espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 12:14:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls: configurable options for controlling dynamic memory allocations

Browse Source 
Modifies https://github.com/espressif/esp-idf/pull/2237
This commit is contained in:
Mahavir Jain
2018-09-19 15:29:20 +05:30
parent 4d50427e87
commit 54382277b6
5 changed files with 161 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/mbedtls/CMakeLists.txt
View File

@@ -80,6 +80,7 @@ set(COMPONENT_SRCS "mbedtls/library/aes.c"
"mbedtls/library/xtea.c" "mbedtls/library/xtea.c"
"port/esp_bignum.c" "port/esp_bignum.c"
"port/esp_hardware.c" "port/esp_hardware.c"
"port/esp_mem.c"
"port/esp_sha1.c" "port/esp_sha1.c"
"port/esp_sha256.c" "port/esp_sha256.c"
"port/esp_sha512.c" "port/esp_sha512.c"

71
components/mbedtls/Kconfig
View File

@@ -1,25 +1,44 @@
menu "mbedTLS" menu "mbedTLS"
config MBEDTLS_PLATFORM_MEMORY choice MBEDTLS_MEM_ALLOC_MODE
bool "Enable custom mbedTLS memory allocation layer." prompt "Memory allocation strategy"
default n default MBEDTLS_INTERNAL_MEM_ALLOC
help help
If this option is disabled, mbed TLS uses the default system Allocation strategy for mbedTLS, essentially provides ability to
calloc() and free() functions. allocate all required dynamic allocations from,
If this option is enabled, the mbed TLS config macro - Internal DRAM memory only
MBEDTLS_PLATFORM_MEMORY will be defined. The function - External SPIRAM memory only
mbedtls_platform_set_calloc_free() must be called at - Either internal or external memory based on default malloc()
runtime to provide custom calloc() and free() function behavior in ESP-IDF
pointers for use by mbedTLS. - Custom allocation mode, by overwriting calloc()/free() using
mbedtls_platform_set_calloc_free() function
This option allows fine-grained control over how mbedTLS Recommended mode here is always internal, since that is most preferred
allocates heap memory. from security perspective. But if application requirement does not
allow sufficient free internal memory then alternate mode can be
selected.
config MBEDTLS_INTERNAL_MEM_ALLOC
bool "Internal memory"
config MBEDTLS_EXTERNAL_MEM_ALLOC
bool "External SPIRAM"
depends on SPIRAM_SUPPORT
config MBEDTLS_DEFAULT_MEM_ALLOC
bool "Default alloc mode"
config MBEDTLS_CUSTOM_MEM_ALLOC
bool "Custom alloc mode"
endchoice #MBEDTLS_MEM_ALLOC_MODE
config MBEDTLS_SSL_MAX_CONTENT_LEN config MBEDTLS_SSL_MAX_CONTENT_LEN
int "TLS maximum message content length" int "TLS maximum message content length"
default 16384 default 16384
range 512 16384 range 512 16384
depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
help help
Maximum TLS message length (in bytes) supported by mbedTLS. Maximum TLS message length (in bytes) supported by mbedTLS.
@@ -36,6 +55,32 @@ config MBEDTLS_SSL_MAX_CONTENT_LEN
handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
(-0x7200). (-0x7200).
config MBEDTLS_ASYMMETRIC_CONTENT_LEN
bool "Asymmetric in/out fragment length"
default n
help
If enabled, this option allows customizing TLS in/out fragment length
in asymmetric way. Please note that enabling this with default values
saves 12KB of dynamic memory per TLS connection.
config MBEDTLS_SSL_IN_CONTENT_LEN
int "TLS maximum incoming fragment length"
default 16384
range 512 16384
depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
help
This defines maximum incoming fragment length, overriding default
maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
config MBEDTLS_SSL_OUT_CONTENT_LEN
int "TLS maximum outgoing fragment length"
default 4096
range 512 16384
depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
help
This defines maximum outgoing fragment length, overriding default
maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
config MBEDTLS_DEBUG config MBEDTLS_DEBUG
bool "Enable mbedTLS debugging" bool "Enable mbedTLS debugging"
default n default n
@@ -101,7 +146,7 @@ config MBEDTLS_HAVE_TIME
The time does not need to be correct, only time differences are used, The time does not need to be correct, only time differences are used,
config MBEDTLS_HAVE_TIME_DATE config MBEDTLS_HAVE_TIME_DATE
bool "Enable mbedtls time data" bool "Enable mbedtls certificate expiry check"
depends on MBEDTLS_HAVE_TIME depends on MBEDTLS_HAVE_TIME
default n default n
help help

37
components/mbedtls/port/esp_mem.c Normal file
View File

@@ -0,0 +1,37 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <esp_attr.h>
#include <esp_heap_caps.h>
#include <sdkconfig.h>
#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size)
{
#ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC
return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT);
#elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC
return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT);
#else
return calloc(n, size);
#endif
}
IRAM_ATTR void esp_mbedtls_mem_free(void *ptr)
{
return heap_caps_free(ptr);
}
#endif /* !CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC */

20
components/mbedtls/port/include/esp_mem.h Normal file
View File

@@ -0,0 +1,20 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#pragma once
#include <stdlib.h>
void *esp_mbedtls_mem_calloc(size_t n, size_t size);
void esp_mbedtls_mem_free(void *ptr);

45
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -114,8 +114,13 @@
* *
* Enable this layer to allow use of alternative memory allocators. * Enable this layer to allow use of alternative memory allocators.
*/ */
#ifdef CONFIG_MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_MEMORY #define MBEDTLS_PLATFORM_MEMORY
/** Override calloc(), free() except for case where memory allocation scheme is not set to custom */
#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
#include "esp_mem.h"
#define MBEDTLS_PLATFORM_STD_CALLOC esp_mbedtls_mem_calloc
#define MBEDTLS_PLATFORM_STD_FREE esp_mbedtls_mem_free
#endif #endif
/** /**
@@ -2611,8 +2616,46 @@
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* SSL options */ /* SSL options */
#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN
#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ #define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#else
/** \def MBEDTLS_SSL_IN_CONTENT_LEN
*
* Maximum incoming fragment length in bytes.
*
* Uncomment to set the size of the inward TLS buffer independently of the
* outward buffer.
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
* Maximum outgoing fragment length in bytes.
*
* Uncomment to set the size of the outward TLS buffer independently of the
* inward buffer.
*
* It is possible to save RAM by setting a smaller outward buffer, while keeping
* the default inward 16384 byte buffer to conform to the TLS specification.
*
* The minimum required outward buffer size is determined by the handshake
* protocol's usage. Handshaking will fail if the outward buffer is too small.
* The specific size requirement depends on the configured ciphers and any
* certificate data which is sent during the handshake.
*
* For absolute minimum RAM usage, it's best to enable
* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
* reduces both incoming and outgoing buffer sizes. However this is only
* guaranteed if the other end of the connection also supports the TLS
* max_fragment_len extension. Otherwise the connection may fail.
*/
#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN
#endif /* !CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN */
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */