You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: kb/how-to/reduce-polarssl-memory-and-storage-footprint.md
+15-15Lines changed: 15 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,52 +18,52 @@ By default, Mbed TLS offers several compatibility options and frequently used fu
18
18
19
19
The memory footprint is the size of the memory needed at runtime to store variables, contexts and other runtime information.
20
20
21
-
## Multiple Precision Integers (MPIs)
21
+
###Multiple Precision Integers (MPIs)
22
22
23
-
### Reducing the maximum size of MPIs
23
+
####Reducing the maximum size of MPIs
24
24
25
25
By default, `MBEDTLS_MPI_MAX_SIZE` is set to 1024 bytes (8192 bits). If you know that you will not use larger MPIs, you can reduce `MBEDTLS_MPI_MAX_SIZE`.
26
26
27
-
### Reducing the MPI window size
27
+
####Reducing the MPI window size
28
28
29
29
By default, `mbedtls_mpi_exp_mod()` uses a sliding window size (`MBEDTLS_MPI_WINDOW_SIZE`) of up to 6. You can reduce this value down to 1, which reduces the memory used to the detriment of performance. This only has an effect if you use RSA, DHM or `mbedtls_mpi_exp_mod()` directly.
30
30
31
-
## Elliptic curves
31
+
###Elliptic curves
32
32
33
-
### Disabling unused ECP curves
33
+
####Disabling unused ECP curves
34
34
35
35
Disabling large elliptic curves that you do not use in your application saves a lot of memory.
36
36
37
-
### Reducing the maximum ECP bits
37
+
####Reducing the maximum ECP bits
38
38
39
39
By default, the `MBEDTLS_ECP_MAX_BITS` is set to `521` to support 521 bits elliptic curves. If you know that you will only use smaller curves, you can safely reduce this value. However, this only has a minimal effect on the memory used.
40
40
41
-
### Reducing the ECP window size
41
+
####Reducing the ECP window size
42
42
43
43
By default, elliptic curve multiplications use a window size (`MBEDTLS_ECP_WINDOW_SIZE`) of up to 6. You can reduce this value down to 2, which reduces the memory used to the detriment of performance. The larger the elliptic curves, the bigger the impact. See also [How to tune ECC resource usage](how-do-i-tune-elliptic-curves-resource-usage.md).
44
44
45
-
### Disabling the ECP fixed point optimizations
45
+
####Disabling the ECP fixed point optimizations
46
46
47
47
If you disable the ECP fixed point optimizations (`MBEDTLS_ECP_FIXED_POINT_OPTIM`), you lose some performance but use less memory. See also [How to tune ECC resource usage](how-do-i-tune-elliptic-curves-resource-usage.md).
48
48
49
-
## SSL/TLS
49
+
###SSL/TLS
50
50
51
-
### Reducing the SSL frame buffer
51
+
####Reducing the SSL frame buffer
52
52
53
53
By default, Mbed TLS uses a 16 KB frame buffer to hold data for incoming and outgoing frames. This is a TLS standard requirement. If you control both sides of a connection (server and client), you can reduce the maximum frame size to reduce the buffers needed to store the data. The size of this frame is determined by `MBEDTLS_SSL_MAX_CONTENT_LEN`. You can safely reduce this to a more appropriate size (such as 2 KB) if:
54
54
55
55
* Both sides support the `max_fragment_length` SSL extension (allowing reduction to under 1 KB for the buffers).
56
56
* You know the maximum size that will ever be sent in a single SSL/TLS frame (whether or not you control both sides of the connection).
57
57
58
-
## AES
58
+
###AES
59
59
60
-
### Storing AES tables in ROM
60
+
####Storing AES tables in ROM
61
61
62
62
By default, our AES implementation uses tables that are computed the first time AES is used and then stored in RAM. You can store them in ROM by enabling `MBEDTLS_AES_ROM_TABLES`. This is a RAM-ROM trade-off.
63
63
64
-
## X.509
64
+
###X.509
65
65
66
-
### Parsing X.509 certificates without copying the raw certificate data
66
+
####Parsing X.509 certificates without copying the raw certificate data
67
67
68
68
The X.509 CRT parsing APIs `mbedtls_x509_crt_parse()` and `mbedtls_x509_crt_parse_der()` create an internal copy of the raw certificate data passed to them. While this allows you to free or reuse the input buffer, it means the raw certificate data will be twice in memory at some point.
69
69
@@ -80,7 +80,7 @@ X.509 certificate context. See the [documentation](https://github.com/Mbed-TLS/m
80
80
81
81
_Example:_ If your own certificate and/or the trusted CA certificates are hardcoded in ROM, you may use `mbedtls_x509_parse_der_nocopy()` to create X.509 certificate contexts from them without an additional copy in RAM.
82
82
83
-
### Removing a peer certificate after the handshake
83
+
####Removing a peer certificate after the handshake
84
84
85
85
By default, Mbed TLS saves a copy of the peer certificate for the lifetime of an SSL session and makes it available through the public API `mbedtls_ssl_get_peer_cert()`. If the application does not need to inspect the peer certificate, disabling the compile-time option `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` saves RAM as the SSL module will not keep a copy of the peer certificate after the handshake.
86
86
The API `mbedtls_ssl_get_peer_cert()` to obtain the peer certificate is still present, but always returns `NULL`.
0 commit comments