Crypto: Update default Mbed Crypto config
This patch updates the default Mbed Crypto build
configuration to disable modules built by default,
in particular MD-2, MD-4, MD-5, RIPEMD-160, DES,
Camellia. Regression tests are updated to remove
the tests which involve these algorithms.
Change-Id: I4dce094271c263024373be3edf9c0daeeafd0daf
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/platform/ext/common/tfm_mbedcrypto_config.h b/platform/ext/common/tfm_mbedcrypto_config.h
index ceb4ffc..a63e471 100644
--- a/platform/ext/common/tfm_mbedcrypto_config.h
+++ b/platform/ext/common/tfm_mbedcrypto_config.h
@@ -605,7 +605,7 @@
*
* Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
*/
-#define MBEDTLS_CIPHER_MODE_XTS
+//#define MBEDTLS_CIPHER_MODE_XTS
/**
* \def MBEDTLS_CIPHER_NULL_CIPHER
@@ -778,7 +778,7 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -809,7 +809,7 @@
* See dhm.h for more details.
*
*/
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -829,7 +829,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -854,7 +854,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -882,7 +882,7 @@
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
*/
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@@ -915,7 +915,7 @@
* See dhm.h for more details.
*
*/
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -940,7 +940,7 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -964,7 +964,7 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -988,7 +988,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -1012,7 +1012,7 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -1252,7 +1252,7 @@
*
* Enable the checkup functions (*_self_test).
*/
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_SELF_TEST
/**
* \def MBEDTLS_SHA256_SMALLER
@@ -1282,7 +1282,7 @@
*
* Enable sending of all alert messages
*/
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+//#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
@@ -1327,7 +1327,7 @@
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
@@ -1345,7 +1345,7 @@
*
* Comment this macro to disable support for Extended Master Secret.
*/
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -1362,7 +1362,7 @@
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
-#define MBEDTLS_SSL_FALLBACK_SCSV
+//#define MBEDTLS_SSL_FALLBACK_SCSV
/**
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -1384,7 +1384,7 @@
*
* Comment this macro to disable 1/n-1 record splitting.
*/
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
/**
* \def MBEDTLS_SSL_RENEGOTIATION
@@ -1406,7 +1406,7 @@
* configuration of this extension).
*
*/
-#define MBEDTLS_SSL_RENEGOTIATION
+//#define MBEDTLS_SSL_RENEGOTIATION
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1435,7 +1435,7 @@
*
* Comment this macro to disable support for the max_fragment_length extension
*/
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
* \def MBEDTLS_SSL_PROTO_SSL3
@@ -1459,7 +1459,7 @@
*
* Comment this macro to disable support for TLS 1.0
*/
-#define MBEDTLS_SSL_PROTO_TLS1
+//#define MBEDTLS_SSL_PROTO_TLS1
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
@@ -1471,7 +1471,7 @@
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
-#define MBEDTLS_SSL_PROTO_TLS1_1
+//#define MBEDTLS_SSL_PROTO_TLS1_1
/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1483,7 +1483,7 @@
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
-#define MBEDTLS_SSL_PROTO_TLS1_2
+//#define MBEDTLS_SSL_PROTO_TLS1_2
/**
* \def MBEDTLS_SSL_PROTO_DTLS
@@ -1498,7 +1498,7 @@
*
* Comment this macro to disable support for DTLS
*/
-#define MBEDTLS_SSL_PROTO_DTLS
+//#define MBEDTLS_SSL_PROTO_DTLS
/**
* \def MBEDTLS_SSL_ALPN
@@ -1507,7 +1507,7 @@
*
* Comment this macro to disable support for ALPN.
*/
-#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ALPN
/**
* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1522,7 +1522,7 @@
*
* Comment this to disable anti-replay in DTLS.
*/
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1540,7 +1540,7 @@
*
* Comment this to disable support for HelloVerifyRequest.
*/
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1556,7 +1556,7 @@
*
* Comment this to disable support for clients reusing the source port.
