Merge pull request #4397 from TRodziewicz/change_config_h_defaults
Four config.h defaults have been changed.
diff --git a/ChangeLog.d/issue4036.txt b/ChangeLog.d/issue4036.txt
new file mode 100644
index 0000000..7009496
--- /dev/null
+++ b/ChangeLog.d/issue4036.txt
@@ -0,0 +1,5 @@
+Default behavior changes
+ * Enable by default the functionalities which have no reason to be disabled.
+ They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
+ Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.
+
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6b5c858..603d985 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2427,7 +2427,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
*/
-//#define MBEDTLS_ARIA_C
+#define MBEDTLS_ARIA_C
/**
* \def MBEDTLS_CCM_C
@@ -2491,7 +2491,7 @@
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C
/**
* \def MBEDTLS_CTR_DRBG_C
@@ -2615,9 +2615,9 @@
*
* Enable the elliptic curve J-PAKE library.
*
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
+ * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
+ * It has not been reviewed for compliance with newer standards such as
+ * Thread v1.1 or RFC 8236.
*
* Module: library/ecjpake.c
* Caller:
@@ -2627,7 +2627,7 @@
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
*/
-//#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_ECJPAKE_C
/**
* \def MBEDTLS_ECP_C
@@ -2723,7 +2723,7 @@
*
* Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
*/
-//#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_NIST_KW_C
/**
* \def MBEDTLS_MD_C
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b3f1415..a4d50c1 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1099,6 +1099,7 @@
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable all curves
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
scripts/config.py unset "$c"
@@ -2061,6 +2062,7 @@
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_ARC4_C
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CMAC_C
make
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 188bd29..2572e93 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -84,6 +84,7 @@
}
# Depends on a specific curve. Also, ignore error if it wasn't enabled.
system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
+system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );
# Test with only $curve enabled, for each $curve.
for my $curve (@curves) {