mbedtls: update Kconfig

update Kconfig for adapting version v3.4.0 Signed-off-by: makejian <[email protected]>
apache · Aug 27, 2023 · 495bc19 · 495bc19
1 parent 94d477b
commit 495bc19
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 30 deletions.
diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig
@@ -21,15 +21,21 @@ config MBEDTLS_DEBUG_C
 	---help---
 		This module provides debugging functions.
 
-config MBEDTLS_SSL_MAX_CONTENT_LEN
-	int "Maximum length (in bytes) of incoming and outgoing plaintext fragments."
+config MBEDTLS_SSL_IN_CONTENT_LEN
+	int "Maximum length (in bytes) of incoming plaintext fragments."
 	default 16384
 	---help---
-		Maximum length (in bytes) of incoming and outgoing plaintext fragments.
+		Maximum length (in bytes) of incoming plaintext fragments.
+
+config MBEDTLS_SSL_OUT_CONTENT_LEN
+	int "Maximum length (in bytes) of outgoing plaintext fragments."
+	default 16384
+	---help---
+		Maximum length (in bytes) of outgoing plaintext fragments.
 
 config MBEDTLS_SSL_SRV_C
 	bool "This module is required for SSL/TLS server support."
-	default y
+	default n
 	---help---
 		This module is required for SSL/TLS server support.
 
@@ -47,10 +53,6 @@ config MBEDTLS_AES_ROM_TABLES
 	bool "Store the AES tables in ROM."
 	default n
 
-config MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-	bool "Remove RC4 ciphersuites by default in SSL / TLS."
-	default n
-
 config MBEDTLS_NO_PLATFORM_ENTROPY
 	bool "Do not use built-in platform entropy functions."
 	default n
@@ -61,68 +63,64 @@ config MBEDTLS_ECP_RESTARTABLE
 
 config MBEDTLS_SELF_TEST
 	bool "Enable the checkup functions (*_self_test)."
-	default y
+	default n
 
 config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 	bool "Enable server-side support for clients that reconnect from the same port."
-	default n
+	default y
 
 config MBEDTLS_BLOWFISH_C
 	bool "Enable the Blowfish block cipher."
-	default n
+	default y
 
 config MBEDTLS_CAMELLIA_C
 	bool "Enable the Camellia block cipher."
-	default n
-
-config MBEDTLS_CERTS_C
-	bool "Enable the test certificates."
-	default n
+	default y
 
 config MBEDTLS_PADLOCK_C
 	bool "Enable VIA Padlock support on x86."
-	default n
+	default y if !MBEDTLS_AES_ALT
 
 config MBEDTLS_TIMING_C
 	bool "Enable the semi-portable timing interface."
 	default y
 
 config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 	bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
-	default n
+	default y
 
 config MBEDTLS_SSL_PROTO_DTLS
 	bool "Enable support for DTLS (all available versions)."
-	default n
+	default y
 
 if MBEDTLS_SSL_PROTO_DTLS
 
 config MBEDTLS_SSL_DTLS_ANTI_REPLAY
 	bool "Enable support for the anti-replay mechanism in DTLS."
-	default n
+	default y
 
 config MBEDTLS_SSL_DTLS_HELLO_VERIFY
 	bool "Enable support for HelloVerifyRequest on DTLS servers."
-	default n
+	default y
 
 config MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 	bool "Enable support for a limit of records with bad MAC."
-	default n
+	default y
 
 config MBEDTLS_SSL_DTLS_CONNECTION_ID
 	bool "Enable the Connection ID extension."
-	default n
+	default y
 
 config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
 	bool "Enable the standard version of DTLS Connection ID feature."
 	depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
-	default n
+	default y
 
 endif # MBEDTLS_SSL_PROTO_DTLS
 
 config MBEDTLS_SSL_ALPN
 	bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
-	default n
+	default y
 
 config MBEDTLS_AESNI_C
 	bool "Enable AES-NI support on x86-64."
@@ -134,7 +132,7 @@ config MBEDTLS_ECP_WINDOW_SIZE
 
 config MBEDTLS_ECP_FIXED_POINT_OPTIM
 	bool "Enable fixed-point speed-up"
-	default n
+	default y
 
 config MBEDTLS_CMAC_C
 	bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
@@ -183,6 +181,10 @@ config MBEDTLS_X509_CSR_PARSE_C
 	bool "Enable X.509 Certificate Signing Request (CSR) parsing."
 	default n
 
+config MBEDTLS_X509_CRT_POOL
+	bool "Enable the X509 Certificate Pool"
+	default n
+
 if CRYPTO_CRYPTODEV
 
 config MBEDTLS_ALT

diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h
@@ -4381,8 +4381,8 @@
  *
  * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
  */
-#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
-#define MBEDTLS_SSL_IN_CONTENT_LEN  CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
+#ifdef CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
+#define MBEDTLS_SSL_IN_CONTENT_LEN  CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
 #endif
 
 /** \def MBEDTLS_SSL_CID_IN_LEN_MAX
@@ -4437,8 +4437,8 @@
  *
  * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
  */
-#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
-#define MBEDTLS_SSL_OUT_CONTENT_LEN  CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN
+#ifdef CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN
+#define MBEDTLS_SSL_OUT_CONTENT_LEN  CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN
 #endif
 
 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING