From 516886be1b8ad699ea0e2d32c96bbc5d2240a9c7 Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Tue, 5 Nov 2024 14:59:24 +0100
Subject: [PATCH] mbedtls: MBEDTLS_ENTROPY_POLL_ZEPHYR default on if
 MBEDTLS_ENTROPY_C

As long as MBEDTLS_ENTROPY_C is enabled, Mbed TLS needs to
poll some entropy source to gather data that will then be
processed by CTR/HMAC-DRBG modules. This means that in most
of the cases, once MBEDTLS_ENTROPY_C is enabled then also
MBEDTLS_ENTROPY_POLL_ZEPHYR needs to be enabled. This was
done manually until now, as the long list of samples/tests
demonstrate.

This commit solves this dependency by defaulting
MBEDTLS_ENTROPY_POLL_ZEPHYR to on as soon as
MBEDTLS_ENTROPY_C is set. As a consequence, all manual
enablement of MBEDTLS_ENTROPY_POLL_ZEPHYR in samples/tests
are removed.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 drivers/bluetooth/hci/Kconfig                                    | 1 -
 drivers/wifi/esp32/Kconfig.esp32                                 | 1 -
 modules/mbedtls/Kconfig.tls-generic                              | 1 +
 samples/net/wifi/shell/boards/frdm_rw612.conf                    | 1 -
 samples/net/wifi/shell/boards/rd_rw612_bga.conf                  | 1 -
 samples/psa/its/overlay-entropy_not_secure.conf                  | 1 -
 samples/psa/persistent_key/overlay-entropy_not_secure.conf       | 1 -
 subsys/bluetooth/mesh/Kconfig                                    | 1 -
 tests/modules/uoscore/prj.conf                                   | 1 -
 .../subsys/secure_storage/psa/crypto/overlay-secure_storage.conf | 1 -
 .../subsys/secure_storage/psa/its/overlay-default_transform.conf | 1 -
 tests/subsys/storage/flash_map/overlay-psa.conf                  | 1 +
 12 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/drivers/bluetooth/hci/Kconfig b/drivers/bluetooth/hci/Kconfig
index e15ba3bb1f3..d2a68ae3758 100644
--- a/drivers/bluetooth/hci/Kconfig
+++ b/drivers/bluetooth/hci/Kconfig
@@ -112,7 +112,6 @@ config BT_SILABS_EFR32
 	select MBEDTLS
 	select MBEDTLS_PSA_CRYPTO_C
 	select MBEDTLS_ENTROPY_C
-	select MBEDTLS_ENTROPY_POLL_ZEPHYR
 	help
 	  Use Silicon Labs binary Bluetooth library to connect to the
 	  controller.
diff --git a/drivers/wifi/esp32/Kconfig.esp32 b/drivers/wifi/esp32/Kconfig.esp32
index 6732bd5ff7e..0da3e58c62a 100644
--- a/drivers/wifi/esp32/Kconfig.esp32
+++ b/drivers/wifi/esp32/Kconfig.esp32
@@ -377,7 +377,6 @@ config ESP32_WIFI_MBEDTLS_CRYPTO
 	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
 	select MBEDTLS_CMAC
 	select MBEDTLS_ENTROPY_C
-	select MBEDTLS_ENTROPY_POLL_ZEPHYR
 	help
 	  Select this option to use MbedTLS crypto APIs which utilize hardware acceleration.
 
diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 2e6e6b7f8c3..779d3b356f8 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -398,6 +398,7 @@ config MBEDTLS_ENTROPY_C
 
 config MBEDTLS_ENTROPY_POLL_ZEPHYR
 	bool "Provide entropy data to Mbed TLS through entropy driver or random generator"
+	default y
 	depends on MBEDTLS_ENTROPY_C
 	help
 	  Provide entropy data to the Mbed TLS's entropy module through either
diff --git a/samples/net/wifi/shell/boards/frdm_rw612.conf b/samples/net/wifi/shell/boards/frdm_rw612.conf
index 87de6bc8dbd..e9ba4d7df6f 100644
--- a/samples/net/wifi/shell/boards/frdm_rw612.conf
+++ b/samples/net/wifi/shell/boards/frdm_rw612.conf
@@ -103,7 +103,6 @@ CONFIG_MBEDTLS_USER_CONFIG_FILE="wpa_supp_els_pkc_mbedtls_config.h"
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 CONFIG_MBEDTLS_ENTROPY_C=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
 
