mbedtls: update Kconfig and mbedtls_config.h

(1)remove useless checks in mbedtls_config.h (2)update Kconfig for version v3.4.0 Signed-off-by: makejian <[email protected]>
apache · Aug 25, 2023 · edffc2a · edffc2a
1 parent 94d477b
commit edffc2a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 273 deletions.
diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig
@@ -6,6 +6,7 @@
 menuconfig CRYPTO_MBEDTLS
 	bool "Mbed TLS Cryptography Library"
 	default n
+	select DEV_URANDOM
 	---help---
 		Enable support for Mbed TLS.
 
@@ -21,15 +22,21 @@ config MBEDTLS_DEBUG_C
 	---help---
 		This module provides debugging functions.
 
-config MBEDTLS_SSL_MAX_CONTENT_LEN
-	int "Maximum length (in bytes) of incoming and outgoing plaintext fragments."
+config MBEDTLS_SSL_IN_CONTENT_LEN
+	int "Maximum length (in bytes) of incoming plaintext fragments."
 	default 16384
 	---help---
-		Maximum length (in bytes) of incoming and outgoing plaintext fragments.
+		Maximum length (in bytes) of incoming plaintext fragments.
+
+config MBEDTLS_SSL_OUT_CONTENT_LEN
+	int "Maximum length (in bytes) of outgoing plaintext fragments."
+	default 16384
+	---help---
+		Maximum length (in bytes) of outgoing plaintext fragments.
 
 config MBEDTLS_SSL_SRV_C
 	bool "This module is required for SSL/TLS server support."
-	default y
+	default n
 	---help---
 		This module is required for SSL/TLS server support.
 
@@ -47,10 +54,6 @@ config MBEDTLS_AES_ROM_TABLES
 	bool "Store the AES tables in ROM."
 	default n
 
-config MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-	bool "Remove RC4 ciphersuites by default in SSL / TLS."
-	default n
-
 config MBEDTLS_NO_PLATFORM_ENTROPY
 	bool "Do not use built-in platform entropy functions."
 	default n
@@ -61,80 +64,63 @@ config MBEDTLS_ECP_RESTARTABLE
 
 config MBEDTLS_SELF_TEST
 	bool "Enable the checkup functions (*_self_test)."
-	default y
+	default n
 
 config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 	bool "Enable server-side support for clients that reconnect from the same port."
-	default n
+	default y
 
 config MBEDTLS_BLOWFISH_C
 	bool "Enable the Blowfish block cipher."
-	default n
+	default y
 
 config MBEDTLS_CAMELLIA_C
 	bool "Enable the Camellia block cipher."
-	default n
-
-config MBEDTLS_CERTS_C
-	bool "Enable the test certificates."
-	default n
+	default y
 
 config MBEDTLS_PADLOCK_C
 	bool "Enable VIA Padlock support on x86."
-	default n
+	default y if !MBEDTLS_AES_ALT
 
 config MBEDTLS_TIMING_C
 	bool "Enable the semi-portable timing interface."
 	default y
 
 config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 	bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
-	default n
+	default y
 
 config MBEDTLS_SSL_PROTO_DTLS
 	bool "Enable support for DTLS (all available versions)."
-	default n
+	default y
 
 if MBEDTLS_SSL_PROTO_DTLS
 
 config MBEDTLS_SSL_DTLS_ANTI_REPLAY
 	bool "Enable support for the anti-replay mechanism in DTLS."
-	default n
+	default y
 
 config MBEDTLS_SSL_DTLS_HELLO_VERIFY
 	bool "Enable support for HelloVerifyRequest on DTLS servers."
-	default n
-
-config MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-	bool "Enable support for a limit of records with bad MAC."
-	default n
-
-config MBEDTLS_SSL_DTLS_CONNECTION_ID
-	bool "Enable the Connection ID extension."
-	default n
-
-config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
-	bool "Enable the standard version of DTLS Connection ID feature."
-	depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
-	default n
+	default y
 
 endif # MBEDTLS_SSL_PROTO_DTLS
 
 config MBEDTLS_SSL_ALPN
 	bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
-	default n
+	default y
 
 config MBEDTLS_AESNI_C
 	bool "Enable AES-NI support on x86-64."
-	default n
+	default y if !MBEDTLS_AES_ALT
 
 config MBEDTLS_ECP_WINDOW_SIZE
 	int "Maximum window size used"
 	default 6
 
 config MBEDTLS_ECP_FIXED_POINT_OPTIM
 	bool "Enable fixed-point speed-up"
-	default n
+	default y
 
 config MBEDTLS_CMAC_C
 	bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
@@ -145,42 +131,8 @@ config MBEDTLS_NET_C
 	default y if LIBC_NETDB
 	default n if !LIBC_NETDB
 
-config MBEDTLS_ECDSA_C
-	bool "Enable the elliptic curve DSA library."
-	default n
-
-config MBEDTLS_ECP_C
-	bool "Enable the elliptic curve over GF(p) library."
-	default n
-
-config MBEDTLS_ECP_DP_SECP256R1_ENABLED
-	bool "Enables specific curves within the Elliptic Curve module."
-	default n
-
-config MBEDTLS_PEM_WRITE_C
-	bool "Enable PEM encoding / writing."
-	default n
-
-config MBEDTLS_PK_WRITE_C
-	bool "Enable the generic public (asymmetric) key writer."
-	default n
-
-config MBEDTLS_X509_CREATE_C
-	bool "Enable X.509 core for creating certificates."
-	default n
-
-config MBEDTLS_X509_CRT_WRITE_C
-	bool "Enable creating X.509 certificates."
-	select MBEDTLS_X509_CREATE_C
-	default n
-
-config MBEDTLS_X509_CSR_WRITE_C
-	bool "Enable creating X.509 Certificate Signing Requests (CSR)."
-	select MBEDTLS_X509_CREATE_C
-	default n
-
-config MBEDTLS_X509_CSR_PARSE_C
-	bool "Enable X.509 Certificate Signing Request (CSR) parsing."
+config MBEDTLS_X509_CRT_POOL
+	bool "Enable the X509 Certificate Pool"
 	default n
 
 if CRYPTO_CRYPTODEV