diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 8a121feb4..0c7be3060 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -284,6 +284,19 @@ Alternative implementations of the SHA256 and SHA512 modules must adjust their f - The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead. +### Remove the mode parameter from RSA functions + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +The RSA module no longer supports private-key operations with the public key or +vice versa. As a consequence, RSA operation functions no longer have a mode +parameter. If you were calling RSA operations with the normal mode (public key +for verification or encryption, private key for signature or decryption), remove +the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling +RSA operations with the wrong mode, which rarely makes sense from a security +perspective, this is no longer supported. + ## High-level crypto @@ -305,19 +318,6 @@ Currently the output is always 0 bytes, but it may be more when alternative implementations of the underlying primitives are in use, or with future versions of the library. -### Remove the mode parameter from RSA functions - -This affects all users who use the RSA encryption, decryption, sign and -verify APIs. - -The RSA module no longer supports private-key operations with the public key or -vice versa. As a consequence, RSA operation functions no longer have a mode -parameter. If you were calling RSA operations with the normal mode (public key -for verification or encryption, private key for signature or decryption), remove -the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling -RSA operations with the wrong mode, which rarely makes sense from a security -perspective, this is no longer supported. - ### Remove the RNG parameter from RSA verify functions RSA verification functions also no longer take random generator arguments (this