mbedtls: tune config to reduce size and improve performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2016-12-10 12:27:23 +01:00
parent 732c24a0ca
commit 64590f3c7e
1 changed files with 43 additions and 5 deletions

View File

@ -18,7 +18,7 @@
/**
* \def MBEDTLS_CIPHER_MODE_CTR
@@ -441,13 +441,13 @@
@@ -441,17 +441,17 @@
*
* Comment macros to disable the curve and functions for it
*/
@ -27,15 +27,24 @@
+//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
/**
@@ -476,8 +476,8 @@
* Requires: MBEDTLS_HMAC_DRBG_C
*
@ -101,6 +110,15 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -823,7 +823,7 @@
* This option is only useful if both MBEDTLS_SHA256_C and
* MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
*/
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
+#define MBEDTLS_ENTROPY_FORCE_SHA256
/**
* \def MBEDTLS_ENTROPY_NV_SEED
@@ -885,7 +885,7 @@
*
* Comment this macro to disable support for external private RSA keys.
@ -136,6 +154,16 @@
/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
@@ -1059,8 +1059,8 @@
* misuse/misunderstand.
*
* Comment this to disable support for renegotiation.
- */
#define MBEDTLS_SSL_RENEGOTIATION
+ */
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1234,8 +1234,8 @@
* callbacks are provided by MBEDTLS_SSL_TICKET_C.
*
@ -210,6 +238,16 @@
/**
* \def MBEDTLS_DES_C
@@ -1725,8 +1725,8 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- */
#define MBEDTLS_DES_C
+ */
/**
* \def MBEDTLS_DHM_C
@@ -1880,8 +1880,8 @@
* Requires: MBEDTLS_MD_C
*