mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-10 19:04:55 +00:00
c998e43eb4
(The first entry will need editing if support for ENTROPY_C is sorted out before the next release.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
21 lines
1.3 KiB
Plaintext
21 lines
1.3 KiB
Plaintext
Features
|
|
* Some crypto modules that previously depended on MD or a low-level hash
|
|
module, either unconditionally (RSA, PK, PKCS5, PKCS12, EC J-PAKE), or
|
|
for some features (PEM for encrypted files), are now able to use PSA
|
|
Crypto instead when the legacy API is not available. This means it is
|
|
now possible to use all features from those modules in configurations
|
|
where the built-in implementations of hashes are excluded and the hashes
|
|
are only provided by PSA drivers. In these configurations, you need to
|
|
call `psa_crypto_init()` before you call any function from those
|
|
modules; this is not required in configurations where the built-in
|
|
implementation is still available. Note that some crypto modules and
|
|
features still depend on the built-in implementation of hashes:
|
|
MBEDTLS_HKDF_C (but the PSA HKDF function do not depend on it),
|
|
MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and MBEDTLS_ECDSA_DETERMINISTIC.
|
|
In particular, for now, compiling without built-in hashes requires use
|
|
of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
|
|
* When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no
|
|
longer depend on MD. This means it is now possible to use them in
|
|
configurations where the built-in implementations of hashes are excluded
|
|
and the hashes are only provided by PSA drivers.
|