Memory consumption - 32 KB memory buffer
We are using mbedTLS on a STM32F103 board with 96 KB RAM. The only cipher suite used is ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and the important config.h options are
- #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
- #define MBEDTLS_AES_ROM_TABLES
- #define MBEDTLS_SSL_MAX_CONTENT_LEN 2048
- #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- #define MBEDTLS_X509_USE_C
- #define MBEDTLS_X509_CRT_PARSE_C
- #define MBEDTLS_PK_C
- #define MBEDTLS_PK_PARSE_C
Self-signed certificate (342 bytes) and private key (123 bytes) are used. We need to use a 32 KB memory buffer in mbedtls_memory_buffer_alloc_init. Otherwise using a smaller buffer, the TLS is not stable and we are getting errors (eg. handshake errors). For me this size seems a bit too much having 2048+342+123 = ~2.5 KB as raw input data.
Is this buffer size a reasonable one? Could this buffer be reduced? Or could this cipher suite be the cause of this memory consumption?
I recommend you look at the following Knowledge Base Articles:
This show you how you can reduce memory and resource usage. I would focus on the
MBEDTLS_SSL_MAX_CONTENT_LEN part, and the
I hope this helps
mbed TLS Team member
I will check them.
I ran into the same issues, I've been able to safe 15Kbyte though.
I've successfully reduced the memory usage, by splitting up the input and output buffer sizes. The output buffers are under your own control, so you can configure them typically much lower than the incoming buffers.
If added a config setting MBEDTLS_SSL_MAX_OUT_CONTENT_LEN (and I typically configured it as 1024)
I'll see if I can make a pull request of this some time.
Reducing memory consumption with 15 KB would be great, thanks for hint! It was an idea to investigate the library code but I thought it would be too dangerous :)
@harmv: That would be most welcome.
FYI, OpenSSL is finally implementing "Maximum Fragment Length": https://github.com/openssl/openssl/pull/1008