Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 3c5a284..5d3cdb5 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2644,7 +2644,6 @@
* \def MBEDTLS_MD_C
*
* Enable the generic layer for message digest (hashing) and HMAC.
- * This will automatically enable #MBEDTLS_MD_LIGHT
*
* Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
* MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
@@ -2674,25 +2673,6 @@
#define MBEDTLS_MD_C
/**
- * \def MBEDTLS_MD_LIGHT
- *
- * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic
- * meta-data (see md.h for details).
- *
- * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is
- * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra
- * metadata functions is not needed.
- *
- * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
- * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
- * MBEDTLS_SHA512_C.
- * Module: library/md.c
- *
- * Uncomment to enabled the "light" subsect of MD.
- */
-#define MBEDTLS_MD_LIGHT
-
-/**
* \def MBEDTLS_MD5_C
*
* Enable the MD5 hash algorithm.
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 8c77ea0..3341d1c 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -4,16 +4,6 @@
* \brief This file contains the generic functions for message-digest
* (hashing) and HMAC.
*
- * Availability of functions in this module is controlled by two
- * feature macros:
- * - #MBEDTLS_MD_C enables the whole module;
- * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
- * most hash metadata (everything except string names); is it
- * automatically set whenever #MBEDTLS_MD_C is defined.
- *
- * The functions that are only available when #MBEDTLS_MD_C is defined
- * are grouped at the end of the file and guarded by this macro.
- *
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
@@ -300,12 +290,6 @@
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output);
-/************************************************************************
- * Functions below this separator are not part of MBEDTLS_MD_LIGHT *
- * and require MBEDTLS_MD_C *
- ************************************************************************/
-
-#if defined(MBEDTLS_MD_C)
/**
* \brief This function returns the list of digests supported by the
* generic digest module.
@@ -487,7 +471,6 @@
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output);
-#endif /* MBEDTLS_MD_C */
#ifdef __cplusplus
}
diff --git a/library/md.c b/library/md.c
index 8aecd39..c1cf674 100644
--- a/library/md.c
+++ b/library/md.c
@@ -23,6 +23,20 @@
#include "common.h"
+/*
+ * Availability of functions in this module is controlled by two
+ * feature macros:
+ * - MBEDTLS_MD_C enables the whole module;
+ * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
+ * most hash metadata (everything except string names); is it
+ * automatically set whenever MBEDTLS_MD_C is defined.
+ *
+ * In the future we may want to change the contract of some functions
+ * (behaviour with NULL arguments) depending on whether MD_C is defined or
+ * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
+ *
+ * For these reasons, we're keeping MD_LIGHT internal for now.
+ */
#if defined(MBEDTLS_MD_LIGHT)
#include "mbedtls/md.h"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ad50735..0758282 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1231,11 +1231,11 @@
# Disable indirect dependencies of MD
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
# Enable "light" subset of MD
- scripts/config.py set MBEDTLS_MD_LIGHT
- make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_MD_LIGHT" LDFLAGS="$ASAN_CFLAGS"
- # Make sure we don't have the HMAC functions
+ # Make sure we don't have the HMAC functions, but the hashing functions
not grep mbedtls_md_hmac library/md.o
+ grep mbedtls_md library/md.o
msg "test: crypto_full with only the light subset of MD"
make test