From 7b628e5b887b6013a6113fcbf0044983ca50b741 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 14:45:11 +0100 Subject: [PATCH] Make mbedtls_ssl_read/write_version static inline Reasons: - If the transport type is fixed at compile-time, mbedtls_ssl_read_version() and mbedtls_ssl_write_version() are called with a compile-time determined `transport` parameter, so the transport-type branch in their body can be eliminated at compile-time. - mbedtls_ssl_read_version() is called with addresses of local variables, which so far need to be put on the stack to be addressable. Inlining the call allows to read directly into the registers holding these local variables. This saves 60 bytes w.r.t. the measurement performed by > ./scripts/baremetal.sh --rom --gcc --- include/mbedtls/ssl_internal.h | 68 +++++++++++++++++++++++++++++++--- library/ssl_tls.c | 61 ------------------------------ 2 files changed, 63 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 43443bf590..5ba2f30b6d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1020,11 +1020,6 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, uint32_t *flags ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ); -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ); - static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) { return( (size_t) ( ssl->in_iv - ssl->in_hdr ) ); @@ -1104,6 +1099,69 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ +/* + * Convert version numbers to/from wire format + * and, for DTLS, to/from TLS equivalent. + * + * For TLS this is the identity. + * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: + * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) + * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) + */ +static inline void mbedtls_ssl_write_version( int major, int minor, + int transport, + unsigned char ver[2] ) +{ +#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) + ((void) transport); +#endif + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) ) + { + if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) + --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ + + ver[0] = (unsigned char)( 255 - ( major - 2 ) ); + ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); + } + MBEDTLS_SSL_TRANSPORT_ELSE +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS) + { + ver[0] = (unsigned char) major; + ver[1] = (unsigned char) minor; + } +#endif +} + +static inline void mbedtls_ssl_read_version( int *major, int *minor, + int transport, + const unsigned char ver[2] ) +{ +#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) + ((void) transport); +#endif + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) ) + { + *major = 255 - ver[0] + 2; + *minor = 255 - ver[1] + 1; + + if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) + ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ + } + MBEDTLS_SSL_TRANSPORT_ELSE +#endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_PROTO_TLS) + { + *major = ver[0]; + *minor = ver[1]; + } +#endif /* MBEDTLS_SSL_PROTO_TLS */ +} + #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5e1d7bdb51..814bb27a17 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -11412,67 +11412,6 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -/* - * Convert version numbers to/from wire format - * and, for DTLS, to/from TLS equivalent. - * - * For TLS this is the identity. - * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: - * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) - * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) - */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ) -{ -#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) - ((void) transport); -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) ) - { - if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) - --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - - ver[0] = (unsigned char)( 255 - ( major - 2 ) ); - ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); - } - MBEDTLS_SSL_TRANSPORT_ELSE -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS) - { - ver[0] = (unsigned char) major; - ver[1] = (unsigned char) minor; - } -#endif -} - -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ) -{ -#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) - ((void) transport); -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) ) - { - *major = 255 - ver[0] + 2; - *minor = 255 - ver[1] + 1; - - if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) - ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - } - MBEDTLS_SSL_TRANSPORT_ELSE -#endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_PROTO_TLS) - { - *major = ver[0]; - *minor = ver[1]; - } -#endif /* MBEDTLS_SSL_PROTO_TLS */ -} - int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2)