Reduce many unnecessary static memory consumption

.data section of ssl_client1 becomes 320 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
This commit is contained in:
Chien Wong 2023-12-28 17:07:43 +08:00
parent 32c28cebb4
commit 4e9683e818
No known key found for this signature in database
GPG key ID: 5CA58A39FA4122AD
3 changed files with 17 additions and 17 deletions

View file

@ -52,7 +52,7 @@
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
/* For these curves, we build the group parameters dynamically. */ /* For these curves, we build the group parameters dynamically. */
#define ECP_LOAD_GROUP #define ECP_LOAD_GROUP
static mbedtls_mpi_uint mpi_one[] = { 1 }; static const mbedtls_mpi_uint mpi_one[] = { 1 };
#endif #endif
/* /*
@ -4511,7 +4511,7 @@ static inline void ecp_mpi_set1(mbedtls_mpi *X)
{ {
X->s = 1; X->s = 1;
X->n = 1; X->n = 1;
X->p = mpi_one; X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */
} }
/* /*
@ -5318,7 +5318,7 @@ cleanup:
*/ */
#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask) size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -5332,7 +5332,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
/* Init R */ /* Init R */
R.s = 1; R.s = 1;
R.p = Rp; R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
R.n = P_KOBLITZ_R; R.n = P_KOBLITZ_R;
/* Common setup for M */ /* Common setup for M */
@ -5403,7 +5403,7 @@ cleanup:
*/ */
static int ecp_mod_p192k1(mbedtls_mpi *N) static int ecp_mod_p192k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };
@ -5420,7 +5420,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
*/ */
static int ecp_mod_p224k1(mbedtls_mpi *N) static int ecp_mod_p224k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };
@ -5442,7 +5442,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
*/ */
static int ecp_mod_p256k1(mbedtls_mpi *N) static int ecp_mod_p256k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };

View file

@ -37,7 +37,7 @@ mbedtls_sha3_family_functions;
/* /*
* List of supported SHA-3 families * List of supported SHA-3 families
*/ */
static mbedtls_sha3_family_functions sha3_families[] = { static const mbedtls_sha3_family_functions sha3_families[] = {
{ MBEDTLS_SHA3_224, 1152, 224 }, { MBEDTLS_SHA3_224, 1152, 224 },
{ MBEDTLS_SHA3_256, 1088, 256 }, { MBEDTLS_SHA3_256, 1088, 256 },
{ MBEDTLS_SHA3_384, 832, 384 }, { MBEDTLS_SHA3_384, 832, 384 },
@ -180,7 +180,7 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
*/ */
int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
{ {
mbedtls_sha3_family_functions *p = NULL; const mbedtls_sha3_family_functions *p = NULL;
for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) {
if (p->id == id) { if (p->id == id) {

View file

@ -631,7 +631,7 @@ static const char *extension_name_table[] = {
[MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit" [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit"
}; };
static unsigned int extension_type_table[] = { static const unsigned int extension_type_table[] = {
[MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
[MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
[MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
@ -3706,7 +3706,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
(SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT))) (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
static unsigned char ssl_serialized_session_header[] = { static const unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
@ -4431,7 +4431,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
(SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
0u)) 0u))
static unsigned char ssl_serialized_context_header[] = { static const unsigned char ssl_serialized_context_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
@ -5049,7 +5049,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
* See the documentation of mbedtls_ssl_conf_curves() for what we promise * See the documentation of mbedtls_ssl_conf_curves() for what we promise
* about this list. * about this list.
*/ */
static uint16_t ssl_preset_default_groups[] = { static const uint16_t ssl_preset_default_groups[] = {
#if defined(MBEDTLS_ECP_HAVE_CURVE25519) #if defined(MBEDTLS_ECP_HAVE_CURVE25519)
MBEDTLS_SSL_IANA_TLS_GROUP_X25519, MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif #endif
@ -5100,7 +5100,7 @@ static const int ssl_preset_suiteb_ciphersuites[] = {
* - ssl_tls12_preset* is for TLS 1.2 use only. * - ssl_tls12_preset* is for TLS 1.2 use only.
* - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes.
*/ */
static uint16_t ssl_preset_default_sig_algs[] = { static const uint16_t ssl_preset_default_sig_algs[] = {
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_MD_CAN_SHA256) && \
@ -5195,7 +5195,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* NOTICE: see above */ /* NOTICE: see above */
static uint16_t ssl_preset_suiteb_sig_algs[] = { static const uint16_t ssl_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_MD_CAN_SHA256) && \
@ -5236,7 +5236,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
static uint16_t ssl_preset_suiteb_groups[] = { static const uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_ECP_HAVE_SECP256R1) #if defined(MBEDTLS_ECP_HAVE_SECP256R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif #endif
@ -5250,7 +5250,7 @@ static uint16_t ssl_preset_suiteb_groups[] = {
/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
* to make sure there are no duplicated signature algorithm entries. */ * to make sure there are no duplicated signature algorithm entries. */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs) static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs)
{ {
size_t i, j; size_t i, j;
int ret = 0; int ret = 0;