From 7889fe79175f893e208c0eb29ca13cda08e87d3a Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Wed, 7 Feb 2024 13:01:33 +0000
Subject: [PATCH 1/3] Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT

When check_config needs to evaluate the availability of a feature
through a PSA API, it should look for MBEDTLS_PSA_CRYPTO_CLIENT
instead of MBEDTLS_PSA_CRYPTO_C, to be able to cover the case
where the API is provided through a client/service interface.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
---
 include/mbedtls/check_config.h | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b21135686..47de2e9ae 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -56,7 +56,7 @@
 
 /* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
  * when PSA crypto is enabled. */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
 #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
@@ -154,7 +154,7 @@
 #endif /* some curve accelerated */
 
 #if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
     defined(PSA_WANT_ALG_ECB_NO_PADDING)))
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
@@ -236,7 +236,7 @@
 
 #if defined(MBEDTLS_ECJPAKE_C) &&           \
     ( !defined(MBEDTLS_ECP_C) ||            \
-      !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
+      !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) )
 #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
 #endif
 
@@ -284,15 +284,15 @@
 /* Helpers for hash dependencies, will be undefined at the end of the file */
 /* Do SHA-256, 384, 512 to cover Entropy and TLS. */
 #if defined(MBEDTLS_SHA256_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256)
 #define MBEDTLS_MD_HAVE_SHA256
 #endif
 #if defined(MBEDTLS_SHA384_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_384))
 #define MBEDTLS_MD_HAVE_SHA384
 #endif
 #if defined(MBEDTLS_SHA512_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_512))
 #define MBEDTLS_MD_HAVE_SHA512
 #endif
 
@@ -491,7 +491,7 @@
     defined(MBEDTLS_SHA256_C) || \
     defined(MBEDTLS_SHA384_C) || \
     defined(MBEDTLS_SHA512_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_C) && \
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
      (defined(PSA_WANT_ALG_MD5) || \
       defined(PSA_WANT_ALG_RIPEMD160) || \
       defined(PSA_WANT_ALG_SHA_1) || \
@@ -503,7 +503,7 @@
 #endif
 
 #if defined(MBEDTLS_LMS_C) &&                                          \
-    ! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
+    ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
 #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
 #endif
 
@@ -891,7 +891,7 @@
  * Note: for dependencies common with TLS 1.2 (running handshake hash),
  * see MBEDTLS_SSL_TLS_C. */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
-    !(defined(MBEDTLS_PSA_CRYPTO_C) && \
+    !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
       defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
       defined(PSA_WANT_ALG_HKDF_EXPAND) && \
       (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
@@ -1089,7 +1089,7 @@
 #endif
 #undef MBEDTLS_THREADING_IMPL
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
 #endif
 

From 3c19b237d142da31c1dc28e6100482323e2b75d4 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Wed, 7 Feb 2024 17:10:12 +0000
Subject: [PATCH 2/3] Fix trailing parenthesis

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
---
 include/mbedtls/check_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 47de2e9ae..5283e26dc 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -284,7 +284,7 @@
 /* Helpers for hash dependencies, will be undefined at the end of the file */
 /* Do SHA-256, 384, 512 to cover Entropy and TLS. */
 #if defined(MBEDTLS_SHA256_C) || \
-    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256)
+    (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256))
 #define MBEDTLS_MD_HAVE_SHA256
 #endif
 #if defined(MBEDTLS_SHA384_C) || \

From 058c9a34ec30246ae582f549fb95851ae1010708 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 8 Feb 2024 10:24:06 +0000
Subject: [PATCH 3/3] build_info should look for MBEDTLS_PSA_CRYPTO_CLIENT as
 well

Similarly to check_config.h, also build_info.h should consider
MBEDTLS_PSA_CRYPTO_CLIENT as the define which signals that PSA
Crypto APIs feature are being required in the build (possibly
due to the client/service architecture). It is automatically
enabled if CRYPTO_C is enabled, but only at config_adjust_legacy_crypto.h
which happens after the inclusion of the config_psa.h is needed

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
---
 include/mbedtls/build_info.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 2f336ba21..99a449b50 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -158,7 +158,8 @@
  *   (e.g. MBEDTLS_MD_LIGHT)
  */
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
-    defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
+    defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \
+    defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */
 #include "mbedtls/config_psa.h"
 #endif