TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e6e51aab55fd002ddc89f5b1b2579f768c6eb606^! / . / docs / 3.0-migration-guide.d / mandatory-rng-param.md
commite6e51aab55fd002ddc89f5b1b2579f768c6eb606[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Jun 15 11:29:26 2021 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Jun 17 09:38:38 2021 +0200
tree7c4fa71402315a2d17a95e5de49f4850a6bcb13d
parent02b5705aa37613d83c97aa2f84b8d66b10b60d3d [diff] [blame]
Add ChangeLog and migration guide entries

Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/docs/3.0-migration-guide.d/mandatory-rng-param.md b/docs/3.0-migration-guide.d/mandatory-rng-param.md
new file mode 100644
index 0000000..3cbc356
--- /dev/null
+++ b/docs/3.0-migration-guide.d/mandatory-rng-param.md

@@ -0,0 +1,36 @@
+The RNG parameter is now mandatory for all functions that accept one
+--------------------------------------------------------------------
+
+This change affects all users who called a function accepting a `f_rng`
+parameter with `NULL` as the value of this argument; this is no longer
+supported.
+
+The changed functions are: the X.509 CRT and CSR writing functions; the PK
+sign and decrypt function; the RSA encrypt, decrypt, sign and private
+functions; the functions in DHM and ECDH that compute the share secret; the
+scalar multiplication functions in ECP.
+
+You now need to pass a properly seeded, cryptographically secure RNG to all
+functions that accept a `f_rng` parameter. It is of course still possible to
+pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
+context.
+
+Some functions gained an RNG parameter
+--------------------------------------
+
+This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
+`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
+`mbedtls_pk_parse_keyfile()`.
+
+You now need to pass a properly seeded, cryptographically secure RNG when
+calling these functions. It is used for blinding, a counter-measure against
+side-channel attacks.
+
+The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
+------------------------------------------------------------------
+
+This doesn't affect users of the default configuration; it only affects people
+who were explicitly setting this option.
+
+This was a trade-off between code size and counter-measures; it is no longer
+relevant as the counter-measure is now always on at no cost in code size.