feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C

Disabling this config can reduce footprint for the cases where
mbedtls_strerror() is used and hence the debug strings are getting
pulled into the application image.
This commit is contained in:
Mahavir Jain 2024-04-03 18:49:19 +05:30
parent a8f833a912
commit 7b6622b5b6
2 changed files with 29 additions and 17 deletions

View File

@ -123,7 +123,7 @@ menu "mbedTLS"
The option will decrease heap cost when handshake, but also lead to problem:
Becasue all certificate, private key and DHM data are freed so users should register
Because all certificate, private key and DHM data are freed so users should register
certificate and private key to ssl config object again.
config MBEDTLS_DYNAMIC_FREE_CA_CERT
@ -437,6 +437,17 @@ menu "mbedTLS"
These operations are used by RSA.
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
bool "Fallback to software implementation for larger MPI values"
depends on MBEDTLS_HARDWARE_MPI
default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
default n
help
Fallback to software implementation for RSA key lengths
larger than SOC_RSA_MAX_BIT_LEN. If this is not active
then the ESP will be unable to process keys greater
than SOC_RSA_MAX_BIT_LEN.
config MBEDTLS_MPI_USE_INTERRUPT
bool "Use interrupt for MPI exp-mod operations"
depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_MPI
@ -866,13 +877,13 @@ menu "mbedTLS"
bool "X.509 CRL parsing"
default y
help
Support for parsing X.509 Certifificate Revocation Lists.
Support for parsing X.509 Certificate Revocation Lists.
config MBEDTLS_X509_CSR_PARSE_C
bool "X.509 CSR parsing"
default y
help
Support for parsing X.509 Certifificate Signing Requests
Support for parsing X.509 Certificate Signing Requests
endmenu # Certificates
@ -1063,16 +1074,13 @@ menu "mbedTLS"
help
Enable the pthread wrapper layer for the threading layer.
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
bool "Fallback to software implementation for larger MPI values"
depends on MBEDTLS_HARDWARE_MPI
default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
default n
config MBEDTLS_ERROR_STRINGS
bool "Enable error code to error string conversion"
default y
help
Fallback to software implementation for RSA key lengths
larger than SOC_RSA_MAX_BIT_LEN. If this is not active
then the ESP will be unable to process keys greater
than SOC_RSA_MAX_BIT_LEN.
Enables mbedtls_strerror() for converting error codes to error strings.
Disabling this config can save some code/rodata size as the error
string conversion implementation is replaced with an empty stub.
config MBEDTLS_USE_CRYPTO_ROM_IMPL
bool "Use ROM implementation of the crypto algorithm"

View File

@ -71,7 +71,7 @@
* \def MBEDTLS_HAVE_TIME_DATE
*
* System has time.h and time(), gmtime() and the clock is correct.
* The time needs to be correct (not necesarily very accurate, but at least
* The time needs to be correct (not necessarily very accurate, but at least
* the date should be correct). This is used to verify the validity period of
* X.509 certificates.
*
@ -992,7 +992,7 @@
* functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
*
* This pair of functions allows one side of a connection to serialize the
* context associated with the connection, then free or re-use that context
* context associated with the connection, then free or reuse that context
* while the serialized state is persisted elsewhere, and finally deserialize
* that state to a live context for resuming read/write operations on the
* connection. From a protocol perspective, the state of the connection is
@ -1490,7 +1490,7 @@
* \def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
* Client-side, provides full support for session tickets (maintainance of a
* Client-side, provides full support for session tickets (maintenance of a
* session store remains the responsibility of the application, though).
* Server-side, you also need to provide callbacks for writing and parsing
* tickets, including authenticated encryption and key management. Example
@ -2072,7 +2072,11 @@
*
* This module enables mbedtls_strerror().
*/
#if CONFIG_MBEDTLS_ERROR_STRINGS
#define MBEDTLS_ERROR_C
#else
#undef MBEDTLS_ERROR_C
#endif
/**
* \def MBEDTLS_GCM_C
@ -2122,7 +2126,7 @@
*
* Requires: MBEDTLS_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
* Uncomment to enable the HMAC_DRBG random number generator.
*/
#define MBEDTLS_HMAC_DRBG_C
@ -2814,7 +2818,7 @@
/* SSL options */
#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN
#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maximum fragment length in bytes, determines the size of each of the two internal I/O buffers */
#else