Call psa_crypto_init in the library when required for TLS 1.3: doc
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.
This commit removes the compatibility-breaking requirement from the
documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4b59e78..2739331 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -4923,10 +4923,11 @@
* currently being processed might or might not contain further
* DTLS records.
*
- * \note If the context is configured to allow TLS 1.3, or if
- * #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
+ * Otherwise, the handshake may call psa_crypto_init()
+ * if it ends up negotiating TLS 1.3.
*/
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);