From 18998ddbe05a338dfaf272178b70b699677f255c Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 14 Oct 2024 16:29:27 +0530 Subject: [PATCH] fix(mbedtls): Fix the increase in build size of mbedtls when upgrading to v3.x --- components/mbedtls/Kconfig | 14 +++++++++++--- .../mbedtls/port/include/mbedtls/esp_config.h | 15 +++++++++++++++ docs/en/api-guides/performance/size.rst | 1 + docs/zh_CN/api-guides/performance/size.rst | 1 + 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 87bb4a1c15..ad829c4c9b 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -667,6 +667,14 @@ menu "mbedTLS" help Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512. + config MBEDTLS_SHA3_C + bool "Enable the SHA3 cryptographic hash algorithm" + default n + help + Enabling MBEDTLS_SHA3_C adds support for SHA3. + Enabling this configuration option increases the flash footprint + by almost 4KB. + choice MBEDTLS_TLS_MODE bool "TLS Protocol Role" default MBEDTLS_TLS_SERVER_AND_CLIENT @@ -1086,12 +1094,12 @@ menu "mbedTLS" config MBEDTLS_ECP_FIXED_POINT_OPTIM bool "Enable fixed-point multiplication optimisations" depends on MBEDTLS_ECP_C - default y + default n help This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP fixed point multiplication using pre-computed tables in the flash memory. - Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected) - in the application binary. + Enabling this configuration option increases the flash footprint + (about 29KB if all Elliptic Curve selected) in the application binary. # end of Elliptic Curve options diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 376b636d92..e515b6bf84 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2525,6 +2525,21 @@ #undef MBEDTLS_SHA512_C #endif +/** + * \def MBEDTLS_SHA3_C + * + * Enable the SHA3 cryptographic hash algorithm. + * + * Module: library/sha3.c + * + * This module adds support for SHA3. + */ +#ifdef CONFIG_MBEDTLS_SHA3_C +#define MBEDTLS_SHA3_C +#else +#undef MBEDTLS_SHA3_C +#endif + /** * \def MBEDTLS_SSL_CACHE_C * diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 0e132de012..5a6fb76cd1 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -491,6 +491,7 @@ These include: - :ref:`CONFIG_MBEDTLS_HAVE_TIME` - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC` - :ref:`CONFIG_MBEDTLS_SHA512_C` +- :ref:`CONFIG_MBEDTLS_SHA3_C` - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION` diff --git a/docs/zh_CN/api-guides/performance/size.rst b/docs/zh_CN/api-guides/performance/size.rst index f690589f54..1f9b58bfce 100644 --- a/docs/zh_CN/api-guides/performance/size.rst +++ b/docs/zh_CN/api-guides/performance/size.rst @@ -491,6 +491,7 @@ MbedTLS 功能 - :ref:`CONFIG_MBEDTLS_HAVE_TIME` - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC` - :ref:`CONFIG_MBEDTLS_SHA512_C` +- :ref:`CONFIG_MBEDTLS_SHA3_C` - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`