1 /**
2  * \file mbedtls/config_adjust_legacy_crypto.h
3  * \brief Adjust legacy configuration configuration
4  *
5  * This is an internal header. Do not include it directly.
6  *
7  * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
8  * configurations need to be explicitly enabled by the user: enabling
9  * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
10  * compilation error. However, we do automatically enable certain options
11  * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
12  * used to identify parts of a module that are used by other module, and we
13  * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
14  * Another case is if A didn't depend on B in earlier versions, and we
15  * want to use B in A but we need to preserve backward compatibility with
16  * configurations that explicitly activate MBEDTLS_xxx_A but not
17  * MBEDTLS_xxx_B.
18  */
19 /*
20  *  Copyright The Mbed TLS Contributors
21  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
22  */
23 
24 #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
25 #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILES_READ)
28 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
29     "up to and including runtime errors such as buffer overflows. " \
30     "If you're trying to fix a complaint from check_config.h, just remove " \
31     "it from your configuration file: since Mbed TLS 3.0, it is included " \
32     "automatically at the right point."
33 #endif /* */
34 
35 /* Ideally, we'd set those as defaults in mbedtls_config.h, but
36  * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
37  *
38  * So, adjust it here.
39  * Not related to crypto, but this is the bottom of the stack. */
40 #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
41 #if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
42     !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
43 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
44 #endif
45 #if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
46     !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
47 #define MBEDTLS_PLATFORM_VSNPRINTF_ALT
48 #endif
49 #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
50 
51 /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
52  * is defined as well to include all PSA code.
53  */
54 #if defined(MBEDTLS_PSA_CRYPTO_C)
55 #define MBEDTLS_PSA_CRYPTO_CLIENT
56 #endif /* MBEDTLS_PSA_CRYPTO_C */
57 
58 /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
59  * in PSA. */
60 #if defined(MBEDTLS_PSA_CRYPTO_C) && \
61     (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
62     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
63     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
64     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
65     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
66     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
67     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
68     defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
69     defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
70 #define MBEDTLS_CIPHER_C
71 #endif
72 
73 /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
74  * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
75  */
76 #if defined(MBEDTLS_MD_C)
77 #define MBEDTLS_MD_LIGHT
78 #endif
79 
80 /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
81  * in a previous release, to ensure backwards compatibility.
82  */
83 #if defined(MBEDTLS_ECJPAKE_C) || \
84     defined(MBEDTLS_PEM_PARSE_C) || \
85     defined(MBEDTLS_ENTROPY_C) || \
86     defined(MBEDTLS_PK_C) || \
87     defined(MBEDTLS_PKCS12_C) || \
88     defined(MBEDTLS_RSA_C) || \
89     defined(MBEDTLS_SSL_TLS_C) || \
90     defined(MBEDTLS_X509_USE_C) || \
91     defined(MBEDTLS_X509_CREATE_C)
92 #define MBEDTLS_MD_LIGHT
93 #endif
94 
95 #if defined(MBEDTLS_MD_LIGHT)
96 /*
97  * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
98  * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
99  *   (see below).
100  * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
101  *   via PSA (see below).
102  * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
103  *   via a direct legacy call (see below).
104  *
105  * The md module performs an algorithm via PSA if there is a PSA hash
106  * accelerator and the PSA driver subsytem is initialized at the time the
107  * operation is started, and makes a direct legacy call otherwise.
108  */
109 
110 /* PSA accelerated implementations */
111 #if defined(MBEDTLS_PSA_CRYPTO_C)
112 
113 #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
114 #define MBEDTLS_MD_CAN_MD5
115 #define MBEDTLS_MD_MD5_VIA_PSA
116 #define MBEDTLS_MD_SOME_PSA
117 #endif
118 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
119 #define MBEDTLS_MD_CAN_SHA1
120 #define MBEDTLS_MD_SHA1_VIA_PSA
121 #define MBEDTLS_MD_SOME_PSA
122 #endif
123 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
124 #define MBEDTLS_MD_CAN_SHA224
125 #define MBEDTLS_MD_SHA224_VIA_PSA
126 #define MBEDTLS_MD_SOME_PSA
127 #endif
128 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
129 #define MBEDTLS_MD_CAN_SHA256
130 #define MBEDTLS_MD_SHA256_VIA_PSA
131 #define MBEDTLS_MD_SOME_PSA
132 #endif
133 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
134 #define MBEDTLS_MD_CAN_SHA384
135 #define MBEDTLS_MD_SHA384_VIA_PSA
136 #define MBEDTLS_MD_SOME_PSA
137 #endif
138 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
139 #define MBEDTLS_MD_CAN_SHA512
140 #define MBEDTLS_MD_SHA512_VIA_PSA
141 #define MBEDTLS_MD_SOME_PSA
142 #endif
143 #if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
144 #define MBEDTLS_MD_CAN_RIPEMD160
145 #define MBEDTLS_MD_RIPEMD160_VIA_PSA
146 #define MBEDTLS_MD_SOME_PSA
147 #endif
148 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
149 #define MBEDTLS_MD_CAN_SHA3_224
150 #define MBEDTLS_MD_SHA3_224_VIA_PSA
151 #define MBEDTLS_MD_SOME_PSA
152 #endif
153 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
154 #define MBEDTLS_MD_CAN_SHA3_256
155 #define MBEDTLS_MD_SHA3_256_VIA_PSA
156 #define MBEDTLS_MD_SOME_PSA
157 #endif
158 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
159 #define MBEDTLS_MD_CAN_SHA3_384
160 #define MBEDTLS_MD_SHA3_384_VIA_PSA
161 #define MBEDTLS_MD_SOME_PSA
162 #endif
163 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
164 #define MBEDTLS_MD_CAN_SHA3_512
165 #define MBEDTLS_MD_SHA3_512_VIA_PSA
166 #define MBEDTLS_MD_SOME_PSA
167 #endif
168 
169 #elif defined(MBEDTLS_PSA_CRYPTO_CLIENT)
170 
171 #if defined(PSA_WANT_ALG_MD5)
172 #define MBEDTLS_MD_CAN_MD5
173 #define MBEDTLS_MD_MD5_VIA_PSA
174 #define MBEDTLS_MD_SOME_PSA
175 #endif
176 #if defined(PSA_WANT_ALG_SHA_1)
177 #define MBEDTLS_MD_CAN_SHA1
178 #define MBEDTLS_MD_SHA1_VIA_PSA
179 #define MBEDTLS_MD_SOME_PSA
180 #endif
181 #if defined(PSA_WANT_ALG_SHA_224)
182 #define MBEDTLS_MD_CAN_SHA224
183 #define MBEDTLS_MD_SHA224_VIA_PSA
184 #define MBEDTLS_MD_SOME_PSA
185 #endif
186 #if defined(PSA_WANT_ALG_SHA_256)
187 #define MBEDTLS_MD_CAN_SHA256
188 #define MBEDTLS_MD_SHA256_VIA_PSA
189 #define MBEDTLS_MD_SOME_PSA
190 #endif
191 #if defined(PSA_WANT_ALG_SHA_384)
192 #define MBEDTLS_MD_CAN_SHA384
193 #define MBEDTLS_MD_SHA384_VIA_PSA
194 #define MBEDTLS_MD_SOME_PSA
195 #endif
196 #if defined(PSA_WANT_ALG_SHA_512)
197 #define MBEDTLS_MD_CAN_SHA512
198 #define MBEDTLS_MD_SHA512_VIA_PSA
199 #define MBEDTLS_MD_SOME_PSA
200 #endif
201 #if defined(PSA_WANT_ALG_RIPEMD160)
202 #define MBEDTLS_MD_CAN_RIPEMD160
203 #define MBEDTLS_MD_RIPEMD160_VIA_PSA
204 #define MBEDTLS_MD_SOME_PSA
205 #endif
206 #if defined(PSA_WANT_ALG_SHA3_224)
207 #define MBEDTLS_MD_CAN_SHA3_224
208 #define MBEDTLS_MD_SHA3_224_VIA_PSA
209 #define MBEDTLS_MD_SOME_PSA
210 #endif
211 #if defined(PSA_WANT_ALG_SHA3_256)
212 #define MBEDTLS_MD_CAN_SHA3_256
213 #define MBEDTLS_MD_SHA3_256_VIA_PSA
214 #define MBEDTLS_MD_SOME_PSA
215 #endif
216 #if defined(PSA_WANT_ALG_SHA3_384)
217 #define MBEDTLS_MD_CAN_SHA3_384
218 #define MBEDTLS_MD_SHA3_384_VIA_PSA
219 #define MBEDTLS_MD_SOME_PSA
220 #endif
221 #if defined(PSA_WANT_ALG_SHA3_512)
222 #define MBEDTLS_MD_CAN_SHA3_512
223 #define MBEDTLS_MD_SHA3_512_VIA_PSA
224 #define MBEDTLS_MD_SOME_PSA
225 #endif
226 
227 #endif /* !MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
228 
229 /* Built-in implementations */
230 #if defined(MBEDTLS_MD5_C)
231 #define MBEDTLS_MD_CAN_MD5
232 #define MBEDTLS_MD_SOME_LEGACY
233 #endif
234 #if defined(MBEDTLS_SHA1_C)
235 #define MBEDTLS_MD_CAN_SHA1
236 #define MBEDTLS_MD_SOME_LEGACY
237 #endif
238 #if defined(MBEDTLS_SHA224_C)
239 #define MBEDTLS_MD_CAN_SHA224
240 #define MBEDTLS_MD_SOME_LEGACY
241 #endif
242 #if defined(MBEDTLS_SHA256_C)
243 #define MBEDTLS_MD_CAN_SHA256
244 #define MBEDTLS_MD_SOME_LEGACY
245 #endif
246 #if defined(MBEDTLS_SHA384_C)
247 #define MBEDTLS_MD_CAN_SHA384
248 #define MBEDTLS_MD_SOME_LEGACY
249 #endif
250 #if defined(MBEDTLS_SHA512_C)
251 #define MBEDTLS_MD_CAN_SHA512
252 #define MBEDTLS_MD_SOME_LEGACY
253 #endif
254 #if defined(MBEDTLS_SHA3_C)
255 #define MBEDTLS_MD_CAN_SHA3_224
