Merge pull request #4397 from TRodziewicz/change_config_h_defaults

Four config.h defaults have been changed.
2021-05-07 12:42:39 +02:00 · 2021-05-07 12:42:39 +02:00 · b548cda1cf
commit b548cda1cf
parent dd57b2f240 532ca93246
4 changed files with 15 additions and 7 deletions
--- a/ChangeLog.d/issue4036.txt
+++ b/ChangeLog.d/issue4036.txt
@ -0,0 +1,5 @@
+Default behavior changes
+   * Enable by default the functionalities which have no reason to be disabled.
+     They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
+     Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.
+
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -2427,7 +2427,7 @@
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
 */
-//#define MBEDTLS_ARIA_C
+#define MBEDTLS_ARIA_C

 /**
 * \def MBEDTLS_CCM_C
@ -2491,7 +2491,7 @@
 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
 *
 */
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C

 /**
 * \def MBEDTLS_CTR_DRBG_C
@ -2615,9 +2615,9 @@
 *
 * Enable the elliptic curve J-PAKE library.
 *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
+ * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
+ *       It has not been reviewed for compliance with newer standards such as
+ *       Thread v1.1 or RFC 8236.
 *
 * Module:  library/ecjpake.c
 * Caller:
@ -2627,7 +2627,7 @@
 *
 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
 */
-//#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_ECJPAKE_C

 /**
 * \def MBEDTLS_ECP_C
@ -2723,7 +2723,7 @@
 *
 * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
 */
-//#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_NIST_KW_C

 /**
 * \def MBEDTLS_MD_C
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1099,6 +1099,7 @@ component_test_everest_curve25519_only () {
    scripts/config.py unset MBEDTLS_ECDSA_C
    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+    scripts/config.py unset MBEDTLS_ECJPAKE_C
    # Disable all curves
    for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
        scripts/config.py unset "$c"
@ -2061,6 +2062,7 @@ component_test_when_no_ciphersuites_have_mac () {
    scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
    scripts/config.py unset MBEDTLS_ARC4_C
    scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+    scripts/config.py unset MBEDTLS_CMAC_C
    make

    msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@ -84,6 +84,7 @@ for my $curve (@curves) {
 }
 # Depends on a specific curve. Also, ignore error if it wasn't enabled.
 system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
+system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );

 # Test with only $curve enabled, for each $curve.
 for my $curve (@curves) {