From 6653fd945fbdb41134fe4b5d1a5101e4668dcb7f Mon Sep 17 00:00:00 2001
From: Marcin Niestroj <m.niestroj@emb.dev>
Date: Wed, 15 Jun 2022 00:47:21 +0200
Subject: [PATCH] modules: mbedtls: set mbedTLS debug threshold during module
 initialization

mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.

Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.

Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
---
 modules/mbedtls/Kconfig                  | 3 +++
 modules/mbedtls/zephyr_init.c            | 6 ++++++
 subsys/net/lib/sockets/sockets_tls.c     | 5 -----
 tests/benchmarks/mbedtls/src/benchmark.c | 1 -
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig
index 3ceeea87e1c..c7d2ee6950c 100644
--- a/modules/mbedtls/Kconfig
+++ b/modules/mbedtls/Kconfig
@@ -108,6 +108,9 @@ config MBEDTLS_DEBUG_LEVEL
 	  3 Information
 	  4 Verbose
 
+	  This makes Zephyr call mbedtls_debug_set_threshold() function during
+	  mbedTLS initialization, with the configured debug log level.
+
 config MBEDTLS_MEMORY_DEBUG
 	bool "mbed TLS memory debug activation"
 	depends on MBEDTLS_BUILTIN
diff --git a/modules/mbedtls/zephyr_init.c b/modules/mbedtls/zephyr_init.c
index 8057930b649..f567a081703 100644
--- a/modules/mbedtls/zephyr_init.c
+++ b/modules/mbedtls/zephyr_init.c
@@ -16,6 +16,8 @@
 #include <zephyr/random/rand32.h>
 #include <mbedtls/entropy.h>
 
+#include <mbedtls/debug.h>
+
 #if defined(CONFIG_MBEDTLS)
 #if !defined(CONFIG_MBEDTLS_CFG_FILE)
 #include "mbedtls/config.h"
@@ -85,6 +87,10 @@ static int _mbedtls_init(const struct device *device)
 
 	init_heap();
 
+#if defined(CONFIG_MBEDTLS_DEBUG_LEVEL)
+	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
+#endif
+
 	return 0;
 }
 
diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c
index 833230ca9fa..773b1e4986f 100644
--- a/subsys/net/lib/sockets/sockets_tls.c
+++ b/subsys/net/lib/sockets/sockets_tls.c
@@ -45,7 +45,6 @@ LOG_MODULE_REGISTER(net_sock_tls, CONFIG_NET_SOCKETS_LOG_LEVEL);
 #include <mbedtls/ssl.h>
 #include <mbedtls/ssl_cookie.h>
 #include <mbedtls/error.h>
-#include <mbedtls/debug.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/ssl_cache.h>
 #endif /* CONFIG_MBEDTLS */
@@ -312,10 +311,6 @@ static int tls_init(const struct device *unused)
 
 	k_mutex_init(&context_lock);
 
-#if defined(MBEDTLS_DEBUG_C) && (CONFIG_NET_SOCKETS_LOG_LEVEL >= LOG_LEVEL_DBG)
-	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
-#endif
-
 #if defined(MBEDTLS_SSL_CACHE_C)
 	mbedtls_ssl_cache_init(&server_cache);
 #endif
diff --git a/tests/benchmarks/mbedtls/src/benchmark.c b/tests/benchmarks/mbedtls/src/benchmark.c
index aff777516ea..7037c6db228 100644
--- a/tests/benchmarks/mbedtls/src/benchmark.c
+++ b/tests/benchmarks/mbedtls/src/benchmark.c
@@ -309,7 +309,6 @@ void main(void)
 
 	printk("\tMBEDTLS Benchmark sample\n");
 
-	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
 #if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
 	mbedtls_platform_set_printf(MBEDTLS_PRINT);
 #endif