From: Felix Fietkau <nbd@nbd.name>
Date: Sat, 10 Dec 2016 11:27:23 +0000 (+0100)
Subject: mbedtls: tune config to reduce size and improve performance
X-Git-Tag: v17.01.0-rc1~573
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=commitdiff_plain;h=64590f3c7ec8873ab976c795841571217b79a67c

mbedtls: tune config to reduce size and improve performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index 9e477ef083..72f0c91c1f 100644
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -18,7 +18,7 @@
  
  /**
   * \def MBEDTLS_CIPHER_MODE_CTR
-@@ -441,13 +441,13 @@
+@@ -441,17 +441,17 @@
   *
   * Comment macros to disable the curve and functions for it
   */
@@ -27,15 +27,24 @@
 +//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 +//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
  #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
- #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
- #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
 -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
 -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
 +//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
 +//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
  #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
- #define MBEDTLS_ECP_DP_BP256R1_ENABLED
- #define MBEDTLS_ECP_DP_BP384R1_ENABLED
+-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
++//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
++//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
++//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+ #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ 
+ /**
 @@ -476,8 +476,8 @@
   * Requires: MBEDTLS_HMAC_DRBG_C
   *
@@ -101,6 +110,15 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+@@ -823,7 +823,7 @@
+  * This option is only useful if both MBEDTLS_SHA256_C and
+  * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+  */
+-//#define MBEDTLS_ENTROPY_FORCE_SHA256
++#define MBEDTLS_ENTROPY_FORCE_SHA256
+ 
+ /**
+  * \def MBEDTLS_ENTROPY_NV_SEED
 @@ -885,7 +885,7 @@
   *
   * Comment this macro to disable support for external private RSA keys.
@@ -136,6 +154,16 @@
  
  /**
   * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+@@ -1059,8 +1059,8 @@
+  * misuse/misunderstand.
+  *
+  * Comment this to disable support for renegotiation.
+- */
+ #define MBEDTLS_SSL_RENEGOTIATION
++ */
+ 
+ /**
+  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 @@ -1234,8 +1234,8 @@
   * callbacks are provided by MBEDTLS_SSL_TICKET_C.
   *
@@ -210,6 +238,16 @@
  
  /**
   * \def MBEDTLS_DES_C
+@@ -1725,8 +1725,8 @@
+  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+  *
+  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+- */
+ #define MBEDTLS_DES_C
++ */
+ 
+ /**
+  * \def MBEDTLS_DHM_C
 @@ -1880,8 +1880,8 @@
   * Requires: MBEDTLS_MD_C
   *