mbedtls: default enable USE_PSA_CRYPTO when CRYPTO_C

Now that support for all PSA_WANT symbols is in place, we can enable MBEDTLS_USE_PSA_CRYPTO when MBEDTLS_PSA_CRYPTO_C is enabled as well. Note: this commit also moves USE_PSA_CRYPTO out of CRYPTO_C dependency in config-tls-generic.h because TLS/DTLS/X509 modules of MbedTLS can rely on *any* implementation of PSA crypto APIs not only the MbedTLS one. TFM is for example an alternative to this. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-05-13 10:16:42 +02:00 · 2024-05-13 10:16:42 +02:00 · 2adb4cac17
commit 2adb4cac17
parent c4e1b56ef9
4 changed files with 5 additions and 6 deletions
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@ -488,6 +488,7 @@ config MBEDTLS_PSA_CRYPTO_C

 config MBEDTLS_USE_PSA_CRYPTO
 	bool "Use PSA APIs instead of legacy MbedTLS when possible"
+	default y if MBEDTLS_PSA_CRYPTO_CLIENT
 	help
 	  Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other
 	  "intermediate" modules such as PK, MD and Cipher.
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@ -474,10 +474,6 @@
 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
 #define MBEDTLS_PSA_CRYPTO_C

-#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
-#define MBEDTLS_USE_PSA_CRYPTO
-#endif
-
 #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC)
 #define MBEDTLS_PSA_KEY_SLOT_COUNT     64
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
@ -487,6 +483,10 @@

 #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */

+#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
+#define MBEDTLS_USE_PSA_CRYPTO
+#endif
+
 #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
 #define MBEDTLS_PSA_CRYPTO_CLIENT
 #define MBEDTLS_PSA_CRYPTO_CONFIG
--- a/samples/tfm_integration/psa_crypto/prj.conf
+++ b/samples/tfm_integration/psa_crypto/prj.conf
@ -29,7 +29,6 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y
 CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h"

 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
-CONFIG_MBEDTLS_USE_PSA_CRYPTO=y
 CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
--- a/subsys/bluetooth/mesh/Kconfig
+++ b/subsys/bluetooth/mesh/Kconfig
@ -1349,7 +1349,6 @@ config BT_MESH_USES_MBEDTLS_PSA
 	select MBEDTLS
 	select MBEDTLS_ZEPHYR_ENTROPY
 	select MBEDTLS_PSA_CRYPTO_C
-	select MBEDTLS_USE_PSA_CRYPTO
 	select MBEDTLS_MAC_CMAC_ENABLED
 	select MBEDTLS_CIPHER_AES_ENABLED
 	select MBEDTLS_AES_ROM_TABLES