Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / d7adb3c7d99ba4a4fe3f8d16f949692174016027^! / .
commitd7adb3c7d99ba4a4fe3f8d16f949692174016027[log] [tgz]
authorTom Cosgrove <tom.cosgrove@arm.com>Thu Jun 30 09:48:40 2022 +0100
committerTom Cosgrove <tom.cosgrove@arm.com>Thu Jun 30 09:48:40 2022 +0100
tree38625ee7c58d1392729d9da2503d504de1098145
parentafb2fe1acf7c7379029d5f605e3533fa5c43d4a3 [diff]
Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

diff --git a/ChangeLog.d/tls13_and_keep_certificates.txt b/ChangeLog.d/tls13_and_keep_certificates.txt
index c034be0..8c2421f 100644
--- a/ChangeLog.d/tls13_and_keep_certificates.txt
+++ b/ChangeLog.d/tls13_and_keep_certificates.txt

@@ -1,4 +1,4 @@
 Bugfix
    * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-     when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this explicit in the
-     documentation. Fixes #5610.
+     when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
+     dependencies explicit in the documentation. Fixes #5610.

diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 1a8c03c..85219c3 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md

@@ -140,12 +140,12 @@
   in the sense that when enabling the TLS 1.3 MVP in the library there is rarely
   any need to modify the configuration from that used for TLS 1.2.
 
-  The two exceptions to this are:
+  The exceptions to this are:
 
   - The TLS 1.3 MVP is not compatible with MBEDTLS_USE_PSA_CRYPTO, so this option
     must be disabled.
-  - The TLS 1.3 MVP requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, so this option
-    must be enabled.
+  - The TLS 1.3 MVP requires MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SSL_KEEP_PEER_CERTIFICATE,
+    so these options must be enabled.
 
   Mbed TLS SSL/TLS related features are not supported or not applicable to the
   TLS 1.3 MVP:
@@ -181,9 +181,10 @@
   | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    | n/a     |
   | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     | n/a     |
   |                                          |         |
+  | MBEDTLS_PSA_CRYPTO_C                     | no (1)  |
   | MBEDTLS_USE_PSA_CRYPTO                   | no      |
 
-  (1) This option must remain in its default state of enabled.
+  (1) These options must remain in their default state of enabled.
   (2) Key exchange configuration options for TLS 1.3 will likely to be
       organized around the notion of key exchange mode along the line
       of the MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL