From 2adb4cac173292ded6a148af046583847bd6c0f8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 May 2024 10:16:42 +0200 Subject: [PATCH] mbedtls: default enable USE_PSA_CRYPTO when CRYPTO_C Now that support for all PSA_WANT symbols is in place, we can enable MBEDTLS_USE_PSA_CRYPTO when MBEDTLS_PSA_CRYPTO_C is enabled as well. Note: this commit also moves USE_PSA_CRYPTO out of CRYPTO_C dependency in config-tls-generic.h because TLS/DTLS/X509 modules of MbedTLS can rely on *any* implementation of PSA crypto APIs not only the MbedTLS one. TFM is for example an alternative to this. Signed-off-by: Valerio Setti --- modules/mbedtls/Kconfig.tls-generic | 1 + modules/mbedtls/configs/config-tls-generic.h | 8 ++++---- samples/tfm_integration/psa_crypto/prj.conf | 1 - subsys/bluetooth/mesh/Kconfig | 1 - 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic index eec38e05089..6117424f8a4 100644 --- a/modules/mbedtls/Kconfig.tls-generic +++ b/modules/mbedtls/Kconfig.tls-generic @@ -488,6 +488,7 @@ config MBEDTLS_PSA_CRYPTO_C config MBEDTLS_USE_PSA_CRYPTO bool "Use PSA APIs instead of legacy MbedTLS when possible" + default y if MBEDTLS_PSA_CRYPTO_CLIENT help Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other "intermediate" modules such as PK, MD and Cipher. diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 2750bab09bc..dc94e3d75f3 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -474,10 +474,6 @@ #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C) #define MBEDTLS_PSA_CRYPTO_C -#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO) -#define MBEDTLS_USE_PSA_CRYPTO -#endif - #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC) #define MBEDTLS_PSA_KEY_SLOT_COUNT 64 #define MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -487,6 +483,10 @@ #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */ +#if defined(CONFIG_MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_USE_PSA_CRYPTO +#endif + #if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT) #define MBEDTLS_PSA_CRYPTO_CLIENT #define MBEDTLS_PSA_CRYPTO_CONFIG diff --git a/samples/tfm_integration/psa_crypto/prj.conf b/samples/tfm_integration/psa_crypto/prj.conf index f308a5aefaf..a7ac8db8f2e 100644 --- a/samples/tfm_integration/psa_crypto/prj.conf +++ b/samples/tfm_integration/psa_crypto/prj.conf @@ -29,7 +29,6 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y CONFIG_MBEDTLS_USER_CONFIG_FILE="user-tls-conf.h" CONFIG_MBEDTLS_PSA_CRYPTO_C=y -CONFIG_MBEDTLS_USE_PSA_CRYPTO=y CONFIG_MBEDTLS_ENTROPY_ENABLED=y CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig index 74e377569b3..88fccf0961c 100644 --- a/subsys/bluetooth/mesh/Kconfig +++ b/subsys/bluetooth/mesh/Kconfig @@ -1349,7 +1349,6 @@ config BT_MESH_USES_MBEDTLS_PSA select MBEDTLS select MBEDTLS_ZEPHYR_ENTROPY select MBEDTLS_PSA_CRYPTO_C - select MBEDTLS_USE_PSA_CRYPTO select MBEDTLS_MAC_CMAC_ENABLED select MBEDTLS_CIPHER_AES_ENABLED select MBEDTLS_AES_ROM_TABLES