From 3153ae47a987fd05e735c2d49c3c12217f757e2c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 May 2024 07:39:47 +0200 Subject: [PATCH 1/2] config_psa: do not update legacy symbols in client-only PSA build Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index de961ec0f8..5f3d0f3d5d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -34,7 +34,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ From 3b665626e80d4cbcf221909cabc731e131a7a5aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Jun 2024 14:40:27 +0200 Subject: [PATCH 2/2] changelog: add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/9126.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/9126.txt diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 0000000000..22939df86f --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126.