X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Flibs%2Fmbedtls%2Fpatches%2F200-config.patch;h=ca4f4c7a32df50bfe5a94c254daa9ca2467cbe94;hb=e8f230251654edc43432c20f49ee33b67cabf6c9;hp=dcee704d2358a03fff5e807addd02769e1d481a9;hpb=8ed11ebf7ddaa4888ab6f2c3ee6b744372cc9487;p=openwrt%2Fstaging%2Fmkresin.git diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index dcee704d23..ca4f4c7a32 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -1,24 +1,23 @@ --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h -@@ -191,7 +191,7 @@ +@@ -599,14 +599,14 @@ * - * Uncomment to get errors on using deprecated functions. + * Enable Output Feedback mode (OFB) for symmetric ciphers. */ --//#define MBEDTLS_DEPRECATED_REMOVED -+#define MBEDTLS_DEPRECATED_REMOVED +-#define MBEDTLS_CIPHER_MODE_OFB ++//#define MBEDTLS_CIPHER_MODE_OFB - /* \} name SECTION: System support */ - -@@ -347,7 +347,7 @@ + /** + * \def MBEDTLS_CIPHER_MODE_XTS * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. */ --#define MBEDTLS_CIPHER_MODE_CFB -+//#define MBEDTLS_CIPHER_MODE_CFB +-#define MBEDTLS_CIPHER_MODE_XTS ++//#define MBEDTLS_CIPHER_MODE_XTS /** - * \def MBEDTLS_CIPHER_MODE_CTR -@@ -441,17 +441,17 @@ + * \def MBEDTLS_CIPHER_NULL_CIPHER +@@ -696,19 +696,19 @@ * * Comment macros to disable the curve and functions for it */ @@ -42,38 +41,30 @@ +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +-#define MBEDTLS_ECP_DP_CURVE448_ENABLED ++//#define MBEDTLS_ECP_DP_CURVE448_ENABLED /** -@@ -476,8 +476,8 @@ - * Requires: MBEDTLS_HMAC_DRBG_C + * \def MBEDTLS_ECP_NIST_OPTIM +@@ -810,7 +810,7 @@ + * See dhm.h for more details. * - * Comment this macro to disable deterministic ECDSA. -- */ - #define MBEDTLS_ECDSA_DETERMINISTIC -+ */ - - /** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -@@ -523,7 +523,7 @@ - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -@@ -542,8 +542,8 @@ - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +@@ -830,7 +830,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA -- */ - #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -+ */ + */ +-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ++//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -@@ -568,7 +568,7 @@ +@@ -855,7 +855,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA */ @@ -82,7 +73,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -@@ -695,7 +695,7 @@ +@@ -989,7 +989,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -91,7 +82,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -@@ -719,7 +719,7 @@ +@@ -1013,7 +1013,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ @@ -100,7 +91,7 @@ /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -@@ -823,7 +823,7 @@ +@@ -1117,7 +1117,7 @@ * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ @@ -109,7 +100,7 @@ /** * \def MBEDTLS_ENTROPY_NV_SEED -@@ -917,14 +917,14 @@ +@@ -1212,14 +1212,14 @@ * Uncomment this macro to disable the use of CRT in RSA. * */ @@ -126,36 +117,25 @@ /** * \def MBEDTLS_SHA256_SMALLER -@@ -940,7 +940,7 @@ +@@ -1373,7 +1373,7 @@ + * configuration of this extension). * - * Uncomment to enable the smaller implementation of SHA256. */ --//#define MBEDTLS_SHA256_SMALLER -+#define MBEDTLS_SHA256_SMALLER - - /** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES -@@ -1059,8 +1059,8 @@ - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. -- */ - #define MBEDTLS_SSL_RENEGOTIATION -+ */ +-#define MBEDTLS_SSL_RENEGOTIATION ++//#define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO -@@ -1234,8 +1234,8 @@ - * callbacks are provided by MBEDTLS_SSL_TICKET_C. +@@ -1548,7 +1548,7 @@ * * Comment this macro to disable support for SSL session tickets -- */ - #define MBEDTLS_SSL_SESSION_TICKETS -+ */ + */ +-#define MBEDTLS_SSL_SESSION_TICKETS ++//#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS -@@ -1265,7 +1265,7 @@ +@@ -1578,7 +1578,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ @@ -163,27 +143,17 @@ +//#define MBEDTLS_SSL_TRUNCATED_HMAC /** - * \def MBEDTLS_THREADING_ALT -@@ -1299,8 +1299,8 @@ - * Requires: MBEDTLS_VERSION_C + * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT +@@ -1637,7 +1637,7 @@ * * Comment this to disable run-time checking and save ROM space -- */ - #define MBEDTLS_VERSION_FEATURES -+ */ - - /** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1501,7 +1501,7 @@ - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ --#define MBEDTLS_ARC4_C -+//#define MBEDTLS_ARC4_C +-#define MBEDTLS_VERSION_FEATURES ++//#define MBEDTLS_VERSION_FEATURES /** - * \def MBEDTLS_ASN1_PARSE_C -@@ -1621,7 +1621,7 @@ + * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +@@ -1967,7 +1967,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ @@ -191,8 +161,8 @@ +//#define MBEDTLS_CAMELLIA_C /** - * \def MBEDTLS_CCM_C -@@ -1635,7 +1635,7 @@ + * \def MBEDTLS_ARIA_C +@@ -2033,7 +2033,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ @@ -201,7 +171,7 @@ /** * \def MBEDTLS_CERTS_C -@@ -1647,7 +1647,7 @@ +@@ -2045,7 +2045,7 @@ * * This module is used for testing (ssl_client/server). */ @@ -209,8 +179,8 @@ +//#define MBEDTLS_CERTS_C /** - * \def MBEDTLS_CIPHER_C -@@ -1700,7 +1700,7 @@ + * \def MBEDTLS_CHACHA20_C +@@ -2120,7 +2120,7 @@ * * This module provides debugging functions. */ @@ -219,28 +189,35 @@ /** * \def MBEDTLS_DES_C -@@ -1725,8 +1725,8 @@ - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. -- */ - #define MBEDTLS_DES_C -+ */ +@@ -2149,7 +2149,7 @@ + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + */ +-#define MBEDTLS_DES_C ++//#define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C -@@ -1880,8 +1880,8 @@ - * Requires: MBEDTLS_MD_C +@@ -2312,7 +2312,7 @@ + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +-#define MBEDTLS_HKDF_C ++//#define MBEDTLS_HKDF_C + + /** + * \def MBEDTLS_HMAC_DRBG_C +@@ -2622,7 +2622,7 @@ * - * Uncomment to enable the HMAC_DRBG random number geerator. -- */ - #define MBEDTLS_HMAC_DRBG_C -+ */ + * This module enables abstraction of common (libc) functions. + */ +-#define MBEDTLS_PLATFORM_C ++//#define MBEDTLS_PLATFORM_C /** - * \def MBEDTLS_MD_C -@@ -2158,7 +2158,7 @@ - * Caller: library/mbedtls_md.c + * \def MBEDTLS_POLY1305_C +@@ -2643,7 +2643,7 @@ + * Caller: library/md.c * */ -#define MBEDTLS_RIPEMD160_C @@ -248,37 +225,25 @@ /** * \def MBEDTLS_RSA_C -@@ -2235,8 +2235,8 @@ - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C -- */ - #define MBEDTLS_SSL_CACHE_C -+ */ - - /** - * \def MBEDTLS_SSL_COOKIE_C -@@ -2257,8 +2257,8 @@ - * Caller: +@@ -2750,7 +2750,7 @@ * * Requires: MBEDTLS_CIPHER_C -- */ - #define MBEDTLS_SSL_TICKET_C -+ */ + */ +-#define MBEDTLS_SSL_TICKET_C ++//#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C -@@ -2357,8 +2357,8 @@ - * Module: library/version.c +@@ -2850,7 +2850,7 @@ * * This module provides run-time version information. -- */ - #define MBEDTLS_VERSION_C -+ */ + */ +-#define MBEDTLS_VERSION_C ++//#define MBEDTLS_VERSION_C /** * \def MBEDTLS_X509_USE_C -@@ -2468,7 +2468,7 @@ +@@ -2960,7 +2960,7 @@ * Module: library/xtea.c * Caller: */