Fixed typo in config and added a few for cc3xx_oberon

PFnord · Nov 15, 2024 · d9dc909 · d9dc909
1 parent ab6619c
commit d9dc909
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 7 deletions.
diff --git a/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf b/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf
@@ -19,5 +19,8 @@ CONFIG_PSA_WANT_ALG_ECDH=y
 CONFIG_PSA_WANT_ALG_ECDSA=y
 CONFIG_PSA_WANT_ECC_SECP_R1_256=y
 
+CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE=y
+# CONFIG_MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE=y
 CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED=y
-CONFIG_MBEDTLS_DEBUG=y
+CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED=y
+CONFIG_MBEDTLS_DEBUG=n
diff --git a/samples/crypto/psa_tls/src/main.c b/samples/crypto/psa_tls/src/main.c
@@ -50,12 +50,12 @@ int main(void)
 		return APP_ERROR;
 	}
 #endif
-/*
+
 	err = tls_set_credentials();
 	if (err < 0) {
 		return APP_ERROR;
 	}
-*/
+
 	err = tls_set_preshared_key();
 	if (err < 0) {
 		return APP_ERROR;

diff --git a/samples/crypto/psa_tls/src/psa_tls_functions_client.c b/samples/crypto/psa_tls/src/psa_tls_functions_client.c
@@ -34,7 +34,7 @@ static int setup_tls_client_socket(void)
 
 	/* List of security tags to register. */
 	sec_tag_t sec_tag_list[] = {
-		//CA_CERTIFICATE_TAG,
+		CA_CERTIFICATE_TAG,
 		PSK_TAG,
 	};
 

diff --git a/subsys/nrf_security/Kconfig.tls b/subsys/nrf_security/Kconfig.tls
@@ -267,7 +267,7 @@ config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 	  reduces RAM usage.
 	  Corresponds to MBEDTLS_SSL_KEEP_PEER_CERTIFICATE in mbed TLS config file.
 
-config MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE
+config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 	bool
 	prompt "Give acces to peer certificate after handshake"
 	default n

diff --git a/subsys/nrf_security/cmake/nrf_config.cmake b/subsys/nrf_security/cmake/nrf_config.cmake
@@ -111,7 +111,7 @@ if (NOT MBEDTLS_PSA_CRYPTO_SPM)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
-  kconfig_check_and_set_base(MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE)
+  kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
   kconfig_check_and_set_base(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_PROTO_DTLS)
   kconfig_check_and_set_base(MBEDTLS_SSL_ALPN)

diff --git a/subsys/nrf_security/configs/nrf-config.h.template b/subsys/nrf_security/configs/nrf-config.h.template
@@ -121,7 +121,7 @@
 #cmakedefine MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 #cmakedefine MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 #cmakedefine MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
-#cmakedefine MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE
+#cmakedefine MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 #cmakedefine MBEDTLS_SSL_PROTO_DTLS
 #cmakedefine MBEDTLS_SSL_ALPN
 #cmakedefine MBEDTLS_SSL_DTLS_ANTI_REPLAY