From 7e65c05bb036c510c4e3df49c67e98116d3858e2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Feb 2019 18:43:55 +0100 Subject: [PATCH] Document that curve lists can include partially-supported curves Document that a curve returned by mbedtls_ecp_curve_list() or mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA. Add a corresponding changelog entry, under "API Changes" because we have changed the behavior: formerly, these functions skipped ECDH-only curves, although this was not documented. --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 77d9d81cd..b1ed23dbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -286,6 +286,11 @@ API Changes that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default is off. That means that checks which were previously present by default will no longer be. + * The functions mbedtls_ecp_curve_list() and mbedtls_ecp_grp_id_list() now + list all curves for which at least one of ECDH or ECDSA is supported, not + just curves for which both are supported. Call mbedtls_ecdsa_can_do() or + mbedtls_ecdh_can_do() on each result to check whether each algorithm is + supported. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update