lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0

Browse Source 
Reorder structure fields to maximize usage of immediate offset access
This commit is contained in:
Manuel Pégourié-Gonnard
2021-12-09 12:54:09 +01:00
committed by GitHub
parent d7d740eb6e cfe74a37b9
commit c38c1f2411
7 changed files with 311 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
include/mbedtls/ssl.h
View File

@ -1108,6 +1108,17 @@ mbedtls_dtls_srtp_info;
*/
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
unsigned char MBEDTLS_PRIVATE(exported);
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
@ -1117,13 +1128,6 @@ struct mbedtls_ssl_session
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
unsigned char MBEDTLS_PRIVATE(exported);
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
@ -1143,10 +1147,6 @@ struct mbedtls_ssl_session
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
@ -1210,7 +1210,62 @@ typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
*/
struct mbedtls_ssl_config
{
/* Group items by size (largest first) to minimize padding overhead */
/* Group items mostly by size. This helps to reduce memory wasted to
* padding. It also helps to keep smaller fields early in the structure,
* so that elements tend to be in the 128-element direct access window
* on Arm Thumb, which reduces the code size. */
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (could be bit-fields to save RAM, but separate bytes make
* the code smaller on architectures with an instruction for direct
* byte access).
*/
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
uint8_t MBEDTLS_PRIVATE(transport); /*!< 0: stream (TLS), 1: datagram (DTLS) */
uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length indicator
(MBEDTLS_SSL_MAX_FRAG_LEN_XXX) */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
Certificate Request messages? */
uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to
the client's preferences rather
than ours? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Should DTLS record with
* unexpected CID
* lead to failure? */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value
in the use_srtp extension? */
#endif
/*
* Pointers
@ -1365,7 +1420,7 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
* Numerical settings (int)
*/
uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
@ -1388,55 +1443,6 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
the client's preferences rather
than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context