Enable CIPHER_ENCRYPT_ONLY when DES is disabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>

commit: 3caaf0c61eac1707e15eb027828bad687813c7c2 [log] [tgz]
author: Yanray Wang <yanray.wang@arm.com> Thu Sep 07 17:50:14 2023 +0800
committer: Yanray Wang <yanray.wang@arm.com> Mon Sep 11 10:10:44 2023 +0800
tree: 54529627f52552ec57332ccb93ed6ef7983e73b5
parent: c5944d4a3c2983831d145508fdf3797a9751107e [diff]
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 4480b8c..c2fbb24 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h

@@ -39,14 +39,20 @@
  * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes
  * are not requested via the PSA API and are not enabled in the legacy API.
  *
+ * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and
+ * insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES
+ * is not requested via the PSA API and is not enabled in the legacy API.
+ *
  * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
  */
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 #if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
     !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
     !defined(PSA_WANT_ALG_CBC_PKCS7) && \
+    !defined(PSA_WANT_KEY_TYPE_DES) && \
     !defined(MBEDTLS_CIPHER_MODE_CBC) && \
     !defined(MBEDTLS_CIPHER_MODE_XTS) && \
+    !defined(MBEDTLS_DES_C) && \
     !defined(MBEDTLS_NIST_KW_C)
 #define MBEDTLS_CIPHER_ENCRYPT_ONLY 1
 #endif
commit	3caaf0c61eac1707e15eb027828bad687813c7c2	[log] [tgz]
author	Yanray Wang <yanray.wang@arm.com>	Thu Sep 07 17:50:14 2023 +0800
committer	Yanray Wang <yanray.wang@arm.com>	Mon Sep 11 10:10:44 2023 +0800
tree	54529627f52552ec57332ccb93ed6ef7983e73b5
parent	c5944d4a3c2983831d145508fdf3797a9751107e [diff]