Move the new config optimization defines to be optional
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/configs/baremetal.h b/configs/baremetal.h
index 80ed74c..e49a52c 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -160,6 +160,10 @@
/* Fault Injection Countermeasures */
#define MBEDTLS_FI_COUNTERMEASURES
#define MBEDTLS_CCM_SHUFFLING_MASKING
+/* Further optimizations */
+#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+#define MBEDTLS_IMMEDIATE_TRANSMISSION
+#define MBEDTLS_EARLY_KEY_COMPUTATION
#if defined(MBEDTLS_USER_CONFIG_FILE)
#include MBEDTLS_USER_CONFIG_FILE
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 872899c..c675cbd 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -43,8 +43,8 @@
/**
* \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
*
- * Enable the delayed verification of server
- * certificates on the client side.
+ * Enable the delayed verification of server
+ * certificates on the client side.
*
*/
#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
@@ -1612,7 +1612,7 @@
* but not afterwards.
*
*/
-#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+//#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
/**
@@ -1622,7 +1622,7 @@
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
-#define MBEDTLS_IMMEDIATE_TRANSMISSION
+//#define MBEDTLS_IMMEDIATE_TRANSMISSION
/**
* \def MBEDTLS_EARLY_KEY_COMPUTATION
@@ -1630,9 +1630,9 @@
* Create ephemeral Diffie-Hellman key pair after
* the ClientHello has been successfully transmitted.
*
- * Requires:
+ * Requires:
*/
-#define MBEDTLS_EARLY_KEY_COMPUTATION
+//#define MBEDTLS_EARLY_KEY_COMPUTATION
/**
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 78637ba..0a013ca 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7989,7 +7989,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
/* ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify
- * to call it in ssl_cli.c rather than purely internal to ssl_tls.c.
+ * to call it in ssl_cli.c rather than purely internal to ssl_tls.c.
*/
int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl,
int authmode,
@@ -8003,7 +8003,7 @@
rs_ctx ) );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
diff --git a/scripts/config.pl b/scripts/config.pl
index af85824..f3b9da6 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -61,6 +61,10 @@
# MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY
# MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
# MBEDTLS_AES_128_BIT_MASKED
+# MBEDTLS_PLATFORM_FAULT_CALLBACKS
+# MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+# MBEDTLS_IMMEDIATE_TRANSMISSION
+# MBEDTLS_EARLY_KEY_COMPUTATION
# and any symbol beginning _ALT
#
# The baremetal configuration excludes options that require a library or
@@ -149,6 +153,9 @@
MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
MBEDTLS_AES_128_BIT_MASKED
MBEDTLS_PLATFORM_FAULT_CALLBACKS
+MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+MBEDTLS_IMMEDIATE_TRANSMISSION
+MBEDTLS_EARLY_KEY_COMPUTATION
_ALT\s*$
);