From 85e18aa755914aa4c57d80fb1a8e97f988d56628 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Wed, 27 Dec 2023 12:54:05 +0530
Subject: [PATCH] fix(mbedtls/gcm): Avoid using GCM hardware when config
 MBEDTLS_HARDWARE_GCM is disabled

---
 components/mbedtls/port/aes/dma/esp_aes.c | 8 ++------
 components/mbedtls/port/aes/esp_aes_gcm.c | 6 +++---
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c
index 56d6cf0016..1dd9401861 100644
--- a/components/mbedtls/port/aes/dma/esp_aes.c
+++ b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -53,10 +53,6 @@
 #include "freertos/FreeRTOS.h"
 #include "freertos/semphr.h"
 
-#if SOC_AES_SUPPORT_GCM
-#include "aes/esp_aes_gcm.h"
-#endif
-
 #if SOC_AES_GDMA
 #define AES_LOCK() esp_crypto_sha_aes_lock_acquire()
 #define AES_RELEASE() esp_crypto_sha_aes_lock_release()
@@ -487,7 +483,7 @@ cleanup:
 }
 
 
-#if SOC_AES_SUPPORT_GCM
+#if CONFIG_MBEDTLS_HARDWARE_GCM
 
 /* Encrypt/decrypt with AES-GCM the input using DMA
  * The function esp_aes_process_dma_gcm zeroises the output buffer in the case of following conditions:
@@ -622,7 +618,7 @@ cleanup:
     return ret;
 }
 
-#endif //SOC_AES_SUPPORT_GCM
+#endif //CONFIG_MBEDTLS_HARDWARE_GCM
 
 static int esp_aes_validate_input(esp_aes_context *ctx, const unsigned char *input,
                                   unsigned char *output )
diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c
index c91b4fdce1..0ed37cb276 100644
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@@ -371,7 +371,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
     /* H and the lookup table are only generated once per ctx */
     if (ctx->gcm_state == ESP_AES_GCM_STATE_INIT) {
         /* Lock the AES engine to calculate ghash key H in hardware */
-#if SOC_AES_SUPPORT_GCM
+#if CONFIG_MBEDTLS_HARDWARE_GCM
         esp_aes_acquire_hardware();
         ctx->aes_ctx.key_in_hardware = aes_hal_setkey(ctx->aes_ctx.key, ctx->aes_ctx.key_bytes, mode);
         aes_hal_mode_init(ESP_AES_BLOCK_MODE_GCM);
@@ -529,7 +529,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
     return esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, stream, ctx->ghash, tag);
 }
 
-#if SOC_AES_SUPPORT_GCM
+#if CONFIG_MBEDTLS_HARDWARE_GCM
 /* Due to restrictions in the hardware (e.g. need to do the whole conversion in one go),
    some combinations of inputs are not supported */
 static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned char *aad, size_t aad_len,
@@ -607,7 +607,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
                                size_t tag_len,
                                unsigned char *tag )
 {
-#if SOC_AES_SUPPORT_GCM
+#if CONFIG_MBEDTLS_HARDWARE_GCM
     int ret;
     lldesc_t aad_desc[2] = {};
     lldesc_t *aad_head_desc = NULL;