| Gilles Peskine | 9461e45 | 2021-04-15 16:48:32 +0200 | [diff] [blame] | 1 | API changes |
| 2 | * The interface of the GCM module has changed to remove restrictions on |
| 3 | how the input to multipart operations is broken down. mbedtls_gcm_finish() |
| 4 | now takes an extra output parameter for the last partial output block. |
| Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 5 | mbedtls_gcm_update() now takes extra parameters for the output length. |
| Gilles Peskine | 9461e45 | 2021-04-15 16:48:32 +0200 | [diff] [blame] | 6 | The software implementation always produces the full output at each |
| 7 | call to mbedtls_gcm_update(), but alternative implementations activated |
| 8 | by MBEDTLS_GCM_ALT may delay partial blocks to the next call to |
| Gilles Peskine | 295fc13 | 2021-04-15 18:32:23 +0200 | [diff] [blame] | 9 | mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications |
| 10 | no longer pass the associated data to mbedtls_gcm_starts(), but to the |
| 11 | new function mbedtls_gcm_update_ad(). |
| Gilles Peskine | 9461e45 | 2021-04-15 16:48:32 +0200 | [diff] [blame] | 12 | These changes are backward compatible for users of the cipher API. |
| 13 | |
| Gilles Peskine | 441907e | 2021-04-13 16:09:32 +0200 | [diff] [blame] | 14 | Features |
| 15 | * The multi-part GCM interface (mbedtls_gcm_update() or |
| 16 | mbedtls_cipher_update()) no longer requires the size of partial inputs to |
| 17 | be a multiple of 16. |
| Mateusz Starzyk | c1ec0b8 | 2021-06-07 14:23:24 +0200 | [diff] [blame] | 18 | * The multi-part GCM interface now supports chunked associated data through |
| 19 | multiple calls to mbedtls_gcm_update_ad(). |