docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md

Remove the mode parameter from RSA functions
--------------------------------------------

This affects all users who use the RSA encryption, decryption, sign and
verify APIs.

The RSA module no longer supports private-key operations with the public key or
vice versa. As a consequence, RSA operation functions no longer have a mode
parameter. If you were calling RSA operations with the normal mode (public key
for verification or encryption, private key for signature or decryption), remove
the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling
RSA operations with the wrong mode, which rarely makes sense from a security
perspective, this is no longer supported.

Remove the RNG parameter from RSA verify functions
--------------------------------------------------

RSA verification functions also no longer take random generator arguments (this
was only needed when using a private key). This affects all applications using
the RSA verify functions.

RNG is now mandatory in all RSA private key operations
------------------------------------------------------

The random generator is now mandatory for blinding in all RSA private-key
operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
`mbedtls_rsa_xxx_decrypt`) as well as for encryption
(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
supported.