 # power management
diff --git a/samples/net/wifi/shell/boards/rd_rw612_bga.conf b/samples/net/wifi/shell/boards/rd_rw612_bga.conf
index 633137e3fb0..5ecd5b4f1e7 100644
--- a/samples/net/wifi/shell/boards/rd_rw612_bga.conf
+++ b/samples/net/wifi/shell/boards/rd_rw612_bga.conf
@@ -102,7 +102,6 @@ CONFIG_MBEDTLS_USER_CONFIG_FILE="wpa_supp_els_pkc_mbedtls_config.h"
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 CONFIG_MBEDTLS_ENTROPY_C=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
 
 # power management
diff --git a/samples/psa/its/overlay-entropy_not_secure.conf b/samples/psa/its/overlay-entropy_not_secure.conf
index 2aba3a2c7e2..f2ab1779354 100644
--- a/samples/psa/its/overlay-entropy_not_secure.conf
+++ b/samples/psa/its/overlay-entropy_not_secure.conf
@@ -2,4 +2,3 @@
 
 CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_TIMER_RANDOM_GENERATOR=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
diff --git a/samples/psa/persistent_key/overlay-entropy_not_secure.conf b/samples/psa/persistent_key/overlay-entropy_not_secure.conf
index 2aba3a2c7e2..f2ab1779354 100644
--- a/samples/psa/persistent_key/overlay-entropy_not_secure.conf
+++ b/samples/psa/persistent_key/overlay-entropy_not_secure.conf
@@ -2,4 +2,3 @@
 
 CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_TIMER_RANDOM_GENERATOR=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
diff --git a/subsys/bluetooth/mesh/Kconfig b/subsys/bluetooth/mesh/Kconfig
index 530f3a4fdb4..4731d1c4179 100644
--- a/subsys/bluetooth/mesh/Kconfig
+++ b/subsys/bluetooth/mesh/Kconfig
@@ -1476,7 +1476,6 @@ config BT_MESH_USES_MBEDTLS_PSA
 	select EXPERIMENTAL
 	select MBEDTLS
 	select MBEDTLS_ENTROPY_C
-	select MBEDTLS_ENTROPY_POLL_ZEPHYR
 	select MBEDTLS_PSA_CRYPTO_C
 	select MBEDTLS_USE_PSA_CRYPTO
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
diff --git a/tests/modules/uoscore/prj.conf b/tests/modules/uoscore/prj.conf
index f661156dbc1..d86ae838b21 100644
--- a/tests/modules/uoscore/prj.conf
+++ b/tests/modules/uoscore/prj.conf
@@ -13,7 +13,6 @@ CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=2048
 CONFIG_MBEDTLS_ENTROPY_C=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
 
 # PSA Crypto options
 
diff --git a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
index 84d933c2332..063c04fd2b5 100644
--- a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
+++ b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
@@ -4,7 +4,6 @@ CONFIG_MAIN_STACK_SIZE=2048
 CONFIG_MBEDTLS=y
 CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_TIMER_RANDOM_GENERATOR=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 
 CONFIG_SECURE_STORAGE=y
diff --git a/tests/subsys/secure_storage/psa/its/overlay-default_transform.conf b/tests/subsys/secure_storage/psa/its/overlay-default_transform.conf
index 52751db59b6..2f49f5d6593 100644
--- a/tests/subsys/secure_storage/psa/its/overlay-default_transform.conf
+++ b/tests/subsys/secure_storage/psa/its/overlay-default_transform.conf
@@ -1,7 +1,6 @@
 CONFIG_MBEDTLS=y
 CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_TIMER_RANDOM_GENERATOR=y
-CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 
 # SETTINGS_MAX_VAL_LEN (256) - flags (1) - CONFIG_SECURE_STORAGE_ITS_TRANSFORM_OUTPUT_OVERHEAD (28)
diff --git a/tests/subsys/storage/flash_map/overlay-psa.conf b/tests/subsys/storage/flash_map/overlay-psa.conf
index 4b5dcfd9af6..e70359a2d54 100644
--- a/tests/subsys/storage/flash_map/overlay-psa.conf
+++ b/tests/subsys/storage/flash_map/overlay-psa.conf
@@ -1,3 +1,4 @@
 CONFIG_FLASH_AREA_CHECK_INTEGRITY_PSA=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_TEST_RANDOM_GENERATOR=y