Study: PSA_CRYPTO_CONFIG always on

[daverodgman]

Remove all options from mbedtls_config.h which have equivalent functionality via the crypto config (PSA_WANT_xxx) mechanism.

Look at corresponding clean-up in the library to see if references to the legacy option can be replaced with a suitable PSA macro, or if it needs to be kept as a non-user-visible macro (i.e., set via config_psa.h to control what gets built).

The list of options is probably simply everything that gets set automatically via config_adjust_legacy_from_psa.h and config_adjust_psa_superset_legacy.h, i.e. grep '#define MBEDTLS_' config_adjust_legacy_from_psa.h|sort|uniq|perl -pe 's/#define ([^ ]*).*/\1/'

Also remove config_adjust_psa_from_legacy.h and config_adjust_psa_superset_legacy.h (and verify that this does not result in any changes in configuration as a result).

config_adjust_ssl.h should stay but a few references to legacy options probably need to be replaced with the PSA equivalent (e.g. replace MBEDTLS_ECDH_Cwith PSA_WANT_ALG_ECDH ).

Remove obsolete parts of psa/crypto_adjust_config_key_pair_types.h

In summary:

• Remove legacy options which have PSA_WANT equivalents from mbedtls_config.h NOT IN SCOPE OF THE REPO SPLIT WORK. IT WILL BE DONE AS PART OF THE 4.0 WORK AND LIKELY AFTER THE REPO SPLIT.
• Remove / update the config_adjust headers
• Remove MBEDTLS_PSA_CRYPTO_CONFIG from mbedtls_config.
• Remove references to MBEDTLS_PSA_CRYPTO_CONFIG from the library and tests
• Study: breakdown work to update test dependencies and eliminate tests which use legacy config to do the same thing as a test using crypto config.

Subset of #8147

[daverodgman]

Note: there is also significant work to update lots of test dependencies

[daverodgman]

Remove tests which test the same thing with/without PSA_CRYPTO_CONFIG

[daverodgman]

Note: TF-PSA-Crypto has tasks to do some of this already

[ronald-cron-arm]

We should also take care that the testing done in all.sh components where PSA_CRYPTO_CONFIG is disabled stay eventually the same with PSA_CRYPTO_CONFIG always enabled. In a component where PSA_CRYPTO_CONFIG is disabled and a crypto mechanism is disabled but gets enabled through the PSA_CRYPTO_CONFIG mechanism, the testing is not the same anymore when PSA_CRYPTO_CONFIG is enabled: a crypto mechanism that was intended to be disabled in the test component is enabled eventually. I have been through all.sh components and I have found that the following components are impacted:

• test_psa_crypto_rsa_no_genprime (see also issue #63 in TF-PSA-Crypto) Make component_test_psa_crypto_rsa_no_genprime work with PSA_CRYPTO_CONFIG set #9040
• test_ref_configs (see test_ccm_aes_sha256 as example) Update the reference configs to use MBEDTLS_PSA_CRYPTO_CONFIG #9057
• test_tls1_2_default_stream_cipher_only_use_psa, test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa, test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa Make TLS 1.2 components work with PSA_CRYPTO_CONFIG set #9062
• test_everest_curve25519_only (@tom-daubney-arm)
• test_crypto_full_md_light_only, test_full_no_cipher_with_psa_crypto, test_full_no_bignum, test_when_no_ciphersuites_have_mac Adapt components with MBEDTLS_PSA_CRYPTO_CONFIG enabled #9185
• components running depends.py (see https://github.com/orgs/Mbed-TLS/projects/1#column-19877217)

[ronald-cron-arm]

The MBEDTLS_PSA_CRYPTO_CONFIG has been removed now.