Merge branch 'development_3.0' into change_config_h_defaults
diff --git a/ChangeLog.d/issue4036.txt b/ChangeLog.d/issue4036.txt
new file mode 100644
index 0000000..7009496
--- /dev/null
+++ b/ChangeLog.d/issue4036.txt
@@ -0,0 +1,5 @@
+Default behavior changes
+ * Enable by default the functionalities which have no reason to be disabled.
+ They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
+ Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.
+
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 47b5de0..98a554d 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -81,6 +81,10 @@
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_CMAC_C)
+#define MBEDTLS_CIPHER_MODE_CBC
+#endif
+
#if defined(MBEDTLS_CMAC_C) && \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9cf626a..650f862 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2423,7 +2423,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
*/
-//#define MBEDTLS_ARIA_C
+#define MBEDTLS_ARIA_C
/**
* \def MBEDTLS_CCM_C
@@ -2482,7 +2482,7 @@
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C
/**
* \def MBEDTLS_CTR_DRBG_C
@@ -2608,7 +2608,7 @@
*
* \warning This is currently experimental. EC J-PAKE support is based on the
* Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
+ * might still happen.
*
* Module: library/ecjpake.c
* Caller:
@@ -2618,7 +2618,7 @@
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
*/
-//#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_ECJPAKE_C
/**
* \def MBEDTLS_ECP_C
@@ -2714,7 +2714,7 @@
*
* Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
*/
-//#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_NIST_KW_C
/**
* \def MBEDTLS_MD_C
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b01c226..a60b66b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1099,6 +1099,7 @@
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable all curves
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
scripts/config.py unset "$c"
@@ -2061,6 +2062,7 @@
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_ARC4_C
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
make
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 188bd29..2572e93 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -84,6 +84,7 @@
}
# Depends on a specific curve. Also, ignore error if it wasn't enabled.
system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
+system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );
# Test with only $curve enabled, for each $curve.
for my $curve (@curves) {