Move subsections
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
b0e6bb54f9
commit
9637bd30a3
1 changed files with 30 additions and 30 deletions
|
@ -137,36 +137,6 @@ of the 2.x releases — no longer included in 3.0) might help you do that.
|
||||||
Please also refer to the section [High-level crypto](#high-level-crypto) for
|
Please also refer to the section [High-level crypto](#high-level-crypto) for
|
||||||
changes that could sit in either category.
|
changes that could sit in either category.
|
||||||
|
|
||||||
### The RNG parameter is now mandatory for all functions that accept one
|
|
||||||
|
|
||||||
This change affects all users who called a function accepting a `f_rng`
|
|
||||||
parameter with `NULL` as the value of this argument; this is no longer
|
|
||||||
supported.
|
|
||||||
|
|
||||||
The changed functions are: the X.509 CRT and CSR writing functions; the PK and
|
|
||||||
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
|
|
||||||
and ECDH that compute the shared secret; the scalar multiplication functions in
|
|
||||||
ECP.
|
|
||||||
|
|
||||||
You now need to pass a properly seeded, cryptographically secure RNG to all
|
|
||||||
functions that accept a `f_rng` parameter. It is of course still possible to
|
|
||||||
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
|
|
||||||
context.
|
|
||||||
|
|
||||||
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
|
|
||||||
configuration options) may have their own internal and are free to ignore the
|
|
||||||
`f_rng` argument but must allow users to pass one anyway.
|
|
||||||
|
|
||||||
### Some functions gained an RNG parameter
|
|
||||||
|
|
||||||
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
|
|
||||||
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
|
|
||||||
`mbedtls_pk_parse_keyfile()`.
|
|
||||||
|
|
||||||
You now need to pass a properly seeded, cryptographically secure RNG when
|
|
||||||
calling these functions. It is used for blinding, a countermeasure against
|
|
||||||
side-channel attacks.
|
|
||||||
|
|
||||||
### Deprecated functions were removed from bignum
|
### Deprecated functions were removed from bignum
|
||||||
|
|
||||||
The function `mbedtls_mpi_is_prime()` was removed. Please use
|
The function `mbedtls_mpi_is_prime()` was removed. Please use
|
||||||
|
@ -476,6 +446,36 @@ This normally doesn't affect your code, unless you use pointers to reference
|
||||||
those functions. In this case, you'll need to update the type of your pointers
|
those functions. In this case, you'll need to update the type of your pointers
|
||||||
in order to match the new signature.
|
in order to match the new signature.
|
||||||
|
|
||||||
|
### The RNG parameter is now mandatory for all functions that accept one
|
||||||
|
|
||||||
|
This change affects all users who called a function accepting a `f_rng`
|
||||||
|
parameter with `NULL` as the value of this argument; this is no longer
|
||||||
|
supported.
|
||||||
|
|
||||||
|
The changed functions are: the X.509 CRT and CSR writing functions; the PK and
|
||||||
|
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
|
||||||
|
and ECDH that compute the shared secret; the scalar multiplication functions in
|
||||||
|
ECP.
|
||||||
|
|
||||||
|
You now need to pass a properly seeded, cryptographically secure RNG to all
|
||||||
|
functions that accept a `f_rng` parameter. It is of course still possible to
|
||||||
|
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
|
||||||
|
context.
|
||||||
|
|
||||||
|
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
|
||||||
|
configuration options) may have their own internal and are free to ignore the
|
||||||
|
`f_rng` argument but must allow users to pass one anyway.
|
||||||
|
|
||||||
|
### Some functions gained an RNG parameter
|
||||||
|
|
||||||
|
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
|
||||||
|
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
|
||||||
|
`mbedtls_pk_parse_keyfile()`.
|
||||||
|
|
||||||
|
You now need to pass a properly seeded, cryptographically secure RNG when
|
||||||
|
calling these functions. It is used for blinding, a countermeasure against
|
||||||
|
side-channel attacks.
|
||||||
|
|
||||||
|
|
||||||
## PSA
|
## PSA
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue