| API changes |
| * The interface of the GCM module has changed to remove restrictions on |
| how the input to multipart operations is broken down. mbedtls_gcm_finish() |
| now takes an extra output parameter for the last partial output block. |
| mbedtls_gcm_update() now takes extra parameters for the output length. |
| The software implementation always produces the full output at each |
| call to mbedtls_gcm_update(), but alternative implementations activated |
| by MBEDTLS_GCM_ALT may delay partial blocks to the next call to |
| mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications |
| no longer pass the associated data to mbedtls_gcm_starts(), but to the |
| new function mbedtls_gcm_update_ad(). |
| These changes are backward compatible for users of the cipher API. |
| |
| Features |
| * The multi-part GCM interface (mbedtls_gcm_update() or |
| mbedtls_cipher_update()) no longer requires the size of partial inputs to |
| be a multiple of 16. |
| * The multi-part GCM interface now supports chunked associated data through |
| multiple calls to mbedtls_gcm_update_ad(). |
