1 /** 2 * \file mbedtls/config_adjust_legacy_crypto.h 3 * \brief Adjust legacy configuration configuration 4 * 5 * This is an internal header. Do not include it directly. 6 * 7 * Automatically enable certain dependencies. Generally, MBEDTLS_xxx 8 * configurations need to be explicitly enabled by the user: enabling 9 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a 10 * compilation error. However, we do automatically enable certain options 11 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option 12 * used to identify parts of a module that are used by other module, and we 13 * don't want to make the symbol MBEDTLS_xxx_B part of the public API. 14 * Another case is if A didn't depend on B in earlier versions, and we 15 * want to use B in A but we need to preserve backward compatibility with 16 * configurations that explicitly activate MBEDTLS_xxx_A but not 17 * MBEDTLS_xxx_B. 18 */ 19 /* 20 * Copyright The Mbed TLS Contributors 21 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 22 */ 23 24 #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H 25 #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H 26 27 #if !defined(MBEDTLS_CONFIG_FILES_READ) 28 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ 29 "up to and including runtime errors such as buffer overflows. " \ 30 "If you're trying to fix a complaint from check_config.h, just remove " \ 31 "it from your configuration file: since Mbed TLS 3.0, it is included " \ 32 "automatically at the right point." 33 #endif /* */ 34 35 /* Ideally, we'd set those as defaults in mbedtls_config.h, but 36 * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. 37 * 38 * So, adjust it here. 39 * Not related to crypto, but this is the bottom of the stack. */ 40 #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) 41 #if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ 42 !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) 43 #define MBEDTLS_PLATFORM_SNPRINTF_ALT 44 #endif 45 #if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ 46 !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) 47 #define MBEDTLS_PLATFORM_VSNPRINTF_ALT 48 #endif 49 #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ 50 51 /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin 52 * in PSA. */ 53 #if defined(MBEDTLS_PSA_CRYPTO_C) && \ 54 (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ 55 defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ 56 defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ 57 defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ 58 defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ 59 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ 60 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ 61 defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \ 62 defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)) 63 #define MBEDTLS_CIPHER_C 64 #endif 65 66 /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. 67 * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. 68 */ 69 #if defined(MBEDTLS_MD_C) 70 #define MBEDTLS_MD_LIGHT 71 #endif 72 73 /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it 74 * in a previous release, to ensure backwards compatibility. 75 */ 76 #if defined(MBEDTLS_ECJPAKE_C) || \ 77 defined(MBEDTLS_PEM_PARSE_C) || \ 78 defined(MBEDTLS_ENTROPY_C) || \ 79 defined(MBEDTLS_PK_C) || \ 80 defined(MBEDTLS_PKCS12_C) || \ 81 defined(MBEDTLS_RSA_C) || \ 82 defined(MBEDTLS_SSL_TLS_C) || \ 83 defined(MBEDTLS_X509_USE_C) || \ 84 defined(MBEDTLS_X509_CREATE_C) 85 #define MBEDTLS_MD_LIGHT 86 #endif 87 88 #if defined(MBEDTLS_MD_LIGHT) 89 /* 90 * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx. 91 * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA 92 * (see below). 93 * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed 94 * via PSA (see below). 95 * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed 96 * via a direct legacy call (see below). 97 * 98 * The md module performs an algorithm via PSA if there is a PSA hash 99 * accelerator and the PSA driver subsytem is initialized at the time the 100 * operation is started, and makes a direct legacy call otherwise. 