modules: mbedtls: Replace select statement with depends on for EC

Instead of using "select" on certain EC configurations, which is
considered unsafe for various reasons, use a "depends on" and rely on
the user to set a proper configuration in the config file.

Update the respective project configurations to comply with the new
configuration scheme.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>

Author: rlubos

drivers/wifi/esp32/Kconfig.esp32

@@ -12,6 +12,9 @@ menuconfig WIFI_ESP32
 	select MBEDTLS_ENTROPY_ENABLED
 	select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 	select MBEDTLS_ECP_ALL_ENABLED
+	select MBEDTLS_ECDH_C
+	select MBEDTLS_ECDSA_C
+	select MBEDTLS_ECP_C
 	help
 	  Enable ESP32 SoC WiFi support. Only supported in single
 	  core mode because the network stack is not aware of SMP

modules/mbedtls/Kconfig.tls-generic

@@ -69,7 +69,7 @@ config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 
 config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 	bool "ECDHE-PSK based ciphersuite modes"
-	select MBEDTLS_ECDH_C
+	depends on MBEDTLS_ECDH_C
 
 config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 	bool "RSA-PSK based ciphersuite modes"
@@ -97,42 +97,40 @@ config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 
 config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 	bool "ECDHE-RSA based ciphersuite modes"
-	select MBEDTLS_ECDH_C
+	depends on MBEDTLS_ECDH_C
 
 config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 	bool "ECDHE-ECDSA based ciphersuite modes"
-	select MBEDTLS_ECDH_C
-	select MBEDTLS_ECDSA_C
+	depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
 
 config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 	bool "ECDH-ECDSA based ciphersuite modes"
-	select MBEDTLS_ECDH_C
-	select MBEDTLS_ECDSA_C
+	depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
 
 config MBEDTLS_ECDSA_DETERMINISTIC
 	bool "Deterministic ECDSA (RFC 6979)"
 
 config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 	bool "ECDH-RSA based ciphersuite modes"
-	select MBEDTLS_ECDH_C
+	depends on MBEDTLS_ECDH_C
 
 config MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 	bool "ECJPAKE based ciphersuite modes"
-	select MBEDTLS_ECJPAKE_C
+	depends on MBEDTLS_ECJPAKE_C
 
 comment "Elliptic curve libraries"
 
 config MBEDTLS_ECDH_C
 	bool "Elliptic curve Diffie-Hellman library"
-	select MBEDTLS_ECP_C
+	depends on MBEDTLS_ECP_C
 
 config MBEDTLS_ECDSA_C
 	bool "Elliptic curve DSA library"
-	select MBEDTLS_ECP_C
+	depends on MBEDTLS_ECP_C
 
 config MBEDTLS_ECJPAKE_C
 	bool "Elliptic curve J-PAKE library"
-	select MBEDTLS_ECP_C
+	depends on MBEDTLS_ECP_C
 
 config MBEDTLS_ECP_C
 	bool "Elliptic curve over GF(p) library"

subsys/net/l2/openthread/Kconfig

@@ -191,6 +191,7 @@ config OPENTHREAD_MBEDTLS
 	select MBEDTLS_TLS_VERSION_1_2 if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
 	select MBEDTLS_DTLS if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
 	select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
+	select MBEDTLS_ECJPAKE_C if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
 	select MBEDTLS_ECP_DP_SECP256R1_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || \
 	    OPENTHREAD_SRP_CLIENT || OPENTHREAD_SRP_SERVER
 	select MBEDTLS_ECP_NIST_OPTIM if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER
@@ -199,8 +200,12 @@ config OPENTHREAD_MBEDTLS
 	select MBEDTLS_HMAC_DRBG_ENABLED if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || \
 	    OPENTHREAD_SRP_CLIENT || OPENTHREAD_SRP_SERVER
 	select MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED if OPENTHREAD_ECDSA
+	select MBEDTLS_ECDH_C if OPENTHREAD_ECDSA
+	select MBEDTLS_ECDSA_C if OPENTHREAD_ECDSA
 	select MBEDTLS_ECDSA_DETERMINISTIC if OPENTHREAD_ECDSA
 	select MBEDTLS_PK_WRITE_C if OPENTHREAD_ECDSA
+	select MBEDTLS_ECP_C if OPENTHREAD_COMMISSIONER || OPENTHREAD_JOINER || OPENTHREAD_ECDSA
+
 
 config OPENTHREAD_MBEDTLS_LIB_NAME
 	string "mbedtls lib name"

tests/benchmarks/mbedtls/prj.conf

@@ -24,3 +24,7 @@ CONFIG_MBEDTLS_ECP_ALL_ENABLED=y
 CONFIG_MBEDTLS_MAC_ALL_ENABLED=y
 CONFIG_MBEDTLS_GENPRIME_ENABLED=y
 CONFIG_MBEDTLS_HMAC_DRBG_ENABLED=y
+CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_ECJPAKE_C=y
+CONFIG_MBEDTLS_ECP_C=y