commit acd4fc0ac941db79a9ba6e50f8f6f58d02865d4c
author Hanno Becker <hanno.becker@arm.com> Wed Jun 12 16:40:50 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Tue Jul 02 16:41:29 2019 +0100
tree 01209c14ff416a9da2887628c42f5230b77426a0
parent de67154658677b32d41ffdbf60c1bd1cd3b782cb

Allow compile-time configuration of authentication mode

Introduces MBEDTLS_SSL_CONF_AUTHMODE to fix the authentication
mode (none, optional, mandatory) at compile-time.

Impact on code-size:

|  | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23487 | 24025 | 27885 |
| `libmbedtls.a` after  | 23379 | 23929 | 27727 |
| gain in Bytes | 108 | 96 | 157 |

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ee292c5..3381b79 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3450,6 +3450,8 @@
  * \{
  */
 
+//#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
+
 /* DTLS-specific settings */
 //#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED
 //#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index dd546b8..492a324 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1049,7 +1049,9 @@
 
     unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
     unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
     unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
+#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
     /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
     unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
 #if defined(MBEDTLS_ARC4_C)

include/mbedtls/ssl_internal.h

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 49c6050..378db24 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1085,6 +1085,21 @@
  * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX.
  */
 
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
+static inline int mbedtls_ssl_conf_get_authmode(
+    mbedtls_ssl_config  const *conf )
+{
+    return( conf->authmode );
+}
+#else /* !MBEDTLS_SSL_CONF_AUTHMODE */
+static inline int mbedtls_ssl_conf_get_authmode(
+    mbedtls_ssl_config const *conf )
+{
+    ((void) conf);
+    return( MBEDTLS_SSL_CONF_AUTHMODE );
+}
+#endif /* MBEDTLS_SSL_CONF_AUTHMODE */
+
 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
 #if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
 static inline unsigned int mbedtls_ssl_conf_get_badmac_limit(