From 016cec17e87097c79b395a808aaafc23a0198eb3 Mon Sep 17 00:00:00 2001 From: Werner Lewis Date: Thu, 23 Jun 2022 12:33:35 +0100 Subject: [PATCH] Add deprecated macros to migration guide Signed-off-by: Werner Lewis --- docs/3.0-migration-guide.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 4a6c7ccf4f..71e5975728 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -262,12 +262,19 @@ Alternative implementations of the SHA256 and SHA512 modules must adjust their f ### Deprecated error codes for hardware failures were removed -- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules +- The macros `MBEDTLS_ERR_xxx_FEATURE_UNAVAILABLE` from various crypto modules were removed; `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used instead. +- The macro `MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION` was removed; + `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used instead. - The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead. +### Deprecated error codes for invalid input data were removed + +- The macros `MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH` from ARIA and Camellia + modules were removed; `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` is now used instead. + ### Remove the mode parameter from RSA functions This affects all users who use the RSA encryption, decryption, sign and @@ -277,7 +284,7 @@ The RSA module no longer supports private-key operations with the public key or vice versa. As a consequence, RSA operation functions no longer have a mode parameter. If you were calling RSA operations with the normal mode (public key for verification or encryption, private key for signature or decryption), remove -the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling +the `MBEDTLS_RSA_PUBLIC` or `MBEDTLS_RSA_PRIVATE` argument. If you were calling RSA operations with the wrong mode, which rarely makes sense from a security perspective, this is no longer supported.