On a project at my company, we're using mbedtls to encrypt and sign our data. We began the project with mbedtls 2.2.6, and have continuously upgraded until now, 3.6.0.
I've noticed my application has grown greatly since then, even though we are only using the following APIs:
Encryption:(only decryption on the embedded side)
- mbedtls_aes_init
- mbedtls_aes_setkey_dec
- mbedtls_aes_crypt_cbc
Signing (only verification on the embedded side)
- mbedtls_ecp_point_read_binary
- mbedtls_sha256_init/free
- mbedtls_sha256_starts_ret
- mbedtls_sha256_update_ret
- mbedtls_sha256_finish_ret
- mbedtls_ecdsa_init/free
- mbedtls_ecp_group_load
- mbedtls_ecdsa_read_signature
The size of libembedcrypto.a has grown from under 400K to almost 800K. I've tried reducing it with mbedtls_config,h, but it is not entirely clear to me which #defines do what. I tried one of the sample configs which by it;s name looked promising (crypto-config-ccm-aes-sha256.h), and it reduced the size of the library by 90%, but left me with link errors for all of the above functions. Going one #define at a time manually to see if it saves or grows is slow, and so I hoped I could find some assistance here.
Thanks in advance