mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 18:32:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change headings to level 3 to enable use of sections

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2021-06-29 18:05:38 +01:00
parent 949c21b336
commit a0e8db09ac
1 changed files with 69 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
docs/3.0-migration-guide.md
View File

@ -1,5 +1,4 @@
Migrating from Mbed TLS 2.x to Mbed TLS 3.0
===========================================
# Migrating from Mbed TLS 2.x to Mbed TLS 3.0
This guide details the steps required to migrate from Mbed TLS version 2.x to
Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks
@ -16,8 +15,7 @@ The changes are detailed below, and include:
- Changing function signatures (e.g., adding return codes or extra parameters); introducing const to arguments.
- Removal of functions marked as deprecated in 2.x
Introduce a level of indirection and versioning in the config files
-------------------------------------------------------------------
### Introduce a level of indirection and versioning in the config files
`config.h` was split into `build_info.h` and `mbedtls_config.h`.
@ -37,8 +35,7 @@ used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same
value.
The only value supported by Mbed TLS 3.0.0 is `0x03000000`.
Remove support for TLS 1.0, 1.1 and DTLS 1.0
-------------------------------------------
### Remove support for TLS 1.0, 1.1 and DTLS 1.0
This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols.
@ -65,8 +62,7 @@ configuring ciphersuites separately for each version via
`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS
1.2; in the future a different API will be added for (D)TLS 1.3.
Remove support for SSL 3.0
--------------------------
### Remove support for SSL 3.0
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -76,8 +72,7 @@ and relied on that version in order to communicate with peers that are not up
to date. If one of your peers is in that case, please try contacting them and
encouraging them to upgrade their software.
Strengthen default algorithm selection for X.509 and TLS
--------------------------------------------------------
### Strengthen default algorithm selection for X.509 and TLS
The default X.509 verification profile (`mbedtls_x509_crt_profile_default`) and the default curve and hash selection in TLS have changed. They are now aligned, except that the X.509 profile only lists curves that support signature verification.
@ -95,8 +90,7 @@ my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
Deprecated functions were removed from hashing modules
------------------------------------------------------
### Deprecated functions were removed from hashing modules
Modules: MD5, SHA1, SHA256, SHA512, MD.
@ -110,8 +104,7 @@ Modules: MD5, SHA1, SHA256, SHA512, MD.
provide your own version of that function), please use
`mbedtls_internal_xxx_process()` instead, and check the return value.
Deprecated error codes for hardware failures were removed
---------------------------------------------------------
### Deprecated error codes for hardware failures were removed
- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules
were removed; `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used
@ -119,15 +112,13 @@ Deprecated error codes for hardware failures were removed
- The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules
were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead.
Deprecated names for PSA constants and types were removed
---------------------------------------------------------
### Deprecated names for PSA constants and types were removed
Some constants and types that were present in beta versions of the PSA Crypto
API were removed from version 1.0 of specification. Please switch to the new
names provided by the 1.0 specification instead.
Internal / alt-focused headers were moved to a private location
----------------------------------------------------------------
### Internal / alt-focused headers were moved to a private location
This shouldn't affect users who took care not to include headers that
were documented as internal, despite being in the public include directory.
@ -141,8 +132,7 @@ If you're a library user and used to rely on having access to a structure or
function that's now in a private header, please reach out on the mailing list
and explain your need; we'll consider adding a new API in a future version.
Remove the certs module from the library
----------------------------------------
### Remove the certs module from the library
This should not affect production use of the library, as the certificates and
keys included there were never suitable for production use.
@ -152,8 +142,7 @@ that case, please embed your own test certificates in your test code; now that
`certs.c` is out of the library there is no longer any stability guaranteed
and it may change in incompatible ways at any time.
Remove the HAVEGE module
------------------------
### Remove the HAVEGE module
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -166,8 +155,7 @@ file created securely during device provisioning. See
<https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool> for more
information.
Remove support for parsing SSLv2 ClientHello
--------------------------------------------
### Remove support for parsing SSLv2 ClientHello
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -177,8 +165,7 @@ These days clients are very unlikely to do that. If you have a client that
does, please try contacting them and encouraging them to upgrade their
software.
Remove support for truncated HMAC
---------------------------------
### Remove support for truncated HMAC
This affects users of truncated HMAC, that is, users who called
`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`,
@ -188,8 +175,7 @@ regardless of whether the standard version was used or compatibility version
The recommended migration path for people who want minimal overhead is to use a
CCM-8 ciphersuite.
