From fbefe04bf3fa8e2a1e6233251a3d755b8501eda2 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 13 Nov 2023 10:15:43 +0100
Subject: [PATCH] check_config: fix requirements for CTR_DRBG

The module now depends on either:
- AES_C, which is the default and the preferred solution for
  backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
  new solution when AES_C is not defined

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/check_config.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 9b5b6467e..34ddcb159 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -153,7 +153,9 @@
 #endif /* not all curves accelerated */
 #endif /* some curve accelerated */
 
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
+    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \
+    defined(PSA_WANT_ALG_ECB_NO_PADDING)))
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif