feat(mbedtls/esp_crt_bundle): Move dummy cert to .rodata to save 408B from dram

Co-authored-by: Hanno <h.binder@web.de>
2025-08-10 04:43:33 +00:00 · 2024-10-10 12:34:32 +05:30
parent 4db9c8779f
commit 3957e59f1a
5 changed files with 43 additions and 6 deletions
--- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
+++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
@@ -1,11 +1,16 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */

 #include <string.h>
 #include "esp_mbedtls_dynamic_impl.h"
+#include "sdkconfig.h"
+
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+#include "esp_crt_bundle.h"
+#endif

 #define COUNTER_SIZE (8)
 #define CACHE_IV_SIZE (16)
@@ -532,7 +537,18 @@ void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
    if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
        mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);

+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+        /* In case of mbedtls certificate bundle, we attach a "static const"
+         * dummy cert, thus we need to avoid the write operations (memset())
+         * performed by `mbedtls_x509_crt_free()`
+         */
+        if (!esp_crt_bundle_in_use(conf->MBEDTLS_PRIVATE(ca_chain))) {
+            mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
+        }
+#else
        mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
+#endif
+
        conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
    }
 }