Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option

Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

configs/config-psa-crypto.h

@@ -612,8 +612,7 @@
  * Warning: Only do so when you know what you are doing. This allows for
  * encryption or channels without any security!
  *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
+ * To enable the following ciphersuites:
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
  *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
@@ -654,20 +653,6 @@
 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 #define MBEDTLS_CIPHER_PADDING_ZEROS
 
-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
 /**
  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
  *

include/mbedtls/config.h

@@ -659,8 +659,7 @@
  * Warning: Only do so when you know what you are doing. This allows for
  * encryption or channels without any security!
  *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
+ * To enable the following ciphersuites:
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
  *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
@@ -708,20 +707,6 @@
  */
 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
 
-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
 /**
  * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
  *

library/ssl_ciphersuites.c

@@ -1534,7 +1534,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* MBEDTLS_AES_C */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
 #if defined(MBEDTLS_MD5_C)
@@ -1667,8 +1666,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
 
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
-
 #if defined(MBEDTLS_ARIA_C)
 
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)

library/version_features.c

@@ -300,9 +300,6 @@ static const char * const features[] = {
 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
     "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY",
 #endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
-    "MBEDTLS_ENABLE_WEAK_CIPHERSUITES",
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
 #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
     "MBEDTLS_REMOVE_3DES_CIPHERSUITES",
 #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */

programs/test/query_config.c

@@ -851,14 +851,6 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
 
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
-    if( strcmp( "MBEDTLS_ENABLE_WEAK_CIPHERSUITES", config ) == 0 )
-    {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_ENABLE_WEAK_CIPHERSUITES );
-        return( 0 );
-    }
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
-
 #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
     if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 )
     {