mbedtls/ChangeLog.d/driver-only-hashes.txt

Features
   * Some modules can now use PSA drivers for hashes, including with no
     built-in implementation present, but only in some configurations.
     - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use
       hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
     - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
       when) MBEDTLS_MD5_C is disabled.
     See the documentation of the corresponding macros in mbedtls_config.h for
     details.
     Note that some modules are not able to use hashes from PSA yet, including
     the entropy module. As a consequence, for now the only way to build with
     all hashes only provided by drivers (no built-in hash) is to use
     MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
   * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now
     properly negotiate/accept hashes based on their availability in PSA.
     As a consequence, they now work in configurations where the built-in
     implementations of (some) hashes are excluded and those hashes are only
     provided by PSA drivers. (See previous entry for limitation on RSA-PSS
     though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
Add ChangeLog entry about driver-only hashes. (The first entry will need editing if support for ENTROPY_C is sorted out before the next release.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-09-15 12:26:32 +02:00			`Features`
Improve ChangeLog entry for driver-only hashes - avoid long unstructured paragraph with long messy sentences - de-emphasize "no longer depends on MD" and emphasize "can work in some driver-only builds" instead - that's what users are interested in (building without MD is just the current way to accomplish that, but that will change in the future) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-11-23 13:14:52 +01:00			`* Some modules can now use PSA drivers for hashes, including with no`
			`built-in implementation present, but only in some configurations.`
Minor tune-up to ChangeLog & documentation - fix a recurring typo - use clearer names Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-11-24 09:40:12 +01:00			`- RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use`
			`hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.`
Improve ChangeLog entry for driver-only hashes - avoid long unstructured paragraph with long messy sentences - de-emphasize "no longer depends on MD" and emphasize "can work in some driver-only builds" instead - that's what users are interested in (building without MD is just the current way to accomplish that, but that will change in the future) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-11-23 13:14:52 +01:00			`- PEM parsing of encrypted files now uses MD-5 from PSA when (and only`
			`when) MBEDTLS_MD5_C is disabled.`
			`See the documentation of the corresponding macros in mbedtls_config.h for`
			`details.`
			`Note that some modules are not able to use hashes from PSA yet, including`
			`the entropy module. As a consequence, for now the only way to build with`
			`all hashes only provided by drivers (no built-in hash) is to use`
			`MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.`
			`* When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now`
			`properly negotiate/accept hashes based on their availability in PSA.`
			`As a consequence, they now work in configurations where the built-in`
			`implementations of (some) hashes are excluded and those hashes are only`
			`provided by PSA drivers. (See previous entry for limitation on RSA-PSS`
			`though: that module only use hashes from PSA when MBEDTLS_MD_C is off).`