From 1d53ce33c445aa689fd8ae5bda4c07ce87e8cee6 Mon Sep 17 00:00:00 2001
From: Kevin Bracey <kevin.bracey@arm.com>
Date: Tue, 3 Nov 2020 15:27:21 +0200
Subject: [PATCH] Avoid bitfields
Bitfields in context structures do not have sufficient (if any) RAM
payoff for the ROM complexity to manipulate them. Replace with
plain uint8_t.
On the smallest targets, the configuration options mean that there
are 4 or fewer members anyway, so a bitfield saves no RAM compared
to uint8_t.
ROM saving will be further increased if the uint8_t members are at the
start of the structure (when compiling for Thumb).
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
---
include/mbedtls/ssl.h | 45 +++++++++++++++++-----------------
include/mbedtls/ssl_internal.h | 8 +++---
2 files changed, 26 insertions(+), 27 deletions(-)
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a7b9478db..61bbcb5f9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1194,72 +1194,71 @@ struct mbedtls_ssl_config
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
/*
- * Flags (bitfields)
+ * Flags (bytes)
*/
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
- unsigned int endpoint : 1; /*!< 0: client, 1: server */
+ uint8_t endpoint; /*!< 0: client, 1: server */
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
- unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
+ uint8_t transport; /*!< stream (TLS) or datagram (DTLS) */
#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
- unsigned int authmode : 6; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ uint8_t authmode; /*!< MBEDTLS_SSL_VERIFY_XXX */
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ uint8_t allow_legacy_renegotiation; /*!< MBEDTLS_LEGACY_XXX */
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
#if defined(MBEDTLS_ARC4_C)
- unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */
+ uint8_t arc4_disabled; /*!< blacklist RC4 ciphersuites? */
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int mfl_code : 3; /*!< desired fragment length */
+ uint8_t mfl_code; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
+ uint8_t encrypt_then_mac; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
- unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ uint8_t extended_ms; /*!< negotiate extended master secret? */
#endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
- unsigned int enforce_extended_master_secret : 1; /*!< enforce the usage
- * of extended master
- * secret */
+ uint8_t enforce_extended_master_secret; /*!< enforce the usage of
+ * extended master secret */
#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
- unsigned int anti_replay : 1; /*!< detect and prevent replay? */
+ uint8_t anti_replay; /*!< detect and prevent replay? */
#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */
+ uint8_t cbc_record_splitting; /*!< do cbc record splitting */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
+ uint8_t disable_renegotiation; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
+ uint8_t trunc_hmac; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int session_tickets : 1; /*!< use session tickets? */
+ uint8_t session_tickets; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int fallback : 1; /*!< is this a fallback? */
+ uint8_t fallback; /*!< is this a fallback? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
- unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
- Certificate Request messages? */
+ uint8_t cert_req_ca_list; /*!< enable sending CA list in
+ Certificate Request messages? */
#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
- unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
- * record with unexpected CID
- * should lead to failure. */
+ uint8_t ignore_unexpected_cid; /*!< Determines whether DTLS record
+ * with unexpected CID should
+ * lead to failure. */
#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index ea60ef3d1..2da4f6524 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -518,9 +518,9 @@ struct mbedtls_ssl_handshake_params
struct mbedtls_ssl_hs_buffer
{
- unsigned is_valid : 1;
- unsigned is_fragmented : 1;
- unsigned is_complete : 1;
+ uint8_t is_valid;
+ uint8_t is_fragmented;
+ uint8_t is_complete;
unsigned char *data;
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
@@ -559,7 +559,7 @@ struct mbedtls_ssl_handshake_params
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
+ uint8_t async_in_progress; /*!< an asynchronous operation is in progress */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)