On 27/09/2022 17:17, secretimap--- via mbed-tls wrote:
Finally: from what I've read, it seems that the move to fully integrate PSA into mbedtls is both ongoing and incomplete. Would you recommend using MBEDTLS_USE_PSA_CRYPTO in its current state, or is it still a little way away (say, 12 months?) from being properly ready to use in commercial projects?
The parts of MBEDTLS_USE_PSA_CRYPTO that are already implement are ready for production. Right now, you should switch on MBEDTLS_USE_PSA_CRYPTO if you want to benefit from PSA drivers, or if you want to get in early on the future. The main reason not to enable MBEDTLS_USE_PSA_CRYPTO is if you are not using any drivers: code size is critical: currently, if you are not using a driver, the USE_PSA code paths involve more glue code than the legacy code paths (we'll work on that once all the USE_PSA code paths are implemented).
USE_PSA_CRYPTO is progressing quickly. You can see what is currently available at https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md (or the same file in released versions of Mbed TLS starting with 3.1.0). You can see the remaining work that is underway or planned for the short term on the epic board at https://github.com/orgs/Mbed-TLS/projects/1 — look at the columns with “Use PSA” in their name.
Best regards,