| Manuel Pégourié-Gonnard | e6e51aa | 2021-06-15 11:29:26 +0200 | [diff] [blame] | 1 | The RNG parameter is now mandatory for all functions that accept one | 
|  | 2 | -------------------------------------------------------------------- | 
|  | 3 |  | 
|  | 4 | This change affects all users who called a function accepting a `f_rng` | 
|  | 5 | parameter with `NULL` as the value of this argument; this is no longer | 
|  | 6 | supported. | 
|  | 7 |  | 
| Manuel Pégourié-Gonnard | 8707259 | 2021-06-16 11:02:38 +0200 | [diff] [blame] | 8 | The changed functions are: the X.509 CRT and CSR writing functions; the PK and | 
|  | 9 | RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM | 
|  | 10 | and ECDH that compute the shared secret; the scalar multiplication functions in | 
|  | 11 | ECP. | 
| Manuel Pégourié-Gonnard | e6e51aa | 2021-06-15 11:29:26 +0200 | [diff] [blame] | 12 |  | 
|  | 13 | You now need to pass a properly seeded, cryptographically secure RNG to all | 
|  | 14 | functions that accept a `f_rng` parameter. It is of course still possible to | 
|  | 15 | pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a | 
|  | 16 | context. | 
|  | 17 |  | 
| Manuel Pégourié-Gonnard | 8707259 | 2021-06-16 11:02:38 +0200 | [diff] [blame] | 18 | Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` | 
|  | 19 | configuration options) may have their own internal and are free to ignore the | 
|  | 20 | `f_rng` argument but must allow users to pass one anyway. | 
|  | 21 |  | 
| Manuel Pégourié-Gonnard | e6e51aa | 2021-06-15 11:29:26 +0200 | [diff] [blame] | 22 | Some functions gained an RNG parameter | 
|  | 23 | -------------------------------------- | 
|  | 24 |  | 
|  | 25 | This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, | 
|  | 26 | `mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and | 
|  | 27 | `mbedtls_pk_parse_keyfile()`. | 
|  | 28 |  | 
|  | 29 | You now need to pass a properly seeded, cryptographically secure RNG when | 
|  | 30 | calling these functions. It is used for blinding, a counter-measure against | 
|  | 31 | side-channel attacks. | 
|  | 32 |  | 
|  | 33 | The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed | 
|  | 34 | ------------------------------------------------------------------ | 
|  | 35 |  | 
|  | 36 | This doesn't affect users of the default configuration; it only affects people | 
|  | 37 | who were explicitly setting this option. | 
|  | 38 |  | 
|  | 39 | This was a trade-off between code size and counter-measures; it is no longer | 
|  | 40 | relevant as the counter-measure is now always on at no cost in code size. |