Merge pull request #4397 from TRodziewicz/change_config_h_defaults

Four config.h defaults have been changed.
This commit is contained in:
Manuel Pégourié-Gonnard 2021-05-07 12:42:39 +02:00 committed by GitHub
commit b548cda1cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 7 deletions

View File

@ -0,0 +1,5 @@
Default behavior changes
* Enable by default the functionalities which have no reason to be disabled.
They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.

View File

@ -2427,7 +2427,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
*/ */
//#define MBEDTLS_ARIA_C #define MBEDTLS_ARIA_C
/** /**
* \def MBEDTLS_CCM_C * \def MBEDTLS_CCM_C
@ -2491,7 +2491,7 @@
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
* *
*/ */
//#define MBEDTLS_CMAC_C #define MBEDTLS_CMAC_C
/** /**
* \def MBEDTLS_CTR_DRBG_C * \def MBEDTLS_CTR_DRBG_C
@ -2615,9 +2615,9 @@
* *
* Enable the elliptic curve J-PAKE library. * Enable the elliptic curve J-PAKE library.
* *
* \warning This is currently experimental. EC J-PAKE support is based on the * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
* Thread v1.0.0 specification; incompatible changes to the specification * It has not been reviewed for compliance with newer standards such as
* might still happen. For this reason, this is disabled by default. * Thread v1.1 or RFC 8236.
* *
* Module: library/ecjpake.c * Module: library/ecjpake.c
* Caller: * Caller:
@ -2627,7 +2627,7 @@
* *
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
*/ */
//#define MBEDTLS_ECJPAKE_C #define MBEDTLS_ECJPAKE_C
/** /**
* \def MBEDTLS_ECP_C * \def MBEDTLS_ECP_C
@ -2723,7 +2723,7 @@
* *
* Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
*/ */
//#define MBEDTLS_NIST_KW_C #define MBEDTLS_NIST_KW_C
/** /**
* \def MBEDTLS_MD_C * \def MBEDTLS_MD_C

View File

@ -1099,6 +1099,7 @@ component_test_everest_curve25519_only () {
scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable all curves # Disable all curves
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
scripts/config.py unset "$c" scripts/config.py unset "$c"
@ -2061,6 +2062,7 @@ component_test_when_no_ciphersuites_have_mac () {
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_ARC4_C scripts/config.py unset MBEDTLS_ARC4_C
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CMAC_C
make make
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"

View File

@ -84,6 +84,7 @@ for my $curve (@curves) {
} }
# Depends on a specific curve. Also, ignore error if it wasn't enabled. # Depends on a specific curve. Also, ignore error if it wasn't enabled.
system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" ); system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );
# Test with only $curve enabled, for each $curve. # Test with only $curve enabled, for each $curve.
for my $curve (@curves) { for my $curve (@curves) {