Document the need to call psa_crypto_init() with USE_PSA_CRYPTO
When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call
psa_crypto_init() before directly or indirectly calling cipher or PK code
that will use PSA under the hood. Document this explicitly for some
functions.
To avoid clutter, this commit only documents the need to call
psa_crypto_init() in common, non-obvious cases: parsing a public key
directly or via X.509, or setting up an SSL context. Functions that are
normally only called after such a function (for example, using an already
constructed PK object), or where the need for PSA is obvious because they
take a key ID as argument, do not need more explicit documentaion.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 0e4ee38..3de7a8f 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -796,6 +796,10 @@
/**
* \brief Parse a private key in PEM or DER format
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param ctx The PK context to fill. It must have been initialized
* but not set up.
* \param key Input buffer to parse.
@@ -832,6 +836,10 @@
/**
* \brief Parse a public key in PEM or DER format
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param ctx The PK context to fill. It must have been initialized
* but not set up.
* \param key Input buffer to parse.
@@ -861,6 +869,10 @@
/**
* \brief Load and parse a private key
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param ctx The PK context to fill. It must have been initialized
* but not set up.
* \param path filename to read the private key from