mbedtls/ChangeLog.d/announce-4.0-removals.txt

New deprecations
   * The following cryptographic mechanisms are planned to be removed
     in Mbed TLS 4.0:
     - DES (including 3DES).
     - PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5).
       (OAEP, PSS, and PKCS#1v1.5 signature are staying.)
     - Finite-field Diffie-Hellman with custom groups.
       (RFC 7919 groups remain supported.)
     - Elliptic curves of size 225 bits or less.
   * The following cipher suites are planned to be removed from (D)TLS 1.2
     in Mbed TLS 4.0:
     - TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using
       RSA decryption.
       (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)
     - TLS_ECDH_*, i.e. cipher suites using static ECDH.
       (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
     - TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.
       (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
     - TLS_*CBC*, i.e. all cipher suites using CBC.
   * The following low-level application interfaces are planned to be removed
     from the public API in Mbed TLS 4.0:
     - Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;
     - Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h;
     - Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h,
       cipher.h, cmac.h, gcm.h, poly1305.h;
     - Private key encryption mechanisms: pkcs5.h, pkcs12.h.
     - Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h,
       ecp.h, rsa.h.
     The cryptographic mechanisms remain present, but they will only be
     accessible via the PSA API (psa_xxx functions introduced gradually
     starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
     For guidance on migrating application code to the PSA API, please consult
     the PSA transition guide (docs/psa-transition.md).
   * The following integration interfaces are planned to be removed
     in Mbed TLS 4.0:
     - MBEDTLS_xxx_ALT replacement of cryptographic modules and functions.
       Use PSA transparent drivers instead.
     - MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C.
       Use PSA opaque drivers instead.
Announce the main removals planned for 4.0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-07 22:38:52 +02:00			`New deprecations`
			`* The following cryptographic mechanisms are planned to be removed`
			`in Mbed TLS 4.0:`
			`- DES (including 3DES).`
Fix missing bits in crypto mechanisms Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-08 14:41:12 +02:00			`- PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5).`
			`(OAEP, PSS, and PKCS#1v1.5 signature are staying.)`
			`- Finite-field Diffie-Hellman with custom groups.`
			`(RFC 7919 groups remain supported.)`
Announce the main removals planned for 4.0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-07 22:38:52 +02:00			`- Elliptic curves of size 225 bits or less.`
Revised presentation of cipher suites Include patterns on the official names. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-08 14:58:35 +02:00			`* The following cipher suites are planned to be removed from (D)TLS 1.2`
Announce the main removals planned for 4.0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-07 22:38:52 +02:00			`in Mbed TLS 4.0:`
Revised presentation of cipher suites Include patterns on the official names. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-08 14:58:35 +02:00			`- TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using`
			`RSA decryption.`
			`(RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)`
			`- TLS_ECDH_*, i.e. cipher suites using static ECDH.`
			`(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)`
			`- TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.`
			`(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)`
			`- TLS_CBC, i.e. all cipher suites using CBC.`
Mention interfaces replaced by PSA drivers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-10 17:22:45 +02:00			`* The following low-level application interfaces are planned to be removed`
			`from the public API in Mbed TLS 4.0:`
Improve mechanism grouping Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-08 14:45:35 +02:00			`- Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;`
entropy.h is also going away Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-12 11:21:10 +02:00			`- Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h;`
Improve mechanism grouping Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-08 14:45:35 +02:00			`- Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h,`
			`cipher.h, cmac.h, gcm.h, poly1305.h;`
Announce the main removals planned for 4.0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-07 22:38:52 +02:00			`- Private key encryption mechanisms: pkcs5.h, pkcs12.h.`
			`- Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h,`
			`ecp.h, rsa.h.`
			`The cryptographic mechanisms remain present, but they will only be`
PSA PAKE wasn't in 2.28 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-12 11:21:54 +02:00			`accessible via the PSA API (psa_xxx functions introduced gradually`
			starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
Mention the PSA transition guide Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-07 23:05:45 +02:00			`For guidance on migrating application code to the PSA API, please consult`
			`the PSA transition guide (docs/psa-transition.md).`
Mention interfaces replaced by PSA drivers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2024-08-10 17:22:45 +02:00			`* The following integration interfaces are planned to be removed`
			`in Mbed TLS 4.0:`
			`- MBEDTLS_xxx_ALT replacement of cryptographic modules and functions.`
			`Use PSA transparent drivers instead.`
			`- MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C.`
			`Use PSA opaque drivers instead.`