256 #define MBEDTLS_MD_CAN_SHA3_256
257 #define MBEDTLS_MD_CAN_SHA3_384
258 #define MBEDTLS_MD_CAN_SHA3_512
259 #define MBEDTLS_MD_SOME_LEGACY
260 #endif
261 #if defined(MBEDTLS_RIPEMD160_C)
262 #define MBEDTLS_MD_CAN_RIPEMD160
263 #define MBEDTLS_MD_SOME_LEGACY
264 #endif
265 
266 #endif /* MBEDTLS_MD_LIGHT */
267 
268 /* BLOCK_CIPHER module can dispatch to PSA when:
269  * - PSA is enabled and drivers have been initialized
270  * - desired key type is supported on the PSA side
271  * If the above conditions are not met, but the legacy support is enabled, then
272  * BLOCK_CIPHER will dynamically fallback to it.
273  *
274  * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
275  * can be used to define its capabilities:
276  * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
277  *   ARIA and Camellia which is supported through a driver;
278  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
279  *   driver;
280  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
281  *   a legacy module (i.e. MBEDTLS_xxx_C)
282  */
283 #if defined(MBEDTLS_PSA_CRYPTO_C)
284 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
285 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
286 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
287 #endif
288 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
289 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
290 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
291 #endif
292 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
293 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
294 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
295 #endif
296 #endif /* MBEDTLS_PSA_CRYPTO_C */
297 
298 #if defined(MBEDTLS_AES_C)
299 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
300 #endif
301 #if defined(MBEDTLS_ARIA_C)
302 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
303 #endif
304 #if defined(MBEDTLS_CAMELLIA_C)
305 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
306 #endif
307 
308 /* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
309  * block ciphers via either PSA or legacy. */
310 #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
311     defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
312 #define MBEDTLS_BLOCK_CIPHER_CAN_AES
313 #endif
314 #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
315     defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
316 #define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
317 #endif
318 #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
319     defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
320 #define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
321 #endif
322 
323 /* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
324  * or CIPHER_C. The former is auto-enabled when:
325  * - CIPHER_C is not defined, which is also the legacy solution;
326  * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
327  *   of the driver's acceleration.
328  */
329 #if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
330     (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
331 #define MBEDTLS_BLOCK_CIPHER_C
332 #endif
333 
334 /* Helpers for GCM/CCM capabilities */
335 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
336     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
337 #define MBEDTLS_CCM_GCM_CAN_AES
338 #endif
339 
340 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
341     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
342 #define MBEDTLS_CCM_GCM_CAN_ARIA
343 #endif
344 
345 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
346     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
347 #define MBEDTLS_CCM_GCM_CAN_CAMELLIA
348 #endif
349 
350 /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
351  * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
352  *   for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
353  *   some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
354  * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
355  *   these features are not supported in PSA so the only way to have them is
356  *   to enable the built-in solution.
357  *   Both of them are temporary dependencies:
358  *   - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
359  *   - support for compressed points should also be added to PSA, but in this
360  *     case there is no associated issue to track it yet.
361  * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
362  *   still depends on ECP_LIGHT.
363  * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
364  *   be fixed by #7453.
