diff --git a/ChangeLog.d/driver-only-cipher.txt b/ChangeLog.d/driver-only-cipher.txt index e2a946c916..331b2f997c 100644 --- a/ChangeLog.d/driver-only-cipher.txt +++ b/ChangeLog.d/driver-only-cipher.txt @@ -2,7 +2,7 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the library without the corresponding built-in implementation. Generally speaking that requires both the key type and algorithm to be accelerated - or they'll both be built in. However for CCM and GCM the built-in + or they'll both be built in. However, for CCM and GCM the built-in implementation is able to take advantage of a driver that only accelerates the key type (that is, the block cipher primitive). See docs/driver-only-builds.md for full details and current limitations. diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt index 4deadab980..87f2f6d3ae 100644 --- a/ChangeLog.d/no-cipher.txt +++ b/ChangeLog.d/no-cipher.txt @@ -1,7 +1,7 @@ Features * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code size by disabling it in more circumstances. In particular, the CCM and - GCM modules no longer depends on MBEDTLS_CIPHER_C. Also, + GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all unauthenticated (non-AEAD) ciphers are disabled, or if they're all fully provided by drivers. See docs/driver-only-builds.md for full diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 30afad8315..eda65a348c 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -609,7 +609,7 @@ int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. -Each function in the module needs to know whether to dispatch via PSA or legacy. All function with just consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. +Each function in the module needs to know whether to dispatch via PSA or legacy. All functions consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress.