From b567f8326d2baffb10872799cfe7db1faf5797e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 May 2023 21:38:11 +0200 Subject: [PATCH 1/2] Halve size of mbedtls_error_pair_t All PSA crypto error codes fit comfortably in 16 bits and we have no plans to ever change this. So use 16 bits to store them, which reduces mbedtls_error_pair_t from 8 bytes to 4 bytes. Signed-off-by: Gilles Peskine --- include/mbedtls/psa_util.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b750716a9..32d20b5e5 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -345,7 +345,11 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ typedef struct { - psa_status_t psa_status; + /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */ + int16_t psa_status; + /* Error codes used by Mbed TLS are in one of the ranges + * -127..-1 (low-level) or (-128) * (128..511) (high-level), + * fitting in 16 bits. */ int16_t mbedtls_error; } mbedtls_error_pair_t; From 4837e9d1c0ffa07d6a74da998aa42bb37b2c4064 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 7 May 2023 20:27:13 +0200 Subject: [PATCH 2/2] Correct comment about mbedtls error codes Signed-off-by: Gilles Peskine --- include/mbedtls/psa_util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 32d20b5e5..f7ed2ebfe 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -348,8 +348,8 @@ typedef struct { /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */ int16_t psa_status; /* Error codes used by Mbed TLS are in one of the ranges - * -127..-1 (low-level) or (-128) * (128..511) (high-level), - * fitting in 16 bits. */ + * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level + * code optionally added), fitting in 16 bits. */ int16_t mbedtls_error; } mbedtls_error_pair_t;