Merge pull request #8665 from ivq/reduce_static_mem

Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00 · 2024-02-07 23:26:27 +00:00 · c8de362202
commit c8de362202
parent 9b272ac1c6 4e9683e818
3 changed files with 17 additions and 17 deletions
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@ -46,7 +46,7 @@
    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
 /* For these curves, we build the group parameters dynamically. */
 #define ECP_LOAD_GROUP
-static mbedtls_mpi_uint mpi_one[] = { 1 };
+static const mbedtls_mpi_uint mpi_one[] = { 1 };
 #endif
 /*
@ -4505,7 +4505,7 @@ static inline void ecp_mpi_set1(mbedtls_mpi *X)
 {
    X->s = 1;
    X->n = 1;
-    X->p = mpi_one;
+    X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */
 }
 /*
@ -5311,7 +5311,7 @@ cleanup:
 */
 #define P_KOBLITZ_MAX   (256 / 8 / sizeof(mbedtls_mpi_uint))      // Max limbs in P
 #define P_KOBLITZ_R     (8 / sizeof(mbedtls_mpi_uint))            // Limbs in R
-static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
+static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
                                  size_t adjust, size_t shift, mbedtls_mpi_uint mask)
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -5325,7 +5325,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
    /* Init R */
    R.s = 1;
-    R.p = Rp;
+    R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
    R.n = P_KOBLITZ_R;
    /* Common setup for M */
@ -5396,7 +5396,7 @@ cleanup:
 */
 static int ecp_mod_p192k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
        MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
                                  0x00)
    };
@ -5413,7 +5413,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
 */
 static int ecp_mod_p224k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
        MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
                                  0x00)
    };
@ -5435,7 +5435,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
 */
 static int ecp_mod_p256k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
        MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
                                  0x00)
    };
--- a/library/sha3.c
+++ b/library/sha3.c
@ -37,7 +37,7 @@ mbedtls_sha3_family_functions;
 /*
 * List of supported SHA-3 families
 */
-static mbedtls_sha3_family_functions sha3_families[] = {
+static const mbedtls_sha3_family_functions sha3_families[] = {
    { MBEDTLS_SHA3_224,      1152, 224 },
    { MBEDTLS_SHA3_256,      1088, 256 },
    { MBEDTLS_SHA3_384,       832, 384 },
@ -180,7 +180,7 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
 */
 int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
 {
-    mbedtls_sha3_family_functions *p = NULL;
+    const mbedtls_sha3_family_functions *p = NULL;
    for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) {
        if (p->id == id) {
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -631,7 +631,7 @@ static const char *extension_name_table[] = {
    [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit"
 };
-static unsigned int extension_type_table[] = {
+static const unsigned int extension_type_table[] = {
    [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
    [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
    [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
@ -3711,7 +3711,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
         (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
         (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
-static unsigned char ssl_serialized_session_header[] = {
+static const unsigned char ssl_serialized_session_header[] = {
    MBEDTLS_VERSION_MAJOR,
    MBEDTLS_VERSION_MINOR,
    MBEDTLS_VERSION_PATCH,
@ -4436,7 +4436,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
         (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
         0u))
-static unsigned char ssl_serialized_context_header[] = {
+static const unsigned char ssl_serialized_context_header[] = {
    MBEDTLS_VERSION_MAJOR,
    MBEDTLS_VERSION_MINOR,
    MBEDTLS_VERSION_PATCH,
@ -5054,7 +5054,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
 * See the documentation of mbedtls_ssl_conf_curves() for what we promise
 * about this list.
 */
-static uint16_t ssl_preset_default_groups[] = {
+static const uint16_t ssl_preset_default_groups[] = {
 #if defined(MBEDTLS_ECP_HAVE_CURVE25519)
    MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
 #endif
@ -5105,7 +5105,7 @@ static const int ssl_preset_suiteb_ciphersuites[] = {
 *   - ssl_tls12_preset* is for TLS 1.2 use only.
 *   - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes.
 */
-static uint16_t ssl_preset_default_sig_algs[] = {
+static const uint16_t ssl_preset_default_sig_algs[] = {
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
    defined(MBEDTLS_MD_CAN_SHA256) && \
@ -5200,7 +5200,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 /* NOTICE: see above */
-static uint16_t ssl_preset_suiteb_sig_algs[] = {
+static const uint16_t ssl_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
    defined(MBEDTLS_MD_CAN_SHA256) && \
@ -5241,7 +5241,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-static uint16_t ssl_preset_suiteb_groups[] = {
+static const uint16_t ssl_preset_suiteb_groups[] = {
 #if defined(MBEDTLS_ECP_HAVE_SECP256R1)
    MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
 #endif
@ -5255,7 +5255,7 @@ static uint16_t ssl_preset_suiteb_groups[] = {
 /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
 * to make sure there are no duplicated signature algorithm entries. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs)
+static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs)
 {
    size_t i, j;
    int ret = 0;