Remove support for TLS record-level compression
-----------------------------------------------
### Remove support for TLS record-level compression
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -201,8 +187,7 @@ no general solution to this problem; application protocols might have their
own compression mechanisms and are in a better position than the TLS stack to
avoid variants of the CRIME and BREACH attacks.
Remove support for TLS RC4-based ciphersuites
---------------------------------------------
### Remove support for TLS RC4-based ciphersuites
This does not affect people who used the default `mbedtls_config.h` and the default
list of ciphersuites, as RC4-based ciphersuites were already not negotiated in
@ -212,8 +197,7 @@ Please switch to any of the modern, recommended ciphersuites (based on
AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support
any, encourage them to upgrade their software.
Remove support for TLS single-DES ciphersuites
----------------------------------------------
### Remove support for TLS single-DES ciphersuites
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -222,8 +206,7 @@ Please switch to any of the modern, recommended ciphersuites (based on
AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support
any, encourage them to upgrade their software.
Remove support for TLS record-level hardware acceleration
---------------------------------------------------------
### Remove support for TLS record-level hardware acceleration
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -232,8 +215,7 @@ This feature had been broken for a while so we doubt anyone still used it.
However if you did, please reach out on the mailing list and let us know about
your use case.
Remove wrapper for libpkcs11-helper
-----------------------------------
### Remove wrapper for libpkcs11-helper
This doesn't affect people using the default configuration as it was already
disabled by default.
@ -243,16 +225,14 @@ securely, please have a look at the key management facilities provided by the
PSA crypto API. If you have a use case that's not covered yet by this API,
please reach out on the mailing list.
Remove config option `MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME`
----------------------------------------------------------
### Remove config option `MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME`
This doesn't affect people using the default configuration.
This option has not had any effect for a long time. Please use the `lifetime`
parameter of `mbedtls_ssl_ticket_setup()` instead.
Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0
-------------------------------------------------------------------
### Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0
This only affects people who've been using Mbed TLS since before version 2.0
and still relied on `compat-1.3.h` in their code.
@ -260,8 +240,7 @@ and still relied on `compat-1.3.h` in their code.
Please use the new names directly in your code; `scripts/rename.pl` (from any
of the 2.x releases — no longer included in 3.0) might help you do that.
Remove 3DES ciphersuites
--
### Remove 3DES ciphersuites
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
because the 3DES ciphersuites were disabled by that.
@ -271,8 +250,7 @@ more standard bodies are recommending against its use in TLS.
The migration path here is to chose from the recommended in literature alternatives.
CCM interface changes: impact for alternative implementations
-------------------------------------------------------------
### CCM interface changes: impact for alternative implementations
The CCM interface has changed with the addition of support for
multi-part operations. Five new API functions have been defined:
@ -281,8 +259,7 @@ mbedtls_ccm_update_ad(), mbedtls_ccm_update() and mbedtls_ccm_finish().
Alternative implementations of CCM (`MBEDTLS_CCM_ALT`) have now to
implement those additional five API functions.
Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations
----------------------------------------------------------------------------
### Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations
This only affects people who use the cipher module to perform AEAD operations
using the multi-part API.
@ -297,8 +274,7 @@ Currently the output is always 0 bytes, but it may be more when alternative
implementations of the underlying primitives are in use, or with future
versions of the library.
Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
--
### Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
This change affects users who modified the default `mbedtls_config.h` padding granularity
settings, i.e. enabled at least one of the options.
@ -312,8 +288,7 @@ code maintenance.
The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used
for both DTLS-CID and TLS 1.3.
Change the API to allow adding critical extensions to CSRs
------------------------------------------------------------------
### Change the API to allow adding critical extensions to CSRs
This affects applications that call the `mbedtls_x509write_csr_set_extension`
function.
@ -321,15 +296,13 @@ function.
The API is changed to include the parameter `critical` which allow to mark an
extension included in a CSR as critical. To get the previous behavior pass 0.
TLS now favors faster curves over larger curves
-----------------------------------------------
### TLS now favors faster curves over larger curves
The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves.
If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection.
GCM interface changes: impact for alternative implementations
-------------------------------------------------------------
### GCM interface changes: impact for alternative implementations
The GCM multipart interface has changed as described in [“GCM multipart interface: application changes”](#gcm-multipart-interface:-application-changes). The consequences for an alternative implementation of GCM (`MBEDTLS_GCM_ALT`) are as follows:
@ -339,8 +312,7 @@ The GCM multipart interface has changed as described in [“GCM multipart interf
* Buffer the data for the last partial block, to be returned in the next call to `mbedtls_gcm_update()` or `mbedtls_gcm_finish()`.
* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block if needed.
GCM multipart interface: application changes
--------------------------------------------
### GCM multipart interface: application changes
The GCM module now supports arbitrary chunked input in the multipart interface.
This changes the interface for applications using the GCM module directly for multipart operations.
@ -352,8 +324,7 @@ Applications using one-shot GCM or using GCM via the `mbedtls_cipher_xxx` or `ps
* If the length of the last input is not a multiple of 16, alternative implementations may return the last partial block in the call to `mbedtls_gcm_finish()` instead of returning it in the last call to `mbedtls_gcm_update()`.
* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block. This is needed for alternative implementations that can only process a whole block at a time.
SSL key export interface change
-------------------------------
### SSL key export interface change
This affects users of the SSL key export APIs:
```
@ -389,8 +360,7 @@ on the wire. Such users are also encouraged to reach out to the
Mbed TLS team on the mailing list, to let the team know about their
use case.
The RNG parameter is now mandatory for all functions that accept one
--------------------------------------------------------------------
### The RNG parameter is now mandatory for all functions that accept one
This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
@ -410,8 +380,7 @@ Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.
Some functions gained an RNG parameter
--------------------------------------
### Some functions gained an RNG parameter
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
@ -421,8 +390,7 @@ You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a countermeasure against
side-channel attacks.
The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
------------------------------------------------------------------
### The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
This doesn't affect users of the default configuration; it only affects people
who were explicitly setting this option.
@ -430,8 +398,7 @@ who were explicitly setting this option.
This was a trade-off between code size and countermeasures; it is no longer
relevant as the countermeasure is now always on at no cost in code size.
Remove MaximumFragmentLength (MFL) query API
-----------------------------------------------------------------
### Remove MaximumFragmentLength (MFL) query API
This affects users which use the MFL query APIs
`mbedtls_ssl_get_{input,output}_max_frag_len()` to
@ -442,8 +409,7 @@ Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()`
instead, which also provides such upper bounds but takes more factors
than just the MFL configuration into account.
Change MBEDTLS_ECP_FIXED_POINT_OPTIM behavior
------------------------------------------------------
### Change MBEDTLS_ECP_FIXED_POINT_OPTIM behavior
The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increase code size and it does
not increase peak RAM usage anymore.
@ -453,8 +419,7 @@ to `0` in your config file. The impact depends on the number and size of
enabled curves. For example, for P-256 the difference is 1KB; see the documentation
of this option for details.
Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C
------------------------------------------------------
### Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C
This does not affect users who use the default `mbedtls_config.h`.
MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is
@ -466,8 +431,7 @@ If you were using a config file with MBEDTLS_SHA512_C and without
MBEDTLS_SHA512_NO_SHA384 and you need the SHA-384 algorithm, then add
`#define MBEDTLS_SHA384_C` to your config file.
Move part of timing module out of the library
--
### Move part of timing module out of the library
The change affects users who use any of the following functions:
`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`,
@ -476,8 +440,7 @@ The change affects users who use any of the following functions:
If you were relying on these functions, you'll now need to change to using your
platform's corresponding functions directly.
Extra parameter for the output buffer size
------------------------------------------
### Extra parameter for the output buffer size
The following functions now take an extra parameter indicating the size of the output buffer:
@ -486,8 +449,7 @@ The following functions now take an extra parameter indicating the size of the o
The requirements for the output buffer have not changed, but passing a buffer that is too small now reliably causes the functions to return an error, rather than overflowing the buffer.
Relaxed semantics for PSK configuration
-----------------------------------------------------------------
### Relaxed semantics for PSK configuration
This affects users which call the PSK configuration APIs
`mbedtlsl_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()`
@ -505,8 +467,7 @@ remove all but the last call, so that only one call to _either_
`mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()`
remains.
Remove the configuration to enable weak ciphersuites in SSL / TLS
-----------------------------------------------------------------
### Remove the configuration to enable weak ciphersuites in SSL / TLS
This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default.
@ -518,8 +479,7 @@ and if your peer doesn't support any, encourage them to upgrade their software.
If you were using a ciphersuite without encryption, you just have to
enable MBEDTLS_CIPHER_NULL_CIPHER now.
Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option
-------------------------------------------------------------
### Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option
This affects users who use the `MBEDTLS_SSL_MAX_CONTENT_LEN` option to
set the maximum length of incoming and outgoing plaintext fragments,
@ -529,8 +489,7 @@ This option is replaced by the more fine-grained options
`MBEDTLS_SSL_IN_CONTENT_LEN` and `MBEDTLS_SSL_OUT_CONTENT_LEN` that set
the maximum incoming and outgoing plaintext fragment lengths, respectively.
