From 0ae6b244c87a62b5f84eac45b2bd14e8dee71583 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 16:45:36 +0100 Subject: [PATCH] Allow compile-time configuration of timer callbacks Introduces - MBEDTLS_SSL_CONF_SET_TIMER - MBEDTLS_SSL_CONF_GET_TIMER which allows to configure timer callbacks at compile-time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23379 | 23981 | 26941 | | `libmbedtls.a` after | 23351 | 23953 | 26869 | | gain in Bytes | 28 | 28 | 72 | --- configs/baremetal.h | 2 ++ include/mbedtls/check_config.h | 7 +++++++ include/mbedtls/config.h | 12 +++++++++++ include/mbedtls/ssl.h | 24 +++++++++++++++++++++ include/mbedtls/ssl_internal.h | 38 ++++++++++++++++++++++++++++++++++ library/ssl_tls.c | 29 +++++++++++++++++++------- programs/ssl/dtls_client.c | 7 +++++++ programs/ssl/dtls_server.c | 10 +++++++-- programs/ssl/query_config.c | 16 ++++++++++++++ programs/ssl/ssl_client2.c | 12 +++++++++++ programs/ssl/ssl_server2.c | 12 +++++++++++ 11 files changed, 159 insertions(+), 10 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index d6ce9a302..ee514b463 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -93,6 +93,8 @@ #define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED #define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 #define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED +#define MBEDTLS_SSL_CONF_GET_TIMER mbedtls_timing_get_delay +#define MBEDTLS_SSL_CONF_SET_TIMER mbedtls_timing_set_delay #define MBEDTLS_SSL_CONF_RECV mbedtls_net_recv #define MBEDTLS_SSL_CONF_SEND mbedtls_net_send #define MBEDTLS_SSL_CONF_RECV_TIMEOUT mbedtls_net_recv_timeout diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 29d9906ff..496f7e1ae 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -683,6 +683,13 @@ #define "MBEDTLS_SSL_CONF_SEND/RECV/RECV_TIMEOUT must be defined simultaneously" #endif +#if ( defined(MBEDTLS_SSL_CONF_GET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_SET_TIMER) ) || \ + ( !defined(MBEDTLS_SSL_CONF_GET_TIMER) && \ + defined(MBEDTLS_SSL_CONF_SET_TIMER) ) +#define "MBEDTLS_SSL_CONF_GET_TIMER and MBEDTLS_SSL_CONF_SET_TIMER must be defined together." +#endif + #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a767cb298..da1ae426d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3601,6 +3601,18 @@ //#define MBEDTLS_SSL_CONF_CID_LEN 0 //#define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE +/* The timer callbacks to use by the SSL module. + * If defined, + * - MBEDTLS_SSL_CONF_SET_TIMER must evaluate to the name of an externally + * defined function with signature + * void (*f_set_timer)( void* , uint32_t, uint32_t ), + * * MBEDTLS_SSL_CONF_SEND must evaluate to the name of an externally + * defined function with signature + * int (*f_get_timer)( void* ). + */ +//#define MBEDTLS_SSL_CONF_GET_TIMER mbedtls_timing_get_delay +//#define MBEDTLS_SSL_CONF_SET_TIMER mbedtls_timing_set_delay + /* The send and receive callbacks to use by the SSL module. * If defined, * - MBEDTLS_SSL_CONF_RECV must evaluate to the name of an externally diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 671d10766..f422d44ae 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1183,8 +1183,12 @@ struct mbedtls_ssl_context */ void *p_timer; /*!< context for the timer callbacks */ +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ +#endif /* !MBEDTLS_SSL_CONF_SET_TIMER */ +#if !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ +#endif /* !MBEDTLS_SSL_CONF_GET_TIMER */ /* * Record layer (incoming data) @@ -1779,6 +1783,8 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); #endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */ +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) /** * \brief Set the timer callbacks (Mandatory for DTLS.) * @@ -1796,6 +1802,12 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) * \c mbedtls_timing_get_delay() that are suitable for using * here, except if using an event-driven style. * + * \note On constrained systems, the timer callbacks \p f_set_timer + * and \p f_get_timer may also be configured at compile-time + * via MBEDTLS_SSL_CONF_GET_TIMER and MBEDTLS_SSL_CONF_SET_TIMER. + * In this case, the corresponding arguments to this function + * are ignored. + * * \note See also the "DTLS tutorial" article in our knowledge base. * https://tls.mbed.org/kb/how-to/dtls-tutorial */ @@ -1803,6 +1815,18 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer ); +#else +/** + * \brief Set the context to be passed to the timer callbacks + * (Mandatory for DTLS.) + * + * \param ssl The SSL context to configure. + * \param p_timer The context to be passed to the timer callbacks. + * + */ +void mbedtls_ssl_set_timer_cb_ctx( mbedtls_ssl_context *ssl, + void *p_timer ); +#endif /** * \brief Callback type: generate and write session ticket diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 8d5170c27..4b857813c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1291,6 +1291,44 @@ static inline unsigned int mbedtls_ssl_conf_get_anti_replay( typedef int (*mbedtls_frng_t)( void*, unsigned char*, size_t ); +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) +static inline mbedtls_ssl_set_timer_t* mbedtls_ssl_get_set_timer( + mbedtls_ssl_context const *ssl ) +{ + return( ssl->f_set_timer ); +} +#else /* !MBEDTLS_SSL_CONF_SET_TIMER */ + +#define mbedtls_ssl_conf_set_timer_func MBEDTLS_SSL_CONF_SET_TIMER +extern void mbedtls_ssl_conf_set_timer_func( void*, uint32_t, uint32_t ); + +static inline mbedtls_ssl_set_timer_t* mbedtls_ssl_get_set_timer( + mbedtls_ssl_context const *ssl ) +{ + ((void) ssl); + return ((mbedtls_ssl_set_timer_t*) mbedtls_ssl_conf_set_timer_func); +} +#endif /* MBEDTLS_SSL_CONF_SET_TIMER */ + +#if !defined(MBEDTLS_SSL_CONF_GET_TIMER) +static inline mbedtls_ssl_get_timer_t* mbedtls_ssl_get_get_timer( + mbedtls_ssl_context const *ssl ) +{ + return( ssl->f_get_timer ); +} +#else /* !MBEDTLS_SSL_CONF_GET_TIMER */ + +#define mbedtls_ssl_conf_get_timer_func MBEDTLS_SSL_CONF_GET_TIMER +extern int mbedtls_ssl_conf_get_timer_func( void* ); + +static inline mbedtls_ssl_get_timer_t* mbedtls_ssl_get_get_timer( + mbedtls_ssl_context const *ssl ) +{ + ((void) ssl); + return ((mbedtls_ssl_get_timer_t*) mbedtls_ssl_conf_get_timer_func); +} +#endif /* MBEDTLS_SSL_CONF_GET_TIMER */ + #if !defined(MBEDTLS_SSL_CONF_RECV) static inline mbedtls_ssl_recv_t* mbedtls_ssl_get_recv( mbedtls_ssl_context const *ssl ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 847ac711a..016c5d837 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -81,11 +81,13 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) */ static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) { - if( ssl->f_set_timer == NULL ) + if( mbedtls_ssl_get_set_timer( ssl ) == NULL ) return; MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); - ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); + mbedtls_ssl_get_set_timer( ssl )( ssl->p_timer, + millisecs / 4, + millisecs ); } /* @@ -93,10 +95,10 @@ static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) */ static int ssl_check_timer( mbedtls_ssl_context *ssl ) { - if( ssl->f_get_timer == NULL ) + if( mbedtls_ssl_get_get_timer( ssl ) == NULL ) return( 0 ); - if( ssl->f_get_timer( ssl->p_timer ) == 2 ) + if( mbedtls_ssl_get_get_timer( ssl )( ssl->p_timer ) == 2 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); return( -1 ); @@ -3084,7 +3086,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) uint32_t timeout; /* Just to be sure */ - if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) + if( mbedtls_ssl_get_set_timer( ssl ) == NULL || + mbedtls_ssl_get_get_timer( ssl ) == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " "mbedtls_ssl_set_timer_cb() for DTLS" ) ); @@ -8254,6 +8257,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) } #endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, @@ -8262,10 +8267,18 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; ssl->f_get_timer = f_get_timer; - /* Make sure we start with no timer running */ ssl_set_timer( ssl, 0 ); } +#else +void mbedtls_ssl_set_timer_cb_ctx( mbedtls_ssl_context *ssl, + void *p_timer ) +{ + ssl->p_timer = p_timer; + /* Make sure we start with no timer running */ + ssl_set_timer( ssl, 0 ); +} +#endif #if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE) void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, @@ -10017,8 +10030,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) while( ssl->in_offt == NULL ) { /* Start timer if not already running */ - if( ssl->f_get_timer != NULL && - ssl->f_get_timer( ssl->p_timer ) == -1 ) + if( mbedtls_ssl_get_get_timer( ssl ) != NULL && + mbedtls_ssl_get_get_timer( ssl )( ssl->p_timer ) == -1 ) { ssl_set_timer( ssl, mbedtls_ssl_conf_get_read_timeout( ssl->conf ) ); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 6f508ae16..700e19732 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -213,8 +213,15 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_bio_ctx( &ssl, &server_fd ); #endif +#if defined(MBEDTLS_TIMING_C) +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif +#endif mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 7d19d69e5..e238a95ac 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -254,8 +254,14 @@ int main( void ) goto exit; } - mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) + mbedtls_ssl_set_timer_cb( &ssl, &timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif printf( " ok\n" ); diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index a4881df66..cda71fd4e 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2706,6 +2706,22 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ +#if defined(MBEDTLS_SSL_CONF_GET_TIMER) + if( strcmp( "MBEDTLS_SSL_CONF_GET_TIMER", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_GET_TIMER ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_GET_TIMER */ + +#if defined(MBEDTLS_SSL_CONF_SET_TIMER) + if( strcmp( "MBEDTLS_SSL_CONF_SET_TIMER", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SET_TIMER ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_SET_TIMER */ + #if defined(MBEDTLS_SSL_CONF_RECV) if( strcmp( "MBEDTLS_SSL_CONF_RECV", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 695cc6a97..c63b44550 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1915,8 +1915,13 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_TIMING_C) +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif #endif #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -2507,9 +2512,16 @@ send_request: #if defined(MBEDTLS_TIMING_C) if( opt.nbio != 0 && opt.read_timeout != 0 ) + { +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif + } #endif /* MBEDTLS_TIMING_C */ } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 916a64224..876a7a06c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2898,8 +2898,13 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_TIMING_C) +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif #endif mbedtls_printf( " ok\n" ); @@ -3515,9 +3520,16 @@ data_exchange: #if defined(MBEDTLS_TIMING_C) if( opt.nbio != 0 && opt.read_timeout != 0 ) + { +#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ + !defined(MBEDTLS_SSL_CONF_GET_TIMER) mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay ); +#else + mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); +#endif + } #endif /* MBEDTLS_TIMING_C */ }