modules: mbedtls: Replace select statement with depends on for EC
Instead of using "select" on certain EC configurations, which is
considered unsafe for various reasons, use a "depends on" and rely on
the user to set a proper configuration in the config file.
Update the respective project configurations to comply with the new
configuration scheme.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
diff --git a/drivers/wifi/esp32/Kconfig.esp32 b/drivers/wifi/esp32/Kconfig.esp32
index 38688b9..ab12a02 100644
--- a/drivers/wifi/esp32/Kconfig.esp32
+++ b/drivers/wifi/esp32/Kconfig.esp32
@@ -12,6 +12,9 @@
select MBEDTLS_ENTROPY_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
select MBEDTLS_ECP_ALL_ENABLED
+ select MBEDTLS_ECDH_C
+ select MBEDTLS_ECDSA_C
+ select MBEDTLS_ECP_C
help
Enable ESP32 SoC WiFi support. Only supported in single
core mode because the network stack is not aware of SMP
diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 6475bd2..bcbf94f 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -69,7 +69,7 @@
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
bool "ECDHE-PSK based ciphersuite modes"
- select MBEDTLS_ECDH_C
+ depends on MBEDTLS_ECDH_C
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
bool "RSA-PSK based ciphersuite modes"
@@ -97,42 +97,40 @@
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
bool "ECDHE-RSA based ciphersuite modes"
- select MBEDTLS_ECDH_C
+ depends on MBEDTLS_ECDH_C
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
bool "ECDHE-ECDSA based ciphersuite modes"
- select MBEDTLS_ECDH_C
- select MBEDTLS_ECDSA_C
+ depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
bool "ECDH-ECDSA based ciphersuite modes"
- select MBEDTLS_ECDH_C
- select MBEDTLS_ECDSA_C
+ depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
config MBEDTLS_ECDSA_DETERMINISTIC
bool "Deterministic ECDSA (RFC 6979)"
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
bool "ECDH-RSA based ciphersuite modes"
- select MBEDTLS_ECDH_C
+ depends on MBEDTLS_ECDH_C
config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
bool "ECJPAKE based ciphersuite modes"
- select MBEDTLS_ECJPAKE_C
+ depends on MBEDTLS_ECJPAKE_C
comment "Elliptic curve libraries"
config MBEDTLS_ECDH_C
bool "Elliptic curve Diffie-Hellman library"
- select MBEDTLS_ECP_C
+ depends on MBEDTLS_ECP_C
config MBEDTLS_ECDSA_C
bool "Elliptic curve DSA library"
- select MBEDTLS_ECP_C
+ depends on MBEDTLS_ECP_C
config MBEDTLS_ECJPAKE_C
bool "Elliptic curve J-PAKE library"
- select MBEDTLS_ECP_C
+ depends on MBEDTLS_ECP_C
config MBEDTLS_ECP_C
bool "Elliptic curve over GF(p) library"
diff --git a/subsys/net/l2/openthread/Kconfig b/subsys/net/l2/openthread/Kconfig
index 5c9d6af..781787c 100644
--- a/subsys/net/l2/openthread/Kconfig
+++ b/subsys/net/l2/openthread/Kconfig
@@ -191,6 +191,7 @@
select MBEDTLS_TLS_VERSION_1_2 if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
select MBEDTLS_DTLS if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
+ select MBEDTLS_ECJPAKE_C if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
select MBEDTLS_ECP_DP_SECP256R1_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || \
OPENTHREAD_SRP_CLIENT || OPENTHREAD_SRP_SERVER
select MBEDTLS_ECP_NIST_OPTIM if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
@@ -199,8 +200,12 @@
select MBEDTLS_HMAC_DRBG_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || \
OPENTHREAD_SRP_CLIENT || OPENTHREAD_SRP_SERVER
select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED if OPENTHREAD_ECDSA
+ select MBEDTLS_ECDH_C if OPENTHREAD_ECDSA
+ select MBEDTLS_ECDSA_C if OPENTHREAD_ECDSA
select MBEDTLS_ECDSA_DETERMINISTIC if OPENTHREAD_ECDSA
select MBEDTLS_PK_WRITE_C if OPENTHREAD_ECDSA
+ select MBEDTLS_ECP_C if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || OPENTHREAD_ECDSA
+
config OPENTHREAD_MBEDTLS_LIB_NAME
string "mbedtls lib name"
diff --git a/tests/benchmarks/mbedtls/prj.conf b/tests/benchmarks/mbedtls/prj.conf
index cfb2a45..6339cd4 100644
--- a/tests/benchmarks/mbedtls/prj.conf
+++ b/tests/benchmarks/mbedtls/prj.conf
@@ -24,3 +24,7 @@
CONFIG_MBEDTLS_MAC_ALL_ENABLED=y
CONFIG_MBEDTLS_GENPRIME_ENABLED=y
CONFIG_MBEDTLS_HMAC_DRBG_ENABLED=y
+CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
+CONFIG_MBEDTLS_ECP_C=y
