Increased Stack Usage After Migrating to PSA Crypto (mbedTLS 4.x) #10537
Description
Summary
Hi all, after migrating from mbedTLS v3.6.5 to v4.0.0, we have observed a noticeable increase in stack usage during TLS operations. This appears to be related to the switch from the legacy mbedtls_* API to the PSA Crypto API, which uses larger operation structures.
I’d like to confirm whether this increase is expected.
System information
Mbed TLS version (number or commit id): 4.0.0
Operating system and version: ESP-IDF
Configuration (if not default, please attach mbedtls_config.h): default
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information: NA
Expected behavior
We were expecting little to no increase in the stack usage after the PSA migration.
Actual behavior
Running a TLS client example on an ESP32 shows an overall ~800-byte increase in stack usage during the TLS handshake after upgrading to mbedTLS 4.x. This difference is compared to the same example running with mbedTLS 3.6.5
Questions
- Is this stack usage increase expected as part of the PSA migration?
- Are there recommended options or configurations to reduce stack usage when using PSA Crypto?
- Are there plans to optimize PSA context sizes or allow storing them outside the stack?
Please let me know if any additional details are required or any tests needed to be run.
Thanks!