From 8fbacf941ffe0fee817001b47000cf876b44d411 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 3 Sep 2019 13:55:19 +0100
Subject: [PATCH] check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with
 single MD

This commit modifies check_config.h to check that precisely one
hash is enabled if MBEDTLS_MD_SINGLE_HASH is set.

This is not only a reasonable expectation, it is also necessary,
because test suites assume that if a digest is enabled, it is also
accessible through the MD abstraction layer.
---
 include/mbedtls/check_config.h | 67 ++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 6807ff33b..6955246b0 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -786,6 +786,73 @@
 #define MBEDTLS_THREADING_IMPL
 #endif
 
+/* Ensurethat precisely one hash is enabled. */
+#if defined(MBEDTLS_MD_SINGLE_HASH)
+
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SHA256_ENABLED 1
+#else
+#define MBEDTLS_SHA256_ENABLED 0
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA256_NO_SHA224)
+#define MBEDTLS_SHA224_ENABLED 1
+#else
+#define MBEDTLS_SHA224_ENABLED 0
+#endif /* MBEDTLS_SHA256_C && !MBEDTLS_SHA256_NO_SHA224 */
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SHA512_ENABLED 2
+#else
+#define MBEDTLS_SHA512_ENABLED 0
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_SHA1_ENABLED 1
+#else
+#define MBEDTLS_SHA1_ENABLED 0
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_MD2_C)
+#define MBEDTLS_MD2_ENABLED 1
+#else
+#define MBEDTLS_MD2_ENABLED 0
+#endif /* MBEDTLS_MD2_C */
+
+#if defined(MBEDTLS_MD4_C)
+#define MBEDTLS_MD4_ENABLED 1
+#else
+#define MBEDTLS_MD4_ENABLED 0
+#endif /* MBEDTLS_MD4_C */
+
+#if defined(MBEDTLS_MD5_C)
+#define MBEDTLS_MD5_ENABLED 1
+#else
+#define MBEDTLS_MD5_ENABLED 0
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#define MBEDTLS_RIPEMD160_ENABLED 1
+#else
+#define MBEDTLS_RIPEMD160_ENABLED 0
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#define MBEDTLS_HASHES_ENABLED             \
+     ( MBEDTLS_MD2_ENABLED       +         \
+       MBEDTLS_MD4_ENABLED       +         \
+       MBEDTLS_MD5_ENABLED       +         \
+       MBEDTLS_RIPEMD160_ENABLED +         \
+       MBEDTLS_SHA1_ENABLED      +         \
+       MBEDTLS_SHA256_ENABLED    +         \
+       MBEDTLS_SHA512_ENABLED )
+
+#if MBEDTLS_HASHES_ENABLED != 1
+#error "MBEDTLS_MD_SINGLE_HASH must be used with precisely one hash algorithm enabled."
+#endif
+
+#undef MBEDTLS_HASHES_ENABLED
+#endif /* MBEDTLS_MD_SINGLE_HASH */
+
 #if defined(MBEDTLS_THREADING_ALT)
 #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
 #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"