From ac637ac9f81c4218b8c2dfffec244e85915f9338 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 21:54:31 +0200 Subject: [PATCH] Make check_config.h private `check_config.h` only needs to run once on the configuration. It doesn't need to run every time an application is built. It used to be public up to Mbed TLS 2.x because it was included from `config.h`, and users could substitute that file completely and should still include `check_config.h` from their file. But since Mbed TLS 3.x, including `check_config.h` is a purely internal thing (done in `build_info.h`). So make the file itself purely internal. We don't need to include `check_config.h` when building every library file, just one: `mbedtls_config.c`, that's its job. Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's `check_config.h`. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 -- .../mbedtls/check_config.h => library/mbedtls_check_config.h | 0 library/mbedtls_config.c | 4 ++++ 3 files changed, 4 insertions(+), 2 deletions(-) rename include/mbedtls/check_config.h => library/mbedtls_check_config.h (100%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 534f01658c..c6e89db677 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -85,6 +85,4 @@ */ #define MBEDTLS_CONFIG_IS_FINALIZED -#include "mbedtls/check_config.h" - #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/check_config.h b/library/mbedtls_check_config.h similarity index 100% rename from include/mbedtls/check_config.h rename to library/mbedtls_check_config.h diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index 692dce705f..679f8e36f9 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -7,3 +7,7 @@ */ #include + +/* Consistency checks in the configuration: check for incompatible options, + * missing options when at least one of a set needs to be enabled, etc. */ +#include "mbedtls_check_config.h"