diff --git a/scripts/config.py b/scripts/config.py index e3ecfc62e6..b4edb65247 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -232,6 +232,35 @@ def baremetal_adapter(name, active, section): return True return include_in_full(name) and keep_in_baremetal(name) +def include_in_crypto(name): + """Rules for symbols in a crypto configuration.""" + if name.startswith('MBEDTLS_X509_') or \ + name.startswith('MBEDTLS_SSL_') or \ + name.startswith('MBEDTLS_KEY_EXCHANGE_'): + return False + if name in [ + 'MBEDTLS_CERTS_C', + 'MBEDTLS_DEBUG_C', + 'MBEDTLS_NET_C', + 'MBEDTLS_PKCS11_C', + ]: + return False + return True + +def crypto_adapter(adapter): + """Modify an adapter to disable non-crypto symbols. + + ``crypto_adapter(adapter)(name, active, section)`` is like + ``adapter(name, active, section)``, but unsets all X.509 and TLS symbols. + """ + def continuation(name, active, section): + if not include_in_crypto(name): + return False + if adapter is None: + return active + return adapter(name, active, section) + return continuation + class ConfigFile(Config): """Representation of the Mbed TLS configuration read for a file. @@ -396,6 +425,14 @@ if __name__ == '__main__': add_adapter('realfull', realfull_adapter, """Uncomment all boolean #defines. Suitable for generating documentation, but not for building.""") + add_adapter('crypto', crypto_adapter(None), + """Only include crypto features. Exclude X.509 and TLS.""") + add_adapter('crypto_baremetal', crypto_adapter(baremetal_adapter), + """Like baremetal, but with only crypto features, + excluding X.509 and TLS.""") + add_adapter('crypto_full', crypto_adapter(full_adapter), + """Like full, but with only crypto features, + excluding X.509 and TLS.""") args = parser.parse_args() config = ConfigFile(args.file) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d21f1cee5e..2350dc7789 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -899,6 +899,33 @@ component_build_deprecated () { make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests } +# Check that the specified libraries exist and are empty. +are_empty_libraries () { + nm "$@" >/dev/null 2>/dev/null + ! nm "$@" 2>/dev/null | grep -v ':$' | grep . +} + +component_build_crypto_default () { + msg "build: make, crypto only" + scripts/config.py crypto + make CFLAGS='-O1 -Werror' + if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* +} + +component_build_crypto_full () { + msg "build: make, crypto only, full config" + scripts/config.py crypto_full + make CFLAGS='-O1 -Werror' + if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* +} + +component_build_crypto_baremetal () { + msg "build: make, crypto only, baremetal config" + scripts/config.py crypto_baremetal + make CFLAGS='-O1 -Werror' + if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.* +} + component_test_depends_curves () { msg "test/build: curves.pl (gcc)" # ~ 4 min record_status tests/scripts/curves.pl diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 7b369bb876..0db2b0e94b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -33,7 +33,8 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen ) { unsigned char hash[MBEDTLS_MD_MAX_SIZE]; @@ -70,7 +71,7 @@ cleanup: mbedtls_x509_csr_free( &csr ); return( ret ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ /* END_HEADER */