101 */ 102 103 /* PSA accelerated implementations */ 104 #if defined(MBEDTLS_PSA_CRYPTO_C) 105 106 #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) 107 #define MBEDTLS_MD_CAN_MD5 108 #define MBEDTLS_MD_MD5_VIA_PSA 109 #define MBEDTLS_MD_SOME_PSA 110 #endif 111 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) 112 #define MBEDTLS_MD_CAN_SHA1 113 #define MBEDTLS_MD_SHA1_VIA_PSA 114 #define MBEDTLS_MD_SOME_PSA 115 #endif 116 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) 117 #define MBEDTLS_MD_CAN_SHA224 118 #define MBEDTLS_MD_SHA224_VIA_PSA 119 #define MBEDTLS_MD_SOME_PSA 120 #endif 121 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) 122 #define MBEDTLS_MD_CAN_SHA256 123 #define MBEDTLS_MD_SHA256_VIA_PSA 124 #define MBEDTLS_MD_SOME_PSA 125 #endif 126 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) 127 #define MBEDTLS_MD_CAN_SHA384 128 #define MBEDTLS_MD_SHA384_VIA_PSA 129 #define MBEDTLS_MD_SOME_PSA 130 #endif 131 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) 132 #define MBEDTLS_MD_CAN_SHA512 133 #define MBEDTLS_MD_SHA512_VIA_PSA 134 #define MBEDTLS_MD_SOME_PSA 135 #endif 136 #if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) 137 #define MBEDTLS_MD_CAN_RIPEMD160 138 #define MBEDTLS_MD_RIPEMD160_VIA_PSA 139 #define MBEDTLS_MD_SOME_PSA 140 #endif 141 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) 142 #define MBEDTLS_MD_CAN_SHA3_224 143 #define MBEDTLS_MD_SHA3_224_VIA_PSA 144 #define MBEDTLS_MD_SOME_PSA 145 #endif 146 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) 147 #define MBEDTLS_MD_CAN_SHA3_256 148 #define MBEDTLS_MD_SHA3_256_VIA_PSA 149 #define MBEDTLS_MD_SOME_PSA 150 #endif 151 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) 152 #define MBEDTLS_MD_CAN_SHA3_384 153 #define MBEDTLS_MD_SHA3_384_VIA_PSA 154 #define MBEDTLS_MD_SOME_PSA 155 #endif 156 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) 157 #define MBEDTLS_MD_CAN_SHA3_512 158 #define MBEDTLS_MD_SHA3_512_VIA_PSA 159 #define MBEDTLS_MD_SOME_PSA 160 #endif 161 #endif /* MBEDTLS_PSA_CRYPTO_C */ 162 163 /* Built-in implementations */ 164 #if defined(MBEDTLS_MD5_C) 165 #define MBEDTLS_MD_CAN_MD5 166 #define MBEDTLS_MD_SOME_LEGACY 167 #endif 168 #if defined(MBEDTLS_SHA1_C) 169 #define MBEDTLS_MD_CAN_SHA1 170 #define MBEDTLS_MD_SOME_LEGACY 171 #endif 172 #if defined(MBEDTLS_SHA224_C) 173 #define MBEDTLS_MD_CAN_SHA224 174 #define MBEDTLS_MD_SOME_LEGACY 175 #endif 176 #if defined(MBEDTLS_SHA256_C) 177 #define MBEDTLS_MD_CAN_SHA256 178 #define MBEDTLS_MD_SOME_LEGACY 179 #endif 180 #if defined(MBEDTLS_SHA384_C) 181 #define MBEDTLS_MD_CAN_SHA384 182 #define MBEDTLS_MD_SOME_LEGACY 183 #endif 184 #if defined(MBEDTLS_SHA512_C) 185 #define MBEDTLS_MD_CAN_SHA512 186 #define MBEDTLS_MD_SOME_LEGACY 187 #endif 188 #if defined(MBEDTLS_SHA3_C) 189 #define MBEDTLS_MD_CAN_SHA3_224 190 #define MBEDTLS_MD_CAN_SHA3_256 191 #define MBEDTLS_MD_CAN_SHA3_384 192 #define MBEDTLS_MD_CAN_SHA3_512 193 #define MBEDTLS_MD_SOME_LEGACY 194 #endif 195 #if defined(MBEDTLS_RIPEMD160_C) 196 #define MBEDTLS_MD_CAN_RIPEMD160 197 #define MBEDTLS_MD_SOME_LEGACY 198 #endif 199 200 #endif /* MBEDTLS_MD_LIGHT */ 201 202 /* BLOCK_CIPHER module can dispatch to PSA when: 203 * - PSA is enabled and drivers have been initialized 204 * - desired key type is supported on the PSA side 205 * If the above conditions are not met, but the legacy support is enabled, then 206 * BLOCK_CIPHER will dynamically fallback to it. 207 * 208 * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers 209 * can be used to define its capabilities: 210 * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES, 211 * ARIA and Camellia which is supported through a driver; 212 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a 213 * driver; 214 * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through 215 * a legacy module (i.e. MBEDTLS_xxx_C) 216 */ 217 #if defined(MBEDTLS_PSA_CRYPTO_C) 218 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) 219 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA 220 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA 221 #endif 222 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) 223 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA 224 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA 225 #endif 226 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) 227 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA 228 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA 229 #endif 230 #endif /* MBEDTLS_PSA_CRYPTO_C */ 231 232 #if defined(MBEDTLS_AES_C) 233 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY 234 #endif 235 #if defined(MBEDTLS_ARIA_C) 236 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY 237 #endif 238 #if defined(MBEDTLS_CAMELLIA_C) 239 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY 240 #endif 241 242 /* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia 243 * block ciphers via either PSA or legacy. */ 244 #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \ 245 defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY) 246 #define MBEDTLS_BLOCK_CIPHER_CAN_AES 247 #endif 248 #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \ 249 defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY) 250 #define MBEDTLS_BLOCK_CIPHER_CAN_ARIA 251 #endif 252 #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \ 253 defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY) 254 #define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA 255 #endif 256 257 /* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C 258 * or CIPHER_C. The former is auto-enabled when: 259 * - CIPHER_C is not defined, which is also the legacy solution; 260 * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage 261 * of the driver's acceleration. 