TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 15037deab3f815480d812239dff800e0ed6fe2cc^! / .
commit15037deab3f815480d812239dff800e0ed6fe2cc[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Jun 25 17:13:57 2025 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Jun 30 13:17:23 2025 +0200
treef473c07541ca06feca019cd3d1cbd980a4c8ffb9
parent663b6df5227b1c74ecd73230c3ad5076e578fe5a [diff]
Consolidate changes to mbedtls_ssl_ticket_setup()

Describe the change to the cipher mechanism specification. Consolidate that
with the removal of the RNG arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md
index 1778a58..055c900 100644
--- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md
+++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md

@@ -49,13 +49,7 @@
 
 ### RNG removal in SSL
 
-The following function prototypes have been changed in `mbedtls/ssl.h`:
-
-```c
-int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
-                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                             psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime);
-```
+The following function prototype has been changed in `mbedtls/ssl_cookie.h`:
 
 ```c
 int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
@@ -66,11 +60,6 @@
 to
 
 ```c
-int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
-                             psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime);
-```
-
-```c
 int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx);
 ```
 
@@ -114,3 +103,24 @@
 ### Removal of `mbedtls_ssl_conf_rng`
 
 `mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library.
+
+### Changes to mbedtls_ssl_ticket_setup
+
+In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments.
+
+The prototype in `mbedtls/ssl_ticket.h` has changed from
+
+```c
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+                             mbedtls_f_rng_t *f_rng, void *p_rng,
+                             mbedtls_cipher_type_t cipher,
+                             uint32_t lifetime);
+```
+
+to
+
+```c
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+                             psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
+                             uint32_t lifetime);
+```