From 5ba2b2b8cce57f2809dcf02b2a9886c6ee971a5d Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Wed, 6 Mar 2024 11:38:49 +0000
Subject: [PATCH] Ensure blocksize is compile-time const when DES not present

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/cmac.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/library/cmac.c b/library/cmac.c
index f9f606f16a..cd3bd3ae40 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -56,16 +56,20 @@ static int cmac_multiply_by_u(unsigned char *output,
                               size_t blocksize)
 {
     const unsigned char R_128 = 0x87;
-    const unsigned char R_64 = 0x1B;
     unsigned char R_n, mask;
     uint32_t overflow = 0x00;
     int i;
 
     if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
         R_n = R_128;
-    } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
+    }
+#if defined(MBEDTLS_DES_C)
+    else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
+        const unsigned char R_64 = 0x1B;
         R_n = R_64;
-    } else {
+    }
+#endif
+    else {
         return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }