From 95311aae84f4b3856dd92c8c2df8552f38af67c8 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Mon, 14 Oct 2024 16:29:27 +0530
Subject: [PATCH] fix(mbedtls): Fix the increase in build size of mbedtls when
 upgrading to v3.x

---
 components/mbedtls/Kconfig                        | 14 +++++++++++---
 .../mbedtls/port/include/mbedtls/esp_config.h     | 15 +++++++++++++++
 docs/en/api-guides/performance/size.rst           |  1 +
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index e4985f1936..402b65232a 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -630,6 +630,14 @@ menu "mbedTLS"
         help
             Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.
 
+    config MBEDTLS_SHA3_C
+        bool "Enable the SHA3 cryptographic hash algorithm"
+        default n
+        help
+            Enabling MBEDTLS_SHA3_C adds support for SHA3.
+            Enabling this configuration option increases the flash footprint
+            by almost 4KB.
+
     choice MBEDTLS_TLS_MODE
         bool "TLS Protocol Role"
         default MBEDTLS_TLS_SERVER_AND_CLIENT
@@ -1049,12 +1057,12 @@ menu "mbedTLS"
     config MBEDTLS_ECP_FIXED_POINT_OPTIM
         bool "Enable fixed-point multiplication optimisations"
         depends on MBEDTLS_ECP_C
-        default y
+        default n
         help
             This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP
             fixed point multiplication using pre-computed tables in the flash memory.
-            Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected)
-            in the application binary.
+            Enabling this configuration option increases the flash footprint
+            (about 29KB if all Elliptic Curve selected) in the application binary.
 
             # end of Elliptic Curve options
 
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 5e7717a3a5..2b771298aa 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2521,6 +2521,21 @@
 #undef MBEDTLS_SHA512_C
 #endif
 
+/**
+ * \def MBEDTLS_SHA3_C
+ *
+ *  Enable the SHA3 cryptographic hash algorithm.
+ *
+ * Module:  library/sha3.c
+ *
+ * This module adds support for SHA3.
+ */
+#ifdef CONFIG_MBEDTLS_SHA3_C
+#define MBEDTLS_SHA3_C
+#else
+#undef MBEDTLS_SHA3_C
+#endif
+
 /**
  * \def MBEDTLS_SSL_CACHE_C
  *
diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst
index a40a95ba2a..6b499af0f9 100644
--- a/docs/en/api-guides/performance/size.rst
+++ b/docs/en/api-guides/performance/size.rst
@@ -404,6 +404,7 @@ These include:
 - :ref:`CONFIG_MBEDTLS_HAVE_TIME`
 - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
 - :ref:`CONFIG_MBEDTLS_SHA512_C`
+- :ref:`CONFIG_MBEDTLS_SHA3_C`
 - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`