262 */ 263 #if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \ 264 (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)) 265 #define MBEDTLS_BLOCK_CIPHER_C 266 #endif 267 268 /* Helpers for GCM/CCM capabilities */ 269 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \ 270 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES)) 271 #define MBEDTLS_CCM_GCM_CAN_AES 272 #endif 273 274 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \ 275 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA)) 276 #define MBEDTLS_CCM_GCM_CAN_ARIA 277 #endif 278 279 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \ 280 (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA)) 281 #define MBEDTLS_CCM_GCM_CAN_CAMELLIA 282 #endif 283 284 /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: 285 * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions 286 * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for 287 * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well. 288 * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because 289 * these features are not supported in PSA so the only way to have them is 290 * to enable the built-in solution. 291 * Both of them are temporary dependencies: 292 * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789 293 * - support for compressed points should also be added to PSA, but in this 294 * case there is no associated issue to track it yet. 295 * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation 296 * still depends on ECP_LIGHT. 297 * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will 298 * be fixed by #7453. 299 */ 300 #if defined(MBEDTLS_ECP_C) || \ 301 defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ 302 defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ 303 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) 304 #define MBEDTLS_ECP_LIGHT 305 #endif 306 307 /* Backward compatibility: after #8740 the RSA module offers functions to parse 308 * and write RSA private/public keys without relying on the PK one. Of course 309 * this needs ASN1 support to do so, so we enable it here. */ 310 #if defined(MBEDTLS_RSA_C) 311 #define MBEDTLS_ASN1_PARSE_C 312 #define MBEDTLS_ASN1_WRITE_C 313 #endif 314 315 /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while 316 * in previous version compressed points were automatically supported as long 317 * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward 318 * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions 319 * are met. */ 320 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C) 321 #define MBEDTLS_PK_PARSE_EC_COMPRESSED 322 #endif 323 324 /* Helper symbol to state that there is support for ECDH, either through 325 * library implementation (ECDH_C) or through PSA. */ 326 #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ 327 (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) 328 #define MBEDTLS_CAN_ECDH 329 #endif 330 331 /* PK module can achieve ECDSA functionalities by means of either software 332 * implementations (ECDSA_C) or through a PSA driver. The following defines 333 * are meant to list these capabilities in a general way which abstracts how 334 * they are implemented under the hood. */ 335 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 336 #if defined(MBEDTLS_ECDSA_C) 337 #define MBEDTLS_PK_CAN_ECDSA_SIGN 338 #define MBEDTLS_PK_CAN_ECDSA_VERIFY 339 #endif /* MBEDTLS_ECDSA_C */ 340 #else /* MBEDTLS_USE_PSA_CRYPTO */ 341 #if defined(PSA_WANT_ALG_ECDSA) 342 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) 343 #define MBEDTLS_PK_CAN_ECDSA_SIGN 344 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ 345 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 346 #define MBEDTLS_PK_CAN_ECDSA_VERIFY 347 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 348 #endif /* PSA_WANT_ALG_ECDSA */ 349 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 350 351 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 352 #define MBEDTLS_PK_CAN_ECDSA_SOME 353 #endif 354 355 /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT 356 * is defined as well to include all PSA code. 357 */ 358 #if defined(MBEDTLS_PSA_CRYPTO_C) 