HKDF: Add warning to partial functions The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are called in succession carefully and an equivalent way. Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would prevent any misuse, but doing so would require the TLS 1.3 stack to break abstraction and bypass the module API. To reduce the risk of misuse we add warnings to the function descriptions.

commit: 08a4aebc4694640f555b775f3bc4ad0a6a74170e [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Aug 06 14:20:15 2018 +0100
committer: Janos Follath <janos.follath@arm.com> Tue Aug 14 16:08:38 2018 +0100
tree: c985cbeccdb6d763bcea74847180131aeef5f060
parent: d0a78e91b39e3851b69550d214872a812d1130ac [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index bda3de8..5575678 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,11 @@
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
 
+Changes
+   * Add warnings to the documentation of the HKDF module to reduce the risk
+     of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
+     functions. Fixes #1775. Reported by Brian J. Murray.
+
 = mbed TLS 2.12.0 branch released 2018-07-25
 
 Security
commit	08a4aebc4694640f555b775f3bc4ad0a6a74170e	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Aug 06 14:20:15 2018 +0100
committer	Janos Follath <janos.follath@arm.com>	Tue Aug 14 16:08:38 2018 +0100
tree	c985cbeccdb6d763bcea74847180131aeef5f060
parent	d0a78e91b39e3851b69550d214872a812d1130ac [diff] [blame]