mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make MBEDTLS_USE_PSA_CRYPTO no longer a selectable option

Browse Source 
The macro MBEDTLS_USE_PSA_CRYPTO is now always defined. It is no longer a
configuration option.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-10-24 20:56:37 +02:00
parent b434192dcb
commit 9863b04dec
2 changed files with 14 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/mbedtls/config_adjust_legacy_crypto.h
View File

@ -48,6 +48,20 @@
#endif #endif
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
* Make the X.509 and TLS libraries use PSA for cryptographic operations as
* much as possible, and enable new APIs for using keys handled by PSA Crypto.
*
* \note This is a legacy symbol which still exists for backward compatibility.
* Up to Mbed TLS 3.x, it was not enabled by default. Now it is always
* enabled, and it will eventually disappear from the code base. This
* is not part of the public API of TF-PSA-Crypto or of Mbed TLS >=4.0.
*/
#define MBEDTLS_USE_PSA_CRYPTO
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
* in PSA. */ * in PSA. */
#if defined(MBEDTLS_PSA_CRYPTO_C) && \ #if defined(MBEDTLS_PSA_CRYPTO_C) && \

30
include/mbedtls/mbedtls_config.h
View File

@ -1927,36 +1927,6 @@
*/ */
//#define MBEDTLS_THREADING_PTHREAD //#define MBEDTLS_THREADING_PTHREAD
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
* Make the X.509 and TLS libraries use PSA for cryptographic operations as
* much as possible, and enable new APIs for using keys handled by PSA Crypto.
*
* \note Development of this option is currently in progress, and parts of Mbed
* TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
* will still continue to work as usual, so enabling this option should not
* break backwards compatibility.
*
* \warning If you enable this option, you need to call `psa_crypto_init()`
* before calling any function from the SSL/TLS, X.509 or PK modules, except
* for the various mbedtls_xxx_init() functions which can be called at any time.
*
* \note An important and desirable effect of this option is that it allows
* PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
* this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
* those modules. However, note that even with this option disabled, some code
* in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
* can determine it's safe to do so; currently that's the case for hashes.
*
* \note See docs/use-psa-crypto.md for a complete description this option.
*
* Requires: MBEDTLS_PSA_CRYPTO_C.
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
#define MBEDTLS_USE_PSA_CRYPTO
/** /**
* \def MBEDTLS_PSA_CRYPTO_CONFIG * \def MBEDTLS_PSA_CRYPTO_CONFIG
* *