modules: mbedtls: set mbedTLS debug threshold during module initialization

mniestroj · carlescufi · commit 6653fd945fbd · 2022-08-17T12:03:52.000+02:00
mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.

Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.

Signed-off-by: Marcin Niestroj &lt;m.niestroj@emb.dev&gt;
diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig
@@ -108,6 +108,9 @@ config MBEDTLS_DEBUG_LEVEL
 	  3 Information
 	  4 Verbose
 
+	  This makes Zephyr call mbedtls_debug_set_threshold() function during
+	  mbedTLS initialization, with the configured debug log level.
+
 config MBEDTLS_MEMORY_DEBUG
 	bool "mbed TLS memory debug activation"
 	depends on MBEDTLS_BUILTIN
diff --git a/modules/mbedtls/zephyr_init.c b/modules/mbedtls/zephyr_init.c
@@ -16,6 +16,8 @@
 #include <zephyr/random/rand32.h>
 #include <mbedtls/entropy.h>
 
+#include <mbedtls/debug.h>
+
 #if defined(CONFIG_MBEDTLS)
 #if !defined(CONFIG_MBEDTLS_CFG_FILE)
 #include "mbedtls/config.h"
@@ -85,6 +87,10 @@ static int _mbedtls_init(const struct device *device)
 
 	init_heap();
 
+#if defined(CONFIG_MBEDTLS_DEBUG_LEVEL)
+	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
+#endif
+
 	return 0;
 }
 
diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c
@@ -45,7 +45,6 @@ LOG_MODULE_REGISTER(net_sock_tls, CONFIG_NET_SOCKETS_LOG_LEVEL);
 #include <mbedtls/ssl.h>
 #include <mbedtls/ssl_cookie.h>
 #include <mbedtls/error.h>
-#include <mbedtls/debug.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/ssl_cache.h>
 #endif /* CONFIG_MBEDTLS */
@@ -312,10 +311,6 @@ static int tls_init(const struct device *unused)
 
 	k_mutex_init(&context_lock);
 
-#if defined(MBEDTLS_DEBUG_C) && (CONFIG_NET_SOCKETS_LOG_LEVEL >= LOG_LEVEL_DBG)
-	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
-#endif
-
 #if defined(MBEDTLS_SSL_CACHE_C)
 	mbedtls_ssl_cache_init(&server_cache);
 #endif
diff --git a/tests/benchmarks/mbedtls/src/benchmark.c b/tests/benchmarks/mbedtls/src/benchmark.c
@@ -309,7 +309,6 @@ void main(void)
 
 	printk("\tMBEDTLS Benchmark sample\n");
 
-	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
 #if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
 	mbedtls_platform_set_printf(MBEDTLS_PRINT);
 #endif
