| Gilles Peskine | 99c3423 | 2024-10-09 18:01:49 +0200 | [diff] [blame] | 1 | Default behavior changes |
| 2 | * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem |
| 3 | to perform cryptographic operations, with a few exceptions documented |
| Janos Follath | 0aac2e5 | 2024-12-18 19:23:11 +0000 | [diff] [blame] | 4 | in docs/architecture/psa-migration/psa-limitations.md. This |
| 5 | corresponds to the behavior of Mbed TLS 3.x when |
| 6 | MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO |
| 7 | is now always enabled. |
| Gilles Peskine | 99c3423 | 2024-10-09 18:01:49 +0200 | [diff] [blame] | 8 | * psa_crypto_init() must be called before performing any cryptographic |
| 9 | operation, including indirect requests such as parsing a key or |
| 10 | certificate or starting a TLS handshake. |