mbedtls/docs/3.0-migration-guide.d/mandatory-rng-param.md

The RNG parameter is now mandatory for all functions that accept one
--------------------------------------------------------------------

This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.

The changed functions are: the X.509 CRT and CSR writing functions; the PK and
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
and ECDH that compute the shared secret; the scalar multiplication functions in
ECP.

You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.

Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.

Some functions gained an RNG parameter
--------------------------------------

This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.

You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a counter-measure against
side-channel attacks.

The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
------------------------------------------------------------------

This doesn't affect users of the default configuration; it only affects people
who were explicitly setting this option.

This was a trade-off between code size and counter-measures; it is no longer
relevant as the counter-measure is now always on at no cost in code size.
Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-15 11:29:26 +02:00			`The RNG parameter is now mandatory for all functions that accept one`
			`--------------------------------------------------------------------`

			This change affects all users who called a function accepting a `f_rng`
			parameter with `NULL` as the value of this argument; this is no longer
			`supported.`

Improve ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-16 11:02:38 +02:00			`The changed functions are: the X.509 CRT and CSR writing functions; the PK and`
			RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
			`and ECDH that compute the shared secret; the scalar multiplication functions in`
			`ECP.`
Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-15 11:29:26 +02:00
			`You now need to pass a properly seeded, cryptographically secure RNG to all`
			functions that accept a `f_rng` parameter. It is of course still possible to
			pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
			`context.`

Improve ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-16 11:02:38 +02:00			Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
			`configuration options) may have their own internal and are free to ignore the`
			`f_rng` argument but must allow users to pass one anyway.

Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2021-06-15 11:29:26 +02:00			`Some functions gained an RNG parameter`
			`--------------------------------------`

			This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
			`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
			`mbedtls_pk_parse_keyfile()`.

			`You now need to pass a properly seeded, cryptographically secure RNG when`
			`calling these functions. It is used for blinding, a counter-measure against`
			`side-channel attacks.`

			The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
			`------------------------------------------------------------------`

			`This doesn't affect users of the default configuration; it only affects people`
			`who were explicitly setting this option.`

			`This was a trade-off between code size and counter-measures; it is no longer`
			`relevant as the counter-measure is now always on at no cost in code size.`