Merge remote-tracking branch 'origin/pr/2403' into development

* origin/pr/2403: (24 commits) crypto: Update to Mbed Crypto 8907b019e7 Create seedfile before running tests crypto: Update to Mbed Crypto 81f9539037 ssl_cli.c : add explicit casting to unsigned char Generating visualc files - let Mbed TLS take precedence over crypto Add a link to the seedfile for out-of-tree cmake builds Adjust visual studio file generation to always use the crypto submodule all.sh: unparallelize mingw tests all.sh - disable parallelization for shared target tests config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal all.sh: unset crypto storage define in a psa full config cmake asan test all.sh: unset FS_IO-dependent defines for tests that do not have it curves.pl - change test script to not depend on the implementation Export the submodule flag to sub-cmakes Disable MBEDTLS_ECP_RESTARTABLE in full config Export the submodule flag to sub-makes Force the usage of crypto submodule Fix crypto submodule usage in Makefile Documentation rewording Typo fixes in documentation ...
2019-05-23 09:08:55 +01:00 · 2019-05-23 09:08:55 +01:00 · 2ab5cf658f
commit 2ab5cf658f
parent a542bb6de6 a76773fd2d
68 changed files with 810 additions and 604 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1726,18 +1726,27 @@
 /**
 * \def MBEDTLS_USE_PSA_CRYPTO
 *
- * Make the X.509 and TLS library use PSA for cryptographic operations, see
- * #MBEDTLS_PSA_CRYPTO_C.
+ * Make the X.509 and TLS library use PSA for cryptographic operations, and
+ * enable new APIs for using keys handled by PSA Crypto.
 *
- * Note: this option is still in progress, the full X.509 and TLS modules are
- * not covered yet, but parts that are not ported to PSA yet will still work
- * as usual, so enabling this option should not break backwards compatibility.
+ * \note Development of this option is currently in progress, and parts
+ * of the X.509 and TLS modules are not ported to PSA yet. However, these parts
+ * will still continue to work as usual, so enabling this option should not
+ * break backwards compatibility.
 *
- * \warning  Support for PSA is still an experimental feature.
- *           Any public API that depends on this option may change
- *           at any time until this warning is removed.
+ * \warning The PSA Crypto API is in beta stage. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
+ *
+ * \warning This option enables new Mbed TLS APIs that are dependent on the
+ * PSA Crypto API, so can't come with the same stability guarantees as the
+ * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
+ * now, access to these APIs is opt-in (via enabling the present option), in
+ * order to clearly differentiate them from the stable Mbed TLS APIs.
 *
 * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
 */
 //#define MBEDTLS_USE_PSA_CRYPTO

@ -2773,19 +2782,16 @@
 *
 * Enable the Platform Security Architecture cryptography API.
 *
- * \note This option only has an effect when the build option
- * USE_CRYPTO_SUBMODULE is also in use.
- *
- * \warning This feature is experimental and available on an opt-in basis only.
- * PSA APIs are subject to change at any time. The implementation comes with
- * less assurance and support than the rest of Mbed TLS.
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
 *
 * Module:  crypto/library/psa_crypto.c
 *
 * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
 *
 */
-//#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_C

 /**
 * \def MBEDTLS_PSA_CRYPTO_STORAGE_C