*/
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1567,7 +1567,7 @@
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1581,7 +1581,7 @@
*
* Comment this macro to disable support for SSL session tickets
*/
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1591,7 +1591,7 @@
*
* Comment this macro to disable support for key export
*/
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS
/**
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@@ -1602,7 +1602,7 @@
*
* Comment this macro to disable support for server name indication in SSL
*/
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC
@@ -1611,7 +1611,7 @@
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
@@ -1688,7 +1688,7 @@
*
* Comment this to disable run-time checking and save ROM space
*/
-#define MBEDTLS_VERSION_FEATURES
+//#define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1747,7 +1747,7 @@
*
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
/**
* \def MBEDTLS_ZLIB_SUPPORT
@@ -1794,7 +1794,7 @@
*
* This modules adds support for the AES-NI instructions on x86-64
*/
-#define MBEDTLS_AESNI_C
+//#define MBEDTLS_AESNI_C
/**
* \def MBEDTLS_AES_C
@@ -1897,7 +1897,7 @@
* it, and considering stronger ciphers instead.
*
*/
-#define MBEDTLS_ARC4_C
+//#define MBEDTLS_ARC4_C
/**
* \def MBEDTLS_ASN1_PARSE_C
@@ -1963,7 +1963,7 @@
*
* Module: library/blowfish.c
*/
-#define MBEDTLS_BLOWFISH_C
+//#define MBEDTLS_BLOWFISH_C
/**
* \def MBEDTLS_CAMELLIA_C
@@ -2018,7 +2018,7 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
-#define MBEDTLS_CAMELLIA_C
+//#define MBEDTLS_CAMELLIA_C
/**
* \def MBEDTLS_ARIA_C
@@ -2096,7 +2096,7 @@
*
* This module is used for testing (ssl_client/server).
*/
-#define MBEDTLS_CERTS_C
+//#define MBEDTLS_CERTS_C
/**
* \def MBEDTLS_CHACHA20_C
@@ -2105,7 +2105,7 @@
*
* Module: library/chacha20.c
*/
-#define MBEDTLS_CHACHA20_C
+//#define MBEDTLS_CHACHA20_C
/**
* \def MBEDTLS_CHACHAPOLY_C
@@ -2116,7 +2116,7 @@
*
* This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
*/
-#define MBEDTLS_CHACHAPOLY_C
+//#define MBEDTLS_CHACHAPOLY_C
/**
* \def MBEDTLS_CIPHER_C
@@ -2171,7 +2171,7 @@
*
* This module provides debugging functions.
*/
-#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_DEBUG_C
/**
* \def MBEDTLS_DES_C
@@ -2200,7 +2200,7 @@
* \warning DES is considered a weak cipher and its use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
/**
* \def MBEDTLS_DHM_C
@@ -2221,7 +2221,7 @@
* See dhm.h for more details.
*
*/
-#define MBEDTLS_DHM_C
+//#define MBEDTLS_DHM_C
/**
* \def MBEDTLS_ECDH_C
@@ -2419,7 +2419,7 @@
* it, and considering stronger message digests instead.
*
*/
-#define MBEDTLS_MD2_C
+//#define MBEDTLS_MD2_C
/**
* \def MBEDTLS_MD4_C
@@ -2436,7 +2436,7 @@
* it, and considering stronger message digests instead.
*
*/
-#define MBEDTLS_MD4_C
+//#define MBEDTLS_MD4_C
/**
* \def MBEDTLS_MD5_C
@@ -2458,7 +2458,7 @@
* it, and considering stronger message digests instead.
*
*/
-#define MBEDTLS_MD5_C
+//#define MBEDTLS_MD5_C
/**
* \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
@@ -2530,7 +2530,7 @@
*
* This modules adds support for the VIA PadLock on x86.
