Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 Fully validated by the internal CI. No need to wait for the open one.

commit: bcde39ca4a98b76ab0f37adc0de53d0527b13194 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Thu Jun 30 15:10:02 2022 +0200
committer: GitHub <noreply@github.com> Thu Jun 30 15:10:02 2022 +0200
tree: e67dd6f03b594e18fdfd9e6991c6d72c7b0ef3fb
parent: 31fcfd5632256991a455018b61084bb5b22b40f1 [diff]
parent: d7adb3c7d99ba4a4fe3f8d16f949692174016027 [diff]
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index b469d3c..2a6672e 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h

@@ -606,6 +606,10 @@
 #define PSA_WANT_ALG_GCM 1
 #endif /* MBEDTLS_GCM_C */
 
+/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
+ * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
+ * PSA HKDF is enabled, so enable both algorithms together
+ * with PSA HKDF. */
 #if defined(MBEDTLS_HKDF_C)
 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
 #define PSA_WANT_ALG_HMAC 1
commit	bcde39ca4a98b76ab0f37adc0de53d0527b13194	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Thu Jun 30 15:10:02 2022 +0200
committer	GitHub <noreply@github.com>	Thu Jun 30 15:10:02 2022 +0200
tree	e67dd6f03b594e18fdfd9e6991c6d72c7b0ef3fb
parent	31fcfd5632256991a455018b61084bb5b22b40f1 [diff]
parent	d7adb3c7d99ba4a4fe3f8d16f949692174016027 [diff]