1 /**
2  * \file mbedtls/config_adjust_legacy_crypto.h
3  * \brief Adjust legacy configuration configuration
4  *
5  * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
6  * configurations need to be explicitly enabled by the user: enabling
7  * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
8  * compilation error. However, we do automatically enable certain options
9  * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
10  * used to identify parts of a module that are used by other module, and we
11  * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
12  * Another case is if A didn't depend on B in earlier versions, and we
13  * want to use B in A but we need to preserve backward compatibility with
14  * configurations that explicitly activate MBEDTLS_xxx_A but not
15  * MBEDTLS_xxx_B.
16  */
17 /*
18  *  Copyright The Mbed TLS Contributors
19  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
20  */
21 
22 #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
23 #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
24 
25 /* Ideally, we'd set those as defaults in mbedtls_config.h, but
26  * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
27  *
28  * So, adjust it here.
29  * Not related to crypto, but this is the bottom of the stack. */
30 #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
31 #if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
32     !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
33 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
34 #endif
35 #if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
36     !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
37 #define MBEDTLS_PLATFORM_VSNPRINTF_ALT
38 #endif
39 #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
40 
41 /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
42  * in PSA. */
43 #if defined(MBEDTLS_PSA_CRYPTO_C) && \
44     (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
45     defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
46     defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
47     defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
48     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
49     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
50     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
51     defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
52 #define MBEDTLS_CIPHER_C
53 #endif
54 
55 /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
56  * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
57  */
58 #if defined(MBEDTLS_MD_C)
59 #define MBEDTLS_MD_LIGHT
60 #endif
61 
62 /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
63  * in a previous release, to ensure backwards compatibility.
64  */
65 #if defined(MBEDTLS_ECJPAKE_C) || \
66     defined(MBEDTLS_PEM_PARSE_C) || \
67     defined(MBEDTLS_ENTROPY_C) || \
68     defined(MBEDTLS_PK_C) || \
69     defined(MBEDTLS_PKCS12_C) || \
70     defined(MBEDTLS_RSA_C) || \
71     defined(MBEDTLS_SSL_TLS_C) || \
72     defined(MBEDTLS_X509_USE_C) || \
73     defined(MBEDTLS_X509_CREATE_C)
74 #define MBEDTLS_MD_LIGHT
75 #endif
76 
77 #if defined(MBEDTLS_MD_LIGHT)
78 /*
79  * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
80  * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
81  *   (see below).
82  * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
83  *   via PSA (see below).
84  * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
85  *   via a direct legacy call (see below).
86  *
87  * The md module performs an algorithm via PSA if there is a PSA hash
88  * accelerator and the PSA driver subsytem is initialized at the time the
89  * operation is started, and makes a direct legacy call otherwise.
90  */
91 
92 /* PSA accelerated implementations */
93 #if defined(MBEDTLS_PSA_CRYPTO_C)
94 
95 #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
96 #define MBEDTLS_MD_CAN_MD5
97 #define MBEDTLS_MD_MD5_VIA_PSA
98 #define MBEDTLS_MD_SOME_PSA
99 #endif
100 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
101 #define MBEDTLS_MD_CAN_SHA1
102 #define MBEDTLS_MD_SHA1_VIA_PSA
103 #define MBEDTLS_MD_SOME_PSA
104 #endif
105 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
106 #define MBEDTLS_MD_CAN_SHA224
107 #define MBEDTLS_MD_SHA224_VIA_PSA
108 #define MBEDTLS_MD_SOME_PSA
109 #endif
110 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
111 #define MBEDTLS_MD_CAN_SHA256
112 #define MBEDTLS_MD_SHA256_VIA_PSA
113 #define MBEDTLS_MD_SOME_PSA
114 #endif
115 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
116 #define MBEDTLS_MD_CAN_SHA384
117 #define MBEDTLS_MD_SHA384_VIA_PSA
118 #define MBEDTLS_MD_SOME_PSA
119 #endif
120 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
121 #define MBEDTLS_MD_CAN_SHA512
122 #define MBEDTLS_MD_SHA512_VIA_PSA
123 #define MBEDTLS_MD_SOME_PSA
124 #endif
125 #if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
126 #define MBEDTLS_MD_CAN_RIPEMD160
127 #define MBEDTLS_MD_RIPEMD160_VIA_PSA
128 #define MBEDTLS_MD_SOME_PSA
129 #endif
130 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
131 #define MBEDTLS_MD_CAN_SHA3_224
132 #define MBEDTLS_MD_SHA3_224_VIA_PSA
133 #define MBEDTLS_MD_SOME_PSA
134 #endif
135 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
136 #define MBEDTLS_MD_CAN_SHA3_256
137 #define MBEDTLS_MD_SHA3_256_VIA_PSA
138 #define MBEDTLS_MD_SOME_PSA
139 #endif
140 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
141 #define MBEDTLS_MD_CAN_SHA3_384
142 #define MBEDTLS_MD_SHA3_384_VIA_PSA
143 #define MBEDTLS_MD_SOME_PSA
144 #endif
