3518fb11d0
- avoid long unstructured paragraph with long messy sentences - de-emphasize "no longer depends on MD" and emphasize "can work in some driver-only builds" instead - that's what users are interested in (building without MD is just the current way to accomplish that, but that will change in the future) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
19 lines
1.2 KiB
Text
19 lines
1.2 KiB
Text
Features
|
|
* Some modules can now use PSA drivers for hashes, including with no
|
|
built-in implementation present, but only in some configurations.
|
|
- RSA PKCS#1 v2.1, PKCS5, PKCS12 and EC J-PAKE now use hashes from PSA
|
|
when (and only when) MBEDTLS_MD_C is disabled.
|
|
- PEM parsing of encrypted files now uses MD-5 from PSA when (and only
|
|
when) MBEDTLS_MD5_C is disabled.
|
|
See the documentation of the corresponding macros in mbedtls_config.h for
|
|
details.
|
|
Note that some modules are not able to use hashes from PSA yet, including
|
|
the entropy module. As a consequence, for now the only way to build with
|
|
all hashes only provided by drivers (no built-in hash) is to use
|
|
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
|
|
* When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now
|
|
properly negotiate/accept hashes based on their availability in PSA.
|
|
As a consequence, they now work in configurations where the built-in
|
|
implementations of (some) hashes are excluded and those hashes are only
|
|
provided by PSA drivers. (See previous entry for limitation on RSA-PSS
|
|
though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
|