[Skiboot] [PATCH 3/4] crypto/mbedtls: enable/disable unnecessary features to shrink size

Mauro S. M. Rodrigues maurosr at linux.vnet.ibm.com
Fri Apr 3 03:15:31 AEDT 2020


From: Eric Richter <erichte at linux.ibm.com>

---
 libstb/crypto/mbedtls-config.h | 43 +++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git libstb/crypto/mbedtls-config.h libstb/crypto/mbedtls-config.h
index edf4acc2ea..414bbfd897 100644
--- libstb/crypto/mbedtls-config.h
+++ libstb/crypto/mbedtls-config.h
@@ -39,39 +39,40 @@
 #define MBEDTLS_HAVE_TIME
 
 /* mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
+//#define MBEDTLS_CIPHER_MODE_CFB
+//#define MBEDTLS_CIPHER_MODE_CBC
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+//#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_PK_RSA_ALT_SUPPORT
 #define MBEDTLS_PKCS1_V15
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_SELF_TEST
 #define MBEDTLS_VERSION_FEATURES
 #define MBEDTLS_X509_CHECK_KEY_USAGE
 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 
 /* mbed TLS modules */
-#define MBEDTLS_AES_C
+//#define MBEDTLS_AES_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_BASE64_C
 #define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
+//#define MBEDTLS_CCM_C
+//#define MBEDTLS_CIPHER_C
+//#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECP_C
 #define MBEDTLS_ERROR_C
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
+//#define MBEDTLS_PEM_PARSE_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
+//#define MBEDTLS_PK_WRITE_C
 #define MBEDTLS_PLATFORM_C
 #define MBEDTLS_RSA_C
 #define MBEDTLS_SHA256_C
@@ -87,12 +88,12 @@
 #define SIZE_MAX		65535	// this might need to be in libc?
 
 /* Disableable to mitigate warnings */
-#define MBEDTLS_ASN1_WRITE_C  // Expects SIZE_MAX
+//#define MBEDTLS_ASN1_WRITE_C  // Expects SIZE_MAX
 #define MBEDTLS_VERSION_C     // Possible 'const' function
 #define MBEDTLS_HMAC_DRBG_C
 
 /* Miscellaneous options and fixes*/
-#define MBEDTLS_AES_ROM_TABLES
+//#define MBEDTLS_AES_ROM_TABLES
 #define MBEDTLS_NO_UDBL_DIVISION	// Disabled due to unsupported operation
 
 #endif /* MBEDTLS_CONFIG_H */
-- 
2.25.1



More information about the Skiboot mailing list