Optimize SSL/X509 state machines for size

earlephilhower · earlephilhower · commit c0b69dfb837f · 2021-01-03T11:22:25.000-08:00
The state machine implementations are the largest bits of the SSL
engine, but they're also not performance sensitive like the encryption
code.  Optimize the FSMs for size, leaving everything else as -O2.
diff --git a/src/ssl/ssl_hs_client.c b/src/ssl/ssl_hs_client.c
@@ -395,6 +395,9 @@ make_client_sign(br_ssl_client_context *ctx)
 		ctx->eng.pad, sizeof ctx->eng.pad);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 
 
 static const unsigned char t0_datablock[] PROGMEM = {
diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0
@@ -339,6 +339,9 @@ make_client_sign(br_ssl_client_context *ctx)
 		ctx->eng.pad, sizeof ctx->eng.pad);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 }
 
 \ =======================================================================
diff --git a/src/ssl/ssl_hs_server.c b/src/ssl/ssl_hs_server.c
@@ -426,6 +426,9 @@ verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
 	return 0;
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 
 
 static const unsigned char t0_datablock[] PROGMEM = {
diff --git a/src/ssl/ssl_hs_server.t0 b/src/ssl/ssl_hs_server.t0
@@ -370,6 +370,9 @@ verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
 	return 0;
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 }
 
 \ =======================================================================
diff --git a/src/x509/pkey_decoder.c b/src/x509/pkey_decoder.c
@@ -100,6 +100,9 @@ br_pkey_decoder_push(br_pkey_decoder_context *ctx,
 	br_pkey_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 
 
 static const unsigned char t0_datablock[] PROGMEM = {
diff --git a/src/x509/pkey_decoder.t0 b/src/x509/pkey_decoder.t0
@@ -48,6 +48,9 @@ br_pkey_decoder_push(br_pkey_decoder_context *ctx,
 	br_pkey_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 }
 
 addr: key_type
diff --git a/src/x509/skey_decoder.c b/src/x509/skey_decoder.c
@@ -100,6 +100,9 @@ br_skey_decoder_push(br_skey_decoder_context *ctx,
 	br_skey_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 
 
 static const unsigned char t0_datablock[] PROGMEM = {
diff --git a/src/x509/skey_decoder.t0 b/src/x509/skey_decoder.t0
@@ -48,6 +48,9 @@ br_skey_decoder_push(br_skey_decoder_context *ctx,
 	br_skey_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 }
 
 addr: key_type
diff --git a/src/x509/x509_decoder.c b/src/x509/x509_decoder.c
@@ -113,6 +113,9 @@ br_x509_decoder_push(br_x509_decoder_context *ctx,
 	br_x509_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 
 
 static const unsigned char t0_datablock[] PROGMEM = {
diff --git a/src/x509/x509_decoder.t0 b/src/x509/x509_decoder.t0
@@ -61,6 +61,9 @@ br_x509_decoder_push(br_x509_decoder_context *ctx,
 	br_x509_decoder_run(&ctx->cpu);
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
+
 }
 
 addr: decoded
diff --git a/src/x509/x509_minimal.c b/src/x509/x509_minimal.c
@@ -158,7 +158,7 @@ void br_x509_minimal_run(void *t0ctx);
  *     -- Extensions: extension values are processed in due order.
  *
  *        -- Basic Constraints: for all certificates except EE, must be
- *        present, indicate a CA, and have a path legnth compatible with
+ *        present, indicate a CA, and have a path length compatible with
  *        the chain length so far.
  *
  *        -- Key Usage: for the EE, if present, must allow signatures
@@ -489,6 +489,8 @@ static int check_single_trust_anchor_CA(br_x509_minimal_context *ctx,
         return 0;
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
 
 
 
diff --git a/src/x509/x509_minimal.t0 b/src/x509/x509_minimal.t0
@@ -437,6 +437,8 @@ static int check_single_trust_anchor_CA(br_x509_minimal_context *ctx,
         return 0;
 }
 
+/* State machine should be squeezed for size, not performance critical */
+#pragma GCC optimize ("Os")
 
