The functions mbedtls_aes_encrypt()
and mbedtls_aes_decrypt()
were removed.
If you're simply using the AES module, you should be calling the higher-level functions mbedtls_aes_crypt_xxx()
.
If you're providing an alternative implementation using MBEDTLS_AES_ENCRYPT_ALT
or MBEDTLS_AES_DECRYPT_ALT
, you should be replacing the removed functions with mbedtls_internal_aes_encrypt()
and mbedtls_internal_aes_decrypt()
respectively.
The function mbedtls_mpi_is_prime()
was removed. Please use mbedtls_mpi_is_prime_ext()
instead which additionally allows specifying the number of Miller-Rabin rounds.
The functions mbedtls_cipher_auth_encrypt()
and mbedtls_cipher_auth_decrypt()
were removed. They were superseded by mbedtls_cipher_auth_encrypt_ext()
and mbedtls_cipher_auth_decrypt_ext()
respectively which additionally support key wrapping algorithms such as NIST_KW.
The functions mbedtls_ctr_drbg_update()
and mbedtls_hmac_drbg_update()
were removed. They were superseded by mbedtls_ctr_drbg_update_ret()
and mbedtls_hmac_drbg_update_ret()
respectively.
The functions mbedtls_ecdsa_write_signature_det()
and mbedtls_ecdsa_sign_det()
were removed. They were superseded by mbedtls_ecdsa_write_signature()
and mbedtls_ecdsa_sign_det_ext()
respectively.
The function mbedtls_ssl_conf_dh_param()
was removed. Please use mbedtls_ssl_conf_dh_param_bin()
or mbedtls_ssl_conf_dh_param_ctx()
instead.
The function mbedtls_ssl_get_max_frag_len()
was removed. Please use mbedtls_ssl_get_max_out_record_payload()
and mbedtls_ssl_get_max_in_record_payload()
instead.
The macros MBEDTLS_DHM_RFC5114_MODP_2048_P
, MBEDTLS_DHM_RFC5114_MODP_2048_G
, MBEDTLS_DHM_RFC3526_MODP_2048_P
, MBEDTLS_DHM_RFC3526_MODP_2048_G
, MBEDTLS_DHM_RFC3526_MODP_3072_P
, MBEDTLS_DHM_RFC3526_MODP_3072_G
, MBEDTLS_DHM_RFC3526_MODP_4096_P
and MBEDTLS_DHM_RFC3526_MODP_4096_G
were removed. The primes from RFC 5114 are deprecated because their derivation is not documented and therefore their usage constitutes a security risk; they are fully removed from the library. Please use parameters from RFC3526 (still in the library, only in binary form) or RFC 7919 (also available in the library) or other trusted sources instead.
The file include/mbedtls/net.h
was removed because its only function was to include mbedtls/net_sockets.h
which now should be included directly.