Invert and rename config option
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d48df66..4842fd4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1571,20 +1571,24 @@
//#define MBEDTLS_PSA_INJECT_ENTROPY
/**
- * \def MBEDTLS_PSA_COPY_CALLER_BUFFERS
+ * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
*
- * Make local copies of buffers supplied by the callers of PSA functions.
+ * Assume all buffers passed to PSA functions are owned exclusively by the
+ * PSA function and are not stored in shared memory.
*
- * This should be enabled whenever caller-supplied buffers are owned by
- * an untrusted party, for example where arguments to PSA calls are passed
+ * This option may be enabled if all buffers passed to any PSA function reside
+ * in memory that is accessible only to the PSA function during its execution.
+ *
+ * This option MUST be disabled whenever buffer arguments are in memory shared
+ * with an untrusted party, for example where arguments to PSA calls are passed
* across a trust boundary.
*
- * \note Enabling this option increases memory usage and code size.
+ * \note Enabling this option reduces memory usage and code size.
*
- * \note Disabling this option causes overlap of input and output buffers
+ * \note Enabling this option causes overlap of input and output buffers
* not to be supported by PSA functions.
*/
-#define MBEDTLS_PSA_COPY_CALLER_BUFFERS
+//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
/**
* \def MBEDTLS_RSA_NO_CRT