that the key of the context has been
-     * initialized for.
-     */
-    mbedtls_operation_t operation;
-
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
     /** Padding functions to use, if relevant for
      * the specific cipher mode.
@@ -302,16 +302,9 @@ typedef struct mbedtls_cipher_context_t
     int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
 #endif
 
-    /** Buffer for input that has not been processed yet. */
-    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
     /** Number of Bytes that have not been processed yet. */
     size_t unprocessed_len;
 
-    /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
-     * for XTS-mode. */
-    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
     /** IV size in Bytes, for ciphers with variable-length IVs. */
     size_t iv_size;
 
@@ -322,6 +315,13 @@ typedef struct mbedtls_cipher_context_t
     /** CMAC-specific context. */
     mbedtls_cmac_context_t *cmac_ctx;
 #endif
+
+    /** Buffer for input that has not been processed yet. */
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+    /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
+     * for XTS-mode. */
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
 } mbedtls_cipher_context_t;
 
 /**

include/mbedtls/ssl_internal.h

@@ -394,11 +394,6 @@ struct mbedtls_ssl_handshake_params
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-
-
-
-
-
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
     defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
     mbedtls_ssl_sig_hash_set_t hash_algs;             /*!<  Set of suitable sig-hash pairs */
@@ -418,13 +413,8 @@ struct mbedtls_ssl_handshake_params
 #endif
 
     size_t pmslen;                      /*!<  premaster length        */
-
     int cli_exts;                       /*!< client extension presence*/
 
-
-
-
-
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
     unsigned char *psk;                 /*!<  PSK from the callback         */
     size_t psk_len;                     /*!<  Length of PSK from callback   */
@@ -469,22 +459,13 @@ struct mbedtls_ssl_handshake_params
                                               resending messages             */
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    /* The state of CID configuration in this handshake. */
-    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-    unsigned char randbytes[64];        /*!<  random bytes            */
-    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
-                                        /*!<  premaster secret        */
     struct
     {
         uint8_t seen_ccs;               /*!< Indicates if a CCS message has
                                          *   been seen in the current flight. */
 
-        size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
-                                      *   buffers used for message buffering. */
+        size_t total_bytes_buffered;    /*!< Cumulative size of heap allocated
+                                         *   buffers used for message buffering. */
 
         struct
         {
@@ -502,9 +483,14 @@ struct mbedtls_ssl_handshake_params
             size_t data_len;
         } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
     } buffering;
-
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    /* The state of CID configuration in this handshake. */
+    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-
+    unsigned char randbytes[64];        /*!<  random bytes            */
+    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
+                                        /*!<  premaster secret        */
 
 #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
@@ -548,7 +534,7 @@ struct mbedtls_ssl_handshake_params
     uint8_t ecdh_peerkey[2*NUM_ECC_BYTES];
 #endif /* MBEDTLS_USE_TINYCRYPT */
 
-/*
+    /*
      * Checksum contexts
      */
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \

include/mbedtls/ssl_ticket.h

@@ -63,15 +63,15 @@ mbedtls_ssl_ticket_key;
  */
 typedef struct mbedtls_ssl_ticket_context
 {
-    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
     unsigned char active;           /*!< index of the currently active key  */
-
     uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
 
     /** Callback for getting (pseudo-)random numbers                        */
     int  (*f_rng)(void *, unsigned char *, size_t);
     void *p_rng;                    /*!< context for the RNG function       */
 
+    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
+
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_threading_mutex_t mutex;
 #endif

library/x509_crt.c

@@ -2056,10 +2056,10 @@ typedef struct mbedtls_x509_crt_sig_info
     mbedtls_md_type_t sig_md;
     mbedtls_pk_type_t sig_pk;
     void *sig_opts;
-    uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
     size_t crt_hash_len;
     mbedtls_x509_buf_raw sig;
     mbedtls_x509_buf_raw issuer_raw;
+    uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
 } mbedtls_x509_crt_sig_info;
 
 static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )