From 9130b5b774605cd52562c93aca3ab2a4a3a9609a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Sep 2021 10:33:57 +0200 Subject: [PATCH 1/2] Add check_config checks for AEAD CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM. GCM and CCM need the cipher module. ChaChaPoly needs ChaCha20 and Poly1305. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 547947596..b66567615 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -218,11 +218,32 @@ #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too" #endif +#if defined(MBEDTLS_CCM_C) && ( \ + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) +#error "MBEDTLS_CCM_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C) +#error "MBEDTLS_CCM_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_GCM_C) && ( \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C) +#error "MBEDTLS_GCM_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C) +#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C) +#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) #error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites" #endif From fa21dda04afad9d3aea312bcc4fb408ab406e93f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Sep 2021 20:39:47 +0200 Subject: [PATCH 2/2] Fix indentation Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b66567615..703c84c45 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -219,7 +219,7 @@ #endif #if defined(MBEDTLS_CCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_CCM_C defined, but not all prerequisites" #endif @@ -228,7 +228,7 @@ #endif #if defined(MBEDTLS_GCM_C) && ( \ - !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif