Update the PSA crypto-only config.h in configs
The file was derived from an earlier version of Mbed TLS and had not been updated in a rebase of the PSA branch.
This commit is contained in:
parent
828ed149d5
commit
13187931f1
1 changed files with 56 additions and 2 deletions
|
@ -398,12 +398,45 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_AES_ROM_TABLES
|
* \def MBEDTLS_AES_ROM_TABLES
|
||||||
*
|
*
|
||||||
* Store the AES tables in ROM.
|
* Use precomputed AES tables stored in ROM.
|
||||||
|
*
|
||||||
|
* Uncomment this macro to use precomputed AES tables stored in ROM.
|
||||||
|
* Comment this macro to generate AES tables in RAM at runtime.
|
||||||
|
*
|
||||||
|
* Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
|
||||||
|
* (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
|
||||||
|
* initialization time before the first AES operation can be performed.
|
||||||
|
* It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
|
||||||
|
* MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
|
||||||
|
* performance if ROM access is slower than RAM access.
|
||||||
|
*
|
||||||
|
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
|
||||||
*
|
*
|
||||||
* Uncomment this macro to store the AES tables in ROM.
|
|
||||||
*/
|
*/
|
||||||
//#define MBEDTLS_AES_ROM_TABLES
|
//#define MBEDTLS_AES_ROM_TABLES
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_AES_FEWER_TABLES
|
||||||
|
*
|
||||||
|
* Use less ROM/RAM for AES tables.
|
||||||
|
*
|
||||||
|
* Uncommenting this macro omits 75% of the AES tables from
|
||||||
|
* ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
|
||||||
|
* by computing their values on the fly during operations
|
||||||
|
* (the tables are entry-wise rotations of one another).
|
||||||
|
*
|
||||||
|
* Tradeoff: Uncommenting this reduces the RAM / ROM footprint
|
||||||
|
* by ~6kb but at the cost of more arithmetic operations during
|
||||||
|
* runtime. Specifically, one has to compare 4 accesses within
|
||||||
|
* different tables to 4 accesses with additional arithmetic
|
||||||
|
* operations within the same table. The performance gain/loss
|
||||||
|
* depends on the system and memory details.
|
||||||
|
*
|
||||||
|
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
//#define MBEDTLS_AES_FEWER_TABLES
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||||
*
|
*
|
||||||
|
@ -470,6 +503,7 @@
|
||||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||||
|
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_ECP_NIST_OPTIM
|
* \def MBEDTLS_ECP_NIST_OPTIM
|
||||||
|
@ -1704,6 +1738,26 @@
|
||||||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Uncomment the macro to let mbed TLS use your alternate implementation of
|
||||||
|
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||||
|
* platform_util.c.
|
||||||
|
*
|
||||||
|
* mbedtls_platform_zeroize() is a widely used function across the library to
|
||||||
|
* zero a block of memory. The implementation is expected to be secure in the
|
||||||
|
* sense that it has been written to prevent the compiler from removing calls
|
||||||
|
* to mbedtls_platform_zeroize() as part of redundant code elimination
|
||||||
|
* optimizations. However, it is difficult to guarantee that calls to
|
||||||
|
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
|
||||||
|
* versions of the C language standards do not provide a secure implementation
|
||||||
|
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
|
||||||
|
* configure their own implementation of mbedtls_platform_zeroize(), for
|
||||||
|
* example by using directives specific to their compiler, features from newer
|
||||||
|
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
|
||||||
|
* their system (e.g explicit_bzero() in BSD).
|
||||||
|
*/
|
||||||
|
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||||
|
|
||||||
/* \} name SECTION: Customisation configuration options */
|
/* \} name SECTION: Customisation configuration options */
|
||||||
|
|
||||||
#include "mbedtls/check_config.h"
|
#include "mbedtls/check_config.h"
|
||||||
|
|
Loading…
Reference in a new issue