From 67cf66b4278273453f4efb68d7049b8ac0b7b6b3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 20 Sep 2023 23:19:46 +0200
Subject: [PATCH] Add a note about the code size benefits

We don't normally make promises related to code size, but this one is vague
enough (just "to benefit"), and it's what a lot of users of this option
care about.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/mbedtls_config.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index a2e10e1d1..e9354da5a 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1443,6 +1443,16 @@
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
  *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To genuinely benefit from the smaller code size of p256-m, make
+ *       sure that you do not enable any ECC-related option that requires
+ *       the built-in implementation of elliptic curve arithmetic. This
+ *       means enabling #MBEDTLS_PSA_CRYPTO_C, #MBEDTLS_PSA_CRYPTO_CONFIG,
+ *       #PSA_WANT_ECC_SECP_R1_256 and #MBEDTLS_PSA_P256M_DRIVER_ENABLED,
+ *       plus any of the `PSA_WANT_ALG_xxx` and `PSA_WANT_KEY_TYPE_xxx`
+ *       options listed above, and not enabling other ECC-related options
+ *       through `PSA_WANT_xxx` or `MBEDTLS_xxx` (in particular, not
+ *       enabling other curves or EC-JPAKE).
  */
 //#define MBEDTLS_PSA_P256M_DRIVER_ENABLED