Manuel Pégourié-Gonnard | e6e51aa | 2021-06-15 11:29:26 +0200 | [diff] [blame^] | 1 | The RNG parameter is now mandatory for all functions that accept one |
| 2 | -------------------------------------------------------------------- |
| 3 | |
| 4 | This change affects all users who called a function accepting a `f_rng` |
| 5 | parameter with `NULL` as the value of this argument; this is no longer |
| 6 | supported. |
| 7 | |
| 8 | The changed functions are: the X.509 CRT and CSR writing functions; the PK |
| 9 | sign and decrypt function; the RSA encrypt, decrypt, sign and private |
| 10 | functions; the functions in DHM and ECDH that compute the share secret; the |
| 11 | scalar multiplication functions in ECP. |
| 12 | |
| 13 | You now need to pass a properly seeded, cryptographically secure RNG to all |
| 14 | functions that accept a `f_rng` parameter. It is of course still possible to |
| 15 | pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a |
| 16 | context. |
| 17 | |
| 18 | Some functions gained an RNG parameter |
| 19 | -------------------------------------- |
| 20 | |
| 21 | This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, |
| 22 | `mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and |
| 23 | `mbedtls_pk_parse_keyfile()`. |
| 24 | |
| 25 | You now need to pass a properly seeded, cryptographically secure RNG when |
| 26 | calling these functions. It is used for blinding, a counter-measure against |
| 27 | side-channel attacks. |
| 28 | |
| 29 | The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed |
| 30 | ------------------------------------------------------------------ |
| 31 | |
| 32 | This doesn't affect users of the default configuration; it only affects people |
| 33 | who were explicitly setting this option. |
| 34 | |
| 35 | This was a trade-off between code size and counter-measures; it is no longer |
| 36 | relevant as the counter-measure is now always on at no cost in code size. |