commit 265d162d071500b420b8846f34cfc811d7977adb
author Arto Kinnunen <arto.kinnunen@arm.com> Wed Oct 16 10:17:48 2019 +0300
committer Arto Kinnunen <arto.kinnunen@arm.com> Thu Oct 24 09:49:23 2019 +0300
tree 65a53d5f4c60125b0f04e17d58ee46b0091e9ed5
parent 60b11064c5516a694139a3795dd14a1aed58cac4

Update AES-128 bit configuration

- Do not include MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to full config
  as it requires also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

- Update check_config to check availability of flags:
   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
   MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

include/mbedtls/check_config.h

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index a09c708..fe9c594 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -74,6 +74,10 @@
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#error "MBEDTLS_CTR_DRBG_C and MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is not defined"
+#endif
+
 #if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
 #error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif

programs/ssl/query_config.c

diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 379e016..71e6600 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -746,6 +746,14 @@
     }
 #endif /* MBEDTLS_AES_FEWER_TABLES */
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+    if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
     if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
     {
@@ -2930,14 +2938,6 @@
     }
 #endif /* MBEDTLS_PK_SINGLE_TYPE */
 
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
-    if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
-        return( 0 );
-    }
-#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
-
     /* If the symbol is not found, return an error */
     return( 1 );
 }

scripts/config.pl

diff --git a/scripts/config.pl b/scripts/config.pl
index e554969..cf766a8 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -51,6 +51,7 @@
 #   MBEDTLS_PKCS11_C
 #   MBEDTLS_NO_UDBL_DIVISION
 #   MBEDTLS_NO_64BIT_MULTIPLICATION
+#   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 #   and any symbol beginning _ALT
 #
 
@@ -126,6 +127,7 @@
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_USE_TINYCRYPT
+MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 _ALT\s*$
 );