use single define for 128bit key for ctr_drbg and update test dependencies
the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ad35f7b..58b2f25 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2018,7 +2018,9 @@
/**
* \def MBEDTLS_CTR_DRBG_C
*
- * Enable the CTR_DRBG AES-256-based(default) or AES-128-based random generator.
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
*
* Module: library/ctr_drbg.c
* Caller:
@@ -2030,16 +2032,6 @@
#define MBEDTLS_CTR_DRBG_C
/**
- * configure key size for ctr DRBG , either
- * MBEDTLS_CTR_DRBG_KEYSIZE_256 (default)
- * or
- * MBEDTLS_CTR_DRBG_KEYSIZE_128
- * must be set.
- */
-#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128)
-#define MBEDTLS_CTR_DRBG_KEY_SIZE_256 1
-#endif
-/**
* \def MBEDTLS_DEBUG_C
*
* Enable the debug functions.
@@ -2920,6 +2912,7 @@
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
/* HMAC_DRBG options */
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 66bfc12..5e0d1f0 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -48,15 +48,11 @@
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
-#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256)
+
+#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) /* Use default 256-bit key for CTR_DRBG. */
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
#else
-#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128)
-#pragma message("Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations.")
#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */
-#else
-#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEY_SIZE_256 (default) or MBEDTLS_CTR_DRBG_KEY_SIZE_128 must be set
-#endif
#endif
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */