Add ChangeLog and migration guide entries

Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-15 11:29:26 +02:00
parent 02b5705aa3
commit e6e51aab55
4 changed files with 48 additions and 9 deletions

View file

@ -0,0 +1,12 @@
API changes
* For all functions that take an RNG parameter, this parameter is now
mandatory (that is, NULL is not an acceptable value). Functions which
previously accepted NULL and now reject it are: the X.509 CRT and CSR
writing functions; the PK sign and decrypt function; the RSA encrypt,
decrypt, sign and private functions; the function in DHM and ECDH that
compute the share secret; the scalar multiplication functions in ECP.
* The following functions now require an RNG parameter:
mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
* The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
it no longer had any effect.

View file

@ -6,4 +6,3 @@ API changes
decryption functions now always use the private key and verification and
encryption use the public key. Verification functions also no longer have
RNG parameters.
* The RNG is now mandatory for all private-key RSA operations.

View file

@ -0,0 +1,36 @@
The RNG parameter is now mandatory for all functions that accept one
--------------------------------------------------------------------
This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK
sign and decrypt function; the RSA encrypt, decrypt, sign and private
functions; the functions in DHM and ECDH that compute the share secret; the
scalar multiplication functions in ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.
Some functions gained an RNG parameter
--------------------------------------
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.
You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a counter-measure against
side-channel attacks.
The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
------------------------------------------------------------------
This doesn't affect users of the default configuration; it only affects people
who were explicitly setting this option.
This was a trade-off between code size and counter-measures; it is no longer
relevant as the counter-measure is now always on at no cost in code size.

View file

@ -19,11 +19,3 @@ RSA verification functions also no longer take random generator arguments (this
was only needed when using a private key). This affects all applications using
the RSA verify functions.
RNG is now mandatory in all RSA private key operations
------------------------------------------------------
The random generator is now mandatory for blinding in all RSA private-key
operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
`mbedtls_rsa_xxx_decrypt`) as well as for encryption
(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
supported.