From 79b99f47a1b18144b06d90b50e4da07f7c9b6dac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 27 Jul 2022 23:04:21 +0200
Subject: [PATCH] Fix definition of MD_OR_PSA macros
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The code will make the decision based on availability of MD, not of
MD+this_hash. The later would only be possible at runtime (the hash
isn't known until then, that's the whole point of MD), so we'd need to
have both MD-based and PSA-based code paths in a single build, which
would have a very negative impact on code size. So, instead, we choose
based on the presence of MD, which is know at compile time, so we only
have one of the two code paths in each build.

Adjust the macros so that they match the logic of the code using them.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/legacy_or_psa.h | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/library/legacy_or_psa.h b/library/legacy_or_psa.h
index e645c2431f..84fc206591 100644
--- a/library/legacy_or_psa.h
+++ b/library/legacy_or_psa.h
@@ -27,7 +27,9 @@
  *      - low-level module API (aes.h, sha256.h), or
  *      - an abstraction layer (md.h, cipher.h);
  * - <condition> will be either:
- *      - depending on what's available in the build, or
+ *      - depending on what's available in the build:
+ *          legacy API used if available, PSA otherwise
+ *          (this is done to ensure backwards compatibility); or
  *      - depending on whether MBEDTLS_USE_PSA_CRYPTO is defined.
  *
  * Examples:
@@ -125,31 +127,38 @@
 
 /* Hashes using MD or PSA based on availability */
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
 #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
 #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
 #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
 #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
 #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
 #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
 #endif
 #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
-    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
+    ( !defined(MBEDTLS_MD_C) && \
+        defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
 #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA
 #endif