Enable MBEDTLS_PSA_CRYPTO_C by default
Also enable it in scripts/config.pl full, as well as two storage options that
were only blacklisted from full config because they depended on
MBEDTLS_PSA_CRYPTO_C.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fd91d70..41a97b1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2773,19 +2773,16 @@
*
* Enable the Platform Security Architecture cryptography API.
*
- * \note This option only has an effect when the build option
- * USE_CRYPTO_SUBMODULE is also in use.
- *
- * \warning This feature is experimental and available on an opt-in basis only.
- * PSA APIs are subject to change at any time. The implementation comes with
- * less assurance and support than the rest of Mbed TLS.
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
*
* Module: crypto/library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
*
*/
-//#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_C
/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/scripts/config.pl b/scripts/config.pl
index 6300362..0528143 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -28,7 +28,6 @@
# MBEDTLS_ECP_DP_M511_ENABLED
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
-# MBEDTLS_PSA_CRYPTO_C
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -40,7 +39,6 @@
# MBEDTLS_PKCS11_C
# MBEDTLS_USE_PSA_CRYPTO
# - experimental, and more an alternative implementation than a feature
-# MBEDTLS_PSA_CRYPTO_STORAGE_C
# MBEDTLS_PSA_ITS_FILE_C
# MBEDTLS_PSA_CRYPTO_SPM
# MBEDTLS_PSA_INJECT_ENTROPY
@@ -95,7 +93,6 @@
MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_PSA_CRYPTO_C
MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_REMOVE_3DES_CIPHERSUITES
@@ -107,7 +104,6 @@
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_USE_PSA_CRYPTO
-MBEDTLS_PSA_CRYPTO_STORAGE_C
MBEDTLS_PSA_ITS_FILE_C
MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_INJECT_ENTROPY
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index e8d36fd..304eaee 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -837,6 +837,9 @@
msg "build: make, full config without USE_CRYPTO_SUBMODULE, gcc+debug"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO # depends on PSA
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # only works from submodule
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on PSA
make CC=gcc CFLAGS='-g' USE_CRYPTO_SUBMODULE=0
msg "test: submodule libmbedcrypto wasn't built (no USE_CRYPTO_SUBMODULE, make)"
@@ -858,6 +861,8 @@
msg "build: cmake, full config without USE_CRYPTO_SUBMODULE, gcc+debug"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # only works from submodule
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on PSA
CC=gcc cmake -D CMAKE_BUILD_TYPE=Debug -D USE_CRYPTO_SUBMODULE=Off .
make