Add checks if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled
This commit adds configuration check in check_config.h if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled
by default in scripts/config.py for full configuration.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c81cd1c..96cdb45 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -66,6 +66,11 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && \
+ !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#error "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
diff --git a/scripts/config.py b/scripts/config.py
index ac5f77c..b6eac71 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -189,6 +189,7 @@
# * Options that remove features.
EXCLUDE_FROM_FULL = frozenset([
#pylint: disable=line-too-long
+ 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options