MD API deprecation: ChangeLog updates

Use the updated names for the new functions (xxx_ret instead of xxx_ext).

List the new deprecations in the appropriate sections.

Credit the independent report of the misuse of zeroizing to reset a
hash context in entropy.c.

ChangeLog

@@ -40,6 +40,11 @@ New deprecations
      (e.g., signing with a public key).
    * Direct manipulation of structure fields of RSA contexts is deprecated.
      Users are advised to use the extended RSA API instead.
+   * Deprecate usage of message digest functions that return void
+     (mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update,
+     mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
+     any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
+     that can return an error code.
 
 API Changes
    * Extend RSA interface by multiple functions allowing structure-
@@ -51,19 +56,14 @@ API Changes
      purpose or CRT and/or blinding.
    * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
      implementations of the RSA interface declared in rsa.h.
-   * The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512
-     modules have been deprecated and replaced as shown below. The new
-     functions change the return type from void to int to allow returning error
-     codes when using MBEDTLS_<MODULE>_ALT.
-     mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ext()
-     mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ext()
-     mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ext()
+   * The following functions in the message digest modules (MD2, MD4, MD5,
+     SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
+     The new functions change the return type from void to int to allow
+     returning error codes when using MBEDTLS_<MODULE>_ALT.
+     mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret()
+     mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret()
+     mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret()
      mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process()
-     The type of the function pointers in the mbedtls_md_info_t struct have
-     also been modified taking into account the functions return code. Every
-     usage of the deprecated functions was updated. Furthermore, the MD return
-     codes are checked for error after every usage, except in the ssl_tls.c
-     module.
 
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
@@ -118,8 +118,9 @@ Bugfix
      mbedtls_sha512_starts() in the mbedtls_entropy_init() function.
    * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
      mbedtls_sha512_init() is called before operating on the relevant context
-     structure. Also, ensure that message digest contexts are freed when
-     calling mbedtls_entropy_free().
+     structure. Do not assume that zeroizing a context is a correct way to
+     reset it. Found independently by ccli8 on Github.
+   * In mbedtls_entropy_free(), properly free the message digest context.
 
 Changes
    * Extend cert_write example program by options to set the CRT version
@@ -132,6 +133,10 @@ Changes
    * Only run AES-192 self-test if AES-192 is available. Fixes #963.
    * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the
      undeclared dependency of the RSA module on the ASN.1 module.
+   * Update all internal usage of deprecated message digest functions to the
+     new ones with return codes. In particular, this modifies the
+     mbedtls_md_info_t structure. Propagate errors from these functions
+     everywhere except some locations in the ssl_tls.c module.
 
 = mbed TLS 2.6.0 branch released 2017-08-10