FEAT: fine-tunning what crypto features are included in base/core/bulk builds

Oldes · Oldes · commit d70bab13b925 · 2022-05-26T14:57:26.000+02:00
diff --git a/make/rebol3.nest b/make/rebol3.nest
@@ -552,17 +552,25 @@ include-cryptography: [
 	; so far cca 183kB uncompressed (basic AES, all ellyptic curves, rsa, rc4, bignum, entropy )
 	config: INCLUDE_CRYPTOGRAPHY
 
+	define: MBEDTLS_ASN1_PARSE_C ; The generic ASN1 parser.
+	define: MBEDTLS_ASN1_WRITE_C ; The generic ASN1 writer.
+
+	define: MBEDTLS_CTR_DRBG_C ; The CTR_DRBG AES-based random generator.
+
+	define: MBEDTLS_AES_C      ; The AES block cipher.
+	define: MBEDTLS_DHM_C      ; The Diffie-Hellman-Merkle module.
+	define: MBEDTLS_ECDSA_C    ; The elliptic curve DSA library.
+	define: MBEDTLS_ECP_C      ; The elliptic curve over GF(p) library.
+	define: MBEDTLS_ECDH_C     ; The elliptic curve Diffie-Hellman library.
+	define: MBEDTLS_BIGNUM_C   ; The multi-precision integer library. Required for: RSA, ECDSA, ECP, DHM
+	define: MBEDTLS_ENTROPY_C  ; The platform-specific entropy code.
+	define: MBEDTLS_OID_C
+	define: MBEDTLS_PKCS1_V15
+
 	core-files: [
 		%core/n-crypt.c
-		
-		;%core/deprecated/u-bigint.c ;needed for RSA abd DH which is needed in TLS protocol (HTTPS)
-		;%core/deprecated/u-dh.c
-		;%core/u-poly1305.c
-		
-		;%core/deprecated/u-rsa.c
-		;%core/deprecated/u-uECC.c
-
 		%core/p-crypt.c
+
 		%core/mbedtls/aes.c
 		%core/mbedtls/asn1parse.c
 		%core/mbedtls/asn1write.c
@@ -582,29 +590,44 @@ include-cryptography: [
 	]
 
 	:include-curves-sec1
+
+	:include-rsa
+	
+	:include-cipher-mode-gcm ; By default just GCM as it is the most secure.
+
+	:include-codec-crt
+	:include-codec-der
+	:include-codec-pkix
+	:include-codec-ppk
+	:include-codec-ssh-key
+]
+
+include-cryptography-bulk: [
 	:include-curves-koblitz
 	:include-curves-brainpool
 	:include-curves-x
 
-	:include-rsa
+	:include-cipher-mode-ccm
+	:include-cipher-mode-cbc	
+
 	:include-rc4
 
 	:include-cipher-aria
 	:include-cipher-camelia
 	:include-cipher-chacha20
 	:include-cipher-chachapoly
-	:include-cipher-mode-cbc
-	:include-cipher-mode-ccm
-	:include-cipher-mode-gcm
+]
 
-	;:include-deprecated-cipher-chacha20
-	;:include-deprecated-cipher-aes
+include-cryptography-deprecated: [
+	;@@  This should not be used anymore, but keeping it here just in case...
+	%core/deprecated/u-bigint.c ;needed for RSA abd DH which is needed in TLS protocol (HTTPS)
+	%core/deprecated/u-dh.c
+	%core/deprecated/u-poly1305.c
+	%core/deprecated/u-rsa.c
+	%core/deprecated/u-uECC.c
 
-	:include-codec-crt
-	:include-codec-der
-	:include-codec-pkix
-	:include-codec-ppk
-	:include-codec-ssh-key
+	:include-deprecated-cipher-chacha20
+	:include-deprecated-cipher-aes
 ]
 
 ;- native additional checksums:                                                 
@@ -763,6 +786,9 @@ include-rebol-bulk: [
 	:include-view
 	:include-midi
 
+	; Extended crypto features
+	:include-cryptography-bulk
+
 	:include-codec-pdf
 	:include-codec-swf
 	:include-codec-gzip
diff --git a/src/include/opt-dependencies.h b/src/include/opt-dependencies.h
@@ -49,19 +49,6 @@
 	#ifdef INCLUDE_RSA
 	#define MBEDTLS_RSA_C
 	#endif
-	#define MBEDTLS_BIGNUM_C
-	#define MBEDTLS_PKCS1_V15
-	#define MBEDTLS_OID_C
-	#define MBEDTLS_ENTROPY_C
-	#define MBEDTLS_AES_C
-	#define MBEDTLS_DHM_C
-	#define MBEDTLS_CTR_DRBG_C
-	#define MBEDTLS_ECDH_C
-	#define MBEDTLS_ECP_C
-	#define MBEDTLS_ECDSA_C
-	#define MBEDTLS_ASN1_PARSE_C
-	#define MBEDTLS_ASN1_WRITE_C
-
 
 	#define MBEDTLS_CIPHER_C
 
