mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
66b2742a6c
Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. This has led some projects to include configuration adjustment headers manually, but only partially or in the wrong order, which can result in silent inconsistencies. Error out if this happens, with a message mentioning check_config.h since that's the likely root cause. ``` perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
50 lines
2.0 KiB
C
50 lines
2.0 KiB
C
/**
|
|
* \file psa/crypto_adjust_config_synonyms.h
|
|
* \brief Adjust PSA configuration: enable quasi-synonyms
|
|
*
|
|
* This is an internal header. Do not include it directly.
|
|
*
|
|
* When two features require almost the same code, we automatically enable
|
|
* both when either one is requested, to reduce the combinatorics of
|
|
* possible configurations.
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
|
|
#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILES_READ)
|
|
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
|
|
"up to and including runtime errors such as buffer overflows. " \
|
|
"If you're trying to fix a complaint from check_config.h, just remove " \
|
|
"it from your configuration file: since Mbed TLS 3.0, it is included " \
|
|
"automatically at the right time."
|
|
#endif /* */
|
|
|
|
/****************************************************************/
|
|
/* De facto synonyms */
|
|
/****************************************************************/
|
|
|
|
#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
|
|
#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
|
|
#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
|
|
#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
|
|
#endif
|
|
|
|
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
|
|
#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
|
|
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
|
#endif
|
|
|
|
#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
|
|
#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
|
|
#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
|
|
#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
|
|
#endif
|
|
|
|
#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */
|