[Skiboot] [PATCH 03/15] crypto/mbedtls: disable unnecessary features to shrink size
Mauro S. M. Rodrigues
maurosr at linux.vnet.ibm.com
Sat Jan 25 11:14:58 AEDT 2020
From: Eric Richter <erichte at linux.ibm.com>
---
libstb/crypto/mbedtls-config.h | 44 +++++++++++++++++-----------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/libstb/crypto/mbedtls-config.h b/libstb/crypto/mbedtls-config.h
index edf4acc2e..a9ff91478 100644
--- a/libstb/crypto/mbedtls-config.h
+++ b/libstb/crypto/mbedtls-config.h
@@ -39,46 +39,46 @@
#define MBEDTLS_HAVE_TIME
/* mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
+//#define MBEDTLS_CIPHER_MODE_CBC
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+//#define MBEDTLS_ECP_NIST_OPTIM
+//#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/* mbed TLS modules */
-#define MBEDTLS_AES_C
+//#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
+//#define MBEDTLS_CCM_C
+//#define MBEDTLS_CIPHER_C
+//#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECP_C
#define MBEDTLS_ERROR_C
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
+//#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
+//#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_X509_CRL_PARSE_C
//#define MBEDTLS_CMAC_C
/* Settings to reduce/remove warnings */
@@ -87,12 +87,12 @@
#define SIZE_MAX 65535 // this might need to be in libc?
/* Disableable to mitigate warnings */
-#define MBEDTLS_ASN1_WRITE_C // Expects SIZE_MAX
+//#define MBEDTLS_ASN1_WRITE_C // Expects SIZE_MAX
#define MBEDTLS_VERSION_C // Possible 'const' function
#define MBEDTLS_HMAC_DRBG_C
/* Miscellaneous options and fixes*/
-#define MBEDTLS_AES_ROM_TABLES
+//#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_NO_UDBL_DIVISION // Disabled due to unsupported operation
#endif /* MBEDTLS_CONFIG_H */
--
2.24.1
More information about the Skiboot
mailing list