From fb3946a7f9c18e514f51610ad7dc55d86e637713 Mon Sep 17 00:00:00 2001
From: Gert van Dijk <gert@gertvandijk.net>
Date: Tue, 5 Sep 2017 14:25:52 +0200
Subject: [PATCH] Tests: depends-pkalgs.pl - disable less options

Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
---
 tests/scripts/depends-pkalgs.pl | 34 +++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 234c3e3f8..3ab161523 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -32,22 +32,29 @@ use strict;
 
 my $config_h = 'include/mbedtls/config.h';
 
-# as many SSL options depend on specific algs
-# and SSL is not in the test suites anyways,
-# disable it to avoid dependcies issues
-my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
-my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p';
-my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` );
-
 # Some algorithms can't be disabled on their own as others depend on them, so
 # we list those reverse-dependencies here to keep check_config.h happy.
 my %algs = (
-    'MBEDTLS_ECDSA_C'   => [],
-    'MBEDTLS_ECP_C'     => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'],
+    'MBEDTLS_ECDSA_C'   => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+    'MBEDTLS_ECP_C'     => ['MBEDTLS_ECDSA_C',
+                            'MBEDTLS_ECDH_C',
+                            'MBEDTLS_ECJPAKE_C',
+                            'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
     'MBEDTLS_X509_RSASSA_PSS_SUPPORT'   => [],
     'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
-    'MBEDTLS_PKCS1_V15' => [],
-    'MBEDTLS_RSA_C'     => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
+    'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+    'MBEDTLS_RSA_C'     => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
+                            'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+                            'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
 );
 
 system( "cp $config_h $config_h.bak" ) and die;
@@ -72,11 +79,6 @@ while( my ($alg, $extras) = each %algs ) {
             and abort "Failed to disable $opt\n";
     }
 
-    for my $opt (@ssl) {
-        system( "scripts/config.pl unset $opt" )
-            and abort "Failed to disable $opt\n";
-    }
-
     system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
         and abort "Failed to build lib: $alg\n";
     system( "cd tests && make" ) and abort "Failed to build tests: $alg\n";