Minor updates to migration guide
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
1cb2331495
commit
949c21b336
1 changed files with 10 additions and 10 deletions
|
@ -11,8 +11,8 @@ two questions: (1) am I affected? (2) if yes, what's my migration path?
|
|||
|
||||
The changes are detailed below, and include:
|
||||
|
||||
- Removal of many insecure / obsolete features
|
||||
- Tidying up of configuration options (including removing some less useful options)
|
||||
- Removal of many insecure or obsolete features
|
||||
- Tidying up of configuration options (including removing some less useful options).
|
||||
- Changing function signatures (e.g., adding return codes or extra parameters); introducing const to arguments.
|
||||
- Removal of functions marked as deprecated in 2.x
|
||||
|
||||
|
@ -258,7 +258,7 @@ This only affects people who've been using Mbed TLS since before version 2.0
|
|||
and still relied on `compat-1.3.h` in their code.
|
||||
|
||||
Please use the new names directly in your code; `scripts/rename.pl` (from any
|
||||
of the 2.x releases - no longer included in 3.0) might help you do that.
|
||||
of the 2.x releases — no longer included in 3.0) might help you do that.
|
||||
|
||||
Remove 3DES ciphersuites
|
||||
--
|
||||
|
@ -289,7 +289,7 @@ using the multi-part API.
|
|||
|
||||
Previously, the documentation didn't state explicitly if it was OK to call
|
||||
`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after
|
||||
the last call to `mbedtls_cipher_update()` - that is, without calling
|
||||
the last call to `mbedtls_cipher_update()` — that is, without calling
|
||||
`mbedtls_cipher_finish()` in-between. If you code was missing that call,
|
||||
please add it and be prepared to get as much as 15 bytes of output.
|
||||
|
||||
|
@ -378,8 +378,8 @@ the previous key export API in the following ways:
|
|||
shutting down the TLS connection.
|
||||
|
||||
For users which do not rely on raw keys and IV, adjusting to the new
|
||||
callback type should be straightforward - see the example programs
|
||||
programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks
|
||||
callback type should be straightforward — see the example programs
|
||||
`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks
|
||||
for NSSKeylog, EAP-TLS and DTLS-SRTP.
|
||||
|
||||
Users which require access to the raw keys used to secure application
|
||||
|
@ -418,7 +418,7 @@ This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
|
|||
`mbedtls_pk_parse_keyfile()`.
|
||||
|
||||
You now need to pass a properly seeded, cryptographically secure RNG when
|
||||
calling these functions. It is used for blinding, a counter-measure against
|
||||
calling these functions. It is used for blinding, a countermeasure against
|
||||
side-channel attacks.
|
||||
|
||||
The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
|
||||
|
@ -427,8 +427,8 @@ The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
|
|||
This doesn't affect users of the default configuration; it only affects people
|
||||
who were explicitly setting this option.
|
||||
|
||||
This was a trade-off between code size and counter-measures; it is no longer
|
||||
relevant as the counter-measure is now always on at no cost in code size.
|
||||
This was a trade-off between code size and countermeasures; it is no longer
|
||||
relevant as the countermeasure is now always on at no cost in code size.
|
||||
|
||||
Remove MaximumFragmentLength (MFL) query API
|
||||
-----------------------------------------------------------------
|
||||
|
@ -944,7 +944,7 @@ Migration paths:
|
|||
should never be returned from Mbed TLS, and there is no need to check for it.
|
||||
|
||||
Users should simply remove manual checks for those codes, and let the Mbed TLS
|
||||
team know if -- contrary to the team's understanding -- there is in fact a situation
|
||||
team know if — contrary to the team's understanding — there is in fact a situation
|
||||
where one of them was ever returned.
|
||||
|
||||
- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and
|
||||
|
|
Loading…
Reference in a new issue