From a37ea269a9d89fe9e9f9b3528e5d5c9b0012b1c0 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Fri, 24 May 2024 14:37:05 +0200
Subject: [PATCH 1/2] adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is
 builtin

psa_crypto_mac.c uses mbedtls_cipher_xxx() functions to perform
CMAC operations. Therefore we need to enable CIPHER_C when
PSA CMAC is builtin.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/config_adjust_legacy_crypto.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index e477c0796ac4..ce15a2c3408d 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -48,7 +48,8 @@
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
 #define MBEDTLS_CIPHER_C
 #endif
 

From 7e2ce994001b62827788af4acf7a36e7756979d8 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Fri, 31 May 2024 05:52:59 +0200
Subject: [PATCH 2/2] changelog: add changelog for PSA CMAC fix

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/fix-psa-cmac.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ChangeLog.d/fix-psa-cmac.txt

diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt
new file mode 100644
index 000000000000..e3c8aecc2db7
--- /dev/null
+++ b/ChangeLog.d/fix-psa-cmac.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
+     CMAC is enabled, but no built-in unauthenticated cipher is enabled.
+     Fixes #9209.