From 949c21b3360398a9af01293c535410e8959386d9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 29 Jun 2021 18:05:04 +0100 Subject: [PATCH] Minor updates to migration guide Signed-off-by: Dave Rodgman --- docs/3.0-migration-guide.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 513aba8518..737b4eecc2 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -11,8 +11,8 @@ two questions: (1) am I affected? (2) if yes, what's my migration path? The changes are detailed below, and include: -- Removal of many insecure / obsolete features -- Tidying up of configuration options (including removing some less useful options) +- Removal of many insecure or obsolete features +- Tidying up of configuration options (including removing some less useful options). - Changing function signatures (e.g., adding return codes or extra parameters); introducing const to arguments. - Removal of functions marked as deprecated in 2.x @@ -258,7 +258,7 @@ This only affects people who've been using Mbed TLS since before version 2.0 and still relied on `compat-1.3.h` in their code. Please use the new names directly in your code; `scripts/rename.pl` (from any -of the 2.x releases - no longer included in 3.0) might help you do that. +of the 2.x releases — no longer included in 3.0) might help you do that. Remove 3DES ciphersuites -- @@ -289,7 +289,7 @@ using the multi-part API. Previously, the documentation didn't state explicitly if it was OK to call `mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after -the last call to `mbedtls_cipher_update()` - that is, without calling +the last call to `mbedtls_cipher_update()` — that is, without calling `mbedtls_cipher_finish()` in-between. If you code was missing that call, please add it and be prepared to get as much as 15 bytes of output. @@ -378,8 +378,8 @@ the previous key export API in the following ways: shutting down the TLS connection. For users which do not rely on raw keys and IV, adjusting to the new -callback type should be straightforward - see the example programs -programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks +callback type should be straightforward — see the example programs +`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks for NSSKeylog, EAP-TLS and DTLS-SRTP. Users which require access to the raw keys used to secure application @@ -418,7 +418,7 @@ This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, `mbedtls_pk_parse_keyfile()`. You now need to pass a properly seeded, cryptographically secure RNG when -calling these functions. It is used for blinding, a counter-measure against +calling these functions. It is used for blinding, a countermeasure against side-channel attacks. The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed @@ -427,8 +427,8 @@ The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed This doesn't affect users of the default configuration; it only affects people who were explicitly setting this option. -This was a trade-off between code size and counter-measures; it is no longer -relevant as the counter-measure is now always on at no cost in code size. +This was a trade-off between code size and countermeasures; it is no longer +relevant as the countermeasure is now always on at no cost in code size. Remove MaximumFragmentLength (MFL) query API ----------------------------------------------------------------- @@ -944,7 +944,7 @@ Migration paths: should never be returned from Mbed TLS, and there is no need to check for it. Users should simply remove manual checks for those codes, and let the Mbed TLS - team know if -- contrary to the team's understanding -- there is in fact a situation + team know if — contrary to the team's understanding — there is in fact a situation where one of them was ever returned. - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and