Merge branch 'feat/mbedtls_size_optimization_v5.3' into 'release/v5.3'

Fix the increase in build size of mbedtls while upgrading to v3.x (v5.3) See merge request espressif/esp-idf!34252
espressif · Oct 28, 2024 · 921a8a7 · 921a8a7
2 parents d926a92 + 18998dd
commit 921a8a7
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 3 deletions.
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -667,6 +667,14 @@ menu "mbedTLS"
         help
             Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.
 
+    config MBEDTLS_SHA3_C
+        bool "Enable the SHA3 cryptographic hash algorithm"
+        default n
+        help
+            Enabling MBEDTLS_SHA3_C adds support for SHA3.
+            Enabling this configuration option increases the flash footprint
+            by almost 4KB.
+
     choice MBEDTLS_TLS_MODE
         bool "TLS Protocol Role"
         default MBEDTLS_TLS_SERVER_AND_CLIENT
@@ -1086,12 +1094,12 @@ menu "mbedTLS"
     config MBEDTLS_ECP_FIXED_POINT_OPTIM
         bool "Enable fixed-point multiplication optimisations"
         depends on MBEDTLS_ECP_C
-        default y
+        default n
         help
             This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP
             fixed point multiplication using pre-computed tables in the flash memory.
-            Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected)
-            in the application binary.
+            Enabling this configuration option increases the flash footprint
+            (about 29KB if all Elliptic Curve selected) in the application binary.
 
             # end of Elliptic Curve options
 

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2531,6 +2531,21 @@
 #undef MBEDTLS_SHA512_C
 #endif
 
+/**
+ * \def MBEDTLS_SHA3_C
+ *
+ *  Enable the SHA3 cryptographic hash algorithm.
+ *
+ * Module:  library/sha3.c
+ *
+ * This module adds support for SHA3.
+ */
+#ifdef CONFIG_MBEDTLS_SHA3_C
+#define MBEDTLS_SHA3_C
+#else
+#undef MBEDTLS_SHA3_C
+#endif
+
 /**
  * \def MBEDTLS_SSL_CACHE_C
  *

diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst
@@ -491,6 +491,7 @@ These include:
 - :ref:`CONFIG_MBEDTLS_HAVE_TIME`
 - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
 - :ref:`CONFIG_MBEDTLS_SHA512_C`
+- :ref:`CONFIG_MBEDTLS_SHA3_C`
 - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`

diff --git a/docs/zh_CN/api-guides/performance/size.rst b/docs/zh_CN/api-guides/performance/size.rst
@@ -491,6 +491,7 @@ MbedTLS 功能
 - :ref:`CONFIG_MBEDTLS_HAVE_TIME`
 - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
 - :ref:`CONFIG_MBEDTLS_SHA512_C`
+- :ref:`CONFIG_MBEDTLS_SHA3_C`
 - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`