commit 07ae208f12523d4fcd720a679609a02da7d86abc
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Mar 07 20:22:51 2023 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Mar 07 20:25:02 2023 +0100
tree 8ec6a8683ea8ce76e3f9d8f07bd37a2d6f105e40
parent 40d79cef351cba835392d42803bb47421f4d8174

Document the need to call psa_crypto_init() with USE_PSA_CRYPTO

When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call
psa_crypto_init() before directly or indirectly calling cipher or PK code
that will use PSA under the hood. Document this explicitly for some
functions.

To avoid clutter, this commit only documents the need to call
psa_crypto_init() in common, non-obvious cases: using a PK object that was
not constructed using PSA, X.509 processing, or setting up an SSL context.
Functions that are normally only called after such a function (for example,
using a cipher or PK context constructed from a PSA key), or where the need
for PSA is obvious because they take a key ID as argument, do not need more
explicit documentaion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

include/mbedtls/x509_crl.h

diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 895eca0..1405021 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -95,6 +95,10 @@
 /**
  * \brief          Parse a DER-encoded CRL and append it to the chained list
  *
+ * \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ *                 subsystem must have been initialized by calling
+ *                 psa_crypto_init() before calling this function.
+ *
  * \param chain    points to the start of the chain
  * \param buf      buffer holding the CRL data in DER format
  * \param buflen   size of the buffer
@@ -109,6 +113,10 @@
  *
  * \note           Multiple CRLs are accepted only if using PEM format
  *
+ * \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ *                 subsystem must have been initialized by calling
+ *                 psa_crypto_init() before calling this function.
+ *
  * \param chain    points to the start of the chain
  * \param buf      buffer holding the CRL data in PEM or DER format
  * \param buflen   size of the buffer
@@ -124,6 +132,10 @@
  *
  * \note           Multiple CRLs are accepted only if using PEM format
  *
+ * \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ *                 subsystem must have been initialized by calling
+ *                 psa_crypto_init() before calling this function.
+ *
  * \param chain    points to the start of the chain
  * \param path     filename to read the CRLs from (in PEM or DER encoding)
  *