[Skiboot] [PATCH 3/4] crypto/mbedtls: enable/disable unnecessary features to shrink size
Mauro S. M. Rodrigues
maurosr at linux.vnet.ibm.com
Fri Apr 3 03:15:31 AEDT 2020
From: Eric Richter <erichte at linux.ibm.com>
---
libstb/crypto/mbedtls-config.h | 43 +++++++++++++++++-----------------
1 file changed, 22 insertions(+), 21 deletions(-)
diff --git libstb/crypto/mbedtls-config.h libstb/crypto/mbedtls-config.h
index edf4acc2ea..414bbfd897 100644
--- libstb/crypto/mbedtls-config.h
+++ libstb/crypto/mbedtls-config.h
@@ -39,39 +39,40 @@
#define MBEDTLS_HAVE_TIME
/* mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
+//#define MBEDTLS_CIPHER_MODE_CFB
+//#define MBEDTLS_CIPHER_MODE_CBC
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+//#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/* mbed TLS modules */
-#define MBEDTLS_AES_C
+//#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
+//#define MBEDTLS_CCM_C
+//#define MBEDTLS_CIPHER_C
+//#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECP_C
#define MBEDTLS_ERROR_C
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
+//#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
+//#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
@@ -87,12 +88,12 @@
#define SIZE_MAX 65535 // this might need to be in libc?
/* Disableable to mitigate warnings */
-#define MBEDTLS_ASN1_WRITE_C // Expects SIZE_MAX
+//#define MBEDTLS_ASN1_WRITE_C // Expects SIZE_MAX
#define MBEDTLS_VERSION_C // Possible 'const' function
#define MBEDTLS_HMAC_DRBG_C
/* Miscellaneous options and fixes*/
-#define MBEDTLS_AES_ROM_TABLES
+//#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_NO_UDBL_DIVISION // Disabled due to unsupported operation
#endif /* MBEDTLS_CONFIG_H */
--
2.25.1
More information about the Skiboot
mailing list