From a26b3e56cb82e841a329ac6579bb9539fa37adcb Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 9 Nov 2020 15:19:32 +0100
Subject: [PATCH] Only include config_psa.h from config.h with new-style PSA
 configuration

In old-style configuration, do not include mbedtls/config_psa.h from
mbedtls/config.h.

The inclusion should not and did not break any code, but it caused our
testing to miss a break of backward compatibility (fixed in "Include
config_psa.h from psa/crypto.h"). If users have their own config.h
which enabled MBEDTLS_PSA_CRYPTO_C and worked prior to the creation of
config_psa.h and MBEDTLS_PSA_CRYPTO_CONFIG, their config.h must keep
working. By including config_psa.h from config.h in the legacy case,
we weren't testing the legacy configuration mechanism adequately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/config.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2ac2cc696..5fd3c590e 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3856,7 +3856,9 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 #include "mbedtls/config_psa.h"
+#endif
 
 #include "mbedtls/check_config.h"