145 #if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
146 #define MBEDTLS_MD_CAN_SHA3_512
147 #define MBEDTLS_MD_SHA3_512_VIA_PSA
148 #define MBEDTLS_MD_SOME_PSA
149 #endif
150 #endif /* MBEDTLS_PSA_CRYPTO_C */
151 
152 /* Built-in implementations */
153 #if defined(MBEDTLS_MD5_C)
154 #define MBEDTLS_MD_CAN_MD5
155 #define MBEDTLS_MD_SOME_LEGACY
156 #endif
157 #if defined(MBEDTLS_SHA1_C)
158 #define MBEDTLS_MD_CAN_SHA1
159 #define MBEDTLS_MD_SOME_LEGACY
160 #endif
161 #if defined(MBEDTLS_SHA224_C)
162 #define MBEDTLS_MD_CAN_SHA224
163 #define MBEDTLS_MD_SOME_LEGACY
164 #endif
165 #if defined(MBEDTLS_SHA256_C)
166 #define MBEDTLS_MD_CAN_SHA256
167 #define MBEDTLS_MD_SOME_LEGACY
168 #endif
169 #if defined(MBEDTLS_SHA384_C)
170 #define MBEDTLS_MD_CAN_SHA384
171 #define MBEDTLS_MD_SOME_LEGACY
172 #endif
173 #if defined(MBEDTLS_SHA512_C)
174 #define MBEDTLS_MD_CAN_SHA512
175 #define MBEDTLS_MD_SOME_LEGACY
176 #endif
177 #if defined(MBEDTLS_SHA3_C)
178 #define MBEDTLS_MD_CAN_SHA3_224
179 #define MBEDTLS_MD_CAN_SHA3_256
180 #define MBEDTLS_MD_CAN_SHA3_384
181 #define MBEDTLS_MD_CAN_SHA3_512
182 #define MBEDTLS_MD_SOME_LEGACY
183 #endif
184 #if defined(MBEDTLS_RIPEMD160_C)
185 #define MBEDTLS_MD_CAN_RIPEMD160
186 #define MBEDTLS_MD_SOME_LEGACY
187 #endif
188 
189 #endif /* MBEDTLS_MD_LIGHT */
190 
191 /* BLOCK_CIPHER module can dispatch to PSA when:
192  * - PSA is enabled and drivers have been initialized
193  * - desired key type is supported on the PSA side
194  * If the above conditions are not met, but the legacy support is enabled, then
195  * BLOCK_CIPHER will dynamically fallback to it.
196  *
197  * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
198  * can be used to define its capabilities:
199  * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
200  *   ARIA and Camellia which is supported through a driver;
201  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
202  *   driver;
203  * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
204  *   a legacy module (i.e. MBEDTLS_xxx_C)
205  */
206 #if defined(MBEDTLS_PSA_CRYPTO_C)
207 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
208 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
209 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
210 #endif
211 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
212 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
213 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
214 #endif
215 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
216 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
217 #define MBEDTLS_BLOCK_CIPHER_SOME_PSA
218 #endif
219 #endif /* MBEDTLS_PSA_CRYPTO_C */
220 
221 #if defined(MBEDTLS_AES_C)
222 #define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
223 #endif
224 #if defined(MBEDTLS_ARIA_C)
225 #define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
226 #endif
227 #if defined(MBEDTLS_CAMELLIA_C)
228 #define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
229 #endif
230 
231 /* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
232  * block ciphers via either PSA or legacy. */
233 #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
234     defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
235 #define MBEDTLS_BLOCK_CIPHER_CAN_AES
236 #endif
237 #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
238     defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
239 #define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
240 #endif
241 #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
242     defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
243 #define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
244 #endif
245 
246 /* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
247  * or CIPHER_C. The former is auto-enabled when:
248  * - CIPHER_C is not defined, which is also the legacy solution;
249  * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
250  *   of the driver's acceleration.
251  */
252 #if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
253     (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
254 #define MBEDTLS_BLOCK_CIPHER_C
255 #endif
256 
257 /* Helpers for GCM/CCM capabilities */
258 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
259     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
260 #define MBEDTLS_CCM_GCM_CAN_AES
261 #endif
262 
263 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
264     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
265 #define MBEDTLS_CCM_GCM_CAN_ARIA
266 #endif
267 
268 #if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
269     (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
270 #define MBEDTLS_CCM_GCM_CAN_CAMELLIA
271 #endif
272 
273 /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
274  * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
275  *   for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
276  *   some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
277  * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
278  *   these features are not supported in PSA so the only way to have them is
279  *   to enable the built-in solution.
280  *   Both of them are temporary dependencies:
281  *   - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
282  *   - support for compressed points should also be added to PSA, but in this
283  *     case there is no associated issue to track it yet.
284  * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
285  *   still depends on ECP_LIGHT.
286  * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
287  *   be fixed by #7453.
