mbedtls_ssl_config: Replace bit-fields by separate bytes
This slightly increases the RAM consumption per context, but saves code size on architectures with an instruction for direct byte access (which is most of them). Although this is technically an API break, in practice, a realistic application won't break: it would have had to bypass API functions and rely on the field size (e.g. relying on -1 == 1 in a 1-bit field). Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19543 -> 19559 (diff: -16) library/ssl_msg.o: 24726 -> 24690 (diff: 36) library/ssl_srv.o: 20462 -> 20418 (diff: 44) library/ssl_tls.o: 20707 -> 20555 (diff: 152) library/ssl_tls13_client.o: 7252 -> 7244 (diff: 8) library/ssl_tls13_generic.o: 4705 -> 4693 (diff: 12) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2876 -> 2864 (diff: 12) library/ssl_msg.o: 3068 -> 3080 (diff: -12) library/ssl_srv.o: 3372 -> 3340 (diff: 32) library/ssl_tls.o: 6658 -> 6566 (diff: 92) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
8834d87ef6
commit
533a728392
1 changed files with 23 additions and 21 deletions
|
|
@ -1221,47 +1221,49 @@ struct mbedtls_ssl_config
|
||||||
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
|
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Flags (bitfields)
|
* Flags (could be bit-fields to save RAM, but separate bytes make
|
||||||
|
* the code smaller on architectures with an instruction for direct
|
||||||
|
* byte access).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
|
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
|
||||||
unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
|
uint8_t MBEDTLS_PRIVATE(transport); /*!< stream (TLS) or datagram (DTLS) */
|
||||||
unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||||
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
||||||
unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
|
uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
|
uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
|
uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||||
unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
|
uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
|
uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
|
uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
|
uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
|
uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
|
||||||
Certificate Request messages? */
|
Certificate Request messages? */
|
||||||
unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
|
uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to
|
||||||
the client's preferences rather
|
the client's preferences rather
|
||||||
than ours */
|
than ours */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
|
uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Determines whether DTLS
|
||||||
* record with unexpected CID
|
* record with unexpected CID
|
||||||
* should lead to failure. */
|
* should lead to failure. */
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||||
unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
|
uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value
|
||||||
in the use_srtp extension */
|
in the use_srtp extension */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue