Merge branch 'feature/mbedtls_dynamic_memory_v3.3' into 'release/v3.3'

feat(mbedtls): Add dynamic buffer and local resource managment to decrease SSL heap cost (backport v3.3)

See merge request sdk/ESP8266_RTOS_SDK!1412

Author: donghengqaz

components/mbedtls/CMakeLists.txt

@@ -19,8 +19,18 @@ set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls})
 set(mbedtls_targets mbedtls mbedcrypto mbedx509)
 
 # Add port files to mbedtls targets
-target_sources(mbedtls PRIVATE  "${COMPONENT_DIR}/port/mbedtls_debug.c"
-                                "${COMPONENT_DIR}/port/net_sockets.c")
+set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c"
+                           "${COMPONENT_DIR}/port/net_sockets.c")
+
+if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
+set(mbedtls_target_sources ${mbedtls_target_sources}
+                           "${COMPONENT_DIR}/port/dynamic/esp_mbedtls_dynamic_impl.c"
+                           "${COMPONENT_DIR}/port/dynamic/esp_ssl_cli.c"
+                           "${COMPONENT_DIR}/port/dynamic/esp_ssl_srv.c"
+                           "${COMPONENT_DIR}/port/dynamic/esp_ssl_tls.c")
+endif()
+
+target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
 
 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c"
                                   "${COMPONENT_DIR}/port/esp_mem.c"
@@ -30,9 +40,27 @@ target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c"
                                   "${COMPONENT_DIR}/port/esp8266/sha256.c"
                                   "${COMPONENT_DIR}/port/esp8266/sha512.c")
 
+
 foreach(target ${mbedtls_targets})
     target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DCONFIG_SSL_USING_MBEDTLS)
 endforeach()
 
+if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
+    set(WRAP_FUNCTIONS
+        mbedtls_ssl_handshake_client_step
+        mbedtls_ssl_handshake_server_step
+        mbedtls_ssl_read
+        mbedtls_ssl_write
+        mbedtls_ssl_session_reset
+        mbedtls_ssl_free
+        mbedtls_ssl_setup
+        mbedtls_ssl_send_alert_message
+        mbedtls_ssl_close_notify)
+
+    foreach(wrap ${WRAP_FUNCTIONS})
+        target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=${wrap}")
+    endforeach()
+endif()
+
 # Link mbedtls libraries to component library
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})

components/mbedtls/Kconfig

@@ -81,6 +81,40 @@ menu "mbedTLS"
             This defines maximum outgoing fragment length, overriding default
             maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
 
+    config MBEDTLS_DYNAMIC_BUFFER
+        bool "Using dynamic TX/RX buffer"
+        default n
+        select MBEDTLS_ASYMMETRIC_CONTENT_LEN
+        help
+            Using dynamic TX/RX buffer. After enabling this option, mbedTLS will
+            allocate TX buffer when need to send data and then free it if all data
+            is sent, allocate RX buffer when need to receive data and then free it
+            when all data is used or read by upper layer.
+
+            By default, when SSL is initialized, mbedTLS also allocate TX and
+            RX buffer with the default value of "MBEDTLS_SSL_OUT_CONTENT_LEN" or
+            "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set
+            the options to be an appropriate value.
+
+    config MBEDTLS_DYNAMIC_FREE_PEER_CERT
+        bool "Free SSL peer certificate after its usage"
+        default n
+        depends on MBEDTLS_DYNAMIC_BUFFER
+        help
+            Free peer certificate after its usage in handshake process.
+
+    config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
+        bool "Free certificate, key and DHM data after its usage"
+        default n
+        depends on MBEDTLS_DYNAMIC_BUFFER
+        help
+            Free certificate, private key and DHM data after its usage in handshake process.
+
+            The option will decrease heap cost when handshake, but also lead to problem:
+
+            Becasue all certificate, private key and DHM data are freed so users should register
+            certificate and private key to ssl config object again.
+
     config MBEDTLS_DEBUG
         bool "Enable mbedTLS debugging"
         default n

components/mbedtls/component.mk

@@ -10,3 +10,22 @@ COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
 
 COMPONENT_SUBMODULES += mbedtls
 
+ifdef CONFIG_MBEDTLS_DYNAMIC_BUFFER
+
+WRAP_FUNCTIONS = mbedtls_ssl_handshake_client_step \
+                 mbedtls_ssl_handshake_server_step \
+                 mbedtls_ssl_read \
+                 mbedtls_ssl_write \
+                 mbedtls_ssl_session_reset \
+                 mbedtls_ssl_free \
+                 mbedtls_ssl_setup \
+                 mbedtls_ssl_send_alert_message \
+                 mbedtls_ssl_close_notify
+
+WRAP_ARGUMENT := -Wl,--wrap=
+
+COMPONENT_ADD_LDFLAGS = -l$(COMPONENT_NAME) $(addprefix $(WRAP_ARGUMENT),$(WRAP_FUNCTIONS))
+
+COMPONENT_SRCDIRS += port/dynamic
+
+endif