[22/23] mbedtls: disable the unused features

Message ID	20240416190019.81016-23-raymond.mao@linaro.org
State	RFC
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Raymond Mao <raymond.mao@linaro.org> To: u-boot@lists.denx.de Cc: raymond.mao@linaro.org, trini@konsulko.com, ilias.apalodimas@linaro.org, xypron.glpk@gmx.de Subject: [PATCH 22/23] mbedtls: disable the unused features Date: Tue, 16 Apr 2024 12:00:18 -0700 Message-Id: <20240416190019.81016-23-raymond.mao@linaro.org> In-Reply-To: <20240416190019.81016-1-raymond.mao@linaro.org> References: <20240416190019.81016-1-raymond.mao@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	Integrate MbedTLS v3.6 LTS with U-Boot \| expand [00/23,RFC] Integrate MbedTLS v3.6 LTS with U-Boot [02/23] mbedtls/external: add MbedTLS (Part 2) [03/23] mbedtls: add mbedtls into the build system [04/23] arm: EFI linker script text section alignment [05/23] test: py: add sudo for virt-make-fs [06/23] image: remove redundant hash includes [07/23] efi_loader: remove redundant hash includes [08/23] mbedtls: add hash shim layer [09/23] hash: integrate hash on mbedtls [10/23] makefile: add mbedtls include directories [11/23] efi_loader: switch sha256 to mbedtls [12/23] image: switch sha256 to mbedtls [13/23] mbedtls/external: support MicroSoft Authentication Code [14/23] mbedtls/external: support PKCS9 Authenticate Attributes [15/23] mbedtls/external: support decoding multiple signer's cert [16/23] mbedtls/external: update MbedTLS PKCS7 test suites [17/23] lib/crypto: Port public_key on MbedTLS [18/23] lib/crypto: Port x509_cert_parser on MbedTLS [19/23] lib/crypto: port PKCS7 parser on MbedTLS [20/23] lib/crypto: port MSCode parser on MbedTLS [21/23] lib/crypto: remove dependence on ASN1 decoder [22/23] mbedtls: disable the unused features [23/23] configs: enable MbedTLS as default setting

diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index 6e6d66716a..2a31ad7603 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -49,7 +49,7 @@ * * Comment to disable the use of assembly code. */ -#define MBEDTLS_HAVE_ASM +//#define MBEDTLS_HAVE_ASM /** * \def MBEDTLS_NO_UDBL_DIVISION @@ -650,35 +650,35 @@ * * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_CBC +//#define MBEDTLS_CIPHER_MODE_CBC /** * \def MBEDTLS_CIPHER_MODE_CFB * * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_CFB +//#define MBEDTLS_CIPHER_MODE_CFB /** * \def MBEDTLS_CIPHER_MODE_CTR * * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_CTR +//#define MBEDTLS_CIPHER_MODE_CTR /** * \def MBEDTLS_CIPHER_MODE_OFB * * Enable Output Feedback mode (OFB) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_OFB +//#define MBEDTLS_CIPHER_MODE_OFB /** * \def MBEDTLS_CIPHER_MODE_XTS * * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. */ -#define MBEDTLS_CIPHER_MODE_XTS +//#define MBEDTLS_CIPHER_MODE_XTS /** * \def MBEDTLS_CIPHER_NULL_CIPHER @@ -757,20 +757,20 @@ * Comment macros to disable the curve and functions for it */ /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP192R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP224R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP256R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP384R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP521R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP192K1_ENABLED +// #define MBEDTLS_ECP_DP_SECP224K1_ENABLED +// #define MBEDTLS_ECP_DP_SECP256K1_ENABLED +// #define MBEDTLS_ECP_DP_BP256R1_ENABLED +// #define MBEDTLS_ECP_DP_BP384R1_ENABLED +// #define MBEDTLS_ECP_DP_BP512R1_ENABLED /* Montgomery curves (supporting ECP) */ -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED +// #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +// #define MBEDTLS_ECP_DP_CURVE448_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -781,7 +781,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -#define MBEDTLS_ECP_NIST_OPTIM +// #define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECP_RESTARTABLE @@ -858,7 +858,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -#define MBEDTLS_ECDSA_DETERMINISTIC +// #define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -878,7 +878,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -907,7 +907,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -925,7 +925,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -948,7 +948,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -1005,7 +1005,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1030,7 +1030,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -1054,7 +1054,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -1078,7 +1078,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1102,7 +1102,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -1139,7 +1139,7 @@ * * Disable if you only need to support RFC 5915 + 5480 key formats. */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED +// #define MBEDTLS_PK_PARSE_EC_EXTENDED /** * \def MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -1152,7 +1152,7 @@ * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and * MBEDTLS_ECP_DP_SECP224K1. */ -#define MBEDTLS_PK_PARSE_EC_COMPRESSED +// #define MBEDTLS_PK_PARSE_EC_COMPRESSED /** * \def MBEDTLS_ERROR_STRERROR_DUMMY @@ -1167,7 +1167,7 @@ * Disable if you run into name conflicts and want to really remove the * mbedtls_strerror() */ -#define MBEDTLS_ERROR_STRERROR_DUMMY +// #define MBEDTLS_ERROR_STRERROR_DUMMY /** * \def MBEDTLS_GENPRIME @@ -1176,7 +1176,7 @@ * * Requires: MBEDTLS_BIGNUM_C */ -#define MBEDTLS_GENPRIME +// #define MBEDTLS_GENPRIME /** * \def MBEDTLS_FS_IO @@ -1296,7 +1296,7 @@ * * Comment this macro to disable support for external private RSA keys. */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT +// #define MBEDTLS_PK_RSA_ALT_SUPPORT /** * \def MBEDTLS_PKCS1_V15 @@ -1484,7 +1484,7 @@ * * Enable the checkup functions (*_self_test). */ -#define MBEDTLS_SELF_TEST +// #define MBEDTLS_SELF_TEST /** * \def MBEDTLS_SHA256_SMALLER @@ -1524,7 +1524,7 @@ * * Enable sending of all alert messages */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +// #define MBEDTLS_SSL_ALL_ALERT_MESSAGES /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID @@ -1548,7 +1548,7 @@ * * Uncomment to enable the Connection ID extension. */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID +// #define MBEDTLS_SSL_DTLS_CONNECTION_ID /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT @@ -1570,7 +1570,7 @@ * * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 +// #define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 /** * \def MBEDTLS_SSL_ASYNC_PRIVATE @@ -1611,7 +1611,7 @@ * * Comment to disable the context serialization APIs. */ -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION +// #define MBEDTLS_SSL_CONTEXT_SERIALIZATION /** * \def MBEDTLS_SSL_DEBUG_ALL @@ -1643,7 +1643,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +// #define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -1659,7 +1659,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +// #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE @@ -1683,7 +1683,7 @@ * Comment this macro to disable storing the peer's certificate * after the handshake. */ -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +// #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE /** * \def MBEDTLS_SSL_RENEGOTIATION @@ -1707,7 +1707,7 @@ * configuration of this extension). * */ -#define MBEDTLS_SSL_RENEGOTIATION +// #define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -1716,7 +1716,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +// #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT @@ -1773,7 +1773,7 @@ * * Uncomment this macro to enable the support for TLS 1.3. */ -//#define MBEDTLS_SSL_PROTO_TLS1_3 +// #define MBEDTLS_SSL_PROTO_TLS1_3 /** * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -1807,7 +1807,7 @@ * effect on the build. * */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +// #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED /** * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -1825,7 +1825,7 @@ * effect on the build. * */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +// #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED /** * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED @@ -1839,7 +1839,7 @@ * have any effect on the build. * */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +// #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED /** * \def MBEDTLS_SSL_EARLY_DATA @@ -1873,7 +1873,7 @@ * * Comment this macro to disable support for DTLS */ -#define MBEDTLS_SSL_PROTO_DTLS +// #define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1882,7 +1882,7 @@ * * Comment this macro to disable support for ALPN. */ -#define MBEDTLS_SSL_ALPN +// #define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1897,7 +1897,7 @@ * * Comment this to disable anti-replay in DTLS. */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +// #define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1915,7 +1915,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +// #define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_SRTP @@ -1962,7 +1962,7 @@ * * Comment this to disable support for clients reusing the source port. */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +// #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1976,7 +1976,7 @@ * * Comment this macro to disable support for SSL session tickets */ -#define MBEDTLS_SSL_SESSION_TICKETS +// #define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1987,7 +1987,7 @@ * * Comment this macro to disable support for server name indication in SSL */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION +// #define MBEDTLS_SSL_SERVER_NAME_INDICATION /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -2150,7 +2150,7 @@ * * Comment this to disable run-time checking and save ROM space */ -#define MBEDTLS_VERSION_FEATURES +// #define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK @@ -2232,7 +2232,7 @@ * * This modules adds support for the AES-NI instructions on x86. */ -#define MBEDTLS_AESNI_C +// #define MBEDTLS_AESNI_C /** * \def MBEDTLS_AESCE_C @@ -2331,7 +2331,7 @@ * * PEM_PARSE uses AES for decrypting encrypted keys. */ -#define MBEDTLS_AES_C +// #define MBEDTLS_AES_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -2371,7 +2371,7 @@ * * This module is required for PEM support (required by X.509). */ -#define MBEDTLS_BASE64_C +// #define MBEDTLS_BASE64_C /** * \def MBEDTLS_BIGNUM_C @@ -2446,7 +2446,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_CAMELLIA_C +// #define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_ARIA_C @@ -2498,7 +2498,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ -#define MBEDTLS_ARIA_C +// #define MBEDTLS_ARIA_C /** * \def MBEDTLS_CCM_C @@ -2513,7 +2513,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -#define MBEDTLS_CCM_C +// #define MBEDTLS_CCM_C /** * \def MBEDTLS_CHACHA20_C @@ -2522,7 +2522,7 @@ * * Module: library/chacha20.c */ -#define MBEDTLS_CHACHA20_C +// #define MBEDTLS_CHACHA20_C /** * \def MBEDTLS_CHACHAPOLY_C @@ -2533,7 +2533,7 @@ * * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C */ -#define MBEDTLS_CHACHAPOLY_C +// #define MBEDTLS_CHACHAPOLY_C /** * \def MBEDTLS_CIPHER_C @@ -2573,7 +2573,7 @@ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C * */ -#define MBEDTLS_CMAC_C +// #define MBEDTLS_CMAC_C /** * \def MBEDTLS_CTR_DRBG_C @@ -2595,7 +2595,7 @@ * * This module provides the CTR_DRBG AES random number generator. */ -#define MBEDTLS_CTR_DRBG_C +// #define MBEDTLS_CTR_DRBG_C /** * \def MBEDTLS_DEBUG_C @@ -2610,7 +2610,7 @@ * * This module provides debugging functions. */ -#define MBEDTLS_DEBUG_C +// #define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -2626,7 +2626,7 @@ * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers instead. */ -#define MBEDTLS_DES_C +// #define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -2648,7 +2648,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_DHM_C +// #define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -2666,7 +2666,7 @@ * * Requires: MBEDTLS_ECP_C */ -#define MBEDTLS_ECDH_C +// #define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -2683,7 +2683,7 @@ * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a * short Weierstrass curve. */ -#define MBEDTLS_ECDSA_C +// #define MBEDTLS_ECDSA_C /** * \def MBEDTLS_ECJPAKE_C @@ -2705,7 +2705,7 @@ * \warning If using a hash that is only provided by PSA drivers, you must * call psa_crypto_init() before doing any EC J-PAKE operations. */ -#define MBEDTLS_ECJPAKE_C +// #define MBEDTLS_ECJPAKE_C /** * \def MBEDTLS_ECP_C @@ -2719,7 +2719,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -#define MBEDTLS_ECP_C +// #define MBEDTLS_ECP_C /** * \def MBEDTLS_ENTROPY_C @@ -2760,7 +2760,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -#define MBEDTLS_GCM_C +// #define MBEDTLS_GCM_C /** * \def MBEDTLS_HKDF_C @@ -2775,7 +2775,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -#define MBEDTLS_HKDF_C +// #define MBEDTLS_HKDF_C /** * \def MBEDTLS_HMAC_DRBG_C @@ -2789,7 +2789,7 @@ * * Uncomment to enable the HMAC_DRBG random number generator. */ -#define MBEDTLS_HMAC_DRBG_C +// #define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_LMS_C @@ -2828,7 +2828,7 @@ * * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C */ -#define MBEDTLS_NIST_KW_C +// #define MBEDTLS_NIST_KW_C /** * \def MBEDTLS_MD_C @@ -2861,7 +2861,7 @@ * * Uncomment to enable generic message digest wrappers. */ -//#define MBEDTLS_MD_C +#define MBEDTLS_MD_C /** * \def MBEDTLS_MD5_C @@ -2956,7 +2956,7 @@ * * This modules adds support for the VIA PadLock on x86. */ -#define MBEDTLS_PADLOCK_C +// #define MBEDTLS_PADLOCK_C /** * \def MBEDTLS_PEM_PARSE_C @@ -2978,7 +2978,7 @@ * * This modules adds support for decoding / parsing PEM files. */ -#define MBEDTLS_PEM_PARSE_C +// #define MBEDTLS_PEM_PARSE_C /** * \def MBEDTLS_PEM_WRITE_C @@ -2994,7 +2994,7 @@ * * This modules adds support for encoding / writing PEM files. */ -#define MBEDTLS_PEM_WRITE_C +// #define MBEDTLS_PEM_WRITE_C /** * \def MBEDTLS_PK_C @@ -3058,7 +3058,7 @@ * * This module adds support for the PKCS#5 functions. */ -#define MBEDTLS_PKCS5_C +// #define MBEDTLS_PKCS5_C /** * \def MBEDTLS_PKCS7_C @@ -3093,7 +3093,7 @@ * * This module enables PKCS#12 functions. */ -#define MBEDTLS_PKCS12_C +// #define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -3113,7 +3113,7 @@ * * This module enables abstraction of common (libc) functions. */ -#define MBEDTLS_PLATFORM_C +// #define MBEDTLS_PLATFORM_C /** * \def MBEDTLS_POLY1305_C @@ -3123,7 +3123,7 @@ * Module: library/poly1305.c * Caller: library/chachapoly.c */ -#define MBEDTLS_POLY1305_C +// #define MBEDTLS_POLY1305_C /** * \def MBEDTLS_PSA_CRYPTO_C @@ -3190,7 +3190,7 @@ * Caller: library/md.c * */ -#define MBEDTLS_RIPEMD160_C +// #define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -3433,7 +3433,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -#define MBEDTLS_SSL_CACHE_C +// #define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -3443,7 +3443,7 @@ * Module: library/ssl_cookie.c * Caller: */ -#define MBEDTLS_SSL_COOKIE_C +// #define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -3456,7 +3456,7 @@ * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ -#define MBEDTLS_SSL_TICKET_C +// #define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -3470,7 +3470,7 @@ * * This module is required for SSL/TLS client support. */ -#define MBEDTLS_SSL_CLI_C +// #define MBEDTLS_SSL_CLI_C /** * \def MBEDTLS_SSL_SRV_C @@ -3484,7 +3484,7 @@ * * This module is required for SSL/TLS server support. */ -#define MBEDTLS_SSL_SRV_C +// #define MBEDTLS_SSL_SRV_C /** * \def MBEDTLS_SSL_TLS_C @@ -3557,7 +3557,7 @@ * * This module provides run-time version information. */ -#define MBEDTLS_VERSION_C +// #define MBEDTLS_VERSION_C /** * \def MBEDTLS_X509_USE_C

[22/23] mbedtls: disable the unused features

Commit Message

Patch