From 6fe1bc3f246e93b08d5c7c4f9e0a41f38556402c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 7 Jun 2021 09:35:02 +0200 Subject: [PATCH] Add change log and migration guide Signed-off-by: Ronald Cron --- ChangeLog.d/rsa-padding.txt | 5 ++++ docs/3.0-migration-guide.d/rsa-padding.md | 29 +++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 ChangeLog.d/rsa-padding.txt create mode 100644 docs/3.0-migration-guide.d/rsa-padding.md diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt new file mode 100644 index 000000000..5f9c11f71 --- /dev/null +++ b/ChangeLog.d/rsa-padding.txt @@ -0,0 +1,5 @@ +API changes + * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA + key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding() + after initializing the context. mbedtls_rsa_set_padding() now returns an + error if its parameters are invalid. diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md new file mode 100644 index 000000000..a04d9ee2a --- /dev/null +++ b/docs/3.0-migration-guide.d/rsa-padding.md @@ -0,0 +1,29 @@ +Remove the padding parameters from mbedtls_rsa_init() +----------------------------------------------------- + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +The function mbedtls_rsa_init() no longer supports selecting the PKCS#1 v2.1 +encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If +you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call +to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it. + +Code migration examples: +```C + mbedtls_rsa_init(ctx, padding, hash_id); +``` +to +```C + mbedtls_rsa_init(ctx); + mbedtls_rsa_set_padding(ctx, padding, hash_id); +``` +or +```C + mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); +``` +to +```C + mbedtls_rsa_init(ctx); +``` +