mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 00:55:39 +01:00
Add additional sanity checks to check_config.h
Additional sanity checks in check_config.h to ensure: * if test certificates are included (MBEDTLS_CERTS_C) there must be also be support for the core X509 feature (MBEDTLS_X509_USE_C). This has a secondary dependency on the public key abstraction layer (MBEDTLS_PK_C), necessary as the certificates will either be signed by RSA or ECDSA, and therefore need to be part of the library. * if any of the TLS protocols are defined (MBEDTLS_SSL_PROTO_xxx) then a key exchange method must also be defined (MBEDTLS_KEY_EXCHANGE_xxx). Anyone who knows the library will probably not make these mistakes or will quickly diagnose and fix them, but it is possible to compile and link both configurations if you build only the library and not the example programs, and therefore users may not realise immediately that there's a mistake, only discovering it at runtime. These checks may therefore save someone some time. Signed-off-by: Simon Butcher <simon.butcher@arm.com>
This commit is contained in:
parent
96955d5c55
commit
14ba0ce43b
@ -546,6 +546,23 @@
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
|
||||
#error "One or more versions of the TLS protocol are enabled " \
|
||||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
@ -669,6 +686,10 @@
|
||||
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
|
||||
#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user