288  */
289 #if defined(MBEDTLS_ECP_C) || \
290     defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
291     defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
292     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
293 #define MBEDTLS_ECP_LIGHT
294 #endif
295 
296 /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
297  * in previous version compressed points were automatically supported as long
298  * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
299  * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
300  * are met. */
301 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
302 #define MBEDTLS_PK_PARSE_EC_COMPRESSED
303 #endif
304 
305 /* Helper symbol to state that there is support for ECDH, either through
306  * library implementation (ECDH_C) or through PSA. */
307 #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
308     (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
309 #define MBEDTLS_CAN_ECDH
310 #endif
311 
312 /* PK module can achieve ECDSA functionalities by means of either software
313  * implementations (ECDSA_C) or through a PSA driver. The following defines
314  * are meant to list these capabilities in a general way which abstracts how
315  * they are implemented under the hood. */
316 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
317 #if defined(MBEDTLS_ECDSA_C)
318 #define MBEDTLS_PK_CAN_ECDSA_SIGN
319 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
320 #endif /* MBEDTLS_ECDSA_C */
321 #else /* MBEDTLS_USE_PSA_CRYPTO */
322 #if defined(PSA_WANT_ALG_ECDSA)
323 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
324 #define MBEDTLS_PK_CAN_ECDSA_SIGN
325 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
326 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
327 #define MBEDTLS_PK_CAN_ECDSA_VERIFY
328 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
329 #endif /* PSA_WANT_ALG_ECDSA */
330 #endif /* MBEDTLS_USE_PSA_CRYPTO */
331 
332 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
333 #define MBEDTLS_PK_CAN_ECDSA_SOME
334 #endif
335 
336 /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
337  * is defined as well to include all PSA code.
338  */
339 #if defined(MBEDTLS_PSA_CRYPTO_C)
340 #define MBEDTLS_PSA_CRYPTO_CLIENT
341 #endif /* MBEDTLS_PSA_CRYPTO_C */
342 
343 /* Helpers to state that each key is supported either on the builtin or PSA side. */
344 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
345 #define MBEDTLS_ECP_HAVE_SECP521R1
346 #endif
347 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
348 #define MBEDTLS_ECP_HAVE_BP512R1
349 #endif
350 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
351 #define MBEDTLS_ECP_HAVE_CURVE448
352 #endif
353 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
354 #define MBEDTLS_ECP_HAVE_BP384R1
355 #endif
356 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
357 #define MBEDTLS_ECP_HAVE_SECP384R1
358 #endif
359 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
360 #define MBEDTLS_ECP_HAVE_BP256R1
361 #endif
362 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
363 #define MBEDTLS_ECP_HAVE_SECP256K1
364 #endif
365 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
366 #define MBEDTLS_ECP_HAVE_SECP256R1
367 #endif
368 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
369 #define MBEDTLS_ECP_HAVE_CURVE25519
370 #endif
371 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
372 #define MBEDTLS_ECP_HAVE_SECP224K1
373 #endif
374 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
375 #define MBEDTLS_ECP_HAVE_SECP224R1
376 #endif
377 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
378 #define MBEDTLS_ECP_HAVE_SECP192K1
379 #endif
380 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
381 #define MBEDTLS_ECP_HAVE_SECP192R1
382 #endif
383 
384 /* Helper symbol to state that the PK module has support for EC keys. This
385  * can either be provided through the legacy ECP solution or through the
386  * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
387 #if defined(MBEDTLS_ECP_C) || \
388     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
389 #define MBEDTLS_PK_HAVE_ECC_KEYS
390 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
391 
392 /* Historically pkparse did not check the CBC padding when decrypting
393  * a key. This was a bug, which is now fixed. As a consequence, pkparse
394  * now needs PKCS7 padding support, but existing configurations might not
395  * enable it, so we enable it here. */
396 #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
397 #define MBEDTLS_CIPHER_PADDING_PKCS7
398 #endif
399 
400 /* Backwards compatibility for some macros which were renamed to reflect that
401  * they are related to Armv8, not aarch64. */
402 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
403     !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
404 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
405 #endif
406 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
407 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
408 #endif
409 
410 /* psa_util file features some ECDSA conversion functions, to convert between
411  * legacy's ASN.1 DER format and PSA's raw one. */
412 #if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
413     (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
414 #define MBEDTLS_PSA_UTIL_HAVE_ECDSA
415 #endif
416 
417 /* Some internal helpers to determine which keys are availble. */
418 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
419     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
420 #define MBEDTLS_SSL_HAVE_AES
421 #endif
422 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
423     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
424 #define MBEDTLS_SSL_HAVE_ARIA
425 #endif
426 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
427     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
428 #define MBEDTLS_SSL_HAVE_CAMELLIA
429 #endif
430 
431 /* Some internal helpers to determine which operation modes are availble. */
432 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
433     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
434 #define MBEDTLS_SSL_HAVE_CBC
435 #endif
436 
437 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
438     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
439 #define MBEDTLS_SSL_HAVE_GCM
440 #endif
441 
442 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
443     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
444 #define MBEDTLS_SSL_HAVE_CCM
445 #endif
446 
447 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
448     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
449 #define MBEDTLS_SSL_HAVE_CHACHAPOLY
450 #endif
451 
452 #if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
453     defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
454 #define MBEDTLS_SSL_HAVE_AEAD
455 #endif
456 
457 #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
458