diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 88beaeb3ad..73c50c2548 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -76,7 +76,7 @@ #endif #if defined(MBEDTLS_CMAC_C) && \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) + ( !defined(MBEDTLS_CIPHER_C ) || ( !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) ) ) #error "MBEDTLS_CMAC_C defined, but not all prerequisites" #endif @@ -149,8 +149,13 @@ #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C) -#error "MBEDTLS_PKCS5_C defined, but not all prerequisites" +#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C) +#error "MBEDTLS_PKCS12_C defined, but not all prerequesites" +#endif + +#if defined(MBEDTLS_PKCS5_C) && (!defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_CIPHER_C)) +#error "MBEDTLS_PKCS5_C defined, but not all prerequesites" #endif #if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C) @@ -562,6 +567,10 @@ #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C ) +#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" #endif @@ -800,7 +809,8 @@ #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \ + !defined(MBEDTLS_USE_PSA_CRYPTO) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5ec31f774c..016b219cc9 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2115,7 +2115,8 @@ * * Module: library/ccm.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C * * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. @@ -2148,7 +2149,17 @@ * Enable the generic cipher layer. * * Module: library/cipher.c - * Caller: library/ssl_tls.c + * Caller: library/ccm.c + * library/cmac.c + * library/gcm.c + * library/nist_kw.c + * library/pkcs12.c + * library/pkcs5.c + * library/psa_crypto_aead.c + * library/psa_crypto_mac.c + * library/ssl_ciphersuites.c + * library/ssl_msg.c + * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) * * Uncomment to enable generic cipher wrappers. */ @@ -2167,7 +2178,7 @@ * * Module: library/cmac.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C * */ #define MBEDTLS_CMAC_C @@ -2346,7 +2357,8 @@ * * Module: library/gcm.c * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. @@ -2605,7 +2617,7 @@ * * Module: library/pkcs5.c * - * Requires: MBEDTLS_MD_C + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C * * This module adds support for the PKCS#5 functions. */ @@ -2663,7 +2675,8 @@ * * Module: library/psa_crypto.c * - * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * Requires: MBEDTLS_CIPHER_C, + * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * @@ -2964,7 +2977,7 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_CIPHER_C + * Requires: MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO */ #define MBEDTLS_SSL_TICKET_C diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 29a6201a72..6144c2fadc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1227,6 +1227,57 @@ component_test_crypto_full_no_md () { make test } +component_test_full_no_cipher () { + msg "build: full minus CIPHER" + scripts/config.py full + scripts/config.py unset MBEDTLS_CIPHER_C + # Direct dependencies + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CMAC_C + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_SSL_TLS_C + scripts/config.py unset MBEDTLS_SSL_TICKET_C + # Indirect dependencies + scripts/config.py unset MBEDTLS_SSL_CLI_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C + scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY + scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py unset MBEDTLS_SSL_SRV_C + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + make + + msg "test: full minus CIPHER" + make test +} + +component_test_crypto_full_no_cipher () { + msg "build: crypto_full minus CIPHER" + scripts/config.py crypto_full + scripts/config.py unset MBEDTLS_CIPHER_C + # Direct dependencies + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CMAC_C + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + # Indirect dependencies + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + make + + msg "test: crypto_full minus CIPHER" + make test +} + component_test_psa_external_rng_use_psa_crypto () { msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full