Remove the option to build the library without any entropy sources
------------------------------------------------------------------
### Remove the `MBEDTLS_TEST_NULL_ENTROPY` configuration option
This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default.
@ -541,8 +500,7 @@ and make sure your device is provisioned with a strong random seed.
Alternatively, for testing purposes only, you can create and register a fake
entropy function.
Remove the mode parameter from RSA functions
--------------------------------------------
### Remove the mode parameter from RSA functions
This affects all users who use the RSA encryption, decryption, sign and
verify APIs.
@ -555,15 +513,13 @@ the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were callin
RSA operations with the wrong mode, which rarely makes sense from a security
perspective, this is no longer supported.
Remove the RNG parameter from RSA verify functions
--------------------------------------------------
### Remove the RNG parameter from RSA verify functions
RSA verification functions also no longer take random generator arguments (this
was only needed when using a private key). This affects all applications using
the RSA verify functions.
Remove the SSL API mbedtls_ssl_get_session_pointer()
-----------------------------------------------------------------
### Remove the SSL API mbedtls_ssl_get_session_pointer()
This affects two classes of users:
@ -586,8 +542,7 @@ Migration paths:
calls to `mbedtls_ssl_get_session()` as demonstrated in the example
program `programs/ssl/ssl_client2.c`.
Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
--------------------------------------------------------------------------
### Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This change does not affect users of the default configuration; it only affects
users who enable this option.
@ -604,8 +559,7 @@ equivalent to `mbedtls_x509_crt_parse_der()`, and/or
unsupported certificate extension and additionally the "certificate policies"
extension if it contains any unsupported certificate policies.
Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h`
-------------------------------------------------------------------
### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h`
This change affects users who have chosen the configuration options to disable the
library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509
@ -623,8 +577,7 @@ verification is for some reason undesirable, it can still be disabled by means
of the verification callback function passed to `mbedtls_x509_crt_verify()` (see
the documentation of this function for more information).
Remove MD2, MD4, RC4, Blowfish and XTEA algorithms
--
### Remove MD2, MD4, RC4, Blowfish and XTEA algorithms
This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms.
@ -632,8 +585,7 @@ They are already niche or obsolete and most of them are weak or broken. For
those reasons possible users should consider switching to modern and safe
alternatives to be found in literature.
Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
-------------------------------------------
### Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
This change does not affect users who used the default `mbedtls_config.h`, as the option
MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
@ -644,8 +596,7 @@ disabling it.
This option is no longer present, but its functionality is now always enabled.
Deprecated functions were removed from AES
------------------------------------------
### Deprecated functions were removed from AES
The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were
removed.
@ -658,15 +609,13 @@ If you're providing an alternative implementation using
replacing the removed functions with `mbedtls_internal_aes_encrypt()` and
`mbedtls_internal_aes_decrypt()` respectively.
Deprecated functions were removed from bignum
---------------------------------------------
### Deprecated functions were removed from bignum
The function `mbedtls_mpi_is_prime()` was removed. Please use
`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the
number of Miller-Rabin rounds.
Deprecated functions were removed from cipher
---------------------------------------------
### Deprecated functions were removed from cipher
The functions `mbedtls_cipher_auth_encrypt()` and
`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by
@ -674,23 +623,20 @@ The functions `mbedtls_cipher_auth_encrypt()` and
respectively which additionally support key wrapping algorithms such as
NIST_KW.
Deprecated functions were removed from DRBGs
--------------------------------------------
### Deprecated functions were removed from DRBGs
The functions `mbedtls_ctr_drbg_update()` and `mbedtls_hmac_drbg_update()`
were removed. They were superseded by `mbedtls_ctr_drbg_update_ret()` and
`mbedtls_hmac_drbg_update_ret()` respectively.
Deprecated functions were removed from ECDSA
--------------------------------------------
### Deprecated functions were removed from ECDSA
The functions `mbedtls_ecdsa_write_signature_det()` and
`mbedtls_ecdsa_sign_det()` were removed. They were superseded by
`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()`
respectively.
Deprecated functions were removed from SSL
------------------------------------------
### Deprecated functions were removed from SSL
The function `mbedtls_ssl_conf_dh_param()` was removed. Please use
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
@ -700,8 +646,7 @@ The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
`mbedtls_ssl_get_max_in_record_payload()`
instead.