*/
-#define MBEDTLS_PADLOCK_C
+//#define MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_PEM_PARSE_C
@@ -2683,7 +2683,7 @@
* Module: library/poly1305.c
* Caller: library/chachapoly.c
*/
-#define MBEDTLS_POLY1305_C
+//#define MBEDTLS_POLY1305_C
/**
* \def MBEDTLS_PSA_CRYPTO_C
@@ -2746,7 +2746,7 @@
* Caller: library/md.c
*
*/
-#define MBEDTLS_RIPEMD160_C
+//#define MBEDTLS_RIPEMD160_C
/**
* \def MBEDTLS_RSA_C
@@ -2831,7 +2831,7 @@
*
* Requires: MBEDTLS_SSL_CACHE_C
*/
-#define MBEDTLS_SSL_CACHE_C
+//#define MBEDTLS_SSL_CACHE_C
/**
* \def MBEDTLS_SSL_COOKIE_C
@@ -2841,7 +2841,7 @@
* Module: library/ssl_cookie.c
* Caller:
*/
-#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_COOKIE_C
/**
* \def MBEDTLS_SSL_TICKET_C
@@ -2853,7 +2853,7 @@
*
* Requires: MBEDTLS_CIPHER_C
*/
-#define MBEDTLS_SSL_TICKET_C
+//#define MBEDTLS_SSL_TICKET_C
/**
* \def MBEDTLS_SSL_CLI_C
@@ -2867,7 +2867,7 @@
*
* This module is required for SSL/TLS client support.
*/
-#define MBEDTLS_SSL_CLI_C
+//#define MBEDTLS_SSL_CLI_C
/**
* \def MBEDTLS_SSL_SRV_C
@@ -2881,7 +2881,7 @@
*
* This module is required for SSL/TLS server support.
*/
-#define MBEDTLS_SSL_SRV_C
+//#define MBEDTLS_SSL_SRV_C
/**
* \def MBEDTLS_SSL_TLS_C
@@ -2897,7 +2897,7 @@
*
* This module is required for SSL/TLS.
*/
-#define MBEDTLS_SSL_TLS_C
+//#define MBEDTLS_SSL_TLS_C
/**
* \def MBEDTLS_THREADING_C
@@ -2953,7 +2953,7 @@
*
* This module provides run-time version information.
*/
-#define MBEDTLS_VERSION_C
+//#define MBEDTLS_VERSION_C
/**
* \def MBEDTLS_X509_USE_C
@@ -2970,7 +2970,7 @@
*
* This module is required for the X.509 parsing modules.
*/
-#define MBEDTLS_X509_USE_C
+//#define MBEDTLS_X509_USE_C
/**
* \def MBEDTLS_X509_CRT_PARSE_C
@@ -2986,7 +2986,7 @@
*
* This module is required for X.509 certificate parsing.
*/
-#define MBEDTLS_X509_CRT_PARSE_C
+//#define MBEDTLS_X509_CRT_PARSE_C
/**
* \def MBEDTLS_X509_CRL_PARSE_C
@@ -3000,7 +3000,7 @@
*
* This module is required for X.509 CRL parsing.
*/
-#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_X509_CRL_PARSE_C
/**
* \def MBEDTLS_X509_CSR_PARSE_C
@@ -3014,7 +3014,7 @@
*
* This module is used for reading X.509 certificate request.
*/
-#define MBEDTLS_X509_CSR_PARSE_C
+//#define MBEDTLS_X509_CSR_PARSE_C
/**
* \def MBEDTLS_X509_CREATE_C
@@ -3027,7 +3027,7 @@
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
-#define MBEDTLS_X509_CREATE_C
+//#define MBEDTLS_X509_CREATE_C
/**
* \def MBEDTLS_X509_CRT_WRITE_C
@@ -3040,7 +3040,7 @@
*
* This module is required for X.509 certificate creation.
*/
-#define MBEDTLS_X509_CRT_WRITE_C
+//#define MBEDTLS_X509_CRT_WRITE_C
/**
* \def MBEDTLS_X509_CSR_WRITE_C
@@ -3053,7 +3053,7 @@
*
* This module is required for X.509 certificate request writing.
*/
-#define MBEDTLS_X509_CSR_WRITE_C
+//#define MBEDTLS_X509_CSR_WRITE_C
/**
* \def MBEDTLS_XTEA_C
@@ -3063,7 +3063,7 @@
* Module: library/xtea.c
* Caller:
*/
-#define MBEDTLS_XTEA_C
+//#define MBEDTLS_XTEA_C
/* \} name SECTION: mbed TLS modules */