365  */
366 #if defined(MBEDTLS_ECP_C) || \
367     defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
368     defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
369     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
370 #define MBEDTLS_ECP_LIGHT
371 #endif
372 
373 /* Backward compatibility: after #8740 the RSA module offers functions to parse
374  * and write RSA private/public keys without relying on the PK one. Of course
375  * this needs ASN1 support to do so, so we enable it here. */
376 #if defined(MBEDTLS_RSA_C)
377 #define MBEDTLS_ASN1_PARSE_C
378 #define MBEDTLS_ASN1_WRITE_C
379 #endif
380 
381 /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
382  * in previous version compressed points were automatically supported as long
383  * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
384  * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
385  * are met. */
386 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
387 #define MBEDTLS_PK_PARSE_EC_COMPRESSED
388 #endif
389 
390 /* Helper symbol to state that there is support for ECDH, either through
391  * library implementation (ECDH_C) or through PSA. */
392 #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
393     (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
394 #define MBEDTLS_CAN_ECDH
395 #endif
396 
397 /* PK module can achieve ECDSA functionalities by means of either software
398  * implementations (ECDSA_C) or through a PSA driver. The following defines
399  * are meant to list these capabilities in a general way which abstracts how
400  * they are implemented under the hood. */
401 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
402 #if defined(MBEDTLS_ECDSA_C)
403 #define MBEDTLS_PK_CAN_ECDSA_SIGN
404 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
405 #endif /* MBEDTLS_ECDSA_C */
406 #else /* MBEDTLS_USE_PSA_CRYPTO */
407 #if defined(PSA_WANT_ALG_ECDSA)
408 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
409 #define MBEDTLS_PK_CAN_ECDSA_SIGN
410 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
411 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
412 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
413 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
414 #endif /* PSA_WANT_ALG_ECDSA */
415 #endif /* MBEDTLS_USE_PSA_CRYPTO */
416 
417 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
418 #define MBEDTLS_PK_CAN_ECDSA_SOME
419 #endif
420 
421 /* Helpers to state that each key is supported either on the builtin or PSA side. */
422 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
423 #define MBEDTLS_ECP_HAVE_SECP521R1
424 #endif
425 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
426 #define MBEDTLS_ECP_HAVE_BP512R1
427 #endif
428 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
429 #define MBEDTLS_ECP_HAVE_CURVE448
430 #endif
431 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
432 #define MBEDTLS_ECP_HAVE_BP384R1
433 #endif
434 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
435 #define MBEDTLS_ECP_HAVE_SECP384R1
436 #endif
437 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
438 #define MBEDTLS_ECP_HAVE_BP256R1
439 #endif
440 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
441 #define MBEDTLS_ECP_HAVE_SECP256K1
442 #endif
443 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
444 #define MBEDTLS_ECP_HAVE_SECP256R1
445 #endif
446 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
447 #define MBEDTLS_ECP_HAVE_CURVE25519
448 #endif
449 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
450 #define MBEDTLS_ECP_HAVE_SECP224K1
451 #endif
452 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
453 #define MBEDTLS_ECP_HAVE_SECP224R1
454 #endif
455 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
456 #define MBEDTLS_ECP_HAVE_SECP192K1
457 #endif
458 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
459 #define MBEDTLS_ECP_HAVE_SECP192R1
460 #endif
461 
462 /* Helper symbol to state that the PK module has support for EC keys. This
463  * can either be provided through the legacy ECP solution or through the
464  * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
465 #if defined(MBEDTLS_ECP_C) || \
466     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
467 #define MBEDTLS_PK_HAVE_ECC_KEYS
468 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
469 
470 /* Historically pkparse did not check the CBC padding when decrypting
471  * a key. This was a bug, which is now fixed. As a consequence, pkparse
472  * now needs PKCS7 padding support, but existing configurations might not
473  * enable it, so we enable it here. */
474 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
475 #define MBEDTLS_CIPHER_PADDING_PKCS7
476 #endif
477 
478 /* Backwards compatibility for some macros which were renamed to reflect that
479  * they are related to Armv8, not aarch64. */
480 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
481     !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
482 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
483 #endif
484 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
485 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
486 #endif
487 
488 /* psa_util file features some ECDSA conversion functions, to convert between
489  * legacy's ASN.1 DER format and PSA's raw one. */
490 #if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
491     (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
492 #define MBEDTLS_PSA_UTIL_HAVE_ECDSA
493 #endif
494 
495 /* Some internal helpers to determine which keys are available. */
496 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
497     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
498 #define MBEDTLS_SSL_HAVE_AES
499 #endif
500 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
501     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
502 #define MBEDTLS_SSL_HAVE_ARIA
503 #endif
504 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
505     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
506 #define MBEDTLS_SSL_HAVE_CAMELLIA
507 #endif
508 
509 /* Some internal helpers to determine which operation modes are available. */
510 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
511     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
512 #define MBEDTLS_SSL_HAVE_CBC
513 #endif
514 
515 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
516     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
517 #define MBEDTLS_SSL_HAVE_GCM
518 #endif
519 
520 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
521     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
522 #define MBEDTLS_SSL_HAVE_CCM
523 #endif
524 
525 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
526     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
527 #define MBEDTLS_SSL_HAVE_CHACHAPOLY
528 #endif
529 
530 #if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
531     defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
532 #define MBEDTLS_SSL_HAVE_AEAD
533 #endif
534 
535 #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
536