This change does not affect users who use the default configuration; it only affects users who enabled that option.
The option MBEDTLS_CHECK_PARAMS
(disabled by default) enabled certain kinds of “parameter validation”. It covered two kinds of validations:
The default reaction to a failed check was to call a function mbedtls_param_failed()
which the application had to provide. If this function returned, its caller returned an error MBEDTLS_ERR_xxx_BAD_INPUT_DATA
.
This feature was only used in some classic (non-PSA) cryptography modules. It was not used in X.509, TLS or in PSA crypto, and it was not implemented in all classic crypto modules.
This feature has been removed. The library no longer checks for NULL pointers; checks for enum-like arguments will be kept or re-introduced on a case-by-case basis, but their presence will no longer be dependent on a compile-time option.
Validation of enum-like values is somewhat useful, but not extremely important, because the parameters concerned are usually constants in applications.
For more information see issue #4313.