mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 07:22:33 +00:00
3223f31fd3
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36
)
194 lines
4.0 KiB
Plaintext
194 lines
4.0 KiB
Plaintext
if PACKAGE_libmbedtls
|
|
|
|
comment "Option details in source code: include/mbedtls/mbedtls_config.h"
|
|
|
|
comment "Ciphers - unselect old or less-used ciphers to reduce binary size"
|
|
|
|
config MBEDTLS_AES_C
|
|
bool "MBEDTLS_AES_C"
|
|
default y
|
|
|
|
config MBEDTLS_CAMELLIA_C
|
|
bool "MBEDTLS_CAMELLIA_C"
|
|
default n
|
|
|
|
config MBEDTLS_CCM_C
|
|
bool "MBEDTLS_CCM_C"
|
|
default n
|
|
|
|
config MBEDTLS_CMAC_C
|
|
bool "MBEDTLS_CMAC_C (old but used by hostapd)"
|
|
default y
|
|
|
|
config MBEDTLS_DES_C
|
|
bool "MBEDTLS_DES_C (old but used by hostapd)"
|
|
default y
|
|
|
|
config MBEDTLS_GCM_C
|
|
bool "MBEDTLS_GCM_C"
|
|
default y
|
|
|
|
config MBEDTLS_NIST_KW_C
|
|
bool "MBEDTLS_NIST_KW_C (old but used by hostapd)"
|
|
default y
|
|
|
|
config MBEDTLS_RIPEMD160_C
|
|
bool "MBEDTLS_RIPEMD160_C"
|
|
default n
|
|
|
|
config MBEDTLS_XTEA_C
|
|
bool "MBEDTLS_XTEA_C"
|
|
default n
|
|
|
|
config MBEDTLS_RSA_NO_CRT
|
|
bool "MBEDTLS_RSA_NO_CRT"
|
|
default y
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED"
|
|
default n
|
|
|
|
comment "Curves - unselect old or less-used curves to reduce binary size"
|
|
|
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_BP256R1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_BP384R1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
|
bool "MBEDTLS_ECP_DP_BP512R1_ENABLED"
|
|
default n
|
|
|
|
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
|
bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED"
|
|
default y
|
|
|
|
config MBEDTLS_ECP_DP_CURVE448_ENABLED
|
|
bool "MBEDTLS_ECP_DP_CURVE448_ENABLED"
|
|
default n
|
|
|
|
comment "Build Options - unselect features to reduce binary size"
|
|
|
|
config MBEDTLS_CERTS_C
|
|
bool "MBEDTLS_CERTS_C"
|
|
default n
|
|
|
|
config MBEDTLS_CIPHER_MODE_OFB
|
|
bool "MBEDTLS_CIPHER_MODE_OFB"
|
|
default n
|
|
|
|
config MBEDTLS_CIPHER_MODE_XTS
|
|
bool "MBEDTLS_CIPHER_MODE_XTS"
|
|
default n
|
|
|
|
config MBEDTLS_DEBUG_C
|
|
bool "MBEDTLS_DEBUG_C"
|
|
default n
|
|
|
|
config MBEDTLS_HKDF_C
|
|
bool "MBEDTLS_HKDF_C"
|
|
default n
|
|
|
|
config MBEDTLS_PLATFORM_C
|
|
bool "MBEDTLS_PLATFORM_C"
|
|
default n
|
|
|
|
config MBEDTLS_SELF_TEST
|
|
bool "MBEDTLS_SELF_TEST"
|
|
default n
|
|
|
|
config MBEDTLS_SSL_TRUNCATED_HMAC
|
|
bool "MBEDTLS_SSL_TRUNCATED_HMAC"
|
|
default n
|
|
|
|
config MBEDTLS_VERSION_C
|
|
bool "MBEDTLS_VERSION_C"
|
|
default n
|
|
|
|
config MBEDTLS_VERSION_FEATURES
|
|
bool "MBEDTLS_VERSION_FEATURES"
|
|
default n
|
|
|
|
comment "Build Options"
|
|
|
|
config MBEDTLS_ENTROPY_FORCE_SHA256
|
|
bool "MBEDTLS_ENTROPY_FORCE_SHA256"
|
|
default y
|
|
|
|
config MBEDTLS_SSL_RENEGOTIATION
|
|
bool "MBEDTLS_SSL_RENEGOTIATION"
|
|
default n
|
|
|
|
endif
|