diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 082a69174..cb575213b 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -283,17 +283,17 @@ typedef struct mbedtls_cipher_info_t */ typedef struct mbedtls_cipher_context_t { + /** Operation that the key of the context has been + * initialized for. + */ + mbedtls_operation_t operation; + /** Information about the associated cipher. */ const mbedtls_cipher_info_t *cipher_info; /** Key length to use. */ int key_bitlen; - /** Operation that the key of the context has been - * initialized for. - */ - mbedtls_operation_t operation; - #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** Padding functions to use, if relevant for * the specific cipher mode. @@ -302,16 +302,9 @@ typedef struct mbedtls_cipher_context_t int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); #endif - /** Buffer for input that has not been processed yet. */ - unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; - /** Number of Bytes that have not been processed yet. */ size_t unprocessed_len; - /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number - * for XTS-mode. */ - unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; - /** IV size in Bytes, for ciphers with variable-length IVs. */ size_t iv_size; @@ -322,6 +315,13 @@ typedef struct mbedtls_cipher_context_t /** CMAC-specific context. */ mbedtls_cmac_context_t *cmac_ctx; #endif + + /** Buffer for input that has not been processed yet. */ + unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; + + /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number + * for XTS-mode. */ + unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; } mbedtls_cipher_context_t; /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index b059d8790..659b8a3cd 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -394,11 +394,6 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_PROTO_DTLS */ - - - - - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ @@ -418,13 +413,8 @@ struct mbedtls_ssl_handshake_params #endif size_t pmslen; /*!< premaster length */ - int cli_exts; /*!< client extension presence*/ - - - - #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char *psk; /*!< PSK from the callback */ size_t psk_len; /*!< Length of PSK from callback */ @@ -469,22 +459,13 @@ struct mbedtls_ssl_handshake_params resending messages */ unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The state of CID configuration in this handshake. */ - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - unsigned char randbytes[64]; /*!< random bytes */ - unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ struct { uint8_t seen_ccs; /*!< Indicates if a CCS message has * been seen in the current flight. */ - size_t total_bytes_buffered; /*!< Cumulative size of heap allocated - * buffers used for message buffering. */ + size_t total_bytes_buffered; /*!< Cumulative size of heap allocated + * buffers used for message buffering. */ struct { @@ -502,9 +483,14 @@ struct mbedtls_ssl_handshake_params size_t data_len; } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; } buffering; - +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* The state of CID configuration in this handshake. */ + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ - + unsigned char randbytes[64]; /*!< random bytes */ + unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; + /*!< premaster secret */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; @@ -548,7 +534,7 @@ struct mbedtls_ssl_handshake_params uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; #endif /* MBEDTLS_USE_TINYCRYPT */ -/* + /* * Checksum contexts */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 774a007a9..bb6cfe321 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -63,15 +63,15 @@ mbedtls_ssl_ticket_key; */ typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ unsigned char active; /*!< index of the currently active key */ - uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ int (*f_rng)(void *, unsigned char *, size_t); void *p_rng; /*!< context for the RNG function */ + mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ + #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; #endif diff --git a/library/x509_crt.c b/library/x509_crt.c index 1c4237bda..7e65f1d50 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2056,10 +2056,10 @@ typedef struct mbedtls_x509_crt_sig_info mbedtls_md_type_t sig_md; mbedtls_pk_type_t sig_pk; void *sig_opts; - uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE]; size_t crt_hash_len; mbedtls_x509_buf_raw sig; mbedtls_x509_buf_raw issuer_raw; + uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE]; } mbedtls_x509_crt_sig_info; static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )