From f3f79a00fce7343ab682d0daf17aec5ba8d1a0ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 11 May 2022 13:31:47 +0200 Subject: [PATCH] Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also make a few general clarifications/improvements while at it. Signed-off-by: Manuel Pégourié-Gonnard --- docs/use-psa-crypto.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index c1789b30d..c01265896 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -1,12 +1,18 @@ This document describes the compile-time configuration option `MBEDTLS_USE_PSA_CRYPTO` from a user's perspective. +This option makes the X.509 and TLS library use PSA for cryptographic +operations, and enables new APIs for using keys handled by PSA Crypto. + General limitations ------------------- Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires -`MBEDTLS_ECP_RESTARTABLE` and -`MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` to be disabled. +`MBEDTLS_ECP_RESTARTABLE` to be disabled. + +Application code: when this option is enabled, you need to call +`psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK +module. Scope: `MBEDTLS_USE_PSA_CRYPTO` has no effect on the parts of the code that are specific to TLS 1.3; those parts always use PSA Crypto. The parts of the