 }
 

Original file line number	Diff line number	Diff line change
`@@ -395,6 +395,9 @@ make_client_sign(br_ssl_client_context *ctx)`
`395`	`395`	`ctx->eng.pad, sizeof ctx->eng.pad);`
`396`	`396`	`}`
`397`	`397`
	`398`	`+/* State machine should be squeezed for size, not performance critical */`
	`399`	`+#pragma GCC optimize ("Os")`
	`400`	`+`
`398`	`401`
`399`	`402`
`400`	`403`	`static const unsigned char t0_datablock[] PROGMEM = {`
Original file line number	Diff line number	Diff line change
`@@ -339,6 +339,9 @@ make_client_sign(br_ssl_client_context *ctx)`
`339`	`339`	`ctx->eng.pad, sizeof ctx->eng.pad);`
`340`	`340`	`}`
`341`	`341`
	`342`	`+/* State machine should be squeezed for size, not performance critical */`
	`343`	`+#pragma GCC optimize ("Os")`
	`344`	`+`
`342`	`345`	`}`
`343`	`346`
`344`	`347`	`\ =======================================================================`
Original file line number	Diff line number	Diff line change
`@@ -426,6 +426,9 @@ verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)`
`426`	`426`	`return 0;`
`427`	`427`	`}`
`428`	`428`
	`429`	`+/* State machine should be squeezed for size, not performance critical */`
	`430`	`+#pragma GCC optimize ("Os")`
	`431`	`+`
`429`	`432`
`430`	`433`
`431`	`434`	`static const unsigned char t0_datablock[] PROGMEM = {`
Original file line number	Diff line number	Diff line change
`@@ -370,6 +370,9 @@ verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)`
`370`	`370`	`return 0;`
`371`	`371`	`}`
`372`	`372`
	`373`	`+/* State machine should be squeezed for size, not performance critical */`
	`374`	`+#pragma GCC optimize ("Os")`
	`375`	`+`
`373`	`376`	`}`
`374`	`377`
`375`	`378`	`\ =======================================================================`
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,9 @@ br_pkey_decoder_push(br_pkey_decoder_context *ctx,`
`100`	`100`	`br_pkey_decoder_run(&ctx->cpu);`
`101`	`101`	`}`
`102`	`102`
	`103`	`+/* State machine should be squeezed for size, not performance critical */`
	`104`	`+#pragma GCC optimize ("Os")`
	`105`	`+`
`103`	`106`
`104`	`107`
`105`	`108`	`static const unsigned char t0_datablock[] PROGMEM = {`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,9 @@ br_pkey_decoder_push(br_pkey_decoder_context *ctx,`
`48`	`48`	`br_pkey_decoder_run(&ctx->cpu);`
`49`	`49`	`}`
`50`	`50`
	`51`	`+/* State machine should be squeezed for size, not performance critical */`
	`52`	`+#pragma GCC optimize ("Os")`
	`53`	`+`
`51`	`54`	`}`
`52`	`55`
`53`	`56`	`addr: key_type`
Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,9 @@ br_skey_decoder_push(br_skey_decoder_context *ctx,`
`100`	`100`	`br_skey_decoder_run(&ctx->cpu);`
`101`	`101`	`}`
`102`	`102`
	`103`	`+/* State machine should be squeezed for size, not performance critical */`
	`104`	`+#pragma GCC optimize ("Os")`
	`105`	`+`
`103`	`106`
`104`	`107`
`105`	`108`	`static const unsigned char t0_datablock[] PROGMEM = {`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,9 @@ br_skey_decoder_push(br_skey_decoder_context *ctx,`
`48`	`48`	`br_skey_decoder_run(&ctx->cpu);`
`49`	`49`	`}`
`50`	`50`
	`51`	`+/* State machine should be squeezed for size, not performance critical */`
	`52`	`+#pragma GCC optimize ("Os")`
	`53`	`+`
`51`	`54`	`}`
`52`	`55`
`53`	`56`	`addr: key_type`
Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,9 @@ br_x509_decoder_push(br_x509_decoder_context *ctx,`
`113`	`113`	`br_x509_decoder_run(&ctx->cpu);`
`114`	`114`	`}`
`115`	`115`
	`116`	`+/* State machine should be squeezed for size, not performance critical */`
	`117`	`+#pragma GCC optimize ("Os")`
	`118`	`+`
`116`	`119`
`117`	`120`
`118`	`121`	`static const unsigned char t0_datablock[] PROGMEM = {`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,9 @@ br_x509_decoder_push(br_x509_decoder_context *ctx,`
`61`	`61`	`br_x509_decoder_run(&ctx->cpu);`
`62`	`62`	`}`
`63`	`63`
	`64`	`+/* State machine should be squeezed for size, not performance critical */`
	`65`	`+#pragma GCC optimize ("Os")`
	`66`	`+`
`64`	`67`	`}`
`65`	`68`
`66`	`69`	`addr: decoded`