From 11de5142178ff34500edbb1e8c02facbdfac1d3b Mon Sep 17 00:00:00 2001 From: makejian Date: Sun, 27 Aug 2023 11:57:43 +0800 Subject: [PATCH] mbedtls: update Kconfig update Kconfig for adapting version v3.4.0 Signed-off-by: makejian --- crypto/mbedtls/Kconfig | 26 ++++++++++--------- .../mbedtls/include/mbedtls/mbedtls_config.h | 8 +++--- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig index b4b7da68b..3a80b57d1 100644 --- a/crypto/mbedtls/Kconfig +++ b/crypto/mbedtls/Kconfig @@ -21,11 +21,17 @@ config MBEDTLS_DEBUG_C ---help--- This module provides debugging functions. -config MBEDTLS_SSL_MAX_CONTENT_LEN - int "Maximum length (in bytes) of incoming and outgoing plaintext fragments." +config MBEDTLS_SSL_IN_CONTENT_LEN + int "Maximum length (in bytes) of incoming plaintext fragments." default 16384 ---help--- - Maximum length (in bytes) of incoming and outgoing plaintext fragments. + Maximum length (in bytes) of incoming plaintext fragments. + +config MBEDTLS_SSL_OUT_CONTENT_LEN + int "Maximum length (in bytes) of outgoing plaintext fragments." + default 16384 + ---help--- + Maximum length (in bytes) of outgoing plaintext fragments. config MBEDTLS_SSL_SRV_C bool "This module is required for SSL/TLS server support." @@ -47,10 +53,6 @@ config MBEDTLS_AES_ROM_TABLES bool "Store the AES tables in ROM." default n -config MBEDTLS_REMOVE_ARC4_CIPHERSUITES - bool "Remove RC4 ciphersuites by default in SSL / TLS." - default n - config MBEDTLS_NO_PLATFORM_ENTROPY bool "Do not use built-in platform entropy functions." default n @@ -61,7 +63,7 @@ config MBEDTLS_ECP_RESTARTABLE config MBEDTLS_SELF_TEST bool "Enable the checkup functions (*_self_test)." - default y + default n config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE bool "Enable server-side support for clients that reconnect from the same port." @@ -75,10 +77,6 @@ config MBEDTLS_CAMELLIA_C bool "Enable the Camellia block cipher." default n -config MBEDTLS_CERTS_C - bool "Enable the test certificates." - default n - config MBEDTLS_PADLOCK_C bool "Enable VIA Padlock support on x86." default n @@ -183,6 +181,10 @@ config MBEDTLS_X509_CSR_PARSE_C bool "Enable X.509 Certificate Signing Request (CSR) parsing." default n +config MBEDTLS_X509_CRT_POOL + bool "Enable the X509 Certificate Pool" + default n + if CRYPTO_CRYPTODEV config MBEDTLS_ALT diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h index 77e4d666b..3e810a482 100644 --- a/crypto/mbedtls/include/mbedtls/mbedtls_config.h +++ b/crypto/mbedtls/include/mbedtls/mbedtls_config.h @@ -4381,8 +4381,8 @@ * * Uncomment to set the maximum plaintext size of the incoming I/O buffer. */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN -#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN +#ifdef CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN +#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN #endif /** \def MBEDTLS_SSL_CID_IN_LEN_MAX @@ -4437,8 +4437,8 @@ * * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN -#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN +#ifdef CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN +#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN #endif /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING