From edd0ed733969a08784bdb5e2217f710ddafd9f1c Mon Sep 17 00:00:00 2001
From: Fengming Ye <frank.ye@nxp.com>
Date: Mon, 27 May 2024 19:05:43 +0900
Subject: [PATCH] mbedtls: add kconfig options

Add MBEDTLS_NIST_KW_C, MBEDTLS_DHM_C and X509 CRL, CSR options.

Signed-off-by: Fengming Ye <frank.ye@nxp.com>
---
 modules/mbedtls/Kconfig.tls-generic          | 28 ++++++++++++++++++++
 modules/mbedtls/configs/config-tls-generic.h | 21 +++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 7a7105287a505c..0fc2d57818b6db 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -510,4 +510,32 @@ config MBEDTLS_SSL_DTLS_CONNECTION_ID
 	  which allows to identify DTLS connections across changes
 	  in the underlying transport.
 
+
+config MBEDTLS_NIST_KW_C
+	bool "NIST key wrap"
+	depends on MBEDTLS_CIPHER_AES_ENABLED
+	help
+	  Key Wrapping mode for 128-bit block ciphers,
+	  as defined in NIST SP 800-38F.
+
+config MBEDTLS_DHM_C
+	bool "Diffie-Hellman-Merkle mode"
+	help
+	  Used by the following key exchanges,
+	  DHE-RSA, DHE-PSK
+
+config MBEDTLS_X509_CRL_PARSE_C
+	bool "X509 CRL parsing"
+	help
+	  Used by X509 CRL parsing
+
+config MBEDTLS_X509_CSR_WRITE_C
+	bool "X509 Certificate Signing Requests writing"
+	help
+	  For X.509 certificate request writing.
+
+config MBEDTLS_X509_CSR_PARSE_C
+	bool "X509 Certificate Signing Request parsing"
+	help
+	  For reading X.509 certificate request.
 endmenu
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
index 850b27d80d6717..623986777dd24c 100644
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@@ -485,6 +485,27 @@
 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
 #endif
 
+#if defined(CONFIG_MBEDTLS_NIST_KW_C)
+#define MBEDTLS_NIST_KW_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_DHM_C)
+#define MBEDTLS_DHM_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CRL_PARSE_C)
+#define MBEDTLS_X509_CRL_PARSE_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CSR_WRITE_C)
+#define MBEDTLS_X509_CSR_WRITE_C
+#define MBEDTLS_X509_CREATE_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CSR_PARSE_C)
+#define MBEDTLS_X509_CSR_PARSE_C
+#endif
+
 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)
 #include CONFIG_MBEDTLS_USER_CONFIG_FILE
 #endif