Deprecated hex-encoded primes were removed from DHM
---------------------------------------------------
### Deprecated hex-encoded primes were removed from DHM
The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`,
`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`,
@ -713,14 +658,12 @@ removed from the library. Please use parameters from RFC3526 (still in the
library, only in binary form) or RFC 7919 (also available in the library) or
other trusted sources instead.
Deprecated net.h file was removed
---------------------------------
### Deprecated net.h file was removed
The file `include/mbedtls/net.h` was removed because its only function was to
include `mbedtls/net_sockets.h` which now should be included directly.
Remove MBEDTLS_CHECK_PARAMS option
----------------------------------
### Remove MBEDTLS_CHECK_PARAMS option
This change does not affect users who use the default configuration; it only
affects users who enabled that option.
@ -753,8 +696,7 @@ because the parameters concerned are usually constants in applications.
For more information see issue #4313.
Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default
--------------------------------------------------------------------------
### Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default
This change does not affect users who use the default mbedtls_config.h, as the
option MBEDTLS_SSL_RECORD_CHECKING was already on by default.
@ -767,8 +709,7 @@ However, the same effect can be achieve by using link-time garbage collection.
Users who changed the default setting of the option need to change the config/
build system to remove that change.
Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option
--
### Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option
This change does not affect users who were using the default configuration, as
this option was already disabled by default. Also, it does not affect users who
@ -782,8 +723,7 @@ configuration.
If you are working with the pre-V3 certificates you need to switch to the
current ones.
Rename mbedtls_*_ret() cryptography functions whose deprecated variants have been removed
-----------------
### Rename mbedtls_*_ret() cryptography functions whose deprecated variants have been removed
This change affects users who were using the `mbedtls_*_ret()` cryptography
functions.
@ -822,8 +762,7 @@ and include the `compat_2.x.h` header file which holds macros with proper
renaming or to rename those function in their code according to the list from
mentioned header file.
Signature functions now require the hash length to match the expected value
---------------------------------------------------------------------------
### Signature functions now require the hash length to match the expected value
This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
@ -847,8 +786,7 @@ The signature functions in the PK module no longer accept 0 as the `hash_len` pa
The migration path is to pass the correct value to those functions.
Remove the padding parameters from mbedtls_rsa_init()
-----------------------------------------------------
### Remove the padding parameters from mbedtls_rsa_init()
This affects all users who use the RSA encryption, decryption, sign and
verify APIs.
@ -877,8 +815,7 @@ To use PKCS#1 v1.5 padding, instead of
mbedtls_rsa_init(ctx);
```
Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C
-----------------------------------------------------------------
### Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C
This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA256_C
was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are
@ -889,8 +826,7 @@ you will need to add `#define MBEDTLS_SHA224_C` option your config.
Current version of the library does not support enabling MBEDTLS_SHA256_C
without MBEDTLS_SHA224_C.
Session Cache API Change
-----------------------------------------------------------------
### Session Cache API Change
This affects users who use `mbedtls_ssl_conf_session_cache()`
to configure a custom session cache implementation different
@ -918,8 +854,7 @@ find themselves unable to migrate their session cache functionality without
accessing fields of `mbedtls_ssl_session` should describe their use case
on the Mbed TLS mailing list.
SHA-512 and SHA-256 output type change
--------------------------
### SHA-512 and SHA-256 output type change
The output parameter of `mbedtls_sha256_finish_ret()`, `mbedtls_sha256_ret()`, `mbedtls_sha512_finish_ret()`, `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer.
@ -927,8 +862,7 @@ This makes no difference to a vast majority of applications. If your code takes
Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly.
Removal of some SSL error codes
-----------------------------------------------------------------
### Removal of some SSL error codes
This affects users manually checking for the following error codes:
@ -959,8 +893,7 @@ Migration paths:
- all codes of the form `MBEDTLS_ERR_SSL_BAD_HS_XXX` have been replaced by various alternatives.
Modified semantics of mbedtls_ssl_{get,set}_session()
-----------------------------------------------------------------
### Modified semantics of mbedtls_ssl_{get,set}_session()
This affects users who call `mbedtls_ssl_get_session()` or
`mbedtls_ssl_set_session()` multiple times on the same SSL context
@ -990,8 +923,7 @@ Migration path:
calls. Applications achieve equivalent functional behavior by
issuing only the very last call to `mbedtls_ssl_set_session()`.
Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option
--
### Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option
This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
option in the `mbedtls_config.h`
@ -1005,8 +937,7 @@ e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE
has the same effect as enabling the removed option. The default state is to use
the server order of suites.
Some function parameters were made const
----------------------------------------
### Some function parameters were made const
Various functions in the PK and ASN.1 modules had a `const` qualifier added to
some of their parameters.