From a87046704f8b45e01542b1d45a726c7839a39cee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 20 Apr 2023 17:16:48 +0800 Subject: [PATCH] Add checks if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled This commit adds configuration check in check_config.h if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled. Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled by default in scripts/config.py for full configuration. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 5 +++++ scripts/config.py | 1 + 2 files changed, 6 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c81cd1cc5..96cdb45f8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -66,6 +66,11 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && \ + !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) +#error "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif diff --git a/scripts/config.py b/scripts/config.py index ac5f77ceb..b6eac714f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -189,6 +189,7 @@ def realfull_adapter(_name, active, section): # * Options that remove features. EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long + 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options