Corrections of the migration guide from the code review.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz
parent
c1c479fbe9
commit
d9d035a5b5
1 changed files with 20 additions and 12 deletions
|
|
@ -1,9 +1,16 @@
|
|||
Deprecated functions were removed from AES
|
||||
------------------------------------------
|
||||
|
||||
The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were removed.
|
||||
Please use `mbedtls_internal_aes_encrypt()` and `mbedtls_internal_aes_decrypt()`
|
||||
respectively.
|
||||
The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were
|
||||
removed.
|
||||
|
||||
If you're simply using the AES module, you should be calling the higher-level
|
||||
functions `mbedtls_aes_crypt_xxx()`.
|
||||
|
||||
If you're providing an alternative implementation using
|
||||
`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be
|
||||
replacing the removed functions with `mbedtls_internal_aes_encrypt()` and
|
||||
`mbedtls_internal_aes_decrypt()` respectively.
|
||||
|
||||
Deprecated functions were removed from bignum
|
||||
---------------------------------------------
|
||||
|
|
@ -20,7 +27,7 @@ The functions `mbedtls_cipher_auth_encrypt()` and
|
|||
`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()`
|
||||
respectively which additionally support key wrapping algorithms such as
|
||||
NIST_KW.
|
||||
|
||||
|
||||
Deprecated functions were removed from DRBGs
|
||||
--------------------------------------------
|
||||
|
||||
|
|
@ -39,11 +46,11 @@ respectively.
|
|||
Deprecated functions were removed from SSL
|
||||
------------------------------------------
|
||||
|
||||
The functions `mbedtls_ssl_conf_dh_param()` and
|
||||
`mbedtls_ssl_get_max_frag_len()` were removed. Please use
|
||||
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` and
|
||||
`mbedtls_ssl_get_output_max_frag_len()` instead.
|
||||
The function `mbedtls_ssl_conf_dh_param()` was removed. Please use
|
||||
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
|
||||
|
||||
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
|
||||
`mbedtls_ssl_get_output_max_frag_len()` instead.
|
||||
|
||||
Deprecated hex-encoded primes were removed from DHM
|
||||
---------------------------------------------------
|
||||
|
|
@ -52,13 +59,14 @@ The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`,
|
|||
`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`,
|
||||
`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`,
|
||||
`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were
|
||||
removed. The hex-encoded primes from RFC 5114 are deprecated because their
|
||||
derivation is not documented and therefore their usage constitutes a security
|
||||
risk. They are removed from the library without replacement.
|
||||
removed. The primes from RFC 5114 are deprecated because their derivation is not
|
||||
documented and therefore their usage constitutes a security risk; they are fully
|
||||
removed from the library. Please use parameters from RFC3526 (still in the
|
||||
library, only in binary form) or RFC 7919 (also available in the library) or
|
||||
other trusted sources instead.
|
||||
|
||||
Deprecated net.h file was removed
|
||||
---------------------------------
|
||||
|
||||
The file `include/mbedtls/net.h` was removed because its only function was to
|
||||
include `mbedtls/net_sockets.h` which now should be included directly.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue