From 0c0e418d63699d365830d71b1041a6029ea72475 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 May 2024 07:39:47 +0200 Subject: [PATCH 1/2] config_psa: do not update legacy symbols in client-only PSA build Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 17da61b3e8ef..8bcca407fd69 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -32,7 +32,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ From 19efa3d0168ee5a3dfee6e6a99c307a714b39331 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Jun 2024 14:40:27 +0200 Subject: [PATCH 2/2] changelog: add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/9126.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/9126.txt diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 000000000000..22939df86f42 --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126.