Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options
Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3
Fully validated by the internal CI. No need to wait for the open one.
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index b469d3c..2a6672e 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -606,6 +606,10 @@
#define PSA_WANT_ALG_GCM 1
#endif /* MBEDTLS_GCM_C */
+/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
+ * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
+ * PSA HKDF is enabled, so enable both algorithms together
+ * with PSA HKDF. */
#if defined(MBEDTLS_HKDF_C)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define PSA_WANT_ALG_HMAC 1