mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:45:39 +00:00
MD API deprecation: ChangeLog updates
Use the updated names for the new functions (xxx_ret instead of xxx_ext). List the new deprecations in the appropriate sections. Credit the independent report of the misuse of zeroizing to reset a hash context in entropy.c.
This commit is contained in:
parent
3e28d70813
commit
0a96910e55
33
ChangeLog
33
ChangeLog
|
@ -40,6 +40,11 @@ New deprecations
|
|||
(e.g., signing with a public key).
|
||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||
Users are advised to use the extended RSA API instead.
|
||||
* Deprecate usage of message digest functions that return void
|
||||
(mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update,
|
||||
mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
|
||||
any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
|
||||
that can return an error code.
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
|
@ -51,19 +56,14 @@ API Changes
|
|||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
* The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512
|
||||
modules have been deprecated and replaced as shown below. The new
|
||||
functions change the return type from void to int to allow returning error
|
||||
codes when using MBEDTLS_<MODULE>_ALT.
|
||||
mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ext()
|
||||
mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ext()
|
||||
mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ext()
|
||||
* The following functions in the message digest modules (MD2, MD4, MD5,
|
||||
SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
|
||||
The new functions change the return type from void to int to allow
|
||||
returning error codes when using MBEDTLS_<MODULE>_ALT.
|
||||
mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret()
|
||||
mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret()
|
||||
mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret()
|
||||
mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process()
|
||||
The type of the function pointers in the mbedtls_md_info_t struct have
|
||||
also been modified taking into account the functions return code. Every
|
||||
usage of the deprecated functions was updated. Furthermore, the MD return
|
||||
codes are checked for error after every usage, except in the ssl_tls.c
|
||||
module.
|
||||
|
||||
Bugfix
|
||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||
|
@ -118,8 +118,9 @@ Bugfix
|
|||
mbedtls_sha512_starts() in the mbedtls_entropy_init() function.
|
||||
* Fix the entropy.c module to ensure that mbedtls_sha256_init() or
|
||||
mbedtls_sha512_init() is called before operating on the relevant context
|
||||
structure. Also, ensure that message digest contexts are freed when
|
||||
calling mbedtls_entropy_free().
|
||||
structure. Do not assume that zeroizing a context is a correct way to
|
||||
reset it. Found independently by ccli8 on Github.
|
||||
* In mbedtls_entropy_free(), properly free the message digest context.
|
||||
|
||||
Changes
|
||||
* Extend cert_write example program by options to set the CRT version
|
||||
|
@ -132,6 +133,10 @@ Changes
|
|||
* Only run AES-192 self-test if AES-192 is available. Fixes #963.
|
||||
* Tighten the RSA PKCS#1 v1.5 signature verification code and remove the
|
||||
undeclared dependency of the RSA module on the ASN.1 module.
|
||||
* Update all internal usage of deprecated message digest functions to the
|
||||
new ones with return codes. In particular, this modifies the
|
||||
mbedtls_md_info_t structure. Propagate errors from these functions
|
||||
everywhere except some locations in the ssl_tls.c module.
|
||||
|
||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||
|
||||
|
|
Loading…
Reference in a new issue