359 #define MBEDTLS_PSA_CRYPTO_CLIENT 360 #endif /* MBEDTLS_PSA_CRYPTO_C */ 361 362 /* Helpers to state that each key is supported either on the builtin or PSA side. */ 363 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) 364 #define MBEDTLS_ECP_HAVE_SECP521R1 365 #endif 366 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) 367 #define MBEDTLS_ECP_HAVE_BP512R1 368 #endif 369 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) 370 #define MBEDTLS_ECP_HAVE_CURVE448 371 #endif 372 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) 373 #define MBEDTLS_ECP_HAVE_BP384R1 374 #endif 375 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) 376 #define MBEDTLS_ECP_HAVE_SECP384R1 377 #endif 378 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) 379 #define MBEDTLS_ECP_HAVE_BP256R1 380 #endif 381 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) 382 #define MBEDTLS_ECP_HAVE_SECP256K1 383 #endif 384 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) 385 #define MBEDTLS_ECP_HAVE_SECP256R1 386 #endif 387 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) 388 #define MBEDTLS_ECP_HAVE_CURVE25519 389 #endif 390 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) 391 #define MBEDTLS_ECP_HAVE_SECP224K1 392 #endif 393 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) 394 #define MBEDTLS_ECP_HAVE_SECP224R1 395 #endif 396 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) 397 #define MBEDTLS_ECP_HAVE_SECP192K1 398 #endif 399 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) 400 #define MBEDTLS_ECP_HAVE_SECP192R1 401 #endif 402 403 /* Helper symbol to state that the PK module has support for EC keys. This 404 * can either be provided through the legacy ECP solution or through the 405 * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */ 406 #if defined(MBEDTLS_ECP_C) || \ 407 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) 408 #define MBEDTLS_PK_HAVE_ECC_KEYS 409 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ 410 411 /* Historically pkparse did not check the CBC padding when decrypting 412 * a key. This was a bug, which is now fixed. As a consequence, pkparse 413 * now needs PKCS7 padding support, but existing configurations might not 414 * enable it, so we enable it here. */ 415 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) 416 #define MBEDTLS_CIPHER_PADDING_PKCS7 417 #endif 418 419 /* Backwards compatibility for some macros which were renamed to reflect that 420 * they are related to Armv8, not aarch64. */ 421 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \ 422 !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) 423 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT 424 #endif 425 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) 426 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY 427 #endif 428 429 /* psa_util file features some ECDSA conversion functions, to convert between 430 * legacy's ASN.1 DER format and PSA's raw one. */ 431 #if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ 432 (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))) 433 #define MBEDTLS_PSA_UTIL_HAVE_ECDSA 434 #endif 435 436 /* Some internal helpers to determine which keys are available. */ 437 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ 438 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) 439 #define MBEDTLS_SSL_HAVE_AES 440 #endif 441 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ 442 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) 443 #define MBEDTLS_SSL_HAVE_ARIA 444 #endif 445 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ 446 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) 447 #define MBEDTLS_SSL_HAVE_CAMELLIA 448 #endif 449 450 /* Some internal helpers to determine which operation modes are available. */ 451 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ 452 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) 453 #define MBEDTLS_SSL_HAVE_CBC 454 #endif 455 456 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \ 457 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) 458 #define MBEDTLS_SSL_HAVE_GCM 459 #endif 460 461 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \ 462 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) 463 #define MBEDTLS_SSL_HAVE_CCM 464 #endif 465 466 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \ 467 (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) 468 #define MBEDTLS_SSL_HAVE_CHACHAPOLY 469 #endif 470 471 #if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \ 472 defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) 473 #define MBEDTLS_SSL_HAVE_AEAD 474 #endif 475 476 #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */ 477