diff options
author | Manuel Pégourié-Gonnard <mpg@elzevir.fr> | 2024-06-24 07:30:32 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-24 07:30:32 +0000 |
commit | 82658eb90c7e7d2133fc5446c5e5f56e6d1ecfc9 (patch) | |
tree | eb3e6d1debf878c96c8cb3ca38177bbb7c59cd91 | |
parent | 2a674bd9ce4758dff0d18f4ac8b6da4419efc504 (diff) | |
parent | 19efa3d0168ee5a3dfee6e6a99c307a714b39331 (diff) | |
download | mbedtls-82658eb90c7e7d2133fc5446c5e5f56e6d1ecfc9.zip mbedtls-82658eb90c7e7d2133fc5446c5e5f56e6d1ecfc9.tar.gz mbedtls-82658eb90c7e7d2133fc5446c5e5f56e6d1ecfc9.tar.bz2 |
Merge pull request #9138 from valeriosetti/issue9126
Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
-rw-r--r-- | ChangeLog.d/9126.txt | 5 | ||||
-rw-r--r-- | include/mbedtls/config_psa.h | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 0000000..22939df --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index de961ec..5f3d0f3 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -34,7 +34,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ |