mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-10-04 13:27:14 +00:00
b09132d33a
This commit is a step towards the goal of allowing to hardcode the choice of a single ciphersuite at compile-time. The hoped for benefit of this is that whereever a ciphersuite attribute is queried and checked against a compile-time constant, the check can be recognized as either true or false at compile-time, hence leading to a code-size reduction. For this to work, the ciphersuite attribute getter functions mbedtls_ssl_suite_get_xxx() will be modified to return something the compiler can recognize as a compile-time constant. In particular, in order to avoid relying on constant propagation abilities of the compiler, these functions should ideally return constant symbols (instead of, say, fields in a globally const structure instance). This puts us in the following situation: On the one hand, there's the array of ciphersuite information structures defining the attribute of those ciphersuites the stack knows about. On the other hand, we need direct access to those fields through constant symbols in the getter functions. In order to avoid any duplication of information, this commit exemplifies how ciphersuites can be conveniently defined on the basis of macro definitions, and how the corresponding instances of the ciphersuite information structure can be auto-generated from this. In the approach, to add support for a ciphersuite with official name NAME (such as TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), the following macro constants need to be defined in ssl_ciphersuites.h: MBEDTLS_SUITE__ NAME __ID MBEDTLS_SUITE__ NAME __NAME MBEDTLS_SUITE__ NAME __CIPHER MBEDTLS_SUITE__ NAME __MAC ... To make check-names.sh happy, one also needs a dummy macro MBEDTLS_SUITE__ NAME() These ciphersuite attribute values can then be queried via MBEDTLS_SSL_SUITE_ID( NAME_MACRO ) ... where NAME_MACRO can be any macro expanding to a defined NAME. Further, a convenience macro MBEDTLS_SSL_SUITE_INFO( NAME_MACRO ) is provided that again takes a macro NAME_MACRO expanding to a defined NAME, and itself expands to an instance of mbedtls_ssl_ciphersuite_info_t using the macro attributes defined for NAME. This macro is then used in ssl_ciphersuites.c when defining the array of known ciphersuite information structures, (a) without duplicating the information, and (b) with increased readability, because there's only one line for each ciphersuite. |
||
|---|---|---|
| .. | ||
| mbedtls | ||
| tinycrypt | ||
| .gitignore | ||
| CMakeLists.txt | ||