From 265d162d071500b420b8846f34cfc811d7977adb Mon Sep 17 00:00:00 2001
From: Arto Kinnunen <arto.kinnunen@arm.com>
Date: Wed, 16 Oct 2019 10:17:48 +0300
Subject: [PATCH] Update AES-128 bit configuration

- Do not include MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to full config
  as it requires also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

- Update check_config to check availability of flags:
   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
   MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
---
 include/mbedtls/check_config.h |  4 ++++
 programs/ssl/query_config.c    | 16 ++++++++--------
 scripts/config.pl              |  2 ++
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index a09c7087c..fe9c5945e 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -74,6 +74,10 @@
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#error "MBEDTLS_CTR_DRBG_C and MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is not defined"
+#endif
+
 #if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
 #error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 379e0161d..71e660085 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -746,6 +746,14 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_AES_FEWER_TABLES */
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+    if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
     if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
     {
@@ -2930,14 +2938,6 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_PK_SINGLE_TYPE */
 
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
-    if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
-        return( 0 );
-    }
-#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
-
     /* If the symbol is not found, return an error */
     return( 1 );
 }
diff --git a/scripts/config.pl b/scripts/config.pl
index e554969fc..cf766a849 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -51,6 +51,7 @@
 #   MBEDTLS_PKCS11_C
 #   MBEDTLS_NO_UDBL_DIVISION
 #   MBEDTLS_NO_64BIT_MULTIPLICATION
+#   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 #   and any symbol beginning _ALT
 #
 
@@ -126,6 +127,7 @@ MBEDTLS_PKCS11_C
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_USE_TINYCRYPT
+MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 _ALT\s*$
 );