mbedtls/docs/3.0-migration-guide.d/mandatory-rng-param.md

The RNG parameter is now mandatory for all functions that accept one
--------------------------------------------------------------------

This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.

The changed functions are: the X.509 CRT and CSR writing functions; the PK
sign and decrypt function; the RSA encrypt, decrypt, sign and private
functions; the functions in DHM and ECDH that compute the share secret; the
scalar multiplication functions in ECP.

You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.

Some functions gained an RNG parameter
--------------------------------------

This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.

You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a counter-measure against
side-channel attacks.

The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
------------------------------------------------------------------

This doesn't affect users of the default configuration; it only affects people
who were explicitly setting this option.

This was a trade-off between code size and counter-measures; it is no longer
relevant as the counter-measure is now always on at no cost in code size.
Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-15 11:29:26 +02:00			`The RNG parameter is now mandatory for all functions that accept one`
			`--------------------------------------------------------------------`

			This change affects all users who called a function accepting a `f_rng`
			parameter with `NULL` as the value of this argument; this is no longer
			`supported.`

			`The changed functions are: the X.509 CRT and CSR writing functions; the PK`
			`sign and decrypt function; the RSA encrypt, decrypt, sign and private`
			`functions; the functions in DHM and ECDH that compute the share secret; the`
			`scalar multiplication functions in ECP.`

			`You now need to pass a properly seeded, cryptographically secure RNG to all`
			functions that accept a `f_rng` parameter. It is of course still possible to
			pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
			`context.`

			`Some functions gained an RNG parameter`
			`--------------------------------------`

			This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
			`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
			`mbedtls_pk_parse_keyfile()`.

			`You now need to pass a properly seeded, cryptographically secure RNG when`
			`calling these functions. It is used for blinding, a counter-measure against`
			`side-channel attacks.`

			The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
			`------------------------------------------------------------------`

			`This doesn't affect users of the default configuration; it only affects people`
			`who were explicitly setting this option.`

			`This was a trade-off between code size and counter-measures; it is no longer`
			`relevant as the counter-measure is now always on at no cost in code size.`