Move subsections

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2021-06-30 20:07:57 +01:00
parent b0e6bb54f9
commit 9637bd30a3

View file

@ -137,36 +137,6 @@ of the 2.x releases — no longer included in 3.0) might help you do that.
Please also refer to the section [High-level crypto](#high-level-crypto) for Please also refer to the section [High-level crypto](#high-level-crypto) for
changes that could sit in either category. changes that could sit in either category.
### The RNG parameter is now mandatory for all functions that accept one
This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK and
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
and ECDH that compute the shared secret; the scalar multiplication functions in
ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.
### Some functions gained an RNG parameter
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.
You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a countermeasure against
side-channel attacks.
### Deprecated functions were removed from bignum ### Deprecated functions were removed from bignum
The function `mbedtls_mpi_is_prime()` was removed. Please use The function `mbedtls_mpi_is_prime()` was removed. Please use
@ -476,6 +446,36 @@ This normally doesn't affect your code, unless you use pointers to reference
those functions. In this case, you'll need to update the type of your pointers those functions. In this case, you'll need to update the type of your pointers
in order to match the new signature. in order to match the new signature.
### The RNG parameter is now mandatory for all functions that accept one
This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK and
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
and ECDH that compute the shared secret; the scalar multiplication functions in
ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.
### Some functions gained an RNG parameter
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.
You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a countermeasure against
side-channel attacks.
## PSA ## PSA