Add checks if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled

This commit adds configuration check in check_config.h if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled. Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled by default in scripts/config.py for full configuration. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-04-20 17:16:48 +08:00 · 2023-04-20 17:16:48 +08:00 · a87046704f
commit a87046704f
parent b1c626b5c6
2 changed files with 6 additions and 0 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -66,6 +66,11 @@
 #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
 #endif

+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && \
+    !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#error "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
--- a/scripts/config.py
+++ b/scripts/config.py
@ -189,6 +189,7 @@ def realfull_adapter(_name, active, section):
 # * Options that remove features.
 EXCLUDE_FROM_FULL = frozenset([
    #pylint: disable=line-too-long
+    'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
    'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
    'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
    'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options