Gate secure element support by a separate config option
Secure element support has its own source file, and in addition
requires many hooks in other files. This is a nontrivial amount of
code, so make it optional (but default on).
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7e20071..8789084 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -32,7 +32,9 @@
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#include "psa_crypto_se.h"
+#endif
#include "psa_crypto_slot_management.h"
/* Include internal declarations that are useful for implementing persistently
* stored keys. */
@@ -5212,9 +5214,11 @@
* In particular, this sets all state indicator to the value
* indicating "uninitialized". */
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
* a pristine state. */
psa_unregister_all_se_drivers( );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
}
psa_status_t psa_crypto_init( void )
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 32142eb..814c6a0 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -25,7 +25,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#include <string.h>
@@ -76,4 +76,4 @@
memset( driver_table, 0, sizeof( driver_table ) );
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
diff --git a/library/version_features.c b/library/version_features.c
index 4f1da6a..5701598 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -555,6 +555,9 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
"MBEDTLS_PSA_CRYPTO_C",
#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ "MBEDTLS_PSA_CRYPTO_SE_C",
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
