Merge branch 'feat/mbedtls_size_optimization' into 'master'

Fix the increase in build size of mbedtls while upgrading to v3.x

See merge request espressif/esp-idf!34179

components/esp_security/test_apps/.build-test-rules.yml

@@ -3,3 +3,5 @@
 components/esp_security/test_apps/crypto_drivers:
   enable:
     - if: ((SOC_HMAC_SUPPORTED == 1) or (SOC_DIG_SIGN_SUPPORTED == 1)) or (SOC_KEY_MANAGER_SUPPORTED == 1)
+  depends_components:
+    - esp_security

components/hal/.build-test-rules.yml

@@ -1,6 +1,8 @@
 components/hal/test_apps/crypto:
   depends_components:
     - efuse
+    - mbedtls
+    - esp_security
 
 components/hal/test_apps/hal_i2c:
   disable:

components/mbedtls/Kconfig

@@ -667,6 +667,14 @@ menu "mbedTLS"
         help
             Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.
 
+    config MBEDTLS_SHA3_C
+        bool "Enable the SHA3 cryptographic hash algorithm"
+        default n
+        help
+            Enabling MBEDTLS_SHA3_C adds support for SHA3.
+            Enabling this configuration option increases the flash footprint
+            by almost 4KB.
+
     choice MBEDTLS_TLS_MODE
         bool "TLS Protocol Role"
         default MBEDTLS_TLS_SERVER_AND_CLIENT
@@ -1103,12 +1111,12 @@ menu "mbedTLS"
     config MBEDTLS_ECP_FIXED_POINT_OPTIM
         bool "Enable fixed-point multiplication optimisations"
         depends on MBEDTLS_ECP_C
-        default y
+        default n
         help
             This configuration option enables optimizations to speedup (about 3 ~ 4 times) the ECP
             fixed point multiplication using pre-computed tables in the flash memory.
-            Disabling this configuration option saves flash footprint (about 29KB if all Elliptic Curve selected)
-            in the application binary.
+            Enabling this configuration option increases the flash footprint
+            (about 29KB if all Elliptic Curve selected) in the application binary.
 
             # end of Elliptic Curve options
 

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -2560,6 +2560,21 @@
 #undef MBEDTLS_SHA512_C
 #endif
 
+/**
+ * \def MBEDTLS_SHA3_C
+ *
+ *  Enable the SHA3 cryptographic hash algorithm.
+ *
+ * Module:  library/sha3.c
+ *
+ * This module adds support for SHA3.
+ */
+#ifdef CONFIG_MBEDTLS_SHA3_C
+#define MBEDTLS_SHA3_C
+#else
+#undef MBEDTLS_SHA3_C
+#endif
+
 /**
  * \def MBEDTLS_SSL_CACHE_C
  *

components/mbedtls/test_apps/.build-test-rules.yml

@@ -7,5 +7,6 @@ components/mbedtls/test_apps:
     - if: CONFIG_NAME == "ecdsa_sign" and SOC_ECDSA_SUPPORTED != 1
   depends_components:
     - efuse
-  depends_filepatterns:
-    - components/mbedtls/port/ecdsa/*
+    - mbedtls
+    - esp_security
+    - esp_mm

docs/en/api-guides/performance/size.rst

@@ -194,6 +194,7 @@ These include:
 - :ref:`CONFIG_MBEDTLS_HAVE_TIME`
 - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
 - :ref:`CONFIG_MBEDTLS_SHA512_C`
+- :ref:`CONFIG_MBEDTLS_SHA3_C`
 - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`

docs/zh_CN/api-guides/performance/size.rst

@@ -194,6 +194,7 @@ MbedTLS 功能
 - :ref:`CONFIG_MBEDTLS_HAVE_TIME`
 - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC`
 - :ref:`CONFIG_MBEDTLS_SHA512_C`
+- :ref:`CONFIG_MBEDTLS_SHA3_C`
 - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`
 - :ref:`CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION`