| Features | |
| * Some modules can now use PSA drivers for hashes, including with no | |
| built-in implementation present, but only in some configurations. | |
| - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use | |
| hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. | |
| - PEM parsing of encrypted files now uses MD-5 from PSA when (and only | |
| when) MBEDTLS_MD5_C is disabled. | |
| See the documentation of the corresponding macros in mbedtls_config.h for | |
| details. | |
| Note that some modules are not able to use hashes from PSA yet, including | |
| the entropy module. As a consequence, for now the only way to build with | |
| all hashes only provided by drivers (no built-in hash) is to use | |
| MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. | |
| * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now | |
| properly negotiate/accept hashes based on their availability in PSA. | |
| As a consequence, they now work in configurations where the built-in | |
| implementations of (some) hashes are excluded and those hashes are only | |
| provided by PSA drivers. (See previous entry for limitation on RSA-PSS | |
| though: that module only use hashes from PSA when MBEDTLS_MD_C is off). |